A Azuma’s inequality

Decoy-state quantum key distribution with a leaky source


In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.

1 Introduction

It is well-known that two spatially separated users (Alice and Bob) can secretly communicate over a public channel if they own two identical random keys unknown to any third party. They can use their keys to enable symmetric-key encryption. When the symmetric-key algorithm is the so-called “one-time pad” [1], the security of the resulting communication is independent of the computational capability of an eavesdropper (Eve) [2]. The only provably secure way known to date to distill secret random keys at remote locations is quantum key distribution (QKD) [3, 4, 5, 6]. While the theoretical security of QKD has been convincingly proven in recent years [5], in practice a QKD realisation cannot typically perfectly satisfy the requirements imposed by the theory. Therefore it is crucial that security proofs are extended to accommodate the imperfections of the real QKD devices. Any unaccounted imperfection constitutes a so-called “side-channel”, which can be exploited by Eve to compromise the security of the system [7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17].

To close the gap between theory and practice, various approaches have been proposed so far, with two most prominent examples being “device-independent QKD” [18, 19, 20, 21] and decoy-state “measurement-device-independent QKD” (mdiQKD) [22]. Device-independent QKD does not require a complete knowledge of how QKD apparatuses operate, being its security based on the violation of a Bell inequality. However, its experimental complexity is unsuitable for practical applications, as its ultimate form demands that Alice and Bob perform a loophole-free Bell test [23, 24, 25] in every QKD session. Also, its secret key rate is very poor with current technology [26, 27]. Decoy-state mdiQKD, on the other hand, permits to remove any assumption of trustfulness from the measurement device, which is arguably the weakest part of QKD realisations [7, 8, 9, 10, 11, 12, 13, 14]. Under the only additional requirement that Alice and Bob know their state preparation process [28], mdiQKD with decoy-states allows to bring QKD theory closer to practice [29] without frustrating the key rate [22, 30]. Most importantly, its practical feasibility has been already experimentally demonstrated both in laboratories and in field trials [31, 32, 33, 34, 35, 36, 37, 38], with a key rate comparable to that of standard QKD protocols [37].

However, it is important to notice that the security of any form of QKD, including the two solutions above, relies on the assumption that Alice and Bob’s devices do not leak any unwanted information to the outside. That is, their apparatuses must be inside private spaces that are well-shielded and inaccessible to Eve (see, e.g., [39]). This assumption is very hard, if not impossible, to guarantee in practice. The behaviour of real devices is affected by the environmental conditions and can depend on their response to external signals, unawarely triggered by a legitimate user, or maliciously injected into the QKD system by Eve. This could open new side-channels, of which the so-called Trojan-Horse attack (THA) [40, 41, 42] is a meaningful example. While mdiQKD relieves QKD from the burden of characterising the measuring devices, the THA deals with the important question of guaranteeing a protected boundary between the transmitting devices, assigned with the preparation of the initial quantum states, and the outside world.

In a THA, Eve injects bright light pulses into the users’ devices and analyse the back-reflected light, with the aim of extracting more information from the signals travelling in the quantum channel. Recently, [42] considered a feasible THA targeting the phase modulator (PM) of a QKD transmitter. There, security was proven under the assumption that this specific THA only affects the PM in the transmitter and leaves the other devices untouched. Therefore this result cannot be exported to decoy-state QKD and mdiQKD, where an additional method to modulate the intensity of the prepared signals is required. This is very often achieved via an intensity modulator (IM) inserted in series with the PM. Hence it can happen that partial information about the IM is leaked to Eve, similarly to what happens for the PM. This problem is common to any scheme using devices like PM and IM, such as the decoy-state BB84 protocol [43, 44, 45, 46, 47, 48, 49, 50, 51], bit commitment, oblivious transfer, secure identification [52], blind quantum computing [53] as well as device-independent QKD.

