Semi-device-independent multiparty quantum key distribution in the asymptotic limit

Yonggi Jo; Wonmin Son

doi:10.1364/OSAC.2.000814

1. Introduction

Quantum key distribution (QKD) is a novel scheme to share a random secret key between two distant authorized parties, Alice and Bob, by exploiting the principles of quantum mechanic. This protocol provides an information-theoretic security under a potential attack of malicious eavesdropper, conventionally called Eve. The first proposal of QKD, called BB84 protocol [1], exploits quantum superposition and no-cloning theorem [2] to guarantee its security. Subsequently, E91 protocol was suggested whose security is based on nonlocality [3]. After these proposals, many efforts have been made to analyse the security of the QKD protocols based on various quantum principles [4–10].

Although QKD protocols provide an information theoretic security theoretically, it was shown that the implementation of practical QKD system can have security defects due to imperfections of devices. An attack exploits the imperfections is known as a side channel attack, including photon number splitting attack [11], detector efficiency mismatch attack [12], detector blinding attack [13,14]. To overcome threats of all side channel attacks, device-independent (DI) security analysis was proposed [15–20]. In the DI analysis, the security of key string is based on the nonlocality verified by the Clauser-Horne-Shimony-Holt (CHSH) inequality [21]. However, it is assumed that successive rounds of QKD must be completely independent. Without such assumption, fully DI analysis was proposed [22–25] which only assume that the devices are modeled by the laws of quantum mechanics and they are spatially separated from each other and from Eve.

However, the implementation of the fully DI-QKD requires a loophole-free Bell test that poses high technological demands [26,27]. Therefore, there have been many suggestions to increase the practicality of QKD by loosening some constraints of the fully DI-QKD. The semi-DI (SDI) QKD was proposed with the quantum system of which dimensionality is bounded [28–30]. The one-sided DI-QKD, which one party has trusted devices and the other has a black box, was proposed as well [31,32]. The measurement-device-independent (MDI) QKD was proposed to remove all side channel attacks against measurement devices [33–36]. These QKD protocols are more practical than the fully DI-QKD, while they can prevent a part of side channel attacks.

In another branch of quantum communication research, quantum networks have been studied in order to generate connection among multiparty rather than one-to-one connection in the advent of quantum technologies [37–41]. In the circumstance, secret information sharing protocols among many authorized parties, including $N$-partite QKD ($N$-QKD) and quantum secret sharing (QSS), have been studied [42–54]. In $N$-QKD, all parties who share a multipartite entangled state are authorized parties and they distribute a random secret key. Strict security analyses of $N$-QKD have been studied in recent years. In 2017, the security of $N$-QKD was analysed based on generalized version of the information-theoretic (IT) security analysis [51]. In 2018, the fully DI security analysis of $N$-QKD, named as the fully DI conference key agreement (CKA), was provided [52] as an extension of bipartite DI-QKD [25]. The security of the DI-CKA relies on the relation between the Clauser-Horne-Shimony-Holt (CHSH) [21] and the Mermin-Ardehali-Belinskiĭ-Klyshko (MABK) [55–57] type nonlocality.

In this article, we propose a new security analysis of $N$-QKD based on multipartite nonlocality. Nonlocal correlations of a multipartite quantum system are verified by MABK inequality as like the DI-CKA. However, different from the DI-CKA, our analysis does not provide the fully DI security since our analysis is provided under the restriction that successive trials are completely independent. So Eve’s attack is restricted to an independent and identically distributed (i.i.d.) attack. For this reason, we call our analysis as SDI security analysis. The SDI analysis provides an asymptotic secret key rate of $N$-QKD. We construct a relation between a secret key rate of $N$-QKD and an expectation value of MABK operator. It is shown the SDI analysis can prevent some side channel attacks, which the IT analysis can not. The effect of the i.i.d. assumption in $N$-QKD with varying $N$, the number of authorized parties, is shown by comparing the DI-CKA and the SDI analysis. We compare the secret key rates obtained by using the IT analysis, the DI-CKA, and the SDI analysis in the same quantum depolarization noise as well.

The article is structured as follows. We introduce MABK inequality and present a schematic descriptions of $N$-QKD in Sec. 2. In Sec. 3 we present the SDI security analysis based on MABK inequality and we compare the secret key rate evaluated by using the proposed SDI analysis to that evaluated by using the IT analysis and that of the DI-CKA. Finally, conclusion is drawn in Sec. 4.

2. Schematic description of multiparty QKD

In a conventional QKD, a two-dimensional quantum system, called a qubit [58], is exploited as an information carrier. MABK inequality [55] is known as a tight inequality of a multiparty qubit system [59]. The definition of the operator to evaluate MABK inequality is shown in Eq. (1):

(1)$$\begin{aligned} \hat{M}_{1}&=\hat{X}'_{1}\\ \hat{M}_{N}&=\frac{1}{2}\left[\hat{M}_{N-1}(\hat{X}'_{N}+\hat{Y}'_{N})+\hat{\bar{M}}_{N-1}(\hat{X}'_{N}-\hat{Y}'_{N})\right]\end{aligned}$$

where $\hat {X}'$ and $\hat {Y}'$ are 2-outcome measurement operators which are ideally equal to the Pauli $X$ and $Y$ operators, $N$ is the number of parties, and $\hat {\bar {M}}$ is obtained from $\hat {M}$ by interchanging $\hat {X}'$ operator and $\hat {Y}'$ operator [60,61]. The subscripts of the operators $\hat {X}'$ and $\hat {Y}'$ denote labels of the parties, where $1$ means Alice, and $k$ means $(k-1)$-th Bob for $2\le k\le N$. If we exclude the quantum theory, an upper bound of an expectation value of the MABK operator is evaluated as shown in Eq. (2):

(2)$$\langle{\hat{M}_{N}}\rangle_{LR}\le 1.$$

The right-hand side of this inequality is called the local realistic bound of MABK inequality. In the consideration of the quantum theory, an expectation value of the $N$-party MABK operator, $S_{N}$, has the maximum value shown in Eq. (3):

(3)$$S_{N}=\langle{\hat{M}_{N}}\rangle_{Q}\le 2^{\frac{N-1}{2}}.$$

The value written in the right-hand side of Eq. (3) is called the quantum bound of the $N$-party MABK inequality. The quantum state that gives the quantum bound is known as a special type of multipartite entangled state, called Greenberger-Horne-Zeilinger (GHZ) state [62]. If the measurements are well aligned, i.e. $\hat {X}'=\hat {X}$ and $\hat {Y}'=\hat {Y}$, the $N$-qubit GHZ state that satisfies the quantum bound is given as shown in Eq. (4):

(4)$$|GHZ\rangle_{N}=\frac{1}{\sqrt{2}}\left(|0\rangle^{\otimes N}+e^{i\theta(N)} |1\rangle^{\otimes N}\right)$$

where $\theta (N)=\left [(N-1) \pi \right ]/4$, and $|{0}\rangle$ and $|{1}\rangle$ are eigenstates of the Pauli $Z$ operator, $\hat {Z}$.

