• ### Quantum key distribution with setting-choice-independently correlated light sources(1803.09484)

March 26, 2018 quant-ph
Despite the enormous theoretical and experimental progress made so far in quantum key distribution (QKD), the security of most existing QKD implementations is not rigorously established yet. A critical obstacle is that almost all existing security proofs make ideal assumptions on the QKD devices. Problematically, such assumptions are hard to satisfy in the experiments, and therefore it is not obvious how to apply such security proofs to practical QKD systems. Fortunately, any imperfections and security-loopholes in the measurement devices can be perfectly closed by measurement-device-independent QKD (MDI-QKD), and thus we only need to consider how to secure the source devices. Among imperfections in the source devices, correlations between the sending pulses are one of the principal problems. In this paper, we consider a setting-choice-independent correlation (SCIC) framework in which the sending pulses can present arbitrary correlations but they are independent of the previous setting choices such as the bit, the basis and the intensity settings. Within the framework of SCIC, we consider the dominant fluctuations of the sending states, such as the relative phases and the intensities, and provide a self-contained information theoretic security proof for the loss-tolerant QKD protocol in the finite-key regime. We demonstrate the feasibility of secure quantum communication within a reasonable number of pulses sent, and thus we are convinced that our work constitutes a crucial step toward guaranteeing implementation security of QKD.
• ### Finite-key security analysis for quantum key distribution with leaky sources(1803.09508)

March 26, 2018 quant-ph
Security proofs of quantum key distribution (QKD) typically assume that the devices of the legitimate users are perfectly shielded from the eavesdropper. This assumption is, however, very hard to meet in practice, and thus the security of current QKD implementations is not guaranteed. Here, we fill this gap by providing a finite-key security analysis for QKD which is valid against arbitrary information leakage from the state preparation process of the legitimate users. For this, we extend the techniques introduced in (New J. Phys. 18, 065008, (2016)) to the finite-key regime, and we evaluate the security of a leaky decoy-state BB84 protocol with biased basis choice, which is one of the most implemented QKD schemes today. Our simulation results demonstrate the practicability of QKD over long distances and within a reasonable time frame given that the legitimate users' devices are sufficiently isolated.
• ### Decoy-state quantum key distribution with a leaky source(1803.06045)

March 16, 2018 quant-ph
In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.
• ### Security of quantum key distribution with iterative sifting(1610.06499)

May 30, 2017 quant-ph
Several quantum key distribution (QKD) protocols employ iterative sifting. After each quantum transmission round, Alice and Bob disclose part of their setting information (including their basis choices) for the detected signals. The quantum phase of the protocol then ends when the numbers of detected signals per basis exceed certain pre-agreed threshold values. Recently, however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative sifting makes QKD insecure, especially in the finite key regime, if the parameter estimation for privacy amplification uses the random sampling theory. This implies that a number of existing finite key security proofs could be flawed and cannot guarantee security. Here, we solve this serious problem by showing that the use of Azuma's inequality for parameter estimation makes QKD with iterative sifting secure again. This means that the existing protocols whose security proof employs this inequality remain secure even if they employ iterative sifting. Also, our results highlight a fundamental difference between the random sampling theorem and Azuma's inequality in proving security.
• ### Information-theoretic security proof of differential-phase-shift quantum key distribution protocol based on complementarity(1705.00171)

April 29, 2017 quant-ph
We show the information-theoretic security proof of the differential-phase-shift (DPS) quantum key distribution (QKD) protocol based on the complementarity approach [arXiv:0704.3661 (2007)]. Our security proof provides a slightly better key generation rate compared to the one derived in the previous security proof in [arXiv:1208.1995 (2012)] that is based on the Shor-Preskill approach [Phys. Rev. Lett. ${\bf 85}$, 441 (2000)]. This improvement is obtained because the complementarity approach can employ more detailed information on Alice's sending state in estimating the leaked information to an eavesdropper. Moreover, we remove the necessity of the numerical calculation that was needed in the previous analysis to estimate the leaked information. This leads to an advantage that our security proof enables us to evaluate the security of the DPS protocol with any block size. This paper highlights one of the fundamental differences between the Shor-Preskill and the complementarity approaches.
• ### Differential-phase-shift quantum key distribution protocol with small number of random delays(1702.00162)

