Multipartite Continuous Variable Quantum Conferencing Network with Entanglement in the Middle

Featured Application

This work may be used to establish a cryptographic conference for more than 100 users.

Abstract

We suggest a continuous variable quantum conferencing network scheme with an entangled source in the middle. Here, the source generates a multipartite entangled state and distributes the modes of the state to an arbitrary number of legitimate network users. The entangled modes that were received and measured by the users share mutual information, which is utilized to generate secure conferencing key between users. The scheme is proven secure against collective attacks on both the untrusted source in the middle and all the quantum links. Simulation results show that the presented scheme can achieve high rate secure conferencing for 100 users within a 400 m-radius community or factory area.

1. Introduction

Quantum key distribution (QKD) [1,2,3], which is one of the most widely implemented areas of quantum information, enables secure communication for legal participants over public channels. The security of QKD has been guaranteed on the theory of quantum physics against adversaries with unlimited computing power [4,5]. Continuous variable (CV) QKD [6,7,8] provides secret key rates as high as half of the Pirandola–Laurenza–Ottaviani–Banchi bound with off-the-shelf devices. So far, theoretical studies and experimental implementations of CVQKD have been put forward, respectively.

As a crucial landmark, a quantum network was proposed to extend QKD from point-to-point configuration to a multi-user and large-scale scenario. A series of quantum networks based on point-to-point QKD devices are designed and developed [9,10,11,12,13], including two principle types: quantum channel switching networks [14] and trusted-repeater-based quantum networks [15]. However, in these quantum network schemes, quantum memories are required for restoring quantum states. Moreover, there is an urgent need to address the security problems caused by the repeater nodes in the quantum networks, which may not be trusted in practical situations.

Recent developments in the field of entanglement based multipartite QKD [16,17,18] have led to a renewed interest in the construction of QKD. Unlike the conventional point-to-point QKD, the CV QKD with entanglement in the middle [16] utilizes an untrusted third party to generalize Einstein-Podolsky-Rosen states, which are used for establishing the secure communication between two legitimate parties against both collective attacks and coherent attacks [18]. On this basis, the tripartite CV QKD with entanglement source in the middle is proposed for providing secure key generation of three legitimate parties against coherent attacks on both the quantum links and the untrusted source. Although some research has been carried out on the CV QKD with entanglement in the middle, the mechanism by which utilizes an untrusted entanglement source to build a quantum network with arbitrary number of users has not been established.

Recently, an measurement-device-independent (MDI) star network based on CV systems has been proposed [19], which provides high-rate quantum conference and quantum secret sharing services of a building-sized transmission distance. However, the commercial implementation of this MDI star network is limited by the transmission distance. This paper proposes a new methodology for constructing a quantum conferencing network with an entanglement source in the middle, based on multipartite CV Greenberger-Horne-Zeilinger (GHZ) states generation and homodyne detection. Entangled modes of CV GHZ states are generated in the untrusted source in the middle, and distributed to an arbitrary number of legitimate network users. After the homodyne detections of the received modes and the postprocessing procedures, each pair of the parties share mutual information for generating multipartite quantum cryptographic conferencing key. Security analysis proves that the entanglement-based quantum conferencing scheme is able to provide secure communication against collective attacks. Moreover, by applying a Gaussian de Finetti reduction [20], the security against coherent attacks is also guaranteed [19]. Simulation results show that our scheme can establish high rate secure conferencing communication for about 100 users in a quantum network with a radius of hundreds of meters.

This paper is organized as follows. In Section 2, we propose the multipartite quantum conferencing scheme with entanglement in the middle. In Section 3, we analyze the security of the scheme against collective attacks and provide a derivation progress for the key rate. The simulation results are shown in Section 4. Finally, we draw our conclusions in Section 5.

