OSA's Digital Library

Optics Express

Optics Express

  • Editor: C. Martijn de Sterke
  • Vol. 20, Iss. 13 — Jun. 18, 2012
  • pp: 14030–14041
« Show journal navigation

Field test of classical symmetric encryption with continuous variables quantum key distribution

Paul Jouguet, Sébastien Kunz-Jacques, Thierry Debuisschert, Simon Fossier, Eleni Diamanti, Romain Alléaume, Rosa Tualle-Brouri, Philippe Grangier, Anthony Leverrier, Philippe Pache, and Philippe Painchault  »View Author Affiliations


Optics Express, Vol. 20, Issue 13, pp. 14030-14041 (2012)
http://dx.doi.org/10.1364/OE.20.014030


View Full Text Article

Acrobat PDF (983 KB)





Browse Journals / Lookup Meetings

Browse by Journal and Year


   


Lookup Conference Papers

Close Browse Journals / Lookup Meetings

Article Tools

Share
Citations

Abstract

We report on the design and performance of a point-to-point classical symmetric encryption link with fast key renewal provided by a Continuous Variable Quantum Key Distribution (CVQKD) system. Our system was operational and able to encrypt point-to-point communications during more than six months, from the end of July 2010 until the beginning of February 2011. This field test was the first demonstration of the reliability of a CVQKD system over a long period of time in a server room environment. This strengthens the potential of CVQKD for information technology security infrastructure deployments.

© 2012 OSA

1. Introduction

Quantum Key Distribution (QKD) [1

1. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81, 1301–1350 (2009). [CrossRef]

] is among the first industrial applications of the field of quantum information processing. Its natural commercial target is network security, since this technology allows two distant parties to share a secret key through the exchange of quantum states even in the presence of an eavesdropper, provided that the parties share an auxiliary authenticated classical communication channel. Contrary to all known classical schemes, the security of the established key can be proven without making any assumption on the capacities of the eavesdropper (for example computational power, knowledge of efficient algorithms, amount of memory). In theory, this key can be combined with an information-theoretically secure encryption method, the one-time pad (OTP), which requires a key that has to be as long as the message. However, the latest long-term field demonstrations, the Tokyo QKD network [2

2. M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the Tokyo QKD network,” Opt. Express 19, 10387–10409 (2011). [CrossRef] [PubMed]

] and the SwissQuantum network [3

3. D. Stucki, M. Legré, F. Buntschu, B. Clausen, N. Felber, N. Gisin, L. Henzen, P. Junod, G. Litzistorf, P. Monbaron, L. Monat, J.-B. Page, D. Perroud, G. Ribordy, A. Rochas, S. Robyr, J. Tavares, R. Thew, P. Trinkler, S. Ventura, R. Voirol, N. Walenta, and H. Zbinden, “Long-term performance of the SwissQuantum quantum key distribution network in a field environment,” New J. Phys. 13, 123001 (2011). [CrossRef]

], report a secret key rate lower than 1 Mbit/s, which makes OTP incompatible with most of practical applications that require key rates above 1 Gbit/s. If high bit rates are required, a practical solution is to use the keys issued from QKD to renew keys used in classical symmetric algorithms like the FIPS Advanced Encryption Standard (AES) [4

4. Advanced Encryption Standard (AES), FIPS PUB 197, National Institute for Standards and Technology (2001).

]. Since each QKD key is completely independent of keys generated earlier, renewing keys forces an attacker to perform a new attack to obtain the key after each renewal. This forward secrecy property cannot be achieved with classical symmetric schemes. It can, however, be achieved with classical asymmetric schemes but only under some complexity assumptions [5

5. S. Kunz-Jacques and P. Jouguet, “Using hash-based signatures to bootstrap quantum key distribution,” arXiv:1109.2844 [quant-ph] (2011).

,6

6. L. M. Ioannou and M. Mosca, “A new spin on quantum cryptography: avoiding trapdoors and embracing public keys,” arXiv:1109.3235 [quant-ph] (2011).

].

In order to become an essential part of current network infrastructures, QKD systems have to pass integrability and reliability tests. Systems that rely on encoding the information on discrete variables, such as the phase or the polarization of single photons, have been widely tested. Commercial products based on such systems have been developed by ID Quantique [7] and MagiQ Technologies [8]. AES key renewal was demonstrated in [9

9. P. Eraerds, N. Walenta, M. Legré, N. Gisin, and H. Zbinden, “Quantum key distribution and 1 Gbit/s data encryption over a single fibre,” New J. Phys. 12, 063027 (2010). [CrossRef]

], where the ID Quantique QKD system was combined with an AES-based encryptor allowing to encrypt 1 Gbit/s communications, while the long-term reliability of this technology was tackled in [3

3. D. Stucki, M. Legré, F. Buntschu, B. Clausen, N. Felber, N. Gisin, L. Henzen, P. Junod, G. Litzistorf, P. Monbaron, L. Monat, J.-B. Page, D. Perroud, G. Ribordy, A. Rochas, S. Robyr, J. Tavares, R. Thew, P. Trinkler, S. Ventura, R. Voirol, N. Walenta, and H. Zbinden, “Long-term performance of the SwissQuantum quantum key distribution network in a field environment,” New J. Phys. 13, 123001 (2011). [CrossRef]

]. In comparison with QKD based on discrete variables, continuous-variable QKD (CVQKD), relies on encoding the information on continuous variables such as the quadratures of coherent states [10

10. F. Grosshans and P. Grangier, “Continuous variable quantum cryptography using coherent states,” Phys. Rev. Lett. 88, 057902 (2002). [CrossRef] [PubMed]

], that has been implemented in a great variety of situations [11

11. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using Gaussian-modulated coherent states,” Nature (London) 421, 238–241 (2003). [CrossRef]

24

24. Y. Shen, H. Zou, L. Tian, P. Chen, and J. Yuan, “Experimental study on discretely modulated continuous-variable quantum key distribution,” Phys. Rev. A 82, 022317 (2010). [CrossRef]

] (for a review of quantum information with continuous variables see [25

25. C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. C. Ralph, J. H. Shapiro, and S. Lloyd, “Gaussian quantum information,” arxiv:1110.3234 [quant-ph] (2011).

