Abstract
In recent years, a large quantity of work have been done to narrow the gap between theory and practice in quantum key distribution (QKD). However, most of them are focus on two-party protocols. Very recently, Yao Fu et al proposed a measurement-device-independent quantum cryptographic conferencing (MDI-QCC) protocol and proved its security in the limit of infinitely long keys. As a step towards practical application for MDI-QCC, we design a biased decoy-state measurement-device-independent quantum cryptographic conferencing protocol and analyze the performance of the protocol in both the finite-key and infinite-key regime. From numerical simulations, we show that our decoy-state analysis is tighter than Yao Fu et al. That is, we can achieve the nonzero asymptotic secret key rate in long distance with approximate to 200km and we also demonstrate that with a finite size of data (say 1011 to 1013 signals) it is possible to perform secure MDI-QCC over reasonable distances.
© 2016 Optical Society of America
1. Introduction
Quantum key distribution (QKD) [1,2] allows two authorized parties, Alice and Bob, to generate secret keys in the presence of eavesdropper who may have unlimited computing resources and technological advances. Theoretically, the unconditional security of QKD is guaranteed by the laws of quantum mechanics [3–5 ]. However, imperfections of the QKD devices bring about differences between theoretical and practical security of QKD. Indeed, especially by exploiting imperfections in the detectors in practical realizations, several specific attacks [6–14 ] have been successfully launched against practical QKD systems.
To fill this gap between theory and practice, an innovative scheme measurement-device-independent QKD (MDI-QKD) have been proposed by Lo, Curty and Qi [15] that removes all detector side-channel attacks. Whereafter, a quantity of work in both theory [16–27 ] and experiment [28–33 ] are done to push MDI-QKD from idea to application. However, almost all of them are so-called two-party protocols, that is, distributing secret key between two authorized parties, Alice and Bob. Yet, multiparty quantum communication protocols do exist, such as quantum cryptographic conferencing (QCC) [34–36 ], quantum secret sharing (QSS) [37–43 ] and third-man quantum cryptography [44]. Even with state-of-the-art technologies, all of them still face the same constraints-lack of high intensity source and remote reliable distribution of the GHZ states.
Fortunately, recently Yao Fu et al proposed a feasible scheme called Measurement-Device-Independent Quantum cryptographic conferencing (MDI-QCC) [23] which manifests the possibility for practical applications of multiparty quantum communication with measurement-device-independent (MDI) [15] technologies. More concretely, MDI-QCC is a protocol for multiparty QKD [34] by combining the decoy-state [45–47 ] and the MDI technologies, which realizes a common secret keys to be securely shared among the multiparty legitimate users. As an example of a MDI-QCC scheme (see Fig. 1), each of Alice, Bob and Charlie prepares quantum states with weak coherent pulses just the same as the states in the BB84 protocol [48] and sends them to an untrusted fourth party located in the middle node, David. David is supposed to perform a GHZ-state measurement which projects the incoming signals into a GHZ state and broadcasts the measurement result. In MDI-QCC, the measurement setting is only used to post-select entanglement [23] (in an equivalent virtual protocol) among Alice, Bob and Charlie, so all detector side-channel attacks are removed.
In practical situations, a real QKD system is completed in finite time which leads to the fi-nite size effect of processing data. This problem has recently drawn increasing attention and tight finite-key analyses for typical standard QKD [49–57 ] have also been derived. Of these, Tomamichel et al. [56] presented tight finite-key analysis of BB84 protocol based on the uncertainty relation for smooth entropies and this method is extended to the protocols like passive decoy state protocol [58], one-sided device independent QKD [59] and B92 protocol [60] in finite regime.
Here, we would like to point out that in the MDI-QCC protocol given by Yao Fu et al the security bound they give is in asymptotic limit and the probability of choosing basis is balanced. It is well-known that the biased basis choices contribute to the secret key rate which is indicated by the proposed efficient decoy-state BB84 protocol. Thus, in this paper we design a biased decoy-state MDI-QCC and analyse the performance of the protocol in both the finite-key and infinite-key regime.
The rest of this paper is organized as follows. In Sec. 2, we put forward the protocol of biased decoy-state MDI-QCC in detail. Sec. 3 introduces the method and formulas that are used in our finite-key analysis. The numerical simulation for our results is shown in Sec. 4 and the conclusion is summarized in Sec. 5.
