Classification of CV-QKD Protocols

Classification of CV-QKD Protocols: History

View Latest Version

Please note this is an old version of this entry, which may differ significantly from the current revision.

Subjects: Optics

Contributor:

Roman Goncharov

Irina Vorontsova

Daniil Kirichenko

Ilya Filipov

Iurii Adam

Vladimir Chistiakov

Semyon Smirnov

Boris Nasedkin

Boris Pervushin

Daria Kargina

Eduard Samsonov

Vladimir Egorov

Quantum communications, in general, and quantum key distribution (QKD) as one of the internal directions, in particular, are some of the most actively developing areas of quantum technologies. QKD allows one to send a secure key between several legitimate users connected by so-called quantum and classical channels. Theoretically, the security of QKD is based on the principles of quantum mechanics, which guarantees security against any unforeseen technological developments, for example, in the field of quantum computing.

CV-QKD
protocols
schemes

1. General Approach to CV-QKD Protocol Description

As for a general classification of QKD protocols, CV-QKD included, two scenarios can be distinguished: “prepare-and-measure” (PM) and “entanglement-based” (EB) ones. In the PM scenario, Alice encodes classical information into quantum states (the preparation stage), then transmits them to Bob as optical signals. Subsequently, Bob makes a series of measurements for each of the received signals to restore the encoded information. EB scenario, in turn, implies that both Alice and Bob operate with modes of the entangled state. CV-QKD being the case, Alice generates a two-mode squeezed vacuum state and measures both quadratures of one of its modes. In turn, the second mode is sent to Bob to be projected onto a coherent state. In practice, most CV-QKD systems belong to the first of the above-mentioned approaches. Nevertheless, both for DV- and CV-QKD protocols, it is convenient to use the virtual entanglement method. The interchangeability of EB and PM approaches for the CV-QKD case is proved in the paper [24] for single-mode coherent states in the PM scheme and distribution of two-mode squeezed vacuum states in the EB scheme. The covariance matrices describing the two above-mentioned scenarios coincide up to a constant.

A similar relationship exists for DV-QKD protocols as well. For example, BB84 protocol can be reduced to the equivalent EB version, where Alice and Bob operate with an entangled pair of photons [25]. Additionally, it is possible to use entropic uncertainty relations uniting information leakage to Eve and classical conditional entropy between Alice and Bob. This approach is equivalent to a protocol where Alice randomly and equiprobably selects a basis, and then selects one of three states within the basis, also randomly and equiprobably, and sends them to the channel. The possibility of using entropic uncertainty relations for three-particle systems describing the general quantum state “Alice–Bob–Eve” exists only by reducing the original PM protocol to a mathematically equivalent EB version [26].

The equivalence discussed cannot be called completely strict when considering a broader class of attacks [27], which implies the need for a security proof in the PM scenario [28,29,30]. However, security against collective attacks for finite keys has been proved for CV-QKD protocols both in PM and EB approaches separately [31,32,33].

If we address the protocol on squeezed states with the homodyne detection method [34], although the security proof against coherent attacks for finite-length keys was demonstrated, the secure key generation rate assessment turned out to be too pessimistic; that is,

{lim}_{N \to \infty} K^{ε} (N) < K_{call}^{asymp}

The recently proposed de Finetti Gaussian reduction approach for CV-QKD protocols with Gaussian modulation [31] shows the possibility of achieving security against coherent attacks in realistic implementation using the protocol invariance considering a unitary group instead of a symmetric one. That is, the protocol part has been simplified in the terms of symmetrization. A mention should also be made of additional energy tests (measurements of the local number of photons on the users’ sides) in the context of the security described. Moreover, recent results show that certain parameters can provide a key distribution with a sufficient key rate, taking into account the finite key effects, confirmed by numerical modeling methods [27,35,36,37]. For real practical systems, a composable security is provided against collective attacks (without symmetrization and energy tests) by the current moment [17].

Noteworthy, here, an important motivation to account for in terms of a protocol choice is the need for a convenient and as “seamless” as possible integration of the CV-QKD system with existing telecommunication infrastructure. This implies the search for solutions that are simpler in the context of state generation (namely, single-mode coherent states), rather than two-mode squeezing. The latter option is, indeed, a frontier solution of great interest; however, the complexity of such states’ preparation forces us to reject this approach. Thus, the choice is made in favor of the PM scheme for the above-discussed mathematical equivalence to EB schemes.

2. Quantum Channel Implementation

There are two ways to implement a quantum channel for CV-QKD, as well as for DV-QKD: through optical fibers [17,38] and optical channels in free space [27,39]. The latter is attracting more and more attention because of the convenience of creating infrastructure in practice; unlike fiber channels, transmission through free space is devoid of all the disadvantages associated with transportation and difficulties in installing a physical fiber channel sensitive to mechanical influences and seismic features of the terrain (here, underground lines). This, undoubtedly, makes them more portable and flexible in the context of installation and operation. However, when working with free space, it is necessary to take into account not only the presence of diffraction losses, atmospheric extinction, and background thermal noise [40,41], but also the attenuation effect caused by guidance error and turbulence [42].

Fiber systems for secure key transmission, in turn, have already proven themselves in the context of QKD: such systems provide a high level of durability (the vulnerability of fiber-optic QKD communication systems is analyzed in their study), low cost of implementation, and availability of installation and maintenance.

Additionally, though free space realizations of CV-QKD protocols carry a huge research potential and have their own advantages, we do not consider them as the main option here, for we aim at the integration of CV-QKD systems with existing telecommunication fiber optical networks.

