Experimental device-independent quantum key distribution between distant users

Device-independent quantum key distribution (DIQKD) is the art of using untrusted devices to establish secret keys over an untrusted channel. So far, the real-world implementation of DIQKD remains a major challenge, as it requires the demonstration of a loophole-free Bell test across two remote locations with very high quality entanglement to ensure secure key exchange. Here, we demonstrate for the first time the distribution of a secure key -- based on asymptotic security estimates -- in a fully device-independent way between two users separated by 400 metres. The experiment is based on heralded entanglement between two independently trapped single Rubidium 87 atoms. The implementation of a robust DIQKD protocol indicates an expected secret key rate of r=0.07 per entanglement generation event and r>0 with a probability error of 3%. Furthermore, we analyse the experiment's capability to distribute a secret key with finite-size security against collective attacks.

Device-independent quantum key distribution (DIQKD) is the art of using untrusted devices to establish secret keys over an untrusted channel. So far, the real-world implementation of DIQKD remains a major challenge, as it requires the demonstration of a loophole-free Bell test across two remote locations with very high quality entanglement to ensure secure key exchange. Here, we demonstrate for the first time the distribution of a secure key-based on asymptotic security estimates-in a fully device-independent way between two users separated by 400 metres. The experiment is based on heralded entanglement between two independently trapped single Rubidium 87 atoms. The implementation of a robust DIQKD protocol indicates an expected secret key rate of r = 0.07 per entanglement generation event and r > 0 with a probability error of 3%. Furthermore, we analyse the experiment's capability to distribute a secret key with finite-size security against collective attacks.

I. INTRODUCTION
Quantum key distribution (QKD) [1,2] uses the unique features of quantum mechanics to exchange provablysecure secret keys over an untrusted network. The technology is now well established in a wide variety of network settings [3][4][5][6][7][8][9][10][11][12] and commercial QKD systems are available as well. QKD protocols are designed to detect eavesdropping attacks on the quantum channel through intrinsic quantum effects like the no-cloning theorem and the uncertainty principle. In order to invoke these effects, most QKD protocols require that the underlying quantum devices are well characterised and are accurately described by the mathematical models used in the security analysis. The users of such protocols must trust not only the honesty of the QKD vendors, but also the specifications provided by them. This may be critical: indeed, it has been known for at least a decade that some QKD devices can be readily hacked from the outside by exploiting physical features that had not been deemed relevant in a first analysis [13].
To overcome the above issues, a promising solution is to use device-independent QKD (DIQKD)-a correlation-based method which allows the users to exchange secret keys with uncharacterised (or untrustworthy) quantum devices. First introduced by Mayers and Yao [14], DIQKD [15][16][17][18][19][20][21] ensures the proper and secure functioning of the underlying QKD devices via a loophole-free Bell test [22,23]. More specifically, the * These authors contributed equally † charles.lim@nus.edu.sg ‡ h.w@lmu.de users only need to analyse their input-output measurement statistics to put an upper bound on the amount of information leaked to an eavesdropper, hence eliminating the requirement to characterise the devices. Thus, DIQKD automatically provides security against implementation flaws and especially any form of misalignment. It only requires a few very basic assumptions to be fulfilled.
For ease of reference, let us list these basic requirements of DIQKD (see the Supplemental Material A for more details). The two DIQKD users, Alice and Bob, (i) should each hold a device that is able to receive an input and then respond with an unambiguous output, as illustrated in Fig. 1. The communication between these devices is assumed to be restricted, namely (ii) the users control when their respective devices communicate with each other [24]; and (iii) the devices do not send unauthorised classical information to an eavesdropper. Finally, as it is with any QKD protocol, it is required that (iv-a) quantum mechanics is correct, (iv-b) the users' inputs are private and random, and (iv-c) the users are connected via an authenticated classical channel and the post-processing platform is trusted.
The experimental realisation of DIQKD is, however, a major challenge. The main difficulty is to devise a system that enables for a loophole-free Bell test while achieving both an high Bell violation and a low quantum bit error rate (QBER). Current state-of-the-art loopholefree Bell experiments [25][26][27][28] are able to achieve significant Bell violations, but the QBERs are still not good enough for DIQKD (e.g., see the survey provided by Ref. [29]). To lower these requirements, one approach is to devise DIQKD protocols which are more robust and efficient. Recently, this yielded two improved variants FIG. 1. Schematic of the DIQKD connection. Each of the two parties, Alice and Bob, holds one of the two QKD devices which are connected via a quantum channel. The devices receive the inputs X and Y , and respond with outputs A and B, respectively. To run the protocol each party needs a trusted supply of inputs and a trusted local storage unit to store both output and inputs. Additionally, a trusted authenticated public channel between the two parties is necessary for exchange of information during post-processing.
of the original DIQKD protocol-one based on noisypreprocessing [30] and the other based on randomised key setting [31].
