MDI-QKD: Continuous- versus discrete-variables at metropolitan distances

In a comment, Xu, Curty, Qi, Qian, and Lo claimed that discrete-variable (DV) measurement device independent (MDI) quantum key distribution (QKD) would compete with its continuous-variable (CV) counterpart at metropolitan distances. Actually, Xu et al.'s analysis supports exactly the opposite by showing that the experimental rate of our CV protocol (achieved with practical room-temperature devices) remains one order of magnitude higher than their purely-numerical and over-optimistic extrapolation for qubits, based on nearly-ideal parameters and cryogenic detectors (unsuitable solutions for a realistic metropolitan network, which is expected to run on cheap room-temperature devices, potentially even mobile). The experimental rate of our protocol (expressed as bits per relay use) is confirmed to be two-three orders of magnitude higher than the rate of any realistic simulation of practical DV-MDI-QKD over short-medium distances. Of course this does not mean that DV-MDI-QKD networks should not be investigated or built, but increasing their rate is a non-trivial practical problem clearly beyond the analysis of Xu et al. Finally, in order to clarify the facts, we also refute a series of incorrect arguments against CV-MDI-QKD and, more generally, CV-QKD, which were made by Xu et al. with the goal of supporting their thesis.Comment: Updated reply to Xu, Curty, Qi, Qian and Lo (arXiv:1506.04819), including a point-to-point rebuttal of their new "Appendix E: Addendum

Experimental demonstration of Gaussian protocols for one-sided device-independent quantum key distribution

Nonlocal correlations, a longstanding foundational topic in quantum information, have recently found application as a resource for cryptographic tasks where not all devices are trusted, for example in settings with a highly secure central hub, such as a bank or government department, and less secure satellite stations which are inherently more vulnerable to hardware "hacking" attacks. The asymmetric phenomena of Einstein-Podolsky-Rosen steering plays a key role in one-sided device-independent quantum key distribution (1sDI-QKD) protocols. In the context of continuous-variable (CV) QKD schemes utilizing Gaussian states and measurements, we identify all protocols that can be 1sDI and their maximum loss tolerance. Surprisingly, this includes a protocol that uses only coherent states. We also establish a direct link between the relevant EPR steering inequality and the secret key rate, further strengthening the relationship between these asymmetric notions of nonlocality and device independence. We experimentally implement both entanglement-based and coherent-state protocols, and measure the correlations necessary for 1sDI key distribution up to an applied loss equivalent to 7.5 km and 3.5 km of optical fiber transmission respectively. We also engage in detailed modelling to understand the limits of our current experiment and the potential for further improvements. The new protocols we uncover apply the cheap and efficient hardware of CVQKD systems in a significantly more secure setting.Comment: Addition of experimental results and (several) new author

Quantum-based security in optical fibre networks

Electronic communication is used everyday for a number of different applications. Some of the information transferred during these communications can be private requiring encryption and authentication protocols to keep this information secure. Although there are protocols today which provide some security, they are not necessarily unconditionally secure. Quantum based protocols on the other hand, can provide unconditionally secure protocols for encryption and authentication. Prior to this Thesis, only one experimental realisation of quantum digital signatures had been demonstrated. This used a lossy photonic device along with a quantum memory allowing two parties to test whether they were sent the same signature by a single sender, and also store the quantum states for measurement later. This restricted the demonstration to distances of only a few metres, and was tested with a primitive approximation of a quantum memory rather than an actual one. This Thesis presents an experimental realisation of a quantum digital signature protocol which removes the reliance on quantum memory at the receivers, making a major step towards practicality. By removing the quantum memory, it was also possible to perform the swap and comparison mechanism in a more efficient manner resulting in an experimental realisation of quantum digital signatures over 2 kilometres of optical fibre. Quantum communication protocols can be unconditionally secure, however the transmission distance is limited by loss in quantum channels. To overcome this loss in conventional channels an optical amplifier is used, however the added noise from these would swamp the quantum signal if directly used in quantum communications. This Thesis looked into probabilistic quantum amplification, with an experimental realisation of the state comparison amplifier, based on linear optical components and single-photon detectors. The state comparison amplifier operated by using the wellestablished techniques of optical coherent state comparison and weak subtraction to post-select the output and provide non-deterministic amplification with increased fidelity at a high repetition rate. The success rates of this amplifier were found to be orders of magnitude greater than other state of the art quantum amplifiers, due to its lack of requirement for complex quantum resources, such as single or entangled photon sources, and photon number resolving detectors

