pith. sign in

arxiv: 2606.29943 · v1 · pith:BXWETQY3new · submitted 2026-06-29 · 🪐 quant-ph

Finite-key security analysis of decoy-state QKD with source and detector imperfections

Pith reviewed 2026-06-30 06:36 UTC · model grok-4.3

classification 🪐 quant-ph
keywords quantum key distributiondecoy-state protocolfinite-key analysisdevice imperfectionssecurity proofside-channel leakagedetection efficiency mismatch
0
0 comments X

The pith

A finite-key security proof for decoy-state QKD now incorporates state-preparation flaws, side-channel leakage, intensity fluctuations and detection-efficiency mismatches in one analytical bound.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The work derives an analytical expression for the length of the secure key that can be extracted from a finite number of pulses when the source and detector deviate from ideal behavior in several ways at once. It combines recent proof techniques to remove the common assumption that signals are independent and identically distributed. A reader should care because high-speed QKD systems always exhibit these imperfections, and earlier proofs either ignored them or required experimental conditions that are hard to verify. If the bound holds, one can calculate concrete key rates directly from measured device parameters without additional idealizing assumptions.

Core claim

We obtain a tight finite-key length formula for decoy-state QKD that simultaneously accounts for state-preparation flaws, bit and basis side-channel leakage and correlations, setting-independent intensity fluctuations, and detection-efficiency mismatches.

What carries the argument

The extended finite-key security bound constructed by merging recent advances on imperfect sources and detectors into a single analytical expression.

If this is right

  • Key rates can be evaluated without assuming signals are independent and identically distributed.
  • The same proof framework applies to both transmitter and receiver imperfections at once.
  • Experimenters obtain explicit dependence of the key length on each measured flaw parameter.
  • High-speed implementations can use the bound without additional assumptions that are difficult to justify.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The modular structure of the proof may allow similar combinations for other QKD variants such as measurement-device-independent schemes.
  • One could test the bound by feeding it real calibration data from a deployed QKD link and checking whether the predicted key rate matches observed performance.
  • If additional unmodeled imperfections appear in practice, the current formula would need an extra term rather than a complete rewrite.
  • The approach suggests that future security analyses can be assembled from reusable sub-proofs for individual device flaws.

Load-bearing premise

The listed imperfections are treated as the complete set of relevant deviations from ideal behavior.

What would settle it

An experiment that measures the listed imperfections, computes the bound, and then extracts a longer key than the formula permits would falsify the claim.

Figures

Figures reproduced from arXiv: 2606.29943 by \'Alvaro Navarrete, Guillermo Curr\'as-Lorenzo, Marcos Curty, Margarida Pereira, V\'ictor Zapatero, Xoel Sixto.

Figure 1
Figure 1. Figure 1: Finite secret-key rate of a decoy-state BB84 [PITH_FULL_IMAGE:figures/full_fig_p008_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Numerical simulations of the finite secret-key rate of the [PITH_FULL_IMAGE:figures/full_fig_p029_2.png] view at source ↗
read the original abstract

Decoy-state quantum key distribution (QKD) is the most widely adopted approach for overcoming the limitations of imperfect single-photon sources. However, existing security proofs typically either neglect important device imperfections or rely on assumptions that are difficult to justify in realistic high-speed implementations, such as the independent and identically distributed nature of the emitted signals. In this work, we combine and extend several recent theoretical advances to provide a comprehensive analytical finite-key security proof for decoy-state QKD that simultaneously incorporates multiple practically relevant transmitter and receiver imperfections, including state-preparation flaws, bit and basis side-channel leakage and correlations, setting-independent intensity fluctuations, and detection-efficiency mismatches.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The paper claims to combine and extend recent theoretical advances to deliver an analytical finite-key security proof for decoy-state QKD that simultaneously accounts for state-preparation flaws, bit and basis side-channel leakage and correlations, setting-independent intensity fluctuations, and detection-efficiency mismatches.

