Mismatched Measurements and Quantum Key Distribution

Introduction When designing quantum key distribution (QKD) protocols, measurement outcomes produced by an incompatible choice of basis are usually discarded by the protocol specification. However, it has been shown that these mismatched measurement outcomes can actually be useful in better determining E’s attack, leading potentially to an improved key-rate bound. For instance, in [1], it was shown that mismatched measurement outcomes can lead to an improved key-rate for the BB84 protocol under certain channels. In [2, 3], the three state BB84 was considered (originally introduced in [4]). This is a protocol where Alice (A) sends only |0〉 , |1〉 , or |+〉 = 1 √ 2 (|0〉+ |1〉) but never |−〉 = 1 √ 2 (|0〉 − |1〉) (thus, the users may not directly estimate the probability of E’s attacking flipping a |−〉 to a |+〉 as may be done in the standard BB84). Despite this limitation, however, it was proven that the use of mismatched measurement outcomes allows the three-state protocol to suffer the same amount of noise as the full BB84 protocol, namely 11%. In fact, the key-rate expression for both protocols is identical. Furthermore, and rather surprisingly, the choice of the third state was largely irrelevant; i.e., A need not send |+〉 but any state |a〉 = α |0〉 + √ 1− α2 |1〉 for α ∈ (0, 1) (and B measuring in the basis {|a〉 , |ā〉}, where 〈ā|a〉 = 0) assuming a symmetric attack the choice of α did not matter (it may, however, affect the key rate if imprecise estimation is performed [3]). Ref. [2] went further and also studied a modified four-state BB84 where A sends |0〉 , |1〉 , |+〉 , or |0Y 〉 = 1 2 (|0〉 + i |1〉). It was shown that this led to the same key-rate as the full six-state BB84 protocol, again assuming a symmetric channel. Recently, we have been developing a general framework from which to utilize mismatched measurement outcomes in the security proofs of arbitrary QKD protocols, extending the work we initially performed in [3]. We consider both one-way (where a qubit travels from A to B each iteration) and two-way protocols (where a qubit travels from A to B then back to A each iteration, thus passing through the adversary’s lab twice). We show that our technique adapts to both scenarios and can lead to greatly improved key rate bounds for a variety of protocols. We also do not assume symmetric attacks and instead derive key rate expressions for various QKD protocols which may be used for asymmetric channels (for example, where E’s attack flips a |0〉 with different probability than it would flip a |1〉). In fact, our key rate expressions utilize multiple noise parameters which may be estimated by the two users of the protocol.