Abstract
Most qubitbased quantum key distribution (QKD) protocols extract the secure key merely from singlephoton component of the attenuated lasers. However, with the ScaraniAcinRibordyGisin 2004 (SARG04) QKD protocol, the unconditionally secure key can be extracted from the twophoton component by modifying the classical postprocessing procedure in the BB84 protocol. Employing the merits of SARG04 QKD protocol and sixstate preparation, one can extract secure key from the components of single photon up to four photons. In this paper, we provide the exact relations between the secure key rate and the bit error rate in a sixstate SARG04 protocol with singlephoton, twophoton, threephoton and fourphoton sources. By restricting the mutual information between the phase error and bit error, we obtain a higher secure bit error rate threshold of the multiphoton components than previous works. Besides, we compare the performances of the sixstate SARG04 with other prepareandmeasure QKD protocols using decoy states.
Introduction
Quantum key distribution (QKD)^{1,2} offers informationtheoretic security for two authorized users, Alice and Bob, when communicating secret information along an insecure quantum channel, while the laws of quantum mechanics bound the behavior of an eavesdropper^{3,4,5,6}. Since its introduction in 1984 by Bennett and Brassard^{1}, QKD has experienced great advances both theoretically^{7,8,9,10,11,12} and experimentally^{13,14,15,16,17,18} and has become the most mature quantum information technology for commercial use^{19}. The study of QKD today is driven by the necessity to close the gap between its theory and practice, as experimental systems tend to differ remarkably from their simplified mathematical models and any of these deviations may open doors to new attacks from Eve to compromise security. Some of Eve’s eavesdropping techniques include simple individual attacks and Trojanhorse attacks, which one can overcome by investigating the bounds of information leakage in different scenarios and apply the suitable amount of privacy amplification to obtain the final secure key^{20}. Other sidechannel attacks, such as detector blinding attacks^{21} and timeshift attack^{22} that base on specific device imperfections, require more complicated QKD settings than the original BB84 to retrieve security again. Hence the measurementdeviceindependent (MDI) QKD^{23,24,25,26,27,28,29,30,31,32} and deviceindependent (DI) QKD^{33,34,35} were developed to combat these experimental flaws.
Compared with the entanglementbased QKD protocols, prepareandmeasure QKD protocols are widely studied. The photonnumber distribution of weak coherent states is Poisson distribution, which contains a fraction of multiphoton components. However, exploiting photonadded coherent states^{36}, one can acquire large probabilities of singlephoton, twophoton, threephoton or fourphoton component. For the BB84 protocol, the singlephoton source is usually replaced by weak coherent states, which suffer from the photon number splitting (PNS) attack^{37}. The PNS attack, in which Eve blocks all single photon pulses and splits multiphoton pulses, results from the experimental variation of replacing the single photon sources from the original BB84 protocol with practical attenuated lasers. In this situation, Eve would forward some portion of multiphoton pulses to Bob through a lossless channel while keeping the rest to herself in the quantum memory^{38,39,40} and measure her photons after receiving the basis reconciliation information obtained via Alice and Bob’s public communication. The security basis of QKD provided by single photon pulses was guaranteed by the nocloning theorem^{41} and thus this attack was regarded as a major threat to QKD and has been extensively studied^{37}. Two major counter methods have been proposed. One is the decoy state method^{42,43,44}, which is a powerful method devised to analyze rigorously the extractible secret key rate from the singlephoton component of signal states, though its implementations would differ slightly from the prepareandmeasure setup^{45,46,47}. To overcome this attack at a protocol level, the SARG04 QKD protocol^{48}, which differs from the BB84 only in the classical postprocessing part^{49,50}, was proposed. In the SARG04 protocol, the reconciliation information is a pair of nonorthogonal states, which cannot be perfectly distinguished and can be able to address the PNS attack^{48}. Subsequently, this prepareandmeasure SARG04 protocol was further investigated and ingeniously converted to an unconditionally secure entanglement distillation protocol (EDP) by Tamaki and Lo^{51}, who showed that by exploiting the same arguments of Shor and Preskill^{4}, SARG04 protocol possesses the unique ability to extract the secure key from not only the singlephoton component but also twophoton component^{51,52}. This opens the interesting question that under certain modifications of the original BB84 protocol, how the secret key can be extracted from multiphoton states. The SARG04 protocol has been widely investigated in theories^{49,50,51,52,53,54,55,56} and experiments^{57,58}. Similarly to the MDIQKD protocol, which was proposed to make BB84 protocol naturally immune to all sidechannel attacks on detectors, the SARG04 protocol in MDI setting has been considered likewise^{59}. Also, with the advantage of secure key generation from twophoton component, recently a nonorthogonal state encoding method of SARG04 has been successfully applied to circumvent the forging attack of quantum digital signature with insecure quantum channel^{60}. A generalized SARG04 with six states (sixstate SARG04) protocol has been analyzed in ref. 51, which showed that one could extract the secure key from the singlephoton component to up to fourphoton component. However, without the explicit relations between the phase error rate and bit error rate of the sixstate SARG04 protocol^{51}, one cannot acquire the exact secure key rate.