2. Protocol definition
The setup is illustrated in Fig. 1. Alice, Bob and Charlie generate quantum states with phase-randomised laser separately. Each pulse is prepared in a BB84 state with biased bases, denoted as Z and X. The states are sent to the fourth party—an untrusted relay David located in the middle node. David is supposed to perform a GHZ-state measurement.
Next, David announces whether or not his measurements are successful and which GHZ state he obtained. Alice, Bob and Charlie keep the data that correspond to the instances where the relay outputs successful results and they use the same basis in their transmission. Finally, Alice flips part of her bits. Then Alice, Bob and Charlie share the same cryptographic conferencing raw key. It should be pointed out that the GHZ entanglement purification technique [61–63 ] guarantees the information-theoretic security of our multiparty quantum communication protocol. A detailed description of the biased decoy-state MDI-QCC protocol are presented below.
- State Preparation. Alice, Bob and Charlie repeat the first four steps of the protocol for i = 1,...,N. till the conditions in Sifting step are met. For each i, Alice chooses an intensity with probability p ai ∈ W := {pμ, pυ, p 0}, a basis with probability q ai ∈ {pZ = 1 − pX, pX} and a random bit ki ∈ {0, 1}. Next, she generates a quantum signal (e.g., a phase-randomised WCP) of intensity prepared in the basis of given by ki. Likewise, Bob and Charlie do the same. That is, Bob(Charlie) also generates a quantum signal of intensity ( ) prepared in the basis of ( ) given by ki.
- Distribution. Alice, Bob and Charlie send their quantum signals to the untrusted fourth party David located in the middle node.
- Measurement. David performs a GHZ-state measurement which projects the incoming signals into a GHZ state. He only identifies two of the eight GHZ states which are and . In any case, he announces whether or not his measurement was successful. If successful, he reveals which GHZ state he obtained. Notice that only if all of Alice, Bob and Charlie choose X basis and David obtains a GHZ state , Alice performs a bit flip. The data of Z basis are used to generate the cryptographic conferencing keys, while the data of X basis are totally used to estimate errors.
- Sifting. If David declares a successful measurement, Alice, Bob and Charlie broadcast (via an authenticated channel) the intensity and the basis settings they chose. Alice, Bob and Charlie divide the raw key into following three sets: Where k′i ≠ ∅ indicates that David obtain a successful measurement. The protocol repeats these steps until |N 000| ≥ n 000, , where n 000, , are selected in advance and α, β, γ ∈ U.
- Parameter Estimation. First, a raw key (XA, XB, XC) is generated by choosing a random sample of size of Z = ∪α,β,γ∈U Zαβγ where and nZ is the postprocessing block size. Note that all intensity settings Alice, Bob and Charlie chose in Z basis are used to generate raw key and we can calculate the lower bound of with decoy state. Second, they announce a random sample of size of X = ∪α,β,γ∈U Xαβγ to compute the corresponding number of bit errors . Note that with decoy states, we can also calculate the upper bound of .
- Post Processing. First, let Alice’s raw key be the standard. Bob and Charlie apply a one-way error correction scheme and correct their strings so that Bob’s and Charlie’s raw key match Alice’s. If error correction fails, they abort the protocol. Second, to make the leakage of information on keys as little as possible, Alice chooses a two-universal hash function randomly to extract the final secret key. Then Bob and Charlie use the same two-universal hash function as Alice does to extract the final secret key.
It should be noted that our protocol is apparently different from that of [23]. Firstly, in State Preparation, the biased probability of choosing basis is clearly characterized. However, in the protocol definition of [23] the biased probability of choosing basis is balanced. Secondly, in Sifting and Parameter Estimation, we extract the raw key from all the data of Z basis, while the data of X basis are totally used to estimate errors. That is, all intensity levels including the vacuum states, decoy states and signal states in the Z basis contribute to the raw keys in our protocol, which brings larger raw keys than the one in [23].
