Abstract
There is no doubt that measurement-device-independent quantum key distribution (MDI-QKD) is a crucial protocol that is immune to all possible detector side channel attacks. In the preparation phase, a simulation model is usually employed to get a set of optimized parameters, which is utilized for getting a higher secure key rate in reality. With the implementation of high-speed QKD, the afterpulse effect which is an intrinsic characteristic of the single-photon avalanche photodiode is no longer ignorable, this will lead to a great deviation compared with the existing analytical model. Here we develop an afterpulse-compatible MDI-QKD model to get the optimized parameters. Our results indicate that by using our afterpulse-compatible model, we can get a much higher key rate than the prior afterpulse-omitted model. It is significant to take the afterpulse effect into consideration because of the improvement of the system working frequency.
© 2022 Optica Publishing Group under the terms of the Optica Open Access Publishing Agreement
1. Introduction
Quantum key distribution (QKD) [1,2] can share a private key between two authorized partners securely, its security is guaranteed by the physical law of quantum mechanics. By using the one-time pad, such a key can encrypt further communications between Alice and Bob, which has been proven to be information-theoretically secure [3,4]. However, there is a gap between the theory and its practical implementations because of the imperfection of the equipment.
In order to close all possible loopholes existing in practical QKD systems, device-independent QKD [5] protocols have been proposed, whose security does not rely on the details of implementation devices but the violation of Bell’s inequalities or other nonlocality tests. But it is hard to get a secure key rate in a long distance and it requires very high detection efficiency. A close examination of hacking strategies [6–11] indicates that most loopholes exist in the detection part of QKD systems, along this line, measurement-device-independent QKD (MDI-QKD) [12,13] is proposed, which is practical and removes all side channels on the vulnerable detection side. And many experiments are achieved [14–17] in recent years.
However, the performance of practical MDI-QKD systems is closely related to the selection of the optimized parameters, which include the intensities and their corresponding sending probabilities. In the preparation phase, users usually optimize the set of the optimized parameters for obtaining a better secure key rate. The calculation of the secure key rate can be divided into two steps. First, according to the set of optimized parameters, a model is employed to simulate the experimental observed values including the gains and the bit error rates in different intensities. Then by combining a statistical fluctuation analysis method [18–21], the secure key rate can be obtained. The accuracy of the model is necessary for obtaining a higher secure key rate in practical systems.
Actually, if we omit the device imperfections in our model, the set of parameters can’t fully leverage the performance of practical systems. This problem has attracted much attention in recent years [22–24]. Single-photon avalanche detectors (SPADs) are widely used for single-photon detection in practical QKD [25], because of low price and great robustness. One of the most important effects in SPADs is the afterpulse [18]. Because of the material defects, carriers created by the former avalanche were trapped at a deep energy level in the junction depletion region, and then, by the thermal fluctuation, the trapped carriers are released from the traps to form the afterpulses. The overall afterpulse rate can be affected by the type of trap, carrier lifetime, hold-off time, etc. And with the increase of the operating frequency of detectors, the effect of afterpulse will significantly increase.
In the prior model [19,26,27], we omitted the effect of afterpulse. But as the QKD systems move into the gigahertz regime, the afterpulse effect is no longer ignorable. It makes the gain and quantum bit error rate (QBER) deviate from real values. Especially for the decoy-state method [28–31], the afterpulse caused by the high intensity of signal states will increase the QBER of decoy states. In addition, if we use the optimized parameters by the prior model in real systems, there will be a certain amount of waste of the performance. An accurate model is needed for better employing the performance of the system.
In this paper, an afterpulse-compatible model is proposed. We get the secure key rate by our model in conjunction with the double-scanning method [21]. With the increase of the overall afterpulse rate, our afterpulse-compatible model can get a much higher secure key rate than the afterpulse-omitted model, especially when the distance is long or the total number of pulses is few. It can be shown that our model is much more tolerant of the afterpulse.
This article is organized as follows. In section 2, we develop an afterpulse-compatible model. Section 3. presents the simulation results of secure key rate by employing the double-scanning method [21] and makes a discussion, which shows that our afterpulse-compatible model is more tolerant of the overall afterpulse rate than the prior model. Finally, we show some conclusions in section 4.