Significance. If the derivation is sound and the model is complete, the result would supply a more realistic finite-key bound for practical high-speed QKD systems than proofs that omit these imperfections, directly improving the accuracy of extractable key lengths under realistic device conditions.

major comments (1)
  1. Abstract (and implied model definition): the central claim requires that the enumerated imperfections constitute a closed, sufficient set; no bounding argument or completeness proof is supplied showing why other realistic deviations (e.g., residual phase correlations across pulses or detection timing jitter) are either negligible or absorbed into the listed terms. This assumption is load-bearing for the validity of the extracted key-length formula, exactly as the weakest-assumption note indicates.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful review and the positive assessment of the work's potential significance. We address the single major comment below.

read point-by-point responses
  1. Referee: Abstract (and implied model definition): the central claim requires that the enumerated imperfections constitute a closed, sufficient set; no bounding argument or completeness proof is supplied showing why other realistic deviations (e.g., residual phase correlations across pulses or detection timing jitter) are either negligible or absorbed into the listed terms. This assumption is load-bearing for the validity of the extracted key-length formula, exactly as the weakest-assumption note indicates.

    Authors: We agree that the manuscript does not supply a formal completeness proof or explicit bounding argument establishing that the listed imperfections form a closed set. The analysis extends recent finite-key techniques to simultaneously treat the four classes of imperfections that are most frequently cited as dominant in high-speed implementations. Effects such as residual phase correlations are typically mitigated by hardware stabilization and can be partially absorbed into the side-channel leakage parameters already included; timing jitter is usually small enough to be bounded within the detection-efficiency mismatch model under standard assumptions. Nevertheless, an explicit discussion of scope and limitations would strengthen the presentation. In the revised version we will add a dedicated paragraph (or short subsection) in the model section that states the imperfections under which the key-length formula is derived, notes that additional deviations are assumed either negligible or mitigable by other means, and references the relevant experimental literature. revision: yes

Circularity Check

0 steps flagged

No circularity; derivation claims external advances without self-referential reduction in visible text

full rationale

The provided abstract states that the work 'combine[s] and extend[s] several recent theoretical advances' to produce a finite-key security proof incorporating listed imperfections, but supplies no equations, fitted parameters, or self-citations that would allow any prediction or bound to reduce by construction to its own inputs. No self-definitional steps, fitted-input predictions, load-bearing self-citations, or ansatz smuggling are exhibited. The central claim therefore remains a composite of external results whose independence cannot be contradicted from the given text; this matches the default expectation that most papers are non-circular when no explicit reduction is quotable.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Review based solely on abstract; no explicit free parameters, invented entities, or non-standard axioms are stated in the provided text. Typical QKD domain assumptions (e.g., quantum mechanics, standard probability bounds) are presumed but not enumerated.

pith-pipeline@v0.9.1-grok · 5656 in / 1132 out tokens · 27993 ms · 2026-06-30T06:36:01.443494+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

98 extracted references · 5 canonical work pages · 3 internal anchors

  1. [1]

    Protocol description and security framework We start by reviewing the different steps of the actual protocol a nd its equivalent source-replaced description. For generality, the following description is given for generic prepare-an d-measure protocols rather than for the specific BB84 implementation of the main text, so that the results also apply f or inst...

  2. [2]

    For the BB84 protocol, this state corresponds to Eq

    State preparation: For each round k ∈ { 1,...,N }, Alice randomly selects a certain encoding setting jk with probability pjk and an intensity setting µ k with probability pµ k , and then prepares a quantum state ρµ k,j k|jk− 1 1 . For the BB84 protocol, this state corresponds to Eq. ( 1) in the main text. She sends this state to Bob through the quantum channel

  3. [3]

    Eve’s action: Eve applies an arbitrary quantum operation on all the transmitted s tates and re-sends some output systems BN 1 to Bob, while keeping some ancillary system E

  4. [4]

    Bob records his measurement outcomes

    Bob’s measurements: For each roundk, Bob choosesξk ∈ { key, test} with probabilitypξk and performs the corresponding POVM; ⃗Γ key ifξk = key, or ⃗Γ test ifξk = test. Bob records his measurement outcomes

  5. [5]

    For the detected rounds, Alice announces the intensity se tting µ k

    Sifting: Bob announces which rounds resulted in a detection, along with his ch oice ofξk for each detected round. For the detected rounds, Alice announces the intensity se tting µ k. Also, for the detected rounds with ξk = test, and for the detected rounds with ξk = key and jk /∈ { 0, 1}, Alice announces jk. For the detected rounds with ξk = key and jk ∈ ...