Here, we generalize the EDP of ref. 51 to acquire the exact relationships between the phase error rate and bit error rate of singlephoton, twophoton, threephoton and fourphoton components in the sixstate SARG04 protocol. Furthermore, we carefully analyze the mutual information between phase error and bit error and discover that the mutual information of twophoton component in a fourstate SARG04 protocol and that of threephoton and fourphoton components in a sixstate SARG04 protocol are not zero, so the secure bit error rate threshold of those cases are higher than the results of previous works^{51}. Finally, we perform a numerical simulation to study the performance of sixstate SARG04 with weak coherent states in an infinite decoy states setting. Also, we compare the performance of sixstate SARG04 and other prepareandmeasure QKD protocols, i.e., BB84^{1,43}, fourstate SARG04^{48,52} and roundrobin differential phaseshift (RRDPS) QKD protocols^{61,62,63} in the same situation.
Results
Sixstate SARG04 QKD protocol
In this section, we introduce the sixstate SARG04 QKD protocol with νphoton (ν ∈ {1, 2, 3, 4}) source. In this protocol, there are six polarization encoding quantum states, H〉, V〉, , and . The six states are then arranged into twelve sets {H〉, −〉}, {−〉, V〉}, {V〉, +〉}, {+〉, H〉}, {H〉, R〉}, {R〉, V〉}, {V〉, L〉}, {L〉, H〉}, {R〉, −〉}, {−〉, L〉}, {L〉, +〉}, {+〉, R〉}, where the first and second states of each set correspond to logic 0 and 1, respectively. The steps of the sixstate SARG04 QKD protocol with a νphoton source are outlined as follows. Alice sends a series of signals to Bob. Each pulse is chosen randomly from the twelve sets listed above and Alice randomly sends one state from each set to Bob through the insecure quantum channel. Bob randomly measures the incoming bit strings with one of the three bases, Z, X and Y. Afterwards, he exploits an authenticated classical channel to announce to Alice the situations where he did not register any click at his detection unit and both of them discard these signals. Alice reveals to Bob the sets on which she encodes her information. Bob then compares his measurement results with Alice’s set information. If Bob’s measurement result is orthogonal to one of the states in the set, he concludes that the other state has been sent, which represents a conclusive result; he concludes an inconclusive result otherwise. He discards all the inconclusive results and broadcasts to Alice which of his results are conclusive. Alice selects randomly a portion of her remaining signals and announces them to Bob and Bob calculates the bit error rate to test for eavesdroppers. If the bit error rate is much higher than the upper bound, they abort the protocol. They perform error correction and privacy amplification on the remaining bit string to obtain the shared secret key.
