[Left to Right] Hualei Yin, Tengyun Chen, Yanlin Tang.
Authors: Yan-Lin Tang1,2, Hua-Lei Yin1,2, Si-Jing Chen3, Yang Liu1,2, Wei-Jun Zhang3, Xiao Jiang1,2, Lu Zhang3, Jian Wang1,2, Li-Xing You3, Jian-Yu Guan1,2, Dong-Xu Yang1,2, Zhen Wang3, Hao Liang1,2, Zhen Zhang2,4, Nan Zhou1,2, Xiongfeng Ma2,4, Teng-Yun Chen1,2, Qiang Zhang1,2, Jian-Wei Pan1,2
1National Laboratory for Physical Sciences at Microscale and Department of Modern Physics, Shanghai Branch,
University of Science and Technology of China, Hefei, China,
2CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics,
Shanghai Branch, University of Science and Technology of China, Hefei, China,
3State Key Laboratory of Functional Materials for Informatics, Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences, Shanghai, China,
4Center for Quantum Information, Institute for Interdisciplinary Information Sciences, Tsinghua University,
Information security is a long-standing problem in history. Nowadays, with the developing requirement of information transmission, the security becomes a much more sensitive problem. By leveraging the laws of quantum Mechanics, Quantum Key Distribution (QKD)  can provide a solution for information-theoretical security. As the most practical application of quantum information technology, it is under rapid development in both theoretical and experimental aspects. Besides the standard BB84 protocol, various protocols are proposed subsequently to adapt to different situations. Meanwhile, the QKD systems are successfully transformed from controlled laboratory environments to real-life implementations, and quite a few commercial QKD systems are available in the market up till now.
Despite these tremendous developments, real-world QKD systems still suffer from various attacks [2-4] which explore the loopholes rooted in the deviations of practical implementations from the theoretical models in security proofs. Most of these attacks are targeting at the measurement devices. Among them, the first successful attack is the time-shift attack  which explores the loophole of time-dependent efficiency mismatch of two detectors. The most powerful kind of attacks is the detector-blinding attack , which fools the detector to work in the unwanted linear mode and forces them to act according to Eve’s will. Although certain countermeasures are provided to close some specific side channels, there might still be some side channels which are hard to estimate and will cause potential threats. So we are looking for an effective solution to close these loopholes once and for all.
Fortunately, Measurement-Device-Independent Quantum Key Distribution (MDIQKD) was invented by H-.K-. Lo in 2012  to remove all side channels from the most vulnerable measurement unit. This protocol is inspired by the time-reversed EPR protocol , and it does not rely on any measurement assumption and can thus close all the measurement loopholes once and for all. Since its invention, it has attracted worldwide attention, and has been successfully demonstrated based on various MDIQKD systems, including polarization encoding system [7,8] and time-bin phase-encoding system [9,10]. In view of the performance, these previous MDIQKD demonstrations have limitations as well, such as short distance and a poor key rate (the best is 0.1 bps@50km ). This is so because the critical element of MDIQKD protocol is the Bell-state measurement, which requires both perfect interference of two independent laser sources and efficient two-fold coincidence detection. It imposes severe technical challenges on the laser modulation, high-efficiency detection and system stabilization. Therefore, based on the previous results and the intrinsic requirements of MDIQKD, people might still wonder that this ingenious protocol is a fancy but impractical idea.
In this recent work published in Physical Review Letters  by our group, we have extended the MDIQKD secure distance to state-of-the-art 200 km, comparable with the limit of regular decoy-state BB84 protocol. The secure key rate is almost three orders of magnitude higher than the previous results of MDIQKD demonstrations. These results are achieved with a fully-automatic highly-stable 75 MHz system and high-efficiency superconducting single photon detectors (SNSPDs), as shown in Fig. 1. We also employ an optimized decoy-state scheme and new post-processing method with a much lower failure probability than previous ones.
