One of the most pressing issues in quantum key distribution (QKD) is the problem of detector side-channel attacks. To overcome this problem, researchers proposed an elegant “time-reversal” QKD protocol called measurement-device-independent QKD (MDI-QKD), which is based on time-reversed entanglement swapping. However, MDI-QKD is more challenging to implement than standard point-to-point QKD. Recently, an intermediary QKD protocol called detector-device-independent QKD (DDI-QKD) has been proposed to overcome the drawbacks of MDI-QKD, with the hope that it would eventually lead to a more efficient detector side-channel-free QKD system. Here, we analyze the security of DDI-QKD and elucidate its security assumptions. We find that DDI-QKD is not equivalent to MDI-QKD, but its security can be demonstrated with reasonable assumptions. On the more practical side, we consider the feasibility of DDI-QKD and present a fast experimental demonstration (clocked at 625 MHz), capable of secret key exchange up to more than 90 km.

## I. INTRODUCTION

Secure communication is a cornerstone of our society and finding a way to protect our personal data while making it globally accessible is a profound challenge. Quantum key distribution (QKD) enables the secure establishment of cryptographic keys between two remote users, Alice and Bob.^{1} Importantly, the security of QKD depends only on the principles of quantum physics and can be proven to be secure against quantum eavesdroppers under certain assumptions about the involved devices.^{2–4} However, in practice, actual devices may deviate from their ideal specifications and lead to security loopholes.^{5}

In the last decade, much attention has been devoted to understanding the impact on QKD security due to the behaviour of single-photon detectors and how one can break the security of QKD by exploiting the physics of their operation. It turns out that there are several ways to exploit the imperfections of the detectors.^{6–8} These findings exemplify the fact that, like all crypto-systems, QKD is only as strong as its weakest link, despite the fact that QKD is in principle secure against general attacks. To overcome this security loophole, researchers proposed an elegant “time-reversal” protocol called measurement-device-independent QKD (MDI-QKD), which is based on the principle of entanglement swapping.^{9–15} More specifically, the central idea is to perform a Bell state measurement (BSM) between two qubit states, which are randomly prepared by Alice and Bob, as in the standard Bennett-Brassard 1984 (BB84) QKD protocol.^{1} In this case, the measurement unit is seen as part of the *untrusted* quantum channel and security is automatically guaranteed against all detector side-channel attacks.

MDI-QKD is however more challenging to implement than standard point-to-point (PtP) QKD. First, it requires the interference of two independent and indistinguishable photons over long distances. This could be challenging because the photons have to simultaneously arrive at the BSM while maintaining their indistinguishability in all degrees-of-freedom (DoFs). Second, the secret key rate (SKR) is limited by the achievable coincidence rate at the BSM, which is at most 50% of the photon detection rate assuming linear optics. Third, the finite-key analysis of MDI-QKD is less efficient than standard PtP QKD in that it requires a much larger post-processing block size^{16} than its PtP counterpart.^{17} Nevertheless, we note that an exchange of around 5 kbps over 100 km has been recently demonstrated (neglecting the finite-key effects).^{13}

Recently, a family of QKD protocols was proposed to simplify MDI-QKD, which we collectively refer to as detector-device-independent QKD (DDI-QKD).^{18–20} These QKD protocols use the fact that one can encode multiple qubits (using different DoFs) onto a single photon and that these qubits can be manipulated independently. In this way, one can imagine MDI-QKD being carried out using only one photon as a carrier for Alice and Bob's qubits: Alice first encodes her qubit into the photon and then sends it to Bob, who encodes his qubit onto another DoF. The resulting two-qubit photon is then sent to a BSM apparatus. Therefore, only a single photon detection is required (like in PtP QKD). Since the guiding principles of DDI-QKD are similar to those of MDI-QKD, it is conjectured that the security level of DDI-QKD is comparable to MDI-QKD. Here, we present a thorough security analysis of DDI-QKD together with a new experimental implementation of a complete crypto-system.

## II. PRINCIPLES OF DDI-QKD

The conceptual setup is presented in Fig. 1(a). Alice encodes a qubit $|\psi A\u27e9=\alpha A|H\u0303\u27e9+\beta A|V\u0303\u27e9$ in the polarization DoF of a single-photon and sends it to Bob. At the input of Bob, a polarizing beam splitter (PBS) converts the polarization modes into spatial modes such that the qubit of Alice is converted to a state of the form $|\psi A\u27e9=\alpha A|r\u27e9+\beta A|t\u27e9$, where *r* and *t* represent the transmitted and reflected path of the PBS, respectively. Then, Bob encodes a qubit $|\psi B\u27e9=\alpha B|H\u27e9+\beta B|V\u27e9$ in the polarization DoF of the photon. The same polarization state needs to be encoded in the two paths. The state of the photon is then $|\psi A\u27e9\u2297|\psi B\u27e9$.