  6. [6]

    They announce which rounds belong to this subset

    Bit-error-rate estimation: Alice and Bob choose a random subset, denoted by Dkey, of the detected rounds in which ˜Bk =ξk = key, which will be used to generate the sifted key [ 72]. They announce which rounds belong to this subset. For the remaining rounds with ˜Bk = ξk = key, Alice and Bob announce their bit values to estimate the bit-error rate

  7. [7]

    Sifted key formation: For each round k ∈ D key , Alice’s sifted key bit is jk and Bob’s sifted key bit is his measurement outcome, which we denote by bk

  8. [8]

    V ariable-length decision: Let ⃗ ndenote all the data announced by Alice and Bob in the previous steps. Using this data, Alice and Bob compute the number of bits λ EC to be revealed for one-way error correction and the length of the final key ℓ, which includes the estimation of all relevant parameters required to determine ℓ. Aborting corresponds to ℓ = 0. 11

  9. [9]

    Error correction and verification: They perform one-way error correction revealing λ EC bits, and verify correctness using a randomly chosen hash function from a t wo-universal family with output length log2(2/ε corr), with one party announcing the hash value for comparison

  10. [10]

    The security of the above protocol is analyzed using the source-r eplacement technique

    Privacy amplification: Given that error verification succeeds, they apply a randomly selec ted two- universal hash function to the sifted key to obtain a final key of len gth ℓ. The security of the above protocol is analyzed using the source-r eplacement technique. In this picture, Alice’s prepare-and-measure procedure is equivalent to one in which she fi rst...

  11. [11]

    ( A1) and sends the photonic systems T N 1 through the quantum channel to Bob, while retaining the registers AN 1 ,I N 1 and M N 1

    State preparation: Alice prepares the global entangled state |Ψ N ⟩AN 1 I N 1 M N 1 T N 1 given by Eq. ( A1) and sends the photonic systems T N 1 through the quantum channel to Bob, while retaining the registers AN 1 ,I N 1 and M N 1

  12. [12]

    Eve’s action: Eve applies an arbitrary quantum operation on all the transmitted s tatesT N 1 , and sends the output systems BN 1 to Bob, possibly retaining an ancillary system E

  13. [13]

    If ξk = key, he applies the filter operation {F, I − F } to determine whether a detection occurs

    Detection and test: For each round, Bob selects ξk ∈ { key, test} with probability pξk . If ξk = key, he applies the filter operation {F, I − F } to determine whether a detection occurs. If ξk = test, he performs the measurement ⃗Γ test (a POVM with an arbitrary number of outcomes prescribed by the actual protocol). Bob announces which rounds result in a d...

  14. [14]

    She measures her sys temIk in the basis |µ k⟩Ik and announces her results

    Key/test determining, setting announcement and photon num ber measurement: For the detected rounds, Alice proceeds as follows. She measures her sys temIk in the basis |µ k⟩Ik and announces her results. Also, if ξk = test, Alice measures her system Ak in the { |jk⟩Ak } jk∈J basis and announces her outcome jk. If ξk = key, she performs a projection onto the...

  15. [15]

    Bit-error-rate estimation: Alice and Bob choose a random subset Dkey from the set of detected rounds in which ˜Bk = ξk = key, which will be used to generate the sifted key, and announce t his information. For the remaining rounds in which ˜Bk =ξk = key, Alice measures Ak in {|0⟩Ak, |1⟩Ak } and Bob measures his filtered system using {G0,G 1}, a two-outcome ...

  16. [16]

    The sifted key is defined by their respective bit outcomes in these rounds

    Sifted-key measurements: For each round k ∈ D key , Alice measures Ak in {|0⟩Ak, |1⟩Ak } and Bob measures his filtered system using {G0,G 1}. The sifted key is defined by their respective bit outcomes in these rounds. 7–9. Same as in the Actual protocol. 12 Finally, before stating the main result, we also define the Phase-err or estimation protocol, which is...

  17. [17]

    We denote the single-photon phase-error rate eph, 1 as the fraction of events in which their outcomes differ among the rounds in which mk = 1

    Single-photon phase-error measurement: For each round k ∈ D key , Alice measures Ak in {|+⟩Ak, |−⟩Ak }, where |±⟩Ak = ( |0⟩Ak ± |1⟩Ak )/ √ 2, and Bob measures his filtered system using {G+,G − }. We denote the single-photon phase-error rate eph, 1 as the fraction of events in which their outcomes differ among the rounds in which mk = 1. With this latter pro...

