Download - keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

Transcript
Page 1: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

Security proof of practical quantum key distribution with detection-efficiency

mismatch

Yanbao Zhang

NTT Research Center for Theoretical Quantum Physics

NTT Basic Research Lab, Japan

Based on the joint work arXiv:2004.04383 with Patrick J. Coles, Adam Winick, Jie Lin, and Norbert LΓΌtkenhaus

Page 2: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

1

● Detection-efficiency mismatch due to manufacturing and setup

*Detectors considered in this work are threshold detectors.

● Detection-efficiency mismatch induced by Eve

πœ‚1

πœ‚2

Polarized photons

PBS

Why detection-efficiency mismatch matters?

It is difficult to build two detectors with identical efficiency.

πœ‚1

πœ‚2

Polarized photons

PBS

Zhao et al., Phys. Rev. A 78, 042333 (2008)

spatial-mode-dependent temporal-mode-dependent

Rau et al., IEEE J. Quantum Electron. 21, 6600905 (2014)Sajeed et al., Phys. Rev. A 91, 062301 (2015) Chaiwongkhot et al., Phys. Rev. A 99, 062315 (2019)

Page 3: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

2

● Efficiency mismatch helps Eve to attack QKD systems.

● Efficiency mismatch can cause fake violations of an entanglement witness.

Lydersen et al., Nat. Photon. 4, 686 (2010) Gerhardt et al., Nat. Commun. 2, 349 (2011)

Problems caused by efficiency mismatch

In the presence of efficiency mismatch, the detection events are not fair samples. If only detection events are used, a Bell inequality can be violated even using classical light [Gerhardt et al., Phys. Rev. Lett. 107, 170404 (2011)].

Page 4: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

3

Source-replacement description[Bennett, Brassard, Mermin, PRL 68, 557 (1992); Curty, Lewenstein, LΓΌtkenhaus, PRL 92, 217903 (2004); Ferenczi, LΓΌtkenhaus, PRA 85, 052310 (2012)]

| ۧ𝛹 𝐴𝐴′ = (| Ϋ§H 𝐴| Ϋ§H 𝐴′ + | Ϋ§V 𝐴| Ϋ§V 𝐴′)/ 2

Alice Entanglementsource

𝐴

𝐴′ sentto Bob

POVM

{𝑀π‘₯𝐴 = Ϋ§|πœ‘π‘₯ ΰ΅»πœ‘π‘₯|}

AliceSingle-photon

source

x ∈ 0,1,2,3

x {𝑝π‘₯ = 1/4, Ϋ§πœ‘π‘₯

πœ‘π‘₯ ∈ {H, V, D, A}

Prepare & Measure BB84 [Bennett and Brassard (1984)]

Protocol analyzed in this work

Random numberβ€’ Assumption: Alice’s and Bob’s labs are

secure and trusted.

β€’ Use of the entanglement-based scheme for security analysis.

1) πœŒπ΄π΄β€² 𝜌𝐴𝐡.

2) Alice’s measurements are ideal.

β€’ Warning: System 𝐴′ is two-dimensional, but the system 𝐡 arriving at Bob can be infinite-dimensional.

β€’ Detection-efficiency mismatch exists in Bob’s measurement setup.

𝐴′ sentto Bob

Page 5: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

4

Active Detection Passive Detection

Bob’s measurements & efficiency mismatch

PR – Polarization RotatorPBS – Polarizing Beam Splitter50/50 BS – 50/50 Beam Splitter

PR PBS

H/D

V/A

50/50 BS

PBSH/V

PBSD/A

A

V

D

H

Mode H/D V/A

1 πœ‚1 πœ‚2

2 πœ‚2 πœ‚1

Efficiency mismatch model considered Mode H V D A

1 πœ‚1 πœ‚2 πœ‚2 πœ‚2

2 πœ‚2 πœ‚1 πœ‚2 πœ‚2

3 πœ‚2 πœ‚2 πœ‚1 πœ‚2

4 πœ‚2 πœ‚2 πœ‚2 πœ‚1

Efficiency mismatch model considered

*Our method works for arbitrary, characterized efficiency mismatch.

2

Random bit b

Mode 2

Mode 1Mode 1

3

4

Page 6: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

5

Obstacle to proving security with efficiency mismatch

β€’ Without efficiency mismatch, the squashing model exists. A qubit-based security proof still applies.

[Beaudry, Moroder, LΓΌtkenhaus, Phys. Rev. Lett. 101, 093601 (2008);

Tsurumaru and Tamaki, Phys. Rev. A 78, 032302 (2008)]

β€’ With efficiency mismatch, the above squashing model doesn’t work.