A BSM is performed by recombining the two spatial modes via a PBS and applying a projection in the basis ${ |+\u27e9;|\u2212\u27e9}$ on both output arms using two additional PBSs. $|+\u27e9$ and $|\u2212\u27e9$ correspond to $(|H\u27e9+|V\u27e9)/2$ and $(|H\u27e9\u2212|V\u27e9)/2$, respectively. A click in one of the four outputs corresponds to a projection into one of the following Bell states:

In order to exchange secret keys, the protocol is the following: Alice and Bob independently encode states randomly chosen out of the four following BB84 states $(|H\u27e9;|V\u27e9;|+\u27e9;|\u2212\u27e9)$. The probabilities for each Bell state are given in Table I. After sifting, one cannot determine the bit sent by Alice only from the knowledge of which detector has clicked. Both the result of the BSM and the state encoded by Bob are necessary to retrieve the bit chosen by Alice, using Table II. Before describing the practical implementation, we will take a closer look at the security.

a) | $|\Phi +\u27e9$ | b) | $|\Phi \u2212\u27e9$ | ||||||

H | V | + | − | H | V | + | − | ||

H | 0.50 | 0.00 | 0.25 | 0.25 | H | 0.50 | 0.00 | 0.25 | 0.25 |

V | 0.00 | 0.50 | 0.25 | 0.25 | V | 0.00 | 0.50 | 0.25 | 0.25 |

+ | 0.25 | 0.25 | 0.50 | 0.00 | + | 0.25 | 0.25 | 0.00 | 0.50 |

− | 0.25 | 0.25 | 0.00 | 0.50 | − | 0.25 | 0.25 | 0.50 | 0.00 |

c) | $|\Psi +\u27e9$ | d) | $|\Psi \u2212\u27e9$ | ||||||

H | V | + | − | H | V | + | − | ||

H | 0.00 | 0.50 | 0.25 | 0.25 | H | 0.00 | 0.50 | 0.25 | 0.25 |

V | 0.50 | 0.00 | 0.25 | 0.25 | V | 0.50 | 0.00 | 0.25 | 0.25 |

+ | 0.25 | 0.25 | 0.50 | 0.00 | + | 0.25 | 0.25 | 0.00 | 0.50 |

− | 0.25 | 0.25 | 0.00 | 0.50 | − | 0.25 | 0.25 | 0.50 | 0.00 |

a) | $|\Phi +\u27e9$ | b) | $|\Phi \u2212\u27e9$ | ||||||

H | V | + | − | H | V | + | − | ||

H | 0.50 | 0.00 | 0.25 | 0.25 | H | 0.50 | 0.00 | 0.25 | 0.25 |

V | 0.00 | 0.50 | 0.25 | 0.25 | V | 0.00 | 0.50 | 0.25 | 0.25 |

+ | 0.25 | 0.25 | 0.50 | 0.00 | + | 0.25 | 0.25 | 0.00 | 0.50 |

− | 0.25 | 0.25 | 0.00 | 0.50 | − | 0.25 | 0.25 | 0.50 | 0.00 |

c) | $|\Psi +\u27e9$ | d) | $|\Psi \u2212\u27e9$ | ||||||

H | V | + | − | H | V | + | − | ||

H | 0.00 | 0.50 | 0.25 | 0.25 | H | 0.00 | 0.50 | 0.25 | 0.25 |

V | 0.50 | 0.00 | 0.25 | 0.25 | V | 0.50 | 0.00 | 0.25 | 0.25 |

+ | 0.25 | 0.25 | 0.50 | 0.00 | + | 0.25 | 0.25 | 0.00 | 0.50 |

− | 0.25 | 0.25 | 0.00 | 0.50 | − | 0.25 | 0.25 | 0.50 | 0.00 |

## III. SECURITY OF DDI-QKD

The security of DDI-QKD is based on the following assumptions: (i) Alice and Bob's random number generators as well as the classical post-processing are trusted. This basic assumption is necessary for all QKD schemes, including device-independent (DI-QKD) protocols. (ii) Alice and Bob's linear optical circuits are fully characterized and cannot be influenced by any eavesdropper, commonly denoted as Eve. (iii) Eve may exploit imperfect detectors via the optical fiber, but she has no physical access to the detectors, in particular, she has no access to the outputs of the interferometer. (iv) The detectors may have some defects, but are not from a malicious provider. This means they are independent of Eve.

