Category Archives: Story of the month

Spotlight article, Story of the month

Continuous-variable Quantum Cryptography

Q. What is Cryptography? Why do we need it?

Cryptography has been an integral part of human history. Even in ancient times, people have been trying to keep valuable information secret. They have always been trying to find new means of secure communication, such that other than the recipient and the sender, no one else can know the secret message. To keep a message secret, we encrypt the message with a secret key (known only to the recipient and the sender). To find the original message, the recipient uses the secret key to decrypt the encrypted message.

With the ever-increasing success of technologies, cryptography plays an indispensable role in this Information age. Every day billions of people are performing sensitive tasks – online banking, secret messaging, data storing, chip-based credit card transactions to name a few. That is why a considerable amount of human resources and capital are being invested in creating and analyzing protocols for secure communication.

Q. What is quantum cryptography? Does it truly provide better security?

Current classical encryption methods rely on the fact that an adversary can no longer find the encryption key within a specific amount of time. It assumes that the adversary has limited computation power. The security relies on the hardness of a computational problem that cannot be solved in a reasonable timeframe with limited resources. Some of these protocols will no longer be secure with the advent of new quantum technologies, e.g., the RSA cryptosystem can be broken using Shor’s quantum algorithm.

However, there exist other encryption schemes, such as the one-time pad symmetric scheme, which requires a secret key of the same length as the message that can only be used once. Such a system is not vulnerable to future developments in computational power and thus provides everlasting security. Quantum mechanics provides the perfect platform for one to realize such a secret key through the quantum key distribution protocol or QKD.

Q. Can you elaborate on QKD?

QKD allows two honest distant parties, traditionally named Alice and Bob, with access to an untrusted quantum channel and an authenticated classical channel, to share a secure key that remains secret to any adversary, usually referred to as Eve. The quantum channel is insecure and considered to be controlled by Eve while the classical channel is authenticated, meaning communication over this channel can be monitored by Eve but cannot be altered, i.e., Eve cannot pretend to be either Alice or Bob. A QKD protocol consists of two steps: quantum communication and classical post-processing.

The quantum communication step comprises two parts: the distribution of quantum states through the quantum channel and the measurement of these quantum states. In classical post-processing, the data obtained from the measurement is processed into a secure key.

In 1984, Bennett and Brassard first introduced QKD with single photons acting as the information carrier. The exchanged quantum states are encoded into the polarization, phase, or time bin of the transmitted qubits, and the secret key is established upon detection of the individual photons. These protocols are referred to as “discrete-variable” (DV) QKD. The measurement apparatus for such protocols is a single-photon detector, which detects a click when a photon has hit the detector or no click otherwise.

Q. But you work in continuous-variable QKD. How is it different from the DV protocols?

The idea was to exploit degrees of freedom in phase space, which resulted in measuring the quadratures of the electric field (position and the momentum) of the incident light using interferometric detection schemes widely used in high-speed telecom networks, yielding continuous values as a measurement result. Thus the name “continuous-variable” QKD or CV-QKD.

The main advantage of CV-QKD is the simplification of implementation, as one can use only standard telecommunication components that are much more mature from a technological point of view than single-photon detectors whose primary use is QKD. This suggests that CVQKD holds the potential for large-scale deployment using the current coherent telecommunication networks. In fact, in our latest work, we tried an avenue that brings us a little closer to the possibility of large-scale deployment.

Q. Please explain a little bit more about your work.

Establishing security for CV-QKD protocols is harder than that of DV protocols, simply because continuous-variable states (coherent states, Gaussian states, etc.) lie in a bigger Hilbert space (the state space) compared to the discrete-variable states. Previous security proofs of CV-QKD required these coherent states to be randomly chosen from an infinite set of states derived from a continuous distribution, which cannot be accurately prepared in real-world systems.

In our latest work, we analyze a CV-QKD protocol that uses only four coherent states, which can be reliably prepared with available optical technology. Not only does this make the state preparation simpler, but the error reconciliation step during post-processing is simplified as well. The analysis shows that this protocol could securely transmit a secret key over distances ranging from 50 to 150 km, depending on the noise in the transmission channel.

