Afterpulse effect in measurement-device-independent quantum key distribution

Ze-Hao Wang; Ze-Hao Wang; Ze-Hao Wang; Shuang Wang; Shuang Wang; Shuang Wang; Shuang Wang; Guan-Jie Fan-Yuan; Guan-Jie Fan-Yuan; Guan-Jie Fan-Yuan; Feng-Yu Lu; Feng-Yu Lu; Feng-Yu Lu; Zhen-Qiang Yin; Zhen-Qiang Yin; Zhen-Qiang Yin; Wei Chen; Wei Chen; Wei Chen; De-Yong He; De-Yong He; De-Yong He; Guang-Can Guo; Guang-Can Guo; Guang-Can Guo; Zheng-Fu Han; Zheng-Fu Han; Zheng-Fu Han

doi:10.1364/OE.463890

1. Introduction

Quantum key distribution (QKD) [1,2] can share a private key between two authorized partners securely, its security is guaranteed by the physical law of quantum mechanics. By using the one-time pad, such a key can encrypt further communications between Alice and Bob, which has been proven to be information-theoretically secure [3,4]. However, there is a gap between the theory and its practical implementations because of the imperfection of the equipment.

In order to close all possible loopholes existing in practical QKD systems, device-independent QKD [5] protocols have been proposed, whose security does not rely on the details of implementation devices but the violation of Bell’s inequalities or other nonlocality tests. But it is hard to get a secure key rate in a long distance and it requires very high detection efficiency. A close examination of hacking strategies [6–11] indicates that most loopholes exist in the detection part of QKD systems, along this line, measurement-device-independent QKD (MDI-QKD) [12,13] is proposed, which is practical and removes all side channels on the vulnerable detection side. And many experiments are achieved [14–17] in recent years.

However, the performance of practical MDI-QKD systems is closely related to the selection of the optimized parameters, which include the intensities and their corresponding sending probabilities. In the preparation phase, users usually optimize the set of the optimized parameters for obtaining a better secure key rate. The calculation of the secure key rate can be divided into two steps. First, according to the set of optimized parameters, a model is employed to simulate the experimental observed values including the gains and the bit error rates in different intensities. Then by combining a statistical fluctuation analysis method [18–21], the secure key rate can be obtained. The accuracy of the model is necessary for obtaining a higher secure key rate in practical systems.

Actually, if we omit the device imperfections in our model, the set of parameters can’t fully leverage the performance of practical systems. This problem has attracted much attention in recent years [22–24]. Single-photon avalanche detectors (SPADs) are widely used for single-photon detection in practical QKD [25], because of low price and great robustness. One of the most important effects in SPADs is the afterpulse [18]. Because of the material defects, carriers created by the former avalanche were trapped at a deep energy level in the junction depletion region, and then, by the thermal fluctuation, the trapped carriers are released from the traps to form the afterpulses. The overall afterpulse rate can be affected by the type of trap, carrier lifetime, hold-off time, etc. And with the increase of the operating frequency of detectors, the effect of afterpulse will significantly increase.

In the prior model [19,26,27], we omitted the effect of afterpulse. But as the QKD systems move into the gigahertz regime, the afterpulse effect is no longer ignorable. It makes the gain and quantum bit error rate (QBER) deviate from real values. Especially for the decoy-state method [28–31], the afterpulse caused by the high intensity of signal states will increase the QBER of decoy states. In addition, if we use the optimized parameters by the prior model in real systems, there will be a certain amount of waste of the performance. An accurate model is needed for better employing the performance of the system.

In this paper, an afterpulse-compatible model is proposed. We get the secure key rate by our model in conjunction with the double-scanning method [21]. With the increase of the overall afterpulse rate, our afterpulse-compatible model can get a much higher secure key rate than the afterpulse-omitted model, especially when the distance is long or the total number of pulses is few. It can be shown that our model is much more tolerant of the afterpulse.

This article is organized as follows. In section 2, we develop an afterpulse-compatible model. Section 3. presents the simulation results of secure key rate by employing the double-scanning method [21] and makes a discussion, which shows that our afterpulse-compatible model is more tolerant of the overall afterpulse rate than the prior model. Finally, we show some conclusions in section 4.

2. Model

In this paper, a four-detector system [13] is used as an example. In reality, there are also many schemes with dual-detector [26], our model is still usable. The system is shown in Fig. 1.

Fig. 1. The schematic set-up of polarization-coding MDI-QKD system with four detectors. The pulses which are sent by Alice and Bob generate interference in Charlie’s beam splitter (BS), then pass through polarization beam splitters (PBS), the pulses with horizontal polarization arrive at detector $D_0$ or $D_2$ and the pulses with vertical polarization arrive at detector $D_1$ or $D_3$. We use subscript A (B) to denote the pulses which come from Alice (Bob). Though in this paper we use this scheme as an example, our model can also be used in other encoding schemes.

Download Full Size | PDF

In normal MDI-QKD protocol, Alice and Bob send pulses to Charlie for doing the Bell-state measurement. The intensities of Alice and Bob’s pulses are selected randomly from predetermined sets, which are denoted as $l_A$ and $r_B$ respectively. And the encoding states are selected from the set $\{|0\rangle,|1\rangle,|+\rangle,|-\rangle \}$, which are denoted as $\psi _A$ and $\phi _B$. $|0\rangle$ and $|1\rangle$ belong to the $Z$-basis, $|+\rangle$ and $|-\rangle$ belong to the $X$-basis. Subscript A (B) is used to denote a variable or a parameter that belongs to Alice (Bob). For simplicity, we omit the subscript A or B if not causing any ambiguity. $\mathcal {I}$ is employed to denote the combination of the intensities of Alice and Bob, and $\mathcal {S}$ is employed to denote the combination of the encoding states of Alice and Bob,

(1)$$\begin{aligned} \mathcal{I} \in & \{ \mu\mu,\mu\nu,\ldots,\nu\mu,\nu\nu,\ldots\},\\ \mathcal{S} \in & \{ 00,01,0+,0-,10,11,1+,1-,+0,+1,+{+},+{-},-0,-1,-{+},-{-}\}. \end{aligned}$$

In $\mathcal {I}$ ($\mathcal {S}$), the first symbol of each element represents Alice’s intensity (state) and the second symbol represents Bob’s intensity (state). Just to make it easier to understand, we rewrite the encoding states of Alice and Bob in the form of $c_0|0\rangle +c_1|1\rangle$ and $c_0'|0\rangle +c_1'|1\rangle$, the relation between the coefficients $c_0$ and $c_1$ with the states is shown in Table 1, and the coefficients $c_0'$ and $c_1'$ are in the same way.

Table 1. Relation between the state sent by Alice $\left (|0\rangle \right.$, $|1\rangle$, $|+\rangle$ and $\left.|-\rangle \right )$ with $c_0,c_1$

View Table | View all tables in this article

In the prior model [19,26,27], the afterpulse’s effect is omitted in the process of calculating the gain and the QBER. Alice and Bob prepare phase randomized weak coherent states with intensities $\mathcal {I}$ and states $\mathcal {S}$:

(2)$$\begin{aligned} \big|c_0 \sqrt{l} e^{i\varphi_A}\big\rangle_{A_0} \big|c_1 \sqrt{l} e^{i\varphi_A}\big\rangle_{A_1} \big|c_0' \sqrt{r} e^{i\varphi_B}\big\rangle_{B_0} \big|c_1' \sqrt{r} e^{i\varphi_B}\big\rangle_{B_1}, \end{aligned}$$

where $\varphi _A$ and $\varphi _B$ are the overall randomized phases, and the subscripts $0$ and $1$ of $A$ $(B)$ denote the horizontal polarization and vertical polarization, respectively. After transmitting through lossy channels, passing through a beam splitter and polarization beam splitters, the state arrived at the detectors can be expressed by

