Showing 1–50 of 63 results for author: Tamaki, K

Differential-phase-shift QKD with practical Mach-Zehnder interferometer

Authors: Akihiro Mizutani, Masanori Terashita, Junya Matsubayashi, Shogo Mori, Ibuki Matsukura, Suzuna Tagawa, Kiyoshi Tamaki

Abstract: Differential-phase-shift (DPS) quantum key distribution stands as a promising protocol due to its simple implementation, which can be realized with a train of coherent pulses and a passive measurement unit. Besides, this protocol has the advantage of being robust against imperfections in the light source. Unfortunately, however, as for the measurement unit, existing security proofs put unrealistic… ▽ More Differential-phase-shift (DPS) quantum key distribution stands as a promising protocol due to its simple implementation, which can be realized with a train of coherent pulses and a passive measurement unit. Besides, this protocol has the advantage of being robust against imperfections in the light source. Unfortunately, however, as for the measurement unit, existing security proofs put unrealistic assumptions on it, which could be security loopholes in actual implementations. In this paper, we enhance the implementation security of the DPS protocol by incorporating a major imperfection in the measurement unit. Specifically, our proof enables us to employ practical beam splitters with a known range of the transmittance rather than the one with exactly $50\%$, as was assumed in the existing security proofs. Our numerical simulations demonstrate that even with fluctuations of $\pm0.5\%$ in the transmittance from the ideal value, the key rate degrades only by a factor of 0.57. This result highlights the feasibility of the DPS protocol with practical measurement setups. △ Less

Submitted 19 May, 2024; originally announced May 2024.

Comments: 22 pages, 6 figures

Quantum key distribution with unbounded pulse correlations

Authors: Margarida Pereira, Guillermo Currás-Lorenzo, Akihiro Mizutani, Davide Rusca, Marcos Curty, Kiyoshi Tamaki

Abstract: A prevalent issue in practical applications of quantum key distribution (QKD) is the emergence of correlations among the emitted signals. Although recent works have proved the security of QKD in the presence of this imperfection, they rest on the premise that pulse correlations are of finite length. However, this assumption is not necessarily met in practice, since the length of these correlations… ▽ More A prevalent issue in practical applications of quantum key distribution (QKD) is the emergence of correlations among the emitted signals. Although recent works have proved the security of QKD in the presence of this imperfection, they rest on the premise that pulse correlations are of finite length. However, this assumption is not necessarily met in practice, since the length of these correlations could be potentially unbounded. Indeed, the first emitted pulse could be correlated with the last one, even if very faintly. Still, intuitively, there should exist a pulse separation threshold after which these correlations become so small as to be essentially negligible, rendering them inconsequential from a security standpoint. Building on this insight, we introduce a general formalism designed to extend existing security proofs to the practically relevant scenario in which pulse correlations have an unbounded length. This approach significantly enhances the applicability of these proofs and the robustness of QKD's implementation security. △ Less

Submitted 12 February, 2024; originally announced February 2024.

A security framework for quantum key distribution implementations

Authors: Guillermo Currás-Lorenzo, Margarida Pereira, Go Kato, Marcos Curty, Kiyoshi Tamaki

Abstract: Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Since measurement-device-independent QKD guarantees security… ▽ More Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Since measurement-device-independent QKD guarantees security with arbitrarily flawed receivers, the missing step is securing the sources. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Meanwhile, device-independent QKD is far from being a satisfactory solution, as it is vulnerable to memory attacks, it cannot incorporate information leakage from the user devices in a device-independent manner, and its performance is poor. Here, we solve this crucial problem by presenting a security proof that is robust against all practical source imperfections while maintaining high performance. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations. We anticipate that, thanks to these advantages, it will serve as a basis for the standardization of QKD sources. △ Less

Submitted 10 May, 2023; originally announced May 2023.

Comments: Main text: 8 pages, 2 figures. Supplementary information: 27 pages, 5 figures

Secret key rate bounds for quantum key distribution with non-uniform phase randomization

Authors: Xoel Sixto, Guillermo Currás-Lorenzo, Kiyoshi Tamaki, Marcos Curty

Abstract: Decoy-state quantum key distribution (QKD) is undoubtedly the most efficient solution to handle multi-photon signals emitted by laser sources, and provides the same secret key rate scaling as ideal single-photon sources. It requires, however, that the phase of each emitted pulse is uniformly random. This might be difficult to guarantee in practice, due to inevitable device imperfections and/or the… ▽ More Decoy-state quantum key distribution (QKD) is undoubtedly the most efficient solution to handle multi-photon signals emitted by laser sources, and provides the same secret key rate scaling as ideal single-photon sources. It requires, however, that the phase of each emitted pulse is uniformly random. This might be difficult to guarantee in practice, due to inevitable device imperfections and/or the use of an external phase modulator for phase randomization, which limits the possible selected phases to a finite set. Here, we investigate the security of decoy-state QKD with arbitrary, continuous or discrete, non-uniform phase randomization, and show that this technique is quite robust to deviations from the ideal uniformly random scenario. For this, we combine a novel parameter estimation technique based on semi-definite programming, with the use of basis mismatched events, to tightly estimate the parameters that determine the achievable secret key rate. In doing so, we demonstrate that our analysis can significantly outperform previous results that address more restricted scenarios. △ Less

Submitted 7 April, 2023; originally announced April 2023.

Journal ref: EPJ Quantum Technol. 10, 53 (2023)

Finite-key security analysis of differential-phase-shift quantum key distribution

Authors: Akihiro Mizutani, Yuki Takeuchi, Kiyoshi Tamaki

Abstract: Differential-phase-shift (DPS) quantum key distribution (QKD) is one of the major QKD protocols that can be implemented with a simple setup using a laser source and a passive detection unit. Recently, an information-theoretic security proof of this protocol has been established in [npj Quant. Inf. 5, 87 (2019)] assuming the infinitely large number of emitted pulses. To implement the DPS protocol i… ▽ More Differential-phase-shift (DPS) quantum key distribution (QKD) is one of the major QKD protocols that can be implemented with a simple setup using a laser source and a passive detection unit. Recently, an information-theoretic security proof of this protocol has been established in [npj Quant. Inf. 5, 87 (2019)] assuming the infinitely large number of emitted pulses. To implement the DPS protocol in a real-life world, it is indispensable to analyze the security with the finite number of emitted pulses. The extension of the security proof to the finite-size regime requires the accommodation of the statistical fluctuations to determine the amount of privacy amplification. In doing so, Azuma's inequality is often employed, but unfortunately we show that in the case of the DPS protocol, this results in a substantially low key rate. This low key rate is due to a loose estimation of the sum of probabilities regarding three-photon emission whose probability of occurrence is very small. The main contribution of our work is to show that this obstacle can be overcome by exploiting the recently found novel concentration inequality, Kato's inequality. As a result, the key rate of the DPS protocol is drastically improved. For instance, assuming typical experimental parameters, a 3 Mbit secret key can be generated over 77 km for 8.3 hours, which shows the feasibility of DPS QKD under a realistic setup. △ Less

Submitted 30 May, 2023; v1 submitted 24 January, 2023; originally announced January 2023.

Comments: 17 pages, 6 figures

Journal ref: Phys. Rev. Research 5, 023132 (2023)

Verifiable homodyne measurement for detecting non-local properies of light

Authors: Go Kato, Kiyoshi Tamaki, Masaki Owari, Koji Azuma

Abstract: The homodyne detection is one of the most basic tools for identifying the quantum state of light. It has been used to detect useful non-local properties, such as entanglement for the quantum teleportation and distillability of a secret key in quantum key distribution. In so doing, the detection scheme employs a bright optical pulse, called the local oscillator (LO) pulse, and the LO pulse is usual… ▽ More The homodyne detection is one of the most basic tools for identifying the quantum state of light. It has been used to detect useful non-local properties, such as entanglement for the quantum teleportation and distillability of a secret key in quantum key distribution. In so doing, the detection scheme employs a bright optical pulse, called the local oscillator (LO) pulse, and the LO pulse is usually transmitted along with the signal pulses. The LO pulse is presumed to be a coherent state with an infinite intensity. However, it is difficult in practice to hold this presumption owing to noise in the optical transmission channels or an intervention by a malicious third party. As a result, the implementation may no longer be the homodyne detection, and those outcomes may merely disguise successful detection of entanglement or a secret key. Here, we present an alternative scheme that works as the homodyne detection to detect the non-local properties of light in a verifiable manner, without any presumption for the LO pulses. This scheme is essentially based on the same setup as the conventional implementation for the homodyne detection. This result contributes to close any possible loophole in the homodyne detection caused by the deviation from the ideal LO pulses. △ Less

Submitted 21 December, 2022; originally announced December 2022.