The protocol still has some limitations:

  1. The assumption that the receiver has perfect knowledge of the channel’s noise.
  2. We prove security against a special type of attack called collective attack, not against general attacks in the asymptotic limit of infinitely long keys, not finite-sized keys.
  3. The mentioned protocol performs well only for low values of alpha (amplitude of the coherent state).

We are working towards removing these limitations. This research work is published in Physical Review X.

Q.This was your last published work. What have you been working on since then?

We have been working on a quantum money scheme in the continuous-variable framework. Wiesner introduced the quantum money scheme in the early ‘70s. A quantum money scheme aims to protect the money from being counterfeited. This is accomplished by combining the money with a secret key that has been encoded into quantum states.

The scheme involves three parties – a mint, a bank, and a client. The mint generates the money (quantum states). The states are chosen from a finite ensemble set of quantum states. These states are then stored in a quantum memory, assigned with a unique serial number, and finally handed to a client. This sequence of states is stored by the mint in a classical key and shared with the bank. Depending on whether the key is kept secret or made public, the money schemes are categorized into two categories:

  1. Private-key (cheque and credit card services): Since the key is kept secret, only the banks can check the validity of the money.
  2. Public-key (banknotes): Anyone can check the validity of the money.

In private-key quantum money schemes, there are two methods of verifying the validity of the money:

  1. Quantum verification: Here the entire money (states) has to be sent to the bank for verification, which requires a quantum channel.
  2. Classical verification: This process involves answering randomly selected challenge questions given by the bank.

Our current work involves analyzing a CV model of a private-key quantum money scheme with classical verification. The motivation behind this protocol is to facilitate the process of practical implementation. Here, we use coherent detection instead of single-photon detectors, which is the current industry standard in optical telecommunication. For such private-key money schemes with classical verification, counterfeiting is considered successful, if, for a given serial number, the adversary can answer two sets of independent challenge questions from two different banks simultaneously. The security relies on the fact that a single random challenge question can be answered with certainty, while any two randomly selected challenge questions cannot be answered with unit probability.

We propose a money scheme with an ensemble set of 4N coherent states. We numerically analyze the cases for N = 1 to 6 and find that the loss tolerance of the scheme improves with higher ensemble size. The region of operation for the money scheme also improves as we increase the ensemble size, i.e., the schemes are secure for a larger region of alpha (amplitude of the coherent state). Our analysis shows CV money scheme with a 13% loss tolerance is feasible. This opens up a new door to more practically feasible quantum money schemes. The manuscript is being prepared.

 

 

 

 

 

 

 

Spotlight article, Story of the month

Story of the month: Quantum key distribution over quantum repeaters with encoding

If we claim the Internet as the greatest invention of the 20th century, which has revolutionized how we communicate every day and turned our lives upside down, today’s stage certainly belongs to quantum Internet, which would deeply change our way of thinking as well. Quantum networks lay the cornerstone of quantum communication and quantum computation systems. Similar to classical networks, it allows for the transmission of quantum information between physically separated quantum processors. An enabling technology for future quantum networks is that of quantum repeaters (QRs).

What is quantum repeater

The direct distribution of quantum states is limited by transmission losses of the channel (usually the optical fiber or free-space, the same as classical world) used. Even under certain optimistic assumptions for the technology evolution, the achievable distances are limited to a few hundred kilometers. Unlike in classical world, where amplifiers can be deployed to boost or regenerate the signals, here, this idea fails due to the fact that quantum states cannot be copied or “amplified” without any disturbance, known as the no-cloning theorem.

QRs were initially proposed to enable quantum information distribution at long distances, relying on the pillar of the quantum palace—entanglement. Using teleportation techniques, one can then send quantum information across the network once some entanglement is shared between users. The main idea behind it is to first distribute and store entanglement between short segments and then to use entanglement swapping (ES) and entanglement distillation (ED) at intermediate stations to establish entanglement over long distances.