A virtual EDPbased sixstate SARG04 protocol
To estimate phase error for privacy amplification, one can construct an equivalent EDP version of the sixstate SARG04 protocol. First, we introduce some notations. {0_{x}〉, 1_{x}〉} and {0_{z}〉, 1_{z}〉} are the eigenstates for X and Z basis, respectively. ; T_{0} = I is an identity operation; is a π/2 rotation around the axis; is a rotation around the axis. In the EDPν protocol, Alice prepares many pairs of qubits in the state , where (j ∈ {0, 1}). She then randomly rotates T_{l}R^{k} and sends system B to Bob, where l ∈ {0, 1, 2} and k ∈ {0, 1, 2, 3}. Upon receiving the qubits, Bob first applies a random reverse rotation , before performing a filtering operation defined by a Klaus operator . Then Alice and Bob would compare their indices k, l and k′, l′ via public communication and keep the qubit pairs with k = k′ and l = l′ when Bob’s filtering operation is successful. They then choose some states randomly as test bits and measure them in the Z basis and compare their results publicly to estimate the bit error rate and the information acquired by Eve. Finally, they utilize the corresponding CalderbankShorSteane (CSS) code to correct the bit and phase errors^{4} and perform a final Z measurement on their qubits to obtain the secure key.
The sixstate SARG04 QKD protocol is equivalent to the EDPbased sixstate SARG04 QKD protocol, except for the only difference, a π/4 total rotation around Y basis. By analyzing the virtual EDPbased sixstate SARG04 QKD protocol, we give the exact phase error rate formula, whose detailed analysis is provided in the Methods section. For the case with a singlephoton source, we have
where e_{p} and e_{b} are the phase error rate and bit error rate, respectively. a is the probability that both bit flip and phase shift occur, which restricts the mutual information between phase error and bit error. For the case of a twophoton source, the relationship can be given by
For the case with a threephoton source, the error rates can be written as
For the case with a fourphoton source, the error rates are calculated by
where
Now we reexamine the fourstate SARG04 QKD protocol^{51,52} and we find that the mutual information between bit error and phase error of a twophoton source is not zero. The expression can be given by
where
from which we can see that this phase error rate formula is the same as the result in ref. 51.
The secure key rate of the EDPbased QKD using oneway classical communication can be given by^{52}
where H(x) = −x log_{2}(x) − (1 − x) log_{2} (1 − x) is the binary Shannon entropy, H(e_{p}e_{b}) is the conditional Shannon entropy function shown in the Methods section. We calculate the secure key rates versus the bit error rates for the sixstate SARG04 QKD protocol with singlephoton, twophoton, threephoton and fourphoton sources, as shown in Fig. 1. For comparison, we also calculate the secure key rate versus bit error rate for BB84 protocol^{4}, sixstate protocol^{64} and fourstate SARG04 QKD protocol^{51}. For the sixstate SARG04 QKD protocol, one can extract the secure key rate from νphoton component when the bit error rate is no larger than 11.235% (with ν = 1), 5.602% (with ν = 2), 2.438% (with ν = 3) and 0.802% (with ν = 4). For the fourstate SARG04 QKD protocol with our calculation, one can extract the secure key rate from twophoton component when the bit error rate is lower than 2.726%. We can see that the bit error rate thresholds of singlephoton and twophoton in the sixstate SARG04 QKD protocol are the same with the results in ref. 51, while the bit error rate thresholds of threephoton and fourphoton in the sixstate SARG04 QKD protocol and twophoton in the fourstate SARG04 QKD protocol are larger than the results in ref. 51. If we neglect the mutual information between phase error and bit error, the bit error rate thresholds of threephoton (2.370%) and fourphoton (0.788%) in the sixstate SARG04 QKD protocol and twophoton (2.710%) in the fourstate SARG04 QKD protocol are the same with the results in ref. 51.
