High-Dimensional and Multi-Intensity One-Photon-Interference Quantum Secure Direct Communication

Abstract

As a novel paradigm in quantum communication, quantum secure direct communication (QSDC) enables secure, reliable, and deterministic information transmission, leveraging the principles of quantum mechanics. One-photon-interference QSDC is particularly attractive because it mitigates the vulnerabilities in measurement devices while extending transmission distances. In this paper, we propose a high-dimensional one-photon-interference QSDC protocol that exploits the advantages of high-dimensional encoding in the phase of weak coherent pluses to further enhance transmission distances and improve secrecy channel capacity. The security of this protocol is analyzed using quantum wiretap channel theory, and its resistance to common quantum threats is discussed. Numerical simulations demonstrate that our protocol outperforms its predecessor in terms of its secrecy capacity and extends the maximum communication distance achievable up to 494 km, which is over 13% longer than the two-dimensional case, effectively doubling the transmission length of traditional protocols. These improvements highlight the protocol’s potential for use in quantum communication applications in this era of frequent data breaches and information leaks.

1. Introduction

The last two decades have witnessed the rapid development of quantum communication, which has garnered extensive attention due to its high security, guaranteed by the laws of quantum physics. One typical form of quantum communication is quantum key distribution (QKD), which provides secure key agreements between remote parties. Starting with Bennett and Brassard’s pioneering BB84 scheme [1] and the very first entanglement-based protocols, E91 [2] and BBM92 [3], QKD has evolved significantly over the years, and its security has been theoretically proven [4,5,6]. Early efforts aimed to bridge the gap between theoretical security promises and practical implementations, exemplified by the decoy-state method [7,8,9], which mitigates photon-number-splitting (PNS) attacks and enables a high secret key rate even with a practical weak coherent source instead of an ideal single-photon source. To address vulnerabilities arising from detector-side loopholes, a measurement-device-independent QKD (MDI-QKD) [10,11,12] has been proposed to eliminate the security risks associated with measurement-device imperfections in legitimate users. On the other hand, quantum secure direct communication (QSDC) has rapidly become a key paradigm of quantum cryptography. It originates from the seminal work by Long and Liu [13], which demonstrated the possibility of direct secret transmission in quantum channels, while subsequent protocols have extended their framework to incorporate various quantum resources, including polarizations in back-and-forth single photons [14]; orbital angular momentum states [15]; hyperentangled states [16]; high-dimensional optical degrees of freedom in both time and phase [17]; quadrature components, which are commonly used in continuous-variable (CV) protocols [18]; and so on. In facing the threats posed by attacks targeting experimental devices, the advent of MDI [19,20,21] and device-independent (DI) [22,23,24] techniques has further enhanced QSDC’s security by incorporating realistic and imperfect implementations into its theoretical framework. QSDC also has the advantage of compatibility with existing Internet infrastructure [25], and simplifies its deployment by trimming the need for the management of pre-distributed keys. Numerous experimental demonstrations in recent years have proved the feasibility of these QKD [26,27,28,29,30] and QSDC [31,32,33,34,35] protocols, thereby increasing their potential for application in future scenarios requiring high levels of security.

The security of QSDC is based on the quantum wiretap channel theory [36,37], taking advantage of channel parameters such as the yield and error rate in transmission. As long as the secrecy channel capacity is non-zero, then there must exist a classical encoding scheme that ensures the secure and reliable transmission of information over a noisy and eavesdropping channel, according to Wyner’s theory [38,39,40].

To further increase the key generation rate and extend the distance of communication, Lucamarini et al. put forward the twin-field QKD (TF-QKD) [41], which replaces the two-photon Bell state measurements in MDI-QKD with single-photon interferences. This allows the key rate to scale with the square root of the channel transmittance, effectively doubling the secure transmission distance compared to prior protocols, and can break the Pirandola–Laurenza–Ottaviani–Banchi (PLOB) bound [42], which was once considered to be unfeasible without quantum repeaters. Thus, this novel feature has led to many research endeavors [43,44,45,46,47,48]. The essential mechanism behind TF-QKD is to exploit the one-photon interference. Inspired by this, one-photon-interference QSDC (OPI-QSDC) [49] is proposed to enhance the practicality and performance of QSDC protocols, while forgoing the need for either ideal single-photon sources, entangled light sources, or quantum memory. Meanwhile, it also possesses the MDI characteristic that mitigates the vulnerabilities in measurement devices.

