Case Study Of

ESTIMATION OF DECOY STATE PARAMETERS FOR PRACTICAL QUANTUM KEY DISTRIBUTION

BY

SELLAMI ALI

A dissertation submitted in partial fulfilment of the requirement for the degree of Doctor of Philosophy in Computational and Theoretical Science

Kulliyyah of Science

International Islamic University Malaysia

OCTOBER 2010

ABSTRACT

We have presented a method to estimate parameters of the decoy state protocol based on one decoy state, vacuum + one decoy state, two decoy states, and vacuum + two decoy states protocol for both BB84 and SARG04. For each protocol, this method can give different lower bound of the fraction of single-photon counts  y1  , the fraction of two-photon counts  y2  , the upper bound QBER of single-photon pulses e1  , the upper bound QBER of two-photon pulses e2  , and the lower bound of key generation rate for both BB84 and SARG04. The effects of statistical fluctuations on some parameters of our QKD system have been presented. We have also performed the optimization on the choice of intensities and percentages of signal state and decoy states which give out the maximum distance and the optimization of the key generation rate. The numerical simulation has shown that the fiber based QKD and free space QKD systems using the proposed method for BB84 are able to achieve both a higher secret key rate and greater secure distance than that of SARG04. Also, it is shown that bidirectional ground to satellite and inter-satellite communications are possible with our protocol. The experiment of decoy state QKD has been demonstrated using ID-3000 commercial QKD system based on a standard ‘Plug & Play’ set-up. Two protocols of decoy state QKD have been implemented: one decoy state protocol, and vacuum + one decoy state protocol for both BB84 and SARG04 over different transmission distance of standard telecom fiber. For detecting of Eve (the photon number splitting attack), we have calculated the expected ratio of the decoy state gain to the signal state gain. Significant deviation of the measured ratio from this expected value indicates a PNS (Photon Number Splitting) by Eve.

.

ii ملخص البحث

لقد قدمنا طريقة لتحديد قيم بروتوكول المخادعة الذي يتكون من مخادعة واحدة، ومخادعة واحدة + فراغ، ومخادعتين وفراغ + مخادعتين لكل من BB84و SARG04 بواسطة هذه الطريقة يمكن تحديد الحد األدنى لقيمة تعداد

أحادي الفتون  y1 ، وثنائي الفتون  y2  ، وتحديد أيضًا القيمة األعلى للخطأ

لكل من أحادي الفتون e1  ، وثنائي الفتون e2  ، وفي األخير تجديد القيمة األدنى لنسبة المفاتيح لكل من: BB84 و SARG04. لقد قمنا أيضًا بتعيين األفضل الختيار الشدة والنسب المئوية لكل من اإلشارة الصحيحة واإلشارة المخادعة التي تعطي لنا أقصى مسافة ونسبة جيدة من المفاتيح. بواسطة التمثيل العددي أثبتنا أن BB84 أحسن من SARG04 في المسافة ونسبة المفاتيح عندما نستعمل معها بروتوكول المخادعة. وبواسطة التمثيل العددي أثبتنا أنه يمكن االتصال بين القمر واألرض باستعمال هذه الطريقة. في األخير قمنا بإجراء الطريقة العملية لبروتوكولين أحادي المخادعة وفراغ + أحادي المخادعة باستعمال كل من SARG04 ،BB84 ووجدنا النتائج العملية مطابقة للنتائج النظرية.

iii APPROVAL PAGE

The thesis of Sellami Ali has been approved by the following:

______

Mohamed Ridza Wahiddin Supervisor

______

Jesni Shamsul Shaari Internal Examiner

______

Zuriati Ahmad Zukarnain External Examiner

______

Nasr Eldin Ibrahim Hussien Chairperson

iv DECLARATION

I hereby declare that this thesis is the result of my own investigations, except where otherwise stated. I also declare that it has not been previously or concurrently submitted as a whole for any other degrees at IIUM or other institutions.

