Device-Independent Quantum Key Distribution Protocol Based on Hyper-Entanglement

: The secure key rate of quantum key distribution (QKD) is greatly reduced because of the untrusted devices. In this paper, to raise the secure key rate of QKD, a device-independent quantum key distribution (DIQKD) protocol is proposed based on hyper-entangled states and Bell inequalities. The security of the protocol is analyzed against the individual attack by an adversary only limited by the no-signaling condition. Based on the formalization of Clauser-Horne Shimony-Holt (CHSH) violation measurement on local correlation, the probability of a secure secret bit is obtained, which is produced by a pair of hyper-entangled particles. By analyzing the secure secret bit, it is proven that, when both the polarization mode and the path mode contains entangled-states, the DIQKD protocol gets a better secure key rate than common Bell states.

Most of the quantum hacker attacks are implemented by using the non-ideal devices in QKD systems. In order to solve these security problems fundamentally, device independent (DI) protocols [Acín, Gisin and Masanes (2006); Scarani, Gisin and Brunner (2006) ;Chang, Xiong, Gao et al. (2018); Umesh and Thomas (2014); Ge, Liu, Xia et al. (2019)] have been studied. The device-independent approach to QKD aims to establish a secret key between two or more parties with untrusted devices, potentially under full control of a quantum adversary. On the theoretical side, the security of DIQKD has been proven against increasingly powerful eavesdroppers [Acín, Brunner and Gisin (2007); Pironio, Acín, Brunner et al. (2009)] But experimental DIQKD still faces many challenges [Mattar, Kolodynski, Skrzypczyk et al. (2018)]. The first challenge is the stringent Bell test that requires the whole measurement process meets the requirements of Loophole-free Bell Test (LFBT), which makes most of the attack schemes invalid. The second challenge is the detection efficiency for observing a Bell violation of the CHSH [Clauser, Horne, Shimony et al. (1969)] inequality, which can be as low as 2/3 [Eberhard (1993)], while, a DIQKD protocol based on CHSH requires an efficiency of 90% [Mattar, Kolodynski, Skrzypczyk et al. (2018)]. Many studies have been made to resolve the above two problems. The first Bell experiments closing the detection loophole used massive particles [Rowe, Kielpinski, Meyer et al. (2001); Matsukevich, Maunz, Moehring et al. (2008); Hensen, Bernien, Dreau et al. (2015); Qu, Li, Xu et al. (2019)]. Progress has also been made in photo-detection efficiency, which allowed for the first loophole-free photonic Bell inequality violations over short distances [Giustina, Mech, Ramelow et al. (2013); Lynden, Evan, Bradley et al. (2015)]. The performance of a QKD protocol can be quantified by the secret key rate, which can be lower-bounded via the violation of an appropriate Bell-inequality in a setup with untrusted devices [Holz, Kampermann and Bru (2018)]. However, the rates of key distribution they could provide are seriously limited owing to the measurements involved that, despite allowing for near unit efficiency, take significant time [Mattar, Kolodynski, Skrzypczyk et al. (2018); Alejandro, Jonatan and Antonio (2013)]. Holz et al. [Holz, Kampermann and Bru (2018)] studied secret key rates in the device-independent scenario for long-distance scheme using quantum repeater setups. Mattar et al. [Mattar, Kolodynski, Skrzypczyk et al. (2018)] introduced novel photonic protocols for DIQKD exploiting single-photon sources and heralding-type architectures. The use of singlephoton sources for entanglement distribution instead of standard entangled-pair generation schemes, provides significant improvements on the attainable key rates [Mattar, Kolodynski, Skrzypczyk et al. (2018)]. Some novel methods are proposed to reduce the difficulty of security proof of quantum cryptography protocol. A framework for graphical security proof is proposed to reprove a recent result from DI quantum cryptography: any linear randomness expansion protocol can be converted into an unbounded randomness expansion protocol [Breiner, Miller and Ross (2018)]. Fine [Fine (1982)] proposed that the following statements about a quantum correlation experiment are mutually equivalent. (1) There is a deterministic hiddenvariables model for the experiment. (2) There is one joint distribution for all observables of the experiment, returning the experimental probabilities. (3) There are well-defined, compatible joint distributions for all pairs and triples of commuting and noncommuting observables. (4) The Bell inequalities hold. Based on Fine et al. [Fine (1982); Acín, Gisin and Masanes (2006) ;Scarani, Gisin and Brunner (2006)] proposed DI QKD protocols and proved its security against any individual attack by an adversary only limited by the no-signaling condition. In this paper, to raise the secure key rate of QKD, a DIQKD protocol is proposed based on hyper-entangled states and Bell inequalities. We analyzed the security against any individual attack by an adversary only limited by the no-signaling condition. By analyzing the secure secret bit, it is proved that, when both the polarization mode and the path mode contains entangled-states, the DIQKD protocol gets a better security key rate than that distributes common Bell states.