Feb. 1, 2017 quant-ph
The differential-phase-shift (DPS) quantum key distribution (QKD) protocol was proposed aiming at simple implementation, but it can tolerate only a small disturbance in a quantum channel. The round-robin DPS (RRDPS) protocol could be a good solution for this problem, which in fact can tolerate even up to $50\%$ of a bit error rate. Unfortunately, however, such a high tolerance can be achieved only when we compromise the simplicity, i.e., Bob's measurement must involve a large number of random delays ($|\mathcal{R}|$ denotes its number), and in a practical regime of $|\mathcal{R}|$ being small, the tolerance is low. In this paper, we propose a new DPS protocol to achieve a higher tolerance than the one in the original DPS protocol, in which the measurement setup is less demanding than the one of the RRDPS protocol for the high tolerance regime. We call the new protocol the small-number-random DPS (SNRDPS) protocol, and in this protocol, we add only a small amount of randomness to the original DPS protocol, i.e., $2\leq|\mathcal{R}|\leq10$. In fact, we found that the performance of the SNRDPS protocol is significantly enhanced over the original DPS protocol only by employing a few additional delays such as $|\mathcal{R}|=2$. Also, we found that the key generation rate of the SNRDPS protocol outperforms the RRDPS protocol without monitoring the bit error rate when it is less than $5\%$ and $|\mathcal{R}|\leq10$. Our protocol is an intermediate protocol between the original DPS protocol and the RRDPS protocol, and it increases the variety of the DPS-type protocols with quantified security.
• ### Experimental transmission of quantum digital signatures over 90-km of installed optical fiber using a differential phase shift quantum key distribution system(1608.04220)

Aug. 15, 2016 quant-ph
Quantum digital signatures apply quantum mechanics to the problem of guaranteeing message integrity and non-repudiation with information-theoretical security, which are complementary to the confidentiality realized by quantum key distribution. Previous experimental demonstrations have been limited to transmission distances of less than 5-km of optical fiber in a laboratory setting. Here we report the first demonstration of quantum digital signatures over installed optical fiber as well as the longest transmission link reported to date. This demonstration used a 90-km long differential phase shift quantum key distribution system to achieve approximately one signed bit per second - an increase in the signature generation rate of several orders of magnitude over previous optical fiber demonstrations.
• ### Robustness of round-robin differential-phase-shift quantum-key-distribution protocol against source flaws(1510.00327)

May 6, 2016 quant-ph
Recently, a new type of quantum key distribution, called the round-robin differential phase-shift (RRDPS) protocol [Nature 509, 475 (2014)], was proposed, where the security can be guaranteed without monitoring any statistics. In this Letter, we investigate source imperfections and side-channel attacks on the source of this protocol. We show that only three assumptions are needed for the security, and no detailed characterizations of the source or the side-channel attacks are needed. This high robustness is another striking advantage of the RRDPS protocol over other protocols.
• ### Quantum key distribution protocols with slow basis choice(1604.04460)

April 15, 2016 quant-ph
Many quantum key distribution (QKD) protocols require random choice of measurement basis for each pulse or each train of pulses. In some QKD protocols, such as the Round-Robin Differential Phase Shift (RRDPS) QKD protocol, this requirement is a bit challenging as randomly choosing hundreds of settings for every, say, 100 pulses may be too fast with current technologies. In this paper, we solve this issue by proving the security of QKD protocols with slow basis choice without compromising the secret key rate. We also show that the random choice of the bases for the state preparation can be made slow if the signals do not leak any information on the basis. Examples of QKD protocols that our technique can apply include the RRDPS protocol and BB84-type protocols, and our technique relaxes demands for the implementation of QKD systems.
• ### Security of quantum key distribution with non-I.I.D. light sources(1602.02914)