For the phase randomized weak coherent state sources^{65}, we study the secure key rate with infinite decoy states^{42,43,44}, which can be given by
where Q_{n} is the gain of the nphoton signal states which can be estimated by the decoystate method; is the phase (bit) error for the nphoton state; Q_{μ} and E_{μ} are, respectively, the total gain and quantum bit error rate under signal states with μ intensity and can both be acquired directly through the experiment. We execute a numerical simulation to study its performance, as shown in Fig. 2. In our simulation, we use the following parameters: the detection efficiency is η_{d} = 43%, the dark count rate of each pulse is p_{dark} = 1 × 10^{−7} and the intrinsic loss coefficient of standard telecom fibre is α = 0.2 dB/km. These values are adopted from the 200 km MDIQKD experiment data^{16}. We also set the misalignment error rate to e_{d} = 0.5%, the efficiency of error correction is f = 1.16. For comparison, we also give the secure key rates of BB84 QKD protocol^{43}, fourstate SARG04 QKD protocol^{52} and the RRDPS QKD protocol^{61} with the case of infinite decoy states. As shown in Fig. 2(a), the secure transmission distance of the sixstate SARG04 QKD protocol is more than 270 km, farther than the fourstate SARG04 QKD protocol because of the higher bit error rate threshold in the sixstate SARG04 QKD protocol. The case of finite decoy states is considered in the Fig. 2(b). By exploiting one weak decoy state and vacuum state, one can extract the secure key from singlephoton component (see Methods). However, the secure key rate and secure transmission distance of the sixstate and fourstate SARG04 QKD protocol are all smaller than those of BB84 protocol since the bit error rate of BB84 protocol is small and the efficiency of basis shift is high^{52}. Meanwhile, since the security of RRDPS QKD does not rely on signal disturbance monitoring, in our case where e_{d} is low, the secure key of RRDPS QKD is much lower than qubitbased QKD protocols.
Discussion
For each QKD protocol, how to extract as much secure key as possible is a critical task. Here, we present the exact relations between the phase error and bit error as well as the mutual information parameters with singlephoton, twophoton, threephoton and fourphoton sources. Through restricting the mutual information, we have obtained higher bit error rate thresholds of threephoton, fourphoton sixstate SARG04 and twophoton fourstate SARG04 QKD protocol. In the quantum digital signature protocol with k + 1participant^{60,66} (one signer and k recipients), the signer will prepares k copies of quantum states and send a copy of quantum states to each recipient through the insecure quantum channel. To guarantee the security against the forgery attack of untruthful recipient, the honest recipient needs to estimate the information leak of his received quantum states, which will correlate to the phase error rate of QKD with kphoton sources. The security analysis of the fourstate and sixstate SARG04 QKD protocol with twophoton sources has been used for the threeparticipants quantum digital signature^{60}. Similarly, we can expect that the security analysis of the sixstate SARG04 QKD protocol with three and fourphoton sources can also be used for the fourparticipant and fiveparticipant quantum digital signature.
Methods
The sixstate SARG04 protocol with singlephoton source
We consider the following four orthogonal Bell states
Alice prepares the initial quantum state . If Eve performs no attacks and Bob does a successful filtering operation, the quantum state shared by Alice and Bob can be given by
Here, we consider that Eve can perform the most general attack on all qubits transmitted through the insecure quantum channel. By tracing out all other qubits, we can focus on one qubit state. Let ρ_{qubit} represent a pair of qubit states that Alice and Bob share after Eve’s attack, which can be given by
where l ∈ {0, 1, 2}, k ∈ {0, 1, 2, 3}, and
Here, E_{B} is a 2 × 2 matrix representing Eve’s operations on the singlephoton qubit. Meanwhile, any quantum state in the form of a bipartite density matrix can be expressed by the Bellbasis diagonal states. From Eq. (25), we can see that the Bell state Φ^{+}〉 is a reference state. Thus, we have
representing the probabilities of only bit flip, only phase shift, both bit flip and phase shift, respectively. Therefore, the probabilities of bit flip and phase shift can be given by
Let p_{fil} = Tr[ρ_{qubit}] represent the trace value of state ρ_{qubit}. One can clearly see that , , and , where A_{fil}, A_{bit}, A_{ph} and A_{Y} are all 4 × 4 diagonal matrices and is a 1 × 4 vector. If xA_{bit} + yA_{fil} − A_{ph} ≥ 0 is a positive semidefinite matrix, xp_{bit} + yp_{fil} ≥ p_{ph} will always be satisfied. If p_{ph} ≤ xp_{bit} + yp_{fil} holds, then e_{p} ≤ xe_{b} + y becomes exponentially reliable as the number of successfully filtered states increases^{51}. By using the same argument, if holds, then xe_{b} ≤ a ≤ ye_{b}. The conditional Shannon entropy function can be given by
The sixstate SARG04 protocol with multiphoton sources
In the case of twophoton, for each quantum state prepared by Alice, the density matrix of quantum state shared by Alice and Bob after Eve’s attack can be given by
where l ∈ {0, 1, 2}, k ∈ {0, 1, 2, 3}, u ∈ {0, 1} and
E_{B} is a 4 × 4 matrix which depends on Eve’s operation on the twophoton qubit and we can safely assume that the final state of Eve’s system is a particular state 0_{x}〉. A_{fil}, A_{bit}, A_{ph} and are 8 × 8 diagonal matrices, is a 1 × 8 vector.