Fig. 1. A schematic diagram of $N$-QKD. Alice generates a $N$-qubit GHZ state. Subsequently, Alice keeps one qubit and distributes the others to Bobs.

Download Full Size | PDF

In a conventional bipartite entanglement QKD protocol [3–7], the maximally entangled states, called Bell states, are exploited to distribute a secret key. One of the four orthonormal Bell states is described in Eq. (5):

(5)$$ |{\Phi^{+}}\rangle =\frac{1}{\sqrt{2}}\left(|{0,0}\rangle+ |{1,1}\rangle\right).$$

In a bipartite QKD protocol, the authorized two parties, Alice and Bob, exploit two measurement bases, such as $\hat {Z}$ and $\hat {X}$, to share a random secret key since correlations between Alice and Bob’s measurement outcomes are preserved under a basis transformation as shown in Eq. (6):

(6)$$\begin{aligned} |{\Phi^{+}}\rangle &=\frac{1}{\sqrt{2}}\left(|{0,0}\rangle+ |{1,1}\rangle\right)\\ &=\frac{1}{\sqrt{2}}\left(|{+,+}\rangle+|{-,-}\rangle\right) \end{aligned}$$

where $|{+}\rangle$ and $|{-}\rangle$ are eigenstates of $\hat {X}$. With the Bell state, Alice and Bob obtain always the same outcome $1$ ($|{0}\rangle$, $|{+}\rangle$) or $-1$ ($|{1}\rangle$, $|{-}\rangle$) if both of them use $Z$- or $X$-measurement (Fig. 2).

On the other hand, a form of correlation of the $N$-partite GHZ state is changed under a basis transformation. An example is described in Eq. (7):

(7)$$\begin{aligned} |{GHZ}\rangle_{3}&=\frac{1}{\sqrt{2}}\left(|{0,0,0}\rangle+i|{1,1,1}\rangle\right)\\ &=\frac{1}{2}\left(|{i-,i+,i+}\rangle+|{i+,i-,i+}\rangle+|{i+,i+,i-}\rangle+|{i-,i-,i-}\rangle\right)\end{aligned}$$

where $|{i+}\rangle$ and $|{i-}\rangle$ are eigenstates of $\hat {Y}$. If all three users measure the GHZ state with $\hat {Z}$, they always obtain the same outcome, $1$ ($|{0}\rangle$) or $-1$ ($|{1}\rangle$). However, if they measure with $Y$-measurement, outcome set of the three users is one of the followings: $\{-1,1,1\}$, $\{1,-1,1\}$, $\{1,1,-1\}$, and $\{-1,-1,-1\}$ where $1$ and $-1$ are corresponding to $|{i+}\rangle$ and $|{i-}\rangle$ respectively. In the sets, Alice, the first user, cannot predict the outcome of the other users from her outcome. For instance, when her outcome is $-1$, there are two possible results that the other two users obtain both $1$, or both $-1$. Therefore, the three users can share a secret only when all of them use the $Z$-measurement (Fig. 3).

The procedure of the $N$-QKD we propose is given as follows:

1. Alice generates a $N$-partite GHZ state described in Eq. (4). She keeps one qubit and distributes the others to $(N-1)$ Bobs.
2. Alice and Bobs choose a measurement basis randomly from among $\{\hat {X}', \hat {Y}', \hat {Z}'\}$.
3. Alice and Bobs announce their measurement bases through the classical(public) channel.
4.
- (a) Alice and Bobs announce their outcomes if their measurement bases are included in $\{\hat {X}',\hat {Y}'\}$.
- (b) Alice and Bobs keep their outcomes if all of them use the $Z'$-measurement.
- (c) The other trials are discarded.
5. After several repetitions of the steps 1–4, the authorized parties perform a post-processing.
- (a) They evaluate $S_{N}$ from the revealed measurement outcomes.
- (b) They perform the reconciliation (error correction) and the privacy amplification through the classical channel by comparing the information of the unrevealed outcomes and $S_{N}$.

If there are pre-shared secret keys, it is possible that the authorized parties perform $X'$- or $Y'$-measurement randomly for assigned rounds and perform $Z'$-measurement for the other rounds instead of a random basis choice in step 2.

To guarantee the security of this $N$-QKD, the following assumptions are necessary.

1. The authorized parties have measurement devices corresponding to $X'$-, $Y'$-, and $Z'$-measurement and their outcomes are $-1$ or $1$. The measurement operators satisfies $\hat {X}'=\hat {X}$, $\hat {Y}'=\hat {Y}$, and $\hat {Z}'=\hat {Z}$ in the ideal setup.
2. The authorized parties hold trusted random number generators to select a measurement basis randomly.
3. The successive trials of the $N$-QKD must be completely independent.
4. The laboratory of each authorized party is isolated from the outside to prevent unindented information leakage or inflow.
5. The GHZ state generator is isolated from Alice’s measurement setup, so it can be assumed that Eve holds the source while Alice’s measurement is isolated from Eve.
6. To ensure the security of the $N$-QKD based on the nonlocality, a loophole-free nonlocality test must be performed [26,27,63–66].

Under these assumptions, the GHZ state generator and the measurement devices of the authorized parties are not trusted.

Fig. 2. A schematic diagram for generating the 3-photon GHZ state based on Fig. 1(a) in [67]. In this setup, 3-photon polarization GHZ state is generated by using cascade entangled photon sources (EPSs). $| {H}\rangle$ and $| {V}\rangle$ are corresponding to the eigenstates of $\hat {Z}$, $| {0} \rangle$ and $| {1}\rangle$, in the maintext. Normalization factors are ignored in the diagram. QWP : quarter wave plate.

Download Full Size | PDF

Fig. 3. A schematic diagram for implementing photonic polarization $X$-, $Y$-, and $Z$-measurement used in [67]. Measurement basis can be chosen by controlling the motorized wave plate (MWP). Subsequently, the incoming photon goes to the polarization beam splitter (PBS). Polarization of the incoming photon is measured from a click of a single photon detector (SPD).

Download Full Size | PDF

Any experimental setup that is able to test MABK inequality can be exploited to perform this $N$-QKD. The generation of a photonic multipartite entangled state has been demonstrated [67–74], and there have been experimental tests of the multipartite nonlocality in photonic systems as well [75–79]. The $N$-partite QSS protocols that exploit $N$-partite entangled states were demonstrated successfully [80,81]. It is expected that the experimental setups of these QSS protocols are exploited to demonstrate the $N$-QKD.