(3)$$\begin{aligned} & \left|\frac{c_0\gamma_A e^{i \varphi_A}- c_0'\gamma_B e^{i \varphi_B}}{\sqrt{2}}\right\rangle_{D_0} \left|\frac{c_1\gamma_A e^{i \varphi_A}- c_1'\gamma_B e^{i \varphi_B}}{\sqrt{2}}\right\rangle_{D_1}\\ & \left|\frac{c_0\gamma_A e^{i \varphi_A}+ c_0'\gamma_B e^{i \varphi_B}}{\sqrt{2}}\right\rangle_{D_2} \left|\frac{c_1\gamma_A e^{i \varphi_A}+ c_1'\gamma_B e^{i \varphi_B}}{\sqrt{2}}\right\rangle_{D_3}, \end{aligned}$$

where $\gamma _A=\sqrt {l\eta _{A}}$ and $\gamma _B=\sqrt {r\eta _{B}}$, $\eta _A$ and $\eta _B$ are the overall efficiencies of the system, which include the channel transmittance and detection efficiency. $\eta _A=\eta _d \exp (-\alpha L_A/10)$ and $\eta _B=\eta _d \exp (-\alpha L_B/10)$, where $\eta _d$ is the detection efficiency of Charlie’s detectors, $\alpha$ is the fiber loss coefficient (dB/km), and $L_{A}$ $(L_{B})$ is the distance between Alice (Bob) and Charlie. For simplicity, we use the following notations:

(4)$$\begin{aligned} & \gamma=\frac{\gamma_A^{2}+\gamma_B^{2}}{2}, \gamma_0=\frac{c_0^{2}\gamma_A^{2}+c_0'^{2}\gamma_B^{2}}{2}, \gamma_1=\frac{c_1^{2}\gamma_A^{2}+c_1'^{2}\gamma_B^{2}}{2},\\ & \varphi=\varphi_A-\varphi_B, \beta_0=c_0c_0'\gamma_A\gamma_B, \beta_1=c_1c_1'\gamma_A\gamma_B.\\ \end{aligned}$$

Therefore, the optical intensity received by each SPAD is given by

(5)$$\begin{aligned} I_{D_0}^{\mathcal{I}\mathcal{S}}= & \gamma_0-\beta_0cos(\varphi),\\ I_{D_1}^{\mathcal{I}\mathcal{S}}= & \gamma_1-\beta_1cos(\varphi),\\ I_{D_2}^{\mathcal{I}\mathcal{S}}= & \gamma_0+\beta_0cos(\varphi),\\ I_{D_3}^{\mathcal{I}\mathcal{S}}= & \gamma_1+\beta_1cos(\varphi). \end{aligned}$$

And the detection probabilities for the four detectors are given by

(6)$$\begin{aligned} P_{D_m}^{\mathcal{I}\mathcal{S}}= & 1-(1-p_d) e^{{-}I_{D_m}^{\mathcal{I}\mathcal{S}}}, \end{aligned}$$

where $m\in \{0,1,2,3\}$, $p_d$ is the dark counting rate per pulse of Charlie’s detectors. $Q^{\mathcal {I}\mathcal {S}}_{\Psi ^{+}}$ and $Q^{\mathcal {I}\mathcal {S}}_{\Psi ^{-}}$ are defined as the gain of Alice and Bob choosing the intensities $\mathcal {I}$ and the states $\mathcal {S}$, then projection on ${|\Psi ^{+}\rangle }=(|01\rangle +|10\rangle )/\sqrt {2}$ and ${|\Psi ^{-}\rangle }=(|01\rangle -|10\rangle )/\sqrt {2}$. Here from Fig. 1, ${|\Psi ^{+}\rangle }$ means that the coincident detections of $D_0 \& D_1$ or $D_2 \& D_3$, and ${|\Psi ^{-}\rangle }$ means the coincident detections of $D_0 \& D_3$ or $D_1 \& D_2$. After averaging over the relative phase $\varphi$, we have

(7)$$\begin{aligned} Q^{\mathcal{I}\mathcal{S}}_{\Psi^{-}}= & \frac{1}{2\pi} \int_{0}^{2\pi} P_{D_0}^{\mathcal{I}\mathcal{S}}(1-P_{D_1}^{\mathcal{I}\mathcal{S}})(1-P_{D_2}^{\mathcal{I}\mathcal{S}})P_{D_3}^{\mathcal{I}\mathcal{S}}+(1-P_{D_0}^{\mathcal{I}\mathcal{S}})P_{D_1}^{\mathcal{I}\mathcal{S}}P_{D_2}^{\mathcal{I}\mathcal{S}}(1-P_{D_3}^{\mathcal{I}\mathcal{S}}) d\varphi\\ = & 2(1-p_d)^{2}e^{-\gamma}\left\{I_0(\beta_0-\beta_1) +(1-p_d)^{2}e^{-\gamma} -(1-p_d)\left[ e^{-\gamma_0}I_0(\beta_1)-e^{-\gamma_1} I_0(\beta_0) \right]\right\}, \\ Q^{\mathcal{I}\mathcal{S}}_{\Psi^{+}}= & \frac{1}{2\pi} \int_{0}^{2\pi} P_{D_0}^{\mathcal{I}\mathcal{S}}P_{D_1}^{\mathcal{I}\mathcal{S}}(1-P_{D_2}^{\mathcal{I}\mathcal{S}})(1-P_{D_3}^{\mathcal{I}\mathcal{S}})+(1-P_{D_0}^{\mathcal{I}\mathcal{S}})(1-P_{D_1}^{\mathcal{I}\mathcal{S}})P_{D_2}^{\mathcal{I}\mathcal{S}}P_{D_3}^{\mathcal{I}\mathcal{S}} d\varphi\\ = & 2(1-p_d)^{2}e^{-\gamma}\left\{I_0(\beta_0+\beta_1) +(1-p_d)^{2}e^{-\gamma} -(1-p_d)\left[e^{-\gamma_0}I_0(\beta_1)-e^{-\gamma_1}I_0(\beta_0)\right]\right\}, \end{aligned}$$

where $I_0(x)$ is the modified Bessel function of the first kind. For a small value of $x$, we can take the first-order approximation $I_0(x) \approx 1+x^{2}/4$.

Now we consider the afterpulse to improve the simulation model. Defects and impurities in the multiplication layer of the SPAD captured carriers which are created by ignition avalanche [32]. Due to thermal fluctuation, the trapped carriers will be released over time. Usually, the release lifetime is dependent on the type of trap and can vary from 10 ns to several microseconds [33]. If there is a large reverse bias in the multiplication layer at this time, the released carriers will produce an avalanche response again, which is called the afterpulse. That is, the future afterpulse is not only caused by the current response but also correlated to the history of the response, the afterpulse of a SPAD is non-Markov in nature [34].