β€’ Previous security proofs with efficiency mismatch assume that the system arriving at Bob contains at most one photon. [Fung et al., Quantum Inf. Comput. 9, 131 (2009); Lydersen and Skaar, Quant. Inf. Comp. 10, 0060 (2010);

Bochkov and Trushechkin, Phys. Rev. A 99, 032308 (2019); Ma et al., Phys. Rev. A 99, 062325 (2019)]

Our contribution: We develop a method to handle the infinite-dimensional system

received by Bob.

*In parallel with us, Trushechkin recently developed an alternative method [arXiv:2004.07809].

Mutiphoton state Single-photon stateSquashing

Page 7: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

6

Alice Bob

Announcement Announcement

Sifting Sifting

Key map Key map

Brief introduction to a numerical approach for security proof

𝜌𝐴𝐡

Measurement {𝑀π‘₯𝐴} Measurement {𝑀𝑦

𝐡}

1. A protocol can be described by a set of POVMs {𝑀π‘₯π΄βŠ— 𝑀𝑦

𝐡 } (measurements), Kraus operator 𝒒

(announcements and sifting), and Key map 𝒡 (forming key). The state 𝜌𝐴𝐡 is constrained by observations 𝑝𝐴𝐡 π‘₯, 𝑦 --- the expectation values of POVMs.

QKD protocol

Key rate: 𝐾 = 𝛼 βˆ’ 𝐻 𝐴 𝐡 , where 𝛼 forprivacy amplification and 𝐻 𝐴 𝐡 for errorcorrection. *Collective attacks are considered, and the key is defined by Alice.

𝛼 = min𝜌𝐴𝐡

𝐷 𝒒 𝜌𝐴𝐡 ||𝒡(𝒒 𝜌𝐴𝐡 )

࡝𝜌𝐴𝐡 β‰₯ 0, Tr 𝜌𝐴𝐡 = 1

Tr (𝑀π‘₯𝐴 βŠ— 𝑀𝑦

𝐡 𝜌𝐴𝐡)= 𝑝𝐴𝐡 π‘₯, 𝑦

Key-rate calculation

2. Once description is given, the key rate (privacy amplification part) takes the form of min 𝑓(𝜌𝐴𝐡) , where one needs to minimize 𝑓 depending on 𝜌𝐴𝐡 (Eve’s attack).

3. As 𝑓 is a convex function, we can calculate both a lower bound and an upper bound on min𝑓(𝜌).

Winick, LΓΌtkenhaus, Coles, Quantum 2, 77 (2018)

Coles, Metodiev, LΓΌtkenhaus, Nat. Commun. 7, 11712 (2016)

Page 8: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

7

Dimension reduction by flag-state squasherβ€’ Key observation: Each POVM element 𝑀𝑦

𝐡 , 𝑦 ∈ 1,2, … , 𝐽 , is block-diagonal with respect

to various photon-number subspaces.

β€’ For a photon-number cutoff π‘˜ (𝑛 ≀ π‘˜)- and (𝑛 > π‘˜)-photon subspaces

Original POVM:

𝑀𝑦𝐡=

𝑀𝑦,π‘›β‰€π‘˜π΅ 0

0 𝑀𝑦,𝑛>π‘˜π΅

Squashed POVM:

෩𝑀𝑦෨𝐡 =

𝑀𝑦,π‘›β‰€π‘˜π΅ 0

0 | ۧ𝑦 |𝑦ۦ

For an arbitrary input state 𝝆𝑩, Tr (π‘΄π’šπ‘©π†π‘©) = Tr ( ΰ·©π‘΄π’š

ΰ·©π‘©πœ¦(𝝆𝑩)), βˆ€ π’š.

Hπ‘›β‰€π‘˜

βŠ•

H𝑛>π‘˜

r

𝑀𝑦,𝑛>π‘˜π΅ | ۧ𝑦 |𝑦ۦ

Squasher πœ¦βŠ•

Hπ‘›β‰€π‘˜

H𝐽

Two equivalent descriptions of the measurement process.

The description using the squasher Ξ› is pessimistic, as it allows Eve to completely learn Bob’s outcome when 𝑛 > π‘˜.

A lower bound on π‘π‘›β‰€π‘˜ is required when using the squasher Ξ›.

