entropy
Review An Overview of Geometrical Optics Restricted Quantum Key Distribution
Ziwen Pan * and Ivan B. Djordjevic
Department of Electrical & Computer Engineering, College of Engineering, The University of Arizona, 1230 E Speedway Blvd, Tucson, AZ 85721, USA; [email protected] * Correspondence: [email protected]
Abstract: Quantum key distribution (QKD) assures the theoretical information security from the physical layer by safely distributing true random numbers to the communication parties as secret keys while assuming an omnipotent eavesdropper (Eve). In recent years, with the growing applications of QKD in realistic channels such as satellite-based free-space communications, certain conditions such as the unlimited power collection ability of Eve become too strict for security analysis. Thus, in this invited paper, we give a brief overview of the quantum key distribution with a geometrical optics restricted power collection ability of Eve with its potential applications.
Keywords: quantum key distribution; satellite; free-space channel
1. Introduction There has been a long history of cryptography [1–6]. Before the 20th century, cryptog- raphy was considered as an art that mainly relies on personal skills to construct or break codes, without proper theoretical study [7]. Focused on message confidentiality, classical Citation: Pan, Z.; Djordjevic, I.B. An cryptography was known to ensure secrecy in communications under different situations Overview of Geometrical Optics such as military or diplomat use or between spies. An important representative of classic Restricted Quantum Key Distribution. cryptography is transposition ciphers, which rearrange the message to hide the original Entropy 2021, 23, 1003. https:// meanings. After the early 20th century, following the establishment of the information doi.org/10.3390/e23081003 theory by Harry Nyquist, Ralph Hartley, and Claude Shannon [8–13], the study of cryptog- raphy started to exploit the tools of mathematics. Cryptography also became a branch of Academic Editor: Steeve Zozor engineering, especially after the use of computers, which allows binary encryption of data. Two major schemes of modern cryptography include symmetric (private-key) cryptogra- Received: 29 June 2021 phy, e.g., the Data Encryption Standard (DES) [14] and Advanced Encryption Standard Accepted: 27 July 2021 Published: 31 July 2021 (AES) [15], and asymmetric (public-key) cryptography, e.g., RSA algorithm [16]. Symmetric cryptography relies on the shared key between the communication parties (Alice and Bob),
Publisher’s Note: MDPI stays neutral whereas in asymmetric cryptography, the encryption keys are different from decryption with regard to jurisdictional claims in keys. In general, symmetric cryptography is more efficient than asymmetric cryptography published maps and institutional affil- with more concise designs, but it has difficulties when it comes to the safe distribution of iations. the shared keys. On the other hand, asymmetric cryptography using a public key and a private key for encryption and decryption, respectively, relies upon mathematical problems termed one-way functions that are computationally infeasible from one direction (public key) [17], and are more widely used today for avoiding the risky stage of safe distribution of keys in symmetric cryptography. Copyright: © 2021 by the authors. Licensee MDPI, Basel, Switzerland. However, with the fast development of quantum computing [18] and its potential This article is an open access article in solving conventional one-way functions, it is possible to break the current encryption distributed under the terms and systems [19] with algorithms such as Shor’s algorithm [20] and Grover’s algorithm [21]; conditions of the Creative Commons thus, the QKD is now becoming more and more important in the new era of information Attribution (CC BY) license (https:// security. Different from the asymmetric cryptography used today, QKD is based on creativecommons.org/licenses/by/ symmetric cryptography, guaranteeing the secure distribution of the secret keys with 4.0/). the laws of quantum mechanics that the measurement process generally disturbs the
Entropy 2021, 23, 1003. https://doi.org/10.3390/e23081003 https://www.mdpi.com/journal/entropy Entropy 2021, 23, 1003 2 of 11
measured system. This can be used to detect eavesdropping actions as any adversaries would have to perform measurement to eavesdrop. Since the study of the first QKD protocol BB84 [2], the theory of QKD has vastly developed, with numerous protocols proposed [3–5,22–32] to improve security and increase secure-key rate (SKR). Combined with the one-time pad proved to be asymptotically safe in 1949 by Claude Shannon [1], QKD promises completely secure communication. On the other hand, QKD conventionally assumes that Eve is only limited by the laws of physics even though some assumptions might be unrealistic. For example, Eve is always assumed to have the ability to collect all photons that do not arrive at Bob’s receiver, which would make sense in cases such as fiber communication but would be too strict for wireless communication cases. Thus, interest has been rising surrounding the study of QKD with more realistic power collection assumptions and its potential applications [33–40]. In this invited paper, we present an overview of the geometrical optics restricted quantum key distribution with certain power collection restrictions applied on Eve. We start by reviewing the conventional QKD studies in Section2 with different protocols and compare the achievable secure-key rate between the famous discrete variable protocol BB84 with decoy states added and the continuous variable Gaussian modulated QKD scheme. Then, in Section3, we introduce the geometrical optics restricted model by limiting Eve’s collectable power with a beam splitter and showcase the lower bound results in this model. After that, we present some possible applications of this model by studying some representative scenarios with it.
