One-sided device-independent quantum key distribution: Security, feasibility, and the connection with steering

We analyze the security and feasibility of a protocol for quantum key distribution (QKD) in a context where only one of the two parties trusts his measurement apparatus. This scenario lies naturally between standard QKD, where both parties trust their measurement apparatuses, and device-independent QKD (DI-QKD), where neither do, and can be a natural assumption in some practical situations. We show that the requirements for obtaining secure keys are much easier to meet than for DI-QKD, which opens promising experimental opportunities. We clarify the link between the security of this one-sided DI-QKD scenario and the demonstration of quantum steering, in analogy to the link between DI-QKD and the violation of Bell inequalities.

Figure 1

Link between the three concepts of quantum nonlocality as classified in Ref.[12] and the three scenarios of S-QKD, 1SDI-QKD (this paper), and DI-QKD. In order to obtain a secret key, (i) if Alice and Bob trust their measurement devices (transparent boxes), then they must necessarily demonstrate entanglement; (ii) if Alice's measurement device is untrusted (black box), while Bob's is trusted, then Alice must demonstrate steering of Bob's state; (iii) if both Alice's and Bob's measurement devices are untrusted, then they must demonstrate Bell nonlocality. In all cases, Alice and Bob must trust their random number generator (RNG), and the integrity of their location.

Figure 2

Solid curves: bounds (8) on the secret key rate $r$ in a typical implementation of 1SDI-QKD, as a function of Alice's detection efficiency ${\eta }_A$, for visibilities $V=1,0.99,0.98,0.95$ (from top to bottom) and $q=1$. Dashed curve: for comparison, bounds (for $V=1$) for DI-QKD, obtained by adapting the security analysis of Ref. [7], when Bob has the same detection efficiency ${\eta }_B={\eta }_A$ as Alice (see supplementary material [19]).