OSA's Digital Library

Optics Express

Optics Express

  • Editor: C. Martijn de Sterke
  • Vol. 17, Iss. 14 — Jul. 6, 2009
  • pp: 12090–12108
« Show journal navigation

Security of a discretely signaled continuous variable quantum key distribution protocol for high rate systems

Zheshen Zhang and Paul L. Voss  »View Author Affiliations


Optics Express, Vol. 17, Issue 14, pp. 12090-12108 (2009)
http://dx.doi.org/10.1364/OE.17.012090


View Full Text Article

Acrobat PDF (1474 KB)





Browse Journals / Lookup Meetings

Browse by Journal and Year


   


Lookup Conference Papers

Close Browse Journals / Lookup Meetings

Article Tools

Share
Citations

Abstract

We propose a continuous variable based quantum key distribution protocol that makes use of discretely signaled coherent light and reverse error reconciliation. We present a rigorous security proof against collective attacks with realistic lossy, noisy quantum channels, imperfect detector efficiency, and detector electronic noise. This protocol is promising for convenient, high-speed operation at link distances up to 50 km with the use of post-selection.

© 2009 Optical Society of America

1. Introduction

Quantum key distribution (QKD) systems [1

1. C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.

, 2

2. A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991). [CrossRef] [PubMed]

, 3

3. M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).

] make use of optical quantum fluctuations to establish shared secret keys between two legitimate users (Alice and Bob) such that an eavesdropper (Eve) who makes optimal physical measurements can know, on average, none of the bits of the secret key. After a number of samples of a correlated randomvariable are obtained by means of quantum measurements, a reconciliation phase assures agreement of Alice and Bob’s data. Finally, a privacy amplification phase uses universal hash functions to eliminate Eve’s potential partial information at the cost of shrinking the length of Alice and Bob’s shared data. Systems thatmeasure arrivals of single photons are called discrete variable systems, while those that use homodyne or heterodyne detection to measure the continuous-valued electromagnetic field and are called continuous variable systems [4

4. S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005). [CrossRef]

]. Discrete QKD is well developed in terms of security analyses, experiments, and commercial products. One important avenue of research for QKD systems seeks to improve rates. The counting rate limitations for non-cryogenic detectors are 15 MHz for silicon photon counters and new greatly improved counter speed of approximately 100 MHz for InGaAs photon counters. These limits are due to dead times required to clear avalanche carriers, which produces spurious afterpulsing counts.

The two classes of CVQKD systems use continuous signaling [7

7. F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).

, 8

8. F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002) [CrossRef] [PubMed]

] and discrete signaling [9

9. R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006). [CrossRef]

]. Continuous signaling, where Alice sends 2 independent Gaussian distributed random variables in the x and y quadratures of the field, is themost studied because proofs against individual and collective attacks exist [10

10. F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005). [CrossRef] [PubMed]

, 11

11. M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005). [CrossRef] [PubMed]

, 12

12. R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]

, 13

13. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]

]. An individual attack describes manipulation of individual timeslots and optimal quantum measurement by Eve on light in that timeslot, while collective attacks describe manipulation of individual timeslots and optimal joint measurement of several or many timeslots. State-of-the-art continuously signaled experiments provide security against collective attacks, and demonstrate final key rate limited to 2 kB/sec [14

14. J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

]. This limitation is due not to the physical layer, but to the time required to implement reconciliation on a typicalmicroprocessor. Attempts to increase speed have led to proposals for post-selection, and recently to a protocol that can be proved secure against collective attacks if infinite dimensional conditional homodyne tomography can be implemented on a subset of data [15

15. M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007). [CrossRef]

]. It has been clear to many CVQKD researchers that a discretely signaled CVQKD protocol would be advantageous in terms of simplicity and several have been proposed. However, it has been pointed out that the security of discretely signaled systems under collective attacks remains an open problem for the practical case of excess noise in the channel [16

16. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

]. Very recent work on the security of a binary modulated CVQKD system [17

17. Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009). [CrossRef]

] showed quite limited tolerance to excess noise. However, we will show that quantum tomography in a protocol can greatly improve the situation.

In order to increase distance, the technique of post-selection has been proposed for CVQKD [18

18. Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

, 19

19. C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006). [CrossRef]

, 20

20. A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005). [CrossRef] [PubMed]

, 21

21. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007). [CrossRef]

]. In post-selection schemes, only a subset of the data is used, improving the signal-to-noise ratio between Alice and Bob. CVQKD experiments have been implemented with post-selection [19

19. C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006). [CrossRef]

, 20

20. A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005). [CrossRef] [PubMed]

, 21

21. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007). [CrossRef]

], but without security proofs. Although Gaussian attacks have been proved to be optimal against continuously signaled CVQKD systems, the optimal attack for post-selection based CVQKD protocols is unknown yet. Recent recent progress on the security analysis of post-selection [15

15. M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007). [CrossRef]

] gave a proof of a post-selection protocolwhen there is excess gaussian noise introduced into the channel. The protocol presented in their paper requires full conditional state tomography.

Fig. 1. Alice’s encoding scheme in which she only sends four different coherent states.

2. The quantized input-quantized output CVQKD protocol

In order to obtain positive secrecy capacity, it is desirable that Alice and Bob nearly achieve the capacity of the channel given the signal-to-noise ratio. Recently, a new result of classical information theory [22

22. J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

] shows that for a lossy gaussian channel with given signal-to-noise ratio, when Bob quantizes the received data, the optimal way for Alice to encode data is to also send quantized data. Specifically, under the condition that Bob performs binary quantization, Alice needs only send binary data and achieve the channel capacity. This result is significant for reverse-reconciliation CVQKD because it indicates that if Bob quantizes the data received, then Alice does not need to send gaussian modulated signals but should send binary signals.

