MDI-QKD: Measurement-Device-Independent QKD
- MDI-QKD is a quantum key distribution protocol that eliminates detector vulnerabilities by having an untrusted relay perform the Bell-state measurement.
- The protocol typically employs BB84 states with phase-randomized weak pulses and decoy-state methods to isolate single-photon contributions for secure key generation.
- Its flexible design supports various network architectures and long-distance implementations, even when using imperfect sources and realistic experimental conditions.
Searching arXiv for foundational and recent MDI-QKD papers to support the article. Measurement-device-independent quantum key distribution (MDI-QKD) is a class of discrete-variable QKD protocols in which Alice and Bob send independently prepared quantum states to an untrusted relay, typically called Charlie, who performs a Bell-state measurement (BSM) and publicly announces successful events. Its defining security feature is that the entire measurement apparatus is treated as a black box, so all detector-side loopholes are removed from the trust model. In the practical realizations summarized in the literature, Alice and Bob usually prepare BB84 states with phase-randomized weak coherent pulses and use decoy-state analysis to isolate the single-photon contribution that underwrites the secret key rate (Xu et al., 2013, Liu et al., 2012, Sun et al., 2013).
1. Protocol architecture and operating principle
In standard prepare-and-measure MDI-QKD, Alice and Bob independently choose a basis and a bit value, encode one of the BB84 states, and transmit their pulses to Charlie. Charlie interferes the two incoming optical fields on a beam splitter and performs a partial BSM. Successful projections are typically identified with or, in some realizations, through two-click coincidence patterns in orthogonal detectors. Alice and Bob then keep only rounds in which they used compatible bases and Charlie reported a successful projection; after basis sifting, error correction, and privacy amplification, they extract a secret key (Liu et al., 2012, Xu et al., 2013).
The protocol is commonly described as a time-reversed entanglement-based scheme. Operationally, this means that Charlie’s announcement post-selects correlations between Alice’s and Bob’s preparations without requiring Charlie to be trusted. In time-bin implementations, the basis is encoded in early and late temporal modes, while the basis is encoded in relative phase $0$ or between the two bins. Polarization encodings and hybrid architectures are also represented in the literature (Valivarthi et al., 2015, Valivarthi et al., 2017).
A central experimental difficulty is two-photon indistinguishability at Charlie. MDI-QKD requires overlap in arrival time, spectrum, polarization, and phase reference to sustain high-visibility Hong–Ou–Mandel interference. Several system designs therefore devote substantial resources to active timing, polarization, and spectral feedback. An alternative is Plug-and-Play MDI-QKD, where Charlie generates the pulses from a single laser and sends them to Alice and Bob before they are attenuated, encoded, and reflected back. In that setting, spectral indistinguishability is inherited from the common laser, polarization drift is automatically compensated by Faraday mirrors, and a common interferometer can provide the shared phase reference for time-bin encoding (Kim et al., 2015).
2. Decoy-state inference and secret-key rate formulas
Because practical sources are phase-randomized weak coherent pulses rather than ideal single-photon emitters, MDI-QKD is normally paired with the decoy-state method. The basic observables are the gain and the error-gain for each intensity pair :
Here 0 is the conditional probability that Charlie reports a successful BSM when Alice emits an 1-photon pulse and Bob an 2-photon pulse, and 3 is the corresponding QBER (Sun et al., 2013).
The asymptotic secret-key rate used across multiple treatments takes the standard single-photon form
4
where 5 and 6 are the observed 7-basis gain and QBER, 8 with 9, 0 is the single-photon phase-error estimate from the 1 basis, 2 is the error-correction inefficiency, and 3 (Xu et al., 2013). Equivalent notational variants appear throughout the experimental and modeling literature (Chan et al., 2012, Valivarthi et al., 2015).
A major technical result of early practical analysis was that only vacuum and one weak decoy state are sufficient to derive tight lower bounds on 4 and upper bounds on 5. Numerical simulations in that setting showed that vacuum-plus-weak-decoy performance can asymptotically approach the infinite-decoy limit: for example, at total Alice–Bob transmission 6, one finds 7 versus 8, and 9 versus 0, with the secret key rate almost indistinguishable from the theoretical optimum and difference 1 (Sun et al., 2013).
