# Discrete-Variable Quantum Key Distribution

On: Jul 04, 2024

In: Quantum Communications

#### What does “Discrete Variables” refer to?

Discrete variables (DV) **refers to quantities that can be counted based on specific and indivisible observations**, in opposition to continuous variables (CV) that can take any value with a range. In the context of QKD, DV protocols are associated to weak/attenuated pulses and single-photon detectors, while CV protocols use squeezed or coherent states with homodyne receivers.

#### Where is the “quantum” in DV-QKD?

For quantum information, classic bits (0 and 1) must become quantum bits –QuBits– as |0⟩ and |1⟩. To do so with photons, states of polarization or phase are randomized, acting as pairs of complementary properties that cannot be accurately measured simultaneously, as per a generalized entropic uncertainty relations [1, 2].

Furthermore, the no-cloning theorem states that it is impossible to create perfect copies of an arbitrary unknown quantum state [3].

Some DV-QKD protocols even add another layer by leveraging quantum entanglement between two photons.

**These quantum mechanics properties are the foundations of the higher security level associated to QKD.** In comparison, post-quantum cryptography (PQC) algorithms are deemed secure only until proven otherwise. This nuance is important and makes the coexistence of both cryptography methods the best solution going forward; crypto diversity through orthogonal protection approaches multiples the points of failures before a communication goes unsecure.

**For an introduction on QKD, refer to Quantum Key Distribution in Optical Communications (teraxion.com)**

#### DV-QKD protocols

Various DV-QKD protocols were published, with a few being commercialized. The most common ones are BB84 decoy states variants, COW-QKD and DPS-QKD, which are presented below.

Other examples include DI QKD protocols such as MDI (measurement device independent) and TF (twin-field), B92, six-state, BBM92, SARG04 and RRDPS protocols [4].

#### BB84 protocol

BB84 is the first QKD protocol published in 1984 by Brassard and Benett, thus the name, from which multiple variants were derived [5].

Quantum states are created using orthogonal states of polarization, from two basis sets rotated 45° relative to each other: HV (horizontal/vertical) and DA (diagonal/antidiagonal).

QuBits | HV Polarization Basis | AD Polarization Basis |

|0⟩ | |H⟩ = 0° | |D⟩ = 45° |

|1⟩ | |V⟩ = 90° | |A⟩ = 135° |

This protocol was originally proposed for use with single photon sources. In practice, QKD systems use an alternate version of BB84 that allows attenuated laser pulses (weak coherent pulses) with potentially more than one photon. Decoy states with lower intensities are added and their detection statistics used to validate against eavesdropping.

Figure 1 and Figure 2 below summarize the basics of BB84 using a single-photon source and the decoy-state technique for use with attenuated pulses.

**Figure 1.** Schematic representation of BB84 protocol. [1] Alice applies a random polarization sequence on the photon source and records the bases, and the polarization within the bases, used for each bit. [2] Alice sends the photons output to Bob. [3] Bob measures the photons with a random basis set. [4] Alice and Bob share the basis sets they used. Alice and Bob discard the bits measured with the wrong bases. [5] Alice and Bob share a fraction of the remaining data to validate the symmetry. i) If not the same, eavesdropping is suspected. Abort. ii) If the same: Link is secure. Both use remaining data to establish key.

**Disclaimers:**

- Exact protocol may differ from one implementation to another. For example, sharing of bases and sifted key extract may only be executed by Bob and validated by Alice.

- This scheme does not represent the optical losses and interferences from the imperfections on both the quantum channel and classical channel. This implies additional measurements and validations.

- This scheme does not account for privacy amplification.

**Figure 2.** Schematic representation of BB84 signals and decoys, with comparison of expected statistics

#### DPS protocol

DPS-QKD (Differential Phase-Shift) is instead using phase encoding and relies on the coherence between subsequent pulses to measure in-phase and π-shifted pulses, linked to |0⟩ and |1⟩ qubits.

QuBits | Pulse 1 | Pulse 2 |

|0⟩ | 0° | 0° |

|0⟩ | π | π |

|1⟩ | π | 0° |

|1⟩ | 0° | π |

The expected statistics on each detector following Bob’s interferometer would be disturbed by an eavesdropper adding his own interferometer/detector setup in the quantum channel. Even if photons are stolen and reinjected (photon-splitting attack), this would reduce the number of times photons are properly recombined at the detectors.