Sellami Ali

Signature …………………………………… Date………………...

v

INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA

DECLARATION OF COPYRIGHT AND AFFIRMATION OF FAIR USE OF UNPUBLISHED RESEARCH

Copyright © 2010 by Sellami Ali. All rights reserved.

ESTIMATION OF DECOY STATE PARAMETERS FOR PRACTICAL QUANTUM KEY DISTRIBUTION

No part of this unpublished research may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without prior written permission of the copyright holder except

. as provided below

1. Any material contained in or derived from this unpublished research may only be used by others in their writing with due acknowledgement.

2. IIUM or its library will have the right to make and transmit copies (print or electronic) for institutional and academic purposes.

3. The IIUM library will have the right to make, store in a retrieval system and supply copies of this unpublished research if requested by other universities and research libraries.

Affirmed by Sellami Ali.

……………………………. ……………….. Signature Date

vi ACKNOWLEGMENTS

I would like to express my gratitude to my academic adviser, Prof Dr. Mohamed Ridza Wahiddin, for the opportunity to conduct the research work for under his supervision. His scientific wisdom and experience have helped me in achieving my research career objectives. He is an excellent scientist and teacher, and I thank him for his valuable suggestions, support and encouragement.

I am also very grateful to IIUM and Mimos Berhad for their support in providing the various facilities utilized in the presentation of this research work.

Special thanks are also due to all other members of the advanced information security cluster (Mimos), who helped make the pursuit of the project both enjoyable and rewarding, especially to my colleague Ph.D. Student Br Ahmed.

Last but not least, my deepest gratitude goes to my parents and all members of my family for their unconditional support and encouragement throughout my studies life.

vii TABLE OF CONTENTS

Abstract ...... i Abstract in Arabic ...... ii Aproval Page ...... iii Declaration Page ...... iv Copyright Page ...... v Acknowledgements...... vi List of tables ...... x List of figures ...... xiv List of abbreviations ...... xviii

CHAPTER 1: INTRODUCTION ...... 1 1.1 Introduction ...... 1 1.2 Previous work ...... 2 1.3 Statement of problem and motivation ...... 6 1.4 Objectives ...... 7 1.5 Research methodology ...... 8 1.6 Organization of Thesis ...... 9

CHPTER 2: A REVIEW ON QUANTUM KEY DISTRIBUTION ...... 10 2.1 Introduction ...... 10 2.2 Basics of Quantum Key Distribution ...... 11 2.3 Quantum Mechanical Background ...... 12 2.3.1 The quantum bit ...... 12 2.3.2 Bell States or EPR Pairs ...... 15 2.4 Literature Study And Comparing Existing Protocols ...... 16 2.4.1 Four-state protocol: BB84 Protocol ...... 16 2.4.2 Two-state protocol: B92 ...... 19 2.4.3 Six-state protocol ...... 21 2.4.4 SARG protocol ...... 21 2.5 Eavesdropping attacks ...... 22 2.5.1 Intercept/Resend ...... 23 2.5.2 Beam Splitting ...... 24 2.5.3 Other Types of Attacks ...... 27 2.6 Security in QKD ...... 28 2.6.1 Security proofs ...... 29 2.6.2 Bounds on performance ...... 31 2.7 Quantum Cryptography Experiments ...... 33 2.7.1 Polarization and Information Encoding ...... 33 2.7.2 Polarization Encoding Experiments ...... 35 2.7.3 Phase and Information Encoding ...... 37 2.7.4 Phase Encoding Experiments ...... 38 2.7.5 Quantum Key rate ...... 41 2.7.6 Quantum Bit Error Rate ...... 42

viii 2.7.7 Maximum transmission distance ...... 43 2.7.8 Visibility ...... 45 2.8 Supporting classical procedures ...... 45 2.8.1 Error correction ...... 46 2.8.2 Privacy amplification ...... 48 2.8.3 Authentication ...... 49

