An Effective Parameter Analysis for Sending-or-Not-Sending Quantum Key Distribution with Untrusted Light Sources
Jiajian Huang, Weigang Li, Yucheng Qiao

TL;DR
This paper proposes a method to improve the security of quantum key distribution by monitoring untrusted light sources, enabling longer transmission distances.
Contribution
A novel light-source monitoring solution using untagged bits is introduced to enhance the security and performance of quantum key distribution protocols.
Findings
The untagged bits-based solution achieves ideal monitoring performance in untrusted light source environments.
The method derives a tight bound for secure bit rate and approximates the performance of ideal light sources.
The solution outperforms existing methods in transmission distance and mitigates light-source fluctuations.
Abstract
The twin-field (TF) protocol is a key protocol in quantum key distribution (QKD) that enables remote key distribution, achieving a maximum secure transmission distance of over 500 km. However, the TF protocol still faces several security issues in real-world environments. To address the issue of untrusted sources, one effective solution is to introduce a light-source monitoring module into the system. Analysis shows that a solution based on untagged bits (UBs) can achieve ideal monitoring performance. This solution can capture UB signals to accurately estimate key parameters in the protocol’s security analysis, ultimately deriving a tight bound for the secure bit rate. Simulations show that this solution approximates the performance of ideal light sources in the presence of untrusted sources and effectively mitigates the impact of light-source fluctuations. It outperforms other…
Genes, proteins, chemicals, diseases, species, mutations and cell lines named across the full text — each resolved to its canonical identifier and authoritative record.
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3- —the National Natural Science Foundation of China
- —Guangxi Science and Technology Program
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsQuantum Information and Cryptography · Quantum optics and atomic interactions · Quantum Mechanics and Applications
1. Introduction
Quantum key distribution (QKD) is a secure communication protocol with strong security guarantees. In 1984, the BB84 protocol [1] emerged, marking the beginning of quantum communication. Since then, various protocols have emerged, including the BBM92 protocol [2], SARG04 protocol [3], differential phase protocol [4], and six-state protocol [5]. On the other hand, rapid theoretical advancements in QKD have been accompanied by significant experimental achievements. In 1992, Bennett and Brassard successfully built the first QKD experimental system [6] and demonstrated the key distribution process of the BB84 protocol. In 1999, Bechmann-Pasquinucci and Tittel proposed the use of high-dimensional quantum qubits [7] for QKD to enhance its information-carrying capacity, replacing traditional two-dimensional qubits. In 2002, Cerf and Bourennane analyzed the security of d-level QKD systems [8]. The feasibility of high-dimensional QKD has been gradually demonstrated by researchers with studies focusing on transmission distance [9,10] and security [11,12,13]. Although the communication distance and key length of this system are limited, it proved that QKD is feasible. This indicates that QKD research is continuously evolving and becoming more sophisticated. However, as research progresses, scholars have identified several security vulnerabilities in QKD applications. These include the photon number-splitting (PNS) attack [14], the fake state (FS) attack [15], the time-shift (TS) attack [16], and the detector-blinding (DB) attack [17].
Scholars have proposed various methods and protocols to counter the above attacks. In 2004, Gottesman, Lo, N. Lütkenhaus, and Preskill proposed an analytical method for assessing the security of the BB84 protocol with non-ideal devices, which was known as the GLLP [18] theory. This theory effectively extends the security of the BB84 protocol to practical applications, analyzing the real-world security of QKD. Subsequent theoretical advancements, such as the decoy state method [19] and optimized parameter estimation techniques, have been developed to improve the performance of practical systems [20,21,22], enhancing both security and efficiency. To address side-channel attack threats faced by detectors, scholars have proposed the measurement-device-independent (MDI) protocol [23].