2. Quantum Key Distribution (QKD) With the fast development of potential applications of QKD such as quantum net- works [41,42] and satellite-based quantum secure communication [43–47], various protocols have been proposed aimed at improved security while assuming an all-powerful eavesdrop- per. For example, the first QKD protocol BB84 was studied in 1984 by Charles H. Bennett et al. to use polarization states to securely distribute secret keys [2]. It was also known as the first prepare-and-measure (PM) model as it exploits the result of quantum indeterminacy that measuring an unknown quantum state in general changes the state. It was then simplified to the B92 protocol by using two non-orthogonal states [3] before extending to its entanglement-based (EB) version BBM92 [4] in 1992. Different from the PM models, the EB models use entangled pairs in the transmission stage to distribute secret keys to the two communication parties. BBM92 was also consid- ered as an improvement to the first EB model E91 [5], which uses three mutually unbiased bases instead of two in BBM92. There was also an important equivalence established between PM and EB models in [4] that the security proof of one implies the same for the other. However, when it comes to device-independent (DI) studies, EB models have advan- tages over PM models [23] since the security proofs of DI-QKD are mainly based on the violation of Bell inequalities [48–51]. Some PM models are proven to be partially DI [52] The device independence study was first proposed in [6] using internal operations to “self-test” quantum apparatus. Different protocols have since been studied [22–24]. Another important category of quantum key distribution protocols is the continuous- variable (CV-) QKD. Different from most protocols described above, which are called discrete-variable (DV) protocols that rely on single photon sources and single photon detectors, CV protocols encode keys into CV observables of light fields [53]. This enabled CV protocols to be more easily implementable as it is compatible with most current communication devices. The first protocol using squeezed states [25] was proposed in 2000, which generalizes the BB84 protocol using squeezed states. In 2002, another important CV protocol GG02 using Gaussian modulated coherent states [26] was proposed as coherent states are much easier to generate experimentally. Other interesting directions in QKD research include using decoy states [27–29,54] against photon number splitting (PNS) attack [55] where the eavesdropper exploits the EntropyEntropy 2021 2021, 23, ,1003 23, 1003 3 of 311 of 11
Entropy 2021, 23, 1003 3 of 11
OtherOther interesting interesting directions directions in QKDin QKD research research include include using using decoy decoy states states [27–29,54] [27–29,54] against photon number splitting (PNS) attack [55] where the eavesdropper exploits the Entropy 2021, 23, 1003 against photon number splitting (PNS) attack [55] where the eavesdropper exploits3 the of 11 loophole of a non-ideal single photon transmission; finite-size analysis [56] where the Other interestingloophole directionsof a non-ideal in QKD single research photon include transm usingission; decoy finite-size states analysis[27–29,54] [56] where the transmitted sequence is not large enough for asymptotic security analysis; measurement- against photontransmitted number splitting sequence (PNS) is not attack large [55]enough where for theasymptotic eavesdropper security exploits analysis; the measurement- device-independent (MDI-) QKD [57] that comes from DI-QKD but assumes perfect prep- loophole of a device-independentnon-ideal single photon (MDI-) transm QKD ission;[57] that finite-size comes from analysis DI-QKD [56] but where assumes the perfect prep- aration of the states; and high-dimensional QKD that exploits high dimensional degrees transmitted sequencearationloophole ofis not ofthe a largestates; non-ideal enough and single high-dimensional for photonasymptotic transmission; security QKD that analysis; finite-size exploits measurement- analysis high dimensional [56] where thedegrees trans- of freedom such as the orbital angular momentum (OAM) [30–32] and the temporal-spec- device-independentofmitted freedom (MDI-) sequence such QKD as is the[57] not orbital largethat comes enough angular from for mo DI-QKD asymptoticmentum but (OAM) security assumes [30–32] analysis; perfect and measurement-device-prep- the temporal-spec- tral [58,59] aimed at increasing key rates, etc. Here we present introductions to two repre- aration of the tralstates;independent [58,59] and aimedhigh-dimensional (MDI-) at increasing QKD [57 ]QKD key that rates, comesthat exploits et fromc. Here DI-QKD high we presentdimensional but assumes introductions degrees perfect