Virtual zero-photon catalysis for improving continuous-variable quantum key distribution via Gaussian post-selection

Quantum catalysis is a feasible approach to increase the performance of continuous-variable quantum key distribution (CVQKD), involving the special zero-photon catalysis (ZPC) operation. However, in the practical point of view, the improvement effect of this operation will be limited by the imperfection of the photon detector. In this paper, we show that the ZPC operation at the sender can be simulated by a post-selection method without implementing it in practical devices. While performing this virtual version of ZPC in CVQKD, we can not only reach the ideal case of its practical implementation with minimal hardware requirement, but also keep the benefit of Gaussian security proofs. Based on Gaussian modulated coherent state protocols with achievable parameters, we enhance the security of the proposed scheme from the asymptotical case to the finite-size scenario and composable framework. Simulation results show that similar to the asymptotical case, both the maximal transmission distance and the tolerable excess noise of virtual ZPC-involved CVQKD outperform the original scheme and the scheme using virtual photon subtraction while considering finite-size effect and composable security. In addition, the virtual ZPC-involved CVQKD can tolerate a higher imperfection of the detector, enabling its practical implementation of the CVQKD system with state-of-the-art technology.


Results
The VZPC-based CVQKD. Quantum catalysis can be applied to facilitate the conversion of the target ensemble 51 and enhance the coherence of the coherent state 52 , which could prevent the loss of information effectively. It has been demonstrated theoretically that the performance of CVQKD can be improved when acting quantum catalysis operation on it, in both the Einstein-Podolsky-Rosen (EPR)-based scheme 48 and the locally generated local oscillator (LLO)-based scheme 49 . To make our description self-contained, in this section, we introduce the characteristics of quantum catalysis operation, and then propose the VZPC-based CVQKD.
The characteristics of quantum catalysis operation can be illustrated in Fig. 1a. An auxiliary mode Y with number state |m� interacts with the input mode C at the beam splitter (BS) with a transmittance T. The output Y ′ of mode Y then launches into an ideal PNRD to herald whether a successful quantum catalysis operation happened or not. If there remains m photons registered in the PNRD, we call the process above a successful m-photon quantum catalysis operation, which is represented by an equivalent operator Ĉ m 48 , where T is the transmittance of the BS in Fig. 1a, c † and c are the creation and annihilation operators of the input state in mode C. Note that, for the auxiliary modes Y and Y ′ of quantum catalysis operation, the input and output photon number seems like invariable, which means the detection result of the PNRD must be equal to the photon number of mode Y and is different from the m-photon subtraction operation (m > 0) shown in Fig. 1b. The post-selection state of C ′ for ZPC is conditioned on the 0 photon event on the PNRD while for m-photon subtraction is conditioned on the m (m > 0) photon event on the PNRD.
The quantum catalysis operation has larger success probability than the photon subtraction operation, and hence the ZPC-based CVQKD has better performance improvement in terms of secret key rate, transmission www.nature.com/scientificreports/ distance and tolerable excess noise 48,49 , especially for the ZPC. Therefore, in this work, we mainly focus on the ZPC operation. The specific application scheme of the ZPC in the equivalent entanglement-based (EB) CVQKD and its corresponding prepare-and-measure (PM) scheme can be simply described in Fig. 2a, b, respectively. However, from a practical point of view, the requirement of a PNRD or an on-off detector brings about practical difficulties. The imperfection of the detector and the augment to CVQKD system's complexity reduce the attractiveness of quantum catalysis operation. To overcome the difficulties mentioned above, in what follows, we suggest an equivalent post-selection method to emulate the ZPC operation in CVQKD with Gaussian modulated coherent state protocol. By using this method, one can not only enjoy the perfect ZPC operation but also remove the problem of increasing the system's complexity. Now, let us begin the description of the equivalent post-selection method with the EB scheme of the ZPCbased CVQKD. As shown in Fig. 2a, Alice prepares a pair of EPR state, including two modes A and B with a modulation variance V, i.e. where = √ (V − 1)/(V + 1) . She retains mode A of the two modes and sends the other mode B to Bob. For the preserved mode A, Alice performs heterodyne detection on it and gets the results { x A , p A }, which obeys Gaussian distribution with probability distribution 53 . It is known that heterodyne detection on mode A will project mode B onto a coherent state |α� with α = 54 . Consequently, the mixed state ρ B can be given by www.nature.com/scientificreports/ 53 . Before Alice sends mode B to Bob, she performs the ZPC operation on mode B and yields the mode B 1 if this operation is successful. Therefore, after the BS1, the mixed state of mode B 1 undergone a successful ZPC operation can be given by with where P Z is the success probability of the ZPC operation. It can be obtained by the relationship of Tr(ρ B1 ) = 1 , given by P Z = 2 1−VT+V +T . Comparing with the state ρ B 1 in Eq. (4) and the state ρ B in Eq. (3), one can find two differences between them. One is the additional weighting function W = e |α| 2 (g 2 −1) /P Z , which leads to an acceptance probability P α = e |α| 2 (g 2 −1) for each pair of measured results {x A , p A } . The total acceptance probability for all the data measured by Alice is dx A dp A P α P A = P Z , resulting in the success probability of the ZPC operation. The other one is the rescaling of the mean value of the coherent state from α to gα ( √ Tα ). Although the ZPC operation is probabilistic, P α is Gaussian so that P ′ A is still a Gaussian distribution, and thus this filter is Gaussian in the sense that it converts one Gaussian state into another Gaussian state, which means the ZPC operation preserves Gaussianity while the m-photon quantum catalysis operation ( m > 0 ) is non-Gaussian 55 . As the heterodyne detection and the ZPC operation are conducted on two different modes A and B, these two processes can be commuted with each other. Thus, we get an equivalent VZPC through Gaussian post-selection of Alice's each measurement result with an acceptance probability P α after exchanging the heterodyne detection and the ZPC operation. To be more specific, the PM version of the VZPC-based CVQKD, as shown in Fig. 2c, can be summarized as follows: Step 1 Alice prepares a coherent state |α� with α = √ T (x A + p A ) and sends it to Bob, where x A and p A obey Gaussian distribution with zero mean and variance of (V + 1).
