Abstract
Quantum key distribution with solidstate singlephoton emitters is gaining traction due to their rapidly improving performance and compatibility with future quantum networks. Here we emulate a quantum key distribution scheme with quantumdotgenerated single photons frequencyconverted to 1550 nm, achieving count rates of 1.6 MHz with \({g}^{\left(2\right)}\left(0\right)=3.6\%\) and asymptotic positive key rates over 175 km of telecom fibre. We show that the commonly used finitekey analysis for nondecoy state QKD drastically overestimates secure key acquisition times due to overly loose bounds on statistical fluctuations. Using the tighter multiplicative Chernoff bound to constrain the estimated finite key parameters, we reduce the required number of received signals by a factor 10^{8}. The resulting finite key rate approaches the asymptotic limit at all achievable distances in acquisition times of one hour, and at 100 km we generate finite keys at 13 kbps for one minute of acquisition. This result is an important step towards longdistance singleemitter quantum networking.
Similar content being viewed by others
Introduction
Future quantum networks will require bright lownoise sources of single photons to enable applications including secure communication and distributed quantum computing^{1}. There is a range of promising platforms for such a source, including quantum dots, molecules, quantum emitters in twodimensional materials such as WSe_{2} and hBN, and colour centres in wide bandgap materials such as diamond and SiC. Comparing these platforms for singlephoton emitters, quantum dots (QDs) have demonstrated the highest count rates with the lowest multiphoton emission probability^{2,3,4}.
Fibrebased QKD requires singlephotons at 1550 nm where loss in fibre is lowest. This can be realised with QDs in two ways, fabricating the QD to emit directly at 1550 nm or using quantum frequencyconversion to shift the wavelength of a QD which emits at shorter wavelengths to 1550 nm. The best available QDs in all relevant metrics emit at shorter wavelengths^{2,3,4}, although recent improvements have been made with Cband emitters in terms of brightness and multiphoton noise but not coherence^{5}. Quantum frequencyconversion has been shown to be a viable route to realise a bright, coherent telecom QD singlephoton source with low multiphoton noise, leveraging the performance of shorter wavelength QDs^{6,7,8}.
In this work, we demonstrate BennettBrassard ’84 (BB84) QKD^{9} using a bright frequencyconverted QD source over optical fibre. In the asymptotic case the source outperforms previous demonstrations of prepareandmeasure QKD with singlephoton emitters in terms of achievable key rate and maximum tolerable loss thanks to the brightness and low \({g}^{\left(2\right)}\left(0\right)\) of our source, see Table 1. In the composable security framework, we use improved analytical bounds for the random sampling without replacement problem related to the phase error rate and the multiplicative Chernoff bound that has been proven to be a tighter finite key bound in other contexts^{10}. These bounds are used to calculate the fluctuations between expected and observed values.
The finite key treatment implemented in this work reduces the number of signals Bob must receive to approach the asymptotic case from 10^{15} to 10^{7} compared with widely used previous singlephoton source QKD analyses. Equivalently, the integration time required to approach the asymptotic case is reduced from 10^{4} years to just one hour.
Results
Experimental setup
The experimental setup including singlephoton source, communication channel and receiver is shown in Fig. 1. The quantum light source consists of an InGaAs/GaAs quantum dot inside an oxideapertured micropillar^{11} emitting photons at 940 nm. The QD is excited using a darkfield confocal microscope; single photons are collected in a crosspolarised scheme with 10^{7} suppression of the excitation laser. The QD is operated under pulsed quasiresonant excitation using the third order cavity mode detuned by 440 GHz from the QD emission. This quasiresonant excitation has strongly damped photonnumber coherence compared to resonant excitation of the source^{6}, this allows the output photon number states to be treated as mixed^{12} with no interpulse coherence. Femtosecond pulses from a Ti:Sapphire laser are stretched to 30 ps using a 4f Fourier pulse shaper and temporally multiplexed up to 160.7 MHz. We measure ≈5 MHz count rate with a \({g}^{\left(2\right)}(0)=0.019(1)\) directly from the QD. The singlephoton emission is converted to 1550 nm in a difference frequency generation (DFG) process in a 48 mm periodicallypoled lithium niobate (ppLN) waveguide pumped by a 2400 nm continuouswave laser. The internal conversion efficiency of the DFG process is 57%. Further details on the source can be found in ref. ^{6}.