However, OPI-QSDC employs only two phases for encoding secret information onto weak coherent pulses, leaving room for additional performance enhancement. High-dimensional quantum states not only increase the transmission rate but also enhance the probability of detecting eavesdropping [17,20,26]. In the meantime, by introducing additional bases into the encoding mode when preparing the quantum states to be transmitted, significant reductions in information leakage can be achieved over long distances [47]. Following these works, a high-dimensional one-photon-interference QSDC (HDOPI-QSDC) protocol is proposed in this paper.

The rest of this paper is organized as follows: Section 2 presents a detailed description of the protocol. In Section 3, we analyze the security of the protocol utilizing Wyner’s wiretap theory, and discuss its resistance to several common quantum threats. Section 4 is dedicated to a numerical simulation of our scheme to evaluate its performance compared with two other typical QSDC protocols. A short summary and outlook is given at the end, in Section 5.

2. Our Protocol

We assume that Alice and Bob use weak laser pulses with phase locking and have agreed upon a reasonable number of total base slices M before completing the following steps. Charlie, an untrusted third party, is in between them, as illustrated in Figure 1. The steps of the HDOPI-QSDC protocol are as follows.

Step 1: Encoding. Alice encodes the message to be transmitted into ciphertext using local random numbers shared with Bob. Note that the shared key can be obtained by running the rest of the procedures in this protocol, in which case random numbers are sent instead of the ciphertext. The encoding process includes forward error correction (FEC) coding, secure coding [37], and INCUM (increase capacity using masking) [50]. These processes eliminate the protocol’s reliance on quantum memory, and their details are provided in Appendix A.

Step 2: State preparation. Alice and Bob independently select a mode to operate in: coding mode, with a probability of $1-p$, or multi-intensity mode, with a probability of p, where $p\ll 1$. The specifics of the coding mode and multi-intensity mode are detailed below.

Coding mode: Alice sends M weak coherent states (WCSs) with the same base $|\alpha {\mathrm{e}}^{\mathrm{i}\mathsf{\pi }(b_A/M)}\rangle =|\alpha {\mathrm{e}}^{\mathrm{i}\mathsf{\pi }\left[\right(bM+A)/M]}\rangle$, where $b=0$ or 1, which is the information bit value and is encoded in the phases as $b_A=bM+A\in \{0,1,\dots ,2M-1\}$, with $A\in \{0,1,\dots ,M-1\}$ being the base index and M the total number of bases. Bob sends M WCSs with different bases $|\alpha {\mathrm{e}}^{\mathrm{i}\mathsf{\pi }(b_B/M)}\rangle \in \left\{|\alpha {\mathrm{e}}^{\mathrm{i}\mathsf{\pi }(b_0/M)}\rangle ,|\alpha {\mathrm{e}}^{\mathrm{i}\mathsf{\pi }(b_1/M)}\rangle ,\dots ,|\alpha {\mathrm{e}}^{\mathrm{i}\mathsf{\pi }(b_{M-1}/M)}\rangle \right\}$, where $b_B=b^{\prime }M+B\in \{0,1,\dots ,2M-1\}$ and $b^{\prime }$ is a random bit in 0 or 1. The order of Bob’s WCSs is random.

Multi-intensity mode: Alice and Bob send M WCSs with random intensities and random phases $|{\beta }_a{\mathrm{e}}^{\mathrm{i}{\varphi }_a}\rangle ,|{\beta }_b{\mathrm{e}}^{\mathrm{i}{\varphi }_b}\rangle$. ${\beta }_a$ and ${\beta }_b$ are randomly selected light intensities in $\{{\beta }_0,{\beta }_1,\dots \}$, and ${\varphi }_a,{\varphi }_b\in \left[0,2\mathsf{\pi }\right)$ are random phases.