In the case of threephoton, for each quantum state prepared by Alice, the density matrix of quantum state shared by Alice and Bob after Eve’s attack can be given by
where l ∈ {0, 1, 2}, k ∈ {0, 1, 2, 3}, u ∈ {0, 1}, v ∈ {0, 1} and
E_{B} is a 8 × 8 matrix which depends on Eve’s operation on the threephoton qubit. A_{fil}, A_{bit}, A_{ph} and A_{Y} are 16 × 16 diagonal matrices, is a 1 × 16 vector.
In the case of fourphoton, for each quantum state prepared by Alice, the density matrix of quantum state shared by Alice and Bob after Eve’s attack can be given by
where l ∈ {0, 1, 2}, k ∈ {0, 1, 2, 3}, u ∈ {0, 1}, v ∈ {0, 1}, s ∈ {0, 1} and
Since the photons of Eve’s system are identical, considering their symmetry, we have
E_{B} is a 16 × 16 matrix which depends on Eve’s operation on the fourphoton qubit. A_{fil}, A_{bit}, A_{ph} and A_{Y} are 16 × 16 diagonal matrices, is a 1 × 16 vector.
Decoy state method with weak coherent state sources
By using decoy state method^{42,43,44}, one can have
where Y_{n} is the yield of nphoton. In this simulation, we use the case where Eve does not interfere with the protocol. For the BB84 protocol, the Y_{n} and can be given by^{43}
where , is the channel transmittance and D is the distance of optical fibre. For the RRDPS protocol, the Y_{n} and can be given by^{61,62,63}
where L is the number of pulses of each block. For the fourstate SARG04 protocol, the Y_{n} and can be given by^{52}
For the sixstate SARG04 protocol, the Y_{n} and can be given by^{60}
For the case with infinite decoy states, one can use the Eqs (25, 26, 27, 28) to directly calculate the yield and bit error rate of photon component^{43,44}. For the case with finite decoy states, we must estimate the lower bound of yield and the upper bound of bit error rate . One can exploit three intensities μ > ν > 0 to estimate and ,
One can also exploit four intensities^{60} μ > ν > ω > 0 to estimate and ,
For more photon components, the analytical method will become very complex to calculate the yield and bit error rate. However, the linear programming^{25} is a good method. To estimate the yield and bit error rate of nphoton, one can use n + 2 kinds of intensities. Since the probability of multiphoton components is very small in the weak coherent state sources, we simply consider the singlephoton component contribution using one signal state, one weak decoy state and vacuum state. The intensity of weak decoy state is 0.1 and the intensity of signal state is optimal for each distance.
Additional Information
How to cite this article: Yin, H.L. et al. Security of quantum key distribution with multiphoton components. Sci. Rep. 6, 29482; doi: 10.1038/srep29482 (2016).