Fig. 1: Schematic representation of quantum repeaters.
Fig. 1: Schematic representation of quantum repeaters.

The pioneering works

Theoretically speaking, QRs have gone through a number of development stages. Based on how ES and ED operations are performed, most of them fall into two categories: the probabilistic ones and the deterministic ones. The probabilistic QRs use photonic systems for both distribution and swapping of entanglement. Due to its inherent fragility against loss, after each operation, we have to wait for either good news so that we can move on to the next step or bad news that we have to repeat another trial until succeed, both of which rely on two-way classical communication. You can imagine how this back-and-forth will result in a long coherence time and a low generation rate. However, despite those disadvantages, probabilistic QRs are perhaps the simplest setups that can be implemented in practice. The pioneering work of this type is developed by Duan, Lukin, Cirac and Zoller in 2001, known as DLCZ, where they used atomic ensembles and linear optics to achieve the goal.

Actually, when the concept of QRs was originally introduced by Briegel, Dür, Cirac and Zoller (BDCZ) in 1998, ES and ED operations were designed in a deterministic, but possibly erroneous gate-based way, where they proposed a nested purification protocol to permit efficient quantum communication over distances longer than the attenuation length. However, their model is still based on two-way classical communication for the confirmation of each attempt, which, in effect, turns a deterministic setup to a probabilistic one, suffering similar drawbacks mentioned above.

Quantum repeaters with encoding

The most recent QR proposals totally eliminate the necessities of two-way classical signaling and only use quantum error correction (QEC) to copy with loss and operational errors. They enable us to directly send quantum states across a communication channel hop-by-hop. The key idea resembles the one used in classical communications network, in which message bits are encoded with some redundancy such that at the receiver the original message can be retrieved. Such structures offer an improvement in quantum data rate at the price of requiring much more demanding quantum computational capabilities, which will be further away in terms of an experimental demonstration.

Fig. 2: Schematic representation of the direct transmission of quantum information using encoding.
Fig. 2: Schematic representation of the direct transmission of quantum information using encoding.

What I am working on

In the spirit of having an eye on near-future implementations, my focus is on the transition from probabilistic QRs to deterministic QRs that use quantum error correction techniques only for their ED operations, while entanglement over short links is still established in a probabilistic and heralding way. In such QRs, using a number of bipartite entangled states (yellow lines in Fig. 3(a)), we create a multi-qubit entangled codeword across elementary links (yellow shade in Fig. 3(b)). As we apply the ES operations, this codeword structure will then allow us to correct some of the errors that happen because of imperfections in the employed gates, measurement modules, and/or the initially distributed bipartite states.

Fig. 3: Schematic representation of quantum repeaters with encoding.
Fig. 3: Schematic representation of quantum repeaters with encoding.

In principle, one can choose different code structures to implement such systems. Here, we use the repetition codes to study and develop our methodology. They offer a simple structure, which can make their implementation easier, and still have relevance in systems where one type of error is more dominant than the other. We develop reliable tools which relies on the linearity of the quantum circuits and the transversality of the code employed to manage the complexity of the analysis. Previous work on this subject often relies on various approximations to analyze the system. Here, we try to remain as close as we can to the exact results and only use approximations that are analytically justified and numerically verified. This accurate approach shows that such systems are more resilient to errors than previously thought, which can make their near-future implementation more viable.

Using our methodology, we study the performance of QKD systems run over QRs with three- and five-qubit repetition codes by accounting for various sources of error in the setup. We fully study the effect of different terms, components, and system imperfections on the secret key generation rate of the QKD system, and how one can use the information obtained during entanglement swapping and decoding stages to maximize the rate. We show that, so long as QKD is concerned, error detection features of the code may be even more relevant than its error correction functionalities. We find that the majority of secret key bits come from the portion of the data that corresponds to no detected errors in either the repeater chain or decoder modules (we call it the golden state in Fig. 4).

Fig. 4: Secret fraction as a function of different error parameters.
Fig. 4: Secret fraction as a function of different error parameters.