Step 3: Charlie’s measurement. One-photon interferences between pulses from Alice and Bob are conducted by Charlie, and the measurement results are announced on the public channel. Let $D_0$ and $D_1$ denote the measurement outcomes of the detectors ${\mathrm{D}}_0$ and ${\mathrm{D}}_1$, respectively; and their values can be set to “0”, indicating a no-click event, or “1”, indicating a click event. Alice and Bob discard the events where no detector clicks or both of them click, retaining only the one-click events, namely $D_0\oplus D_1=1$.

Step 4: Mode matching. After all measurements are completed, Alice and Bob publish their selection of modes and retain events where they chose the same mode. In coding mode, Alice and Bob publish the basis information A and B and retain the events where they choose the same basis. In multi-intensity mode, Alice and Bob publish the intensities ${\beta }_a$ and ${\beta }_b$ and the phase information ${\varphi }_a$ and ${\varphi }_b$, and then retain the events where ${\beta }_a={\beta }_b$ and $|{\varphi }_a-{\varphi }_b|=0$ or $\mathsf{\pi }$.

Step 5: Parameter estimation. Alice and Bob randomly publish some bit values in coding modes to estimate the quantum bit error rate (QBER), and use multi-intensity modes to estimate the amount of information leakage.

Step 6: Decoding. Bob decodes the message from the ciphertext. The details of the decoding process are described in Appendix A.

It is important to note that mode mismatches occur with a probability of $2p(1-p)$, resulting in the possible loss of information transmitted by Alice. This necessitates the use of error-correcting codes during the pre-encoding process.

3. Security Analysis

According to quantum wiretap channel theory, when the capacity of the main channel is higher than that of the wiretap channel, a feasible coding scheme can be found that achieves secure and reliable information transmission. We introduce an equivalent entanglement-based protocol, the details of which are given in Appendix B, and analyze its security so as to determine the achievable secrecy capacity R of our HDOPI-QSDC protocol. Generally, we know that [51]

$$R=max\left\{I(A:B)-I(A:E),0\right\},$$

(1)

where $I(A:B)$ is the mutual information of Alice and Bob and $I(A:E)$ is the mutual information of Alice and Eve.

Firstly, we consider the achievable secrecy capacity $R^{D_0}$ when only detector ${\mathrm{D}}_0$ clicks. We assume that Alice and Bob use the Z basis to transmit information and the X basis to estimate the amount of information leakage. The channels are treated as cascaded channels of a binary erasure channel (BEC) and binary symmetric channel (BSC). The QBER $E_{\mu }^{Z,D_0}$ and $E_{\mu }^{X,D_0}$, the gain $Q_{\mu }^{D_0}$, and the inefficiency function for FEC f can be determined through experiments, where $\mu ={\left|\alpha \right|}^2$ represents the light intensity of Alice and Bob. Thus, the mutual information $I(A:B)$ satisfies

$$I(A:B)\le Q_{\mu }^{D_0}·\left[1-f{H}_2\left(E_{\mu }^{Z,D_0}\right)\right],$$

(2)

where $H_2\left(x\right)$ is the binary entropy function $H_2\left(x\right)=-xlog\left(x\right)-(1-x)log(1-x)$. The upper bound of $I(A:E)$ is given by

$$\begin{array}{cc}\hfill I(A:E)& \le Q_{\mu }^{D_0}·H_{2M}\left(E_{\mu }^{X,D_0}\right)\hfill \\ \hfill & =-Q_{\mu }^{D_0}\sum _{n=0}^{2M-1}{\lambda }_{0n}log\left({\lambda }_{0n}\right),\hfill \end{array}$$

(3)

where ${\lambda }_{0n}$ is defined as

$$\begin{array}{cc}\hfill {\lambda }_{0n}& ={\displaystyle \frac{1}{Q_{\mu }^{D_0}}}{\left(\sum _{l=0}^{\infty }{C}_{2Ml+n}\sqrt{Y_{2Ml+n}^{D_0}}\right)}^2\hfill \\ \hfill & ={\displaystyle \frac{1}{Q_{\mu }^{D_0}}}{\left(\sum _{l=0}^{\infty }{\mathrm{e}}^{-{\left|\alpha \right|}^2}{\displaystyle \frac{{\left(\sqrt{2}\alpha \right)}^{2Ml+n}}{\sqrt{(2Ml+n)!}}}\sqrt{Y_{2Ml+n}^{D_0}}\right)}^2,\hfill \end{array}$$