In the case of single-qubit quantum channels (i.e., Eve is restricted to sending pulses of light to Bob, which are on the single photon level), the first two assumptions are sufficient in order to prove formally the security of DDI-QKD. This has been shown in Refs. 18 and 19 and is detailed in Appendix A. This also means that for this scenario DDI-QKD and MDI-QKD are equivalent.

The situation is more complicated if we consider attacks based on multi-photon states. With strong pulses, Eve could easily make a Trojan horse attack and measure Bob's settings if she had access to the output of Bob's interferometer. But this is in contradiction with assumption (iii). Eve could also try a more subtle Trojan horse attack as proposed in Ref. 21, where the detectors have shared randomness with Eve, which is in contradiction with assumption (iv). Another attack could be the siphoning attack presented in Appendix B, which works even if the quantum channel is restricted to a single spatial-temporal mode. However, this attack is not compatible with assumptions (iii) and (iv). Finally, it is important to note that Trojan horse attacks based on back reflection, which can affect both Alice and Bob, have to be avoided by using a set of isolators and frequency filters as is the case for MDI-QKD as well.

Let us now consider the class of attacks based on detector blinding.^{7} To perform such attacks, the eavesdropper shines strong classical light onto the detectors, such that they all cease to work in the Geiger mode and instead begin to operate in the linear regime. In this regime, if any of the detectors receive a light pulse which exceeds a certain threshold, a detection signal can be generated. From the perspective of Bob, this signal is indistinguishable from that generated by a single-photon detection in the Geiger mode. Let us denote by *μ _{i}* the threshold of the detector

*D*. If only one detector (one Bell state) was used, the system is equivalent to a normal BB84 protocol and is potentially vulnerable as shown in Ref. 7. However, if we consider the DDI-QKD setup with a complete BSM, such an attack will be detected by looking at the detection statistics. In the case where the thresholds of the four detectors are identical, the blinding attack will generate double detections. When this happens, Bob assigns a detection to a random detector, which affects directly the quantum bit error rate (QBER). In the case where the thresholds are different for every detector, for example, if $\mu 1<\mu 2$, then it is indeed possible to generate a detection in

_{i}*D*

_{1}while

*D*

_{2}does not click. However, Eve will not be able to make

*D*

_{2}click independently. More generally, with such an attack, she will not be able to reproduce the expected detection probabilities for all detectors and all settings of Alice and Bob, as detailed in Table I. Note that, active randomization of the detection statistics has been proposed as a countermeasure against blinding attacks.

^{22,23}

In short, despite their conceptual similarities, DDI-QKD is not equivalent to MDI-QKD and the additional, arguably very reasonable, assumptions (iii) and (iv) have to be made in order to guarantee its security.

## IV. EXPERIMENTAL SETUP

In our previous proof-of-principle experiment,^{18} Alice and Bob used the polarization and spatial DoFs, respectively, to encode their qubits. It is challenging to achieve high encoding rates with such an implementation, because Bob's phase modulator has to be polarization insensitive, something that is not possible with high-speed electro-optic modulators. To overcome this, we use the polarization DoF at Bob and simplify the experimental setup by substituting the Mach-Zehnder configuration (Fig. 1(a)) with a Sagnac interferometer (Fig. 1(b)). In this way, no active phase stabilization is needed to preserve the state encoded by Alice. Moreover, only one polarization modulator, supplemented with a Faraday rotator and a half-wave plate (HWP), is necessary to encode the same state of polarization in both directions, i.e., clockwise and counter-clockwise.