Comments: 26 pages, 5 figures

Modified BB84 quantum key distribution protocol robust to source imperfections

Authors: Margarida Pereira, Guillermo Currás-Lorenzo, Álvaro Navarrete, Akihiro Mizutani, Go Kato, Marcos Curty, Kiyoshi Tamaki

Abstract: The Bennett-Brassard 1984 (BB84) protocol is the most widely implemented quantum key distribution (QKD) scheme. However, despite enormous theoretical and experimental efforts in the past decades, the security of this protocol with imperfect sources has not yet been rigorously established. In this work, we address this shortcoming and prove the security of the BB84 protocol in the presence of multi… ▽ More The Bennett-Brassard 1984 (BB84) protocol is the most widely implemented quantum key distribution (QKD) scheme. However, despite enormous theoretical and experimental efforts in the past decades, the security of this protocol with imperfect sources has not yet been rigorously established. In this work, we address this shortcoming and prove the security of the BB84 protocol in the presence of multiple source imperfections, including state preparation flaws and side channels, such as Trojan-horse attacks, mode dependencies and classical correlations between the emitted pulses. To do so, we consider a modified BB84 protocol that exploits the basis mismatched events, which are often discarded in standard security analyses of this scheme; and employ the reference technique, a powerful mathematical tool to accommodate source imperfections in the security analysis of QKD. Moreover, we compare the achievable secret-key rate of the modified BB84 protocol with that of the three-state loss-tolerant protocol, and show that the addition of a fourth state, while redundant in ideal conditions, significantly improves the estimation of the leaked information in the presence of source imperfections, resulting in a better performance. This work demonstrates the relevance of the BB84 protocol in guaranteeing implementation security, taking us a step further towards closing the existing gap between theory and practice of QKD. △ Less

Submitted 21 October, 2022; originally announced October 2022.

Journal ref: Phys. Rev. Research 5, 023065 (2023)

Security of quantum key distribution with imperfect phase randomisation

Authors: Guillermo Currás-Lorenzo, Shlok Nahar, Norbert Lütkenhaus, Kiyoshi Tamaki, Marcos Curty

Abstract: The performance of quantum key distribution (QKD) is severely limited by multiphoton emissions, due to the photon-number-splitting attack. The most efficient solution, the decoy-state method, requires that the phases of all transmitted pulses are independent and uniformly random. In practice, however, these phases are often correlated, especially in high-speed systems, which opens a security looph… ▽ More The performance of quantum key distribution (QKD) is severely limited by multiphoton emissions, due to the photon-number-splitting attack. The most efficient solution, the decoy-state method, requires that the phases of all transmitted pulses are independent and uniformly random. In practice, however, these phases are often correlated, especially in high-speed systems, which opens a security loophole. Here, we address this pressing problem by providing a security proof for decoy-state QKD with correlated phases that offers key rates close to the ideal scenario. Our work paves the way towards high-performance secure QKD with practical laser sources, and may have applications beyond QKD. △ Less

Submitted 8 January, 2024; v1 submitted 14 October, 2022; originally announced October 2022.

Comments: 22 pages, 1 figure. v3: Updated to Accepted Manuscript

Journal ref: Quantum Sci. Technol. 9, 015025 (2024)

Characterisation of state-preparation uncertainty in quantum key distribution

Authors: Anqi Huang, Akihiro Mizutani, Hoi-Kwong Lo, Vadim Makarov, Kiyoshi Tamaki

Abstract: To achieve secure quantum key distribution, all imperfections in the source unit must be incorporated in a security proof and measured in the lab. Here we perform a proof-of-principle demonstration of the experimental techniques for characterising the source phase and intensity fluctuation in commercial quantum key distribution systems. When we apply the measured phase fluctuation intervals to the… ▽ More To achieve secure quantum key distribution, all imperfections in the source unit must be incorporated in a security proof and measured in the lab. Here we perform a proof-of-principle demonstration of the experimental techniques for characterising the source phase and intensity fluctuation in commercial quantum key distribution systems. When we apply the measured phase fluctuation intervals to the security proof that takes into account fluctuations in the state preparation, it predicts a key distribution distance of over 100 km of fiber. The measured intensity fluctuation intervals are however so large that the proof predicts zero key, indicating a source improvement may be needed. Our characterisation methods pave the way for a future certification standard. △ Less

Submitted 9 January, 2023; v1 submitted 24 May, 2022; originally announced May 2022.

Comments: 14 pages, 12 figures

Journal ref: Phys. Rev. Appl. 19, 014048 (2023)

Security of quantum key distribution with intensity correlations

Authors: Víctor Zapatero, Álvaro Navarrete, Kiyoshi Tamaki, Marcos Curty

Abstract: The decoy-state method in quantum key distribution (QKD) is a popular technique to approximately achieve the performance of ideal single-photon sources by means of simpler and practical laser sources. In high-speed decoy-state QKD systems, however, intensity correlations between succeeding pulses leak information about the users' intensity settings, thus invalidating a key assumption of this appro… ▽ More The decoy-state method in quantum key distribution (QKD) is a popular technique to approximately achieve the performance of ideal single-photon sources by means of simpler and practical laser sources. In high-speed decoy-state QKD systems, however, intensity correlations between succeeding pulses leak information about the users' intensity settings, thus invalidating a key assumption of this approach. Here, we solve this pressing problem by developing a general technique to incorporate arbitrary intensity correlations to the security analysis of decoy-state QKD. This technique only requires to experimentally quantify two main parameters: the correlation range and the maximum relative deviation between the selected and the actually emitted intensities. As a side contribution, we provide a non-standard derivation of the asymptotic secret key rate formula from the non-asymptotic one, in so revealing a necessary condition for the significance of the former. △ Less

Submitted 3 December, 2021; v1 submitted 24 May, 2021; originally announced May 2021.

Comments: 21 pages, 4 figures

Journal ref: Quantum 5, 602 (2021)

Finite-key analysis of loss-tolerant quantum key distribution based on random sampling theory

Authors: Guillermo Currás-Lorenzo, Álvaro Navarrete, Margarida Pereira, Kiyoshi Tamaki

Abstract: The core of security proofs of quantum key distribution (QKD) is the estimation of a parameter that determines the amount of privacy amplification that the users need to apply in order to distill a secret key. To estimate this parameter using the observed data, one needs to apply concentration inequalities, such as random sampling theory or Azuma's inequality. The latter can be straightforwardly e… ▽ More The core of security proofs of quantum key distribution (QKD) is the estimation of a parameter that determines the amount of privacy amplification that the users need to apply in order to distill a secret key. To estimate this parameter using the observed data, one needs to apply concentration inequalities, such as random sampling theory or Azuma's inequality. The latter can be straightforwardly employed in a wider class of QKD protocols, including those that do not rely on mutually unbiased encoding bases, such as the loss-tolerant (LT) protocol. However, when applied to real-life finite-length QKD experiments, Azuma's inequality typically results in substantially lower secret-key rates. Here, we propose an alternative security analysis of the LT protocol against general attacks, for both its prepare-and-measure and measure-device-independent versions, that is based on random sampling theory. Consequently, our security proof provides considerably higher secret-key rates than the previous finite-key analysis based on Azuma's inequality. This work opens up the possibility of using random sampling theory to provide alternative security proofs for other QKD protocols. △ Less

Submitted 20 October, 2022; v1 submitted 29 January, 2021; originally announced January 2021.

Comments: 24 pages, 5 figures. v2: Corrected a technical issue; bold math was not displayed properly in Appendix B

Journal ref: Phys. Rev. A 104, 012406 (2021)

Practical Quantum Key Distribution Secure Against Side-Channels

Authors: Álvaro Navarrete, Margarida Pereira, Marcos Curty, Kiyoshi Tamaki

Abstract: There is a big gap between theory and practice in quantum key distribution (QKD) because real devices do not satisfy the assumptions required by the security proofs. Here, we close this gap by introducing a simple and practical measurement-device-independent (MDI) QKD type of protocol, based on the transmission of coherent light, for which we prove its security against any possible device imperfec… ▽ More There is a big gap between theory and practice in quantum key distribution (QKD) because real devices do not satisfy the assumptions required by the security proofs. Here, we close this gap by introducing a simple and practical measurement-device-independent (MDI) QKD type of protocol, based on the transmission of coherent light, for which we prove its security against any possible device imperfection and/or side-channel at the transmitters' side. Besides using a much simpler experimental set-up and source characterization with only one single parameter, we show that the performance of the protocol is comparable to other MDI-QKD type of protocols which disregard the effect of several side-channels. △ Less

Submitted 23 July, 2020; v1 submitted 7 July, 2020; originally announced July 2020.

