Decoy state


Decoy state quantum key distribution protocol is the most widely implemented QKD scheme. Practical QKD systems use multi-photon sources, in contrast to the standard BB84 protocol, making them susceptible to photon number splitting attacks. This would significantly limit the secure transmission rate or the maximum channel length in practical QKD systems. In decoy state technique, this fundamental weakness of practical QKD systems is addressed by using multiple intensity levels at the transmitter's source, i.e. qubits are transmitted by Alice using randomly chosen intensity levels, resulting in varying photon number statistics throughout the channel. At the end of the transmission Alice announces publicly which intensity level has been used for the transmission of each qubit. A successful PNS attack requires maintaining the bit error rate at the receiver's end, which can not be accomplished with multiple photon number statistics. By monitoring BERs associated with each intensity level, the two legitimate parties will be able to detect a PNS attack, with highly increased secure transmission rates or maximum channel lengths, making QKD systems suitable for practical applications.

Motivation

In the security proofs of QKD protocols, such as BB84, a single photon source is assumed to be used by the sender, Alice. In reality, a perfect single photon source does not exist. Instead, practical sources, such as weak coherent state laser source, are widely used for QKD. The key problem with these practical QKD sources lies on their multi-photon components. A serious security loophole exists when Alice uses multi-photon states as quantum information carriers. With multi-photon components, an eavesdropper, Eve, could in principle split the photons, keep one photon, and send the rest to Bob. After Alice and Bob announce the basis information, Eve can measure the intercepted photon to get the key information. When the channel is lossy, Eve can launch more sophisticated attacks, such as the photon number splitting attack. In order to minimize the effects of multi-photon states, Alice has to use an extremely weak laser source, which results in a relatively low speed of QKD. The decoy-state method is proposed to solve this multi-photon issue by using a few different photon intensities instead of one. With decoy states, the practical sources, such as a coherent-state source or heralded parametric down-conversion source, perform almost as well as a single photon source.

Development

The decoy-state scheme was proposed by Hwang. Later, its security was proven by developing a photon number channel model and assuming the usage of an infinite number of decoy states. A common practical decoy-state method only needs two decoy states, vacuum decoy and weak decoy. This vacuum+weak decoy state method was first proposed by Hoi-Kwong Lo., and then was analyzed by others. It has been shown that with only the vacuum and weak decoy states, the achieved key rate is very close to the infinite decoy state case.

Experimental demonstrations

The first decoy state method experiment was performed by Hoi-Kwong Lo's group and their collaborator Li Qian, where the one-decoy state method is employed. The transmission distance is 15 km and the key generation speed is 165 bit/s. Then, a longer distance QKD is demonstrated with the vacuum+weak decoy state method via 60 km fiber. Later, three experimental groups demonstrate the decoy-state method over 100 km distances. There are many other demonstrations afterwards.

Decoy-state QKD using non-coherent-state sources

Decoy state QKD protocols with non-coherent-state sources have also been analyzed. Passive decoy state protocol, where the decoy states are prepared passively, is proposed as a parametric down-conversion source.