The quantized input-quantized output(QIQO) CVQKD protocol is described below:

Step 1: Alice randomly picks up a random variable xk ∈ {1,2,3,4} and encodes a coherent state φxkk{α1=r+ri,α2=rri,α3=r+ri,α4=rri}, where r is a positive real number depending on Bob’s signal-to-noise ratio and k denotes the index of time slot, and sends it through a lossy and noisy quantum channel. Alice’s encoding scheme can be described in Fig. 1.

Step 2 Bob receives a quantum state from the quantum channel. With probability p, each measurement is assigned to channel characterization, where Bob randomly chooses a local oscillator phase ϕk of 0, π/4 or π/2, makes a homodynemeasurement and records the real result [23

23. V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

]. With probability 1-p, that measurement is assigned a data collection index k, where Bob randomly chooses a local oscillator phase ϕk of 0 or π/2 before performing homodyne detection. If his measurement result is greater than T, where T≥0 is Bob’s decision threshold, then he quantizes the result to qk=1. If Bob’s measurement result is less than -T otherwise, he quantizes the data to qk=−1. For other cases where his measurement result is between -T and T, Bob quantizes his data to qk=0. When qk=0, the data from the corresponding time slot will not be selected in the post processing. When T=0, it reduces to the case without post-selection.

To summarize these two steps, Alice uses random QPSK signaling but Bob’s collected data are digitized BPSK.

Step 3:When all quantumcommunication has been finished, Bob reveals to Alice which time slots that were used for characterization phasemeasurements. Alice reveals to Bob the state that she has sent for those time slots. Then Bob performs conditional quantum tomography for each one of the four particular coherent states that Alice sent. Only three different collection angles are required to achieve a good estimate of the received state [23

23. V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

]. We know that without Eve, the channel can be modeled as a beamsplitter with two inputs, one of which is Alice’s output to the quantum channel and the other one is the excess channel noise mode.

b̂=ηâ+1ηε̂n,
(1)

where b̂ is the output of beamsplitter going to Bob’s detectors and η is quantum efficiency of the quantum channel. For any field quadrature of Bob, we have

Q̂b=ηQ̂a+1ηQ̂εn.
(2)

Assume pb(q), pa(q) and pεn (q) are the possibility distributions of the three quadratures, we have

Pb(q)=Pa(ηq)*Pεn(1ηq),
(3)

where * is a convolution. By Fourier transform techniques, we can find pε (q) once we know pa(q) and got pb(q) fromtomography. Therefore, we can also reconstruct ρ̂εn based on quantum tomography on ρ˜b. For the protocol, Bob performs quantum conditional tomography for all four cases. Then Bob can reconstruct ρ̂εn for all four cases. The protocol requires that the reconstructed ρ̂εn for all four cases to be the same. Otherwise, Alice and Bob abort the protocol.

Step 4: For each data collection time slot, Bob reveals the local oscillator phase that was chosen. If Bob used ϕk=0, then Alice records ak=1 for the case where xk=0 or xk=1 and ak=−1 for the case where xk=2 or xk=3. If Bob used ϕk=12π, then Alice records ak=1 for the case where xk=0 or xk=2 and ak=−1 for the case where xk=1 or xk=3.

Step 5: Bob sends checkbits to Alice over a public channel, i.e. reverse reconciliation. The reconciliation is strictly one-way.

Step 6: Alice and Bob perform privacy amplification to distill the final secure key.

3. Security analysis

In this section, we analyze the security of the QIQO CVQKD protocol against collective attacks, where Eve interacts with incoming quantum states individually and makes joint multi-timeslot measurements after knowing Bob’s measurement basis. The security of CV QKD systems can be guaranteed by fundamental limits of the noise coming from the quantum measurements. However, since the quantum channel can always introduce some excess noise, this amount of noise could potentially have been introduced by Eve, and may thus weaken the security of the system. We treat the excess channel noise rigorously. We divide this section into two subsections. In the first subsection, we analyze the simpler case where there is no excess channel noise but Bob’s homodyne detector has a given quantum efficiency and Bob also has some additive gaussian electronic noise. We will give an analytical solution for this case. In the second subsection, we analyze the case where measured excess noise is assumed to have the quantum channel as its source.

For collective attacks, the secrecy capacity between Alice and Bob in bits per channel use is defined to be

ΔI=I(A;B)χ(B;E),
(4)

where I(A;B) is the mutual information between Alice and Bob. However, practical reconciliation codes do not reach the Shannon limit. If we define a reconciliation efficiency β, then the practical secrecy capacity in this case becomes

ΔI=βI(A;B)χ(B;E).
(5)

In order to make the practical secrecy capacity positive so that Alice and Bob can distill a secure key by privacy amplification, there exists a minimal required reconciliation efficiency β 0 where

β0I(A;B)χ(B;E)=0.
(6)

For the binary symmetric channel in our protocol, I(A;B) can be completely determined by the signal-to-noise ratio of Bob. I(A;B) can be calculated as Eq. (7) and Eq. (8),

eAB=112πSNRex22dx.
(7)
I(A;B)=1h(eAB),
(8)

where h(p)=−plog2(p)−(1−p) log2(1−p) is the binary entropy function.

χ(B;E) is the Holevo information between Bob and Eve, which is defined to be

χ(B;E)=S(ρ̂E)ΣipiS(ρ̂E|q=i),
(9)

where S(ρ̃E) is the von Neumann entropy of Eve’s mixed state. ρ̃E|q=i is Eve’s mixed state given Bob’s measurement result and pi is the probability that Bob’s measurement is i. For our binary symmetric case, we can rewrite χ(B;E) to be

χ(B;E)=S(ρ̂E)12S(ρ̂E|q=1)12S(ρ̂E|q=1)=S(ρ̂E)S(ρ̂E|q=1)
(10)

for an optimal attack.

