Continuous-Mode Analysis of Improved Two-Way CV-QKD

Abstract

Continuous-variable quantum key distribution (CV-QKD) enables information-theoretically secure key generation between legitimate parties. To further enhance system performance, an improved two-way CV-QKD protocol has been proposed, which is accessible in practice and exhibits increased robustness against excess noise. However, in practical implementations, device nonidealities inevitably drive the optical field from the single-mode regime into the continuous-mode regime. In this work, we introduce temporal modes to characterize the evolution of optical fields in the improved two-way protocol and establish a security analysis framework for the continuous-mode scenario based on adaptive normalization with calibrated shot-noise unit. In addition, finite-size effects are taken into account in the analysis. Our results demonstrate that the improved two-way protocol retains a performance advantage over its one-way counterpart. The analysis provides useful guidance for the practical implementation and performance optimization of improved two-way CV-QKD systems.

1. Introduction

Quantum key distribution (QKD) [1,2,3,4,5,6] enables two legitimate communicating parties (commonly referred to as Alice and Bob) to establish information-theoretically [7] secure keys, effectively addressing the potential threats posed by quantum computing [8] to classical cryptographic systems. Among various QKD implementations, continuous-variable QKD (CV-QKD) [9,10] is naturally compatible with coherent optical communication technologies, making it well suited for large-scale deployment over metropolitan distances. As a result, CV-QKD has attracted significant research interest and has achieved substantial progress in theory [11,12,13,14,15,16,17], experimental demonstrations [18,19,20,21,22,23,24,25], network deployment [26,27,28,29], and post-processing techniques [30,31,32,33].

The maximum transmission distance of CV-QKD is highly sensitive to excess noise [34]. To enhance the noise tolerance of CV-QKD systems, a two-way protocol has been proposed [35]. In order to guarantee security, the original two-way protocol requires implementing the tomography of the quantum channels, which is complicated in practice. Subsequently, an improved two-way protocol was introduced [36]. By considering the purification of the system held by an eavesdropper (Eve), its security can be analyzed using the optimality of Gaussian attacks, which significantly simplifies the security analysis and makes the protocol more feasible for implementation.

However, as CV-QKD increasingly incorporates digital signal processing techniques from coherent optical communication systems [37,38,39], device nonidealities drive the conventional single-mode optical-field assumption toward a continuous-mode description [40,41]. Meanwhile, existing security analyses of the improved two-way protocol still rely on the asymptotic scheme [42] that the communicating parties exchange infinitely many signals. To address the practical security of the improved two-way protocol, a new analysis framework is required.

In this work, we introduce temporal modes (TMs) [17,43,44,45] to characterize the evolution of optical fields in the improved two-way protocol and establish a security analysis framework for the continuous-mode scenario based on adaptive normalization with properly calibrated shot-noise unit (SNU). This framework enables a consistent description of continuous-mode interference and detection processes in the improved two-way protocol. The security analysis presented in this work is established within the standard Gaussian security framework.

In addition, by invoking the central limit theorem and the maximum likelihood estimation theorem, we analyze the impact of finite-size effects on statistical fluctuations in parameter estimation, leading to a tighter secret key rate under practical conditions.

Numerical simulations for the considered parameter settings show that the performance of the improved two-way protocol remains superior to that of the one-way protocol. Specifically, the maximum transmission distance is increased by about 50%, and at a transmission distance of 50 km, the maximum tolerable excess noise is approximately three times higher than that of the one-way protocol. As the transmission distance increases, the system becomes more sensitive to excess noise, which further highlights the advantage of the improved two-way protocol in long-distance transmission. Overall, our work provides a more practical security and performance analysis of the improved two-way protocol and offers guidance for its implementation and performance optimization.

This paper is organized as follows: In Section 2, we introduce the protocol in the continuous-mode scenario. In Section 3, we analyze the impact of finite-size effects on the secret key rate of the protocol. In Section 4, numerical simulations are performed and analyzed. Finally, our conclusions are summarized in Section 5.

2. Continuous-Mode Analysis of Improved Two-Way QKD

In this section, we introduce the improved two-way quantum key distribution protocol in the continuous-mode scenario. We will first introduce the structural characteristics of the improved two-way protocol [36] in comparison with the original two-way protocol [35]. To ensure security against general collective attacks, the original two-way protocol must be implemented as a hybrid scheme combining the two-way protocol with a one-way protocol. In such a hybrid scheme, an optical switch is required at Alice’s side to randomly select between one-way and two-way operations. In contrast, the improved two-way protocol replaces this active optical switch with a beam splitter of transmittance $T_{\mathrm{A}}$, thereby transforming an active operation into a passive one and significantly simplifying the experimental implementation [36].

2.1. Prepare-And-Measure Scheme of the Protocol

We first present the prepare-and-measure (PM) scheme of the protocol in the continuous-mode scenario, as illustrated in Figure 1.

Taking the coherent-state protocol with heterodyne detection as an example, the main steps of the protocol are summarized as follows:

1. State preparation. In the improved two-way protocol, both legitimate parties prepare coherent states. Under the ideal single-mode assumption, the quantum states prepared by an ideal laser are single-mode coherent states. However, due to the nonidealities of practical laser sources, the states generated by Alice and Bob in realistic systems are no longer single-mode coherent states, but rather continuous-mode coherent states carrying temporal and spectral information. Realistic lasers have finite linewidths, and practical modulation inevitably introduces additional frequency components, which manifest in the time domain as non-uniform wavepackets. Therefore, we use ${\xi }_{\mathrm{A}}$ to denote the temporal/spectral information contained in the photon-wavepacket of the coherent state prepared by Alice, and ${\xi }_{\mathrm{B}}$ to denote the corresponding temporal/spectral information of the coherent state prepared by Bob. Bob encodes his information $x_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$ and $p_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$ onto a continuous-mode coherent state ${\left|x_{{\mathrm{B}}_1{\xi }_{\mathrm{B}}}+i{p}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}\right.〉}_{{\xi }_{\mathrm{B}}}$ and sends it to Alice, while Alice also prepares a continuous-mode coherent state ${\left|x_{\mathrm{A}}+i{p}_{\mathrm{A}}\right.〉}_{{\xi }_{\mathrm{A}}}$.

2. State interference. After receiving the continuous-mode coherent state ${\left|x_{\mathrm{B}}+i{p}_{\mathrm{B}}\right.〉}_{{\xi }_{\mathrm{B}}}$ sent by Bob, Alice interferes it with the continuous-mode coherent state ${\left|x_{\mathrm{A}}+i{p}_{\mathrm{A}}\right.〉}_{{\xi }_{\mathrm{A}}}$ prepared by herself using a beam splitter with transmittance $T_{\mathrm{A}}$.

3. State measurement. Alice performs homodyne detection on one output of the interference between the two continuous-mode coherent states, while the other output is sent to Bob. Bob performs heterodyne detection on the received state ($T_{\mathrm{B}}=1/2$) and obtains $x_{{\mathrm{B}}_{2\xi }}$ and $p_{{\mathrm{B}}_{2\xi }}$. Due to the finite bandwidth of practical detectors, Alice and Bob cannot access the full temporal and spectral information of the quantum states. Consequently, both the modulation rate and the format of the modulation signal employed by the transmitter influence the final detection performance.

4. Data processing. Bob computes $x_{\mathrm{B}}=x_{{\mathrm{B}}_{2\xi }}-k{x}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$ and $p_{\mathrm{B}}=p_{{\mathrm{B}}_{2\xi }}+k{p}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$ to obtain the final processed data. The parameter k is discussed in Section 2.3. Bob processes his measurement data to estimate Alice’s data, after which Bob and Alice perform classical post-processing procedures such as error correction and privacy amplification.