]). This has important practical advantages: the homodyne detection hardware does not require any specific component, such as actively cooled single-photon detectors, and exhibits a better compatibility with a Wavelength Division Multiplexing (WDM) environment [26

26. B. Qi, W. Zhu, L. Qian, and H.-K. Lo, “Feasibility of quantum key distribution through dense wavelength division multiplexing network,” New J. Phys. 12, 103042 (2010). [CrossRef]

]. As recently created companies, Quintessence Labs [27] and SeQureNet [28], pursue the development of a new generation of CVQKD technologies, it is imperative to demonstrate the integrability and reliability of CVQKD in a long-term field deployment.

2. SEQURE demonstration field test

2.1. Structure of the demonstration

We first discuss several important features of the SEQURE demonstration. The demonstration involves two nodes located in:
  • Palaiseau (Thales Research & Technology France)
  • Massy (Thales Raytheon Systems)

Fig. 1 Map of the SEQURE demonstration. The two nodes are located in the cities of Massy and Palaiseau in the southwest of Paris. The dashed line shows the 5 km straight path between the two sites, whereas the actual length of the fiber is 17.7 km. ©Google Maps – 2012
Fig. 2 Layer structure of the SEQURE demonstration. The dashed bidirectional arrow represents the fibre used for the Local Oscillator (LO) and the quantum signal, while the plain arrow stands for the wavelength multiplexed classical signals: the reconciliation part of the CVQKD, the key management layer and the encrypted traffic.

Table 1. SEQURE Demonstration Link Characteristics

table-icon
View This Table

A diagram of the components of the system is shown in Fig. 3.

Fig. 3 Structure of the SEQURE demonstration. The dashed lines correspond to the two fibres. Fibre 1 is used for multiplexed classical communications, fibre 2 transmits the physical pulses that are used to establish the raw key. The colors correspond to the different types of traffic: blue is plain text, black is the encrypted traffic VLAN, red is key renewal, orange is optics control and raw key traffic, yellow is the control of Mistral products configuration, purple is the Internet link, green is the monitoring traffic VLAN.

The VLAN developed to monitor the demonstration was connected to a Management Center located in Thales Research & Technology in Palaiseau. Remote accessibility to this management center was provided by secure shell (ssh) connections allowed only for legitimate users.

In case of power cuts, rack-mounted remote-control power switches (ePowerSwitch) could be used. They provide a secure web server interface allowing to switch on and off specific devices.

2.2. The quantum layer

Fig. 4 Optical layout of the CVQKD prototype. Alice sends to Bob 100 ns coherent light pulses generated by a 1550 nm telecom laser diode pulsed with a frequency of 500 kHz. These pulses are split into a weak signal and a strong local oscillator (LO) with an unbalanced coupler. The signal pulse is modulated with a centered Gaussian distribution using an amplitude and a phase modulator. The variance is controlled using a coarse variable attenuator and a finely tuned amplitude modulator. The signal pulse is 400 ns delayed with respect to the LO pulse using a 40 m delay line and a Faraday mirror. Both pulses are multiplexed with orthogonal polarization using a polarizing beamsplitter (PBS). The time and polarization multiplexed pulses are then sent through the channel. They are demultiplexed on Bob’s side with another PBS combined with active polarization control. A second delay line on Bob’s side allows for time superposition of signal and LO pulses. After demultiplexing, the signal and LO interfere on a shot-noise limited balanced pulsed homodyne detector. A phase modulator on the LO path allows for random choice of the measured signal quadrature.

The signal and LO are then transmitted through the optical fiber without overlap using time and polarization multiplexing. One 400 ns delay line, composed of a 40-m single-mode fibre followed by a Faraday mirror, is inserted into Alice’s signal path for the time multiplexing. Polarization multiplexing is achieved by a polarization beam splitter (PBS) on Alice side. Both pulses propagate through the fibre with orthogonal polarizations and a 400 ns time delay. They are demultiplexed on Bob’s side with another PBS combined with active polarization control. A second delay line on Bob’s side allows for time superposition of signal and LO pulses.

After demultiplexing, the signal and LO interfere on a shot-noise limited balanced pulsed homodyne detector (HD). The electric signal coming from the HD is proportional to the signal quadrature Xϕ, where ϕ is the relative phase between the signal and the LO. Following the protocol, by applying a π/2 phase shift, the phase modulator on Bob’s LO path allows one to measure randomly either X0 or Xπ/2.

Finally, feedback controls are implemented to allow for a stable operation of the system over several months. Polarization drifts occurring in the quantum channel are corrected using a dynamic polarization controller that finds an optimal polarization state at the output of the channel. Temperature drifts affect lithium niobate, the active material used in the amplitude and phase modulators, therefore the voltages that need to be applied to reach the target modulation vary with temperature. The photodiode on Alice’s signal path is used for the feedback control of the amplitude modulators while the HD output is sensitive to phase and can be used to control the phase modulators.

