1. Introduction
Quantum key distribution (QKD) [
1,
2,
3], which is one of the most widely implemented areas of quantum information, enables secure communication for legal participants over public channels. The security of QKD has been guaranteed on the theory of quantum physics against adversaries with unlimited computing power [
4,
5]. Continuous variable (CV) QKD [
6,
7,
8] provides secret key rates as high as half of the Pirandola–Laurenza–Ottaviani–Banchi bound with off-the-shelf devices. So far, theoretical studies and experimental implementations of CVQKD have been put forward, respectively.
As a crucial landmark, a quantum network was proposed to extend QKD from point-to-point configuration to a multi-user and large-scale scenario. A series of quantum networks based on point-to-point QKD devices are designed and developed [
9,
10,
11,
12,
13], including two principle types: quantum channel switching networks [
14] and trusted-repeater-based quantum networks [
15]. However, in these quantum network schemes, quantum memories are required for restoring quantum states. Moreover, there is an urgent need to address the security problems caused by the repeater nodes in the quantum networks, which may not be trusted in practical situations.
Recent developments in the field of entanglement based multipartite QKD [
16,
17,
18] have led to a renewed interest in the construction of QKD. Unlike the conventional point-to-point QKD, the CV QKD with entanglement in the middle [
16] utilizes an untrusted third party to generalize Einstein-Podolsky-Rosen states, which are used for establishing the secure communication between two legitimate parties against both collective attacks and coherent attacks [
18]. On this basis, the tripartite CV QKD with entanglement source in the middle is proposed for providing secure key generation of three legitimate parties against coherent attacks on both the quantum links and the untrusted source. Although some research has been carried out on the CV QKD with entanglement in the middle, the mechanism by which utilizes an untrusted entanglement source to build a quantum network with arbitrary number of users has not been established.
Recently, an measurement-device-independent (MDI) star network based on CV systems has been proposed [
19], which provides high-rate quantum conference and quantum secret sharing services of a building-sized transmission distance. However, the commercial implementation of this MDI star network is limited by the transmission distance. This paper proposes a new methodology for constructing a quantum conferencing network with an entanglement source in the middle, based on multipartite CV Greenberger-Horne-Zeilinger (GHZ) states generation and homodyne detection. Entangled modes of CV GHZ states are generated in the untrusted source in the middle, and distributed to an arbitrary number of legitimate network users. After the homodyne detections of the received modes and the postprocessing procedures, each pair of the parties share mutual information for generating multipartite quantum cryptographic conferencing key. Security analysis proves that the entanglement-based quantum conferencing scheme is able to provide secure communication against collective attacks. Moreover, by applying a Gaussian de Finetti reduction [
20], the security against coherent attacks is also guaranteed [
19]. Simulation results show that our scheme can establish high rate secure conferencing communication for about 100 users in a quantum network with a radius of hundreds of meters.
This paper is organized as follows. In
Section 2, we propose the multipartite quantum conferencing scheme with entanglement in the middle. In
Section 3, we analyze the security of the scheme against collective attacks and provide a derivation progress for the key rate. The simulation results are shown in
Section 4. Finally, we draw our conclusions in
Section 5.
2. A Quantum Conferencing Scheme with Entanglement in the Middle
The proposed entanglement-based CV quantum conferencing network is consists of an arbitrary number (
N) of legitimate users, an entanglement source in the middle and links from the source to the users, which include classical networks and quantum channels. The entanglement source prepares an
x-quadrature-squeezed state
and
p-quadrature-squeezed state
, which are illustrated in
Figure 1. As shown in
Figure 1, the source combines the above
N states by a sequence of beam splitters with decreasing transmissivities
for
. The output modes
after the combinations by the beam splitters are entangled in a multipartite GHZ state which satisfies the relations of
x-quadratures
and
p-quadratures
for any
. This multipartite GHZ state is utilized for generating secret key in our quantum conferencing scheme.
The source sends the N modes of the GHZ state to N legitimate parties named as , respectively. The entangled modes travel through N noisy quantum channels toward the users, respectively. For simplicity, we consider a symmetric configuration of the quantum conferencing scheme that all quantum channels from the source to the users have the same length. In a practical scenario, the transmissivity and thermal noise of the longest quantum channel are selected as the reference to the network configuration. The legitimate parties receive the N entangled modes transmitted through the quantum channels and perform homodyne detection on them, respectively. With the measurement results, the users share mutual information which can generate a secret key for network communication after post-processing procedures. For a quantum conferencing scheme, the result of the ith user is used for reference to the reconciliation procedures, which let other users generate secret keys that can establish secure communication with the ith user, respectively. The CV quantum conferencing protocol with an entanglement source in the middle goes as follows.
The source in the middle prepares a CV GHZ state of N entangled modes , and sends them to N legitimate parties through quantum channels with the same transmissivity , respectively.
After travelling through the noisy channels, N entangled modes of the multipartite GHZ state are received by , respectively.
