1. Introduction
Quantum key distribution (QKD) allows two users, Alice and Bob, to share a secure key privately [
1,
2]. The first QKD protocol, called the BB84 protocol, was proposed in 1984 by Bennett and Brassard [
3]. However, because of the gaps between reality and theory, there exist various loopholes in practical systems through which eavesdroppers can attack the QKD process [
4]. Therefore, several investigators have focused on finding ways to resist such attacks [
5,
6]. In 2012, Lo et al. proposed a measurement-device-independent quantum key distribution (MDI-QKD) protocol [
7] to prevent attacks on measurement devices and enhance the communication distance between two users.
QKD research usually begins with a point-to-point scheme. With the development of quantum networks [
8,
9,
10], multi-user scenarios have become research hotspots. Multi-user QKD, known as quantum cryptography conference (QCC) such as Greenberger–Horne–Zeilinger (GHZ) states [
11] based scheme [
12] and measurement-device independent scheme [
13] or quantum conference key agreement (CKA) such as the intensity-encoded scheme [
14] and the scheme based on a W-class state [
15], is effective in scenarios where multiple users share common secure keys. Multi-particle entangled states can easily apply in multi-user QKD realization [
16], although the communication distance is limited by the stability of entangled states and other issues lead to such schemes being inferior compared to the existing single-photon interference schemes [
17].
Ref. [
18] proposed an MDI-QKD scheme with an entangled source in the middle and realized ultra-long communication. Inspired by the scheme, we propose a multi-user MDI-QKD scheme based on the GHZ entangled state. We analyze the security of our scheme and derive the secure key rate when users employ an ideal single photon source and a weak coherent source. The simulation results show that a multi-user MDI-QKD system can be realized under this scheme with a reduced number of detectors and quantum channels compared with traditional MDI-QKD, while the distance between each user and the measurement device can reach more than 280 km (more than 560 km between each two users). Additionally, we propose a method to expand our scheme to a multi-node with multi-user network, which can further enhance the communication distance between the users at different nodes. This paper is organized as follows: in
Section 2, we introduce the multi-user MDI-QKD based on GHZ entangled state protocol. In
Section 3, we estimate the performance of our scheme for an ideal single-photon source and a weak coherent source. In
Section 4, we introduce a method to expand our scheme to a multi-node with multi-user network. Finally, a summary is presented in
Section 5.
2. Protocol
Before providing details of our protocol, we simply introduce the background knowledge of our scheme. A GHZ entangled state is multi-particle entangled state in which each particle is entangled with other particles. It has maximum output mutual information, and resistance to white noise. The n-particle GHZ entangled state can be expressed as follows [
19]:
Based on the distribution of an n-particle GHZ entangled state [
16], n users can obtain the common secure key simultaneously. This leads to the generation of a secure key according to the measurement result of the GHZ entangled state.
In MDI-QKD [
7], the measurement device utilizes the Hong–Ou–Mandel (HOM) [
20] effect to construct the relationship between two input particles. According to the click of the detectors, we obtain the BSM result
and
. In the Z basis, the successful BSM event (
and
) represents the polarization of two particles being different, while the X basis
(
) represents the two particles having the same (different) polarization.
Combining the distribution of the GHZ entangled state with the MDI-QKD, we can realize the multi-user QKD by entanglement swapping [
21].
As depicted in
Figure 1, there is a case of an n-user MDI-QKD system based on GHZ entangled states. The system can divide into four parts: user, measurement device, GHZ entangled state source (GHZ-ESS) and channel. The n-user system includes n users, n measurement devices, a GHZ-ESS, and channel. The user mainly contains a source, a polarization modulator, and a upper computer. In practice, we usually use a weak coherent source with a decoy-state instead of a single photon source. The user uses a polarization modulator to modulate BB84 polarization states. The upper computer control the source, the polarization modulator and the information processing. The information processing includes sifting the efficient data, post-processing, etc. Each user has a corresponding measurement device. The GHZ-ESS connects to all measurement devices. The number of particles in the GHZ entangled state is similar to the number of users. Each particle of the GHZ entangled state will interfere with the polarization state prepared by users in the corresponding measurement device. They will perform Bell state measurement (BSM) in the measurement device. The channel including quantum channel and classical channel. Quantum channels are used to transmit quantum signals. Classical information such as the basis of prepared polarization state is transmitted in classical channel.