2. A Quantum Conferencing Scheme with Entanglement in the Middle

The proposed entanglement-based CV quantum conferencing network is consists of an arbitrary number (N) of legitimate users, an entanglement source in the middle and links from the source to the users, which include classical networks and quantum channels. The entanglement source prepares an x-quadrature-squeezed state ${\widehat{\mathrm{a}}}_1$ and $N-1$ p-quadrature-squeezed state ${\widehat{\mathrm{a}}}_{2,\cdots ,N}$, which are illustrated in Figure 1. As shown in Figure 1, the source combines the above N states by a sequence of beam splitters with decreasing transmissivities $T_k=1-1/(N-k+1)$ for $k=1,\cdots ,N-1$. The output modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{\prime }$ after the combinations by the beam splitters are entangled in a multipartite GHZ state which satisfies the relations of x-quadratures ${\sum }_{k=1}^N{\widehat{\mathrm{a}}}_k^{\prime x}\to 0$ and p-quadratures ${\widehat{\mathrm{a}}}_k^{\prime p}-{\widehat{\mathrm{a}}}_{k^{\prime }}^{\prime p}\to 0$ for any $k,k^{\prime }=1,\cdots ,N$. This multipartite GHZ state is utilized for generating secret key in our quantum conferencing scheme.

The source sends the N modes of the GHZ state to N legitimate parties named as ${\mathrm{Bob}}_{1,\cdots ,N}$, respectively. The entangled modes travel through N noisy quantum channels toward the users, respectively. For simplicity, we consider a symmetric configuration of the quantum conferencing scheme that all quantum channels from the source to the users have the same length. In a practical scenario, the transmissivity and thermal noise of the longest quantum channel are selected as the reference to the network configuration. The legitimate parties receive the N entangled modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{″}$ transmitted through the quantum channels and perform homodyne detection on them, respectively. With the measurement results, the users share mutual information which can generate a secret key for network communication after post-processing procedures. For a quantum conferencing scheme, the result of the ith user is used for reference to the reconciliation procedures, which let other users generate secret keys that can establish secure communication with the ith user, respectively. The CV quantum conferencing protocol with an entanglement source in the middle goes as follows.

• The source in the middle prepares a CV GHZ state ${\rho }_1$ of N entangled modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{\prime }$, and sends them to N legitimate parties ${\mathrm{Bob}}_{1,\cdots ,N}$ through quantum channels with the same transmissivity $\eta$, respectively.
• After travelling through the noisy channels, N entangled modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{″}$ of the multipartite GHZ state ${\rho }_2$ are received by ${\mathrm{Bob}}_{1,\cdots ,N}$, respectively.
• The users perform homodyne detections on the p-quadratures of the received modes, respectively. Then, they perform quadrature measurement.
• With the results of the measurement, the users use a public channel to complete following procedures as parameter estimation, information reconciliation and privacy amplification.

Collective Attacks on Quantum Conferencing Scheme with Entanglement in the Middle

The best attack strategy of the eavesdropper Eve on the quantum star network is to perform attacks on all the quantum links and the entangled source in the middle. Since the Gaussian state can maximize the information of both the users and Eve, we consider the worst case that Eve fakes the source and prepares the multipartite Gaussian GHZ state herself [16]. Moreover, the Gaussian attacks of the links and the entangled source can be reduced to an attack of the links only [21].

At the beginning of eavesdropping, Eve replaces each of the original lossy channels with a noiseless channel and a beam splitter, of which the transmissivity is equal to the channel loss of the original channel $\eta$, and the thermal noise is $\overline{n}$. Eve prepares entangled ancillary modes ${\widehat{\mathrm{E}}}_{1,\cdots ,N}$ and injects them onto the entangled modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{\prime }$ by her beam splitters of the channels, respectively. The output ancillary modes ${\widehat{\mathrm{E}}}_{1,\cdots ,N}^{\prime }$ are stored in Eve’s quantum memory, and the injected modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{″}$ are sent to the users, respectively. For each ancillary mode of the beam splitters, Eve performs a collective Gaussian attack [22,23]. Although the entangled cloner collective attacks are simpler for analysing the security, coherent attacks are the most general and powerful attacks for the eavesdropper Eve [22]. Since the performance of coherent attacks can be calculated as in Ref. [20] by applying a Gaussian de Finetti reduction [24], in our work, we focus on the security analysis of the quantum conferencing scheme against collective Gaussian attacks.

