A Novel Approach to Reducing Information Leakage for Quantum Key Distribution

Hao-Kun Mao \authormark1,6 Qiang Zhao \authormark2,6 Yu-Cheng Qiao \authormark3 Bing-Ze Yan \authormark1 Bing-Jie Xu \authormark4 Ahmed A. Abd EL-Latif \authormark5,1 Qiong Li \authormark1 \authormark1 Department of Computer Science and Technology, Harbin Institute of Technology, Harbin 150080, China
\authormark2 College of software engineering, ZhengZhou University of Light Industry, ZhengZhou 450053, China
\authormark3 Guangxi Key Lab Cryptography & Information Security, Guilin University of Electronic Technology, Guilin 541004, Guangxi, China
\authormark4 Science and Technology on Security Communication Laboratory, Institute of Southwestern Communication, Chengdu, 610041, China
\authormark5 Department of Mathematics and Computer Science, Faculty of Science, Menoufia University, Shebin El-Koom, Egypt
\authormark6 These authors contribute equally to this work
\authormark*[email protected]

Abstract

Quantum key distribution (QKD) is an important branch of quantum information science as it holds promise for unconditionally secure communication. For QKD research, a central issue is to improve the final secure key rate (SKR) and the maximal transmission distance. To address this issue, most works focused on reducing the information leakage of QKD. In this paper, we propose a novel approach to further reduce the information leakage by specially considering the overlap between the information leakage of quantum part and post-processing part. The overlap means that the information leakage of post-processing part caused solely by multi-photon pulses is considered twice in previous studies, i.e., both in quantum part and post-processing part. Since the information carried by multi-photon pulses has been considered as completely known by Eve through the photon-number-splitting attack in quantum part, there is no need to consider it in post-processing part repetitively during the SKR calculation. Therefore, our approach can theoretically reduce the information leakage of a QKD protocol. Based on this idea, we derive the formulas to calculate the amount of information leakage for decoy-BB84 and sending-or-not-sending twin-field protocols. Simulation results for these two typical protocols also demonstrate that our approach evidently improves the SKR as well as the maximal transmission distance under practical experimental parameters.

^†^†journal: oe^†^†articletype: Research Article

1 Introduction

Quantum key distribution (QKD) constitutes a promising solution for distributing unconditionally secure keys between two remote parties, such as Alice and Bob, in the presence of an eavesdropper, usually called Eve. Since the first QKD protocol, commonly known as the BB84 protocol, was proposed in 1984[1], security analysis has been the focus of QKD studies. Though the ideal BB84 protocol has been proven to be unconditionally secure[2], imperfect practical devices might still introduce security vulnerabilities, threatening the security of a practical QKD system. For instance, through the photon-number-splitting (PNS) attack [3, 4, 5] against the imperfect photon sources, Eve was capable of obtaining the complete information of each multi-photon pulse without causing any change in the quantum bit error rate (QBER). To address this challenge, Gottesman-Lo-Lutkenhaus-Preskill (GLLP) [6] proved the unconditional security of a practical QKD system with imperfect devices. In the GLLP theory, each pulse can be represented as a mixed state of Fock states after phase randomization and the pulses can be classified based on the photon number. The information of all multi-photon pulses is assumed to be completely obtained by Eve, and the secure keys are solely generated from vacuum and single-photon pulses. Based on the GLLP theory, the secure key rate (SKR) of some discrete-variable (DV) QKD protocol, such as decoy-BB84 [7, 8, 9] and sending-or-not-sending twin-field (SNS-TF)[10, 11, 12], can be calculated. In this paper, we point out that there is still possible to improve the SKR via estimating the information leakage during the information reconciliation (IR) more accurately.