Here the afterpulse can be divided into different orders. We define that the $k$th-order $(k>1)$ afterpulse is the afterpulse which is ignited by the $(k-1)$th-order afterpulse [22], and the first-order afterpulse is ignited by the light pulse and dark count. The probability of the first-order afterpulse, $P_{ap}^{(1)}$, is given by

(8)$$P_{ap}^{(1)}=\sum^{n}_{j=1} \hat p_j Q_j^{d},$$

where Gate 0 is the current detection window, $Q_j^{d}$ is the gain of the Gate $j$ which is caused by light pulse and dark count, and $\hat p_j$ is the corresponding afterpulse rate coefficient, which represents the probability of the afterpulse ignited by the avalanche of Gate $j$ in the current detection window, it can be measured accurately. In appendix A of Ref. [24], a feasible approach is proposed. The specific description of the Gate is shown in Fig. 2. Beacuse of the random of the states, the intensities, and their corresponding sending probabilities of sending pulses, on average, $Q_j^{d}$ is equal to $Q^{d}$, a weighted average of the gain of varying intensities:

(9)$$\begin{aligned} Q_j^{d}=Q^{d}=\sum_{\mathcal{I},\mathcal{S}}p_{l}p_{r}p_{\psi|l}p_{\phi|r}\tilde P_{D_m}^{\mathcal{I}\mathcal{S}}, \end{aligned}$$

where $p_{l}$ $(p_{r})$ is the probability of Alice (Bob)’s intensity, $p_{\psi |l}$ $(p_{\phi |r})$ is the conditional probability of the state sent by Alice (Bob) when Alice (Bob)’s intensity is $l$ $(r)$. $\tilde P_{D_m}^{\mathcal {I}\mathcal {S}}$ is the detection probability of $D_m$ $(m\in \{0,1,2,3\})$ when Alice and Bob encode $\mathcal {S}$ with the intensities $\mathcal {I}$ after averaging over the relative phase $\varphi$,

(10)$$\begin{aligned} \tilde P_{D_m}^{\mathcal{I}\mathcal{S}}= \frac{1}{2\pi}\int_0^{2\pi} 1-(1-p_d) e^{{-}I_{D_m}^{\mathcal{I}\mathcal{S}}} d\varphi. \end{aligned}$$

It should be noted that $Q^{d}$ of different detectors are the same, because Alice and Bob encode $|0\rangle$ and $|1\rangle$ ($|+\rangle$ and $|-\rangle$) with the same probability. Therefore,

(11)$$\begin{aligned} P_{ap}^{(1)}=\sum^{n}_{j=1}\hat p_j Q_j^{d}=\sum^{n}_{j=1}\hat p_j Q^{d}=\hat p_{ap}Q^{d},\\ \end{aligned}$$

where $\hat p_{ap}=\sum ^{n}_{j=1}\hat p_j$ is the overall afterpulse rate.

Fig. 2. A sketch of the detection windows. We use $0$ to denote the current detection window, the detection windows behind 0 are denoted as $1,2,\ldots,n$. Because of the non-Markovian property, the response of Gate 0 can be caused by the responses of Gate $1,2,\ldots,n$.

Download Full Size | PDF

Moreover, the $k$th-order afterpulse $(k>1)$ is caused by the $(k-1)$th-order afterpulse, $P_{ap}^{(k)}$ can be given by a recursion chain

(12)$$\begin{aligned} P_{ap}^{(2)} & =\sum^{n}_{j=1}\hat p_j P_{ap}^{(1)}= (\hat p_{ap})^{2} Q^{d},\\ P_{ap}^{(3)} & =\sum^{n}_{j=1}\hat p_j P_{ap}^{(2)}= (\hat p_{ap})^{3} Q^{d},\\ & \cdots\\ P_{ap}^{(k)} & =\sum^{n}_{j=1}\hat p_j P_{ap}^{(k-1)}= (\hat p_{ap})^{k} Q^{d}. \end{aligned}$$

So, it is easy to get the probability of afterpulse

(13)$$\begin{aligned} P_{ap}= & 1-\prod_{k=1}^{\infty}(1-P_{ap}^{(k)}) =\sum_{k=1}^{\infty}P_{ap}^{(k)}-\sum_{k_1,k_2=1;k_2>k_1}^{\infty}(1-\delta_{k_1k_2})P_{ap}^{(k_1)}P_{ap}^{(k_2)}+\cdots\end{aligned}$$

Because $P_{ap}^{(k)}$ is small, only the first order terms are reserved in Eq. (13), namely, $P_{ap}^{(k_1)}P_{ap}^{(k_2)} \cong 0$. Then we obtain the approximate equation of Eq. (13)

(14)$$\begin{aligned} P_{ap} \cong \sum_{k=1}^{\infty}P_{ap}^{(k)}=\sum_{k=1}^{\infty} (\hat p_{ap})^{k} Q^{d}=\frac{\hat p_{ap}}{1-\hat p_{ap}}Q^{d}. \end{aligned}$$

With the probability of afterpulse $P_{ap}$, the gain of detector can be rewrite:

(15)$$\begin{aligned} P_{D_m}^{\mathcal{I}\mathcal{S}}=1-(1-p_d)(1-P_{ap})e^{{-}I_{D_m}^{\mathcal{I}\mathcal{S}}}. \end{aligned}$$

Eq. (7) should be revised as follows:

(16)$$\begin{aligned} Q^{\mathcal{I}\mathcal{S}}_{\Psi^{-}} = & 2(1-p_d)^{2}(1-P_{ap})^{2}e^{-\gamma}\bigg[I_0(\beta_0-\beta_1) +(1-p_d)^{2}(1-P_{ap})^{2}e^{-\gamma}\\ & -(1-p_d)(1-P_{ap})e^{-\gamma_0}I_0(\beta_1)-(1-p_d)(1-P_{ap})e^{-\gamma_1}I_0(\beta_0)\bigg], \\ Q^{\mathcal{I}\mathcal{S}}_{\Psi^{+}} = & 2(1-p_d)^{2}(1-P_{ap})^{2}e^{-\gamma}\bigg[I_0(\beta_0+\beta_1) +(1-p_d)^{2}(1-P_{ap})^{2}e^{-\gamma}\\ & -(1-p_d)(1-P_{ap})e^{-\gamma_0}I_0(\beta_1)-(1-p_d)(1-P_{ap})e^{-\gamma_1}I_0(\beta_0)\bigg]. \end{aligned}$$

Moreover, the QBER can be obtained by the gain $Q^{\mathcal {I}\mathcal {S}}_{\Psi ^{-}}$ and $Q^{\mathcal {I}\mathcal {S}}_{\Psi ^{+}}$. For the case that the bases of Alice and Bob are all $Z$- or $X$-basis,

(17)$$\begin{aligned} E^{\mathcal{I},\mathcal{B}}_{\mathcal{T}}=e_d(1-\hat{E}^{\mathcal{I},\mathcal{B}}_{\mathcal{T}})+(1-e_d)\hat{E}^{\mathcal{I},\mathcal{B}}_{\mathcal{T}}, \end{aligned}$$

where $e_d$ is the misalignment-error probability, $\mathcal {B}\in \{Z,X\}$, $\mathcal {T}\in \{\Psi ^{-},\Psi ^{+}\}$, and $\hat {E}^{\mathcal {I},\mathcal {B}}_{\mathcal {T}}$ is the QBER without considering $e_d$,

(18)$$\begin{aligned} & \hat{E}^{\mathcal{I},Z}_{\mathcal{T}}=\frac{Q^{\mathcal{T},00}_{\mathcal{T}}+Q^{\mathcal{I},11}_{\mathcal{T}}}{Q^{\mathcal{I},00}_{\mathcal{T}}+Q^{\mathcal{I},01}_{\mathcal{T}}+Q^{\mathcal{I},10}_{\mathcal{T}}+Q^{\mathcal{I},11}_{\mathcal{T}}},\\ & \hat{E}^{\mathcal{I},X}_{\Psi^{-}}=\frac{Q^{\mathcal{I},+{+}}_{\mathcal{T}}+Q^{\mathcal{I},-{-}}_{\mathcal{T}}}{Q^{\mathcal{I},+{+}}_{\mathcal{T}}+Q^{\mathcal{I},+{-}}_{\mathcal{T}}+Q^{\mathcal{I},-{+}}_{\mathcal{T}}+Q^{\mathcal{I},-{-}}_{\mathcal{T}}},\\ & \hat{E}^{\mathcal{I},X}_{\Psi^{+}}=\frac{Q^{\mathcal{I},+{-}}_{\mathcal{T}}+Q^{\mathcal{I},-{+}}_{\mathcal{T}}}{Q^{\mathcal{I},+{+}}_{\mathcal{T}}+Q^{\mathcal{I},+{-}}_{\mathcal{T}}+Q^{\mathcal{I},-{+}}_{\mathcal{T}}+Q^{\mathcal{I},-{-}}_{\mathcal{T}}}. \end{aligned}$$

3. Simulation results and discussion

With the model presented in section 2, we can simulate the observed values in the experiment accurately. Then we present the numerical simulation by employing the 4-intensity MDI-QKD protocol and the double-scanning method which are shown in appendix A. For simplicity, we consider the case that the channels of Alice and Bob are symmetrical, that is to say, $L_A=L_B$, and the source parameters for Alice and Bob are the same, which include the intensities and their corresponding sending probabilities. Figure 2 of Ref. [21] shows that the simulation results of optimizing with the source parameters only and optimizing with all the parameters including the source parameters and failure probability parameters (different parts in Eq. (39) ) are almost the same, the optimization of failure probability parameters is of little use for getting a higher key rate. So we assume that failure probability parameters are equal. Here only the source parameters are optimized. The experimental parameters are listed in Table 2.