CHAPTER 3: A REVIEW ON THE DECOY STATE METHOD ...... 50 3.1 Introduction ...... 50 3.2 Real-life QKD systems ...... 50 3.2.1 QKD with attenuated pulses ...... 50 3.2.2 Photon-number splitting attacks ...... 51 3.3 Security proof for QKD systems with attenuated pulse ...... 55 3.4 Attacks on real-life QKD systems ...... 57 3.5 Decoy-state protocol ...... 58 3.5.1 Decoy state idea ...... 59 3.5.2 Practical decoy-state protocol ...... 60 3.5.3 Statistical fluctuations due to finite data ...... 63

CHAPTER 4: ESTIMATION OF DECOY STATE PRAMETERS ...... 65 4.1 Introduction ...... 65 4.2 The estimation method of decoy state parameters ...... 65 4.3 The statistical fluctuations ...... 91 4.4 The optimization of the key generation rate ...... 93 4.5 Conclusion ...... 94

CHAPTER 5: SIMULATION OF THE PROPOSED DECOY STATE METHOD 5.1 Introduction ...... 96 5.2 QKD Model ...... 96 5.2.1 Source ...... 97 5.2.2 Quantum channel ...... 98 5.2.3 Detection Model ...... 103 5.3 The numerical simulation ...... 105 5.3.1 Optical Fiber based QKD system simulation ...... 105 5.3.2 Free space simulation ...... 121 5.4 Conclusion ...... 125

CHAPTER 6: IMPLEMENTATION OF THE PROPOSED DECOY STATE METHOD ...... 126 6.1 Introduction ...... 126 6.2 Major equipments ...... 127 6.2.1 The id-3000 QKDS system ...... 127 6.2.2 The Acousto-Optic Modulator and its driver ...... 133 6.2.3 Electro-Optic Modulator ...... 135 6.2.4 Arbitrary / Function Generation ...... 136 6.3 Experimental Set-up ...... 137

ix 6.4 The experimental Results ...... 141 6.5 Conclusion ...... 150

CHAPTER 7: CONCLUSION ...... 151 7.1 Conclusion ...... 151 7.2 Future Work Outlook ...... 153

BIBLIOGRAPHY ...... 155

APPENDIX A ...... 163 APPENDIX B ...... 172 APPENDIX C ...... 175 APPENDIX D ...... 178

x LIST OF TABLES

Table No. Page No.

2.1 Quantum “truth table” for EPR circuits 16

2.2 Preparation of photons by Alice 18

2.3 Measurement of photons by Bob 18

2.4 Generation of the key 19

2.5 Upper and lower bounds on the tolerable bit error rate for 33 the ideal BB84 and six-state protocols using one-way and two-way classical post-processing

2.6 Polarization Equivalence 34

2.7 Phase Equivalence 38

5.1 The optimum parameters for the one decoy state protocol 106 with the statistical fluctuations (BB84) when  v , v x  and with proposed QBER of single photon e  2 1 5.2 The optimum parameters for the one decoy state protocol 106 with the statistical fluctuations (BB84) when , v x  and with proposed QBER of single photon  3 5.3 The optimum parameters for the one decoy state protocol 105 with the statistical fluctuations (BB84) when , x 1 and with proposed QBER of single photon

5.4 The optimum parameters for the one decoy state protocol 107 with the statistical fluctuations (BB84) when   v , and with proposed QBER of single photon

5.5 The optimum parameters for the vacuum + one decoy state 107 protocol with the statistical fluctuations (BB84)

5.6 The optimum parameters for the two decoy states protocol 107 with the statistical fluctuations (BB84)

5.7 The optimum parameters for the vacuum + two decoy states 107

xi protocol with the statistical fluctuations (BB84)