  18. [18]

    For that, we partition the protocol rounds into ( lc + 1) groups, where rounds within each group are separated by at least lc positions and thus uncorrelated

    Technical results Having established that suitable bounds on the number of single-pho ton key rounds and the single-photon phase- error rate suffice to guarantee security, we now show how to boun d the latter in the presence of bit and basis correlations of range lc. For that, we partition the protocol rounds into ( lc + 1) groups, where rounds within each ...

  19. [19]

    (a) Bit measurements for rounds in P ¯w : For each round k ∈ D key ∩ P ¯w, Alice measures Ak in {|0⟩Ak, |1⟩Ak } and Bob measures his filtered system using {G0,G 1}

    Measurements in sifted-key rounds: Define the set of rounds Pw = {k :k ≡ w (modlc + 1)} and its complementP ¯w = {k :k ̸≡ w (modlc + 1)}. (a) Bit measurements for rounds in P ¯w : For each round k ∈ D key ∩ P ¯w, Alice measures Ak in {|0⟩Ak, |1⟩Ak } and Bob measures his filtered system using {G0,G 1}. (b) Phase-error measurements for rounds in Pw : For each...

  20. [20]

    Then: (a) Phase-error measurements for rounds in Pw : For each round k ∈ D key ∩ Pw, Alice measures Ak 16 in {|+⟩Ak, |−⟩Ak } and Bob measures the filtered system using {G+,G − }

    Measurements in sifted-key rounds: Partition the rounds k ∈ { 1,...,N } into the sets Pw = {k : k ≡ w (modlc + 1)}. Then: (a) Phase-error measurements for rounds in Pw : For each round k ∈ D key ∩ Pw, Alice measures Ak 16 in {|+⟩Ak, |−⟩Ak } and Bob measures the filtered system using {G+,G − }. We denote the single-photon phase-error rate of the w-th partit...

  21. [21]

    (D17) Applying the triangle inequality to Eqs

    guarantees that the actual emitted states with fixed past sett ings are close to the ideal reference state, which in trace distance reads T ( |φ 1 jk ⟩, |ψ 1 ˆjk− 1 k− lc ,j k ⟩ ) ≤ √ ǫside. (D17) Applying the triangle inequality to Eqs. ( D16)–(D17) and converting back to fidelity we obtain ǫideal ≤ ( √ ǫside + lc∑ l=1 √ ǫSP l )2 . (D18) Next, we define the...

  22. [22]

    (D20) The future-pulse subsystem involves lc such steps

    guarantees that, for each pulse separation l we have that, ⏐ ⏐ ⏐⟨Ψ jk− l− 1 k− lc+1,γ,j k k− l+1 |Ψ jk k− lc+1 ⟩ ⏐ ⏐ ⏐ 2 ≥ 1 − ǫWCP l . (D20) The future-pulse subsystem involves lc such steps. Their combined effect satisfies ǫcorrelations ≤ 1 − lc∏ l=1 (1 − ǫWCP l ) ≤ lc∑ l=1 ǫWCP l , (D21) where in the last inequality we have applied the Weierstrass produc...

  23. [23]

    Secure quan- tum key distribution,

    H.-K. Lo, M. Curty, and K. Tamaki, “Secure quan- tum key distribution,” Nature Photonics , vol. 8, no. 8, pp. 595–604, 2014

  24. [24]

    Advances in quan- tum cryptography,

    S. Pirandola, U. L. Andersen, L. Banchi, M. Berta, D. Bunandar, R. Colbeck, D. Englund, T. Gehring, C. Lupo, C. Ottaviani, et al. , “Advances in quan- tum cryptography,” Advances in Optics and Photonics , vol. 12, no. 4, p. 1012, 2020

  25. [25]

    Se- cure quantum key distribution with realistic devices,

    F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, “Se- cure quantum key distribution with realistic devices,” Re- views of Modern Physics , vol. 92, p. 025002, 2020

  26. [26]

    A single quantum cannot be cloned,

    W. K. Wootters and W. H. Zurek, “A single quantum cannot be cloned,” Nature, vol. 299, pp. 802–803, 1982

  27. [27]

