Side-Channel Free Measurement-Device- Independent Quantum Key Distribution Based on Source Monitoring

Measurement-device-independent quantum key distribution (MDI-QKD) can remove all detector side-channel attacks. However, there are still some assumptions on source preparations in MDI-QKD protocols, which are too strict to achieve in real-life implementations. To remove those assumptions, here we construct a scheme on characterizing the source modulation errors with Hong-Ou-Mandel (HOM) interferences. Furthermore, we combine it with the decoy-state method and present the security analysis. Besides, finite data-size effects are taken into account as well. Simulation results verify the feasibility and practicability of this scheme. It thus seems a very promising candidate for constructing high-security network in the near future.

implementations. Device-independent quantum key distribution (DI-QKD) [2], [3] is inherently immune to all side-channel attacks, but its practicality is limited due to its high demand for detection efficiency and channel loss. As an alternative, MDI-QKD [4] eliminates all side-channels on the vulnerable detection side. However, the source side remains susceptible to modulation deviations and attacks. Side-channel attacks on the source system can be classified into two major types: active and passive. In an active attack, such as a Trojan horse attack, the eavesdropper sends a strong light source to the preparation side and attempts to obtain information about the settings from the reflected light. In passive attacks, the idea is to exploit imperfections within the signal generation stage to obtain information about high-dimensional parameters, which may reveal information about the secret keys.
In recent years, several studies have been conducted to improve security with source flaws, such as the loss-tolerant [5], [6], [7] and reference techniques [8], [9], [10]. Among these attempts, the loss-tolerant method only considers the state preparation errors in two-dimensional space. On the other hand, side channels caused by mode dependencies, e.g., classical pulse correlations [11] or distinguishable decoy states [12], need extra parameters to characterize the information leakage and have been solved in theory. However, those parameters are often very difficult to measure in experiments [13], leaving the high dimensional leakage hard to quantify in practice. Luckily, Duplinskiy et al. [14] proposed a new way of characterizing the passive side-channel information leakage by monitoring the HOM interference and implement it in BB84 protocol. Based on the work in [14], here we present a more practical decoy-state MDI-QKD protocol by taking modulation imperfections in decoy states into account, moreover, finite-size effects are also taken into account.
Our passage is arranged as follows: Section II is the introduction of 3-intensity MDI-QKD with source monitoring; Reconsidering of decoy-state method is shown in Section III; Section IV shows our simulation results and analysis. The passage end with conclusion.

