EP3970312A1 - Device and method for performing information reconciliation in a quantum key distribution system - Google Patents

Device and method for performing information reconciliation in a quantum key distribution system

Info

Publication number
EP3970312A1
EP3970312A1 EP19725338.8A EP19725338A EP3970312A1 EP 3970312 A1 EP3970312 A1 EP 3970312A1 EP 19725338 A EP19725338 A EP 19725338A EP 3970312 A1 EP3970312 A1 EP 3970312A1
Authority
EP
European Patent Office
Prior art keywords
symbols
characteristic
local
remote
dissimilarity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19725338.8A
Other languages
German (de)
French (fr)
Inventor
Fred Chi Hang FUNG
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Duesseldorf GmbH
Original Assignee
Huawei Technologies Duesseldorf GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Duesseldorf GmbH filed Critical Huawei Technologies Duesseldorf GmbH
Publication of EP3970312A1 publication Critical patent/EP3970312A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Optical Communication System (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Selective Calling Equipment (AREA)

Abstract

The present invention provides a device for communicating with a remote device in a Continuous-Variable Quantum Key Distribution (CV-QKD) system to generate a secret key shared among the device and the remote device. The device is configured to refine a local sequence of symbols and cooperate with the remote device to generate the secret key based on the refined local sequence of symbols. Moreover, the device is configured to refine the local sequence, by performing the following operations; determining a local characteristic, the local characteristic being a characteristic of two or more symbols selected from the local sequence; initiating determining a measure of dissimilarity between the local characteristic and a remote characteristic; retaining at least one of the selected symbols in the local sequence when the measure of dissimilarity is below a predefined threshold, and dropping at least one of the selected symbols from the local sequence when the measure of dissimilarity is above the predefined threshold.