    Implemen- tation security in quantum key distribution,

    V. Zapatero, ´A. Navarrete, and M. Curty, “Implemen- tation security in quantum key distribution,” Advanced Quantum Technologies, vol. 7, p. 2300380, 2024

  28. [28]

    A study on implementa- tion attacks against qkd systems

    BSI, “A study on implementa- tion attacks against qkd systems.” https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Studien/QKD-Systems/Implementation_Attacks_QKD_Systems_node.htm Accessed: 2026-05-05

  29. [29]

    Quantum key distribution with correlated sources,

    M. Pereira, G. Kato, A. Mizutani, M. Curty, and K. Tamaki, “Quantum key distribution with correlated sources,” Science Advances, vol. 6, p. eaaz4487, 2020

  30. [30]

    Security framework for quantum key distri- bution with imperfect sources,

    G. Curr´ as-Lorenzo, M. Pereira, G. Kato, M. Curty, and K. Tamaki, “Security framework for quantum key distri- bution with imperfect sources,” Optica Quantum , vol. 3, no. 6, pp. 525–534, 2025

  31. [31]

    Quantum cryptography with coherent states,

    B. Huttner, N. Imoto, N. Gisin, and T. Mor, “Quantum cryptography with coherent states,” Physical Review A , vol. 51, pp. 1863–1869, 1995

  32. [32]

    Limitations on practical quantum cryptography,

    G. Brassard, N. L¨ utkenhaus, T. Mor, and B. C. Sanders, “Limitations on practical quantum cryptography,” Phys- ical Review Letters , vol. 85, pp. 1330–1333, 2000

  33. [33]

    Quantum key distribution with high loss: Toward global secure communication,

    W.-Y. Hwang, “Quantum key distribution with high loss: Toward global secure communication,” Physical Review Letters, vol. 91, p. 057901, 2003

  34. [34]

    Decoy state quan- tum key distribution,

    H.-K. Lo, X. Ma, and K. Chen, “Decoy state quan- tum key distribution,” Physical Review Letters , vol. 94, p. 230504, 2005

  35. [35]

    Beating the photon-number-splitting at- tack in practical quantum cryptography,

    X.-B. Wang, “Beating the photon-number-splitting at- tack in practical quantum cryptography,” Physical Re- view Letters, vol. 94, p. 230503, 2005

  36. [36]

    Concise security bounds for practical decoy- state quantum key distribution,

    C. C. W. Lim, M. Curty, N. Walenta, F. Xu, and H. Zbinden, “Concise security bounds for practical decoy- state quantum key distribution,” Physical Review A , vol. 89, p. 022307, 2014

  37. [37]

    Measurement-device- independent quantum key distribution,

    H.-K. Lo, M. Curty, and B. Qi, “Measurement-device- independent quantum key distribution,” Physical Review Letters, vol. 108, no. 13, p. 130503, 2012

  38. [38]

    Overcoming the rate–distance limit of quan- tum key distribution without quantum repeaters,

    M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Overcoming the rate–distance limit of quan- tum key distribution without quantum repeaters,” Na- ture, vol. 557, no. 7705, pp. 400–403, 2018

  39. [39]

    Ex- perimental quantum key distribution with decoy states,

    Y. Zhao, B. Qi, X. Ma, H.-K. Lo, and L. Qian, “Ex- perimental quantum key distribution with decoy states,” Physical Review Letters , vol. 96, p. 70502, 2006

  40. [40]

    Experimental demon- stration of free-space decoy-state quantum key distri- bution over 144 km,

    T. Schmitt-Manderbach, H. Weier, M. F¨ urst, R. Ursin, F. Tiefenbacher, T. Scheidl, J. Perdigues, Z. Sodnik, C. Kurtsiefer, J. G. Rarity, et al. , “Experimental demon- stration of free-space decoy-state quantum key distri- bution over 144 km,” Physical Review Letters , vol. 98, p. 10504, 2007

  41. [41]

    Long-distance quantum key distri- bution secure against coherent attacks,

    B. Fr¨ ohlich, M. Lucamarini, J. F. Dynes, L. C. Coman- dar, W. W.-S. Tam, A. Plews, A. W. Sharpe, Z. Yuan, and A. J. Shields, “Long-distance quantum key distri- bution secure against coherent attacks,” Optica, vol. 4, pp. 163–167, 2017

  42. [42]