II. MDI-QKD PROTOCOL WITH SOURCE MONITORING
In the following, we first briefly review the steps of the MDI-QKD protocol with 3-intensity decoy state method [15].
Preparation: Alice (Bob) independently sends a phaserandomized coherent state with intensities randomly chosen This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ from a predetermined set with probability P x (P y ), where x, y ∈ {μ, ν, o}. The phase-randomized weak coherent source follows the probability distribution of ρ x = ∞ n=0 P x n |n n| = ∞ n=0 e −x x n n! |n n|. In the following, Alice and Bob encode the polarization states to be |H , |V , |D , |A , where |H and |V are in the Z basis, and |D and |A are in the X basis, here . Measurement: For each time window, the untrusted party Charlie performs a Bell-state measurement on the received pulses from Alice and Bob. The successful outcome will be projected into |ϕ ± = 1 √ 2 (|HV ± |V H ). Later on, Alice and Bob will exchange relevant information including the intensity or basis choices. Key generation: In this step, Alice and Bob will carry out parameter estimation and calculate the final key rate as: (1) Here, P μz represents the probability of pulses prepared in the Z-basis with intensity μ for Alice or Bob, while P μ 1 indicates the probability of the WCS emitting a single-photon pulse with intensity μ. Y L,Z 11 and e U,ph 11 denote the lower bound of the singlephoton yield and the upper bound of the single-photon error rate, respectively, and Q Z μμ and E Z μμ represent the average gain and the quantum bit error rate of the Z-basis. Additionally, f is the error correction efficiency factor, and represents the binary entropy function.
It is well known that MDI-QKD can remove all side-channel attacks on the detector side. However, there may exist preparation flaws and side-channel leakage during the state encoding process due to device imperfections. In the following, we present an improved MDI-QKD scheme with a visibility testing module. Fig. 1(a) shows the overall scheme and Fig. 1(b) shows the encoder module. In Fig. 1(a), phase-randomized weak coherent pulses (WCP) are sent into the encoder module and are prepared into different polarization states and intensities in either Alice or Bob's side. In Charlie's side, Bell-state projection measurements are carried out on the received photon-pair pulses from Alice and Bob. In Fig. 1(b), the encoder module mainly consists of one polarization modulator (Pol-M) and one intensity modulator (Decoy-IM). The beam-splitters (BSs) are placed separately before the Pol-M and after the Decoy-IM, each splitting part light and finally interfering at the V-Test module for security monitoring. Here we assume that the polarization state |H prepared by the laser is a standard reference state, and the intensity of light passing through the down path of the beam splitter and attenuator is μ with the |H polarization state. The light passing through the upper path will be modulated by a polarization modulator and an intensity modulator to prepare different intensities and encoding states. After that, a portion of it will be reflected on the beam splitter for HOM interference with the reference light. It is worth noting that the optical signal in the lower path is delayed by an integer number of periods using fiber, thereby guaranteeing that the pulses interfering at the beam splitter are phase-randomized, and OD enables convenient We begin by expressing the source density matrices of the X or Z basis as a tensor product of actual density matrices and high-dimension freedom ρ(λ), as follows: here, the photon number of each pulse follows a Poisson distribution denoted as P x n . According to the definition of fidelity [16], [17], we can obtain that the HOM interference visibility of two states, V HOM which has a relationship with their quantum fidelity as where γ := V HOM 2 and γ is used to define the similarity between states ρ x and ρ y .
Next, the value called bases imbalance allows to quantify the differences between different density matrices [18], [19]: where F (X, Z) is the fidelity between X basis and Z basis. However, we cannot obtain the value of bases imbalance instantly by (4). Based on Bures angles and triangle inequality [20], we can conclude that: where X i and Z j (i, j ∈ {0, 1}) respectively denote the auxiliary matrices [14] for each basis to calculate the fidelity between the bases, and B is used to represent the X basis or Z basis.
In the V-Test module, the state that arrives via the upper path is modulated by both polarization modulator and intensity modulator, with intensity of μ and v respectively, and can be polarized in one of four ways: |H , |V , |D , |A , resulting in a total of eight modulated states: Note that we do not consider the case where the pulse intensity is zero and its encoding. The state that arrives via the lower path has a reference intensity of μ and a polarization mode of |H . Within this module, there are eight possible cases for the HOM interference visibility measurement, denoted as V k M , and the corresponding expected values are denoted as V k E (k ∈ {1, 2, . . ., 8}). We use the symbol V k to represent the deviations between eight sets of measurements and expected HOM visibility. Considering that the maximum value of HOM visibility is 0.5 (i.e., the HOM visibility of two states with intensity μ and polarization |H ), we use the following equation to express the deviations, and we denote the minimum value as V , In the special case when all fidelities equal the same minimum value F corresponding to the worst visibility V among all combinations in (3). Equation (5) simplifies to 1 − 2 ≥ cos 2arccos 1 + F 2 + arccos (F ) . (7) To simulate the effect of bases imbalance, we use a method mentioned in [18]. Considering the ability of Eve to use a lossless channel, the calculated bases imbalance is corrected as .
The relation between the upper bound of the single-photon error rate e U 11 and the phase error rate e U,ph 11 is obtained as follows:

III. DECOY-STATE METHOD WITH DISTINGUISHABLE DECOY STATES
In the classical theory of decoy-state method [21], we usually assume that the yield (or error rate) and the intensity of n-photon pulses are independent, so the yield and error rate of n-photon states at different intensities are always equal.
However, if Eve launches attacks on high-dimension freedom and obtains some prior information about the intensity of Alice's According to the information obtained from the [22], it can be inferred that The source imperfections can be characterized by the trace distance D μν , which can be bounded by the following equations: By referring [12], we re-derive the lower bound of the yield and the upper bound of the error rate for single-photon pulses with distinguishable decoy states: here, we use Q xy and E xy to respectively denote the overall gain and quantum bit error rate. To account for the finite-key effect, we apply the Chernoff bound method as described in [23], and denote the upper and lower bounds of the variables in (12) and (13) with overlines and underlines. Specifically, for a variable X, and σ 2 = 2Xln(ξ − 3 2 ). The failure probability of statistical fluctuation analysis ξ satisfies the following inequalities:

IV. SIMULATIONS AND ANALYSIS
Based on the formulas presented in the previous section, we present simulation results in Fig. 2. Our simulations consider finite-key analysis and global optimization to obtain better practical performance. The system parameters we used are listed in Table I. Here, P d denotes the dark count rate of detectors; e 0 is the error rate of the vacuum state; e d is the misalignment error probability; η is the detection efficiency of detectors; f is the error correction efficiency; in addition, here we assume that the loss coefficient of the transmission fibers is 0.165 dB/km in our simulations. The parameters mentioned above are the primary characteristics of practical QKD systems, while the following parameters related to finite-key effect: ξ is the failure probability As show in Fig. 2, both the key rate and the transmission distance will rapidly decline their values with the decreasing of the HOM visibility, e.g., the transmission distance decreases to a third of the distance when V changing from 0.5 to 0.4995. For experiments conducted under favorable conditions, e.g., with a HOM visibility of 0.499 [24] (indicated by the dotted line), the simulation results indicate that our approach can still achieve 95 km transmission distance with a high security. Even for experiments conducted under normal experimental conditions [25], [26], [27], [28], e.g., with a HOM visibility of 0.47, our approach can still achieve transmission distances over 50 km. Overall, our present proposed scheme can exhibit superior performance compared with present DI-QKD while maintaining a comparable level of security.
In order to demonstrate the influence of HOM visibility on the secure key rate more clearly, we also calculate the key rate corresponding to different HOM visibilities at 40 km as shown in Fig. 3. It can be observed that the secure key rate rapidly decreases as the interference visibility diminishes, and subsequently exhibits a gradual decline before approaching a plateau. In spite of this, for as low as V = 0.45, the keys are still available. In general, this method has proven effective at achieving secure transmission over long distances and under challenging experimental conditions, demonstrating promising performance and ensuring high security.

V. CONCLUSION
We have constructed a scheme to improve the security of MDI-QKD systems by monitoring the HOM interference visibility of the source. Moreover, we have established a relationship between the HOM interference visibility and the key rate through formulaic derivations. Besides, to further improve the security, we also reconsidered the distinguishability of the signal and the decoy states and estimate the yield and the error rate of Fig. 3. Relationship between the optimal secure key rate and the HOM visibility at 40 km. Different colored markers on the curve correspond to the V values used in Fig. 2, from left to right. the single-photon pulses. After carrying out full parameter optimization and finite-key analysis, we have demonstrated that, although the secure key rate of the present scheme is quite sensitive to the HOM interference visibility, it can still exhibit secure transmission distances over 50 km with current technology. Most importantly, it can show much better performance compared with present DI-QKD systems [3] while keep similar security. Ref. [13] experimentally characterizes various source flaws through five distinct parameters. In contrast, our approach employs a single parameter to characterize the overall source imperfections, thus avoiding potential undetected side channels and unannounced attacks, resulting in enhanced security. In addition, here we only use the MDI-QKD protocol for illustration, in fact, this method can also be applied to other protocols such as TF-QKD or Mode-Pairing MDI-QKD [29]. Therefore, our present work may provide valuable references for developing high-performance and high security quantum communications in the near future.