5.8 The optimum parameters for the one decoy state protocol 107 without the statistical fluctuations (SARG04) when  v

5.9 The optimum parameters for the one decoy state protocol 108 without the statistical fluctuations (SARG04) when  v

5.10 The optimum parameters for the vacuum + one decoy state 108 protocol with the statistical fluctuations (SARG04)

5.11 The optimum parameters for the vacuum + one decoy state 108 protocol with the statistical fluctuations (SARG04)

6.1 List of QKDS-A electronic signals 131

6.2 List of QKDS-B electronic signals 133

6.3 The experimental results of one decoy state protocol for 142

BB84.The length of fiber, gains of  laser pulse Q ,

QBER of key generated from laser pulse E , gains of 

laser pulse Q and QBER of key generated from  laser

pulse E . These values are all measured directly from experiment. (a) First implementation results. (b) Second implementation results.

6.4 The experimental results of vacuum + one decoy state 142 protocol for BB84. Length of fiber, gains of laser pulse , QBER of key generated from laser pulse , gains of  laser pulse Q and QBER of key generated from 1 1 laser pulse E . These values are all measured directly from 1 experiment. (a) First implementation results. (b) Second implementation results.

6.5 The experimental results of one decoy state protocol for 143 SARG04.The length of fiber, gains of laser pulse , QBER of key generated from laser pulse , gains of v

laser pulse Qv and QBER of key generated from v laser

pulse Ev . These values are all measured directly from experiment. (a) First implementation results. (b) Second implementation results.

6.6 The experimental results of vacuum + one decoy state 143 protocol for SARG04.The length of fiber, gains of laser

xii pulse Q , QBER of key generated from  laser pulse E ,

gains of v laser pulse Qv and QBER of key generated from

v laser pulse Ev . These values are all measured directly from experiment. (a) First implementation results. (b) Second implementation results.

6.7 L 145 The length of fiber, gain of single photon laser pulse Q1 , U QBER of key generated from single laser photon pulse e1 , L rate of generating secure key RBB84 . These values are all calculated through equation Eqs. (4.8), (4.19), and (4.130) with parameters from Table 6.1. (a) For first implementation. (b) For second implementation. These are parameters of one decoy state protocol.

6.8 The length of fiber, gain of single photon laser pulse , 145 QBER of key generated from single laser photon pulse , rate of generating secure key . These values are all calculated through equation Eqs. (4.8), (4.19), and (4.130) with parameters from Table 6.2. (a) For first implementation. (b) For second implementation. These are parameters of vacuum + one decoy state protocol.

6.9 The length of fiber, gain of single and two photons laser 146 L pulse , Q2 , QBER of key generated from single and U two photon laser pulse , e2 rate of generating secure key L RSARG04 . These values are all calculated through equation Eqs. (4.8), (4.19), (4.74), (4.84) and (4.131) with parameters from Table 6.3. (a) For first implementation. (b) For second implementation. These are parameters of one decoy state protocol.

6.10 The length of fiber, gain of single and two photons laser 146 pulse , , QBER of key generated from single and two photon laser pulse , rate of generating secure key . These values are all calculated through equation Eqs. (4.32), (4.41), (4.119), (4.120) and (4.131) with parameters from Table 6.4. (a) For first implementation. (b) For second implementation. These are parameters of vacuum + one decoy state protocol.

6.11 148 The length of fiber, the ratio of QQv /   (without

xiii fluctuation), the ratio of QQv /   (with fluctuation), and maximum fluctuation for BB84 with one decoy state protocol. (a) For first implementation. (b) For second implementation.

6.12 149 The length of fiber, the ratio of Qv  y0 / Q  (without fluctuation), the ratio of (with fluctuation), and maximum fluctuation for BB84 with vacuum + one decoy state protocol. (a) For first implementation. (b) For second implementation.

6.13 The length of fiber, the ratio of (without 149

fluctuation), the ratio of (with fluctuation), and maximum fluctuation for SARG04 with one decoy state protocol. (a) For first implementation. (b) For second implementation.