3.1. Analytical solution for no excess channel noise case

When there is no excess channel noise, Bob’s received state is a coherent state given Alice sent a particular quantumstate. When the tomographic subset verifies Bob’s received state, Eve’s only possible attack is a beam splitter attack, where Eve replaces the lossy channel with a perfect one and uses a beam splitter to simulate the lossy effect of the channel. Suppose the quantum efficiency of the quantum channel is h, then Bob’s received quantum states are |√ηαi〉 and Eve’s received quantum states are 1ηαi. It is straight forward to give the expression for ρ̃E,

ρ̂E=Σi=14141ηαi1ηαi.
(11)

The second term of χ(B;E) relates directly to the error rate of the binary symmetric channel. Let’s consider the case where Bob chose ϕ=0 as the phase for homodyne detection. Given Bob’s quantized data q=1, the possibility that Alice sent |α 1〉, |α 2〉, |α 3〉 and p1|q=1=12(1eAB), p2|q=1=12eAB, p3|q=1=12(1eAB) and p4|q=1=12eAB respectively. Therefore, the second term of χ(B;E) is

ρ̂E|q=1=Σi=14pi|q=1η1αiη1αi.
(12)

VB=VS+Vel.
(13)

The signal-to-noise ratio then reads,

SNR=ui2VB,
(14)

where ui={ηηmαi} is Bob’s average value of X quadrature when Alice sent αi. ηm is the detection efficiency of the homodyne detector. Combining Eq. (13) and Eq. (14), we have

SNR=2{ηηmαi}Vs+Vel.
(15)

Together with Eq. (7), we calculate the error rate of the binary symmetric channel between Alice and Bob. Combining the above equations, we get the analytical expression for the secrecy capacity between Alice and Bob for the case where there is no excess noise.

3.2. Numerical simulation for the general case with excess channel noise

In the case where excess noise is introduced into the quantum channel, the analysis is more complicated and numerical simulations are required. We will prove that with small amounts of excess noise, the security of the QIQO CVQKD scheme can still be guaranteed. The details of the numerical simulation are listed in the appendix.

3.2.1. Validity of channel model

We will show that Eve’s optimal collective attack is the entangling beamsplitter attack (see Fig. 2), where Eve replaces the lossy fiber with a lossless channel and mixes one of two entangled beams (ρ̂εn) on a beamsplitter while additionally monitoring one of the outputs (ρ̂εr). Conditional homodyne tomography serves to make the optimality of the entangled beamsplitter attack provable.

We need note that Eve’s attack is a unitary operator which maps the product state of Eve’s original ancillary state and Alice’s output state to the input state measured by Bob’s detectors and to the final ancillary state. If the input ancillary state and Alice’s output state are given, and the output states of the unitary operator are also given, then the unitary operator can be regarded as a black box. In this case, the internal structure of the black box does not matter because the secrecy capacity of the system is only a function of the output of the black box. In other words, only the output quantum state matters and how the state was generated does not. Eve’s unitary operation can be denoted as

|Φi=M̂(ΨEαi),
(16)

where i denotes Alice’s picked state and |ψ〉E denotes Eve’s original ancillary states. Then Bob’s incoming density matrices are given by a trace over Eve’s Hilbert space

ρbi=TrE(ΦiΦi).
(17)

We know that ρbi can be obtained by quantumconditional tomography and according to Eq. (1), each i can be expresses as a superposition of Alice’s mode and another excess noise mode, we can decompose M̂ into three different unitary operators Ô, P̂ and Q̂. Ô creates ρ̂εn from Eve’s original ancillary states

ρ̂εn=Trr[Ô(ΨEΨ)ô],
(18)

where Trr denotes the trace over the rest Eve’s state beside εn. The role of operator P̂ is to interact ρ̂εn with |αi〉 on a beamsplitter to create ρbi. P̂ can be written as

P̂=[η1η1ηη].
(19)

The role of Q̂ is to map the final state back to |¦i〉. We have

Q̂=M̂ÔP̂.
(20)

Since for all four cases, M̂ and Ô, P̂, Q̂ give the same output, the decomposition is therefore equivalent to the unitary operator M̂. The idea of decomposition can be found in Fig. 3.

Fig. 2. Model of relevant quantum channels. ρ̂εn and ρ̂εr, density matrices produced by Eve’s EPR source; ρ̂a, density matrix of signal sent by Alice; ρ̂b and ρ̂b, density matrix before Bob’s detector inefficiencies and after detector inefficiencies; ρ̂εn, density matrix post-beamsplitter, measured by Eve; ρ^ hom, density matrix of equivalent mode consisting of light lost to detector inefficiencies. τ is the squeezing parameter of EPR source, η is the channel efficiency, and η m is Bob’s detector efficiency.

We note here that the operator Q̂ is a post-processing on Eve’s states. According to quantum data processing theorem [24

24. R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory , 47, 1 pp 474–478 (2001). [CrossRef]

], this operation does not increase Eve’s accessible information. Therefore, we can safely only consider the system without Q̂ since Q̂ can only decrease Eve’s accessible information. In anther word, considering ρεr and ρεn is enough for calculating Eve’s accessible information.

Fig. 3. Eve’s attack operator M̂ can be decomposed into three sub-operators Ô,P̂ and Q̂, which give the same output quantum states.