Comments: 9 pages, 4 figures. v2: results revised, typos corrected, appendix B extended

Journal ref: Phys. Rev. Applied 15, 034072 (2021)

Measurement-Device-Independent Quantum Key Distribution with Leaky Sources

Authors: Weilong Wang, Kiyoshi Tamaki, Marcos Curty

Abstract: Measurement-device-independent quantum key distribution (MDI-QKD) can remove all detection side-channels from quantum communication systems. The security proofs require, however, that certain assumptions on the sources are satisfied. This includes, for instance, the requirement that there is no information leakage from the transmitters of the senders, which unfortunately is very difficult to guara… ▽ More Measurement-device-independent quantum key distribution (MDI-QKD) can remove all detection side-channels from quantum communication systems. The security proofs require, however, that certain assumptions on the sources are satisfied. This includes, for instance, the requirement that there is no information leakage from the transmitters of the senders, which unfortunately is very difficult to guarantee in practice. In this paper we relax this unrealistic assumption by presenting a general formalism to prove the security of MDI-QKD with leaky sources. With this formalism, we analyze the finite-key security of two prominent MDI-QKD schemes - a symmetric three-intensity decoy-state MDI-QKD protocol and a four-intensity decoy-state MDI-QKD protocol - and determine their robustness against information leakage from both the intensity modulator and the phase modulator of the transmitters. Our work shows that MDI-QKD is feasible within a reasonable time frame of signal transmission given that the sources are sufficiently isolated. Thus, it provides an essential reference for experimentalists to ensure the security of experimental implementations of MDI-QKD in the presence of information leakage. △ Less

Submitted 21 January, 2020; originally announced January 2020.

Comments: 46 pages, 11 figures. arXiv admin note: text overlap with arXiv:1803.09508

Journal ref: Scientific Reports, (2021) 11:1678

Quantum key distribution with correlated sources

Authors: Margarida Pereira, Go Kato, Akihiro Mizutani, Marcos Curty, Kiyoshi Tamaki

Abstract: In theory, quantum key distribution (QKD) offers information-theoretic security. In practice, however, it does not due to the discrepancies between the assumptions used in the security proofs and the behaviour of the real apparatuses. Recent years have witnessed a tremendous effort to fill the gap, but the treatment of correlations among pulses has remained a major elusive problem. Here, we close… ▽ More In theory, quantum key distribution (QKD) offers information-theoretic security. In practice, however, it does not due to the discrepancies between the assumptions used in the security proofs and the behaviour of the real apparatuses. Recent years have witnessed a tremendous effort to fill the gap, but the treatment of correlations among pulses has remained a major elusive problem. Here, we close this gap by introducing a simple yet general method to prove the security of QKD with arbitrarily long-range pulse correlations. Our method is compatible with those security proofs that accommodate all the other typical device imperfections, thus paving the way towards achieving implementation security in QKD with arbitrary flawed devices. Moreover, we introduce a new framework for security proofs, which we call the reference technique. This framework includes existing security proofs as special cases and it can be widely applied to a number of QKD protocols. △ Less

Submitted 27 March, 2023; v1 submitted 22 August, 2019; originally announced August 2019.

Journal ref: Science Advances 6, no. 37, eaaz4487 (2020)

Quantum key distribution with simply characterized light sources

Authors: Akihiro Mizutani, Toshihiko Sasaki, Yuki Takeuchi, Kiyoshi Tamaki, Masato Koashi

Abstract: To guarantee the security of quantum key distribution (QKD), several assumptions on light sources must be satisfied. For example, each random bit information is precisely encoded on an optical pulse and the photon-number probability distribution of the pulse is exactly known. Unfortunately, however, it is hard to check if all the assumptions are really met in practice, and it is preferable that we… ▽ More To guarantee the security of quantum key distribution (QKD), several assumptions on light sources must be satisfied. For example, each random bit information is precisely encoded on an optical pulse and the photon-number probability distribution of the pulse is exactly known. Unfortunately, however, it is hard to check if all the assumptions are really met in practice, and it is preferable that we have minimal number of device assumptions. In this paper, we adopt the differential-phase-shift (DPS) QKD protocol and drastically mitigate the requirements on light sources. Specifically, we only assume the independence among emitted pulses, the independence of the vacuum emission probability from a chosen bit, and upper bounds on the tail distribution function of the total photon number in a single block of pulses for single, two and three photons. Remarkably, no other detailed characterizations, such as the amount of phase modulation, are required. Our security proof significantly relaxes demands for light sources, which paves a route to guarantee implementation security with simple verification of the devices. △ Less

Submitted 4 April, 2019; originally announced April 2019.

Comments: 10 pages, 2 figures

Journal ref: npj Quantum Information 5, 87 (2019)

Quantum key distribution with flawed and leaky sources

Authors: Margarida Pereira, Marcos Curty, Kiyoshi Tamaki

Abstract: In theory, quantum key distribution (QKD) allows secure communications between two parties based on physical laws. However, most of the security proofs of QKD today make unrealistic assumptions and neglect many relevant device imperfections. As a result, they cannot guarantee the security of the practical implementations. Recently, the loss-tolerant protocol (K. Tamaki et al, Phys. Rev. A, 90, 052… ▽ More In theory, quantum key distribution (QKD) allows secure communications between two parties based on physical laws. However, most of the security proofs of QKD today make unrealistic assumptions and neglect many relevant device imperfections. As a result, they cannot guarantee the security of the practical implementations. Recently, the loss-tolerant protocol (K. Tamaki et al, Phys. Rev. A, 90, 052314, 2014) was proposed to make QKD robust against state preparation flaws. This protocol relies on the emission of qubit systems which, unfortunately, is difficult to achieve in practice. In this work, we remove such qubit assumption and generalise the loss-tolerant protocol to accommodate multiple optical modes in the emitted signals. These multiple optical modes could arise, for example, from Trojan horse attacks and/or device imperfections. Our security proof determines some dominant device parameter regimes needed for achieving secure communication, and therefore it can serve as a guideline to characterise QKD transmitters. Furthermore, we compare our approach with that of Lo and Preskill (H.-K. Lo et al, Quantum Inf. Comput., 7, 431-458, 2007) and identify which method provides the highest secret key generation rate as a function of the device imperfections. Our work constitutes an important step towards the best practical and secure implementation for QKD. △ Less

Submitted 17 July, 2019; v1 submitted 6 February, 2019; originally announced February 2019.

Journal ref: npj Quantum Information 5, 62 (2019)

Information theoretic security of quantum key distribution overcoming the repeaterless secret key capacity bound

Authors: Kiyoshi Tamaki, Hoi-Kwong Lo, Wenyuan Wang, Marco Lucamarini

Abstract: Quantum key distribution is a way to distribute secret keys to distant users with information theoretic security and key rates suitable for real-world applications. Its rate-distance figure, however, is limited by the natural loss of the communication channel and can never surpass a theoretical limit known as point-to-point secret key capacity. Recently, a new type of quantum key distribution with… ▽ More Quantum key distribution is a way to distribute secret keys to distant users with information theoretic security and key rates suitable for real-world applications. Its rate-distance figure, however, is limited by the natural loss of the communication channel and can never surpass a theoretical limit known as point-to-point secret key capacity. Recently, a new type of quantum key distribution with an intermediate relay was proposed to overcome this limit (M. Lucamarini, Z. L. Yuan, J. F. Dynes and A. J. Shields, Nature, 2018). However, a standard application of the decoy state method limited the security analysis of this scheme to hold under restrictive assumptions for the eavesdropper. Hence, overcoming the point-to-point secret key capacity with an information-theoretic secure scheme is still an open question. Here, we propose a novel way to use decoy states to answer this question. The key idea is to switch between a Test mode and a Code mode, the former enabling the decoy state parameter estimation and the latter generating a key through a phase encoding protocol. This way, we confirm the scaling properties of the original scheme and overcome the secret key capacity at long distances. Our work plays a key role to unlock the potential of practical secure quantum communications. △ Less

Submitted 11 September, 2018; v1 submitted 14 May, 2018; originally announced May 2018.