3. Security analysis

Before we provide the SDI security analysis, we introduce extended depolarization procedure that is assumed in the IT analysis [51]. We follow the notations used in [51]. Orthonormal states of $N$-partite entangled qubits, is described as follows:

(8)$$|{\psi^{\pm}_{j}}\rangle =\frac{1}{\sqrt{2}}\left(|{0}\rangle|{j}\rangle\pm e^{i\theta(N)}|{1}\rangle|{\bar{j}}\rangle\right)$$

where $j\in \{ 0,1,\ldots ,2^{N-1}-1 \}$, $\bar {j}=(2^{N-1}-1) \oplus j$. Both $j$ and $\bar {j}$ are described in binary notation and $\oplus$ denotes a binary EXCLUSIVE OR operation symbol. For example, when $N=5$, if $j=0100$ then $\bar {j}=1011$. Any $N$-partite entangled qubit system can be represented as a mixture of these orthonormal states.

A depolarization operation can be decomposed to a sequence of local operations. The set of the extended depolarizing channel $\mathbf {D}$ is written in Eq. (9):

(9)$$\mathbf{D}=\{\hat{X}^{\otimes N}\}\cup\{\hat{Z}_{A}\hat{Z}_{B_{i}}|1\le j\le N-1\}\cup\{\hat{R}_{k}|1\le k \le N-1\}$$

and $\hat {R}_{k}$ is defined as shown in Eq. (10):

(10)$$\hat{R}_{k}|{\psi^{\sigma}_{j}}\rangle = \left\{\begin{matrix} |{\psi^{\sigma}_{j}}\rangle & \textrm{if}\ j^{(k)}=0,\\ -i|{\psi^{-\sigma}_{j}}\rangle & \textrm{if}\ j^{(k)}=1 \end{matrix}\right. $$

where $\sigma \in \{+,-\}$ and $j^{(k)}$ is the $k$-th bit of the bit string $j$, i.e. the $Z$-measurement outcome of $(k-1)$-th Bob. The parties apply each of the depolarizing operators with probability $1/2$ or apply identity operation, $\hat {I}$, otherwise. Then we obtain the condition $\lambda ^{+}_{j}=\lambda ^{-}_{j}$ for $j\ge 1$. The form of a density matrix of the total state that Alice and Bobs share is described as follows:

(11)$$\hat{\rho}_{N}=\lambda^{+}_{0}|{\psi^{+}_{0}}\rangle\langle {\psi^{+}_{0}}|+\lambda^{-}_{0}|{\psi^{-}_{0}}\rangle\langle {\psi^{-}_{0}} |+\sum_{j=1}^{2^{N-1}-1}\lambda_{j}\left(|{\psi^{+}_{j}}\rangle\langle {\psi^{+}_{j}}|+|{\psi^{-}_{j}}\rangle\langle {\psi^{-}_{j}}|\right).$$

This depolarized state also can be obtained by tracing out Eve’s system when Eve hold purification of the whole quantum systems, which the authorized parties and Eve have. It is known that an attack exists, which provides Eve with this purification, and Eve can obtain the maximum amount of information about the shared secret key by using the attack [8]. Therefore, if we analyse security of the depolarized state, it is equivalent to analysing the security of our protocol against Eve.

The form of a density matrix written in Eq. (11) cannot represent a general $N$-qubit state, but it was proven that if we know the initial $N$-qubit state, it can be brought to the form of Eq. (11) by means of local operations and classical communication (LOCC) [82]. In our scenario, a density matrix of the initially distributed quantum state can be constructed from the revealed $X'$- and $Y'$-measurement outcomes, so the authorized parties can try the appropriate LOCC to bring their quantum state to the form of Eq. (11). This LOCC makes the marginals for each ideal measurement be random, i.e. $\langle {\hat {X}'_{k}}\rangle =\langle {\hat {Y}'_{k}}\rangle =0$ for all $k\in \{1,2,\ldots ,N-1,N\}$. The density matrix described in Eq. (11) represents the quantum state after distribution through quantum channels although the original state that Alice wants to distribute is the $N$-partite GHZ state, $|{\psi ^{+}_{0}}\rangle$. Therefore, it is natural that $\lambda _{0}^{+}$ is assumed as the largest value among all $\lambda$s.

First, we provide our security analysis about i.i.d. states and measurements. An asymptotic secret key rate of the $N$-QKD can be calculated from the equation [7,8,51] shown in Eq. (12):

(12)$$r_{\min}=\min_{1\le k \le N-1}\left[I(A,B_{k})\right]-\chi(A;E)$$

where $I(A,B_{j})$ is mutual information between Alice and $j$-th Bob, and $\chi (A;E)$ is Holevo information [83]. Hereafter, we omit the min in the subscript of $r$.

The mutual information is easily calculated from the density matrix written in Eq. (11), as shown in Eq. (13):

(13)$$\begin{aligned} \min_{1\le k \le N-1}\left[I(A,B_{k})\right]&=\min_{1\le k \le N-1}\left[1-h(Q_{B_{k}})\right]\\ &=1-\max_{1\le k \le N-1}\left[h(Q_{B_{k}})\right]\end{aligned}$$

where $h(x)=-x \log _{2} x - (1-x)\log _{2} (1-x)$ and $Q_{B_{k}}$ is a quantum bit error rate (QBER) between Alice and $k$-th Bob’s $Z'$-measurement outcomes.

The Holevo information is defined as written in Eq. (14):

(14)$$\chi(A;E)= S(\hat{\rho}_{E})-\sum_{z'=\pm 1}p(z')S(\hat{\rho}_{E|z'})$$

where $S(\hat {\rho })$ is the von Neumann entropy and $z'$ is Alice’s $Z'$-measurement outcome. To evaluate an upper bound of the Holevo information, we assume Eve’s purified quantum state as shown in Eq. (15):

(15)$$|{\Psi}\rangle_{ABsE}=\sum_{j=0}^{2^{N-1}-1}\sum_{\sigma=\pm}\sqrt{\lambda_{j}^{\sigma}}|{\psi_{j}}\rangle|{e_{j}}\rangle.$$

By tracing Eve out, Alice and Bobs obtain the Eq. (11). The von Neumann entropy of Eve’s system can be calculated from Eve’s density matrix obtained by tracing all authorized users out as written in Eq. (16):

(16)$$S(\rho_{E})=-\sum_{j=0}^{2^{N-1}-1}\sum_{\sigma=\pm}\lambda_{j}^{\sigma}\log_{2}\lambda_{j}^{\sigma}.$$

To obtain an upper bound of the Holevo information, assume that Alice’s $Z'$-measurement is in the $(x,z)$ plane as written in Eq. (17):