to preparation two repre- of sentatives in DV and CV protocols: of freedom suchsentativesthe as states;the orbital in and DV high-dimensionalangular and CV mo protocols:mentum QKD (OAM) that [30–32] exploits and high the dimensional temporal-spec- degrees of freedom tral [58,59] aimedsuch at increasing as the orbital key angular rates, et momentumc. Here we present (OAM) introductions [30–32] and the to two temporal-spectral repre- [58,59] aimed2.1. BB84 at increasing key rates, etc. Here we present introductions to two representatives in sentatives in DV2.1. and BB84 CV protocols: DV and CV protocols: BB84BB84 protocol protocol uses uses single single phot photonsons to distribute to distribute secret secret keys. keys. First, First, Alice Alice randomly randomly pre- pre- pares a sequence chosen from two sets of orthogonal bases as in Figure 1 and sends them 2.1. BB84 pares2.1. BB84a sequence chosen from two sets of orthogonal bases as in Figure 1 and sends them to Bob.to Bob. BB84 protocol usesBB84 single protocol phot usesons to single distribute photons secret to keys. distribute First, Alice secret randomly keys. First, pre- Alice randomly pares a sequenceprepares chosen afrom sequence two sets chosen of orth fromogonal two bases sets ofas orthogonalin Figure 1 basesand sends as in them Figure 1 and sends to Bob. them to Bob.
FigureFigure 1. BB84 1. BB84 polarization polarization bases. bases.
Next, Bob would also randomly choose from these two sets of orthogonal bases to Figure 1. BB84 polarizationNext, bases.Bob Figurewould 1.alsoBB84 randomly polarization choose bases. from these two sets of orthogonal bases to measuremeasure the thereceived received photons. photons. After After completing completing the themeasurements, measurements, Bob Bob would would report report his his basis of measurement. If Alice’s preparing basis is the same as Bob’s measurement basis, Next, Bobbasis would ofNext, measurement. also Bob randomly would If alsochoose Alice’s randomly from preparing these choose batwosis from sets is the of these sameorthogonal two as setsBob’s bases of measurement orthogonal to bases basis, to then the result should be the same, which would be the sifted keys. measure the receivedthenmeasure the photons. result the received should After becompleting photons. the same After ,the which completingmeasurements, would be the the measurements,Bob sifted would keys. report Bob his would report his If Eve intercepts the photons transmitted, performs a measurement of her own, and basis of measurement.basisIf ofEve If measurement. Alice’sintercepts preparing the If photons Alice’s basis preparing transmitted,is the same basis as performs Bob’s is the measurement same a measurement as Bob’s basis, measurement of her own, basis,and resends the photons to Bob, then when Eve’s measurement basis is not the same as Alice’s then the resultresends shouldthen the thebe result thephotons same should ,to which Bob, be the thenwould same, when be which the Eve’s sifted would measurement keys. be the sifted basis keys. is not the same as Alice’s and Bob’s, the polarization state would be changed so that the sifted keys would be dif- If Eve interceptsand Bob’s,If the Eve thephotons intercepts polarization transmitted, the photons state wouldperforms transmitted, be achanged measurement performs so that a of measurementthe her sifted own, keys and of would her own, be dif- and ferent on Alice’s and Bob’s side. Thus, either Alice or Bob can reveal some of the sifted resends the photonsferentresends toon Bob, theAlice’s photons then and when toBob’s Bob, Eve’s side. then measurement Thus, when either Eve’s basis measurementAlice is ornot Bob the can basissame reveal isas not Alice’s some the same of the as Alice’ssifted keys publicly for the other party to compare and detect possible eavesdropping. An illus- and Bob’s, thekeys polarizationand publicly Bob’s, the forstate polarization the would other beparty state changed wouldto compar so be that changede and the detect sifted so that possiblekeys the siftedwould eavesdropping. keys be dif- would be An different illus- trative example of this process is shown in Table 1. ferent on Alice’strativeon and Alice’s example Bob’s and side. of Bob’s this Thus, side.process either Thus, is Alice shown either or inBob Alice Table can or 1. reveal Bob can some reveal of the some sifted of the sifted keys keys publicly forpublicly the other for party the other to compar party toe and compare detect and possible detect ea possiblevesdropping. eavesdropping. An illus- An illustrative Entropy 2021, 23, 1003 Table 1. BB84 protocol process illustration. 4 of 11 trative exampleTableexample of this1. BB84 process of protocol this processis shown process is in shownillustration. Tablein 1. Table 1.
