Round-robin differential-phase-shift quantum key distribution with a passive decoy state method

Recently, a new type of protocol named Round-robin differential-phase-shift quantum key distribution (RRDPS QKD) was proposed, where the security can be guaranteed without monitoring conventional signal disturbances. The active decoy state method can be used in this protocol to overcome the imperfections of the source. But, it may lead to side channel attacks and break the security of QKD systems. In this paper, we apply the passive decoy state method to the RRDPS QKD protocol. Not only can the more environment disturbance be tolerated, but in addition it can overcome side channel attacks on the sources. Importantly, we derive a new key generation rate formula for our RRDPS protocol using passive decoy states and enhance the key generation rate. We also compare the performance of our RRDPS QKD to that using the active decoy state method and the original RRDPS QKD without any decoy states. From numerical simulations, the performance improvement of the RRDPS QKD by our new method can be seen.

In this paper, we apply the passive decoy state method to the RRDPS QKD protocol. Alice uses weak coherent sources with random phases to passively generate signal states or decoy states. Not only can the more environment disturbance be tolerated, but also one can avoid the side channel attacks on sources, which may be generated by active modulation of source intensities. Most of all, we apply a strategy that gives the accurate probability of having 0, 1, 2 photons and omits the other multiphoton occurrences. Our method is accordant with practical systems. we also show the performance comparison between our method, the active decoy state method and the original RRDPS protocol in our paper. A performance improvement of our RRDPS QKD using passive decoy state method can be seen in numerical simulations. It shows that under the same key generation rate, our protocol will have longer transmission distance.

Results
RRDPS QKD with passive decoy state strategy. In this section, we apply the passive decoy state method to the RRDPS QKD protocol 17 , as shown in Fig. 1.
The protocol proceeds as follows: 1. Alice uses two weak coherent pulses with random phases to passively generate signal or decoy states. In this way she can prepare a series of pulse trains with each contains L pulses, and each train encodes a random L-bit sequence s = (s 1 s 2 ...s L ) on a weak signal. Then she applies phase modulation {0, π} to each optical mode according to s and obtains the state ψ s as in Eq. (1), where the photon is in the k-th pulse for state k , s k is the encoded bit sequence. She sends ψ s to Bob. 2. Bob splits the received signal with a 50/50 beam splitter to obtain two L-pulse trains, uses RNG to generate a random number r ∈ {−L + 1, …, −2, −1, 1, 2, …, L − 1}, and shifts one of the L-pulse trains forward (r > 0) or backward (r < 0) by |r| pulses. 3. Bob measures the interference between two L-pulse trains. If he obtains a detection on position i in the unshifted pulse train, corresponding to position j in the shifted pulse train, and 0 ≤ j = i + r ≤ L − 1, Bob records a raw key bit according to the relative phase s B = s i ⊕ s j . Otherwise, Bob regards the transmission as a failure. 4. Bob announces {i, j} so that Alice can obtain the sifted key, s A = s i ⊕ s j .
Alice generates phase-randomized pulses using two weak coherent sources with intensities μ 1 and μ 2 per pulse, respectively. It passively generates signal and decoy states, which is a joint-distribution state according to the result of detector b 0 . ρ and σ denote the coherent states of two phase-randomized WCP sources states, respectively,    (1 ) cos , and L denotes the number of pules, t denotes the transmittance of a beam splitter. This result differs from the one expected from the interference of two pure coherent states with fixed phase relation, µ φ e i 1 1 and µ φ e i 2 2 , at a BS of transmittance t. In this last case, p n,m is just the product of two Poissonian distributions.
When Alice ignores the outcome of the measurement in mode b, the probability of having n photons in mode a can be written as  where the parameter ε denotes dark count and η b 0 denotes the single photon detection efficiency of the detector. c indicates the detector b 0 has no click. Then, the probability of having n photons in mode a and producing a click in Alice's threshold detector b 0 is Estimation of the key generation rate. We modify the Gottesman-Lo-Lutkenhaus-Preskill (GLLP) formula 39 according to the RRDPS QKD security analysis 18 . From the GLLP formula, we have where R (l) , ∈ l c c { , } indicates the key generation rate of RRDPS QKD with passive decoy state between Alice and Bob. e n ph ( ) denotes the phase error rate of n-photon pulses. f is the efficiency of the error correction protocol, is the binary Shannon entropy function. Q (l) and E (l) indicate the total gain and the quantum bit error rate (QBER) corresponding to setting l, respectively. Thus, combine with , we get the new key generation rate formula where we denote the output that cause no click of Alice's detector b 0 as signal states. The ones that cause a click of Alice's detector b 0 are decoy states. As for RRDPS protocol, the phase error rate depends on the preparation of quantum states rather than the transmission process. When the number of photons in a train is no more than an , the phase error rate e n ph ( ) can be bounded by V th /L − 1 13 . So we can get R, the final key generation rate per pulse of RRDPS QKD with passive decoy state between Alice and Bob, it's the main parameter to evaluate the performance of protocol, Next, we give how to obtain the parameters Q (l) and E (l) corresponding to setting l. The gain Q (l) corresponding to setting l is the probability that Bob obtains a click in his measurement apparatus when Alice sends him a state prepared with setting l. It can be written as where Y n denotes the yield of an n-photon state. Similarly, the quantum bit error rate (QBER) associated to setting l, which we shall denote as E (l) , is given by The yields Y n can be expressed as refs 34,35 where Y 0 is the background rate, η represents the overall transmittance of the system. This quantity can be written as c B where η c is the transmittance of the quantum channel, and η B denotes the overall transmittance of Bob's detection apparatus; that is, η B includes the transmittance of any optical component within Bob's measurement device and the detector efficiency. The parameter η c can be related with a transmission distance D measured in km for the given QKD scheme as where α represents the loss coefficient of the channel measured in dB/km.
The n-photon error rate e n is given by refs 25,26 where e d is the probability that a signal hits the wrong detector on Bob's side due to the misalignment in the quantum channel and in his detection setup. As usual, we also consider that the background is random (i.e. e 0 = 1/2). Q (c) and Q c ( ) denote the overall gains in the case of Alice's detector producing a click and no click, respectively. Q (T) denotes the overall gain that Alice ignores the result of her measurement in mode b, i.e. the sum of the gains Q (c) and Q c ( ) . After substituting Eqs (5), (6) and (13)(14)(15) into the gain formulas Eq. (11) we obtain:

Then, in a similar way, we can get
And from the Eq. (6) we have T 0 Numerical Simulation. According to the security analysis in above section, we can get the key generation rate Eq. (8) plotted in Fig. 2. The parameters used in our method are the misalignment error rate e d = 1.5%, the background rate Y 0 = 3 × 10 −6 , η d = 0.12, and f = 1, t = 1/2, which are the same as those in the original proposal for the active decoy state method in ref. 40. Then we can get We show the relations between key generation rate and the transmission distance in RRDPS QKD protocol in Fig. 2. Given the certain transmission distance, we optimize the intensity of sources to maximize the key generation rate. According to the practical system, the key generation rate had better not lower than 10 7 . Thus we can obtain the maximal transmission distance as shown in 2.
From Fig. 2, we can see that the longer the transmission distance D is, the smaller the key generation rate R will be. We also show the performance comparison between our method, the active decoy state method 31 and the original protocol RRDPS 17 . It can clearly be seen that the passive decoy state method can provide a performance improvement over the active one and the original one. That is, under the same key generation rate, our protocol will have longer transmission distance. Furthermore, it can defeat the photon-number-splitting (PNS) attack and guarantee the security against the imperfect sources compared to the original RRDPS QKD protocol 17 . It can also eliminate side channel attacks on sources, which may be caused by actively modulating decoy states 31 .

Discussion
In summary, we apply the passive decoy state method in the RRDPS QKD which was proposed recently, and give a security analysis of this protocol. Using the passive decoy state method, the RRDPS QKD protocol provides a secure way to exchange private information without monitoring conventional disturbances and still maintains a high tolerance of noise. And it can also exclude the source side channel attacks, which the active source modulation method may bring. According to the RRDPS QKD security analysis, we modify the GLLP formula and derive a new key generation rate formula for our RRDPS protocol using passive decoy state method. Most importantly, we enhance the key generation rate. From the numerical simulations, we find that the RRDPS QKD with the passive decoy state method can have a performance improvement to the protocol with the active decoy state method and the original RRDPS protocol without decoy states.
The active decoy state method itself may introduce another loophole while closing the loophole of multiphoton pulses. As is well known, the active decoy state method is demonstrated based on the assumption that Eve can never distinguish the decoy state and the signal state. Unfortunately, this assumption is invalid in certain conditions, and Eve can beat the decoy state method due to the property of the intensity modulator. ref. 32 demonstrates that Eve can get full information about the key generated between the legitimate parties in QKD with active decoy state method. Compared with active selection, the passive decoy state method can reduce the side channel information in the decoy state preparation procedure. Thus, the passive signal and decoy state selection can avoid the side channel attacks on sources, which may be generated by active modulation of source intensities. Although the passive decoy state method can not remove all side channel attacks on sources, it can still avoid more attacks than the protocol with no decoy states and the active decoy states. Similar to the active decoy state method, the passive one can also defeat PNS attack. So we apply the passive decoy state method to the RRDPS QKD protocol, this strategy is very promising for applications of practical systems.