Fig.1: (a) Schematic layout of our MDIQKD setup. Alice's (Bob's) signal laser pulses (1550 nm) are modulated into three decoy-state intensities by AM1. An AMZI, AM2~4 and one PM are to encode qubits. Charlie's setup consists of a polarization stabilization system and a BSM system. The polarization stabilization system in each link includes an electric polarization controller (EPC), a polarization beam splitter (PBS) and an InGaAs/InP single-photon avalanche photodiode (SPAPD). The BSM system includes an interference BS and two SNSPDs. (b) Time calibration system. Two synchronization lasers (SynL, 1570 nm) are adopted, with the 500 kHz shared time reference generated from a crystal oscillator circuit (COC) and with the time delayed by a programmable delay chip (PDC). Alice (Bob) receives the SynL pulses with a photoelectric detector (PD) and then regenerates a system clock of 75 MHz. WDM: wavelength division multiplexer, ConSys: control system. (c) Phase stabilization system. Circ: circulator, PC: polarization controller, PS: phase shifter.
This is the first time we increase the repetition rate to 75 MHz, compared with 1MHz of our previous demonstration . The repetition rate improvement owes to the laser source with good waveform, the high-speed electrical control system, and the superconducting single photon detector with a small time jitter of a few 10 ps . In terms of high-speed laser modulation, we remark that the speed improvement for MDIQKD is not as easy as that for regular BB84 protocol, since the indistinguishability of two independent laser sources has some subtle requirements for laser modulation. Firstly, we should adopt direct laser modulation to ensure the phase is intrinsically randomized to avoid the unambiguous-state-discrimination attack . The problem is that in a high-speed situation, the current mutation will induce severe overshoot, ringing and chirp inside the laser pulse. Especially, the chirp adds an extra phase at the tail of our laser pulse. Thus, we cut off the tail part by an amplitude modulator (AM), to optimize the laser interference and ensure the waveform indistinguishability. Secondly, regarding the vacuum state modulation (based on the vacuum+weak decoy state scheme), we should take the influence of the direct laser modulation into consideration, which is not a severe problem for regular BB84 protocol. We find that when we randomly modulate some laser pulses into vacuum state by not sending triggering signal to the laser (namely direct laser modulation), the interference visibility will decrease to a very bad level. This is because of the aperiodic triggering signals to the laser which introduce large temperature fluctuation and wavelength fluctuation. The wavelength fluctuation thus causes imperfect interference. To avoid this effect, instead of direct vacuum modulation, we adopt an alternative method of external vacuum modulation by AM. We utilize three AMs, within which only one is for decoy state encoding, and the other two are mainly used for qubit encoding and are also beneficial to decrease the vacuum intensity. Thus a high extinction ratio of the vacuum state of more than 10000 : 1 is achieved.
This is also the first time superconducting nanowire single-photon detectors (SNSPD), one of the best single photon detectors at near-infrared (NIR) wavelengths, is applied in an MDIQKD system. Since the BSM, the essence of MDIQKD, requires two-fold coincidence detection, the key rate is proportional to the square of detection efficiency. In our experiment, operated below 2.2 K with a Gifford-McMahon cryocooler, two SNSPDs with detection efficiencies of 40% and 46% largely improve the key rate. Besides, the low dark count rate of 10 Hz helps to achieve an enough signal-to-noise ratio even at 200 km distance. Besides the high detection efficiency and low dark count, there is another important property, small timing jitter of a few 10 ps, which is beneficial for QKD performance, especially the system timing jitter and repetition rate. We can expect an improvement of 1 GHz up to 10 GHz MDIQKD system adopting the SNSPD in the near future.