2. Model
In this paper, a four-detector system [13] is used as an example. In reality, there are also many schemes with dual-detector [26], our model is still usable. The system is shown in Fig. 1.
In normal MDI-QKD protocol, Alice and Bob send pulses to Charlie for doing the Bell-state measurement. The intensities of Alice and Bob’s pulses are selected randomly from predetermined sets, which are denoted as $l_A$ and $r_B$ respectively. And the encoding states are selected from the set $\{|0\rangle,|1\rangle,|+\rangle,|-\rangle \}$, which are denoted as $\psi _A$ and $\phi _B$. $|0\rangle$ and $|1\rangle$ belong to the $Z$-basis, $|+\rangle$ and $|-\rangle$ belong to the $X$-basis. Subscript A (B) is used to denote a variable or a parameter that belongs to Alice (Bob). For simplicity, we omit the subscript A or B if not causing any ambiguity. $\mathcal {I}$ is employed to denote the combination of the intensities of Alice and Bob, and $\mathcal {S}$ is employed to denote the combination of the encoding states of Alice and Bob,
In $\mathcal {I}$ ($\mathcal {S}$), the first symbol of each element represents Alice’s intensity (state) and the second symbol represents Bob’s intensity (state). Just to make it easier to understand, we rewrite the encoding states of Alice and Bob in the form of $c_0|0\rangle +c_1|1\rangle$ and $c_0'|0\rangle +c_1'|1\rangle$, the relation between the coefficients $c_0$ and $c_1$ with the states is shown in Table 1, and the coefficients $c_0'$ and $c_1'$ are in the same way.
In the prior model [19,26,27], the afterpulse’s effect is omitted in the process of calculating the gain and the QBER. Alice and Bob prepare phase randomized weak coherent states with intensities $\mathcal {I}$ and states $\mathcal {S}$:
Therefore, the optical intensity received by each SPAD is given by
And the detection probabilities for the four detectors are given by
Now we consider the afterpulse to improve the simulation model. Defects and impurities in the multiplication layer of the SPAD captured carriers which are created by ignition avalanche [32]. Due to thermal fluctuation, the trapped carriers will be released over time. Usually, the release lifetime is dependent on the type of trap and can vary from 10 ns to several microseconds [33]. If there is a large reverse bias in the multiplication layer at this time, the released carriers will produce an avalanche response again, which is called the afterpulse. That is, the future afterpulse is not only caused by the current response but also correlated to the history of the response, the afterpulse of a SPAD is non-Markov in nature [34].
Here the afterpulse can be divided into different orders. We define that the $k$th-order $(k>1)$ afterpulse is the afterpulse which is ignited by the $(k-1)$th-order afterpulse [22], and the first-order afterpulse is ignited by the light pulse and dark count. The probability of the first-order afterpulse, $P_{ap}^{(1)}$, is given by
where Gate 0 is the current detection window, $Q_j^{d}$ is the gain of the Gate $j$ which is caused by light pulse and dark count, and $\hat p_j$ is the corresponding afterpulse rate coefficient, which represents the probability of the afterpulse ignited by the avalanche of Gate $j$ in the current detection window, it can be measured accurately. In appendix A of Ref. [24], a feasible approach is proposed. The specific description of the Gate is shown in Fig. 2. Beacuse of the random of the states, the intensities, and their corresponding sending probabilities of sending pulses, on average, $Q_j^{d}$ is equal to $Q^{d}$, a weighted average of the gain of varying intensities:It should be noted that $Q^{d}$ of different detectors are the same, because Alice and Bob encode $|0\rangle$ and $|1\rangle$ ($|+\rangle$ and $|-\rangle$) with the same probability. Therefore,
Moreover, the $k$th-order afterpulse $(k>1)$ is caused by the $(k-1)$th-order afterpulse, $P_{ap}^{(k)}$ can be given by a recursion chain
So, it is easy to get the probability of afterpulse
Because $P_{ap}^{(k)}$ is small, only the first order terms are reserved in Eq. (13), namely, $P_{ap}^{(k_1)}P_{ap}^{(k_2)} \cong 0$. Then we obtain the approximate equation of Eq. (13)
With the probability of afterpulse $P_{ap}$, the gain of detector can be rewrite:
Eq. (7) should be revised as follows:
Moreover, the QBER can be obtained by the gain $Q^{\mathcal {I}\mathcal {S}}_{\Psi ^{-}}$ and $Q^{\mathcal {I}\mathcal {S}}_{\Psi ^{+}}$. For the case that the bases of Alice and Bob are all $Z$- or $X$-basis,
3. Simulation results and discussion
With the model presented in section 2, we can simulate the observed values in the experiment accurately. Then we present the numerical simulation by employing the 4-intensity MDI-QKD protocol and the double-scanning method which are shown in appendix A. For simplicity, we consider the case that the channels of Alice and Bob are symmetrical, that is to say, $L_A=L_B$, and the source parameters for Alice and Bob are the same, which include the intensities and their corresponding sending probabilities. Figure 2 of Ref. [21] shows that the simulation results of optimizing with the source parameters only and optimizing with all the parameters including the source parameters and failure probability parameters (different parts in Eq. (39) ) are almost the same, the optimization of failure probability parameters is of little use for getting a higher key rate. So we assume that failure probability parameters are equal. Here only the source parameters are optimized. The experimental parameters are listed in Table 2.