Figure 3 below illustrates how subsequent pulses (π-shifted in the example) can simultaneously reach the proper detector and lead to a qubit used for the key establishment.

**Figure 3.** Schematic representation of DPS-QKD protocol

#### COW protocol

COW-QKD (Coherent One Way) uses intensity modulation within a two-pulse time bin to define a qubit.

Phase remains the same within a time-bin.

Decoy goes through the interferometer to validate phase coherence between subsequent non-empty pulses. If not, communication is potentially unsecure and cannot be trusted.

The protocol since evolved to add vacuum decoys [6] or to use 3 states within a time bin [7] (variants A and B, respectively, in Figure 4 below) to improve its security against eavesdropping.

Time-bin types | Pulse 1 | Pulse 2 |

|0⟩ | |vac⟩ | |α⟩ |

|1⟩ | |α⟩ | |vac⟩ |

Decoy | |α⟩ | |α⟩ |

Vacuum Decoy | |vac⟩ | |vac⟩ |

|vac⟩ = empty pulse |α⟩ = pulse with photon |

**Figure 4.** Schematic representation of COW-QKD protocols

#### Entanglement based DV-QKD

Protocols such as E91 [8] and BBM92 [9] will not encode photons as discrete variables per se but will measure entangled photons as such. The light source could be anywhere and will dispatch a branch of the entangled photons to Alice and the other branch to Bob.

The entangled photons remain correlated to each other regardless of their location and any measurement performed on one will provide information on the state of the other. Some will even argue that it will “define” the other state through the collapse of the wavefunction. In any case, eavesdropping would unequivocally break the correlation, as seen and expected by Alice and Bob.

In practice, using the E91 protocol [10] as example, Alice and Bob will detect photons using various polarization basis sets, with one unique on each side and two being identical. The use of such basis sets entails specific probabilities of measuring the same qubits for Alice and Bob, and therefore statistics that would not be as expected if an eavesdropper tempers with the quantum signal.

Conjugate bases | Alice | Bob |

#1 | 0° | |

#2 | 45° | 45° |

#3 | 90° | 90° |

#4 | 135° |

Figure 5 below summarize the basics of the E91 protocol.

**Figure 5.** Schematic representation of E91 protocol. [1] Entangled photons are generated and sent to Alice and Bob through a quantum channel, for measurement. [2] Both Alice and Bob measure their photon sequence with a random selection of their 3 bases. Alice and Bob share 2 common bases, and each have a unique one. [3] Alice and Bob publicly share the basis set they used. [4] Alice and Bob use photons measured with the same basis to define the sifted key. A part of that sifted key is publicly share and used to estimated the QBER. The remaining is used to establish the final secure key. [5] The measurements made with different bases are used to perform a CHSH inequality test, to disprove Bell’s theorem. i) Quantum correlations were not tempered with and the calculated statistics are as expected. Link is secure. ii) Statistical results from Alice’s measurements and Bob’s basis sets do not agree with expected statistics. Eve eavesdroped. Abort.

#### How TeraXion supports DV-QKD systems

##### Dispersion compensation and emulation

The shorter the pulse duration, the more qubits can be shared. At longer distances, dispersion broadens pulses to the point where they can overlap. Considering pulses with an average photon number below 1, a photon attributed to the wrong pulse quickly becomes a problem (see Figure 6 below).

**Figure 6.** Schematic representation of overlapping pulses and the impact of photons being wrongly assigned.

**TeraXion DCML and TDCMX-SM** are SMF-slope-matched dispersion compensators, fixed and tunable, respectively. They both exhibit compensation channels covering the entirety of the C-band. These products are Telcordia-qualified and have been used for several years as standard components in the telecom industry, for 10 to 200 km links.

Single-channel compensators and emulators can also be tailored to specific requirements, a solution that is particularly suitable for EB-QKD protocols where entangled photons are following different optical paths.