Another important element for achieving 200 km distance is the system stabilization. Since the 200 km situation will make the system stability difficult because of the severe fiber fluctuation, and make it even harder with weak feedback signals due to large fiber attenuation. Besides, since the detection rate is slower in 200 km, we need more time to accumulate enough data required by strict fluctuation analysis. In short, we need our system to work in a worse environment for a longer time. Faced with these problems, we build a fully-automatic feedback system without manual efforts to precisely calibrate and stabilize all the parameters, such as the time, spectrum, polarization and the phase reference. Although the whole feedback system is a challenge in engineering, it is critical to enable continuous running and will be a necessary component in practical MDIQKD system.
Fig.2: Bird's-eye view of the field-environment MDIQKD. Alice is placed in Animation Industry Park in Hefei (AIP), Bob in an office building (OB), and Charlie in the University of Science and Technology of China (USTC). Alice (Bob) is on the west (east) side of Charlie. AIP-USTC link is 25 km (7.9 dB), and OB-USTC link is 5 km (1.3 dB).
To further show the practical value of MDIQKD in an unstable environment, we have moved the system into installed fiber network and implemented a field test as shown in Fig. 2 . Previously, an MDIQKD field test was attempted over an 18.6 km deployed fiber, however, a secure key was not actually generated since random modulated decoy state was not performed. In comparison, our field test strictly adopts the decoy-state scheme to guarantee the source security. With optimized decoy-state parameters and Chernoff bound in strict fluctuation analysis with tight failure probability of 2×10−9
, we have achieved secure key rates of 67 bps (@50km in the laboratory for 130.0 hours) and 17 bps (@30km in the field test for 18.2 hours), shown in Fig.3, which are at least two orders of magnitude higher than previous results.
Fig. 3: Secure key rates of experiments in the laboratory and in the field test, as well as the simulation results. The four dots correspond to the experimental results with the fiber transmitting loss of 9.9 dB (50 km), 19.9 dB (100 km), 29.8 dB (150 km) and 39.6 dB (200 km). The solid curve shows the result calculated by simulating the vacuum+weak decoy state scheme with the experimental parameters. The dashed curve represents the optimal result with infinite number of decoy states. The square marks the field test result, which is 17 bps. Also shown are results from the previous demonstration for comparison.
These technological advances in our work constitute a critical ingredient for quantum repeater , the core resource for long distance quantum communication. Besides, the MDIQKD protocol has an intrinsic property which is desirable for constructing quantum network  with the star-type structure. We can place the expensive detection system in the server node to perform the BSM operation, and all the users can share this system. Furthermore, the techniques of stable BSM we developed have many other applications, such as quantum teleportation  and quantum fingerprinting .
 Charles H. Bennett and Gilles Brassard, "Quantum cryptography: Public key distribution and coin tossing”, in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (Bangalore, India, 1984), pp. 175–179. Full Article.
 Chi-Hang Fred Fung, Bing Qi, Kiyoshi Tamaki, Hoi-Kwong Lo, “Phase-remapping attack in practical quantum-key-distribution systems”. Physical Review A, 75, 032314 (2007). Abstract.
 B. Qi, C.-H. F. Fung, H.-K. Lo, and X. Ma, “Time-shift attack in practical quantum cryptosystems”, Quantum Information & Computation, 7, 073 (2007).
 Lars Lydersen, Carlos Wiechers, Christoffer Wittmann, Dominique Elser, Johannes Skaar, Vadim Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination”, Nature Photonics, 4, 686 (2010). Abstract.
 Hoi-Kwong Lo, Marcos Curty, Bing Qi, “Measurement-Device-Independent Quantum Key Distribution”, Physical Review Letters, 108, 130503 (2012). Abstract.
 Eli Biham, Bruno Huttner, Tal Mor, “Quantum cryptographic network based on quantum memories”. Physical Review A, 54, 2651 (1996). Abstract.
 Zhiyuan Tang, Zhongfa Liao, Feihu Xu, Bing Qi, Li Qian, Hoi-Kwong Lo, “Experimental Demonstration of Polarization Encoding Measurement-Device-Independent Quantum Key Distribution”, Physical Review Letters, 112, 190503 (2014). Abstract.