Assume that the random variables $A$ and $B$ represent the sequences of Alice and Bob to be reconciled of length $N$ , respectively. According to the noiseless coding theorem [20], the lower bound of the exchanged information $L_{all}$ for reliable IR can be calculated by the conditional entropy $H(A|B)$ . In a DV-QKD system, $H(A|B)$ can be written as $Nh(e)$ [21], where $h(e)=-e{\log_{2}}(e)-(1-e){\log_{2}}(1-e)$ and $e$ is referred to as QBER. For a practical implementation of IR, $L_{all}$ is usually higher than $Nh(e)$ . To this end, the IR efficiency $f={L_{all}}/Nh(e)$ is introduced, while a smaller $f$ implies a better IR, and $f=1$ represents the perfect IR [21, 22]. The commonly used IR protocols in DV-QKD systems can be generally divided into two categories [23]: interactive and non-interactive. As the most widely used interactive IR protocol, Cascade [21] detects and corrects errors by comparing the parity bits and performing binary search operations, respectively. The IR efficiency of Cascade is capable of approaching 1.02 [24], but its high communication overhead potentially limits its practical application in QKD systems. Accordingly, the non-interactive IR protocols, based on low-density-parity-check (LDPC) [23, 25] or polar codes [26, 27], were proposed. For practical implementations of non-interactive protocols, the efficiencies typically range from 1.1 to 1.2 [23]. In previous literatures about IR, all the exchanged information $L_{all}$ was considered as leaked information and subtracted directly from candidate secure keys during the SKR calculation.

However, we find out that only one part of $L_{all}$ needs to be subtracted during the SKR calculation. We notice that all the information of multi-photon pulses is assumed to be completely known by Eve through the PNS attack before IR. Thus, the exchanged information of IR caused solely by multi-photon pulses $L_{M}$ has also been known by Eve before IR and unable to provide any extra information for Eve after IR. Since the information of multi-photon pulses has been subtracted when analyzing the quantum part during the SKR calculation, $L_{M}$ is unnecessary to be subtracted again when analyzing the information leakage of IR of post-processing part. Following this idea, the SKR can be improved theoretically via avoiding the repetitive subtraction of $L_{M}$ during the SKR calculation.

The rest of this paper is organized as follows. Sec. 2 presents the main idea of our approach. In Sec. 3, the information leakage of two typical QKD protocols are analyzed. The performances of our approach are reported and analyzed through numerical simulations in Sec. 4. Some conclusions are drawn in the last Section.

2 The main idea of our approach

In this section, we take the Cascade IR protocol as an example to further elaborate on the main idea of our approach. As illustrated in Fig. 1, the key sequences of Alice and Bob are first randomly shuffled and divided into two blocks of length $8$ . Then, the parities of “Block 1” and “Block 2” of both parties are exchanged and compared simultaneously.

Refer to caption — Figure 1: A schematic workflow of Cascade protocol. The keys that are inconsistent in two parties and generated from multi-photon pulses are filled with orange and blue, respectively. All the blocks (sub-blocks) generated during the error correction process are numbered in green, and $p_{A}^{i}$ , $p_{B}^{i}$ represent the parity (i.e., the sum modulo 2 of all bits) of the ith block belonging to Alice and Bob, respectively.

For "Block 1" with $p_{A}^{1}\neq p_{B}^{1}$ , a binary searching (i.e., recursively splitting a bit sequence into two halves and check the parities of the first halves of both parties) is performed to correct one error. Note that there is no need to exchange the parity of the second half since it can be easily deduced. For example, $p_{A}^{3}$ can be calculated by $p_{A}^{1}\oplus p_{A}^{2}$ . After four rounds of communications, the error is eventually found in sub-block 7. Through the exchanged parities, Eve can gain some information about the key sequences. For instance, the number of possible combinations of Alice’s sub-sequence in sub-block 2 decreases from 16 to 8 with the help of $p_{A}^{2}=1$ . Overall, Eve obtains 1-bit information from each sub-block boxed in red and the total exchanged information of "Block 1" is 4-bit. However, when considering the overlap between the information leakage of quantum part and post-processing part, the effective amount of information $L_{v}$ obtained by Eve from IR is not equal to 4-bit. Let us suppose that there is a special sub-block 5 consisting two bits generated from multi-photon pulses. Before IR, Eve can obtain all the information of these two bits through the PNS attack. Though the parity of this sub-block is leaked to Eve during IR, Eve cannot acquire any extra useful information from the parity. In other words, the parity information has been known by Eve even if the parity is not exchanged. As a result, only the parity information obtained from the sub-block 2, 6, 7 are useful for Eve. Thus, $L_{v}$ equals to 3-bit, even though 4-bit information has been exchanged during IR.