Random Bits 0 1 0 0 1 1 1 0 1 Random Bits Table 1. BB840 protocol process1 Table illustration. 1.0 BB84 protocol0 process1 illustration.1 1 0 1
RandomBobAlice basis basis Bits b 0 a a 1a 0a b 0b a b 1 b a a 1 1b b 0a b b 1a Random Bits Alice basis 0 1 a 0 a 0 b 1 a 1 b 1 a 0 b 1 b a Alice basis a a b a b a b b a
Alice basis a a b a b a b b a PolarizationBobPolarization measurement state state sent results sent random random random random random Polarization state sent
Polarization state sent BobSifted basis keys b1 a a b 1 b1 a b1 a b
Bob measurement results random random random random random
2.2. GG02 Sifted keys 1 1 1 1 GG02 protocol uses Gaussian modulated coherent states, as in Figure 2, to distribute secret keys. First, Alice generates random real number pairs (ax, ap) from two independent Gaussian distributions with given modulation variances and sends them to Bob. Next, Bob randomly chooses to measure either x or p quadrature components.
Figure 2. Gaussian modulated coherent states distributed on phase space.
After all the transmission and measurements are done, Bob discloses for each meas- urement whether he measured x or p components. Then, Alice retains the corresponding ax and ap values. Secret keys can then be extracted with certain reconciliation and privacy amplification. For these protocols, if Bob is the one performing the measurement and Alice is post- processing its outcomes to infer Bob’s encodings, assisted by classical communications from Bob to Alice, this is the reverse reconciliation scheme. Otherwise, it is the direct rec- onciliation scheme. Here we present a secure key rate lower bound (achievable rate) com- parison between CV Gaussian modulation protocol with coherent states, heterodyne de- tection, reverse reconciliation, and DV protocol Decoy-State (DS-) BB84, of which detailed calculations can be found in [33,60]. We assume that a weak coherent-state source with signal-state pulses is used which transmits photons per pulse on average at a rate states per second over an Alice-to-Bob channel with overall transmissivity . Thermal noise is denoted as per mode. In Figure 3a,b, the reconciliation efficiency for CV protocol and for DV proto- col are both set to one. By comparing Figure 3a,c, we can see that in a pure loss channel ( = 0), the CV protocol always outperforms its DV counterpart. However, when ther- mal noise is non-zero, DV can outperform CV, especially when reconciliation is not per- fect. We can also compare DV and CV results with input power optimized, as in Figure 4, where the input power is optimized correspondingly with perfect reconciliation. We can
Entropy 2021, 23, 1003 4 of 11
Bob basis b a a b b a b a b
Bob measurement results random random random random random
Sifted keys 1 1 1 1
Entropy 2021, 23, 1003 4 of 11
2.2. GG02 GG022.2. GG02 protocol uses Gaussian modulated coherent states, as in Figure 2, to distribute GG02 protocol uses Gaussian modulated coherent states, as in Figure2, to distribute secret keys. First, Alice generates random real number pairs (ax, ap) from two independent secret keys. First, Alice generates random real number pairs (ax, ap) from two independent GaussianGaussian distributions distributions with with givengiven modulation modulation variances variances and sends and them sends to Bob. them Next, to Bob Bob. Next, Bob randomlyrandomly chooses chooses to measureto measure either eith x orer p quadraturex or p quadrature components. components.