Description

DEVICE AND METHOD FOR PERFORMING INFORMATION
RECONCILIATION IN A QUANTUM KEY DISTRIBUTION SYSTEM TECHNICAL FIELD
The present invention generally relates to the field of the Quantum Key Distribution (QKD). The type of technology used falls under the framework of Continuous-Variable quantum key distribution (CV-QKD). More specifically, the invention relates to a device and a method for refining QKD data (e.g., retaining signals of good quality in QKD data) to be processed further for error correction and privacy amplification in the CV-QKD. This invention also relates to devices and methods that generate a secret key based on the QKD.
BACKGROUND
Conventional QKD post-processing is a process performed on a classical computing device that transforms a raw key to a final secret key. It generally comprises three main steps: parameter estimation, information reconciliation, and privacy amplification. The present invention particularly relates to the information reconciliation.
In the conventional QKD post-processing, either Alice’s key or Bob’s key is regarded as correct, and the other party corrects his/her key to match this one. In the following, the word“Alice” is used interchangeably with the term“transmitting device”. Moreover, the word“Bob” is used interchangeably with the term“receiving device”.
However, conventional devices and methods have the disadvantage of a low key generation rate at larger distances, for example, a conventional Discrete-Variable (DV)-QKD device generates key at rate of 10 kbps at the distance of 50 km, which is considered as a low key generation rate. Moreover, in conventional devices and methods, all key signals present at the information reconciliation stage are used to generate a final key, which results in a higher computational demand.
Thus, it is generally desirable to provide improved devices and methods for performing information reconciliation in the QKD systems. SUMMARY
In view of the above-mentioned problems and disadvantages, embodiments of the present invention aim to improve the conventional devices and methods, in particular with respect to performing information reconciliation. An objective is to provide a device and a method for post-processing data of a QKD system, e.g. refining sequences of symbols in QKD data, in order to obtain signals of better quality. In particular the device and method should perform post-processing such that the information reconciliation conditionally improves the signal to noise ratio (SNR) of the signals.
The objective of the present invention is achieved by embodiments as provided in the enclosed independent claims. Advantageous implementations of the embodiments are further defined in the dependent claims. A first aspect of the invention provides a device for communicating with a remote device in a Continuous-Variable Quantum Key Distribution, CV-QKD, system to generate a secret key shared among the device and the remote device, the device being configured to refine a local sequence of symbols and cooperate with the remote device to generate the secret key based on the refined local sequence of symbols, wherein the device is configured to refine the local sequence by performing the following operations: determining a local characteristic, the local characteristic being a characteristic of two or more symbols selected from the local sequence; initiating determining a measure of dissimilarity between the local characteristic and a remote characteristic; retaining at least one of the selected symbols in the local sequence when the measure of dissimilarity is below a predefined threshold, and dropping at least one of the selected symbols from the local sequence when the measure of dissimilarity is above the predefined threshold.
The device of the first aspect may be a local device, which communicates with the remote device. Moreover, any device may be considered a“local” device, and any device which is physically separated from the local device may be considered a“remote” device.
The device of the first aspect may be (or may be incorporated in) the transmitting device and/or the receiving device in the QKD system. The device may comprise hardware and software. The hardware may comprise analog or digital circuitry, or both analog and digital circuitry. In some embodiments, the device comprises one or more processors and a non volatile memory connected to the one or more processors. The non-volatile memory may carry executable program code, which, when executed by the one or more processors, causes the device to perform the operations or methods described herein.
The CV-QKD system may comprise the device and the remote device. The CV-QKD system may comprise further devices, e.g., relay or control devices, which are capable of communicating with the device and/or the remote device.
The local sequence is local in the sense that it is known to the device. That is, the device has access to the local sequence. For example, the local sequence may be kept in a memory of the device, and a processing unit of the device may read the sequence from the memory and modify the sequence in the memory, or may store modified versions of the sequence in the memory.
The remote characteristic may be a characteristic of two or more symbols selected from a sequence (herein referred to as the remote sequence) of symbols at the remote device. The symbols from the local sequence (local symbols) and the symbols from the remote sequence (remote symbols) may be selected such that they correspond to each other one- to-one. The one-to-one correspondence may be such that, in the hypothetical absence of information degradation, the remote symbols are identical to the local symbols (note that information degradation is inherent to the CV-QKD system). Moreover, it may be assumed that the local sequence and the remote sequence are aligned with each other. Each local symbol and its corresponding remote symbol then have the same sequence index. Each of the two sequences may, for example, be ordered following the order in which the symbols have been transmitted over the quantum channel (e.g. from the device to remote device or vice versa).
Furthermore, as said above, the device may initiate determining the measure of dissimilarity between the local characteristic and the remote characteristic. It may be expected that the measure of dissimilarity will correlate inversely with the signal quality. If the signal is perfect, it may be expected that the local characteristic and the remote characteristic will be identical, i.e. that there will be no dissimilarity. In this situation the measure of dissimilarity may be taken as zero. The poorer the signal (i.e. the lower the signal quality) is, the greater the measure of dissimilarity will be. The signals may be the physical (e.g., optical) signals that represent the symbols in the sequences.
In one embodiment, the device itself may determine the measure of dissimilarity. In another embodiment, the device may trigger another device (e.g., the remote device) to determine the measure of dissimilarity. For example, the device may send a message to the other device in accordance with a communication protocol, and the other device may determine the measure of dissimilarity in response to that message.
