Tight bounds on the eavesdropping of a continuous-variable quantum cryptographic protocol with no basis switching

The Gaussian continuous-variable quantum key distribution protocol based on coherent states and heterodyne detection [Phys. Rev. Lett. 93, 170504 (2004)] has the advantage that no active random basis switching is needed on the receiver’s side. Its security is, however, not very satisfyingly understood today because the bounds on the secret key rate that have been derived from Heisenberg relations are not attained by any known scheme. Here, we address the problem of the optimal Gaussian individual attack against this protocol, and derive tight upper bounds on the information accessible to an eavesdropper. Interestingly, this protocol is proven to be even more resistant to individual attacks than originally thought. Optical schemes achieving these bounds are also exhibited, which concludes the security analysis of Gaussian protocols against individual attacks.

Figure 1

(Color online) Entanglement-based scheme of the protocol based on Alice sending coherent states and Bob applying heterodyne detection. Alice prepares an EPR state and applies heterodyne detection on one half of it, resulting in $(X_A^M,P_A^M)$, while the other half is sent to Bob. After transmission via the channel, Bob performs a heterodyne measurement, resulting in $(X_B^M,P_B^M)$.

Figure 2

(Color online) Eve’s attack against the protocol based on Alice sending coherent states and Bob applying heterodyne detection. Eve performs a unitary operation on her two ancillae $E_1$ and $E_2$ together with the mode $B_0$ sent by Alice. She then measures $x$ on one ancilla and $p$ on the other one, in order to estimate simultaneously the two conjugate quadratures of Alice (DR) or Bob (RR).

Figure 3

Secret key rate of the heterodyne-based protocol as a function of the line losses for the optimal (solid line) and Heisenberg-limited (dashed line) attack. The curves are plotted for experimentally realistic values, $V=12$ and $ϵ=0.01$, in direct reconciliation (left panel) or reverse reconciliation (right panel).

Figure 4

Secret key rate as a function of the line losses for the heterodyne-based (solid line) and homodyne-based (dashed line) protocols in direct reconciliation (left panel) or reverse reconciliation (right panel). We use experimentally realistic values, $V=12$ and $ϵ=0.01$, and consider that Alice sends coherent states in both cases.

Figure 5

(Color online) Teleportation attack against the (entanglement-based scheme of the) Gaussian protocol based on Alice sending coherent states and Bob applying heterodyne detection. Eve first generates an EPR pair $(E_1^{\prime },E_2^{\prime })$ by mixing a $x$-squeezed vacuum state $\left(E_2\right)$ with a $p$-squeezed vacuum state $\left(E_1\right)$ at a balanced beamsplitter. Then, she performs a Bell measurement on Alice’s outgoing mode $B_0$ together with $E_1^{\prime }$. Depending on the measurement outcomes $(X_E^M,P_E^M)$ and the fixed gain $g_E$, she then displaces mode $E_2^{\prime }$ in $x$ $\left(D_x\right)$ and $p$ $\left(D_p\right)$. The resulting state is sent to Bob. By tuning the squeezing parameter $r$ and the gain $g_E$, Eve can simulate any Gaussian channel $(T,\chi )$ and extract the optimal amount of information.

Figure 6

(Color online) Entanglement based scheme of Eve “feedforward” attack over the protocol based on Alice sending coherent states and Bob applying heterodyne detection. Eve extracts part of the signal sent by Alice using a beamsplitter (transmittance $G$) and applies a heterodyne detection on it (over mode $E_1$). Depending on the measurement result $(X_E^M,P_E^M)$ times a given fixed gain $g_E$ Eve displaces mode $E_2$ in $x$ $\left(D_x\right)$ and $p$ $\left(D_p\right)$. The resulting state is then sent to Bob. By tuning the transmittance of the beamsplitter $\left(G\right)$ and the gain $\left(g_E\right)$ Eve can simulate any Gaussian channel $(T,\chi )$ and extract the optimal amount of information.