It is important to note that the Gaussian modulation used in the implemented protocol [10

10. F. Grosshans and P. Grangier, “Continuous variable quantum cryptography using coherent states,” Phys. Rev. Lett. 88, 057902 (2002). [CrossRef] [PubMed]

] maximizes the mutual information between Alice and Bob, thus offering an optimal theoretical key rate against either individual [11

11. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using Gaussian-modulated coherent states,” Nature (London) 421, 238–241 (2003). [CrossRef]

] or collective [31

31. R. García-Patrón and N. J. Cerf, “Unconditional optimality of Gaussian attacks against continuous-variable QKD,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]

, 32

32. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian attacks in continuous variable quantum cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]

] attacks. However, it is hard to reconcile correlated Gaussian variables with low signal-to-noise ratios (SNRs). The limited efficiency of the error-correcting codes (typically 0.90 bit extracted per bit theoretically available) results in a limit of the secure distance in the order of 30 km in our case. However, new ideas have been proposed [33

33. A. Leverrier, R. Alléaume, J. Boutros, G. Zémor, and P. Grangier, “Multidimensional reconciliation for continuous-variable quantum key distribution,” Phys. Rev. A 77, 042325 (2008). [CrossRef]

] and recently combined with new error-correcting codes [34

34. P. Jouguet, S. Kunz-Jacques, and A. Leverrier, “Long distance continuous-variable quantum key distribution with a Gaussian modulation,” Phys. Rev. A 84, 062317 (2011). [CrossRef]

] to increase the secret bit rate and secure distance, still keeping the Gaussian modulation which has presently the most robust security proofs [31

31. R. García-Patrón and N. J. Cerf, “Unconditional optimality of Gaussian attacks against continuous-variable QKD,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]

,32

32. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian attacks in continuous variable quantum cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]

].

With respect to the classical communication, four steps are required (see Fig. 2). First, a Parameter Estimation (PE) step is needed to compute estimates of the physical parameters linked to the exchange of quantum states through the quantum channel. These parameters are the modulation variance VA, the transmission of the quantum channel T, and the excess noise ξ. Half of the raw key data is chosen at random and revealed to perform PE over blocks of 50 000 measures. For some measured transmission and excess noise the modulation variance VA is adjusted in order to optimize the secret key rate for a set of pairs (SNR, β) (where SNR is the Signal to Noise Ratio and β is the efficiency of the error-correction procedure) corresponding to the set of available error-correcting codes [15

15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

]. The other parameters used to compute an estimate of the secret information that can be extracted from the shared data, the electronic noise vel and the efficiency of the homodyne detection η, are measured during a calibration procedure that takes place before the deployment of the system and that is assumed to be performed in a secure environment. For the SEQURE demonstration, the second step, which is the error correction procedure, was based on a multilevel reconciliation algorithm using Low Density Parity Check Codes (LDPC). This data reconciliation algorithm is explained in detail in [15

15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

]. The amount of data revealed during this step is subtracted from the secret information previously computed. The privacy amplification step described in [15

15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

] allows us to extract the secret information from the identical strings shared by Alice and Bob after the error correction procedure. Finally, a key verification step ensures with an overwhelming probability (10−60) that Alice and Bob secret keys are identical. This is simply done by revealing a small part of the final bits (200 bits) chosen at random.

3. Security considerations

The authentication of the classical channel needed for the QKD protocol is performed by the cryptographic engine provided by the AIT software. A point-to-point authenticated channel is created by the Q3P protocol. It is based on the Wegman-Carter scheme [35

35. N. M. Wegman and L. Carter, “Universal classes of hash functions,” J. Comput. Syst. Sci. 18, 143–154 (1979). [CrossRef]

, 36

36. N. M. Wegman and L. Carter, “New hash functions and their use in authentication and set equality,” J. Comput. Syst. Sci. 22, 265–279 (1981). [CrossRef]

]. This authentication protocol, like other QKD implementations, requires an initial common secret. The key consumption of the authentication is roughly 10 bits/s [29

29. M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, J. F. Dynes, S. Fasel, S. Fossier, M. Fürst, J.-D. Gautier, O. Gay, N. Gisin, P. Grangier, A. Happe, Y. Hasani, M. Hentschel, H. Hübel, G. Humer, T. Länger, M. Legré, R. Lieger, J. Lodewyck, T. Lorünser, N. Lütkenhaus, A. Marhold, T. Matyus, O. Maurhart, L. Monat, S. Nauerth, J.-B. Page, A. Poppe, E. Querasser, G. Ribordy, S. Robyr, L. Salvail, A. W. Sharpe, A. J. Shields, D. Stucki, M. Suda, C. Tamas, T. Themel, R. T. Thew, Y. Thoma, A. Treiber, P. Trinkler, R. Tualle-Brouri, F. Vannel, N. Walenta, H. Weier, H. Weinfurter, I. Wimberger, Z. L. Yuan, H. Zbinden, and A. Zeilinger, “The SECOQC quantum key distribution network in Vienna,” New J. Phys. 11, 075001 (2009). [CrossRef]

], that is about 2% of the secret key rate produced by our system.

As for other families of QKD systems, some attacks can be implemented on a CVQKD system exploiting the imperfections of the setup. For example, the presence of excess noise, which is noise in excess of the shot noise, opens the possibility for partial intercept-resend attacks as demonstrated in [37

37. J. Lodewyck, T. Debuisschert, R. García-Patrón, R. Tualle-Brouri, N. J. Cerf, and P. Grangier, “Experimental implementation of non-Gaussian attacks on a continuous-variable quantum-key-distribution system,” Phys. Rev. Lett. 98, 030503 (2007). [CrossRef] [PubMed]

]. This is why the shot noise level on the receiver side must be precisely known. Monitoring the physical parameters of the channel allows to upper-bound the information available to Eve. An efficient way to perform quantum hacking (see [1

1. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81, 1301–1350 (2009). [CrossRef]

]) on a QKD system consists in exploiting side-channels. In our setup, a linear relationship between the LO level and the shot noise is determined during the system calibration. Then the LO level is continuously monitored with one photodiode of the HD and the shot noise level is computed with the help of the previously calibrated relationship. It is used to convert in shot noise units all the physical quantities needed to compute the amount of generated secret data. Generally, the LO, which is a classical signal that can be manipulated by an eavesdropper, is a potential vulnerability [38

38. A. Ferenczi, P. Grangier, and F. Grosshans, “Calibration attack and defense in continuous variable quantum key distribution,” IQEC Conf. Digest IC13 (2007).