Moreover, the device may refine the local sequence of symbols. As discussed, the measure of dissimilarity may correlate inversely with the signal quality. When the measure of dissimilarity between the local characteristics and the remote characteristics is below the threshold value, the signal representing the selected two or more symbols likely has a good signal quality, and therefore, at least one of the selected symbols may be retained. Thus the local sequence of symbols is refined.
Likewise, when the measure of dissimilarity between the local characteristics and the remote characteristics is above the threshold value, that means, the signal representing the selected two or more symbols has a lower signal quality, and therefore, at least one of the selected symbols may be dropped. Thus the local sequence of symbols is refined.
Retaining at least one symbol when the measure of dissimilarity is below the threshold value and dropping at least one symbol when the measure of dissimilarity is above the threshold can facilitate achieving a higher key rate. The key rate (also known as the key generation rate) is the rate at which a new key can be generated or, equivalently, the number of key bits that can be generated per time.
In some embodiments, the measure of dissimilarity may be, for example, a binary quantity (e.g., with allowed values of 0 and 1 and a threshold anywhere between 0 and 1).
In some embodiments, the measure of dissimilarity may be determined based on comparing the local characteristics with the remote characteristics of the remote device. The refined local sequence of symbols (e.g., the signals that represent the symbols in the refined local sequence of symbols) has a better quality (e.g., it has a higher SNR or lower Bit error rate (BER)). Consequently, a forward error correction code may be chosen to match this better quality.
In some embodiments, the eavesdropper’s information (Eve’s information) in the QKD system, about the retained symbols (e.g., the retained data) may be increased. Moreover, this increase of Eve’s information may further be estimated, and it may be used for determining the amount of privacy amplification to be performed.
In some embodiments, a mapping procedure may be used in order to map the continuous CV-QKD data to one or more bits. For example, some binary operations may be performed, e.g., to determine the local characteristic and/or the remote characteristic.
In some embodiments, the local characteristic and/or the remote characteristic may be directly determined from the CV-QKD data.
In some embodiments, the refining of the local sequence may represent an Advantage Distillation (AD) operation being performed on the CV-QKD data, wherein the data is of continuous values.
In an implementation form of the first aspect, the operations comprise: selecting the two or more symbols from the local sequence at random sequence positions; or obtaining the sequence positions of the two or more selected symbols from the remote device.
In a further implementation form of the first aspect, each symbol in the local sequence represents a complex number comprising a real part and an imaginary part.
For example, the real part may indicate an in-phase component of a physical (e.g. optical) signal representing the symbol and the imaginary part may indicate a quadrature component of the physical signal.
In a further implementation form of the first aspect, the local characteristic is based on differences between the two or more symbols selected from the local sequence. The difference between two symbols may be obtained, for example, by subtracting one of the two symbols from the other one, i.e. by subtracting the real part and the imaginary part of one of the two symbols from the real part and the imaginary part of the other symbol, respectively.
In some embodiments, the local characteristic and the remote characteristic may be defined similarly. For example, the remote characteristic may be based on differences between two or more symbols selected from the remote sequence. In a further implementation form of the first aspect, the device is further configured to determine the measure of dissimilarity based on receiving the remote characteristic from the remote device; and comparing the local characteristic with the remote characteristic.
In a further implementation form of the first aspect, the measure of dissimilarity is a difference between the local characteristic and the remote characteristic.
In a further implementation form of the first aspect, determining the local characteristic comprises converting the selected two or more symbols to two or more bits, wherein each symbol is converted to one or more bits.
In a further implementation form of the first aspect, each symbol represents a complex number z = x + iy and is converted into a pair of bits (c', y') wherein
Eq. 1
In a further implementation form of the first aspect, determining the local characteristic further comprises determining one or more parities of the two or more bits.
In a further implementation form of the first aspect, the device is further configured to determine the measure of dissimilarity based on: comparing the one or more parities determined by the device with the one or more parities determined by the remote device. In one embodiment, the comparison (i.e., comparing the one or more parities) may be performed by the device. In another embodiment, another device (e.g., the remote device) may perform the comparison and then send a result of the comparison to the device.
In a further implementation form of the first aspect, the measure of dissimilarity is zero when the one or more parities determined by the device are equal to the one or more parities determined by the remote device.
In a further implementation form of the first aspect, the device is further configured to, when a symbol is retained, output an indication that this symbol is retained.
For example, the device may retain a symbol (e.g., when the measure of dissimilarity is below the predefined threshold). The device may then output the indication, for example, the device may send a message to the other device (e.g., the remote device) that this symbol is retained. Moreover, the remote device may also refine the remote sequence of symbols by retaining a (remote) symbol, e.g., a (remote) symbol having the same sequence index as the retained (local) symbol.
In a further implementation form of the first aspect, the device is further configured to receive a message indicating whether the measure of dissimilarity is above or below the predefined threshold.
For example, in some embodiments, another device (e.g., the remote device) may determine whether the measure of dissimilarity is above or below the predefined threshold and it may further send a corresponding message to the device. The local device receives the message and drops or retains at least one of the selected local symbols depending on whether the measure of dissimilarity is above or below the predefined threshold.
In a further implementation form of the first aspect, the device is further configured to generate the local sequence based on a quantum signal transmitted or received by the device.
In some embodiments, the signals (e.g., the quantum signals) which may represents the symbols may be used and furthermore, the device (and/or the remote device) may obtain (e.g., generate) the symbols from the signals, generate the local sequence, etc. Moreover, in some embodiments, the device (and/or the remote device) may directly selects two or multiple signals, refine the signals (e.g., retain or drop at least one signal), collect the retained signals, etc.