3. Finite-key analysis
In practical implementations of QKD, the number of signals used to draw a secure key are finite. This leads to the effect of finite-size data in real-life experiments which means various statistical fluctuation [53]exists in the parameter estimation step. Hence, in this paper, we mainly consider the finite-size effect on the estimation of single-photon yield, single-photon error rate and for simplicity, we consider that single-photon error rate ( ) caused by the three single-photon pulses in the X basis is equal to the phase error rate in Z basis.
3.1. Single-photon detections
We assume Alice(Bob and Charlie) has three sources oA, υA, μA (oB, υB, μB and oC, υC, μC), which can only emit three different states ρ oA = |0〉 〈0|, ρ υA, ρ μA (ρ oB = |0〉 〈0|, ρ υB, ρ μB, ρ oC = |0〉 〈0|, ρ υC, ρ μC), respectively. Suppose
and we request the states satisfy the following condition:Let be the number of successful detections observed by David given that Alice sends n-photon states, Bob sends m-photon states and Charlie sends k-photon states all in Z basis. Note let be total number of successful detections observed by David when Alice, Bob and Charlie set the intensity of α, β, γ in Z basis respectively. In the asymptotic limit, we have
where pαβγ,z = pαpβpγpZ and pα, pβ, pγ ∈ W. is the conditional probability of choosing the intensity α, β, γ given that Alice sent n-photon states, Bob sent m-photon states and Charlie sent k-photon states.Explicitly, consider the number of successful events happened corresponding to pulses from source μaυbυc(μaμbμc) in Z basis that is in State Preparation step where Alice choose an intensity υa, Bob choose an intensity μb and Charlie choose an intensity υc.
where andIn order to get a lower bound of denoted as , we should derive the lower bound of denoted as with Eqs. (2) and (3). First. Combining Eqs. (2) and (3), we obtain the expression of by eliminating g 121. we can get
whereUnder the conditions presented in Eq. (1), we can easily find out that (b 1 b′ 2 − b′ 1 b 2) ≥ 0 and (b 2 b′mc 1 c′k − b′ 2 bmc′ 1 ck) ≥ 0 for all m ≥ 1, k ≥ 1. Then we know that fnmk ≥ 0 hold for all (n, m, k) ∈ G 0. With this fact, we obtain a lower bound of from Eqs. (2) and (3) by setting gmnk = 0, (m, n, k) ∈ G 0 such that where is defined by Eq. (4).
In finite regime, every GHZ-state measurement performed by David can be regarded as a independent event. We employ Chernoff bound [64,65] to character the statistical fluctuation. It should be pointed out that the fluctuation bounds given by Hoeffding inequality [66] or Azuma’s inequality [67]are far from ideal in long-distance QKD. The main reason is that they do not take the a priori distribution into consideration. In contrast, Chernoff bound exploits the property of the distribution and provides good bounds even in a high-loss regime. We have that the expected value and the actual value satisfies except with error probability εH + εM + ε̂M, where δε lies in the interval [−Δαβγ, Δ̂αβγ] with and and where . Considering the fluctuations of the expected value , we have
where3.2. Single-photon errors
First, let be the error numbers given that Alice sends n -photon states, Bob sends m-photon states and Charlie sends k-photon states all in X basis and noted that , pαβγ,X = pαpβpγpX.
Then, consider the error caused by the three single-photon pulses in the X basis, say . Similar to the total gain, the total error numbers with source αβγ chosen by Alice, Bob and can be written as
where andAccording to Eq. (6), we can find out the upper bound of such that
For finite sample sizes, also using Chernoff bound for independent events [64, 65], we have that the expected value and the actual value satisfies , except with error probability εH + εM + ε̂M, where δε lies in the interval [−Λαβγ, Λ̂αβγ] with and , and where . Considering the fluctuations of the expected value , we have
where3.3. Secret key rate
We analyse the behavior of the secret key rate provided in [23] in finite regime such that
For the average overall gain , and the average quantum bit error numbers , they can be directly measured in the experiment. Then for simulation purpose, , and can be theoretically calculated based on the channel model which are show in supplemental material of [23]. Here, all of them have been elided for brevity.
4. Numerical simulation
In order to compare with results in the asymptotic case, we consider the same experimental setup in [23], where Alice, Bob and Charlie encode their bits in the polarization degrees of freedom of phase-randomised WCPs and David uses the linear optics quantum relay which is assumed to identify two of the eight GHZ states. By assuming a fiber-based channel model, we numerically show the performance of our protocol with finite-length key.