References
Bennett, C. H. & Brassard, G. Quantum cryptography: Public key distribution and coin tossing. In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, 175–179 (IEEE, New York, 1984).
Ekert, A. K. Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett. 67, 661–663 (1991).
Lo, H.K. & Chau, H. F. Unconditional security of quantum key distribution over arbitrarily long distances. Science 283, 2050–2056 (1999).
Shor, P. W. & Preskill, J. Simple proof of security of the BB84 quantum key distribution protocol. Phys. Rev. Lett. 85, 441 (2000).
Kraus, B., Gisin, N. & Renner, R. Lower and upper bounds on the secretkey rate for quantum key distribution protocols using oneway classical communication. Phys. Rev. Lett. 95, 080501 (2005).
Tomamichel, M. & Renner, R. Uncertainty relation for smooth entropies. Phys. Rev. Lett. 106, 110506 (2011).
Gisin, N., Ribordy, G., Tittel, W. & Zbinden, H. Quantum cryptography. Rev. Mod. Phys. 74, 145–195 (2002).
Wang, X.B., Hiroshima, T., Tomita, A. & Hayashi, M. Quantum information with Gaussian states. Phys. Rep. 448, 1–111 (2007).
Scarani, V. et al. The security of practical quantum key distribution. Rev. Mod. Phys. 81, 1301–1350 (2009).
Weedbrook, C. et al. Gaussian quantum information. Rev. Mod. Phys. 84, 621–669 (2012).
Lo, H.K., Curty, M. & Tamaki, K. Secure quantum key distribution. Nature Photon. 8, 595–604 (2014).
Ekert, A. & Renner, R. The ultimate physical limits of privacy. Nature 507, 443–447 (2014).
Takesue, H. et al. Quantum key distribution over a 40db channel loss using superconduct ing singlephoton detectors. Nature Photon. 1, 343–348 (2007).
Wang, S. et al. 2 GHz clock quantum key distribution over 260 km of standard telecom fiber. Opt. Lett. 37, 1008–1010 (2012).
Liu, Y. et al. Experimental measurementdeviceindependent quantum key distribution. Phys. Rev. Lett. 111, 130502 (2013).
Tang, Y.L. et al. Measurementdeviceindependent quantum key distribution over 200 km. Phys. Rev. Lett. 113, 190501 (2014).
Korzh, B. et al. Provably secure and practical quantum key distribution over 307 km of optical fibre. Nature Photon. 9, 163–168 (2015).
Tang, Y.L. et al. Measurementdeviceindependent quantum key distribution over untrust ful metropolitan network. Phys. Rev. X 6, 011024 (2016).
Fröhlich, B. et al. A quantum access network. Nature 501, 69–72 (2013).
Lucamarini, M. et al. Practical security bounds against the trojanhorse attack in quantum key distribution. Phys. Rev. X 5, 031030 (2015).
Lydersen, L. et al. Hacking commercial quantum cryptography systems by tailored bright illumination. Nature Photon. 4, 686–689 (2010).
Zhao, Y., Fung, C.H. F., Qi, B., Chen, C. & Lo, H.K. Quantum hacking: Experimen tal demonstration of timeshift attack against practical quantumkeydistribution systems. Phys. Rev. A 78, 042333 (2008).
Lo, H.K., Curty, M. & Qi, B. Measurementdeviceindependent quantum key distribution. Phys. Rev. Lett. 108, 130503 (2012).
Braunstein, S. L. & Pirandola, S. Sidechannelfree quantum key distribution. Phys. Rev. Lett. 108, 130502 (2012).
Ma, X., Fung, C.H. F. & Razavi, M. Statistical fluctuation analysis for measurement deviceindependent quantum key distribution. Phys. Rev. A 86, 052305 (2012).
Yin, H.L. et al. Longdistance measurementdeviceindependent quantum key distribution with coherentstate superpositions. Opt. Lett. 39, 5451–5454 (2014).
Curty, M. et al. Finitekey analysis for measurementdeviceindependent quantum key distribution. Nature Commun. 5, 3732 (2014).
