References and links

One of the limitation of continuous variable quantum key distribution is relatively short transmission distance of secure keys. In order to overcome the limitation, some solutions have been proposed such as reverse reconciliation, trusted noise concept, and non-Gaussian operation. In this paper, we propose a protocol using photon subtraction at receiver which utilizes synergy of the aforementioned properties. By simulations, we show performance of the proposed protocol outperforms other conventional protocols. We also find the protocol is more efficient in a practical case. Finally, we provide a guide for provisioning a system based on the protocol through an analysis for noise from a channel.

Longer distance continuous variable quantum key distribution protocol with photon subtraction at receiver

Kyongchun Lim, Changho Suh, and June-Koo Kevin Rhee*

School of Electrical Engineering, Korea Advanced Institute of Science and Technology (KAIST), 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of Korea


OCIS codes: (270.5565) Quantum communications; (270.5568) Quantum cryptography; (270.5585) Quantum information and processing.

References and links

  • [1] C. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing (IEEE, 1984), pp. 175–179.
  • [2] T. C. Ralph, “Continuous variable quantum cryptography,” Phys. Rev. A 61, 010303 (1999).
  • [3] A. Leverrier, R. Alléaume, J. Boutros, G. Zémor, and P. Grangier, “Multidimensional reconciliation for a continuous-variable quantum key distribution,” Phys. Rev. A 77, 042325 (2008).
  • [4] C. Silberhorn, T. C. Ralph, N. Lütkenhaus, and G. Leuchs, “Continuous variable quantum cryptography: Beating the 3 dB loss limit,” Phys. Rev. Lett. 89, 167901 (2002).
  • [5] F. Grosshans, G. Van Assche, J. Wenger, R. Brouri, N. Cerf, and P. Grangier, “Quantum key distribution using Gaussian-modulated coherent states,” Nature 421, 238–241 (2003).
  • [6] J. Fiurášek and N. J. Cerf, “Gaussian postselection and virtual noiseless amplification in continuous-variable quantum key distribution,” Phys. Rev. A 86, 060302 (2012).
  • [7] Y.-C. Zhang, Z. Li, C. Weedbrook, S. Yu, W. Gu, M. Sun, X. Peng, and H. Guo, “Improvement of two-way continuous-variable quantum key distribution using optical amplifiers,” J. Phys. B: At. Mol. Opt. Phys. 47, 035501 (2014).
  • [8] Y. Zhang, Z. Li, C. Weedbrook, K. Marshall, S. Pirandola, S. Yu, and H. Guo, “Noiseless linear amplifiers in entanglement-based continuous-variable quantum key distribution,” Entropy 17, 4547–4562 (2015).
  • [9] Q. D. Xuan, Z. Zhang, and P. L. Voss, “A 24 km fiber-based discretely signaled continuous variable quantum key distribution system,” Opt. Express 17, 24244–24249 (2009).
  • [10] T. Hirano, T. Ichikawa, T. Matsubara, M. Ono, Y. Oguri, R. Namiki, K. Kasai, R. Matsumoto, and T. Tsurumaru, “Implementation of continuous-variable quantum key distribution with discrete modulation,” Quantum Sci. Technol. 2, 024010 (2017).
  • [11] W. Xu-Yang, B. Zeng-Liang, W. Shao-Feng, L. Yong-Min, and P. Kun-Chi, “Four-state modulation continuous variable quantum key distribution over a 30-km fiber and analysis of excess noise,” Chin. Phys. Lett. 30, 010305 (2013).
  • [12] V. C. Usenko and R. Filip, “Trusted noise in continuous-variable quantum key distribution: A threat and a defense,” Entropy 18, 20 (2016).
  • [13] L. F. M. Borelli, L. S. Aguiar, J. A. Roversi, and A. Vidiella-Barranco, “Quantum key distribution using continuous-variable non-Gaussian states,” Quantum Inf. Process. 15, 893–904 (2016).
  • [14] A. Leverrier and P. Grangier, “Continuous-variable quantum-key-distribution protocols with a non-Gaussian modulation,” Phys. Rev. A 83, 042312 (2011).
  • [15] P. Huang, G. He, J. Fang, and G. Zeng, “Performance improvement of continuous-variable quantum key distribution via photon subtraction,” Phys. Rev. A 87, 012317 (2013).
  • [16] Z. Li, Y. Zhang, X. Wang, B. Xu, X. Peng, and H. Guo, “Non-Gaussian postselection and virtual photon subtraction in continuous-variable quantum key distribution,” Phys. Rev. A 93, 012310 (2016).
  • [17] R. García-Patrón and N. J. Cerf, “Unconditional optimality of Gaussian attacks against continuous-variable quantum key distribution,” Phys. Rev. Lett. 97, 190503 (2006).
  • [18] C. Weedbrook, S. Pirandola, R. García-Patrón, N. J. Cerf, T. C. Ralph, J. H. Shapiro, and S. Lloyd, “Gaussian quantum information,” Rev. Mod. Phys. 84, 621 (2012).
  • [19] C. Ottaviani, R. Laurenza, T. P. Cope, G. Spedalieri, S. L. Braunstein, and S. Pirandola, “Secret key capacity of the thermal-loss channel: Improving the lower bound,” arXiv preprint arXiv:1609.02169 (2016).