A second aspect of the invention provides a method for performing information reconciliation in a Continuous -Variable Quantum Key Distribution, CV-QKD, system, the method comprising refining a local sequence of symbols by: determining a measure of dissimilarity between a local characteristic and a remote characteristic, the local characteristic being a characteristic of two or more symbols selected from the local sequence of symbols, the remote characteristic being a characteristic of two or more symbols selected from a remote sequence of symbols; retaining at least one of the selected symbols in the local sequence when the measure of dissimilarity is below a predefined threshold; and dropping at least one of the selected symbols from the local sequence when the measure of dissimilarity is above the predefined threshold.
In an implementation form of the second aspect, the method further comprises generating a secret key based on the refined local sequence of symbols.
In a further implementation form of the second aspect, the method further comprises determining a local characteristic, the local characteristic being a characteristic of two or more symbols selected from the local sequence.
In a further implementation form of the second aspect, the method further comprises selecting the two or more symbols from the local sequence at random sequence positions; or obtaining the sequence positions of the two or more selected symbols from the remote device.
In a further implementation form of the second aspect, each symbol in the local sequence represents a complex number comprising a real part and an imaginary part.
In a further implementation form of the second aspect, the method further comprises determining the local characteristic, based on differences between the two or more symbols selected from the local sequence. In a further implementation form of the second aspect, the method further comprises determining the measure of dissimilarity based on receiving the remote characteristic from the remote device; and comparing the local characteristic with the remote characteristic. In a further implementation form of the second aspect, the measure of dissimilarity is a difference between the local characteristic and the remote characteristic.
In a further implementation form of the second aspect, the method further comprises converting the selected two or more symbols to two or more bits, wherein each symbol is converted to one or more bits.
In a further implementation form of the second aspect, wherein each symbol represents a complex number z = x + iy and is converted into a pair of bits (x', y') wherein
Eq. 2
In a further implementation form of the second aspect, the method further comprises determining one or more parities of the two or more bits. In a further implementation form of the second aspect, the method further comprises determining the measure of dissimilarity based on: comparing the one or more parities determined by the device with the one or more parities determined by the remote device.
In a further implementation form of the second aspect, the measure of dissimilarity is zero when the one or more parities determined by the device are equal to the one or more parities determined by the remote device.
In a further implementation form of the second aspect, the method further comprises, when a symbol is retained, outputting an indication that this symbol is retained.
In a further implementation form of the second aspect, the method further comprises receiving a message indicating whether the measure of dissimilarity is above or below the predefined threshold. In a further implementation form of the second aspect, the method further comprises generating the local sequence based on a quantum signal transmitted or received by the device.
A third aspect of the invention provides a program code, which, when executed by a processor, causes the method according to the second aspect or an implementation form of the second aspect to be performed. The program code may be provided on a non-transitory computer-readable medium.
It has to be noted that all devices, elements, units and means described in the present application could be implemented in the software or hardware elements or any kind of combination thereof. All steps which are performed by the various entities described in the present application as well as the functionalities described to be performed by the various entities are intended to mean that the respective entity is adapted to or configured to perform the respective steps and functionalities. Even if, in the following description of specific embodiments, a specific functionality or step to be performed by external entities is not reflected in the description of a specific detailed element of that entity which performs that specific step or functionality, it should be clear for a skilled person that these methods and functionalities can be implemented in respective software or hardware elements, or any kind of combination thereof.
BRIEF DESCRIPTION OF DRAWINGS
The above described aspects and implementation forms of the present invention will be explained in the following description of specific embodiments in relation to the enclosed drawings, in which
FIG. 1 schematically illustrates an example of a device for communicating with a remote device in a CV-QKD system, for refining a local sequence of symbols, according to an embodiment of the invention.
FIG. 2 shows the key rate performance of an example of CV-QKD as a function of the distance for an original (unrefined) local sequence of symbols and the refined local sequence of symbols. FIG. 3 shows a flowchart of an example of a method for performing an information reconciliation including retaining/dropping signals based on a mapping to binary data and computing a parity of signals.
FIG. 4 shows a flowchart of an example of a method including running CV advantage distillation on all pairs/sets of signals, collecting retaining signals and further performing a privacy amplification procedure. FIG. 5 shows a flowchart of an example of a method for performing an information reconciliation procedure including retaining/dropping signals based on computing a syndrome of signals and comparing the syndrome. FIG. 6 shows a flowchart of an example of a method for performing an information reconciliation procedure including selecting multiple signals, retaining/dropping signals based on determining a relative characteristic and comparing the relative characteristic. FIG. 7a and FIG. 7b show flowcharts of examples of two methods, each for performing an information reconciliation procedure including selecting two signals, retaining/dropping signals based on determining a relative characteristic and comparing the relative characteristic. FIG. 8 shows a flowchart of an example of a method for performing an information reconciliation procedure including running multiple CV advantage distillation procedures.
FIG. 9 is a flowchart of an example of a method for performing information reconciliation in a CV-QKD system, according to an embodiment of the present invention.
FIG. 10 is a flowchart of an example of a method including QKD post processing, according to prior art. DETAILED DESCRIPTION OF EMBODIMENTS