To improve the performance of practical QKD systems, Lucamarini et al. proposed the twin-field (TF) protocol [24] in 2018. Due to its significant advantages in transmission, it has sparked widespread research. Many subsequent enhanced protocols, referred to as TF-type protocols, further improved both the security and performance of the system. Among the TF-type protocols, sending-or-not-sending (SNS) protocol [25] is more widely used. The SNS protocol achieves long-distance secure transmission by configuring a series of sending or not sending signals. Recently, researchers have analyzed the security of the SNS protocol under different situations [26,27,28,29,30]. Researchers also have proposed various methods to enhance the performance of the SNS protocol. For example, by using the independent lasers [31], introducing the actively odd parity pairing (AOPP) method [32,33,34] and applying the phase postselection [35], the transmission range of the SNS protocol can be significantly extended. Nonetheless, practical implementation challenges persist. Researchers have addressed the practical security issues of the SNS protocol, particularly those related to the light source [36,37,38,39,40,41,42,43,44]. In our preliminary work, we investigated light source monitoring. Although this work is theoretically significant, it is not practical for real-world system implementation. In this paper, we propose a practical solution, untagged bits (UBs) [45], to effectively address the light source security challenges in SNS protocol.
This paper is organized as follows. In Section 2, we describe the steps of the SNS protocol, analyze its security, and estimate key parameters. In Section 3, we present numerical simulations and analyze the results. Finally, Section 4 concludes the paper.
2. SNS Protocol with UB
2.1. Introduction of SNS Protocol
Although the structure of the SNS protocol is similar to that of the TF protocol, it optimizes the signal preparation and post-processing steps. The steps of the SNS protocol are as follows [25]:
- At each time window i, Alice (Bob) determines whether it is a signal or decoy window. If it is a decoy window, Alice (Bob) prepares a coherent state and sends it to Charlie. If it is a signal window, Alice (Bob) prepares a coherent state with probability and sends it to Charlie. and represent the photon intensity of the decoy state and the signal state, represents the random phase, and represents the phase offset of the channel.
- Charlie receives the states sent by Alice and Bob and publishes all the measurement results for the effective events. Effective events are defined as follows: (1) When Alice and Bob simultaneously decide on the signal window, Alice (Bob) decides to send the signal, while Bob (Alice) decides not to send it, corresponding to Charlie announcing only detector clicks. (2) When Alice and Bob simultaneously decide on the decoy window, they prepare coherent states with the same intensity, and in this window, the random phases and satisfy [25]
corresponding to Charlie announcing only detector clicks. The value of is determined by the size of the phase slice chosen by Alice and Bob, as described in Ref. [24]. 3. After Charlie publishes all the measurement results, Alice and Bob announce all the windows and the details of the decoy windows to classify the data accordingly and determine the parameters of the security key formula. 4. The secret key rate of the SNS protocol has been given as [25,26]
represents the probability that Alice (Bob) sends the signal state to Charlie during the signal window. refers to the lower bound of the probability of sending a signal that contains a single photon. We define Z-data [26] as events in which Alice and Bob simultaneously select the signal window. -data refers to effective events where one party chooses to send the signal while the other does not. represent the lower bound of the count rate and the upper bound of the phase error rate of single-photon events in the -data. and represent the count rate and bit error rate of the signal, f is the error correction efficiency, and refers to the binary Shannon entropy function.
Under asymptotic conditions, Equation (2) remains valid and can accurately estimate the parameters [25].
represents the three intensities of the decoy windows. can be directly calculated as
2.2. Security Analysis
In the SNS protocol, Z-data are generated from effective events when Alice (Bob) sends a signal state while Bob (Alice) does not. Therefore, the security of the SNS protocol is equivalent to that of the BB84 protocol with a decoy-state scheme. Equation (2) holds under asymptotic conditions. However, the key challenge lies in accurately estimating . For X-data, when both communicating parties select decoy states of the same intensity, the output two-mode quantum state is given by , where represents the average photon number of the decoy state. Although the random phases and in X-data satisfy Equation (1), indicating that is not random, the value of remains random. We define a new variable . Under this new variable, the output quantum state becomes [25]
In Eve’s view, the dual light field state can be regarded as a mixed state represented by due to the random selection of over the interval . Therefore, the SNS protocol confirms that after transmission through the channel, the dual light field state can be expressed as shown in Equation (9).