From the above description, it can be observed that if the security analysis of practical systems is still based on the conventional single-mode model, it does not fully capture the mode mismatch between the transmitter and receiver arising from laser nonidealities, modulation imperfections, and detector nonidealities. Moreover, when Alice interferes with the continuous-mode coherent state ${\left|x_{\mathrm{A}}+i{p}_{\mathrm{A}}\right.〉}_{{\xi }_{\mathrm{A}}}$ prepared by herself and the continuous-mode coherent state ${\left|x_{\mathrm{B}}+i{p}_{\mathrm{B}}\right.〉}_{{\xi }_{\mathrm{B}}}$ prepared by Bob, the interference process inherently involves continuous-mode optical fields, which are also difficult to describe within the single-mode framework. Therefore, to analyze the improved two-way protocol under practical scenarios, it is necessary to introduce new analytical tools.

2.2. Temporal Modes of Continuous States

In conventional security analysis, the ideal single-mode coherent state can be represented by the annihilation and creation operators of a single-mode field, ${\widehat{a}}_i$ and ${\widehat{a}}_i^{†}$. However, in practical systems, modulation at the transmitter inevitably introduces additional frequency components, which manifest as a nonuniform temporal waveform in the time domain. In this case, it is necessary to replace the single-mode operators with continuous-mode operators, defined as [40] ${\widehat{a}}_i\to \sqrt{\mathrm{\Delta }\omega }\widehat{a}\left(\omega \right)$ and ${\widehat{a}}_i^{†}\to \sqrt{\mathrm{\Delta }\omega }{\widehat{a}}^{†}\left(\omega \right)$, where $\mathrm{\Delta }\omega$ denotes the mode spacing. The continuous-mode field operators [40,43,45] satisfy the commutation relation $\left[\widehat{a}\left(\omega \right),{\widehat{a}}^{†}\left({\omega }^{\prime }\right)\right]=\delta \left(\omega -{\omega }^{\prime }\right)$. Moreover, by applying the Fourier transform, the operator in the time domain can be expressed as ${\widehat{a}}^{†}\left(t\right)=(1/\sqrt{2\pi })\int d\omega {\widehat{a}}^{†}\left(\omega \right)exp(-i\omega t)$.

To introduce TMs for the security analysis, we first define a wavepacket function ${\xi }_i\left(t\right)$. If ${\xi }_i\left(t\right)$ meets the orthonormalization that $\int dt{\xi }_i^{*}\left(t\right){\xi }_j\left(t\right)={\delta }_{ij}$, for different i and j, the TM field creation operator can be defined as [40,41,45] ${\widehat{A}}_{{\xi }_i}^{†}=\int dt{\xi }_i\left(t\right){\widehat{a}}^{†}\left(t\right).$ The annihilation operator ${\widehat{A}}_{{\xi }_i}$ follows a similar definition.

The TM field operators also obey the commutation relation, which reads $\left[{\widehat{A}}_{{\xi }_i},{\widehat{A}}_{{\xi }_j}^{†}\right]={\delta }_{ij}$. Then we can define the photon-wavepacket coherent state ${\left|{\gamma }_i\right.〉}_{{\xi }_i}$ on ${\xi }_i-\mathrm{TM}$ as [40]

$${\left|{\gamma }_i\right.〉}_{{\xi }_i}={\widehat{D}}_{{\xi }_i}\left({\gamma }_i\right)|0\rangle =exp\left({\gamma }_i{\widehat{A}}_{{\xi }_i}^{†}-{\gamma }_i^{*}{\widehat{A}}_{{\xi }_i}\right)|0\rangle .$$

(1)

The photon-wavepacket coherent state obeys the eigenvalue equation ${\widehat{A}}_{{\xi }_i}{\left|{\gamma }_i\right.〉}_{{\xi }_i}={\gamma }_i{\left|{\gamma }_i\right.〉}_{{\xi }_i}$. Under this notation, the quadrature operator with the phase angle $\theta$ can be defined as [17]

$${\widehat{X}}_{{\xi }_i}^{\theta }={\widehat{A}}_{{\xi }_i}^{†}exp\left(i\theta \right)+{\widehat{A}}_{{\xi }_i}exp(-i\theta ).$$

(2)

After describing the continuous-mode states prepared at the transmitter using TM, the receiver of the system that incorporates continuous-mode effects can likewise be characterized within the TM framework. The finite detector bandwidth can be modeled as a filter characterized by an impulse response function (IRF) $g\left(t\right)$, and the photocurrent flux operator of a homodyne detector is given by [40,46]

$$\widehat{f}\left(t\right)=\left[{\widehat{a}}^{†}\left(t\right){\widehat{a}}_{\mathrm{LO}}\left(t\right)+{\widehat{a}}_{\mathrm{LO}}^{†}\left(t\right)\widehat{a}\left(t\right)\right]\ast g\left(t\right),$$

(3)

where ∗ denotes the convolution. The photocurrent flux after taking the average over local oscillator (LO) is given by

$${\widehat{f}}_{\mathrm{LO}}\left(t\right)=\left.〈a_{\mathrm{LO}}\left(t\right)\right|\widehat{f}\left(t\right)\left|a_{\mathrm{LO}}\left(t\right)\right.〉.$$

(4)

Considering the analog-to-digital converter (ADC) as the integral sampling process with integral time $\mathrm{\Delta }{t}_s$, the sampled data at time $t_k$ is

$${\widehat{D}}_{t_k}={\displaystyle \frac{1}{\mathrm{\Delta }{t}_{\mathrm{s}}}}{\int }_{t_k}^{t_k+\mathrm{\Delta }{t}_{\mathrm{s}}}dt{\widehat{f}}_{\mathrm{LO}}\left(t\right).$$

(5)

For a digital signal processing (DSP) algorithm involving N sampled data, the output data at the time corresponding to the $t_j$ sampling time could be [17]

$${\widehat{D}}_{t_j}={\displaystyle \frac{{\mu }_{\mathrm{LO}}^{\frac{1}{2}}}{\mathrm{\Delta }{t}_{\mathrm{s}}}}\int G_{\mathrm{DSP}}^{t_j}\left(\tau \right){\widehat{X}}^{a_{\mathrm{LO}}}\left(\tau \right)d\tau ,$$

(6)

where

$$G_{\mathrm{DSP}}\left(\tau \right)=\sum _{k=1}^N{f}_{\mathrm{DSP}}^{k}g\left(t_k-\tau \right).$$

(7)

$f_{\mathrm{DSP}}^k$ denotes the coefficients determined by the specific DSP algorithm.

As the continuous-mode coherent states sent by the transmitter carry temporal and spectral information, the nonideal detectors at the receiver are unable to extract all the information from an arbitrary and unknown temporal wavepacket. In addition, the DSP algorithm employed at the receiver involves sampling and processing of multi-point measurement outcomes. To properly describe the final output of the receiver, it is necessary to perform adaptive SNU normalization according to the specific configuration. By configuring the LO, IRF, and DSP algorithms in practical systems, the SNU normalization factor of the receiver output can be obtained as [17]

$${\sigma }_{\mathrm{SNU}}=\sqrt{{\displaystyle \frac{{\mu }_{\mathrm{LO}}}{\mathrm{\Delta }{t}_{\mathrm{s}}^2}}\int {\left|{\xi }_{\mathrm{LO}}\left(\tau \right)\right|}^2{\left[G_{\mathrm{DSP}}^{t_j}\left(\tau \right)\right]}^{2}d\tau },$$

(8)

where ${\mu }_{\mathrm{LO}}$ denotes the average number of photons contained in an envelope ${\xi }_{\mathrm{LO}}\left(t\right)$ for a pulsed LO.