Finite-size analysis replaces exact parameters by confidence intervals derived from concentration bounds. In the practical decoy-state analysis, finite statistics are handled by replacing the observed 2 and 3 with upper and lower confidence bounds parameterized by the number of standard deviations 4; with 5 total pulses and 6, the key rate remained positive up to 7 km (Sun et al., 2013). In the long-distance entangled-source analysis, finite-key corrections were applied at 8 signals with composable security parameter 9 and two decoys (Xu et al., 2013).
3. Physical modeling and dominant error mechanisms
System modeling in MDI-QKD explicitly tracks source statistics, channel loss, mode overlap, and detector behavior. A channel of length 0 and attenuation 1 is represented by a beam splitter of transmittance
2
and polarization misalignment is modeled by
3
In more detailed descriptions, the full state-preparation model also includes imperfect modulation parameters, finite interference visibility, detector dark counts, and afterpulsing (Xu et al., 2013, Chan et al., 2012).
The BSM model must treat vacuum, one-photon, and multiphoton inputs separately. In the general time-bin model, the beam splitter plus threshold detectors are analyzed by enumerating input–output photon-number configurations and weighting them with the Poissonian source distributions. Two-photon interference is incorporated through an observed visibility 4, interpolating between interfering and non-interfering cases. This modeling framework was shown to agree with laboratory and deployed-fiber data over three orders of magnitude and was then used to optimize mean photon numbers, identify rate-limiting components, and project future performance (Chan et al., 2012).
Across the practical analyses, the principal impairments are consistent. Polarization misalignment, temporal or spectral mode mismatch, detector dark counts, and finite detector efficiency dominate the QBER and the attainable distance. In one representative parameter set used for numerical studies, 5, 6, 7, 8, and 9 (Xu et al., 2013). In long-distance entangled-source architectures, the dominant long-range factors are explicitly identified as detector efficiency and dark counts; in addition, polarization stabilization over four independent optical links requires active feedback or polarization-maintaining fiber, and high-speed operation with low timing jitter is needed to accumulate the required four-fold coincidences (Xu et al., 2013).
A further practical complication is asymmetry. When the Alice–Charlie and Bob–Charlie transmittances differ, equal source intensities are not generally optimal. The asymmetric analysis showed that the true optimum depends on the transmittance ratio $0$0, and numerical examples yielded approximately $0$1 higher rate than a naive “symmetric gain” choice for $0$2 (Xu et al., 2013). This asymmetry problem is structurally important for network deployments, where user-to-relay distances are rarely identical.
4. Security scope, source assumptions, and relaxed-trust variants
The core security claim of MDI-QKD is narrow but strong: detector-side attacks are removed because Charlie’s measurement device is untrusted by design. A recurrent misunderstanding is to extend this conclusion to the source side. The later literature is explicit that conventional MDI-QKD security proofs still require assumptions on Alice’s and Bob’s transmitters, and that uncharacterized side channels in state preparation can compromise security if left untreated (Ding et al., 2021, Tang et al., 2015).
One route addresses imperfect but characterized sources. The first experimental MDI-QKD demonstration incorporating state-preparation flaws used the loss-tolerant proof of Tamaki et al., under the assumption that the prepared states remain in a two-dimensional subspace. With imperfect polarization preparation taken into account through measured density matrices and Stokes vectors, secure keys were distributed over fiber links up to $0$3 km; at $0$4 km with finite key $0$5, the experiment reported $0$6, $0$7, $0$8, $0$9, and 0 bit/pulse (Tang et al., 2015).
A stricter relaxation is uncharacterized-source MDI-QKD. In the three-state method, the only source assumption is that the prepared states lie in a bidimensional Hilbert space, and mismatched-basis events are used to bound the phase-error rate. A proof-of-principle implementation over 1 km reported 2, 3, 4, 5, and final key rate 6 per pulse, with 7 pulses per side and finite-size correction applied (Zhou et al., 2020).