Appendix A Introduction

Quantum key distribution (QKD) is one of realistic applications of quantum technologies. Technically, QKD provides shared secret keys between two remote parties, Alice and Bob. Because of its nature of unconditional security, QKD has attracted broad research interest since the first QKD protocol, the BB84 protocol, was invented in 1984 [1]. In early days, researches about discrete variable QKD (DVQKD) had been actively conducted. After a while, continuous variable QKD (CVQKD) encoding secret key information on continuous degree of freedom in phase space of a quantum state started gaining interest triggered by the proposal by [2]. Unlike DVQKD, CVQKD is beneficial to generate high secure key rates at short distances due to high dimensionality of continuous variable, but it could not achieve key sharing over a long distance. One of main hurdles of the limited distance is caused from low error correction efficiency at a long distance under Gaussian based CVQKD protocols [3]. In order to overcome the hurdle, a variety of ways in terms of post-processing are proposed such as post-selection[4], multi-dimensional reconciliation[3], and reverse reconciliation[5]. Especially, the reverse reconciliation can overcome fairly the limit by a simple way changing reference of error correction, which provides importance of a receiver side in CVQKD protocols. There are also many proposals to modify a quantum channel. Some proposals utilize amplifiers including noiseless amplifier[6, 7, 8], while others change transmitter to use four-state or eight-state Gaussian states[9, 10, 11]. As another way to increase distance, trusted noise concept is proposed, with which a noise added in a proper way can increase security [12]. For example, noise added by a receiver, Bob, can increase security in a CVQKD protocol with reverse reconciliation.

Deviated from Gaussian state protocols, non-Gaussian state protocols have been researched due to its potential for high security in terms of secure key rate and distance[13, 14, 15, 16]. One of the representative non-Gaussian operation used in a CVQKD protocol is photon subtraction implemented with a beam splitter and a photon counter. This shows that distance can be improved with photon subtracted states.

In this paper, we propose a CVQKD protocol utilizing the aforementioned properties. Specifically, the protocol is a reverse reconciliation based CVQKD protocol adopting photon subtraction operation in a receiver side. Through numerical simulations, we show the proposed protocol outperforms a conventional CVQKD protocols. This result coincides with existed research results showing positive potentials of non-Gaussian state and trusted noise in terms of security, which convinces our approach is quite reasonable.

The paper is organized as we introduces a target system model in Section II. A secure key rate based on the model is obtained in Section III. Section IV provides numerical simulations for secure key rates under the model. We finalize in Section V with some concluding remarks.

Appendix B System Model

In this section, we introduce a system model for a CVQKD protocol with photon subtraction at a receiver, Bob, as shown in Fig. 1. Here, a transmitter, Alice prepares a two mode squeezed vacuum (TMSV) state which is an entangled state in a continuous variable domain.




and represent mean photon number and number state, respectively.

Fig. 1: A model for CVQKD with photon subtraction under a collective attack. HOM and QM stand for homodyne detection and quantum memory, respectively.

In this model, we assume a collective attack where an Eve’s initial state is prepared as a TMSV state . In a similar to , can be expressed with a mean photon number of noise from a channel, .




After preparing , she transmits a quantum state of to Bob through a quantum channel, while the other quantum state is kept a quantum memory. The transmitted is mixed with an Eve’s state in the channel which can be modeled as a beam splitter with transmittance .