Infinite dimensional

Finite dimensional

Bob Bob

Page 9: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

8

Hπ‘›β‰€π‘˜

Step 1: Reducing the dimension

Step 2: Bounding the photon-number distribution

Overview of our method

min𝜌𝐴෩𝐡

𝐷 𝒒 𝜌𝐴 ෨𝐡 ||𝒡(𝒒 𝜌𝐴 ෨𝐡 )

࡞

𝜌𝐴 ෨𝐡 β‰₯ 0, Tr 𝜌𝐴 ෨𝐡 = 1

Tr (𝑀π‘₯𝐴 βŠ— ෩𝑀𝑦

෨𝐡 𝜌𝐴 ෨𝐡)=𝑝𝐴𝐡 π‘₯, 𝑦

Tr(Ξ β‰€π‘˜πœŒπ΄ ෨𝐡) β‰₯ π‘π‘˜

Accordingly, we need only to solve a finite-dimensional convex optimization problem,and so we can obtain non-trivial lower bounds of the secret key rate.

Our key-rate calculation

*𝜌𝐴 ෨𝐡 is finite-dimensional;

* The operators ෩𝑀𝑦෨𝐡 depend

on efficiency mismatch.

* Ξ β‰€π‘˜ is the projector onto the (≀-π‘˜)-photon subspace.

Hπ‘›β‰€π‘˜

βŠ•H𝑛>π‘˜

r

𝑀𝑦,𝑛>π‘˜π΅ | ۧ𝑦 |𝑦ۦ

Squasher πœ¦βŠ•H𝐽

Infinite dimensional

Bob BobFinite

dimensional

Hπ‘›β‰€π‘˜

Page 10: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

9

*Similar bounds have been used for security proofs of QKD without efficiency mismatch, see [LΓΌtkenhaus, PRA 59, 3301 (1999) and Koashi et al., arXiv:0804.0891].

*We use the bounds established in [Y Z and N. LΓΌtkenhaus, PRA 95, 042319 (2017)] for entanglement verification with efficiency mismatch. An alternative bound for active detection with efficiency mismatch was recently derived by Trushechkin, arXiv:2004.07809.

Photon-number distribution boundsβ€’ Let 𝑇 be an observable that depends on both the photon number 𝑛 and the efficiency

mismatch (e.g., double click or cross click).

β€’ 𝑇 is block-diagonal. WLOG 𝜌𝐴𝐡 is block-diagonal, i.e., 𝜌𝐴𝐡= σ𝑛=0∞ 𝑝𝑛 𝜌𝐴𝐡

𝑛.

𝑝𝑛 --- the probability that the system arriving at Bob has 𝑛 photons.

If we can find 𝑛-dependent bounds

𝑑obs,𝑛 = Tr (πœŒπ΄π΅π‘›

𝑇)β‰₯ ቐ𝑑obs, π‘›β‰€π‘˜

min , βˆ€π‘› ≀ π‘˜,

𝑑obs, 𝑛>π‘˜min , βˆ€π‘› > π‘˜,

then we have

𝑑obs = σ𝑛=0∞ 𝑝𝑛 Tr 𝜌𝐴𝐡

𝑛𝑇 β‰₯ π‘π‘›β‰€π‘˜π‘‘obs, π‘›β‰€π‘˜

min + 1 βˆ’ π‘π‘›β‰€π‘˜ 𝑑obs, 𝑛>π‘˜min .

π‘π‘›β‰€π‘˜ β‰₯𝑑obs, 𝑛>π‘˜

min βˆ’ 𝑑obs

𝑑obs, 𝑛>π‘˜min βˆ’ 𝑑obs, π‘›β‰€π‘˜

min.𝑑obs, π‘›β‰€π‘˜

min is less than 𝑑obs, 𝑛>π‘˜min

Page 11: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

10

PR PBS

H/D

V/AMode H/D V/A

1 πœ‚1=1 πœ‚2=πœ‚

2 πœ‚2=πœ‚ πœ‚1=1

Efficiency mismatch model considered

Random bit b

π‘π‘›β‰€π‘˜ for active detection

The observable 𝑇 can be the double-click operator 𝐷 or the effective-error operator.

𝑑obs,𝑛 = Tr (πœŒπ΄π΅π‘›

𝐷)β‰₯ α‰πœ‚

21 βˆ’ 22βˆ’π‘› , 𝑛 is even;

πœ‚

21 βˆ’ 21βˆ’π‘› , 𝑛 is odd.

Photon number 𝑛

πœ‚=1, numerical

πœ‚=0.2, numerical

πœ‚=1, analytical

πœ‚=0.2, analytical

𝑑o

bs,

𝑛m

in

*The numerical results are obtained by solving SDPs [Y Z and N. LΓΌtkenhaus, PRA 95, 042319 (2017)].