Let ηc = 10−βL/10 be the fiber transmission; ηd is the quantum efficiency of David’s detectors; pd is the background count rate; f is the error-correction efficiency; ed represents the overall misalignment-error probability of the system. For better comparison, we borrow experimental parameters from [23] listed in Table 1.
In Fig. 2, we present the numerically stimulation of secret-key rates with different values of px when the total pulses N are fixed to be 1011. One can see that the secret key rate increases gradually with gradual decreasing of px and when the px is close to 0.1, the secret key rate scarcely increases. In finite regime, the bigger px means more precise estimation for . Otherwise, the bigger pZ means more generation of raw key. Thus, weighing the pros and cons, px = 0.1 is found to be optimal for the scenario where the total pulses N are fixed to be 1011.
In Fig. 3, the numerically optimized secret-key rates from left to right are obtained by Eq. (7) for a fixed number of total pulses N=10j with j = 11, 11.5, 12,...,13, respectively, where px is optimally chosen for each N. We can see that a finite data size reduces the efficiencies, while it also demonstrates the possibility of implementations of MDI-QCC within a reasonable data size (1011).
In Fig. 4, in infinite-key regime(dashed curves), we can see that our decoy-state analysis is tighter than that of [23]. That is, we can achieve the nonzero asymptotic secret key rate in long distance with approximate to 200km.
5. Conclusion
In conclusion, we present a biased decoy-state measurement-device-independent quantum cryptographic conferencing protocol in detail and give the finite-key analysis for this protocol by using Chernoff bound. From numerical simulations, we remark that finite resources have a great effect on the secret key rate and it is possible to perform secure MDI-QCC over a reasonable distances with finite data size of 1011.
Importantly, the finite-key analysis we present in Sec. III is valid for other practical single photon sources of which the photon-number distribution should satisfy Eq. (1), such as triggered spontaneous parametric down-conversion sources. In addition, our analysis can also be directly applied to the finite-key analysis of MDI-QSS [23] protocol.
Furthermore, we present tighter analytical formulas for the decoy-state analysis to estimate the lower bound of the yield ( ) and the upper bound of errors ( ) of three-single-photon pulses sent by Alice Bob and Charlie. Our results clearly demonstrate that we can achieve the nonzero asymptotic secret key rate in long distance with approximate to 200km. In future work, further research is to present tight finite analysis against general attacks with the uncertainty relation for smooth entropies.
Acknowledgments
The authors gratefully acknowledge the financial support from the National Basic Research Program of China (Grant No. 2013CB338002) and the National Natural Science Foundation of China (NSFC) (Grants No.11304397 and No.61505261).
References and links
1. N. Gisin, G. Ribordy, W. Tittel, and H Zbinden, “Quantum cryptography,” Rev. Mod. Phys. 74, 145 (2002) [CrossRef]
2. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lutkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81, 1301 (2009) [CrossRef]
3. H.-K. Lo and H.F. Chau, “Unconditional security Of quantum key distribution over arbitrarily long distances,” Science 283, 2050 (1999) [CrossRef] [PubMed]
4. P. W. Shor and J. Preskill, “Simple proof of security of the BB84 quantum key distribution protocol,” Phys. Rev. Lett. 85, 441 (2000) [CrossRef] [PubMed]