Here we introduce a general formalism to prove the security of most of the optical QKD systems using a PM and an IM in their transmitters that can leak the setting information in an arbitrary manner. As a specific example, we address the optical implementation of the standard decoy-state BB84 QKD protocol with three intensity settings [43, 44, 45] due to its extensive use of devices like PM and IM. However, our results can be straightforwardly adapted to any number of settings and to all the protocols mentioned above. Importantly, our approach is solely based on how the users’ devices operate. For a given model of PM and IM, one could readily use our technique to calculate the resulting secret key rate of the system. This constitutes a fundamental step forward to guaranteeing the security of quantum cryptographic schemes using a PM, an IM or other analogous devices, in presence of information leakage.

To illustrate how our formalism applies to real QKD systems, we investigate a particular form of information leakage, i.e., a THA that is feasible with current technology. In particular, we consider that Eve injects a probe for each phase and intensity setting selected by the legitimate user and the back-reflected light is composed of coherent states of limited intensity.

The paper is organised as follows. In Sec. 2 we review the main concepts of decoy-state QKD. In Sec. 3 we present a general formalism to prove its security in the presence of any information leakage from both the PM and the IM. This formalism is then used in Sec. 4 to study various THA that are feasible with current technology and to evaluate their effect on the system performance. Finally, Sec. 5 includes a short discussion and Sec. 6 concludes the paper with a summary. The paper also contains Appendixes with calculations that are needed to derive the results in the main text.

2 Decoy-state quantum key distribution

In decoy-state QKD, Alice prepares mixtures of Fock states with different photon number statistics, selected independently at random for every signal that is sent to Bob. These states can be prepared with practical light sources such as attenuated laser diodes, heralded spontaneous parametric downconversion sources and other practical single-photon sources. They can be formally described as:


Here, is the photon number statistics, represented by the conditional probability that Alice emits a pulse with photons when she chooses the intensity setting . The ket denotes an -photon Fock state. If Alice uses a source emitting phase-randomised weak coherent pulses (WCP), the photon number statistics is the Poisson distribution, , with being the mean photon number.

For each intensity setting , there are two quantities which can be directly observed in the experiment: the gain , where represents the number of events where Bob observes a click in his measurement device given that Alice prepared the state , and is the number of signals sent by Alice in the state , and the quantum bit error rate (QBER) , where denotes the number of errors observed by Bob given that Alice prepared the state . In the asymptotic limit of large both quantities can be written as a function of the yield and the error rate of the -photon signals as:


for any value of . The unknown parameters in this set of linear equations are and , and they can be estimated by solving Eq. (2).

Indeed, whenever Alice uses an infinite number of settings , any finite set of parameters and can be estimated with arbitrary precision. If Alice and Bob are only interested in the value of , , and , as is the case in QKD, it is possible to obtain a tight estimation of these three parameters with only a few different intensity settings [54]. A fundamental implicit requirement in the decoy-state analysis is that the variables and are independent of the intensity setting . That is, the analysis assumes that Eve does not have any information about Alice’s intensity setting choice at each given time. If Eve performs a THA against Alice’s source, however, this necessary condition might not be longer satisfied and the security analysis of decoy-state QKD needs to be revised. This is done in the next section.

3 Trojan horse attacks against decoy-state quantum key distribution

In this section we present a general formalism to evaluate the security of decoy-state QKD against any information leakage from both the IM, which is used to generate decoy-states, and the PM employed to encode the bit and the basis information. Below we assume that such information leakage is due to an active Eve who launches a THA against the decoy-state transmitter. Note, however, that our analysis could be applied as well to any passive information leakage scenario.

In a THA Eve injects bright light pulses into Alice’s device and measures the back-reflected light. This way she might obtain useful information about Alice’s intensity and phase choices for each generated signal. This situation is illustrated in Fig. 1. As a first consequence, the yields and the error rates might now become dependent on the intensity setting , and we will denote them as and , respectively. The goal of this section is mainly to evaluate how much can these quantities differ from each other depending on the information leaked to Eve.

Figure 1: The users Alice and Bob run a QKD protocol with apparatuses that can have leakages (thin arrow in the figure). Any such leaked signal could be captured by Eve and used to steal private information. Eve can even actively shine high-power electromagnetic fields on the system (thick arrow in the figure) to trigger the emission of side-channel signals.