3.2.2. Mathematical description of the channel model

As an example, we calculate an representative case where the excess channel noise is thermal. If the channel noise is not thermal, as long as we reconstruct ρεn, we still can use the same method to calculate the secrecy capacity. In Fig. 2, ρ̂εn is Eve’s input mode to the operator P̂. Whatever Bob’s state, he can infer Eve’s input mode because he also knows Alice’s sent state. Mathematically, ρ̂εn can be written as,

ρ̂εn=(1τ2)Σn=0τ2nnn.
(21)

In the Schrödinger picture, we assume Eve’s State to be a pure state Ψεn,εr, where the subscript εr denotes the rest of the system modes besides εn. One should note that although the notation here implies that Eve is using a two mode state, Eve is not actually limited to a two mode state. The quantumtomography only guarantees that the inputmode εn to the beamsplitter be a thermal state. Subscript εr denotes Eve’s arbitrary number of modes, that remain besides εn. Since Eve’s entire quantum state is pure, the condition in Eq. (22) must satisfy,

ρ̂εn=Trεr(Ψεn,εrΨ),
(22)

Without loss of generality, one can assume Ψεn,εr has the form in Eq. (23),

Ψεn,εr=1τ2n=0τnnεnϕ(n)εr,
(23)

where 〈ϕ(n)|ϕ(n′)〉=δn,n′.

Similar to other security proofs of CVQKD schemes, we make use of an entanglement based picture: we assume Alice also has a entanglement source that generates the quantum state in Eq. (24),

ΨA=Σi=1412αiaia,
(24)

which is a two mode state. In mode a′, the state is expressed in the Fock basis and in mode a the state is expressed in the coherent basis. Alice then makes a photon number counting measurement onmode a′, which projects the state of mode a into one of the four coherent states, i.e., ρ̂a=Tra(A|ψa,aψ|A)=i=1414|αiaαi, which corresponds to the case where Alice randomly chooses one of the four coherent states and sends it through the quantum channel. The quantum state of the entire system becomes

|Φ=B̂b,hom(ηm)B̂a,εn(η)|ψA|Ψεn,εr|0hom,
(25)

where B̂b,homm) and B̂a,εn(η) denote the unitary operator of BS1 and BS2.

Bob then makes a homodyne measurement on mode b′. Each measurement results, by the state reduction postulate of quantum mechanics, in the rest of the system is collapsing into a pure quantum state. Suppose Bob’s homodynemeasurement results in a real-valued number X, then the system collapses into the state

ΞX=bXΦΦXbXΦ,
(26)

Tracing over Alice’s mode a′ and the hom mode, one obtains Eve’s density matrix given the measurement result X,

ρ̂EX=Tra,hom(ΞXΞX).
(27)

The probability that ρ̂XE is generated is

p(ρ̂EX)=ΦXbXΦ.
(28)

Eve’s density matrix ρ̂E is then of the form Eq. (29),

ρ̂E=p(ρ̂EX)ρ̂EXdx
(29)

Experimental homodynemeasurements result in classical electronic noise, resulting in a real-valued measurement rB=X+Nel that is the sum of X, from the homodyne measurement, and Nel, which is a Gaussian distributed random variable denoting the electronic noise. Without post-selection, the protocol requires that Bob quantize rB according to its sign. If rB>0 Bob sets q=1, otherwise, Bob sets q=−1. We are interested in the conditional density matrix of Eve given Bob’s quantization result. Without loss of generality, we only analyze the case in which q=1.

Because the system begins in a pure state, Eve’s density matrix becomes a function of Bob’s homodyne measurement result X. However, Bob’s quantization result not only depends on X, but also depends on Nel, which is independent of X. We can always regard Eve’s conditional density matrix as a superposition of different ρ̂XE with different probability p(ρ̂XE |q=1). Therefore, Eve’s conditional density matrix can be written as Eq. (30),

ρ̂E|q=1=p(ρ̂EX|q=1)ρ̂EXdx.
(30)

We are now interested in p(ρ̂XE|q=1). According Bayes’ theorem,

p(ρ̂EX|q=1)=p(ρ̂EX)p(q=1|ρ̂EX)p(q=1).
(31)

We have the expression for p(ρ̂XE) from Eq. (28) and because of Alice’s symmetric signaling, we have p(q=1)=12.p(q=1|ρ̂EX) also depends on Vel, which is the variance of the electronic noise.

p(q=1|ρ̂EX)=12πVelXexp(x22Vel)dx.
(32)

nth=(1τ2)Σn=0nτ2n=τ21τ2.
(33)

Then Bob’s noise variance reads

VB=VS+12(1η)ηmnth+Vel.
(34)

Using Eq. (34) and Eq. (14), we can get the expression for signal-to-noise ratio for the case with excess noise, which is

SNR=2{ηηmαi}Vs+12(1η)ηmτ21τ2+Vel.
(35)

3.3. QIQO CVQKD with post-selection

As discussed in the Section 1, the practical limitation on the key generation rate of CVQKD systems is computational time for reconciliation. Treating the channel as if it were a binary symmetric channel for reconciliation purposes, the complexity of error correction codes used in reconciliation decreases. Suppose that for a given code, the code length is N and the code rate is R=(1-ε)C, whereC is the channel capacity, in this case decoding time complexity is function of ε and N. Typically, it grows polynomially with N. It has also been conjectured in [25

25. K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.

] that per-bit complexity of message-passing decoding of LDPC code over any ”typical” channel, such as a binary erasure channel or a binary symmetric channel, is O(log1π)+O(1εlog1ε), where π is the decoding error rate. So the closer the code approaches the Shannon limit, the more complex the code. In other word, the requirement of high β 0 leads to very complex codes. Even so, the decoding error probability drops only polynomially with code length for LDPC codes, which requires even more time complexity to reduce the block error rate to suitable levels.

For the proposed QIQO CVQKD scheme, in order to have positive secrecy capacity, Bob’s signal-to-noise ratio must be very low, i.e., around 0.5, which causes eAB to be very high, i.e., around 25%. In order to fit the error rate to the requirements of those good codes, we need to modify eAB while also changing β 0 little. Post-selection satisfies these requirements.

