Implementation and Realistic Security of Unidimensional Modulation Continuous-Variable Quantum Key Distribution in Downstream Access Networks

Abstract

To address the demand for low-cost deployment in quantum key distribution (QKD) networks, this study explores the implementation of unidimensional (UD) modulation continuous-variable quantum key distribution (CV-QKD) protocols within downstream access networks. The UD CV-QKD protocol employs a single modulator for information encoding, offering benefits such as reduced implementation cost and lower random number consumption, which collectively decrease the overall setup expense of QKD systems. Through systematic performance analysis, it is demonstrated that the proposed UD modulation downstream access network scheme exhibits strong scalability and practical applicability. When supporting 32 users, the system maintains secure communication over transmission distances of up to 50 km. As the number of users increases to 64, performance declines slightly; however, the system still achieves a 35 km transmission distance, which remains suitable for many metropolitan access applications. Even in high-density access scenarios involving 128 users, the system sustains a positive key rate within a transmission range of 20 km. Furthermore, this study evaluates the protocol’s practical security under source intensity errors and finite-size effects. These results provide meaningful guidance for deploying low-cost, high-security quantum communication access networks and contribute to advancing QKD technologies toward scalable, real-world implementations.

1. Introduction

Quantum key distribution (QKD), grounded in the principles of quantum mechanics, enables secure key exchange between communication parties, thereby providing theoretically unconditional information security [1,2,3]. This intrinsic feature positions QKD as a promising solution to address the emerging security challenges posed by quantum computing. Continuous-variable QKD (CV-QKD), which encodes key information using the quadrature components of optical fields and employs coherent detection methods (such as homodyne or heterodyne detection), is capable of achieving high key rates within metropolitan area networks [4,5,6,7,8,9,10,11]. Additionally, CV-QKD is highly compatible with existing fiber communication infrastructure, allowing it to be integrated into optical networks without substantial modifications [12,13,14]. This compatibility shortens the transition from theoretical quantum communication to practical application and has garnered considerable attention [15].

As CV-QKD continues to advance, the development of multi-user quantum communication networks has become a central research focus [16,17,18,19,20,21], marking a critical stepping stone toward the realization of the quantum internet [22,23]. A downstream access network scheme based on coherent states has recently been proposed, wherein the central service node, Alice, uses passive beam splitters to concurrently provide secure key distribution services to multiple user nodes, Bobs [24]. This scheme has attracted attention for its potential to enable simultaneous multi-user access to quantum communication networks [25,26,27,28]. Unidimensional (UD) modulation CV-QKD, which modulates only one quadrature of the optical field, offers significant hardware simplification, reduces the consumption of random numbers, and decreases overall system cost [29]. However, existing research on UD CV-QKD has primarily focused on point-to-point communication models, which are insufficient for addressing the requirements of multi-user quantum communication networks [30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47].

This study bridges this gap by extending the UD CV-QKD protocol from conventional point-to-point configurations to network environments that support multi-user access. To rigorously assess the protocol’s feasibility in practical network scenarios, a detailed performance analysis is conducted, evaluating the number of users supported, the achievable transmission distance, and the system’s excess noise tolerance. In addition, this study examines the protocol’s realistic security by analyzing the impacts of statistical fluctuations due to finite block size and potential intensity errors in quantum state sources. These factors are incorporated into a revised security model to validate the protocol’s robustness under real-world conditions. This work provides foundational theoretical support for integrating low-cost UD CV-QKD into future multi-user quantum communication networks.