Wang, Q. & Wang, X.B. Simulating of the measurementdevice independent quantum key distribution with phase randomized general sources. Sci. Rep. 4, 4612 (2014).
Yin, H.L. et al. Measurementdeviceindependent quantum key distribution based on Bel l’s inequality. arXiv:1407.7375.
Zhou, Y.H., Yu, Z.W. & Wang, X.B. Making the decoystate measurementdevice independent quantum key distribution practically useful. Phys. Rev. A 93, 042324 (2016).
Xu, F. Measurementdeviceindependent quantum communication with an untrusted source. Phys. Rev. A 92, 012333 (2015).
Fu, Y., Yin, H.L., Chen, T.Y. & Chen, Z.B. Longdistance measurementdevice independent multiparty quantum communication. Phys. Rev. Lett. 114, 090501 (2015).
Aćın, A. et al. Deviceindependent security of quantum cryptography against collective attacks. Phys. Rev. Lett. 98, 230501 (2007).
Gisin, N., Pironio, S. & Sangouard, N. Proposal for implementing deviceindependent quantum key distribution based on a heralded qubit amplifier. Phys. Rev. Lett. 105, 070501 (2010).
Vazirani, U. & Vidick, T. Fully deviceindependent quantum key distribution. Phys. Rev. Lett. 113, 140501 (2014).
Agarwal, G. S. & Tara, K. Nonclassical properties of states generated by the excitations on a coherent state. Phys. Rev. A 43, 492–497 (1991).
Brassard, G., Lütkenhaus, N., Mor, T. & Sanders, B. C. Limitations on practical quantum cryptography. Phys. Rev. Lett. 85, 1330–1333 (2000).
Azuma, K., Tamaki, K. & Munro, W. J. Allphotonic intercity quantum key distribution. Nature Commun. 6, 10171 (2015).
Abruzzo, S., Kampermann, H. & Bruß, D. Measurementdeviceindependent quantum key distribution with quantum memories. Phy. Rev. A 89, 012301 (2014).
Mirza, I. M., van Enk, S. & Kimble, H. Singlephoton timedependent spectra in coupled cavity arrays. J. Opt. Soc. Am. B 30, 2640–2649 (2013).
Wootters, W. K. & Zurek, W. H. A single quantum cannot be cloned. Nature 299, 802–803 (1982).
Hwang, W.Y. Quantum key distribution with high loss: Toward global secure communi cation. Phys. Rev. Lett. 91, 057901 (2003).
Lo, H.K., Ma, X. & Chen, K. Decoy state quantum key distribution. Phys. Rev. Lett. 94, 230504 (2005).
Wang, X.B. Beating the photonnumbersplitting attack in practical quantum cryptogra phy. Phys. Rev. Lett. 94, 230503 (2005).
Peng, C.Z. et al. Experimental longdistance decoystate quantum key distribution based on polarization encoding. Phys. Rev. Lett. 98, 010505 (2007).
Rosenberg, D. et al. Longdistance decoystate quantum key distribution in optical fiber. Phys. Rev. Lett. 98, 010503 (2007).
SchmittManderbach, T. et al. Experimental demonstration of freespace decoystate quan tum key distribution over 144 km. Phys. Rev. Lett. 98, 010504 (2007).
Scarani, V., Aćın, A., Ribordy, G. & Gisin, N. Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations. Phys. Rev. Lett. 92, 057901 (2004).
Aćın, A., Gisin, N. & Scarani, V. Coherentpulse implementations of quantum cryptogra phy protocols resistant to photonnumbersplitting attacks. Phys. Rev. A 69, 012309 (2004).
Branciard, C., Gisin, N., Kraus, B. & Scarani, V. Security of two quantum cryptography protocols using the same four qubit states. Phys. Rev. A 72, 032301 (2005).
Tamaki, K. & Lo, H.K. Unconditionally secure key distillation from multiphotons. Phys. Rev. A 73, 010302 (2006).