5. D. Mayers, “Unconditional security in quantum cryptography,” J. ACM 48, 351 (2001) [CrossRef]
6. B. Qi, C.-H. F. Fung, H.-K. Lo, and X. Ma, “Time-shift attack in practical quantum cryptosystems,” Quantum Inf. Comput. 7, 73 (2007)
7. C.-H. F. Fung, B. Qi, K. Tamaki, and H.-K. Lo, “Phase-remapping attack in practical quantum-key-distribution systems,” Phys. Rev. A 75, 032314 (2007) [CrossRef]
8. Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, “Quantum hacking: experimental demonstration of time-shift attack against practical quantum-key-distribution systems,” Phys. Rev. A 78, 042333 (2008) [CrossRef]
9. F. Xu, B. Qi, and H.-K. Lo, “Experimental demonstration of phase-remapping attack in a practical quantum key distribution system,” New J. Phys. 12, 113026 (2010) [CrossRef]
10. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics 4, 686 (2010) [CrossRef]
11. Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Avoiding the blinding attack in QKD,” Nat. Photonics 4, 800 (2010) [CrossRef]
12. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Avoiding the blinding attack in QKD,” Nat. Photonics 4, 801 (2010) [CrossRef]
13. I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurtsiefer, and V. Makarov, “Full-field implementation of a perfect eavesdropper on a quantum cryptography system,” Nat. Commun. 2, 349 (2011) [CrossRef] [PubMed]
14. H.-W. Li, S. Wang, J.-Z. Huang, W. Chen, Z.-Q. Yin, F.-Y. Li, Z. Zhou, D. Liu, Y. Zhang, G.-C. Guo, W.-S. Bao, and Z.-F. Han, “Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources,” Phys. Rev. A 84, 062308 (2011) [CrossRef]
15. H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 108, 130503 (2012) [CrossRef] [PubMed]
16. X. Ma, C.-H.F. Fung, and M. Razavi, “Statistical fluctuation analysis for measurement-device-independent quantum key distribution,” Phys. Rev. A 86, 052305 (2012) [CrossRef]
17. X. Ma and M. Razavi, “Alternative schemes for measurement-device-independent quantum key distribution,” Phy. Rev. A 86, 062319 (2012) [CrossRef]
18. X.-B. Wang, “Three-intensity decoy-state method for device-independent quantum key distribution with basis-dependent errors,” Phys. Rev. A 87, 012320 (2013) [CrossRef]
19. F. Xu, M. Curty, B. Qi, and H.-K. Lo, “Practical aspects of measurement-device-independent quantum key distribution,” New J. Phys. 15, 113007 (2013) [CrossRef]
20. M. Curty, F. Xu, W. Cui, C. C. W. Lim, K. Tamaki, and H.-K. Lo, “Finite-key analysis for measurement-device-independent quantum key distribution, ” Nat. Commun. 5, 3732 (2014) [CrossRef] [PubMed]
21. F. Xu, B. Qi, Z. Liao, and H.-K. Lo, “Long distance measurement-device-independent quantum key distribution with entangled photon sources,” Appl. Phys. Lett. 103, 061101 (2013) [CrossRef]
22. F. Xu, H. Xu, and H.-K. Lo, “Protocol choice and parameter optimization in decoy-state measurement-device-independent quantum key distribution,” Phys. Rev. A 89, 052333 (2014) [CrossRef]
23. Y. Fu, H.-L. Yin, T.-Y. Chen, and Z.-B. Chen, “Long-distance measurement-device-independent multiparty quantum communication,” Phys. Rev. Lett. 114, 090501 (2015) [CrossRef] [PubMed]
24. C. Zhou, W.-S. Bao, W. Chen, H.-W. Li, Z.-Q. Yin, Y. Wang, and Z.-F. Han, “Phase-encoded measurement-device-independent quantum key distribution with practical spontaneous-parametric-down-conversion sources,” Phys. Rev. A 88, 052333 (2013) [CrossRef]
25. C. Zhou, W.-S. Bao, H.-L Zhang, H.-W. Li, Y. Wang, Y. Li, and X. Wang, “Biased decoy-state measurement-device-independent quantum key distribution with finite resources,” Phys. Rev. A 91, 022313 (2015) [CrossRef]
26. F. Xu, “Measurement-device-independent quantum communication with an untrusted source,” Phys. Rev. A 92, 012333 (2015) [CrossRef]
