## Abstract

The decoy-state high-dimensional quantum key distribution provides a practical secure way to share more private information with high photon-information efficiency. In this paper, based on detector-decoy method, we propose a detector-decoy high-dimensional quantum key distribution protocol. Employing threshold detectors and a variable attenuator, we can promise the security under Gsussian collective attacks with much simpler operations in practical implementation. By numerical evaluation, we show that without varying the source intensity, our protocol performs much better than one-decoy-state protocol and as well as the two-decoy-state protocol in the infinite-size regime. In the finite-size regime, our protocol can achieve better results. Specially, when the detector efficiency is lower, the advantage of the detector-decoy method becomes more prominent.

© 2016 Optical Society of America

## 1. Introduction

Quantum key distribution (QKD) allows two authorized parties, called Alice and Bob, to share private and secure information at a long distance [1, 2]. Since BB84 protocol [3] was proposed, lots of work on enhancing the security of QKD has been done, such as measurement-device-independent QKD [4–8] and round-robin differential phase-shift QKD [9]. Compared with two-level QKD protocols, high-dimensional quantum key distribution (HD-QKD) [10] enables two parties to generate a secret key at a higher rate. By encoding information in a high-dimensional photonic degrees of freedom, such as position-momentum [10], time-energy [11–15] and orbital angular momentum [16–19], HD-QKD can share more information securely per detected single-photon between two parties so as to improve the secret-key capacity under realistic technical constraints. Moreover, HD-QKD protocols could tolerate more noise than qubit QKD protocols [20].

Recently, based on time-energy entanglement and dispersive optics, a so-called dispersive optic HD-QKD [21] was proposed. It has been proven that the protocol is secure against all collective attacks on the fact that Gaussian attacks are optimum given an experimentally determined covariance matrix [22]. However, like most two-level general QKD protocols, the security of HD-QKD would be influenced by some practical imperfection. Under these imperfect conditions, the imperfect single-photon source always emits multipair events, which causes the HD-QKD vulnerable to the photon number splitting (PNS) attack [23–25] over lossy channels.

To avoid the PNS attack, decoy-state method is designed [26] and developed [27–32]. The central idea of the decoy-state method is to estimate the channel transmission properties by choosing source intensity settings independently and randomly. Recently, Zhenshen Zhang *et al.* [22] extended decoy-state analysis to HD-QKD protocols with infinite number of decoy states. Darius Bunandar *et al.* [33] proposed a finite decoy-state HD-QKD protocols and its finite-key analysis was presented in [34].

The detector-decoy method is proposed firstly by Moroder *et al.* [35] to estimate the photon number distribution, which have showed the advantages and feasibility in QKD. In this paper, by modifying Alice’s detection setups simply, we introduce the detector-decoy method into the HD-QKD protocol. Instead of estimating the photon number distribution, using the detector-decoy method, we propose a new HD-QKD protocol and establish a new security analysis to defend PNS attacks. So our protocol can be considered as an alternative protocol to the decoy-state HD-QKD protocol. Compared with the original decoy-state HD-QKD protocol, without varying the source intensity and optimizing decoy-state intensity, the lower bound of single-photon fraction of postselected events and the upper bound of the leaked information can still be obtained in the detector-decoy HD-QKD. The basic idea of the method is to measure the incoming light pulses with a set of detectors with different efficiencies. We use a variable attenuator to change the transmittance of channel in Alice’s side so that the detector efficiency can be changed. Borrowing realistic experimental parameters, we show by numerical evaluations that in the infinite-size regime the detector-decoy HD-QKD could perform much better than the one-decoy-state HD-QKD. Besides, it performs as well as the two-decoy-state HD-QKD protocol, which can perform as well as the HD-QKD protocol with an infinite number of decoy states. In the finite-size regime, the detector-decoy HD-QKD can obtain much better results. Although our method is considered in the DO-QKD, the same arguments are also applicable to other HD-QKD based on time-energy entanglement.

The paper is organized as follows. In Sec. II, we describe the detector-decoy HD-QKD protocol. In Sec. III, we propose a security analysis for HD-QKD. Then, in Sec. IV we show the result of a numerical evaluation with realistic experimental constraints. Finally, section V. concludes the paper with a summary.