(17)$$\hat{Z}'=\cos \varphi \hat{Z}+\sin\varphi \hat{X}.$$

Then the eigenstates of $\hat {Z}'$ are written as

(18)$$|{z'}\rangle=\sqrt{\frac{1+z' \cos \varphi}{2}}|{0}\rangle+z' \sqrt{\frac{1-z' \cos \varphi}{2}}|{1}\rangle$$

where $z'$ is $1$ or $-1$. From the reduced density matrix of Alice and Eve and the eigenstates of $\hat {Z}'$, we can obtain the following relation, which makes the Holevo information be maximized,

(19)$$\frac{1}{2}\min_{\varphi\in[0,\pi]}\left[S(\hat{\rho}_{E|z'=-1})+S(\hat{\rho}_{E|z'=+1})\right]=-\sum_{j=0}^{2^{N-1}-1}(\lambda_{j}^{+}+\lambda_{j}^{-})\log_{2}(\lambda_{j}^{+}+\lambda_{j}^{-})$$

where $1/2$ comes from $p(z'=-1)=p(z'=+1)=1/2$ and the minimum is obtained when $\varphi =0$. Equation (19) can be obtained if we assume that Alice’s $Z'$-measurement is in the $(y,z)$ plane as well. Therefore, the Holevo information is maximized when Alice’s $\hat {Z}'$ is ideal, i.e. $\hat {Z}'=\hat {Z}$.

From Eq. (16) and Eq. (19), an upper bound of the Holevo information can be calculated as shown in Eq. (20):

(20)$$\chi(A;E)\le -\lambda_{0}^{+}\log_{2}\lambda_{0}^{+}-\lambda_{0}^{-}\log_{2}\lambda_{0}^{-}+(\lambda_{0}^{+}+\lambda_{0}^{-})\log_{2}(\lambda_{0}^{+}+\lambda_{0}^{-})+1-\lambda_{0}^{+}-\lambda_{0}^{-}.$$

The upper bound of the Holevo information is described with $\lambda _{0}^{+}$ and $\lambda _{0}^{-}$ only, since $\lambda _{j}=\lambda _{j}^{+}=\lambda _{j}^{-}$ for $j\in \{1,2,\ldots ,2^{N-1}-1\}$ from Eq. (11). Let us define $F(\lambda _{0}^{+},\lambda _{0}^{-})$ is equal to right-hand side of Eq. (20), we can construct the inequality shown in Eq. (21):

(21)$$F(\lambda_{0}^{+},\lambda_{0}^{-})\le h\left(\frac{1}{2}+\frac{1}{2}\left[\lambda_{0}^{+}-\lambda_{0}^{-}\right]\right)=G(\lambda_{0}^{+},\lambda_{0}^{-})$$

when $\lambda _{0}^{+}$ is the largest value among the $\lambda$s and $\sum _{j,\sigma }\lambda _{j}^{\sigma }=1$.

It is expectable to construct the relation between $G(\lambda _{0}^{+},\lambda _{0}^{-})$ and $S_{N}$, an expectation value of the MABK operator, since $S_{N}$ with the depolarized density matrix written in Eq. (11) is the function relies on only $\lambda _{0}^{+}$ and $\lambda _{0}^{-}$ as shown in Eq. (22):

(22)$$S_{N}=\textrm{Tr}\left(\hat{\rho}_{N}\hat{M}_{N}\right)=2^{\frac{N-1}{2}}\left(\lambda_{0}^{+}-\lambda_{0}^{-}\right).$$

Then we construct the upper bound of the Holevo information that defined from the expectation value of the MABK operator as shown in Eq. (23):

(23)$$\chi(A;E)\le G(\lambda_{0}^{+},\lambda_{0}^{-})\le h\left(\frac{1}{2}+\frac{1}{2}\sqrt{\frac{\max\left[1,(S_{N})^{2}\right]-1}{2^{N-1}-1}}\right)$$

where $\max \left [x_{1},x_{2},\ldots \right ]$ yields the largest value of the $x_{i}$. In this inequality, the upper bound of the Holevo information is zero when $S_{N}$ is equal to the quantum bound, and $1$ when $S_{N}$ is equal to or smaller than the local realistic bound. This inequality always true regardless of $N$ with the conditions that $\lambda _{0}^{+}$ is the largest value among the $\lambda$s and $\sum _{j,\sigma }\lambda _{j}^{\sigma }=1$.

Finally, the relation between a secret key rate of the $N$-QKD and $S_{N}$ is constructed as shown in Eq. (24):

(24)$$r_{N}=1-\max_{ k}\left[h\left(Q_{B_{k}}\right)\right] -h\left(\frac{1}{2}+\frac{1}{2}\sqrt{\frac{\max\left[1,(S_{N})^{2}\right]-1}{2^{N-1}-1}}\right).$$

The secret key rate $r_{N}$ becomes zero when $S_{N}$ is smaller than or equal to the local realistic bound even when $Q_{B_{k}}=0$ for all possible $k$, and $r_{N}$ becomes the maximum, $1$, when $S_{N}$ is equal to the quantum bound and $Q_{B_{k}}$ is zero for all $k$. When we put $N=2$ in Eq. (24), the secret key rate $r_{2}$ becomes the same with that of the bipartite DI-QKD in the asymptotic limit [19,20].

The secret key rate written in Eq. (24) is obtained under the i.i.d. states and measurements. Now, we generalize the secret key rate for different states and measurements. Let us define the upper bound of the Holevo information as shown in Eq. (25):

(25)$$W(S)=h\left(\frac{1}{2}+\frac{1}{2}\sqrt{\frac{\max\left[1,(S_{N})^{2}\right]-1}{2^{N-1}-1}}\right)$$

where we omit $N$ in the subscript of $S$. If Eve sends a mixture of depolarized states $\sum _{i}p_{i}\hat {\rho }_{i}$, and the authorized parties chooses the measurements which are not necessary to be identical, the Holevo information becomes $\chi (A;E)=\sum _{i}p_{i}\chi _{i}(A;E)$. Then $\sum _{i}p_{i}\chi _{i}(A;E)\le \sum _{i}p_{i}W(S_{i})$. From Eq. (25), we find the following inequality:

(26)$$\sum_{i}p_{i}\chi_{i}(A;E)\le \sum_{i}p_{i}W(S_{i})\le W(\sum_{i}p_{i}S_{i})$$

since the function $W(S)$ is concave function. An expectation value of the MABK operator satisfies $S_{tot} \le \sum _{i}p_{i}S_{i}$, where $S_{tot}$ is the expectation value of the mixture of depolarized states, as it is true for CHSH [19]. Since $W(S)$ is a monotonically decreasing function, finally, we find $\chi (A;E)\le W(S_{tot})$. Note that the assumption that successive trials are independent still must hold.