3.1 THA against the IM

Here we focus on the most widely used choice of intensity settings for the standard decoy-state BB84 protocol, where Alice randomly selects one of three possible intensities, denoted as , , and , with probability , , and , respectively. However, our technique can be straightforwardly adapted to cover any number of decoy settings. We will denote as the intensity setting selected by Alice in the instance of the protocol.

Eve’s goal is to learn the value of for all instances . For this, her most general THA can be described as follows. Eve first prepares a probe system , which might be entangled with an ancilla system also in Eve’s hands, and sends this system to Alice while she keeps in a quantum memory. The system may consist of many different pulses, each of them used to probe Alice’s intensity setting each given time. Afterwards, Eve performs a joint measurement on all the pulses emitted by Alice together with the systems and the back-reflected light from , which is denoted as .

Let us consider first the -photon pulse emitted by Alice. Later on we will generalise this case to cover all her -photon pulses. For this, let denote the joint state of Alice’s -photon pulse and the systems and  1. The state of may depend on all the intensity choices made by Alice, so does . Now, Eve’s task for the pulse is to behave as different as possible according to Alice’s intensity choice given the state . Therefore, we are interested in how well can Eve distinguish the intensity setting from and , with s,v,w and (note that here might be equal to ). This can be solved using the trace distance argument [55], which says that the trace distance between probability distributions arising from any measurement on the states and satisfies


where is a set of physical events that fulfills , denotes the trace distance between and , is the conditional probability to obtain the event given the state , and , with s,v,w, is the conditional probability to have selected the intensity setting (among only and ) given that the pulse contains photons 2.

To prove the security of the decoy-state QKD system, we need to determine Bob’s detection rates. This means that we are interested in the set , where “click” (“no click”) represents a detection (no detection) outcome at Bob’s side. That is, Eve must decide which of Alice’s pulses will produce (or not produce) a “click” at Bob’s side before the quantum part of the protocol finishes. Here, is the conditional probability that Bob obtains a “click” given . This probability may depend on the detection pattern observed by Bob in all the previous pulses. By combining Eq. (3) with the fact that we find that


Now, in order to relate the conditional probabilities that appear in Eq. (4) with the corresponding actual numbers, we first convert these probabilities into joint probabilities and then we take the sum over , being the number of trials. In particular, let denote the joint probability that Eve observes the state in the instance and Bob obtains a “click”. Then, from Eq. (4) we obtain that


where . Importantly, by using Azuma’s inequality [56] (see A), each term on the LHS of Eq.(3.1) approaches the actual numbers of the corresponding events except for a probability exponentially small in . That is, we have that approaches the number of events, , within runs where Alice selects the intensity setting , she emits an -photon state, and Bob obtains a “click” in his measurement device. This means that


except for a probability exponentially small in  3, where the yields are defined as


and similarly for and . Note that in the special case where there is no information leakage about Alice’s intensity choices, we have that and, therefore, , which is the key assumption in the standard decoy-state method (see Sec. 2).

The analysis for the error rates , with , is analogous. In particular, here we consider the set , where “click error” represents a detection outcome at Bob’s side associated with an error, and “no click (click no error)” denotes a no detection outcome or a detection one associated with no error. Now, taking into account that , and using a similar analysis as above, we find that


where the parameter is equal to that given in Eq. (64, and is defined as


and similarly for and . Here, represents the number of events, within runs, where Alice selects the intensity setting , she emits an -photon state, and Bob obtains a “click” associated to an error in his measurement device.

The formalism above is general in the sense that it can be applied to any THA against Alice’s IM. However, to be able to evaluate Eqs. (6)-(8) one needs to characterise the states that are accessible to Eve, and this might be difficult in general. These states are required to calculate the coefficients and, thus, the parameters . In the next subsection we show that these parameters can in principle be estimated based solely on the behaviour of the IM.

Estimation of .

In order to upper bound the value of based only on how the IM operates, we consider the unitary operator that describes the action of Alice’s IM when she selects a certain intensity setting for an instance . Importantly, we assume that this operator characterises the behaviour of the IM on all the optical modes that it supports. That is, in general it acts on Alice’s photonic system (i.e., the signal states emitted by her laser), on some additional ancillary system also in Alice’s hands5, and on Eve’s probe system . Therefore, we will denote it as .