Our practical implementation is depicted in Fig. 2. Alice's source starts with a gain-switched DFB laser at 1554.94 nm (ITU channel C28) triggered at 625 MHz, which generates light pulses with a duration of 80 ps. The qubit states are encoded via a set of fiber polarization controllers (PCs) and a birefringent lithium-niobate (LiNbO_{3}) phase modulator (PM) driven by a 3-level pulse generator. Photons enter the PM in the state $(|H\u27e9+|V\u27e9)/2$, and the effect of the PM is to transform the state into $(|H\u27e9+ei\varphi |V\u27e9)/2$, where $\varphi $ is the encoded phase. To compensate the temporal walk-off (around 10 ps) introduced by the birefringence of the modulator, 8 m of polarization-maintaining fiber (PMF) (high-birefringence fiber) is added. The temperature of the birefringent elements (PM and PMF) is actively stabilized to avoid polarization drifts. An additional unitary transformation is performed via a PC placed at the output of the PMF to generate the qubits in the Z or X basis.

On Bob's side, the polarization qubits of Alice are converted into spatial qubits by a free-space four-port PBS with a polarization rejection superior than 1/1000 for the four arms. As represented in Fig. 2, at the outputs of the PBS, a Sagnac loop consists of a Faraday rotator, a PM, and a PMF, identical to those of Alice. These elements transform both components of Alice's qubit—those that rotate clockwise and counter-clockwise in the Sagnac loop—such that they pass through the PM with the same state of polarization and at the same time. Alice's encoding in polarization has therefore been completely transformed into a spatial encoding, whilst Bob's qubit is encoded by the PM in the same way that Alice had encoded her own.

To perform the BSM, a PC and a PBS are placed in each output port of the loop. The outputs of the BSM corresponding to $|\Psi +\u27e9$ and $|\Psi \u2212\u27e9$ are delayed by 800 ps and combined with $|\Phi +\u27e9$ and $|\Phi \u2212\u27e9$, respectively, by means of PBSs. This allows the use of just two detectors for all four Bell states. Bob's setup has 7.1 dB of attenuation mainly due to the PM ($\u2248$4 dB). The photons are detected by two InGaAs/InP negative feedback avalanche diodes operating in the free-running mode and cooled with a free-piston Stirling cooler.^{24} The laser, the PMs and the detectors are connected to two field-programmable gate arrays (FPGAs) placed on Alice and Bob's side. A service channel operating on a separate optical fiber is used to synchronize the two parties and to exchange data during the key sifting phase.^{25,26}

For the key exchange protocol, we use the $Z$ basis to generate the data and the $X$ basis to estimate the phase error rate. To maximize the key rate, the probability of choosing the $Z$ basis is 87.5%, both on Alice and Bob's side. To simplify the experimental implementation, Alice uses only three states $(|H\u27e9;|V\u27e9;|+\u27e9)$,^{27,28} while Bob uses four states as usual. For a standard BB84 protocol with four states, the QBER in the $X$ basis is approximated by

with $Na,b$ being the number of detections where Alice prepares the state *a* and Bob's measurement outcome is *b*. For a three state protocol, the phase error rate can be formulated in terms of matched and mismatched bases statistics. In particular, we have

The SKR is calculated from the error rates in the $Z$ and $X$ bases for different transmissions as a function of *μ*, the mean number of photons per pulse sent by Alice. We make no assumption about the detection efficiency of the detectors as well as the transmission of Bob's setup. The upper bound on the extractable secret key length is given by

where $sZ,1lb$ is the lower bound on the number of single-photon detections in the $Z$ basis, $\delta Z,phub$ is the upper bound on the phase error rate, $leakEC$ is the number of bits revealed during the error correction step, and $\epsilon \u2009sec\u2009$ and $\epsilon cor$ are the secrecy and correctness parameters, respectively. We fixed the security parameter to $\epsilon qkd=\epsilon cor+\epsilon \u2009sec\u2009=4\xd710\u22129$, which is similar to those typically used in PtP QKD systems.^{26} Please refer to Appendix A for more details about Equations (3) and (4) as well as their derivation.

## V. KEY DISTILLATION

We performed an exchange of secret keys with complete distillation—i.e., including finite key analysis and privacy amplification—at three different distances simulated with a variable attenuator. For every result depicted in Table III, we optimized the following parameters in order to maximize the SKR: *μ*, the number of photons per pulse sent by Alice; the dead time of the detectors and the temperature of the detectors. The error correction was carried out using an optimized Cascade algorithm, implemented in C++, which achieved an efficiency of reconciliation of 1.04 for a QBER of 3%.^{29} The efficiency of reconciliation *f _{EC}* is defined as $fEC=m/(nH(A|B))$, with

*m*being the number of bits disclosed during the error correction,

*n*being the length of the key before error correction, and $H(A|B)$ being the conditional entropy between the keys of Alice and Bob before the error correction. In order to reduce the effect of finite-key statistics, the privacy amplification was carried out on a block size of 10

^{7}bits. We obtained a SKR of 1.8 kbps for an attenuation of 6.8 dB corresponding to a distance of 34 km considering 0.2 dB/km loss.

