Deployed measurement-device independent quantum key distribution and Bell-state measurements coexisting with standard internet data and networking equipment

11:31 17 julio in Artículos por Website

The MDI-QKD protocol

In the MDI-QKD protocol, the two end nodes (Alice and Bob) are functionally identical: they randomly choose a string of qubit states, each being one of the four BB84 states (\(\left|0\right\rangle\), \(\left|1\right\rangle\) in the Z-basis and \(\left|\pm \right\rangle =(\left|0\right\rangle \pm \left|1\right\rangle )/\sqrt{2}\) in the X-basis). Alice and Bob associate the states \(\left|0\right\rangle\) and \(\left|+\right\rangle\) (\(\left|1\right\rangle\) and \(\left|-\right\rangle\)) with classical bit value 0 (and 1). They sequentially encode these qubit states into attenuated laser pulses at the single-photon level and transmit them to a center node. For each pair of photons (one from Alice and one from Bob, which arrive simultaneously at the center node) the center node performs a BSM, which may project the qubits onto the maximally entangled \(\left|\psi -\right\rangle\) Bell state. After each attempted BSM, the center node immediately announces to the end nodes whether the BSM was successful or not, and Alice and Bob only store information about the states of the created qubits that resulted in a BSM. After a sufficiently large number of BSMs, the end nodes move to the standard QKD post-processing phase. Note that our implementation described below does not use perfect single photons, but instead weak coherent laser pulses. To protect against the threat of the photon number splitting attack58, our end nodes also randomly choose between three mean photon numbers for each pulse (referred to as signal, decoy, and vacuum) and employ a three-intensity decoy-state analysis to analyze their data59, which allows secure distribution of key, even without a true single-photon source.

For post-processing, Alice and Bob use an authenticated classical channel to first perform basis reconciliation and discard data about qubit pairs for which they have selected different bases. Of the remaining qubit pairs, they reveal a subset of the bit values so as to estimate for each basis the error rate as well as the probability of a projection onto the \(\left|\psi -\right\rangle\) Bell state per emitted qubit pair (known as the gain). They use the data from the X-basis to bound information an eavesdropper could have learned about the key during photon transmission. Then, to finally distill a secret key from their data, they perform classical error correction on the Z-basis data and privacy amplification to remove the number of bits of information that could have been leaked to an eavesdropper. This results in a secret key rate:



where R is the secure key rate per pair of Z-basis signal intensity qubits sent, \({s}_{11}^{Z}\) is the single-photon gain of the Z-basis, \({e}_{11}^{X}\) is the single-photon error rate in the X-basis, both extracted from the decoy analysis59, \({Q}_{ss}^{Z}\) and \({E}_{ss}^{Z}\) are the gain and qubit error rate (QBER) of the Z-basis signal qubits, H is the binary entropy function, and f is the error correction efficiency (set to 1.12 in this work). Note, however, that in this work we do not run the post-processing algorithms, and thus the presented secret key rates are estimates based on an assumed error correction efficiency.

The MDI-QKD system

A schematic of our end nodes is shown in Fig. 1a, and described in the caption. Our Alice and Bob use 1310 nm wavelength distributed feedback (DFB) lasers to generate the light for the time-bin qubit states. They create the states \(\left|{{{{{\rm{early}}}}}}\right\rangle\), \(\left|{{{{{\rm{late}}}}}}\right\rangle\) (associated with qubit states \(\left|0\right\rangle\), \(\left|1\right\rangle\)) and \(\left|\pm \right\rangle\), as well as various mean photon numbers required in the decoy-state protocol using a series of intensity and phase modulators.

Fig. 1: Schematic drawings of the MDI-QKD system.
figure 1

a Alice and Bob use 1310 nm wavelength distributed feedback (DFB) lasers to generate the light for their time-bin qubit states. After the laser, an isolator (ISO) prevents any light moving back into the laser and a polarizing beam splitter (PBS) ensures the light is well polarized. One of the PBS’ outputs is used to generate the time-bin qubits via a series of intensity and phase modulators. The first intensity modulator (IM1) creates optical pulses with a full width at half maximum (FWHM) of 600 ps, separated by 1.5 ns. A phase modulator (PM) modulates one of the pulses with a π-phase to create the \(\left|-\right\rangle\) state and a second intensity modulator (IM2) creates the different mean photon numbers required for the decoy states. A beam splitter (BS) is used to monitor the qubit channel for calibration purposes. The pulses out of the other arm of the BS then pass a variable optical attenuator (VOA) to attenuate all pulses to the single-photon level. Pulse information for the modulators is generated by a field programmable gate array (FPGA), which drives the pulse generators. b Qubits interfere at the center node on a polarization-maintaining beam splitter (PMBS), each output of which is connected to a superconducting nanowire single-photon detector (SNSPD) for detection. Digitizer boards with 400-ps wide temporal-filtering windows convert the analog response of the SNSPD into digital signals corresponding to single projections onto qubit states \(\left|{{{{{\rm{early}}}}}}\right\rangle\) and \(\left|{{{{{\rm{late}}}}}}\right\rangle\). The center node uses two DFB lasers at 1548 nm wavelength to communicate to Alice and Bob this detection data. c Schematic drawing of the optical routing and wavelength division multiplexing (WDM) scheme used to demonstrate MDI-QKD coexisting with the two conventional Internet Protocol (IP) data channels (high- and low-bandwidth network (HBN/LBN)). The different colored arrows indicate different data channels and their direction, where the type of data in the channel is specified in the boxes with the corresponding colors. The qubits are co-propagating with the optical fields of the IP data channels. Details are described in the main text.