Let be the joint state that describes Alice’s and Eve’s systems before the action of the IM. After applying the IM, the state evolves according to the unitary transformation . Importantly, in order for the decoy-state method to work, this unitary transformation should produce an output signal with the system (which will be sent to Bob through the quantum channel once the bit and basis information are also encoded) prepared in a state that is diagonal in the Fock basis. This is guaranteed if Eve’s probing light does not alter the photon distribution of Alice’s light source or her phase-randomisation process. Note here that the physical system corresponding to might not be the same as the one for the input system . This means, in particular, that


Here, denotes the probability of emitting an -photon pulse in the instance of setting , and forms an orthonormal basis, i.e., we have that . Moreover, the physical systems for and might be different from those for and , respectively. Also, note that in Eq. (10) we have made the general assumption that the photon mode of the -photon state might be dependent on the setting .

Now, we focus on those joint states that contain photons on Alice’s photonic system . Eve’s task is to behave as differently as possible according to the intensity setting. We find, therefore, that can be upper bounded as


where the operator . This confirms that the description of Alice’s IM is enough to guarantee security.

Of course, the formalism above can readily accept any particular assumption on the THA performed by Eve. For instance, in practical situations it may be over-pessimistic to take the supremum given in Eq. (11) over all possible states . Instead, one might only consider signals of the form , where , and are pure states of the different systems. Indeed, this seems to be a natural assumption because Alice’s systems and are typically independent from each other and also independent from those of Eve. In so doing, Eq. (11) might deliver tighter bounds for .

In general, however, one cannot assume that Eve’s state is in a tensor product form. That is, it is not enough to just consider the system that Eve sends to Alice (together with the back-reflected one) in order to guarantee security. This is so because when the supremum given in Eq. (11) is taken over all joint states it usually results in a larger trace distance than that obtained when one considers product states. To improve the system performance, Alice might include additional optical elements to force to be of product form. For example, she could perform a phase-randomisation on the system (see, e.g.[58, 59]). This way all the off-diagonal elements of the state in the Fock basis would vanish, and one could completely disregard system . Moreover, mathematically, to remove all the off-diagonal elements leads to a significant decrease of the trace distance and, therefore, one expects a significant improvement of the secure key rate, as is confirmed in Sec. 4.3.

3.2 THA against the PM

In this section, we review and extend the analysis of the THA against the PM carried out in [42]. The central observation is that the THA allows Eve to partially know Alice’s choice of the basis. In other terms, the information leakage is in the form of basis information leaked out to the eavesdropper. This might cause the density matrices that describe Alice’s output states to be basis dependent. Below, we provide a formalism to prove the security of the BB84 protocol in the presence of the most general THA against the PM.

We will assume that Alice’s choice is random, independent of the IM and of the previous preparation instances. We define the Z basis by the orthogonal vectors and the X basis by , where . We denote as () the joint state that describes Alice’s system and Eve’s system for the THA given that Alice selected the Z (X) basis. Here, the superscript refers to the signal generated by Alice, and the system refers to a virtual qubit that is stored in Alice’s lab. Examples of the states and are the following


Here, (with and ) represents the state of systems and for Alice’s bit value in her basis. We have, therefore, that Alice’s state preparation process can be equivalently described as follows. First, she decides which state ( or ) she prepares. Afterwards, she measures the virtual qubit using the Z or the X basis, depending on the choice of the state. As long as the state preparation is expressed this way, one can consider any possible purification of the states or . For instance, one may consider with being a global phase. Note that we can consider this state because the reduced density operator for systems and is the same as that of Eq. (13). The optimal solution is the purification that maximises the key generation rate.