Here we present a proof-of-concept DIQKD experiment with distant users, demonstrating the protocol proposed in Ref. [31]. For this, we employ the upgraded version of an event-ready loophole-free Bell experiment [28]. Here, the quantum channel for DIQKD is formed by two single 87 Rb atoms separated 400 metres geographically (the two laboratories are connected via a 700 m long optical fibre). The event-ready entanglement generation scheme runs in two stages for each measurement round: (1) an entangled spin-polarisation state (between the atom and a spontaneously emitted photon) is first generated locally in each laboratory and (2) then the photons are sent to a Bell-state measurement setup for entanglement swapping. Hence, whenever the entanglement swapping is successful, entanglement between the spin states of the atoms is generated and announced. Key improvements in the entanglement generation rate, coherence of atomic states, and entanglement swapping fidelity enabled the implementation of the protocol. Based on the measurement data obtained from the experiment, we find that a positive asymptotic secret key fraction (the ratio of achievable secret key length to the total number of heralded events) of 0.07 was achieved in a fully device independent configuration.

A. DIQKD protocol
The protocol considered here is similar to the standard protocol [16,34], except that two measurement settings are used for key generation instead of one. Importantly, in doing so, the protocol can tolerate significantly more noise-the critical QBER is extended from 7.1% to 8.2% [31]. The protocol considers that Alice and Bob each hold a device, which are connected via a quantum channel (Fig. 1). The protocol consists of N measurement rounds, whereby in each ith round both devices receive an input (X i and Y i ) and respond with an output (A i and B i ). More specifically, Alice's device accepts four different values X i ∈ {0, 1, 2, 3}, while Bob's device has two inputs Y i ∈ {0, 1}. The input for each round is provided by a trusted local source of randomness. Both devices output two possible values, A ∈ {↑, ↓} at Alice's side and B ∈ {↑, ↓} at Bob's side. Additionally, the input and output values are recorded and stored into a local secured storage.
After N rounds the users stop the measurements and begin with classical post-processing. For this, Alice and Bob reveal their inputs for each round over an authenticated public channel. For the rounds with differing input settings, i.e., X ∈ {2, 3} together with Y ∈ {0, 1}, the outputs are shared over the public channel to compute the Clauser-Horne-Shimony-Holt (CHSH) [35] value using where the correlation functions are defined as E X, is the number of rounds with identical outcomes and input combination X, Y . Provided that the devices share a sufficiently entangled state, the Bell inequality can be violated, i.e., S > 2. In our experiment, we target the generation of the maximally-entangled state where the orthogonal spin states | ↑ z and | ↓ z are defined as the computational basis states of the protocol (see next section for more details). The raw data are sifted so that only the outputs of measurement rounds with identical input settings are kept for further processing. The QBERs for both key settings are denoted by Note that the key pairs are supposed to be anti-correlated due to the use of anti-correlated entangled states. Both the QBERs (Q 0 , Q 1 ) and the CHSH value S are used to determine the amount of information about the sifted key that could have been obtained by an eavesdropper [36]. Next, by applying a technique known as leftover hashing, the eavesdroppers (quantum) information about the final key can be reduced to an arbitrary low level, defined by the security error of the protocol [37]. In this experiment, we focus on estimating the asymptotic security performance of the considered DIQKD protocol. For this purpose, we note that in the asymptotic limit and in case of a depolarising quantum channel, positive key rates can be achieved when the expected CHSH value satisfies S > 2.362 (or equivalently, Q < 0.082 with Q 0 = Q 1 = Q) as shown in Ref [31].  fibre. The atoms are entangled by synchronously exciting them after which the spontaneously emitted photons are guided to the BSM to employ an entanglement swapping protocol. The BSM is formed by a 50:50 fibre BS to spatially overlap the photons, two polarising BSs, and four SPDs. Coincidental detection of a single photon on two detectors in the same output arm of the fibre BS heralds the state |Ψ + , which is communicated to both parties via a ready signal. After receiving the ready signal, two quantum random number generators (QRNG) [32] select the inputs to the devices which determines the polarisation of a 795 nm readout pulse in a by polarisation controlled state selective ionisation scheme. Whether or not the ionisation try was successful yields the binary output of the devices which is, since ionised atoms are lost from the trap, determined by fluorescence collection. The in-and outputs of each round are stored locally using a trusted storage. A spectral filter and shutter are implemented in Lab 2 to avoid leakage of information on the setting and the measurement result via the quantum channel. (b) Map showing the main campus of the LMU in Munich indicating the locations of the two used laboratories. Map data were provided by Ref. [33].

B. Quantum network link
A quantum network link (QNL) generates the entanglement between the two spatially separated laboratories in order to implement the DIQKD protocol. As mentioned before, in our setup, entanglement is generated between two optically trapped single 87 Rb atoms located in laboratories 400 m apart and connected via a 700 metre long optical fibre channel, see Fig. 2. The atoms act as quantum memories where a qubit is encoded in the Zeeman-substates of the 5S 1/2 |F = 1, m F = ±1 ground state, with m F = +1 and m F = −1 designated as computational basis states, | ↑ z and | ↓ z , respectively, and where the quantization axisẑ is defined by the fluorescence collection setup.