At the center node, incoming qubit pulses interfere on a beam splitter (PMBS) and are detected by single-photon detectors. Successful BSMs are identified by a field programmable gate array (FPGA), which monitors when the two detectors after the PMBS clicked during the same qubit pulse, but with opposite values (i.e., one detector registering \(\left|{{{{{\rm{early}}}}}}\right\rangle\) and the other \(\left|{{{{{\rm{late}}}}}}\right\rangle\)). This corresponds to a projection onto the entangled \(\left|\psi -\right\rangle\) Bell state, which identifies a successful BSM for the MDI-QKD protocol. During QKD operation, the center node uses two DFB lasers at 1548 nm wavelength to immediately inform Alice and Bob of a successful BSM detection. We refer to this communication channel as the control channel. At Alice and Bob, detection data are processed on FPGAs, with data of interest written to disk. The full schematics of the center node’s detection setup are shown in Fig. 1b.

An important requirement for multi-photon interference, such as BSMs, is that input photons must be indistinguishable in all degrees of freedom at the PMBS. Our system accomplishes this through a variety of control and stabilization systems. To synchronize the system between the three locations, a master clock signal of 200 MHz is generated at the center node and optically sent to Alice and Bob via the control channel. Thus, the control channel transmits both the clock signal and detection data described above, which are modulated together into the optical field for communication to the end nodes. Alice and Bob demodulate out the clock signal and distribute it to their FPGAs and pulse generators. Alice’s and Bob’s optical pulses are aligned to the center node’s digitizer windows with a precision of 10 ps.

To ensure Alice’s and Bob’s qubits are indistinguishable in polarization, their qubits pass through polarization beam splitters (PBS) at the center node. Preceding the PBSs are electronic polarization trackers that maximize the transmission through the PBS. To maintain frequency indistinguishability, Alice and Bob use temperature-stabilized DFB lasers. A PBS directly in front of the laser (see Fig. 1) taps a portion of this light, which the end nodes then send to the center node, and at which it interferes on a beam splitter46,48. This light effectively acts as another communication channel, which we refer to as the stabilization channel. Its interference is registered as intensity beating on a photodiode; the frequency of which allows the center node to generate a feedback signal to send to Alice and Bob. Alice and Bob use temperature controllers to minimize their frequency difference to below 25 MHz, which is sufficiently close for two-photon quantum interference60 and a minimal relative phase mismatch between X-basis qubits with our set temporal mode spacing.

To estimate the performance of the system in various scenarios, we characterized the quantum state of the emitted qubits, as well as the center node’s detection system. The qubits are characterized by two parameters (m, ϕ):

$$\left|\psi \right\rangle =\sqrt{m}\left|0\right\rangle +{e}^{i\phi }\sqrt{1-m}\left|1\right\rangle ,$$


with 0 ≤ m ≤ 1. Each qubit state from each end node has distinct parameters, which are listed in Supplementary Table 5. This qubit description is used in a numerical simulation to estimate the performance of the system in various network configurations. The center node’s detection system is characterized by its detection efficiency, dark counts (i.e., noise), and the two-photon quantum interference visibility of the BSM. While the ms, and dark counts were directly measured, the visibility as well as the \(\left|-\right\rangle\) state phases was acquired through fitting measured gains and QBERs.

Coexistence with conventional data channels

To demonstrate the coexistence of MDI-QKD with conventional internet technology, we integrated the MDI-QKD system with a variety of network equipment from Cisco such as the ASR9000 and the NCS5500 routers, along with an optical platform such as the NCS2000. Specifically, all three nodes employed an NCS2006 system with 20-FS-SMR Reconfigurable Optical Add-Drop Multiplexer linecards to multiplex conventional WDM optical traffic. Alice and Bob had an ASR9000 and an NCS5500 aggregation service router, respectively, as well as an additional WSE linecard in their NCS2006 systems.