Table 2. Experimental parameters used in the numerical simulations. Here, $p_d$ is the dark counting rate per pulse of Charlie’s detectors; $e_d$ is the misalignment-error probability, $\eta _d$ is the detection efficiency of Charlie’s detectors; $\alpha$ is the fiber loss coefficient (dB/km); $f_e$ is the error-correction efficiency; $\varepsilon _{tol}$ is the total secure coefficient.

View Table | View all tables in this article

Figure 3 is the numerical results of our model with different values of $\hat {p}_{ap}$. From no afterpulse to the overall afterpulse rate $\hat p_{ap}$ is $2\%$, the final key rate falls faster with the improvement of $L$, where $L=L_A+L_B$ is the total distance between Alice and Bob. The reduction of the limiting secure-communication distance is about $30$ km. And the secure key rate with $2\%$ overall afterpulse rate is about an order of magnitude lower than the secure key rate without considering the overall afterpulse rate by employing our model. In summary, though the afterpulse increases the QBER, the secure key rate still performs well by employing our model. The specific comparison between our model and the prior afterpulse-omitted model are shown in Fig. 5 and Fig. 6. Fig. 4 shows optimized variables evolution with $\hat {p}_{ap}$ when $N=10^{11}$ and $L=25$ km. From this figure, the detailed impact of the afterpulse on parameter optimization can be revealed. In the 4-intensity MDI-QKD protocol, Alice and Bob send $Z$-basis with intensity $\mu$, and they send $X$-basis with intensities $\nu$, $\omega$ and $o$, where $o$ is the vacuum state. The intensity and the sending probability of the $Z$-basis are significantly higher than the $X$-basis, so the afterpulse is mainly ignited by the $Z$-basis. Because of the randomness of the afterpulse, the gain of the $Z$-basis will affect the gain of the $X$-basis significantly when the afterpulse is present, which will impact the estimation of the yield of the $Z$-basis. And similar to the responses caused by dark counts, the QBER of the responses caused by the afterpulses is 0.5, which will increase the QBER of the $X$-basis and impact the estimation of the phase-flip error of the single photon pairs in the $Z$-basis. To minimize the effect of the afterpulse, the intensity $\mu$ and its corresponding sending probabilities decrease with increasing $\hat {p}_{ap}$. Because the sum of sending probabilities is 1, the sending probabilities of the $X$-basis increase with increasing $\hat {p}_{ap}$. Moreover, to minimize the effect of the afterpulse caused by the intensity $\nu$, the intensity $\nu$ decreases with increasing $\hat p_{ap}$ slightly, and the increase of its corresponding sending probabilities will be smaller than the sending probabilities of the intensity $\omega$ and $o$.

Fig. 3. Comparison of the secure key rate (per pulse) among three different overall afterpulse rates as a function of distance. The number of total pulses is $10^{11}$. The blue, red and green denote, respectively, the overall afterpulse rate is $0\%$, $1\%$ and $2\%$.

Download Full Size | PDF

Fig. 4. Optimized variables evolution over increasing $\hat p_{ap}$ when the number of total pulses and distance are $10^{11}$ and $25$ km respectively.

Download Full Size | PDF

Fig. 5. Comparison of the secure key rate (per pulse) among three different distances and two different models as a function of $\hat {p}_{ap}$. The number of total pulses is $10^{11}$. The solid lines and dash lines denote, respectively, the new model with afterpulse and the prior model which is afterpulse-omitted; the blue, red and green denote, respectively, the distance is $0$ km, $25$ km and $50$ km.

Download Full Size | PDF

Fig. 6. Comparison of the secure key rate (per pulse) among three different numbers of the pulses and two different models as a function of $\hat {p}_{ap}$. The total distance between Alice and Bob is $25$ km. The solid lines and dash lines denote, respectively, the new model with afterpulse and the prior model which is afterpulse-omitted; the blue, red and green denote, respectively, the total number of pulses is $10^{12}$, $10^{11}$ and $10^{10}$.

Download Full Size | PDF

Furthermore, Fig. 5 is the secure key rate as a function of $\hat p_{ap}$ with different distance when $N=10^{11}$. We employ our afterpulse-compatible model and the prior afterpulse-omitted model [27] to calculate the secure key rates with the double-scanning method [21]. In the prior model, Eq. (7) and Eq. (17) are employed to obtain the gain and the QBER, and in our model, Eq. (16) and Eq. (17) are employed. By optimizing the secure key rates, two sets of optimized parameters can be obtained. It should be noted that no matter what value is $\hat p_{ap}$, the set of the prior model is the same. Then we employ these sets to calculate the practical secure key rate with our model. The solid and dashed lines are the results of our model and the prior model, respectively. It can be shown that the solid lines are significantly greater than the dashed lines, especially in a higher $\hat p_{ap}$. With the improvement of the distance, the gap between them grows with the same $\hat p_{ap}$. And when the distance is kept constant, it can be seen that though $\hat p_{ap}$ is high, the secure key rate of our model is remaining high, but the afterpulse-omitted model is difficult to generate a secure key rate at this moment.

Figure 6 is the secure key rate as a function of $\hat p_{ap}$ with different numbers of pulses when $L=25$ km. As the total number of pulses decreases, the gap between them grows with the same $\hat p_{ap}$. These gaps show the susceptibility of a real system to operating parameters, especially in a long distance or a low number of pulses, and the necessity of an accurate model.

By analyzing the results, our model is significant in real-world systems which are inevitably affected by the afterpulse, with the parameters optimized by our model, the practical systems will better use of system functions and get a higher secure key rate. In contrast, by employing the prior model, it’s hard to get great results especially when the effect of afterpulse is obvious.

4. Conclusion

In conclusion, we consider the effect of the afterpulse in the simulation of the MDI-QKD protocol, our model is more accurate than the prior model. In our model, the afterpulse, which is caused by former detections, is considered as the third source of detector responses after a light pulse and dark count. In addition, we use the double-scanning method with Chernoff bound to analyze the effect of the afterpulse. Although the afterpulse makes the gains deviate from the values without considering the afterpulse and introduces more wrong counts that cause the improvement of the QBER, the model shown in this paper can also get a great result. And the secure key rate obtained with the optimized parameters by our model is higher than that obtained with the optimized parameters of the prior model in the same situation, especially if the distance is long or the total number of pulses is small.

With the rapid growth of the system working frequency, the effect of the afterpulse becomes increasingly severe, it is important to take the effect into consideration. Our work provides a valid way to construct an afterpulse-compatible MDI-QKD system with a high key rate preserved. By using the optimized parameters obtained with our afterpulse-compatible model, the performance of the system can be better exploited.

