## Abstract

Recently Zhang *et al* [ Phys. Rev. A **95**, 012333 (2017)] developed a new approach to estimate the failure probability for the decoy-state BB84 QKD system when taking finite-size key effect into account, which offers security comparable to Chernoff bound, while results in an improved key rate and transmission distance. Based on Zhang *et al*’s work, now we extend this approach to the case of the measurement-device-independent quantum key distribution (MDI-QKD), and for the first time implement it onto the four-intensity decoy-state MDI-QKD system. Moreover, through utilizing joint constraints and collective error-estimation techniques, we can obviously increase the performance of practical MDI-QKD systems compared with either three- or four-intensity decoy-state MDI-QKD using Chernoff bound analysis, and achieve much higher level security compared with those applying Gaussian approximation analysis.

© 2018 Optical Society of America under the terms of the OSA Open Access Publishing Agreement

## 1. Introduction

Quantum key distribution (QKD) possessing in-principle unconditional security based on the laws of quantum mechanics, allows two distant parties (usually named Alice and Bob) to generate fresh secure keys for instant use [1–4]. So far, many security proofs have been given by established models [5–7]. However, due to imperfections existing in actual devices, practical QKD systems are always suffering to various attacks, e.g., the photon-number-splitting (PNS) attack [8–10], the time-shift attack [11,12], the fake-state attack [13,14], the detector-blinding attack [15,16], etc., which make the communication process insecure. In order to tackle those attacks, different methods and protocols have been introduced, such as the decoy-state method [17–20], the device-independent quantum key distribution (DI-QKD) [21–23], and the measurement-device-independent quantum key distribution (MDI-QKD) [24,25], etc. Among them, the decoy-state MDI-QKD seems most promising, since it can remove all side-channel attacks and obtain a longer transmission distance.

In the past few years, the decoy-state MDI-QKD has been extensively investigated both theoretically and experimentally [26–32]. Nevertheless, most of them only show very poor key generation rate. Moreover, the finite-size effect cannot be ignored in actual QKD applications, which will further decrease its real performance. As a result, in order to obtain considerable key generation rate, the legitimate users usually need a very large data size when accounting for statistical fluctuations. It seems the low key generation rate has becoming the main obstacle for the widespread application of actual MDI-QKD systems.

Fortunately, the four-intensity decoy-state MDI-QKD protocol has been put forward by Zhou *et al* [33,34]. In this protocol, it accounts for statistical fluctuations of different components jointly; Besides, it estimates the yield and the phase error rate of two-single-photon pulses collectively instead of estimating the worst case of them separately. As a result, the QKD performance can be improved significantly and a considerable key generation rate can be achieved even with a small data size. However, it assumed the channel fluctuations satisfy Gaussian distribution when dealing with finite-data-size effects. The loose assumption makes the QKD system is unsecure to coherent attacks.

Up to date, several statistical fluctuation analyzing methods have been proposed, such as the Gaussian approximation analysis method [20, 35], the Hoeffding inequality [36, 37] and the Chernoff bound [38, 39], etc. Among them, the Chernoff bound and the Hoeffding inequality can offer rigorous security bounds, and thus present much higher security than the Gaussian approximation analysis method. Nevertheless, they can only result in relatively poor key generation rate. Very recently, Zhang *et al* suggested to use a new statistical fluctuation method to analyze the BB84 protocol [40], demonstrating its security against coherent attacks and providing improved key generation rate than using the Chernoff bound. In this paper, we propose to extend this new statistical fluctuation method to analyze MDI-QKD protocols. Furthermore, we implement it onto the recently proposed four-intensity decoy-state scheme and investigate its practical performance. Simulation results show that our present work can present the highest key generation rate among all practical MDI-QKD methods which are secure to coherent attacks.

The paper is organized as follows. In Sec. 2, we briefly introduce operation steps of the four-intensity decoy-state MDI-QKD protocol; In Sec. 3, we give description on how to apply the new statistical fluctuation method to analyze the four-intensity decoy-state MDI-QKD system; In Sec. 4, we carry out corresponding numerical simulations and compare our work with other existing works; Finally, conclusions are given out in Sec. 5.