After performing adaptive normalization on the receiver output, the sampled data ${\widehat{D}}_{t_j}^{\mathrm{SNU}}$ are divided by ${\sigma }_{\mathrm{SNU}}$, which gives [17]

$${\widehat{D}}_{t_j}^{\mathrm{SNU}}=e^{i\theta }\int d\tau {\displaystyle \frac{G_{\mathrm{dsp}}^{t_j}\left(\tau \right){\xi }_{\mathrm{LO}}\left(\tau \right)e^{-i{\omega }_{\mathrm{LO}}\tau }}{{\sigma }_{\mathrm{cal}}}}{\widehat{a}}^{†}\left(\tau \right)+\mathrm{h}.\mathrm{c}.,$$

(9)

where h.c. denotes the Hermitian conjugate, and ${\sigma }_{\mathrm{cal}}=\sqrt{\int d\tau {\left|{\xi }_{\mathrm{LO}}\left(\tau \right)\right|}^2{\left[G_{\mathrm{dsp}}^{t_j}\left(\tau \right)\right]}^2}$ is the rescaled factor when calibrating output data by SNU.

The normalized photon-wavepacket function is defined as

$${\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}\left(\tau \right)={\displaystyle \frac{{\xi }_{\mathrm{LO}}\left(\tau \right)G_{\mathrm{dsp}}^{t_j}\left(\tau \right)exp\left(-i{\omega }_{\mathrm{LO}}\tau \right)}{\sqrt{\int d\tau {\left|{\xi }_{\mathrm{LO}}\left(\tau \right)\right|}^2{\left[G_{\mathrm{dsp}}^{t_j}\left(\tau \right)\right]}^2}}},$$

(10)

with the normalization condition $\int d\tau {\left|{\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}\left(\tau \right)\right|}^2=1$. This introduces ${\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}-\mathrm{TM}$, which is jointly defined by the LO, IRF, and DSP algorithms. Then, we can further define its operator as

$${\widehat{A}}_{{\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}}^{†}=\int d\tau {\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}\left(\tau \right){\widehat{a}}^{†}\left(\tau \right),$$

(11)

$${\widehat{A}}_{{\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}}=\int d\tau {\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}\left(\tau \right)\widehat{a}\left(\tau \right).$$

(12)

Therefore, the normalized receiver output ${\widehat{D}}_{t_j}^{\mathrm{SNU}}$ shown in Equation (9) can be expressed in terms of the ${\mathrm{\Xi }}_{DSP}^{t_j}-\mathrm{TM}$ operators and rewritten as

$${\widehat{D}}_{t_j}^{\mathrm{SNU}}={\widehat{A}}_{{\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}}^{†}exp\left(i\theta \right)+{\widehat{A}}_{{\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}}exp(-i\theta )={\widehat{X}}_{{\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}}^{\theta },$$

(13)

which takes the same form as Equation (2) for the transmitter output.

The analysis adopted in this work does not alter the Gaussian nature of the protocol. Instead, it reformulates the description of the optical field under device nonidealities within the continuous-mode framework in terms of TMs. The final data (output from DSP and being normalized) can be treated as a quadrature measurement of ${\mathrm{\Xi }}_{\mathrm{DSP}}^{t_j}-\mathrm{TM}$. As long as the data represent a quadrature measurement result, they can be used to construct the covariance matrix and are thus compatible with traditional security analysis methods [17]. Under these conditions, Gaussian optimality remains valid, and the optimal attack can still be restricted to Gaussian collective attacks.

The constructed covariance matrix remains defined in a canonical operator space, and both its symplectic eigenvalues and the mathematical structure underlying Gaussian security analysis remain unchanged. The normalization procedure in the continuous-mode scenario does not modify the symplectic structure of the system. The covariance-matrix-based Gaussian security proof and the associated symplectic eigenvalue analysis therefore remain fully applicable.

In the TM framework, the TM associated with the measured quantum state is denoted as $\xi \text{-}\mathrm{TM}$, while the effective TM defined by the receiver is denoted as ${\mathrm{\Xi }}_{\mathrm{DSP}}\text{-}\mathrm{TM}$. The continuous-mode measurement can be regarded as a mode projection process [17]. A third mode ${\mathrm{\Psi }}_{\perp }\text{-}\mathrm{TM}$ can be constructed via Gram–Schmidt orthogonalization, which is derived from ${\mathrm{\Xi }}_{\mathrm{DSP}}\text{-}\mathrm{TM}$ and orthogonal to $\xi \text{-}\mathrm{TM}$. The corresponding decomposition of the creation operator is then given by

$${\widehat{A}}_{{\mathrm{\Xi }}_{\mathrm{DSP}}}^{†}=\sqrt{{\eta }_{\mathrm{m}}}{\widehat{A}}_{\xi }^{†}+\sqrt{1-{\eta }_{\mathrm{m}}}{\widehat{A}}_{{\mathrm{\Psi }}_{\perp }}^{†},$$

(14)

where ${\eta }_{\mathrm{m}}$ denotes the mode-matching coefficient,

$${\eta }_{\mathrm{m}}={\left|\int dt{\mathrm{\Xi }}_{\mathrm{DSP}}^{\ast }\left(t\right)\xi \left(t\right)\right|}^2.$$

(15)

It can be seen that the decomposition of the creation operator is obtained through the standard Gram–Schmidt orthogonalization procedure in the continuous-mode Hilbert space. The above decomposition therefore originates from a change of orthonormal basis in the Hilbert space at the mathematical level.

At the physical level, the validity of the mode-matching decomposition relies on the following assumptions [17]: (1) The DSP algorithm applied at the receiver is linear. (2) The TM functions are properly normalized and satisfy orthogonality conditions.

2.3. Entanglement-Based Scheme of the Protocol

To analyze the security of the PM scheme, we construct an entanglement-based (EB) scheme that is equivalent to it. The equivalence is established in two aspects. First is state-preparation equivalence: performing heterodyne detection on one mode of a two-continuous-mode squeezed vacuum (TCMSV) state is equivalent to preparing a Gaussian-modulated continuous-mode coherent state. Second is measurement equivalence: the effect of transmitter–receiver mode mismatch can be equivalently modeled as a reduction in detection efficiency, which can be represented by a beam splitter with transmittance ${\eta }_{\mathrm{m}}$. The key steps establishing the equivalence between the EB and PM schemes of the protocol are illustrated in Figure 2.

The EB scheme of the protocol is described as follows:

1. State preparation. Bob prepares a TCMSV with variance $V_{\mathrm{B}}$, keeps one mode $B_{1{\xi }_{\mathrm{B}}}$, and sends the other mode $B_{\mathrm{o}\mathrm{u}\mathrm{t}{\xi }_{\mathrm{B}}}$ to Alice through the quantum channel. Alice prepares a TCMSV with variance $V_{\mathrm{A}}$, performs heterodyne detection on one of the modes $A_{1{\xi }_{\mathbf{A}}}$, and keeps the other mode ${A^{\prime }}_{{\xi }_{\mathrm{A}}}$.

2. State interference. The mode $B_{\mathrm{out}{\xi }_{\mathrm{B}}}$ sent by Bob evolves through the quantum channel into $A_{\mathrm{i}\mathrm{n}{\xi }_{\mathrm{B}}}$. Alice interferes $A_{\mathrm{i}\mathrm{n}{\xi }_{\mathrm{B}}}$ with the previously retained mode ${A^{\prime }}_{{\xi }_{\mathrm{A}}}$ using a beam splitter with transmittance $T_{\mathrm{A}}$, resulting in the output modes $A_{2\xi }$ and $A_{\mathrm{o}\mathrm{u}\mathrm{t}\xi }$. Alice keeps the mode $A_{2\xi }$ and sends the mode $A_{\mathrm{o}\mathrm{u}\mathrm{t}\xi }$ back to Bob. The mode $A_{\mathrm{o}\mathrm{u}\mathrm{t}\xi }$ sent by Alice evolves through the channel into $B_{2\xi }$.