Comments: 25 pages, 3 figures

Finite-key security analysis for quantum key distribution with leaky sources

Authors: Weilong Wang, Kiyoshi Tamaki, Marcos Curty

Abstract: Security proofs of quantum key distribution (QKD) typically assume that the devices of the legitimate users are perfectly shielded from the eavesdropper. This assumption is, however, very hard to meet in practice, and thus the security of current QKD implementations is not guaranteed. Here, we fill this gap by providing a finite-key security analysis for QKD which is valid against arbitrary inform… ▽ More Security proofs of quantum key distribution (QKD) typically assume that the devices of the legitimate users are perfectly shielded from the eavesdropper. This assumption is, however, very hard to meet in practice, and thus the security of current QKD implementations is not guaranteed. Here, we fill this gap by providing a finite-key security analysis for QKD which is valid against arbitrary information leakage from the state preparation process of the legitimate users. For this, we extend the techniques introduced in (New J. Phys. 18, 065008, (2016)) to the finite-key regime, and we evaluate the security of a leaky decoy-state BB84 protocol with biased basis choice, which is one of the most implemented QKD schemes today. Our simulation results demonstrate the practicability of QKD over long distances and within a reasonable time frame given that the legitimate users' devices are sufficiently isolated. △ Less

Submitted 26 March, 2018; originally announced March 2018.

Comments: 21 pages, 5 figures

Journal ref: New J. Phys. 20 083027 2018

Quantum key distribution with setting-choice-independently correlated light sources

Authors: Akihiro Mizutani, Go Kato, Koji Azuma, Marcos Curty, Rikizo Ikuta, Takashi Yamamoto, Nobuyuki Imoto, Hoi-Kwong Lo, Kiyoshi Tamaki

Abstract: Despite the enormous theoretical and experimental progress made so far in quantum key distribution (QKD), the security of most existing QKD implementations is not rigorously established yet. A critical obstacle is that almost all existing security proofs make ideal assumptions on the QKD devices. Problematically, such assumptions are hard to satisfy in the experiments, and therefore it is not obvi… ▽ More Despite the enormous theoretical and experimental progress made so far in quantum key distribution (QKD), the security of most existing QKD implementations is not rigorously established yet. A critical obstacle is that almost all existing security proofs make ideal assumptions on the QKD devices. Problematically, such assumptions are hard to satisfy in the experiments, and therefore it is not obvious how to apply such security proofs to practical QKD systems. Fortunately, any imperfections and security-loopholes in the measurement devices can be perfectly closed by measurement-device-independent QKD (MDI-QKD), and thus we only need to consider how to secure the source devices. Among imperfections in the source devices, correlations between the sending pulses are one of the principal problems. In this paper, we consider a setting-choice-independent correlation (SCIC) framework in which the sending pulses can present arbitrary correlations but they are independent of the previous setting choices such as the bit, the basis and the intensity settings. Within the framework of SCIC, we consider the dominant fluctuations of the sending states, such as the relative phases and the intensities, and provide a self-contained information theoretic security proof for the loss-tolerant QKD protocol in the finite-key regime. We demonstrate the feasibility of secure quantum communication within a reasonable number of pulses sent, and thus we are convinced that our work constitutes a crucial step toward guaranteeing implementation security of QKD. △ Less

Submitted 26 March, 2018; originally announced March 2018.

Comments: 27 pages, 5 figures

Journal ref: npj Quantum Information 5, 8 (2019)

Decoy-state quantum key distribution with a leaky source

Authors: Kiyoshi Tamaki, Marcos Curty, Marco Lucamarini

Abstract: In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a prote… ▽ More In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems. △ Less

Submitted 15 March, 2018; originally announced March 2018.

Comments: 37 pages, 5 figures

Journal ref: New. J. Phys. 18, 065008 (2016)

Information-theoretic security proof of differential-phase-shift quantum key distribution protocol based on complementarity

Authors: Akihiro Mizutani, Toshihiko Sasaki, Go Kato, Yuki Takeuchi, Kiyoshi Tamaki

Abstract: We show the information-theoretic security proof of the differential-phase-shift (DPS) quantum key distribution (QKD) protocol based on the complementarity approach [arXiv:0704.3661 (2007)]. Our security proof provides a slightly better key generation rate compared to the one derived in the previous security proof in [arXiv:1208.1995 (2012)] that is based on the Shor-Preskill approach [Phys. Rev.… ▽ More We show the information-theoretic security proof of the differential-phase-shift (DPS) quantum key distribution (QKD) protocol based on the complementarity approach [arXiv:0704.3661 (2007)]. Our security proof provides a slightly better key generation rate compared to the one derived in the previous security proof in [arXiv:1208.1995 (2012)] that is based on the Shor-Preskill approach [Phys. Rev. Lett. ${\bf 85}$, 441 (2000)]. This improvement is obtained because the complementarity approach can employ more detailed information on Alice's sending state in estimating the leaked information to an eavesdropper. Moreover, we remove the necessity of the numerical calculation that was needed in the previous analysis to estimate the leaked information. This leads to an advantage that our security proof enables us to evaluate the security of the DPS protocol with any block size. This paper highlights one of the fundamental differences between the Shor-Preskill and the complementarity approaches. △ Less

Submitted 29 April, 2017; originally announced May 2017.

Comments: 15 pages, 5 figures

Journal ref: Quantum Science and Technology, 3, 1 (2017)

Differential-phase-shift quantum key distribution protocol with small number of random delays

Authors: Yuki Hatakeyama, Akihiro Mizutani, Go Kato, Nobuyuki Imoto, Kiyoshi Tamaki

Abstract: The differential-phase-shift (DPS) quantum key distribution (QKD) protocol was proposed aiming at simple implementation, but it can tolerate only a small disturbance in a quantum channel. The round-robin DPS (RRDPS) protocol could be a good solution for this problem, which in fact can tolerate even up to $50\%$ of a bit error rate. Unfortunately, however, such a high tolerance can be achieved only… ▽ More The differential-phase-shift (DPS) quantum key distribution (QKD) protocol was proposed aiming at simple implementation, but it can tolerate only a small disturbance in a quantum channel. The round-robin DPS (RRDPS) protocol could be a good solution for this problem, which in fact can tolerate even up to $50\%$ of a bit error rate. Unfortunately, however, such a high tolerance can be achieved only when we compromise the simplicity, i.e., Bob's measurement must involve a large number of random delays ($|\mathcal{R}|$ denotes its number), and in a practical regime of $|\mathcal{R}|$ being small, the tolerance is low. In this paper, we propose a new DPS protocol to achieve a higher tolerance than the one in the original DPS protocol, in which the measurement setup is less demanding than the one of the RRDPS protocol for the high tolerance regime. We call the new protocol the small-number-random DPS (SNRDPS) protocol, and in this protocol, we add only a small amount of randomness to the original DPS protocol, i.e., $2\leq|\mathcal{R}|\leq10$. In fact, we found that the performance of the SNRDPS protocol is significantly enhanced over the original DPS protocol only by employing a few additional delays such as $|\mathcal{R}|=2$. Also, we found that the key generation rate of the SNRDPS protocol outperforms the RRDPS protocol without monitoring the bit error rate when it is less than $5\%$ and $|\mathcal{R}|\leq10$. Our protocol is an intermediate protocol between the original DPS protocol and the RRDPS protocol, and it increases the variety of the DPS-type protocols with quantified security. △ Less

Submitted 1 February, 2017; originally announced February 2017.

Comments: 16 pages, 6 figures

Journal ref: Phys. Rev. A 95, 042301 (2017)

Security of quantum key distribution with iterative sifting

Authors: Kiyoshi Tamaki, Hoi-Kwong Lo, Akihiro Mizutani, Go Kato, Charles Ci Wen Lim, Koji Azuma, Marcos Curty

Abstract: Several quantum key distribution (QKD) protocols employ iterative sifting. After each quantum transmission round, Alice and Bob disclose part of their setting information (including their basis choices) for the detected signals. The quantum phase of the protocol then ends when the numbers of detected signals per basis exceed certain pre-agreed threshold values. Recently, however, Pfister et al. [N… ▽ More Several quantum key distribution (QKD) protocols employ iterative sifting. After each quantum transmission round, Alice and Bob disclose part of their setting information (including their basis choices) for the detected signals. The quantum phase of the protocol then ends when the numbers of detected signals per basis exceed certain pre-agreed threshold values. Recently, however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative sifting makes QKD insecure, especially in the finite key regime, if the parameter estimation for privacy amplification uses the random sampling theory. This implies that a number of existing finite key security proofs could be flawed and cannot guarantee security. Here, we solve this serious problem by showing that the use of Azuma's inequality for parameter estimation makes QKD with iterative sifting secure again. This means that the existing protocols whose security proof employs this inequality remain secure even if they employ iterative sifting. Also, our results highlight a fundamental difference between the random sampling theorem and Azuma's inequality in proving security. △ Less

Submitted 30 May, 2017; v1 submitted 20 October, 2016; originally announced October 2016.