Figure 3 is the numerical results of our model with different values of $\hat {p}_{ap}$. From no afterpulse to the overall afterpulse rate $\hat p_{ap}$ is $2\%$, the final key rate falls faster with the improvement of $L$, where $L=L_A+L_B$ is the total distance between Alice and Bob. The reduction of the limiting secure-communication distance is about $30$ km. And the secure key rate with $2\%$ overall afterpulse rate is about an order of magnitude lower than the secure key rate without considering the overall afterpulse rate by employing our model. In summary, though the afterpulse increases the QBER, the secure key rate still performs well by employing our model. The specific comparison between our model and the prior afterpulse-omitted model are shown in Fig. 5 and Fig. 6. Fig. 4 shows optimized variables evolution with $\hat {p}_{ap}$ when $N=10^{11}$ and $L=25$ km. From this figure, the detailed impact of the afterpulse on parameter optimization can be revealed. In the 4-intensity MDI-QKD protocol, Alice and Bob send $Z$-basis with intensity $\mu$, and they send $X$-basis with intensities $\nu$, $\omega$ and $o$, where $o$ is the vacuum state. The intensity and the sending probability of the $Z$-basis are significantly higher than the $X$-basis, so the afterpulse is mainly ignited by the $Z$-basis. Because of the randomness of the afterpulse, the gain of the $Z$-basis will affect the gain of the $X$-basis significantly when the afterpulse is present, which will impact the estimation of the yield of the $Z$-basis. And similar to the responses caused by dark counts, the QBER of the responses caused by the afterpulses is 0.5, which will increase the QBER of the $X$-basis and impact the estimation of the phase-flip error of the single photon pairs in the $Z$-basis. To minimize the effect of the afterpulse, the intensity $\mu$ and its corresponding sending probabilities decrease with increasing $\hat {p}_{ap}$. Because the sum of sending probabilities is 1, the sending probabilities of the $X$-basis increase with increasing $\hat {p}_{ap}$. Moreover, to minimize the effect of the afterpulse caused by the intensity $\nu$, the intensity $\nu$ decreases with increasing $\hat p_{ap}$ slightly, and the increase of its corresponding sending probabilities will be smaller than the sending probabilities of the intensity $\omega$ and $o$.
Furthermore, Fig. 5 is the secure key rate as a function of $\hat p_{ap}$ with different distance when $N=10^{11}$. We employ our afterpulse-compatible model and the prior afterpulse-omitted model [27] to calculate the secure key rates with the double-scanning method [21]. In the prior model, Eq. (7) and Eq. (17) are employed to obtain the gain and the QBER, and in our model, Eq. (16) and Eq. (17) are employed. By optimizing the secure key rates, two sets of optimized parameters can be obtained. It should be noted that no matter what value is $\hat p_{ap}$, the set of the prior model is the same. Then we employ these sets to calculate the practical secure key rate with our model. The solid and dashed lines are the results of our model and the prior model, respectively. It can be shown that the solid lines are significantly greater than the dashed lines, especially in a higher $\hat p_{ap}$. With the improvement of the distance, the gap between them grows with the same $\hat p_{ap}$. And when the distance is kept constant, it can be seen that though $\hat p_{ap}$ is high, the secure key rate of our model is remaining high, but the afterpulse-omitted model is difficult to generate a secure key rate at this moment.
