Practical Security of the Continuous-Variable Quantum Key Distribution with Locally-Generated Local Oscillators

Continuous-variable quantum key distribution (CVQKD) with the local local oscillator (LLO) is confronted with new security problems due to the reference pulses transmitted together with quantum signals over the insecure quantum channel. In this paper, we propose a method of phase attack on reference pulses of the LLO-CVQKD with time-multiplexing. Under this phase attack, the phase drifts of reference pulses are manipulated by eavesdroppers, and then the phase compensation error is increased. Consequently, the secret key rate is reduced due to the imperfect phase compensation for quantum signals. Based on the noise model of imperfect phase compensation, the practical security of LLO-CVQKD under phase attack is analyzed. The simulation results show that the practical security is reduced due to the phase attack, yet it is still tight when system parameters are estimated by training signals. under phase attack is analyzed based on the noise model of imperfect phase compensation. The simulation results show that the practical security is reduced due to Eve’s phase attack, yet it is still tight when system parameters are estimated by training signals.

Journal of Applied Mathematics and Physics the most favorable one due to its optimal transmission rate under the Gaussian noise channel and its excellent compatibility with the standard optical equipments [2]. So far, the GMCS scheme has been theoretically proven to be unconditionally secure against collective attacks and coherent attacks [3] [4]. Meanwhile, some experiments have demonstrated its availability over long distance [5] [6].
In the traditional GMCS-CVQKD experiments, the local oscillator (LO) needs to be transmitted from the sender Alice to the receiver Bob over the insecure quantum channel for the homodyne detection at Bob's side. However, the LO transmission brings secure issues quickly. The LO transmitted in the insecure quantum channel is most likely to be controlled and manipulated by eavesdroppers who may cause practical attacks on GMCS-CVQKD system, such as the LO fluctuation attack [7], the wavelength attack [8] and the saturation attack [9]. Although some solutions have been proposed to enhance the security of practical systems [10] [11] [12] [13], it is difficult to protect practical systems against all the potential loopholes caused by the LO transmission have been discovered.
Recently, in order to completely solve those loopholes caused by the LO transmission, several researchers adopt the local LO (LLO) scheme that the LO is generated locally at Bob's side, while the reference pulses are transmitted instead of the LO pulses to ensure the reliability of coherent detection [14] [15] [16]. The local LO is absolutely controlled by Bob so that the shot-noise-limited coherent detection becomes secure and the high-speed homodyne detection can be achieved. Moreover, the reference pulses provide phase information for Bob's coherent detection, so that the phase drift between Alice and Bob can be compensated exactly in real time. Besides, the reference pulses can be transmitted with quantum signals over the same quantum channel by time-multiplexing and polarization-multiplexing [17] [18], so that it is easy for practical systems to separate them.
However, while the issues caused by the LO transmission are eliminated in the LLO-CVQKD system, the reference pulses may open new loopholes at the same time. The role of reference pulses is to provide reliable phase information for phase compensation at Bob's side, but reference pulses are also confronted with the potential threats in the insecure quantum channel. If these reference pulses are manipulated by eavesdroppers, the phase information carried by them will become unreliable, and the phase compensation during Bob's coherent detection will become imperfect. As a result, the security of the practical LLO-CVQKD system will be reduced due to the imperfect phase compensation [19] [20].
In this paper, we present a type of phase attack on reference pulses in the LLO-CVQKD system with time-multiplexing. Under this phase attack, the phase noise of reference pulses can be easily manipulated by eavesdroppers, and then the phase compensation error is increased. The practical security of the LLO-CVQKD scheme under the phase attack is analyzed based on the noise model of imperfect phase compensation. The simulation results show that the practical security is reduced but it is still tight when the phase attack is present.

System Description
The practical LLO-CVQKD system using time-multiplexing is depicted in Figure 1. The sender Alice uses a commercial laser to generate a set of optical pulses, which are split by a beam splitter (BS) into the signal path and the reference path. In the signal path, the optical pulses are modulated by an amplitude modulator (AM) and a phase modulator (PM), and then the quantum signal pulses of Gaussian-modulated coherent states are generated, in which the quadratures A X and A P are two independent random variables with Gaussian At Bob's side, the received pulses are split into reference path and signal path by time-demultiplexing. In the reference path, the phase values of the reference pulses are measured by a heterodyne detector and they are used to modify the phase of LO generated locally at Bob's side. In the signal path, the quantum signals are detected by a homodyne detector with the local LO, where the phase drift is compensated, so that the quadrature X or quadrature P of a coherent state can be measured exactly according to Bob's random selection of measurement basis. For a practical homodyne detector of detection efficiency η and electronic noise variance el v , the detection noise referred to Bob's input is expressed in shot noise units as