The four BB84 polarisation states \(\left\{H,V,D,A\right\}\) are encoded using a motorised halfwave plate. Photons are then transmitted through the quantum channel consisting of SMF28 fibre spools with an average propagation loss of 0.1904 dB/km including connectors. The fibre is housed in an insulating box to reduce temperature fluctuations, which keeps the fibreinduced polarisation rotation stable over the typical acquisition time of 30 min per polarisation state.
The BB84 receiver consists of a 50/50 fibre beamsplitter followed by two polarising beam splitters and infibre polarisation controllers to project into the H/V and D/A basis respectively. Photons are detected with superconducting nanowire singlephoton detectors (SNSPDs).
The average transmittivity of the four arms of the receiver is 87% including relative efficiency of each detector measured by comparing the count rate observed on each detector with a reference parametric downconversion source. The SNSPDs are biased to have an average dark count rate of 11.5 Hz at the cost of 510% of the peak efficiency. The detectors are time gated around the arrival time of the signal photons to reduce the effect of dark counts (see Fig. 2), the average time gate across all distances is 3.19 ns. This gives a dark count probability per pulse of p_{dc} = 3.67 × 10^{−8}.
Asymptotic key rate
We send each of the BB84 states \(\left\{H,\,V,\,D,\,A\right\}\) in turn and record at least 5 × 10^{6} detected events for each state for seven distances between 0175 km. The probability that a given round registers in one of Bob’s detectors, p_{click}, is estimated as the ratio of detected events to the number of clock pulses from the Ti:Sapphire which are recorded over the integration period. For convenience, we assume equal probabilities for both bases, i.e. \({p}_{dc}\equiv {p}_{dc}^{X}\equiv {p}_{dc}^{Z}\) and \({p}_{{{{{{{{\rm{click}}}}}}}}}\equiv {p}_{{{{{{{{\rm{click}}}}}}}}}^{X}\equiv {p}_{{{{{{{{\rm{click}}}}}}}}}^{Z}\). We measure a count rate of 1.6 MHz in Bob’s receiver at zero distance. This gives a mean photon number of 〈n〉 = 0.0142 injected into the communication channel backing out the known receiver transmission, the relative efficiency on average due to the measured losses of each detector \(\left(\approx 87\%\right)\) and the estimated quantum efficiency of the detectors \(\left(\approx 75\%\right)\).
The quantum bit error rate (QBER) e_{X/Z}, in the X or Z basis is calculated by comparing the ratio of detected events for the state orthogonal to Alice’s encoded state to the total number of detected events in that basis. By fitting the measured QBER to
the average polarisation misalignment p_{mis} can be extracted, which typically is found to be p_{mis} = 0.3%^{13}. T represents the total optical efficiency from the quantum channel to Bob’s detection apparatus. The dark count probability p_{dc} and mean photon number 〈n〉 are held as fixed parameters.
With p_{click}, e_{X/Z}, 〈n〉 and \({g}^{\left(2\right)}(0)\) experimentally characterised it is possible to calculate the asymptotic key rate (AKR) according to^{14,15}
where \({p}_{{{{{{{{\rm{sift}}}}}}}}}={p}_{X}^{2}+{(1{p}_{X})}^{2}\) is the sifting ratio for the key generation bits assuming both bases are used, p_{X} is the basis bias, \(H\left(x\right)\) is the binary Shannon entropy and \({f}_{EC}\left(x\right)\, > \,1\) is the error correction efficiency factor.
For the experimental setup presented here \({p}_{{{{{{{{\rm{sift}}}}}}}}}=\frac{1}{2}\) which allows for a comparison to previously published work (Table 1). For \({f}_{EC}\left(x\right)\) we use values linearly interpolated between those reported in ref. ^{16} (typically f_{EC} = 1.16 for the range of error rates seen in the experiment). \(A=\left({p}_{{{{{{{{\rm{click}}}}}}}}}{p}_{m}\right)/{p}_{{{{{{{{\rm{click}}}}}}}}}\) is the fraction of signals which are singlephoton pulses and p_{m} is the upper bound on the probability that Alice emits a multiphoton pulse taken to be \({p}_{m}\le {g}^{\left(2\right)}(0){\langle n\rangle }^{2}/2\)^{13}. From the measured 〈n〉 = 0.0142 and \({g}^{\left(2\right)}(0)=0.036(3)\) (see Fig. 2), we estimate p_{m} ≤ 3.63 × 10^{−6} without any additional preattenuation before the final collection fibre. The small increase in \({g}^{\left(2\right)}(0)\) compared to the emission directly from the QD is due to Raman scattering in the frequencyconversion process.