Fung, C.H. F., Tamaki, K. & Lo, H.K. Performance of two quantumkeydistribution protocols. Phys. Rev. A 73, 012337 (2006).
Koashi, M. Security of quantum key distribution with discrete rotational symmetry. arXiv quantph/0507154.
Xu, F.X., Wang, S., Han, Z.F. & Guo, G.C. Passive decoy state SARG04 quantumkey distribution with practical photonnumber resolving detectors. Chin. Phys. B 19, 100312 (2010).
Ali, S. & Wahiddin, M. Fiber and freespace practical decoy state qkd for both BB84 and SARG04 protocols. Eur. Phys. J. D 60, 405–410 (2010).
Ali, S., Mohammed, S., Chowdhury, M. & Hasan, A. A. Practical SARG04 quantum key distribution. Opt. Quant. Electron. 44, 471–482 (2012).
Stucki, D. et al. Longterm performance of the swissquantum quantum key distribution network in a field environment. New J. Phys. 13, 123001 (2011).
Jeong, Y.C., Kim, Y.S. & Kim, Y.H. Effects of depolarizing quantum channels on BB84 and SARG04 quantum cryptography protocols. Laser Phys. 21, 1438–1442 (2011).
Mizutani, A., Tamaki, K., Ikuta, R., Yamamoto, T. & Imoto, N. Measurementdevice independent quantum key distribution for scaraniacinribordygisin 04 protocol. Sci. Rep. 4, 5236 (2014).
Yin, H.L., Fu, Y. & Chen, Z.B. Practical quantum digital signature. Phys. Rev. A 93, 032316 (2016).
Sasaki, T., Yamamoto, Y. & Koashi, M. Practical quantum key distribution protocol without monitoring signal disturbance. Nature 509, 475–478 (2014).
Zhang, Z., Yuan, X., Cao, Z. & Ma, X. Roundrobin differentialphaseshift quantum key distribution. arXiv:1505.02481.
Yin, H.L., Fu, Y., Mao, Y. & Chen, Z.B. Detectordecoy quantum key distribution without monitoring signal disturbance. Phys. Rev. A 93, 022330 (2016).
Lo, H.K. Proof of unconditional security of sixstate quantum key distribution scheme. Quantum Inf. Comput. 1, 81–94 (2001).
Tang, Y.L. et al. Source attack of decoystate quantum key distribution using phase infor mation. Phys. Rev. A 88, 022308 (2013).
Gottesman, D. & Chuang, I. Quantum digital signatures. arXiv quantph/0105032.
Acknowledgements
This work has been supported by the Chinese Academy of Sciences and the National Natural Science Foundation of China under Grant No. 61125502.
Author information
Affiliations
Contributions
H.L.Y., Y.F. and Z.B.C. have the main idea. All results are acquired through the discussion among all authors. All authors contribute to the writing and reviewing of the manuscript.
Ethics declarations
Competing interests
The authors declare no competing financial interests.
Rights and permissions
This work is licensed under a Creative Commons Attribution 4.0 International License. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in the credit line; if the material is not included under the Creative Commons license, users will need to obtain permission from the license holder to reproduce the material. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/
About this article
Cite this article
Yin, H., Fu, Y., Mao, Y. et al. Security of quantum key distribution with multiphoton components. Sci Rep 6, 29482 (2016). https://doi.org/10.1038/srep29482
Received:
Accepted:
Published:
Further reading

Quantum Key Distribution Protocol Optimization
Annalen der Physik (2019)

MeasurementDeviceIndependent TwinField Quantum Key Distribution
Scientific Reports (2019)

Passive decoystate quantum key distribution with the SARG04 protocol
Journal of the Optical Society of America B (2018)

Tuning the photon statistics of a strongly coupled nanophotonic system
Physical Review A (2017)

Experimental quantum digital signature over 102 km
Physical Review A (2017)
Comments
By submitting a comment you agree to abide by our Terms and Community Guidelines. If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.