2. UD CV-QKD in the Downstream Access Network

2.1. Protocol Model

In Figure 1a, the protocol model for UD CV-QKD in a downstream access network is presented, realizing a star network structure in which multiple users share a single source. The information sender (Alice) initially encodes classical information into quantum states, which are then distributed to multiple receivers $\left({\mathrm{Bob}}_{1,\dots ,n}\right)$ via an N-port beam splitter. Specifically, Alice employs an amplitude modulator with a modulation variance of $V_{\mathrm{M}}$ to modulate the coherent state, as illustrated in Figure 1a. The modulated quantum states exhibit a UD chain structure in phase space. These coherent states are passively divided and transmitted to each downstream user through the N-port beam splitter. Upon reception, each user utilizes a practical balanced homodyne detector to measure the quadrature amplitude and a portion of the quadrature phase of the quantum state. For any ${\mathrm{Bob}}_k$, depending on the choice of measurement quadrature, Alice retains only the corresponding quadrature component. Consequently, Alice and ${\mathrm{Bob}}_k$ obtain a set of correlated data. Through classical post-processing steps, including parameter estimation, data reconciliation, and privacy amplification, Alice and any ${\mathrm{Bob}}_k$ can derive an identical set of secret keys.

2.2. Security Analysis

To analyze the security of the protocol, it is essential to consider an equivalent entanglement-based (EB) scheme. As shown in Figure 1b, Alice prepares an EPR state with variance V and performs homodyne detection on the mode A retained. For the other mode $A^{\prime }$, she applies a squeezing operator (Squeezer) with squeezing parameter $r=ln\sqrt{V}$ to compress the quadrature phase, thereby generating mode S. Alice subsequently transmits mode S through a quantum channel characterized by transmission efficiency $T_A$ and excess noise ${\epsilon }_A$ to an N-port beam splitter. The output modes are then delivered to individual users, ${\mathrm{Bob}}_1$ through ${\mathrm{Bob}}_{\mathrm{n}}$, via quantum sub-channels, each described by its respective transmission coefficient ($T_{B_1}$…$T_{B_n}$) and excess noise level (${\epsilon }_{B_1}$…${\epsilon }_{B_n}$). Given that the use of the N-port beam splitter introduces insertion loss $T_{\mathrm{N}-\mathrm{BS}}$ and excess noise ${\epsilon }_{\mathrm{N}-\mathrm{BS}}$, the overall transmittance and excess noise between Alice and any $k^{th}$ user ${\mathrm{Bob}}_k$ can be expressed as follows [24]:

$$T_{\mathrm{tot}}^k=T_A{T}_{\mathrm{N}-\mathrm{BS}}{T}_{B_k}={\displaystyle \frac{1}{n}}{T}_A{T}_{B_k},$$

(1)

$${\epsilon }_{\mathrm{tot}}^k={\epsilon }_A+{\epsilon }_{\mathrm{N}-\mathrm{BS}}+{\epsilon }_{B_k}.$$

(2)

The initial EPR state ${\rho }_{A{A}^{\prime }}$, after applying phase squeezing to mode $A^{\prime }$, results in the quantum state ${\rho }_{AS}$, whose covariance matrix can be expressed as follows:

$$\begin{array}{c}\hfill {\gamma }_{AS}=\left[\begin{array}{cccc}V& 0& \sqrt{V\left(V^2-1\right)}& 0\\ 0& V& 0& -\sqrt{\left(V^2-1\right)/V}\\ \sqrt{V\left(V^2-1\right)}& 0& V^2& 0\\ 0& -\sqrt{\left(V^2-1\right)/V}& 0& 1\end{array}\right].\end{array}$$

(3)

The variance of the phase quadrature of mode S is 1, equivalent to a single shot-noise unit. Subsequently, mode S is sent to ${\mathrm{Bob}}_k$ via the quantum channel, and its covariance matrix consequently changes to the following:

$$\begin{array}{c}\hfill {\gamma }_{A{B}_k}=\left[\begin{array}{cccc}\sqrt{1+V_{\mathrm{M}}}& 0& \sqrt{T_{\mathrm{totx}}{V}_{\mathrm{M}}}{\left(1+V_{\mathrm{M}}\right)}^{1/4}& 0\\ 0& \sqrt{1+V_{\mathrm{M}}}& 0& C_y^{B_k}\\ \sqrt{T_{\mathrm{totx}}{V}_{\mathrm{M}}}{\left(1+V_{\mathrm{M}}\right)}^{1/4}& 0& T_{\mathrm{totx}}\left(V_{\mathrm{M}}+1+{\chi }_{\mathrm{linex}}\right)& 0\\ 0& C_y^{B_k}& 0& V_y^{B_k}\end{array}\right],\end{array}$$