Phase Attack
In the LLO-CVQKD system with time-multiplexing, the reference pulses are located uniformly among signal pulses, where the reference pulses and signal pulses are transmitted alternately one by one. This simple multiplexing pattern enables Bob to demultiplex the signal pulses and reference pulses precisely.
While this multiplexing pattern is employed by Alice and Bob, it is reasonable to assume that the eavesdropper Eve also knows this pattern.
For the signal pulses and reference pulses transmitted into quantum channel, Eve can easily split these pluses into signal path and reference path according to the multiplexing pattern (see Figure 1). In the signal path, the signal pulses are stored by quantum memories for being resent later. In the reference path, the reference phase of Alice's reference pulse is measured by a phase detector, and then a forged reference pulse is produced where an additional phase noise is in-

Security Analysis
The security analyses of the traditional GMCS-CVQKD scheme with the imperfect phase compensation have been analyzed in the existing researches [19] [20].
Here, we utilize the noise model of imperfect phase compensation for GMCS-CVQKD to analyze the practical security of LLO-CVQKD scheme.
For the LLO-CVQKD scheme with imperfect phase compensation, the Gaus- ( 1) where 2 Ι is a second-order identity matrix, diag(1, 1) The parameter T κ denotes the actual transmittance, and the parameter tot κ χ denotes the actual total noise referred to the channel input. On the one hand, due to the imperfect phase compensation, the actual transmittance can be expressed as where κ denotes the phase compensation accuracy which will be introduced in detail later. On the other hand, the actual total noise can be given by where [ ] E x denotes the expectation of a random variable x. When the phase compensation error δθ is smaller than 5 degrees, the Taylor approximation can be achieved, so that the phase compensation accuracy can be approximated as where [ ] D δθ is the deviation of phase compensation error that has been introduced in Equation (2).
In the case of reverse reconciliation, the secret key rate of the CVQKD system under collective attack is calculated asymptotically as where β is the reconciliation efficiency, AB I is the Shannon mutual information between Alice and Bob, and BE χ is the Holevo bound that defines the maximum information available to Eve on Bob's secret information. For the homodyne detection employed by Bob, the Shannon mutual information is given by The Holevo bound can be derived from the covariance matrix AB γ shown in Equation (5) and then it is calculated as ( 1, 2,...,5) i i λ = are given by with symbols defined as

Parameters Estimation
For the practical LLO-CVQKD system, the actual transmittance T κ and the actual excess noise c κ ε should be estimated by training signals which are randomly selected from the received quantum signals at Bob's side. It is supposed that Bob randomly selects M quantum signals for training, and then the quadrature measurements of them are denoted as

Simulation and Discussion
The secret key rates for the LLO-CVQKD under phase attack are shown in  , all of which are determined by the practical CVQKD experiment [19]. Besides, it is assumed that the phase noise caused by Eve's phase attack is normally distributed from −Φ to Φ degree, where Φ is given by 0, 3 and 5 degrees respectively, so that the corresponding noise variance E V is 0.0000, 0.0009 and 0.0025 (rad 2 ), and then the phase compensation accuracy κ is evaluated as 1.0000, 0.9991 and 0.9975 respectively. With the noise model of imperfect phase compensation, the theoretical secret key rates of the LLO-CVQKD system under phase attack can be evaluated.
In order to confirm the validity of our security analysis, 2000 Gaussian-modulated coherent states are generated for training, all of which are added with a uniformly-distributed phase noise, and then the actual transmittance T κ and the actual excess noise ˆc κ ε are estimated by them. The practical secret key rates based on the estimated parameters are depicted by the circles, squares and triangles in Figure 2. By the comparison of the theoretical secret key rates and the practical ones, the security analysis of the LLO-CVQKD under phase attack is confirmed to be correct.

Conclusion
In this paper, we propose a method of phase attack on reference pulses of the LLO-CVQKD with time-multiplexing. The phases of reference pulses can be manipulated by eavesdroppers, and then the secret key rate is reduced because of the increased phase compensation error. The practical security of LLO-CVQKD under phase attack is analyzed based on the noise model of imperfect phase compensation. The simulation results show that the practical security is reduced due to Eve's phase attack, yet it is still tight when system parameters are estimated by training signals.