3. Security Analysis

The entangled source generates the initial state ${\rho }_0$ of an x-quadrature squeezed mode ${\widehat{\mathrm{a}}}_1$ and $N-1$ p-quadrature squeezed modes ${\widehat{\mathrm{a}}}_{2,\cdots ,N}$. The covariance matrices of the initial modes are defined as

$${\mathbf{a}}_1=\left(\begin{array}{cc}{e}^{-2r}& 0\\ 0& e^{2r}\end{array}\right),$$

(1)

and

$${\mathbf{a}}_{2,\cdots ,N}=\left(\begin{array}{cc}{e}^{2r}& 0\\ 0& e^{-2r}\end{array}\right).$$

(2)

The quadrature vector ${\xi }_0$ of ${\rho }_0$ is denoted as

$${\xi }_0={\left(\begin{array}{c}{\widehat{\mathrm{a}}}_1,{\widehat{\mathrm{a}}}_2,\cdots ,{\widehat{\mathrm{a}}}_N\end{array}\right)}^T.$$

(3)

To represent the $2N$ quadratures of the N modes, ${\xi }_0$ is restructured into the following form,

$${\xi }_1={\left(\begin{array}{c}{\widehat{\mathrm{a}}}_1^x,{\widehat{\mathrm{a}}}_2^x,\cdots ,{\widehat{\mathrm{a}}}_N^x,{\widehat{\mathrm{a}}}_1^p,{\widehat{\mathrm{a}}}_2^p,\cdots ,{\widehat{\mathrm{a}}}_N^p,\end{array}\right)}^T.$$

(4)

After generating the initial modes, the source firstly combines ${\widehat{\mathrm{a}}}_1$ and ${\widehat{\mathrm{a}}}_2$ by a beam splitter of transmissivity $T_1$. In the next $N-2$ steps, one of the output mode from the $k\mathrm{th}$ combination and an initial mode ${\widehat{\mathrm{a}}}_{k+1}$ are combined by a beam splitter of transmissivity $T_k$, for $k=2,\cdots ,N-1$. This series of combinations produces N output modes ${\widehat{\mathrm{a}}}_{1,\cdots ,N}^{\prime }$, which are entangled in a GHZ state.

The transmissivities of the $N-1$ beam splitters of the entangled source is denoted by $T_k=\frac{N-k}{N-k+1}$, for $k=1,2,\cdots ,N-1$. The output modes is described by the linear transformations on x-quadratures

$$\begin{array}{c}{\widehat{\mathrm{a}}}_1^{\prime x}\to \frac{{\widehat{\mathrm{a}}}_1^x}{\sqrt{N}}+\sum _{j=2}^N\frac{{\widehat{\mathrm{a}}}_j^x}{(N+2-j)(N+1-j)},\hfill \end{array}$$

(5)

$$\begin{array}{c}{\widehat{\mathrm{a}}}_k^{\prime x}\to \frac{{\widehat{\mathrm{a}}}_1^x}{\sqrt{N}}+\sum _{j=2}^k\frac{{\widehat{\mathrm{a}}}_j^x}{(N+2-j)(N+1-j)}\mathrm{for}k=2,\cdots ,N,\hfill \end{array}$$

(6)

and the analogous linear transformations on p-quadratures. Moreover, the covariance matrices of the beam splitters are denoted by

$${\mathbf{T}}_k=\left(\begin{array}{cc}\sqrt{\frac{N-k}{N+1-k}}& -\frac{1}{\sqrt{N+1-k}}\\ \frac{1}{\sqrt{N+1-k}}& \sqrt{\frac{N-k}{N+1-k}}\end{array}\right)\mathrm{for}k=1,\cdots ,N-1.$$

