Effective measurement-device-independent quantum cryptography

Cryptography—the art of secret communication—has been an important part of society for thousands of years and has had a dramatic impact on history. There are two primary forms of cryptography, which are known as ‘secret key’ and ‘public key’ cryptography. However, only the former of these two methods has been proven to be unconditionally secure. Furthermore, this cryptography approach relies on strict confidentiality during the exchange of secret keys.

The revolutionary technique of quantum key distribution (QKD) can be used to solve the problem of secret key exchange. QKD is a means of establishing highly secure keys between parties. In QKD, the quantum properties of an optical electromagnetic field are used to transmit secret bits.¹ The laws of quantum mechanics mean that the information cannot be tapped without leaving some sign of manipulation. QKD can thus be used to generate private secret keys in a symmetric encryption algorithm and, in principle, subsequently allow unconditional secure communication (also known as quantum-safe communication because it is resistant to attacks by quantum computers). Since the inception of QKD in 1984,² a number of protocols have been devised, demonstrated and commercialized. Most of the realizations are based on single-photon states (or weak coherent states) combined with photon counters. These are often referred to as discrete variables (DV) QKD processes. Alternatively, QKD can be implemented using the continuous variables (CV) of an optical field. The key information is encoded into the amplitude and phase quadratures, which can be measured with homodyne detectors. In a comparison of DV-QKD and CV-QKD, it was found that CV-QKD is superior for metropolitan implementations, but DV-QKD is better for long-distance applications.¹

We note, however, that there is a problem with conventional point-to-point QKD systems, i.e., even though the principle of QKD is provably secure, the actual physical implementation may have a weakness that can be attacked by quantum hackers. For example, it has been shown that the measurement station in point-to-point QKD systems (e.g., labeled Bob in Figure 1)—which is usually assumed to be trustworthy when estimating the secure key rate—is particularly vulnerable to attacks.³ We have thus developed methods to circumvent effective attacks on measurement stations. For instance, we use newly devised measurement-device-independent (MDI) QKD protocols. These protocols have previously been proposed for DV systems,^{4, 5} and we have now also extended these to include CV systems.⁶

Figure 1. Schematic illustrations of the experimental setups for (a) conventional point-to-point (one-way) continuous variables (CV) quantum key distribution (QKD) and (b) measurement-device-independent (MDI) CV-QKD.

The basic idea behind standard point-to-point CV-QKD, and CV-MDI-QKD, is presented in Figure 1. In standard point-to-point (one-way) QKD, the sender (i.e., Alice) encodes key information into coherent states. These are then conveyed through an untrusted communication channel and subsequently measured by homodyne detectors at the measurement station (i.e., Bob). After some error correction and privacy amplification processes are completed, both Alice and Bob will hold a secret key that can be used for quantum-safe communication (assuming that both stations are trusted).

However, it has been demonstrated that the measurement station can be hacked.³ In our new approach, we therefore do not put any assumptions on the measurement station. Instead, we place this station as a relay between Alice and Bob, as shown in Figure 1(b). In our system, Alice and Bob prepare key information into independent coherent states. These are then sent to the relay and are jointly measured by an untrusted detector. The relay subsequently broadcasts the measurement results. In the final stage, Alice and Bob can generate a secret key (without imposing any assumptions on the measurement station).

We have performed a proof-of-principle experiment for our MDI-QKD approach. In this experiment, we use a single laser that operates at 1064nm and is modulated with standard electro-optical modulators. We sent signals over free-space lossy channels and jointly measured them with very-high-efficiency homodyne detectors (a so-called Bell-type measurement). The key rates for three different distances between Alice and the relay are shown in Figure 2. For these measurements we assume a post-processing efficiency of 97%. The upper and lower bounds of the secret key capacity are also shown in Figure 2. It is clear from our results that the obtained key rates are close to the capacity for metropolitan distances.

Figure 2. Results from the MDI-QKD proof-of-principle experiments. The secret key rate is shown as a function of the total distance between Alice and Bob (see Figure 1) in simulated fibers. The results are given for three different simulated distances between Alice and the relay: (i) 0m (i.e., the relay is at the same position as Alice), (ii) 100m, and (iii) 1km. The upper bound (UB) and lower bound (LB) of the secret key capacity are also shown.⁶

We have devised and experimentally verified a new technique to circumvent effective attacks on measurement stations in conventional point-to-point QKD systems. Our measurement-device-independent protocol is applicable to CV-QKD setups. Our future goals include demonstrating our CV-MDI-QKD method at telecom wavelengths. This will involve the use of independent-frequency-stabilized lasers at the sending and measurement stations. We also plan to use fibers as communication channels. Once our updated systems are operational, our final goal is to conduct an in-field demonstration of CV-MDI-QKD combined with secret key cryptography.