3. State measurement. Alice performs homodyne detection on the mode $A_{2\xi }$. At this stage, due to the interference of continuous-mode optical fields, it is necessary to separately consider the mode-matching coefficients between the detection mode at Alice and the modes originating from Bob and Alice, denoted by ${\eta }_{\mathrm{m}}^{\mathrm{BA}}$ and ${\eta }_{\mathrm{m}}^{\mathrm{AA}}$, respectively. Bob performs heterodyne detection on both the mode $B_{2\xi }$ and the mode $B_{1{\xi }_{\mathrm{B}}}$ originally retained by himself. Similarly, owing to the interference of continuous-mode optical fields, the mode-matching coefficients between Bob’s detection mode and the modes originating from Bob and Alice, denoted by ${\eta }_{\mathrm{m}}^{\mathrm{BB}}$ and ${\eta }_{\mathrm{m}}^{\mathrm{AB}}$, respectively, must be taken into account.

4. Data processing. Bob processes his measurement data to obtain $x_{\mathrm{B}}=x_{{\mathrm{B}}_{2\xi }}-k{x}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$ and $p_{\mathrm{B}}=p_{{\mathrm{B}}_{2\xi }}+k{p}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$, where $k=T\sqrt{T_{\mathrm{A}}}\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{BB}}}\sqrt{V_{\mathrm{B}}-1}/\sqrt{V_{\mathrm{B}}+1}$. Bob then uses his measurement results to estimate Alice’s values. After completing data reconciliation, Bob and Alice perform classical post-processing procedures such as error correction and privacy amplification.

From the above description of the EB scheme, it can be seen that, compared with the single-mode case, the continuous-mode model requires careful consideration of the mode-matching process between the transmitter and receiver. In particular, owing to the interference of continuous-mode optical fields, four mode-matching coefficients between the transmitter and receiver must be taken into account simultaneously. In Section 3.2, we will present the final covariance matrix between Alice and Bob by incorporating the effects of finite-size statistics.

3. Finite-Size Effects in the Improved Two-Way Protocol

In practical implementations of the protocol, the two legitimate parties can exchange only a finite amount of data for the post-processing procedure, which leads to increased statistical fluctuations in sampling-based estimations and prevents them from accurately estimating the channel parameters. In this section, we analyze the impact of finite-size effects on parameter estimation and present the secret key rate formula of the improved two-way protocol when finite-size effects are taken into account.

3.1. Theoretical Analysis of Finite-Size Effects

3.1.1. Finite-Size Statistical Fluctuations

When finite-size effects are taken into account, Alice and Bob cannot precisely characterize the properties of the quantum channel. They need to select m signals from the exchanged N signals for parameter estimation, leaving $n=N-m$ signals for key generation. In this case, the secret key rate of the protocol should be modified as [47]

$$K_{\mathrm{finite}}={\displaystyle \frac{n}{N}}\left[{\beta }_{\mathrm{R}}{I}_{\mathrm{AB}}-{\left(S_{\mathrm{BE}}\right)}_{{ϵ}_{\mathrm{PE}}}-\mathrm{\Delta }\left(n\right)\right],$$

(16)

where $I_{\mathrm{AB}}$ denotes the mutual information between Alice and Bob, and $S_{\mathrm{BE}}$ denotes the information leaked from Bob to Eve. The parameter ${ϵ}_{\mathrm{PE}}$ denotes the probability of failure in parameter estimation, and the true channel parameters lie within a certain confidence interval around the estimated values with probability $1-{ϵ}_{\mathrm{PE}}$. The parameter $\mathrm{\Delta }\left(n\right)$ is related to the security of privacy amplification, and its value is given by

$$\mathrm{\Delta }\left(n\right)\equiv \left(2dim{H}_X+3\right)\sqrt{{\displaystyle \frac{{log}_2(2/\overline{ϵ})}{n}}}+{\displaystyle \frac{2}{n}}{log}_2\left(1/{ϵ}_{P_A}\right),$$

(17)

where $H_X$ represents the Hilbert space dimension of the variable x in the raw key, in the CV protocol, the $dim{H}_X$ is set to 2. The smoothing parameter $\overline{ϵ}$ and the privacy amplification parameter ${ϵ}_{\mathrm{PA}}$ are intermediate variables, with their optimal values set to $\overline{ϵ}={ϵ}_{\mathrm{PA}}={10}^{-10}$.

For a general linear channel, the relationship between the data held by Alice and Bob can be expressed as

$$y=tx+z,$$

(18)

where t denotes the channel transmittance, with $t=\sqrt{T}$. The variable z represents the equivalent noise and follows a normal distribution with unknown variance of the form ${\sigma }^2=1+T\epsilon$. The relationships between t and $S_{\mathrm{BE}}$, as well as between ${\sigma }^2$ and $S_{\mathrm{BE}}$, are given by

$${\left.{\displaystyle \frac{\mathsf{\partial }{S}_{\mathrm{BE}}}{\mathsf{\partial }t}}\right|}_{{\sigma }^2}<0,{\left.{\displaystyle \frac{\mathsf{\partial }{S}_{\mathrm{BE}}}{\mathsf{\partial }{\sigma }^2}}\right|}_t>0.$$

(19)

Due to finite-size effects, the accuracy with which the legitimate parties can assess Eve’s eavesdropping behavior in the channel is reduced. To achieve a high level of security, a worst-case estimation of the eavesdropping must therefore be adopted. Specifically, Alice and Bob infer the minimum value of t, denoted as $t_{min}$, and the maximum value of ${\sigma }^2$, denoted as ${\sigma }_{max}^2$, from the sample data.

By invoking the law of large numbers, the estimators $\widehat{t}$ and ${\widehat{\sigma }}^2$ can be approximated as following the distributions:

$$\widehat{t}\sim \mathcal{N}\left(t,{\displaystyle \frac{{\sigma }^2}{{\sum }_{i=1}^m{x}_i^2}}\right),{\displaystyle \frac{m{\widehat{\sigma }}^2}{{\sigma }^2}}\sim {\chi }^2(m-1),$$

(20)

where $\mathcal{N}$ denotes the normal distribution and ${\chi }^2$ denotes the chi-square distribution. Let $t_{\mathrm{real}}$ and ${\sigma }_{\mathrm{real}}^2$ denote the real (unknown but fixed) values of the channel parameters. Let ${ϵ}_{\mathrm{PE}}$ be the total failure probability of parameter estimation, which is equally allocated to the construction of the one-sided confidence bounds for t and ${\sigma }^2$; i.e., each one-sided failure probability is taken as $\left[\left({ϵ}_{\mathrm{PE}}\right)/2\right]$. As a result, $\mathbb{P}(t_{\mathrm{real}}<t_{min})\le \left[\left({ϵ}_{\mathrm{PE}}\right)/2\right]$ and $\mathbb{P}({\sigma }_{\mathrm{real}}^2>{\sigma }_{max}^2)\le \left[\left({ϵ}_{\mathrm{PE}}\right)/2\right]$. By applying the union bound, we obtain:

$$\mathbb{P}\left(t_{\mathrm{real}}\ge t_{min},{\sigma }_{\mathrm{real}}^2\le {\sigma }_{max}^2\right)\ge 1-{ϵ}_{\mathrm{PE}}.$$

(21)

We then obtain the one-sided lower confidence bound $t_{min}$ for t and the one-sided upper confidence bound ${\sigma }_{max}^2$ for ${\sigma }^2$:

$$t_{min}\approx \widehat{t}-z_{\left[\left({ϵ}_{\mathrm{PE}}\right)/2\right]}\sqrt{{\displaystyle \frac{{\widehat{\sigma }}^2}{m{V}_{mod}}}},$$

(22)

$${\sigma }_{max}^2\approx {\widehat{\sigma }}^2+z_{\left[\left({ϵ}_{\mathrm{PE}}\right)/2\right]}{\displaystyle \frac{{\widehat{\sigma }}^2\sqrt{2}}{\sqrt{m}}},$$

(23)

where $z_{\left[\left({ϵ}_{\mathrm{PE}}\right)/2\right]}$ satisfies

$${\displaystyle \frac{1}{2}}\left\{1-erf\left({\displaystyle \frac{z_{\left[\left({ϵ}_{\mathrm{PE}})/2\right]\right.}}{\sqrt{2}}}\right)\right\}={\displaystyle \frac{{ϵ}_{\mathrm{PE}}}{2}},$$

(24)

where $\mathrm{erf}$ denotes the error function, which is defined as

$$erf\left(x\right)={\displaystyle \frac{2}{\sqrt{\pi }}}{\int }_0^x{e}^{-t^2}\mathrm{d}t.$$

(25)

By replacing the maximum likelihood estimators with their expectation values, $t_{min}$ and ${\sigma }_{max}^2$ are obtained with probability $\left(1-{ϵ}_{\mathrm{PE}}\right)$, yielding the covariance matrix corresponding to the worst-case secret key rate.