    10-Mb/s quantum key dis- tribution,

    Z. Yuan, A. Murakami, M. Kujiraoka, M. Lucamarini, Y. Tanizawa, H. Sato, A. J. Shields, A. Plews, R. Taka- hashi, K. Doi, et al. , “10-Mb/s quantum key dis- tribution,” Journal of Lightwave Technology , vol. 36, pp. 3427–3433, 2018

  43. [43]

    Secure quantum key distribution over 421 km of optical fiber,

    A. Boaron, G. Boso, D. Rusca, C. Vulliez, C. Autebert, M. Caloz, M. Perrenoud, G. Gras, F. Bussi` eres, M.-J. Li, D. Nolan, A. Martin, and H. Zbinden, “Secure quantum key distribution over 421 km of optical fiber,” Physical Review Letters, vol. 121, p. 190502, 2018

  44. [44]

    Fast single-photon detectors and real-time key distillation enable high secret-key-rate quantum key distribution systems,

    F. Gr¨ unenfelder, A. Boaron, G. V. Resta, M. Perrenoud, D. Rusca, C. Barreiro, R. Houlmann, R. Sax, L. Stasi, S. El-Khoury, E. H¨ anggi, N. Bosshard, F. Bussi` eres, and H. Zbinden, “Fast single-photon detectors and real-time key distillation enable high secret-key-rate quantum key distribution systems,” Nature Photonics , vol. 17, no. 5, p. 422–426, 2023

  45. [45]

    High-rate quantum key distribution exceeding 110 Mb s–1 ,

    W. Li, L. Zhang, H. Tan, Y. Lu, S.-K. Liao, J. Huang, H. Li, Z. Wang, H.-K. Mao, B. Yan, Q. Li, Y. Liu, Q. Zhang, C.-Z. Peng, L. You, F. Xu, and J.-W. Pan, “High-rate quantum key distribution exceeding 110 Mb s–1 ,” Nature Photonics , vol. 17, no. 5, p. 416–421, 2023

  46. [46]

    Satellite- to-ground quantum key distribution,

    S.-K. Liao, W.-Q. Cai, W.-Y. Liu, L. Zhang, Y. Li, J.-G. Ren, J. Yin, Q. Shen, Y. Cao, Z.-P. Li, et al. , “Satellite- to-ground quantum key distribution,” Nature, vol. 549, no. 7670, pp. 43–47, 2017

  47. [47]

    Microsatellite-based real-time quantum key distribution,

    Y. Li, W.-Q. Cai, J.-G. Ren, C.-Z. Wang, M. Yang, L. Zhang, H.-Y. Wu, L. Chang, J.-C. Wu, B. Jin, H.- J. Xue, X.-J. Li, H. Liu, G.-W. Yu, X.-Y. Tao, T. Chen, C.-F. Liu, W.-B. Luo, J. Zhou, H.-L. Yong, Y.-H. Li, F.-Z. Li, C. Jiang, H.-Z. Chen, C. Wu, X.-H. Tong, S.- J. Xie, F. Zhou, W.-Y. Liu, Y. Ismail, F. Petruccione, N.-L. Liu, L. Li, F. Xu, Y. Cao, J. ...

  48. [48]

    Large-scale quantum communication net- works with integrated photonics,

    Y. Zheng, H. Wang, X. Jia, J. Huang, H. Yuan, C. Zhai, J. Dai, J. Shi, L. Zhang, X. Zhang, M. Zhuang, J. Liu, J. Mao, T. Dai, Z. Fu, Y. Jiao, Y. Shi, D. Dai, X. Wang, and J. Wang, “Large-scale quantum communication net- works with integrated photonics,” Nature, vol. 651, no. 8104, pp. 1–8, 2026

  49. [49]

    Toshiba Europe Limited

    “Toshiba Europe Limited.” https://www.global.toshiba/ww/products-solutions/security-ict

  50. [50]

    Thinkquantum S.R.L

    “Thinkquantum S.R.L.” https://www.thinkquantum.com

  51. [51]

    Id quantique SA

    “Id quantique SA.” https://www.idquantique.com/

  52. [52]

    Quantum Telecommunications Italy S.R.L

    “Quantum Telecommunications Italy S.R.L.” https://www.qticompany.com

  53. [53]