An even broader framework treats arbitrary source imperfection and side channels through a reference-technique formalism. In that description, the actual transmitted state is decomposed into an ideal BB84 component and an orthogonal leakage component with parameter 8. The asymptotic rate becomes
9
and the phase-error estimate is obtained by bounding the virtual error numerator 0 via fidelity-based inequalities. Simulations with single-photon sources showed that source insecurity can sharply reduce range: with 1, a positive key remains up to 2 dB only, whereas with 3 one reaches 4 dB (Ding et al., 2021). This suggests that detector-independence does not by itself imply full implementation security.
Other relaxed-trust models sit between standard MDI-QKD and stronger device-independence. One-sided MDI-QKD assumes Bob’s encoder is trusted while Alice’s is uncharacterized but emits qubit-dimensional, basis-independent states; its asymptotic key-rate bound is written as 5, and practical WCP realizations with analytical two-decoy bounds were proposed (Cao et al., 2017). In a different direction, MDI-QKD with an untrusted source places the laser at Charles and compensates with spectral/spatial filtering, pulse-energy monitoring, and active phase randomization; asymptotically, the paper reports rates close to initial MDI-QKD in the asymptotic setting, while finite-size monitoring overhead reduces range (Xu, 2015). Plug-and-Play MDI-QKD simplifies indistinguishability, but its own treatment notes that source-side attacks such as Trojan-horse and phase-remapping remain possible and must be countered by standard Plug-and-Play techniques (Kim et al., 2015).
5. Experimental realizations and performance benchmarks
The experimental trajectory of MDI-QKD has moved along several axes simultaneously: longer distance, higher clock rate, reduced complexity, relaxed source assumptions, and non-fiber deployment. Representative results are summarized below.
| Implementation | Configuration | Reported benchmark |
|---|---|---|
| Liu et al. (Liu et al., 2012) | First experimental MDI-QKD over fiber | More than 6 kbit secure key over a 7-km fiber link |
| Valivarthi et al. (Valivarthi et al., 2015) | Application-oriented fiber system | QKD over a channel featuring 8 dB loss, and more than 9 bits of secret key per second over a 0 dB loss channel |
| Comandar et al. (Valivarthi et al., 2017) | Cost-effective FPGA/DFB architecture | 1 kbps at 2 km total distance; star-type topology extending over more than 3 km |
| Cao et al. (Cao et al., 2020) | Free-space urban MDI-QKD | 4-km urban atmospheric channel; final secure key 5 kbit, corresponding to 6 bits s7 |
| “Experimental Three-State MDI-QKD with Uncharacterized Sources” (Zhou et al., 2020) | Finite-size, uncharacterized sources | 8 km; final key rate 9 per pulse |
| “Gigahertz MDI-QKD using directly modulated lasers” (Woodward et al., 2021) | 0 GHz direct-modulation design | 1 bps at 2 dB channel loss; 3 kbps in the finite-size regime for 4 dB channel loss |
The early experimental systems established that detector-side loopholes could be removed without sacrificing practical decoy-state operation. The 5-km demonstration used up-conversion detectors with total system detection efficiency 6, dark-count rate 7 kHz per detector, and 8 hours of run time; the measured 9-basis QBER stayed below 00 for all non-vacuum intensity pairs, and the upper bound on the single-photon phase error was 01 (Liu et al., 2012).
Application-oriented engineering quickly shifted attention to deployed fiber, detector technology, and hardware cost. The application study compared InGaAs SPDs with SNSPDs, showing secure operation up to 02 dB and 03 dB total loss for id201 and id210, respectively, and up to 04 dB with SNSPDs, corresponding to 05 km. The same work reported that integrating the system into FPGA-based hardware instead of arbitrary waveform generators did not impact performance (Valivarthi et al., 2015). The cost-effective system built around commercial DFB lasers and FPGA qubit generation reached a two-photon interference visibility of 06 over 07 km of spooled fiber, in agreement with the theoretical model, and extrapolated to 08 kbps at 09 km for 10 GHz modulation (Valivarthi et al., 2017).