## 2. Protocol description

In the original decoy-state protocol [33], there is an assumption that Eve cannot intrude into Alice and Bob’s experimental setups. This means that Eve just can attack the quantum channel. The source is located in Alice’s side, so we could consider the photon kept by Alice cannot be affected by Eve. The assumption is also needed in this paper.

Based on detector-decoy method, we propose a detector-decoy HD-QKD scheme by modifying the Alice’s setup slightly as shown in Fig. 1. Specially, our scheme only need one intensity of the source.

A time-energy entangled state could be produced by Alice weakly pumping the SPDC source. We define *σ _{cor}* as the correlation time between two photons, which is determined by the phase matching bandwidth of the SPDC source. Correspondingly, we define

*σ*as the coherence time of the pump field, which is typically far larger than

_{coh}*σ*. Thus, the number of alphabet characters per photon pulse,

_{cor}*d*=

*σ*(the Schmidt number) is large [36,37].

_{coh}/σ_{cor}The protocol is described as follow:

*State preparation:*Alice chooses a transmittance of the VA randomly and independently and then generates a biphoton state by SPDC. She keeps one of the biphoton and sends the other to Bob via a quantum channel.*State measurement:*Alice selects a basis between time basis and frequency basis randomly and then measures her photon. After receiving the photon from Alice, Bob also performs measurement as Alice and records the outcome.*Classical information post-processing:*After all signals are transmitted, Alice publishes her transmittance choice and both of them publish their basis choices over an authenticated public channel. They establish their distilled key only from correlated events acquired in the same basis. Alice and Bob would announce some their measurement results to determine postselection probabilities and excess-noise multipliers. Then Eve’s influence could be detected and they can determine their information advantage over Eve. If the advantage is much greater than zero, they then apply error correction and privacy amplification [36] on their data. As a result, some amount of secret key can be established.

## 3. Security analysis

In the decoy-state HD-QKD protocol, the postselection probability can be written as [33]

Here,*μ*is the intensity of Alice’s SPDC source and

*Pr*is the probability of generating

_{n}*n*–photon pairs.

*γ*is the conditional probability of measuring at least one coincident detection event given

_{n}*n*–photon pairs are emitted. In our protocol, without Eve’s effect,

*γ*can be written explicitly as

_{n}*η*and

*β*= [1 − (1 −

_{n}*η*)

_{Bob}η_{T}*(1 −*

^{n}*p*)] is the conditional probability of Bob registering at least one detection in a single measurement frame.

_{d}*η*and

_{Alice}*η*are Alice and Bob’s detector efficiencies respectively.

_{Bob}*η*is is the transmittance of the quantum channel and

_{T}*p*is the dark count rate in a single measurement frame. Eve, in principle, has the ability to affect the

_{d}*γ*values by Eve’s effect only on

_{n}*β*while ${\alpha}_{n}^{(\eta )}$ is cannot be affected due to the assumption.

_{n}The bound on the secure-key capacity is [22,27,33,39]

*ζ*and

_{t}*ζ*are the value of time excess noise and frequency excess noise respectively, which are caused by multiphoton emissions, dark counts and Eve’s intrusion.

_{ω}*β*is reconciliation efficiency and

*I*(

*A*;

*B*) is the mutual information between Alice and Bob.

*n*is the number of bits per frame shared by Alice and Bob after error correction is carried out. ${\chi}_{{\zeta}_{t},{\zeta}_{\omega}}^{UB}(A;E)$ is an upper bound on Eve’s Holevo information under collective attacks due to the excess noise.

_{R}In our scheme, for simplicity, we use photon states under the transmittance *η*_{1} to generate keys. We consider that the statistics of entangled photon-pair produced by SPDC source are approximately Poissonian [40]. So in a single measurement frame, when the mean photon-pair number is *μ*

To estimate Eve’s effect on *β _{n}*, we request Alice to randomly change the transmittance of the variable attenuator

*η*between

*η*

_{1}and

*η*

_{2}(0 ≤

*η*

_{2}<

*η*

_{1}≤ 1).

#### 3.1. Lower bound on ${F}_{\mu}^{({\eta}_{1})}$

We define
${P}_{\mu}^{(\eta )}$ as the postselection probabilities when the transmittance is *η*. The postselection probabilities under the two different transmittance *η*_{1} and *η*_{2} (0 ≤ *η*_{2} < *η*_{1} ≤ 1) could be written by

*η*= 1, ${P}_{\mu}^{(\eta )}$ is equivalent to

*P*in essence.