The key rate at shorter distances is increased compared to previous works thanks to the high brightness and temporally multiplexed excitation presented in this work. The maximum tolerable loss is also increased due to the relatively high brightness and low noise compared to previous demonstrations with telecom wavelength QD sources. The current maximum range is limited by p_{click} → p_{m}, at which point the fraction of signals received from single photon pulses goes to zero A → 0, and a secure key is no longer possible. As the multiphoton emission and click probabilities are evaluated on a signalbysignal basis, the multiplexed excitation does not improve the maximum distance over which a secure key can be extracted.
Finite key analysis
In assessing the performance of a practical QKD system the finite key rate must be considered. To date, most experiments with singlephoton emitters^{17,18} have used the method outlined in^{15} to derive finite block size estimates of the secure key. Since the publication of^{15}, there has been considerable development of tighter statistical estimation bounds, mainly in the context of weak coherent pulse decoy state and entangled protocols. Here, we adapt and employ recent results based on Chernoff bounds to produce significant improvements in the finite key rate. This reduces the block size required for a positive key rate or, conversely, yields a much greater key rate for a fixed block size.
A full derivation of the finite key rate can be found in the Methods section with the main result discussed here. For a finite block size defined as either the number of sent N_{S} or received signals N_{R}, the total secure key length ℓ is,
where \({\underline{N}}_{R,nmp}^{X}\) is the lower bound on the number of received signals in the key generation basis due to nonmultiphoton source emissions (including vacuum and singlephoton emissions), \({\overline{\phi }}^{X}\) is the upper bound of the phase error rate in the key generation basis, λ_{EC} is the information leaked during error correction^{19}, and the remaining terms are security and correctness parameters derived using the methods in^{20}. The key rate is then defined as \(r=\frac{\ell }{{N}_{S}}\) and the fixed parameters used are shown in Table 2. The ratio of signals in the key generation basis to the parameter estimation basis, and the additional attenuation Alice adds to the source to reduce the multiphoton emission probability are all numerically optimised for each distance.
The improvement to the finite key rate can be viewed in two different ways: at long distances the block size required to produce the same key rate is massively reduced, Fig. 3a; alternatively, for a fixed acquisition time we can tolerate more loss and achieve the same secure key rate, Fig. 3b. The improvement to the finite key rate is quantified by comparing the number of signals required to approach the asymptotic key rate. To approach the asymptotic key rate with the method of^{15}, the received block size has to be on the order of 10^{15}, dotted purple curve Fig. 3a. Our results indicate a factor 10^{8} improvement, the finite key rate curve reaches the asymptotic limit with Alice’s preattenuation for just 10^{7} received signals. With respect to a fixed acquisition time, previous security analysis restricts the maximum distance over which a key can be exchanged after one second of acquisition time to less than 1 km, Fig. 3b, whereas we calculate a maximum tolerable loss of 26.9 dB which is equivalent to over 140 km of fibre. For all acquisition times considered the analysis presented here can achieve the same key rate over an additional 25 dB of channel loss.
Discussion
We have demonstrated that fibrebased QKD with frequencyconverted quantum dot is possible at high rates for distances and acquisition times relevant for metropolitan communication networks. The source performance exceeds other singlephoton emitters suggested for use in QKD systems in terms of key rate and maximum tolerable loss. Combining stateoftheart QD performance in brightness^{2} and multiphoton suppression^{21}, with the frequency conversion demonstrated here into one device would allow for key rates comparable to decoystate QKD with weak coherent pulses. Ultimately, surpassing weak coherent pulse implementations will require sources much closer to the ideal performance of unity collection efficiency with multiphoton emission probabilities approaching zero.
Regarding the key rate introduced with Eq. (3), a more uptodate version for the terms of the security parameters and an additional fluctuation in the phase error rate due to the random sampling without replacement problem were introduced compared to previous studies. The considerable enhancement of the finite key rate is due to the improved bounds of the statistical fluctuations achieved using the Chernoff bound applied to the number of events versus bounding probabilities as in^{22}.
The deviations of the probabilities from the ideal estimate are magnified when expressed in the total number of events, e.g. number of errors and multiphoton emissions, although they might seem to be relatively small^{23}. In particular, the Chernoff bound on events provides tighter estimates on the maximum number of multiphoton emissions increasing the single photon yield at longer distances and consequently the key rate.