3.1.2. Covariance Matrix in the Ideal Scenario

To evaluate the secret key rate under finite-size effects using Equation (16), it is necessary to construct the covariance matrix between Alice and Bob for the calculation of $I_{\mathrm{AB}}$ and ${\left(S_{\mathrm{BE}}\right)}_{e_{\mathrm{PE}}}$. As described in the EB scheme in Section 2.2, after the transmission and measurement of the quantum states, Alice and Bob construct the covariance matrix ${\gamma }_{B_2{B}_1{A}_2{A}_1}$ from the four modes retained in the protocol. In the ideal scenario, the two parties can exchange an infinite amount of data for parameter estimation, and perfect mode matching is achieved between them. Under these conditions, the corresponding covariance matrix can be expressed as

$${\gamma }_{B_2{B}_1{A}_2{A}_1}=\left(\begin{array}{cccc}{V}_{B_2}\mathrm{I}& C_{B_2{B}_1}{\sigma }_Z& C_{B_2{A}_2}\mathrm{I}& C_{B_2{A}_1}{\sigma }_Z\\ C_{B_2{B}_1}{\sigma }_Z& V_{B_1}\mathrm{I}& C_{B_1{A}_2}{\sigma }_Z& 0\\ C_{B_2{A}_2}\mathrm{I}& C_{B_1{A}_2}{\sigma }_Z& V_{A_2}\mathrm{I}& C_{A_{2}A1}{\sigma }_Z\\ C_{B_2{A}_1}{\sigma }_Z& 0& C_{A_2{A}_1}{\sigma }_Z& V_{A_1}\mathrm{I}\end{array}\right),$$

(26)

where the individual elements are given by [36]

$$\left\{\begin{array}{c}{V}_{B_1}=V_{\mathrm{B}}\hfill \\ V_{B_2}=T\left(\left(1-T_{\mathrm{A}}\right)V_{\mathrm{A}}+\chi +T{T}_{\mathrm{A}}\left(V_{\mathrm{B}}+\chi \right)\right)\hfill \\ V_{A_2}=T_{\mathrm{A}}{V}_{\mathrm{A}}+T\left(1-T_{\mathrm{A}}\right)\left(V_{\mathrm{B}}+\chi \right)\hfill \\ V_{A_1}=V_{\mathrm{A}}\hfill \\ C_{B_2{B}_1}=T\sqrt{T_{\mathrm{A}}\left(V_{\mathrm{B}}^2-1\right)}\hfill \\ C_{B_1{A}_2}=-\sqrt{T\left(1-T_{\mathrm{A}}\right)\left(V_{\mathrm{B}}^2-1\right)}\hfill \\ C_{B_2{A}_2}=\sqrt{T\left(1-T_{\mathrm{A}}\right)T_{\mathrm{A}}}\left(V_{\mathrm{A}}-T\left(V_{\mathrm{B}}+\chi \right)\right)\hfill \\ C_{B_2{A}_1}=\sqrt{T\left(1-T_{\mathrm{A}}\right)\left(V_{\mathrm{A}}^2-1\right)}\hfill \\ C_{A_2{A}_1}=\sqrt{T_{\mathrm{A}}\left(V_{\mathrm{A}}^2-1\right)}\hfill \end{array}\right.,$$

(27)

$$\chi ={\displaystyle \frac{1-T}{T}}+\epsilon .$$

(28)

In the ideal scenario, the secret key rate can be evaluated using the matrix in Equation (26) together with subsequent matrix transformations. Based on the analyses in Section 2.2 and Section 3.1.1, we will subsequently present the method for calculating the secret key rate in practical systems when both continuous-mode effects and finite-size effects are taken into account.

3.1.3. Finite-Size Adaptive Normalization

In Section 3.1.2, the covariance matrix of Alice and Bob in the ideal scenario has been presented. In practical systems, after adaptive normalization, the transmitted and received signals can be described in terms of TMs, and the mode-matching coefficients between the transmitter and receiver must be taken into account, as listed in

Table 1. The mode-matching coefficients between the transmitter and receiver in the improved two-way protocol.

Coefficient	Description
${\eta }_{\mathrm{m}}^{\mathrm{AA}}$	Alice’s ${\xi }_{\mathrm{A}}$-TM vs. Alice’s detector’s ${\mathrm{\Xi }}_{\mathrm{A}}$-TM
${\eta }_{\mathrm{m}}^{\mathrm{AB}}$	Alice’s ${\xi }_{\mathrm{A}}$-TM vs. Bob’s detector’s ${\mathrm{\Xi }}_{\mathrm{B}}$-TM
${\eta }_{\mathrm{m}}^{\mathrm{BA}}$	Bob’s ${\xi }_{\mathrm{B}}$-TM vs. Alice’s detector’s ${\mathrm{\Xi }}_{\mathrm{A}}$-TM
${\eta }_{\mathrm{m}}^{\mathrm{BB}}$	Bob’s ${\xi }_{\mathrm{B}}$-TM vs. Bob’s detector’s ${\mathrm{\Xi }}_{\mathrm{B}}$-TM

.

In a realistic scenario that accounts for device nonidealities, the measured state at Bob’s input can be described as a wavepacket coherent state ${|\gamma \rangle }_{{\xi }_{\mathrm{A}}}$ associated with the wavepacket ${\xi }_{\mathrm{A}}\left(t\right)$. Therefore, during the calibration stage prior to key distribution, Alice sends Bob a predefined test signal that is agreed upon in advance. Bob then performs multi-point sampling of this signal, from which the corresponding wavepacket is reconstructed and subsequently normalized to obtain ${\xi }_{\mathrm{A}}\left(t\right)$. After completing the SNU normalization at the receiver (see Equations (3)–(13)), Bob obtains ${\mathrm{\Xi }}_{\mathrm{DSP}}\left(t\right)$; by substituting the relevant parameters into Equation (15), the mode-matching coefficient ${\eta }_{\mathrm{m}}$ can then be obtained. The calibration procedures for the four mode-matching coefficients follow similar steps.

Pre-calibrating the mode-matching coefficients offers an additional practical advantage for the implementation of the two-way protocol. The pre-calibration of the mode-matching coefficients is performed in an independent unidirectional configuration, in which Rayleigh backscattering is effectively avoided. This allows the receiver to optimize the DSP algorithm in advance so as to achieve improved mode-matching coefficients and mitigate the impact of Rayleigh backscattering during the subsequent two-way operation.