(4)

where $V_{\mathrm{M}}=V^2-1$; ${\chi }_{\mathrm{linex}}=\left(1-T_{\mathrm{totx}}\right)/T_{\mathrm{totx}}+{\epsilon }_{\mathrm{totx}}$ denotes the total noise introduced in the quadrature amplitude direction of the quantum state by the channel relative to the channel input, and $C_y^{B_k}$ and $V_y^{B_k}$ denote the correlations and variances of modes A and $B_k$ in the quadrature phase direction.

Furthermore, at the receiver end, after transformation by the beam splitter, simulating actual homodyne detection, the covariance matrix ${\gamma }_{A{B}_k}$ transforms into ${\gamma }_{A{B}_k^{\prime }}$, which takes the following form:

$$\begin{array}{c}\hfill {\gamma }_{A{B}_k^{\prime }}=\left[\begin{array}{cccc}\sqrt{1+V_{\mathrm{M}}}& 0& \sqrt{\eta T_{\mathrm{totx}}{V}_{\mathrm{M}}}{\left(1+V_{\mathrm{M}}\right)}^{1/4}& 0\\ 0& \sqrt{1+V_{\mathrm{M}}}& 0& C_y^{B_k^{\prime }}\\ \sqrt{\eta T_{\mathrm{totx}}{V}_{\mathrm{M}}}{\left(1+V_{\mathrm{M}}\right)}^{1/4}& 0& \eta T_{\mathrm{totx}}\left(V_{\mathrm{M}}+1+{\chi }_{\mathrm{totx}}\right)& 0\\ 0& C_y^{B_k^{\prime }}& 0& V_y^{B_k^{\prime }}\end{array}\right],\end{array}$$

(5)

where $V_y^{B_k^{\prime }}=\eta \left(V_y^{B_k}+{\chi }_{hom}\right)$ and $C_y^{B_k^{\prime }}=C_y^{B_k}\sqrt{\eta }$. ${\chi }_{\mathrm{totx}}={\chi }_{\mathrm{linex}}+{\chi }_{hom}/T_{\mathrm{totx}}$ represents the total noise introduced in the quadrature amplitude direction relative to the channel input. ${\chi }_{hom}=\left(1-\eta \right)/\eta +{\nu }_{\mathrm{el}}/\eta$ corresponds to the noise arising from imperfections in the detector at Bob’s side.

By employing the EB scheme described above, the secure key rate can be conveniently calculated. Under asymptotic conditions, with ${\mathrm{Bob}}_k$’s data serving as the reference side (i.e., reverse reconciliation), the formula for computing the secure key rate is given as follows:

$$K^{\mathrm{asy}}=\beta ·I_{A{B}_k^{\prime }}-{\chi }_{B_k^{\prime }E},$$

(6)

where $I_{A{B}_k^{\prime }}$ represents the Shannon mutual information between Alice and ${\mathrm{Bob}}_k$; ${\chi }_{B_k^{\prime }E}$ denotes the Holevo bound, which quantifies the maximum amount of information that Eve can extract from ${\mathrm{Bob}}_k$’s data; and $\beta$ indicates the efficiency of the data reconciliation process.

The mutual information $I_{A{B}_k^{\prime }}$ is expressed as follows:

$$I_{A{B}_k^{\prime }}={\displaystyle \frac{1}{2}}{log}_2{\displaystyle \frac{V_A}{V_A^{x_{B_k^{\prime }}}}}={\displaystyle \frac{1}{2}}{log}_2\left(1+{\displaystyle \frac{V_{\mathrm{M}}}{1+{\chi }_{\mathrm{totx}}}}\right).$$

(7)

The Holevo bound ${\chi }_{B_k^{\prime }E}$ is defined as follows:

$${\chi }_{B_k^{\prime }E}=S\left({\rho }_E\right)-S\left({\rho }_E^{x_{B_k^{\prime }}}\right),$$

(8)

where $S\left(\rho \right)$ denotes the von Neumann entropy of the quantum state $\rho$.