Step 2 Bob receives the coherent state sent by Alice and performs homodyne or heterodyne detections. The measurement results are x B and p B , respectively. Step 3 After performing many rounds of step 1 and 2, Alice and Bob preserve enough data. Alice uses the acceptance probability to determine which data will be accepted and reveals them to Bob.
Step 4 Using the accepted data determined by step 3, Alice and Bob accomplish the conventional post-processing steps, involving parameter estimation, information reconciliation and privacy amplification.
Since the Gaussian post-selection can not change the Gaussianity of the data that Alice finally determined for generating secret keys, the suggested scheme remains equivalent to an effective deterministic Gaussian protocol, which can follow all the Gaussian security proofs as well as the corresponding conventionally Gaussian data post-processing. Note that since 0 < g ≤ 1 , the acceptance probability function P α is bounded. As a result, for arbitrary probability distribution P(α) of α , the integration dα 2 P α P(α) is convergent. Therefore, differing from the virtual noiseless amplification 31 , there is no divergence problem for the VZPC-based CVQKD.
Performance analysis. In this section, based on Gaussian modulation of the quadratures of coherent states, we show the performance of our scheme for the security frameworks of asymptotic, finite-size and composable scenarios under a collective Gaussian attack assumption.
In order to derive the analytical expression of the secret key rate, we need get the covariance matrix Ŵ AB 3 of the state ρ AB 3 in the equivalent EB-based version of our scheme. The covariance matrix of the EPR state ρ AB that Alice prepared can be given by 56 where I = 1 0 0 1 and σ Z = 1 0 0 − 1 . After performing the ZPC operation on mode B, the covariance matrix of the yield state ρ AB 1 can be expressed as www.nature.com/scientificreports/ The explicit derivation of the above expressions and the covariance matrix Ŵ AB 3 , containing the cases of asymptotic, finite-size and composable scenario, are shown in Supplementary S1. With the covariance matrices obtained in Supplementary S1, we can calculate the secret key rates using techniques shown in Refs. 8,9,48,56 for asymptotic, finite-size and composable security, as shown in Supplementary S2. For comparison, in what follows, we also show the simulation results of CVQKD with virtual photon subtraction (VPS). Its computing of covariance matrixes and secret key rates under asymptotic, finite-size and composable security are shown in Supplementary S3. Since the CVQKD with virtual 1-photon subtraction (V1-PS) has the optimal performance improvement 44 , we only show results of V1-PS-based CVQKD here. Note, as the 1-PS operation is non-Gaussian, all the calculated results for it are lower bounds based on the Gaussian hypothesis according to the extemality of Gaussian quantum states 57 .