    Quantumctek Co., Ltd

    “Quantumctek Co., Ltd.” http://www.quantum-info.com/English/

  54. [54]

    Loss-tolerant quantum cryptography with imperfect sources,

    K. Tamaki, M. Curty, G. Kato, H.-K. Lo, and K. Azuma, “Loss-tolerant quantum cryptography with imperfect sources,” Physical Review A , vol. 90, p. 052314, 2014

  55. [55]

    Finite-key security analysis of quantum key distribution with imperfect light sources,

    A. Mizutani, M. Curty, C. C. W. Lim, N. Imoto, and 31 K. Tamaki, “Finite-key security analysis of quantum key distribution with imperfect light sources,” New Journal of Physics , vol. 17, no. 9, p. 093011, 2015

  56. [56]

    Quantum key dis- tribution with flawed and leaky sources,

    M. Pereira, M. Curty, and K. Tamaki, “Quantum key dis- tribution with flawed and leaky sources,” npj Quantum Information, vol. 5, p. 62, 2019

  57. [57]

    Loss-tolerant quantum key distribution with detection efficiency mismatch,

    A. Marcomini, A. Mizutani, F. Gr¨ unenfelder, M. Curty, and K. Tamaki, “Loss-tolerant quantum key distribution with detection efficiency mismatch,” Quantum Science and Technology, vol. 10, no. 3, p. 035002, 2025

  58. [58]

    Improved finite-key secu- rity analysis of quantum key distribution against Trojan- horse attacks,

    ´A. Navarrete and M. Curty, “Improved finite-key secu- rity analysis of quantum key distribution against Trojan- horse attacks,” Quantum Science and Technology , vol. 7, no. 3, p. 035021, 2022

  59. [59]

    Decoy-state quantum key distribution with a leaky source,

    K. Tamaki, M. Curty, and M. Lucamarini, “Decoy-state quantum key distribution with a leaky source,” New Journal of Physics , vol. 18, no. 6, p. 065008, 2016

  60. [60]

    Practical security bounds against the Trojan-horse attack in quantum key distri- bution,

    M. Lucamarini, I. Choi, M. B. Ward, J. F. Dynes, Z. L. Yuan, and A. J. Shields, “Practical security bounds against the Trojan-horse attack in quantum key distri- bution,” Physical Review X , vol. 5, p. 031030, 2015

  61. [61]

    Versatile security analysis of measurement-device-independent quantum key distribu- tion,

    I. W. Primaatmaja, E. Lavie, K. T. Goh, C. Wang, and C. C. W. Lim, “Versatile security analysis of measurement-device-independent quantum key distribu- tion,” Physical Review A , vol. 99, p. 062332, 2019

  62. [62]

    Quantum key distribution with imperfectly isolated devices,

    X. Sixto, ´A. Navarrete, M. Pereira, G. Curr´ as-Lorenzo, K. Tamaki, and M. Curty, “Quantum key distribution with imperfectly isolated devices,” Quantum Science and Technology, vol. 10, no. 3, p. 035034, 2025

  63. [63]

    Phase error rate estimation in QKD with imperfect de- tectors,

    D. Tupkary, S. Nahar, P. Sinha, and N. L¨ utkenhaus, “Phase error rate estimation in QKD with imperfect de- tectors,” Quantum, vol. 9, p. 1937, 2025

  64. [64]

    Security of quantum key distribution with source and detector imperfections through phase-error estima- tion,

    G. Curr´ as-Lorenzo, M. Pereira, S. Nahar, and D. Tup- kary, “Security of quantum key distribution with source and detector imperfections through phase-error estima- tion,” npj Quantum Information , 2026

  65. [65]

    Performance and security of 5 GHz repeti- tion rate polarization-based quantum key distribution,

    F. Gr¨ unenfelder, A. Boaron, D. Rusca, A. Martin, and H. Zbinden, “Performance and security of 5 GHz repeti- tion rate polarization-based quantum key distribution,” Applied Physics Letters, vol. 117, no. 14, p. 144003, 2020

  66. [66]

    Intensity correlations in decoy-state BB84 quantum key distribution systems,

    D. Trefilov, X. Sixto, V. Zapatero, A. Huang, M. Curty, and V. Makarov, “Intensity correlations in decoy-state BB84 quantum key distribution systems,” Optica Quan- tum, vol. 3, no. 5, pp. 417–431, 2025