Methods
Click and error probability estimation
In this section, we describe the modelling of click probabilities and error rates to later simulate the detections and error events. First, the click probability in each basis is,
where p_{n} is the probability that a pulse emitted by the source contains n photons, \({\eta }_{det}^{X,Z}\) is the detector detection efficiency and \({p}_{dc}^{X,Z}\) is the average dark count probability of the two detectors associated with each basis. For simplicity we assume that all detectors have the same efficiencies and dark count rates. If they differ, then the security analysis should be adapted to avoid any loopholes introduced by detector efficiency mismatch^{20}. We add a preattenuation factor η_{att}^{13} which can be inserted between the source and the Evecontrolled channel to reduce multiphoton leakage in the high loss regime. The channel transmittance is given by η_{ch} = 10^{−l/10} where l is the channel loss in dB. A correction factor c_{DT} is added to account for the dead time of the detectors. For a dead time τ and repetition rate R this correction is of the form
The error probability is then given by
where p_{mis} is the probability of error due to the misalignment of the setup.
For modelling purposes, we will assume that the multiphoton contribution is dominated by the 2photon component, hence consider a source distribution of the form {p_{n}} = {p_{0}, p_{1}, p_{2}} with emission probabilities of vacuum p_{0}, single photons p_{1} and two photon states p_{2}. Given mean values for photon number 〈n〉 and \({g}^{\left(2\right)}(0)\),
Note that the security of the key rate analysis is not compromised by such an assumed form of the photon number distribution as the distribution that only has nonzero {p_{0}, p_{1}, p_{2}} saturates the bound of^{13},
and any other distribution consistent with 〈n〉 and \({g}^{\left(2\right)}(0)\) will have a lower p_{m}.
Finite key length based on Chernoff bounds
In this section, we follow the method and notation as described in ref. ^{10} though suitably adapted for the nondecoy singlephoton source case which is akin to weak coherent pulse (WCP) protocols before the advent of decoystate methods^{24}.
After basis sifting, the number of events where both Alice and Bob chose the Z and X bases are \({N}_{R}^{X}={N}_{S}{p}_{X}^{2}{p}_{{{{{{{{\rm{click}}}}}}}}}^{X}\) and \({N}_{R}^{Z}={N}_{S}{p}_{Z}^{2}{p}_{{{{{{{{\rm{click}}}}}}}}}^{Z}\), respectively, these are directly observed. Here, we adopt the convention that the Z basis is used for parameter estimation and the X basis is used to generate the key. The legitimate parties publically compare all the Z basis results to determine thenumber of Z errors \({m}_{Z}={N}_{S}{p}_{Z}^{2}{p}_{e}^{Z}\) which is then used to estimate the phase error rate ϕ^{X} in the X basis. The X basis results are never directly revealed.
The expected number of received signals that result from nonmultiphoton emissions by Alice (lumping together the vacuum and single photon yields) is given by \({N}_{R,nmp}^{X,Z}={N}_{R}^{X,Z}{N}_{S,mp}^{X,Z*}\) where \({N}_{S,mp}^{X,Z*}={N}_{S}{p}_{X}^{2}{p}_{m}\) is the expected number (we use ^{*} to denote the mean) of sifted multiphoton emissions from Alice in the X, Z basis respectively. We assume that p_{m} can be determined in a precalibration phase with negligible uncertainty (similar to the pulse intensities in WCP protocols), else a suitable upper bound can be chosen for p_{m} itself. Here, we assume that all multiphoton pulses are detected by Bob (Eve introducing a lossless channel in this case) and that the remaining detected pulses come from the nonmultiphoton fraction (if \({N}_{R}^{X,Z} > {N}_{S,mp}^{X,Z}\)). As we do not directly observe the actual number of multiphoton emissions, the actual number \({N}_{S,mp}^{X,Z}\) can deviate from \({N}_{S,mp}^{X,Z*}\) due to statistical fluctuations, and we need to upper bound the tail probability with error ε_{PE}. The upper Chernoff bound (denoted by the overbar) for a sum of binary variables x = ∑x_{j} with x_{j} ∈ {0, 1} is given by
where \({\delta }^{U}=\frac{\beta+\sqrt{8\beta {x}^{*}+{\beta }^{2}}}{2{x}^{*}},\) and \(\beta={\log }_{e}({\varepsilon }_{PE})\). This can be applied to derive an upper bound to the actual number of multiphoton emissions \({\overline{N}}_{S,mp}^{X,Z}\), hence lower bound the number of received signals from nonmultiphoton emission events, \({\underline{N}}_{R,nm}^{X,Z}\) in each basis,
We note that tighter upper bounds on \({\overline{N}}_{S,mp}^{X,Z}\) could in principle be used, such as those based on the “factorial moment”^{25} or the Klar bounds^{26}. Practically, the scope for potential improvement is minimal in our case and only possible for the highest tolerable losses of each finite block. These alternate bounds are also less amenable for numerical evaluation for the parameter ranges typical in QKD.
