Multipartite Continuous Variable Quantum Conferencing Network with Entanglement in the Middle

We suggest a continuous variable quantum conferencing network scheme with an entangled source in the middle. Here, the source generates a multipartite entangled state and distributes the modes of the state to an arbitrary number of legitimate network users. The entangled modes that were received and measured by the users share mutual information, which is utilized to generate secure conferencing key between users. The scheme is proven secure against collective attacks on both the untrusted source in the middle and all the quantum links. Simulation results show that the presented scheme can achieve high rate secure conferencing for 100 users within a 400 m-radius community or factory area.


Introduction
Quantum key distribution (QKD) [1][2][3], which is one of the most widely implemented areas of quantum information, enables secure communication for legal participants over public channels. The security of QKD has been guaranteed on the theory of quantum physics against adversaries with unlimited computing power [4,5]. Continuous variable (CV) QKD [6][7][8] provides secret key rates as high as half of the Pirandola-Laurenza-Ottaviani-Banchi bound with off-the-shelf devices. So far, theoretical studies and experimental implementations of CVQKD have been put forward, respectively.
As a crucial landmark, a quantum network was proposed to extend QKD from point-to-point configuration to a multi-user and large-scale scenario. A series of quantum networks based on point-to-point QKD devices are designed and developed [9][10][11][12][13], including two principle types: quantum channel switching networks [14] and trusted-repeater-based quantum networks [15]. However, in these quantum network schemes, quantum memories are required for restoring quantum states. Moreover, there is an urgent need to address the security problems caused by the repeater nodes in the quantum networks, which may not be trusted in practical situations.
Recent developments in the field of entanglement based multipartite QKD [16][17][18] have led to a renewed interest in the construction of QKD. Unlike the conventional point-to-point QKD, the CV QKD with entanglement in the middle [16] utilizes an untrusted third party to generalize Einstein-Podolsky-Rosen states, which are used for establishing the secure communication between

A Quantum Conferencing Scheme with Entanglement in the Middle
The proposed entanglement-based CV quantum conferencing network is consists of an arbitrary number (N) of legitimate users, an entanglement source in the middle and links from the source to the users, which include classical networks and quantum channels. The entanglement source prepares an x-quadrature-squeezed stateâ 1 and N − 1 p-quadrature-squeezed stateâ 2,··· ,N , which are illustrated in Figure 1. As shown in Figure 1, the source combines the above N states by a sequence of beam splitters with decreasing transmissivities T k = 1 − 1/(N − k + 1) for k = 1, · · · , N − 1. The output modesâ 1,··· ,N after the combinations by the beam splitters are entangled in a multipartite GHZ state which satisfies the relations of x-quadratures ∑ N k=1â x k → 0 and p-quadraturesâ p k −â p k → 0 for any k, k = 1, · · · , N. This multipartite GHZ state is utilized for generating secret key in our quantum conferencing scheme.
The source sends the N modes of the GHZ state to N legitimate parties named as Bob 1,··· ,N , respectively. The entangled modes travel through N noisy quantum channels toward the users, respectively. For simplicity, we consider a symmetric configuration of the quantum conferencing scheme that all quantum channels from the source to the users have the same length. In a practical scenario, the transmissivity and thermal noise of the longest quantum channel are selected as the reference to the network configuration. The legitimate parties receive the N entangled modesâ 1,··· ,N transmitted through the quantum channels and perform homodyne detection on them, respectively. With the measurement results, the users share mutual information which can generate a secret key for network communication after post-processing procedures. For a quantum conferencing scheme, the result of the ith user is used for reference to the reconciliation procedures, which let other users generate secret keys that can establish secure communication with the ith user, respectively. The CV quantum conferencing protocol with an entanglement source in the middle goes as follows.

1.
The source in the middle prepares a CV GHZ state ρ 1 of N entangled modesâ 1,··· ,N , and sends them to N legitimate parties Bob 1,··· ,N through quantum channels with the same transmissivity η, respectively.
The users perform homodyne detections on the p-quadratures of the received modes, respectively. Then, they perform quadrature measurement.

4.
With the results of the measurement, the users use a public channel to complete following procedures as parameter estimation, information reconciliation and privacy amplification.

Collective Attacks on Quantum Conferencing Scheme with Entanglement in the Middle
The best attack strategy of the eavesdropper Eve on the quantum star network is to perform attacks on all the quantum links and the entangled source in the middle. Since the Gaussian state can maximize the information of both the users and Eve, we consider the worst case that Eve fakes the source and prepares the multipartite Gaussian GHZ state herself [16]. Moreover, the Gaussian attacks of the links and the entangled source can be reduced to an attack of the links only [21].
At the beginning of eavesdropping, Eve replaces each of the original lossy channels with a noiseless channel and a beam splitter, of which the transmissivity is equal to the channel loss of the original channel η, and the thermal noise isn. Eve prepares entangled ancillary modesÊ 1,··· ,N and injects them onto the entangled modesâ 1,··· ,N by her beam splitters of the channels, respectively.
The output ancillary modesÊ 1,··· ,N are stored in Eve's quantum memory, and the injected modeŝ a 1,··· ,N are sent to the users, respectively. For each ancillary mode of the beam splitters, Eve performs a collective Gaussian attack [22,23]. Although the entangled cloner collective attacks are simpler for analysing the security, coherent attacks are the most general and powerful attacks for the eavesdropper Eve [22]. Since the performance of coherent attacks can be calculated as in Ref. [20] by applying a Gaussian de Finetti reduction [24], in our work, we focus on the security analysis of the quantum conferencing scheme against collective Gaussian attacks.