Bob’s final measurement result is rB=X +Nel when electronic noise is included. According to the proposed protocol, when rB > 0, Bob quantizes it into q=1, otherwise Bob quantizes it into q=−1. With post-selection, we set a threshold T>0. Bob’s quantization rule is modified as follows: for the case rB>T, he quantizes q=1, for the case -TrBT, he sets q=0 and for the case rB <-T, he sets q=−1. Finally, Alice and Bob discard data where q=0 and only make error correction on those data where q≠0. Bob’s decision rule for post-selection can be visualized in Fig. 4:

In order to get the expression for ρ̂E under post-selection, we need to reevaluate the probability of each ρ̂XE. We denote the new possibility as p(ρ̂XE|q≠0). Using Bayes’ theorem, it is rewritten to be

p(ρ̂EX|q0)=p(q0|ρ̂EX)p(ρ̂EX)p(q0)
(36)

The first term of the numerator can be expanded as

p(q0|ρ̂EX)=12πVel[(TX)exp(x22Vel)+(T+X)exp(x22Vel)].
(37)

The second term of the numerator can be had from Eq. (28). The denominator is the probability of selecting a result. It directly relates to the amplitude of the signal ui, the variance of noise VB and the T, and can be written as:

p(q0)=12πVB[(Tui)exp(x22VB)+(T+ui)exp(x22VB)].
(38)

ρ̂XE can be therefore written as

ρ̂EX=p(ρ̂EX|q0)ρ̂EXdx.
(39)

p(q=1|ρ̂EX)=12πVel(TX)exp(x22Vel)dx.
(40)

Having obtained the preceding probabilities, we get χ(B;E) according to Eq. (10).

Fig. 4. Bob’s decision rule under post-selection. Here σS=√VS and σel=√Vel.

Finally, we calculate eAB for post-selection. The symmetry of the states implies that the error rate is the same. So for simplicity, we only calculate the error rate when Alice encodes |α 1〉. We obtain:

eAB=p(q=1Aliceencodesα1)p(q0)=(T+ui)exp(x22VB)dx(Tui)exp(x22VB)dx+(T+ui)exp(x22VB)dx.
(41)

The secrecy capacity for post-selection is obtained straightforwardly. We present numerical simulation results and compare them to the case without post-selection in Fig. 6.

Fig. 5. The secrecy capacity and required reconciliation efficiency for the system without post-selection.

We note that the post-selection we have proposed does not require high rate multi-bit A/D conversion. It requires only a hard threshold decision. For the case where T=1, almost 10% of the data is selected. Therefore, if the clock rate is high enough, post-selection will not be the factor that limits the system.

4. Discussion of results

Numerical simulation results for a few cases of interest are presented in Fig. 5.

Fig. 6. The secrecy capacity, required reconciliation efficiency and the error rate on the BSC channel of the system with post-selection

Recently, we have become aware of a security analysis on binary modulated CVQKD system has been posted [17

17. Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009). [CrossRef]

] after we presented most of these results [26

26. Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.

]. That protocol uses two-state modulation instead of four-state modulation. It does not require quantum tomography. Instead, inequalities and maximum eigenvalues are found to get a upper bound for Eve. The inequalities result in an upper bound less tight than that found in this paper, which makes that protocolmore sensitive to channel excess noise. We also compare out result with [21

21. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007). [CrossRef]

], which is limited to 50 km with no excess noise. But the scheme proposed in this paper is secure beyond 50km with realistic excess noise and still has high secrecy capacity.

5. Conclusion

We have proposed a quantized input-quantized output continuous variable quantum key distribution protocol. By quantizing the data into binary, the decoding complexity is dramatically decreased. We have given a general proof for general collective attacks and shown numerical simulation results. In order to make the proposed system compatible with the requirements of existing high efficiency and high decoding speed codes, we have also proposed post-selection to allow choosing of the error rate of the binary symmetric channel such that β0 remains constant.

6. Appendix

Numerical simulation techniques

It is difficult to obtain analytical solutions for continuous variable quantum state, because it has infinite dimension. Unlike those protocols based on gaussian modulation of signal, discrete modulation only gives conditional gaussian states instead of global gaussian states. If the global state, such as ρ̂E, is not Gaussian, it’s difficult to find a analytical solution for von Neumann entropy when there excess noise is introduced into the channel. Fortunately, as long as the amount of excess noise is small, it’s still possible to get numerical solutions.

From Eq. (23), one may see that if Eve’s two mode quantum state is expanded into Fock spaces, there would be infinite number of terms. But one may truncate the state into finite number of terms since when τ is small, the amplitudes for large photon numbers are so small that those terms are negligible. For this simulation, we have the excess noise about 0.005 of one shot noise unit and this leads to τ=0.033 for 25km and τ=0.0167 for 50km. Using only the first three terms of the expansion is then justified. In other words, the terms up to 2 photons are preserved. We let EMAX=2 denoting the maximal number of photons.

Now we can approximate Eve’s two mode state using the form in Eq. (42):

|Ψεn,εr=1τ2Σn=0EMAXτnnεnϕ(n)εr.
(42)

Then mode εn is interacted with mode a. However, since the quantum state in mode εn is represented in Fock space, it needs to be transformed into coherent form so that the operation of BS1 is performed on two coherent states and the outcome of the operation is also coherent states. Here we use another approximationwhere |n〉 is represented as the superposition of n+1 coherent states [27

27. J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995). [CrossRef]

].

|n,r=c(r)n!er22(n+1)rnΣk=0ne2πin+1k|re2πin+1k,
(43)

where c(r) is used to normalize |n, r〉. We have

|n,r0=n.
(44)

The accuracy of the approximation is

1cn2=n!(2n+1)!r2(n+1)+o(r4(n+1)),
(45)

where |cn|2 is the probability amplitude of |n〉 in |n,r〉. In practice, we set r=0 for |0〉 and r=0.1 for other Fock states.

Thus, we write |Φ〉 in Eq. (46),

Φ=c(r)1τ2Σj=1412jaΣn=0EMAXτnnεrn!e(rn)22(n+1)(rn)nΣk=0ne2πikn+1ηm(ηαj+1ηrne2πikn+1)b
1ηm(ηαj+1ηrne2πikn+1)hom1ηαjηrne2πikn+1εn.
(46)

We first trace over a′ mode to get the density matrix of mode b′, εn, εr and hom.