Feb. 9, 2016 quant-ph
Although quantum key distribution (QKD) is theoretically secure, there is a gap between the theory and practice. In fact, real-life QKD may not be secure because component devices in QKD systems may deviate from the theoretical models assumed in security proofs. To solve this problem, it is necessary to construct the security proof under realistic assumptions on the source and measurement unit. In this paper, we prove the security of a QKD protocol under practical assumptions on the source that accommodate fluctuation of the phase and intensity modulations. As long as our assumptions hold, it does not matter at all how the phase and intensity distribute nor whether or not their distributions over different pulses are independently and identically distributed (I.I.D.). Our work shows that practical sources can be safely employed in QKD experiments.
• ### Experimental quantum key distribution without monitoring signal disturbance(1505.07914)

May 29, 2015 quant-ph
Since the invention of Bennett-Brassard 1984 (BB84) protocol, many quantum key distribution (QKD) protocols have been proposed and some protocols are operated even in field environments. One of the striking features of QKD is that QKD protocols are provably secure unlike cryptography based on computational complexity assumptions. It has been believed that, to guarantee the security of QKD, Alice and Bob have to monitor the statistics of the measurement outcomes which are used to determine the amount of the privacy amplification to generate a key. Recently a new type of QKD protocol, called round robin differential phase shift (RRDPS) protocol, was proposed, and remarkably this protocol can generate a key without monitoring any statistics of the measurement outcomes. Here we report an experimental realization of the RRDPS protocol. We used a setup in which Bob randomly chooses one from four interferometers with different pulse delays so that he could implement phase difference measurements for all possible combinations with five-pulse time-bin states. Using the setup, we successfully distributed keys over 30 km of fiber, making this the first QKD experiment that does not rely on signal disturbance monitoring.
• ### Secure Quantum Key Distribution(1505.05303)

May 20, 2015 quant-ph
Secure communication plays a crucial role in the Internet Age. Quantum mechanics may revolutionise cryptography as we know it today. In this Review Article, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After a brief introduction to recent experimental progress and challenges, we survey the latest developments in quantum hacking and counter-measures against it.
• ### Finite-key analysis for measurement-device-independent quantum key distribution(1307.1081)

May 20, 2015 quant-ph
Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach---measurement-device-independent quantum key distribution---has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time-frame of signal transmission.
• ### Finite-key security analysis of quantum key distribution with imperfect light sources(1504.08151)

April 30, 2015 quant-ph
In recent years, the gap between theory and practice in quantum key distribution (QKD) has been significantly narrowed, particularly for QKD systems with arbitrarily awed optical receivers. The status for QKD systems with imperfect light sources is however less satisfactory, in the sense that the resulting secure key rates are often overly-dependent on the quality of state preparation. This is especially the case when the channel loss is high. Very recently, to overcome this limitation, Tamaki et al proposed a QKD protocol based on the so-called rejected data analysis, and showed that its security|in the limit of infinitely long keys|is almost independent of any encoding flaw in the qubit space, being this protocol compatible with the decoy state method. Here, as a step towards practical QKD, we show that a similar conclusion is reached in the finite-key regime, even when the intensity of the light source is unstable. More concretely, we derive security bounds for a wide class of realistic light sources and show that the bounds are also efficient in the presence of high channel loss. Our results strongly suggest the feasibility of long distance provably-secure communication with imperfect light sources.
• ### Measurement-device-independent quantum key distribution with all-photonic adaptive Bell measurement(1408.2884)

Aug. 13, 2014 quant-ph
The time-reversed version of entanglement-based quantum key distribution (QKD), called measurement-device-independent QKD (mdiQKD), was originally introduced to close arbitrary security loopholes of measurement devices. Here we show that the mdiQKD has another advantage which should be distinguished from the entanglement-based QKD. In particular, an all-photonic adaptive Bell measurement, based on the concept of quantum repeaters, can be installed solely in the mdiQKD, which leads to a square root improvement in the key rate. This Bell measurement also provides a similar improvement in the single-photon-based entanglement generation of quantum repeaters.
• ### Measurement-device-independent quantum key distribution for Scarani-Acin-Ribordy-Gisin 04 protocol(1404.2197)