The two distant atoms are entangled using an entanglement swapping protocol [38]. The sequence starts by synchronously exciting a single atom in each trap to the state 5 2 P 3/2 |F = 0, m F = 0 ; when decaying back to the ground state, each of the atomic qubits becomes entangled with the polarisation of the respective spontaneously emitted single photon (Fig. 3a). This results in an entangled atom-photon state FIG. 3. Schematics of the entanglement generation and atomic state readout schemes. a, An entangled atom-photon state is generated by the spontaneous decay subsequent to excitation to the state 5 2 P 3/2 |F = 0, m F = 0 . b, The qubit state is read-out via a state dependent ionisation scheme. First, a by polarisation controlled superposition of the qubit state is excited to the 5 2 P 1/2 level by a 795 nm laser pulse. Subsequently, the excited atom is ionised by a second laser pulse with a wavelength of 473 nm. If the atom decays to the state 5 2 S 1/2 |F = 2 before it is ionised, it is excited to the state 5 2 P 3/2 |F = 3 , which is ionised as well.
creation of the maximally entangled atom-atom state, as given in equation (2). More specifically, given a successful projection, a ready signal is sent to the trap setups and the atomic qubits are measured only after receiving this signal.
The two atomic qubits are independently analysed via a state-selective ionisation scheme (Fig. 3b) [40]. There, a particular state of the atomic qubit is ionised depending on the polarisation χ = cos(γ)V +e −iφ sin(γ)H of a readout laser pulse (γ = α for Alice's and γ = β for Bob's device) and leaves the trap. If the atom is still in the trap, it is projected onto the state The presence of the atom is then tested using fluorescence collection, which yields the final measurement outcome. On Alice's side, the single-photon detectors (SPDs) of the BSM detect the fluorescence of the atom, while on Bob's side an unbalanced beam splitter directs a small fraction of the florescence light onto a single SPD (Fig. 2). As such, with this scheme, the detection efficiencies of Alice's and Bob's measurements are effectively one since this final test is performed for every round, any component loss is reflected as noise in the quantum channel. While the requirements for a DIQKD implementation are less stringent with the newly proposed protocols, significant improvements over existing loophole-free Bell experiments are still required. To that end, we enhance the entanglement generation rate, coherence of atomic states, and entanglement swapping fidelity of the loophole-free setup reported in Ref. [28].
Concerning the entanglement generation rate, customdesign high numerical-aperture objectives are installed in each trap to increase the single photon collection efficiency by a factor greater than 2.5. This ultimately leads to an atom-atom entanglement generation efficiency of 0.49 × 10 −6 following an excitation pulse pair. Together with a duty cycle of approximately 1/2 and a repetition rate of the entanglement generation tries of 52 kHz resulting in an event rate of 1/82 s −1 . Note that for event-ready entanglement generation schemes the repetition rate of the experiment is limited by the communication times between the two devices and the BSM. For DIQKD protocols, this results in a trade-off between the maximum separation of the users and the achieved secret key rate-not considering multiplexing techniques, see Outlook.
The coherence and stability of the atomic qubit states are limited by the fluctuations of local magnetic fields and position-dependent vector light shifts which are introduced by the tight focus of the optical dipole traps. The latter is especially crucial as it allows a high fidelity state measurement only when the atom has completed a full oscillation in the trap [42]. Here, the better optical components of the new collection setup, which is also used to focus the trapping laser, enable a more symmetric trapping potential. Then, in combination with reduced electrical noise in the active magnetic field stabilization, lowering of atom temperatures, and employing a magnetic bias field enables an improvement of the coherence time by a factor of 1.5 to approximately 330 µs. This results in a lower bound on the atom-photon entanglement fidelity of 0.952(7) and 0.941(7) (relative to a maximally entangled state) with an atomic readout delay of 26 µs and 17 µs in Alice's and Bob's setups, respectively. We refer the interested reader to Supplemental Material B for more details.
Finally, the quality of entangled atom-atom state is improved by optimising the two photon interference of the BSM through a rigorous analysis of the atom-photon entanglement generation process. Here, the multi-level structure of 87 Rb, the finite duration of the excitation pulse, and experimental imperfections lead to the possibility of two photon emission from one atom. Crucially, these multi-photon events reduce the fidelity of the BSM result. To overcome this, only photons which are emitted after the end of the prior excitation pulse are accepted in the BSM, within a time window of 95 ns. This reduces the entanglement generation rate by a factor of 4 (resulting in the entanglement generation rate mentioned before), but significantly increases the fidelity of the generated state; see Supplemental Material C for more details.