ρ̂b,εn,εr,hom=Tra(ΦΦ)=Σi=1414ΩiΩi,
(47)

i.e., the density matrix for mode b′, εn, εr and hom is made up of 4 different pure states |Ωi〉 dependingAlice’s measurement of the photon counting on mode a′. This exactly corresponds to the case in which Alice prepares one of the four coherent states and sends it to Bob. For each of the |Ωi〉, Bob then make a homodynemeasurement on his mode b′. As have been discussed, the outcome of the homodyne measurement is a gaussian distributed continuous random variable with average value ui=(ηηmαi)) and variance VS. Physically, for each of the |Ωi〉, Bob’s measurement outcome has infinite possibilities. However, only those values distributed close to ui occur with high possibility. As an approximation, out simulation only takes the value in the range of [ui−6√VS,ui+6√VS]. Another approximation is that instead of processing the continuous data in the range [ui−6√VS,ui+6√VS], we divided it into XMAX bins with equal widths and made un approximation that Bob’s measurement only has XMAX different possibilities instead of infinite possibilities. Suppose each bin has left bound lbi,k and right bound rbi,k, with 1≤kXMAX. Then the measurement result is Xi,k=(lbi,k+rbi,k)/2 with possibility p(Xi,k)=12πVSlbi,krbi,kexp((xui)22VS)dx. The density matrix for mode εn, εr and hom can be approximately written as

ρ̂εn,εr,hom=Trb(ρ̂b,εn,εr,hom)=Σi=1414Σk=1XMAXp(Xi,k)Xi,kΩiΩiXi,kΩiXi,kXi,kΩi=Σi=1414Σk=1XMAXp(Xi,kψi,kψi,k),
(48)

where |ψi,k=Xi,k|ΩiΩi|Xi,kXi,k|Ωi. In order get ρ̂E, we further trace |ψi,k〉〈ψi,k| over mode hom. For low signal-to-noise ratio, the average photon number in mode hom is also low. If we use Fock basis to expand mode hom, we can neglect those quantum states with large photon numbers. Suppose we can present mode hom in Fock space and only keep the states up to HMAX photons. Then

Trhom(ρ̂εn,εr,homi,k)=Σj=0HMAXhomj|ψi,kψi,k|jhom.
(49)

Therefore, ρ̂E can be written as

ρ̂E=Σi=1414Σk=1XMAXp(Xi,k)Σj=0HMAXjψi,kψi,kj=Σi=1414Σk=1XMAXp(Xi,k)Σj=0HMAXp(jXi,k)εi,j,kεi,j,k,
(50)

where |εi,j,k=j|ψi,kψi,k|jj|ψi,k and p(j|Xi,k)=〈ψi,k|j〉〈j|ψi,k〉. Here we ignored the subscript for |jhom. We define a global possibility p(εi,j,k)=14p(Xi,k)p(j|Xi,k), then we can rewrite ρ̂E in the Eq. (51)

ρ̂E=Σi,j,kp(|εi,j,k)εi,j,kεi,j,k,
(51)

where we omitted the subscript E used to describe the mode. The problem of calculating the von Neumann entropy S(ρ̂E) is equivalent to solving the eigenvalue of the correspondingGram matrix [28

28. R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

]. Each element of the Gram matrix is

Gijk,ijk=p(|εi,j,k)p(|εi,j,k)εi,j,k|εi,j,k.
(52)

The non-zero eigenvalues of G are equivalent to the non-zero eigenvalues of ρ̂E. Suppose the non-zero eigenvalues of G are {λ 1,λ 2,…,λn}, then

S(ρ̂E)=Σi=1nλilog2(λi).
(53)

p(εi,j,kq=1)=p(q=1||εi,j,k)p(|εi,j,k)p(q=1).
(54)

What we need to calculate is just the first term of the nominator. This was calculated as follows:

p(q=1||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVel0exp[(yx)22Vel]dydx12πVSlbi,krbi,kexp[(xui)22VS]dx.
(55)

ρ̂E|q=1=∑i,j,kp(|εi,j,k〉|q=1)|εi,j,k〉 we can calculate S(ρ̂E|q=1) following the Gram matrix that we have discussed above.

For the post-selection case, we need to calculate p(|εi,j,k〉|q≠0). As what we’ve done above, we first rewrite it according to the Bayes’ theorem.

p(εi,j,kq0)=p(q0εi,j,k)p(|εi,j,k)p(q0).
(56)

What we need to calculate is just the first term of the nominator. The method that we used to calculate this term is

p(q0||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVel(Texp[(yx)22Vel]+Texp[(yx)22Vel])dydx12πVSlbi,krbi,kexp[(xui)22VS]dx.
(57)

Then ρ̂E=∑i,j,kp(|εi,j,k〉|q≠0)|εi,j,k〉. We can then use the Gram matrix to calculate S(ρ̂E).

In order to calculate S(ρ̂E|q=1) in the case with post-selection, we need to calculate the possibility p(|εi,j,k〉|q=1). We first rewrite it according to Bayes’ theorem, which can be found in Eq. (54). But now the first term must be calculated differently. We can calculate it as Eq. (58),

p(q=1||εi,j,k)=12πVSlbi,krbi,kexp[(xui)22VS]12πVelTexp[(yx)22Vel]dydx12πVSlbi,krbi,kexp[(xui)22VS]dx.
(58)

Finally, we can get ρ̂E|q=1 and calculate S(ρ̂E|q=1) according the above methods.

In order to demonstrate the accuracy of our numerical simulation results, we first compare it with the analytical solution in the limit of no excess noise. Here we picked up τ=1×10−6 in our numerical simulation. It shows that the difference of ΔI is only 6.5804×10−7 between numerical simulation and analytical results.