FIG. 10 is a flowchart of a QKD post processing procedure 1000. A transmitting device 1100 (corresponding to the user Alice) generates quantum states, and further transmits the quantum states to a receiving device 1200 (corresponding to the user Bob), in the presence of an eavesdropper 1300, (corresponding to Eve). Hereinafter, the terms“transmitting device” and“Alice” will be used interchangeably. Likewise, the terms“receiving device” and“Bob” will be used interchangeably.
The receiving device 1200 further measures the transmitted quantum states. Moreover, the transmitting device 1100 and the receiving device 1200 may further generate the raw keys based on their corresponding quantum states and/or the measurement results of them. Additionally, post processing of the data of QKD system is performed, for example, the transmitting device 1100 may perform the QKD post-processing (i.e., SI 101 in FIG. 10) and/or the receiving device 1200 may perform the QKD post-processing (i.e., S1201 in FIG. 10). In the parameter estimation step, Alice and Bob estimate the properties of the quantum channel, which allow them to infer how much error is in the raw key and how much information about the raw key has been leaked to Eve.
In the information reconciliation step, Alice and Bob correct the differences in their keys to arrive at matching keys. In most cases, only one of them performs error correction on one’s key to match the other’s key.
Furthermore, in the privacy amplification step, Alice and Bob perform a length-shortening operation that is specially designed to remove Eve’s information on the key.
FIG. 1 schematically illustrates a device 100 for communicating with a remote device 110 in a CV-QKD system 1, for refining a local sequence of symbols 101, according to an embodiment of the invention. The device 100 is exemplarily shown as the transmitting device, and the remote device 110 is exemplarily shown as the receiving device, in the CV-QKD system 1, without limiting the present invention.
The device 100 communicates with the remote device 110 in the CV-QKD system 1 to generate a secret key 104 shared among the device 100 and the remote device 110.
The device 100 is configured to refine a local sequence of symbols 101 and cooperate with the remote device 110 to generate the secret key 104 based on the refined local sequence of symbols 101.
In one example, the device 100 is configured to refine the local sequence 101 by performing the following operations: determining a local characteristic 103, the local characteristic 103 being a characteristic of two or more symbols 102 selected from the local sequence 101; initiating determining a measure of dissimilarity between the local characteristic 103 and a remote characteristic 113; retaining at least one of the selected symbols 102 in the local sequence 101 when the measure of dissimilarity is below a predefined threshold, and dropping at least one of the selected symbols 102 from the local sequence 101 when the measure of dissimilarity is above the predefined threshold.
As discussed, the device 100 refines the local sequence of symbols 101. In the example of FIG. 1, 10 sequence indexes of the local sequence 101 are illustrates in which, initially, each sequence index had one corresponding symbol (symbols are illustrated with a filled circle), without limiting the present invention to a specific sequence indexes or numbers.
As it can be derived from FIG. 1, the symbol corresponding to the sequence index 101-1 is a symbol that is retained. Furthermore, the symbol corresponding to the sequence index 101-3 is dropped (i.e., for the illustration purpose, the sequence index 101-3 is shown with an empty circle, that means, its corresponding symbol is dropped). In other words, the symbols (i.e., represented by the bad quality signals) are dropped.
Hence, the local sequence 101 is refined, the retained symbols (e.g., also the signals in which represent the retained symbols) have a better quality, and are used for further generation of the secret key 104. Reference is made to FIG. 2 which shows the key rate performance of CV-QKD (exemplarily illustrated in Y -axis) as a function of the distance (exemplarily illustrated in X-axis) for an original (unrefined) local sequence of symbols and the refined local sequence of symbols.
The solid curve 201 is the original key rate performance of CV-QKD when the used local sequence of symbols is not refined. The dotted curve 202 is the key rate performance of the CV-QKD when using the refined local sequence of symbols (e.g., performing the advantage distillation method as discussed above).
The advantage of refining the local sequence of symbols is that a long reach may be established in CV-QKD, as it is shown in FIG. 2. Moreover, the amount of key signals needed to be error corrected using a forward error correction code is smaller (in terms of bits/second). This may lower the computational demand. Furthermore, the SNR of the key signals to be error corrected may be higher. This enables the use of forward error correction code with high code rates and less decoding computation (i.e., a lower computational demand).
Hereinafter, in several flowcharts, methods are described in detail with reference to the appended drawings (e.g., FIG. 3, FIG. 4, FIG 5, FIG. 6, FIG. 7a, FIG. 7b and FIG. 8). Note that, for the steps that have substantially the same function, the repeated explanation of these steps is omitted. For example, the step 301a, 401a, 501a, 601a, 701a, 701c and 801a correspond to obtaining the CV raw data by the transmitting device, and therefore, the repeated explanation of these steps in description of each figure is omitted. Moreover, the step 301b, 401b, 501b, 601b, 701b, 701d and 801b correspond to obtaining the CV raw data by the receiving device (Bob), and therefore, the repeated explanation of these steps in description of each figure is omitted.
Reference is made to FIG. 3 which shows a flowchart of a method 300 for performing an information reconciliation including retaining/dropping signals based on a mapping to binary data and computing a parity of signals. As discussed above, the device 100 may be, or may be incorporated in, the transmitting device (corresponding to Alice) and/or the receiving device (corresponding to Bob).
Without limiting the present invention, in the following it is assumed that the device 100 is the transmitting device (Alice) and performs the steps 301a, 302a, 303a, 304a, 305a and 306a of the method 300. Moreover, the remote device 110 is the receiving device (Bob) and performs the steps 301b, 302b, 303b, 304b, 305b and 306b of the method 300.
As discussed, the signals may be the physical (e.g., optical) signals which may represents the symbols in the sequences. For example, the device (and/or the remote device) may obtain (e.g., generate) the symbols from the signals.
Furthermore, the device (and/or the remote device) may also convert the signals (e.g., directly) to binary values.
At first, Alice obtains (at 301a), the CV raw key data x1, x2, x3, ... where each may have a real value. Similarly, Bob obtains (at 301b) the CV raw key data y1, y2, y3, ... where each may have a real value.
Then, they agree (at 302a, 302b) on two signal pairs, for example, Alice’s x13 and x24 and Bob’s y13 and y24. These signals may be chosen randomly and may have the following values. As an example: x13 = 1 and x24 =—5.42 and y13 = 3.24 and y24 =—2.28 . Afterward, they each apply the map (at 303a and 303b) and compute the parity of the two symbols. For example, the map be f(x) = 0 if x > 0 and f(x) = 1 if x < 0; furthermore, when x = 0, f(x) = 0, 1 with equal probabilities.