(7)

We use symplectic matrix $\mathbf{R}$ to describe the combinations of the beam splitters $T_{1,\cdots ,N-1}$. The elements of $\mathbf{R}$ are given by

$$\begin{array}{c}{\mathbf{R}}_{11}=\frac{1}{\sqrt{N}},\hfill \end{array}$$

(8)

$$\begin{array}{c}{\mathbf{R}}_{1j}=\frac{1}{\sqrt{(N+2-j)(N+1-j)}}\mathrm{for}j=2,\cdots ,N,\hfill \end{array}$$

(9)

$$\begin{array}{c}{\mathbf{R}}_{jk}=-{\mathbf{R}}_{1k}\mathrm{for}j=2,\cdots ,N\mathrm{and}k=1,\cdots ,j-1,\hfill \end{array}$$

(10)

$$\begin{array}{c}{\mathbf{R}}_{kk}=\sqrt{\frac{N+1-k}{N+2-k}}\mathrm{for}k=2,\cdots ,N.\hfill \end{array}$$

(11)

The covariance matrix (CM) of the initial state ${\rho }_0$ is denoted by

$${\mathbf{V}}_0=\left(\begin{array}{cc}{\mathbf{V}}_x& \mathbf{0}\\ \mathbf{0}& {\mathbf{V}}_p\end{array}\right),$$

(12)

in which ${\mathbf{V}}_x$ and ${\mathbf{V}}_p$ are the CM of the x-quadratures and the p-quadratures of ${\rho }_0$ in terms of the quadrature vector ${\xi }_1$, respectively. The CM ${\mathbf{V}}_x$ and ${\mathbf{V}}_p$ are denoted by the following forms

$${\mathbf{V}}_x=\left(\begin{array}{cc}{e}^{-2r}& \mathbf{0}\\ \mathbf{0}& e^{2r}{\mathbf{I}}_{N-1}\end{array}\right),{\mathbf{V}}_p=\left(\begin{array}{cc}{e}^{2r}& \mathbf{0}\\ \mathbf{0}& e^{-2r}{\mathbf{I}}_{N-1}\end{array}\right),$$

(13)

where r refers to the squeeze factor of the initial squeezed states. The source combines the modes of ${\rho }_0$ by the beam splitters, producing the entangled modes of a GHZ state ${\rho }_1$, which is described by the following CM

$${\mathbf{V}}_1=\left(\begin{array}{cc}{\mathbf{V}}_x^{\prime }& \mathbf{0}\\ \mathbf{0}& {\mathbf{V}}_p^{\prime }\end{array}\right)=\mathbf{R}·{\mathbf{V}}_0·{\mathbf{R}}^T,$$

(14)

where

$${\left({\mathbf{V}}_x^{\prime }\right)}_{ij}=\left\{\begin{array}{c}-\frac{1}{N}{e}^{-2r}+\frac{1}{N}{e}^{2r}\mathrm{for}i\ne j,\hfill \\ \frac{1}{N}{e}^{-2r}+\frac{N-1}{N}{e}^{2r}\mathrm{for}i=j,\hfill \end{array}\right.$$

(15)

and

$${\left({\mathbf{V}}_p^{\prime }\right)}_{ij}=\left\{\begin{array}{c}\frac{1}{N}{e}^{-2r}-\frac{1}{N}{e}^{2r}\mathrm{for}i\ne j,\hfill \\ \frac{N-1}{N}{e}^{-2r}+\frac{1}{N}{e}^{2r}\mathrm{for}i=j.\hfill \end{array}\right.$$

(16)

