Within quantum cryptography, the Decoy statequantum key distribution (QKD) protocol is the most widely implemented QKD scheme. Practical QKD systems use multi-photon sources, in contrast to the standard BB84 protocol, making them susceptible to photon number splitting (PNS) attacks. This would significantly limit the secure transmission rate or the maximum channel length in practical QKD systems. In decoy state technique, this fundamental weakness of practical QKD systems is addressed by using multiple intensity levels at the transmitter's source, i.e. qubits are transmitted by Alice using randomly chosen intensity levels (one signal state and several decoy states), resulting in varying photon number statistics throughout the channel. At the end of the transmission Alice announces publicly which intensity level has been used for the transmission of each qubit. A successful PNS attack requires maintaining the bit error rate (BER) at the receiver's end, which can not be accomplished with multiple photon number statistics. By monitoring BERs associated with each intensity level, the two legitimate parties will be able to detect a PNS attack, with highly increased secure transmission rates or maximum channel lengths, making QKD systems suitable for practical applications.
Motivation
In the security proofs of QKD protocols, such as BB84, a single photon source is assumed to be used by the sender, Alice. In reality, a perfect single photon source does not exist. Instead, practical sources, such as weak coherent state laser source, are widely used for QKD. The key problem with these practical QKD sources lies on their multi-photon components. A serious security loophole exists when Alice uses multi-photon states as quantum information carriers. With multi-photon components, an eavesdropper, Eve, could in principle split the photons, keep one photon, and send the rest to Bob. After Alice and Bob announce the basis information, Eve can measure the intercepted photon to get the key information. When the channel is lossy, Eve can launch more sophisticated attacks, such as the photon number splitting attack. In order to minimize the effects of multi-photon states, Alice has to use an extremely weak laser source, which results in a relatively low speed of QKD. The decoy-state method is proposed to solve this multi-photon issue by using a few different photon intensities instead of one. With decoy states, the practical sources, such as a coherent-state source or heralded parametric down-conversion (PDC) source, perform almost as well as a single photon source. [1]
Development
The decoy-state scheme was proposed by Won-Young Hwang from Northwestern University.[2] Later, its security was proven by developing a photon number channel model and assuming the usage of an infinite number of decoy states.[3] A common practical decoy-state method only needs two decoy states, vacuum decoy and weak decoy. This vacuum+weak decoy state method was first proposed by Hoi-Kwong Lo from University of Toronto,[4] and then was analyzed by others. [5][6] It has been shown that with only the vacuum and weak decoy states, the achieved key rate is very close to the infinite decoy state case.[6]
Experimental demonstrations
The first decoy state method experiment was performed by Hoi-Kwong Lo's group and their collaborator Li Qian, [7] where the one-decoy state method [6] is employed. The transmission distance is 15 km and the key generation speed is 165 bit/s. Then, a longer distance QKD is demonstrated with the vacuum+weak decoy state method via 60 km fiber. [8] Later, three experimental groups demonstrate the decoy-state method over 100 km distances. [9][10][11] There are many other demonstrations afterwards. [12][13]
Decoy-state QKD using non-coherent-state sources
Decoy state QKD protocols with non-coherent-state sources have also been analyzed. Passive decoy state protocol, where the decoy states are prepared passively, is proposed as a parametric down-conversion source.[14][15]
^Lo, Hoi-Kwong (2004). Quantum key distribution with vacua or dim pulses as decoy states. Proceedings of 2004 IEEE International Symposium on Information Theory. New York: IEEE Press. p. 137. doi:10.1109/ISIT.2004.1365174. ISBN0-7803-8280-3.
^Zhao, Yi; Qi, Bing; Ma, Xiongfeng; Lo, Hoi-kwong; Qian, Li (2006). "Simulation and Implementation of Decoy State Quantum Key Distribution over 60km Telecom Fiber". 2006 IEEE International Symposium on Information Theory. IEEE. pp. 2094–2098. arXiv:quant-ph/0601168. doi:10.1109/isit.2006.261920. ISBN1-4244-0505-X.