Figure 6 is the secure key rate as a function of $\hat p_{ap}$ with different numbers of pulses when $L=25$ km. As the total number of pulses decreases, the gap between them grows with the same $\hat p_{ap}$. These gaps show the susceptibility of a real system to operating parameters, especially in a long distance or a low number of pulses, and the necessity of an accurate model.
By analyzing the results, our model is significant in real-world systems which are inevitably affected by the afterpulse, with the parameters optimized by our model, the practical systems will better use of system functions and get a higher secure key rate. In contrast, by employing the prior model, it’s hard to get great results especially when the effect of afterpulse is obvious.
4. Conclusion
In conclusion, we consider the effect of the afterpulse in the simulation of the MDI-QKD protocol, our model is more accurate than the prior model. In our model, the afterpulse, which is caused by former detections, is considered as the third source of detector responses after a light pulse and dark count. In addition, we use the double-scanning method with Chernoff bound to analyze the effect of the afterpulse. Although the afterpulse makes the gains deviate from the values without considering the afterpulse and introduces more wrong counts that cause the improvement of the QBER, the model shown in this paper can also get a great result. And the secure key rate obtained with the optimized parameters by our model is higher than that obtained with the optimized parameters of the prior model in the same situation, especially if the distance is long or the total number of pulses is small.
With the rapid growth of the system working frequency, the effect of the afterpulse becomes increasingly severe, it is important to take the effect into consideration. Our work provides a valid way to construct an afterpulse-compatible MDI-QKD system with a high key rate preserved. By using the optimized parameters obtained with our afterpulse-compatible model, the performance of the system can be better exploited.
Appendix A. Calculation of the final key rate
The 4-intensity MDI-QKD protocol [20,35] has been the mainstream protocol of MDI-QKD because of its good performance. In this method, Alice (Bob) sends $Z$-basis $\{|0\rangle,|1\rangle \}$ with intensity $\mu _A$ $(\mu _B)$, and Alice (Bob) sends $X$-basis $\{|+\rangle,|-\rangle \}$ with intensities $\nu _A,\omega _A,o$ $(\nu _B,\omega _B,o)$, where $o$ is the vacuum state. The subscript $A$ $(B)$ is used to denote a variable or a parameter that belongs to Alice (Bob). For simplicity, we will omit the subscript $A$ or $B$ if not causing any ambiguity. The $Z$-basis is used to get the final key, the X basis is used to estimate the yield and phase-flip error of the single photon pairs in the $Z$-basis. In the photon-number space, the density matrices of the sources of Alice and Bob are
We assume
The number of using different intensities is denoted as $N_{lr}$,
where $N$ is the total number of pulses send by Alice and Bob, $p_{l}$ $(p_{r})$ is the probability that Alice (Bob) sends in intensity $l$ $(r)$. In addition, the resources of legitimate users are limited. They can’t get an infinite long key, statistical fluctuations might enable attacks by an eavesdropper. Therefore, we must take the finite length into consideration to ensure security. The method to analyze the effect of statistical fluctuations is crucial. The solution must be trustworthy enough for system security and tight enough for a good performance. In this section, we use the Chernoff bound [36,37] to get the parameters. The lower and upper bounds of the expected value of the effective gain number $\langle n_{lr}\rangle$ can be got, we denote them as $\langle n_{lr} \rangle ^{L}$ and $\langle n_{lr} \rangle ^{U}$. And also, we can get the lower and upper bounds of the expected value of the wrong effective gain number $\langle m_{lr}\rangle$, which are denoted as $\langle m_{lr} \rangle ^{L}$ and $\langle m_{lr} \rangle ^{U}$.And also, for a higher key rate, the double-scanning method [21] is used. By the model discussed in section 2, the gain and QBER can be obtained. Now we should estimate the lower bound of the yield and the upper bound of the phase-flip error rate of the single-photon pairs in $Z$-basis $y_{11,Z}^{L}$ and $e_{11,Z}^{p,U}$. As shown in Ref. [20],
In addition, in the case of $\frac {\nu _B}{\omega _B} > \frac {\nu _A}{\omega _A}$, $\langle y_{11, X}\rangle ^{L}$ can be got with Eq. (26) by making the exchange between $a_k^{\nu }$ and $b_k^{\nu }$, and the exchange between $a_k^{\omega }$ and $b_k^{\omega }$, for $k=1,2$. $\langle e_{11, X}^{b}\rangle ^{U}$ is the same.