FigureFigure 2. Gaussian 2. Gaussian modulated modulated coherent coherent statesstates distributed distributed on phase on phase space. space. After all the transmission and measurements are done, Bob discloses for each mea- Aftersurement all whetherthe transmission he measured and x or measurementsp components. Then, are Alice done, retains Bob the discloses corresponding for each meas- urementax and whether ap values. he Secretmeasured keys canx or then p components. be extracted with Then, certain Alice reconciliation retains the and corresponding pri- ax andvacy ap values. amplification. Secret keys can then be extracted with certain reconciliation and privacy amplification.For these protocols, if Bob is the one performing the measurement and Alice is post- processing its outcomes to infer Bob’s encodings, assisted by classical communications Forfrom these Bob to protocols, Alice, this if is Bob the reverse is the reconciliationone performing scheme. the Otherwise,measurement it is theand direct Alice is post- processingreconciliation its outcomes scheme. Hereto infer we present Bob’s aencodi securengs, key rate assisted lower boundby classical (achievable communications rate) from comparisonBob to Alice, between this CVis the Gaussian reverse modulation reconciliation protocol scheme. with coherent Otherwise, states, heterodyne it is the direct rec- onciliationdetection, scheme. reverse Here reconciliation, we present and DV a secure protocol key Decoy-State rate lower (DS-) bound BB84, of (achievable which detailed rate) com- calculations can be found in [33,60]. We assume that a weak coherent-state source with parisonsignal-state between pulses CV isGaussian used which modulation transmits µ photons protocol per pulsewith on coherent average at states, a rate R heterodynestates de- tection,per reverse second over reconciliation, an Alice-to-Bob and channel DV protoc with overallol Decoy-State transmissivity (DS-)η. ThermalBB84, of noise which is detailed calculationsdenoted ascanne beper found mode. in [33,60]. We assume that a weak coherent-state source with signal-stateIn Figurepulses3a,b, is theused reconciliation which transmits efficiency β forphotons CV protocol per andpulsefL foron DVaverage protocol at a rate statesare per both second set to one.over By an comparing Alice-to-Bob Figure channel3a,c, we canwith see overall that in atransmissivity pure loss channel . Thermal (ne = 0), the CV protocol always outperforms its DV counterpart. However, when thermal noisenoise is denoted is non-zero, as DV canper outperform mode. CV, especially when reconciliation is not perfect. We Incan Figure also compare 3a,b, the DV andreco CVnciliation results with efficiency input power for optimized, CV protocol as in Figure and 4 , where for DV proto- col arethe both input set power to one. is optimized By comparing correspondingly Figure with 3a,c, perfect we reconciliation.can see that Wein a can pure see thatloss channel ( =although 0), the Gaussian-modulatedCV protocol always CV outperforms protocol has advantages its DV counterpart. over DS-BB84 However, on the secure when ther- key rate, it does not outperform DS-BB84 when it comes to the transmission distance as mal noisechannel is lossnon-zero, increases DV with can increasing outperform transmission CV, especially distance. when reconciliation is not per- fect. We can also compare DV and CV results with input power optimized, as in Figure 4, where the input power is optimized correspondingly with perfect reconciliation. We can
Entropy 2021, 23, 1003 5 of 11
Entropy 2021, 23, 1003 5 of 11
Entropy 2021, 23, 1003see that although Gaussian-modulated CV protocol has advantages over DS-BB84 on the 5 of 11 secure key rate,see it thatdoes although not outperform Gaussian-modulated DS-BB84 when CV it protocolcomes to has the advantagestransmission over dis- DS-BB84 on the tance as channelsecure loss increaseskey rate, withit does increasing not outperform transmission DS-BB84 distance. when it comes to the transmission dis- tance as channel loss increases with increasing transmission distance.
(a) (b) (a) (b)
(c) (d) (c) (d) Figure 3. ComparisonFigure 3. Comparison of CV Gaussian of CV modulation Gaussian protocolmodulation with prot coherentocol with states, coherent heterodyne states, detection, heterodyne reverse de- reconciliation, tection, reverse reconciliation,Figure 3. Comparison and DV of protocol CV Gaussian DS-BB84 modulation with mean prot photonocol with number coherent per stinputates, heterodyne de- and DV protocol DS-BB84 with mean photon number per input mode. (a) Perfect reconciliation in pure loss channel. mode. (a) Perfecttection, reconciliation reverse in reconciliation, pure loss channel. and DV (b) protocolPerfect reconciliation DS-BB84 with with mean photon = 0.0001 number. per input (b) Perfect reconciliation with ne = 0.0001.(c) Imperfect reconciliation in pure loss channel. (d) Imperfect reconciliation (c) Imperfect reconciliationmode. (a) Perfect in pure reconciliation loss channel. in (d pure) Imperfect loss channel. reconciliation (b) Perfect with reconciliation = 0.0001 with. = 0.0001. with ne = 0.0001. (c) Imperfect reconciliation in pure loss channel. (d) Imperfect reconciliation with = 0.0001.