6.14 150 The length of fiber, the ratio of Q /( Qv  y0 ) (without fluctuation), the ratio of (with fluctuation), and maximum fluctuation for SARG04 with vacuum + one decoy state protocol. (a) For first implementation. (b) For second implementation.

xiv LIST OF FIGURES

Figure No. Page No.

2.1 The concept of Quantum key distribution 12

2.2 Explaining Pauli-X, Pauli-Z and Hadamard gates 14

2.3 Quantum circuit to create EPR pairs 15

2.4 Polarization States on the Poincar´e Sphere 34

2.5 First Quantum Key Distribution Prototype over 32cm of 35 Free Space

2.6 Polarization encoding principle. The pulse arrives at tt 1 if 36

it went through the short arm, and at tt 2 if it went through the long arm. We can then determine the initial polarization state

2.7 Phase Encoding with BB84 protocol 37

2.8 Phase Encoding Principle. Two pulses exit Alice apparatus, 39 and interfere on Bob’s side

2.9 Phase Difference Shift System. Pulses are sent at f0 40

frequency where time 0 corresponds to the propagation over the distance L. Then, each pulse interferes with the following and previous pulses

2.10 Plug&Play QKD System Principle 41

5.1 Fundamental parameters of a Gaussian beam wave: w0 is 99 the minimum beam waist, zR is the Rayleigh length, and Θ is the divergence half angle in the limit z →∞. The transversal intensity profile is Gaussian shaped for all values of z

5.2 The simulation results of QBER of single 111

photon ()e1 against the secure distance of fiber link when  v

5.3 The simulation results of QBER of single 112 photon against the secure distance of fiber link

xv when  v

5.4 The simulation results of the key generation rate against the 112 secure distance of fiber link for different values of x when  v

5.5 The simulation results of the key generation rate against the 113 secure distance of fiber link for different values of when  v

5.6 The simulation results of the key generation rate against the 113 secure distance of fiber link for different decoy state protocols. (a) The asymptotic decoy state method (with infinite number of decoy states) for BB84. (b) The key generation rate of vacuum + two decoy state protocol for BB84. (c) The key generation rate of two decoy state protocol for BB84. (d) The key generation rate of vacuum + one decoy state protocol for BB84. (e) The key generation rate of one decoy state protocol for BB84

5.7 The simulation results of the key generation rate against the 115 signal mean photon number   for SARG04 with only single photon and with both single + two photon contributions. (a) For both single and two photons contributions. (b) For only single photon contributions

5.8 The simulation results of the key generation rate against the 117 distance of fiber link for different decoy state protocols. (a) For both single and two photons contributions. (b) For only single photon contributions. (c) One decoy state when   v . (d) One decoy state when   v

5.9 The simulation results of the key generation rate against the 118 distance of fiber link for different decoy state protocols. (a) For both single and two photons contributions. (b) For only single photon contributions. (c) Vacuum + One decoy state when . (d) Vacuum + One decoy state when

5.10 The simulation results of the key generation rate against the 120 distance of fiber link with data post-processing scheme of GLLP + Decoy + B steps for SARG04. (a) For both single

xvi and two photons contributions using one way communications. (b) For both single and two photons contributions using two way communications (One B step). (c) For both single and two photons contributions using two way communications (Two B steps).

5.11 A ground-satellite uplink 1 hour before sunset (turb  5dB ). 123 The key generation rate against the transmission distance link (km). (a) The asymptotic decoy state method (with infinite number of decoy states) for BB84. (b) The vacuum + two decoy states. (c) Two decoy states. (d) Vacuum + one decoy state. (e) One decoy state.

5.12 A ground-satellite uplink during a typical clear summer day 123

(turb 11dB ).The key generation rate against the transmission distance link (km). (a) The asymptotic decoy state method (with infinite number of decoy states) for BB84. (b) The vacuum + two decoy states. (c) Two decoy states. (d) Vacuum + one decoy state. (e) One decoy state.