We further expand our study by proposing two alternative decoder structures that only rely on single-qubit measurements, which not only simplifies the implementation aspects but also, by removing the major source of error from decoding circuits, results in better performance in many practical scenarios. We benchmark the performance of the QKD system that runs on this type of QRs with probabilistic QRs which do not necessarily use any additional distillation techniques, and quantify the regimes of operation, where one class of repeater outperforms the other. We find that for most practical purposes, the simple three-qubit system is our best choice.

Our analysis suggests that extending the reach of trust-free terrestrial QKD links to 1000km is within reach in the near future. If you would like to know more details, click here!

Story of the month

Story of the month: the quantum revolution is above your heads!

Secure communication and quantum cryptography

Cryptography is, nowadays, a critically important part of our lives, even though we usually don’t notice it at all. All the conversations we have via email and instant messaging apps are encrypted, so are the messages exchanged during online bank transactions and e-commerce purchases. Even though the physical part of the message, the string of bits of which it is composed, is in principle available on the internet, its meaning is concealed, hidden behind some cryptographic scheme.

The internet is nowadays based on public key cryptographic schemes, whose security is based on the assumption that some specific mathematical problem is not efficiently solvable. If an eavesdropper, in the future, will find a way to efficiently solve such problem or will obtain an outstanding computational power, the security of our cryptographic scheme will be completely nullified. Quantum computers have the potential to achieve such ground-breaking results, posing a threat to today’s communication and economic systems.

Using the principles of quantum mechanics, several protocols resistant to such attacks have been devised and the field of quantum cryptography is in constant development. In the following we will focus on a specific area of quantum cryptography, namely, Quantum Key Distribution (QKD). Its greatest strength resides in the fact that keys expanded using QKD protocols can be proven to be secure in an information-theoretic manner, against and infinitely powerful eavesdropper limited only by the laws of quantum mechanics.

The standard QKD scenarios comprises two (or more) users, traditionally named Alice and Bob, who want to obtain a shared secure key. They can exchange quantum states (generally photons sent through optical fibres) through an insecure quantum channel  and communicate over an authenticated classical channel. The eavesdropper (Eve) tries to obtain as much information as possible about the key, without being noticed, applying the most powerful attack she can. In the following we will state one of the main problems with the implementation of QKD and a possible path to alleviate it.

Satellite-based quantum communication

The first experimental implementation by Bennet and Brassard in the 80s and the subsequent record-breaking results proved that, while practically possible, QKD suffers some important limitations that are unknown in the field of classical cryptography. The most prominent of them is the intrinsic maximal scaling of the achievable key rate with the distance between the users. In public key encryption keys are shared, in a smart way, on the internet, so the key rate between two users is ultimately limited only by the bandwidth of the internet link, independently of the distance between them. The same holds if a direct communication link between the two is deployed: the classical signals that they share can be amplified during the propagation, making the data rate substantially independent of the distance. In quantum communication, on the other hand, any attempt to amplify a quantum signal will inevitable introduce disturbance, due to the sciencefamous No-Cloning theorem. The result is that in standard QKD protocols the obtainable secret key rate scales linearly with the transmittance of the optical quantum link. If the photons encoding the quantum states are sent through optical fibres, like in the modern communication network, such scaling becomes exponential with the distance travelled, imposing severe limitations to the maximal distance between the users. A possible solution is to exploit optical links with more favourable loss-to-distance scaling, like free-space satellite-based links. The photons are in this case sent from a telescope on the orbiting satellite, through empty space and the atmosphere, before being collected by another satellite on the ground. The final proof of the feasibility of this technology was obtained by the Chinese Academy of Science with the satellite Micius, opening a path with giant scientific and economic potential.

 

Influence of bad weather conditions and other environmental effects on satellite QKD

The advantageous scaling with the distance of satellite-based quantum links comes with some significant downsides.