Since all of the users share a common source, their data exhibit inherent correlations. To ensure the protocol’s security, our analysis considers an extreme-case scenario in which any user other than the legitimate communicating party may be compromised by Eve, thereby treating them as untrusted nodes within the network. By applying Eve’s purification principle, we derive the following:

$$\begin{array}{ccc}& {\chi }_{B_k^{\prime }E}& =S\left({\rho }_E\right)-S\left({\rho }_E^{x_{B_k^{\prime }}}\right)\hfill \end{array}$$

(9)

$$\begin{array}{cccccccc}& & & & & & & =S\left({\rho }_{A{B}_k}\right)-S\left({\rho }_{A{G}_k{R}_k}^{x_{B_k^{\prime }}}\right)\hfill \end{array}$$

(10)

$$\begin{array}{ccccccccccccc}& & & & & & & & & & & & =\sum _{i=1}^{2}g\left({\displaystyle \frac{{\lambda }_i-1}{2}}\right)-\sum _{i=3}^{5}g\left({\displaystyle \frac{{\lambda }_i-1}{2}}\right)\hfill \end{array}$$

(11)

where $g\left(x\right)=\left(x+1\right){log}_2\left(x+1\right)-x{log}_{2}x$.

${\lambda }_{1,2}$ and ${\lambda }_{3,4,5}$ are the symplectic eigenvalues of the quantum states ${\rho }_{A{B}_k}$ and ${\rho }_{A{G}_k{R}_k}^{x_{B_k^{\prime }}}$, respectively, and can be calculated as follows:

$${\lambda }_{1,2}^2={\displaystyle \frac{1}{2}}\left[A\pm \sqrt{A^2-4B}\right],$$

(12)

$$A=1+V_y^{B_k}+V_{\mathrm{M}}+V_y^{B_k}\left({\epsilon }_{\mathrm{totx}}+V_{\mathrm{M}}\right)T_{\mathrm{totx}}+2C_y^{B_k}{\left(1+V_{\mathrm{M}}\right)}^{{\displaystyle \frac{1}{4}}}\sqrt{V_{\mathrm{M}}{T}_{\mathrm{totx}}},$$

(13)

$$B=\left(V_y^{B_k}\left(1+V_{\mathrm{M}}\right)-{\left(C_y^{B_k}\right)}^2\sqrt{1+V_{\mathrm{M}}}\right)\left(1+{\epsilon }_{\mathrm{totx}}{T}_{\mathrm{totx}}\right),$$

(14)

and

$${\lambda }_{3,4}^2={\displaystyle \frac{1}{2}}\left[C\pm \sqrt{C^2-4D}\right],{\lambda }_5=1,$$

(15)

$$C={\displaystyle \frac{A(1+{\nu }_{\mathrm{el}})+(({\epsilon }_{\mathrm{totx}}{T}_{\mathrm{totx}}+1)(V_{\mathrm{M}}+2)+V_{\mathrm{M}}{T}_{\mathrm{totx}}-A)\eta }{1+{\epsilon }_{\mathrm{totx}}{T}_{\mathrm{totx}}\eta +V_{\mathrm{M}}{T}_{\mathrm{totx}}\eta +{\nu }_{\mathrm{el}}}},$$

(16)

$$D={\displaystyle \frac{B(1+{\nu }_{\mathrm{el}}-\eta )+(1+V_{\mathrm{M}})(1+{\epsilon }_{\mathrm{totx}}{T}_{\mathrm{totx}})\eta }{1+{\epsilon }_{\mathrm{totx}}{T}_{\mathrm{totx}}\eta +V_{\mathrm{M}}{T}_{\mathrm{totx}}\eta +{\nu }_{\mathrm{el}}}}.$$

(17)