27. Y.-H. Zhou, Z.-W. Yu, and X.-B. Wang, “Making the decoy-state measurement-device-independent quantum key distribution practically useful,” http://arxiv.org/abs/1502.01262
28. A. Rubenok, J. A. Slater, P. Chan, I. Lucio-Martinez, and W. Tittel, “Real-world two-photon interference and proof-of-principle quantum key distribution immune to detector attacks,” Phys. Rev. Lett. 111, 130501 (2013) [CrossRef] [PubMed]
29. Y. Liu, T.-Y. Chen, L.-J. Wang, H. Liang, G.-L. Shentu, J. Wang, K. Cui, H.-L. Yin, N.-L. Liu, L. Li, X. Ma, J. S. Pelc, M. M. Fejer, C.-Z. Peng, Q. Zhang, and J.-W. Pan, “Experimental measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 111, 130502 (2013) [CrossRef] [PubMed]
30. T. Ferreira da Silva, D. Vitoreti, G. B. Xavier, G. C. do Amaral, G. P. Temporao, and J. P. von der Weid, “Proof-of-principle demonstration of measurement-device-independent quantum key distribution using polarization qubits,” Phys. Rev. A 88, 052303 (2013) [CrossRef]
31. Z. Tang, Z. Liao, F. Xu, B. Qi, L. Qian, and H.-K. Lo, “Experimental demonstration of polarization encoding measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 112, 190503 (2014) [CrossRef] [PubMed]
32. Y.-L. Tang, H.-L. Yin, S.-J. Chen, Y. Liu, W.-J. Zhang, X. Jiang, L. Zhang, J. Wang, L.-X. You, J.-Y. Guan, D.-X. Yang, Z. Wang, H. Liang, Z. Zhang, N. Zhou, X. Ma, T.-Y. Chen, Q. Zhang, and J.-W. Pan, “Measurement-device-independent quantum key distribution over 200 km,” Phys. Rev. Lett. 113, 190501 (2014) [CrossRef] [PubMed]
33. R. Valivarthi, I. Lucio-Martinez, P. Chan, A. Rubenok, C. John, D. Korchinski, C. Duffin, F. Marsili, V. Verma, M. D. Shaw, J. A. Stern, S. W. Nam, D. Oblak, Q. Zhou, J. A. Slater, and W. Tittel, “Measurement-device-independent quantum key distribution: from idea towards application,” J. Mod. Opt. 62, 1141 (2015) [CrossRef]
34. S. Bose, V. Vedral, and P. L. Knight, “Multiparticle generalization of entanglement swapping,” Phys. Rev. A 57, 822 (1998) [CrossRef]
35. K. Chen and H.-K. Lo, “Multi-partite quantum cryptographic protocols with noisy GHZ states,” Quantum Inf. Comput. 7, 689 (2007)
36. C. Zhu, F. Xu, and C Pei, “W-state analyzer and multi-party measurement-device-independent quantum key distribution,” Sci. Rep. 5, 17449 (2015) [CrossRef] [PubMed]
37. M. Hillery, V. Buzek, and A. Berthiaume, “Quantum secret sharing,” Phys. Rev. A 59, 1829 (1999). [CrossRef]
38. R. Cleve, D. Gottesman, and H.-K. Lo, “How to share a quantum secret,” Phys. Rev. Lett. 83, 648 (1999). [CrossRef]
39. W. Tittel, H. Zbinden, and N. Gisin, “Experimental demonstration of quantum secret sharing,” Phys. Rev. A 63, 042301 (2001). [CrossRef]
40. Y.-A. Chen, A.-N. Zhang, Z. Zhao, X.-Q. Zhou, C.-Y. Lu, C.-Z. Peng, T. Yang, and J.-W. Pan, “Experimental quantum secret sharing and third-man quantum cryptography,” Phys. Rev. Lett. 95, 200502 (2005) [CrossRef] [PubMed]
41. S. Gaertner, C. Kurtsiefer, M. Bourennane, and H. Weinfurter, “Experimental demonstration of four-party quantum secret sharing,” Phys. Rev. Lett. 98, 020503 (2007) [CrossRef] [PubMed]
42. C. Schmid, P. Trojek, M. Bourennane, C. Kurtsiefer, M. Żukowski, and H. Weinfurter, “Experimental single qubit quantum secret sharing,” Phys. Rev. Lett. 95, 230505 (2005) [CrossRef] [PubMed]
43. B. A. Bell, D. Markham, D. A. Herrera-Mart, A. Marin, W. J. Wadsworth, J. G. Rarity, and M. S. Tame, “Experimental demonstration of graph-state quantum secret sharing,” Nat. Commun. 5, 5480 (2014) [CrossRef] [PubMed]
44. M. Żukowski, A. Zeilinger, M. A. Horne, and H. Weinfurter, “Quest for GHZ states,” Acta Phys. Pol. A 93, 187 (1998) [CrossRef]