April 8, 2014 quant-ph
The measurement-device-independent quantum key distribution (MDI QKD) was proposed to make BB84 completely free from any side-channel in detectors. Like in prepare & measure QKD, the use of other protocols in MDI setting would be advantageous in some practical situations. In this paper, we consider SARG04 protocol in MDI setting. The prepare & measure SARG04 is proven to be able to generate a key up to two-photon emission events. In MDI setting we show that the key generation is possible from the event with single or two-photon emission by a party and single-photon emission by the other party, but the two-photon emission event by both parties cannot contribute to the key generation. On the contrary to prepare & measure SARG04 protocol where the experimental setup is exactly the same as BB84, the measurement setup for SARG04 in MDI setting cannot be the same as that for BB84 since the measurement setup for BB84 in MDI setting induces too many bit errors. To overcome this problem, we propose two alternative experimental setups, and we simulate the resulting key rate. Our study highlights the requirements that MDI QKD poses on us regarding with the implementation of a variety of QKD protocols.
• ### High-fidelity cluster state generation for ultracold atoms in an optical lattice(1202.6446)

March 5, 2014 quant-ph, cond-mat.quant-gas
We propose a method for generating high-fidelity multipartite spin-entanglement of ultracold atoms in an optical lattice in a short operation time with a scalable manner, which is suitable for measurement-based quantum computation. To perform the desired operations based on the perturbative spin-spin interactions, we propose to actively utilize the extra degrees of freedom (DOFs) usually neglected in the perturbative treatment but included in the Hubbard Hamiltonian of atoms, such as, (pseudo-)charge and orbital DOFs. Our method simultaneously achieves high fidelity, short operation time, and scalability by overcoming the following fundamental problem: enhancing the interaction strength for shortening operation time breaks the perturbative condition of the interaction and inevitably induces unwanted correlations among the spin and extra DOFs.
• ### Loss-tolerant quantum cryptography with imperfect sources(1312.3514)

Dec. 19, 2013 quant-ph
In principle, quantum key distribution (QKD) offers unconditional security based on the laws of physics. In practice, flaws in the state preparation undermine the security of QKD systems, as standard theoretical approaches to deal with state preparation flaws are not loss-tolerant. An eavesdropper can enhance and exploit such imperfections through quantum channel loss, thus dramatically lowering the key generation rate. Crucially, the security analyses of most existing QKD experiments are rather unrealistic as they typically neglect this effect. Here, we propose a novel and general approach that makes QKD loss-tolerant to state preparation flaws. Importantly, it suggests that the state preparation process in QKD can be significantly less precise than initially thought. Our method can widely apply to other quantum cryptographic protocols.
• ### All photonic quantum repeaters(1309.7207)

Sept. 27, 2013 quant-ph
Quantum communication holds promise for unconditionally secure transmission of secret messages and faithful transfer of unknown quantum states. Photons appear to be the medium of choice for quantum communication. Owing to photon losses, robust quantum communication over long lossy channels requires quantum repeaters. It is widely believed that a necessary and highly demanding requirement for quantum repeaters is the existence of matter quantum memories at the repeater nodes. Here we show that such a requirement is, in fact, unnecessary by introducing the concept of all photonic quantum repeaters based on flying qubits. As an example of the realization of this concept, we present a protocol based on photonic cluster state machine guns and a loss-tolerant measurement equipped with local high-speed active feedforwards. We show that, with such an all photonic quantum repeater, the communication efficiency still scales polynomially with the channel distance. Our result paves a new route toward quantum repeaters with efficient single-photon sources rather than matter quantum memories.
• ### Countermeasure against tailored bright illumination attack for DPS-QKD(1308.2294)