Asymptotic security. We now give the asymptotical security of the VZPC-based CVQKD. The global parameters that are used for simulation are the variance V of the equivalent EPR state, the transmission efficiency T C and the excess noise ξ of the quantum channel, the quantum efficiency η and electronic noise ξ el of the detector, the reconciliation efficiency β of the reverse reconciliation phase. The parameters ξ , η and β are fixed to values ξ = 0.01 (in shot noise units), η = 0.6134 , β = 0.96 14 . The variance V takes the value 20 (in shot noise units), while we set the electronic noise of the detector ξ el to 0.01 or 0.001 (in shot noise units) 11 . In addition, the channel transmission efficiency is written as T C = 10 −αL/10 , where α = 0.2 dB/km is the loss coefficient of optical fibers, and L is the fiber length. The simulation results for homodyne and heterodyne detection are shown in Fig. 3a, b, where dash-dotted, dashed and solid lines are related to the results of the VZPC-based CVQKD, the V1-PS-based CVQKD and the original CVQKD, respectively. The dotted lines are the fundamental benchmark of CVQKD, i.e. PLOB bound 58 . Note that T = 1 represents catalysis operation is not performed. From the above results we can find that similar to the results in Ref. 48 , our proposed scheme can improve the maximal transmission distance and outperforms the V1-PS-based CVQKD CVQKD, while considering the imperfection of the detector. When the electronic noise arises to 0.01, the V1-PS-based CVQKD can no longer improve the transmission distance, whereas our proposed scheme is still effective. Actually, the ZPQC operation will decrease not only the final mutual information P Z βI AB shared by Alice and Bob but also the stolen information P Z χ BE available to Eve on Bob's key, as shown in Fig. 4. Interestingly, compared to the former, the latter has a relatively larger degradation, which enables the secret key rate to remain positive in the long-distance regime, as shown in Fig. 4, where the vertical axis represents the ratio between the decrement �χ BE of P Z χ BE and the decrement I AB of P Z βI AB (in the unit of dB), which is defined as �I R = 10log 10 (�χ BE /�I AB ) . Furthermore, from the green solid line in Fig. 4, we can find that I R increases with the transmission distance, which enables our proposed system to reach a longer maximal transmission distance.
In addition, the electronic noise of the detector at the receiver has a significant effect on our suggested scheme. Larger electronic noise not only degrades the entire performance significantly, but also decreases the performance improvement of CVQKD with the VZPC, which shows the possibly large limit of detector to practical system. Besides, except within very short transmission distance (smaller than 10 km), the performance of homodyne detection is better than heterodyne detection for ξ el = 0.001 . While the electronic noise of detector arising to 0.01, the performance of homodyne detection is always better than heterodyne detection. The reason is a extra unit of shot noise introduced by the heterodyne detection.
We also give the tolerable excess noise for the given parameters above, as shown in Fig. 3c, d, where the insets mean the corresponding optimal value of T. The tolerable excess noise is larger than the original scheme and the V1-PS-based scheme. Similar the secret key rate results in Fig. 3b, for the electronic noise up to 0.01, the tolerable noise can no longer be improved for the V1-PS-based protocol. These mean a more robust CVQKD system can be obtained with the VZPC, by optimizing the parameter T.
Finite-size analysis. In the practical implementation of CVQKD, the amount of signal uses is not infinite, which means that we must consider the finite-size effect of the proposed scheme. Moreover, some of the signal uses are discarded in the post-selection process, which will decrease the final signals used for parameter estimation and secret key generation. This post-selection process may generate significant impact on finite-size regime. Therefore, for protocols using post-selection, finite-size analysis is of great significance for practical application. In the following, we expand our suggested VZPC-based CVQKD to the finite-size case, which is more in line with the practical situation. We note that the final simulation results are similar to that of the asymptotic case, as shown in Fig. 5, where the block size N is set to be 10 9 , the parameters ǫ EP , ǫ PA and ǫ sm are all set to be 10 −108 . The rate r = m/N , which is the rate of signals uses used for parameter estimation, is optimized for each distance in Fig. 5a, b, while it is fixed with r = 5/7 11 for Fig. 5c, d. It is visible that not only the maximal transmission distance but also the tolerable excess noise can be improved for the VZPC-based CVQKD when considering the finite-size effect, although the degree of improvement is slightly decreased. Moreover, our proposed scheme outperforms the V1-PS-based scheme as well. While the block size N is up to 10 12 , the results considering finitesize effect will closely approach that of the asymptotical case.
