Improved security analysis for quantum communications from space

Charles Lim and Artur Ekert contribute to a mathematical analysis that can certify secure keys from less quantum measurement data
10 March 2021

Illustration of a key against digital space-like background overlaid with random digits To generate quantum keys from satellite communications requires dealing with low data rates. An analysis developed by CQT researchers and their collaborators, published in Physical Review Letters, can help. Credit: jijomathaidesigners/Shutterstock.com


The properties of light particles can create shared quantum keys for secure communication – but ensuring a key’s security takes more than just measuring the photons. In a paper published 9 March in Physical Review Letters, CQT’s Charles Lim and Artur Ekert report with experimentalist colleagues from China a more efficient security proof method for short keys.

The improved analysis could be particularly useful for satellite-based quantum communication systems, which typically operate with slower data rates than their terrestrial counterparts.

When quantum key distribution (QKD) was first proposed as a concept decades ago, its security was explained from physics. The fact that quantum particles can have some probability of being one thing or another when they are measured is exploited to create the 1s and 0s of an encryption key. An eavesdropper reveals themselves by their effect on the probabilities of these outcomes.

Security checks

As the idea has turned into a technology, researchers have scrutinised the security of practical implementations carefully. This has two parts: studying the features of the devices used to make and measure photons and reviewing how the results of the measurements are processed. The latest work falls into the second category.

Generating a quantum-secure key from raw measurement data involves a series of technical calculations. Charles’ group is developing a quantum-safe technology known as measurement-device independent QKD over optical fibre networks. He notes that they aim to generate one megabit of secret key per second in real time, which will require collecting hundreds of millions of measurement points equally fast. Charles’ lab is at the NUS Department of Electrical and Computer Engineering, where he is an Assistant Professor.

However, in the case of satellite-based QKD, data rates are smaller. To consider how to deal with that, Charles and Artur worked with Feihu Xu and Jian-Wei Pan, two members of the team behind China’s Micius quantum satellite, which has sent pairs of entangled photons from space to ground stations more than 1000km apart. They are affiliated with the University of Science and Technology of China in Hefei and in Shanghai.

The satellite, orbiting fast and high above Earth’s surface, has line of sight connections to both ground stations only for short periods of time. It’s also expected that many photons get lost on the way down, especially in cloudy weather. In this scenario, collecting thousands of bits is already a good result. Researchers are exploring the use of satellite QKD systems to safely connect remote terrestrial QKD networks.

Defining security for a finite-length block of data is known as ‘finite-key security analysis’. There are overheads due to finite-size effects. The best analysis methods typically need block lengths of about 10,000 bits to guarantee some amount of secure, final key.

Saving blocks

In the new work, the researchers adjust a step of the analysis known as ‘parameter estimation’, when the two parties trying to establish a shared secret key compare a small portion of the measurement data. This is the stage where they look for the effects of eavesdropping, showing up as differences in the supposed-to-be-identical keys. The paper chooses the bits to compare in a novel way, establishing a new ‘random sampling bound’. It has the effect of reducing the block length required by some 14% to 17%.

Applying the method to Micius, the authors showed the satellite could produce keys with a security parameter 10^-5. This parameter measures the probability that some amount of the key (from none to all) has leaked to a quantum eavesdropper, who is assumed to have unlimited quantum computing power.

The acceptable security level will depend on the user’s requirements. It is something for which standards are not yet set. “How small is small enough? Ultimately, organisations using QKD systems will have to perform a trade-off between efficiency and security and pick the most sensible value based on their network security policies,” says Charles.

At CQT, where Charles is a Principal Investigator, he has discussed the work with colleague Alexander Ling, whose group has a quantum nanosatellite called SpooQy-1 in orbit. Alexander plans to use the methods. He points out that it will also be useful in another model of satellite communication. Instead of the satellite being in contact with two ground stations simultaneously, it can create keys by doing quantum communication with one ground station at a time, then sending some classical signals. This would give a higher block size to start from.