Aug. 10, 2013 quant-ph
We propose a countermeasure against the so-call tailored bright illumination attacl dor Differential-Phase-Shift QKD (DPS-QKD). By Monitoring a rate of coincidence detection at a pair of superconducting nanowire single photon detectors (SSPDs) which is connected at each of the output ports of Bob's Mach-Zehnder interferometer, Alice and Bob can detect and defeat this kind of attack.
• ### Characteristics of superconducting single photon detector in DPS-QKD system under bright illumination blinding attack(1308.2295)

Aug. 10, 2013 quant-ph
We derive the time-dependent photo-detection probability equation of a superconducting single photon detector (SSPD) to study the responsive property for a pulse train at high repetition rate. Using this equation, we analyze the characteristics of SSPDs when illuminated by bright pulses in blinding attack on a quantum key distribution (QKD). We obtain good agreement between expected values based on our equation and actual experimental values. Such a time-dependent probability analysis contributes to security analysis.
• ### Blind post-processing for the unbalanced BB84(1302.1701)

Feb. 8, 2013 quant-ph
For the realization of quantum key distribution, it is important to investigate its security based on a mathematical model that captures properties of the actual devices used by the legitimate users. Recently, Ferenczi, et. al. (Phys. Rev. A 86 042327 (2012)) pointed out potential influences that the losses in phase modulators and/or the unbalance in the transmission rate of beam splitters may have on the security of the phase-encoded BB84 and analyzed the security of this scheme, which is called the unbalanced BB84. In this paper, we ask whether blindly applying the post-processing of the balanced BB84 to the unbalanced BB84 would lead to an insecure key or not, and we conclude that we can safely distill a secure key even with this post-processing. It follows from our proof that as long as the unbalances are basis-independent, our conclusion holds even if the unbalances are unknown and fluctuate in time.
• ### Phase encoding schemes for measurement device independent quantum key distribution and basis-dependent flaw(1111.3413)

Aug. 27, 2012 quant-ph
In this paper, we study the unconditional security of the so-called measurement device independent quantum key distribution (MDIQKD) with the basis-dependent flaw in the context of phase encoding schemes. We propose two schemes for the phase encoding, the first one employs a phase locking technique with the use of non-phase-randomized coherent pulses, and the second one uses conversion of standard BB84 phase encoding pulses into polarization modes. We prove the unconditional security of these schemes and we also simulate the key generation rate based on simple device models that accommodate imperfections. Our simulation results show the feasibility of these schemes with current technologies and highlight the importance of the state preparation with good fidelity between the density matrices in the two bases. Since the basis-dependent flaw is a problem not only for MDIQKD but also for standard QKD, our work highlights the importance of an accurate signal source in practical QKD systems. Note: We include the erratum of this paper in Appendix C. The correction does not affect the validity of the main conclusions reported in the paper, which is the importance of the state preparation in MDIQKD and the fact that our schemes can generate the key with the practical channel mode that we have assumed.
• ### Unconditional security of coherent-state-based differential phase shift quantum key distribution protocol with block-wise phase randomization(1208.1995)

Aug. 9, 2012 quant-ph
We prove the unconditional security of coherent-state-based differential phase shift quantum key distribution protocol (DPSQKD) with block-wise phase randomization. Our proof is based on the conversion of DPSQKD to an equivalent entanglement-distillation protocol where the estimated phase error rate determines the amount of the privacy amplification. The generated final key has a contribution from events where the sender emits two or more photons, indicating the robustness of DPSQKD against photon-number-splitting attacks.
• ### Security of six-state quantum key distribution protocol with threshold detectors(1008.4663)

Aug. 27, 2010 quant-ph
We prove the unconditional security of the six-state protocol with threshold detectors and one-way classical communication. Unlike the four-state protocol (BB84), it has been proven that the squash operator for the six-state does not exist, i.e., the statistics of the measurements cannot be obtained via measurement on qubits. We propose a technique to determine which photon number states are important, and we consider a fictitious measurement on a qubit, which is defined through the squash operator of BB84, for the better estimation of Eve's information. As a result, we prove that the bit error rate threshold for the six-state protocol (12.611%) remains almost the same as the one of the qubit-based six-state protocol (12.619%). This clearly demonstrates the robustness of the six-state protocol against the use of the practical devices.