Based on the above results, the key rate can be calculated. For the unknown parameters $C_y^{B_k}$ and $V_y^{B_k}$, $V_y^{B_k}$ can be estimated at Bob’s end by randomly measuring the orthogonal phase quadrature of the quantum state. However, $C_y^{B_k}$ cannot be estimated because the initial quantum state prepared by Alice does not involve modulation on the phase quadrature. Nevertheless, the unknown parameter $C_y^{B_k}$ can be constrained using Heisenberg’s uncertainty principle, which leads to the following condition [40]:

$${\gamma }_{A{B}_k}+i·\Omega \ge 0,$$

(18)

where

$$\Omega =\underset{i=1}{\stackrel{2}{\oplus }}\left[\begin{array}{cc}0& 1\\ -1& 0\end{array}\right].$$

(19)

Then, we have

$${(C_y^{B_k}-C_0)}^2\le {\displaystyle \frac{V_{\mathrm{M}}}{\sqrt{(1+V_{\mathrm{M}})}}}{\displaystyle \frac{{\chi }_{\mathrm{linex}}}{1+{\chi }_{\mathrm{linex}}}}(V_y^{B_k}-V_0),$$

(20)

where

$$C_0=-{\displaystyle \frac{V_0\sqrt{T_{\mathrm{totx}}{V}_{\mathrm{M}}}}{{(1+V_{\mathrm{M}})}^{1/4}}},V_0={\displaystyle \frac{1}{T_{\mathrm{totx}}\left(1+{\chi }_{\mathrm{linex}}\right)}}.$$

(21)

For a fixed $V_y^{B_k}$, the minimum secure key rate can be obtained by scanning $C_y^{B_k}$ based on the above constraint equation.

2.3. Protocol Performance

In this study, we consider a symmetric network configuration in which the loss and noise parameters are identical across all of the links connecting the splitter to the users, i.e., $T_{\mathrm{tot}}^1=T_{\mathrm{tot}}^k=T_{\mathrm{tot}}^n=T_{\mathrm{tot}}$ and ${\epsilon }_{\mathrm{tot}}^1={\epsilon }_{\mathrm{tot}}^k={\epsilon }_{\mathrm{tot}}^n={\epsilon }_{\mathrm{tot}}$. Figure 2 illustrates the relationship between the achievable secret key rate and the transmission distance for various numbers of optical network units (ONUs), with simulation parameters set as follows: excess noise ${\epsilon }_{\mathrm{tot}}=0.02$, reconciliation efficiency $\beta =0.97$, detector efficiency $\eta =0.6$, and electronic noise $v_{\mathrm{el}}=0.1$. These results are obtained using Equation (6). This figure provides valuable insights into how the network’s secure key distribution capability is influenced by both the network scale (i.e., the number of connected users) and the communication link distance. The results indicate that networks with fewer than 16 ONUs can sustain relatively high key rates over transmission distances of up to 50 km. As additional ONUs are connected, the secret key rate decreases. Nevertheless, the system can still support 32 users over 50 km, 64 users over 35 km, and 128 users over 20 km with a positive key rate.

Figure 3 presents the achievable secret key rate as a function of the number of ONUs, evaluated at different transmission distances. The results are obtained using Equation (6). As shown, the key rate consistently declines with an increasing number of ONUs. A notable decrease occurs when the number of ONUs is below 20. Additionally, the key rate decreases more rapidly with increasing ONUs at longer distances compared to shorter distances. These trends highlight the inherent trade-off between network capacity and secure communication range in QKD access networks.

Figure 4 illustrates the relationship between tolerable excess noise and transmission distance for different numbers of ONUs. The simulation results are obtained using Equation (6). The results reveal that configurations with fewer users can tolerate higher levels of excess noise. As both the number of users and the transmission distance increase, the tolerable excess noise gradually decreases. For example, at a transmission distance of 30 km, 32 users can tolerate up to 0.03 excess noise, while at 50 km, 128 users can still tolerate excess noise levels exceeding 0.025. These findings demonstrate the adaptability of the UD scheme in downstream access networks, supporting its suitability for low-cost quantum communication network development.