No-signaling principle
There are two experimental facts in physics: one is that no signal can carry information over the speed of light, the other is that there is a nonlocal correlation which violates the Bell inequality. At present, in physics, the principle of quantum mechanics can satisfy the above two experimental facts at the same time. However, the principle of quantum mechanics is not the only one that satisfies the above two experimental facts at the same time. There is a more nonlocal correlation in the no-signaling correlation than in the quantum mechanics principle.
(1) Basic definition Suppose the n-party user-Alice, Bob, Charlie, etc., each party has a physical system (quantum state) that can be measured with different measurement inputs. x k represents the measurement input of the kth party user, and the ak represents the corresponding measurement output.  [Masanes, Acin and Gisin (2006)]. The principle of nosignaling is a basic prerequisite for DI quantum communication.
(2) The monogamy of nonlocal correlations Unlike classical correlations, quantum correlations cannot be shared by many parties. This phenomenon is called the monogamy of nonlocal correlations (entanglement). The monogamy of nonlocal correlations is a basic characteristic of no-signaling principle. The result of Barrett et al. [Barrett, Linden, Massar et al. (2005)] shows that the maximum violation of all Bell inequalities consistent with the no-signaling principle can be obtained by a unique probability distribution, which has a single matching constraint. Let us assume that we have a Bell inequality Ё with the single largest violation of Pmax. If Alice and Bob maximum violate this inequality Ё (P (a, b|x, y))=1, then Alice and Charlie are completely irrelevant. It can also be considered that if a probability distribution violates the Bell class inequality, the probability distribution can realize a nonlocal correlation. Because of the singularity of the nonlocal correlation, this probability distribution allows for the distribution of secret information that is absolutely secure. Of course, at present, in physics, only the probability distribution of entangled states can violate Bell class inequalities.

Hyper-entanglement
Hyper-entanglement is a state simultaneously entangled in multiple degrees of freedom. Photons have a variety of quantum degrees of freedom and each degree of freedom can define a quantum bit under suitable conditions. Theoretically these different degrees of freedom can also form entanglement called hyper-entanglement. A hyper-entangled Bell state with polarization and path mode degrees of freedom can be described as: where 0 and 1 denote the horizontal and vertical polarization of the photon respectively. Subscript A and B denote two photons in the hyper-entangled state. l and u represent different path modes of photons A and B. Subscript P denotes polarization degree of freedom and subscript S denotes path mode degree of freedom. An ultraviolet light pump pulse passing through a barium borate crystal (BBO) will produce an interrelated photonic pair in mode u, and a related pair of photons in mode l when a second reflection through the crystal. A two-photon hyper-entangled Bell quantum system with polarization and path mode degrees of freedom has 16 Bell states, which can be expressed as: where P Θ denotes one of the four Bell states with polarization degrees of freedom: And S Ξ denotes one of the four Bell states with path mode degrees of freedom: Two non-orthogonal measurement bases under polarization degrees of freedom can be selected as follows: . Two non-orthogonal measurement bases under path mode degrees of freedom can be selected as follows:

The protocol 3.1 The CHSH inequality and principle of sharing secret bits.
Defining CHSH inequality: The meaning of violation of inequality ≠ ≤ is that: when the value of x and y is 00, 01 and 10, a equals to b, called positive correlation; when the value of x and y is 11, a does not equals to b, called inverse correlation. Therefore, if Alice publishes her input value x, Bob can use his input value y to determine when the measurement results are positively correlated and when they are inversely correlated. In this protocol, Alice and Bob use the above principle to share secret bits.

