## Abstract

Measurement-device-independent quantum key distribution (MDI-QKD) can remove all detector side-channel attacks, which can be implemented with phase-randomized coherent states (PRCS) or non-phase-randomized coherent states (NPRCS). In this paper, we focus on the MDI-QKD protocol with NPRCS and provide an improved analysis. In contrast with the original MDI-QKD with NPRCS which modulates the same intensity of coherent states in the key and test bases, we propose to modulate different intensities of coherent states in the key and test bases. Simulation results show that the secret key rate and transmission distance of MDI-QKD with NPRCS can be significantly improved. Furthermore, it is noteworthy that the modulation of different intensities does not bring extra complexity for experimental researchers, which can be easily done by adding an intensity modulator.

© 2021 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

## 1. Introduction

Based on the laws of quantum physics, quantum key distribution (QKD) can in principle distribute secret keys between two distant peers Alice and Bob in the presence of an eavesdropper Eve [1,2]. Despite the theoretical security, the current QKD implementations, which are composed of real-life imperfect devices, are vulnerable to lots of malicious attacks [3–8]. Therefore, various protocols have been proposed [9–12] to strengthen the practical security of QKD systems. Particularly, measurement-device-independent QKD (MDI-QKD) [11,12], which removes all detector side channel attacks and enjoys both the security and practicality, has been extensively studied [13–23].

Generally, due to the shortage of single-photon sources, one can implement MDI-QKD with the decoy-state method [24,25]. However, the decoy-state method requires the perfect phase-randomized coherent states (PRCS), which means that the phases of coherent states should be continuously randomized in the interval [0, 2$\pi$). And this requirement cannot be satisfied well with current technology [26,27]. An alternative way to realize MDI-QKD is to adopt non-phase-randomized coherent states (NPRCS) [13,23]. Compared with the former case, MDI-QKD with NPRCS requires less stringent assumption, which is very attractive in some practical scenarios. In particular, the versatile numerical framework proposed in [23] can significantly improve the performance of MDI-QKD with NPRCS [13], which only requires the encoded states are pure and their inner products are known. Moreover, [28] demonstrates that modulating NPRCS with free intensities and phases can obviously improve the performance in the prepare-and-measure QKD protocol.

Inspired by [13,23,28], we provide an improved analysis of MDI-QKD with NPRCS in this paper. Different from the original protocol in [13,23] which modulates the same intensity of coherent states in the key and test bases, we propose to modulate different intensities of coherent states in the key and test bases. Simulation results show that the secret key rate and transmission distance of MDI-QKD with NPRCS can be further improved. More importantly, the modulation of different intensities does not bring extra complexity for practical implementations, which can be easily done by adding an intensity modulator.

## 2. Improved analysis of MDI-QKD with NPRCS

In our protocol, Alice and Bob send phase-encoding states with NPRCS to a third party Eve who performs the Bell state measurement. Unlike protocols in [13,23] which modulate the same intensity of coherent states in the key and test bases, our protocol modulates different intensities of coherent states in the key and test bases. The detailed procedure of our protocol is outlined as follows:

(1) Alice (Bob) randomly chooses a bit $a$ ($b$) and a basis $x$ ($y$) to prepare the coherent state $\left | {{{( - 1)}^a}{e^{ix\pi /M}}\sqrt {{\mu _x}} } \right \rangle$ ($\left | {{{( - 1)}^b}{e^{iy\pi /M}}\sqrt {{\mu _y}} } \right \rangle$), where $a,b \in \{ 0,1\}$, $M$ denotes the number of bases, $x,y \in \{ 0, 1, \ldots ,M - 1\}$, $\mu _x$ ($\mu _y$) denotes the intensity of coherent states prepared in the $x$ ($y$) basis. Hereafter, we refer to the $x=0$ ($y=0$) basis as the key basis, and the $x \ge 1$ ($y \ge 1$) bases as the test bases. Then, she (he) sends the prepared state to the third party Eve through the quantum channel.

(2) If Eve is cooperative, she interferes the received states on a 50:50 beam splitter, directs the output pulses to two single photon detectors, and announces the Bell-state measurement result $z \in \{ {\Psi ^ + },{\Psi ^ - },\emptyset \}$, where $\emptyset$ denotes the failure measurement result. For the successful measurement result $\Psi ^ +$ or $\Psi ^ -$, Alice and Bob announce their chosen basis, and keep the corresponding bit when they choose the same basis $x = y = \gamma$. Moreover, if Eve announces $\Psi ^ -$, Bob should flip his bit.