Attenuation (dB) . | SKR (kbps) . |
---|---|

0.28 | 9.7 |

2.8 | 5.3 |

6.8 | 1.8 |

Attenuation (dB) . | SKR (kbps) . |
---|---|

0.28 | 9.7 |

2.8 | 5.3 |

6.8 | 1.8 |

We also performed exchange of secret keys for additional distances without taking into account the finite key analysis. The corresponding SKRs as a function of the attenuation (converted into fiber distance considering loss of 0.2 dB/km) between Alice and Bob are plotted in Fig. 3(a). We obtained an SKR of 8.2 bps at 91 km. Let us emphasize that these data are obtained from the statistics of actual raw keys. Moreover, the corresponding error rates in the $Z$ and $X$ bases are given in Fig. 3(b). The difference between *e _{x}* and

*e*is mainly due to the polarization depend loss of the Sagnac loop elements which introduces a small bias between H and V.

_{z}In comparison to a standard BB84 implementation, our system is affected by the significant loss in Bob's device. It could be possible to reduce this loss by at least 2 dB by changing the PM. Nevertheless, we achieved key exchange over distances up to 91 km without decoy states,^{30–32} which would not be possible for MDI-QKD. The maximal distance could be significantly improved by adding decoy-state preparation at Alice in order to optimize the bound on the single photon detections. In this configuration, we expect to exchange a secret key at a rate of 2 bps over 250 km of standard single mode fiber. This prediction is based on a simulation which takes into account loss in the apparatus and error rates as measured in our experiment, as well as finite key analysis with a block size of 10^{6} bits.

## VI. CONCLUSION

We discussed the security of DDI-QKD, which is not equivalent to MDI-QKD in the most general scenario. Nevertheless, we have shown that under very reasonable assumptions, its security can be guaranteed. Although the title “detector-device-independent” could be debatable, DDI-QKD offers improved security compared to normal PtP protocols while being easier to implement than MDI-QKD. In particular, DDI-QKD requires only single-photon interference, the BSM is 100% efficient and the performance in the finite-key scenario is similar to PtP QKD.

We implemented a complete high-speed version of the DDI-QKD protocol clocked at 625 MHz, based on polarization encoded qubits. We distilled secret keys, whilst accounting for finite-key effects, at a rate of 1.8 kbps for a distance of 34 km. Furthermore, we achieved a key exchange over 91 km (without decoy-state preparation).

## ACKNOWLEDGMENTS

We would like to acknowledge Jesús Martínez-Mateo for providing the error correction code, and Bing Qi and Marcos Curty for helpful discussions. We thank the Swiss NCCR QSIT and the European EMPIR MIQC2 for financial support. C. C. W. Lim acknowledges support from the Oak Ridge National Laboratory directed research and development program.

### APPENDIX A: ESTIMATION OF THE SECRET KEY RATE

Here, we first present briefly the security analysis of our QKD protocol against a large class of attacks under the assumption that the adversary, Eve, can only forward a qubit or a vacuum state in each use of the quantum channel. Then we show how to estimate the SKR from our experimental raw data.

In our QKD implementation, Alice uses a phase-randomized laser source with intensity *μ* to prepare her qubits. In this case, the source generates in each run a vacuum state with probability $exp(\u2212\mu )$, a single-photon state with probability $\mu \u2009exp(\u2212\mu )$, and a multi-photon state with probability $1\u2212(1+\mu )\u2009exp(\u2212\mu )$. To deal with events that are not single photons, we conservatively assume that (1) multi-photon states are insecure and (2) vacuum states are secure qubit states. The former is due to the fact that Eve can perform photon-number splitting attacks and the latter is due to the fact that vacuum states carry zero information about Alice's bit values; this also applies to Bob.

Recall that in each run of the implementation, Alice randomly prepares her qubit in one of the three states ${|0\u27e9,|1\u27e9,|+\u27e9}$. This choice of encoding is known as the *three-state* QKD protocol,^{27} and it has been recently shown that it is loss-tolerant if mismatched bases statistics are taken into consideration.^{28} By loss-tolerant, we mean that three-state QKD is resilient against attacks that exploit channel loss and source errors (i.e., encoding flaws). Interestingly, it has also been shown that the security performance of three-state QKD is similar to BB84 QKD. This means that the fourth qubit state, $|\u2212\u27e9$, is redundant.

