Analysis of quantum cryptographic protocols with enhanced performance

  1. Trényi, Róbert
Supervised by:
  1. Marcos Curty Alonso Director

Defence university: Universidade de Vigo

Fecha de defensa: 23 April 2021

  1. Eleni Diamanti Chair
  2. Kiyoshi Tamaki Secretary
  3. Vicente Martín Ayuso Committee member

Type: Thesis


Nowadays, in the era of online shopping and banking we can basically take care of all our financial tasks from the comfort of our homes. This convenience makes the task of encrypting information rather ubiquitous in our everyday life. However, the current technological solution for this task is based on the computational hardness of certain mathematical problems (like, for example, the factoring of enormous integers) thus it is vulnerable to future technological advances in the computational power of Eve, like, for example the anticipated appearance of quantum computers. Indeed, combining Shor's algorithm with a future quantum computer can completely compromise the security of our classical cryptosystems. As we live in the age of information this would have awful consequences on our private data that we wish to keep as a secret. This can be remedied by making use of quantum mechanics to protect our data (i.e., quantum key distribution). The threat posed by quantum computers on the security of classical cryptosystems makes quantum key distribution (QKD) an extremely important and active research area nowadays. QKD achieves the task of establishing a totally random, identical secret key between two remote users (usually called Alice and Bob). This key is obtained solely through the most fundamental principles of nature (i.e., quantum physics) such that it is information-theoretically secure, which means that there is no need to restrict the computational power of a possible eavesdropper (Eve) to guarantee that she does not have any information on the key shared between the users. Subsequently, Alice and Bob can use the secret key with the one-time pad (OTP) to encrypt the classical messages they wish to interchange, which has been proven to provide perfect secrecy for the messages provided that the secret key is not reused. A principal goal of QKD is to improve the achievable secret key rate and the distance that can be covered. Currently, the state-of-the-art value of the achievable distance with fiber based systems is around 600 km. Possible solutions to extend the distance of QKD include the use of trusted nodes or satellite based QKD setups, which can be capable of covering intercontinental distances due to the lower loss of the atmosphere at certain wavelengths and free space propagation. Despite the remarkable progress, there are still many challenges that have to be overcome for QKD to become a globally accessible technology. In this thesis, we focus on two main difficulties: the first one is a purely theoretical limitation, the so-called repeaterless bound and the second one is the fact that practical sources sometimes emit multiple photon pulses. The repeaterless bound is one of the most important limitations of QKD as it upper bounds the achievable secret key rate of an arbitrary point to point (when the quantum channel directly connects Alice to Bob) QKD protocol. It is important to note that in the asymptotic limit of long distances this bound is proportional to the transmittance of the QKD system connecting Alice and Bob. This is a strict limitation as in the case of optical fibers this decreases exponentially with the length of the optical fiber. Obviously, the repeaterless bound can only be overcome if intermediate stations or middle nodes are introduced between the parties. However, even if one introduces middle stations, overcoming the repeaterless bound is only possible if extra techniques are also applied. The ultimate solution for the above limitation is the so-called full scale quantum repeaters (QR), which are usually based on the idea of entanglement swapping, entanglement distillation or quantum error correction codes. However, constructing and operating a full-scale QR with many nodes is quite challenging with current technology. So first, implementing and improving constructions that contain only one middle node between the parties has received a lot of attention in the QKD community as this constitutes the first step towards a full-scale QR. The drawback of having just one node is that it can provide only a square root improvement in the achievable secret key rate, corresponding to the transmittance of the half of the channel. This improvement is achieved by making sure somehow that a signal can be used in the key generation process even if it has covered only half of the distance between the parties. There are three main branches of approaches in order to overcome the repeaterless bound with the help of one middle station. The first one is the so-called twin-field QKD (TF-QKD), which is based on single photon interference. The second approach to reach the improved scaling is to extend the original measurement-device-independent (MDI) QKD scheme with the idea of multiplexing together with quantum non-demolition (QND) measurements. The QNDs are performed to make sure that the signals from the parties have actually arrived and then the Bell state measurements (BSM) are only performed when it is guaranteed that both signals from the two parties are present. Note that the purpose of the BSMs is to establish the desired quantum correlations between the parties. This so-called adaptive MDI-QKD (AMDI-QKD) has an improved key rate scaling when perfect entanglement and single-photon sources are assumed. The third approach is quantum memory (QM) assisted QKD protocols, where the improved secret key rate scaling can also be achieved. In these protocols, the QMs are used to store the quantum states corresponding to the sent signals and the BSMs are only performed when the QMs are loaded on both sides. The main challenge of these schemes is the dephasing of the QMs, that is, the quantum state stored in the QM is constantly changing due to the environment, leading to errors. This means that this approach