Probabilistic amplitude shaping for continuous-variable quantum key distribution

Security of data and information has become a very important topic nowadays because of its numerous implications for privacy, banking, insurance and military defense; this is why cryptography, now more than ever, is receiving increasing attention. Cryptographic schemes work in conjuction with a key, which must be shared among the proper parties of a communication system in order for them to be able to encrypt and de- crypt each other’s messages. The need to ensure secure key exchange between distant parties (key exchange problem) led to the birth of the quantum key distribution solution. Compared to classical cryptographic techniques, in fact, quantum key distribution protocols guarantee a higher level of security, known as unconditional security; this means that the security of the system does not depend on an adversary’s computing power or on the mathematical theory of complexity, but only on the laws of quantum mechanics. As a consequence, quantum key distribution protocols are enriched with unique features that are missing in the realm of classical cryptography: in this context we find not only the ability to detect the presence of an attacker, but also the ability to know how much knowledge the eavesdropper has ac- quired about the key. Therefore, whenever this interference exceeds a certain threshold the protocol can be aborted, and since only the key is transmitted during the entire process, no information leakage occurs under this circumstance. Among the families of quantum key distribution protocols, the continuous variable ones have recently attracted much interest because they show easy adaptability to current technology and devices employed in classical communications. Here the information on the key is en- coded into the modes of an electromagnetic field and coherent or squeezed states of light are used. However, their disadvantage is their low reconciliation efficiency, which limits the rate and the performance of these kind of protocols. The benchmark for continuous vari- ables quantum key distribution is the GG02 protocol, introduced by Grosshans and Grangier in 2002 and which is based on the exchange of coherent states extracted from a Gaussian distribution. While using Gaussian variable allows for a simple security assessment, on the other hand Gaussian variables are difficult to generate, represent, and manipulate in practical scenarios for several reasons: theoretically, they require infinite resolution of the transmitter- side analog-to-digital converter and the receiver-side digital-to-analog converter, an infinite modulator extinction ratio, and infinite peak laser power. A solution to this problem can be found in the use of discrete modulation formats. Among these, one of the best choices is quadrature amplitude modulation format (QAM), for which several post-processing techniques exist in classical telecommunications that offer higher 16reconciliation efficiency than Gaussian modulation. Another advantage of using quadrature modulation formats is the possibility of combining them with probabilistic amplitude shap- ing (PAS) techniques: in classical systems, in fact, this combination allows for increased communication rate for the same transmitted power. In the following, we will investigate continuous variable quantum key distribution systems based on discrete modulation and compare them with continuous modulation (GG02) for transmission via a fiber optic link; specifically, we will focus on collective attacks, which are the most fearsome ones. We will start by exploring the potential of combining quadrature amplitude modulation and probabilistic amplitude shaping for a pure-loss wiretap channel: this corresponds to the case where an attacker can exploit the losses introduced by the scat- tering of light along the channel due to the presence of imperfections. We will hence analyze, for different cardinalities of the input alphabet, how the secret key rate is affected by losses under the assumption of infinite key size and for different detection schemes, namely homo- dyne and heterodyne. Furthermore, we will extend the homodyne investigation to the case of a thermal-loss quan- tum wiretap channel and to that of a linear quantum channel: these represent more general security scenarios, since in these circumstances the attacker can exploit both losses and noise to gain information about the key. In particular, for the latter we will study the maximum rates, maximum achievable distances, the optimal launch power and the resilience to noise of our protocol for different cardinalities of the input alphabet. Finally, we will compare the performance of our system for the pure-loss wiretap channel and the pure-loss linear quantum channel. We will find that, for all the quantum channel models investigated in this work, PAS significantly improves QAM performance compared to a uniform distribution at any distance, showing, for sufficiently high alphabet cardinality, good adherence with the results provided by the GG02 protocol.