C. DIQKD implementation
The independent random inputs to the devices are provided by independent quantum random number generators (QRNG) [28,32] located in each laboratory (requirement iv-b). At Alice's side, two random bits are used to select the input, while at Bob's side only one random bit is used, leading to uniformly distributed input combination choices. Based on the generated entangled state (Eq. 2) and the atomic state measurement scheme (Eq. 3), the input values X ∈ {0, 1, 2, 3} convert to mea- for Bob's device, respectively. The capability for fast switching between various read-out settings is achieved by overlapping multiple read-out beams with different polarisation and individually controllable intensities [28]. The outputs A, B ∈ {↑, ↓} are derived from the fluorescence counts after the state-selective ionisation. Finally, the users' inputs and outcomes are stored in two independent, trusted secure storage (requirement iv-c).
Unauthorised incoming and outgoing communication of the laboratories can be mitigated with prudent steps (requirements ii and iii). Especially on Bob's side, extra measures are taken to prevent information leakage from the laboratory: a free-space shutter is used during the read-out process to prevent fluorescence light from leaking out into the optical fibre (and into the outside environment) (see Fig. 2), and the trap is always emptied before reopening the shutter. Due to the approximate 5 ms reaction time of the shutter, a spectral filter is deployed to block the read-out pulse after interacting with the atom and to prevent unintentional transmission of the read-out setting. For Alice's side, such countermeasures are not needed as the BSM setup already serves as a natural filter [43]. Asymptotic key rate  (25) and 0.888 (45). The settings with the green (yellow) background contribute to the evaluation of the S (Q). (b) Expected secret key rate for varying CHSH S-value and QBER for the robust DIKQD protocol [31]. The presented work (1) shows an expected secret key rate of 0.07 and lies well inside the positive region. For comparison, the results of [28] (2) and [25,41] (3), which to the best of our knowledge, are the only experiments that fulfill the requirements for DIQKD with significant distance between the two users. Note that (2) does not reach the positive key regime due to the high QBER. The error bars indicate statistical errors of one standard deviation.

III. RESULTS
The inputs and outputs of the devices were recorded for N = 3342 rounds over a measurement period of 75 hours. The resulting output (anti-)correlation probabilities for the eight different input combinations, i.e. N A=B X,Y /N X,Y and N A =B X,Y /N X,Y , are shown in Fig. 4a. It is instructive to first review the updated performance of the QNL independently of the DIQKD protocol. Here, the figure of merit is the fidelity of the observed entangled atom-atom state relative to a maximally entangled state. By fitting the data ( Fig. 4a) with sinusoidal functions, the estimated visibility for input combinations X = 2, 0, 3, 1 and Y = 0 (resp. X = 2, 0, 3, 1 and Y = 1) is 0.869(25) (resp. 0.888 (45)). Then, averaging the found visibilities and taking into account that a third atomic ground level spin state can be populated (5 2 S 1/2 |F = 1, m F = 0 ), a lower bound on the fidelity is given by F ≥ 0.892 (19) [28].
To get a sense of how reliable this estimate is, we assume that underlying input-output probability distribu-tions are independent and identically distributed and use standard Bayesian methods to determine the uncertainties of the estimated parameters. We find that taking the worst case estimates of S, Q 1 , and Q 2 using a common probability (tail) error of 3% give positive rates. These results indicate a proof-of-concept realisation of DIQKD on a quantum network link connecting two users 400 m apart. Note that the improved performance of the QNL setup even allow for the implementation of the original DIQKD protocol [16,34], which is more demanding than the considered protocol.
Using state-of-the-art finite-key analysis for the protocol, we find that DI = 10 −5 security can be obtained with a minimal block length of 1.75 × 10 5 [37], as illustrated in Fig. 5. Here, DI is the security error of the protocol, which quantifies how close the actual output of the protocol is to the ideal output (see Ref. [37]). In the simulation, we consider collective attacks, an error correction efficiency of 1.15, and uniformly distributed measurement settings for Alice and Bob.

IV. OUTLOOK AND DISCUSSION
In this work, we presented a proof-of-concept DIQKD experiment by demonstrating a QNL that could achieve positive secret key rates over 400 metres (700 metres fibre length) in a fully device-independent setting. While the current setup improves upon existing loophole-free Bell setups, there are still several areas that require en- hancements before a DIQKD experiment with finite-key security and longer reach can be achieved. For one, a significantly higher event rate is required to obtain finite-key security within a practical time-frame; based on the current setup and over the current distance, one would need months of measurement time to achieve finite-key security. The event rate critically depends on the entanglement generation efficiency and the repetition rate. To increase the former, several improvements are possible, e.g., improving the BSM setup fidelity to include the |Ψ − state projection would increase the entanglement generation rate by a factor of 2 (see Supplemental Material IV). However, the latter has an intrinsic limitation for event-ready schemes, such as the DIQKD scheme presented here: a repetition of the entanglement generation process is only possible after waiting for a feedback signal from the BSM. Therefore, the repetition rate is limited by the communication times between the two devices and the BSM. Consequently, there is a trade-off between the event rate and distance and one would have to prioritise distance over finite-key security (or vice versa). To address this issue for the presented setup, it is possible to scale up the number of atom traps using multi-dimensional arrays [44][45][46], which combined with time multiplexing techniques [47] could increase the event rate by several orders of magnitude.