In a security proof, it is essential to determine the phase error rate, which is the parameter needed in the privacy amplification step of the protocol. The phase error rate is the fictitious bit error rate that Alice and Bob would have obtained if Alice had measured the system with the X basis and Bob had used the X basis given the preparation of . Intuitively, if the states and are close enough to each other, then the phase error rate should be close to the X basis error rate which is obtained in the actual experiment. Below, we make this argument more rigorous by using the analysis presented in [61]. For this, we will assume that the basis choice is done in a coherent manner, i.e., Alice first prepares the joint system

where the system is the so-called “quantum coin” [60]. Importantly, the phase error rate is related to the X basis measurement on the quantum coin. To derive the formula for the estimation of the phase error rate, we consider the following fictitious protocol. In particular, for the trial of the protocol, Alice and Eve prepare their systems in the state , Alice keeps systems , and in her hands, and sends system to Bob. At the reception side, Bob receives some optical systems after Eve’s intervention, and he performs the X basis measurement. In addition, Alice performs the X basis measurement on the system . Then, Alice randomly chooses between the Z or the X basis with equal probability to measure her quantum coin . Here, note that, from Eq. (LABEL:Q-coin), when Alice chooses the Z basis to measure the coin and the result is “” (“”), this is equivalent to Alice and Eve directly preparing the state (. Next, we apply the Bloch sphere bound [62] for probability distributions to those instances where Bob obtained a click event. In particular, we first apply this bound separately to the events with the X basis error and to those with no X basis error. We obtain the following two inequalities


Here, is the conditional probability of observing the outcome “” when performing the X basis measurement on the quantum coin given that there is a X basis error; is the conditional probability of observing the outcome “” when performing the Z basis measurement on the quantum coin given that there is a X basis error; and the other probabilities are defined similarly. Next, we multiply both inequalities by the term , which is the probability that Bob obtains a “click” in his measurement apparatus, and after combining Eqs. (3.2)-(LABEL:martemp2) we obtain [61]


where is the probability that the measurement result on the quantum coin is “”, is the joint probability of selecting the Z basis to measure the quantum coin and obtaining the result “” (which implies the preparation of the state ), and observing a bit error in Alice’s and Bob’s X basis measurement. The probability is the fictitious joint probability of selecting the Z basis to measure the quantum coin, and obtaining the result “” (which implies the preparation of the state ), and observing a bit error in Alice’s and Bob’s X basis measurement. Actually, this last probability is the phase error rate. The probabilities and are defined in a similar way (see [61] for further details). Note that in order to obtain Eq. (17) from Eqs. (3.2)-(LABEL:martemp2) we have used the fact that , where represents the joint probability that the measurement result on the quantum coin is “” and Bob obtains a “click” event with his measurement. Importantly, the probability characterises how close are the states and . Specifically, by choosing an appropriate global phase for , from Eq. (LABEL:Q-coin) we have that


The term can be upper-bounded by the fidelity between the Z basis state and the X basis state. This means that Eq. (17) gives us the phase error probability taking into account the “closeness” between the two basis states. To relate the probabilities with the actual number of the corresponding events, we first use the concavity of the square root function and we take the sum over , with being the number of pulses sent in the fictitious protocol. In so doing, we find that


Next, we apply Azuma’s inequality [56] (see A). We obtain, therefore, that except for a probability exponentially small in each sum of the probability distributions approaches the actual number of the corresponding events in trials. That is,


where denotes the number of instances associated to the event . Importantly, here is related to the phase error rate, that is, the rate of choosing the basis and having the phase error, and is the observed ratio of choosing the basis and having a bit error. As for , we have that except for a probability exponentially small in the following inequality is satisfied.


This is so because we can directly calculate the probability from Eq. (LABEL:Q-coin). Therefore, if Alice and Bob know the minimum overlap between the states and they can estimate the value of the phase error rate even if Eve performs the most general THA against the PM. The estimation of such overlap, however, might be difficult in general as one would need to know Eve’s ancilla state. To overcome this problem, we proceed like in the previous section and we reformulate the formalism above based only on how the PM operates.

For this, note that and can be expressed as


where , and 6 is the unitary transformation associated to the PM. It supports Alice’s photonic system and her ancilla , and Eve’s ancilla together with her probe system . With this unitary transformation, the overlap between and for the instance can be lower-bounded as


which is independent of the state. Note that here we have used the infimum because the unitary operator could support a mode in a Hilbert space containing an arbitrary number of photons. Therefore, Eq. (20) can be written as