Now, we compare the SDI analysis to the IT analysis of the $N$-QKD about security against a side channel attack. As an example, let us assume that Eve occupies the source part of the $N$-QKD, which is the GHZ state generator in the ideal $N$-QKD. In the circumstances, Eve can perform a side-channel attack against detectors of the authorized parties through the quantum channel, such as detector-blinding attacks [13,14]. In the detector-blinding attack, Eve sends strong light to single photon detectors involved in the setup of the authorized parties through the quantum channel. By doing this, Eve can control a click of the detectors because of malfunction of the detectors. When Eve’s encoding basis and a measurement basis of the authorized party are the same, while a detector click does not occur when the encoding basis and the measurement basis are different. Since an error is induced in outcome statistics of the authorized parties when Eve’s encoding basis and the measurement basis are different, the authorized parties cannot detect the existence of Eve under this attack in a conventional QKD protocol. By performing this attack, Eve can make measurement outcomes of the authorized parties be always $|{0}\rangle$ for $Z$-measurement, $|{+}\rangle$ for $X$-measurement, and $|{i+}\rangle$ for $Y$-measurement. Under this attack, $Q_{B_{k}}=0$ for all possible $k$ since the outcomes of $Z$-measurement are always the same.

In the IT analysis, the Holevo information relies on a phase error rate $Q_{p}$ which is obtained from the following equation: $Q_{p}=(1-\langle {\hat {X}^{\otimes N}}\rangle )/2$ [51]. Under the attack, the outcomes of $X$-measurement are 1 for all authorized parties, therefore $Q_{p}=0$ is obtained. So Alice and Bobs distribute secret keys from their outcomes, even when Eve has full information about the secret keys.

If we analyse the same outcome statistics by using the SDI analysis, $S_{N}$ is equal to the local realistic bound. Since there is no nonlocal correlation, a secret key rate becomes zero. Moreover, the detector blinding attack is forbidden in the assumptions of the SDI analysis since detection efficiency of the detectors should be close to $1$ for a loophole-free nonlocality test. In the detector blinding attack, a click event occurs only when Eve and $i$-th Bob choose the same basis, so a loophole-free nonlocality test is impossible. From this example, we can conclude that the SDI analysis provide more secure than the IT analysis, since there is an attack strategy that the SDI analysis can prevent while the IT analysis cannot.

We compare asymptotic secret key rates obtained by using the SDI analysis, the IT analysis [51] of $N$-QKD and the DI-CKA [52]. In the evaluation of the key rates, we assumed the ideal case, which means that there is no Eve and devices are well manufactured. Figures 4 and 5 show the secret key rates under depolarizing noise. The density matrix under the depolarizing noise is shown in Eq. (27):

(27)$$\hat{\rho}_{N,\textrm{dp}}=\lambda^{+}_{0}|{\psi^{+}_{0}}\rangle\langle {\psi^{+}_{0}}|+\frac{1-\lambda^{+}_{0}}{2^{N}-1}\left(I-|{\psi^{+}_{0}}\rangle\langle {\psi^{+}_{0}}|\right).$$

$\lambda ^{\pm }_{0}$ can be written in terms of a multiparty QBER, $Q_{b}$, defined as the ratio between total trials and the trials that at least one Bob’s $Z$-measurement outcome is different from Alice’s $Z$-measurement outcome. The relations between $\lambda _{0}^{\pm }$ and $Q_{b}$ are shown in Eq. (28):

(28)$$\begin{aligned} \lambda^{+}_{0}&=1-\frac{(2^{N}-1)Q_{b}}{2^{N}-2}\\ \lambda^{-}_{0}&=\frac{Q_{b}}{2^{N}-2}.\end{aligned}$$

Fig. 4. Comparison among the secret key rates of $N$-QKD obtained by using the proposed SDI analysis (solid lines), the IT analysis (dashed lines) and the secret key rate of DI-CKA (dotted lines) under the depolarizing noise. The black lines represent the secret key rates when the number of authorized parties is $3$, and the red lines does when the number of parties is $11$.

Download Full Size | PDF

Fig. 5. (a) The secret key rates of $N$-QKD under the depolarizing channel noise with the various number of parties $N$. The secret key rates are evaluated by using the proposed SDI analysis. It is shown that the secret key rate becomes more efficient for increasing $N$. (b) The threshold of multiparty QBER $Q_{b}$ when the secret key rate becomes zero against the number of parties $N$ in the depolarizing channel noise. The difference between the thresholds QBER of $N$-QKD and $(N+1)$-QKD becomes smaller for increasing $N$.

Download Full Size | PDF

Figure 4 shows asymptotic secret key rates obtained by using the SDI analysis (solid lines), the IT analysis (dashed lines) [51] and the DI-CKA (dotted lines) [52]. The black lines represent the secret key rates when the number of parties is $3$, and the red lines does when the number of parties is $11$. The secret key rates obtained by using the SDI analysis are in the middle of those evaluated by using the IT analysis and the DI-CKA. Since the DI-CKA provides fully DI security even against beyond i.i.d. adversary, the secret key rates of the DI-CKA is the lowest and the secret key rate decrease when the number of parties increase. The secret key rates obtained by using the SDI analysis and the IT analysis, which provide security against i.i.d. adversary, become more efficient with increasing $N$.

Figure 5(a) shows the secret key rates of various party numbers $N$ evaluated by using the SDI analysis. The secret key rate of the $N$-QKD becomes higher with increasing $N$ and the difference between the secret key rate of $N$-QKD and $(N+1)$-QKD becomes smaller when $N$ increases. The decrease of the difference can be also seen in Fig. 5(b). Figure 5(b) shows the relation between the threshold of multiparty QBER when the secret key rate becomes zero and the number of parties. In the plot, it is shown that the increase of the threshold becomes insignificant when $N$ is larger than $8$.

4. Conclusion

In this article, we presented SDI security analysis of $N$-QKD in the asymptotic limit based on MABK inequality. We show the SDI analysis can prevent a side channel attack that threatens the IT analysis. It was shown that a secret key rate evaluated by using the SDI analysis becomes more efficient with increasing $N$ while that of the DI-CKA, which provides fully DI security, becomes lower with the same condition. The tendency of the difference of secret key rates between $N$-QKD and $(N+1)$-QKD when $N$ increases is shown as well.

Funding

National Research Council of Science and Technology (NST) (CAP-15-08-KRISS).

Acknowledgments

Y. Jo thanks to the Agency for Defense Development for the graduate student scholarship program. W. Son acknowledges the University of Oxford and the Korea Institute for Advanced Study (KIAS) for their visitorship program.