## 2. Implementation of the four-intensity decoy-state MDI-QKD protocol

In the four-intensity decoy-state MDI-QKD protocol, Alice and Bob randomly modulate their light pulses into four different intensities (*μ*, *v*, *w* and *o*), where the weak decoy pulses with intensities *v* and *w* are all prepared in 𝕏 basis, while the signal pulses with intensity *μ* are only prepared in ℤ basis. The vacuum pulses do not need to choose any basis. The protocol runs as follows:

- Alice (Bob) randomly modulates every pulse into intensity
*l*(*r*), where*l*,*r*∈ {*o*,*w*,*v*,*μ*}, prepares it into W basis (*W*∈ {, 𝕏}) with probability of ${p}_{l}^{W}$ (${p}_{r}^{W}$), and sends it to the untrusted third party, Charlie. Considering pulses with different intensity are only prepared in certain bases (𝕏 or ), hereafter we will omit the superscript in ${p}_{l}^{W}$ or ${p}_{r}^{W}$ without causing any confusion. - At Charlie’s side, he carries out Bell-state projection measurements on the pulse pairs received from Alice and Bob, and records all measurement results. After finishing all the signal transmission, Charlie announces his detection results via a public channel.
- Based on Charlie’s announcement, Alice and Bob keep the bit when it corresponds to a successful event as defined in [25,26,28]. Then the successful events caused by the pulses with intensities
*o*,*w*, and*v*will be utilized to estimate the lower bound of the number of counting events (${M}_{11}^{L}$) and the upper bound of the phase-flip error-rate (${e}_{11}^{\mathit{ph},U}$) from the two-single-photon pulses. - Alice and Bob carry out error correction and privacy amplification processes to obtain the final secure keys.

Throughout this paper, for simplicity, we assume that Alice and Bob use weak coherent sources (WCS) as light sources, which follow Poisson distributions, i.e., ${P}_{i}^{\xi}=\frac{{\xi}^{i}}{i!}{e}^{-\xi}$, where *i* ∈ {0, 1, 2...} and *ξ* represents the average photon number per pulse. When Alice emits pulses with intensity *l* and Bob emits pulses with intensity *r*, the corresponding average counting rate (*Q ^{lr}*) and the average quantum-bit error-rate (QBER,

*E*) can be expressed as:

^{lr}*Y*and

_{nm}*e*denote the yield and the error-rate given that Alice sends an

_{nm}*n*-photon pulse and Bob sends an

*m*-photon pulse, respectively. Below, we define

*T*:=

^{lr}*E*.

^{lr}Q^{lr}## 3. Utilizing the improved statistical fluctuation analysis

In this paper, we propose to extend the improved statistical fluctuation analyzing method into MDI-QKD systems, and further combine it with the joint constraints and collective error-estimation techniques to study the performance of four-intensity decoy-state MDI-QKD under practical experimental conditions. Before describing the proposal in detail, let us first define some notations in order to build corresponding nomenclatures. We denote ${\mathcal{P}}_{n}^{\xi}\left(\approx \frac{{N}_{n}^{\xi}}{{N}_{n}}\right)$ as the conditional probability of an *n*-photon state when Alice (or Bob) sends pulses with intensity *ξ*, and ${N}_{n}^{\xi}$ corresponds to the total number of *n*-photon pulses. The approximation results from statistical fluctuation and can be equally applied in the asymptotic case. The photon number of each pulse follows Poisson distribution, thus the conditional probability above can be rewritten as:

On Charlie’s side, we can obtain the following results

*M*and

_{nm}*e*denote the number of successful events and errors when Alice sends

_{nm}M_{nm}*n*-photon state and Bob sends

*m*-photon state respectively. Then, the total number of successful events and errors caused by the pulses with intensities

*l*and

*r*can be expressed as:

According to [40], we can find that

In order to compare with the Gaussian approximation analysis method in Sec. IV, here we transform the Eq. (10) into the following form by dividing both sides by *N ^{lr}*. Then we can obtain

*N*is the total number of pulses. With Eqs. (12), (13) and (14), we can acquire the analytical lower bound of the number of successful events results from two-single-photon pulses (${M}_{11}^{L}$) and the upper bound of the corresponding phase-flip error rate (${e}_{11}^{\mathit{ph},U}$) [33],

It should be noted that the formulas above are denoted by expected values. In nonasymptotic case, however, we need to bound those expected values given the observed values for a failure probability *ε*. Here, we employ the Chernoff bound with an inverse formulation to solve this problem. Let *X*_{1},*X*_{2},...,*X _{n}* be