Moreover, they compute (at 304a and 304b) the parity of the two signals. For Alice, f(xi3) f(x24) = 1. For Bob, f(y1 3) f(y24) = 1. Here, is the“exclusive or”
operation.
At 305a and 305b, they compare their parities over a channel. Since the parities are the same in this example, they decide to retain (at 306a and 306b) one signal pair, for example, x13 and y13, and further drop (also at 306a and 306b) the other pair x24 and y24. Note that, the original signals (not the map outputs) are retained for further processing including forward error correction and privacy amplification. In addition, they repeat the same procedure for other randomly chosen signal pairs. For example, at next, they agree to process Alice’s x14 = 0.4 and x34 = 1.9 and Bob’s y14 = 0.6 and y34 = —0.1 . Since their parities are different in this time ( f(x14) f(x ) = 0 and f(y14) f(y34) = 1), they drop both signal pairs.
All the retained signals are collected together at Alice’s and Bob’s sides, as it is shown in FIG. 4. Hence, the original signals are refined (consequently, since the signal represents the symbols, the sequence of the symbols is refined). This should be a fraction of the original number of signals. FIG. 4 shows a flowchart of a method 400 including running CV advantage distillation on all pairs/sets of signals, collecting retaining signals and further performing a privacy amplification procedure.
Note that, the steps shown in the dotted box 300A of FIG. 3 corresponds to the step“Run CV advantage distillation on all pairs” in FIG. 4 or FIG. 8. For example, for transmitting device or Alice 300A corresponds to step 403a, or step 803a or step 806a. Likewise, for the receiving device, it corresponds to step 403b, or step 803b or 806b.
For instance, the device 100 may perform, e.g., an advantage distillation technique on the local sequence of symbols and refine it.
In a CV-QKD system in which Alice uses the device 100 and Bob uses the remote device 110, the general concept of the AD is that even though Eve may have a significant amount of information about the key signals compared to the mutual information between Alice and Bob, Alice and Bob’s mutual information may be amplified by a procedure where Alice and Bob select portions of the signals that are of good quality for further generation of a final key. For example, the symbols which are represented by those signals to be retained and they further drop the symbols which are represented by the bad quality signals.
Refining the local sequence of signal may reduce relatively Eve’s knowledge about the retained key signals compared to Alice and Bob’s mutual information, and thus more final key bits may be generated in some situations, in particular at long distances. Without limiting the present invention, in the method 400, it is assumed that the device 100 is the transmitting device (Alice) and the remote device 110 is the receiving device (Bob). In the embodiment of FIG. 4, Alice and Bob perform the CV advantage distillation (at 403 a and 403b) and all the retained signals are collected (at 404a and 404b) together at Alice’s and Bob’s sides. Alice and Bob further apply a forward error correction code to correct the differences between their retained data. The data for Bob may be considered to be correct and at 405b, Bob computes a syndrome of his data using a parity-check matrix of the forward error correction code. He sends the syndrome to Alice, and at 405 a Alice uses it to correct the errors in her data according to the forward error correction code. Now, Alice and Bob have the same string. At 406a and 406b, they run privacy amplification on their own copies of the string to arrive at the final secret key.
Reference is made to FIG. 5, which shows a flowchart of a method 500 for performing an information reconciliation including retaining/dr opping signals based on computing a syndrome of signals and comparing the syndrome. Without limiting the present disclosure, in the method 500, it is assumed that the device 100 is the transmitting device (Alice) and the remote device 110 is the receiving device (Bob).
In FIG. 5, Alice and Bob, for example, select seven signals (e.g., at 502a and 502b, they agree on multiple (seven) signals). In addition, Alice and Bob map (at 503a and 503b) the selected seven signals to seven bits, and then at 504a and 504b, they compute a syndrome from the bits using a parity-check matrix (e.g., in the language of error correcting code).
For example, suppose positions 1, 5, 6, 10, 15, 20, and 37 are selected and suppose the parity-check matrix corresponding to the Hamming code is used according to Eq. 3 :
Eq. 3
At 504a, Alice computes the syndrome based on Eq. 4:
Eq. 4 and at 504b, Bob computes the syndrome based on Eq. 5: Eq. 5 where f(x) is the map shown in the embodiment of FIG. 3.
Moreover, at 505a and 505b, they compare their syndromes over a channel. If their syndromes are not the same, the signals at positions of 1, 5, 6, 10, 15, 20, and 37 are dropped. However, if their syndromes are the same, Alice and Bob retain one or more of the above signals, for example, they retain the signal at position 5.
Note that, the steps shown in the dotted box 500A corresponds to the step“Run CV advantage distillation on all pairs” in FIG. 4 or FIG. 8. For example, for transmitting device or Alice 500A corresponds to step 403a, or step 803a or step 806a. Fikewise, for the receiving device, it corresponds to step 403b, or step 803b or 806b.
Reference is made to FIG. 7a which shows a flowchart of a method 700-a for performing an information reconciliation including selecting two signals, retaining/dropping signals based on determining a relative characteristic and comparing the relative characteristic. Without limiting the present disclosure, in the method 700-a, it is assumed that the device 100 is the transmitting device (Alice) and the remote device 110 is the receiving device (Bob).
Here, in the embodiment of FIG. 7a, Alice and Bob perform a procedure similar to that of the embodiment of FIG. 3, the difference being that the characteristic of the two signals are computed without mapping to binary data as in the embodiment of FIG. 3.
With reference to FIG. 7a, the characteristic calculator is considered to be g(x, x') = sign(x x').
They each determine (e.g., compute at 703a, and 703b) the characteristic of two signals. Suppose that they agree to process positions 13 and 24 with Alice’s x13 = 0.4 and x24 = —1.9 and Bob’s y13 = 0.6 and y24 =—1.1 . For Alice, the characteristic is g(x13, x24) = -1, and for Bob, it is g(y13, y24) = -1. Afterward, they compare their characteristics over a channel. Since the characteristics are identical, in this example, they decide to retain one signal pair, for example, x24 and y24, and drop the other pair x13 and y13. They repeat the same procedure for other randomly chosen signal pairs.
Note that, the steps shown in the dotted box 700A corresponds to the step“Run CV advantage distillation on all pairs/sets” in FIG. 4 or FIG. 8. For example, for transmitting device or Alice 700A corresponds to step 403a, or step 803a or step 806a. Likewise, for the receiving device, it corresponds to step 403b, or step 803b or 806b.