Before finding a quantum state after a channel, we first look into a principle of a beam splitter. Assume there is a beam splitter characterized transmittance , where there are two input creation operators , and two output creation operators , . In this setup, output operators can be expressed based on the input operators as follows:


By rearranging the above equations,


Now, we can find a quantum state after a channel based on the initial states of Alice and Eve by applying a beam splitter operation on them.


where indicates a creation operator of a quantum state . Eq. (10) comes from a relation between a number state and a creation operator such that . A beam splitter operation results in Eq. (11). We can easily obtain by tracing out and rearranging .




In a similar way, a quantum state after photon subtraction represented as a beam splitter with transmittance can be obtained as follows:


For easy understanding, we first analyze single photon subtracted case corresponding to is a single photon state. Then, the photon subtracted state has the following expression.


where refers a normalization parameter defined as a probability that is in a single photon state.




Finally, we obtain a whole quantum state after photon subtraction which is not a Gaussian state anymore. Then, is measured by a homodyne detector with respect to or quadrature. After a choice of the quadrature is publicly announced to Alice, the kept in a quantum memory is measured by homodyne detector with respect to the quadrature. In succession, Alice and Bob perform reverse reconciliation and privacy amplification to generate final secure keys.

Appendix C Secure key rate

Fig. 2: A model for CVQKD substituting photon subtraction to a Gaussian unitary operation resulting in the same covariance under a collective attack.

In this section, we calculate secure key rate under our system model. Under a collective attack, secure key rate can be calculated as follows:


where is reconciliation efficiency. Here, represents mutual information between Alice and Bob, while refers the Holevo information defined as the maximum information extracted by Eve from Bob’s data. Calculating and starts from a photon subtracted state with a density matrix . In case of , it can be calculated by


where represents von Neumann entropy. Here, a density matrix for an Eve’s state is denoted as having eigenvalues , while a density matrix for an Eve’s state given Bob’s measurement on is represented as with eigenvalues . Note that there are infinite number of and due to infinite dimension of and . Therefore, infinite eigenvalues and their infinite sum make calculation of intractable.

If we remove one of the two calculations, the intractability of can be improved. Removing calculation of infinite eigenvalues can be done if all states are Gaussian states because of a Gaussian state can be calculated based on its covariance matrix having finite dimension. In order to do that, we substitute photon subtraction operation to a Gaussian unitary operation making the same covariance matrix with of as in Fig. 2. This provides a lower bound of the original protocol in terms of performance by the theorem of Gaussian optimality [17]. Define a state made by the Gaussian unitary operation as with . Then, by the theorem,


where and represent mutual information between Alice and Bob and the Holevo information obtained from , respectively. Since is a Gaussian state, and can be easily obtained from a covariance matrix of .

In order to calculate , we first look into a structure of a covariance matrix. Define a operator vector as follows:


where and are quadrature operators of the -th mode out of modes. Then, an element of a covariance matrix is defined as


where . In general, indicates a correlation between modes and , while a diagonal element indicates a variance of a mode . From now on, for easy understanding, we substitute and to and , respectively.

Since is a Gaussian state, is calculated as follows:


where is a conditional variance of Bob’s data given Alice’s data. Since and quadrature operators are independent and symmetric in terms of probability distribution, is invariant with respect to the quadratures.


where is a step function defined as


The second equality holds since and the relations that and .

In case of where given follows a Gaussian distribution, this can be obtained as follows:






In the case of Eve’s information, for a Gaussian state, the Holevo information becomes




Here, and indicate an -th symplectic eigenvalue of a covariance matrix for Eve’s state and a -th symplectic eigenvalue of a covariance matrix for Eve’s state given Bob’s measurement , respectively. Specifically, and are calculated as absolute eigenvalues of and , where . For the symplectic eigenvalues, it is required to find structures of and , which are obtained from . Elements of can be directly calculated by using Eq. (27), which provides the following form.




where and represent two dimensional identity matrix and pauli operator, respectively. is directly obtained from , while is obtained from it by using the following relation[18].


where MP refers Moore-Penrose pseudoinverse.

Note that Eve can also perform a Gaussian operation on her states as shown in Fig. 2 to obtain a Gaussian state with because Bob performs a Gaussian operation for substituting photon subtraction. Based on this, elements of the covariance matrix in Eq. (40) are as follows:


Eqs. (37) and (39) based on the above equations provide the corresponding Holevo information.