*n*independent Bernoulli random variables, indicated by the value 0 or 1. Let

*X*be the sum of those indicator variables, i.e., $X={\sum}_{i=1}^{n}{X}_{i}$, which represents the measurement result. Then we have

When *X* ≥ 6*b*, there exists an approximate solution:

According to the equations above, we can achieve the following useful joint constraints:

Here we consider the fluctuation of different sources jointly. With the inequations above, the items in the first bracket of Eq. (15) can be written conditionally as:

Similarly, the items in the second bracket of Eq. (15) can be expressed as:

Furthermore, the phase-flip error rate of two-single-photon pulses can be formulated as:

The final secure keys can be distilled from the successful events caused by signal pulses. Thus, we need to calculate the lower bound of the number of successful events results from two-single-photon pulses in the signal states (${M}_{11}^{\mu \mu ,L}$). By solving the equation 2^{−δ2X̄/(2+δ)}= *ε* and employing the symmetric form of the Chernoff bound [40]

*X*has been given above and

*X̄*= 𝔼[

*X*]. In this part, we have known the value of ${M}_{11}^{L}$ and $\mathbb{E}\left[{M}_{11}^{\mu \mu ,L}\right]={\mathcal{P}}_{1}^{\mu}{\mathcal{P}}_{1}^{\mu}{M}_{11}^{L}$. Then, we can use the formulas above to calculate ${M}_{11}^{\mu \mu ,L}$ with a failure probability

*ε*.

Finally, the formula for the key generation rate as a function of *ℋ* is given by

*f*is the error correction efficiency, and

_{e}*H*(

*x*) = −

*x*log

_{2}

*x*−(1−

*x*) log

_{2}(1−

*x*) is the binary Shannon information function. The values of

*M*and

_{μμ}*E*can be observed in experiments.

_{μμ}In order to obtain the final secure key rate, we should consider the worst-case result of *R*(*ℋ*) over all possible values of *ℋ*, i.e.,

## 4. Numerical simulations

For ease of reference, below we briefly summarize the Gaussian approximation analysis and the Chernoff bound method which we used for comparison.

- For the Gaussian approximation analysis method [35], we can write the relation between the expected value 𝔼[
*Q*] (or 𝔼[^{lr}*T*]) and the observed value^{lr}*Q*as: 𝔼[^{lr}*Q*] =^{lr}*Q*(1 +^{lr}*τ*). Given a probability larger than 1 −^{lr}*ε*,*τ*can be bounded by $\left|{\tau}^{\mathit{lr}}\right|\le \frac{\gamma}{\sqrt{{N}^{\mathit{lr}}{Q}^{\mathit{lr}}}}$ where^{lr}*γ*is the number of standard deviations which is directly related to the failure probability. - For the Chernoff bound method [38], we can estimate the deviations between the observed and the expected values with probability 1 − 2
*ε*: 𝔼[*Q*] =^{lr}*Q*(1 +^{lr}*δ*), $-\frac{\mathrm{\Delta}}{\sqrt{{N}^{\mathit{lr}}{Q}^{\mathit{lr}}}}\le {\delta}^{\mathit{lr}}\le \frac{\widehat{\mathrm{\Delta}}}{\sqrt{{N}^{\mathit{lr}}{Q}^{\mathit{lr}}}}$, where Δ =^{lr}*g*(*ε*^{3/2}), Δ̂ =*g*(*ε*^{4}/16), and $g(x)=\sqrt{2\text{ln}\left({x}^{-1}\right)}$.

In the following, we perform numerical simulation for the four-intensity decoy-state MDI-QKD with the improved new statistical fluctuation method in comparison with the results of using another two methods. For fair comparisons, we have employed the same formula to calculate the final secure key generation rates [41]. Here the number of standard deviations in Gaussian approximation analysis method is reasonably set as 6.4, corresponding to a failure probability of 10^{−10}. Furthermore, we focus on the symmetric case where the channel transmissions from Alice to Charlie and from Bob to Charlie are equal, and we assume that the detectors on Charlie’s side are identical. At each transmission distance, we optimize all the parameters by employing the coordinate descent algorithm [42]. The experimental parameters used in our simulation are listed in Table 1 and the corresponding simulation results are shown in Figs. 1–4.