Since $p_{A}^{8}=p_{B}^{8}$ , we do not deal with “Block 2” at this moment, even if this block still contains an even number of errors which cannot be detected or corrected until the subsequent processing. After several iterative passes of error correction (i.e. restarting shuffling and binary searching in each pass), the probability of correcting all errors is rather high, signifying a successful error correction. In addition, Cascade involves backtracking operations to benefit the binary searching, thereby reducing the information leakage.

The above analysis suggests that the information leakage of a sub-block which solely contains bits generated from multi-photon pulses is not effective for Eve. Furthermore, the amount of effective information leakage $L_{v}$ to Eve can be obtained by estimating the number of such blocks, i.e., $L_{v}=L_{all}-L_{M}$ .

3 Information leakage analysis for two typical QKD protocols

Owing to the symmetry of DV-QKD protocols, without loss of generality, we only focus on the Alice’s sequence $A$ . Let $A_{0}$ , $A_{1}$ , $A_{M}$ represent the set of bits generated from the vacuum, single-photon and multi-photon pulses, respectively, s.t. $A={A_{0}}\cup{A_{1}}\cup{A_{M}}$ . No matter which IR protocol is applied, a collection of blocks $C=\{c|c\subset A\}$ will be generated after IR, and each block c( $c\in C$ ) is also a set containing several bits from $A$ . Considering that each block $c$ is regarded to leak 1-bit information and some blocks from $C$ may be linearly correlated [24], the original information leakage $L_{all}\leq\left|C\right|$ . Let ${C_{M}}=\{c|(\forall c\in{C})\wedge(c\subset{A_{M}})\}$ , we have ${L_{v}}={L_{all}}-{L_{M}}\leq\left|{C}\right|-\left|{{C_{M}}}\right|$ .

Let $D$ represent the set of block lengths after IR (e.g. $D=\left\{{8,4,2,1}\right\}$ in the case shown in Fig. 1) and the sets $C^{l},C_{M}^{l}(l\in D)$ satisfy ${C^{l}}=\{c|(\forall c\in C)\wedge(\left|c\right|=l)\}$ , $C_{M}^{l}=\{c|(\forall c\in{C_{M}})\wedge(\left|c\right|=l)\}$ . Known that the sequences are shuffled before each pass and the bits are then uniformly distributed in the sequences, we have

\begin{split}{L_{v}}&\leq\left|{C}\right|-\left|{{C_{M}}}\right|\\ &=\sum\limits_{l\in D}{\left|{{C^{l}}}\right|}-\sum\limits_{l\in D}{\left|{C_{M}^{l}}\right|}\\ &=\sum\limits_{l\in D}{\left|{{C^{l}}}\right|\left[{1-{{\left({\Delta_{M}}\right)}^{l}}}\right]}\\ &\leq\sum\limits_{l\in D}{\left|{{C^{l}}}\right|\left[{\min\left({1-{{\left(\Delta_{M}^{\inf}\right)}^{l}},1}\right)}\right]},\\ \end{split}

(1)

where $\Delta_{M}$ represents the proportion of the count rate of the multi-photon pulses to that of the signal pulses.

Let $R$ represents the SKR per pulse in a practical DV-QKD system and $q$ is the sifting efficiency, we eventually get the formula for calculating the improved $R$ as

R=q{Q_{\mu}}\max\left\{{\Delta_{1}^{\inf}\left[{1-h(e_{1}^{\sup})}\right]+\Delta_{0}^{\inf}-\sum\limits_{l\in D}{\left({\left|{{C^{l}}}\right|/N}\right)\left[{\min\left({1-{{\left(\Delta_{M}^{\inf}\right)}^{l}},1}\right)}\right]},0}\right\}.