Free-space optical links, like the satellite links introduced above, require a line-of-sight connection between the transmitter and the receiver, in stark contrast to the fibre-based implementation. This clearly implies that satellite QKD between orbit and ground can only be operated when the satellite is above the horizon and there are no buildings obstructing the line-of-sight. This also means that a single satellite can not ensure constant operation during the day, unless geostationary orbits are considered.

lossesUpEven if clouds don’t completely obstruct the line-of-sight, bad weather conditions can still sensibly hinder the performance of satellite-based quantum links. Turbulence in the air and the presence of air droplets like haze or rain significantly change how the beams of light propagate in the atmosphere. The expected transmittance through the receiver telescope accordingly changes depending on the weather conditions, as shown in the figure (conditions get worse from 1 to 3, more results can be found here).

 

Satellite-based optical links are also prone to noise from environmental photons, since they use telescopes at the receiver that can collect stray light together with the signal. This effects can generally be counteracted using temporal, spatial and spectral filtering.

The importance of untrusted nodes

All the information we send on the internet, as already discussed, is safely encrypted with a cryptographic key to protect it from any unauthorized eavesdropper. Now, imagine that the key used for encryption is available to someone or to some company, e.g., the provider of the key. It means that that particular individual can read your information as plain text and make it public. In some cases, there are some barriers that make this problem not worrying, for example, the provider of the key doesn’t want to damage his trustworthiness. We cannot always count on this, though.

Trusted-node quantum networks is a “cheap” solution to achieve long distance quantum communication. In the QKD case, the distance between Alice and Bob is divided into elementary links of shorter length. The keys are exchanged in parallel between the adjacent nodes and then, by doing simple logical operations on the keys and communicating publicly the result, Alice and Bob can share a common key without leaking information to Eve. The problem with this approach is that the intermediate nodes, that do the operations on the keys, will also end up knowing the key. This means that the nodes need to be trusted by the parties and this can be especially tricky when, trying to achieve intercontinental distances, the nodes are in different countries. So, a solution without intermediate trusted nodes is demanded.

Quantum repeaters in space
3schemes
Quantum repeaters allow to build untrusted-node quantum networks. As before, the total link is divided into several shorter elementary links (middle section of the figure). orbiting1Entanglement sources (S) are put in the middle point of the links and quantum repeaters(R) at the junctions. Performing entanglement swapping at the repeater stations in a hierarchical way allows to enlarge the range of the quantum correlations, until we reach the end points of the chain. The shared entanglement can then be used to perform quantum communication protocols without trusting the middle nodes.

When this technology is composed with the use of satellite-based links, it allows to bridge global distances using a small number of intermediate nodes (details here). One can even imagine a configuration like the one in the figure, in which all the components of the chain are orbiting in a cohesive M3newmanner and only the end users are on the ground. We can see the result of simulations in the graph beside. The scheme with orbiting quantum repeaters (thick solid lines) ensures a positive key rate even at a distance equal to half the Earth’s equator, while the implementation in fibre (dotted lines) fails already around 2000km.

 

Entanglement distribution: beyond cryptography

The ability to distribute entanglement over very long distances will open the path for many more useful quantum-enabled protocols, on top of secure communication. One example is represented by cloud-based quantum computation. Many companies world-wide are investing billions of dollars to develop quantum computers and get to the point where they will be actually useful on practical problems. However, such devices will not come into our houses in the near future. As we do nowadays with supercomputers and servers, these quantum processors will be few and bought by companies or computing centres. The users will access their capabilities as a cloud service, using either classical or simple quantum inputs to impart commands to the quantum computer and then receive the output of the correspondent computation. In this context entanglement is a precious resource, for example it can be used to teleport quantum states from the user to the server and back. Another interesting application of long distance entangled pairs is quantum metrology. This field comprises the protocols that, using inherently quantum properties like entanglement, measure some physical quantity with higher precision and resolution than standard classical methods. An interesting example is given here, where the authors describe a protocol to achieve high resolution interferometric measurements for astronomical observations using entangled pairs distributed between the observatories.

Quantum technologies are in constant development and the QCALL network is proud of the contribution it gave to the field. Stay tuned for more interesting stories!

