† Corresponding author. E-mail:
Measurement-device-independent quantum cryptographic conferencing (MDI-QCC) protocol puts MDI quantum key distribution (MDI-QKD) forwards to multi-party applications, and suggests a significant framework for practical multi-party quantum communication. In order to mitigate the experimental complexity of MDI-QCC and remove the key assumption (the sources are trusted) in MDI-QCC, we extend the framework of MDI-QKD with an untrusted source to MDI-QCC and give the rigorous security analysis of MDI-QCC with an untrusted source. What is more, in the security analysis we clearly provide a rigorous analytical method for parameters’ estimation, which with simple modifications can be applied to not only MDI-QKD with an untrusted source but also arbitrary multi-party communication protocol with an untrusted source. The simulation results show that at reasonable distances the asymptotic key rates for the two cases (with trusted and untrusted sources) almost overlap, which indicates the feasibility of our protocol.
Quantum communication has been developed in the past thirty years. One highlighted communication protocol is quantum key distribution (QKD). [1] QKD is to allow two authorized parties, Alice and Bob, to share a secret key in the presence of an eavesdropper. QKD offers unconditional security guaranteed by the laws of quantum mechanics. [2–4] However, real-life imperfections of the QKD devices lead to the difference between theoretical and practical security of QKD, which compromises the security of QKD systems. In order to close the gap, device-independent QKD (DIQKD) [5–7] and semi-device-independent QKD (SDI-QKD) [8, 9] have been proposed. Unfortunately, the demonstration of these two protocols is still an extremely difficult challenge.
As we know, among the real-life imperfections, the defect in the detectors is a serious threat to the security. By exploiting the vulnerabilities of single-photon detectors, several specific attacks [10–17] have been successfully launched against practical QKD systems. Fortunately, measurement-device-independent QKD (MDI-QKD) [18, 19] has been proposed, which can remove all the possible loopholes in detection. Thereafter, MDI-QKD has drawn great interest in both theory [20–31] and experiment. [32–40]
All the protocols mentioned above are two-party protocols distributing secret keys between two authorized parties. Multi-party quantum communication protocols [41, 42] have been proposed. But all of them face the same constraints, i.e., lacking the high intensity source and reliable remote distribution of the entangled states. Until recently, two multi-party quantum communication protocols [43, 44] combining the MDI-QKD [18, 19] technologies manifest the possibility for the practical applications of MDI multi-party quantum communication. These two protocols are not only immune to all detection-side attacks, but also require neither the preparation of high-fidelity entangled states (GHZ states or W states) in advance nor their remote distribution. Afterwards, a finite-key analysis on MDI quantum cryptographic conferencing (MDI-QCC) [43] has been reported in Ref. [45].
However, just like in MDI-QKD system, there are still some major challenges making the practical applications of MDI-QCC [43, 44] an experimental challenge. Firstly, we assume there is no security loophole in the users’ frequency-locked lasers. Secondly, a complex time-synchronization system and feedback controls are truly essential in fiber communication. Thirdly, in MDI-QCC protocol, it also needs to ensure the indistinguishability of the particles from Alice, Bob, and Charlie. However, since the photons are prepared independently, it is difficult to meet this condition.
Recently, Xu [29] has proposed an MDI-QKD protocol with a single untrusted source and provided a complete security analysis. This protocol can overcome the analogous challenges mentioned above in MDI-QKD. It should be noted that in the decoy-analysis of MDI-QKD with an untrusted source, Xu uses the numerical method to study the precise parameters’ estimation and just presents a relatively simple analytical method.
In this paper, we extend the framework of MDI-QKD with an untrusted source to MDI-QCC and give a complete security analysis. Due to the bi-directional structure, the birefringence effects and polarization-dependent losses can be automatically compensated. With a single source, we can easily ensure the indistinguishability of the particles from different users. What is more, inspired by the security analysis for plug & play QKD, [46, 47] we give a rigorous analytical method for parameters’ estimation based on the actual photon number distribution of users’ output pulses.
To extend the protocol of MDI-QKD with an untrusted source [29] to MDI-QCC, we clearly define the protocol of MDI-QCC with an untrusted source illustrated in Fig.
Here, in order to post-select GHZ states among Alice, Bob, and Charlie, we need to ensure the mode matching of their pulses. Since we use plug-and-play architecture in our protocol, the polarization drift can be automatically compensated, and the spectral modes of these pulses are naturally identical. So the only measure we need to take is to actively control the arrival timing of the pulses.