The eavesdropper Eve prepares an ancillary state ${\rho }_E$ to perform entangled cloner attacks. Each entangled mode of ${\rho }_E$ is injected onto a travelling mode ${\widehat{\mathrm{a}}}_k^{\prime }$ of ${\rho }_1$, respectively. The CM of ${\rho }_E$ that corresponds to ${\rho }_1$ is given by

$${\mathbf{V}}_E=\left(\begin{array}{cc}\omega {\mathbf{I}}_N& \mathbf{0}\\ \mathbf{0}& \omega {\mathbf{I}}_N\end{array}\right),$$

(17)

where $\omega =1+2\overline{n}$ denotes the variance of Eve’s ancillary modes. The CM of the whole system before the transmission through the quantum channels is defined by

$${\mathbf{V}}_2={\mathbf{V}}_1⨁{\mathbf{V}}_E.$$

(18)

In order to implement eavesdropping, Eve replaces the noisy channels from the source to all the legitimate parties with noisy-free quantum links and beam splitters, respectively. The transmittance $\eta$ of each beam splitter of Eve is the same as the original noisy channel it has replaced. The symplectic matrices of Eve’s beam splitters are denoted by

$${\mathbf{S}}_k=\left(\begin{array}{cc}\sqrt{\eta }\mathbf{I}& -\sqrt{1-\eta }\mathbf{I}\\ \sqrt{1-\eta }\mathbf{I}& \sqrt{\eta }\mathbf{I}\end{array}\right),k=1,\cdots ,N.$$

(19)

We use the symplectic matrix ${\mathbf{S}}_E$ to describe the transmission action of the entire system of both the entangled modes from the source and Eve’s ancillary modes by Eve’s beam splitters

$${\mathbf{S}}_E=\left(\begin{array}{cc}\sqrt{\eta }{\mathbf{I}}_{2N}& -\sqrt{1-\eta }{\mathbf{I}}_{2N}\\ \sqrt{1-\eta }{\mathbf{I}}_{2N}& \sqrt{\eta }{\mathbf{I}}_{2N}\end{array}\right).$$

(20)

After the transmission of the legitimate users’ modes through Eve’s thermal-loss channels and beam splitters, the CM of the whole system is described by

$${\mathbf{V}}_3={\mathbf{S}}_E·{\mathbf{V}}_2·{\mathbf{S}}_E^T.$$

(21)

We distill the partial matrix ${\mathbf{V}}_4$ from ${\mathbf{V}}_3$, which describes the entangled modes of the users’ received state ${\rho }_2$. The form of ${\mathbf{V}}_4$ is described by

$${\mathbf{V}}_4=\left(\begin{array}{cccc}\Lambda & \Gamma & \cdots & \Gamma \\ \Gamma & \Lambda & \ddots & \Gamma \\ ⋮& \ddots & \ddots & ⋮\\ \Gamma & \Gamma & \cdots & \Lambda \end{array}\right),$$

(22)

with

$$\Lambda =\left(\begin{array}{cc}\eta \left(\frac{N-1}{N}{e}^{2r}+\frac{1}{N}{e}^{-2r}\right)+(1-\eta )\omega & 0\\ 0& \eta \left(\frac{1}{N}{e}^{2r}+\frac{N-1}{N}{e}^{-2r}\right)+(1-\eta )\omega \end{array}\right),$$

(23)

and

$$\Gamma =\left(\begin{array}{cc}\eta \left(\frac{1}{N}{e}^{2r}-\frac{1}{N}{e}^{2r}\right)& 0\\ 0& \eta \left(-\frac{1}{N}{e}^{2r}+\frac{1}{N}{e}^{2r}\right)\end{array}\right).$$

(24)

As a result, the CM of any ith and jth Bobs’ modes is described by

$${\mathbf{V}}_5=\left(\begin{array}{cc}\Lambda & \Gamma \\ \Gamma & \Lambda \end{array}\right).$$

(25)

3.1. Mutual Information

In the presented CV quantum conferencing scheme, all the Bobs receive their entangled modes and then perform homodyne detection on the p-quadratures of them, respectively. The legitimate users pick the measurement results of an arbitrary ith Bob’s mode as the reference of the reconciliation procedure. Each of the other users (noted as the jth Bob) can generate a secret key with the ith Bob to establish secure communication between them.