(2)

We can see from Eq. (1) that the critical parameter is $\Delta_{M}^{\inf}$ . For this reason, we deduce the methods of calculating $\Delta_{M}^{\inf}$ for two typical DV-QKD protocols based on the GLLP theory, that is, decoy-BB84 and SNS-TF protocols. Note that for some modified TF-type protocols, such as no-phase-postselection protocol [28], phase-matching protocol [29], etc., our new approach cannot be directly applied, as the signals can not be directly classified based on the number of photons in these protocols. For these protocols, additional analysis and proofs based on our main idea may be required.

3.1 For decoy-BB84 protocol

Known that $\Delta_{M}^{\inf}=1-\Delta_{0}^{\sup}-\Delta_{1}^{\sup}$ in a decoy-BB84 protocol, we just need to focus on the calculation of $\Delta_{0}^{\sup}$ and $\Delta_{1}^{\sup}$ . By using the decoy-state method, we have

{Q_{k}}=\sum\limits_{i=0}^{\infty}{{Y_{i}}}\frac{{k^{i}}}{{i!}}{e^{-k}},k\in\{\mu,\nu_{1},\nu_{2}\}\\

(3)

where $Q_{i}$ represents the count rate of the pulse whose photon number is $i(i=0,1,2,...,n)$ and the ratio ${\Delta_{i}}={Q_{i}}/{Q_{\mu}}$ .

Based on Eq. (3), we have

{Q_{{\nu_{1}}}}{e^{{\nu_{1}}}}-{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}={Y_{1}}({\nu_{1}}-{\nu_{2}})+\sum\limits_{i=2}^{\infty}{\frac{{{Y_{i}}}}{{i!}}(\nu_{1}^{i}}-\nu_{2}^{i})\geq{Y_{1}}({\nu_{1}}-{\nu_{2}}).

(4)

Then the upper bounds of $Y_{1}$ and ${\Delta_{1}}$ can be obtained as follow:

\begin{split}{Y_{1}}&\leq\frac{{{Q_{{v_{1}}}}{e^{{\nu_{1}}}}-{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}}}{{{\nu_{1}}-{\nu_{2}}}},\\ {\Delta_{1}}&=\frac{{{Q_{1}}}}{{{Q_{\mu}}}}=\frac{{{Y_{1}}\mu{e^{-\mu}}}}{{{Q_{\mu}}}}\leq\frac{{({Q_{{\nu_{1}}}}{e^{{\nu_{1}}}}-{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}})\mu{e^{-\mu}}}}{{({\nu_{1}}-{\nu_{2}}){Q_{\mu}}}}.\\ \end{split}

(5)

For $Y_{0}$ and ${\Delta_{0}}$ , according to Eq. (3), we have

{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}={Y_{0}}+{Y_{1}}{\nu_{2}}+\sum\limits_{i=2}^{\infty}{{Y_{i}}}\frac{{\nu_{2}^{i}}}{{i!}}\geq{Y_{0}}+{Y_{1}}{\nu_{2}},

(6)

thus the upper bounds of $Y_{0}$ and ${\Delta_{0}}$ can be obtained as

\begin{split}{Y_{0}}&\leq{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}-{Y_{1}}{\nu_{2}}\leq{Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}-Y_{1}^{\inf}{\nu_{2}},\\ {\Delta_{0}}&=\frac{{{Q_{0}}}}{{{Q_{\mu}}}}=\frac{{{Y_{0}}{e^{-\mu}}}}{{{Q_{\mu}}}}\leq\frac{{({Q_{{\nu_{2}}}}{e^{{\nu_{2}}}}-Y_{1}^{\inf}{\nu_{2}}){e^{-\mu}}}}{{{Q_{\mu}}}}.\\ \end{split}

(7)

Based on Ref. [13], the estimated formula of $Y_{1}^{\inf}$ and $Y_{0}^{\inf}$ are given as follows.