Before we state the security bounds for our protocol, it is instructive to spell out the security criteria that we are using. For some small protocol errors, $\epsilon cor,\epsilon \u2009sec\u2009>0$, we say, that our protocol is $\epsilon cor+\epsilon \u2009sec$-secure if it is $\epsilon cor$-correct and $\epsilon \u2009sec$-secret. More specifically, let $SA$ and $SB$ be Alice and Bob's output keys, then the former is satisfied if $Pr[SA\u2260SB]\u2264\epsilon cor$, i.e., the secret keys are identical except with a small probability $\epsilon cor$. The latter is satisfied if $(1\u2212pabort)\u2225\rho AE\u2212UA\u2297\rho E\u22251/2\u2264\epsilon \u2009sec\u2009$ where $\rho AE$ is the classical-quantum state describing the joint state of $SA$ and *E*, $UA$ is the uniform mixture of all possible values of $SA$, and $pabort$ is the probability that the protocol aborts. Importantly, this secrecy criterion guarantees that the protocol is universally composable: the pair of secret keys can be safely used in any cryptographic task, e.g., for encrypting messages, that requires a perfectly secure key.

To analyze the security of our QKD implementation, we work in a counterfactual scenario where Alice and Bob are using the asymmetric BB84 QKD, i.e., the $Z$ basis is used for the key and the $X$ basis is used for parameter estimation. In this scenario, an upper bound on the extractable secret key length is obtained by using the bound given in Ref. 17

where $sZ,1lb$ is the lower bound on the number of single-photon detections in the $Z$ basis, $\delta Z,phub$ is the upper bound on the phase error rate, $leakEC$ is the number of bits revealed during the error correction step,^{33} and $h2(x)$ is the binary entropy function. In the following, we show how to compute $sZ,1lb$ and $\delta Z,phub$ using measurement statistics obtained in the actual QKD system. To start with, we denote by $nZ$ and $nX$ the total number of detections in the $Z$ and $X$ bases, respectively. Then, we have that the total number of detections (in either basis) is a sum of detections conditioned on the number of photons sent by Alice. For example, for the $Z$ basis, we have $nZ=\u2211ksZ,k$, where $sZ,k$ is the number of detections conditioned on Alice sending *k*-photon states. Note that since all vacuum states are assumed to be secure qubit states, we may absorb $sZ,0$ into $sZ,1$.

Let $NZ$ be the number of signals with which Alice and Bob choose the $Z$ basis, then a simple lower bound on $sZ,1$ is obtained by subtracting $G(NZ)$ the number of multi-photon states sent by Alice from the total number of detections

where

Here, we used the fact that the photon number distribution follows a Poisson distribution and that maximally $\u230a NZ(1\u2212(1+\mu )e\u2212\mu )+\u2009log(\epsilon \u2009sec\u2009\u22121)NZ/2 \u230b$ of the states are multi-photon states; although the latter statement only holds with probability $1\u2212\epsilon \u2009sec\u2009$. Likewise, we have the same bound for the $X$ basis

Next, we need to estimate the number of phase errors in $sZ,1$. In BB84 QKD, this estimation problem is a classical random sampling (without replacement) problem, and one can use the error rate $\delta X$ in the $X$ basis to estimate the phase error rate $\delta Z,ph$ in the $Z$ basis. However, in three-state QKD, one only has partial observation of the error rate in the $X$ basis, since only the state $|+\u27e9$ is sent in the $X$ basis. Recently, it has been shown that the phase error rate can be exactly estimated (in the asymptotic limit) by using the mismatched bases statistics and the partial error rate observed in the $X$ basis.^{28} Below, for completeness, we provide an alternative derivation that relates $\delta X$ to the above measurement statistics.