, 39

39. H. Häseler, T. Moroder, and N. Ltkenhaus, “Testing quantum devices: practical entanglement verification in bipartite optical systems,” Phys. Rev. A 77, 032303 (2007). [CrossRef]

]. Monitoring the LO level is a counter-measure to such attacks. This monitoring should be good enough so that any undesired change in the shot noise variance is below the measured excess noise variance, of order 1% of the shot noise. Since the shot noise variance is proportional to the LO intensity, this intensity has to be monitored with a slightly better accuracy, for example 0.1%. More details on that monitoring are given in references [38

38. A. Ferenczi, P. Grangier, and F. Grosshans, “Calibration attack and defense in continuous variable quantum key distribution,” IQEC Conf. Digest IC13 (2007).

,39

39. H. Häseler, T. Moroder, and N. Ltkenhaus, “Testing quantum devices: practical entanglement verification in bipartite optical systems,” Phys. Rev. A 77, 032303 (2007). [CrossRef]

].

4. Performance of the quantum layer

4.1. Events

The system was stable and ran continuously during more than 6 months, from the end of July 2010 to the beginning of February 2011. The optical part did not require any human intervention during the full period of the demonstration. We list below the most significant problems experienced during the demonstration:
  • September 23 to September 29: the motherboard of Alice’s computer in Massy failed and had to be changed (these two dates correspond to the two first marks on Fig. 5 and Fig. 6). Error correction is the most demanding task in terms of computing power and is performed on Alice’s side.
  • October 1 to October 31: the server room in Massy (Alice’s side) was unavailable so the experiment had to be interrupted until it was started again in a new location (these two dates correspond to the two last marks on Fig. 5 and Fig. 6).
  • November 1: the system was restarted but the experimental conditions became continuously changing because of a lack of thermal regulation. However, the results could still be exploited.

4.2. Excess noise

The excess noise was recorded during the full period of the experiment and is reported in Fig. 5. On a daily scale, it is subject to variations linked to statistical fluctuations and experimental conditions like fibre vibrations. Since our detection scheme relies on an interferometer, phase noise in the transmission creates excess noise. Most of the low frequency phase noise is eliminated by constantly tracking the phase. However, this tracking cannot be done with a perfect accuracy and the high frequency part of the phase noise causes excess noise. Keys are mainly produced with low values of the excess noise, while no keys are produced on blocks with a large excess noise because of the limited efficiency of the error correction scheme (about 90%, see [15

15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

]). The system operation was rather stable during the 6 months but we can notice a significant difference in performance when the experiment at one site was transferred from the server room to the room with no thermal regulation. In fact, the excess noise obtained with the equipment in these degraded experimental conditions does not allow to obtain a positive secret key rate against collective attacks for the line transmission [31

31. R. García-Patrón and N. J. Cerf, “Unconditional optimality of Gaussian attacks against continuous-variable QKD,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]

,32

32. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian attacks in continuous variable quantum cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]

]. As a result, a secret key rate against individual attacks [11

11. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using Gaussian-modulated coherent states,” Nature (London) 421, 238–241 (2003). [CrossRef]

] only was produced by the system during the second part of the demonstration. This illustrates the importance of monitoring continuously the excess noise in order to evaluate the security of the keys [37

37. J. Lodewyck, T. Debuisschert, R. García-Patrón, R. Tualle-Brouri, N. J. Cerf, and P. Grangier, “Experimental implementation of non-Gaussian attacks on a continuous-variable quantum-key-distribution system,” Phys. Rev. Lett. 98, 030503 (2007). [CrossRef] [PubMed]

]. It is important to note that this kind of problem is typical of an external environment and would not occur in laboratory conditions. Our system was still able to produce keys in those degraded conditions, although with an inferior performance. This illustrates the maturity of our setup.

Fig. 5 In red, the secret key rate produced during the SEQURE demonstration. The given secret key rate corresponds to the key rate produced by the system after key distillation and privacy amplification assuming an eavesdropper able to perform collective attacks in the first part and limited to individual attacks in the second part. In green, the measured excess noise during the SEQURE demonstration. During the first part (server room), this excess noise can be mainly attributed to the acoustic noise in the server room. In the second part, an additional excess noise occurred, that is attributed to thermal fluctuations due to the lack of thermal regulation in the room. The black marks correspond to the events listed in the section 4.1.
Fig. 6 In red, number of 128-bit keys per day produced during the SEQURE demonstration. The given secret key rate corresponds to the key rate produced by the system after key distillation and privacy amplification assuming an eavesdropper able to perform collective attacks in the first part and limited to individual attacks in the second part. In green, number of 128-bit keys per day required for a key renewal every 10 seconds. The number of produced keys largely exceeds this limit. Before day 100, the keys were produced assuming collective attacks from an eavesdropper. After day 100, they were produced assuming only individual attacks because the excess noise was significantly higher. The black marks correspond to the events listed in the section 4.1.