FIG. 6 shows a flowchart of a method 600 for performing an information reconciliation including selecting multiple signals, retaining/dropping signals based on determining a relative characteristic and comparing the relative characteristic. Without limiting the present disclosure, in the method 600, it is assumed that the device 100 is the transmitting device (Alice) and the remote device 110 is the receiving device (Bob).
The embodiment of FIG. 6 is similar to the embodiment of FIG. 7a except that in the embodiment of FIG. 6 multiple signals are used to compute a characteristic instead of two signals.
Here, in the embodiment of FIG. 6, Alice and Bob perform a procedure similar to that of the embodiment of FIG. 5, the difference being that the characteristic of the multiple signals are computed without mapping to binary data as in the embodiment of FIG. 5.
With reference to FIG. 6, the characteristic calculator is considered to be g(x, x', x”) = [sign(x x'), sign(x x”)] where the characteristic is a vector of two numbers.
They each determine (e.g., compute at 603a, and 603b) the characteristic of three signals. Suppose that they agree to process positions 13, 24 and 34 with Alice’s x13 = 0.4 , x24 = —1.9 and x34 = 3.9 and Bob’s y13 = 0.6 , y24 =— 1.1 and y34 = 2.6 . For Alice, the characteristic is g(xi3, x24, x34) = [-1,1], and for Bob, it is g(yi3, y24, y34) = [-1,1]·
Afterward, they compare their characteristics over a channel. Since the characteristics are the identical, in this example, they decide to retain one signal pair, for example, x24 and y24, and drop the other pairs x13 and y13 and x34and y34. They repeat the same procedure for other randomly chosen signal pairs.
Note that, the steps shown in the dotted box 600A corresponds to the step“Run CV advantage distillation on all pairs/sets” in FIG. 4 or FIG. 8. For example, for transmitting device or Alice 600A corresponds to step 403a, or step 803a or step 806a. Likewise, for the receiving device, it corresponds to step 403b, or step 803b or 806b.
In another embodiment, with reference to FIG. 7b, the characteristic calculator and the characteristic comparison (or parity comparison) may be designed to suit the QKD information symbols.
For example, suppose 8-PSK signals are used as QKD information. The information is conveyed in the phase and thus it is important to have the phases of the QKD signals to be preserved as much as possible. Moreover, each signal may be represented as a complex number where the real (imaginary) part corresponds to the in-phase (quadrature) component.
The characteristic calculator may be defined as g(x, x') = arg(x conj (x')) which gives the relative distance in phase of two complex signals x and x'. Here, arg(x) is argument of x (which essentially returns the angle) and conj(x) is the complex conjugate of x (which essentially negates the phase). For example, at 702c and 702d Alice and Bob agree on two signals. Suppose that positions 12 and 189 are chosen to form a pair, and Alice’s signals are x12 = exp(i pi/2) and x189 = exp(i pi/4) and Bob’s signals are y12 = 0.5 exp(i (pi/2 + pi/16)) and y189 = 0.6 exp(i (pi/4— pi/10)).
Then, at 703c and 703d, they determine (e.g., compute) relative characteristic of two signals. The characteristic values for Alice is g(x1 2, x189) = pi/4 and that for Bob is g(yi2< yi89) = pi/4 + pi * 13/80. At 704c and 704d, they compare their characteristic values to decide whether they will retain or drop the signals.
Moreover, they define a threshold and when the measure of dissimilarity is below the predefined threshold, they retain at least one of the signals. However, when the measure of dissimilarity is above the predefined threshold, they drop at least one of the selected signals. For example, they define a threshold below which the difference in the characteristic values are considered close enough. If | g(x12, X189)— g(y12, y189) I < pi/8, they retain one of the two signals. Otherwise, they drop both signals.
In this case, at 705c and 705d, since the difference is pi * 13/80 > pi/8, they drop the two signals.
Note that, the steps shown in the dotted box 700B corresponds to the step“Run CV advantage distillation on all pairs” in FIG. 4 or FIG. 8. For example, for transmitting device or Alice 700B corresponds to step 403a, or step 803a or step 806a. Likewise, for the receiving device, it corresponds to step 403b, or step 803b or 806b.
FIG. 8 shows a flowchart of a method 800 for performing an information reconciliation including running multiple CV advantage distillation procedures. Without limiting the present disclosure, in the method 800, it is assumed that the device 100 is the transmitting device (Alice) and the remote device 110 is the receiving device (Bob).
In the embodiment of FIG. 8, Alice and Bob run twice (once at 803a, 803b and a second time at 806a, 806b) the CV advantage distillation procedure.
Moreover, the retained signals after the first run at 803 a, 803b are further divided into pairs/sets. Furthermore, each pair/set are processed again with the CV advantage distillation which correspond to the steps in the dotted boxes 300A of FIG.3, 500A of FIG.5, 600A of FIG. 6, 700A of FIG.7a or 700B of FIG. 7b. Afterwards, the retained signals of this step are collected for forward error correction at 808a, 808b and privacy amplification at 809a, 809b. Note that, the two stages of CV advantage distillation do not have to be the same.
For example, one of the advantage distillation procedure may be based on the embodiment of FIG. 3 and the other the advantage distillation procedure may be based on the embodiment of FIG. 5. FIG. 9 shows a method 900 according to an embodiment of the invention for performing information reconciliation in a CV-QKD system 1, the method 900 comprising refining a local sequence of symbols 101 by performing the following steps. The method 900 may be carried out by the device 100 (and/or the device 110), as described above.
The method 900 comprises a step 901 of determining a measure of dissimilarity between a local characteristic 103 and a remote characteristic 113, the local characteristic 103 being a characteristic of two or more symbols 102 selected from the local sequence of symbols 101, the remote characteristic 113 being a characteristic of two or more symbols selected from a remote sequence of symbols.
The method 900 further comprises a step 902 of retaining at least one of the selected symbols in the local sequence 101 when the measure of dissimilarity is below a predefined threshold.
The method 900 further comprises a step 903 of dropping at least one of the selected symbols from the local sequence 101 when the measure of dissimilarity is above the predefined threshold. The present invention has been described in conjunction with various embodiments as examples as well as implementations. However, other variations can be understood and effected by those persons skilled in the art and practicing the claimed invention, from the studies of the drawings, this disclosure and the independent claims. In the claims as well as in the description the word“comprising” does not exclude other elements or steps and the indefinite article“a” or“an” does not exclude a plurality. A single element or other unit may fulfill the functions of several entities or items recited in the claims. The mere fact that certain measures are recited in the mutual different dependent claims does not indicate that a combination of these measures cannot be used in an advantageous implementation.

