Experimental Semi-quantum Key Distribution With Classical Users

Quantum key distribution, which allows two distant parties to share an unconditionally secure cryptographic key, promises to play an important role in the future of communication. For this reason such technique has attracted many theoretical and experimental efforts, thus becoming one of the most prominent quantum technologies of the last decades. The security of the key relies on quantum mechanics and therefore requires the users to be capable of performing quantum operations, such as state preparation or measurements in multiple bases. A natural question is whether and to what extent these requirements can be relaxed and the quantum capabilities of the users reduced. Here we demonstrate a novel quantum key distribution scheme, where users are fully classical. In our protocol, the quantum operations are performed by an untrusted third party acting as a server, which gives the users access to a superimposed single photon, and the key exchange is achieved via interaction-free measurements on the shared state. We also provide a full security proof of the protocol by computing the secret key rate in the realistic scenario of finite-resources, as well as practical experimental conditions of imperfect photon source and detectors. Our approach deepens the understanding of the fundamental principles underlying quantum key distribution and, at the same time, opens up new interesting possibilities for quantum cryptography networks


Introduction
Quantum key distribution (QKD) is a technique that allows two distant parties, traditionally called Alice and Bob, to exchange a cryptographic key in an information-theoretic secure way. This means that the security of the key relies on information theory and cannot be broken even by an eavesdropper with unlimited resources.
The first QKD proposal was the BB84 protocol, introduced by Bennett and Brassard in 1984 [1] (subsequently, Ekert introduced the E91 protocol in 1991 [2]), which was proven secure several years later [3][4][5]. Since then, much progress, both theoretical and experimental, has been made in the field. The practicality of this technology is underlined by numerous experimental and even commercial endeavors, supporting its development [6][7][8][9].
Most QKD protocols require Alice or Bob to share a quantum state, or a direct quantum channel, and to perform quantum operations, i.e., operations on quantum bits (qubits) that do not have any counterpart in classical communication, such as generation or measurement in multiple bases. On the other hand, it is known that if both parties are restricted to classical communication, unconditional security is unachievable for the key distribution problem. It is therefore relevant for a fundamental understanding of QKD to investigate how quantum the users' operations and resources need to be in order to achieve information-theoretic security.
A first step in this direction was made by introducing the semi-quantum model of cryptography in 2007 by Boyer et al. [10]. In this model, at least one party must be "classical" in nature, i.e., restricted to a limited set of operations on qubits, namely measuring and/or preparing qubits in a single basis (usually the computational (Z) basis {|0 , |1 }), or simply disconnecting from the quantum channel by allowing any received quantum state to reflect back to the sender. The use of "classical" in this terminology is due to the fact that orthogonal quantum states from a single measurement basis and states of classical systems are both fully distinguishable. The other parties may be classical or quantum (naturally, at least one party must be quantum) with a "quantum" user having the ability to perform any quantum operation on qubits allowed by the laws of physics. In the subsequent proposal [11], permuting or reordering the in-coming qubits using delay lines was considered as another classical operation. Nevertheless, although one can indeed argue that permuting physical systems is inherently classical operation, doing so, especially in photonic applications, is with the current technology far more infeasible than any quantum operation used in cryptographic protocols. Also, preparing and detecting qubit states, albeit in a single basis, is technologically non-trivial.
Further development has shown that Alice's operations can be as limited as Bob's, provided that a third party distributes entangled photons to the users and performs measurements in different bases [12,13]. Such a scheme, referred to as a mediated SQKD protocol, allows two classical users to establish a shared secret key with one-another, using the help of a quantum server which must prepare, and later measure, quantum bits. However, this quantum server need not be trusted, and in fact could be an all-powerful adversary. Security was proven, but again, only for the perfect-qubit scenario [12].