In the end, we give the comparison of the result we get by setting different parameters, i.e., EMAX, XMAX, HMAX and rk. We can see that when EMAX>2, XMAX>20, HMAX>6 and rk<0.1, we can see only tiny difference among different simulations. We believe that the simulation results are accurate enough for those parameters.

The simulation results with different parameters are shown in the TABLE 1. We took the secrecy capacity obtained at 25km without post-selection with EMAX=2, XMAX=20, HMAX=6 and r=0.1 as a reference and note it as ΔIref. We give the difference of ΔI * with the reference. We calculated ΔIrefΔI*ˉ and put the values into the TABLE 1.

From the results, we see that if we set EMAX=2, XMAX=20, HMAX=6 and r=0.1, we are already very close to the limit because if we further adjust the parameters, we get much less differences. In our final results, we just set EMAX=3, XMAX=30, HMAX=8 and r=0.05. We believe that these parameters give us numerical simulation results that are extremely close to the exact results.

Table 1. Differences of the secrecy capacity with ΔIref. Here 25km denotes the case of 25 km QIQO CVQKD without post-selection. 25km-ps denotes the case of 25 km QIQO CVQKD with post-selection. 50 km denotes the case of 50 km QIQO CVQKD without post-selection. 50 km-ps denotes the case of 50km QIQO CVQKD with post-selection.

table-icon
View This Table

7. Acknowledgments

This research was funded in part by the Agence National de la Recherche as part of the project HQNET. We thank Matthieu Bloch for discussions regarding LDPC coding.

References and links

1.

C. H. Bennett and G. Grassard, “Quantum Cryptography: Public Key Distribution and Coin Tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, Newyork, 1984), pp. 175–179.

2.

A. K. Ekert, “Quantum Cryptography Based on Bell’s Theorem,” Phys. Rev. Lett. 67, 661–663 (1991). [CrossRef] [PubMed]

3.

M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).

4.

S. L. Braunstein and P. Van Loock, “Quantum information with continuous variables,” Rev. Mod. Phys. 77, 513–577 (2005). [CrossRef]

5.

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using gaussian-modulated coherent states,” Nature 421, 238–241 (2003). [CrossRef] [PubMed]

6.

N. J. Cerf, M. Lévy, and G. Van Assche, “Quantum distribution of Gaussian keys using squeezed states,” Phys. Rev. A 63, 052311 (2001). [CrossRef]

7.

F. Grosshans and P. Grangier, “Reverse reconciliation protocols for quantum cryptography with continuous variables,”quant-ph/0204127 (2002).

8.

F. Grosshans and P. Grangier, “Continuous Variable Quantum Cryptography Using Coherent States,” Phys. Rev. Lett. 88, 057902 (2002) [CrossRef] [PubMed]

9.

R. Namiki and T. Hirano, “Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection,” Phys. Rev. A 74, 032302 (2006). [CrossRef]

10.

F. Grosshans, “CollectiveAttacks and Unconditional Security in Continuous Variable Quantum KeyDistribution,” Phys. Rev. Lett. 94, 020504 (2005). [CrossRef] [PubMed]

11.

M. Navascués and A. Acín, “SecurityBounds for Continuous Variables Quantum Key Distribution,” Phys. Rev. Lett. 94, 020505 (2005). [CrossRef] [PubMed]

12.

R. García-Patrón and N. J. Cerf, “Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]

13.

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]

14.

J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N.J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

15.

M. Heid and N. Lütkenhaus, “Security of coherent-state quantum cryptography in the presence of Gaussian noise” Phys. Rev. A 76, 022313 (2007). [CrossRef]

16.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “Title: A Framework for Practical Quantum Cryptography”arXiv:0802.4155(2008).

17.

Y. Zhao, M. Heid, J. Rigas, and N. Lütkenhaus, “Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks,” Phys. Rev. A 79, 012307 (2009). [CrossRef]

18.

Ch. Silberhorn, T.C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit” Phys. Rev. A 89, 167901 (2002).

19.

C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, “Coherent-state quantum key distribution without random basis switching” Phys. Rev. A 73,022316 (2006). [CrossRef]

20.

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light,” Phys. Rev. Lett. 95, 180503 (2005). [CrossRef] [PubMed]

21.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303(R) (2007). [CrossRef]

22.

J. Singh, O. Dabeer, and U. Madhow, “Capacity of the Discrete-Time AWGN Channel Under Output Quantization,” arXiv:0801.1185v1 (2008).

23.

V. Buẑek and G. Drobný, “Quantum tomography via the MaxEnt principle,” J. Mod. Opt. 47, 14/15 pp. 2823–2839 (2000).

24.

R. Ahlswede and P. Lober, “Quantum data processing,” IEEE Trans. Inf. Theory , 47, 1 pp 474–478 (2001). [CrossRef]

25.

K. Khandekar and R. J. McEliece, “On the complexity of reliable communication on the erasure channel,” in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.

26.

Z. Zhang and P. L. Voss, “A path towards 10 Gb/s continuous variable QKD,” LPHYS08, Trondheim, Norway. July 2008.

27.

J. Janszky, P. Domokos, S. Szabó, and P. Adam, “Quantum-state engineering via discrete coherent-state superpositions,” Phys. Rev. A 51, 5 (1995). [CrossRef]

28.