Appendix A. Calculation of the final key rate

The 4-intensity MDI-QKD protocol [20,35] has been the mainstream protocol of MDI-QKD because of its good performance. In this method, Alice (Bob) sends $Z$-basis $\{|0\rangle,|1\rangle \}$ with intensity $\mu _A$ $(\mu _B)$, and Alice (Bob) sends $X$-basis $\{|+\rangle,|-\rangle \}$ with intensities $\nu _A,\omega _A,o$ $(\nu _B,\omega _B,o)$, where $o$ is the vacuum state. The subscript $A$ $(B)$ is used to denote a variable or a parameter that belongs to Alice (Bob). For simplicity, we will omit the subscript $A$ or $B$ if not causing any ambiguity. The $Z$-basis is used to get the final key, the X basis is used to estimate the yield and phase-flip error of the single photon pairs in the $Z$-basis. In the photon-number space, the density matrices of the sources of Alice and Bob are

(19)$$\begin{aligned} \rho_{l}= & \sum_{j} a_{j}^{l}|j\rangle\langle j|,l=\mu_A, \nu_A, \omega_A, o,\\ \rho_{r}= & \sum_{k} b_{k}^{r}| k\rangle\langle k|, r=\mu_B, \nu_B, \omega_B, o. \end{aligned}$$

We assume

(20)$$\begin{aligned} \frac{a_{j}^{\nu}}{a_{j}^{\omega}} \geqslant \frac{a_{2}^{\nu}}{a_{2}^{\omega}} \geqslant \frac{a_{1}^{\nu}}{a_{1}^{\omega}}, \frac{b_{k}^{\nu}}{b_{k}^{\omega}} \geqslant \frac{b_{2}^{\nu}}{b_{2}^{\omega}} \geqslant \frac{b_{1}^{\nu}}{b_{1}^{\omega}}, \end{aligned}$$

where $j>2$ and $k>2$. In this paper, we use weak coherent source, Eq. (20) can be changed to

(21)$$\begin{aligned} \nu_A \geq \omega_A,\nu_B \geq \omega_B. \end{aligned}$$

The number of using different intensities is denoted as $N_{lr}$,

(22)$$\begin{aligned} N_{lr}=Np_{l}p_{r}, \end{aligned}$$

where $N$ is the total number of pulses send by Alice and Bob, $p_{l}$ $(p_{r})$ is the probability that Alice (Bob) sends in intensity $l$ $(r)$. In addition, the resources of legitimate users are limited. They can’t get an infinite long key, statistical fluctuations might enable attacks by an eavesdropper. Therefore, we must take the finite length into consideration to ensure security. The method to analyze the effect of statistical fluctuations is crucial. The solution must be trustworthy enough for system security and tight enough for a good performance. In this section, we use the Chernoff bound [36,37] to get the parameters. The lower and upper bounds of the expected value of the effective gain number $\langle n_{lr}\rangle$ can be got, we denote them as $\langle n_{lr} \rangle ^{L}$ and $\langle n_{lr} \rangle ^{U}$. And also, we can get the lower and upper bounds of the expected value of the wrong effective gain number $\langle m_{lr}\rangle$, which are denoted as $\langle m_{lr} \rangle ^{L}$ and $\langle m_{lr} \rangle ^{U}$.

And also, for a higher key rate, the double-scanning method [21] is used. By the model discussed in section 2, the gain and QBER can be obtained. Now we should estimate the lower bound of the yield and the upper bound of the phase-flip error rate of the single-photon pairs in $Z$-basis $y_{11,Z}^{L}$ and $e_{11,Z}^{p,U}$. As shown in Ref. [20],

(23)$$\begin{aligned} \langle y_{11,X} \rangle= & \langle y_{11,Z}\rangle,\\ \langle e_{11,X}^{b} \rangle= & \langle e_{11,Z}^{p}\rangle, \end{aligned}$$

where $\langle y_{11,X} \rangle$ and $\langle y_{11,Z} \rangle$ are the expected values of the yield in $X$- and $Z$-basis, $\langle e_{11,X}^{b}\rangle$ $(\langle e_{11,Z}^{p}\rangle )$ is the bit-flip (phase-flip) error rate of the single-photon pairs in $X$ $(Z)$-basis. So, we can estimate $y_{11,Z}^{L}$ and $e_{11,Z}^{p,U}$ by $\langle y_{11,X}\rangle ^{L}$ and $\langle e_{11,X}^{b}\rangle ^{U}$ with Chernoff bound,

(24)$$y_{11,Z}^{L}=\frac{O^{L}(N_{\mu\mu}a_1^{\mu} b_1^{\mu}\langle y_{11,X} \rangle^{L},\xi_{y_{11}}^{L})}{N_{\mu\mu}a_1^{\mu}b_1^{\mu}},$$

(25)$$e_{11,Z}^{p,U}=\frac{O^{U}(N_{\mu\mu}a_1^{\mu} b_1^{\mu} y_{11,Z}^{L}\langle e_{11,X}^{b} \rangle^{U},\xi_{e_{11}}^{U})}{N_{\mu\mu}a_1^{\mu}b_1^{\mu}y_{11,Z}^{L}},$$

where $O^{L}(E,\xi )$ and $O^{U}(E,\xi )$ are the lower and upper bounds of the observed value $O$, whose expected value is $E$. The details are defined in appendix C. Thus we need to calculate $\langle y_{11,X} \rangle ^{L}$ and $\langle e_{11,X}^{b} \rangle ^{U}$, according to the formulas in Ref. [21], if $\frac {\nu _B}{\omega _B}\leq \frac {\nu _A}{\omega _A}$, we have

(26)$$\left\langle y_{11, X}\right\rangle^{L}=\frac{\left\langle Q_{+}\right\rangle^{L}+\frac{a_{1}^{\nu} b_{2}^{\nu}}{N_{\omega\omega}} \mathcal{M}-\left\langle Q_{-}\right\rangle^{U}-a_{1}^{\nu} b_{2}^{\nu} \mathcal{H}}{a_{1}^{\omega} a_{1}^{\nu}\left(b_{1}^{\omega} b_{2}^{\nu}-b_{2}^{\omega} b_{1}^{\nu}\right)},$$

(27)$$\left\langle e_{11, X}^{b}\right\rangle^{U}=\frac{\frac{1}{N_{\omega\omega}}\mathcal{M}-\frac{1}{2}\mathcal{H}}{a_{1}^{\omega} b_{1}^{\omega}\left\langle y_{11, X}\right\rangle^{L}},$$

where

(28)$$\left\langle Q_{+}\right\rangle=\frac{a_{1}^{\nu} b_{2}^{\nu}}{N_{\omega\omega}}\left\langle\bar{m}_{\omega\omega}\right\rangle+\frac{a_{1}^{\omega} b_{2}^{\omega} a_{0}^{\nu}}{N_{o\nu}}\left\langle n_{{o\nu}}\right\rangle+\frac{a_{1}^{\omega} b_{2}^{\omega} b_{0}^{\nu}}{N_{\nu o}}\left\langle n_{\nu o}\right\rangle,$$

(29)$$\left\langle Q_{-}\right\rangle=\frac{a_{1}^{\omega} b_{2}^{\omega}}{N_{\nu\nu}}\left\langle n_{\nu\nu}\right\rangle+\frac{a_{1}^{\omega} b_{2}^{\omega} a_{0}^{\nu} b_{0}^{\nu}}{N_{oo}}\left\langle n_{oo}\right\rangle ,$$

(30)$$\mathcal{H}=\frac{a_{0}^{\omega}}{N_{o\omega}}\left\langle n_{o\omega}\right\rangle+\frac{b_{0}^{\omega}}{N_{\omega 0}}\left\langle n_{\omega o}\right\rangle-\frac{a_{0}^{\omega} b_{0}^{\omega}}{N_{oo}}\left\langle n_{oo}\right\rangle,$$

(31)$$\mathcal{M}=\left\langle{m}_{\omega\omega}\right\rangle .$$

$\left \langle \bar {m}_{\omega \omega }\right \rangle$ in Eq. (28) is the expected value of the number of right events of the intensity $\omega \omega$, which is

(32)$$\left\langle\bar{m}_{\omega\omega}\right\rangle=\left\langle{n}_{\omega\omega}\right\rangle-\left\langle{m}_{\omega\omega}\right\rangle.$$

In addition, in the case of $\frac {\nu _B}{\omega _B} > \frac {\nu _A}{\omega _A}$, $\langle y_{11, X}\rangle ^{L}$ can be got with Eq. (26) by making the exchange between $a_k^{\nu }$ and $b_k^{\nu }$, and the exchange between $a_k^{\omega }$ and $b_k^{\omega }$, for $k=1,2$. $\langle e_{11, X}^{b}\rangle ^{U}$ is the same.