*The analytical bounds are motivated and improvethe results in [Trushechkin, arXiv:2004.07809].

Due to the monotonic behavior of 𝑑obs, 𝑛min ,

π‘π‘›β‰€π‘˜ β‰₯𝑑obs, π‘˜+1

min βˆ’ 𝑑obs

𝑑obs, π‘˜+1min

, βˆ€π‘˜.

*Our method works for arbitrary, characterized efficiency mismatch.

Page 12: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

11

50/50 BS

PBSH/V

PBSD/A

A

V

D

H Mode H V D A

1 πœ‚1=1 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚2=πœ‚

2 πœ‚2=πœ‚ πœ‚1=1 πœ‚2=πœ‚ πœ‚2=πœ‚

3 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚1=1 πœ‚2=πœ‚

4 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚1=1

Efficiency mismatch model considered

π‘π‘›β‰€π‘˜ for passive detection

The observable 𝑇 can be the cross-click operator 𝐢.

Photon number 𝑛

𝑐 ob

s,𝑛

min

πœ‚=1

πœ‚=0.8

πœ‚=0.6

πœ‚=0.4

πœ‚=0.2

*The numerical results are obtained by solving SDPs [Y Z and N. LΓΌtkenhaus, PRA 95, 042319 (2017)].

*The numerical bounds coincide with the analytical ones.

Due to the monotonic behavior of 𝑐obs, 𝑛min ,

π‘π‘›β‰€π‘˜ β‰₯𝑐obs, π‘˜+1

min βˆ’ 𝑐obs

𝑐obs, π‘˜+1min

, βˆ€π‘˜.

𝑐obs,𝑛 = Tr (πœŒπ΄π΅π‘›

𝐢)β‰₯ 1 + 1 βˆ’ πœ‚ 𝑛 βˆ’ 2 1 βˆ’πœ‚

2

𝑛.

*Our method works for arbitrary, characterized efficiency mismatch.

Page 13: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

12

Data simulationWe simulate experimental observations 𝑝𝐴𝐡 π‘₯, 𝑦 according to a toy model

β€’ at each round Alice prepares a signal state (according to the protocol),

β€’ the channel between Alice and Bob is specified by

𝑑 --- the single-photon transmission probability,

Ο‰ --- the depolarization noise,

π‘Ÿ --- the multiphoton probability, i.e., the probability that a single photon randomly depolarized π‘š photons (in our simulation π‘š = 2),

β€’ Bob performs a measurement (according to the protocol).

*If Bob’s detectors are coupled to several spatial-temporal modes, the optical signal is distributed uniformly at random over these modes.

Task: Lower-bound the key rate given 𝑝𝐴𝐡 π‘₯, 𝑦 and characterized efficiency mismatch.

*For this particular case, 𝑝𝐴𝐡 π‘₯, 𝑦 are determined by the channel parameters (𝑑, Ο‰, π‘Ÿ)as well as the detector model.

*Our security analysis doesn’t require characterizing the channel between Alice and Bob (i.e., Eve’s attack). Particularly, we don’t assume that the system received by Bob is finite-dimensional.

Page 14: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

13

Key rates with trusted loss (in the absence of mismatch)

Active detection

Passive detection

Identical efficiency πœ‚ of Bob’s detectors

Key

rat

e (b

its)

*For data simulation, π‘‘πœ‚ = 0.1,Ο‰ = 0.05, π‘Ÿ = 0.05.

*𝑝𝐴𝐡 π‘₯, 𝑦 doesn’t change with πœ‚.

For these particular results, our security analysis

β€’ assumes that at most two photons are received by Bob (and so a flag-state squasher is not used).

β€’ when πœ‚ = 1, returns the same key rates as using the usual squashing model [Beaudry, Moroder, LΓΌtkenhaus, Phys. Rev. Lett. 101, 093601 (2008); Tsurumaru and Tamaki, Phys. Rev. A 78, 032302 (2008)].

β€’ suggests that more secret keys can be distilled when the trusted loss inside of Bob’s lab, (1 βˆ’ πœ‚), increases and the untrusted loss over transmission, 1 βˆ’ 𝑑 , decreases.

Page 15: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

14

Key rates for active detection with efficiency mismatch

One mode, assuming ≀ 2 photons

πœ‚2

Key

rat

e (b

its)

*For data simulation, 𝑑 = 0.5,Ο‰ = 0.05, π‘Ÿ = 0.05.