As the framework presented in Section 2, the source is placed in the middle node. So we can consider the source is controlled by Eve. To enhance the security of our protocol, we place an optical filter and phase modulator in the users’ lab to ensure the single mode assumption and phase randomization on each input pulse, respectively. In addition, the monitoring unit in users’ lab is used to test the photon numbers of the input pulses. In order to estimate the bounds of output pulses, we focus on the input pulses whose photon numbers are concentrated in a relatively narrow range.
Following Ref. [29], we divide the input pulses into two categories according to the photon numbers: untagged input pulses with photon number
The conditional probability that
(1) |
For untagged pulses, we can show that the upper bound and lower bound of
(2) |
In practice, quantum non-demolition (QND) measurements on photon number of the input pulses are not feasible with current technology. Thus Alice, Bob, and Charlie do not know the exact photon number of each input pulse. They can only measure the overall gain
Then Alice, Bob, and Charlie can estimate the upper bounds and the lower bounds of the gain Q and the QBER EQ of the untagged pulses. The upper bound and lower bound of Q are given by
(3) |
The upper bound and lower bound of EQ are given by
(4) |
If the source is trusted, Eve only knows the output photon number
However, if the source is untrusted, the assumption above no longer holds. Because both the source and channel are controlled by Eve, Eve not only knows the output photon number
In this case, the rigorous decoy-state analysis for MDI-QCC with untrusted source becomes much more difficult and complicated. Fortunately, since we focus on the gain and the QBER of the untagged pulses whose photon numbers are concentrated within a narrow range, the unconditional security of our protocol can still be achieved quantitatively and rigorously. By performing the measurements for different intensity settings, we can obtain
(5) |
(6) |
(7) |
(8) |
Because the events that
(9) |
(10) |
To estimate the gain of single-photon pulses of untagged pulses, we have to solve Eq. (
(11) |
To estimate the error rate of single-photon pulses of untagged pulses, we have to solve Eq. (
We analyze the behavior of the secret key rate of MDI-QCC with an untrusted source such that
By assuming a fiber-based channel model, we numerically show the performance of our protocol in the asymptotic case in comparison with Ref. [43] (the case with trusted sources). The experimental parameters for simulation are listed in Table
In Fig.
From the simulation results, we can find that as for the secret key rates, our protocol (the MDI-QCC with an untrusted source) and the case with trusted sources [43] are neck and neck at short distances. However, at long distances the secret key rates of our protocol reduce significantly. The reason is that due to the bi-directional structure, bright pulses sent by David will suffer the whole channel loss. This means that as the distances increase, lower photons per pulse can arrive at Alice’s, Bob’s, and Charlie’s labs, which leads to the increase of
Moreover, from Eqs. (
We extend the framework of MDI-QKD with an untrusted source [29] to MDI-QCC and give the rigorous security analysis of MDI-QCC with an untrusted source. The protocol of MDI-QCC with an untrusted source utilizes the bi-directional structure and can certainly mitigate the experimental complexity of MDI-QCC. What is more, inspired by the security analysis for plug & play QKD, [46, 47] we clearly provide rigorous analytical method for parameters’ estimation based on the actual photon number distribution of user’s output pulses. With simple modifications, our analytical method can be applied to not only MDI-QKD with an untrusted source, but also arbitrary multi-party communication protocol with an untrusted source. To some extent, our work can be an important step towards practical application for quantum networks.
The numerical simulation results show that we can achieve the nonzero asymptotic secret key rate over reasonable distances, and the secret key rates for our protocol and the case with trusted source almost overlap at short distances. Importantly, our framework and security analysis can be extended to arbitrary multi-party communication not merely confined to three parties and can also be applied to MDI-QSS [43] protocol and MDI-QCC protocol using W-state. [44] To make the protocol of MDI-QCC with an untrusted source more practical, it is necessary to settle the remaining practical issues, such as the source flaws and the imperfections in the electronics of the classical intensity detector.
[1] | |
[2] | |
[3] | |
[4] | |
[5] | |
[6] | |
[7] | |
[8] | |
[9] | |
[10] | |
[11] | |
[12] | |
[13] | |
[14] | |
[15] | |
[16] | |
[17] | |
[18] | |
[19] | |
[20] | |
[21] | |
[22] | |
[23] | |
[24] | |
[25] | |
[26] | |
[27] | |
[28] | |
[29] | |
[30] | |
[31] | |
[32] | |
[33] | |
[34] | |
[35] | |
[36] | |
[37] | |
[38] | |
[39] | |
[40] | |
[41] | |
[42] | |
[43] | |
[44] | |
[45] | |
[46] | |
[47] | |
[48] |