3. Realistic Security

3.1. Source Errors

In downstream access networks, all of the users share a single source, rendering the security of this source critical. During the actual implementation of the protocol, errors are inevitably introduced when Alice prepares coherent states, such as source intensity errors [48,49]. Suppose the pulse intensity of the signal source varies within the range $\left[I^{\mathrm{L}},I^{\mathrm{U}}\right]$, where $I^{\mathrm{L}}$ and $I^{\mathrm{U}}$ represent the lower and upper bounds, respectively. For simplicity, we set $I^{\mathrm{L}\left(\mathrm{U}\right)}=g^{\mathrm{L}\left(\mathrm{U}\right)}I$, resulting in $I\in \left[g^{\mathrm{L}},g^{\mathrm{U}}\right]I$. To ensure the protocol’s security, Alice adjusts her raw data to the upper bound value $\sqrt{g^{\mathrm{U}}}{x}_A$ and conducts parameter estimation and key extraction using the adjusted data.

When Alice and ${\mathrm{Bob}}_k$ perform parameter estimation with the revised data, we have:

$$T_{\mathrm{totx}}^{\prime }=T_g{T}_{\mathrm{totx}}/g^{\mathrm{U}},{\epsilon }_{\mathrm{totx}}^{\prime }\approx {\epsilon }_{\mathrm{totx}}{g}^{\mathrm{U}}/T_g+{\displaystyle \frac{V_g}{4m_g^2}}{g}^{\mathrm{U}}{V}_{\mathrm{M}},$$

(22)

where $T_g=m_g{\left(1-V_g/8m_g^2\right)}^2$, $m_g$ and $V_g$ denote the intrinsic mean and variance of the intensity variation factor.

Figure 5 illustrates the variation in the protocol’s secret key rate with respect to transmission distance for different numbers of users in the presence of source intensity errors. The simulation results are derived using Equations (6) and (22). The source error parameters are set to $g^{\mathrm{U}}=1.1$, $m_g=1.03$, and $V_g={10}^{-4}$. The modulation variance is optimized to maximize the key rate. Solid lines represent the key rate for an ideal (error-free) source, while dashed lines correspond to the case where source intensity errors are considered. The results show that source errors lead to an approximately 20% reduction in the key rate, highlighting the importance of incorporating source error considerations into the system design.

3.2. Finite-Size Effects

In practical implementations of the protocol, limitations in hardware, storage capacity, and computational resources mean that the total number of signals exchanged between Alice and Bob is finite. Under finite data block conditions, statistical fluctuations must be taken into account. These fluctuations, in conjunction with source errors, can result in significant discrepancies between expected values and actual observations.

Let the total number of signals exchanged between Alice and Bob be denoted by $N_{\mathrm{tot}}$. Following detection by ${\mathrm{Bob}}_k$, Alice and ${\mathrm{Bob}}_k$ obtain a set of correlated data samples ${\left(x_{Ai},x_{B_k^{\prime }i}\right)}_{i=1···N_{tot}-l}$ in the amplitude quadrature. Of these, n signals are reserved for key extraction, while $m=N_{tot}-l-n$ signals are used to estimate the transmission efficiency $T_{totx}$ and the excess noise ${\epsilon }_{totx}$. Additionally, l represents the number of data points Bob collects in the phase quadrature, which are used to evaluate its variance $V_y^{B_k^{\prime }}$. The formula for calculating the secure key rate under finite-size conditions is then given as follows [50]:

$$K^{finite}={\displaystyle \frac{n}{N}}(\beta I_{A{B}_k^{\prime }}^{{\delta }_{\mathrm{PE}}}-{\chi }_{B_k^{\prime }E}^{{\delta }_{\mathrm{PE}}}-\Delta \left(n\right)),$$

(23)

where ${\delta }_{\mathrm{PE}}$ represents the failure probability of parameter estimation. $\Delta \left(n\right)$ denotes a correction term related to privacy amplification, defined as follows:

$$\Delta \left(n\right)\simeq 7\sqrt{{\displaystyle \frac{{log}_2(2/\xi )}{n}}},n\ge {10}^4.$$