5.13 A satellite-ground downlink. The key generation rate 124 against the transmission distance link (km). (a) The asymptotic decoy state method (with infinite number of decoy states) for BB84. (b) The vacuum + two decoy states. (c) Two decoy states. (d) Vacuum + one decoy state. (e) One decoy state. (f) The asymptotic decoy state method (with infinite number of decoy states) for SARG04.

5.14 An inter-satellite link. The key generation rate against the 124 transmission distance link (km). (a) The asymptotic decoy state method (with infinite number of decoy states) for BB84. (b) The vacuum + two decoy states. (c) Two decoy states. (d) Vacuum + one decoy state. (e) One decoy state.

6.1 Optical system of QKDS-A 128

6.2 Color code and symbols used in figures 128

6.3 Electronic system of the QKDS-A station (note: D/A means 130 digital to analog convertor)

6.4 Description of symbols used in the electronic system 130 figures

6.5 Optical system of QKDS-B station 131

xvii 6.6 Electronic system of the QKDS-B station (note: D/A means 133 digital to analog convertor)

6.7 Diffraction of a light beam by traveling acoustic plane 135 waves in an acousto-optic modulator

6.8 First schematic of the experimental set-up in our system. 140 Inside Bob/Jr. Alice: components in Bob/Alice’s package of ID-3000 QKD system. Our modifications: CA: Compensating AOM; CG: Compensating Generator; DA: Decoy AOM; DG: Decoy Generator. Components of original ID-3000 QKD system: LD: laser diode; APD:

avalanche photon diode; Ci: fiber coupler; i : phase modulator; PBS: polarization beam splitter; PD: classical photo detector; FM: faraday mirror. Solid line: SMF28 single mode optical fiber; dashed line: electric signal.

6.9 The second experimental setup of Decoy State Protocol 141

xviii LIST OF ABBREVIATIONS

QKD Quantum Key Distribution BB84 The QKD protocol presented by Bennett and Brassard in 1984 EPR pair A maximally entangled photon pair that originated from the Einstein- Podolsky-Rosen paradox EDP Entanglement distillation protocol LOCC Local operations and classical communication; 1-LOCC: local operations and one-way classical communication; 2-LOCC: local operations and two-way classical communication PDC parametric down-conversion GLLP The security proof of QKD with imperfect devices proposed by Gottesman,Lo, L¨utkenhaus, and Preskill SARG04 The QKD protocol presented by Scarani-Acin-Ribordy-Gisin 2004 CW Continuous wave AOM Acousto-Optic Modulator IM Intensity Modulator VOA Variable Optical Attenuator DG Decoy Generator APD Avalanche Photo Diode OC Optical Coupler D Detector DL Delay Line FR Faraday Mirror PBS Polarization Beam Splitter PC Polarization Controller PD Classical Photo Detector PM Phase Modulator PNS Photon Number Splitting

xix CHAPTER ONE

INTRODUCTION

1.1 INTRODUCTION

The need for highly secure communications systems is quite evident in the world today. Large amounts of information are transferred continuously, whether it be important banking information or a simple phone call. With this growing information exchange, the possibilities for unauthorized reception are also increased. Quantum cryptography is based on physical principles which cannot be defeated. This need for secure communications provided the driving force for interest in quantum cryptography, or quantum key distribution in particular. In 1983 Wiesner put forth as idea for counterfeit-proof money by employing single quantum states (Wiesner, S.,

1983; Bennett, C.H., Bennett, C.H., Brassard, G., Breidbart, S., and Wiesner,S.,

1982). However, storing single quantum states for extended periods of time is difficult in practice, so the idea was treated as an academic curiosity for the most part. In 1984

Bennett and Brassard suggested that instead of using the single quanta states to store information, they could use them to transmit information (Bennett, C.H., and

Brassard, G., 1984). It took several years to make it into experimental reality, and in

1989 the breakthrough experimental free-space system was demonstrated (Bennett,

C.H., and Brassard, G., 1989). Other quantum information systems were also spun off, including quantum key distribution with optical fibers (Bennett, C. H., Bessette, F.,

Brassard, G., Salvail, L., and Smolin, J., 1992) and the use of Einstein-Podolsky-

Rosen entangled pairs (Franson, J.D., and lives, H., 1984).