Protocol for DIQKD based on hyper-entanglement
In this section we proposed a DI protocol for QKD using hyper-entangled Bell states. The hyper-entangled Bell states can be denoted as: where subscript A and B denote two photons in the hyper-entangled state. 0 and 1 denote the horizontal and vertical polarization of the photon respectively. l and u represent different path modes of photons A and B. Subscript P denotes polarization degree of freedom and subscript S denotes path mode degree of freedom.
Step 1: Eve prepares some hyper-entangled Bell states AB PS + Φ , and then distributes each particle A to Alice and each particle B to Bob for the next communication.
Step 2: Alice and Bob test for the hyper-entanglement properties of quantum systems A and B. Alice randomly selects the measurement inputs x∈{0,1} to measure each particle A, where x=0 means basis measurement second. The measurement results of Alice and Bob are expressed as a and b∈{0l,0u,1l,1u} respectively. Alice and Bob select some particles computing conditional probabilities ( , | , ) P a b x y and determine whether the CHSH inequality is violated or not. If it is violated, the particles distributed to Alice and Bob are hyper-entangled, and the greater the violation is, the stronger the nonlocal correlation is.
Step 3: Alice and Bob get shared secret bits. Alice publishes her input value x. Bob can use his input value y to determine when the measurement results are positively correlated and when they are inversely correlated. If Alice publishes her input value x=0, then Alice and Bob know that their output is the same (a=b). If Alice publishes her input value x=1, and Bob's input is y=0, Bob knows that his output is the same with Alice (a=b). If Alice publishes her input value x=1, and Bob's input is y=1, then Bob knows that his output is exactly the opposite of that of Alice，so Bob flips his bit. Therefore, by reversing the result of the inverse correlation, a pair of DI secret key can be shared between Alice and Bob securely. Based on one hyper-entangled Bell state, theoretically, Alice and Bob can share two secure secret bits (0l, 0u, 1l, or 1u). However, because the maximum violation of CHSH inequality is often difficult to reach, the secure key rate is usually unable to achieve the theoretical value. It should be noted that, according to the monogamy of the nonlocal correlation and nosignaling principle, if Eve prepares a nonlocal correlation, even if Alice publishes x, Eve cannot know y, a, and b.
Step 4: Classical processing. Alice and Bob use error correction and privacy amplification to make the key of Alice and Bob basically the same, while reducing the key information known to eavesdroppers to close to zero.

Security analysis
In this section, we analyze the security of the DIQKD protocol based on hyperentanglement against any individual attack by an adversary only limited by the nosignaling condition. Firstly, we analyze the eavesdropping strategies of Eve, and propose the optimal eavesdropping strategy for Eve. Here, the eavesdropping strategies belong to individual attack, and Eve is an adversary only limited by the no-signaling condition. Then, we give the formalization of CHSH violation measurement on local correlation, which can help us to estimate the amount of information obtained by Eve. Based on the monogamy of the nonlocal correlation under no-signaling principle and the formalization of CHSH violation measurement on local correlation, we obtain the probability that each pair of hyper-entangled particles distributed to Alice and Bob produces a secure secret bit. By analyzing the secure secret bit, we prove that, when both the polarization mode and the path mode contains entangled-states, the DIQKD protocol gets a better security key rate than that distributes common Bell states.

Eve's eavesdropping strategy
DIQKD has a limitation on Eve, that is, "no-signaling principle". In order to estimate the amount of information obtained by Eve, it is necessary to investigate the eavesdropping strategy of Eve. The eavesdropping strategy of Eve should satisfy some kind of "causal independence": the eavesdropping strategy of Eve does not affect the probability of the results of Alice and Bob in the "average" sense [Guo, Li, and Peng (2016)]. This assumption, commonly referred to as "no-signaling principle", is mathematically formulated as follows [Guo, Li, and Peng (2016) In the formula: x, y is the measurement choice of Alice and Bob; a, b is the corresponding measurement output; z is the eavesdropping strategy of Eve; e is Eve's information on a and b under strategy z. The significance of this formula is that for any eavesdropping strategy z of Eve, the sum of the probabilities of eavesdropping results is invariant [Guo, Li and Peng (2016)]. The individual attack of Eve using the untrusted devices can be the preparation of pseudo quantum states or the setting of hidden variables on the measurement devices of Alice and Bob. Preparing quantum states with local correlation (non-entangled) can help Eve to obtain the outputs of Alice and Bob. However, if only the localized quantum states were prepared, ( , | , ) P a b x y will be affected, and the CHSH inequality cannot be violated. Thus eavesdropping was discovered. To avoid that, Eve must prepare nonlocal correlations (entangled states). Therefore, the best strategy for Eve is to prepare mixed states of nonlocal correlation and local correlation satisfying 3 CHSH I = .
As studied in Scarani et al. [Scarani, Gisin and Brunner (2006)], a CHSH violation measurement on quantum states with local correlation can be reproduced with local hidden variables, which produces the same probability distribution. However, the measurement on nonlocal correlation cannot be reproduced with shared hidden variables.
In the DIQKD protocol, Eve can prepare any state, but if Eve makes quantum states at will, the CHSH inequality violation test will not be successful, so the protocol cannot be carried out. Therefore, Eve must obtain information on a and b under the constraint condition that CHSH inequality violated successfully. Eve can prepare the localized quantum states satisfying 3 CHSH I = in addition to the entangled states, where 3 CHSH I = are the extreme points of CHSH inequality. Eve's best eavesdropping strategy is to prepare mixed states AB ρ of the following states: AB PS Here 1 p is the probability of preparing entangled state in polarization mode, and 1 1 p − is the probability of preparing local correlations (localized quantum states) in polarization mode. 2 p is the probability of preparing entangled state in path mode, and is the probability of preparing local correlations in path mode. Eve does not need to save any quantum states for eavesdropping. When Eve prepares hyper-entangled states AB PS + Φ , even if Alice publishes her measurement inputs, Eve will not know any outputs of both Alice and Bob because of the monogamy of nonlocal correlations. When Eve prepares 1 φ , 2 φ (nonlocal in polarization mode, but local in path mode), after Alice announces her measurement input, Eve can obtain Alice's path mode output and partial output of Bob in path mode according to her strategy of preparing local states. When Eve prepares 3 φ , 4 φ ( nonlocal in path mode, but local in polarization mode), after Alice announces her measurement input, Eve can obtain Alice's polarization mode output and partial output of Bob in polarization mode. When Eve prepares 5 φ , 6 φ , 7 φ , 8 φ ( local both in path mode and in polarization mode), after Alice announces her measurement input, Eve can obtain Alice's output and partial output of Bob in both modes. Therefore, in Eve's eavesdropping strategy, Eve does not need to save any quantum states.