_{μ}Then we will use the Eq. (5) and Eq. (6) to deduce a lower bound of *β*_{1}.

*n ≥*2 is satisfied given 0.018 ≤

*η*

_{2}

*η*<

_{Alice}*η*

_{1}

*η*< 1, which is easily to be realized. That means the equation

_{Alice}Then Eq. (9) leads to the following inequality:

Now we need to lower bound *β*_{0}. As it’s shown in [22, 33], under the assumption that Eve cannot intrude into both experimental setups, the probability *β*_{0} cannot be lower than the dark count rate no matter what Eve does:

#### 3.2. Lower bound on ζ_{t} and ζ_{ω}

_{t}

When Eve attacks Alice’s transmission, the decrease in measurement correlations of Alice and Bob is caused, which is parameterized by the excess-noise factors *ζ _{t}* and

*ζ*.

_{ω}We consider the relation in [33]. Ω* _{x}* (for

*x*=

*t*and

*ω*) is the averaged excess-noise multiplier, which can be measured by two authenticated parties and used to estimate

*ζ*and

_{t}*ζ*by following equations:

_{ω}*x*=

*t*and

*ω*.

Equation (13) can be divided into two groups by transmittance *η*_{1} and *η*_{2}, which can be expressed as:

*x*=

*t*and

*ω*.

The upper bounds on *ζ _{t}* and

*ζ*could be obtained from:

_{ω}*η*=

*η*

_{1}or

*η*

_{2}. This inequality implies that

Therefore, we can give the upper bounds on *ζ _{t}* and

*ζ*as follows:

_{ω}Now with Eq. (12) and Eq. (23), we obtain a lower bound on *F _{μ}* and upper bound on

*ζ*and

_{t}*ζ*.

_{ω}## 4. Numerical evaluation

We borrow some realistic experimental parameters in the implementation of the HD-QKD [41]: propagation loss *α* = 0.2 dB/km, detector timing jitter *σ _{J}* = 20 ps, dark count rate

*R*= 1000 s

_{dc}^{−1}, reconciliation efficiency

*β*= 0.9,

*n*= log

_{R}_{2}

*d*. Therefore, we could know the channel transmittance by the function

*η*= 10

_{T}^{−αL/10}. The detector efficiencies of Alice and Bob’s setups are assumed to be equal. Here we assume that the detection efficiencies are

*η*=

_{Alice}*η*= 0.93 [42].

_{Bob}We take coherent time *σ _{cor}* = 30 ps for all

*d*values and correspondingly

*σ*=

_{coh}*dσ*, which is easily controlled. We choose a single measurement frame duration ${T}_{f}=2\sqrt{\text{ln}2}{\sigma}_{\mathit{coh}}$ [22]. For simplicity, we consider two excess-noise factors are equal,

_{cor}*ζ*=

_{t}*ζ*=

_{ω}*ζ*. The change in correlation time due to Eve’s interaction can be assumed to be $\mathrm{\Delta}\sigma =\left(\sqrt{1+\zeta}-1\right)$

*σ*= 10 ps [43], which doesn’t lose generality.

_{cor}In our detector-decoy method, we vary the transmittance of the variable attenuator between *η*_{1} and *η*_{2}, specifically *η*_{1} = 1 and *η*_{2} = 0.5. Here, we assume that events in which both Alice and Bob click when *η*_{1} = 1 are used to encode information.

Here, in the infinite-size regime we give a comparison between the detector-decoy HD-QKD protocol and the decoy-state HD-QKD protocol with average photon number *μ* = 0.1 when the dimension *d* = 8 and *d* = 32, which is shown in Fig. 2 As one can see, the detector-decoy method can perform much better than one-decoy-state HD-QKD and as well as the two-decoy-state HD-QKD protocol, which means that the detector-decoy HD-QKD could work as the decoy-state HD-QKD with infinite number of decoy states without the source intensity modulation or monitoring photon numbers [34].