References

1. C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, (IEEE, 1984), p. 175

2. W. K. Wootters and W. H. Zurek, “A single quantum cannot be cloned,” Nature 299(5886), 802–803 (1982). [CrossRef]

3. A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef]

4. D. Deutsch, A. Ekert, R. Jozsa, C. Macchiavello, S. Popescu, and A. Sanpera, “Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels,” Phys. Rev. Lett. 77(13), 2818–2821 (1996). [CrossRef]

5. D. Mayers, “Unconditional security in quantum cryptography,” J. Assoc. Comput. Mach. 48(3), 351–406 (2001). [CrossRef]

6. P. W. Shor and J. Preskill, “Simple Proof of Security of the BB84 Quantum Key Distribution Protocol,” Phys. Rev. Lett. 85(2), 441–444 (2000). [CrossRef]

7. I. Devetak and A. Winter, “Distillation of secret key and entanglement from quantum states,” Proc. R. Soc. London, Ser. A 461(2053), 207–235 (2005). [CrossRef]

8. R. Renner, N. Gisin, and B. Kraus, “Information-theoretic security proof for quantum-key-distribution protocols,” Phys. Rev. A 72(1), 012332 (2005). [CrossRef]

9. M. Koashi, “Unconditional security of quantum key distribution and the uncertainty principle,” J. Phys. Conf. Ser. 36, 98–102 (2006). [CrossRef]

10. M. Koashi, “Simple security proof of quantum key distribution based on complementarity,” New J. Phys. 11(4), 045018 (2009). [CrossRef]

11. G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders, “Limitations on practical quantum cryptography,” Phys. Rev. Lett. 85(6), 1330–1333 (2000). [CrossRef]

12. V. Makarov, A. Anisimov, and J. Skaar, “Effects of detector efficiency mismatch on security of quantum cryptosystems,” Phys. Rev. A 74(2), 022313 (2006). [CrossRef]

13. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics 4(10), 686–689 (2010). [CrossRef]

14. A. Huang, S. Sajeed, P. Chaiwongkhot, M. Soucarros, M. Legre, and V. Makarov, “Testing Random-Detector-Efficiency Countermeasure in a Commercial System Reveals a Breakable Unrealistic Assumption,” IEEE J. Quantum Electron. 52(11), 1–11 (2016). [CrossRef]

15. J. Barrett, L. Hardy, and A. Kent, “No signaling and quantum key distribution,” Phys. Rev. Lett. 95(1), 010503 (2005). [CrossRef]

16. A. Acín, N. Gisin, and L. Masanes, “From Bell’s Theorem to Secure Quantum Key Distribution,” Phys. Rev. Lett. 97(12), 120405 (2006). [CrossRef]

17. A. Acín, S. Massar, and S. Pironio, “Efficient quantum key distribution secure against no-signalling eavesdroppers,” New J. Phys. 8(8), 126 (2006). [CrossRef]

18. V. Scarani, N. Gisin, N. Brunner, L. Masanes, S. Pino, and A. Acín, “Secrecy extraction from no-signaling correlations,” Phys. Rev. A 74(4), 042339 (2006). [CrossRef]

19. A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-Independent Security of Quantum Cryptography against Collective Attacks,” Phys. Rev. Lett. 98(23), 230501 (2007). [CrossRef]

20. S. Pironio, A. Acín, N. Brunner, N. Gisin, S. Massar, and V. Scarani, “Device-independent quantum key distribution secure against collective attacks,” New J. Phys. 11(4), 045021 (2009). [CrossRef]

21. J. F. Clauser, M. A. Horne, A. Shimony, and R. A. Holt, “Proposed Experiment to Test Local Hidden-Variable Theories,” Phys. Rev. Lett. 23(15), 880–884 (1969). [CrossRef]

22. J. Barrett, R. Colbeck, and A. Kent, “Unconditionally secure device-independent quantum key distribution with only two devices,” Phys. Rev. A 86(6), 062326 (2012). [CrossRef]

23. J. Barrett, R. Colbeck, and A. Kent, “Memory Attacks on Device-Independent Quantum Cryptography,” Phys. Rev. Lett. 110(1), 010503 (2013). [CrossRef]

24. B. W. Reichardt, F. Unger, and U. Vazirani, “Classical command of quantum systems,” Nature 496(7446), 456–460 (2013). [CrossRef]

25. U. Vazirani and T. Vidick, “Fully Device-Independent Quantum Key Distribution,” Phys. Rev. Lett. 113(14), 140501 (2014). [CrossRef]

26. J.-Å. Larsson, M. Giustina, J. Kofler, B. Wittmann, R. Ursin, and S. Ramelow, “Bell-inequality violation with entangled photons, free of the coincidence-time loophole,” Phys. Rev. A 90(3), 032107 (2014). [CrossRef]

27. W. Rosenfeld, D. Burchardt, R. Garthoff, K. Redeker, N. Ortegel, M. Rau, and H. Weinfurter, “Event-Ready Bell Test Using Entangled Atoms Simultaneously Closing Detection and Locality Loopholes,” Phys. Rev. Lett. 119(1), 010402 (2017). [CrossRef]

28. M. Pawłowski and N. Brunner, “Semi-device-independent security of one-way quantum key distribution,” Phys. Rev. A 84(1), 010302 (2011). [CrossRef]

29. Y. Wang, W.-S. Bao, H.-W. Li, C. Zhou, and Y. Li, “Security of a practical semi-device-independent quantum key distribution protocol against collective attacks,” Chin. Phys. B 23(8), 080303 (2014). [CrossRef]

30. C. Zhou, P. Xu, W.-S. Bao, Y. Wang, Y. Zhang, M.-S. Jiang, and H.-W. Li, “Finite-key bound for semi-device-independent quantum key distribution,” Opt. Express 25(15), 16971–16980 (2017). [CrossRef]

31. C. Branciard, E. G. Cavalcanti, S. P. Walborn, V. Scarani, and H. M. Wiseman, “One-sided device-independent quantum key distribution: Security, feasibility, and the connection with steering,” Phys. Rev. A 85(1), 010301 (2012). [CrossRef]

32. Y. Wang, W.-s. Bao, H.-w. Li, C. Zhou, and Y. Li, “Finite-key analysis for one-sided device-independent quantum key distribution,” Phys. Rev. A 88(5), 052322 (2013). [CrossRef]

33. H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 108(13), 130503 (2012). [CrossRef]

34. Y. Jo and W. Son, “Key-rate enhancement using qutrit states for quantum key distribution with askew aligned sources,” Phys. Rev. A 94(5), 052316 (2016). [CrossRef]

35. L. Dellantonio, A. S. Sørensen, and D. Bacco, “High-dimensional measurement-device-independent quantum key distribution on two-dimensional subspaces,” Phys. Rev. A 98(6), 062301 (2018). [CrossRef]