(3) The above steps are repeated many times. Alice and Bob sacrifice part of their bits to estimate the probability of successful Bell-state measurements when they choose the same basis $\gamma$, denoted as $p_{succ}^{\gamma }$, and the corresponding quantum bit error rate, denoted as $e_{succ}^{\gamma }$, where $succ \in \{ {\Psi ^ + },{\Psi ^ - }\}$.

(4) Alice and Bob perform key reconciliation and privacy amplification to distill the secret keys.

Assuming the encoded states in step (1) are pure and their inner products are known, we adopt the security analysis procedure in [23] to analyze our protocol. For ease of notation, we denote the states prepared by Alice and Bob as ${\left | {{a_x}} \right \rangle _A}$ and $\left | {{b_y}} \right \rangle _B$. The inner products of the encoded states can be expressed as

Now, we can construct a Gram matrix $G$, the elements of which are described by the inner products ${\left \langle {\textrm {e}_{{a_x}{b_y}}^z|\textrm {e}_{a{'_{x'}}b{'_{y'}}}^z} \right \rangle _E}$. Obviously, the Gram matrix $G$ is positive semidefinite, that is, $G \ge 0$. The experimental observables $p_{succ}^{\gamma }$ and $e_{succ}^{\gamma }$ can be given by

## 3. Simulation

In all the simulation results presented below, we assume the detection efficiency and dark count rate of single-photon detectors are $14.5\%$ and $6.02 \times {10^{ - 6}}$, the loss coefficient of the standard fiber link is $0.2$ dB/km, the optical misalignment error is $1.5\%$, and the key reconciliation procedure can be done with Shannon’s limit. Furthermore, to maximize the performance of our protocol, we optimize the intensities in different bases with a coarse grained exhaustive search.

First, we compare the performance of our protocol and the protocol in [23] with different number of bases, and the corresponding results are shown in Fig. 1. The maximum distance of our protocol is about 10 km (30 km) longer than that of [23] when modulating two (three) bases, and the secret key rate of our protocol is noticeably higher than that of [23]. In particular, for the protocol [23], the performance of modulating three bases is almost overlapped with that of modulating two bases. However, for our protocol, the performance of modulating three bases is much better than that of modulating two bases. And this improvement in our ptotocol can be mainly attributed to the modulation of different intensities in the key and test bases, which gives more freedom to maximize the performance of MDI-QKD with NPRCS.

Then, we investigate the performance of our protocol and [23] with asymmetric channels, due to the fact that the channel distance of Alice and Eve ($L_A$) may be different from that of Bob and Eve ($L_B$) in most realistic scenarios. For simplicity, we assume the same intensity arriving at Eve after asymmetric channels’ attenuation, that is ${\mu _{{\gamma _A}}}{\eta _A} = {\mu _{{\gamma _B}}}{\eta _B}$, where $\eta _A$ ($\eta _B$) denotes the total transmission efficiency from Alice (Bob) to Eve, and $\mu _{{\gamma _A}}$ ($\mu _{{\gamma _B}}$) denotes the intensity of coherent states prepared by Alice (Bob) in the $\gamma$ basis. Figure 2 illustrates the corresponding results when modulating two bases, where $d = \left | {{L_A} - {L_B}} \right |$, and it is obvious that, compared with [23], our protocol is better adapted to the asymmetric channels.

Finally, we compare the performance of our protocol and [23] under the Trojan horse attack. Similar to [23], we extend the Trojan horse model in [32] into our protocol. When Eve launches the Trojan horse attack, she sends bright light to Alice and Bob’s sources, and then collects the reflected light which contains Alice and Bob’s modulaton information. Here, we consider two bases are modulated, and the intensity of reflected light is $\textrm {v}$. The output states emitted by Alice and Bob in our protocol can be expressed by $\left | { \pm \sqrt {{\mu _0}} } \right \rangle \left | { \pm \sqrt {\rm v} } \right \rangle$, $\left | { \pm i \sqrt {{\mu _1}} } \right \rangle \left | { \pm i \sqrt {\rm v} } \right \rangle$, and the output states emitted in [23] can be expressed by $\left | { \pm \sqrt {\mu } } \right \rangle \left | { \pm \sqrt {\rm v} } \right \rangle$, $\left | { \pm i \sqrt {{\mu }} } \right \rangle \left | { \pm i \sqrt {\rm v} } \right \rangle$. The corresponding results are shown in Fig. 3. As shown in Fig. 3, when ${\rm v} = 10^{ - 3}$, the performance of our protocol and [23] is very comparable, which is attributed to ${\mu _0} \approx {\mu _1}$ for our protocol in the simulation; when ${\rm v} = 10^{ - 4}, 10^{-5}$, our protocol is more robust against the Trojan horse attack, and the main reason is that, compared with [23], our protocol gives more freedom to the intensities of coherent states and can tolerate higher intensity of coherent states in the key basis. It’s worthy to mention that the adoption of optical power limiters by Alice and Bob can reduce the effect of the Trojan horse attack [33].