Besides, we also give a comparison between the detector-decoy HD-QKD protocol and the two-decoy-state HD-QKD protocol in the finite-size regime, which is more practical in realistic constraints. In the finite-size regime, the postselection probability ${P}_{\mu}^{(\eta )}$ should satisfy the relationship:

Here, Δ is the fluctuation range of the postselection, which is related the number of frames. Using Eq. (24), and following the approach proposed in [34], we can show the performance of the detector-decoy HD-QKD protocol and the two-decoy-state HD-QKD protocol in the finite-size regime. As is shown in Fig. 3, the dector-decoy HD-QKD protocol can achieve much better effects than the decoy-state HD-QKD protocol.In general, the efficiency of conventional detectors used in QKD experiment is always far lower than the efficiency of the superconducting nanowire single-photon detector [44]. So, we also give a comparison between schemes in the condition that is limited with low detector efficiencies, especially *η _{Alice}* =

*η*= 0.045 shown in Fig. 4. Figure 4(a) plots the lower bound values on

_{Bob}*F*that are obtained by detector-decoy method (blue solid lines) and two-decoy-state HD-QKD (red solid lines) respectively. Figure 4(b) shows the comparison between two protocols. Both of them are plotted under the condition with

_{μ}*d*= 8 and

*μ*= 0.10. As the figure shown, when the detector efficiency is low, the advantage of detector-decoy HD-QKD become prominent. That means the detector-decoy HD-QKD could tolerate lower detector efficiency.

## 5. Conclusion

The decoy-state method is applied to resist PNS attacks in HD-QKD systems. The original decoy-state HD-QKD has proved that the two-decoy-state protocol can perform as well as the protocol with infinite decoy states. In this paper, we proposed a detector-decoy HD-QKD protocol that could offer certain practical advantages over the original decoy-state HD-QKD protocol. In the infinite-size regime, our scheme, using a variable attenuator, could achieve secure information per coincidence as the two-decoy-state HD-QKD with little or no compromise. In our protocol, operations of choosing and optimizing the source intensity of decoy states are omitted. This is a main advantage over the original protocol. Besides, in finite-size regime, our protocol is much more practical than the original protocol. Specially, if the detector efficiency is lower, the advantage of our method become more prominent.

In realistic constraints, the detector-decoy HD-QKD presented in this paper provides a more applicable and feasible scheme in the practical implementation of the HD-QKD protocol with slight modification. The source intensity in our scheme is constant and correspondingly we do not need to optimize the intensity of decoy states. When the HD-QKD protocol is implemented practically, our scheme can perform much better than the original two-decoy-state HD-QKD protocol but operations are much simpler.

In practical implementation, the performance of QKD systems can be influenced by many constraints. So it’s necessary to conduct a further study on how to optimize the detector decoy method in the HD-QKD protocol under different constraints. What’s more, besides the DO-QKD protocol, many other HD-QKD protocols have been proposed. Our future work will focus on extending the detector-decoy method to other HD-QKD protocols and studying if the performance advantage of detector-decoy method is universal over all decoy-state HDQKD protocols in the finite-size regime.

## Funding

National Basic Research Program of China (2013CB338002); National Natural Science Foundation (NSFC) (11304397 and 61505261).

## References and links

**1. **V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. **81**(3), 1301–1350 (2009). [CrossRef]

**2. **H.-K. Lo, M. Curty, and K. Tamaki, “Secure quantum key distribution,” Nature Photon. **8**(8), 595–604 (2014). [CrossRef]

**3. **C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” Theoretical Comput. Sci. **560**, 175–179 (1984).

**4. **S. Braunstein and S. Pirandola, “Side-channel-free quantum key distribution,” Phys. Rev. Lett. **108**, 130502 (2012). [CrossRef] [PubMed]

**5. **H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. **108**, 130503 (2012). [CrossRef] [PubMed]

**6. **S. Pirandola, C. Ottaviani, G. Spedalieri, C. Weedbrook, S. L. Braunstein, S. Lloyd, T. Gehring, C. S. Jacobsen, and U. L. Andersen, “High-rate measurement-device-independent quantum cryptography,” Nature Photon. **9**, 397–402 (2015). [CrossRef]

**7. **C. Zhou, W. S. Bao, H. L. Zhang, H. W. Li, Y. Wang, Y. Li, and X. Wang, “Biased decoy-state measurement-device-independent quantum key distribution with finite resources,” Phys. Rev. A **91**, 022313 (2015). [CrossRef]

**8. **R. K. Chen, W. S. Bao, Y. Wang, H. Z. Bao, C. Zhou, and H. W. Li, “Biased decoy-state measurement-device-independent quantum cryptographic conferencing with finite resources,” Opt. Express **24**, 6594 (2016). [CrossRef] [PubMed]