Another direction to improve is the reach of the QNL. Here, the limiting factor is attenuation loss of the 780 nm photons in long optical fibres, which is already 50% for a 700 m long link. To overcome losses in longer fibre links, one can convert the entangled single photons to the low-loss telecom band via polarisation-preserving quantum frequency conversion [40,48]. Preliminary study of recent results indicates that distances up to 100 km are within reach.
In summary, our results represent a major step towards the goal of ultimate secure communication based solely on quantum physics. Importantly, they indicate that state-of-the-art quantum network links are capable of harnessing the ultimate quantum advantage for secure communications. Even if it is still a long way to go; when the future quantum repeater based quantum networks provide the key resource, i.e., shared entanglement, DIQKD-as realized in this proof-of-concept experimentwill become the standard for secure key exchange.
Note added in proof. While completing the manuscript, we became aware of a similar proof-of-concept DIQKD experiment [49].

Supplemental Material for: "Experimental device-independent quantum key distribution between distant users"
The name device-independent QKD suggests that secrecy can be guaranteed "without any knowledge of the device". Such a compact statement may lead (and has actually led) to misinterpretations. It requires qualification, which we split in four requirements already mentioned in the main text. The qualified claim of DIQKD is: given devices whose inputs, outputs and interfaces are controlled by the users [requirements (i) and (ii)], secrecy is guaranteed under the obvious assumption that the secret does not leak out of the secure locations (iii), as well as under the requirements needed for any QKD protocol (iv). In this Appendix we elaborate on these matters.
a. Scenario -Two parties, named Alice and Bob, want to establish a secret key in order to exchange secret messages. A secret key is a list of bits that is identical between Alice and Bob, and guaranteed to known only to them -in other words, it is shared secret randomness. The adversary, who may be actually trying to break the protocol, is called Eve for narrative convenience. Quantum key distribution (QKD) is a practical solution for this task. The resources required in QKD are: • Secure locations: it must be assumed that the two environments, in which Alice and Bob operate, are not compromised. However, practically speaking, this can never be guaranteed unconditionally; the level of paranoia is subjective, for this involves individuals and methods which go beyond what quantum physics can certify. As such, one can only enforce the best possible known methods in practice to prevent unauthorised information leakage. For example, in our experiment, we used a free-space shutter and spectral filters to prevent fluorescence light from leaking out into the outside optical fiber. * These authors contributed equally † charles.lim@nus.edu.sg ‡ h.w@lmu.de • An unlimited (for all practical purposes) amount of local randomness, i.e. the possibility of generating strings of bits that are unknown to anyone else (in this case, even to the other authorised partner). These will constitute the "trusted inputs" to the devices.
• An authenticated public channel for classical communication between them. In order to authenticate the channel, Alice and Bob must possess some shared randomness prior to the start. Thus, QKD is actually quantum key expansion: the amount of secret key generated by the protocol should exceed the amount that is consumed to authenticate the channel and for classical post-processing.
• Last but not least, the actual devices that create and process the quantum information, and the quantum channel connecting them. The "deviceindependence" of DIQKD means that these devices can be dealt with as black boxes. Explicitly, the security assessment does not rely on the characterisation and modeling of any of their inner workings and dimensions, not even the type of quantum system and measurements that are actually performed.
Any QKD protocol essentially starts with the distribution and measurement of quantum signals. This part consists of well defined rounds, whereby each round consists of one pair of inputs and outputs for each device. After accumulating a certain amount of rounds the device inputs are shared over the trusted public channel. Certain input combinations are then used to generate the sifted (or raw) key, while others are used to estimate the features of quantum mechanics used to bound Eve's information on the outputs. It is then possible to proceed with error correction and privacy amplification protocols, and extract a final key on which Eve has no information. These steps also require adequate and trusted methods that fit to the actual implementation and performance of the DIQKD setup, in order to not distort the information theoretical security.
For DIQKD, the feature of quantum theory used to bound Eve's information is the violation of a Bell inequality [1][2][3][4][5]. A Bell inequality test has its own set of requirements, failure to comply with which leads to famous loopholes [6,7]. First, the requirement of locality, ensuring that the process generating the output in one device is independent of the input and the process of the other. Second, in each round the inputs should be random for the devices. Notice that this is slightly different from the analog requirement of QKD: for QKD, the local input should be random for Eve but might be known by the device; for Bell alone, the local input may be publicly known, as long as it is random for the device. In DIQKD, the local randomness should therefore be random both for Eve and for the device. Among other loopholes that may invalidate a Bell test, by far the most important and relevant here is the "detection loophole". To avoid it, one must not assume fair sampling in case of imperfect detection efficiencies: rather, there must be an output of the device for every input (if the detector failed to detect, the output must be generated according to some other local recipe: this will of course reduce the correlations, but won't compromise the soundness of the test). In fact, it is the detection loophole opened by losses that makes it very challenging to implement DIQKD with purely optical setups. Finally, even though the devices are black boxes, for secrecy one should require that they do not leak any information. For one, the provider of the devices should be trusted as honest: if they are colluding with Eve, surely they have hidden somewhere a small emitter that might leak the key at the end of the protocol (or in later instances). On a more technical level, these devices must be open to the world through the quantum channel (the quantum signals, however uncharacterised, must be able to enter the device). One must then assume that no information leaks out through that port, while open [8]. Once again, the assumption of no-leakage from the secure location is a requirement for all forms of secrecy. We just brought up two possible forms of leakage that are worth mentioning, given the danger of exaggerations associated with the words "device-independence".