Since that original mediated-SQKD protocol, there have been several advances both in new protocol design and in new security proof methods. A main research goal in this field is to develop new protocols which further reduce the requirements placed on either the end-users or the server (or both). In terms of reducing the complexity of the end-users, a protocol which did not require users to measure was proposed in [13] (however, attacks against the protocol were later discovered in [14]). On the other hand, in [15,16], protocols were developed which reduced the server's requirements. Namely, in [15] the server need only send single qubit states to users but later requiring a Bell measurement. In [16] single qubits were used, both in the initial preparation stage and in the subsequent server measurement, however a cycle topology was required.
Beyond reducing end-user or server requirements, another avenue of research in this area is in improving either efficiency or noise tolerance of the protocol (or both) and in developing new security proof methods. In [17] a new multi-mediated model was introduced which could improve noise tolerance at the cost of efficiency, while in [18] a new protocol was introduced which improved efficiency (though at the cost of noise tolerance).
Most SQKD protocols up to this point have been theoretical in nature, and assume perfect qubit channels, i.e., no photon loss or multi-photons are permitted for their security to be valid. A SQKD protocol immune to such imperfections was described recently in [19] and was proven to be robust, meaning that any attack which causes an adversary to gain non-zero information on the key, necessarily creates a disturbance that may be detected with non-zero probability. A second such protocol was proposed in [20], though there security was only proven against a few specific attacks. However, no full proof of security yet exists for these protocols and so, their key rates and noise tolerances are still unknown.
In general, while numerous SQKD protocols have been proposed in the last decade [21], informationtheoretic proofs of security were developed only for a few of them [12,17,18,22,23] and always in the ideal scenario of perfect qubits, ideal devices and infinite resources in the asymptotic regime.
In this work, we propose a novel SQKD protocol in the mediated model, allowing two classical users to share a secret key using the help of an untrusted, potentially adversarial, quantum server. In particular, our protocol requires Alice and Bob to perform two classical operations only, the detection or reflection of a single photon, and hence places even fewer restrictions on the users than prior protocols of this nature, by requiring only a single photon measurement and no state preparation. We are the first to show that such minimal requirements, on the part of the users, is sufficient to generate a secret key. The server's complexity is also reduced compared to prior work, needing only to prepare and measure single qubits. Furthermore, as first for mediated SQKD research, we conduct an information theoretic proof of security of the protocol assuming practical devices, whereas prior work in mediated SQKD was restricted to perfect qubit scenarios, and compute the secret key rate in the finite key setting. Finally, we experimentally demonstrate our protocol under real-life conditions and evaluate the secret key rate by using the results from actual devices. Our methods here may also be broadly applicable to other multi-user (S)QKD protocols in practical settings.

The Protocol
Our protocol involves three parties: two classical users, Alice and Bob, whose aim is to exchange a secret cryptographic key, and an untrusted, potentially adversarial, quantum server, which provides the quantum resources for this purpose. Furthermore, we assume that Alice and Bob can communicate through a classical authenticated channel and that the server can send unauthenticated classical messages to the users. In the description below, we discuss the protocol for single photons for simplicity, and also they are the most practical for QKD applications (though our security analysis will also take into account realistic multi-photon sources).