Spotlight article, Story of the month

Story of the month: Quantum key distribution – from theory to practice

In a world of exciting technological possibilities, among the most significant are those enabled by quantum physics. Quantum physics is the theory of the microscopic world, it describes particles, atoms and molecules, and it is the underlying foundation of the digital age. For instance, it is thanks to this field of research that we have transistors on which today’s mobile phones and computers are based, and lasers that are used in precision manufacturing. So far, almost all the technologies have exploited quantum physics only indirectly, and now, scientists are moving beyond it; they are working on directly controlling it to build new technologies. These technologies are set to have a profound impact on our society and economy by achieving things that are impossible or unthinkable with the current technologies. For example, they promise ultimately secure communications, ultrafast computation, precise sensing, precise timing information, and so forth.

Quantum communication is one of the most mature branches of quantum technologies, and it has the potential to completely change the field of cryptography. Cryptography is an indispensable technology in many applications where we require information security, such as financial transactions and the transmission of data containing sensitive personal information. Unfortunately, the current cryptographic systems are vulnerable to hacking because their security relies on the difficulty of solving certain mathematical problems, such as the prime factorisation of very large numbers. Problematically, this difficulty is not scientifically proven, it is merely assumed. This means that rapid technological advances or the arrival of new algorithms, including the construction of a large-scale quantum computer and the development of artificial intelligence, can completely compromise the security of our communications. At the moment, these technologies might sound like science fiction and give the impression that they will only become available in a very distant future. Nonetheless, experts estimate that by late 2030’s, there will be quantum computers capable of breaking today’s secure communications. In fact, intelligence agencies are already storing vast amounts of encrypted data in the hope that, in the future, they will be able to decrypt it and access important secret information. Therefore, the time to act is now. We have a unique opportunity to update our current communications systems before it’s too late.

Quantum key distribution

Fortunately, and in contrast to conventional cryptography, quantum cryptography, or more specifically, quantum key distribution (QKD) promises to achieve unconditional security in data communication based on the laws of physics. More specifically, the security of QKD is based on the fact that it is not possible to copy the state of a quantum particle nor learn information about it without modifying it. Thus, information encoded in the state of a quantum particle, such as a photon of light, can be guaranteed to not have been observed if it arrives unperturbed from the sender to the receiver. What’s more, the message transmitted will keep being secret forever irrespectively of the computational power and technologies that a hacker might possess in the future. Thus, QKD offers the strongest possible notion of security, and it often referred to as the Holy Grail of secure communications. In the last two decades, this field has developed significantly; now commercial QKD systems are available and QKD networks, including satellite-based QKD, have been deployed around the world. These tremendous achievements clearly demonstrate the potential of QKD to become a global technology.

figMP1
If a hacker tries to eavesdrop on the communication channel, the state of the photons will be inevitably altered, causing transmission errors that signal her/his presence to the users.

Nonetheless, before QKD is widely adopted for securing our communications across the world there are a number of open challenges that need to be addressed. Some of these involve technical aspects, such as increasing the communication distance between users, improving the secure communication rate and reducing the costs of practical implementations. On the theoretical front, the most important challenge is to establish implementation security rather than the theoretical security. In theory, QKD has been mathematically shown to be unconditionally secure against any possible hacking attack. In doing so, security proofs typically assume idealised device models that have no noise or imperfections. Unfortunately, in practice, such idealised devices are not available, and by exploiting discrepancies between the properties of ideal devices and those of practical devices hacking may be possible, compromising the security of QKD. In fact, several hacking attacks have been performed on experimental and commercial QKD systems, and they have succeeded. Therefore, to recover the unconditional security offered by QKD, it is crucial to develop security proofs that take into account device imperfections.