(4)

and $C_{2Ml+n}$ is the probability amplitude when the number of photons in the channel is $2Ml+n$ in the event that only detector ${\mathrm{D}}_0$ clicks. $Y_{2Ml+n}^{D_0}$ represents the yield of the $|2Ml+n\rangle$ photon state when only detector ${\mathrm{D}}_0$ clicks, and the details are explained in Appendix B. Therefore, we know that

$$R^{D_0}={\displaystyle \frac{q}{M}}·Q_{\mu }^{D_0}·\left[1-f{H}_2\left(E_{\mu }^{Z,D_0}\right)-H_{2M}\left(E_{\mu }^{X,D_0}\right)\right],$$

(5)

where $q=1-2p(1-p)$ is the successful rate of mode matching.

The result is similar for the achievable secrecy capacity $R^{D_1}$ when only detector ${\mathrm{D}}_1$ responds; that is,

$$R^{D_1}={\displaystyle \frac{q}{M}}·Q_{\mu }^{D_1}·\left[1-f{H}_2\left(E_{\mu }^{Z,D_1}\right)-H_{2M}\left(E_{\mu }^{X,D_1}\right)\right].$$

(6)

Finally, the total achievable secrecy capacity R of the HDOPI-QSDC protocol is given by

$$R=max\left\{R^{D_0},0\right\}+max\left\{R^{D_1},0\right\}.$$

(7)

Although the above information-theoretic framework guarantees the feasibility of secure information transmission within our protocol, its resistance to certain well-known attacks should be discussed further. One such attack is the intercept-resend attack, where an adversary Eve attempts to extract information by intercepting, measuring, and then resending quantum states to the intended recipient. However, our protocol is inherently resistant to this attack for the following reasons: First, single-photon interference eliminates the vulnerabilities in direct transmission. Unlike traditional QSDC, Alice and Bob do not exchange qubits directly. Instead, they send phase-encoded weak coherent pulses to a central untrusted relay Charlie, where information is distilled from phase correlations through single-photon interference. If Eve intercepts the photons, she inevitably collapses their quantum states, disrupting the interference and introducing detectable errors in the QBER. Furthermore, intercepting a single path is ineffective since complete information is only reconstructed through interference at the relay. Second, our frame-by-frame encoding scheme (detailed in Appendix A) prevents meaningful data extraction, as each frame carries not only its own ciphertext but also secure keys for subsequent frames. Even in the worst case scenario, where Eve controls both channels and conducts the interference by herself, our encoding strategy not only ensures that this behavior will be immediately perceived by Alice and Bob but also prevents her from obtaining the original secret information, leaving her with only pieces of codewords. Moreover, since this pre-encoding occurs before the secret information is modulated onto quantum states, the scheme effectively leverages the one-time-pad property, significantly reducing the risk of information leakage. Third, INCUM technology further strengthens the protocol’s security by adding another protective layer of masking with locally generated random numbers. This technique restricts Eve’s effective reception rate to Bob’s level, making it even more difficult for her to reconstruct the original information. Together, these mechanisms grant our protocol resistance to intercept-resend attacks.

Another related threat is the PNS attack, where Eve exploits the multi-photon pulses in a practical weak coherent source by splitting off a photon while allowing the remaining photons to reach the legitimate recipient, gaining information without being detected. Our protocol resists this attack through a multi-intensity mode, which functions similarly to the decoy-state method [7,8,9]. Since Eve cannot tell whether a pulse is in encoding mode or multi-intensity mode before her measurement, she cannot selectively attack multi-photon pulses without introducing detectable anomalies. By comparing channel parameters of different light intensities that have different mean photon numbers, Alice and Bob can identify the inconsistencies caused by eavesdropping attempts. As a result, the additional pulses with randomized light intensities and phases protect the multi-photon components of WCS-based encoding schemes, noticeably enhancing their secrecy capacity and ensuring security in the face of PNS attacks.

