Discrete Phase Randomization in QKD
- Discrete phase randomization (DPR) is a method that replaces continuous phase modulation with a finite set of phases, creating an approximate photon-number description in QKD systems.
- It addresses the practical gap between theoretical models and experimental capabilities by mitigating source-side loopholes in protocols like TF-QKD and MDI-QKD.
- DPR reduces resource consumption by requiring only a few random bits per pulse while enabling close-to-ideal performance as the number of discrete phases increases.
to on-discrete tools arXiv search for the specified paper and closely related DPR/QKD papers. Discrete phase randomization (DPR) is the replacement of ideal continuous phase randomization of coherent optical signals by a finite phase alphabet, typically
In quantum key distribution (QKD), DPR changes the source model that underlies decoy-state security analysis: continuous randomization makes a coherent state equivalent to a statistical mixture of Fock states, while DPR yields only an approximate photon-number description. The topic emerged from a practical mismatch between theory and experiment: many security proofs assume phases uniformly random over , yet phase modulators and random number generators in deployed systems can only realize a finite set of phase values. The resulting literature studies DPR both as a corrective to unrealistic source assumptions and as a design feature that can be integrated into TF-QKD, SNS-TF-QKD, MDI-QKD, BB84, and mode-pairing QKD (Cao et al., 2014, Zhang et al., 2020).
1. Motivation and problem setting
In decoy-state QKD, continuous phase randomization is traditionally assumed because it makes signal and decoy states indistinguishable to an eavesdropper except through photon number. This is the basis of the standard photon-number channel model. The practical difficulty is that perfect continuous randomization cannot be achieved: active phase randomization uses electronic phase modulators and discrete random numbers, and passive schemes can introduce unwanted phase correlations between pulses (Cao et al., 2014, Wang et al., 2022).
This source-model gap is not merely formal. In measurement-device-independent QKD, imperfect phase randomization was shown to create source-side loopholes, and a concrete attack based on unambiguous state discrimination was given. For signal and decoy intensities and , the stated success probability is
with the result that the estimated lower bound on the key rate may be strictly positive while the true secure key rate becomes zero (Cao, 2020). This establishes DPR as part of the broader effort to align practical source preparation with the assumptions required for composable security.
A second motivation is resource reduction. Continuous randomization effectively requires an infinite number of random bits per pulse, while DPR requires only random bits. For , the literature explicitly states that only 4 bits per pulse are needed (Cao et al., 2014). This reduction is operationally significant in high-rate systems and recurs throughout later DPR analyses in TF-QKD and mode-pairing QKD (Zhang et al., 2020, Xu et al., 14 May 2026).
2. Source model and discrete-phase state decomposition
Under DPR, a coherent source of intensity is phase-averaged over a finite set: Unlike the continuously randomized case, this state is not exactly a probabilistic mixture of Fock states. Instead, the DPR literature decomposes it into orthogonal components indexed modulo , often called “approximate photon number” states or “pseudo photon number” states, each supported on Fock numbers congruent to a fixed residue class modulo 0 (Cao et al., 2014, Jiang et al., 2020).
For the component probabilities, a standard expression is
1
or equivalently with 2 in place of 3, depending on the paper’s notation (Cao et al., 2014, Jiang et al., 2020, Xu et al., 14 May 2026). In the limit 4, these approximate states converge to true Fock states. For finite 5, the 6 and 7 components play a distinguished role because they most closely resemble the vacuum and single-photon sectors, respectively (Cao et al., 2014).
This decomposition has two immediate consequences. First, yields and error rates are indexed by pseudo-photon components rather than exact photon numbers. Second, unlike in the continuous case, the yields of the same component can depend on intensity because the underlying DPR states at different intensities are not identical. This dependence is central to every DPR decoy-state analysis, including TF-QKD, SNS-TF-QKD, MDI-QKD, and mode-pairing QKD (Zhang et al., 2020, Jiang et al., 2020, Xu et al., 14 May 2026).