4.3. Secret key rate

The keys generated by the quantum layer were used to refresh the Thales Mistral encryptors’ 128-bit AES keys. The renewal period was 10 seconds, thus the quantum layer had to be able to generate 8640 128-bit keys per day, which is roughly 1 Mbit of key material. Then, a 13 bit/s secret key rate would be sufficient. This rate is much lower than the rate up to 2 kbit/s that our setup can produce with comparable line transmission and excess noise conditions [15

15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

]. The ultimate performances of our system were obtained using a multithread data processing architecture with 2 cores devoted to the reconciliation and 1 core dedicated to the management of the hardware part [19

19. S. Fossier, E. Diamanti, T. Debuisschert, A. Villing, R. Tualle-Brouri, and P. Grangier, “Field test of a continuous-variable quantum key distribution prototype,” New J. Phys. 11, 045023 (2009). [CrossRef]

]. In the present case only one core is required to perform the reconciliation, which results in an improved stability of the software and an improved stability of the overall system over long periods. Figure 6 shows that the SEQURE demonstration was largely above this threshold. Figure 5 shows that the key rate was about 600 bit/s (against collective attacks) during the first part of the demonstration and 400 bit/s key rate (against individual attacks) during the second part. In both parts of the experiment, the given secret key rate corresponds to the key rate produced by the system after key distillation and privacy amplification, assuming an eavesdropper able to perform collective attacks in the first part and limited to individual attacks in the second part.

5. Performance of the encryption layer

6. Conclusion and perspectives

The SEQURE demonstration that we have presented shows that continuous-variable QKD can compare well with discrete-variable QKD with respect to robustness and reliability in a server room environment, whose operating conditions are harder to cope with than laboratory ones. Furthermore, it shows that CVQKD can be integrated easily with off-the-shelf network equipments such as symmetric encryptors as a part of a more complex network infrastructure. Integration into WDM networks could be also eased by tolerance of the CVQKD homodyne detection scheme to incoherent noise [26

26. B. Qi, W. Zhu, L. Qian, and H.-K. Lo, “Feasibility of quantum key distribution through dense wavelength division multiplexing network,” New J. Phys. 12, 103042 (2010). [CrossRef]

]. Moreover, if CVQKD WDM compatibility is confirmed in real optical network deployments, it will imply a significant decrease of the operational costs, which can stimulate further interest for this technology.

The operating distance of the implemented system can be improved by the recent developments of better error-correcting codes [34

34. P. Jouguet, S. Kunz-Jacques, and A. Leverrier, “Long distance continuous-variable quantum key distribution with a Gaussian modulation,” Phys. Rev. A 84, 062317 (2011). [CrossRef]

] without any hardware modification. These codes would also allow to produce keys secure against collective attacks even with the high values of the excess noise obtained during the second part of the demonstration. For distances higher than 100 km, the key management layer developed within the SECOQC project can still be used to share keys between two sites connected through several links.

As regards to the key rate, the current limitation of the system is not the optical part but the error correction speed which can be drastically improved using Graphics Processing Units (GPU) [15

15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

, 41

41. P. Jouguet and S. Kunz-Jacques, “High performance error correction for quantum key distribution using polar codes,” arXiv:1204.5882 [quant-ph] (2012).

]. Furthermore, in order to take into account finite-size effects it is necessary to process large blocks (≥ 108 pulses) to extract the final key [42

42. A. Leverrier, F. Grosshans, and P. Grangier, “Finite-size analysis of continuous-variable quantum key distribution,” Phys. Rev. A 81, 062343 (2010). [CrossRef]

]. Then improving the error-correction speed allows to deal with finite-size effects without dramatically increasing the key production latency.

Finally, in a setting where QKD is used together with computational high-speed symmetric encryption like in SEQURE, it is not unreasonable to use a scheme based on minimal assumptions about the security of symmetric cryptography, like the Lamport signature scheme, instead of using an initial secret key. This enables to initialize QKD with an exchange of authentic values, which is easier to perform than an exchange of secret values. The security properties of QKD are unaffected provided the Lamport scheme is instantiated with a function that can be considered to be collision-resistant on the timescale of the first QKD session (such as cryptographic hash functions); then, as soon as common secret values are available, sessions are authenticated using unconditional means as usual. For a more detailed security analysis, see [5

5. S. Kunz-Jacques and P. Jouguet, “Using hash-based signatures to bootstrap quantum key distribution,” arXiv:1109.2844 [quant-ph] (2011).

].

Acknowledgments

References and links

1.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81, 1301–1350 (2009). [CrossRef]

2.

M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the Tokyo QKD network,” Opt. Express 19, 10387–10409 (2011). [CrossRef] [PubMed]

3.

D. Stucki, M. Legré, F. Buntschu, B. Clausen, N. Felber, N. Gisin, L. Henzen, P. Junod, G. Litzistorf, P. Monbaron, L. Monat, J.-B. Page, D. Perroud, G. Ribordy, A. Rochas, S. Robyr, J. Tavares, R. Thew, P. Trinkler, S. Ventura, R. Voirol, N. Walenta, and H. Zbinden, “Long-term performance of the SwissQuantum quantum key distribution network in a field environment,” New J. Phys. 13, 123001 (2011). [CrossRef]

4.

Advanced Encryption Standard (AES), FIPS PUB 197, National Institute for Standards and Technology (2001).

5.

S. Kunz-Jacques and P. Jouguet, “Using hash-based signatures to bootstrap quantum key distribution,” arXiv:1109.2844 [quant-ph] (2011).

6.

L. M. Ioannou and M. Mosca, “A new spin on quantum cryptography: avoiding trapdoors and embracing public keys,” arXiv:1109.3235 [quant-ph] (2011).

7.

http://www.idquantique.com (2012).

8.

http://www.magiqtech.com (2012).

9.

P. Eraerds, N. Walenta, M. Legré, N. Gisin, and H. Zbinden, “Quantum key distribution and 1 Gbit/s data encryption over a single fibre,” New J. Phys. 12, 063027 (2010). [CrossRef]

10.

F. Grosshans and P. Grangier, “Continuous variable quantum cryptography using coherent states,” Phys. Rev. Lett. 88, 057902 (2002). [CrossRef] [PubMed]

11.

F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using Gaussian-modulated coherent states,” Nature (London) 421, 238–241 (2003). [CrossRef]

12.

A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-switching quantum key distribution using broadband modulated coherent light,” Phys. Rev. Lett. 95, 180503 (2005). [CrossRef] [PubMed]

13.