(24)

To ensure the security of the protocol, we consider the worst-case scenario for parameter estimation, where the most pessimistic estimations are adopted, as follows [39]:

$${\left(T_{\mathrm{totx}}^{\prime }\right)}^{low}\approx {\displaystyle \frac{1}{\eta }}{\left(\sqrt{\eta T_{totx}^{\prime }}-z_{{\delta }_{\mathrm{PE}}/2}\sqrt{{\displaystyle \frac{1+\eta T_{totx}^{\prime }{\epsilon }_{totx}^{\prime }+{\nu }_{\mathrm{el}}}{m{V}_{\mathrm{M}}}}}\right)}^2,$$

(25)

$${\left({\epsilon }_{totx}^{\prime }\right)}^{up}\approx {\epsilon }_{totx}^{\prime }+z_{{\delta }_{\mathrm{PE}}/2}{\displaystyle \frac{\left(1+\eta T_{totx}^{\prime }{\epsilon }_{totx}^{\prime }+{\nu }_{\mathrm{el}}\right)\sqrt{2}}{\eta T_{totx}^{\prime }\sqrt{m}}},$$

(26)

$${\left(V_y^{B_k}\right)}^{up}\approx V_y^{B_k}+z_{{\delta }_{\mathrm{PE}}/2}{\displaystyle \frac{\left(\eta \left(V_y^{B_k}-1\right)+1+{\nu }_{\mathrm{el}}\right)\sqrt{2}}{\eta \sqrt{l}}}.$$

(27)

Figure 6 illustrates the secret key rate of the protocol as a function of transmission distance for various data block sizes, considering a network with 8 users. The results are derived using Equation (23). The parameters m and l are optimized to maximize the key rate. The results show that, as the transmission distance increases, the key rate under finite data block sizes decreases significantly more rapidly compared to the asymptotic case. Smaller data block sizes exhibit a steeper decline due to the increased statistical uncertainty in parameter estimation as the block size decreases. Moreover, it is observed that as the data block size increases from ${10}^9$ to ${10}^{12}$, the key rate initially increases sharply with transmission distance, followed by a more gradual improvement. This behavior suggests the presence of an optimal block size that balances statistical reliability and performance. These findings confirm the practical feasibility of implementing UD CV-QKD in downstream access networks under realistic operating conditions.

4. Discussion

In this study, we extend the UD modulation scheme of CV-QKD to downstream access networks, thereby significantly broadening the applicability of UD modulation protocols to address the growing demands of multi-user access networks. To comprehensively assess network performance, we systematically investigated three core metrics: the scale of user access supported, the achievable transmission distance, and the system’s tolerance to excess noise. The results indicate that when the number of users is 32, secure transmission remains feasible up to 50 km; with 64 users, the maximum transmission distance is reduced to 35 km; and even in high-density scenarios involving 128 users, a positive key rate is achievable within a 20 km range. These findings demonstrate that the proposed UD modulation scheme for downstream access networks offers both scalability and practical utility. Furthermore, we conducted a detailed analysis of the protocol’s realistic security performance under source intensity errors and finite-size effects, providing valuable insights for the deployment of low-cost downstream quantum communication networks.

A key feature of traditional downstream access networks is the passive optical distribution network, enabling low-cost, highly reliable multi-user access via passive optical splitters. The proposed protocol can be easily integrated into current telecom infrastructure. Specifically, passive beam splitters, initially engineered for classical signals, can be directly repurposed to distribute quantum states, naturally accommodating the star network topology. This integration significantly reduces QKD deployment costs while inheriting the inherent resilience against failures in active components. For practical implementation, the development and integration of miniaturized modulators and low-noise balanced homodyne detectors into existing optical line terminals and ONUs is crucial for minimizing modifications to legacy equipment and streamlining engineering deployment. Furthermore, simulating complex real-world access network conditions in laboratory settings is vital to support the future large-scale adoption of QKD.