A sketch of the scheme is depicted in Figure 1. The server sends to Alice and Bob a single photon in a balanced superposition of their respective locations. Each user can independently choose to perform two actions: "detect" (D) or "reflect" (R). In the former case, the photon travels to a detector controlled by the user; in the latter, the photon is sent back to a balanced beam splitter controlled by the server, at  Figure 1: The QKD protocol with classical users. A quantum server sends single photons in superposition to the users at predetermined regular intervals, which constitute the rounds of the protocol. For each round, Alice and Bob randomly choose between "detect" (D) and "reflect" (R). The photons reflected back to the server impinge onto a beam splitter at whose outputs two detectors D0 and D1 are placed. When both Alice and Bob reflect the received photon, single-photon interference occurs at the beam splitter and only detector D0 clicks. If only one of the users chooses to detect the photon without registering any detection event, interference is suppressed and the photon has ideally 50% probability to reach detector D1. If the server announces a detection at D1 and none of the users detected photons, a raw key bit is generated according to the table in the figure. The users can communicate through a classical authenticated channel to verify the honesty of the server and to share the necessary information for the evaluation of the secure key rate. whose output ports two detectors, D 0 and D 1 , are placed. When both users choose to reflect, singlephoton interference occurs at the beam splitter, with the relative phase of the two interfering photon amplitudes tuned such that only detector D 0 clicks. In the ideal case of perfect detection efficiency, when only one of the users chooses to detect the photon and does not find any, the photon collapses into the other user's location. This corresponds to performing an interaction-free measurement [24][25][26], which suppresses single-photon interference at the server and allows either detector D 0 and D 1 to click with nonzero probability. A click at detector D 1 , therefore, enables each user to deduce the action of the other one, thus allowing for the establishment of a raw key digit. In particular, a key digit of 0(1) is set when Alice chooses D(R) and Bob R(D). Other combinations are not considered, as they cannot result in a detection at D 1 . Since the raw key bits are generated when the server announces a click at detector D 1 , and neither Alice nor Bob detect a photon, no use of the authenticated channels is needed during those rounds, unlike the standard QKD protocols [1,2]. In our protocol, classically authenticated information exchange is performed only for the verification and parameter estimation rounds, which are not used to generate the raw key. The detailed steps of the protocol are described below: Quantum Communication Stage: Users repeat the following process until a sufficiently large raw key has been established (refer also to Figure 1): 1. The server sends a single photon to both parties in a superposition. Ideally this should be performed by the server sending a single photon through a beam splitter.
2. Alice and Bob choose, independently and randomly, between two available actions: D or R.
Since Alice and Bob are completely classical, the detection results only give them information as to whether or not there is a photon at their respective detector D A or D B . Their actions determine their raw key bit for this round, namely: • Alice: If Alice chose D, she will record a raw key-bit of 0; otherwise, if she chose R, she will record a raw key-bit of 1.
• Bob: Bob's encoding is opposite that of Alice; namely if he chose D he will record a raw key bit of 1 and, otherwise, a raw key bit of 0 if he chose R.
3. The server measures the photon coming from Alice/Bob and announces the following results: "0" if the server's detector D 0 clicks; "1" if detector D 1 clicks; "v" if no detector clicks; or "m" if more than one detector clicks. Ideally, this measurement should be performed by the server completing a (folded) Mach-Zehnder interferometer as shown in Figure 1. Note that the last case can arise due to experimental imperfections or the action of an adversary.
4. Alice and Bob perform a minimal sifting step whereby they will keep the round only if the following two conditions are met: • The server announces the message "1" • and Alice and Bob both did not detect a photon if they chose to measure.
All other events will cause the round to be discarded. Note that, for this, Alice and Bob must announce whether they detect a photon or not.
In the event parties choose R they will, by default, announce that they did not detect a photon.
Sampling Stage: Users will communicate, through an authenticated channel, their actions and measurement outcomes (if applicable) for a randomly chosen subset of the rounds performed above. This is done to verify the honesty of the server and/or the presence of an adversary. More specifically, these statistics, as discussed below, will be used to determine a bound on the overall key-rate of the protocol.
Post Processing Stage: After performing the above sampling process and discarding those rounds chosen for sampling, users will perform a standard error correction protocol and privacy amplification protocol resulting in the final secret key of the system. For information on these standard processes, the reader is referred to [6].
It is not difficult to see that, if the server is honest, the protocol is correct. Namely, the only time the server should ever send the message "1" is when Alice and Bob choose opposite actions (thus resulting in a correlated raw key bit since their encoding operations are opposites of one another). We show later that the protocol can lead to a secure secret key even if the server is adversarial.

Key generation and parameter estimation
In this section, we discuss the events when raw key bits are generated and the parameter estimation procedure (for details see Appendices A, C, and D).