\begin{split}Y_{1}^{\inf}&=\frac{\mu}{{\mu{v_{1}}-\mu{v_{2}}-v_{1}^{2}+v_{2}^{2}}}\left({{Q_{{v_{1}}}}{e^{{v_{1}}}}-{Q_{{v_{2}}}}{e^{{v_{2}}}}-\frac{{v_{1}^{2}-v_{2}^{2}}}{{{\mu^{2}}}}\left({{Q_{\mu}}{e^{\mu}}-Y_{0}^{\inf}}\right)}\right)\\ Y_{0}^{\inf}&=\max\left\{{\frac{{{v_{1}}{Q_{{v_{2}}}}{e^{{v_{2}}}}-{v_{2}}{Q_{{v_{1}}}}{e^{{v_{1}}}}}}{{{v_{1}}-{v_{2}}}},0}\right\}\\ \end{split}

(8)

According to Eq. (5), (7), and (8), we can calculate the value of $\Delta_{M}^{\inf}$ , thus an optimized SKR can be generated for the decoy-BB84 protocol.

3.2 For SNS-TF protocol

The original formula for calculating SKR in an SNS-TF protocol was given in Ref. [11]:

R=P_{A}^{Z}P_{B}^{Z}\left\{{\left[{{\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){\mu_{A}}{e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){\mu_{B}}{e^{-{\mu_{B}}}}}\right]s_{1}^{z}\left[{1-h\left({e_{1}^{ph}}\right)}\right]-{s_{z}}{f}h\left({{E_{z}}}\right)}\right\},

(9)

where the meanings of $P_{A}^{Z}$ , $P_{B}^{Z}$ , $\varepsilon_{A}$ , $\mu_{A}$ , $\varepsilon_{B}$ , $\mu_{B}$ are given in Table 2, $s_{1}^{z}$ , $e_{1}^{ph}$ refer to the count rate and phase-error-rate in Z window respectively, $s_{z}$ , $E_{z}$ refer to the total count rate and bit-error-rate in Z windows respectively. By using our new approach, we convert Eq. (9) to

R=P_{A}^{Z}P_{B}^{Z}\left\{{\left[{{\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){\mu_{A}}{e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){\mu_{B}}{e^{-{\mu_{B}}}}}\right]s_{1}^{z}\left[{1-h\left({e_{1}^{ph}}\right)}\right]-L}\right\}.

(10)

Note that only pulses with single-photon from Z windows can generate secure keys. Assuming ${\Delta_{M}}$ to be the count rate of multi-photon pulses in Z windows, we have

{\Delta_{M}}=1-{P_{1}}s_{1}^{Z}-{P_{0}}s_{0}^{Z},

(11)

where $s_{0}^{Z}$ is the count rate of vacuum pulse in Z windows and $P_{0}$ , $P_{1}$ are the probability of the photon number equaling 0 or 1, respectively. By analyzing the different conditions of choosing sending or not-sending for Alice and Bob, we have

\begin{split}{P_{0}}&={\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){e^{-{\mu_{B}}}}+{\varepsilon_{A}}{\varepsilon_{B}}{e^{-\left({{\mu_{A}}+{\mu_{B}}}\right)}}+\left({1-{\varepsilon_{A}}}\right)\left({1-{\varepsilon_{B}}}\right),\\ {P_{1}}&={\varepsilon_{A}}\left({1-{\varepsilon_{B}}}\right){\mu_{A}}{e^{-{\mu_{A}}}}+{\varepsilon_{B}}\left({1-{\varepsilon_{A}}}\right){\mu_{B}}{e^{-{\mu_{B}}}}+{\varepsilon_{A}}{\varepsilon_{B}}\left({{\mu_{A}}+{\mu_{B}}}\right){e^{-\left({{\mu_{A}}+{\mu_{B}}}\right)}}.\\ \end{split}

(12)

We then analyze $s_{0}^{Z}$ and $s_{1}^{Z}$ . The parameter $s_{0}^{Z}$ can be directly obtained from ${S_{00}}$ , which is the count rate of vacuum pulses in X windows:

s_{0}^{Z}={S_{00}}.