Later work targeted the finite-size bottleneck directly. The double-scanning method, experimentally incorporated into MDI-QKD at 11 MHz, achieved secure transmission over 12 km with only 13 pulses, with final secret key rates 14 bps at 15 km and 16 bps at 17 km. The same report states that 18 km was impossible with all former methods under the same pulse budget (Chen et al., 2021). In parallel, direct laser modulation and injection locking were used to eliminate spectral and phase feedback between independent lasers at 19 GHz, yielding long-term 20-basis QBER 21 and 22-basis 23 over 24 h (Woodward et al., 2021).
The free-space experiment constitutes a separate milestone. Over a 25-km urban atmospheric channel, adaptive optics, high-precision synchronization, and molecular-absorption-based frequency locking enabled the first long-distance free-space MDI-QKD, exceeding the effective atmospheric thickness and opening a path toward satellite-based MDI-QKD (Cao et al., 2020).
6. Variants, network architectures, and long-distance extensions
Several major variants extend the baseline protocol. One of the most important is MDI-QKD with a single entangled photon source in the middle. In this architecture, Charles emits a Type-II PDC state and two independent BSMs are performed, one on Alice–Charles’s photon and one on Bob–Charles’s photon. The general model predicts that, with practical existing detectors 26, the asymptotic key rate tolerates up to 27 dB total loss, corresponding to 28 km standard fiber or 29 km ultra-low-loss fiber. With state-of-the-art detectors 30, the asymptotic loss tolerance increases to 31 dB, corresponding to 32 km standard fiber; in the finite-key regime with 33, 34, and two decoys, the tolerable loss is 35 dB, corresponding to 36 km (Xu et al., 2013).
Plug-and-Play MDI-QKD addresses mode matching rather than ultimate distance. By generating all pulses from Charlie’s single laser, it removes active frequency locking, automatically compensates polarization drift via Faraday mirrors, and uses a common interferometer for the time-bin phase reference. The reported proof-of-principle experiment used a continuous-wave 37 nm diode laser, bulk optics, four Si-APDs of 38 efficiency, and observed raw visibilities 39–40 in two-photon interference, 41–42, and 43–44. The paper does not report secret-key-rate versus distance (Kim et al., 2015).
Phase-encoded variants modify the coding alphabet and the error structure. Differential phase encoded MDI-QKD uses a single photon in a linear superposition of three orthogonal time-bin states, with key information carried by phase differences. Its prepare-and-measure version has sifted-key rate
45
and its security proof establishes the phase-error bound 46. In the decoy-state version, the authors combine weak coherent states with phase post-selection; for 47 phase slices, the intrinsic error is reduced from about 48 to 49 (Ranu et al., 2019).
Another line of work targets source-modulation side channels by removing active decoy modulation. Passive decoy-state MDI-QKD based on heralded single-photon sources uses local click patterns to tag passive “signal” and “decoy” settings. Under the parameters in that study, the passive protocol yielded positive keys down to 50 and exceeded the compared active schemes whenever 51 at fixed 52 km (Zhang et al., 2019). Fully passive MDI-QKD goes further, replacing both encoding and decoy modulation with linear optics and post-selection. In the asymptotic simulations, the fully passive protocol achieved 53 lower rate than an active three-intensity MDI-QKD at short distances, but still extended to 54 km with SNSPDs and to 55 km with SPADs (Wang et al., 2023). The practical implication is a different trade-off: lower raw performance in exchange for reduced source-modulator leakage surfaces.
At the network level, MDI-QKD is naturally aligned with star-type topologies. Charlie hosts the costly BSM module, SNSPDs, clock distribution, and feedback hardware, while user nodes require only transmitters. This architecture is emphasized both in application-oriented and cost-effective studies, which argue that expensive central resources can be amortized across multiple users and that the same framework can operate over deployed fiber outside the laboratory (Valivarthi et al., 2015, Valivarthi et al., 2017). The long-distance entangled-source architecture and the untrusted-source network model both reinforce this network-centric view by explicitly placing complex source or measurement functionality at an untrusted middle node (Xu et al., 2013, Xu, 2015).
In aggregate, the literature presents MDI-QKD not as a single protocol instance but as a protocol family. Its invariant feature is detector-side-channel immunity through an untrusted measurement node; its active research front concerns how much of the remaining implementation stack—source calibration, decoy modulation, interferometric stabilization, clocking, and network hardware—can be simplified or untrusted without sacrificing rigorous security.