Let N be the total number of successful rounds in the protocol, i.e., whenever the server announces a message from "v", "0", "1" or "m". At the end of N rounds, Alice and Bob communicate with each other over an authenticated classical channel to proceed to, first, the verification procedure, and then, to estimate the parameters to eventually share a secret key among them. Note that the server is bound to announce the same results to both Alice and Bob, since it can easily be checked by the users when they communicate over an authenticated channel. Therefore, upon having all the indexed results from the server, each user compares it with their own action. During the rounds when the server announced "1", when a user either reflected, or detected vacuum, only then we say that the user's action is "consistent" with the server's result, and no information is sent to the other client. Otherwise, any of the users detecting inconsistency announces it to the other one and the corresponding round is discarded from the rounds for key-generation. Such inconsistencies could be due to receiving a click in their detectors, or receiving clicks even when they reflected due to the failure in the switch used by them to change between the actions reflect (R) or detect (D).
Therefore, when the server announces "1" and both users' actions are consistent with such outcome, then a raw key digit is generated. This occurs on total of N raw = p(1)N rounds, where p(1) denotes the probability that the server announces "1" and none of the users detect any click(s). The cases when the server announces "1" and both users reflected or both detected vacuum determine errors in the key.
Note that in the majority of QKD protocols (for instance, BB84), even the very first set of keys shared by Alice and Bob requires them to communicate over an authenticated channel. On the contrary, the first set of shared key in our protocol does not require any communication between the users, but only the message "1" from the server.
Alice and Bob choose each action (R or D) independently at random, with probability 1/2. Thus, the cases when the key can potentially be generated occur with probability 1/2. In those cases, in ideal conditions, there is a probability of 1/2 that the photon collapses into the location of the user that reflects. Finally, the reflected photon has at best a further probability of 1/2 to come out from the beam splitter at the output of detector D 1 . Therefore, p(1) is at best 1/8, which is further reduced by experimental imperfections, eavesdropping or the action of an adversarial server.
For the rest of (1 − p(1))N rounds, the users exchange the information of their actions and detection results over the classical channel in order to estimate the parameters necessary for the establishment of a secret key between them. Note that it is enough that only one user, say Alice, performs the verification with the information received from the other. This allows for a reduction of the communication complexity. In addition to his action choices and results for the (1 − p(1))N rounds, Bob can also send the messages announced by the server over all the rounds. Alice will proceed with parameter estimation only if all of Bob's messages match with hers.
Using the information received from Bob for the (1 − p(1))N rounds, Alice can perform an indirect estimation method to evaluate the probability of exchanging a key bit, p key , and the probability of error on the key, p err , without the need to discard any key bit. A drawback of this indirect estimation is that p key and p err are obtained from other directlymeasured quantities, therefore, due to error propagation, their uncertainty is higher. Alternatively, the users can exchange full information about their actions for a randomly chosen fraction τ of N raw rounds to directly estimate the necessary probabilities. However, in the direct estimation, the uncertainty of the final probabilities depends on the size τ of the considered sub-sample. The choice of which method to use, therefore, depends on the experimental parameters and the length of the raw key.

Experimental implementation
The experimental set-up for the implementation of the protocol is depicted in Figure 2. After setting its polarization to "horizontal"(H), that is parallel to the optical table, a single photon is sent to a beam splitter that creates the superposition between Alice's and Bob's locations. Each of the users controls a liquid-crystal cell (LCC) at 45 • and a polarization beam splitter (PBS). The phase retardation between the two axes of the LCC can be switched between 0 and π by means of a voltage signal. Consequently, the photon polarization is rotated by 0 • or 90 • , respectively. In the first case, the photon is transmitted by the PBS and steered to a fiber-coupled avalanche photo-diode (APD) for detection, D A or D B ; in the second case, the photon travels back to the server. The detection efficiency of D A and D B is evaluated by comparison with a fully-characterized transition-edge superconducting nanowire detector. The photons going back to the server impinge onto a second beam splitter, at whose outputs two fiber-coupled APDs, D 0 and D 1 , are placed. The set-up, therefore, implements a folded Mach-Zehnder interferometer. The phase between the two arms of the interferometer is set such that, when Alice and Bob both decide to reflect back the photon, detector D 0 clicks. The interferometer is passively stabilized, so that the phase is constant for about 100 s. After this time, the phase is actively re-set to the initial value by using a piezo transducer.