Comments: 9 pages. We have found a flaw in the first version, which we have corrected in the revised version

Journal ref: Quantum Science and Technology, vol. 3, no. 1, 014002 (2018)

Experimental transmission of quantum digital signatures over 90-km of installed optical fiber using a differential phase shift quantum key distribution system

Authors: Robert J. Collins, Ryan Amiri, Mikio Fujiwara, Toshimori Honjo, Kaoru Shimizu, Kiyoshi Tamaki, Masahiro Takeoka, Erika Andersson, Gerald S. Buller, Masahide Sasaki

Abstract: Quantum digital signatures apply quantum mechanics to the problem of guaranteeing message integrity and non-repudiation with information-theoretical security, which are complementary to the confidentiality realized by quantum key distribution. Previous experimental demonstrations have been limited to transmission distances of less than 5-km of optical fiber in a laboratory setting. Here we report… ▽ More Quantum digital signatures apply quantum mechanics to the problem of guaranteeing message integrity and non-repudiation with information-theoretical security, which are complementary to the confidentiality realized by quantum key distribution. Previous experimental demonstrations have been limited to transmission distances of less than 5-km of optical fiber in a laboratory setting. Here we report the first demonstration of quantum digital signatures over installed optical fiber as well as the longest transmission link reported to date. This demonstration used a 90-km long differential phase shift quantum key distribution system to achieve approximately one signed bit per second - an increase in the signature generation rate of several orders of magnitude over previous optical fiber demonstrations. △ Less

Submitted 15 August, 2016; originally announced August 2016.

Journal ref: Optics Letters 41(21), 4883-4886 (2016)

Quantum key distribution protocols with slow basis choice

Authors: Toshihiko Sasaki, Kiyoshi Tamaki, Masato Koashi

Abstract: Many quantum key distribution (QKD) protocols require random choice of measurement basis for each pulse or each train of pulses. In some QKD protocols, such as the Round-Robin Differential Phase Shift (RRDPS) QKD protocol, this requirement is a bit challenging as randomly choosing hundreds of settings for every, say, 100 pulses may be too fast with current technologies. In this paper, we solve thi… ▽ More Many quantum key distribution (QKD) protocols require random choice of measurement basis for each pulse or each train of pulses. In some QKD protocols, such as the Round-Robin Differential Phase Shift (RRDPS) QKD protocol, this requirement is a bit challenging as randomly choosing hundreds of settings for every, say, 100 pulses may be too fast with current technologies. In this paper, we solve this issue by proving the security of QKD protocols with slow basis choice without compromising the secret key rate. We also show that the random choice of the bases for the state preparation can be made slow if the signals do not leak any information on the basis. Examples of QKD protocols that our technique can apply include the RRDPS protocol and BB84-type protocols, and our technique relaxes demands for the implementation of QKD systems. △ Less

Submitted 15 April, 2016; originally announced April 2016.

Comments: 7 pages, 4 figures

Security of quantum key distribution with non-I.I.D. light sources

Authors: Yuichi Nagamatsu, Akihiro Mizutani, Rikizo Ikuta, Takashi Yamamoto, Nobuyuki Imoto, Kiyoshi Tamaki

Abstract: Although quantum key distribution (QKD) is theoretically secure, there is a gap between the theory and practice. In fact, real-life QKD may not be secure because component devices in QKD systems may deviate from the theoretical models assumed in security proofs. To solve this problem, it is necessary to construct the security proof under realistic assumptions on the source and measurement unit. In… ▽ More Although quantum key distribution (QKD) is theoretically secure, there is a gap between the theory and practice. In fact, real-life QKD may not be secure because component devices in QKD systems may deviate from the theoretical models assumed in security proofs. To solve this problem, it is necessary to construct the security proof under realistic assumptions on the source and measurement unit. In this paper, we prove the security of a QKD protocol under practical assumptions on the source that accommodate fluctuation of the phase and intensity modulations. As long as our assumptions hold, it does not matter at all how the phase and intensity distribute nor whether or not their distributions over different pulses are independently and identically distributed (I.I.D.). Our work shows that practical sources can be safely employed in QKD experiments. △ Less

Submitted 9 February, 2016; originally announced February 2016.

Journal ref: Phys. Rev. A 93, 042325 (2016)

Robustness of round-robin differential-phase-shift quantum-key-distribution protocol against source flaws

Authors: Akihiro Mizutani, Nobuyuki Imoto, Kiyoshi Tamaki

Abstract: Recently, a new type of quantum key distribution, called the round-robin differential phase-shift (RRDPS) protocol [Nature 509, 475 (2014)], was proposed, where the security can be guaranteed without monitoring any statistics. In this Letter, we investigate source imperfections and side-channel attacks on the source of this protocol. We show that only three assumptions are needed for the security,… ▽ More Recently, a new type of quantum key distribution, called the round-robin differential phase-shift (RRDPS) protocol [Nature 509, 475 (2014)], was proposed, where the security can be guaranteed without monitoring any statistics. In this Letter, we investigate source imperfections and side-channel attacks on the source of this protocol. We show that only three assumptions are needed for the security, and no detailed characterizations of the source or the side-channel attacks are needed. This high robustness is another striking advantage of the RRDPS protocol over other protocols. △ Less

Submitted 6 May, 2016; v1 submitted 1 October, 2015; originally announced October 2015.

Comments: The new version can deal with sending pulses that are classically correlated with each other in an arbitrary manner

Journal ref: Phys. Rev. A 92, 060303(R) (2015)

Experimental quantum key distribution without monitoring signal disturbance

Authors: Hiroki Takesue, Toshihiko Sasaki, Kiyoshi Tamaki, Masato Koashi

Abstract: Since the invention of Bennett-Brassard 1984 (BB84) protocol, many quantum key distribution (QKD) protocols have been proposed and some protocols are operated even in field environments. One of the striking features of QKD is that QKD protocols are provably secure unlike cryptography based on computational complexity assumptions. It has been believed that, to guarantee the security of QKD, Alice a… ▽ More Since the invention of Bennett-Brassard 1984 (BB84) protocol, many quantum key distribution (QKD) protocols have been proposed and some protocols are operated even in field environments. One of the striking features of QKD is that QKD protocols are provably secure unlike cryptography based on computational complexity assumptions. It has been believed that, to guarantee the security of QKD, Alice and Bob have to monitor the statistics of the measurement outcomes which are used to determine the amount of the privacy amplification to generate a key. Recently a new type of QKD protocol, called round robin differential phase shift (RRDPS) protocol, was proposed, and remarkably this protocol can generate a key without monitoring any statistics of the measurement outcomes. Here we report an experimental realization of the RRDPS protocol. We used a setup in which Bob randomly chooses one from four interferometers with different pulse delays so that he could implement phase difference measurements for all possible combinations with five-pulse time-bin states. Using the setup, we successfully distributed keys over 30 km of fiber, making this the first QKD experiment that does not rely on signal disturbance monitoring. △ Less

Submitted 28 May, 2015; originally announced May 2015.

Comments: 8 pages, 4 figures

Journal ref: Nature Photonics 9, 827-831 (2015)

Secure Quantum Key Distribution

Authors: Hoi-Kwong Lo, Marcos Curty, Kiyoshi Tamaki

Abstract: Secure communication plays a crucial role in the Internet Age. Quantum mechanics may revolutionise cryptography as we know it today. In this Review Article, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After a brief introduction to recen… ▽ More Secure communication plays a crucial role in the Internet Age. Quantum mechanics may revolutionise cryptography as we know it today. In this Review Article, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After a brief introduction to recent experimental progress and challenges, we survey the latest developments in quantum hacking and counter-measures against it. △ Less

Submitted 20 May, 2015; originally announced May 2015.

Comments: 13 pages, 5 figures

Journal ref: Nature Photonics 8, 595-604 (2014)

Finite-key security analysis of quantum key distribution with imperfect light sources

Authors: Akihiro Mizutani, Marcos Curty, Charles Ci Wen Lim, Nobuyuki Imoto, Kiyoshi Tamaki

Abstract: In recent years, the gap between theory and practice in quantum key distribution (QKD) has been significantly narrowed, particularly for QKD systems with arbitrarily awed optical receivers. The status for QKD systems with imperfect light sources is however less satisfactory, in the sense that the resulting secure key rates are often overly-dependent on the quality of state preparation. This is esp… ▽ More In recent years, the gap between theory and practice in quantum key distribution (QKD) has been significantly narrowed, particularly for QKD systems with arbitrarily awed optical receivers. The status for QKD systems with imperfect light sources is however less satisfactory, in the sense that the resulting secure key rates are often overly-dependent on the quality of state preparation. This is especially the case when the channel loss is high. Very recently, to overcome this limitation, Tamaki et al proposed a QKD protocol based on the so-called rejected data analysis, and showed that its security|in the limit of infinitely long keys|is almost independent of any encoding flaw in the qubit space, being this protocol compatible with the decoy state method. Here, as a step towards practical QKD, we show that a similar conclusion is reached in the finite-key regime, even when the intensity of the light source is unstable. More concretely, we derive security bounds for a wide class of realistic light sources and show that the bounds are also efficient in the presence of high channel loss. Our results strongly suggest the feasibility of long distance provably-secure communication with imperfect light sources. △ Less

Submitted 30 April, 2015; originally announced April 2015.