In Equation (9), denotes the component of the joint state of the two optical fields containing a total of k photons, while represents the probability of this joint state occurring. This indicates that the decoy-state method can be applied to estimate the count rate and bit error rate of the single-photon component based on the X-data. Specifically, this applies to partial signals corresponding to zero-, single-, and two-photon components, where k = 0, 1, or 2 can be expressed as the following equations.
Under untrusted source conditions, as opposed to ideal light source conditions, each communicating party emits arbitrary quantum states as
Referring to the SNS protocol [25], a new variable is defined, which leads to Eve’s observation that the joint state sent by the two communicating parties can be expressed as
refers to the density operator. Calculating and normalizing Equation (15) yields the result.
Further analysis shows that when the light source conditions of both communicating parties are consistent,
the single-photon component of can be expressed as
This means that the same results can be obtained as with ideal light sources even under untrusted light source conditions. Therefore, the security analysis method of the original SNS protocol remains valid. Under untrusted source conditions, the security of the protocol can still be guaranteed.
2.3. Parameters Estimation with UB
In the original SNS protocol, Alice (Bob) sends a coherent signal [25], where the average number of photons follows a Poisson distribution
we can then calculate Equations (5)–(7) using Equation (21). However, under untrusted light conditions, the photon distribution no longer follows a Poisson distribution. Therefore, light source monitoring is required to estimate , and .
The light structure of the SNS protocol is similar to that of the MDI protocol with both protocols sharing similarities in phase and intensity modulation. The details of the SNS protocol, which is based on the UB monitoring scheme, are shown in Figure 1. The communicating parties estimate the probabilities of zero-, one-, and two-photon signals . Specifically, the monitoring parameter can be obtained through the UB light monitoring structure, which is the UB signal ratio, and it is denoted as . is expressed by the following inequality:
The UB signal is defined as photons and , which are prepared by the communicating parties and located in the signal intervals and , respectively. represents the probability that both communicating parties send UB signals. By applying Equation (22), the probabilities of zero-, single-, and two-photon signals in the secure bit rate formula can be further estimated using the following key parameters
is the probability that the final signal after transmission contains m photons when the original signal has N photons with intensity .
As a result, with the analysis shown in Appendix A, we can obtain the upper and lower bounds of .
The previous analysis precisely determines the upper and lower bounds of . Furthermore, by substituting the results into Equations (3) and (4), the key parameters—the single photon response rate and bit error rate—can be estimated for the protocol’s security analysis. Finally, the secure bit rate R is calculated using the formula in Equation (2).
3. Performance with Numerical Simulation
The key parameter in the secure bit rate formula for the UB light monitoring scheme is the UB signal proportion , which is determined by the actual light source signal characteristics and the UB signal interval . can be expressed as the following equation [45]
when the light source is considered ideal, and the can be directly calculated.
However, in practical analysis, the laser device is affected by the working environment, and fluctuations in light intensity are commonly observed. To simulate the experimental environment, we introduce the light intensity fluctuation parameter and set as
Other calculation parameters are similar to those in the original SNS [25,26] protocol. To accurately estimate the performance of the UB light monitoring scheme, it is necessary to select an appropriate light source signal range based on experimental conditions to determine the UB signal proportion, which is followed by the calculation of the ideal secure bit rate. To simulate the experimental environment, we select the average photon number , the light intensity fluctuation parameter and the interval parameter . Additionally, the traversal interval is set to followed by performance simulation under these conditions.
Based on the parameter estimation results from the previous section, simulations of the SNS protocol using the UB monitoring scheme can be performed under untrusted source conditions. First, we perform a performance simulation of the SNS protocol using ideal experimental parameters, which are set to be the same as in Reference [25] and listed in Table 1. The simulation results are shown in Figure 2. They demonstrate that the protocol can achieve performance close to that of an ideal light source environment, even under untrusted source conditions, when the UB light source monitoring is introduced. Under the set monitoring conditions, the maximum secure transmission distance can reach 817.5 km, which is over 95% of the ideal light source environment.