The phase error rate ϕ^{X} now needs to be upper bounded based on the observed number of errors in the Z basis m_{Z}. We conservatively assume that all Z basis errors occur on the received nonmultiphoton fraction, hence we have an estimate of the phase error rate,
However, this estimate is the result of \({N}_{R}^{Z}\) samples in the Z basis but we need to upper bound the phase error rate in the unannounced \({N}_{R}^{X}\) samples in the X (key generating) basis. For this random sampling without replacement problem and a tail bound error ε, the upper bound of the unobserved value χ can be estimated from the observed value λ by
where
under the assumption that 0 < λ < χ < 0.5 which is true for typical QKD scenarios. This now allows us to calculate an upper bound,
The secrecy of the protocol is ε_{sec} ≥ ε_{PA} + ε_{PE} + ε_{EC} where: \({\varepsilon }_{PA}={\varepsilon }^{{\prime} }\) is the privacy amplification failure probability; \({\varepsilon }_{PE}=2{n}_{PE}{\varepsilon }^{{\prime} }\) is the parameter estimation failure probability where n_{PE} = 2 is the number of constraints as quantified in postprocessing; \({\varepsilon }_{EC}={\varepsilon }^{{\prime} }\) is the error correction failure probability. Thus, the secrecy comes from setting each failure probability to a common value \({\varepsilon }^{{\prime} }\), i.e. \({\varepsilon }_{sec}=6{\varepsilon }^{{\prime} }\). Moreover, the QKD protocol is ε_{qkd}secure if it is ε_{cor}correct and ε_{sec}secret with ε_{qkd} ≥ ε_{cor} + ε_{sec}. We set ε_{cor} = 10^{−15} and ε_{sec} = 10^{−10}.
This leads to the length of the secure key fraction,
where λ_{EC} is the known leakage of information during error correction. The key rate is then defined as \(r=\frac{\ell }{{N}_{S}}\).
Security bounds and secure key rate
The security analysis follows that of^{20} using minentropy and the failure probabilities that appear in Table 2 therein. We use uncertainty relations for bounding Bob’s raw key obtained from Alice’s raw key and conditioned on Eve’s information. Let us first consider Eve’s information E and Alice’s raw key X_{A}, that is generated by choosing a random sample from \(N^{X}_{R,nmp}\), after the error correction and verification steps. The question is how much information Eve can extract from X_{A} that is completely unknown to her. The probability of guessing X_{A} given E is defined as the classical minentropy,
where \({p}_{guess}\left({X}_{A}E\right)\) represents the probability of correctly guessing X_{A} applying an optimal extraction strategy having access to E. The optimal strategy means to guess the value x of X with the highest conditional probability p_{X∣E=e}(x) for each value e of E. For this process, let us assume that a part X_{B} of X_{A} with length ℓ, that is uniform conditioned on the information E, can be extracted by Bob. In other words, there is a function f_{s} that maps X_{A} to Bob’s raw key X_{B} = f_{s}(X_{A}) considering the quantum state between Alice and Eve \({\rho }_{{X}_{A}E}\) is fixed. It has been shown that the probability of guessing X_{B} is \({p}_{guess}\left({X}_{B}E\right)={2}^{\ell }\) and using Eq. (18) we obtain,
where ℓ is the secure key length. Furthermore, because X_{B} comes from mapping X_{A}, the probability of correctly guessing X_{B} has to be greater than the probability of guessing X_{A}. Therefore, these minentropies can be expressed as the following inequality
To extend this to the general case of almost uniform randomness, the smooth minentropy \({H}_{min}^{\varepsilon }\left({X}_{A}E\right)\) needs to be introduced. This is set as the maximum value of \({H}_{min}\left({X}_{A}E\right)\). For privacy amplification, we consider that Alice and Bob apply a twouniversal hash function. The Leftover Hashing Lemma^{27} gives us an exact equation for the inequality of Eq. (20) using the smooth minentropy to relate the already mentioned Eve’s information E and Alice’s raw key X_{A}
for the maximum number of extractable bits l that are ε_{PA}close to uniform, conditioned on E.