From experiments, we can get the observed values, but in Eq. (26) and Eq. (27), there are all expected values. $E^{L}(O,\xi )$ and $E^{U}(O,\xi )$ in Appendix C. are the lower and upper bounds of expected value $E$, which are estimated from the observed value $O$. To get a tight estimated values of $\left \langle y_{11, X}\right \rangle ^{L}$ and $\left \langle e_{11, X}^{b}\right \rangle ^{U}$, we use joint constraints in Ref. [38], which is shown in Appendix B. In this method, we can get
With the equations above all, we have
In Eq. (26) and Eq. (27), they all have $\mathcal {H}$ and $\mathcal {M}$, which means there are some correlations between $\left \langle y_{11,X}\right \rangle ^{L}$ and $\left \langle e_{11, X}^{b}\right \rangle ^{U}$. By scanning $\mathcal {H}$ and $\mathcal {M}$,
where $\mathcal {H}\in [\mathcal {H}^{L},\mathcal {H}^{U}]$ and $\mathcal {M}\in [\mathcal {M}^{L},\mathcal {M}^{U}]$. The total secure coefficient $\varepsilon _{tol}$ is [39–41]Appendix B. Analytic results of joint constraints
Just taking Eq. (28) as an example, by the method of joint constraints , $\langle S_+\rangle ^{L}$ can be got with constraints:
This problem can be solved by the technique of linear programming, but if we use this method, much time would be cost especially when we optimize the parameters to get the highest key rate. So an analytic result of this special linear programming problem is necessary. It should be noted that the failure probability in estimating $\langle S_+\rangle ^{L}$ with this method is $3\xi$, because three of the constraints would be used in the final results at most.
For getting an analytic result, the problem can be abstracted into [21,38]
We rearrange $\{\gamma _1,\gamma _2,\gamma _3\}$ in the ascending order, the new sequence is denoted by $\{\gamma _1',\gamma _2',\gamma _3'\}$, $\{\widetilde {g_1}',\widetilde {g_2}',\widetilde {g_3}'\}$ as the corresponding rearrange of $\{\widetilde {g_1},\widetilde {g_2},\widetilde {g_3}\}$ according to the ascending order of $\{\gamma _1,\gamma _2,\gamma _3\}$. In this way, the lower bound of $F$ can be wrote as:
And if we want to get the upper bound of $F$, we can just replace $E^{L}(O,\xi )$ by $E^{U}(O,\xi )$:
Appendix C. Chernoff bound
The Chernoff bound [36] is useful in estimating the expected values from their observed values or estimating the observed values from their expected values. Let $X_1,X_2,\ldots,X_n$ be a set of independent Bernoulli random samples (it can be in different distribution), and let $X=\sum _{i=1}^{n} X_i$. The observed value of $X$ which denotes $O$ is unknown and its expected value $E$ is known. In this situation, we have
where $\delta _1(E,\xi )$ and $\delta _2(E,\xi )$ can be got by solving the following equations: where $\xi$ is the failure probability.When the expected value $E$ is unknown and its observed value $O$ is known, we have
where $\delta _1'(O,\xi )$ and $\delta _2'(O,\xi )$ can be got by solving the following equations:Funding
National Key Research and Development Program of China (2018YFA0306400); National Natural Science Foundation of China (62171424, 61961136004); China Postdoctoral Science Foundation (2021M693098).
Disclosures
The authors declare no conflicts of interest.
Data availability
Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.