At the same time, when finite-size effects are taken into account, worst-case estimations of T and $ϵ$ in the covariance matrix of Alice and Bob are required. Combined with the theoretical analysis in Section 3.1.1, after introducing the four mode-matching coefficients into the matrix in Equation (26), the covariance matrix corrected by finite-size adaptive normalization (FAN) is given by

$${\left({\gamma }_{B_2{B}_1{A}_2{A}_1}\right)}_{\mathrm{FAN}}={\left(\begin{array}{cccc}{V}_{B_2}\mathrm{I}& C_{B_2{B}_1}{\sigma }_Z& C_{B_2{A}_2}\mathrm{I}& C_{B_2{A}_1}{\sigma }_Z\\ C_{B_2{B}_1}{\sigma }_Z& V_{B_1}\mathrm{I}& C_{B_1{A}_2}{\sigma }_Z& 0\\ C_{B_2{A}_2}\mathrm{I}& C_{B_1{A}_2}{\sigma }_Z& V_{A_2}\mathrm{I}& C_{A_{2}A1}{\sigma }_Z\\ C_{B_2{A}_1}{\sigma }_Z& 0& C_{A_2{A}_1}{\sigma }_Z& V_{A_1}\mathrm{I}\end{array}\right)}_{\mathrm{FAN}}.$$

(29)

The relations between the quadratures can be derived based on the mode-matching coefficients summarized in Table 1. The TCMSV prepared by Bob comprises two modes, namely the transmitted mode $B_{\mathrm{o}\mathrm{u}\mathrm{t}}$ and the locally measured mode $B_1$. According to Equation (15), the Gram–Schmidt orthogonalization can be applied to obtain

$$B_{\mathrm{o}\mathrm{u}\mathrm{t}}^{\mathrm{BA}}=\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{BA}}}{B}_{\mathrm{o}\mathrm{u}\mathrm{t}}+\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{BA}}}{B}_{\mathrm{o}\mathrm{u}\mathrm{t}}^{\perp },$$

(30)

$$B_{\mathrm{o}\mathrm{u}\mathrm{t}}^{\mathrm{BB}}=\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{BB}}}{B}_{\mathrm{o}\mathrm{u}\mathrm{t}}+\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{BB}}}{B}_{\mathrm{o}\mathrm{u}\mathrm{t}}^{\perp }.$$

(31)

The mode $B_{\mathrm{o}\mathrm{u}\mathrm{t}}$ is transmitted through the channel and evolves into the mode $A_{\mathrm{i}\mathrm{n}}$.

$$A_{\mathrm{i}\mathrm{n}}^{\mathrm{BA}}=\sqrt{T}{B}_{\mathrm{o}\mathrm{u}\mathrm{t}}^{\mathrm{BA}}+\sqrt{1-T}{E}_1,$$

(32)

$$A_{\mathrm{i}\mathrm{n}}^{\mathrm{BB}}=\sqrt{T}{B}_{\mathrm{o}\mathrm{u}\mathrm{t}}^{\mathrm{BB}}+\sqrt{1-T}{E}_1.$$

(33)

E denotes Eve’s mode. Its variance is given by $V_E=1+\left(T\epsilon \right)/(1-T)$.

The TCMSV prepared by Alice consists of two modes: the mode $A^{\prime }$ used for optical interference and the retained mode $A_1$ measured locally.

$$A^{\prime \mathrm{AA}}=\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{AA}}}{A}^{\prime }+\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{AA}}}{A}^{\prime \perp },$$

(34)

$$A^{\prime \mathrm{AB}}=\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{AB}}}{A}^{\prime }+\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{AB}}}{A}^{\prime }.$$

(35)

The modes $A^{\prime }$ and $A_{\mathrm{i}\mathrm{n}}$ interfere at a beam splitter with transmittance $T_{\mathrm{A}}$, resulting in the mode $A_2$ for Alice’s local measurement and the mode $A_{\mathrm{o}\mathrm{u}\mathrm{t}}$ sent back into the channel.

$$A_2=\sqrt{T_{\mathrm{A}}}{A}^{\prime \mathrm{AA}}-\sqrt{1-T_{\mathrm{A}}}{A}_{\mathrm{i}\mathrm{n}}^{\mathrm{BA}},$$

(36)

$$A_{\mathrm{o}\mathrm{u}\mathrm{t}}=\sqrt{T_{\mathrm{A}}}{A}_{\mathrm{i}\mathrm{n}}^{\mathrm{BB}}+\sqrt{1-T_{\mathrm{A}}}{A}^{\prime \mathrm{AB}}.$$

(37)

The mode $A_{\mathrm{o}\mathrm{u}\mathrm{t}}$ is transmitted through the channel and evolves into the mode $B_2$.

$$B_2=\sqrt{T}{A}_{\mathrm{o}\mathrm{u}\mathrm{t}}+\sqrt{1-T}{E}_2.$$

(38)

We have now identified all the modes associated with the elements of matrix ${\gamma }_{B_2{B}_1{\mathsf{\Lambda }}_2{\mathsf{\Lambda }}_1}$. Combining the above results, all elements of the covariance matrix in Equation (29) can be obtained.

$$\mathrm{FAN}\left\{\begin{array}{c}{V}_{B_1}=V_{\mathrm{B}}\hfill \\ V_{B_2}=T_{min}\left(1-T_{\mathrm{A}}\right)\left[{\eta }_{\mathrm{m}}^{\mathrm{AB}}{V}_A+\left(1-{\eta }_{\mathrm{m}}^{\mathrm{AB}}\right)\right]+\left({\sigma }_{max}^2-T_{min}\right)+\hfill \\ T_{min}{T}_{\mathrm{A}}\left[T_{min}{\eta }_{\mathrm{m}}^{\mathrm{BB}}{V}_{\mathrm{B}}+T_{min}\left(1-{\eta }_{\mathrm{m}}^{\mathrm{BB}}\right)+\left({\sigma }_{max}^2-T_{min}\right)\right]\hfill \\ V_{A_2}=T_{\mathrm{A}}\left({\eta }_{\mathrm{m}}^{\mathrm{AA}}{V}_{\mathrm{A}}+1-{\eta }_{\mathrm{m}}^{\mathrm{AA}}\right)+\hfill \\ \left(1-T_{\mathrm{A}}\right)\left[T_{min}{\eta }_{\mathrm{m}}^{\mathrm{BA}}{V}_{\mathrm{B}}+T_{min}\left(1-{\eta }_{\mathrm{m}}^{\mathrm{BA}}\right)+\left({\sigma }_{max}^2-T_{min}\right)\right]\hfill \\ V_{A_1}=V_{\mathrm{A}}\hfill \\ C_{B_2{B}_1}=T_{min}\sqrt{T_{\mathrm{A}}{\eta }_{\mathrm{m}}^{\mathrm{BB}}\left(V_{\mathrm{B}}^2-1\right)}\hfill \\ C_{B_1{A}_2}=-\sqrt{T_{min}\left(1-T_{\mathrm{A}}\right){\eta }_{\mathrm{m}}^{\mathrm{BA}}\left(V_{\mathrm{B}}^2-1\right)}\hfill \\ C_{B_2{A}_2}=\sqrt{T_{min}\left(1-T_{\mathrm{A}}\right)T_{\mathrm{A}}}\hfill \\ \left[\begin{array}{c}\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{AB}}{\eta }_{\mathrm{m}}^{\mathrm{AA}}}{V}_{\mathrm{A}}+\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{AB}}}\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{AA}}}-\\ \left(T_{min}\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{BB}}{\eta }_{\mathrm{m}}^{\mathrm{BA}}}{V}_{\mathrm{B}}+T_{min}\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{BB}}}\sqrt{1-{\eta }_{\mathrm{m}}^{\mathrm{BA}}}+{\sigma }_{max}^2-T_{min}\right)\end{array}\right]\hfill \\ C_{B_2{A}_1}=\sqrt{T_{min}\left(1-T_{\mathrm{A}}\right){\eta }_{\mathrm{m}}^{\mathrm{AB}}\left(V_{\mathrm{A}}^2-1\right)}\hfill \\ C_{A_2{A}_1}=\sqrt{T_{\mathrm{A}}{\eta }_{\mathrm{m}}^{\mathrm{AA}}\left(V_{\mathrm{A}}^2-1\right)}\hfill \end{array}\right.,$$

(39)

where $T_{min}={\left(t_{min}\right)}^2$. The calculations of $t_{min}$ and ${\sigma }_{max}^2$ can be found in Equations (22) and (23), respectively. By replacing the maximum likelihood estimators with their expectation values, $\widehat{t}=\sqrt{T}$ and ${\widehat{\sigma }}^2=1+T\epsilon$.

