We extend the field of continuous-variable quantum cryptography to a network
formulation where two honest parties connect to an untrusted relay by insecure
quantum links. To generate secret correlations, they transmit coherent states
to the relay where a continuous-variable Bell detection is performed and the
outcome broadcast. Even though the detection could be fully corrupted and the
links subject to optimal coherent attacks, the honest parties can still extract
a secret key, achieving high rates when the relay is proximal to one party, as
typical in public networks with access points or proxy servers. Our theory is
confirmed by an experiment generating key-rates which are orders of magnitude
higher than those achievable with discrete-variable protocols. Thus, using the
cheapest possible quantum resources, we experimentally show the possibility of
high-rate quantum key distribution in network topologies where direct links are
missing between end-users and intermediate relays cannot be trusted.Comment: Theory and Experiment. Main article (6 pages) plus Supplementary
Information (additional 13 pages