  67. [67]

    Characterising higher-order phase correlations in gain-switched laser sources with ap- plication to quantum key distribution,

    A. Marcomini, G. Curr´ as-Lorenzo, D. Rusca, A. Valle, K. Tamaki, and M. Curty, “Characterising higher-order phase correlations in gain-switched laser sources with ap- plication to quantum key distribution,” EPJ Quantum Technology, vol. 12, no. 1, p. 38, 2025

  68. [68]

    Mod- eling and characterization of arbitrary order pulse correlations for quantum key distribution,

    A. Agulleiro, F. Gr¨ unenfelder, M. Pereira, G. Curr´ as- Lorenzo, H. Zbinden, M. Curty, and D. Rusca, “Mod- eling and characterization of arbitrary order pulse correlations for quantum key distribution,” preprint arXiv:2506.18684, 2025

  69. [69]

    Security of quantum key distribution with intensity cor- relations,

    V. Zapatero, ´A. Navarrete, K. Tamaki, and M. Curty, “Security of quantum key distribution with intensity cor- relations,” Quantum, vol. 5, p. 602, 2021

  70. [70]

    Security of decoy-state quantum key distribution with correlated in- tensity fluctuations,

    X. Sixto, V. Zapatero, and M. Curty, “Security of decoy-state quantum key distribution with correlated in- tensity fluctuations,” Physical Review Applied , vol. 18, p. 044069, 2022

  71. [71]

    Security of quantum key distribution with imperfect phase randomisation,

    G. Curr´ as-Lorenzo, S. Nahar, N. L¨ utkenhaus, K. Tamaki, and M. Curty, “Security of quantum key distribution with imperfect phase randomisation,” Quantum Science and Technology, vol. 9, no. 1, p. 015025, 2023

  72. [72]

    Rigorous phase-error-estimation security framework for QKD with correlated sources,

    G. Curr´ as-Lorenzo, M. Pereira, K. Tamaki, and M. Curty, “Rigorous phase-error-estimation security framework for QKD with correlated sources,” preprint arXiv:2601.08417, 2026

  73. [73]

    Quantum key distribution with unbounded pulse correlations,

    M. Pereira, G. Curr´ as-Lorenzo, A. Mizutani, D. Rusca, M. Curty, and K. Tamaki, “Quantum key distribution with unbounded pulse correlations,” Quantum Science and Technology, vol. 10, no. 1, p. 015001, 2024

  74. [74]

    Uncertainty relation for smooth entropies,

    M. Tomamichel and R. Renner, “Uncertainty relation for smooth entropies,” Physical Review Letters , vol. 106, p. 110506, 2011

  75. [75]

    Tight finite-key analysis for quantum cryptogra- phy,

    M. Tomamichel, C. C. W. Lim, N. Gisin, and R. Ren- ner, “Tight finite-key analysis for quantum cryptogra- phy,” Nature Communications, vol. 3, no. 1, p. 634, 2012

  76. [76]

    A largely self- contained and complete security proof for quantum key distribution,

    M. Tomamichel and A. Leverrier, “A largely self- contained and complete security proof for quantum key distribution,” Quantum, vol. 1, p. 14, 2017

  77. [77]

    Leftover hashing from quantum error correction: Unifying the two approaches to the security proof of quantum key distribution,

    T. Tsurumaru, “Leftover hashing from quantum error correction: Unifying the two approaches to the security proof of quantum key distribution,” IEEE Transactions on Information Theory , vol. 66, no. 6, pp. 3465–3484, 2020

  78. [78]

    From now on, lower scripts in number of counts like in N det,Z Z, 1 denote Alice selection and the super script denotes Bob’s selection, while underlines represent lower bounds and overlines denote upper bounds

  79. [79]

    Finite-key feasibility of geostationary quantum key distribution

    V. Mannalath, V. Zapatero, and M. Curty, “Finite-key feasibility of geostationary quantum key distribution,” preprint arXiv:2605.29706 , 2026

  80. [80]

    Op- timizing the decoy-state BB84 QKD protocol parame- ters,

    T. Attema, J. W. Bosman, and N. M. P. Neumann, “Op- timizing the decoy-state BB84 QKD protocol parame- ters,” Quantum Information Processing , vol. 20, no. 4, p. 154, 2021

Showing first 80 references.