The users perform homodyne detections on the p-quadratures of the received modes, respectively. Then, they perform quadrature measurement.
With the results of the measurement, the users use a public channel to complete following procedures as parameter estimation, information reconciliation and privacy amplification.
Collective Attacks on Quantum Conferencing Scheme with Entanglement in the Middle
The best attack strategy of the eavesdropper Eve on the quantum star network is to perform attacks on all the quantum links and the entangled source in the middle. Since the Gaussian state can maximize the information of both the users and Eve, we consider the worst case that Eve fakes the source and prepares the multipartite Gaussian GHZ state herself [
16]. Moreover, the Gaussian attacks of the links and the entangled source can be reduced to an attack of the links only [
21].
At the beginning of eavesdropping, Eve replaces each of the original lossy channels with a noiseless channel and a beam splitter, of which the transmissivity is equal to the channel loss of the original channel
, and the thermal noise is
. Eve prepares entangled ancillary modes
and injects them onto the entangled modes
by her beam splitters of the channels, respectively. The output ancillary modes
are stored in Eve’s quantum memory, and the injected modes
are sent to the users, respectively. For each ancillary mode of the beam splitters, Eve performs a collective Gaussian attack [
22,
23]. Although the entangled cloner collective attacks are simpler for analysing the security, coherent attacks are the most general and powerful attacks for the eavesdropper Eve [
22]. Since the performance of coherent attacks can be calculated as in Ref. [
20] by applying a Gaussian de Finetti reduction [
24], in our work, we focus on the security analysis of the quantum conferencing scheme against collective Gaussian attacks.
3. Security Analysis
The entangled source generates the initial state
of an
x-quadrature squeezed mode
and
p-quadrature squeezed modes
. The covariance matrices of the initial modes are defined as
and
The quadrature vector
of
is denoted as
To represent the
quadratures of the
N modes,
is restructured into the following form,
After generating the initial modes, the source firstly combines and by a beam splitter of transmissivity . In the next steps, one of the output mode from the combination and an initial mode are combined by a beam splitter of transmissivity , for . This series of combinations produces N output modes , which are entangled in a GHZ state.
The transmissivities of the
beam splitters of the entangled source is denoted by
, for
. The output modes is described by the linear transformations on
x-quadratures
and the analogous linear transformations on
p-quadratures. Moreover, the covariance matrices of the beam splitters are denoted by
We use symplectic matrix
to describe the combinations of the beam splitters
. The elements of
are given by
The covariance matrix (CM) of the initial state
is denoted by
in which
and
are the CM of the
x-quadratures and the
p-quadratures of
in terms of the quadrature vector
, respectively. The CM
and
are denoted by the following forms
where
r refers to the squeeze factor of the initial squeezed states. The source combines the modes of
by the beam splitters, producing the entangled modes of a GHZ state
, which is described by the following CM
where
and
The eavesdropper Eve prepares an ancillary state
to perform entangled cloner attacks. Each entangled mode of
is injected onto a travelling mode
of
, respectively. The CM of
that corresponds to
is given by
where
denotes the variance of Eve’s ancillary modes. The CM of the whole system before the transmission through the quantum channels is defined by
In order to implement eavesdropping, Eve replaces the noisy channels from the source to all the legitimate parties with noisy-free quantum links and beam splitters, respectively. The transmittance
of each beam splitter of Eve is the same as the original noisy channel it has replaced. The symplectic matrices of Eve’s beam splitters are denoted by
We use the symplectic matrix
to describe the transmission action of the entire system of both the entangled modes from the source and Eve’s ancillary modes by Eve’s beam splitters
After the transmission of the legitimate users’ modes through Eve’s thermal-loss channels and beam splitters, the CM of the whole system is described by
We distill the partial matrix
from
, which describes the entangled modes of the users’ received state
. The form of
is described by
with
and
As a result, the CM of any
ith and
jth Bobs’ modes is described by
3.1. Mutual Information
In the presented CV quantum conferencing scheme, all the Bobs receive their entangled modes and then perform homodyne detection on the p-quadratures of them, respectively. The legitimate users pick the measurement results of an arbitrary ith Bob’s mode as the reference of the reconciliation procedure. Each of the other users (noted as the jth Bob) can generate a secret key with the ith Bob to establish secure communication between them.