(13)

For $s_{1}^{Z}$ , its lower bound has been given in Ref. [11], which can give us a revelation to estimate its upper bound:

s_{1}^{Z}=\frac{{{\mu_{A1}}}}{{{\mu_{A1}}+{\mu_{B1}}}}s_{10}^{z}+\frac{{{\mu_{B1}}}}{{{\mu_{A1}}+{\mu_{B1}}}}s_{01}^{z},

(14)

where:

s_{10}^{Z}\leq\frac{{{e^{{\mu_{A2}}}}{S_{20}}-{e^{{\mu_{A1}}}}{S_{10}}}}{{{\mu_{A2}}-{\mu_{A1}}}},{\rm{}}s_{01}^{Z}\leq\frac{{{e^{{\mu_{B2}}}}{S_{02}}-{e^{{\mu_{B1}}}}{S_{01}}}}{{{\mu_{B2}}-{\mu_{B1}}}},

(15)

where the meanings of all the above parameters are given in Ref. [11]. By substituting Eq. (12),(13), and (14) into Eq. (11), we finally get the formula of $\Delta_{M}^{\inf}$ for the SNS-TF protocol.

4 Simulations and Discussions

We evaluate the performance improvement of our new approach over the original GLLP formula through simulations under practical experimental parameters. The key simulation parameters of the decoy-BB84 [30] and SNS-TF protocols [31] are detailed in Table 1 and 2, respectively.

In addition, we can clearly see from Eq. (1) that the smaller $l$ is, the better our approach performs. However, in a commonly used non-interactive IR protocol, a larger $l$ is usually applied to achieve a higher $f$ . Therefore, we consider that the non-interactive IR protocols cannot gain obvious SKR improvement from our approach. In contrast, a collection of blocks with different block lengths whose value can be as low as 1, will be obtained after Cascade. We thus conclude that a greater SKR improvement can be obtained when using Cascade. Therefore, we apply Cascade as the IR protocol in our simulations and its IR efficiency $f$ is set to the optimal value 1.

Table 1: Key simulation parameters for the decoy-BB84 protocol.

\mu

\nu_{1}

\nu_{2}

: average photon number for signal, decoy and vacuum pulses;

q

: sifting efficiency;

\alpha

: the channel loss;

d

: the dark count rate of the detector;

\eta_{d}

: detection efficiency of the detector;

e_{det}

: systematic errors.

$\mu$	$\nu_{1}$	$\nu_{2}$	$q$	$\alpha$	$d$	$\eta_{d}$	$e_{det}$
0.4	0.1	0.0007	0.9	0.20 dB/km	$10^{-5}$	20%	0.033

Table 2: Key simulation parameters for the SNS-TF protocol.

P_{A}^{Z}

P_{B}^{Z}

: the probability of choosing the

Z

window by Alice and Bob;

\varepsilon_{A}

\varepsilon_{B}

\mu_{A}

\mu_{B}

: the probability of choosing the Sending mode in

Z

windows and the corresponding average photon number of each sending pulse by Alice and Bob;

e_{d}

: the misalignment error in the X window; The definitions of

\alpha

d

\eta_{d}

e_{det}

are same as in Table 1.

$P_{A}^{Z}$	$P_{B}^{Z}$	$\varepsilon_{A}$	$\varepsilon_{B}$	$\mu_{A}$	$\mu_{B}$	$e_{d}$	$\alpha$	$d$	$\eta_{d}$	$e_{det}$
0.7	0.8	0.022	0.48	0.042	0.425	5%	0.20 dB/km	$10^{-10}$	50%	0.033

We show the numerical results for decoy-BB84 protocol and SNS-TF protocol in Fig. 2 and Fig. 3. Simulation results show that our approach can not only improve the SKR at any distance, but also increase the maximal transmission distances of two protocols by 5km and 20km, respectively. We note that the SKR improvement of our approach does not depend on the performance boost of optical devices, but rather comes from the more accurate estimation of the information leakage of IR.