The Cisco routers were configured to provide two IP networks with 10 Gb/s and 100 Mb/s, respectively, which we refer to as the high-bandwidth network (HBN) and lower-bandwidth network (LBN). In all demonstrations discussed below, the MDI-QKD system nodes used the LBN to communicate with each other, while the HBN was used for other data unrelated to the operation of the quantum systems or the experiments; e.g., other users’ data, video calls, video streaming, etc.

The HBN and LBN optical signals were multiplexed on the same optical fiber as the qubits from the MDI-QKD system, but using different WDM channels. We constructed the following networks: the LBN was generated by the NCS2006 systems and operated at an out-of-band OSC wavelength of 1510 nm. The IP-level HBN 10 Gb/s service was generated by the ASR9000 and NCS5500 and the optical carrier signals were generated by the WSE linecards in the NCS2006s, and operated in the C-band at 1550.12 nm wavelength. At the center node, the HBN was optically amplified and optically routed from one end node to the other, while the LBN was converted to copper ethernet and re-generated. Both HBN and LBN were set to equal launch powers throughout all experiments. The full network optical multiplexing design is shown in Fig. 1c.

We designed the network such that it operated over two fibers between each end node and the center node. These fibers were named fiber 1 and fiber 2 for both end-node-to-center-node links. Fiber 1 was used for Alice’s and Bob’s transmissions (Tx) of the IP networks optical signals and qubits (center node reception, Rx). We chose this co-propagation configuration to minimize scattered light at the single-photon detectors of the center node57. The qubit channel generated by the MDI-QKD system operated at 1310 nm wavelength and multiplexing the qubits with the IP data signals was achieved by a standard WDM multiplexer. The advantage of 1310 nm is multifold. First, it is in the standard telecom O-band and optical components are easy to source. Also, as Raman scattering to longer wavelengths is more predominant than to shorter wavelengths, a quantum channel with a much shorter wavelength than the classical channel limits the effects of Raman scattering61,62. Demultiplexing the qubits at the center node from the 1510 and 1550 nm IP network’s optical signals was challenging. We used a high isolation WDM (>50 dB) to remove as much IP data signal light as possible, after which we used a narrow-band (2 nm) filter with 45 dB isolation on the qubit line to filter out remaining Raman scattered light around the qubit’s wavelength. As will be shown below, these two elements provided sufficient spectral filtering to protect the qubit channel from unwanted noise.

On fiber 2 we set the center node Tx (Alice/Bob Rx), for the LBN, HBN, and MDI control channel (the latter at 1548 nm wavelength). Furthermore, the stabilization channel light at 1310 nm wavelength was placed on fiber 2, due to its spectral indistinguishability with respect to the qubits. These signals were all multiplexed and demultiplexed with standard WDMs, as all of the channels on fiber 2 were comparatively tolerant to noise.

Performance tests

For our first tests of MDI-QKD coexisting with multiple classical IP data channels, we ran the entire system in our laboratory. In the lab, each end node was separated from the center node by 20 km of spooled fiber with an intrinsic loss of 10.5 and 9.0 dB at 1310 nm wavelength, respectively. In these experiments, the launch power of the IP networks was adjusted such that the received power per channel was about 500 nW; close to the minimal required received power at the center node such that both IP networks were running with 100% uptime. The longest period of uninterrupted operation was 61 h.

We first tested the performance of the system for various attenuations in the fiber network by adding fixed attenuators. In general, the performance of decoy-state QKD varies not just with fiber attenuation, but also with the mean photon number of the signal and decoy states. We thus selected, for both end nodes, mean photon numbers that optimized secret key rate at high attenuation and used these values for all lab experiments. For all experiments, we calculated the expected key rate in the asymptotic regime using Eq. (1)59. These results are displayed as the blue points and curve in Fig. 2. The losses and resulting gains, QBERs, and secret key rates can be found in Supplementary Tables 1 and 2. We found that even with the two coexisting data channels, the system performance would be sufficient for QKD key generation over a large parameter regime: up to about 50 dB fiber attenuation, corresponding to about 250 km of spooled fiber.

Fig. 2: Secure key rates versus loss in lab and deployed environments.
figure 2

Secret key rate as a function of the total link loss between end nodes. All data were collected while the high-bandwidth network (HBN: 10 Gb/s) and low-bandwidth network (LBN: 100 Mb/s) Internet Protocol (IP) data channels were present on the same fiber as the qubits. The IP data channels’ received power was kept constant at 500 nW for all measurements. Points are measured data with uncertainty bars representing 1-standard deviation. Dashed lines are simulated results generated from a full characterization of the QKD system.