The Bobs perform homodyne detections on the
p-quadratures of their received modes, respectively. The conditional CM of the
ith and the
jth Bobs’ modes
and
after homodyne detections is given by
where
The mutual information between the
ith and the
jth Bobs’ results is generated by
We also consider each user performs heterodyne detection on both
x-quadrature and
p-quadrature of their received mode. The conditional CM of the the
ith and the
jth Bobs’ modes after one of them performs heterodyne detection is given by
where
and
The mutual information between the
ith and the
jth Bobs’ heterodyne results is given by
3.2. Holevo Bound of the Stolen Information
Since the results of the
ith Bob’s mode are utilized as the reference, the eavesdropper Eve’s stolen information is defined by the Holevo information
between Eve and the result of the
ith Bob. Since Eve has the ability to purify the entire system, the state
that describes the system after transmission through the quantum links is pure, where
E denotes the measurement results of Eve’s restored modes
. After the users’ homodyne measurement, the conditional state
is still pure, where
denotes the measurement results of all the users. Hence, the Holevo bound of the stolen information is given by
where
denotes the Holevo entropy of state
. In order to derive the Holevo entropy
, we calculate the symplectic eigenvalues of the CM
, which is the eigenvalues of the Williamson normal form
[
25,
26], where
is the imaginary unit and
is the symplectic form
We derive the single N-degenerate symplectic eigenvalues of
, which is described by
The von Neumann entropy
is generated from the
N symplectic eigenvalues
by the following equation
where
The conditional CM
describes the received modes of the Bobs after the
ith Bob performs homodyne detection on his mode. We reconstruct the CM
in the following matrix:
where
describes the mode of the
ith Bob,
describes all the other Bobs’ modes and
describes the relations between the above two blocks. After the homodyne detection on the
p-quadrature of the
ith Bob’s mode, the conditional CM
is given by
Similarly, we derive the symplectic eigenvalues of
, which contain
identical symplectic eigenvalues given by Equation (
36). The conditional von Neumann entropy
is given by
Then, the Holevo bound of Eve’s stolen information is derived from the above equations
In addition, we consider the Holevo bound when the users perform heterodyne detection on their received modes. The symplectic eigenvalues of
after the heterodyne detecion include
symplectic eigenvalues given by Equation (
36), and one given by
where
The conditional von Neumann entropy
is given by
Then, the Holevo bound of Eve’s stolen information is derived from the above equations
With the results in Equations (
28) and (
41), we finally derive the secret key rate of our quantum conferencing with entanglement in the middle scheme
4. Simulation Results
In this section, we consider the CV quantum conferencing with entanglement in the middle against collective attacks and give the simulation results of our security analysis. All of the quantum channels have the same transmissivity , which is mapped into a fiber distance l in km, using . Different conditions of thermal noise and number of users are taken into account.
In
Figure 2, we plot the secret key rate of our quantum conferencing scheme versus the maximum distance of the quantum link in our network. The solid blue lines, small dashed red lines and large dashed black lines refer to
,
and
network users of our quantum conferencing scheme, respectively. As shown in
Figure 2, the scheme can reach a network radius of 2 km when the number of users is less than 10. When the number of users increases to 100, the scheme can still provide a quantum conferencing network with a longest transmission distance of over 500 m (520 m when thermal noise is set to
, and 575 m when thermal noise is set to 0). Furthermore, the curves show that, with a network radius of 480 m, 100 users can establish secure conferencing communication at about 0.1 bit per pulse. The conferencing key rate can reach 2.5 Mbits per second based on a CV QKD network with a clock of 25 MHz [
27].
Figure 3 presents the relationship between number of users and the maximum network distance when the secret conferencing key rate is asymptotic to 0, and the thermal noise is set to
in (a) and
in (b), respectively. As can be seen from
Figure 3, there is a trade-off between the number of network users and the maximum transmission distance. Moreover, the conferencing scheme can achieve secure communication for 300 users on a building-size scale (about a radius of 150 m), or for dozens of users between multiple buildings (within a radius of 500 m or more). This result shows that the quantum conferencing with entanglement in the middle scheme can be applied to more scenarios than the MDI-based high-rate quantum conferencing scheme [
19], which provides secure conference for 50 users within a radius of 40 m.
We consider different measurement methods that the network perform on their received modes. In the key rate equation Equation (
46), we replace the mutual information
that was derived in Equation (
28) with the result in Equation (
32), and give the simulation results in
Figure 4. Obviously, the scheme with homodyne detection has better performance of the secure conferencing key rate than the scheme with heterodyne detection. As we mentioned in
Section 2, the
p-quadratures of the entangled GHZ state have correlations of
for any
, which is utilized for the conferencing key generation of our scheme. As a result, we select homodyne detection as the measurement method for the network users.
5. Conclusions
We have proposed a quantum network with entanglement in the middle scheme, which provides secure conferencing communication for an arbitrary number of users. An entanglement source in the middle generates an multipartite GHZ state and distributes each mode of the state to the network users, respectively. The legitimate users receive the entangled modes, and perform homodyne measurement on them to distill mutual information for generating secret conferencing keys for each pair of users. Our security analysis shows that the quantum conferencing scheme can generate secret keys against collective attacks on both the untrusted entangled source and all of the quantum links.
The aim of this paper is to establish a secure conferencing network for dozens of users within a community or a factory area. Simulation results show that our scheme can provide high rate secure conferencing keys for more than 100 users in a quantum network with a radius of hundreds of meters. The security analysis of our scheme is against collective attacks, whereas the analysis against coherent attacks can be achieved by applying a Gaussian de Finetti reduction [
20]. Further research should be carried out to establish the finite-size composable security of the quantum conferencing with entanglement in the middle scheme.