Though our approach can significantly improve the SKR at any distance, Eq. (2) needs further modification when our formula is expanded to the finite-size regime. Since the information leakage of our new approach is affected by finite-size effects, additional analysis may be needed. In addition, based on different protocols, related parameters can be optimized to obtain a better $\Delta_{M}^{\inf}$ , thus improving SKR.

5 Conclusions

In this study, we propose a novel approach to reduce the information leakage of IR by specially considering the overlap between the information leakage of quantum part and the post-processing part. Benefiting from avoiding the repetitive subtraction of information leakage caused by multi-photon pulses during IR, our approach theoretically improves the SKR of a QKD protocol. Simulation results for decoy-BB84 and SNS-TF protocols show that our approach is capable of improving both the SKRs at any distance and the maximal transmission distance. Note that our approach can be applied to all DV-QKD protocols based on the GLLP theory.

Besides, we consider that the main idea of our approach may have implications for continuous-variable (CV) QKD protocols as well. Our main idea implies that the quantum and classical signal processing are not completely independent. Thus, when estimating the leaked information through the classical channel, whether it overlaps with the information leaked in the quantum part also needs to be considered. The above analyses bring us an implication for CV-QKD system, that is, a better SKR can be calculated for a CV-QKD system if there exist similar situations in this system.

6 Backmatter

\bmsection

Funding

\bmsection

Acknowledgments This work is supported by the National Natural Science Foundation of China (Grant Number: 62071151, 61301099). Special thanks goes to Dr. Xuan Wen for the helpful discussions.

\bmsection

Disclosures The authors declare no conflicts of interest.