Usually, in a QKD protocol, there is a sending device that a sender uses to transmit secret information encoded in the states of photons, and a measurement device, which is possessed by the receiver to receive information. To remove the discrepancy between the idealised and practical devices and guarantee the security of this information, we need to develop better mathematical models that portray the real behaviour of the sending and measurement devices. By doing so, a practical implementation of this protocol is guaranteed to be secure even in the presence of imperfections, as long as they are sufficiently small. An important breakthrough in this direction was the introduction of measurement-device-independent (MDI) QKD. This is a QKD protocol that can offer perfect security even with arbitrarily flawed and completely untrusted detectors. In other words, we no longer need to take into account the imperfections of the measurement devices. Moreover, a variant of this protocol, called twin-field QKD, has been proposed recently, significantly improving its secure communication rate over long distances. Therefore, the missing step towards achieving implementation security is to secure the sending device. During my PhD, I have investigated and contributed to this issue, with the objective of achieving implementation security of QKD.

Securing the sending device

The most common imperfections in the sending device are state preparation flaws (SPFs), leakages of secret information from the user’s devices and correlations between the emitted light pulses. SPFs occur because real devices have a finite precision, hence the information encoded in the states of photons is slightly different from the information the sender wished to transmit. Also, leakages of information happen due to hacking attacks unknown to the users, or due to distortions in the emitted light pulses that depend on the information encoded. Finally, correlations between pulses take place because real devices hold in memory the secret information previously encoded, and inadvertently this information is passed on to the subsequent signals. All these imperfections open the door for a hacker to learn some secret information without being detected by the users.

figMP2
Source imperfections allow a hacker to learn some secret information without altering the state of the photons, thus compromising the security of the QKD scheme.

Earlier attempts to incorporate source imperfections in security proofs of QKD have often resulted in very low secure communication rates. Recently, however, a loss-tolerant (LT) protocol was proposed, making QKD resistant to SPFs. That is, even when the encoding of the light pulses deviates significantly from the desired one, the secure communication rate is almost the same. Unfortunately, the LT protocol relies on the unrealistic assumption that there are no leakages of information from the users’ devices nor pulse correlations, which is hard to guarantee in practical implementations of QKD.

In a work that I developed with my colleagues, we proposed a formalism to make the LT protocol more general by incorporating information leakages from the user’s devices. In simple terms, we divided the emitted light pulses into a part that resembles perfect pulses emitted from idealised devices and another part that accounts for all the imperfections arising from using the actual devices. This allowed us to prove the security of QKD in the presence of multiple source imperfections.

The last step to secure the source is then to consider correlations between the emitted signals. To model such imperfection mathematically was believed to be the very hard because we need to deal with many pulses rather than a single pulse, which increases the complexity of the problem. For this reason, this imperfection has often been disregarded. Recently, we were able to develop a simple framework to incorporate this imperfection in security proofs of QKD. The key idea is to mathematically model the information encoded in the subsequent pulses as leakage of information. By doing so, we have been able to prove the security of QKD in the presence of pulse correlations between arbitrarily distant pulses. Importantly, this framework is compatible with the formalism that we created to deal with all the other imperfections.

Nonetheless, considering all these imperfections simultaneously inevitably reduces the secure communication rate of QKD. To counteract this effect, we have also proposed a new technique to prove the security of QKD that is more resilient to source imperfections. The main idea is to consider some reference states that are similar to the actual states, and use them as an intermediate step to prove the security of the actual protocol. Interestingly, the reference technique can reproduce previous analyses that deal with source imperfections, including our generalised LT protocol. However, its most striking feature is the easiness to incorporate source imperfections without severely compromising the secure communication rate of QKD.

As mentioned above, to achieve implementation security of QKD we need to take into account all imperfections in the sending and measurement devices. Fortunately, this can now be achieved by employing the security techniques we developed to deal with source imperfections together with an MDI-type QKD protocol, that assumes arbitrarily flawed detectors. In our latest work, using these ideas we have proposed a new protocol that is secure in the presence of any device imperfection. The only requirement is the characterisation of a single parameter that describes the quality of the source. Our protocol is the first QKD scheme proven to be secure in practical implementations. Notwithstanding, there are still theoretical and experimental challenges to finally establish implementation security. For instance, how to experimentally describe the quality of the sending device by a single parameter is still an open question. Moreover further improvements are needed in order to obtain higher secure communication rates and longer communication distances. Importantly, however, we now have a clear path for proving the security of QKD with arbitrarily flawed devices.