Suppose Alice is able to prepare single-photon states and Eve interacts independently and identically with each photon; later we will consider the scenario with weak laser pulses. Furthermore, without loss of generality, we may assume that the quantum channel has perfect transmission, since Bob's basis choice is independent of Eve's attacks and Alice and Bob postselect the measurement statistics. In this scenario, we may describe Eve's actions using the following transformations:

where $|\varphi i\u27e9$ for $i=1,2,3,4$ are Eve's quantum states (not necessarily normalized). Furthermore, since $UAE$ is unitary, we have $\u27e8\varphi 1|\varphi 1\u27e9+\u27e8\varphi 2|\varphi 2\u27e9=1,\u2009\u27e8\varphi 3|\varphi 3\u27e9+\u27e8\varphi 4|\varphi 4\u27e9=1$, and $\u27e8\varphi 1|\varphi 3\u27e9+\u27e8\varphi 2|\varphi 4\u27e9=0,\u2009\u27e8\varphi 3|\varphi 1\u27e9+\u27e8\varphi 4|\varphi 2\u27e9=0$; since the context is now clear, hereafter we will omit the subsystem labels. Using the above transformations, we thus have

Let $a\u2208{H,V,+}$ and $b\u2208{H,V,+,\u2212}$, then the probability that Bob detects *b* (using the $Z$ basis) when Alice has sent *a* (in the $Z$ basis) follows:

From the above, the probabilities for mismatch basis choices are thus given by

Since $pZX(H|\xb1)+pZX(V|\xb1)=1$, we have $Re[\u27e8 \varphi 1|\varphi 3 \u27e9]+Re[\u27e8 \varphi 2|\varphi 4 \u27e9]=0$. Accordingly, we have

In the counterfactual BB84 QKD, Alice prepares $|+\u27e9,|\u2212\u27e9$ with uniform probability, and the probability of error in the $X$ basis is defined as $pX,err:=pXX(+|\u2212)/2+pXX(\u2212|+)/2$. Using the above equations, we get

That is, the probability of observing an error in the $X$ basis statistics can be exactly estimated by three conditional probabilities: $pXZ(+|H),\u2009pXZ(+|V)$, and $pXX(\u2212|+)$.

To estimate the phase error rate $\delta Z,ph$ in the $Z$ basis using Eq. (A10), we have to first estimate $pXZ(+|H),\u2009pXZ(+|V)$, and $pXX(\u2212|+)$ from the observed statistics. To start with, let *m*(*b*, *a*) denote the number of detections when Alice sends light pulses prepared in $a\u2208{H,V,+}$ and Bob encodes $b\u2208{H,V,+,\u2212}$, and $mX(a)=m(+,a)+m(\u2212,a)$. Then, following the method as described before, we can compute a lower bound on the number of single-photon detections in $mX(a)$ for any *a*. For instance, we have $qX,1lb(a)=mX(a)\u2212G(NX(a))$, where $NX(a)$ is the number of instances with which Alice sends *a* and Bob chooses an encoding in the $X$ basis. With that, we can compute upper bounds on the relative frequencies associated with the above conditional probabilities, i.e., we have

for any *a*. Next, by making use of Hoeffding's inequality, we further get

where $K(x):=2x/\u2009log(1/\epsilon \u2009sec\u2009)$. Putting everything together, we thus get

Finally, to compute $\delta Z,phub$, we use the Hoeffding's inequality again to get

### APPENDIX B: SIPHONING ATTACKS ON DDI-QKD

In this section, we present a quantum siphoning attack on BB84 and DDI-QKD. This attack is more powerful than the attack proposed in Ref. 21: it does not require shared randomness between Bob's laboratory and Eve and works even if Bob's input optical mode is restricted to a single spatial-temporal mode. The central idea of the attack is to exploit the fact that multi-photon states live in the tensor product of single photon subspaces, and linear optical circuits act on each photon independently. Crucially, these observations suggest that Eve can use multi-photon states to learn about Bob's qubit choices, thereby breaking the security of DDI-QKD.

To illustrate the above idea and to understand the security boundary of DDI-QKD, we start from a conservative scenario whereby the detectors are black boxes and adversarial in nature (see Fig. 4). In particular, we assume that the untrusted detectors are controlled by an internal adversary called Fred, who can perform any quantum operation. Furthermore, we assume that Fred and Eve (who is controlling the quantum channel) are collaborators and they agree on a set of possible actions beforehand. However, Fred cannot communicate freely with Eve, since Bob's laboratory is secure; however, as we will show below, Eve can communicate freely with Fred. Also, Fred is restricted to his own device and has no access to Bob's linear optical circuit, e.g., Bob's random basis choices and bit values.

On Bob's end, we assume that he is able to restrict all input light states to a single optical spatial-temporal mode, where any quantum information is encoded in the polarization DoF. This assumption is pretty strong as it already allows Bob to rule out a large class of detector side-channel attacks, e.g., time-shifting attacks. Nevertheless, despite this assumption, we show below that DDI-QKD is insecure if the quantum channel admits multi-photon excitations of the input optical mode.