As shown in
Figure 2, our protocol consists of five main steps:
Step 1: Preparation. Each user randomly prepares one of the BB84 states such as , in the X basis or , in the Z basis, while the GHZ-ESS randomly prepares an n-particle GHZ entangled state. The number of particles in the GHZ entangled state is equal to the number of users (in principle, each user only sends one photon).
Step 2: Transmission. Users (the GHZ-ESS) transmit the BB84 state (the GHZ entangled state) in different quantum channels between each user (the GHZ-ESS) and measurement device.
Step 3: Measurement. The measurement device performs BSM on the BB84 state and the GHZ entangled-state particles. Each particle of the GHZ entangled quantum state can interfere with a particle sent by its corresponding user. If there are only two detectors responding we call it a successful BSM event (a click in D1H and D2V, or in D1V and D2H are ; a click in D1H and D1V, or in D2H and D2V are ), similar to traditional MDI-QKD.
Step 4: Sifting. All users retain the bits when all the corresponding measurement device generates a successful BSM event. All users announce the basis of the prepared BB84 state, and the GHZ entangled source broadcasts the GHZ state it has prepared through the classical channels. In our scheme, only the states in the Z basis are used to generate a secure key; the states in the X basis are used to estimate the error rate. Hence, users retain the data prepared in the same basis by all users and discard the remaining data. Then, each user should either flip or not flip its local bits according to the BSM result, the GHZ states, and the prepared basis; see following and
Appendix A for details. At this point, each user obtains the raw key.
Step 5: Post-processing. Similar to traditional point-to-point QKD protocols, users perform post-processing under the control of upper computer, which includes error correction and privacy amplification. They finally obtain the same secure keys.
Following the original MDI-QKD protocol [
7], users need to operate on their local bits based on the GHZ entangled state and the BSM results to generate secure keys. Taking three users (named Alice, Bob, and Charles) as an example,
Table 1 shows the relationship between the prepared GHZ state, the BSM results, and the operations of the three participants. The users can retain the signal to generate a secure key only when all the BSM results are
or
.
For example, when the state prepared by the GHZ-ESS is , the message can be retained as a sifted key only if Alice, Bob, and Charles have prepared the same polarization state and all the BSM results are or .
3. Secure Key Rate
Next, we derive the secure key and error rates to investigate the performance of our scheme with a single-photon source and a weak coherent source.
By combining the MDI-QKD technique [
7] and the GLLP method [
22], the security key rate is given by
where
and
denote the gain and quantum bit error rate (QBER) in the Z basis, respectively;
f is the inefficiency function for the error correction process;
denotes the gain when all users send a single-photon state;
denotes the phase error rate; and
is the binary Shannon entropy function.
max
, where
is the marginal quantum bit error rate between user 1 and user 2 (3…n) in the Z basis. In practice,
and
can be obtained from experimental data.
3.1. Key Rate of Single-Photon Source
For simplicity, we consider the case of three users in our scheme and estimate the secure key rate for a single photon source.
When the users use an ideal single-photon source to prepare the BB84 state, the gain in the Z basis is
where
denotes the probability of obtaining a successful BSM when all the users send a single-photon state. The yield
is given by
where
is the dark count,
is the detection efficiency,
is the transmittance between the users and measurement device, and
represents the channel loss.
represents the possibility that users send similar or different polarization states to the particles of the GHZ entangled state in the Z basis.