One-sided Device-Independent Quantum Key Distribution: Security, feasibility, and the connection with steering

We analyze the security and feasibility of a protocol for Quantum Key Distribution (QKD), in a context where only one of the two parties trusts his measurement apparatus. This scenario lies naturally between standard QKD, where both parties trust their measurement apparatuses, and Device-Independent QKD (DI-QKD), where neither does, and can be a natural assumption in some practical situations. We show that the requirements for obtaining secure keys are much easier to meet than for DI-QKD, which opens promising experimental opportunities. We clarify the link between the security of this one-sided DI-QKD scenario and the demonstration of quantum steering, in analogy to the link between DI-QKD and the violation of Bell inequalities.Comment: v2 replaces the 3-page abstract posted as v1: our results are now given with all necessary details. v3: published versio

Blind Reconciliation

Information reconciliation is a crucial procedure in the classical post-processing of quantum key distribution (QKD). Poor reconciliation efficiency, revealing more information than strictly needed, may compromise the maximum attainable distance, while poor performance of the algorithm limits the practical throughput in a QKD device. Historically, reconciliation has been mainly done using close to minimal information disclosure but heavily interactive procedures, like Cascade, or using less efficient but also less interactive -just one message is exchanged- procedures, like the ones based in low-density parity-check (LDPC) codes. The price to pay in the LDPC case is that good efficiency is only attained for very long codes and in a very narrow range centered around the quantum bit error rate (QBER) that the code was designed to reconcile, thus forcing to have several codes if a broad range of QBER needs to be catered for. Real world implementations of these methods are thus very demanding, either on computational or communication resources or both, to the extent that the last generation of GHz clocked QKD systems are finding a bottleneck in the classical part. In order to produce compact, high performance and reliable QKD systems it would be highly desirable to remove these problems. Here we analyse the use of short-length LDPC codes in the information reconciliation context using a low interactivity, blind, protocol that avoids an a priori error rate estimation. We demonstrate that 2x10^3 bits length LDPC codes are suitable for blind reconciliation. Such codes are of high interest in practice, since they can be used for hardware implementations with very high throughput.Comment: 22 pages, 8 figure

Twisted Photons: New Quantum Perspectives in High Dimensions

Quantum information science and quantum information technology have seen a virtual explosion world-wide. It is all based on the observation that fundamental quantum phenomena on the individual particle or system-level lead to completely novel ways of encoding, processing and transmitting information. Quantum mechanics, a child of the first third of the 20th century, has found numerous realizations and technical applications, much more than was thought at the beginning. Decades later, it became possible to do experiments with individual quantum particles and quantum systems. This was due to technological progress, and for light in particular, the development of the laser. Hitherto, nearly all experiments and also nearly all realizations in the fields have been performed with qubits, which are two-level quantum systems. We suggest that this limitation is again mainly a technological one, because it is very difficult to create, manipulate and measure more complex quantum systems. Here, we provide a specific overview of some recent developments with higher-dimensional quantum systems. We mainly focus on Orbital Angular Momentum (OAM) states of photons and possible applications in quantum information protocols. Such states form discrete higher-dimensional quantum systems, also called qudits. Specifically, we will first address the question what kind of new fundamental properties exist and the quantum information applications which are opened up by such novel systems. Then we give an overview of recent developments in the field by discussing several notable experiments over the past 2-3 years. Finally, we conclude with several important open questions which will be interesting for investigations in the future.Comment: 15 pages, 7 figure

Modeling, Simulation, and Analysis of a Decoy State Enabled Quantum Key Distribution System

Quantum Key Distribution (QKD) is an emerging technology which uses the principles of quantum mechanics to provide unconditionally secure key distribution. QKD systems are unique in their ability to detect an eavesdropper\u27s presence and are being marketed for applications where high levels of secrecy are required such as banking, government, and military environments. QKD systems are composed of electrical, optical, and electrooptical components. Their design requires expertise across multiple disciplines including computer science, computer engineering, electrical engineering, information theory, optical physics, and quantum physics. This multidisciplinary nature makes QKD an ideal candidate for study using Model Based Systems Engineering (MBSE) Processes, Methods, and Tools (PMTs). The primary research goal is to gain understanding of the operation and performance of the QKD decoy state protocol through the use of MBSE PMTs. The main research contributions include development of a decoy state model, validation of the this protocol in a QKD system model implementation, and confirmation that application of MBSE PMTs are critical to the understanding and analysis of complex systems. This work presents the first known application of MBSE PMTs to analyze a QKD system and provides utility to system developers, designers and analysts who seek to quantify performance and security