From a practical point of view, the evaluation of the optimal value of T will be under certain region. If the fluctuation of the estimated value of T has large impact on the proposed CVQKD system with the VZPC, complicated implementations will be required to acquire an accurate evaluation of T, leading to the employment of the VZPC non of worthy. Therefore, we inspect the variation of secret key rate under finite-size scenario when www.nature.com/scientificreports/ the parameter T diverging from its optimal value a certain range. Fortunately, the secret key rate changes slowly with the fluctuation of T at each distance around its optimum value K opt , as illustrated in Fig. 6, where V = 20 and ξ el = 0.001 . We can get that higher than 90% of the optimum secret key rate ( K opt ) can be obtained while T changing in a relative large region, which is within the scope between the dashed line ( K opt (L) ) and the dashdotted line ( K opt (U) ). Similar results can be acquired for the case of asymptotical and composable security and we do not show it for simplicity. Finally, we focus on the comparison of the extent of the effect on our proposed CVQKD scheme between the detector's quantum efficiency and electronic noise. We depict the secret key rate simulation results in Fig 7a with electronic noise ξ el = 0.01 , while the quantum efficiency the detector is equal to 1. We find that even the quantum efficiency is up to the perfect case, the performance remains a big gap compared to the case of ξ el = 0.001 and η = 0.6134 (see Fig. 5a), which reflects that the detector's electronic noise is a more sensitive parameter than its quantum efficiency, either homodyne or heterodyne detection. To make the results more clear, we draw the secret key rate as a function of detector's quantum efficiency and electronic noise in Fig. 7b, where the transmission distance is 40 km. Since there is little even no performance improvement for 1-photon subtraction operation, we don't show its results here. We find that the imperfection toleration of homodyne detection is better than that of the heterodyne detection. In particular, compared with the original CVQKD protocol, our suggested scheme can tolerate a higher imperfection of the detector, especially for homodyne detection. These results related to the detector are also applied to the case under previous asymptotical security and the latter composable security. www.nature.com/scientificreports/ Composable security. The composable security is of great significance for CVQKD to apply in more complex and unpredictable environments, whereas the finite-size analysis is a foundation for the practical implementation of CVQKD. Actually, for realistical application of CVQKD in complex environments, there exists a probability that the finally generated secret keys do not meet the requirement of the CVQKD protocol, i.e. the protocol has "flaw". The composable security can relax the problem of how to evaluate the degree of this "flow" of a CVQKD protocol, and can also solve the problem of evaluating "flow degree" while the flowed keys are applied in other subsequent protocols. Therefore, it is of importance that whether the proposed scheme can also be applied to real complex environments and composed with other composable secure protocols. Composable security against collective attack for CVQKD has been proven in Ref. 9 , which further implies composable security against general security combining the de Finetti theorem or postselection technique. Here, we give a further analysis of the proposed scheme in composable security framework against collective attacks, exploring the feasibility of the scheme under general security framework and therefore demonstrating the practical significance of it. All the values of the security parameters are chosen as follows 9 : We plot the numerical results of secret key rate and tolerable noise as well as the corresponding optimal value of T in Fig. 8a-d, where the total exchanged signals between Alice and Bob is set to be 2n = 10 11 . From the simulation results, we can see that similar to the finite-size case, the maximum transmission distance can be improved in composable security framework as well. However, although the block size is up to 10 11 , the maximally reachable transmission distance is even less than that of the finite-size case with N = 10 9 . The performance of finite-size case will approach to the asymptotical case while the block size reaches 10 11 , whereas the block size should come up to 10 14 for composable security. Moreover, the results will be even worse for composable security with a lower block size. If the block size 2n = 10 10 and ξ el = 0.001 (not shown), only less than 24 km and 22 km can be reached for our proposed scheme with homodyne and heterodyne detection, respectively. For 2n = 10 10 and ξ el = 0.01 , the results are even worse, merely less than 17 km and 12 km can be reached for our proposed scheme while performing homodyne and heterodyne detection. Non positive key rate can be obtained for all cases when 2n = 10 9 . Therefore, it is more sensitive to the block size for the practical system under composable security framework. We plot the secret key as a function of 2n, the number of exchanged signals, in Fig. 8e, f, where the transmission distance is 20 km. From these results we can conclude that compared to the V1-PS-based and the original CVQKD protocol, our proposed scheme can tolerate smaller limit of block size. Meanwhile, in Fig. 8e, f, we also show the corresponding results of our proposed scheme under finite-size security (two black solid lines), with a fixed rate r = 5/7 . Obviously, compared with the finite-size case, composable security has a higher security level and thus it requires much larger number of channel uses.

Discussion
We have proposed an approach, virtual zero-photon catalysis, to emulate the ideal zero-photon catalysis operation without practical devices in coherent-state CVQKD, which can be realized by Gaussian post-selection according to Alice's data. The post-selection probability function or the acceptance function is Gaussian and bounded, which guarantees our proposed protocol remains equivalent to an effective deterministic Gaussian protocol, and thus enables it to follow all the Gaussian security proofs as well as the corresponding conventionally Gaussian data post-processing. The simulation results show that by optimizing the main parameter, i.e., the transmittance T of Alice's BS1, both the maximal transmission distance and the tolerable excess noise can be increased and outperform the V1-PS-based CVQKD scheme, which is true for the asymptotical security and the security considering finite-size effect. By comparing the results of homodyne and heterodyne detection, additionally, we (10) ǫ sm =ǭ = 10 −21 , ǫ PE = ǫ cor = ǫ ent = 10 −41 . www.nature.com/scientificreports/ find that the performance of homodyne detection is superior to that of the heterodyne detection. Attractively, the CVQKD using virtual zero-photon quantum catalysis can tolerate a higher imperfection of the detector, especially for homodyne detection. These results indicate that our proposed scheme offers an opportunity of practically implementing the zero-photon catalysis on CVQKD systems.