We consider leakage λ_{EC} during error correction as well as additional bits for verification. Thus, the information that remains in Eve’s system \({E}^{{\prime} }\) after error correction is related by,
The leakage in oneway protocols is lower bounded as^{19},
where H(x) is the binary Shannon entropy, and \({F}^{1}\left({\varepsilon }_{cor};\,{n}_{X},\,1{e}_{X}\right)\) is the inverse of the cumulative distribution of the binomial distribution. Achievable rates by practical codes may not achieve this bound for large blocks so we choose the greater estimate of leakage given either by the above or f_{EC} = 1.16^{16}.
We use an uncertainty relation for smooth minentropy to establish a bound between the remaining information that Eve has, \({E}^{{\prime} }\), and Alice’s raw key, X_{A}. This reflects that the better Bob can estimate Alice’s raw key in the Z basis, the worse Eve can guess Alice’s raw key in the X basis, formally expressed as,
limited to the nonmultiphoton events in the key generation basis X. Here, q quantifies the efficiency of Bob’s orthogonal qubit measurements, in this work we assume q = 1, although in practice the sent states by Alice are not perfect qubits. \({H}_{max}^{\varepsilon }\left({Z}_{A}{Z}_{B}\right)\) is the smooth maxentropy of Z_{B} conditioned on Z_{A}. If Z_{B} and Z_{A} are highly correlated, we can deduce that \({H}_{max}^{\varepsilon }\left({Z}_{A}{Z}_{B}\right)\) is small and thus, as the following bound shows^{28}, the observed number of errors is small,
where ϕ_{X} is the Xbasis phase error rate of nonmultiphoton events. Finally, the bound for the minentropy is,
Protocol optimisation
To maximise the rate and tolerable loss whilst maintaining security, we consider optimisations of the basis bias and signal preattenuation that can provide some improvement over standard protocol values, i.e. equal basis choice and noattenuation.
The Efficient BB84 protocol simplifies standard BB84 by utilising one basis for key generation and the other basis for parameter estimation of the phase error rate, without compromising security^{29}. In this paper, we adopt the convention that the X basis is used for the key with the Z basis used for phase error rate estimation. Alice and Bob randomly and independently choose their basis for each signal with bias p_{X} and p_{Z} = (1 − p_{X}). The sifting ratio is \(12{p}_{X}(1{p}_{X}) \, > \,\frac{1}{2}\) for unequal bias, higher than the sifting ratio \(\frac{1}{2}\) for \({p}_{X}=\frac{1}{2}\) as in standard BB84. Additionally, this simplification also reduces the number of parameters to be estimated, hence improving finitestatistical bounds and the reduction in key length due to composable security parameters^{20,30,31,32,33}. The value of p_{X} can be optimised to balance the amount of raw key bits (proportional to \({p}_{X}^{2}\)) and parameter estimation signals (proportional to \({(1{p}_{X})}^{2}\)). In the asymptotic limit, p_{X} → 1, hence the sifting ratio also approaches unity.
At long distances and high losses, the key rate is limited by the multiphoton emission probability. When the upper bound on the number of multiphoton emission events exceeds the number of detections, then Eve must be assumed to have full information about Alice and Bob’s string, hence there can be no secure key. Waks et al.^{13} proposed the addition of linear attenuation (characterised by transmission factor η_{att}) of the signals prior to injection into the quantum channel controlled by Eve. The bound on the multiphoton components is reduced by a factor of \({\eta }_{att}^{2}\) while the average photon number is only reduced by η_{att}. At high losses and with low dark count rates, the reduction in detection probability (and increase in QBER) may be offset by the greater fraction of Bob’s received events being the result of nonmultiphoton emissions by Alice, potentially leading to increased key rate and extending the nonzero key rate region to longer ranges.
Data availability
The datasets generated during and/or analysed during the current study are available from the corresponding author upon request.
References
Lu, C.Y. & Pan, J.W. Quantumdot singlephoton sources for the quantum internet. Nat. Nanotechnol. 16, 1294 (2021).
