Improving key rates of the unbalanced phase-encoded BB84 protocol using the flag-state squashing model

All phase-encoded BB84 implementations have signal states with unbalanced amplitudes in practice. Thus the original security analyses a priori do not apply to them. Previous security proofs use signal tagging of multiphoton pulses to recover the behavior of regular BB84. This is overly conservative as for unbalanced signals the photon number splitting attack does not leak full information to Eve. In this work we exploit the flag-state squashing model to preserve some parts of the multiphoton-generated private information in our analysis. Using a numerical proof technique we obtain significantly higher key rates compared with previously published results in the low-loss regime. It turns out that the usual scenario of untrusted dark counts runs into conceptual difficulties in some parameter regimes. Thus we discuss the trusted dark-count scenario in this paper as well. We also report a gain in key rates when part of the total loss is known to be induced by a trusted device. We highlight that all these key rate improvements can be achieved without modification of the experimental setup.

Figure 1

The setup for the unbalanced phase-encoded BB84 protocol. All beam splitters (BSs) are labeled by their transmissivities. The grouping of Bob's detection events are represented by the dotted boxes.

Figure 2

Equivalence relationship between a lossy phase modulator in the encoding device and an uneven BS with transmissivity $\frac{1}{2\xi }$ followed by another uneven BS with transmissivity $\xi$ and a perfect phase modulator, where $\xi =\frac{1}{1+\kappa }$ [5].

Figure 3

(a) Our optimal lower bounds and (b) the corresponding mean photon numbers for secure key rates per clock cycle for both trusted (solid lines) and untrusted dark counts (dotted lines) vs total transmissivity $\eta$. For clarity, we omit labeling the lines for trusted and untrusted dark counts in the cases where the two lines are indistinguishable visually in the figure despite not being exactly the same.

Figure 4

(a) Our optimal lower bounds and (b) the corresponding mean photon numbers for secure key rates per clock cycle evaluated at $\kappa =0.1$ with trusted dark counts vs total transmissivity $\eta$. The results are produced using different tagged and flag-state photon number cutoffs, $N_A$ and $N_B$. The optimal key rates and mean photon numbers of Ref. [6] appear as the black dotted line which overlaps with our key rates for $N_A=1$ and $N_B=4$.

Figure 5

Percentage change in key rates comparing our optimal lower bounds for key rates with Ref. [6]'s optimal key rates vs total transmissivity $\eta$. We label the changes for trusted (untrusted) dark counts with solid (dotted) lines. A positive change means that our key rate is higher.

Figure 6

Percentage change in key rates comparing our lower bounds for key rates per clock cycle evaluated at Ref. [6]'s optimal ${\tilde{\alpha }}_{\text{opt}}$ with Ref. [6]'s optimal key rates vs total transmissivity $\eta$. We label the changes for trusted (untrusted) dark counts with solid (dotted) lines. A positive change means that our key rate is higher.

Figure 7

Assuming trusted dark counts, (a) our lower bounds for key rates and (b) the mean photon numbers plotted against the proportion (in percentage) of the trusted loss coming from the detection inefficiency of Bob's detectors to a fixed total loss corresponding to total transmissivity $\eta =0.1$.