3.2. Method for Calculating the Secret Key Rate

After obtaining the covariance matrices ${\gamma }_{B_2{B}_1{A}_2{A}_1}$ and ${\left({\gamma }_{B_2{B}_1{A}_2{A}_1}\right)}_{\mathrm{FAN}}$, we can calculate $I_{\mathrm{AB}}$ and ${\left(S_{\mathrm{BE}}\right)}_{{ϵ}_{\mathrm{PE}}}$, and then evaluate the secret key rate using Equation (16). For the coherent-state heterodyne protocol with reverse reconciliation,

$$I_{\mathrm{AB}}={log}_2{\displaystyle \frac{V_{{\mathrm{A}}^{\mathrm{M}}}}{V_{{\mathrm{A}}^{\mathrm{M}}\mid \mathrm{B}}}},$$

(40)

where $V_{{\mathrm{A}}^{\mathrm{M}}}$ and $V_{{\mathrm{A}}^{\mathrm{M}}\mid \mathrm{B}}$ denote the variance of Alice’s measurement outcomes and the conditional variance given Bob’s measurement outcomes, respectively. From the covariance matrix shared by the two parties, we can obtain

$$I_{\mathrm{AB}}={log}_2\left[{\displaystyle \frac{T^2{T}_{\mathrm{A}}(\chi +1)+T\chi +1+T\left(1-T_{\mathrm{A}}\right)\left({\eta }_{\mathrm{m}}^{\mathrm{AB}}{V}_{\mathrm{A}}+1-{\eta }_{\mathrm{m}}^{\mathrm{AB}}\right)}{T^2{T}_{\mathrm{A}}(\chi +1)+T\chi +1+T\left(1-T_{\mathrm{A}}\right)}}\right].$$

(41)

The information leaked from Bob to Eve, ${\left(S_{\mathrm{BE}}\right)}_{{ϵ}_{\mathrm{PE}}}$, can be evaluated using the Holevo bound,

$${\left(S_{\mathrm{BE}}\right)}_{{ϵ}_{\mathrm{PE}}}={\left[S\left(\mathrm{E}\right)\right]}_{{ϵ}_{\mathrm{PE}}}-{\left[S\left(\mathrm{E}\mid x_{\mathrm{B}},p_{\mathrm{B}}\right)\right]}_{{ϵ}_{\mathrm{PE}}},$$

(42)

where ${\left[S\left(\mathrm{E}\right)\right]}_{{ϵ}_{\mathrm{PE}}}$ denotes Eve’s von Neumann entropy, and ${\left[S\left(\mathrm{E}\mid x_{\mathrm{B}},p_{\mathrm{B}}\right)\right]}_{{ϵ}_{\mathrm{PE}}}$ denotes Eve’s conditional von Neumann entropy given Bob’s measurement outcomes.

After Eve purifies the entire system, we have ${\left[S\left(\mathrm{E}\right)\right]}_{{ϵ}_{\mathrm{PE}}}={\left[S\left(\mathrm{AB}\right)\right]}_{{ϵ}_{\mathrm{PE}}}$. The entropy of the Gaussian state $\mathrm{AB}$ can then be calculated from its corresponding covariance matrix ${\left({\gamma }_{B_2{B}_1{A}_2{A}_1}\right)}_{\mathrm{FAN}}$,

$${\left[S\left(\mathrm{E}\right)\right]}_{{ϵ}_{\mathrm{PE}}}=\sum _{i=1}^{7}G\left({\lambda }_i\right),$$

(43)

$$G\left({\lambda }_i\right)={\displaystyle \frac{{\lambda }_i+1}{2}}log{\displaystyle \frac{{\lambda }_i+1}{2}}-{\displaystyle \frac{{\lambda }_i-1}{2}}log{\displaystyle \frac{{\lambda }_i-1}{2}},$$

(44)

where ${\lambda }_i$ denotes the symplectic eigenvalues of the matrix ${\left({\gamma }_{B_2{B}_1{A}_2{A}_1}\right)}_{\mathrm{FAN}}$.

The evaluation of Eve’s conditional entropy given Bob’s measurement outcomes, ${\left[S\left(\mathrm{E}\mid x_{\mathrm{B}},p_{\mathrm{B}}\right)\right]}_{{ϵ}_{\mathrm{PE}}}$, requires Bob’s measurement results. When Bob performs the data processing $x_{\mathrm{B}}=x_{{\mathrm{B}}_{2{\xi }_{\mathrm{B}}}}-k{x}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$ and $p_{\mathrm{B}}=p_{{\mathrm{B}}_{2{\xi }_{\mathrm{B}}}}+k{p}_{{\mathrm{B}}_{1{\xi }_{\mathrm{B}}}}$, the corresponding operations can be equivalently described by applying a symplectic transformation ${\gamma }_k$ to obtain a new covariance matrix,

$${\left({\gamma }_{B_4{B}_3{B}_5{B}_6{A}_2{A}_1}\right)}_{\mathrm{FAN}}=\left[{\gamma }_k\oplus {\gamma }_k\oplus {\mathrm{I}}_2\right]{\left({\gamma }_{B_{2X}{B}_{1X}{B}_{1p}{B}_{2P}{A}_2{A}_1}\right)}_{\mathrm{FAN}}{\left[{\gamma }_k\oplus {\gamma }_k\oplus {\mathrm{I}}_2\right]}^{\mathrm{T}},$$

(45)

$${\gamma }_k=\left(\begin{array}{cccc}1& 0& -k& 0\\ 0& 1& 0& 0\\ 0& 0& 1& 0\\ 0& k& 0& 1\end{array}\right),$$

(46)

$$k=T\sqrt{T_{\mathrm{A}}}\sqrt{{\eta }_{\mathrm{m}}^{\mathrm{BB}}}\sqrt{{\displaystyle \frac{V_{\mathrm{B}}-1}{V_{\mathrm{B}}+1}}}.$$

(47)

After Eve purifies the system, ${\left[S\left(\mathrm{E}\mid x_{\mathrm{B}},p_{\mathrm{B}}\right)\right]}_{{ϵ}_{\mathrm{PE}}}={\left[S\left(B_3{B}_5{A}_2{A}_{1X}{A}_{1P}\mid x_{\mathrm{B}},p_{\mathrm{B}}\right)\right]}_{{ϵ}_{\mathrm{PE}}}$. By performing heterodyne detection on the matrix ${\left({\gamma }_{B_4{B}_3{B}_5{B}_6{A}_2{A}_1}\right)}_{\mathrm{FAN}}$,

$${\left({\gamma }_{B_3{B}_5{A}_2{A}_1}^{X_{\mathrm{B}},P_{\mathrm{B}}}\right)}_{\mathrm{FAN}}={\left[{\gamma }_{B_3{B}_5{A}_2{A}_1}-C_{B4}{\left(X{\gamma }_{B4}X\right)}^{MP}{C_{B4}}^T-C_{B6}{\left(P{\gamma }_{B6}P\right)}^{MP}{C_{B6}}^T\right]}_{\mathrm{FAN}},$$

(48)

we can then calculate

$${\left[S\left(\mathrm{E}\mid x_{\mathrm{B}},p_{\mathrm{B}}\right)\right]}_{{ϵ}_{\mathrm{PE}}}=\sum _{i=1}^{5}G\left({\lambda }_i^{\prime }\right),$$

(49)

where ${\lambda }_i^{\prime }$ denotes the symplectic eigenvalues of the matrix ${\left({\gamma }_{B_3{B}_5{A}_2{A}_1}^{X_{\mathrm{B}},P_{\mathrm{B}}}\right)}_{\mathrm{FAN}}$.

By substituting Equations (41), (43), and (49) into Equation (16), the secret key rate formula can be obtained.

4. Simulation and Analysis

In this section, we present the simulation results of the improved two-way protocol and compare them with the one-way coherent-state heterodyne protocol.