While quantum communication protocols are theoretically secure under ideal conditions, the measurement devices used in practical systems retain certain loopholes. Imperfections in detectors can be utilized to bypass security guarantees, such as the bright illumination attack [52] and the dead time attack [53]. Our protocol inherits the MDI nature of MDI-QSDC by shifting measurements to an untrusted third party Charlie and relying solely on his results. Because Alice and Bob do not directly receive photons or perform measurements, any inherent imperfections in their detectors do not expose them to vulnerabilities such as side-channel attacks. The security of this protocol relies on quantum interference rather than Charlie’s honesty. Even if his detectors are fully controlled by Eve and are maliciously manipulated, Eve has no chance learning any useful information as it is only derived from post-processed correlations between Alice and Bob, as long as they strictly follow the correct procedures. In addition, as mentioned earlier, parameters such as error rates are carefully monitored, and any unexpected deviations are identified instantly. Although our protocol is not fully DI and may suffer from certain side-channel attacks, such as Trojan-horse attacks on light sources [54], its architecture, which includes placing the measurement in an untrusted location, decouples the security from the trustworthiness of the detectors, making it immune to many common attacks targeting measurement devices.

A final security concern is the assumption of an infinite block length in our analysis. In practical communication systems, Alice and Bob can only send finite numbers of WCS pluses rather than an idealized infinite number. This finite block length introduces statistical fluctuations in the estimation of channel parameters, which further tightens the upper bound of the secrecy channel capacity. Notably, unlike investigations in QKD systems [55,56,57], where random keys are negotiated, QSDC involves the direct transmission of deterministic information, and its performance under these conditions requires specific handling and analysis. While a comprehensive study of finite block length effects and their impact on practical QSDC systems is beyond the scope of this paper, valuable insights on this topic can be found in Refs. [58,59]. In the following discussion, we adhere to the asymptotic limit, assuming an infinite block length.

4. Performance

In this section, we analyze the performance of the HDOPI-QSDC protocol. We denote the channel transmittance from Alice and Bob to Charlie as $\eta ={\eta }_d\sqrt{{\eta }_c}$, where ${\eta }_d$ is the detection efficiency and ${\eta }_c$ is the channel loss function. The gain is expressed as

$$Q_{\mu }^{D_0}=Q_{\mu }^{D_1}=1-{\mathrm{e}}^{-2\eta \mu }+2p_d{\mathrm{e}}^{-2\eta \mu },$$

(8)

where $p_d$ is the rate of dark counts. The QBER is given by

$$E_{\mu }^{X,D_0}=E_{\mu }^{X,D_1}={\displaystyle \frac{{\mathrm{e}}^{-2\eta \mu }}{Q_{\mu }^{D_0}}}\left(p_d+2\eta \mu \delta \right),$$

(9)

where $\delta$ is the misalignment error. We assume that Alice and Bob use light pulses with infinite numbers of intensities in the multi-intensity mode, thus the yield of the $|2Ml+n\rangle$ photon state is

$$Y_{2Ml+n}^{D_0}=Y_{2Ml+n}^{D_1}=1-(1-2p_d){(1-\eta )}^{2Ml+n}.$$

(10)

The simulation parameters are as described in

Table 1. Key parameter settings of the simulation.

Parameter	Value	Description
$\zeta$	0.2 dB/km	attenuation coefficient
${\eta }_d$	14.5%	detector efficiency
$p_d$	8 × 10−8	dark count rate
$\delta$	1.5%	misalignment error
f	1.2	FEC efficiency
u	0.15	light intensity

. Following Equation (7), we illustrate the performance of the HDOPI-QSDC protocol and compare it to the PLOB bound [42], the performance of OPI-QSDC (with an optimized intensity $u=0.046$ as stated in [49]), DL04 ([14], INCUM-enhanced and with ideal sources), and MDI-QSDC ([19], INCUM-enhanced and with ideal sources) in Figure 2. OPI-QSDC can be regarded as an HDOPI-QSDC protocol with $M=1$, since it uses 0 and $\mathsf{\pi }$ phases in its coding mode. In the case where $M=2$, our high-dimensional protocol has a higher secrecy capacity and a roughly 50 km longer transmission distance than the original. As M increases, its secrecy capacity starts to reduce but its maximum transmission distance grows slightly. When $M\ge 5$, its secrecy capacity lags behind that of the original, though within a relatively short range, while its maximum distance outperforms the original by nearly 60 km. The benefit of further increasing M diminishes, since the maximum transmission distance hardly lengthens any further and the secrecy channel capacity continues to drop. The determination of a proper M should be guided by the specific needs of the system in practical applications. That is to say, $M=1$, i.e., the original OPI-QSDC, provides a balance between practicality, secrecy capacity, and transmission distance, while a more complicated experimental setup leads to a considerable extension in communication distance and secrecy channel capacity when $M=2$, 3, or 4.

