Security of the BB84 protocol with passive biased basis choice by the receiver

TL;DR

This work presents a fully analytical security proof against coherent attacks for such a decoy-state BB84 protocol with the receiver’s passive basis choice and measurement with threshold detectors.

Abstract

The Bennett-Brassard 1984 protocol (BB84 protocol) is one of the simplest protocols for implementing quantum key distribution (QKD). In the protocol, the sender and the receiver iteratively choose one of two complementary measurement bases. Regarding the basis choice by the receiver, a passive setup has been adopted in a number of its implementations including satellite QKD and time-bin encoding one. However, conventional theoretical techniques to prove the security of BB84 protocol are not applicable if the receiver chooses his measurement basis passively, rather than actively, with a biased probability, followed by the measurement with threshold detectors. Here we present a fully analytical security proof against coherent attacks for such a decoy-state BB84 protocol with receiver's passive basis choice and measurement with threshold detectors. The numerical simulations under practical situations show that the difference in secure key rate between the active and the passive implementations of the protocol is negligible except for long communication distances.

Figures (6)

• Figure 1: Bob's actual setup for passive basis choice with a beam splitter (BS), polarization beam splitters (PBSs), a half wave plate (HWP) and threshold detectors. Incoming light is split into $Z$ line or $X$ line with the ratio of $p_Z$ to $p_X$. All detectors have the identical dark count probability $d$. The quantum efficiencies of detectors in $Z$ line and $X$ line are $\eta_{\rm det}^Z$ and $\eta_{\rm det}^X$, respectively. The overall transmittances, including the quantum efficiency, in $Z$ line and $X$ line are $\eta_Z$ and $\eta_X$, respectively ($\eta_Z \geq \eta_X$).
• Figure 2: Bob's virtual setup equivalent to the actual setup shown in Fig. \ref{['setup1']}. The QND measurement is conducted to obtain the photon number $n_B$. Incoming light is split into $Z'$, $X'$ and $L$ line with the ratio of $p_{Z'}\coloneqq p_Z$, $p_{X'}\coloneqq p_X r$ and $p_L \coloneqq 1-p_{Z'}-p_{X'}$, respectively, where $r = \eta_X / \eta_Z$. The $L$ line represents photon loss while $Z'$ and $X'$ lines are lossless. All threshold detectors in $Z'$ and $X'$ lines have the quantum efficiency $1$ and dark count probability $d$.
• Figure 3: Bob's virtual setups connecting Fig. \ref{['setup1']} and Fig. \ref{['virtual_setup']}. The QND measurement is conducted to obtain the photon number $n_B$. The common transmittance $\eta_Z$ between $Z$ and $X$ lines in Fig. \ref{['setup1']} is absorbed in the quantum channel. The transmittance in $Z$ line is 1 and that in $X$ line is $r = \eta_X/\eta_Z$ modeled as a BS in the figure. All threshold detectors have the quantum efficiency $1$ and the dark count probability $d$.
• Figure 4: Secure key rate and the optimal probability of the basis choice as a function of fiber length with the quantum efficiency $\eta_{\rm det}^Z = \eta_{\rm det}^X$=0.7 and the dark count probability $d=10^{-7}$ of detectors. (a) Secure key rate $R$ per round on a logarithmic scale with base 10 as a function of fiber length (km). The top line (green) is the secure key rate of active-biased protocol for comparison. The middle line (blue) is our result $R$ for the passive-biased protocol with $r=1$ representing the symmetry of transmittance between $Z$ line and $X$ line. The bottom line (red) is $R$ with $r=1/2$. We assume that the intensity of a weak coherent decoy state is $\nu = 0.05$, the channel error rate is $e_{\rm ch} = 0.03$ and the error-correction coefficient is $c_{\rm EC}=1.1$. The probability $p_Z$ and the signal intensity $\mu$ are optimized at each distance. (b) Optimal $p_Z$ as a function of fiber length (km). The value $p_Z$ is optimized in the range of $[0.5, 0.99]$ in increments of $0.01$.
• Figure 5: Secure key rate and the optimal probability of the basis choice as a function of fiber length with the quantum efficiency $\eta_{\rm def}^Z = \eta_{\rm det}^X$=0.2 and the dark count probability $d=3 \times10^{-7}$ of detectors. The other conditions are the same as those in Fig. \ref{['keyrategraph']}.