1 1.2 PREVIOUS WORK

Quantum key distribution (QKD) is the only provably secured method to distribute secret keys between two distant authorized partners, Alice and Bob, whose security is based on the laws of physics (Bennett, C.H., Brassard, G., 1984). Proving the unconditional security of QKD is a hard problem. Fortunately, this problem has recently been solved (Lo, H.-K., and Chau, H. F., 1999). Today, optical fibers are the most promising media for quantum key distribution. Several recent experiments have demonstrated QKD over distances exceeding 100 km (Gobby, C., Yuan. Z., and

Shields, A., 2004; Takesue, H., Diamanti, E., T. Honjo, T., Langrock, C., Fejer, M.M.,

Inoue, K., and Yamamoto, Y., 2005 ; Hiskett, P.A., Rosenberg, D., Peterson, C.G.,

Hughes, R.J., Nam, S., Lita, A.E., Miller, A.J., and Nordholt, J.E., 2006). However, all quantum cryptography systems face some difficulties. The first problem is the need of continuous alignment of the system. In polarization-based systems, the polarization have to be maintained stable over tens of kilometers, in order to keep aligned the polarizer at Alice’s and Bob’s sides. In interferometer systems, usually based on two unbalanced Mach-Zehnder interferometers, one interferometer has to be adjusted to the other every few seconds to compensate thermal drifts. In (Chunyuan, Z., and

Heping, Z., 2003). They have used Time-division phase encoding and decoding that can be realized by controlling the applied electric pulses on integrated phase modulators in the Sagnac loop, which makes this system suitable for a practical quantum cryptography system. In (Jie, C., Guang, W., Yao, L., Wu, E., and Heping,

Z., 2007). they have achieved polarization feedback control in long-distance fiber at single photon level, which facilitated polarization-encoded QKD with long-term stabilities.

2 Although fiber-based transmission is probably optimal for terrestrial communications, several experiments on free space line-of-sight QKD have been done. The ultimate rationale for these experiments is to pave the way for QKD between a low orbiting satellite and earth-bound users. Since the satellite circles the planet, it could in successive short sessions establish a secret key shared by widely separated users (the satellite is considered a trusted party by all of them). The obstacles to implement the satellite-earth QKD are losses due to scattering in the atmosphere, diffraction and atmospheric turbulence, a need for spectral, temporal and spatial filtration for daylight use, suitable telescopic optics, and accurate tracking. The loss and filtration issues have been addressed in the latest experiments to an extent satisfying or exceeding the requirements that a real satellite link would impose. From this standpoint, a satellite QKD link has been shown feasible; the question of implementing it hinges on commercial interest (i.e., a lack thereof for the time being).

Free space experiments use polarization coding and photons in the 600–900 nm wavelength range, for which very good detectors based on silicon APDs exist. After the first demonstration over 300 m in 1996 (Jakobs, B.C., and Franson, J.D., 1996), several experiments in the 0.5–2 km transmission range followed (Buttler, W.T.,

Hughes, R.G., Kwiat, P.G., Lamoreaux, S.K., Luther, G.G., Morgan, G.L., Nordholt,

J.E., Peterson, C.G., and Simmons, C.M., 1998; Rarity, J.G., Gorman, P.M., and

Tapster, P.R., 2001). In 2002, QKD experiments over 10 km distance in daylight at

Los Alamos (Hughes, Nordholt, J.E., Derkacs, D., and Peterson, C.G., 2002) and over

23.4 km at night in Germany (Kurtsiefer, C., Zarda, P., Halder, M., Weinfurter, H.,

Gorman, P.M., Tapster, P.R., and Rarity, J.G., 2002) were reported. A feasibility study of a satellite system exists (Rarity, J.G., Tapster, P.R., Gorman, P.M., and Knight, P.,

2002). In the other extreme, an ultra short range free space QKD setup has been

3 developed, allowing secure generation of key over several tens of centimeters (or at most a few meters) between a portable storage card and a “quantum ATM” (Duligall,

J.L., Godfrey, M.S., Harrison, K.A., Munro, W.J., and Rarity, J.G., 2006).