Table 2. Comparison with other typical QSDC protocols.

	DL04 [14]	MDI-QSDC [19]	OPI-QSDC [49]	Our Protocols
Quantum resources	single photons (ideal) WCSs (practical)	single photons and entanglement pairs	single photons (ideal) WCSs (practical)	single photons (ideal) WCSs (practical)
Encode messages in	polarizations	Bell states	$0/\mathsf{\pi }$ phases	multislice phases
Resistance to measurement-device attacks?	No	Yes	Yes	Yes
Resistance to PNS attacks?	No	No	Yes	Yes
Quantum memory free?	No	No	Yes	Yes
Break PLOB bound?	No	No	Yes	Yes
Approx. secrecy capacity at 100 km (bit/pulse)	1.03 × 10−5	1.16 × 10−8	5.72 × 10−4	1.05 × 10−3 ($M=2$) 1.15 × 10−4 ($M=20$)
Approx. distance at 1 × 10−10 bit/pulse secrecy capacity	156.48 km	151.61 km	434.76 km	485.07 km ($M=2$) 493.94 km ($M=20$)

provides a concise comparison between our work and previous studies. It highlights key differences in terms of quantum resources, encoding methodologies, security guarantees, reliance on quantum memory, and performance metrics, thereby clarifying the advantages of our approach.

5. Conclusions

In this work, we present a high-dimensional one-photon-interference quantum secure direct communication protocol (HDOPI-QSDC), that generalizes the original one-photon-interference quantum secure direct communication framework to high-dimensional encoding. This advancement results in an enhanced secrecy channel capacity and an extended transmission distance, while maintaining a measurement-device-independent characteristic even though it involves the imperfect measurement devices of legitimate users. The security of the protocol is analyzed utilizing the quantum wiretap channel theory, and the secrecy channel capacity is derived. Furthermore, its resistance to common quantum threats is examined. Numerical simulations demonstrate that the HDOPI-QSDC protocol not only achieves a higher secrecy capacity but also improves the transmission distance by up to approximately 60 km compared to its predecessors, reaching a maximum range of 494 km, which effectively doubles the communication length of traditional protocols. These promising results suggest that our protocol holds potential for future applications, such as intercity quantum communications in government, finance, and healthcare sectors, where its extended range and high capacity could reduce reliance on quantum repeaters. Leveraging the merit of its deterministic information transmission, QSDC integrated with classic or post-quantum cryptography could boost the bandwidth of secure communication and provide an extra layer of protection by transferring only the secret keys via quantum channels, ensuring the hybrid system remains resistant to both quantum and classical adversaries.

However, the proposed protocol is subject to several key constraints that require further investigation. First, our security analysis assumes an infinite block length, which simplifies the derivation of the secrecy capacity by neglecting the statistical fluctuations introduced by finite block lengths in the estimation of channel parameters. In practice, the finite size of the information block leads to tighter bounds and potentially a lower performance. Second, the protocol also presumes an unlimited number of light intensities in the multi-intensity mode. Although three or four intensities should suffice in real-world systems, a detailed capacity analysis of these limited intensity values is needed. Third, the experimental implementation of our protocol faces significant difficulties, due to its heavy reliance on high-precision phase operations. Achieving adequate one-photon interference visibility requires maintaining phase coherence over long distances, between the independent lasers at Alice’s and Bob’s stations. Consequently, the precise synchronization of remote lasers is critical, and active, continuous phase compensation and stabilization is essential to counter environmental disturbances. Moreover, developing high-efficiency and low-noise single-photon detectors remains a substantial challenge. While recent advancements in optical systems [60,61], detector performance [62,63], and protocol optimization [64,65] have shed light on these experimental hurdles with proof-of-principle demonstrations [66,67,68], further innovations will be necessary for the practical deployment of this protocol.