PHYSICAL REVIEW A 89, 052301 (2014)
Continuous-variable measurement-device-independent quantum key distribution
Zhengyu Li,
1,2
Yi-Chen Zhang,
3
Feihu Xu,
4
Xiang Peng,
1,*
and Hong Guo
1,2,†
1
State Key Laboratory of Advanced Optical Communication Systems and Networks, School of Electronics Engineering and Computer Science
and Center for Quantum Information Technology, Peking University, Beijing 100871, China
2
Center for Computational Science and Engineering, Peking University, Beijing 100871, China
3
State Key Laboratory of Information Photonics and Optical Communications, Beijing University of Posts and Telecommunications,
Beijing 100876, China
4
Centre for Quantum Information and Quantum Control, Department of Physics and Department of Electrical and Computer Engineering,
University of Toronto, Toronto, Ontario, Canada M5S 3G4
(Received 23 December 2013; published 7 May 2014)
We propose a continuous-variable measurement-device-independent quantum key distribution (CV-MDI QKD)
protocol, in which detection is conducted by an untrusted third party. Our protocol can defend all detector side
channels, which seriously threaten the security of a practical CV QKD system. Its security analysis against
arbitrary collective attacks is derived based on the fact that the entanglement-based scheme of CV-MDI QKD is
equivalent to the conventional CV QKD with coherent states and heterodyne detection. We find that the maximal
total transmission distance is achieved by setting the untrusted third party close to one of the legitimate users.
Furthermore, an alternate detection scheme, a special application of CV-MDI QKD, is proposed to enhance the
security of the standard CV QKD system.
DOI: 10.1103/PhysRevA.89.052301 PACS number(s): 03.67.Dd, 03.67.Hk
I. INTRODUCTION
Quantum key distribution (QKD) [1,2] can establish a
secure key between two legitimate partners (Alice and Bob)
through insecure quantum and classical channels. In recent
decades research on QKD has evolved rapidly. Some commer-
cial systems are available in the market now [3]. QKD has two
main approaches: one is discrete-variable (DV) QKD, and the
alternative is continuous-variable (CV) QKD [4–6]. CV QKD
has the advantage of being compatible with standard telecom-
munication technology, especially no request on single-photon
detectors. A Gaussian-modulated CV QKD protocol using
coherent states [7,8] has been proved to be secure against
arbitrary collective attacks [9,10], which is optimal in both
the asymptotic case [11] and the finite-size regime [12,13].
A recent experiment has successfully distributed secure keys
over an 80-km optical fiber [14], showing the potential of
long-distance communication using CV QKD protocols.
Generally speaking, the theoretical security analysis of
QKD relies on some ideal theoretical models. However,
the practical devices often have some imperfections and
deviate from the theoretical models. Thus the mismatch
between practical devices and their idealized models may
open security loopholes, which make the practical systems
vulnerable to attacks [15]. In DV QKD systems, various types
of attacks against imperfect devices were proposed, among
which the attacks against the single-photon detector are the
most significant ones [16–18]. Recently in CV QKD systems,
several attack strategies against practical detectors were also
proposed [19–24]. For example, the calibration attack [20] and
local oscillator (LO) fluctuation attack [21] take advantage of
modifying LO to manipulate the measurement results, which
will make Alice and Bob overestimate the secret key rate. The
*
Corresponding author: xiangpeng@pku.edu.cn.
†
Corresponding author: hongguo@pku.edu.cn.
wavelength attack [22,23] allows the eavesdropper to launch an
intercept-resend attack because of the wavelength-dependent
property of the fiber beam splitter used in the heterodyne
detector. The saturation attack [24] can force Alice and Bob
to underestimate the excess noise by saturating the homodyne
detector, which can hide the presence of an intercept-resend
attack.
A natural attempt to remove these attacks in a CV QKD
system was to characterize the specific loophole and find
a countermeasure. For instance, Jouguet et al. proposed an
efficient countermeasure against the calibration attack by
monitoring the LO [20]. Once an attack is known, prevention is
usually simple. However, it is difficult to fully characterize real
detectors and account for all loopholes. Therefore figuring out
how to defend against general attacks on detectors in practical
systems becomes critical in CV QKD.
Inspired by the novel detector-attack-immune protocols,
i.e., measurement-device-independent (MDI) QKD proto-
cols [25–27], which were well analyzed in theory [28–31]
and successfully demonstrated in experiments [32–35], here
we propose a CV-MDI QKD protocol which can also defend
all detector side channels. The main idea is that both Alice and
Bob are senders and an untrusted third party, named Charlie,
is introduced to realize the measurement. Such measurement
results will be used by Alice and Bob in the postprocessing
step to generate secure keys.
By introducing the equivalent entanglement-based (EB)
scheme of this protocol, we show the security analysis against
arbitrary collective attacks, which is based on the fact that the
entanglement-based scheme of CV-MDI QKD is equivalent
to the CV QKD with coherent states and heterodyne detec-
tion [8]. A corresponding prepare-and-measure (PM) scheme
is proposed for implementation. Moreover, the performance
of our protocol against collective entangling cloner attack
is presented via numerical simulations. When the distance
between Alice and Charlie equals that between Bob and
Charlie (symmetric case), the transmission distance is below
1050-2947/2014/89(5)/052301(8) 052301-1 ©2014 American Physical Society
剩余7页未读,继续阅读
资源评论