In our second set of experiments, we sought to explore the number of simultaneous conventional IP data channels that can coexist on the same fiber as the QKD system without causing significant performance degradation. Effectively, we tested the performance of the QKD network for various launch powers of the IP data channels. In general, as shown in Fig. 3a, we found a linear relationship between data launch power and noise on the center node’s single-photon detectors (i.e., clicks in the absence of qubits), indicating that there exists some remaining crosstalk and/or Raman scattering from the data channels into the qubit channels. Thus, adding further data channels should, at some level, degrade the performance of the QKD channel. The asymptotic secret key rate for various launch powers can be seen in the blue points and curve of Fig. 3b. The far-left point (3.5 μW launch power per channel) on the plot is the initial configuration in which the two data channels (HBC and LBC) have the minimally required received power at the center node. The losses and resulting gains, QBERs, and secret key rates can be found in Supplementary Tables 3 and 4. We generally observe that increasing the launch power initially has little effect on the MDI-QKD system performance. In fact, 150 μW launch power (corresponding to 42 WDM channels) had nearly zero impact, and even pushing to 400 μW (corresponding to 114 WDM channels) decreased the secret key rate by only a factor of two. This shows a strong resilience of the QKD system to the coexisting data channels. Furthermore, the WDM and filtering setup used here was specifically optimized for the lowest launch powers, and low (20 dB) loss, of these tests. Thus, better QKD system performance could be expected at higher launch powers by a WDM and filtering designed for those higher powers, e.g., with more isolation. Nevertheless, assuming a metropolitan-distance network with the same loss as the fiber spools (about 20 dB), it shows the possibility of an MDI-QKD system coexisting with potentially a hundred conventional 10 Gb/s data channels.

Fig. 3: Secure key rates versus classical channel launch power and corresponding detector noise counts.
figure 3

a Secret key rates for increasing Internet Protocol (IP) data network launch power (top x-axis) and corresponding noise counts per second on the Bell-state measurement (BSM) detectors (bottom x-axis). The smallest launch powers correspond to the minimally required received power at the center node for the two IP data networks. b shows the background noise counts per second, summed over all detector windows, as a function of IP data networks’ launch power (average launch power from a single end node). Points are measured data with uncertainty bars representing 1-standard deviation.


Finally, we deployed the entire system between three cities in the Netherlands: Alice was situated in Delft (QuTech), Bob was situated in Den Haag (KPN test and release center), and the center node was situated in Rijswijk (KPN telco distribution/exchange building). Dedicated fibers were made available from each location to the center node in Rijswijk with a length of 14.7 and 10.2 km from Delft and Den Haag, respectively (Fig. 4). The fibers’ losses were equalized to 13 dB using variable optical attenuators, totaling 26 dB loss from Alice to Bob. The system was deployed over a 6-week period (including setup, measurements, demonstration events, and tear down), and fully operating for 2 weeks in June 2021. During that time the system ran autonomously, except when the network was changed for new measurements, which was the main limiting factor to the time available for data collection.

Fig. 4: Locations of the deployed MDI-QKD system.
figure 4

Satellite image showing the locations of the deployed MDI-QKD system. Source: Google, Imagery ©2022 TerraMetrics, Map data ©2022.

In the field, we performed the same experiments as during the lab test. The performance of the deployed system for various losses is displayed in Fig. 2 as the green points and curve. Generally, we see that the deployed system performs similarly to the lab system. The main difference from the lab setting was that we used higher and optimized mean photon numbers for the deployed fiber losses, meaning that the deployed system performed slightly better at lower losses than the lab system, and the lab system was optimized to tolerate higher loss. Nevertheless, there is good agreement between both data sets, and with the simulated performance. This demonstrates that coexisting MDI-QKD and conventional IP data networks can function well, in the field, at metropolitan distances.

Lastly, in Fig. 3, we also show the deployed system’s secret key rate as a function of the launch power of the IP data network. While the launch powers of the two IP networks were slightly higher to accommodate for the extra loss, the received power was the same as in the lab. The deployed system has lower secret key rates (4e–8 instead of 2e–7 secret key bits per pulse), only because it operated over more loss (26 dB loss instead of 19.5 dB). We see that the secret key rate of the deployed system decreased by the expected amount. This again demonstrates the resilience of the MDI-QKD system and the center node’s BSM detection unit to coexisting conventional data channels. Moreover, our simulations show that a launch power of 100 μW, corresponding to twenty 10 Gb/s data channels, would only decrease the secret key rate by a factor of 2. Said differently, given sufficient telecom transceivers, it would be possible to achieve MDI-QKD coexisting with 200 Gb/s conventional IP data transmission in our 26-dB-loss deployed fiber network.

Source link