Figure 4. Comparison of CV Gaussian modulation protocol with coherent states, heterodyne detec- tion, reverse reconciliation, and DV protocol DS-BB84 with channel loss. Here the input power is optimized correspondingly. Reconciliation is perfect for both CV and DV protocols.
Entropy 2021, 23, 1003 6 of 11
Figure 4. Comparison of CV Gaussian modulation protocol with coherent states, heterodyne detec- tion, reverse reconciliation, and DV protocol DS-BB84 with channel loss. Here the input power is optimized correspondingly. Reconciliation is perfect for both CV and DV protocols. Entropy 2021, 23, 1003 6 of 11
3. Geometrical Optics Restricted Model 3. GeometricalIn this Optics section, Restricted we introduce Model the geometrical optics restricted model with realistic powerIn this collection section, we introducerestriction the on geometrical the eavesdropper. optics restricted In model [33], witha wiretap realistic channel is used to de- powernote collection the power restriction collection on the eavesdropper.restriction on In [Eve33], a as wiretap in Figure channel 5. is Here used to the beam splitter with denote the power collection restriction on Eve as in Figure5. Here the beam splitter with transmissivitytransmissivityκ denotes denotes that Eve canthat only Eve collect canκ onlyfraction collect of the photons fraction that doof not the photons that do not arrivearrive at Bob’s at Bob’s receiver. receiver. The Alice-to-Bob The Alice-to-Bob channel is with channel transmissivity is withη. transmissivity .
FigureFigure 5. The 5. wiretapThe wiretap channel notationchannel of notation the geometrical of the optics geometrical restricted model. optics restricted model. Similar notations have been seen in broadcast channel studies [61,62]. Starting from the HashingSimilar inequality notations [63] the have lower been bound seen on the in secure broadcast key rate channel for both direct studies and [61,62]. Starting from reversethe Hashing reconciliation inequality were derived [63] without the lower a specified bound detection on the scheme secure on one key of therate for both direct and communication parties: reverse reconciliation were derived without a specified detection scheme on one of the ! νER − 1 communication parties: yi K→ ≥ βg(ne(1 − η) + ηµ) − ∑ g − βg(ne(1 − η)) + g(ne(1 − ηκ)) (1) i 2 −1 (1) ER ! ER ! ≥ ( (1− νy − )1 + ) − ηµ(1 + µ) − (νy1− − 1 ) + ( (1− )) ≥ → ( ) − i − − + i K← βg µ ∑i g βg µ 2 ∑i g (2) 2 1 + ne − neη + ηµ 2
g(x) = (x + 1) log2(x + 1) − x log2 x (3) where detailed expressions of νER can be found in [33]. ( ) ≥ ( ) y−i ∑ − − +∑ (2) Here we reproduce← the comparison in Figure 4 between DV protocol DS-BB84 and CV Gaussian modulation protocol with coherent states, heterodyne detection, and reverse reconciliation as in Figure6. We retain the results from Figure4, as κ = 1 case and plotted the DV and CV rate with κ = 0.5. We( can) = see( +1 an increase) log in ( the + achievable 1) − log rate in both CV (3) and DV protocols and that the CV protocol only holds advantages over the DV protocols whenwhere channel detailed loss is small.expressions We can also of see that can when beκ found= 0.5, the in rate[33]. goes to zero at a larger channelHere loss,we suggestingreproduce larger the transmission comparison distance in Fi ingure this case. 4 between DV protocol DS-BB84 and CV Gaussian modulation protocol with coherent states, heterodyne detection, and reverse reconciliation as in Figure 6. We retain the results from Figure 4, as =1 case and plotted the DV and CV rate with =0.5. We can see an increase in the achievable rate in both CV and DV protocols and that the CV protocol only holds advantages over the DV proto- cols when channel loss is small. We can also see that when =0.5, the rate goes to zero at a larger channel loss, suggesting larger transmission distance in this case.