45. W.-Y. Hwang, “Quantum key distribution with high loss: toward global secure communication,” Phys. Rev. Lett. 91, 057901 (2003) [CrossRef] [PubMed]
46. H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. 94, 230504 (2005) [CrossRef] [PubMed]
47. X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. 94, 230503 (2005) [CrossRef] [PubMed]
48. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings IEEE of International Conference on Computers, Systems and Signal Processing (IEEE, 1984), pp. 175–179
49. M. Hayashi, “Upper bounds of eavesdroppers performances in finite-length code with the decoy method,” Phys. Rev. A 76, 012329 (2007) [CrossRef]
50. J. Hasegawa, M. Hayashi, T. Hiroshima, and A. Tomita, “Security analysis of decoy state quantum key distribution incorporating finite statistics,” http://arxiv.org/abs/0707.3541
51. H.-W. Li, Y.-B. Zhao, Z.-Q. Yin, S. Wang, Z.-F. Han, W.-S. Bao, and G.-C. Guo, “Security of decoy states QKD with finite resources against collective attacks,” Opt. Commun. 282, 4162 (2009) [CrossRef]
52. M. Christandl, R. König, and R. Renner, “Postselection technique for quantum channels with applications to quantum cryptography,” Phys. Rev. Lett. 102, 020504 (2009) [CrossRef] [PubMed]
53. X. F. Ma, B. Qi, Y. Zhao, and H. K. Lo, “Practical decoy state for quantum key distribution,” Phys. Rev. A 72, 012326 (2005) [CrossRef]
54. N.H.Y. Ng, M. Berta, and S. Wehner, “Min-entropy uncertainty relation for finite-size cryptography,” Phys. Rev. A 86, 042315 (2012) [CrossRef]
55. M. Hayashi and T. Tsurumaru, “Concise and tight security analysis of the BennettCBrassard 1984 protocol with finite key lengths,” New. J. Phys. 14, 093014 (2012) [CrossRef]
56. M. Tomamichel, C.C.W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” Nat. Commun. 3, 634 (2012) [CrossRef] [PubMed]
57. C.C.W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden, “Concise security bounds for practical decoy-state quantum key distribution,” Phys. Rev. A 89, 022307 (2014) [CrossRef]
58. C. Zhou, W.-S. Bao, H.-W. Li, Y. Wang, Y. Li, Z.-Q. Yin, W. Chen, and Z.-F. Han, “Tight finite-key analysis for passive decoy-state quantum key distribution under general attacks,” Phys. Rev. A 89, 052328 (2014) [CrossRef]
59. Y. Wang, W.-S. Bao, H.-W. Li, C. Zhou, and Y. Li, “Finite-key analysis for one-sided device-independent quantum key distribution,” Phys. Rev. A 88, 052322 (2013) [CrossRef]
60. M. Mafu, K. Garapo, and F. Petruccione, “Finite-size key in the Bennett 1992 quantum-key-distribution protocol for Rényi entropies,” Phys. Rev. A 88, 062306 (2013). [CrossRef]
61. E. N. Maneva and J. A. Smolin, “Improved two-party and multi-party purification protocols,” Contemp. Math. 305, 203 (2002) [CrossRef]
62. C. H. Bennett, D. P. DiVincenzo, J. A. Smolin, and W. K. Wootters, “Mixed-state entanglement and quantum error correction,” Phys. Rev. A 54, 3824 (1996) [CrossRef] [PubMed]
63. W. Dür, J. I. Cirac, and R. Tarrach, “Separability and distillability of multiparticle quantum systems,” Phys. Rev. Lett. 83, 3562 (1999) [CrossRef]
64. H. Chernoff, “A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations,” Ann. Math. Sat. 23, 493 (1952) [CrossRef]
65. M. Curty, F. Xu, W. Cui, C. C. W Lim, K. Tamki, and H. K. Lo, “Finite-key analysis for measurement-device-independent quantum key distribution,” Nat. Commun. 5, 3732 (2014). [CrossRef] [PubMed]
66. W. Hoeffding, “Probability inequalities for sums of bounded random variables,” J. Am. Stat. Assoc. 58, 13 (1963) [CrossRef]
67. K. Azuma, “Weighted sums of certain dependent random variables,” Tôhoku Math. J. 19, 357 (1967). [CrossRef]