Differential-phase-shift QKD with practical Mach-Zehnder interferometer (2024)

For Alice’s source device, we assume the following conditions.

1. (A1)

   For each pulse emission, Alice uniformly and randomly chooses bit $b_{i}\in\{0,1\}$, and according to the chosen bit,she prepares state $\hat{\rho}_{S_{i}}^{b_{i}}$ of system $S_{i}$. We call consecutive three emitted pulses block, and the state of a single block is written as

   $\displaystyle\hat{\rho}_{\bm{S}}^{\bm{b}}:=\bigotimes_{i=1}^{3}\hat{\rho}_{S_{$

   (1)

   with $\bm{S}:=S_{1}S_{2}S_{3}$ and $\bm{b}:=b_{1}b_{2}b_{3}$.We suppose that bit information $b_{i}$ is only encoded to the $i$th emitted pulse, and Eve cannot access to system $R_{i}$ that purifies state$\hat{\rho}_{S_{i}}^{b_{i}}$. $|\psi_{b_{i}}\rangle_{S_{i}R_{i}}$ denotes the purified state of $\hat{\rho}_{S_{i}}^{b_{i}}$.

2. (A2)

   The probabilities of the $i$th emitted pulse being the vacuum state are independent of the chosen bit, namely,

   $\displaystyle{\rm tr}(\hat{\rho}_{S_{i}}^{0}|{\rm vac}\rangle\langle{\rm vac}|$

   (2)

   Here, $|{\rm vac}\rangle$ denotes the vacuum state.

3. (A3)

   We assume that the probability of any block emitting $n$ photons is upper-bounded by $q_{n}$ for $n\in\{1,2,3\}$, i.e.,

   $\displaystyle\sum_{m\geq n}{\rm tr}(\hat{\rho}_{\bm{S}}^{\bm{b}}|m\rangle$

   (3)

   Here, $|m\rangle$ denotes the $m$ photon-number state.

   See Also

   Yttria-stabilized zirconia (8YSZ) synthesis in a supercritical CO 2 -assisted process: a parametric study for achieving cubic phase stability

As for Bob’s measurement unit, we assume the following conditions.

1. (B1)

   Bob employs two photon-number-resolving (PNR) detectors $D_{0}$ and $D_{1}$that discriminate between the vacuum, a single photon, and two or more photons of a specific single optical mode.The detection inefficiency is modeled as a beam splitter (BS) followed by an ideal detector with a unit quantum efficiency.The quantum efficiencies are identical for both PNR detectors and are denoted by $\eta_{\rm det}$.Moreover, we assume that the dark counting of the detector is simulated by a stray photon source positionedin front of Bob’s measurement unit.

2. (B2)

   Let $\eta_{1}$ and $\eta_{2}$ be transmittance of two BSs in the Mach-Zehnder interferometerwith respect to the single optical mode detected by the detectors.For later convenience, a BS with transmittance $\eta$ is denoted by $\eta$-BS.The transmittance of the BSs is assumed to be constant during the execution of the QKD protocol.Alice and Bob do not know the exact transmittance but its ranges:

   $\displaystyle\eta_{1}\in R_{1}:=[1/2-\delta^{({\rm BS})}_{1},1/2+\delta^{({\rmBS$

   (4)

   with $0\leq\delta^{({\rm BS})}_{1},\delta^{({\rm BS})}_{2}<1/2$. For simplicity of notations, we define

   $\displaystyle\eta^{L}_{i}=1/2-\delta^{({\rm BS})}_{i}~{}{\rm and}~{}\eta^{U}_{$

   (5)

1. 1.

   Alice and Bob respectively execute the following steps (a) and (b) $N_{{\rm em}}$ times.

   1. (a)

      Alice uniformly and randomly chooses three bits $\bm{b}=b_{1}b_{2}b_{3}\in\{0,1\}^{3}$, and according to the chosen bits,she sends state$\hat{\rho}_{\bm{S}}^{\bm{b}}$ of a single block to Bob via a quantum channel.

   2. (b)

      Bob splits the incoming three pulses into two pulse trains using the first BS (BS1).The $i$th pulse with $i\in\{1,2,3\}$ passing through the lower and upper arms of the Mach-Zehnder interferometerare labeled by $(l,i)$ and $(u,i)$, respectively.The pulse pairs $(u,1)$ and $(l,2)$, and $(u,2)$ and $(l,3)$ interfere at the second BS (BS2).We define the time slots of detection of the first and second pulse pairs as TS1 and TS2, respectively.We define a “detection event” as the one in which Bob detects one photon in total in TS1 and TS2.The detectionevent at TS$j$ (with $j\in\{1,2\}$) determines the raw key bit $d$ depending on which of the two detectors clicks.

2. 2.

   Bob defines the set of detection events $\mathcal{S}\subset\{1,...,N_{{\rm em}}\}$ with length$|\mathcal{S}|:=N_{\det}$, the set of time slots at which Bob obtained the detection event,i.e., $\{{\rm TS}j_{i}\}_{i\in\mathcal{S}}$, and the raw key bits $\bm{d}:=(d_{i})_{i\in\mathcal{S}}$.Here, $j_{i}$ and $d_{i}$ ($i\in\mathcal{S}$) respectively denote the values of $j$ and $d$ of the $i$th detection event.Within the detection events,Bob randomly assigns each detection event to a code event with probability $t$ or a sample event with probability$1-t$ (where $0<t<1$).Then, he obtains the code set $\mathcal{S}_{{\rm code}}$ with length $|\mathcal{S}_{\rm code}|:=N_{{\rm code}}$,the sample set $\mathcal{S}_{{\rm sample}}$ with length $|\mathcal{S}_{\rm code}|:=N_{{\rm code}}$,his sifted key $\kappa_{B}:=(d_{i})_{i\in\mathcal{S}_{{\rm code}}}$, and the sample bit sequence$\kappa^{{\rm sample}}_{B}:=(d_{i})_{i\in\mathcal{S}_{{\rm sample}}}$.

3. 3.

   Bob announces $\mathcal{S}_{{\rm code}},\mathcal{S}_{{\rm sample}}$, $\{{\rm TS}j_{i}\}_{i\in\mathcal{S}}$ and$\kappa_{B}^{\rm sample}$ via an authenticated public channel.

4. 4.

   Alice obtains her sifted key $\kappa_{A}:=(b_{j_{i}}\oplus b_{j_{i}+1})_{i\in\mathcal{S}_{\rm code}}$and the sample bit sequence $\kappa^{{\rm sample}}_{A}:=(b_{j_{i}}\oplus b_{j_{i}+1})_{i\in\mathcal{S}_{\rmsample}}$.

5. 5.

   Alice estimates the bit error rate in the code events from the bit error rate in the sample events, selects a bit error correction code, and sends the syndrome information of her sifted key $\kappa_{A}$ to Bob by consuming pre-shared secret keyof length $N_{{\rm EC}}$.

6. 6.

   Alice and Bob execute privacy amplification to respectively shorten $\kappa_{A}$ and $\kappa_{B}^{{\rm rec}}$ by$N_{\rm PA}$ to obtain their final keys of length $N_{{\rm code}}-N_{\rm PA}$.

After the execution of the protocol, the net length of the increased secret key is given by

For later use, we define the following parameters

where wt$(a)$ represents the weight, i.e., the number of ones in the bit sequence $a$.

In the security proof, it is convenient to consider the virtual protocol in which Alice prepares the following entangled state