References
1. C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, (IEEE, 1984), pp. 175–179.
2. A. K. Ekert, “Quantum cryptography based on bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef]
3. C. E. Shannon, “Communication theory of secrecy systems,” The Bell Syst. Tech. J. 28(4), 656–715 (1949). [CrossRef]
4. S. N. Molotkov, “Conferences and symposia: Quantum cryptography and v a kotel’nikov’s one-time key and sampling theorems,” Phys.-Usp. 49(7), 750 (2006). [CrossRef]
5. A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-independent security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 98(23), 230501 (2007). [CrossRef]
6. V. Makarov, A. Anisimov, and J. Skaar, “Effects of detector efficiency mismatch on security of quantum cryptosystems,” Phys. Rev. A 74(2), 022313 (2006). [CrossRef]
7. C.-H. F. Fung, B. Qi, K. Tamaki, and H.-K. Lo, “Phase-remapping attack in practical quantum-key-distribution systems,” Phys. Rev. A 75(3), 032314 (2007). [CrossRef]
8. Y. Zhao, C. H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, “Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems,” Phys. Rev. A 78(4), 042333 (2008). [CrossRef]
9. F. Xu, B. Qi, and H. Lo, “Experimental demonstration of phase-remapping attack in a practical quantum key distribution system,” New J. Phys. 12(11), 113026 (2010). [CrossRef]
10. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics 4(10), 686–689 (2010). [CrossRef]
11. I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurtsiefer, and V. Makarov, “Full-field implementation of a perfect eavesdropper on a quantum cryptography system,” Nat. Commun. 2(1), 349 (2011). [CrossRef]
12. S. L. Braunstein and S. Pirandola, “Side-channel-free quantum key distribution,” Phys. Rev. Lett. 108(13), 130502 (2012). [CrossRef]
13. H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 108(13), 130503 (2012). [CrossRef]
14. Y. Liu, T.-Y. Chen, L.-J. Wang, H. Liang, G.-L. Shentu, J. Wang, K. Cui, H.-L. Yin, N.-L. Liu, L. Li, X. Ma, J. S. Pelc, M. M. Fejer, C.-Z. Peng, Q. Zhang, and J.-W. Pan, “Experimental measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 111(13), 130502 (2013). [CrossRef]
15. C. Wang, X.-T. Song, Z.-Q. Yin, S. Wang, W. Chen, C.-M. Zhang, G.-C. Guo, and Z.-F. Han, “Phase-reference-free experiment of measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 115(16), 160502 (2015). [CrossRef]
16. H.-L. Yin, T.-Y. Chen, Z.-W. Yu, H. Liu, L.-X. You, Y.-H. Zhou, S.-J. Chen, Y. Mao, M.-Q. Huang, W.-J. Zhang, H. Chen, M. J. Li, D. Nolan, F. Zhou, X. Jiang, Z. Wang, Q. Zhang, X.-B. Wang, and J.-W. Pan, “Measurement-device-independent quantum key distribution over a 404 km optical fiber,” Phys. Rev. Lett. 117(19), 190501 (2016). [CrossRef]
17. L. Comandar, M. Lucamarini, B. Fröhlich, J. Dynes, A. Sharpe, S.-B. Tam, Z. Yuan, R. Penty, and A. Shields, “Quantum key distribution without detector vulnerabilities using optically seeded lasers,” Nat. Photonics 10(5), 312–315 (2016). [CrossRef]
18. H. Li, H. Jiang, M. Gao, Z. Ma, C. Ma, and W. Wang, “Statistical-fluctuation analysis for quantum key distribution with consideration of after-pulse contributions,” Phys. Rev. A 92(6), 062344 (2015). [CrossRef]
19. Q. Wang and X.-B. Wang, “Simulating of the measurement-device independent quantum key distribution with phase randomized general sources,” Sci. Rep. 4, 1–7 (2014). [CrossRef]
20. Y.-H. Zhou, Z.-W. Yu, and X.-B. Wang, “Making the decoy-state measurement-device-independent quantum key distribution practically useful,” Phys. Rev. A 93(4), 042324 (2016). [CrossRef]
21. C. Jiang, Z.-W. Yu, X.-L. Hu, and X.-B. Wang, “Higher key rate of measurement-device-independent quantum key distribution through joint data processing,” Phys. Rev. A 103(1), 012402 (2021). [CrossRef]