From experiments, we can get the observed values, but in Eq. (26) and Eq. (27), there are all expected values. $E^{L}(O,\xi )$ and $E^{U}(O,\xi )$ in Appendix C. are the lower and upper bounds of expected value $E$, which are estimated from the observed value $O$. To get a tight estimated values of $\left \langle y_{11, X}\right \rangle ^{L}$ and $\left \langle e_{11, X}^{b}\right \rangle ^{U}$, we use joint constraints in Ref. [38], which is shown in Appendix B. In this method, we can get

(33)$$\begin{aligned} \left\langle Q_+\right\rangle^{L}= & F_L\Big(\frac{a_{1}^{\nu} b_{2}^{\nu}}{N_{\omega\omega}},\frac{a_{1}^{\omega} b_{2}^{\omega} a_{0}^{\nu}}{N_{o\nu}},\frac{a_{1}^{\omega} b_{2}^{\omega} b_{0}^{\nu}}{N_{\nu o}},\bar{m}_{\omega\omega},n_{{o\nu}}, n_{\nu o},\xi_{Q_1^{+}}^{L},\xi_{Q_2^{+}}^{L},\xi_{Q_3^{+}}^{L}\Big), \end{aligned}$$

(34)$$\begin{aligned} \left\langle Q_-\right\rangle^{U}= & F_U\Big(\frac{a_{1}^{\omega} b_{2}^{\omega}}{N_{\nu\nu}},\frac{a_{1}^{\omega} b_{2}^{\omega} a_{0}^{\nu} b_{0}^{\nu}}{N_{oo}},0,n_{\nu\nu}, n_{oo}, 0,\xi_{Q_1^{-}}^{U},\xi_{Q_2^{-}}^{U},0\Big), \end{aligned}$$

(35)$$\begin{aligned} \mathcal{H}^{L}= & F_L\Big(\frac{a_{0}^{\omega}}{N_{o\omega}},\frac{b_{0}^{\omega}}{N_{\omega o}},0,n_{o\omega},n_{\omega o}, 0,\xi_{H_1}^{L},\xi_{H_2}^{L},0\Big)-\frac{a_{0}^{\omega} b_{0}^{\omega}}{N_{oo}}E^{U}(n_{oo},\xi_{H_3}^{L}),\\ \mathcal{H}^{U}= & F_U\Big(\frac{a_{0}^{\omega}}{N_{o\omega}},\frac{b_{0}^{\omega}}{N_{\omega o}},0,n_{o\omega},n_{\omega o}, 0,\xi_{H_1}^{U},\xi_{H_2}^{U},0\Big)-\frac{a_{0}^{\omega} b_{0}^{\omega}}{N_{oo}}E^{L}(n_{oo},\xi_{H_3}^{U}), \end{aligned}$$

(36)$$\begin{aligned} \mathcal{M}^{L}=E^{L}(m_{\omega\omega},\xi_M^{L}), \mathcal{M}^{L}=E^{U}(m_{\omega\omega},\xi_M^{U}). \end{aligned}$$

With the equations above all, we have

(37)$$\begin{aligned} R= & p_{\mu_A}p_{\mu_B}\{a_1^{\mu} b_1^{\mu} y_{11,Z}^{L}[1-h(e_{11}^{p,U})]-f_e Q_{\mu\mu}h(E_{\mu\mu})\}\\ & -\frac{1}{N}\left(\log_2\frac{8}{\varepsilon_{cor}}+2\log_2\frac{2}{\varepsilon'\hat\varepsilon}+2\log_2\frac{1}{2\varepsilon_{PA}}\right), \end{aligned}$$

where $Q_{\mu \mu }=n_{\mu \mu }/N_{\mu \mu }$ is the gain of the pulse pairs in $Z$-basis; $E_{\mu \mu }$ is the QBER in $Z$-basis; $h(x)=-x\log _2{x}-(1-x)\log _2(1-x)$ is the Shannon entropy; $f_e$ is the efficiency factor of the error correction method; $\varepsilon _{cor}$ is the failure probability of error correction; $\varepsilon _{PA}$ is the failure probability of privacy amplification; $\varepsilon '$ and $\hat \varepsilon$ are the coefficients while using the chain rules of smooth min and max entropy.

In Eq. (26) and Eq. (27), they all have $\mathcal {H}$ and $\mathcal {M}$, which means there are some correlations between $\left \langle y_{11,X}\right \rangle ^{L}$ and $\left \langle e_{11, X}^{b}\right \rangle ^{U}$. By scanning $\mathcal {H}$ and $\mathcal {M}$,

(38)$$R=\min_{ \begin{array}{c} \mathcal{H} ,\mathcal{M} \end{array} }R(\mathcal{H},\mathcal{M}),$$

where $\mathcal {H}\in [\mathcal {H}^{L},\mathcal {H}^{U}]$ and $\mathcal {M}\in [\mathcal {M}^{L},\mathcal {M}^{U}]$. The total secure coefficient $\varepsilon _{tol}$ is [39–41]

(39)$$\varepsilon_{tol}=\varepsilon_{cor}+2(\varepsilon'+\hat\varepsilon+2\sqrt{\varepsilon_{e}+\varepsilon_{1}})+\varepsilon_{PA},$$

where $\varepsilon _e=\xi _{e_{11}}^{U}$ is the probability that the real value of the phase-flip error rate of the effective events of single-photon pairs in the $Z$-basis is larger than its estimated value $e_{11}^{p,U}$, and $\varepsilon _1$ is the probability that the real value of the counting rate of the single-photon pairs in the $Z$-basis is less than its estimated value $y_{11,Z}^{L}$, it’s made up of different parts,

(40)$$\begin{aligned} \varepsilon_1 & =\xi_{Q_1^{+}}^{L}+\xi_{Q_2^{+}}^{L}+\xi_{Q_3^{+}}^{L}+\xi_{Q_1^{-}}^{U}+\xi_{Q_2^{-}}^{U}+\xi_{H_1}^{L}+\xi_{H_2}^{L}+\xi_{H_3}^{L}+\xi_{H_1}^{U}+\xi_{H_2}^{U}+\xi_{H_3}^{U}+\xi_{M}^{L}+\xi_{M}^{U}+\xi_{y_{11}}. \end{aligned}$$

Appendix B. Analytic results of joint constraints

Just taking Eq. (28) as an example, by the method of joint constraints , $\langle S_+\rangle ^{L}$ can be got with constraints:

(41)$$\begin{aligned} & \langle \bar m_{\omega\omega} \rangle \geq E^{L}(\bar m_{\omega\omega},\xi),\\ & \langle n_{0 \nu} \rangle \geq E^{L}(n_{0 \nu},\xi),\\ & \langle n_{\nu 0} \rangle \geq E^{L}(n_{\nu 0},\xi),\\ & \langle \bar m_{\omega\omega}\rangle+\langle n_{0 \nu} \rangle \geq E^{L}(\bar m_{\omega\omega}+n_{0 \nu},\xi),\\ & \langle n_{0 \nu}\rangle+\langle n_{\nu 0} \rangle \geq E^{L}(n_{0 \nu}+n_{\nu 0},\xi), \\ & \langle \bar m_{\omega\omega}\rangle +\langle n_{\nu 0}\rangle \geq E^{L}(\bar m_{\omega\omega}+n_{\nu 0},\xi),\\ & \langle \bar m_{\omega\omega}\rangle+\langle n_{0 \nu}\rangle+\langle n_{\nu 0}\rangle \rangle \geq E^{L}(\bar m_{\omega\omega}+n_{0 \nu}+n_{\nu 0},\xi). \end{aligned}$$

This problem can be solved by the technique of linear programming, but if we use this method, much time would be cost especially when we optimize the parameters to get the highest key rate. So an analytic result of this special linear programming problem is necessary. It should be noted that the failure probability in estimating $\langle S_+\rangle ^{L}$ with this method is $3\xi$, because three of the constraints would be used in the final results at most.