Comments: 27 pages, 7 figures

Journal ref: New J. Phys. 17, 093011 (2015)

Measurement-device-independent quantum key distribution with all-photonic adaptive Bell measurement

Authors: Koji Azuma, Kiyoshi Tamaki, William J. Munro

Abstract: The time-reversed version of entanglement-based quantum key distribution (QKD), called measurement-device-independent QKD (mdiQKD), was originally introduced to close arbitrary security loopholes of measurement devices. Here we show that the mdiQKD has another advantage which should be distinguished from the entanglement-based QKD. In particular, an all-photonic adaptive Bell measurement, based on… ▽ More The time-reversed version of entanglement-based quantum key distribution (QKD), called measurement-device-independent QKD (mdiQKD), was originally introduced to close arbitrary security loopholes of measurement devices. Here we show that the mdiQKD has another advantage which should be distinguished from the entanglement-based QKD. In particular, an all-photonic adaptive Bell measurement, based on the concept of quantum repeaters, can be installed solely in the mdiQKD, which leads to a square root improvement in the key rate. This Bell measurement also provides a similar improvement in the single-photon-based entanglement generation of quantum repeaters. △ Less

Submitted 12 August, 2014; originally announced August 2014.

Comments: 5 pages, 3 figures

Measurement-device-independent quantum key distribution for Scarani-Acin-Ribordy-Gisin 04 protocol

Authors: Akihiro Mizutani, Kiyoshi Tamaki, Rikizo Ikuta, Takashi Yamamoto, Nobuyuki Imoto

Abstract: The measurement-device-independent quantum key distribution (MDI QKD) was proposed to make BB84 completely free from any side-channel in detectors. Like in prepare & measure QKD, the use of other protocols in MDI setting would be advantageous in some practical situations. In this paper, we consider SARG04 protocol in MDI setting. The prepare & measure SARG04 is proven to be able to generate a key… ▽ More The measurement-device-independent quantum key distribution (MDI QKD) was proposed to make BB84 completely free from any side-channel in detectors. Like in prepare & measure QKD, the use of other protocols in MDI setting would be advantageous in some practical situations. In this paper, we consider SARG04 protocol in MDI setting. The prepare & measure SARG04 is proven to be able to generate a key up to two-photon emission events. In MDI setting we show that the key generation is possible from the event with single or two-photon emission by a party and single-photon emission by the other party, but the two-photon emission event by both parties cannot contribute to the key generation. On the contrary to prepare & measure SARG04 protocol where the experimental setup is exactly the same as BB84, the measurement setup for SARG04 in MDI setting cannot be the same as that for BB84 since the measurement setup for BB84 in MDI setting induces too many bit errors. To overcome this problem, we propose two alternative experimental setups, and we simulate the resulting key rate. Our study highlights the requirements that MDI QKD poses on us regarding with the implementation of a variety of QKD protocols. △ Less

Submitted 8 April, 2014; originally announced April 2014.

Comments: 15 pages, 10 figures

Journal ref: Scientific Reports 4, 5236, (2014)

Loss-tolerant quantum cryptography with imperfect sources

Authors: Kiyoshi Tamaki, Marcos Curty, Go Kato, Hoi-Kwong Lo, Koji Azuma

Abstract: In principle, quantum key distribution (QKD) offers unconditional security based on the laws of physics. In practice, flaws in the state preparation undermine the security of QKD systems, as standard theoretical approaches to deal with state preparation flaws are not loss-tolerant. An eavesdropper can enhance and exploit such imperfections through quantum channel loss, thus dramatically lowering t… ▽ More In principle, quantum key distribution (QKD) offers unconditional security based on the laws of physics. In practice, flaws in the state preparation undermine the security of QKD systems, as standard theoretical approaches to deal with state preparation flaws are not loss-tolerant. An eavesdropper can enhance and exploit such imperfections through quantum channel loss, thus dramatically lowering the key generation rate. Crucially, the security analyses of most existing QKD experiments are rather unrealistic as they typically neglect this effect. Here, we propose a novel and general approach that makes QKD loss-tolerant to state preparation flaws. Importantly, it suggests that the state preparation process in QKD can be significantly less precise than initially thought. Our method can widely apply to other quantum cryptographic protocols. △ Less

Submitted 19 December, 2013; v1 submitted 12 December, 2013; originally announced December 2013.

Comments: 9 pages, 2 figures

Journal ref: Phys. Rev. A 90, 052314 (2014)

All photonic quantum repeaters

Authors: Koji Azuma, Kiyoshi Tamaki, Hoi-Kwong Lo

Abstract: Quantum communication holds promise for unconditionally secure transmission of secret messages and faithful transfer of unknown quantum states. Photons appear to be the medium of choice for quantum communication. Owing to photon losses, robust quantum communication over long lossy channels requires quantum repeaters. It is widely believed that a necessary and highly demanding requirement for quant… ▽ More Quantum communication holds promise for unconditionally secure transmission of secret messages and faithful transfer of unknown quantum states. Photons appear to be the medium of choice for quantum communication. Owing to photon losses, robust quantum communication over long lossy channels requires quantum repeaters. It is widely believed that a necessary and highly demanding requirement for quantum repeaters is the existence of matter quantum memories at the repeater nodes. Here we show that such a requirement is, in fact, unnecessary by introducing the concept of all photonic quantum repeaters based on flying qubits. As an example of the realization of this concept, we present a protocol based on photonic cluster state machine guns and a loss-tolerant measurement equipped with local high-speed active feedforwards. We show that, with such an all photonic quantum repeater, the communication efficiency still scales polynomially with the channel distance. Our result paves a new route toward quantum repeaters with efficient single-photon sources rather than matter quantum memories. △ Less

Submitted 27 September, 2013; originally announced September 2013.

Comments: 16 pages, 7 figures

Journal ref: Nature Communications 6:6787 (2015)

Characteristics of superconducting single photon detector in DPS-QKD system under bright illumination blinding attack

Authors: Mikio Fujiwara, Toshimori Honjo, Kaoru Shimizu, Kiyoshi Tamaki, Masahide Sasaki

Abstract: We derive the time-dependent photo-detection probability equation of a superconducting single photon detector (SSPD) to study the responsive property for a pulse train at high repetition rate. Using this equation, we analyze the characteristics of SSPDs when illuminated by bright pulses in blinding attack on a quantum key distribution (QKD). We obtain good agreement between expected values based o… ▽ More We derive the time-dependent photo-detection probability equation of a superconducting single photon detector (SSPD) to study the responsive property for a pulse train at high repetition rate. Using this equation, we analyze the characteristics of SSPDs when illuminated by bright pulses in blinding attack on a quantum key distribution (QKD). We obtain good agreement between expected values based on our equation and actual experimental values. Such a time-dependent probability analysis contributes to security analysis. △ Less

Submitted 10 August, 2013; originally announced August 2013.

Comments: 9 pages, 4 figures

Journal ref: Optics Express, 21(5), 6304-6312(2013)

Countermeasure against tailored bright illumination attack for DPS-QKD

Authors: Toshimori Honjo, Mikio Fujiwara, Kaoru Shimizu, Kiyoshi Tamaki, Shigehito Miki, Taro Yamashita, Hirotaka Terai, Zhen Wang, Masahide Sasaki

Abstract: We propose a countermeasure against the so-call tailored bright illumination attacl dor Differential-Phase-Shift QKD (DPS-QKD). By Monitoring a rate of coincidence detection at a pair of superconducting nanowire single photon detectors (SSPDs) which is connected at each of the output ports of Bob's Mach-Zehnder interferometer, Alice and Bob can detect and defeat this kind of attack. We propose a countermeasure against the so-call tailored bright illumination attacl dor Differential-Phase-Shift QKD (DPS-QKD). By Monitoring a rate of coincidence detection at a pair of superconducting nanowire single photon detectors (SSPDs) which is connected at each of the output ports of Bob's Mach-Zehnder interferometer, Alice and Bob can detect and defeat this kind of attack. △ Less

Submitted 10 August, 2013; originally announced August 2013.

Comments: 7 pages, 5 figures

Journal ref: Optics Express 21(3), 266-2673 (2013)

Finite-key analysis for measurement-device-independent quantum key distribution

Authors: Marcos Curty, Feihu Xu, Wei Cui, Charles Ci Wen Lim, Kiyoshi Tamaki, Hoi-Kwong Lo

Abstract: Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach---measurement-… ▽ More Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach---measurement-device-independent quantum key distribution---has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time-frame of signal transmission. △ Less

Submitted 20 May, 2015; v1 submitted 3 July, 2013; originally announced July 2013.