Tomm, N. et al. A bright and fast source of coherent single photons. Nat. Nanotechnol. 16, 399 (2021).
Wang, H. et al. Towards optimal singlephoton sources from polarized microcavities. Nat. Photonics 13, 770 (2019).
Thomas, S. E. et al. Bright polarized singlephoton source based on a linear dipole. Phys. Rev. Lett. 126, 233601 (2021).
Nawrath, C. et al. High emission rate from a Purcellenhanced, triggered source of pure single photons in the telecom Cband. Preprint at https://arxiv.org/abs/2207.12898 (2022).
Morrison, C. L. et al. A bright source of telecom single photons based on quantum frequency conversion. Appl. Phys. Lett. 118, 174003 (2021).
Da Lio, B. et al. A pure and indistinguishable singlephoton source at telecommunication wavelength. Adv. Quant. Technol. 5, 2200006 (2022).
You, X. et al. Quantum interference between independent solidstate singlephoton sources separated by 300 km fiber. Preprint at https://arxiv.org/abs/2106.15545 (2021).
Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014).
Yin, H.L. et al. Tight security bounds for decoystate quantum key distribution. Sci. Rep. 10, 1 (2020).
Strauf, S. et al. Highfrequency singlephoton source with polarization control. Nat. Photonics 1, 704 (2007).
Bozzio, M. et al. Enhancing quantum cryptography with quantum dot singlephoton sources. npj Quant. Inf. 8, 104 (2022).
Waks, E., Santori, C. & Yamamoto, Y. Security aspects of quantum key distribution with subPoisson light. Phys. Rev. A 66, 042315 (2002).
Gottesman, D., Lo, H.K., Lutkenhaus, N. & Preskill, J. Security of quantum key distribution with imperfect devices. Quant. Inf. Comput. 5, 325 (2004).
Cai, R. Y. Q. & Scarani, V. Finitekey analysis for practical implementations of quantum key distribution. N. J. Phys. 11, 045024 (2009).
Lütkenhaus, N. Security against individual attacks for realistic quantum key distribution. Phys. Rev. A 61, 052304 (2000).
Gao, T. et al. A quantum key distribution testbed using a plug&play telecomwavelength singlephoton source. Appl. Phys. Rev. 9, 011412 (2022).
Chaiwongkhot, P. et al. Enhancing secure key rates of satellite QKD using a quantum dot singlephoton source. Preprint at https://arxiv.org/abs/2009.11818 (2020).
Tomamichel, M., MartinezMateo, J., Pacher, C. & Elkouss, D. Fundamental finite key limits for oneway information reconciliation in quantum key distribution. Quant. Inf. Process. 16, 1 (2017).
Bunandar, D., Govia, L. C., Krovi, H. & Englund, D. Numerical finitekey analysis of quantum key distribution. npj Quant. Inf. 6, 1 (2020).
Schweickert, L. et al. Ondemand generation of backgroundfree single photons from a solidstate source. Appl. Phys. Lett. 112, 093106 (2018).
Cai, R. Y. & Scarani, V. Erratum: Finitekey analysis for practical implementations of quantum key distribution. N. J. Phys. 11, 109801 (2009).
Lucamarini, M., Dynes, J. F., Yuan, Z. L., & Shields, A. J. Practical treatment of quantum bugs. In ElectroOptical Remote Sensing, Photonic Technologies, and Applications VI Vol. 8542, 427–436 (SPIE, 2012).
Lütkenhaus, N. & Jahma, M. Quantum key distribution with realistic states: photonnumber statistics in the photonnumber splitting attack. N. J. Phys. 4, 44 (2002).
Schmidt, J. P., Siegel, A. & Srinivasan, A. Chernoff–Hoeffding bounds for applications with limited independence. SIAM J. Discrete Math. 8, 223 (1995).
Klar, B. Bounds on tail probabilities of discrete distributions. Probability Eng. Inf. Sci. 14, 161 (2000).
Tomamichel, M., Schaffner, C., Smith, A. & Renner, R. Leftover hashing against quantum side information. IEEE Trans. Inf. Theory 57, 5524 (2011).
Tomamichel, M. & Renner, R. Uncertainty relation for smooth entropies. Phys. Rev. Lett. 106, 110506 (2011).
Lo, H.K., Chau, H. F. & Ardehali, M. Efficient quantum key distribution scheme and a proof of its unconditional security. J. Cryptol. 18, 133 (2005).