For getting an analytic result, the problem can be abstracted into [21,38]

(42)$$\begin{aligned} \min_{g_1,g_2,g_3} & F=\gamma_1g_1+\gamma_2g_2+\gamma_3g_3, \\ s.t.\quad & g_1 \geq E^{L}(\widetilde{g_1},\xi_1),\\ & g_2 \geq E^{L}(\widetilde{g_2},\xi_1),\\ & g_3 \geq E^{L}(\widetilde{g_3},\xi_1),\\ & g_1+g_2 \geq E^{L}(\widetilde{g_1}+\widetilde{g_2},\xi_2),\\ & g_2+g_3 \geq E^{L}(\widetilde{g_2}+\widetilde{g_3},\xi_2),\\ & g_1+g_3 \geq E^{L}(\widetilde{g_1}+\widetilde{g_3},\xi_2),\\ & g_1+g_2+g_3 \geq E^{L}(\widetilde{g_1}+\widetilde{g_2}+\widetilde{g_3},\xi_3), \end{aligned}$$

where $\gamma _1,\gamma _2,\gamma _3,g_1,g_2,g_3,\widetilde {g_1},\widetilde {g_2},\widetilde {g_3}$ are all positive and $E^{L}(O,\xi )$ is defined in Appendix C.

We rearrange $\{\gamma _1,\gamma _2,\gamma _3\}$ in the ascending order, the new sequence is denoted by $\{\gamma _1',\gamma _2',\gamma _3'\}$, $\{\widetilde {g_1}',\widetilde {g_2}',\widetilde {g_3}'\}$ as the corresponding rearrange of $\{\widetilde {g_1},\widetilde {g_2},\widetilde {g_3}\}$ according to the ascending order of $\{\gamma _1,\gamma _2,\gamma _3\}$. In this way, the lower bound of $F$ can be wrote as:

(43)$$\begin{aligned} F_L & (\gamma_1,\gamma_2,\gamma_3,\widetilde{g_1},\widetilde{g_2},\widetilde{g_3},\xi_1,\xi_2,\xi_3)\\ = & \gamma_1'E^{L}(\widetilde{g_1}'+\widetilde{g_2}'+\widetilde{g_3}',\xi_3)+(\gamma_2'-\gamma_1')E^{L}(\widetilde{g_2}'+\widetilde{g_3}',\xi_2)+(\gamma_3'-\gamma_2')E^{L}(\widetilde{g_3}',\xi_1). \end{aligned}$$

And if we want to get the upper bound of $F$, we can just replace $E^{L}(O,\xi )$ by $E^{U}(O,\xi )$:

(44)$$\begin{aligned} F_U & (\gamma_1,\gamma_2,\gamma_3,\widetilde{g_1},\widetilde{g_2},\widetilde{g_3},\xi_1,\xi_2,\xi_3)\\ = & \gamma_1'E^{U}(\widetilde{g_1}'+\widetilde{g_2}'+\widetilde{g_3}',\xi_3)+(\gamma_2'-\gamma_1')E^{U}(\widetilde{g_2}'+\widetilde{g_3}',\xi_2)+(\gamma_3'-\gamma_2')E^{U}(\widetilde{g_3}',\xi_1). \end{aligned}$$

Appendix C. Chernoff bound

The Chernoff bound [36] is useful in estimating the expected values from their observed values or estimating the observed values from their expected values. Let $X_1,X_2,\ldots,X_n$ be a set of independent Bernoulli random samples (it can be in different distribution), and let $X=\sum _{i=1}^{n} X_i$. The observed value of $X$ which denotes $O$ is unknown and its expected value $E$ is known. In this situation, we have

(45)$$O^{L}(E,\xi)=[1-\delta_1(E,\xi)]E,$$

(46)$$O^{U}(E,\xi)=[1+\delta_2(E,\xi)]E,$$

where $\delta _1(E,\xi )$ and $\delta _2(E,\xi )$ can be got by solving the following equations:

(47)$$\left(\frac{e^{-\delta_1}}{(1-\delta_1)^{1-\delta_1}}\right)^{E}=\xi,$$

(48)$$\left(\frac{e^{\delta_2}}{(1+\delta_2)^{1+\delta_2}}\right)^{E}=\xi,$$

where $\xi$ is the failure probability.

When the expected value $E$ is unknown and its observed value $O$ is known, we have

(49)$$E^{L}(O,\xi)=\frac{O}{1+\delta_1'(O,\xi)},$$

(50)$$E^{U}(O,\xi)=\frac{O}{1-\delta_2'(O,\xi)},$$

where $\delta _1'(O,\xi )$ and $\delta _2'(O,\xi )$ can be got by solving the following equations:

(51)$$\left(\frac{e^{\delta_1'}}{(1+\delta_1')^{1+\delta_1'}}\right)^{\frac{O}{1+\delta_1'}}=\xi,$$

(52)$$\left(\frac{e^{-\delta_2'}}{(1-\delta_2')^{1-\delta_2'}}\right)^{\frac{O}{1-\delta_2'}}=\xi.$$

Funding

National Key Research and Development Program of China (2018YFA0306400); National Natural Science Foundation of China (62171424, 61961136004); China Postdoctoral Science Foundation (2021M693098).

Disclosures

The authors declare no conflicts of interest.

Data availability

Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

References

1. C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, (IEEE, 1984), pp. 175–179.

2. A. K. Ekert, “Quantum cryptography based on bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef]

3. C. E. Shannon, “Communication theory of secrecy systems,” The Bell Syst. Tech. J. 28(4), 656–715 (1949). [CrossRef]

4. S. N. Molotkov, “Conferences and symposia: Quantum cryptography and v a kotel’nikov’s one-time key and sampling theorems,” Phys.-Usp. 49(7), 750 (2006). [CrossRef]

5. A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-independent security of quantum cryptography against collective attacks,” Phys. Rev. Lett. 98(23), 230501 (2007). [CrossRef]

6. V. Makarov, A. Anisimov, and J. Skaar, “Effects of detector efficiency mismatch on security of quantum cryptosystems,” Phys. Rev. A 74(2), 022313 (2006). [CrossRef]

7. C.-H. F. Fung, B. Qi, K. Tamaki, and H.-K. Lo, “Phase-remapping attack in practical quantum-key-distribution systems,” Phys. Rev. A 75(3), 032314 (2007). [CrossRef]

8. Y. Zhao, C. H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, “Quantum hacking: Experimental demonstration of time-shift attack against practical quantum-key-distribution systems,” Phys. Rev. A 78(4), 042333 (2008). [CrossRef]

9. F. Xu, B. Qi, and H. Lo, “Experimental demonstration of phase-remapping attack in a practical quantum key distribution system,” New J. Phys. 12(11), 113026 (2010). [CrossRef]

10. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics 4(10), 686–689 (2010). [CrossRef]

11. I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurtsiefer, and V. Makarov, “Full-field implementation of a perfect eavesdropper on a quantum cryptography system,” Nat. Commun. 2(1), 349 (2011). [CrossRef]

12. S. L. Braunstein and S. Pirandola, “Side-channel-free quantum key distribution,” Phys. Rev. Lett. 108(13), 130502 (2012). [CrossRef]

13. H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 108(13), 130503 (2012). [CrossRef]

14. Y. Liu, T.-Y. Chen, L.-J. Wang, H. Liang, G.-L. Shentu, J. Wang, K. Cui, H.-L. Yin, N.-L. Liu, L. Li, X. Ma, J. S. Pelc, M. M. Fejer, C.-Z. Peng, Q. Zhang, and J.-W. Pan, “Experimental measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 111(13), 130502 (2013). [CrossRef]