The single photons are provided by a source based on spontaneous parametric down-conversion (SPDC) in a 20 mm-long periodically-poled potassium tytanyl phosphate (PPKTP) crystal, which probabilistically converts a photon at 395 nm from a continuous-wave laser into two photons at 790 nm and with orthogonal polarizations. One photon from each produced pair is used to herald the presence of the other one, which is sent to the users. Therefore, all detections in the experiment are in coincidence with the heralding detector, D H . The server sets intervals of 0.5 s, constituting the rounds of the protocol, in which Alice and Bob can decide to either detect or reflect the photons. Note that this interval can be made shorter, in the order of 10 −8 s, by using ultra-fast switches and optimized bright single-photon sources [27]. At the end of each round, the server announces the result of the measurement at its detectors. The probabilistic nature of our source implies that, in each round, multiple non-simultaneous single-photon emissions can occur. In some rounds, therefore, the total number of detections is higher than one. The output rate of the source is decreased, so that the total average number of photons sent to the users is about 0.35 per round, in order to reduce the probability of multi-photon emissions.
The possibility of simultaneous multi-photon emission from the source is ruled out by the measurement of the heralded second-order correlation function at zero delay, g (2) (0) [28], which should be exactly 0 for an ideal perfect single-photon source. We obtain g (2) (0) = 0.004 ± 0.010, measured at a total detection rate of about 15 × 10 3 photons per round (in our case 0.5 s) and a pump power of 7 mW. Our value of g (2) (0) is comparable with the lowest ones obtained in quantum optics experiments [29].

Security analysis
We prove security of our protocol under the following assumptions: 1. The server may be compromised by the adversary. In particular, it may prepare an arbitrary initial state and perform an arbitrary quantum operation on the returning signals (both subject to the other constraints listed below). Due to this assumption, we must only analyze the case of a single adversary, namely the server, and any third party adversary's attack may be absorbed into this adversarial server's attack strategy (to the advantage of the adversary).

The adversary performs collective attacks only.
That is, the adversary attacks by using an identical attack operation at each iteration (both for the initial state preparation strategy and the final quantum operation strategy, including the message sending). The server's initial state may be entangled with a private quantum ancilla and the final operation may also result in a private quantum memory system. The adversary is free to postpone measuring its ancilla until any future point in time and may even perform an arbitrary global measurement of its entire ancilla at that future point in time.
3. The attack performed by the adversary on each iteration of the protocol is not interactive/adaptive. In particular, the adversary must prepare an initial state once at each iteration and send it to Alice and Bob. Although this initial state may consist of multiple photons, the server cannot feed a photon into Alice or Bob's lab, and then, based on the output, immediately feed additional photons into Alice or Bob's lab. While this seems a strong assumption, there are mechanisms to enforce its compliance as we discuss in Appendix B.1. Although a full analysis of interactive attacks would be very interesting, we consider it out of scope of this paper as we are primarily focused on the development, finite key analysis, and experimental demonstration of a novel mediated SQKD protocol with minimal end-user resource requirements. We do, however, consider an interactive attack based on a "quantum bomb" attack in Appendix B.1.
4. The initial state sent by the server consists of zero, one, or two photons prepared in an arbitrary manner. This was done as our experimental implementation consisted of a negligible probability of producing three or more photons. It is also an enforceable condition if Alice and Bob used cascading interferometers to ensure the state, with high probability, does not contain more than two photons. Our proof methodology, however, can be extended to consider the three or more photon case (assuming the attack is non-adaptive in this round as discussed above) if required. While we do not work out the exact algebra in this paper for that case, we do consider a particular multi-photon attack with three or more photons in Appendix B.2.