Comments: 21 pages, 4 figures

Journal ref: Nature Communications 5, 3732 (2014)

Blind post-processing for the unbalanced BB84

Authors: Satoshi Sunohara, Kiyoshi Tamaki, Nobuyuki Imoto

Abstract: For the realization of quantum key distribution, it is important to investigate its security based on a mathematical model that captures properties of the actual devices used by the legitimate users. Recently, Ferenczi, et. al. (Phys. Rev. A 86 042327 (2012)) pointed out potential influences that the losses in phase modulators and/or the unbalance in the transmission rate of beam splitters may hav… ▽ More For the realization of quantum key distribution, it is important to investigate its security based on a mathematical model that captures properties of the actual devices used by the legitimate users. Recently, Ferenczi, et. al. (Phys. Rev. A 86 042327 (2012)) pointed out potential influences that the losses in phase modulators and/or the unbalance in the transmission rate of beam splitters may have on the security of the phase-encoded BB84 and analyzed the security of this scheme, which is called the unbalanced BB84. In this paper, we ask whether blindly applying the post-processing of the balanced BB84 to the unbalanced BB84 would lead to an insecure key or not, and we conclude that we can safely distill a secure key even with this post-processing. It follows from our proof that as long as the unbalances are basis-independent, our conclusion holds even if the unbalances are unknown and fluctuate in time. △ Less

Submitted 8 February, 2013; v1 submitted 7 February, 2013; originally announced February 2013.

Comments: 6 pages, two-column format, 5 figures, layout corrected

Unconditional security of coherent-state-based differential phase shift quantum key distribution protocol with block-wise phase randomization

Authors: Kiyoshi Tamaki, Masato Koashi, Go Kato

Abstract: We prove the unconditional security of coherent-state-based differential phase shift quantum key distribution protocol (DPSQKD) with block-wise phase randomization. Our proof is based on the conversion of DPSQKD to an equivalent entanglement-distillation protocol where the estimated phase error rate determines the amount of the privacy amplification. The generated final key has a contribution from… ▽ More We prove the unconditional security of coherent-state-based differential phase shift quantum key distribution protocol (DPSQKD) with block-wise phase randomization. Our proof is based on the conversion of DPSQKD to an equivalent entanglement-distillation protocol where the estimated phase error rate determines the amount of the privacy amplification. The generated final key has a contribution from events where the sender emits two or more photons, indicating the robustness of DPSQKD against photon-number-splitting attacks. △ Less

Submitted 9 August, 2012; originally announced August 2012.

Comments: 15 pages and 12 figures

High-fidelity cluster state generation for ultracold atoms in an optical lattice

Authors: Kensuke Inaba, Yuuki Tokunaga, Kiyoshi Tamaki, Kazuhiro Igeta, Makoto Yamashita

Abstract: We propose a method for generating high-fidelity multipartite spin-entanglement of ultracold atoms in an optical lattice in a short operation time with a scalable manner, which is suitable for measurement-based quantum computation. To perform the desired operations based on the perturbative spin-spin interactions, we propose to actively utilize the extra degrees of freedom (DOFs) usually neglected… ▽ More We propose a method for generating high-fidelity multipartite spin-entanglement of ultracold atoms in an optical lattice in a short operation time with a scalable manner, which is suitable for measurement-based quantum computation. To perform the desired operations based on the perturbative spin-spin interactions, we propose to actively utilize the extra degrees of freedom (DOFs) usually neglected in the perturbative treatment but included in the Hubbard Hamiltonian of atoms, such as, (pseudo-)charge and orbital DOFs. Our method simultaneously achieves high fidelity, short operation time, and scalability by overcoming the following fundamental problem: enhancing the interaction strength for shortening operation time breaks the perturbative condition of the interaction and inevitably induces unwanted correlations among the spin and extra DOFs. △ Less

Submitted 4 March, 2014; v1 submitted 29 February, 2012; originally announced February 2012.

Comments: 9 pages, 11 figures

Journal ref: Phys. Rev. Lett. 112, 110501 (2014)

Phase encoding schemes for measurement device independent quantum key distribution and basis-dependent flaw

Authors: Kiyoshi Tamaki, Hoi-Kwong Lo, Chi-Hang Fred Fung, Bing Qi

Abstract: In this paper, we study the unconditional security of the so-called measurement device independent quantum key distribution (MDIQKD) with the basis-dependent flaw in the context of phase encoding schemes. We propose two schemes for the phase encoding, the first one employs a phase locking technique with the use of non-phase-randomized coherent pulses, and the second one uses conversion of standard… ▽ More In this paper, we study the unconditional security of the so-called measurement device independent quantum key distribution (MDIQKD) with the basis-dependent flaw in the context of phase encoding schemes. We propose two schemes for the phase encoding, the first one employs a phase locking technique with the use of non-phase-randomized coherent pulses, and the second one uses conversion of standard BB84 phase encoding pulses into polarization modes. We prove the unconditional security of these schemes and we also simulate the key generation rate based on simple device models that accommodate imperfections. Our simulation results show the feasibility of these schemes with current technologies and highlight the importance of the state preparation with good fidelity between the density matrices in the two bases. Since the basis-dependent flaw is a problem not only for MDIQKD but also for standard QKD, our work highlights the importance of an accurate signal source in practical QKD systems. Note: We include the erratum of this paper in Appendix C. The correction does not affect the validity of the main conclusions reported in the paper, which is the importance of the state preparation in MDIQKD and the fact that our schemes can generate the key with the practical channel mode that we have assumed. △ Less

Submitted 27 August, 2012; v1 submitted 14 November, 2011; originally announced November 2011.

Comments: We include the erratum of this paper in Appendix C. The correction does not affect the validity of the main conclusions reported in the paper

Journal ref: Phys. Rev. A 85, 042307 (2012)

Field test of quantum key distribution in the Tokyo QKD Network

Authors: M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura , et al. (18 additional authors not shown)

Abstract: A novel secure communication network with quantum key distribution in a metropolitan area is reported. Different QKD schemes are integrated to demonstrate secure TV conferencing over a distance of 45km, stable long-term operation, and application to secure mobile phones. A novel secure communication network with quantum key distribution in a metropolitan area is reported. Different QKD schemes are integrated to demonstrate secure TV conferencing over a distance of 45km, stable long-term operation, and application to secure mobile phones. △ Less

Submitted 18 March, 2011; originally announced March 2011.

Comments: 21 pages, 19 figures

Journal ref: Optics Express Vol. 19, Iss. 11, pp. 10387-10409 (2011)

Security of six-state quantum key distribution protocol with threshold detectors

Authors: Go Kato, Kiyoshi Tamaki

Abstract: We prove the unconditional security of the six-state protocol with threshold detectors and one-way classical communication. Unlike the four-state protocol (BB84), it has been proven that the squash operator for the six-state does not exist, i.e., the statistics of the measurements cannot be obtained via measurement on qubits. We propose a technique to determine which photon number states are impor… ▽ More We prove the unconditional security of the six-state protocol with threshold detectors and one-way classical communication. Unlike the four-state protocol (BB84), it has been proven that the squash operator for the six-state does not exist, i.e., the statistics of the measurements cannot be obtained via measurement on qubits. We propose a technique to determine which photon number states are important, and we consider a fictitious measurement on a qubit, which is defined through the squash operator of BB84, for the better estimation of Eve's information. As a result, we prove that the bit error rate threshold for the six-state protocol (12.611%) remains almost the same as the one of the qubit-based six-state protocol (12.619%). This clearly demonstrates the robustness of the six-state protocol against the use of the practical devices. △ Less

Submitted 27 August, 2010; originally announced August 2010.

Comments: 4 pages, 2 figures

Quantum circuit for security proof of quantum key distribution without encryption of error syndrome and noisy processing

Authors: Kiyoshi Tamaki, Go Kato

Abstract: One of the simplest security proofs of quantum key distribution is based on the so-called complementarity scenario, which involves the complementarity control of an actual protocol and a virtual protocol [M. Koashi, e-print arXiv:0704.3661 (2007)]. The existing virtual protocol has a limitation in classical postprocessing, i.e., the syndrome for the error-correction step has to be encrypted. In th… ▽ More One of the simplest security proofs of quantum key distribution is based on the so-called complementarity scenario, which involves the complementarity control of an actual protocol and a virtual protocol [M. Koashi, e-print arXiv:0704.3661 (2007)]. The existing virtual protocol has a limitation in classical postprocessing, i.e., the syndrome for the error-correction step has to be encrypted. In this paper, we remove this limitation by constructing a quantum circuit for the virtual protocol. Moreover, our circuit with a shield system gives an intuitive proof of why adding noise to the sifted key increases the bit error rate threshold in the general case in which one of the parties does not possess a qubit. Thus, our circuit bridges the simple proof and the use of wider classes of classical postprocessing. △ Less

Submitted 14 June, 2010; v1 submitted 16 February, 2010; originally announced February 2010.