The most important question of QKD is its security. Real-life QKD systems are often based on attenuated laser pulses (i.e., weak coherent states), which occasionally give out more than one photon. This opens up the possibility of sophisticated eavesdropping attacks such as a photon number splitting attack, where

Eve stops all single-photon signals and splits multi-photon signals, keeping one copy to herself and re-sending the rest to Bob (Lütkenhaus, N., and Jahma, M., 2002).

Gottesman-Lo- Lütkenhaus-Preskill (GLLP) showed, however, that it is still possible to obtain unconditionally secret key by BB84 protocol with such imperfect light sources, although the key generation rate and distances are very limited (Gottesman,

D., Lo, H.-K., Lütkenhaus, N., and Preskill, J., 2004). These problems have been solved using the decoy state method introduced by Hwang (Hwang, 2003). The decoy state method achieves unconditional security based on quantum mechanics as well as improves dramatically the performance of the QKD. Also it faithfully estimates the upper bound of multi-photon counting rate through decoy–pulses regardless of the attack type. The basic idea of the decoy state QKD is: in addition to the signal state with the specific average photon number, one introduces some decoy states with some other average photon numbers and blends signal states with decoy states randomly in

Alice’s side. The decoy state QKD can be used to calculate the lower bound of counting rate of single-photon pulses and upper bound of quantum bit error rate

(QBER) of bits generated by single-photon pulses. Many methods have been developed to improve the performance of the decoy states QKD (Wang, 2005a), including more decoy states (Wang, 2005b), no orthogonal decoy-state method (Li, J.-

4 B., and Fang, C. X.-M., 2006), photon number-resolving method (Qing-yu, C., and

Yong-gang, T., 2006), herald single photon source method (Tomoyuki, H., and

Takayoshi, K., 2006), modified coherent state source method (Yin, Z.-Q., Han, Z.-F.,

Sun, F.-W., and Guo, G.-C., 2007), the intensity fluctuations of the laser pulses

(Wang, X.-B., Peng, C.-Z., and Pan, J.-W., 2007). Some prototypes of decoy state

QKD have already been implemented (Zhao, Y., Qi, B., Ma, X., Lo, H.-K., and Qian,

L., 2006; Yuan, Z. L., Sharpe, A. W., and Shields, A. J., 2007). The effect of source errors and statistical fluctuations need to be considered in practical decoy state QKD.

Recently, there are some important works on the effect of source errors and statistical fluctuations (Wang, X.B., Yang, L., Peng, C.Z, and Pan, J.W., 2009).

The idea of the B92 protocol to use a pair of non-orthogonal states to encode the bit values 0 and 1 can be extended to more than one pair in order to enhance the robustness of the resulting protocol to photon number splitting attacks compared to

BB84. The SARG04 protocol (Scarani, V., Acin, A., Ribordy, G., and Gisin, N.,

2004) differs from the BB84 protocol only in the classical sifting procedure, but uses the same four quantum states. It allows to generate unconditionally secure keys not only from the single photon component of a weak laser pulse source, but also from the two-photon signals (Tamaki, and Lo, 2006). This is not surprising from the viewpoint of unambiguous state discrimination: unambiguous discrimination among N states of a qubit space is only possible when at least N − 1 identical copies of the state are available for measurement (Tamaki, and Lo, 2006). In the case of 4 states as in BB84, at least 3 copies are required for Eve to distinguish the states. Hence, it is safe to use not only one-photon signals, but also two-photon signals for key generation in the

SARG04 protocol.

5