Security Analysis
The entangled source generates the initial state ρ 0 of an x-quadrature squeezed modeâ 1 and N − 1 p-quadrature squeezed modesâ 2,··· ,N . The covariance matrices of the initial modes are defined as and The quadrature vector ξ 0 of ρ 0 is denoted as To represent the 2N quadratures of the N modes, ξ 0 is restructured into the following form, After generating the initial modes, the source firstly combinesâ 1 andâ 2 by a beam splitter of transmissivity T 1 . In the next N − 2 steps, one of the output mode from the kth combination and an initial modeâ k+1 are combined by a beam splitter of transmissivity T k , for k = 2, · · · , N − 1. This series of combinations produces N output modesâ 1,··· ,N , which are entangled in a GHZ state.
The transmissivities of the N − 1 beam splitters of the entangled source is denoted by T k = N−k N−k+1 , for k = 1, 2, · · · , N − 1. The output modes is described by the linear transformations on x-quadratureŝ and the analogous linear transformations on p-quadratures. Moreover, the covariance matrices of the beam splitters are denoted by We use symplectic matrix R to describe the combinations of the beam splitters T 1,··· ,N−1 . The elements of R are given by The covariance matrix (CM) of the initial state ρ 0 is denoted by in which V x and V p are the CM of the x-quadratures and the p-quadratures of ρ 0 in terms of the quadrature vector ξ 1 , respectively. The CM V x and V p are denoted by the following forms where r refers to the squeeze factor of the initial squeezed states. The source combines the modes of ρ 0 by the beam splitters, producing the entangled modes of a GHZ state ρ 1 , which is described by the following CM where and The eavesdropper Eve prepares an ancillary state ρ E to perform entangled cloner attacks. Each entangled mode of ρ E is injected onto a travelling modeâ k of ρ 1 , respectively. The CM of ρ E that corresponds to ρ 1 is given by where ω = 1 + 2n denotes the variance of Eve's ancillary modes. The CM of the whole system before the transmission through the quantum channels is defined by In order to implement eavesdropping, Eve replaces the noisy channels from the source to all the legitimate parties with noisy-free quantum links and beam splitters, respectively. The transmittance η of each beam splitter of Eve is the same as the original noisy channel it has replaced. The symplectic matrices of Eve's beam splitters are denoted by We use the symplectic matrix S E to describe the transmission action of the entire system of both the entangled modes from the source and Eve's ancillary modes by Eve's beam splitters After the transmission of the legitimate users' modes through Eve's thermal-loss channels and beam splitters, the CM of the whole system is described by We distill the partial matrix V 4 from V 3 , which describes the entangled modes of the users' received state ρ 2 . The form of V 4 is described by with and As a result, the CM of any ith and jth Bobs' modes is described by

Mutual Information
In the presented CV quantum conferencing scheme, all the Bobs receive their entangled modes and then perform homodyne detection on the p-quadratures of them, respectively. The legitimate users pick the measurement results of an arbitrary ith Bob's mode as the reference of the reconciliation procedure. Each of the other users (noted as the jth Bob) can generate a secret key with the ith Bob to establish secure communication between them.
The Bobs perform homodyne detections on the p-quadratures of their received modes, respectively. The conditional CM of the ith and the jth Bobs' modes B i and B j after homodyne detections is given by where The mutual information between the ith and the jth Bobs' results is generated by We also consider each user performs heterodyne detection on both x-quadrature and p-quadrature of their received mode. The conditional CM of the the ith and the jth Bobs' modes after one of them performs heterodyne detection is given by where and The mutual information between the ith and the jth Bobs' heterodyne results is given by