The Bobs perform homodyne detections on the p-quadratures of their received modes, respectively. The conditional CM of the ith and the jth Bobs’ modes $B_i$ and $B_j$ after homodyne detections is given by

$${\mathbf{V}}_{B_i|B_j}=\Lambda -\Gamma {(\Pi \Lambda \Pi )}^{-1}{\Gamma }^T,$$

(26)

where

$$\Pi =\left(\begin{array}{cc}0& 0\\ 0& 1\end{array}\right).$$

(27)

The mutual information between the ith and the jth Bobs’ results is generated by

$$I(B_i:B_j)=\frac{1}{2}lo{g}_2\frac{{\Lambda }^p}{{\mathbf{V}}_{B_i|B_j}^p}.$$

(28)

We also consider each user performs heterodyne detection on both x-quadrature and p-quadrature of their received mode. The conditional CM of the the ith and the jth Bobs’ modes after one of them performs heterodyne detection is given by

$${\mathbf{V}}_{B_i|B_j}^{\prime }=\Lambda -{\theta }^{-1}\Gamma (\Theta \Lambda {\Theta }^T){\Gamma }^T,$$

(29)

where

$$\theta =det\Lambda +Tr\Lambda +1,$$

(30)

and

$$\Theta =\left(\begin{array}{cc}0& 1\\ -1& 0\end{array}\right).$$

(31)

The mutual information between the ith and the jth Bobs’ heterodyne results is given by

$$I^{\prime }(B_i:B_j)=\frac{1}{2}lo{g}_2\frac{{\Lambda }^x}{{\mathbf{V}}_{B_i|B_j}^{\prime x}}+\frac{1}{2}lo{g}_2\frac{{\Lambda }^p}{{\mathbf{V}}_{B_i|B_j}^{\prime p}}.$$

(32)

3.2. Holevo Bound of the Stolen Information

Since the results of the ith Bob’s mode are utilized as the reference, the eavesdropper Eve’s stolen information is defined by the Holevo information $H(E:B_i)$ between Eve and the result of the ith Bob. Since Eve has the ability to purify the entire system, the state ${\rho }_{E{\rho }_2}$ that describes the system after transmission through the quantum links is pure, where E denotes the measurement results of Eve’s restored modes ${\widehat{E}}_{1,\cdots ,N}^{\prime }$. After the users’ homodyne measurement, the conditional state ${\rho }_{E{B}^{\prime }|B_i}$ is still pure, where $B^{\prime }$ denotes the measurement results of all the users. Hence, the Holevo bound of the stolen information is given by

$$H(E:B_i)=S\left({\rho }_E\right)-S\left({\rho }_{E|B_i}\right)=S\left({\rho }_2\right)-S\left({\rho }_{B^{\prime }|B_i}\right),$$

(33)

where $S\left(\rho \right)$ denotes the Holevo entropy of state $\rho$. In order to derive the Holevo entropy $S\left({\rho }_2\right)$, we calculate the symplectic eigenvalues of the CM ${\mathbf{V}}_4$, which is the eigenvalues of the Williamson normal form $|\mathit{I}\mathsf{\Omega }{\mathbf{V}}_4|$ [25,26], where $\mathit{I}$ is the imaginary unit and $\mathsf{\Omega }$ is the symplectic form

$$\mathsf{\Omega }=\underset{i=1}{\overset{N}{⨁}}\left(\begin{array}{cc}0& 1\\ -1& 0\end{array}\right).$$

(34)