And finally, for laboratory uses, **the CDE and TDCMB products can be used to compensate/emulate high levels of dispersion.** The CDE is a fixed-dispersion module configurable with multiple ports to test increments of dispersion. The TDCMB is a tunable dispersion module that can be either channelized, or continuous, i.e. a single channel can be tuned across the whole C-band.

##### Low noise lasers

Frequency noise and drift can increase the impact of dispersion on the QBER. Narrow linewidth lasers provide higher stability, helping achieve a well-defined and constant time envelop for pulses.

Since the DPS protocol relies on phase coherence between two pulses within a time bin, phase noise is obviously to be considered.**TeraXion LXM is a compact industrial laser, easy to integrate in a commercial system, that can bring high-performance and reliability to any QKD system.**

##### Optical filters

Narrowband filters with high optical isolation and small tolerances ensure that interferences are minimized.

- White noise would decrease signal to noise ratio

- Stimulated Raman scattering from coexistence with classical telecom signal would directly impact detection statistics

- “Leakages” from components within the optical system could be leveraged for cyberattacks.

Optical filters can also act as isolators and provide an extra security against attacks.

**TeraXion optical filters** can be tailored to the most challenging requirements (see Figure 7 below for visual references):

- Narrow filters: down to 2 GHz bandwidth

- Ultra-narrow filters: notch bandpass filters with 35 – 500 MHz bandwidth

- Steep edges: typically 5 dB/GHz, up to more than 10 dB/GHz

- High isolation:

• Reflectivity can reach 99.9999% to strongly suppress signals (60 dB isolation between transmitted signal and reflection)

• Side mode suppression ratio can reach up to 35 dB per reflection/circulator port

- Low insertion loss: the transmitted signal will typically have an insertion loss lower than 0.1 dB, while the reflected signal will be mostly dependent on the IL of the circulator

**Figure 7.** Examples for both transmission mode and reflection mode FBG filter use cases.

Whenever thermal stability or tunability is needed, a wide range of packages and modules are available, each with their unique benefits.

Explore Athermal Optical Filter

Explore Ultra Narrowband Tunable Optical Filter

#### Bibliography

[1] Hans Maassen and J. B. M. Uffink, Generalized entropic uncertainty relations, 1988, vol. 60, no. 12, p. 1103

https://doi.org/10.1103/PhysRevLett.60.1103

[2] Patrick J. Coles et al., Entropic uncertainty relations and their applications, Rev. Mod. Phys., 2017, vol. 89, p. 015002

https://doi.org/10.1103/RevModPhys.89.015002

[3] W. K. Wootters and W. H. Zurek, A single quantum cannot be cloned, Nature, 1982, vol. 299, pp. 802–803

https://doi.org/10.1038/299802a0

[4] ITU-T FG QIT4N D2.3-part 1: Quantum key distribution network protocols: Quantum layer

https://www.itu.int/dms_pub/itu-t/opb/fg/T-FG-QIT4N-2021-D2.3.1-PDF-E.pdf

[5] Charles H. Bennett and Gilles Brassard, Quantum cryptography: Public key distribution and coin tossing, Theor. Comput. Sci., 2014, vol. 560, pp. 7-11

https://doi.org/10.1016/j.tcs.2014.05.025

[6] Rui-Qi Gao et al., Simple security proof of coherent-one-way quantum key distribution, Optics Express, 2022, vol. 30, no. 13, pp. 23783-23795

https://doi.org/10.1364/OE.461669

[7] Emilien Lavie and Charles C.-W. Lim, Improved Coherent One-Way Quantum key Distribution for High-Loss Channels, Phys. Rev. Appl., 2022, vol. 18, no. 6, p. 064053

https://doi.org/10.1103/PhysRevApplied.18.064053

[8] Artur K. Ekert, Quantum cryptography based on Bell’s theorem, Phys. Rev. Lett., 1991, vol. 67, no. 6, p. 661

https://doi.org/10.1103/PhysRevLett.67.661

[9] Charles H. Bennett, Gilles Brassard, and N. David Mermin, Quantum cryptography without Bell’s theorem, Phys. Rev. Lett., 1992, vol. 68, no. 5, p. 557

https://doi.org/10.1103/PhysRevLett.68.557

[10] Nikolina Ilic, The Ekert Protocol http://www.ux1.eiu.edu/~nilic/Nina's-article.pdf