Furthermore, we can analyze the performance of this monitoring scheme under untrusted source conditions and actual simulation parameters. The simulation results are shown in Figure 3. To simulate a real-world QKD system, we also consider factors such as a high dark count rate and low detection efficiency. Additionally, factors such as fiber attenuation, inherent system errors, and non-ideal data coordination efficiency are also considered in a non-ideal environment. Finally, the experimental parameters are chosen based on Table 2. The simulation result shows that under untrusted source conditions, the maximum secure transmission of the SNS protocol based on the UB monitoring scheme can reach 490 km, which is over 92% of the ideal light source environment. According to this result, although combining the UB monitoring scheme requires sacrificing some signals outside the UB interval, the performance can still be maintained within an acceptable range under certain experimental conditions.
4. Conclusions
Under untrusted source conditions, the primary factors to consider are the security of the dual light-field protocol as well as sufficient secure bit rate and transmission. In this paper, we introduce UB light monitoring into the SNS protocol. The introduction of UB light-source monitoring in the SNS protocol provides a novel and effective solution. By externally monitoring the light source signals of the communicating parties, following filtering and phase randomization, the proportion of UB signals with photon numbers within a specified interval can be determined. This allows for the accurate estimation of key parameters in the protocol’s security bit rate formula, such as the probabilities of zero-photon, single-photon, and two-photon signals. Consequently, a compact lower bound for the security bit rate can be effectively determined. Furthermore, this scheme monitors the laser source signal before attenuation, bypassing the challenges of low detection efficiency and high costs commonly associated with single-photon detection for weak light monitoring.
The simulation analysis demonstrates that this scheme can achieve 817.5 km of secure transmission under ideal simulation parameters, which closely matches the transmission performance of an ideal light source environment. Under actual simulation parameters, the scheme can achieve 490 km of secure transmission, matching over 92% of the performance in an ideal light source environment. Compared to other protocol schemes, this scheme demonstrates better tolerance to light source fluctuations and offers significant advantages in transmission distance and secure bit rate.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1Bennett C.H. Brassard G. Quantum cryptography: Public key distribution and coin tossing Theor. Comput. Sci.201456071110.1016/j.tcs.2014.05.025 · doi ↗
- 2Bennett C.H. Brassard G. Mermin N.D. Quantum cryptography without Bell’s theorem Phys. Rev. Lett.19926855710.1103/Phys Rev Lett.68.55710045931 · doi ↗ · pubmed ↗
- 3Scarani V. Acin A. Ribordy G. Gisin N. Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations Phys. Rev. Lett.20049205790110.1103/Phys Rev Lett.92.05790114995344 · doi ↗ · pubmed ↗
- 4Inoue K. Waks E. Yamamoto Y. Differential phase shift quantum key distribution Phys. Rev. Lett.20028903790210.1103/Phys Rev Lett.89.03790212144419 · doi ↗ · pubmed ↗
- 5BrußD. Optimal eavesdropping in quantum cryptography with six states Phys. Rev. Lett.199881301810.1103/Phys Rev Lett.81.301811909501 · doi ↗ · pubmed ↗
- 6Bennett C.H. Bessette F. Brassard G. Salvail L. Smolin J. Experimental quantum cryptography J. Cryptol.1992532810.1007/BF 00191318 · doi ↗
- 7Bechmann-Pasquinucci H. Tittel W. Quantum cryptography using larger alphabets Phys. Rev. A 20006106230810.1103/Phys Rev A.61.062308 · doi ↗
- 8Cerf N.J. Bourennane M. Karlsson A. Gisin N. Security of quantum key distribution using d-level systems Phys. Rev. Lett.20028812790210.1103/Phys Rev Lett.88.12790211909502 · doi ↗ · pubmed ↗