R. Jozsa and J. Schlienz, “Distinguishability of States and von Neumann Entropy,” arXiv:quant-ph/9911009v1, 3 (1999).

OCIS Codes
(060.0060) Fiber optics and optical communications : Fiber optics and optical communications

ToC Category:
Fiber Optics and Optical Communications

History
Original Manuscript: April 1, 2009
Revised Manuscript: May 28, 2009
Manuscript Accepted: May 30, 2009
Published: July 2, 2009

Citation
Zheshen Zhang and Paul L. Voss, "Security of a discretely signaled continuous variable quantum key distribution protocol for high rate systems," Opt. Express 17, 12090-12108 (2009)
http://www.opticsinfobase.org/oe/abstract.cfm?URI=oe-17-14-12090


Sort:  Author  |  Year  |  Journal  |  Reset  

References

  1. C. H. Bennett and G. Grassard, "Quantum Cryptography: Public Key Distribution and Coin Tossing," in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, New York, 1984), pp. 175-179.
  2. A. K. Ekert, "Quantum Cryptography Based on Bell’s Theorem," Phys. Rev. Lett. 67, 661-663 (1991). [CrossRef] [PubMed]
  3. M. A. Nielsen and I. L. Chuang, ‘Quantum Computation and Quantum Information, (Cambridge University Press, UK, 2000).
  4. S. L. Braunstein and P. Van Loock, "Quantum information with continuous variables," Rev. Mod. Phys. 77, 513-577 (2005). [CrossRef]
  5. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, "Quantum key distribution using gaussian-modulated coherent states," Nature 421, 238-241 (2003). [CrossRef] [PubMed]
  6. N. J. Cerf, M. Levy, and G. Van Assche, "Quantum distribution of Gaussian keys using squeezed states," Phys. Rev. A 63, 052311 (2001). [CrossRef]
  7. F. Grosshans and P. Grangier, "Reverse reconciliation protocols for quantum cryptography with continuous variables,"quant-ph/0204127 (2002).
  8. F. Grosshans and P. Grangier, "Continuous Variable Quantum Cryptography Using Coherent States," Phys. Rev. Lett. 88, 057902 (2002) [CrossRef] [PubMed]
  9. R. Namiki and T. Hirano, "Efficient-phase-encoding protocols for continuous-variable quantum key distribution using coherent states and postselection," Phys. Rev. A 74, 032302 (2006). [CrossRef]
  10. F. Grosshans, "Collective Attacks and Unconditional Security in Continuous Variable Quantum Key Distribution," Phys. Rev. Lett. 94, 020504 (2005). [CrossRef] [PubMed]
  11. M. Navascues and A. Acın, "SecurityBounds for Continuous Variables Quantum Key Distribution," Phys. Rev. Lett. 94, 020505 (2005). [CrossRef] [PubMed]
  12. R. Garcıa-Patron and N. J. Cerf, "Unconditional Optimality of Gaussian Attacks against Continuous-Variable Quantum Key Distribution," Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]
  13. M. Navascues, F. Grosshans, and A. Acın, "Optimality of Gaussian Attacks in Continuous-Variable Quantum Cryptography," Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]
  14. J. Lodewyck, M. Bloch, R. Garcia-Patron, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, "Quantum key distribution over 25 km with an all-fiber continuous-variable system," Phys. Rev. A 76, 042305 (2007). [CrossRef]
  15. M. Heid and N. Lutkenhaus, "Security of coherent-state quantum cryptography in the presence of Gaussian noise" Phys. Rev. A 76, 022313 (2007). [CrossRef]
  16. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lutkenhaus, and M. Peev, "Title: A Framework for Practical Quantum Cryptography"arXiv:0802.4155(2008).
  17. Y. Zhao, M. Heid, J. Rigas, and N. Lutkenhaus, "Asymptotic security of binary modulated continuous-variable quantum key distribution under collective attacks," Phys. Rev. A 79, 012307 (2009). [CrossRef]
  18. Ch. Silberhorn, T. C. Ralph, N. Lutkenhaus, and G. Leuchs, "Continuous Variable Quantum Cryptography: Beating the 3 dB Loss Limit" Phys. Rev. A 89, 167901 (2002).
  19. C. Weedbrook, A. M. Lance, W. P. Bowen, T. Symul, T. C. Ralph, and P. K. Lam, "Coherent-state quantum key distribution without random basis switching" Phys. Rev. A 73,022316 (2006). [CrossRef]
  20. A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, P. K. Lam, "No-Switching Quantum Key Distribution Using Broadband Modulated Coherent Light," Phys. Rev. Lett. 95, 180503 (2005). [CrossRef] [PubMed]
  21. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, "Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise," Phys. Rev. A 76, 030303(R) (2007). [CrossRef]
  22. J. Singh, O. Dabeer and U. Madhow, "Capacity of the Discrete-Time AWGN Channel Under Output Quantization," arXiv:0801.1185v1 (2008).
  23. V. Buzek and G. Drobny, "Quantum tomography via the MaxEnt principle," J. Mod. Opt. 47, 2823-2839 (2000).
  24. R. Ahlswede and P. Lober, "Quantum data processing," IEEE Trans. Inf. Theory,  47, 474-478 (2001). [CrossRef]
  25. K. Khandekar and R. J. McEliece, "On the complexity of reliable communication on the erasure channel," in Proc. IEEE Int. Symp. Information Theory, Washington, DC, Jun. 2001, p. 1.
  26. Z. Zhang and P. L. Voss, "A path towards 10 Gb/s continuous variable QKD," LPHYS08, Trondheim, Norway. July 2008.
  27. J. Janszky, P. Domokos, S. Szabo, and P. Adam, "Quantum-state engineering via discrete coherent-state superpositions," Phys. Rev. A 51, 5 (1995). [CrossRef]
  28. R. Jozsa and J. Schlienz, "Distinguishability of States and von Neumann Entropy," arXiv:quant-ph/9911009v1, 3 (1999).

Cited By

Alert me when this paper is cited

OSA is able to provide readers links to articles that cite this paper by participating in CrossRef's Cited-By Linking service. CrossRef includes content from more than 3000 publishers and societies. In addition to listing OSA journal articles that cite this paper, citing articles from other participating publishers will also be listed.


« Previous Article  |  Next Article »

OSA is a member of CrossRef.

CrossCheck Deposited