Comments: 8 pages, 2 figures. Typo corrected

Journal ref: Phys. Rev. A 81, 022316 (2010)

Robust Unconditionally Secure Quantum Key Distribution with Two Nonorthogonal and Uninformative States

Authors: Marco Lucamarini, Giovanni Di Giuseppe, Kiyoshi Tamaki

Abstract: We introduce a novel form of decoy-state technique to make the single-photon Bennett 1992 protocol robust against losses and noise of a communication channel. Two uninformative states are prepared by the transmitter in order to prevent the unambiguous state discrimination attack and improve the phase-error rate estimation. The presented method does not require strong reference pulses, additional… ▽ More We introduce a novel form of decoy-state technique to make the single-photon Bennett 1992 protocol robust against losses and noise of a communication channel. Two uninformative states are prepared by the transmitter in order to prevent the unambiguous state discrimination attack and improve the phase-error rate estimation. The presented method does not require strong reference pulses, additional electronics or extra detectors for its implementation. △ Less

Submitted 2 July, 2009; originally announced July 2009.

Comments: 7 pages, 2 figures

Journal ref: Phys. Rev. A 80, 032327 (2009)

Updating Quantum Cryptography Report ver. 1

Authors: Donna Dodson, Mikio Fujiwara, Philippe Grangier, Masahito Hayashi, Kentaro Imafuku, Ken-ichi Kitayama, Prem Kumar, Christian Kurtsiefer, Gaby Lenhart, Norbert Luetkenhaus, Tsutomu Matsumoto, William J. Munro, Tsuyoshi Nishioka, Momtchil Peev, Masahide Sasaki, Yutaka Sata, Atsushi Takada, Masahiro Takeoka, Kiyoshi Tamaki, Hidema Tanaka, Yasuhiro Tokura, Akihisa Tomita, Morio Toyoshima, Rodney van Meter, Atsuhiro Yamagishi , et al. (2 additional authors not shown)

Abstract: Quantum cryptographic technology (QCT) is expected to be a fundamental technology for realizing long-term information security even against as-yet-unknown future technologies. More advanced security could be achieved using QCT together with contemporary cryptographic technologies. To develop and spread the use of QCT, it is necessary to standardize devices, protocols, and security requirements a… ▽ More Quantum cryptographic technology (QCT) is expected to be a fundamental technology for realizing long-term information security even against as-yet-unknown future technologies. More advanced security could be achieved using QCT together with contemporary cryptographic technologies. To develop and spread the use of QCT, it is necessary to standardize devices, protocols, and security requirements and thus enable interoperability in a multi-vendor, multi-network, and multi-service environment. This report is a technical summary of QCT and related topics from the viewpoints of 1) consensual establishment of specifications and requirements of QCT for standardization and commercialization and 2) the promotion of research and design to realize New-Generation Quantum Cryptography. △ Less

Submitted 27 May, 2009; originally announced May 2009.

Comments: 74 pages

Unconditional Security of Single-Photon Differential Phase Shift Quantum Key Distribution

Authors: Kai Wen, Kiyoshi Tamaki, Yoshihisa Yamamoto

Abstract: In this Letter, we prove the unconditional security of single-photon differential phase shift quantum key distribution (DPS-QKD) protocol, based on the conversion to an equivalent entanglement-based protocol. We estimate the upper bound of the phase error rate from the bit error rate, and show that DPS-QKD can generate unconditionally secure key when the bit error rate is not greater than 4.12%.… ▽ More In this Letter, we prove the unconditional security of single-photon differential phase shift quantum key distribution (DPS-QKD) protocol, based on the conversion to an equivalent entanglement-based protocol. We estimate the upper bound of the phase error rate from the bit error rate, and show that DPS-QKD can generate unconditionally secure key when the bit error rate is not greater than 4.12%. This proof is the first step to the unconditional security proof of coherent state DPS-QKD. △ Less

Submitted 4 October, 2009; v1 submitted 16 June, 2008; originally announced June 2008.

Comments: 5 pages, 2 figures; shorten the length, improve clarity, and correct typos; accepted for publication in Physical Review Letters

Journal ref: Phys. Rev. Lett. 103, 170503 (2009)

Security proof for QKD systems with threshold detectors

Authors: Toyohiro Tsurumaru, Kiyoshi Tamaki

Abstract: In this paper, we rigorously prove the intuition that in security proofs for BB84 one may regard an incoming signal to Bob as a qubit state. From this result, it follows that all security proofs for BB84 based on a virtual qubit entanglement distillation protocol, which was originally proposed by Lo and Chau [H.-K. Lo and H. F. Chau, Science 283, 2050 (1999)], and Shor and Preskill [P. W. Shor a… ▽ More In this paper, we rigorously prove the intuition that in security proofs for BB84 one may regard an incoming signal to Bob as a qubit state. From this result, it follows that all security proofs for BB84 based on a virtual qubit entanglement distillation protocol, which was originally proposed by Lo and Chau [H.-K. Lo and H. F. Chau, Science 283, 2050 (1999)], and Shor and Preskill [P. W. Shor and J. Preskill, Phys. Rev. Lett. 85, 441 (2000)], are all valid even if Bob's actual apparatus cannot distill a qubit state explicitly. As a consequence, especially, the well-known result that a higher bit error rate of 20% can be tolerated for BB84 protocol by using two-way classical communications is still valid even when Bob uses threshold detectors. Using the same technique, we also prove the security of the Bennett-Brassard-Mermin 1992 (BBM92) protocol where Alice and Bob both use threshold detectors. △ Less

Submitted 11 September, 2008; v1 submitted 31 March, 2008; originally announced March 2008.

Comments: 6 pages, 4 figures; references changed; revised argument for the security proof; typos corrected

Journal ref: Phys. Rev. A 78, 032302 (2008)

Effect of detector dead-times on the security evaluation of differential-phase-shift quantum key distribution against sequential attacks

Authors: Marcos Curty, Kiyoshi Tamaki, Tobias Moroder

Abstract: We investigate limitations imposed by detector dead-times on the performance of sequential attacks against a differential-phase-shift (DPS) quantum key distribution (QKD) protocol with weak coherent pulses. In particular, we analyze sequential attacks based on unambiguous state discrimination of the signal states emitted by the source and we obtain ultimate upper bounds on the maximal distance a… ▽ More We investigate limitations imposed by detector dead-times on the performance of sequential attacks against a differential-phase-shift (DPS) quantum key distribution (QKD) protocol with weak coherent pulses. In particular, we analyze sequential attacks based on unambiguous state discrimination of the signal states emitted by the source and we obtain ultimate upper bounds on the maximal distance achievable by a DPS QKD scheme both in the so-called trusted and untrusted device scenarios, respectively. △ Less

Submitted 10 March, 2008; originally announced March 2008.

Comments: 21 pages, 14 figures

Journal ref: Phys. Rev. A 77, 052321 (2008)

Security proof of quantum key distribution with detection efficiency mismatch

Authors: Chi-Hang Fred Fung, Kiyoshi Tamaki, Bing Qi, Hoi-Kwong Lo, Xiongfeng Ma

Abstract: In theory, quantum key distribution (QKD) offers unconditional security based on the laws of physics. However, as demonstrated in recent quantum hacking theory and experimental papers, detection efficiency loophole can be fatal to the security of practical QKD systems. Here, we describe the physical origin of detection efficiency mismatch in various domains including spatial, spectral, and time… ▽ More In theory, quantum key distribution (QKD) offers unconditional security based on the laws of physics. However, as demonstrated in recent quantum hacking theory and experimental papers, detection efficiency loophole can be fatal to the security of practical QKD systems. Here, we describe the physical origin of detection efficiency mismatch in various domains including spatial, spectral, and time domains and in various experimental set-ups. More importantly, we prove the unconditional security of QKD even with detection efficiency mismatch. We explicitly show how the key generation rate is characterized by the maximal detection efficiency ratio between the two detectors. Furthermore, we prove that by randomly switching the bit assignments of the detectors, the effect of detection efficiency mismatch can be completely eliminated. △ Less

Submitted 15 October, 2008; v1 submitted 26 February, 2008; originally announced February 2008.

Comments: 35 pages, 7 figures

Journal ref: Quantum Information and Computation, vol. 9, pp. 0131-0165 (2009)