The quantum siphoning attack is carried out in three phases: (1) the intercept-and-resend phase, (2) the qubit extraction phase, and (3) the siphoning phase. In the first phase, Eve measures Alice's qubit randomly using either the $Z$ or $X$ basis, and sends a *n*-photon state to Bob, where each photon is prepared in the equal superposition of the horizontal and vertical polarization states, i.e., $|\chi i\u27e9Eve=|H\u27e9/2+|V\u27e9/2$. The number of photons, *n*, is dependent on Eve's basis choice and her measurement outcome: *n* takes value from the set ${nj}j=14$, which corresponds to ${H,V,+,\u2212}$. For example, *n* = *n*_{1} means Eve measures in the $Z$ basis and obtains *H* and $n=n4$ means she measures in the $X$ basis and obtains –. Note that the set ${nj}j=14$ satisfies $nj\u2260nk$ for all $j\u2260k$ and $nj\u226b3$ for all *j*.

In the second phase, the *n _{j}*-photon state passes through Bob's linear optical circuit and each photon is transformed to a four-dimensional quantum state (just before the detectors/Fred)

where ${|i\u27e9}i$ is simply the single-photon basis states for the four output ports of Bob's linear optical circuit. Recall that Bob's qubit choice is denoted by $\varphi \u2208{0,\pi ,\pi /2,3\pi /2}$. In fact, we can further simplify the above equation to reflect an effective qubit state by using the transformations: $|0\u0303\u27e9=(|1\u27e9+|2\u27e9)/2$ and $|1\u0303\u27e9=(|3\u27e9+|4\u27e9)/2,\u2009|\xb1\u0303\u27e9=(|0\u0303\u27e9\xb1|1\u0303\u27e9)/2$, giving

Indeed, we see that when the input is a single-photon state, the resulting output states are the BB84 qubit states (up to local rotations), where one basis is given by

and the other basis given by

When the input state is a *n _{j}*-photon state, the output is

*n*copies of Bob's qubit; because Fred has access to all the four output ports. This means that Fred can first measure the photon number of the output state and learn about Eve's basis choice and her measurement outcome. Then, Fred can determine $\varphi $, i.e., Bob's qubit choice by performing the optimal unambiguous state discrimination (USD) measurement for

_{j}*n*photons. In particular, the regime in which Fred can unambiguously learn about $\varphi $ starts from

_{j}*n*= 3, with a success probability of 1/2. That is, there exists an USD measurement which Fred can perform to extract $\varphi $ from 3 copies of $|\chi f\varphi \u27e9Eve$ with probability at least 1/2. In the general case where $n\u22653$, it can be shown that the probability of success for a

*n*-photon injection is lower bounded by the smallest eigenvalue of the following 2 × 2 block matrix:

_{j}^{34}

where

Indeed, in the case of $nj=3$, we see that $psucc(3)\u22651/2$. Since Eve can inject an arbitrary number of photons, we have to assume the limiting case and take $psucc(nj)\u22481$ with $nj\u226b3$ for any *j*.

In the final phase, Fred first compares Eve and Bob's basis choices. If they are the same, he simply outputs a Bell state that is consistent with their bit values and basis choice, otherwise, he announces the measurement as inconclusive. In particular, Fred uses Table I to determine the BSM outcome. For example, if Eve's outcome is *V* and Bob's qubit choice is *H*, then Fred outputs $\Psi +$ or $\Psi \u2212$ with probability ½ each. Note that this attack works whenever the quantum channel loss is $\u22651/2$.

The above quantum siphoning attack works even if Bob limits the input light state to a single optical spatial-temporal mode. Our proposed attack is essentially an entanglement-breaking operation, since it requires Eve to perform an intercept-and-resend attack. More crucially, it should be noted that this attack works as long as Eve is able to send multi-photon states to Bob. This problem is reminiscent of the security problem faced by the bi-directional “plug and play” QKD system, where Eve can apply Trojan horse attacks to learn about Alice's bit values. Such Trojan horse attacks could be mitigated by employing countermeasures like those proposed in Ref. 35. To conclude, our attack shows that DDI-QKD is not equivalent to MDI-QKD, despite their conceptual similarities, and additional assumptions are necessary to guarantee the security of DDI-QKD as discussed in Sec. III.

## References

Note that this does not include the information leakage due to error verification.