36. Y. Jo, K. Bae, and W. Son, “Enhanced Bell state measurement for efficient measurement-device-independent quantum key distribution using 3-dimensional quantum states,” Sci. Rep. 9(1), 687 (2019). [CrossRef]

37. A. Acín, J. I. Cirac, and M. Lewenstein, “Entanglement percolation in quantum networks,” Nat. Phys. 3(4), 256–259 (2007). [CrossRef]

38. M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, J. F. Dynes, S. Fasel, S. Fossier, M. Fürst, J.-D. Gautier, O. Gay, N. Gisin, P. Grangier, A. Happe, Y. Hasani, M. Hentschel, H. Hübel, G. Humer, T. Länger, M. Legré, R. Lieger, J. Lodewyck, T. Lorünser, N. Lütkenhaus, A. Marhold, T. Matyus, O. Maurhart, L. Monat, S. Nauerth, J.-B. Page, A. Poppe, E. Querasser, G. Ribordy, S. Robyr, L. Salvail, A. W. Sharpe, A. J. Shields, D. Stucki, M. Suda, C. Tamas, T. Themel, R. T. Thew, Y. Thoma, A. Treiber, P. Trinkler, R. Tualle-Brouri, F. Vannel, N. Walenta, H. Weier, H. Weinfurter, I. Wimberger, Z. L. Yuan, H. Zbinden, and A. Zeilinger, “The SECOQC quantum key distribution network in Vienna,” New J. Phys. 11(7), 075001 (2009). [CrossRef]

39. F. Xu, W. Chen, S. Wang, Z. Yin, Y. Zhang, Y. Liu, Z. Zhou, Y. Zhao, H. Li, D. Liu, Z. Han, and G. Guo, “Field experiment on a robust hierarchical metropolitan quantum cryptography network,” Chin. Sci. Bull. 54(17), 2991–2997 (2009). [CrossRef]

40. M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, S. Miki, T. Yamashita, Z. Wang, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the Tokyo QKD Network,” Opt. Express 19(11), 10387 (2011). [CrossRef]

41. D. Stucki, M. Legré, F. Buntschu, B. Clausen, N. Felber, N. Gisin, L. Henzen, P. Junod, G. Litzistorf, P. Monbaron, L. Monat, J.-B. Page, D. Perroud, G. Ribordy, A. Rochas, S. Robyr, J. Tavares, R. Thew, P. Trinkler, S. Ventura, R. Voirol, N. Walenta, and H. Zbinden, “Long-term performance of the swissquantum quantum key distribution network in a field environment,” New J. Phys. 13(12), 123001 (2011). [CrossRef]

42. M. Hillery, V. Bužek, and A. Berthiaume, “Quantum secret sharing,” Phys. Rev. A 59(3), 1829–1834 (1999). [CrossRef]

43. A. Karlsson, M. Koashi, and N. Imoto, “Quantum entanglement for secret sharing and secret splitting,” Phys. Rev. A 59(1), 162–168 (1999). [CrossRef]

44. A. Cabello, “Multiparty key distribution and secret sharing based on entanglement swapping,” arXiv:quant-ph/0009025 (2000).

45. V. Scarani and N. Gisin, “Quantum communication between $\mathit {N}$ partners and bell’s inequalities,” Phys. Rev. Lett. 87(11), 117901 (2001). [CrossRef]

46. V. Scarani and N. Gisin, “Quantum key distribution between N partners: Optimal eavesdropping and Bell’s inequalities,” Phys. Rev. A 65(1), 012311 (2001). [CrossRef]

47. K. Chen and H.-K. Lo, “Conference key agreement and quantum sharing of classical secrets with noisy GHZ states,” in Proceedings. Int. Symp. Inf. Theory, 2005. ISIT 2005., (IEEE, 2005), pp. 1607–1611.

48. Z.-j. Zhang, Y. Li, and Z.-x. Man, “Multiparty quantum secret sharing,” Phys. Rev. A 71(4), 044301 (2005). [CrossRef]

49. R. Matsumoto, “Multiparty quantum-key-distribution protocol without use of entanglement,” Phys. Rev. A 76(6), 062316 (2007). [CrossRef]

50. A. Maitra, S. J. De, G. Paul, and A. K. Pal, “Proposal for quantum rational secret sharing,” Phys. Rev. A 92(2), 022305 (2015). [CrossRef]

51. M. Epping, H. Kampermann, C. Macchiavello, and D. Bruß, “Multi-partite entanglement can speed up quantum key distribution in networks,” New J. Phys. 19(9), 093012 (2017). [CrossRef]

52. J. Ribeiro, G. Murta, and S. Wehner, “Fully device-independent conference key agreement,” Phys. Rev. A 97(2), 022307 (2018). [CrossRef]

53. M. Choi, Y. Lee, and S. Lee, “Quantum secret sharing and Mermin operator,” Quantum Inf. Process. 17(10), 258 (2018). [CrossRef]

54. F. Grasselli, H. Kampermann, and D. Bruß, “Finite-key effects in multipartite quantum key distribution protocols,” New J. Phys. 20(11), 113014 (2018). [CrossRef]

55. N. D. Mermin, “Extreme quantum entanglement in a superposition of macroscopically distinct states,” Phys. Rev. Lett. 65(15), 1838–1840 (1990). [CrossRef]

56. M. Ardehali, “Bell inequalities with a magnitude of violation that grows exponentially with the number of particles,” Phys. Rev. A 46(9), 5375–5378 (1992). [CrossRef]

57. A. V. Belinskiĭ and D. N. Klyshko, “Interference of light and Bell’s theorem,” Phys. Usp. 36(8), 653–693 (1993). [CrossRef]

58. B. Schumacher, “Quantum coding,” Phys. Rev. A 51(4), 2738–2747 (1995). [CrossRef]

59. M. Żukowski and Č. Brukner, “Bell’s Theorem for General N -Qubit States,” Phys. Rev. Lett. 88(21), 210401 (2002). [CrossRef]

60. R. F. Werner and M. M. Wolf, “Bell’s inequalities for states with positive partial transpose,” Phys. Rev. A 61(6), 062102 (2000). [CrossRef]

61. D. Alsina, A. Cervera, D. Goyeneche, J. I. Latorre, and K. Życzkowski, “Operational approach to bell inequalities: Application to qutrits,” Phys. Rev. A 94(3), 032102 (2016). [CrossRef]

62. D. M. Greenberger, M. A. Horne, A. Shimony, and A. Zeilinger, “Bell’s theorem without inequalities,” Am. J. Phys. 58(12), 1131–1143 (1990). [CrossRef]