necessitates high quality QMs which are still out of reach with current technology. The other limitation is attributed to the fact that in practice, perfect single photon sources are too challenging to implement and their current performance is limited, therefore in QKD the desired perfect single photon sources are approximated with highly attenuated laser sources. These sources emit weak coherent pulses (WCP), which sometimes contain multiple-photon pulses, making the notorious photon number splitting (PNS) attack possible. This means that when the source emits multiple photons, it is possible for Eve to take out a perfect copy of the signal state carrying the encoded information thus compromising the security of the protocol. In order to avoid the possibility of PNS attacks one has to apply novel techniques. One technique to fight against the PNS attack is the so-called decoy-state QKD protocol, where, different intensity settings are used for the WCPs (one of them is used for key generation) so Eve cannot tell which multi-photon signals are coming from the decoy setting. Thus, by checking the yield of the decoy pulse, Alice and Bob can reveal the presence of the PNS attack. An alternative technique uses strong reference pulses combined with WCPs. Another type of solution to prevent the PNS attack is to introduce different kind of protocols, for example, the so-called differential-phase-reference (DPR) QKD protocols, where information is encoded over subsequent signals, so Bob jointly measures the subsequent signals coming from Alice. There are two sub-categories of the DPR-QKD protocols, one is the differential-phase-shift (DPS) and the other is the coherentone-way (COW) QKD protocol. In the COW protocol, encoding is done by combining coherent states of the same amplitude or a coherent state with a vacuum state. Prior to our work, only lower and upper bounds were known for the secret key rate capacity of the COW protocol. Even though the exact performance was not established, long-distance implementations of this scheme have appeared in the scientific literature and it is even used in commercial setups by the company ID Quantique due to the fact that this protocol is relatively easy to implement. All the research works that I contributed to are in the direction of investigating the performance and/or limitations of different QKD protocols including the scaling of their secret key rate over distance. The first two papers are about evaluating different techniques for overcoming the repeaterless bound. In these two papers we investigate the performance of the AMDI-QKD protocol with more realistic devices than in its original proposal and also the performance of one type of QM assisted QKD protocol with focusing on the possibility of beating the repeaterless bound with these protocols. In the third and the fourth paper we derive upper security bounds for the COW scheme. This is realized via considering a previously introduced sequential attack, which is particularly effective in attacking this scheme. We derived a simple but non-trivial analytical necessary condition on the photon-number statistics of the entanglement sources to be able to overcome the repeaterless bound with the AMDI-QKD protocol, based on optimistically assuming unit detection efficiency detectors. With this condition, we have demonstrated analytically that employing the widely available parametric down-conversion sources does not enable the protocol to beat the repeaterless bound. Furthermore, we have quantitatively investigated the effect that the non-unit detection efficiency of the detectors have on the required photon-number statistics of the sources. We also evaluated the performance of an extension (operating quantum memory pairs in parallel) of a QM based QKD protocol focusing on the most crucial imperfections of a QM-assisted system, that is, the dephasing of the QMs, non-unit effciency of entanglement preparation, photon-fiber coupling, and wavelength conversion. We quantify how the increasing number of QMs relaxes the required memory parameters for overcoming the repeaterless bound with the extended QM assisted QKD protocol and we compare this to the one memory pair case also. Also we solved the problem of how the secret key rate of the COW protocol scales with the system's transmittance. Considering a previously introduced sequential attack, where Eve measures all the signals coming from Alice individually and depending on the measurement results she decides jointly what signals to resend to Bob. The key point is that, sequential attacks can be very effective against the COW scheme, which is due to the special properties of Alice's emitted signals in this protocol. Firstly, they are linearly independent. This means that Eve could use an unambiguous state discrimination strategy to distinguish the sent states without introducing any error. Secondly, Alice's signals contain the vacuum state, thus breaking the coherence between adjacent pulses inherently. This means that Eve can gain information on the sent signals without causing a disturbance in the quantities (the quantum bit error rate and the visibilities of the interference between the sent coherent pulses) that the parties monitor. Consequently, the COW scheme is not adequate for long distance QKD, given that the parties only monitor the usual quantities. Moreover, we devised the optimal zero-error attack against the COW scheme (where Eve is operating in the unambiguous state discrimination regime so she can achieve perfect quantum bit error rate and visibility values). This was done by adapting the symmetry conditions of Eve's measurement to the a priori probabilities of Alice's emitted signals. Moreover, we improved how Eve processes the blocks that she resends to Bob. Considering these two improvements and obtaining all our results analytically it turned out that the COW scheme actually becomes insecure after a quite small distance. Moreover, we provided an even tighter upper bound for the secret key rate of the COW scheme, which, as expected, still scales quadratically with the system's transmittance.