**9. **T. Sasaki, Y. Yamamoto, and M. Koashi, “Practical quantum key distribution protocol without monitoring signal disturbance,” Nature (London) **509**, 475 (2014). [CrossRef]

**10. **L. Zhang, C. Silberhorn, and I. A. Walmsley, “Secure quantum key distribution using continuous variables of single photons,” Phys. Rev. Lett. **100**, 110504 (2008). [CrossRef] [PubMed]

**11. **W. Tittel, J. Brendel, H. Zbinden, and N. Gisin, ”Quantum cryptography using entangled photons in energy-time Bell states,” Phys. Rev. Lett. **84**, 4737 (2000). [CrossRef] [PubMed]

**12. **R. T. Thew, A. Acín, H. Zbinden, and N. Gisin, “Bell-type test of energy-time entangled qutrits,” Phys. Rev. Lett. **93**, 010503 (2004). [CrossRef]

**13. **B. Qi, “Single-photon continuous-variable quantum key distribution based on the energy-time uncertainty relation,” Opt. Lett. **31**, 2795 (2006). [CrossRef] [PubMed]

**14. **I. Ali-Khan, C. J. Broadbent, and J. C. Howell, “Large-alphabet quantum key distribution using energy-time entangled bipartite states,” Phys. Rev. Lett. **98**, 060503 (2007). [CrossRef] [PubMed]

**15. **J. Nunn, L. J. Wright, C. Söller, L. Zhang, I. A. Walmsley, and B. J. Smith, “Large-alphabet time-frequency entangled quantum key distribution by means of time-to-frequency conversion,” Opt. Express **21**, 15959 (2013). [CrossRef] [PubMed]

**16. **A. Mair, A. Vaziri, G. Weihs, and A. Zeilinger, “Entanglement of the orbital angular momentum states of photons,” Nature (London) **412**, 313 (2001). [CrossRef]

**17. **A. Vaziri, G. Weihs, and A. Zeilinger, “Experimental two-photon, three-dimensional entanglement for quantum communication,” Phys. Rev. Lett. **89**, 240401 (2002). [CrossRef] [PubMed]

**18. **G. Molina-Terriza, A. Vaziri, J. Rehacek, Z. Hradil, and A. Zeilinger, “Triggered qutrits for quantum communication protocols,” Phys. Rev. Lett. **92**, 167903 (2004). [CrossRef] [PubMed]

**19. **M. Mafu, A. Dudley, S. Goyal, D. Giovannini, M. McLaren, M. J. Padgett, T. Konrad, F. Petruccione, N. Lütkenhaus, and A. Forbes, “Higher-dimensional orbital-angular-momentum-based quantum key distribution with mutually unbiased bases,” Phys. Rev. A **88**, 032305 (2013). [CrossRef]

**20. **N. J. Cerf, M. Bourennane, A. Karlsson, and N. Gisin, “Security of quantum key distribution using d-level systems,” Phys. Rev. Lett. **88**, 127902 (2002). [CrossRef] [PubMed]

**21. **J. Mower, Z. Zhang, P. Desjardins, C.C Lee, J. H. Shapiro, and D. Englund, “High-dimensional quantum key distribution using dispersive optics,” Phys. Rev. A **87**, 062322 (2013). [CrossRef]

**22. **Z. Zhang, J.J Mower, D. Englund, F. Wong, and J. H. Shapiro, “Unconditional security of time-energy entanglement quantum key distribution using dual-basis interferometry,” Phys. Rev. Lett. **112**, 120506 (2014). [CrossRef] [PubMed]

**23. **N. Lütkenhaus, “Security against individual attacks for realistic quantum key distribution,” Phys. Rev. A **61**, 052304 (2000). [CrossRef]

**24. **N. Lütkenhaus and M. Jahma, “Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack,” New J. Phys. **4**(1), 44 (2002). [CrossRef]

**25. **D. Somma and R. Hughes, “Security of decoy-state protocols for general photon-number-splitting attacks,” Phys. Rev. A **87**, 062330 (2013). [CrossRef]

**26. **W. Y. Hwang, “Quantum key distribution with high loss: toward global secure communication,” Phys. Rev. Lett. **91**, 057901 (2003). [CrossRef] [PubMed]

**27. **H.-K. Lo, X.-F. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. **94**, 230504 (2004). [CrossRef]

**28. **X.-B. Wang, “Decoy-state protocol for quantum cryptography with four different intensities of coherent light,” Phys. Rev. A **72**, 012322 (2005). [CrossRef]