We assume that our entangled source is perfect; therefore, the error rate contains two main contributions: (1) the error rate
caused by background counts and (2) the error rate
corresponding to the misalignment and instability of the optical system. The total error rate is as follows:
where
denotes the probability of both measurement devices obtaining a successful BSM when user 1 and user 2 send a single-photon state. Similarly, we obtain the error rate in the X basis as follows:
Utilizing the experimental parameters in
Table 2 [
23], we obtained the simulation results shown in
Figure 3. These results show that the communication distance between each user and the GHZ-ESS can exceed 280 km using optical fibers. Using an ideal single-photon source and a perfect GHZ-ESS, the GHZ-ESS can be located at the center to establish a star-configuration quantum network with a radius of 280 km.
3.2. Key Rate of Weak Coherent Source with Decoy State
In this section, we analyze the realization of the decoy state using our protocol. Users use the decoy state to resist a photon number splitting (PNS) attack on a weak coherent source. In our protocol, we use the Z basis to generate the secure key and the X basis to detect the error bit. Therefore, we take the quantum state in the Z basis as the signal state (only preparing the signal state) and that in the X basis as the decoy state (preparing both signal state and decoy state).
In our analysis, two decoy-state techniques (signal state v, vacuum state , decoy-state ) are used, where represents the mean photons of the sources.
We consider the situation consisting of three users as an example to derive the secure key rate. According to the decoy state method [
25], in the Z basis, for each measurement device, we can estimate the gain
and error rate
as follows:
where
(
) represents the yield (error rate) from the GHZ-ESS and the corresponding user. The subscript 1 that different from the traditional MDI-QKD [
7] represents the particle of GHZ entangled state in each measurement device. Therefore, we can estimate the total gain and error rate in the Z basis as follows:
where
(
) represents the overall yield (error rate) in the Z basis. We optimized the formula in the Ref. [
26] and added the subscript 111 to describe the influence of GHZ entangled state. We Similarly, we can obtain the total gain and error rate in the X basis.
Because we use the decoy state technique in the X basis, we can obtain the total gain in the Z basis when all users send a single photon pulse as
where
represents the yield when all users send a single photon pulse.
Next, we need to estimate the lower bound of the yield and the upper bound of the error rate that each user sends for a single-photon pulse in the X basis. According to the decoy-state method [
25,
26,
27], we can estimate that
where
(
i,
j,
k = 0,
,
v represent the mean photon number intensities of users’ sources) is the overall gain in the X basis when users choose the corresponding intensities.
is the overall error rate in the X basis when users choose corresponding intensities.
Finally, utilizing the experimental parameters in
Table 2, we can obtain the performance of our protocol when three users use weak coherent sources as shown in
Figure 4. The simulation results show that the communication distance between each user and the GHZ-ESS can reach further than 210 km using optical fibers. Compared with a single photon source, the weak coherent source has a lower secure key rate and shorter communication distance while still realizing a signal transmission of more than 420 km between each two users.
3.3. Security and Discussion
In this section, we will analyze the security of our protocol and compare our protocol with other schemes.
Without loss of generality, we can depict the three-particle GHZ entangled state in eight orthogonal GHZ states as [
26]:
Taking
as an example, it will randomly collapse into
or
in the Z basis. In the X basis, any user obtains
(
) when the other obtains the same (different) polarization. We use the character that provides the security of the GHZ entangled sources to generate a secure key in the Z basis and error detection in the X basis.
Based on the principle of MDI-QKD [
7], our scheme can resist attacks on the measurement devices. In addition to resisting attacks on the measurement device, our scheme can resist a PNS attack using the decoy state technique [
22,
25,
28,
29]. Users can employ weak coherent sources with a decoy-state. The GHZ entangled state is equivalent to an ideal single-photon state in each quantum channel. A PNS attack is ineffective for an ideal single-photon source. Therefore, our scheme can resist PNS attacks.