3. Security analysis and parameter estimation
The core technical problem in DPR security proofs is controlling the distinguishability introduced by finite phase alphabets. A recurring method is to compare approximate photon-number states of different intensities using fidelity. In TF-QKD with DPR, the difference between yields at intensities 8 and 9 is bounded by
0
where 1 is the fidelity between the corresponding approximate photon-number states (Zhang et al., 2020). The same structural bound appears in SNS-TF-QKD, MDI-QKD, and mode-pairing QKD with notation adapted to those protocols (Jiang et al., 2020, Cao, 2020, Xu et al., 14 May 2026).
A second recurring ingredient is basis dependence. In the original DPR security proof for coherent-state QKD, the phase error rate for component 2 is upper bounded through a basis-dependence parameter 3 derived from fidelity: 4 with
5
This makes explicit how incomplete phase randomization perturbs the relation between bit and phase errors (Cao et al., 2014).
Beyond fidelity-based analytic arguments, DPR parameter estimation has developed along three lines. One line uses semidefinite programming to exploit the structure and symmetries of discrete phase choices, especially in fully discrete TF-QKD and in decoy-state QKD with non-uniform phase randomization (Currás-Lorenzo et al., 2020, Sixto et al., 2023). A second line uses linear programming and conjugate-measurement arguments to obtain finite-key phase-error bounds under DPR (Wang et al., 2022). A third line derives closed-form analytical bounds for DPR BB84 and DPR MDI-QKD, with the stated goal of matching more cumbersome numerical methods in the regions of interest (Liu et al., 20 Aug 2025). Together, these methods show that DPR security analysis is not a minor perturbation of continuous-randomization proofs; it requires a distinct parameter-estimation layer.
4. Twin-field QKD and the fully discrete turn
DPR became especially prominent in twin-field QKD because TF-QKD protocols and their variants can beat the rate-loss bound without quantum repeaters, yet many formulations assumed continuous phase randomization in test or decoy modes. A direct response was a TF-QKD variant in which both code mode and test mode use the same discrete phase set
6
with 3 intensities 7 in the test mode and postselection based on matching or opposite phases (Zhang et al., 2020).
For this protocol, the asymptotic secret key rate is given as
8
The factor 9 is the sifting factor associated with matched or opposite phases. The corresponding trade-off is explicit: larger 0 makes the approximate photon-number states closer to ideal Fock states, but reduces the sifting factor (Zhang et al., 2020).
A distinct fully discrete TF-QKD variant goes further by using exclusively discrete phase randomisation and estimating phase errors through postselected test rounds with a customized semidefinite program. In that formulation, the key rate is written as
1
with information leakage bounded through separate same-phase and opposite-phase contributions. The reported result is that this protocol can provide higher secret-key rates than counterpart protocols that rely on continuous phase randomisation (Currás-Lorenzo et al., 2020).
The numerical literature on TF-QKD with DPR is heterogeneous because the protocols are not identical. The following summary captures the claims stated for representative variants.
| Protocol | Discrete phases highlighted | Reported behaviour |
|---|---|---|
| TF-QKD with discrete-phase-randomized sources (Zhang et al., 2020) | 2 | 3: cannot beat the PLOB bound; 4: can beat PLOB; 5: approaches the continuous case |
| Fully discrete TF-QKD (Currás-Lorenzo et al., 2020) | 6 | 7: surpasses the repeaterless secret-key capacity benchmark; 8: higher than counterpart continuous-phase protocols; 9: approaches the ideal infinite-0 scenario |
| SNS TF-QKD with discrete phase modulation (Jiang et al., 2020) | 1 | 2: exceeds the linear PLOB bound; 3: very close to continuous phase randomization |
These results indicate that DPR in TF-QKD is not tied to a single security mechanism. In some variants, it primarily closes the theory-practice gap created by unrealistic continuous-randomization assumptions (Zhang et al., 2020). In others, discrete postselection itself becomes a performance-relevant ingredient because exact phase matching is available only for finite phase alphabets (Currás-Lorenzo et al., 2020).