We have done comparisons between different statistical fluctuation methods when all employing the four-intensity decoy-state scheme, as shown in Fig. 1 and Fig. 2, each with a total number of pulses of 10^{11} and 10^{10}, respectively. From Fig. 1 and Fig. 2, we find that among the three methods, the Gaussian approximation analysis can display the longest transmission distance in analyzing the four-intensity decoy-state MDI-QKD. However, its assumption is not sufficiently rigorous and thus not secure to coherent attack. On the contrary, the improved statistical fluctuation analysis approach possesses the same security level as the Chernoff bound method, and it can show significant performance enhancement than the latter. This is attributed to the fact that the improved statistical fluctuation analysis method can yield a smaller failure probability compared with the Chernoff bound method within a similar confidence interval. Furthermore, when the data size is smaller, the difference between them is becoming more distinct.

In Fig. 3, we give a comparison for the key generation rate between using the four-intensity decoy-state method and applying the standard three-intensity decoy-state scheme [43]. They both utilize the improved statistical fluctuation analysis approach, and the total number of pulses is reasonably set, *N* = 10^{11}. Obviously, the four-intensity decoy-state scheme can greatly exceed the standard three-intensity decoy-state scheme in both the key generation rate and the secure transmission distance. Those improvements mainly comes from the collective constraints and joint parameter estimation techniques implemented in the four-intensity decoy-state method.

In order to show the influence of the finite-size effect on the above two cases, i.e., the four-intensity decoy-state method and the standard three-intensity decoy-state scheme, both applying the improved statistical fluctuation analysis approach, we have plotted out the variations of the key generation rate with changing the total number of pulse pairs from 10^{10} to 10^{11} for each case. Here the transmission distance is fixed at 50 *km*. As we can see form Fig. 4, the three-intensity scheme almost cannot generate keys when the data size is lower than 3.5 × 10^{10}, and the four-intensity scheme can still obtain a high key generation rate. Besides, with the increasing of *N*, the key generation rate of the four-intensity scheme rises up more drastically.

## 5. Conclusion

In summary, we have extended Zhang *et al*’s statistical fluctuation analysis method to the case of MDI-QKD, and implemented it onto the recently proposed four-intensity decoy-state scheme. In order to show its merits, we have compared it with other existing schemes, i.e., the four-intensity decoy-state scheme using either Chernoff bound or Gaussian approximation analysis, and the standard three-intensity decoy-state scheme utilizing the improved statistical fluctuation analysis. Simulation results indicate that, our present work can significantly enhance the key generation rate compared with existing three- or four-intensity decoy-state methods applying Chernoff bound analysis; Meantime it can possess much higher level security than those applying Gaussian approximation analysis, and be secure to coherent attacks. In addition, it can be rapidly realized with current technology. Therefore, it looks very promising for practical implementations of quantum communications.

## Funding

National Key Research and Development Program of China Grant 2017YFA0304100; National Natural Science Foundation of China (NSFC) Grants 61475197, 61590932, 11774180, and 61705110; Natural Science Foundation of the Jiangsu Higher Education Institutions Grants 15KJA120002 and 17KJB140016; Outstanding Youth Project of Jiangsu Province Grant BK20150039; Natural Science Foundation of Jiangsu Province Grant BK20170902; Postgraduate Research and Practice Innovation Program of Jiangsu Province; NUPTSF Grant NY217006.

## References and links

**1. **C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in *Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing* (IEEE, 1984), pp. 175–179.

**2. **A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. **67**, 661 (1991). [CrossRef] [PubMed]

**3. **P. W. Shor and J. Preskill, “Simple proof of security of the BB84 quantum key distribution protocol,” Phys. Rev. Lett. **85**, 441 (2000). [CrossRef] [PubMed]

**4. **D. Mayers, “Unconditional security in quantum cryptography,” J. Assoc. Comput. Mach. **48**, 351–406 (2001). [CrossRef]

**5. **B. Huttner, N. Imoto, N. Gisin, and T. Mor, “Quantum cryptography with coherent states,” Phys. Rev. A **51**, 1863 (1995). [CrossRef] [PubMed]

**6. **H. P. Yuen, “Quantum amplifiers, quantum duplicators and quantum cryptography,” Quantum Semiclassical. Opt. **8**, 939–949 (1996). [CrossRef]