Sidhu, J. S., Brougham, T., McArthur, D., Pousa, R. G. & Oi, D. K. in Quantum Technology: Driving Commercialisation of an Enabling Science II, Vol. 11881, 1188106 (SPIE, 2021).
Brougham, T. & Oi, D. in Quantum Technology: Driving Commercialisation of an Enabling Science II, Vol. 11881, 14–23 (SPIE, 2021).
Brougham, T. & Oi, D. K. Modelling efficient BB84 with applications for mediumrange, terrestrial freespace QKD. N. J. Phys. 24, 075002 (2022).
Sidhu, J. S., Brougham, T., McArthur, D., Pousa, R. G. & Oi, D. K. Finite key effects in satellite quantum key distribution. npj Quant. Inf. 8, 1 (2022).
Takemoto, K. et al. Quantum key distribution over 120 km using ultrahigh purity singlephoton source and superconducting singlephoton detectors. Sci. Rep. 5, 14383 (2015).
Waks, E. et al. Quantum cryptography with a photon turnstile. Nature 420, 762 (2002).
Murtaza, G. et al. Efficient roomtemperature molecular singlephoton sources for quantum key distribution. Opt. Express 31, 9437–9447 (2023).
Samaner, C., Paçal, S., Mutlu, G., Uyanıkk, K. & Ateş, S. Freespace quantum key distribution with single photons from defects in hexagonal boron nitride. Adv. Quant. Technol. 5, 2200059 (2022).
Gao, T., Helversen, M. V., AntonSolanas, C., Schneider, C. & Heindel, T. Atomicallythin singlephoton sources for quantum communication. npj 2D Mater. Appl. 7, 4 (2023).
Vajner, D. A., Rickert, L., Gao, T., Kaymazlar, K. & Heindel, T. Quantum communication using semiconductor quantum dots. Adv. Quant. Technol. 5, 2100116 (2022).
Acknowledgements
D.K.L.O. is supported by the EPSRC Researcher in Residence programme at the Satellite Applications Catapult (EP/T517288/1). R.G.P. acknowledges support from the EPSRC Research Excellence Award (REA) Studentship. D.K.L.O. and R.G.P. are supported by the EPSRC International Network in Space Quantum Technologies (EP/W027011/1). J.J. is supported by QuantIC, the EPSRC Quantum Technology Hub in Quantum Imaging (EP/T00097X/1). A.F., D.K.L.O., and R.G.P. are supported by the EPSRC Quantum Technology Hub in Quantum Communication (EP/T001011/1). B.D.G. is supported by a Wolfson Merit Award from the Royal Society, a Chair in Emerging Technology from the Royal Academy of Engineering, and the ERC (grant no. 725920). F.G. and Z.X.K. acknowledge studentship funding from EPSRC under Grant No. EP/L015110/1. D.B. acknowledges support by the UC Santa Barbara NSF QuantumFoundry funded via the QAMASEi program GrantNo. DMR1906325, and the NWO GravitationgrantQuantum Software Consortium, Grant No. 024.003.037.
Author information
Authors and Affiliations
Contributions
C.L.M., F.G., and Z.X.K. performed the measurements and collected the experimental data. P.B. assisted with data analysis. N.G.S. and D.B. fabricated the quantum dot sample. R.G.P., J.J., and D.K.L.O. derived the finite key bounds and performed the finite key optimisation. B.D.G. and A.F. conceived and supervised the experiment. All authors contributed to writing the manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Peer review
Peer review information
Nature Communications thanks the anonymous reviewer(s) for their contribution to the peer review of this work.
Additional information
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Morrison, C.L., Pousa, R.G., Graffitti, F. et al. Singleemitter quantum key distribution over 175 km of fibre with optimised finite key rates. Nat Commun 14, 3573 (2023). https://doi.org/10.1038/s41467023392195
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41467023392195
This article is cited by

Quantum key distribution using deterministic singlephoton sources over a fieldinstalled fibre link
npj Quantum Information (2024)

Purcellenhanced single photons at telecom wavelengths from a quantum dot in a photonic crystal cavity
Scientific Reports (2024)

Finite key performance of satellite quantum key distribution under practical constraints
Communications Physics (2023)

Atomicallythin singlephoton sources for quantum communication
npj 2D Materials and Applications (2023)
Comments
By submitting a comment you agree to abide by our Terms and Community Guidelines. If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.