Based on what we said, we can summarize the requirements for DIQKD in the following four (order does not indicate importance): (i) The used system consists of two separated devices, the devices receive an input and respond with a well defined output, and the protocol is split into well defined rounds; (ii) Alice and Bob control when the devices communicate with each other; (iii) The devices do not send classical information to an possible eavesdropper; (iv-a) Quantum theory is correct; (iv-b) Each device is supplied with trusted inputs independent and unknown to an possible attacker (Eve); (iv-c) Alice and Bob are connected via an authenticated channel, employ trusted local storage units, and use appropriate post processing.
b. Experimental requirements-Each of the listed premises has different consequences for an implementation of DIQKD. (iv-a) is obvious for any kind QKD. It means that if the world is described by a more advanced theory than quantum mechanics the security proof might not hold. This has, however, no consequences for implementations. The other premises can be placed in two categories. The first, containing only (i), leads to requirements for the devices which need to be addressed by the manufacturer. The second category (ii), (iii), (ivb), and (iv-c) leads to requirements on the operational environment of the devices, which need to be addressed by the users, Alice and Bob.
(i) seems obvious and is most often not stated explicitly as an premise but only mentioned indirectly when describing the protocol. Moreover, it is important to note that DIQKD is possible with any number of devices that is above two. But there needs to be at least one device for each party. One large device that connects both labs contradicts the assumptions of a Bell test and renders compiling to premises (ii) and (iii) impossible. Further, the devices must give an unambiguous output when provided with an input and should be easy to identify even for non-experts. Defining a microscopic quantum object, e.g., an atom as an device is in principle possible for DIQKD in contrast to other device-independent applications (random number generation [9] or self-testing [10]). However, such a definition is not very useful since a quantum object will always be embedded in a bigger device holding and controlling it and hence this can be defined as the device without bothering about the actual quantum system. The well defined rounds are necessary as the Bell test demands that for each input one always receives an output, otherwise the detection loophole will be open and invalidate the DI trust. Therefore, (i) directly transforms for a requirement for a system designed for DIQKD.
Now to the requirements that need to be addressed by the users, Alice and Bob. Restricting the communication of the devices for DIQKD is necessary, as it (ii) ensures local measurements for the Bell test and (iii) prohibits the possible malicious devices from simply leaking information to an eavesdropper. In many works, including [11], these two premises are combined to the demand for perfectly shielded rooms for Alice and Bob. However, such an ideal room is in practice impossible to realize without at least assuming some limitations on the devices. The biggest obstacle is that the two devices need to establish entanglement between them. This can be realized in different ways, but in all of them there is some physical connection to the outside-world. Prohibiting information leakage over this connection cannot be guaranteed without additional assumptions. Nevertheless, it is possible to build very secure rooms to limit the possibility of information leakage dramatically, dependent on the demands of the user.
Furthermore, trusted inputs (iv-b) are necessary for QKD as well as for a Bell test. They are best provided by trusted random number generators, which are indeed a common demand for cryptographic application. However, here is not the explicit need of a true or quantum random number generator, one can also use any bit sequence which is unknown to the devices and potential eavesdroppers.
Finally, the last premise (iv-c) summarizes all necessities for the extraction of a secret key from the recorded data. These are not always explicitly stated but are then implicitly still made. The authenticated classical public channel is needed to ensure that the DIQKD connection is between Alice and Bob and not relayed to an eavesdropper for, e.g., man-in-the-middle attacks. The trusted storage is needed to ensure the integrity of the recorded data. Storing in-and outputs only in the devices is not possible as they might be malicious and simply exchange the recorded inputs and outputs with a prerecorded data set. Although not discussed in detail here, the appropriate methods for error correction and privacy amplifications have to be used.
c. Proof-of-concept implementation The first step from the proposal to a real world application is a proofof-concept implementation. Here, the goal is to show that the protocol can be implemented with the currently available technology. For such an experimental implementation some of the requirements can be relaxed, as the goal is not to send a secret message, but to show that this is in principle possible. This is especially true for the requirements that need to be addressed by the users. Thus, the main goal is to build two devices that fulfill requirement (i) and permit users to fulfill requirements (ii), (iii), (iv-b), and (iv-c).