S. Lorenz, N. Korolkova, and G. Leuchs, “Continuous variable quantum key distribution using polarization encoding and post selection,” Appl. Phys. B 79, 273–277 (2004). [CrossRef]

14.

S. Lorenz, J. Rigas, M. Heid, U. L. Andersen, N. Lütkenhaus, and G. Leuchs, “Witnessing effective entanglement in a continuous variable prepare&measure setup and application to a QKD scheme using postselection,” Phys. Rev. A 74, 042326 (2006). [CrossRef]

15.

J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A 76, 042305 (2007). [CrossRef]

16.

S. Tokunaga, K. Shirasaki, and T. Hirano, “Free-space continuous-variable quantum cryptography,” CLEO/Europe and IQEC 2007 Conference Digest1–1 (2007).

17.

B. Qi, L.-L. Huang, L. Qian, and H.-K. Lo, “Experimental study on the Gaussian-modulated coherent-state quantum key distribution over standard telecommunication fibers,” Phys. Rev. A 76, 052323 (2007). [CrossRef]

18.

T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A 76, 030303 (2007). [CrossRef]

19.

S. Fossier, E. Diamanti, T. Debuisschert, A. Villing, R. Tualle-Brouri, and P. Grangier, “Field test of a continuous-variable quantum key distribution prototype,” New J. Phys. 11, 045023 (2009). [CrossRef]

20.

D. Elser, T. Bartley, B. Heim, C. Wittmann, D. Sych, and G. Leuchs, “Feasibility of free space quantum key distribution with coherent polarization states,” New J. Phys. 11, 045014 (2009). [CrossRef]

21.

Q. Dinh Xuan, Z. Zhang, and P. L. Voss, “A 24 km fiber-based discretely signaled continuous variable quantum key distribution system,” Opt. Express 17, 24244–24249 (2009). [CrossRef]

22.

B. Heim, D. Elser, T. Bartley, M. Sabuncu, C. Wittmann, D. Sych, C. Marquardt, and G. Leuchs, “Atmospheric channel characteristics for quantum communication with continuous polarization variables,” Appl. Phys. B 98, 635–640 (2010). [CrossRef]

23.

T. Symul, V. Sharma, T. C. Ralph, and P. K. Lam, “Coherent state quantum key distribution with continuous-wave laser beams,” Optical Fiber Communication Conference1–3 (2010).

24.

Y. Shen, H. Zou, L. Tian, P. Chen, and J. Yuan, “Experimental study on discretely modulated continuous-variable quantum key distribution,” Phys. Rev. A 82, 022317 (2010). [CrossRef]

25.

C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. C. Ralph, J. H. Shapiro, and S. Lloyd, “Gaussian quantum information,” arxiv:1110.3234 [quant-ph] (2011).

26.

B. Qi, W. Zhu, L. Qian, and H.-K. Lo, “Feasibility of quantum key distribution through dense wavelength division multiplexing network,” New J. Phys. 12, 103042 (2010). [CrossRef]

27.

http://www.quintessencelabs.com (2012).

28.

http://www.sequrenet.com (2012).

29.

M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, J. F. Dynes, S. Fasel, S. Fossier, M. Fürst, J.-D. Gautier, O. Gay, N. Gisin, P. Grangier, A. Happe, Y. Hasani, M. Hentschel, H. Hübel, G. Humer, T. Länger, M. Legré, R. Lieger, J. Lodewyck, T. Lorünser, N. Lütkenhaus, A. Marhold, T. Matyus, O. Maurhart, L. Monat, S. Nauerth, J.-B. Page, A. Poppe, E. Querasser, G. Ribordy, S. Robyr, L. Salvail, A. W. Sharpe, A. J. Shields, D. Stucki, M. Suda, C. Tamas, T. Themel, R. T. Thew, Y. Thoma, A. Treiber, P. Trinkler, R. Tualle-Brouri, F. Vannel, N. Walenta, H. Weier, H. Weinfurter, I. Wimberger, Z. L. Yuan, H. Zbinden, and A. Zeilinger, “The SECOQC quantum key distribution network in Vienna,” New J. Phys. 11, 075001 (2009). [CrossRef]

30.

https://sqt.ait.ac.at/software/ (2012).

31.

R. García-Patrón and N. J. Cerf, “Unconditional optimality of Gaussian attacks against continuous-variable QKD,” Phys. Rev. Lett. 97, 190503 (2006). [CrossRef] [PubMed]

32.

M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian attacks in continuous variable quantum cryptography,” Phys. Rev. Lett. 97, 190502 (2006). [CrossRef] [PubMed]

33.

A. Leverrier, R. Alléaume, J. Boutros, G. Zémor, and P. Grangier, “Multidimensional reconciliation for continuous-variable quantum key distribution,” Phys. Rev. A 77, 042325 (2008). [CrossRef]

34.

P. Jouguet, S. Kunz-Jacques, and A. Leverrier, “Long distance continuous-variable quantum key distribution with a Gaussian modulation,” Phys. Rev. A 84, 062317 (2011). [CrossRef]

35.

N. M. Wegman and L. Carter, “Universal classes of hash functions,” J. Comput. Syst. Sci. 18, 143–154 (1979). [CrossRef]

36.

N. M. Wegman and L. Carter, “New hash functions and their use in authentication and set equality,” J. Comput. Syst. Sci. 22, 265–279 (1981). [CrossRef]

37.

J. Lodewyck, T. Debuisschert, R. García-Patrón, R. Tualle-Brouri, N. J. Cerf, and P. Grangier, “Experimental implementation of non-Gaussian attacks on a continuous-variable quantum-key-distribution system,” Phys. Rev. Lett. 98, 030503 (2007). [CrossRef] [PubMed]

38.