The aforementioned analysis deals with one photon subtraction case. In a similar way, general photon subtraction cases are also analyzed by adjusting the summation of in Eq. (16). Furthermore, instead of a photon counter for photon subtraction, a photon detector case can also be analyzed. This case is analyzed by summing from 1 to in Eq. (16).

Fig. 3: Comparisons for secure key rate depending on devices used for photon subtraction.
Fig. 4: Comparisons for secure key rate of CVQKD protocols. The mean photon number is optimized for each case to have the maximum secure key rate.

Appendix D Simulation results

In this section, we perform three simulations. In order to check feasibility of the proposed protocol, we compare the performances of the cases for photon detector and photon counter. Based on the results of the first simulation, we compare the performance of the proposed protocol with other conventional protocols. Finally, we simulate the maximum transmission distances for protocols with respect to mean photon number of noise from a channel to analyze an effective region of the proposed protocol.

The proposed protocol is initially based on a photon counter for photon subtraction. However, a sophisticated photon counter is hard to implement and expensive. On the other hand, a photon detector with no photon number resolution is relatively easy to implement and costs lower. For a more practical analysis, we compare two cases for a photon counter and a photon detector used in photon subtraction. Here, a photon counter case corresponds to a case for one photon subtraction case. We set error correction efficiency , detector efficiency, mean photon number of noise from a channel , and transmittance of the beam splitter of Bob as 0.95, 0.68, 0.001, and 0.9, respectively. Here, Alice’s modulation variance of each case is optimized for the distance. Note that the expressions for results require infinite sums. For simulation, we truncate marginal portion of the summations by setting infinity to 30 in the summations. The corresponding results are shown in Fig. 3. The blue and red lines indicate cases for photon counter and photon detector, respectively. From the results, we can identify a photon detector case is slightly more secure than that of a photon counter. This provides the proposed protocol is rather more secure even for a practical case. Furthermore, similar trend in the results means one photon subtraction occupies a dominant part of the performance in a photon detector case.

Next, we conduct performance comparisons between the proposed protocol with a photon detector and other conventional protocols. Here, we set simulation parameters as the same as the first simulation. For performance comparison, we simulate secure key rates of a conventional CVQKD corresponding a CVQKD without photon subtraction and a CVQKD proposed in [19] where the trusted noise concept is used for better security. The corresponding results are plotted in Fig. 4 where mean photon number of Alice for each protocol is optimized. Red, green, and blue lines indicate a conventional CVQKD, a CVQKD with trusted noise, and the proposed protocol, respectively. From the results, we find that our proposed protocol can transmit secure keys at a longer distance. This yields that a combination of reverse reconciliation, the trusted noise concept, and non-Gaussian operation shows positive synergy in terms of security than that using partial properties.

Finally, we conduct simulations for the maximum transmission distances for the protocols with respect to mean photon number of noise from a channel . Here, the maximum distance is defined as the maximum distance with a positive secure key rate. Simulation parameters are the same as in the aforementioned simulations. As shown results in Fig. 5, performance improvement of the proposed protocol decreases as increases, which means performance improvement of the proposed protocol is bounded in a certain channel noise region. Based on this as a guide for system provisioning, we utilize the proposed protocol depending on conditions of a system.

Fig. 5: Comparisons for the maximum transmission distance with respect to mean photon number of noise from a channel depending on CVQKD protocols.

Appendix E Conclusion

In this paper, we investigate how to improve secure distance of CVQKD. We utilize three properties of non-Gaussian state in terms of security, reverse reconciliation, and trusted noise concept to come up with a reverse reconciliation based CVQKD protocol with a photon subtracted states at a receiver. In order to overcome intractability of a calculation for secure key rate, we utilize the Gaussian optimality theorem, which yields a lower bound of secure key rate under the proposed protocol. Through simulation results, we find that the proposed protocol can improve secure distance. The proposed protocol also outperforms even for a practical case where a photon detector instead of a photon counter is used. The results convince that a combination of the properties shows positive synergy in terms of security. Furthermore, we find an effective region where the proposed protocol outperforms so that this provides a guide for provisioning of a CVQKD system based on the proposed protocol.


ICT R&D program of MSIP/IITP (1711057505, Reliable crypto-system standards and core technology development for secure quantum key distribution network)


The authors would like to thank Korea Advanced Institute of Science and Technology (KAIST), Republic of Korea for supporting this work.

Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
Add comment
Loading ...
This is a comment super asjknd jkasnjk adsnkj
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test description