Holevo Bound of the Stolen Information
Since the results of the ith Bob's mode are utilized as the reference, the eavesdropper Eve's stolen information is defined by the Holevo information H(E : B i ) between Eve and the result of the ith Bob. Since Eve has the ability to purify the entire system, the state ρ Eρ 2 that describes the system after transmission through the quantum links is pure, where E denotes the measurement results of Eve's restored modesÊ 1,··· ,N . After the users' homodyne measurement, the conditional state ρ EB |B i is still pure, where B denotes the measurement results of all the users. Hence, the Holevo bound of the stolen information is given by where S(ρ) denotes the Holevo entropy of state ρ. In order to derive the Holevo entropy S(ρ 2 ), we calculate the symplectic eigenvalues of the CM V 4 , which is the eigenvalues of the Williamson normal form |IΩV 4 | [25,26], where I is the imaginary unit and Ω is the symplectic form We derive the single N-degenerate symplectic eigenvalues of V 4 , which is described by The von Neumann entropy S(ρ 2 ) is generated from the N symplectic eigenvalues ν by the following equation where The conditional CM V B |B i describes the received modes of the Bobs after the ith Bob performs homodyne detection on his mode. We reconstruct the CM V 4 in the following matrix: where B 1 describes the mode of the ith Bob, A 1 describes all the other Bobs' modes and C 1 describes the relations between the above two blocks. After the homodyne detection on the p-quadrature of the ith Bob's mode, the conditional CM V B |B i is given by Similarly, we derive the symplectic eigenvalues of V B |B i , which contain N − 1 identical symplectic eigenvalues given by Equation (36). The conditional von Neumann entropy S(ρ B |B i ) is given by Then, the Holevo bound of Eve's stolen information is derived from the above equations In addition, we consider the Holevo bound when the users perform heterodyne detection on their received modes. The symplectic eigenvalues of V B |B i after the heterodyne detecion include N − 2 symplectic eigenvalues given by Equation (36), and one given by where τ 1 = N(1 − η)ω η + ηe 4r + e 2r + η[e 4r + Nηe 2r + (N − 1)] + N(1 − η) 2 e 2r ω 2 , The conditional von Neumann entropy S(ρ B |B i ) is given by Then, the Holevo bound of Eve's stolen information is derived from the above equations With the results in Equations (28) and (41), we finally derive the secret key rate of our quantum conferencing with entanglement in the middle scheme

Simulation Results
In this section, we consider the CV quantum conferencing with entanglement in the middle against collective attacks and give the simulation results of our security analysis. All of the quantum channels have the same transmissivity η, which is mapped into a fiber distance l in km, using η := 10 l/50 . Different conditions of thermal noise and number of users are taken into account.
In Figure 2, we plot the secret key rate of our quantum conferencing scheme versus the maximum distance of the quantum link in our network. The solid blue lines, small dashed red lines and large dashed black lines refer to N = 3, N = 10 and N = 100 network users of our quantum conferencing scheme, respectively. As shown in Figure 2, the scheme can reach a network radius of 2 km when the number of users is less than 10. When the number of users increases to 100, the scheme can still provide a quantum conferencing network with a longest transmission distance of over 500 m (520 m when thermal noise is set to 0.05, and 575 m when thermal noise is set to 0). Furthermore, the curves show that, with a network radius of 480 m, 100 users can establish secure conferencing communication at about 0.1 bit per pulse. The conferencing key rate can reach 2.5 Mbits per second based on a CV QKD network with a clock of 25 MHz [27].  Figure 3 presents the relationship between number of users and the maximum network distance when the secret conferencing key rate is asymptotic to 0, and the thermal noise is set ton = 0.05 in (a) andn = 0 in (b), respectively. As can be seen from Figure 3, there is a trade-off between the number of network users and the maximum transmission distance. Moreover, the conferencing scheme can achieve secure communication for 300 users on a building-size scale (about a radius of 150 m), or for dozens of users between multiple buildings (within a radius of 500 m or more). This result shows that the quantum conferencing with entanglement in the middle scheme can be applied to more scenarios than the MDI-based high-rate quantum conferencing scheme [19], which provides secure conference for 50 users within a radius of 40 m.
We consider different measurement methods that the network perform on their received modes. In the key rate equation Equation (46), we replace the mutual information I(B i : B j ) that was derived in Equation (28) with the result in Equation (32), and give the simulation results in Figure 4. Obviously, the scheme with homodyne detection has better performance of the secure conferencing key rate than the scheme with heterodyne detection. As we mentioned in Section 2, the p-quadratures of the entangled GHZ state have correlations ofâ p k −â p k → 0 for any k, k = 1, · · · , N, which is utilized for the conferencing key generation of our scheme. As a result, we select homodyne detection as the measurement method for the network users.

Conclusions
We have proposed a quantum network with entanglement in the middle scheme, which provides secure conferencing communication for an arbitrary number of users. An entanglement source in the middle generates an multipartite GHZ state and distributes each mode of the state to the network users, respectively. The legitimate users receive the entangled modes, and perform homodyne measurement on them to distill mutual information for generating secret conferencing keys for each pair of users. Our security analysis shows that the quantum conferencing scheme can generate secret keys against collective attacks on both the untrusted entangled source and all of the quantum links.
The aim of this paper is to establish a secure conferencing network for dozens of users within a community or a factory area. Simulation results show that our scheme can provide high rate secure conferencing keys for more than 100 users in a quantum network with a radius of hundreds of meters. The security analysis of our scheme is against collective attacks, whereas the analysis against coherent attacks can be achieved by applying a Gaussian de Finetti reduction [20]. Further research should be carried out to establish the finite-size composable security of the quantum conferencing with entanglement in the middle scheme.

Conflicts of Interest:
The founding sponsors had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript, and in the decision to publish the results.

Abbreviations
The following abbreviations are used in this manuscript: QKD Quantum Key Distribution CV Continuous Variable MDI Measurement-Device-Independent GHZ Greenberger-Horne-Zeilinger CM Covariance Matrix