We derive the single N-degenerate symplectic eigenvalues of ${\mathbf{V}}_4$, which is described by

$$\nu =\sqrt{[\eta e^{-r}+(1-\eta )e^r\omega ][\eta e^r+(1-\eta )e^{-r}\omega ]}.$$

(35)

The von Neumann entropy $S\left({\rho }_2\right)$ is generated from the N symplectic eigenvalues $\nu$ by the following equation

$$S\left({\rho }_2\right)=Nh\left(\nu \right),$$

(36)

where

$$h\left(x\right)=\frac{x+1}{2}lo{g}_2\frac{x+1}{2}-\frac{x-1}{2}lo{g}_2\frac{x-1}{2}.$$

(37)

The conditional CM ${\mathbf{V}}_{B^{\prime }|B_i}$ describes the received modes of the Bobs after the ith Bob performs homodyne detection on his mode. We reconstruct the CM ${\mathbf{V}}_4$ in the following matrix:

$${\mathbf{V}}_4^{\prime }=\left(\begin{array}{cc}{\mathbf{A}}_1& {\mathbf{C}}_1\\ {\mathbf{C}}_1& {\mathbf{B}}_1\end{array}\right),$$

(38)

where ${\mathbf{B}}_1$ describes the mode of the ith Bob, ${\mathbf{A}}_1$ describes all the other Bobs’ modes and ${\mathbf{C}}_1$ describes the relations between the above two blocks. After the homodyne detection on the p-quadrature of the ith Bob’s mode, the conditional CM ${\mathbf{V}}_{B^{\prime }|B_i}$ is given by

$${\mathbf{V}}_{B^{\prime }|B_i}={\mathbf{A}}_1-{\mathbf{C}}_1\left(\Pi {\mathbf{B}}_1\Pi \right){\mathbf{C}}_1^T.$$

(39)

Similarly, we derive the symplectic eigenvalues of ${\mathbf{V}}_{B^{\prime }|B_i}$, which contain $N-1$ identical symplectic eigenvalues given by Equation (36). The conditional von Neumann entropy $S\left({\rho }_B\right|B_i)$ is given by

$$S\left({\rho }_B\right|B_i)=(N-1)h\left(\nu \right).$$

(40)

Then, the Holevo bound of Eve’s stolen information is derived from the above equations

$$H(Eve:B_i)=h\left(\nu \right).$$

(41)

In addition, we consider the Holevo bound when the users perform heterodyne detection on their received modes. The symplectic eigenvalues of ${\mathbf{V}}_{B^{\prime }|B_i}$ after the heterodyne detecion include $N-2$ symplectic eigenvalues given by Equation (36), and one given by

$${\nu }_N=\sqrt{\frac{{\tau }_1{\tau }_2}{{\lambda }_1{\lambda }_2}},$$

(42)

where

$$\begin{array}{c}{\tau }_1=N(1-\eta )\omega \left(\eta +\eta e^{4r}+e^{2r}\right)+\eta [e^{4r}+N\eta e^{2r}+(N-1)]+N{(1-\eta )}^2{e}^{2r}{\omega }^2,\hfill \\ {\tau }_2=N(1-\eta )\omega \left(\eta +\eta e^{4r}+e^{2r}\right)+\eta [(N-1)e^{4r}+N\eta e^{2r}+1]+N{(1-\eta )}^2{e}^{2r}{\omega }^2,\hfill \\ {\lambda }_1=(N-1)\eta +e^{2r}[N(1-\eta )\omega +\eta e^{2r}+N],\hfill \\ {\lambda }_2=\eta +e^{2r}[N(1-\eta )\omega +(N-1)\eta e^{2r}+N].\hfill \end{array}$$

(43)

The conditional von Neumann entropy $S\left({\rho }_B\right|B_i)$ is given by

$$S\left({\rho }_B\right|B_i)=(N-2)h\left(\nu \right)+h\left({\nu }_N\right).$$

(44)