63. M. Giustina, A. Mech, S. Ramelow, B. Wittmann, J. Kofler, J. Beyer, A. Lita, B. Calkins, T. Gerrits, S. W. Nam, R. Ursin, and A. Zeilinger, “Bell violation using entangled photons without the fair-sampling assumption,” Nature 497(7448), 227–230 (2013). [CrossRef]

64. B. G. Christensen, K. T. McCusker, J. B. Altepeter, B. Calkins, T. Gerrits, A. E. Lita, A. Miller, L. K. Shalm, Y. Zhang, S. W. Nam, N. Brunner, C. C. W. Lim, N. Gisin, and P. G. Kwiat, “Detection-Loophole-Free Test of Quantum Nonlocality, and Applications,” Phys. Rev. Lett. 111(13), 130406 (2013). [CrossRef]

65. B. Hensen, H. Bernien, A. E. Dréau, A. Reiserer, N. Kalb, M. S. Blok, J. Ruitenberg, R. F. L. Vermeulen, R. N. Schouten, C. Abellán, W. Amaya, V. Pruneri, M. W. Mitchell, M. Markham, D. J. Twitchen, D. Elkouss, S. Wehner, T. H. Taminiau, and R. Hanson, “Loophole-free Bell inequality violation using electron spins separated by 1.3 kilometres,” Nature 526(7575), 682–686 (2015). [CrossRef]

66. K. Kostrzewa, W. Laskowski, and T. Vértesi, “Closing the detection loophole in multipartite Bell experiments with a limited number of efficient detectors,” Phys. Rev. A 98(1), 012138 (2018). [CrossRef]

67. D. R. Hamel, L. K. Shalm, H. Hübel, A. J. Miller, F. Marsili, V. B. Verma, R. P. Mirin, S. W. Nam, K. J. Resch, and T. Jennewein, “Direct generation of three-photon polarization entanglement,” Nat. Photonics 8(10), 801–807 (2014). [CrossRef]

68. J.-W. Pan, M. Daniell, S. Gasparoni, G. Weihs, and A. Zeilinger, “Experimental demonstration of four-photon entanglement and high-fidelity teleportation,” Phys. Rev. Lett. 86(20), 4435–4438 (2001). [CrossRef]

69. H. Weinfurter and M. Żukowski, “Four-photon entanglement from down-conversion,” Phys. Rev. A 64(1), 010102 (2001). [CrossRef]

70. S. Gaertner, M. Bourennane, M. Eibl, C. Kurtsiefer, and H. Weinfurter, “High-fidelity source of four-photon entanglement,” Appl. Phys. B 77(8), 803–807 (2003). [CrossRef]

71. P. Walther, M. Aspelmeyer, and A. Zeilinger, “Heralded generation of multiphoton entanglement,” Phys. Rev. A 75(1), 012313 (2007). [CrossRef]

72. X.-C. Yao, T.-X. Wang, P. Xu, H. Lu, G.-S. Pan, X.-H. Bao, C.-Z. Peng, C.-Y. Lu, Y.-A. Chen, and J.-W. Pan, “Observation of eight-photon entanglement,” Nat. Photonics 6(4), 225–228 (2012). [CrossRef]

73. X.-L. Wang, L.-K. Chen, W. Li, H.-L. Huang, C. Liu, C. Chen, Y.-H. Luo, Z.-E. Su, D. Wu, Z.-D. Li, H. Lu, Y. Hu, X. Jiang, C.-Z. Peng, L. Li, N.-L. Liu, Y.-A. Chen, C.-Y. Lu, and J.-W. Pan, “Experimental ten-photon entanglement,” Phys. Rev. Lett. 117(21), 210502 (2016). [CrossRef]

74. Y. Tsujimoto, M. Tanaka, N. Iwasaki, R. Ikuta, S. Miki, T. Yamashita, H. Terai, T. Yamamoto, M. Koashi, and N. Imoto, “High-fidelity entanglement swapping and generation of three-qubit GHZ state using asynchronous telecom photon pair sources,” Sci. Rep. 8(1), 1446 (2018). [CrossRef]

75. Z. Zhao, T. Yang, Y.-A. Chen, A.-N. Zhang, M. Żukowski, and J.-W. Pan, “Experimental violation of local realism by four-photon greenberger-horne-zeilinger entanglement,” Phys. Rev. Lett. 91(18), 180401 (2003). [CrossRef]

76. R. Ceccarelli, G. Vallone, F. De Martini, P. Mataloni, and A. Cabello, “Experimental entanglement and nonlocality of a two-photon six-qubit cluster state,” Phys. Rev. Lett. 103(16), 160401 (2009). [CrossRef]

77. C. Erven, E. Meyer-Scott, K. Fisher, J. Lavoie, B. L. Higgins, Z. Yan, C. J. Pugh, J.-P. Bourgoin, R. Prevedel, L. K. Shalm, L. Richards, N. Gigov, R. Laflamme, G. Weihs, T. Jennewein, and K. J. Resch, “Experimental three-photon quantum nonlocality under strict locality conditions,” Nat. Photonics 8(4), 292–296 (2014). [CrossRef]

78. C. Zhang, Y.-F. Huang, Z. Wang, B.-H. Liu, C.-F. Li, and G.-C. Guo, “Experimental greenberger-horne-zeilinger-type six-photon quantum nonlocality,” Phys. Rev. Lett. 115(26), 260402 (2015). [CrossRef]

79. C. Zhang, C.-J. Zhang, Y.-F. Huang, Z.-B. Hou, B.-H. Liu, C.-F. Li, and G.-C. Guo, “Experimental test of genuine multipartite nonlocality under the no-signalling principle,” Sci. Rep. 6(1), 39327 (2016). [CrossRef]

80. S. Gaertner, C. Kurtsiefer, M. Bourennane, and H. Weinfurter, “Experimental demonstration of four-party quantum secret sharing,” Phys. Rev. Lett. 98(2), 020503 (2007). [CrossRef]

81. B. A. Bell, D. Markham, D. A. Herrera-Martí, A. Marin, W. J. Wadsworth, J. G. Rarity, and M. S. Tame, “Experimental demonstration of graph-state quantum secret sharing,” Nat. Commun. 5(1), 5480 (2014). [CrossRef]

82. W. Dür and J. I. Cirac, “Classification of multiqubit mixed states: Separability and distillability properties,” Phys. Rev. A 61(4), 042314 (2000). [CrossRef]

83. A. S. Holevo, “Bounds for the Quantity of Information Transmitted by a Quantum Communication Channel,” Probl. Inf. Transm. 9, 177–183 (1973).

Semi-device-independent multiparty quantum key distribution in the asymptotic limit

Abstract

1. Introduction

2. Schematic description of multiparty QKD

3. Security analysis

4. Conclusion

Funding

Acknowledgments

References

Cited By

Figures (5)

Equations (28)

OSA Continuum