A. Ferenczi, P. Grangier, and F. Grosshans, “Calibration attack and defense in continuous variable quantum key distribution,” IQEC Conf. Digest IC13 (2007).

39.

H. Häseler, T. Moroder, and N. Ltkenhaus, “Testing quantum devices: practical entanglement verification in bipartite optical systems,” Phys. Rev. A 77, 032303 (2007). [CrossRef]

40.

M. Matsui, “Linear cryptoanalysis method for DES cipher,” in EUROCRYPT 1993, 386–397 (1993).

41.

P. Jouguet and S. Kunz-Jacques, “High performance error correction for quantum key distribution using polar codes,” arXiv:1204.5882 [quant-ph] (2012).

42.

A. Leverrier, F. Grosshans, and P. Grangier, “Finite-size analysis of continuous-variable quantum key distribution,” Phys. Rev. A 81, 062343 (2010). [CrossRef]

OCIS Codes
(270.0270) Quantum optics : Quantum optics
(060.5565) Fiber optics and optical communications : Quantum communications
(270.5568) Quantum optics : Quantum cryptography

ToC Category:
Quantum Optics

History
Original Manuscript: March 14, 2012
Revised Manuscript: May 4, 2012
Manuscript Accepted: May 7, 2012
Published: June 11, 2012

Citation
Paul Jouguet, Sébastien Kunz-Jacques, Thierry Debuisschert, Simon Fossier, Eleni Diamanti, Romain Alléaume, Rosa Tualle-Brouri, Philippe Grangier, Anthony Leverrier, Philippe Pache, and Philippe Painchault, "Field test of classical symmetric encryption with continuous variables quantum key distribution," Opt. Express 20, 14030-14041 (2012)
http://www.opticsinfobase.org/oe/abstract.cfm?URI=oe-20-13-14030