 T. Ferreira da Silva, D. Vitoreti, G. B. Xavier, G. C. do Amaral, G. P. Temporão, J. P. von der Weid, “Proof-of-principle demonstration of measurement-device-independent quantum key distribution using polarization qubits”, Physical Review A, 88, 052303 (2013). Abstract.
 A. Rubenok, J. A. Slater, P. Chan, I. Lucio-Martinez, W. Tittel, “Real-World Two-Photon Interference and Proof-of-Principle Quantum Key Distribution Immune to Detector Attacks”, Physical Review Letters, 111, 130501 (2013). Abstract.
 Yang Liu, Teng-Yun Chen, Liu-Jun Wang, Hao Liang, Guo-Liang Shentu, Jian Wang, Ke Cui, Hua-Lei Yin, Nai-Le Liu, Li Li, Xiongfeng Ma, Jason S. Pelc, M. M. Fejer, Cheng-Zhi Peng, Qiang Zhang, Jian-Wei Pan, “Experimental Measurement-Device-Independent Quantum Key Distribution”. Physical Review Letters, 111, 130502 (2013). Abstract.
 Yan-Lin Tang, Hua-Lei Yin, Si-Jing Chen, Yang Liu, Wei-Jun Zhang, Xiao Jiang, Lu Zhang, Jian Wang, Li-Xing You, Jian-Yu Guan, Dong-Xu Yang, Zhen Wang, Hao Liang, Zhen Zhang, Nan Zhou, Xiongfeng Ma, Teng-Yun Chen, Qiang Zhang, Jian-Wei Pan, “Measurement-device-independent quantum key distribution over 200 km”. Physical Review Letters, 113, 190501 (2014). Abstract.
 Xiaoyan Yang, Hao Li, Weijun Zhang, Lixing You, Lu Zhang, Xiaoyu Liu, Zhen Wang, Wei Peng, Xiaoming Xie, Mianheng Jiang, “Superconducting nanowire single photon detector with on-chip bandpass filter”, Optics Express, 22, 16267 (2014). Abstract.
 Yan-Lin Tang, Hua-Lei Yin, Xiongfeng Ma, Chi-Hang Fred Fung, Yang Liu, Hai-Lin Yong, Teng-Yun Chen, Cheng-Zhi Peng, Zeng-Bing Chen, Jian-Wei Pan, “Source attack of decoy-state quantum key distribution using phase information”, Physical Review A, 88, 022308 (2013). Abstract.
 Yan-Lin Tang, Hua-Lei Yin, Si-Jing Chen, Yang Liu, Wei-Jun Zhang, Xiao Jiang, Lu Zhang, Jian Wang, Li-Xing You, Jian-Yu Guan, Dong-Xu Yang, Zhen Wang, Hao Liang, Zhen Zhang, Nan Zhou, Xiongfeng Ma, Teng-Yun Chen, Qiang Zhang, Jian-Wei Pan, “Field Test of Measurement-Device-Independent Quantum Key Distribution”, arXiv:1408.2330 [quant-ph] (2014).
 H.-J. Briegel, W. Dür, J. I. Cirac, P. Zoller, “Quantum Repeaters: The Role of Imperfect Local Operations in Quantum Communication”, Physical Review Letters, 81, 5932 (1998). Abstract.
 Jane Qiu, “Quantum communications leap out of the lab”, Nature, 508, 441 (2014). Article.
 Charles H. Bennett, Gilles Brassard, Claude Crépeau, Richard Jozsa, Asher Peres, William K. Wootters, “Teleporting an unknown quantum state via dual classic and Einstein-Podolsky-Rosen channels”, Physical Review Letters, 70, 1895 (1993). Abstract.
 Harry Buhrman, Richard Cleve, John Watrous, Ronald de Wolf, “Quantum Fingerprinting”, Physical Review Letters, 87, 167902 (2001). Abstract.