Claims

Claims
1. A device (100) for communicating with a remote device (110) in a Continuous- Variable Quantum Key Distribution, CV-QKD, system (1) to generate a secret key (104) shared among the device (100) and the remote device (110), the device (100) being configured to refine a local sequence of symbols (101) and cooperate with the remote device (110) to generate the secret key (104) based on the refined local sequence of symbols (101), wherein the device (100) is configured to refine the local sequence (101) by performing the following operations:
determining a local characteristic (103), the local characteristic (103) being a characteristic of two or more symbols (102) selected from the local sequence (101); initiating determining a measure of dissimilarity between the local characteristic (103) and a remote characteristic (113);
retaining at least one of the selected symbols (102) in the local sequence (101) when the measure of dissimilarity is below a predefined threshold, and
dropping at least one of the selected symbols (102) from the local sequence (101) when the measure of dissimilarity is above the predefined threshold.
2. A device (100) according to claim 1, wherein the operations comprise:
selecting the two or more symbols (102) from the local sequence (101) at random sequence positions; or
obtaining the sequence positions of the two or more selected symbols (102) from the remote device (110).
3. A device (100) according to claim 1 or 2, wherein
each symbol in the local sequence (101) represents a complex number comprising a real part and an imaginary part.
4. A device (100) according to claim 3, wherein the local characteristic (103) is based on differences between the two or more symbols (102) selected from the local sequence (101).
5. A device (100) according to any one of the claims 1 to 4, further configured to determine the measure of dissimilarity based on receiving the remote characteristic (113) from the remote device (110); and comparing the local characteristic (103) with the remote characteristic (113).
6. A device (100) according to any one of the claims 1 to 5, wherein
the measure of dissimilarity is a difference between the local characteristic (103) and the remote characteristic (113).
7. A device (100) according to claim 1 or 2, wherein
determining the local characteristic (103) comprises converting the selected two or more symbols (102) to two or more bits, wherein each symbol is converted to one or more bits.
8. A device (100) according to claim 7, wherein each symbol represents a complex number z = x + iy and is converted into a pair of bits (c' , y') wherein
9. A device (100) according to claim 7 or 8, wherein
determining the local characteristic (103) further comprises determining one or more parities of the two or more bits.
10. A device (100) according to claim 9, further configured to determine the measure of dissimilarity based on:
comparing the one or more parities determined by the device (100) with the one or more parities determined by the remote device (110).
11. A device (100) according to claim 10, wherein
the measure of dissimilarity is zero when the one or more parities determined by the device (100) are equal to the one or more parities determined by the remote device (110).
12. A device (100) according to any one of the claims 1 to 11, further configured to when a symbol is retained, output an indication that this symbol is retained.
13. A device (100) according to any one of the claims 1 to 12, further configured to receive a message indicating whether the measure of dissimilarity is above or below the predefined threshold. 14. A device (100) according to any one of the claims 1 to 13, further configured to generate the local sequence (102) based on a quantum signal transmitted or received by the device (100).
15. A method (900) for performing information reconciliation in a Continuous- Variable Quantum Key Distribution, CV-QKD, system (1), the method (900) comprising refining a local sequence of symbols (101) by:
determining (901) a measure of dissimilarity between a local characteristic (103) and a remote characteristic (113), the local characteristic (103) being a characteristic of two or more symbols (102) selected from the local sequence of symbols (101), the remote characteristic (113) being a characteristic of two or more symbols selected from a remote sequence of symbols;
retaining (902) at least one of the selected symbols in the local sequence (101) when the measure of dissimilarity is below a predefined threshold; and
dropping (903) at least one of the selected symbols from the local sequence (101) when the measure of dissimilarity is above the predefined threshold.
16. The method (900) of claim 15, further comprising:
generating a secret key (104) based on the refined local sequence of symbols
(101).
17. A program code, which, when executed by a computer, causes the method (900) according to claim 15 or 16 to be performed.
EP19725338.8A 2019-05-16 2019-05-16 Device and method for performing information reconciliation in a quantum key distribution system Pending EP3970312A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2019/062672 WO2020228961A1 (en) 2019-05-16 2019-05-16 Device and method for performing information reconciliation in a quantum key distribution system

Publications (1)

Publication Number Publication Date
EP3970312A1 true EP3970312A1 (en) 2022-03-23

Family

ID=66625180

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19725338.8A Pending EP3970312A1 (en) 2019-05-16 2019-05-16 Device and method for performing information reconciliation in a quantum key distribution system

Country Status (3)

Country Link
EP (1) EP3970312A1 (en)
CN (1) CN113302874B (en)
WO (1) WO2020228961A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100241912A1 (en) * 2006-04-04 2010-09-23 Magiq Technologies, Inc. Fast bit-error rate calculation mode for QKD systems
KR101479112B1 (en) * 2012-10-23 2015-01-07 에스케이 텔레콤주식회사 Shuffling Method for Error Reconciliation in Quantum Key Distribution Protocol
CN106161012B (en) * 2016-08-26 2019-07-19 暨南大学 A kind of quantum key distribution after-treatment system and method based on polarization code error correction
KR101992959B1 (en) * 2017-06-26 2019-06-26 고려대학교 산학협력단 Method and apparatus for estimating binary bit key for information reconciliation of continuous variable quantum key distribution

Also Published As

Publication number Publication date
WO2020228961A1 (en) 2020-11-19
CN113302874B (en) 2024-01-02
CN113302874A (en) 2021-08-24

Similar Documents

Publication Publication Date Title
JP4554523B2 (en) Quantum key distribution method and communication apparatus
JP2007507989A (en) Error correcting multi-stage code generator and decoder for a communication system having a single transmitter or multiple transmitters
JPS60182246A (en) Encoding modulation system
CN110808828B (en) Multi-matrix self-adaptive decoding device and method for quantum key distribution
CN109314530B (en) Optical receiver, optical transmission device, and method for optical receiver
KR20220085049A (en) Device for multi-level encoding
CN105959084B (en) A kind of signal detecting method and device of non-orthogonal multiple
JP2003046395A (en) Decoding method for product code and decoder for the product code
WO2020156641A1 (en) Device and method for processing data of a quantum key distribution system
CN107508775A (en) Interpretation method and device in a kind of Sparse Code multiple access system
WO2020228961A1 (en) Device and method for performing information reconciliation in a quantum key distribution system
WO2013051244A1 (en) Signal processing device and signal processing method
CN114430358A (en) Data receiving apparatus and data receiving method
US10616015B2 (en) Signal processing system and method, and apparatus
WO2018133938A1 (en) An apparatus and method for arranging bits for inputting to a channel encoder
JP2806584B2 (en) Adaptive detection method of quantized signal
GB2523586A (en) Method and a device for decoding a bitstream encoded with an outer convolutional code and an inner block code
US8156412B2 (en) Tree decoding method for decoding linear block codes
TW201320622A (en) Cyclic code decoder and method thereof
US9432128B2 (en) Receiver for optical transmission system
EP3657697B1 (en) Signal transmission method and system
US20190089375A1 (en) Convolutional ldpc decoding method and apparatus, decoder, and system
JP4231926B2 (en) Quantum key distribution method and communication apparatus
KR102288769B1 (en) Error-correction code based crypto currency system
US7812744B2 (en) Method for error handling

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20211216

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)