Soft-Decoding Reverse Reconciliation in Discrete-Modulation CV-QKD

TL;DR

This work tackles secret-key reconciliation for CV-QKD with discrete modulations by introducing a softening reverse reconciliation (RRS) scheme in which Bob distributes a carefully crafted soft metric $N$ that enables Alice to perform soft decoding without revealing additional information to an eavesdropper. The authors develop a rigorous theory, including a leakage constraint $I(\hat{X};N)=0$, transformation functions $g_i$ based on conditional CDFs to produce a uniform $N$, and an exact expression for the secret-key rate $I(\hat{X};X|N)$, bounded by $I(\hat{X};X) \le I(\hat{X};X|N) \le I(X;Y)$. They provide a complete transformation-and-LAPPR framework to compute log-likelihood ratios for binarily decoded LDPC codes and demonstrate, via simulations and coded-level experiments with PAM-4 and PAM-8, that RRS approaches the upper bound and offers substantial gains over RRH, especially at common coding rates. The results confirm the practical viability of RRS, achieving SKR close to the ideal soft-decoding regime while maintaining security, and they outline directions for further improvements, including GMI-based BER predictions, non-binary codes, and constellation shaping for the low-rate regime in QKD.

Abstract

In continuous-variable quantum key distribution, information reconciliation is required to extract a shared secret key from correlated random variables obtained through the quantum channel. Reverse reconciliation (RR) is generally preferred, since the eavesdropper has less information about Bob's measurements than about Alice's transmitted symbols. When discrete modulation formats are employed, however, soft information is available only at Bob's side, while Alice has access only to hard information (her transmitted sequence). This forces her to rely on hard-decision decoding to recover Bob's key. In this work, we introduce a novel RR technique for PAM (and QAM) in which Bob discloses a carefully designed soft metric to help Alice recover Bob's key, while leaking no additional information about the key to an eavesdropper. We assess the performance of the proposed technique in terms of achievable secret key rate (SKR) and its bounds, showing that the achievable SKR closely approaches the upper bound, with a significant gain over hard-decision RR. Finally, we implement the scheme at the coded level using binary LDPC codes with belief-propagation decoding, assess its bit-error rate through numerical simulations, compare the observed gain with theoretical predictions from the achievable SKR, and discuss the residual gap.

Figures (5)

• Figure 1: System overview of the scheme. The highlighted blocks enable the reverse reconciliation with soft information. Bob generates a soft metric $N$ from the symbol $Y$ he received and Alice uses it to generate the log-a posteriori probability ratios ($\mathcal{L}(N,X)$) of the corresponding bits for the subsequent syndrome-based error correction.
• Figure 2: Usage of the transformation function
• Figure 3: Achievable reconciliation efficiency $\beta^*$ of the RRS scheme with PAM-4, for different configurations $C^{[b]}$ and threshold selection strategies (A/F).
• Figure 4: Achievable SKR for PAM-4 with different reconciliation schemes and adaptive thresholds: (a) low-rate region in log scale; (b) region of interest for our BER simulations employing codes with rates 1/2 and 1/4.
• Figure 5: BER plots for PAM-4 and PAM-8 at $R=1/2$ and $R=1/4$. For reference, in each sub-plot we report the BER curve of the DR, as the corresponding SKR (Fig. \ref{['fig:mutual-information-pam4']} for PAM-4) is an upper bound for the SKR in the RRS setting.

Theorems & Definitions (5)

• proof
• proof
• proof
• proof
• proof