• Despite the enormous theoretical and experimental progress made so far in quantum key distribution (QKD), the security of most existing QKD implementations is not rigorously established yet. A critical obstacle is that almost all existing security proofs make ideal assumptions on the QKD devices. Problematically, such assumptions are hard to satisfy in the experiments, and therefore it is not obvious how to apply such security proofs to practical QKD systems. Fortunately, any imperfections and security-loopholes in the measurement devices can be perfectly closed by measurement-device-independent QKD (MDI-QKD), and thus we only need to consider how to secure the source devices. Among imperfections in the source devices, correlations between the sending pulses are one of the principal problems. In this paper, we consider a setting-choice-independent correlation (SCIC) framework in which the sending pulses can present arbitrary correlations but they are independent of the previous setting choices such as the bit, the basis and the intensity settings. Within the framework of SCIC, we consider the dominant fluctuations of the sending states, such as the relative phases and the intensities, and provide a self-contained information theoretic security proof for the loss-tolerant QKD protocol in the finite-key regime. We demonstrate the feasibility of secure quantum communication within a reasonable number of pulses sent, and thus we are convinced that our work constitutes a crucial step toward guaranteeing implementation security of QKD.
  • Several quantum key distribution (QKD) protocols employ iterative sifting. After each quantum transmission round, Alice and Bob disclose part of their setting information (including their basis choices) for the detected signals. The quantum phase of the protocol then ends when the numbers of detected signals per basis exceed certain pre-agreed threshold values. Recently, however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative sifting makes QKD insecure, especially in the finite key regime, if the parameter estimation for privacy amplification uses the random sampling theory. This implies that a number of existing finite key security proofs could be flawed and cannot guarantee security. Here, we solve this serious problem by showing that the use of Azuma's inequality for parameter estimation makes QKD with iterative sifting secure again. This means that the existing protocols whose security proof employs this inequality remain secure even if they employ iterative sifting. Also, our results highlight a fundamental difference between the random sampling theorem and Azuma's inequality in proving security.
  • We show the information-theoretic security proof of the differential-phase-shift (DPS) quantum key distribution (QKD) protocol based on the complementarity approach [arXiv:0704.3661 (2007)]. Our security proof provides a slightly better key generation rate compared to the one derived in the previous security proof in [arXiv:1208.1995 (2012)] that is based on the Shor-Preskill approach [Phys. Rev. Lett. ${\bf 85}$, 441 (2000)]. This improvement is obtained because the complementarity approach can employ more detailed information on Alice's sending state in estimating the leaked information to an eavesdropper. Moreover, we remove the necessity of the numerical calculation that was needed in the previous analysis to estimate the leaked information. This leads to an advantage that our security proof enables us to evaluate the security of the DPS protocol with any block size. This paper highlights one of the fundamental differences between the Shor-Preskill and the complementarity approaches.
  • The differential-phase-shift (DPS) quantum key distribution (QKD) protocol was proposed aiming at simple implementation, but it can tolerate only a small disturbance in a quantum channel. The round-robin DPS (RRDPS) protocol could be a good solution for this problem, which in fact can tolerate even up to $50\%$ of a bit error rate. Unfortunately, however, such a high tolerance can be achieved only when we compromise the simplicity, i.e., Bob's measurement must involve a large number of random delays ($|\mathcal{R}|$ denotes its number), and in a practical regime of $|\mathcal{R}|$ being small, the tolerance is low. In this paper, we propose a new DPS protocol to achieve a higher tolerance than the one in the original DPS protocol, in which the measurement setup is less demanding than the one of the RRDPS protocol for the high tolerance regime. We call the new protocol the small-number-random DPS (SNRDPS) protocol, and in this protocol, we add only a small amount of randomness to the original DPS protocol, i.e., $2\leq|\mathcal{R}|\leq10$. In fact, we found that the performance of the SNRDPS protocol is significantly enhanced over the original DPS protocol only by employing a few additional delays such as $|\mathcal{R}|=2$. Also, we found that the key generation rate of the SNRDPS protocol outperforms the RRDPS protocol without monitoring the bit error rate when it is less than $5\%$ and $|\mathcal{R}|\leq10$. Our protocol is an intermediate protocol between the original DPS protocol and the RRDPS protocol, and it increases the variety of the DPS-type protocols with quantified security.