Sort:  Author  |  Year  |  Journal  |  Reset  

References

  1. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys.81, 1301–1350 (2009). [CrossRef]
  2. M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the Tokyo QKD network,” Opt. Express19, 10387–10409 (2011). [CrossRef] [PubMed]
  3. D. Stucki, M. Legré, F. Buntschu, B. Clausen, N. Felber, N. Gisin, L. Henzen, P. Junod, G. Litzistorf, P. Monbaron, L. Monat, J.-B. Page, D. Perroud, G. Ribordy, A. Rochas, S. Robyr, J. Tavares, R. Thew, P. Trinkler, S. Ventura, R. Voirol, N. Walenta, and H. Zbinden, “Long-term performance of the SwissQuantum quantum key distribution network in a field environment,” New J. Phys.13, 123001 (2011). [CrossRef]
  4. Advanced Encryption Standard (AES), FIPS PUB 197, National Institute for Standards and Technology (2001).
  5. S. Kunz-Jacques and P. Jouguet, “Using hash-based signatures to bootstrap quantum key distribution,” arXiv:1109.2844 [quant-ph] (2011).
  6. L. M. Ioannou and M. Mosca, “A new spin on quantum cryptography: avoiding trapdoors and embracing public keys,” arXiv:1109.3235 [quant-ph] (2011).
  7. http://www.idquantique.com (2012).
  8. http://www.magiqtech.com (2012).
  9. P. Eraerds, N. Walenta, M. Legré, N. Gisin, and H. Zbinden, “Quantum key distribution and 1 Gbit/s data encryption over a single fibre,” New J. Phys.12, 063027 (2010). [CrossRef]
  10. F. Grosshans and P. Grangier, “Continuous variable quantum cryptography using coherent states,” Phys. Rev. Lett.88, 057902 (2002). [CrossRef] [PubMed]
  11. F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. J. Cerf, and P. Grangier, “Quantum key distribution using Gaussian-modulated coherent states,” Nature (London)421, 238–241 (2003). [CrossRef]
  12. A. M. Lance, T. Symul, V. Sharma, C. Weedbrook, T. C. Ralph, and P. K. Lam, “No-switching quantum key distribution using broadband modulated coherent light,” Phys. Rev. Lett.95, 180503 (2005). [CrossRef] [PubMed]
  13. S. Lorenz, N. Korolkova, and G. Leuchs, “Continuous variable quantum key distribution using polarization encoding and post selection,” Appl. Phys. B79, 273–277 (2004). [CrossRef]
  14. S. Lorenz, J. Rigas, M. Heid, U. L. Andersen, N. Lütkenhaus, and G. Leuchs, “Witnessing effective entanglement in a continuous variable prepare&measure setup and application to a QKD scheme using postselection,” Phys. Rev. A74, 042326 (2006). [CrossRef]
  15. J. Lodewyck, M. Bloch, R. García-Patrón, S. Fossier, E. Karpov, E. Diamanti, T. Debuisschert, N. J. Cerf, R. Tualle-Brouri, S. W. McLaughlin, and P. Grangier, “Quantum key distribution over 25 km with an all-fiber continuous-variable system,” Phys. Rev. A76, 042305 (2007). [CrossRef]
  16. S. Tokunaga, K. Shirasaki, and T. Hirano, “Free-space continuous-variable quantum cryptography,” CLEO/Europe and IQEC 2007 Conference Digest1–1 (2007).
  17. B. Qi, L.-L. Huang, L. Qian, and H.-K. Lo, “Experimental study on the Gaussian-modulated coherent-state quantum key distribution over standard telecommunication fibers,” Phys. Rev. A76, 052323 (2007). [CrossRef]
  18. T. Symul, D. J. Alton, S. M. Assad, A. M. Lance, C. Weedbrook, T. C. Ralph, and P. K. Lam, “Experimental demonstration of post-selection-based continuous-variable quantum key distribution in the presence of Gaussian noise,” Phys. Rev. A76, 030303 (2007). [CrossRef]
  19. S. Fossier, E. Diamanti, T. Debuisschert, A. Villing, R. Tualle-Brouri, and P. Grangier, “Field test of a continuous-variable quantum key distribution prototype,” New J. Phys.11, 045023 (2009). [CrossRef]
  20. D. Elser, T. Bartley, B. Heim, C. Wittmann, D. Sych, and G. Leuchs, “Feasibility of free space quantum key distribution with coherent polarization states,” New J. Phys.11, 045014 (2009). [CrossRef]
  21. Q. Dinh Xuan, Z. Zhang, and P. L. Voss, “A 24 km fiber-based discretely signaled continuous variable quantum key distribution system,” Opt. Express17, 24244–24249 (2009). [CrossRef]
  22. B. Heim, D. Elser, T. Bartley, M. Sabuncu, C. Wittmann, D. Sych, C. Marquardt, and G. Leuchs, “Atmospheric channel characteristics for quantum communication with continuous polarization variables,” Appl. Phys. B98, 635–640 (2010). [CrossRef]
  23. T. Symul, V. Sharma, T. C. Ralph, and P. K. Lam, “Coherent state quantum key distribution with continuous-wave laser beams,” Optical Fiber Communication Conference1–3 (2010).
  24. Y. Shen, H. Zou, L. Tian, P. Chen, and J. Yuan, “Experimental study on discretely modulated continuous-variable quantum key distribution,” Phys. Rev. A82, 022317 (2010). [CrossRef]
  25. C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. C. Ralph, J. H. Shapiro, and S. Lloyd, “Gaussian quantum information,” arxiv:1110.3234 [quant-ph] (2011).
  26. B. Qi, W. Zhu, L. Qian, and H.-K. Lo, “Feasibility of quantum key distribution through dense wavelength division multiplexing network,” New J. Phys.12, 103042 (2010). [CrossRef]
  27. http://www.quintessencelabs.com (2012).
  28. http://www.sequrenet.com (2012).
  29. M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, J. F. Dynes, S. Fasel, S. Fossier, M. Fürst, J.-D. Gautier, O. Gay, N. Gisin, P. Grangier, A. Happe, Y. Hasani, M. Hentschel, H. Hübel, G. Humer, T. Länger, M. Legré, R. Lieger, J. Lodewyck, T. Lorünser, N. Lütkenhaus, A. Marhold, T. Matyus, O. Maurhart, L. Monat, S. Nauerth, J.-B. Page, A. Poppe, E. Querasser, G. Ribordy, S. Robyr, L. Salvail, A. W. Sharpe, A. J. Shields, D. Stucki, M. Suda, C. Tamas, T. Themel, R. T. Thew, Y. Thoma, A. Treiber, P. Trinkler, R. Tualle-Brouri, F. Vannel, N. Walenta, H. Weier, H. Weinfurter, I. Wimberger, Z. L. Yuan, H. Zbinden, and A. Zeilinger, “The SECOQC quantum key distribution network in Vienna,” New J. Phys.11, 075001 (2009). [CrossRef]
  30. https://sqt.ait.ac.at/software/ (2012).
  31. R. García-Patrón and N. J. Cerf, “Unconditional optimality of Gaussian attacks against continuous-variable QKD,” Phys. Rev. Lett.97, 190503 (2006). [CrossRef] [PubMed]
  32. M. Navascués, F. Grosshans, and A. Acín, “Optimality of Gaussian attacks in continuous variable quantum cryptography,” Phys. Rev. Lett.97, 190502 (2006). [CrossRef] [PubMed]
  33. A. Leverrier, R. Alléaume, J. Boutros, G. Zémor, and P. Grangier, “Multidimensional reconciliation for continuous-variable quantum key distribution,” Phys. Rev. A77, 042325 (2008). [CrossRef]
  34. P. Jouguet, S. Kunz-Jacques, and A. Leverrier, “Long distance continuous-variable quantum key distribution with a Gaussian modulation,” Phys. Rev. A84, 062317 (2011). [CrossRef]
  35. N. M. Wegman and L. Carter, “Universal classes of hash functions,” J. Comput. Syst. Sci.18, 143–154 (1979). [CrossRef]
  36. N. M. Wegman and L. Carter, “New hash functions and their use in authentication and set equality,” J. Comput. Syst. Sci.22, 265–279 (1981). [CrossRef]
  37. J. Lodewyck, T. Debuisschert, R. García-Patrón, R. Tualle-Brouri, N. J. Cerf, and P. Grangier, “Experimental implementation of non-Gaussian attacks on a continuous-variable quantum-key-distribution system,” Phys. Rev. Lett.98, 030503 (2007). [CrossRef] [PubMed]
  38. A. Ferenczi, P. Grangier, and F. Grosshans, “Calibration attack and defense in continuous variable quantum key distribution,” IQEC Conf. Digest IC13 (2007).
  39. H. Häseler, T. Moroder, and N. Ltkenhaus, “Testing quantum devices: practical entanglement verification in bipartite optical systems,” Phys. Rev. A77, 032303 (2007). [CrossRef]
  40. M. Matsui, “Linear cryptoanalysis method for DES cipher,” in EUROCRYPT 1993, 386–397 (1993).
  41. P. Jouguet and S. Kunz-Jacques, “High performance error correction for quantum key distribution using polar codes,” arXiv:1204.5882 [quant-ph] (2012).
  42. A. Leverrier, F. Grosshans, and P. Grangier, “Finite-size analysis of continuous-variable quantum key distribution,” Phys. Rev. A81, 062343 (2010). [CrossRef]

Cited By

Alert me when this paper is cited

OSA is able to provide readers links to articles that cite this paper by participating in CrossRef's Cited-By Linking service. CrossRef includes content from more than 3000 publishers and societies. In addition to listing OSA journal articles that cite this paper, citing articles from other participating publishers will also be listed.


« Previous Article  |  Next Article »

OSA is a member of CrossRef.

CrossCheck Deposited