As described in the main text, the presented QNL formed by the two atom traps enables exactly this. It consist of two independent devices. The devices are able to receive four, respectively two, different input values and respond with an unambiguous output. The heralded entanglement generation and event-ready measurement scheme allow for well defined rounds and closes the detection loophole in a Bell test. Thus it is compatible with all demands in (i). To further prove it is compatible with the other requirements they are fulfilled in a reasonable fashion, see the main text. This shows the suitability of the proof-of-concept implementation without the need of further argumentation, e.g., based on the physical model of the devices.

Appendix B: Atom-Photon Entanglement Generation
Both devices, i.e. atom traps, are characterized individually by analyzing the atom-photon entanglement generation process. The process starts by preparing the atom in the 5 2 S 1/2 |F = 1, m F = 0 state, denoted as |1, 0 , via optical pumping. Next, the atom is excited with a laser pulse that is resonant to the transition 5 2 S 1/2 |F = 1 → 5 2 P 3/2 |F = 0 and polarized parallel to the quantization axis (π-polarization). The temporal shape of the pulse is approximately Gaussian (22 ns FWHM). In the subsequent decay, the polarization of the photon that is emitted along the quantization (z-)axis becomes entangled with the atomic spin state, resulting in the following maximally entangled atom-photon state where | ↓ z and | ↑ z denote atomic spin states |1, −1 and |1, +1 , |L and |R denote left-and right-circular photonic polarization states, and |V and |H denote vertical and horizontal linear photonic polarization states, respectively. The success probability of the entanglement generation process, i.e. detection of a photon after an excitation pulse, equals 5.98 × 10 −3 and 1.44 × 10 −3 for Alice's device and Bob's device, respectively. Note that the lower photon detection probability for Bob's device is due to attenuation loss of approximately 50% in the 700 m optical fiber and the loss due to additional optical elements, including the beam splitter (90:10) for the local fluorescence detection and spectral filter shielding the read-out light, by another 50%, see Figure 2 of the main text.
The atomic spin state is analyzed after a delay of 25.55 µs and 16.7 µs, for Trap 1 and 2, respectively. This time allows for event-ready entanglement generation (two-way communication time between the labs equals approximately 7 µs) and provides rephasing of both the Larmor precession due to the magnetic bias field 57 mG and 168 mG along the y-axis and the transverse trap frequencies.
The atomic qubit is analyzed via a state-selective ionization scheme [12,13], see main text Fig. 3b. There, a particular state of the atomic qubit is transferred to the 5 2 P 1/2 |F = 1 depending on the polarization χ = cos(γ)V + e −iφ sin(γ)H (γ = α for Alice's and γ = β for Bob's device) by a 140 ns laser pulse from where it is ionized by a bright 473 nm laser pulse and thus leaves the trap. If the atom is still in the trap it is thus projected onto the state In the experiment the presence of the atom is tested using fluorescence collection finally yielding the measurement outcome. To estimate a fidelity of the entangled state, one needs to take into account that a third atomic spin state can be populated 5 2 S 1/2 |F = 1, m F = 0 due to magnetic fields. Hence, assuming depolarizing noise in the 2x3 state space, a lower bound on the fidelity relative to a maximally entangled state is given by with the average visibility Vis, which results in estimated fidelities of 0.952(7) and 0.941 (7), for Alice's device and Bob's device, respectively.
Appendix C: Improving the Atom-Atom Entanglement Quality The quality of the entangled atom-atom state depends on the generated atom-photon entanglement in both traps (see App. B) and on the performance of the Bell state measurement (BSM) on the photons. In order to understand these processes and subsequently improve on their performance, we modeled the excitation of a 87 Rb atom by a short laser pulse. Here, not only the physical properties of the system are considered, e.g., multilevel structure of the atom and the frequency broadening of the short laser pulse, but also imperfections of the experimental setup and procedure, such as imperfect polarization and state preparation.
In the intended atom-photon entanglement generation process (Fig. C.1(a)) the selection rules prohibit a second interaction with the π-polarized excitation laser. However, there are two effects that result in different types of emission. The first is caused by an experimental limitation: a small polarization misalignment of the excitation laser makes a second excitation possible, see Fig. C.1(b). Secondly, due to the small separation of the 5 2 P 3/2 |F = 0 to the 5 2 P 3/2 |F = 1 level off-resonant scattering via this level is possible (Fig. C.1(c),(d)). These effects lead to the emission of a second photon that perpetuates the atom-photon state and reduce its fidelity. Accordingly, this will be passed through by the swapping process also reducing the atom-atom state fidelity.