Formalization of CHSH violation measurement on local correlation
In Eve's eavesdropping strategy, Eve acquires information by preparing local quantum states that satisfy equation 3 CHSH I = .
To satisfy CHSH violation tests, Eve uses local hidden variables to formalize CHSH measurements of local states, which produces the same probability distribution. In this section, with local hidden variables, we formalize the CHSH violation measurement on localized quantum states (measuring localized quantum states in CHSH violation bases), which produces the same probability distribution. First, let's review the formalization idea of the Bell-type experiments in Scarani et al. [Scarani, Gisin and Brunner (2006)]. Local hidden variables might be hidden in Alice's and Bob's laboratories, in the devices that Eve has provided to them. The bounded region, which contains all probability distributions that can be obtained by shared randomness, forms the local polytope. The vertices of the local polytope are the points corresponding to deterministic strategies, that is, strategies in which a=a(x) and b=b(y) with probability one. If a point, representing a Bell type experiment, lies within the polytope (such as the measurement on a local state), then there exists a strategy with shared randomness that produces the same probability distribution. On the contrary, if a point lies outside the local polytope (such as the measurement on an entangled state), then the experiment cannot be reproduced with shared randomness. The local polytope correspond to Bell's inequalities [Scarani, Gisin and Brunner (2006)]. According to the results of Scarani et al. [Scarani, Gisin and Brunner (2006)], the probability distribution ( , | , ) P a b x y of a localized quantum state lies in the local polytope and can be reproduced with local hidden variables. In the case of binary inputs and outputs, under no-signaling, the local polytope [Acín, Gisin and Masanes (2006) ;Scarani, Gisin and Brunner (2006); Fine (1982)] has eight nontrivial facets, which are all equivalent to 3 CHSH I ≤ . On each facet lie eight out of the sixteen (2 2 ×2 2 ) deterministic strategies; these are said to give 3 CHSH I = .
For the hyperentangled Bell states, because of the entanglement characteristics of both the polarization mode and the path mode, each mode has eight deterministic strategies can give 3 CHSH I = , which are linearly independent from one another.
Under no-signaling principle Barrett et al. [Barrett, Linden, Massar et al. (2005)], in polarization mode, the 8 extreme points of the local correlation can be expressed in the following form: L a x x w = + ; 0 ( ) 1 b y y w = + + (24) In path mode, the 8 extreme points of the local correlation can be expressed in the following form:

The secure key rate
In this section, based on the formalization of CHSH violation measurement on local correlation, we first analyze the probability distribution of input and output data of Alice, Bob, and Eve's information on a and b, under different eavesdropping strategies of Eve. Then, by calculating the qubit error rate of Alice and mutual information between Alice and Eve, we obtain the probability that each pair of hyper-entangled particles produces a secure secret bit. In our protocol, when Alice and Bob randomly select measurement inputs (0,1) x ∈ and (0,1) y ∈ for measurement, Eve has the greatest uncertainty, so the probability that x and y take values 0 and 1 is 1/2.   The probability distribution of a, b and Eve's information on a and b when Eve prepares 1 φ , 2 φ (nonlocal in polarization mode, but local in path mode)  The probability distribution of a, b and Eve's information on a and b when Eve prepares 3 φ , 4 φ ( nonlocal in path mode, but local in polarization mode)

Conflicts of Interest:
The authors declare that they have no conflicts of interest to report regarding the present study.