EntropyEntropy2021 2021,,23 23,, 1003 1003 77 ofof 1111
Figure 6. DV protocol DS-BB84 and CV Gaussian modulation protocol with coherent states, hetero- Figure 6. DV protocol DS-BB84 and CV Gaussian modulation protocol with coherent states, hetero- dyne detection, and reverse reconciliation SKR comparison with input power optimized. dyne detection, and reverse reconciliation SKR comparison with input power optimized.
TheThe geometricalgeometrical opticsoptics restricted restricted model model has has multiple multiple potential potential applications applications in differentin differ- scenariosent scenarios of practical of practical importance. importance. Here Here we presentwe present some some possible possible directions. directions.
3.1.3.1. Application of GeometricalGeometrical OpticsOptics RestrictedRestricted Model:Model: Limited ApertureAperture SizeSize AnalysisAnalysis DifferentDifferent from the assumptions in in conventional conventional QKD QKD study study that that Eve Eve is isunlimited unlimited in inher her ability ability of power of power collection, collection, in most in most realistic realistic application application scenarios, scenarios, especially especially in wire- in wirelessless communication, communication, Eve is Eve limited is limited by her by receiver her receiver aperture aperture size. Taking size. Taking free-space free-space optical opticalcommunication communication link aslink an example, as an example, the receiver the receiver aperture aperture size usually size usually ranges ranges from from a few a fewcentimeters centimeters to a tofew a fewdecimeters. decimeters. If we If only we only restrict restrict Eve’s Eve’s aperture aperture size sizebut grant but grant her mo- her mobilitybility of ofher her aperture, aperture, which which could could be be accomplished accomplished through through unmanned aerial vehiclevehicle (UAV)(UAV) or or usage usage of of a a spy spy satellite satellite during during satellite satellite communications, communications, we we can can study study the the security secu- ofrity specific of specific application application occasions. occasions. InIn [[35,37,38],35,37,38], thethe straightforwardstraightforward casecase scenarioscenario ofof aa limited-sizedlimited-sized apertureaperture ofof EveEve isis consideredconsidered wherewhere EveEve placesplaces herher apertureaperture besidebeside Bob’sBob’s receiverreceiver inin aa satellite-to-satellitesatellite-to-satellite communicationcommunication schemescheme asas inin FigureFigure7 7a.a. It It is is shown shown in in Figure Figure7 b7b that that the the rate rate tends tends to to be be a a constantconstant whenwhen thethe transmissiontransmission distancedistance isis sufficientlysufficiently large.large. This was also derived in detail as in Equations (4) and (5), where m is the ratio of Eve’s aperture size versus Bob’s aperture size.
lim K→ ≥ − log m (4) µ→∞,L→∞ 2
m 1+m lim K← ≥ − log e (5) µ→∞,L→∞ 2 m + 1 In [36,40], the case with dynamically positioned eavesdropper aperture is considered with Eve’s position being optimized, as in Figure8a. In Figure8b, both CV and DV lower bounds are presented with optimized Eve’s position. Assuming the Gaussian beam is transmitted, because of the cylindrical symmetry of a Gaussian beam, the distance D between Eve’s aperture to the beam transmission axis can be used to denote Eve’s position combined with Bob-to-Eve distance LBE. It is clear that by optimizing Eve’s position, advantages over Alice and Bob can be further obtained by Eve compared with Figure7b.
Entropy 2021, 23, 1003 8 of 11
Entropy 2021, 23, 1003 Entropy 2021, 23, 1003 8 of 11 8 of 11
(a) (b)
Figure 7. (a) Setup of the limited aperture scenario. , , respectively refer to the aperture area of Alice (radius ), Bob (radius ), and Eve (radius ). is the distance between Alice’s ap- erture and Bob’s. (b) CV and DV SKR lower bounds versus transmission distance with optimized input power. Gaussian beam with beam waist = and wavelength = 1550 nm is transmit- ted. The space temperature is set to =3 K.
This was also derived in detail as in Equations (4) and (5), where is the ratio of Eve’s aperture size versus Bob’s aperture size.
lim → ≥−log → , → (4)