**29. **X.-F. Ma, B. Qi, Y. Zhao, and H.-K. Lo, ”Practical decoy state for quantum key distribution,” Phys. Rev. A **72**, 012326 (2005). [CrossRef]

**30. **Y. Adachi, T. Yamamoto, M. Koashi, and N. Imoto, “Simple and efficient quantum key distribution with parametric down-conversion,” Phys. Rev. Lett. **99**, 180503 (2007). [CrossRef] [PubMed]

**31. **C. Zhou, W. S. Bao, H. W. Li, Y. Wang, Y. Li, Z. Q. Yin, W. Chen, and Z. F. Han, “Tight finite-key analysis for passive decoy-state quantum key distribution under general attacks,” Phys. Rev. A **89**(5), 052328 (2014). [CrossRef]

**32. **Y. Li, W. S. Bao, H. W. Li, C. Zhou, and Y. Wang, “Passive decoy-state quantum key distribution using weak coherent pulses with intensity fluctuations,” Phys. Rev. A **89**, 032329 (2014). [CrossRef]

**33. **D. Bunandar, Z. Zhang, J. H. Shapiro, and D. Englund, “Practical high-dimensional quantum key distribution with decoy states,” Phys. Rev. A **91**, 022336 (2015). [CrossRef]

**34. **H. Z. Bao, W. S. Bao, Y. Wang, C. Zhou, and R. K. Chen, ”Finite-key analysis of a practical decoystate high-dimensional quantum key distribution,” J. Phys. A: Math. Theor. **49**, 205301 (2016). [CrossRef]

**35. **T. Moroder, M. Curty, and N. Lütkenhaus, “Detector decoy quantum key distribution,” New J. Phys. **11**, 045008 (2009). [CrossRef]

**36. **I. Ali-Khan and J. C. Howell, “Experimental demonstration of high two-photon time-energy entanglement,” Phys. Rev. A **73**, 031801 (2006). [CrossRef]

**37. **C. K. Law and J. H. Eberly, “Analysis and interpretation of high transverse entanglement in optical parametric down conversion,” Phys. Rev. Lett. **92**, 127903 (2004). [CrossRef] [PubMed]

**38. **D. Deutsch, A.A Ekert, R. Jozsa, C. Macchiavello, S. Popescu, and A. Sanpera, “Quantum privacy amplification and the security of quantum cryptography over noisy channels,” Phys. Rev. Lett. **77**, 2818 (1996). [CrossRef] [PubMed]

**39. **D. Gottesman, H.-K. Lo, N. Lütkenhaus, and J. Preskill, “Security of quantum key distribution with imperfect devices,” Quantum Inf. Comput. **4**, 325 (2004).

**40. **X.-S. Ma, S. Zotter, J. Kofler, T. Jennewein, and A. Zeilinger, “Experimental generation of single photons via active multiplexing,” Phys. Rev. A **83**, 043814 (2011). [CrossRef]

**41. **C. Lee, Z. Zhang, R. Steinbrecher, H. Zhou, J. Mower, T. Zhong, L. Wang, X. Hu, R. D. Horansky, V. B. Verma, A. E. Lita, R. P. Mirin, F. Marsili, M. D. Shaw, S. W. Nam, G. W. Wornell, F. N. C. Wong, J. H. Shapiro, and D. Englund, “Entanglement-based quantum communication secured by nonlocal dispersion cancellation,” Phys. Rev. A **90**, 062331 (2014). [CrossRef]

**42. **F. Marsili, V. B. Verma, J. A. Stern, S. Harrington, A. E. Lita, T. Gerrits, I. Vayshenker, B. Baek, M. D. Shaw, R. P. Mirin, and S. W. Nam, “Detecting single infrared photons with 93% system efficiency,” Nature Photon. **7**, 210 (2013). [CrossRef]

**43. **C. Lee, J. Mower, Z. Zhang, J. H. Shapiro, and D. Englund, “Finite-key analysis of high-dimensional time-energy entanglement-based quantum key distribution,” Quantum Inf. Process. **14**, 1005 (2015). [CrossRef]

**44. **C. Gobby, Z.-L. Yuan, and A. J. Shields, “Quantum key distribution over 122 km of standard telecom fiber,” Appl. Phys. Lett. **84**, 3762 (2004). [CrossRef]