**7. **N. Jain, C. Wittmann, L. Lydersen, C. Wiechers, D. Elser, C. Marquardt, V. Makarov, and G. Leuchs, “Device calibration impacts security of quantum key distribution,” Phys. Rev. Lett. **107**, 110501 (2011). [CrossRef] [PubMed]

**8. **G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders, “Limitations on practical quantum cryptography,” Phys. Rev. Lett. **85**, 1330 (2000). [CrossRef] [PubMed]

**9. **N. Lütkenhaus, “Security against individual attacks for realistic quantum key distribution,” Phys. Rev. A , **61**, 052304 (2000). [CrossRef]

**10. **N. Lütkenhaus and M. Jahma, “Quantum key distribution with realistic states: photon-number statistics in the photon-number splitting attack,” New J. Phys. **4**, 44 (2002). [CrossRef]

**11. **B. Qi, C.-H. F. Fung, H.-K. Lo, and X. Ma, “Time-shift attack in practical quantum cryptosystems,” Quantum Inf. Comput. **7**, 73–82 (2007).

**12. **Y. Zhao, C.-H. F. Fung, B. Qi, C. Chen, and H.-K. Lo, “Quantum hacking: experimental demonstration of time-shift attack against practical quantum-key-distribution systems,” Phys. Rev. A **78**, 042333 (2008). [CrossRef]

**13. **V. Makarov and J. Skaar, “Faked states attack using detector efficiency mismatch on SARG04, phase-time, DPSK, and Ekert protocols,” Quantum Inf. Comput. **8**, 622–635 (2008).

**14. **V. Makarov, A. Anisimov, and J. Skaar, “Effects of detector efficiency mismatch on security of quantum cryptosystems,” Phys. Rev. A **74**, 022313 (2006). [CrossRef]

**15. **L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics. **4**, 686–689 (2010). [CrossRef]

**16. **I. Gerhardt, Q. Liu, A. Lamaslinares, J. Skaar, C. Kurtsiefer, and V. Makarov, “Full-field implementation of a perfect eavesdropper on a quantum cryptography system,” Nat. Commun. **2**, 349 (2011). [CrossRef] [PubMed]

**17. **W. Y. Hwang, “Quantum key distribution with high loss: toward global secure communication,” Phys. Rev. Lett. **91**, 057901 (2003). [CrossRef] [PubMed]

**18. **X.-B. Wang, “Beating the photon-number-splitting attack in practical quantum cryptography,” Phys. Rev. Lett. **94**, 230503 (2005). [CrossRef] [PubMed]

**19. **H.-K. Lo, X. Ma, and K. Chen, “Decoy state quantum key distribution,” Phys. Rev. Lett. **94**, 230504 (2005). [CrossRef] [PubMed]

**20. **X. Ma, B. Qi, Y. Zhao, and H.-K. Lo, “Practical decoy state for quantum key distribution,” Phys. Rev. A **72**, 012326 (2005). [CrossRef]

**21. **A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-independent security of quantum cryptography against collective attacks,” Phys. Rev. Lett. **98**, 230501 (2007). [CrossRef] [PubMed]

**22. **N. Gisin, S. Pironio, and N. Sangouard, “Proposal for implementing device-independent quantum key distribution based on a heralded qubit amplifier,” Phys. Rev. Lett. **105**, 070501 (2010). [CrossRef] [PubMed]

**23. **M. Curty and T. Moroder, “Heralded-qubit amplifiers for practical device-independent quantum key distribution,” Phys. Rev. A. **84**, 010304 (2011). [CrossRef]

**24. **S. L. Braunstein and S. Pirandola, “Side-channel-free quantum key distribution,” Phys. Rev. Lett. **108**, 130502 (2012). [CrossRef] [PubMed]

**25. **H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. **108**, 130503 (2012). [CrossRef] [PubMed]

**26. **X.-B. Wang, “Three-intensity decoy-state method for device-independent quantum key distribution with basis-dependent errors,” Phys. Rev. A **87**, 012320 (2013). [CrossRef]

**27. **Q. Wang and X.-B. Wang, “Efficient implementation of the decoy-state measurement-deviceindependent quantum key distribution with heralded single-photon sources,” Phys. Rev. A **88**, 052332 (2013). [CrossRef]