3. Channel Configuration Schemes

For the case of DV-QKD, two schemes can be implemented: one-way and two-way schemes. Moreover, both schemes can implement the same protocol; for example, there are one-way schemes for BB84 protocols (for example, Ref. [43]) and two-way schemes using a QKD system of plug-and-play [6,44] type.

Similar schemes can be implemented in the CV-QKD case as well. In a typical one-way CV-QKD protocol, Alice prepares a quantum state and sends it to Bob via a quantum channel. The receiver performs coherent detection, followed by post-processing procedures performed by users.

One disadvantage of one-way schemes is the presence of phase and polarization distortions in the channel. To mitigate them, it is necessary that additional algorithms and modifications be used. Despite the fact there are questions about the stability of the system, for one-way CV-QKD schemes with Gaussian modulation, security against coherent attacks is justified [2,31].

In the two-way CV-QKD scheme [45,46,47], analogously to DV-QKD ones, Alice and Bob use a quantum channel twice to obtain a raw key. Initially, Bob prepares the so-called reference states and sends them to Alice through a quantum channel. Alice, in turn, encodes the information by applying unitary operations to the received reference states, and then sends them to Bob for measurement. In such CV-QKD schemes, various information encoding protocols can be used; the common ones are Gaussian modulation of coherent states, implying the use of amplitude and phase modulators, as well as double phase modulation, implying two phase modulators [44,48].

The main advantage of the two-way scheme is the potential stability of the QKD system, which is achieved by the auto-compensation of phase and polarization distortions of light passing through the same fiber in two directions. However, in the framework of world scientific practice, such QKD systems are only nascent [48,49], and have not yet been sufficiently studied. Moreover, two-way schemes can be limited in the implementation of a LO (preference is given to local LO, see Section 2.7) since the transmitted LO, like the signal, suffers twice as much losses in two passes. A practical security proof of two-way CV-QKD systems is also an actual task.

4. Types of Modulation

In the context of choosing the type of modulation of the CV-QKD system, it can be conditionally divided into two actively developing areas [50]: CV-QKD protocols with Gaussian [11,13,14,15,16,17,51] and discrete modulation [12,52,53,54,55,56,57,58,59].

At the same time, a critical disadvantage of this type of CV-QKD protocol is the incompleteness of their theoretical models. However, to date, active work are underway to fill this gap. There are a number of works demonstrating different approaches to proving security in the asymptotic regime [53,54,60] (i.e., for keys of infinite length) against an optimal attack (the convex optimization problem is solved). It is important to note that these works have already provided the basis for the composable security proof, including non-perfect homodyning and finite-key effects in the context of collective attacks [57]. A security proof using de Finetti for discrete modulation is still an open problem.

In addition, discrete modulation is inferior to the Gaussian one in terms of the secure key generation rate and the maximum distance at which a key distribution session is still possible: the results are demonstrated for various configurations of QAM and PSK (see Ref. [54]).

The unconditional security of CV-QKD protocols with Gaussian modulation, on the contrary, is strictly proved taking into account the finite key effects. Most recent experimental CV-QKD systems still operate with Gaussian modulated coherent states [2,17,39]. Nevertheless, one cannot fail to note the incipient growth in the popularity of discrete modulation schemes [56,58,59].

5. Quantum States

Continuing the classification, in CV-QKD implementations, coherent or squeezed states can be used. They, in turn, can be single-mode or two-mode. An increase in the number of modes is also possible, but the appropriate analysis due to the structure of the states themselves (for example, when using phase-modulated attenuated coherent states) is often reduced to considering the single-mode case [51,61,62,63], so it does not make much practical sense to single it out separately.

First CV-QKD protocols were proposed in 1999 in [64]. These protocols utilized coherent and two-mode squeezed states with discrete modulation and homodyne detection.

In the coherent state protocol, pulse modulation is used to encode information using two modulators, amplitude and phase, and then one of the signal quadratures is detected. If the session is recognized as secure, the measurement results for the second quadrature are used for subsequent key generation. In the protocol operating with two squeezed states generated using two different squeezed light sources, an entangled state is considered. After homodyne detection of the modes of the entangled state, it becomes possible to extract information about one of the initial states.

Later, CV-QKD protocols were proposed based on squeezed states with Gaussian modulation, where the states were modulated by quadratures according to a two-dimensional Gaussian distribution [34]. Initially, the protocol was described in the context of homodyne detection, but later heterodyne detection was also taken into account [65]. The CV-QKD protocol proposed in 2002 with Gaussian modulation of coherent states GG02 can now be considered the most well-known and widespread [11,66].

Discussing coherent states further, thermal states should also be mentioned separately. In essence, they are being noisy coherent states themselves and require equivalent mathematical description. Currently, research is underway in the field of CV-QKD using such states. The security analysis of CV-QKD protocols using thermal Gaussian states in the case of collective Gaussian attacks was carried out, for example, in the work [67], for cases of direct and reverse reconciliation with homodyne and heterodyne detection methods. The authors have shown that in the case of direct reconciliation with homodyning detection, it is possible to increase the key rate when taking into account the Alice’s trusted noise, even with large values of the modulation variance of the initial thermal states. In addition, the authors determined the upper bound of entanglement stability in the case of CV-QKD for different wavelength values.

Regarding practical implementation of CV-QKD systems, it should be noted that CV-QKD protocols based on squeezed states may be superior to protocols based on coherent states. However, the assumption of infinite squeezing [65] should be used, which cannot be implemented experimentally. In addition, the generation of squeezed states is a much more complex task, than the generation of coherent ones (in fact, they are states of attenuated laser radiation), which becomes the most problematic part of the implementation of the CV-QKD protocol using squeezed states in practice [68].

This entry is adapted from the peer-reviewed paper 10.3390/opt3040030

© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.