Mode H/D V/A

1 πœ‚1=0.2 πœ‚2

Efficiency mismatch studied

One mode, flag-state squahser

β€’ When applying a flag-state squasher, we choose the photon-number cutoff π‘˜ = 2.

β€’ The larger the efficiency mismatch, the lower the key rate is.

β€’ Making assumptions on Eve’s attack would overestimate the key rate.

Page 16: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

15

Key rates for active detection with efficiency mismatch

One mode, assuming ≀ 2 photons

πœ‚2

Key

rat

e (b

its)

*For data simulation, 𝑑 = 0.5,Ο‰ = 0.05, π‘Ÿ = 0.05.

Mode H/D V/A

1 πœ‚1=0.2 πœ‚2

2 πœ‚2 πœ‚1=0.2

Efficiency mismatch studied

One mode, flag-state squahser

Two modes, flag-state squasher

β€’ When applying a flag-state squasher, we choose the photon-number cutoff π‘˜ = 2.

β€’ The larger the efficiency mismatch, the lower the key rate is.

β€’ Making assumptions on Eve’s attack would overestimate the key rate.

β€’ Mode-dependent mismatch helps Eve to attack the QKD system.

Page 17: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

16

Key rates for passive detection with efficiency mismatch

One mode, assuming ≀ 2 photons

πœ‚2

Key

rat

e (b

its)

*For data simulation, 𝑑 = 0.5,Ο‰ = 0.05, π‘Ÿ = 0.05.

Efficiency mismatch studied

One mode, no photon-# assumption

β€’ When applying a flag-state squasher, we choose a photon-number cutoffπ‘˜ = 2 (for one mode) or π‘˜ = 1 (for four modes).

β€’ The larger the efficiency mismatch, the lower the key rate is.

β€’ Making assumptions on Eve’s attack would overestimate the key rate.

Mode H V D A

1 πœ‚1=0.2 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚2=πœ‚

Page 18: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

17

Key rates for passive detection with efficiency mismatch

One mode, assuming ≀ 2 photons

πœ‚2

Key

rat

e (b

its)

*For data simulation, 𝑑 = 0.5,Ο‰ = 0.05, π‘Ÿ = 0.05.

Efficiency mismatch studied

One mode, no photon-# assumption

Four modes, no photon-# assumption

β€’ When applying a flag-state squasher, we choose a photon-number cutoffπ‘˜ = 2 (for one mode) or π‘˜ = 1 (for four modes).

β€’ The larger the efficiency mismatch, the lower the key rate is.

β€’ Making assumptions on Eve’s attack would overestimate the key rate.

β€’ Mode-dependent mismatch helps Eve to attack the QKD system.

Mode H V D A

1 πœ‚1=0.2 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚2=πœ‚

2 πœ‚2=πœ‚ πœ‚1=0.2 πœ‚2=πœ‚ πœ‚2=πœ‚

3 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚1=0.2 πœ‚2=πœ‚

4 πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚2=πœ‚ πœ‚1=0.2

Page 19: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

18

Summary

β€’ Constructed a flag-state squasher to reduce the system dimension.*The flag-state squasher can be applied to other protocols, see Li and LΓΌtkenhaus, arXiv:2007.08662.

β€’ Established bounds on photon-number distribution directly from experimental observations.

β€’ Proved the security of a prepare & measure BB84 protocol in the presence of efficiency mismatch without a photon-number limit.

β€’ Illustrated the individual effects of trusted loss and untrusted loss on the key rate.

Finite key analysis can also be handled by numerical approach (see the talk β€œNumerical Calculations of Finite Key Rate for General Quantum Key Distribution Protocols” by Ian George).

Page 20: keyrate with mismatch...β€’ Assumption: Alice’s and Bob’s labs are secure and trusted. β€’ Use of the entanglement-based scheme for security analysis. 1) 𝜌 β€² 𝜌 . 2) Alice’s

19

Summary

β€’ Constructed a flag-state squasher to reduce the system dimension.*The flag-state squasher can be applied to other protocols, see Li and LΓΌtkenhaus, arXiv:2007.08662.

β€’ Established bounds on photon-number distribution directly from experimental observations.

β€’ Proved the security of a prepare & measure BB84 protocol in the presence of efficiency mismatch without a photon-number limit.

β€’ Illustrated the individual effects of trusted loss and untrusted loss on the key rate.

Finite key analysis can also be handled by numerical approach (see the talk β€œNumerical Calculations of Finite Key Rate for General Quantum Key Distribution Protocols” by Ian George).

Thank you! [email protected]