Transcript Bezpieczeństwo kryptografii kwantowej w praktyce

Security of practical quantum
cryptography with heralded single
photon sources
Mikołaj Lasota1, Rafał Demkowicz-Dobrzański2,
Konrad Banaszek2
1Nicolaus
Copernicus University, Torun, Poland
2University of Warsaw, Warsaw, Poland
Problems with practical realisation of
quantum cryptography protocols
Setup imperfection:
- fibers: photon losses
- detectors: dark counts,
limited detection efficiency
pn 
n  1.5
- Single photon sources:
multiphoton pulses
n
•
G. Brassard, N. Lutkenhaus, T. Mor, B. Sanders; Phys. Rev. Lett. 85, 1330 (2000)
Problems with practical realisation of
quantum cryptography protocols
Setup imperfection:
- fibers: photon losses
- detectors: dark counts,
limited detection efficiency
pn 

nn p0n0..33
- Single photon sources:
multiphoton pulses
n
n
Using heralded single photon source
in quantum cryptography
In the case of multimode SPDC process:
  00   11 
2

4
2
22
Using heralded single photon source in
quantum cryptography
• Definition:
q i - probability of exactly one click in the heralding detection
system, while there were „i” pairs of photons generated by
Alice’s source
• Ideally:
- q0  q2
- q1  1
0
• In reality we have q0  0, q1  1,
- dark counts
- limited detection efficiency
- losses
- partial photon number resolution
q2  0 due to:
Minimal transmission of the channel,
required for QKD security
• Explicit formula for Tmin depends on:
- the protocol used by Alice and Bob
- the list of assumptions about Eve’s possibilities of attack
• Ideal single photon source:
SGL
~ probability of a dark count in Bob’s detector
Tmin
• Attenuated laser as a source of single photons:
WCP
~ (probability of a dark count in Bob’s detector)1/2
Tmin
• Heralded single photon source:
HSPS
min
T
T
SGL
min
T
WCP
min
q0 q2
q12
Key generation rate
• Definition: the amount of bits of secure key produced by a given
setup per unit of time
• Motivation: not only the maximal distance, but also the speed of
QKD is important
• General formula for key generation rate:
k  R pexp psift I AB  I AE 
-
R - repetition rate of Alice’s source
pexp - probability of a click in Bob’s detector when Alice’s source
emits a pulse
- p sift - probability of accepting the bit by Alice and Bob during the
stage of sifting (basis reconciliation)
- I
- mutual information between X and Y
XY
Key generation rate – dependence on complete
transmission of the channel
(Alice’s detector: efficiency - 60%, dark counts probability – 10-6,
Bob’s detector: dark counts probability – 10-5)
Multiplexing detector with n stages as
additional detection system
1. stage
2. stage
 A  0.6
d A  106
C  0.98
Effective detection efficiency:
~A   ACn
Key generation rate for a multiplexing
detection system with n stages
Key generation rate for a multiplexing
detection system with n stages
Key generation rate – comparison
between WCP and HSPS
• Approximately, in the absence of dark counts:
K HSPS
q12 WCP

K
q2
• For the multiplexing detection system considered here:
q12
d

A 0
q2
~A
1

2  2  n
2

~
 A

• Conclusion: for n   we can increase key generation rate for
large values of T using HSPS source with multiplexing detection
system only if we have
2
~
A 
3
Key generation rate for WCP and
HSPS cryptography
Key generation rate for WCP and
HSPS cryptography
Conclusions
Large transmissions
Low transmissions
Short distances
Long distances
K HSPS
q12 WCP

K
q2
HSPS
min
T
T
SGL
min
T
WCP
min
q0 q2
q12
• For short distances HSPS cryptography with multiplexing can beat
WCP only if we have binary detectors with very good detection
efficiency
• For intermediate distances HSPS cryptography with multiplexing is
better than HSPS with single binary detector
• For long distances (close to the maximal distance of security) HSPS
cryptography with single binary detector is the best