**28. **Q. Wang and X.-B. Wang, “Simulating of the measurement-device independent quantum key distribution with phase randomized general sources,” Sci. Rep. **4**, 04612 (2014). [CrossRef]

**29. **H. L. Yin, T. Y. Chen, Z. W. Yu, H. Liu, L. X. You, Y. H. Zhou, S. J. Chen, Y. Mao, M. Q. Huang, W. J. Zhang, H. Chen, M. J. Li, D. Nolan, F. Zhou, X. Jiang, Z. Wang, Q. Zhang, X. B. Wang, and J. W. Pan, “Measurement-device-independent quantum key distribution over a 404 km optical fiber,” Phys. Rev. Lett. **117**, 190501 (2016). [CrossRef]

**30. **C. Wang, X. T. Song, Z. Q. Yin, S. Wang, W. Chen, C. M. Zhang, G. C. Guo, and Z. F. Han, “Phase-reference-free experiment of measurement-device-independent quantum key distribution,” Phys. Rev. Lett. **115**, 160502 (2015). [CrossRef] [PubMed]

**31. **C. Wang, S. Wang, Z. Q. Yin, W. Chen, H. W. Li, C. M. Zhang, Y. Y. Ding, G. C. Guo, and Z. F. Han, “Experimental measurement-device-independent quantum key distribution with uncharacterized encoding,” Opt. Lett. **41**, 5596–5599 (2016). [CrossRef] [PubMed]

**32. **C. Wang, Z. Q. Yin, S. Wang, W. Chen, G. C. Guo, and Z. F. Han, “Measurement-device-independent quantum key distribution robust against environmental disturbances,” Optica **4**, 1016–1023 (2017). [CrossRef]

**33. **Y. H. Zhou, Z. W. Yu, and X.-B. Wang, “Making the decoy-state measurement-deviceindependent quantum key distribution practically useful,” Phys. Rev. A , **93**, 042324 (2016). [CrossRef]

**34. **X. Y. Zhou, C. H. Zhang, C. M. Zhang, and Q. Wang, “Obtaining better performance in the measurement-device-independent quantum key distribution with heralded single-photon sources,” Phys. Rev. A , **96**, 052337 (2017). [CrossRef]

**35. **X. Ma, C.-H. F. Fung, and M. Razavi, “Statistical fluctuation analysis for measurementdevice-independent quantum key distribution,” Phys. Rev. A **86**, 052305 (2012). [CrossRef]

**36. **C. C. W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden, “Concise security bounds for practical decoy-state quantum key distribution,” Phys. Rev. A **89**, 022307 (2014). [CrossRef]

**37. **Y. Wang, W.-S. Bao, C. Zhou, M.-S. Jiang, and H.-W. Li, “Tight finite-key analysis of a practical decoy-state quantum key distribution with unstable sources,” Phys. Rev. A **94**, 032335 (2016). [CrossRef]

**38. **M. Curty, F. Xu, W. Cui, C. C. W. Lim, K. Tamaki, and H.-K. Lo, “Finite-key analysis for measurement-device-independent quantum key distribution,” Nat. Commun. **5**, 3732 (2014). [CrossRef] [PubMed]

**39. **H. Li, H. Jiang, M. Gao, Z. Ma, C. Ma, and W. Wang, “Statistical-fluctuation analysis for quantum key distribution with consideration of after-pulse contributions,” Phys. Rev. A **92**, 062344 (2015). [CrossRef]

**40. **Z. Zhang, Q. Zhao, M. Razavi, and X. Ma, “Improved key-rate bounds for practical decoy-state quantum-key-distribution systems,” Phys. Rev. A **95**, 012333 (2017). [CrossRef]

**41. **D. Gottesman, H.-K. Lo, N. Lütkenhaus, and J. Preskill, “Security of quantum key distribution with imperfect devices,” Quantum Inf. Comput. **4**, 325–360 (2004).

**42. **S. P. Boyd and L. Vandenberghe, *Convex Optimization* (Cambridge University, 2004). [CrossRef]

**43. **F. Xu, H. Xu, and H.-K. Lo, “Protocol choice and parameter optimization in decoy-state measurement-device-independent quantum key distribution,” Phys. Rev. A **89**, 052333 (2014). [CrossRef]