22. G.-J. Fan-Yuan, C. Wang, S. Wang, Z.-Q. Yin, H. Liu, W. Chen, D.-Y. He, Z.-F. Han, and G.-C. Guo, “Afterpulse analysis for quantum key distribution,” Phys. Rev. Appl. 10(6), 064032 (2018). [CrossRef]
23. G.-J. Fan-Yuan, S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, Z.-F. Han, and G.-C. Guo, “Modeling alignment error in quantum key distribution based on a weak coherent source,” Phys. Rev. Appl. 12(6), 064044 (2019). [CrossRef]
24. G.-J. Fan-Yuan, J. Teng, S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, G.-C. Guo, and Z.-F. Han, “Optimizing single-photon avalanche photodiodes for dynamic quantum key distribution networks,” Phys. Rev. Appl. 13(5), 054027 (2020). [CrossRef]
25. J. Zhang, M. A. Itzler, H. Zbinden, and J.-W. Pan, “Advances in ingaas/inp single-photon detector systems for quantum communication,” Light: Sci. Appl. 4(5), e286 (2015). [CrossRef]
26. X. Ma and M. Razavi, “Alternative schemes for measurement-device-independent quantum key distribution,” Phys. Rev. A 86(6), 062319 (2012). [CrossRef]
27. F. Xu, M. Curty, B. Qi, and H.-K. Lo, “Practical aspects of measurement-device-independent quantum key distribution,” New J. Phys. 15(11), 113007 (2013). [CrossRef]
28. W.-Y. Hwang, “Quantum key distribution with high loss: toward global secure communication,” Phys. Rev. Lett. 91(5), 057901 (2003). [CrossRef]
29. X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. 94(23), 230503 (2005). [CrossRef]
30. H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. 94(23), 230504 (2005). [CrossRef]
31. X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, “Practical decoy state for quantum key distribution,” Phys. Rev. A 72(1), 012326 (2005). [CrossRef]
32. S. Cova, A. Lacaita, and G. Ripamonti, “Trapping phenomena in avalanche photodiodes on nanosecond scale,” IEEE Electron Device Lett. 12(12), 685–687 (1991). [CrossRef]
33. K. E. Jensen, P. I. Hopman, E. K. Duerr, E. A. Dauler, J. P. Donnelly, S. H. Groves, L. J. Mahoney, K. A. McIntosh, K. M. Molvar, A. Napoleone, D. C. Oakley, S. Verghese, C. J. Vineis, and R. D. Younger, “Afterpulsing in geiger-mode avalanche photodiodes for 1.06 µ m wavelength,” Appl. Phys. Lett. 88(13), 133503 (2006). [CrossRef]
34. F.-X. Wang, W. Chen, Y.-P. Li, D.-Y. He, C. Wang, Y.-G. Han, S. Wang, Z.-Q. Yin, and Z.-F. Han, “Non-markovian property of afterpulsing effect in single-photon avalanche detector,” J. Lightwave Technol. 34(15), 3610–3615 (2016). [CrossRef]
35. F.-Y. Lu, Z.-Q. Yin, G.-J. Fan-Yuan, R. Wang, H. Liu, S. Wang, W. Chen, D.-Y. He, W. Huang, B.-J. Xu, G.-C. Guo, and Z.-F. Han, “Efficient decoy states for the reference-frame-independent measurement-device-independent quantum key distribution,” Phys. Rev. A 101(5), 052318 (2020). [CrossRef]
36. H. Chernoff, “A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations,” Ann. Math. Statist. 23(4), 493–507 (1952). [CrossRef]
37. C. Jiang, Z.-W. Yu, and X.-B. Wang, “Measurement-device-independent quantum key distribution with source state errors and statistical fluctuation,” Phys. Rev. A 95(3), 032325 (2017). [CrossRef]
38. Z.-W. Yu, Y.-H. Zhou, and X.-B. Wang, “Statistical fluctuation analysis for measurement-device-independent quantum key distribution with three-intensity decoy-state method,” Phys. Rev. A 91(3), 032318 (2015). [CrossRef]
39. M. Hayashi and T. Tsurumaru, “Concise and tight security analysis of the bennett-brassard 1984 protocol with finite key lengths,” New J. Phys. 14(9), 093014 (2012). [CrossRef]
40. M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” Nat. Commun. 3(1), 634 (2012). [CrossRef]
41. M. Curty, F. Xu, W. Cui, C. C. W. Lim, K. Tamaki, and H. Lo, “Finite-key analysis for measurement-device-independent quantum key distribution,” Nat. Commun. 5(1), 3732 (2014). [CrossRef]