Quantum Hacking in the Age of Measurement-Device-Independent Quantum Cryptography

Cryptography is essential for secure communication in the digital era. Today, public-key cryptography is widely employed, and has provided an efficient method for encrypting content and ensuring both confidentiality and authenticity of electronic communications. However, the security of these systems is based on assumptions of computational hardness within the constraints of current computing capability. Thus, as quantum computing becomes a reality, public-key algorithms will be genuinely vulnerable to attack. By contrast, quantum cryptography, which is based on quantum physics instead of mathematical assumptions, is able to achieve information-theoretic security. Advances in practical quantum cryptographic systems have not kept pace with theory, where an eavesdropper can relatively easily exploit loopholes in practical implementations to compromise theory-proved security. Bridging the gap between perfect theory and imperfect practice has become a priority for the growing field of quantum key distribution (QKD), which has strived to strengthen the practical security of QKD systems. Among all the countermeasures against quantum hacking, the measurement-device-independent (MDI) QKD protocol is promising because it is immune to all side-channel attacks on measurement devices. However, the MDI QKD protocol has some limitations that critically restrict its practical usefulness. Technically, the MDI scheme is not compatible with existing QKD systems, and produces a low key rate. In addition, the theory underlying MDI QKD security is based on the use of trusted source stations. Thus, this protocol is not a universal solution. This thesis further investigates the practical security of quantum cryptography in and beyond MDI quantum cryptography. To overcome the technical limitations of MDI QKD, we first evaluate two other countermeasures against imperfect detections. The first is an industrial patch based on random detection efficiency, recently implemented by ID Quantique in the commercial Clavis2 QKD system. While powerful, experimental testing shows that this countermeasure is not sufficient to defeat the detector blinding attack. The second countermeasure aims to achieve a higher key rate than MDI QKD while maintaining the same security properties. However, our research shows that detector-device-independent (DDI) QKD security is not equivalent to that of MDI QKD and, further, that DDI QKD is insecure against detector side-channel attacks. While this initial work points to the superior performance of MDI QKD systems, core challenges remain. The fundamental security assumption adopted for MDI QKD systems, regarding the exclusive use of trustable source stations, cannot always be satisfied in practice. Our study revealed several side channels of source devices. The first is disclosed from the implementation of a decoy-state protocol, which is widely used in QKD systems with weak coherent sources. The pump-current-modulated intensities result in a timing mismatch between the signal and decoy states, violating the key assumption in the decoy-state QKD protocol. Moreover, an active Eve can break the basic assumption about photon numbers in the QKD system. In this work, we experimentally demonstrate a laser seeding attack on the laser source, which shows that Eve can increase the emission power of the laser diode. Furthermore, by shining a high-power laser into an optical attenuator, Eve can decrease the attenuation values. The increase in laser emission power and the decrease in attenuation leads to an increase in mean photon numbers. In summary, MDI QKD is a milestone in quantum cryptography. However, this thesis indicates the importance of continued investigations into the practical security of MDI QKD. The analysis of practical security should be extended to other countermeasures against side-channel attacks and the source stations in MDI QKD systems. Practical quantum hacking and security analysis promote the development of quantum cryptographic systems, which will eventually achieve the unconditional security claimed in theory

Preparing a commercial quantum key distribution system for certification against implementation loopholes

A commercial quantum key distribution (QKD) system needs to be formally certified to enable its wide deployment. The certification should include the system's robustness against known implementation loopholes and attacks that exploit them. Here we ready a fiber-optic QKD system for this procedure. The system has a prepare-and-measure scheme with decoy-state BB84 protocol, polarisation encoding, qubit source rate of 312.5 MHz, and is manufactured by QRate in Russia. We detail its hardware and post-processing. We analyse the hardware for any possible implementation loopholes and discuss countermeasures. We then amend the system design to address the highest-risk loopholes identified. We also work out technical requirements on the certification lab and outline its possible structure.Comment: 33 pages, 11 figures, 2 table