15. C. Wang, X.-T. Song, Z.-Q. Yin, S. Wang, W. Chen, C.-M. Zhang, G.-C. Guo, and Z.-F. Han, “Phase-reference-free experiment of measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 115(16), 160502 (2015). [CrossRef]

16. H.-L. Yin, T.-Y. Chen, Z.-W. Yu, H. Liu, L.-X. You, Y.-H. Zhou, S.-J. Chen, Y. Mao, M.-Q. Huang, W.-J. Zhang, H. Chen, M. J. Li, D. Nolan, F. Zhou, X. Jiang, Z. Wang, Q. Zhang, X.-B. Wang, and J.-W. Pan, “Measurement-device-independent quantum key distribution over a 404 km optical fiber,” Phys. Rev. Lett. 117(19), 190501 (2016). [CrossRef]

17. L. Comandar, M. Lucamarini, B. Fröhlich, J. Dynes, A. Sharpe, S.-B. Tam, Z. Yuan, R. Penty, and A. Shields, “Quantum key distribution without detector vulnerabilities using optically seeded lasers,” Nat. Photonics 10(5), 312–315 (2016). [CrossRef]

18. H. Li, H. Jiang, M. Gao, Z. Ma, C. Ma, and W. Wang, “Statistical-fluctuation analysis for quantum key distribution with consideration of after-pulse contributions,” Phys. Rev. A 92(6), 062344 (2015). [CrossRef]

19. Q. Wang and X.-B. Wang, “Simulating of the measurement-device independent quantum key distribution with phase randomized general sources,” Sci. Rep. 4, 1–7 (2014). [CrossRef]

20. Y.-H. Zhou, Z.-W. Yu, and X.-B. Wang, “Making the decoy-state measurement-device-independent quantum key distribution practically useful,” Phys. Rev. A 93(4), 042324 (2016). [CrossRef]

21. C. Jiang, Z.-W. Yu, X.-L. Hu, and X.-B. Wang, “Higher key rate of measurement-device-independent quantum key distribution through joint data processing,” Phys. Rev. A 103(1), 012402 (2021). [CrossRef]

22. G.-J. Fan-Yuan, C. Wang, S. Wang, Z.-Q. Yin, H. Liu, W. Chen, D.-Y. He, Z.-F. Han, and G.-C. Guo, “Afterpulse analysis for quantum key distribution,” Phys. Rev. Appl. 10(6), 064032 (2018). [CrossRef]

23. G.-J. Fan-Yuan, S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, Z.-F. Han, and G.-C. Guo, “Modeling alignment error in quantum key distribution based on a weak coherent source,” Phys. Rev. Appl. 12(6), 064044 (2019). [CrossRef]

24. G.-J. Fan-Yuan, J. Teng, S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, G.-C. Guo, and Z.-F. Han, “Optimizing single-photon avalanche photodiodes for dynamic quantum key distribution networks,” Phys. Rev. Appl. 13(5), 054027 (2020). [CrossRef]

25. J. Zhang, M. A. Itzler, H. Zbinden, and J.-W. Pan, “Advances in ingaas/inp single-photon detector systems for quantum communication,” Light: Sci. Appl. 4(5), e286 (2015). [CrossRef]

26. X. Ma and M. Razavi, “Alternative schemes for measurement-device-independent quantum key distribution,” Phys. Rev. A 86(6), 062319 (2012). [CrossRef]

27. F. Xu, M. Curty, B. Qi, and H.-K. Lo, “Practical aspects of measurement-device-independent quantum key distribution,” New J. Phys. 15(11), 113007 (2013). [CrossRef]

28. W.-Y. Hwang, “Quantum key distribution with high loss: toward global secure communication,” Phys. Rev. Lett. 91(5), 057901 (2003). [CrossRef]

29. X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. 94(23), 230503 (2005). [CrossRef]

30. H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. 94(23), 230504 (2005). [CrossRef]

31. X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, “Practical decoy state for quantum key distribution,” Phys. Rev. A 72(1), 012326 (2005). [CrossRef]

32. S. Cova, A. Lacaita, and G. Ripamonti, “Trapping phenomena in avalanche photodiodes on nanosecond scale,” IEEE Electron Device Lett. 12(12), 685–687 (1991). [CrossRef]

33. K. E. Jensen, P. I. Hopman, E. K. Duerr, E. A. Dauler, J. P. Donnelly, S. H. Groves, L. J. Mahoney, K. A. McIntosh, K. M. Molvar, A. Napoleone, D. C. Oakley, S. Verghese, C. J. Vineis, and R. D. Younger, “Afterpulsing in geiger-mode avalanche photodiodes for 1.06 µ m wavelength,” Appl. Phys. Lett. 88(13), 133503 (2006). [CrossRef]

34. F.-X. Wang, W. Chen, Y.-P. Li, D.-Y. He, C. Wang, Y.-G. Han, S. Wang, Z.-Q. Yin, and Z.-F. Han, “Non-markovian property of afterpulsing effect in single-photon avalanche detector,” J. Lightwave Technol. 34(15), 3610–3615 (2016). [CrossRef]

35. F.-Y. Lu, Z.-Q. Yin, G.-J. Fan-Yuan, R. Wang, H. Liu, S. Wang, W. Chen, D.-Y. He, W. Huang, B.-J. Xu, G.-C. Guo, and Z.-F. Han, “Efficient decoy states for the reference-frame-independent measurement-device-independent quantum key distribution,” Phys. Rev. A 101(5), 052318 (2020). [CrossRef]

36. H. Chernoff, “A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations,” Ann. Math. Statist. 23(4), 493–507 (1952). [CrossRef]

37. C. Jiang, Z.-W. Yu, and X.-B. Wang, “Measurement-device-independent quantum key distribution with source state errors and statistical fluctuation,” Phys. Rev. A 95(3), 032325 (2017). [CrossRef]

38. Z.-W. Yu, Y.-H. Zhou, and X.-B. Wang, “Statistical fluctuation analysis for measurement-device-independent quantum key distribution with three-intensity decoy-state method,” Phys. Rev. A 91(3), 032318 (2015). [CrossRef]

39. M. Hayashi and T. Tsurumaru, “Concise and tight security analysis of the bennett-brassard 1984 protocol with finite key lengths,” New J. Phys. 14(9), 093014 (2012). [CrossRef]

40. M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” Nat. Commun. 3(1), 634 (2012). [CrossRef]

41. M. Curty, F. Xu, W. Cui, C. C. W. Lim, K. Tamaki, and H. Lo, “Finite-key analysis for measurement-device-independent quantum key distribution,” Nat. Commun. 5(1), 3732 (2014). [CrossRef]

	$\| 0 ⟩$	$\| 1 ⟩$	$\| + ⟩$	$\| - ⟩$
$c_{0}$	$1$	$0$	$1 / \sqrt{2}$	$1 / \sqrt{2}$
$c_{1}$	$0$	$1$	$1 / \sqrt{2}$	$- 1 / \sqrt{2}$

	$\| 0 ⟩$	$\| 1 ⟩$	$\| + ⟩$	$\| - ⟩$
$c_{0}$	$1$	$0$	$1 / \sqrt{2}$	$1 / \sqrt{2}$
$c_{1}$	$0$	$1$	$1 / \sqrt{2}$	$- 1 / \sqrt{2}$

Afterpulse effect in measurement-device-independent quantum key distribution

Abstract

1. Introduction

2. Model

3. Simulation results and discussion

4. Conclusion

Appendix A. Calculation of the final key rate

Appendix B. Analytic results of joint constraints

Appendix C. Chernoff bound

Funding

Disclosures

Data availability

References

Data availability

Cited By

Figures (6)

Tables (2)

Equations (52)

Optics Express