\bmsection

Data Availability Statement Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

7 References

References

[1] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and con tos5,” in Proceedings of the International Conference on Computers, Systems and Signal Processing, (1984), pp. 175–179.
[2] P. W. Shor and J. Preskill, “Simple proof of security of the bb84 quantum key distribution protocol,” \JournalTitlePhysical review letters 85, 441 (2000).
[3] N. Lütkenhaus, “Security against individual attacks for realistic quantum key distribution,” \JournalTitlePhysical Review A 61, 052304 (2000).
[4] G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders, “Security aspects of practical quantum cryptography,” in International conference on the theory and applications of cryptographic techniques, (Springer, 2000), pp. 289–299.
[5] N. Lütkenhaus and M. Jahma, “Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack,” \JournalTitleNew Journal of Physics 4, 44 (2002).
[6] D. Gottesman, H.-K. Lo, N. Lutkenhaus, and J. Preskill, “Security of quantum key distribution with imperfect devices,” in International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings., (IEEE, 2004), p. 136.
[7] H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” \JournalTitlePhysical review letters 94, 230504 (2005).
[8] X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” \JournalTitlePhysical review letters 94, 230503 (2005).
[9] X.-B. Wang, “Decoy-state protocol for quantum cryptography with four different intensities of coherent light,” \JournalTitlePhysical Review A 72, 012322 (2005).
[10] M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Overcoming the rate–distance limit of quantum key distribution without quantum repeaters,” \JournalTitleNature 557, 400–403 (2018).
[11] X.-B. Wang, Z.-W. Yu, and X.-L. Hu, “Twin-field quantum key distribution with large misalignment error,” \JournalTitlePhysical Review A 98, 062323 (2018).
[12] S. Wang, D.-Y. He, Z.-Q. Yin, F.-Y. Lu, C.-H. Cui, W. Chen, Z. Zhou, G.-C. Guo, and Z.-F. Han, “Beating the fundamental rate-distance limit in a proof-of-principle quantum key distribution system,” \JournalTitlePhysical Review X 9, 021046 (2019).
[13] X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, “Practical decoy state for quantum key distribution,” \JournalTitlePhysical Review A 72, 012326 (2005).
[14] M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Renner, “Tight finite-key analysis for quantum cryptography,” \JournalTitleNature communications 3, 1–6 (2012).
[15] V. Scarani and R. Renner, “Quantum cryptography with finite resources: Unconditional security bound for discrete-variable protocols with one-way postprocessing,” \JournalTitlePhysical review letters 100, 200501 (2008).
[16] Y.-H. Zhou, Z.-W. Yu, and X.-B. Wang, “Making the decoy-state measurement-device-independent quantum key distribution practically useful,” \JournalTitlePhysical Review A 93, 042324 (2016).
[17] C. C. W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden, “Concise security bounds for practical decoy-state quantum key distribution,” \JournalTitlePhysical Review A 89, 022307 (2014).
[18] D. Rusca, A. Boaron, F. Grünenfelder, A. Martin, and H. Zbinden, “Finite-key analysis for the 1-decoy state qkd protocol,” \JournalTitleApplied Physics Letters 112, 171104 (2018).
[19] G.-J. Fan-Yuan, Z.-H. Wang, S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, G.-C. Guo, and Z.-F. Han, “Optimizing decoy-state protocols for practical quantum key distribution systems,” \JournalTitleAdvanced Quantum Technologies 4, 2000131 (2021).
[20] D. Slepian and J. Wolf, “Noiseless coding of correlated information sources,” \JournalTitleIEEE Transactions on information Theory 19, 471–480 (1973).
[21] J. Martinez-Mateo, C. Pacher, and M. Peev, “Demystifying the information reconciliation protocol cascade,” \JournalTitleQuantum Information and Computation 15, 0453–0477 (2015).
[22] M. Tomamichel, J. Martinez-Mateo, C. Pacher, and D. Elkouss, “Fundamental finite key limits for one-way information reconciliation in quantum key distribution,” \JournalTitleQuantum Information Processing 16, 1–23 (2017).
[23] H. Mao, Q. Li, Q. Han, and H. Guo, “High-throughput and low-cost ldpc reconciliation for quantum key distribution,” \JournalTitleQuantum Information Processing 18, 1–14 (2019).
[24] C. Pacher, P. Grabenweger, J. Martinez-Mateo, and V. Martin, “An information reconciliation protocol for secret-key agreement with small leakage,” in 2015 IEEE International Symposium on Information Theory (ISIT), (IEEE, 2015), pp. 730–734.
[25] E. O. Kiktenko, A. S. Trushechkin, C. C. W. Lim, Y. V. Kurochkin, and A. K. Fedorov, “Symmetric blind information reconciliation for quantum key distribution,” \JournalTitlePhysical Review Applied 8, 044017 (2017).
[26] S. Yan, J. Wang, J. Fang, L. Jiang, and X. Wang, “An improved polar codes-based key reconciliation for practical quantum key distribution,” \JournalTitleChinese Journal of Electronics 27, 250–255 (2018).
[27] E. O. Kiktenko, A. O. Malyshev, and A. K. Fedorov, “Blind information reconciliation with polar codes for quantum key distribution,” \JournalTitleIEEE Communications Letters (2020).
[28] C. Cui, Z.-Q. Yin, R. Wang, W. Chen, S. Wang, G.-C. Guo, and Z.-F. Han, “Twin-field quantum key distribution without phase postselection,” \JournalTitlePhysical Review Applied 11, 034053 (2019).
[29] X. Ma, P. Zeng, and H. Zhou, “Phase-matching quantum key distribution,” \JournalTitlePhysical Review X 8, 031043 (2018).
[30] Z. Yuan, A. Plews, R. Takahashi, K. Doi, W. Tam, A. Sharpe, A. Dixon, E. Lavelle, J. Dynes, A. Murakami et al., “10-mb/s quantum key distribution,” \JournalTitleJournal of Lightwave Technology 36, 3427–3433 (2018).
[31] J.-P. Chen, C. Zhang, Y. Liu, C. Jiang, W. Zhang, X.-L. Hu, J.-Y. Guan, Z.-W. Yu, H. Xu, J. Lin et al., “Sending-or-not-sending with independent lasers: Secure twin-field quantum key distribution over 509 km,” \JournalTitlePhysical review letters 124, 070501 (2020).