## 4. Conclusion

In this paper, we propose an improved analysis of MDI-QKD protocol with NPRCS. In contrast with the original protocol [23] modulating the same intensity of coherent states in the key and test bases, we propose to modulate different intensities of coherent states in the key and test bases, which improves the performance of MDI-QKD with NPRCS considerably. Furthermore, we emphasize that the modulation of different intensities does not bring extra complexity for practical implementations, which can be easily done by adding an intensity modulator. We expect our work can provide a useful reference for experimental researchers to implement MDI-QKD systems with NPRCS.

## Funding

China Postdoctoral Science Foundation (2019T120446, 2018M642281); Jiangsu Planned Projects for Postdoctoral Research Funds (2018K185C).

## Disclosures

The authors declare no conflicts of interest.

## Data availability

Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

## References

**1. **C. H. Bennett and G. Brassard, “Quantum cryptography,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, (1984), pp. 175–179.

**2. **A. K. Ekert, “Quantum cryptography based on bell’s theorem,” Phys. Rev. Lett. **67**(6), 661–663 (1991). [CrossRef]

**3. **V. Makarov and D. R. Hjelme, “Faked states attack on quantum cryptosystems,” J. Mod. Opt. **52**(5), 691–705 (2005). [CrossRef]

**4. **V. Makarov, A. Anisimov, and J. Skaar, “Effects of detector efficiency mismatch on security of quantum cryptosystems,” Phys. Rev. A **74**(2), 022313 (2006). [CrossRef]

**5. **B. Qi, C.-H. F. Fung, H.-K. Lo, and X. Ma, “Time-shift attack in practical quantum cryptosystems,” Quantum Inf. & Comput. **7**(1&2), 73–82 (2007). [CrossRef]

**6. **C.-H. F. Fung, B. Qi, K. Tamaki, and H.-K. Lo, “Phase-remapping attack in practical quantum-key-distribution systems,” Phys. Rev. A **75**(3), 032314 (2007). [CrossRef]

**7. **L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics **4**(10), 686–689 (2010). [CrossRef]

**8. **H.-W. Li, S. Wang, J.-Z. Huang, W. Chen, Z.-Q. Yin, F.-Y. Li, Z. Zhou, D. Liu, Y. Zhang, G.-C. Guo, W.-S. Bao, and Z.-F. Han, “Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources,” Phys. Rev. A **84**(6), 062308 (2011). [CrossRef]

**9. **D. Mayers and A. Yao, “Quantum cryptography with imperfect apparatus,” in Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No. 98CB36280) (IEEE, 1998), pp. 503–509.

**10. **A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-independent security of quantum cryptography against collective attacks,” Phys. Rev. Lett. **98**(23), 230501 (2007). [CrossRef]

**11. **H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. **108**(13), 130503 (2012). [CrossRef]

**12. **S. L. Braunstein and S. Pirandola, “Side-channel-free quantum key distribution,” Phys. Rev. Lett. **108**(13), 130502 (2012). [CrossRef]

**13. **K. Tamaki, H.-K. Lo, C.-H. F. Fung, and B. Qi, “Phase encoding schemes for measurement-device-independent quantum key distribution with basis-dependent flaw,” Phys. Rev. A **85**(4), 042307 (2012). [CrossRef]

**14. **X. Ma and M. Razavi, “Alternative schemes for measurement-device-independent quantum key distribution,” Phys. Rev. A **86**(6), 062319 (2012). [CrossRef]

**15. **Z.-Q. Yin, C.-H. F. Fung, X. Ma, C.-M. Zhang, H.-W. Li, W. Chen, S. Wang, G.-C. Guo, and Z.-F. Han, “Mismatched-basis statistics enable quantum key distribution with uncharacterized qubit sources,” Phys. Rev. A **90**(5), 052319 (2014). [CrossRef]