Beyond the effects reducing the fidelity of both the atom-photon and atom-atom states, there is a unapparent other effect reducing the fidelity of the two-photon interference based BSM. This process includes emission of a π-polarized photon followed by a regular excitation and decay. The π-polarized photon is not coupled into the single mode fiber and thus does not contribute to the atom-photon state, however, the temporal shape of the collected (second) photon is different than for a photon originating from a single excitation and emission process. This reduces the two-photon interference contrast, leading to a lower BSM fidelity and imperfect atom-atom state preparation. A numerical simulation of the temporal behavior yields a time dependent photon emission (and thus detection) probability broken down for each of the different excitation processes described in Figure C.1. A complete and detailed description of the model used for the numerical smulation can be found in [14,15]. Based on this result it is possible to optimize the two-photon acceptance time window for the BSM. The main finding is that the resulting entangled atom-atom state has the highest fidelity relative to the desired Bell state if only photons are accepted that are emitted after the end of the excitation pulse. This excludes the perpetuated atom-photon states as well as the effect of the imperfect state preparation, and increases the quality of the entanglement swapping operation.
While the first point follows directly from the simulated time dependent detection probability of the different excitation branches, the second is not that obvious. For this the following situation has to be considered: One atom emits only one photon, which is collected and detected, while the other one of the two atoms undergoes a two photon emission process first emitting a π-polarized photon and then being excited again emitting a second photon which is detected. If in this case one of the two detected photons is detected at an earlier time, especially during the excitation pulse, it can be assigned with very high probability to the atom emitting only one photon and the late photon to the atom with the two photon emission. Since the emission of the first π-polarized photon, in principle, allows the identification of the atom with the two photon process, the atom-atom state is not projected onto an entangled state by the BSM.
Based on the outcome of the model (Fig. C.2), we define a two-photon acceptance time window of 95 ns that starts after the excitation pulse, as illustrated in  While it drastically increases the entanglement fidelity, as shown in the simulation and the data presented in the main text, the shorter acceptance time window reduces the event rate by a factor of 4. Note that defining a smaller acceptance time window before the experiment does not lead to a ready-signal in the first place and thus does not open any kind of loophole, e.g., the detection loophole, in an Bell test.
For a complete analysis of the experiment, we also recorded the events outside of the time window, however, these events are not used in the DIQKD demonstration. The analysis of the complete dataset shows an increase of S-value and a reduction of the QBER for smaller time windows (Fig. C.4). The effect of excluding events with errors in the atom-photon entanglement generation is also observed in the read-out outcomes for both traps individually, as illustrated in Fig. C.5. For an ideally entangled atom-photon state, the ionization probability is 0.5, however, the processes reducing the atom-photon state fidelity, e.g., a second off-resonant excitation, lead to atomic states with higher ionization probabilities.
An even smaller time window might increase the atomatom entanglement generation even further, thus leading to higher S and lower QBER which in turn result in an higher asymptotic key rate (Fig. C.6). However, this further reduces the event rate and increases the time needed for a measurement yielding a sufficient amount of events. More interesting for future experiments is the possibility of optimizing the excitation pulse shape in combination with narrow band filtering of the single photon frequency. A shorter excitation pulse, in combination with spectral filtering of off-resonant excitations, might lead to a more precise filtering of unwanted photons and an higher event rate.
To reach event rates high enough to generate a secure key using DIQKD for a finite block length [5], one has not only to consider the quality of the entanglement but also the generation rate. Thus, for finding the optimal acceptance time window for such an experiment must consider the trade-off between them.
Appendix D: Estimating the expected secret key rate A rigorous security analysis of practical DIQKD would require a finite-key analysis that takes into account the resources consumed and block-length considerations [17]. However, as mentioned in the main text, our experiment, which prioritises the establishment of swapped entangled trapped atoms 400 metres apart, has an intrinsic limitation on the event rate based on state-of-the-art technology. Consequently, there is a trade-off between the event-rate and separation of the laboratories, hence it is not realistic to demonstrate finite-key security based on known calculation method [17].
To that end, we estimate the expected secret key rate of the DIQKD experiment using standard Bayesian analysis; while we acknowledge that this is not the usual approach for QKD, it nevertheless gives a reliable estimate based on available data. Starting from the data summary listed in Tab. I, we model the random behaviour of S (its winning probability), Q 0 , and Q 1 using Beta random variables, β win , β Q0 , and β Q1 , respectively, which is in line with the self-testing statistical analysis reported in Ref. [10]. In particular, using a uniform prior, the (updated) posterior distributions are β win = Beta(1355 + 1, 1649 − 1355 + 1), β Q0 = Beta(35 + 1, 448 − 35 + 1), β Q1 = Beta(32 + 1, 412 − 32 + 1), where Beta(a, b) is the standard Beta distribution, and the winning probability is related to the CHSH value by P win = (S + 4)/8; thus 1649 × (2.578 + 4)/8 = 1355. Then, to calculate the worst-case estimate of the expected secret key rate, we fix the tail errors of the updated Beta distributions to 3%; this means a 97% chance that each of the parameters would be higher (or lower) than a certain critical threshold. More specifically, we find S ≥ 2.4256 and Q 0 = Q 1 ≤ 0.107. Finally, using uniform settings (as was done in our experiment), we find that these critical values provide positive key rates.