Compared with traditional MDI-QKD, ref. [
30] reported the longest communication record that reached 404 km in experiments, while the simulation result shows that our protocol can be utilized with greater than 560 km between each two users. Four detectors are required to build a traditional MDI-QKD system between two users. Therefore, 2n (n − 1) detectors are required to establish a quantum communication system using the MDI-QKD protocol between n users. However, in our protocol, the number of detectors required to establish communications between n users is reduced to only 4n. Moreover, only 2n channels rather than n (n − 1)/2 channels are required if a traditional point-to-point protocol [
7] is used between the users and the measurement device. Thus, the cost and complexity of the network are reduced.
We compare our scheme with other multi-user schemes in
Table 3. When we employ a single photon source with
, the available distance can reach more than 560 km between each two users. When we employ a weak coherent source with
, the available distance can reach more than 420 km between each two users.
Unlike the MDI-QCC based on a post-selection GHZ entangled state [
26] and PM-QCC based on a post-selection GHZ entangled state [
19], our protocol uses a GHZ entangled state and the polarization state prepared by users to execute BSM and realize multi-user sharing of a common secret key.
CKA schemes [
32] based on the principle of twin-field QKD [
33] can realize a high secure key rate and long communication distance through the single photon interference. In our scheme, with a more flexible number of users, we can increase the distance between the GHZ-ESS and the measurement device to enhance the communication distance between each two users. In addition, we can expand our scheme further into a multi-node quantum network, as detailed in
Section 4.
Because of the coincidence measurement at the measurement device, increasing the number of users will lead to an obvious decrease in the secure key rate. We propose a system that uses an adaptive technique in
Appendix B, while we need to investigate the specific performance in our scheme. At the same time, we will consider using asynchronous time multiplexing technology [
34,
35], which idea is based on adaptive techniques, to further improve our scheme through enhancing the secure key rate under multi-user scenarios.
4. Expansion of Our Protocol
Based on the location-changeable GHZ-ESS, we can expand our scheme further into a multi-node quantum network without quantum memory. An example of two nodes with two users per node is shown in
Figure 5, and we can extend the system to n nodes with n users per node.
In the system, we use measurement devices that perform BSM to construct the entangled relationship between two adjacent GHZ entangled sources and extend the communication distance between users in different nodes by increasing the distance between the GHZ-ESS and the measurement device. We use the example shown in
Figure 5 to detail the process. In theory, the longest secure communication between user 3 and user 1 can be estimated as follows:
where
(
) is the distance between the user and the corresponding measurement device,
(
) is the distance between the GHZ-ESS and the corresponding measurement device, and
(
) is the distance between the GHZ-ESS and the measurement device that is between the adjacent GHZ-ESSs.
When we assume that two GHZ-ESSs prepare the same GHZ entangled state and all measurement devices obtain successful BSM events (
or
), the operations of users in the Z basis are as shown in
Table 4.
5. Conclusions
In this study, we presented a multi-user MDI-QKD scheme based on the GHZ entangled state. We analyzed the security of our scheme and derived the secure key rate when users use an ideal single photon source and a weak coherent source. The MDI-QKD-based scheme is also immune to attacks on the measurement devices, and the communication distance is increased. Furthermore, in contrast to the multi-user quantum network implemented by the original MDI-QKD protocol, the number of detectors required in our scheme is reduced from 2n (n −1 ) to 4n, and the number of quantum channels is reduced from n (n − 1)/2 to 2n. Our scheme realizes an ultra-long QKD available communication distance that can reach more than 280 km between each user and measurement device (i.e., the longest communication distance between any two users can reach more than 560 km) and further extend by changing the location of the GHZ-ESS. In addition, we can expand our scheme further to a multi-node quantum network without quantum memory, which enhances the communication distance between two users.
Although our scheme can be flexibly applied to QKD networks, there are still two issues remaining to be studied in the future. On one hand, the location of the GHZ entangled source can be changed in our scheme, and we can extend the communication distance between two users by increasing the distance between the GHZ entangled source and the measurement device. Therefore, we will study the influence of GHZ entangled state long-distance division. On the other hand, in our estimation of the secure key rate, we assume that the distance between each user and the corresponding measurement device is similar. Therefore, it will be interesting to consider an asymmetric situation.