  • Recently, a new type of quantum key distribution, called the round-robin differential phase-shift (RRDPS) protocol [Nature 509, 475 (2014)], was proposed, where the security can be guaranteed without monitoring any statistics. In this Letter, we investigate source imperfections and side-channel attacks on the source of this protocol. We show that only three assumptions are needed for the security, and no detailed characterizations of the source or the side-channel attacks are needed. This high robustness is another striking advantage of the RRDPS protocol over other protocols.
  • Although quantum key distribution (QKD) is theoretically secure, there is a gap between the theory and practice. In fact, real-life QKD may not be secure because component devices in QKD systems may deviate from the theoretical models assumed in security proofs. To solve this problem, it is necessary to construct the security proof under realistic assumptions on the source and measurement unit. In this paper, we prove the security of a QKD protocol under practical assumptions on the source that accommodate fluctuation of the phase and intensity modulations. As long as our assumptions hold, it does not matter at all how the phase and intensity distribute nor whether or not their distributions over different pulses are independently and identically distributed (I.I.D.). Our work shows that practical sources can be safely employed in QKD experiments.
  • The quantum internet holds promise for performing quantum communication, such as quantum teleportation and quantum key distribution (QKD), freely between any parties all over the globe. Such a future quantum network, depending on the communication distance of the requesting parties, necessitates to invoke several classes of optical quantum communication such as point-to-point communication protocols, intercity QKD protocols and quantum repeater protocols. Recently, Takeoka, Guha and Wilde (TGW) have presented a fundamental rate-loss tradeoff on quantum communication capacity and secret key agreement capacity of any lossy channel assisted by unlimited forward and backward classical communication [Nat. Commun. 5, 5235 (2014)]. However, this bound is applicable only to the simplest class of quantum communication, i.e., the point-to-point communication protocols, and it has thus remained open to grasp the potential of a `worldwide' quantum network. Here we generalize the TGW bound to be applicable to any type of two-party quantum communication over the quantum internet, including other indispensable but much more intricate classes of quantum communication, intercity QKD protocols and quantum repeater protocols. We also show that there is essentially no scaling gap between our bound and the quantum communication efficiencies of known protocols. Therefore, our result, corresponding to a fundamental and practical limitation for the quantum internet, will contribute to design an efficient quantum internet in the future.
  • In recent years, the gap between theory and practice in quantum key distribution (QKD) has been significantly narrowed, particularly for QKD systems with arbitrarily awed optical receivers. The status for QKD systems with imperfect light sources is however less satisfactory, in the sense that the resulting secure key rates are often overly-dependent on the quality of state preparation. This is especially the case when the channel loss is high. Very recently, to overcome this limitation, Tamaki et al proposed a QKD protocol based on the so-called rejected data analysis, and showed that its security|in the limit of infinitely long keys|is almost independent of any encoding flaw in the qubit space, being this protocol compatible with the decoy state method. Here, as a step towards practical QKD, we show that a similar conclusion is reached in the finite-key regime, even when the intensity of the light source is unstable. More concretely, we derive security bounds for a wide class of realistic light sources and show that the bounds are also efficient in the presence of high channel loss. Our results strongly suggest the feasibility of long distance provably-secure communication with imperfect light sources.
  • The measurement-device-independent quantum key distribution (MDI QKD) was proposed to make BB84 completely free from any side-channel in detectors. Like in prepare & measure QKD, the use of other protocols in MDI setting would be advantageous in some practical situations. In this paper, we consider SARG04 protocol in MDI setting. The prepare & measure SARG04 is proven to be able to generate a key up to two-photon emission events. In MDI setting we show that the key generation is possible from the event with single or two-photon emission by a party and single-photon emission by the other party, but the two-photon emission event by both parties cannot contribute to the key generation. On the contrary to prepare & measure SARG04 protocol where the experimental setup is exactly the same as BB84, the measurement setup for SARG04 in MDI setting cannot be the same as that for BB84 since the measurement setup for BB84 in MDI setting induces too many bit errors. To overcome this problem, we propose two alternative experimental setups, and we simulate the resulting key rate. Our study highlights the requirements that MDI QKD poses on us regarding with the implementation of a variety of QKD protocols.