First, we compare the performance of the two-way protocol in the ideal scenario with the protocol in the practical scenario. In the ideal case, the mode-matching coefficient is set to 1. Moreover, the analysis is carried out in the asymptotic regime. In contrast, in the practical scenario, the four matching coefficients listed in Table 1 must be taken into account simultaneously.

The detection processes in the two-way protocol can be categorized into two types. One corresponds to the detection of quantum states prepared at one side and transmitted through the optical fiber channel to the remote receiver. The other corresponds to the detection of quantum states prepared and measured locally at the same station. Optical signals propagating over long-distance quantum channels (Bob-to-Alice and Alice-to-Bob) typically suffer significantly higher wavefront distortion and temporal broadening compared to the local paths (Alice-to-Alice or Bob-to-Bob).

To avoid the increased complexity arising from the variation of multiple matching coefficients, we assume that Alice and Bob employ the same types of lasers and detectors, and that the modulation format is pre-agreed to maintain TM consistency as much as possible. Under these conditions, the relationships among the four mode-matching coefficients can be expressed as ${\eta }_{\mathrm{m}}^{\mathrm{AA}}={\eta }_{\mathrm{m}}^{\mathrm{BB}}$, ${\eta }_{\mathrm{m}}^{\mathrm{AB}}={\eta }_{\mathrm{m}}^{\mathrm{BA}}$.

Regarding the specific parameter values, besides the method discussed in Section 3.1.3, we also draw on the results of a previously conducted calibration experiment on the mode-matching coefficients [48]. In that study, in a 30 km fiber experiment, for a 50% duty-cycle square-wave signal with a repetition rate of 5 MHz prepared at the transmitter, the maximum mode-matching coefficient obtained under single-point sampling was 0.97. By applying the DSP algorithm to the sampled data, the mode-matching coefficient could be further improved to 0.995.

We consider the experimentally obtained parameters [48] to provide meaningful reference values for practical systems. Based on these results, the mode-matching coefficients corresponding to transmission over long-distance quantum channels (${\eta }_{\mathrm{m}}^{\mathrm{AB}}$ and ${\eta }_{\mathrm{m}}^{\mathrm{BA}}$) are set to 0.97, whereas the coefficients associated with local detection (${\eta }_{\mathrm{m}}^{\mathrm{AA}}$ and ${\eta }_{\mathrm{m}}^{\mathrm{BB}}$) are set to 0.995.

The simulation results are shown in Figure 3. The channel transmittance is given by $T={10}^{-\alpha L/10}$, where a channel loss of $\alpha =0.2 \mathrm{dB}/\mathrm{km}$ is assumed and L denotes the transmission distance. The variance of Bob’s TCMSV state is $V_{\mathrm{B}}=20$, and that of Alice’s TCMSV state is $V_{\mathrm{A}}=20$. The transmittance of the beam splitter used by Alice for interference is $T_{\mathrm{A}}=0.8$. The excess noise of the system is set to $\epsilon =0.1$, and the reconciliation efficiency is ${\beta }_{\mathrm{R}}=0.95$.

In Figure 3, the black solid line represents the secret key rate of the improved two-way coherent-state heterodyne protocol as a function of transmission distance in the ideal scenario. The red dashed line represents the protocol performance when finite-size effects are taken into account and mode mismatch between the transmitter and the receiver is considered. It can be observed that the maximum transmission distance decreases from 48.27 km in the ideal scenario to 38.04 km, corresponding to a reduction of nearly 10 km. Therefore, when implementing the improved two-way protocol in a practical scenario, the combined impact of finite-size effects and mode mismatch should be carefully considered.

Although the performance of the improved two-way protocol degrades compared with that in the ideal scenario due to practical device nonidealities, it still outperforms the one-way protocol under the same parameter settings. To illustrate the performance advantage of the improved two-way protocol, we perform a comparative simulation analysis between the improved two-way and one-way protocols, and the results are shown in Figure 4.

In the continuous-mode scenario, finite-size effects are taken into account by setting the total number of exchanged signals to $N={10}^8$. The mode-matching coefficient between the transmitter and the receiver in one-way protocol is set to 0.97. In addition, coherent states are prepared at the transmitter and heterodyne detection is performed at the receiver. Under these conditions, the red dashed line in Figure 4 represents the improved two-way protocol, while the blue dash-dotted line represents the one-way protocol. It can be observed that the maximum transmission distance of the improved two-way protocol reaches 38.04 km, which is approximately 50% higher than the one-way protocol, whose maximum transmission distance is 25.27 km. Moreover, by further reducing the excess noise or improving the mode matching between the transmitter and the receiver through digital signal processing techniques, the performance advantage of the improved two-way protocol over the one-way protocol can be further enhanced.

To further illustrate the advantage of the improved two-way protocol in tolerating excess noise, we compare the most tolerable excess noise of the improved two-way and one-way protocols. The simulation results are shown in Figure 5, where the red dashed line represents the improved two-way protocol and the blue dash-dotted line represents the one-way protocol.

In the simulations shown in Figure 3 and Figure 4, asymmetric mode-matching coefficients are employed. However, for the evaluation of the maximum tolerable excess noise presented in Figure 5, we retain a uniform value of 0.97 for all four mode-matching coefficients. This choice is made to ensure a fair comparison between the improved two-way protocol and the one-way protocol under identical mode-mismatch conditions. In this way, the superior tolerance to excess noise exhibited by the two-way protocol does not arise from a higher value of any particular mode-matching coefficient, but reflects its intrinsic robustness under the same nonideal conditions.

The simulation results show that the improved two-way protocol exhibits a higher tolerance to excess noise than the one-way protocol over the entire transmission distance range. When the transmission distance is set to 30 km, the improved two-way protocol can tolerate an excess noise exceeding 0.1, whereas the maximum tolerable excess noise for the one-way protocol is only 0.08. As also observed in the simulation results shown in Figure 4, the one-way protocol is no longer feasible under these conditions. At a metropolitan-scale distance of 50 km, the maximum tolerable excess noise of the improved two-way protocol exceeds 0.05, while that of the one-way protocol is only 0.0182. In this case, the improved two-way protocol can tolerate approximately three times more excess noise than the one-way protocol. Moreover, as the transmission distance increases, system performance becomes increasingly sensitive to excess noise, making the advantages of the two-way protocol more pronounced.

In addition, appropriately designed DSP algorithms, such as time-domain window optimization, matched-filter design, and multi-point weighted sampling, have the potential to enhance the mode-matching coefficient and thereby further improve overall system performance. For example, optimizing the transmitter modulation format by replacing square pulses with raised-cosine pulses can increase the mode-matching efficiency, since raised-cosine pulses exhibit lower spectral sidelobes and concentrate more energy in the main lobe, thereby achieving higher waveform fidelity.

5. Conclusions

In this work, we characterize the continuous-mode optical fields in the improved two-way protocol by introducing TMs and establish a security analysis framework for the continuous-mode scenario based on adaptive normalization with calibrated SNU. In addition, finite-size effects on statistical fluctuations in parameter estimation were analyzed based on the central limit theorem and the maximum likelihood estimation method, leading to a tighter secret key rate for the improved two-way protocol. We have analyzed the potential advantages of performing mode-matching coefficient calibration in the two-way protocol. By employing DSP algorithms, it is possible not only to enhance overall system performance but also to mitigate the impact of Rayleigh backscattering.

Our numerical simulations indicate that, in practical scenarios, improving the mode matching between the transmitter and the receiver is essential for enhancing system performance. Under the same parameter settings, the improved two-way protocol consistently outperforms its one-way counterpart. As the transmission distance increases, the impact of excess noise on system performance becomes more pronounced, further highlighting the advantage of the improved two-way protocol in long-distance transmission.

This work provides a more realistic security and performance analysis for the improved two-way protocol, offering useful guidance for its practical implementation and performance optimization. In future digitalized systems, further performance improvements can be achieved by enhancing the mode-matching coefficient through optimized modulation formats and the incorporation of appropriate digital signal processing algorithms.