**16. **H.-W. Li, Z.-Q. Yin, W. Chen, S. Wang, G.-C. Guo, and Z.-F. Han, “Quantum key distribution based on quantum dimension and independent devices,” Phys. Rev. A **89**(3), 032302 (2014). [CrossRef]

**17. **Y.-H. Zhou, Z.-W. Yu, and X.-B. Wang, “Making the decoy-state measurement-device-independent quantum key distribution practically useful,” Phys. Rev. A **93**(4), 042324 (2016). [CrossRef]

**18. **F. Xu, H. Xu, and H.-K. Lo, “Protocol choice and parameter optimization in decoy-state measurement-device-independent quantum key distribution,” Phys. Rev. A **89**(5), 052333 (2014). [CrossRef]

**19. **A. Rubenok, J. A. Slater, P. Chan, I. Lucio-Martinez, and W. Tittel, “Real-world two-photon interference and proof-of-principle quantum key distribution immune to detector attacks,” Phys. Rev. Lett. **111**(13), 130501 (2013). [CrossRef]

**20. **Z. Tang, Z. Liao, F. Xu, B. Qi, L. Qian, and H.-K. Lo, “Experimental demonstration of polarization encoding measurement-device-independent quantum key distribution,” Phys. Rev. Lett. **112**(19), 190503 (2014). [CrossRef]

**21. **L. Comandar, M. Lucamarini, B. Fröhlich, J. Dynes, A. Sharpe, S.-B. Tam, Z. Yuan, R. Penty, and A. Shields, “Quantum key distribution without detector vulnerabilities using optically seeded lasers,” Nat. Photonics **10**(5), 312–315 (2016). [CrossRef]

**22. **H.-L. Yin, T.-Y. Chen, Z.-W. Yu, H. Liu, L.-X. You, Y.-H. Zhou, S.-J. Chen, Y. Mao, M.-Q. Huang, W.-J. Zhang, H. Chen, M. J. Li, D. Nolan, F. Zhou, X. Jiang, Z. Wang, Q. Zhang, X.-B. Wang, and J.-W. Pan, “Measurement-device-independent quantum key distribution over a 404 km optical fiber,” Phys. Rev. Lett. **117**(19), 190501 (2016). [CrossRef]

**23. **I. W. Primaatmaja, E. Lavie, K. T. Goh, C. Wang, and C. C. W. Lim, “Versatile security analysis of measurement-device-independent quantum key distribution,” Phys. Rev. A **99**(6), 062332 (2019). [CrossRef]

**24. **H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. **94**(23), 230504 (2005). [CrossRef]

**25. **X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. **94**(23), 230503 (2005). [CrossRef]

**26. **Z. Cao, Z. Zhang, H.-K. Lo, and X. Ma, “Discrete-phase-randomized coherent state source and its application in quantum key distribution,” New J. Phys. **17**(5), 053014 (2015). [CrossRef]

**27. **Z. Cao, “Discrete-phase-randomized measurement-device-independent quantum key distribution,” Phys. Rev. A **101**(6), 062325 (2020). [CrossRef]

**28. **L. Liu, Y. Wang, E. Lavie, C. Wang, A. Ricou, F. Z. Guo, and C. C. W. Lim, “Practical quantum key distribution with non-phase-randomized coherent states,” Phys. Rev. A **12**(2), 024048 (2019). [CrossRef]

**29. **A. P. S Mosek, “Mosek optimization toolbox for MATLAB 9.2.47,” http://www.mosek.com (2021).

**30. **M. Grant and S. Boyd, “CVX: MATLAB software for disciplined convex programming version 2.2,” http://cvxr.com/cvx (2020).

**31. **M. Grant and S. Boyd, “Graph implementations for nonsmooth convex programs,” in * Recent Advances in Learning and Control*, V. Blondel, S. Boyd, and H. Kimura, eds. Lecture Notes in Control and Information Sciences http://stanford.edu/boyd/graph_dcp.html (Springer-Verlag Limited, 2008), pp. 95–110.

**32. **M. Lucamarini, I. Choi, M. B. Ward, J. F. Dynes, Z. Yuan, and A. J. Shields, “Practical security bounds against the trojan-horse attack in quantum key distribution,” Phys. Rev. X **5**(3), 031030 (2015). [CrossRef]

**33. **G. Zhang, I. W. Primaatmaja, J. Y. Haw, X. Gong, C. Wang, and C. C. W. Lim, “Securing practical quantum communication systems with optical power limiters,” PRX Quantum **2**(3), 030304 (2021). [CrossRef]