5. Finite-key, MDI, mode-pairing, and non-uniform generalizations
The finite-key regime remained open after the first asymptotic DPR-TF-QKD analyses. A later proof developed a technique based on conjugate measurement and quantum state distinguishment, and states that it is the first proof for TF-QKD with discrete phase-randomization in finite-key region. Its numerical results show that 8 phases from 4 can achieve satisfactory performance and can still beat the linear rate-loss bound at long distances, with bits per pulse 5 used as the main performance metric (Wang et al., 2022).
In MDI-QKD, DPR serves a more visibly defensive role. The absence of phase randomization enables the concrete source-side attack already noted above, and DPR-MDI-QKD is presented as a way to close that loophole. The security analysis again proceeds through approximate photon-number states, fidelity bounds, and modified key-rate formulas, with simulations stating that as few as 14 discrete phases suffice in practice (Cao, 2020). Subsequent analytical work derives closed-form DPR bounds for BB84 and MDI-QKD, with the statement that the analytical bounds closely match numerical results in the regions of interest, and with representative thresholds 6 for BB84 and 7 for MDI-QKD (Liu et al., 20 Aug 2025).
The DPR framework has also been extended beyond uniform discrete alphabets. For decoy-state QKD with arbitrary, continuous or discrete, non-uniform phase randomization, semidefinite programming combined with basis mismatched events was used to obtain tighter key-rate bounds than previous linear-programming approaches. The paper states that decoy-state QKD is quite robust to deviations from the ideal uniformly random scenario and that, for DPR with 8 phases, the achievable key rate is already very close to the ideal continuous case (Sixto et al., 2023).
A further generalization appears in mode-pairing QKD. There, the source is discretized over
9
and the coherent state is decomposed into pseudo-photon sectors with probabilities
0
The reported conclusion is that the DPR mode-pairing key rate progressively approaches the continuous case, with convergence achieved at approximately 14 discrete phases, and that 4 random bits are adequate (Xu et al., 14 May 2026).
6. Trade-offs, misconceptions, and practical significance
The central trade-off in DPR is between approximation quality and operational overhead. Increasing the number of discrete phases makes the pseudo-photon components closer to ideal Fock states and generally improves parameter estimation. At the same time, some TF-QKD constructions pay a sifting penalty of 1, so larger 2 also reduces the fraction of retained data (Zhang et al., 2020). This is a protocol-level trade-off, not a universal law.
A common misconception is that DPR is simply a degraded approximation to continuous phase randomization. The broader literature does not support such a uniform statement. In BB84, MDI-QKD, and several decoy-state formulations, DPR performance rapidly approaches the continuous case as the number of phases increases, and the main significance is closing a source-model loophole while sharply reducing the randomness requirement (Cao et al., 2014, Cao, 2020, Liu et al., 20 Aug 2025). In contrast, a fully discrete TF-QKD variant reports higher secret-key rates than counterpart protocols that rely on continuous phase randomisation because discrete phase postselection tightens phase-error estimation (Currás-Lorenzo et al., 2020). This suggests that the effect of DPR is protocol-dependent: in some settings it is primarily corrective, while in others it reshapes the attainable information-theoretic bounds.
The practical significance is consistent across the literature. DPR reduces the demand for phase precision and randomness generation; only a few bits per pulse are repeatedly cited as sufficient for near-continuous performance, with representative values of 4 bits for 10 or 14 phases (Cao et al., 2014, Xu et al., 14 May 2026). In TF-QKD, DPR is presented as bridging the gap between theory and experiment, and one analysis states that the protocol is ready for practical realization with current technology (Zhang et al., 2020). Across QKD families, DPR has thus become both a realistic source model and a mature line of security analysis, spanning asymptotic, finite-key, analytic, linear-programming, and semidefinite-programming treatments.