Then, the Holevo bound of Eve’s stolen information is derived from the above equations

$$H(Eve:B_i)=2h\left(\nu \right)-h\left({\nu }_N\right).$$

(45)

With the results in Equations (28) and (41), we finally derive the secret key rate of our quantum conferencing with entanglement in the middle scheme

$$K_{Rate}=I(B_i:B_j)-H(E:B_i).$$

(46)

4. Simulation Results

In this section, we consider the CV quantum conferencing with entanglement in the middle against collective attacks and give the simulation results of our security analysis. All of the quantum channels have the same transmissivity $\eta$, which is mapped into a fiber distance l in km, using $\eta :={10}^{l/50}$. Different conditions of thermal noise and number of users are taken into account.

In Figure 2, we plot the secret key rate of our quantum conferencing scheme versus the maximum distance of the quantum link in our network. The solid blue lines, small dashed red lines and large dashed black lines refer to $N=3$, $N=10$ and $N=100$ network users of our quantum conferencing scheme, respectively. As shown in Figure 2, the scheme can reach a network radius of 2 km when the number of users is less than 10. When the number of users increases to 100, the scheme can still provide a quantum conferencing network with a longest transmission distance of over 500 m (520 m when thermal noise is set to $0.05$, and 575 m when thermal noise is set to 0). Furthermore, the curves show that, with a network radius of 480 m, 100 users can establish secure conferencing communication at about 0.1 bit per pulse. The conferencing key rate can reach 2.5 Mbits per second based on a CV QKD network with a clock of 25 MHz [27].

Figure 3 presents the relationship between number of users and the maximum network distance when the secret conferencing key rate is asymptotic to 0, and the thermal noise is set to $\overline{n}=0.05$ in (a) and $\overline{n}=0$ in (b), respectively. As can be seen from Figure 3, there is a trade-off between the number of network users and the maximum transmission distance. Moreover, the conferencing scheme can achieve secure communication for 300 users on a building-size scale (about a radius of 150 m), or for dozens of users between multiple buildings (within a radius of 500 m or more). This result shows that the quantum conferencing with entanglement in the middle scheme can be applied to more scenarios than the MDI-based high-rate quantum conferencing scheme [19], which provides secure conference for 50 users within a radius of 40 m.

We consider different measurement methods that the network perform on their received modes. In the key rate equation Equation (46), we replace the mutual information $I(B_i:B_j)$ that was derived in Equation (28) with the result in Equation (32), and give the simulation results in Figure 4. Obviously, the scheme with homodyne detection has better performance of the secure conferencing key rate than the scheme with heterodyne detection. As we mentioned in Section 2, the p-quadratures of the entangled GHZ state have correlations of ${\widehat{\mathrm{a}}}_k^{\prime p}-{\widehat{\mathrm{a}}}_{k^{\prime }}^{\prime p}\to 0$ for any $k,k^{\prime }=1,\cdots ,N$, which is utilized for the conferencing key generation of our scheme. As a result, we select homodyne detection as the measurement method for the network users.

5. Conclusions

We have proposed a quantum network with entanglement in the middle scheme, which provides secure conferencing communication for an arbitrary number of users. An entanglement source in the middle generates an multipartite GHZ state and distributes each mode of the state to the network users, respectively. The legitimate users receive the entangled modes, and perform homodyne measurement on them to distill mutual information for generating secret conferencing keys for each pair of users. Our security analysis shows that the quantum conferencing scheme can generate secret keys against collective attacks on both the untrusted entangled source and all of the quantum links.

The aim of this paper is to establish a secure conferencing network for dozens of users within a community or a factory area. Simulation results show that our scheme can provide high rate secure conferencing keys for more than 100 users in a quantum network with a radius of hundreds of meters. The security analysis of our scheme is against collective attacks, whereas the analysis against coherent attacks can be achieved by applying a Gaussian de Finetti reduction [20]. Further research should be carried out to establish the finite-size composable security of the quantum conferencing with entanglement in the middle scheme.