The security of a passive plug-and-play QKD arrangement in the case of finite
(resources) key lengths is analysed. It is assumed that the eavesdropper has
full access to the channel so an unknown and untrusted source is assumed. To
take into account the security of the BB84 protocol under collective attacks
within the framework of quantum adversaries, a full treatment provides the
well-known equations for the secure key rate. A numerical simulation keeping a
minimum number of initial parameters constant as the total error sought and the
number of pulses is carried out. The remaining parameters are optimized to
produce the maximum secure key rate. Two main strategies are addressed: with
and without two-decoy-states including the optimization of signal to decoy
relationship