After Alice and Bob receive quantum states of some form from the server and perform their respective actions, they will receive a classical message from the sever indicating a possible measurement outcome. However, the server is under no obligation in our proof of security to report the measurement outcome honestly, or to even perform any measurement at all. On the rounds where the server announces "1", Alice and Bob generate the raw key of length N raw whenever one of them chose to detect the photon without registering any click at the detector, while the other reflected. Note that due to experimental imperfections and eavesdropping (or server's dishonesty), server can announce "1" even if both agents reflected, or both detected vacuum, in which case they do not share the same raw key and the error is introduced. As mentioned before, from the raw key of size N raw = p(1)N , Alice and Bob may choose to use a (small) subset of size µ = τ N raw to directly estimate the statistics used to compute the secret key rate. The portion of the raw key remaining after parameter estimation step is called the sifted key, of the length N sif t = N raw − µ. Let the random variables R A and R B denote Alice's and Bob's respective sifted keys. After the quantum communication and sampling stages, it is not necessarily true that R A and R B are uniformly distributed or fully correlated. It is also not necessarily true that they are completely secret. Thus, the protocol must perform a classical post processing stage which further processes these raw key strings through error correction (to ensure they are perfectly correlated with high probability) and privacy amplification (which ensures that Eve's ancilla is independent of the final secret key.
The security level of the key shared between Alice and Bob is given by parameter , which quantifies how uncorrelated the secret key is from Eve or a dishonest server. More formally, from [30,31], one should have: where ρ KE is the classical-quantum state modeling the secret key (after error-correction and privacy amplification) and Eve's ancilla, while I K /2 ⊗ ρ E is an ideal uniform random key of size -bits independent of Eve. The security criterion requires to tend to zero as the number of rounds N tends to infinity, thus obtaining perfectly secret key in the asymptotic scenario. One can compute the sifted key rate as r = lim N →∞ /N sif = S(A|C) − H(A|B) using results in [5]. Conditional Shannon entropy H(A|B) can be easily computed using the probabilities p i,j of Alice and Bob establishing the raw key bit values i and j, respectively. Further, the secret key rate is defined as r = /N = r (N sif t /N ), which is the same as the sifted key rate in the asymptotic regime: since in order to obtain good enough statistics during the verification procedure, the number µ, albeit big, is still In the realistic case of limited resources, however, where Alice and Bob can exchange only a finite number of keys, we must take into account the imperfect parameters. Using the security criterion given by [31], let us denote P E as a given error tolerance for the parameter estimation. One can further compute δ, as a function of P E , a confidence interval so that the observed parameters are δ close to the actual values, except with probability P E . Let be the desired security of the final secret key, and let EC be the maximal probability that Bob computes error correction incorrectly. All of these are given by the user. Therefore, after µ rounds are used for the direct method of parameter estimation, the proportion of qubits used for estimating the secret key rate is (p(1)N − µ)/N . Using the results shown in [31], under the assumption of collective attacks, we have the following Theorem: [31]): Let ρ ⊗N AC be the state of the quantum system produced by executing the protocol N times. Then, the key-rate r is bounded by: where Above, S(A|C) ρ is the conditional von Neumann entropy of Alice's raw key bit register conditioned on the server's quantum memory system. The value leak EC quantifies the error-correction leakage (namely, the number of classical bits exchanged between Alice and Bob during the error correction protocol). Finally, is the desired distance to an ideal key (as in Equation 1); P E is the user specified error tolerance for the parameter estimation; EC is the failure probability of the error correction protocol; and is arbitrary (chosen by the user to maximize the expression) but bounded by − EC > > P E ≥ 0.
Of course, users don't have an exact description of ρ needed to directly compute S(A|C) above. Thus, to actually compute the key-rate r, S(A|C) is minimized over all observable statistics within the given confidence interval (so that the actual statistics of the real density operator are within δ( P E ) of the observed statistics, except with probability P E ). Later, in our security proof, we will use a theorem from [32], stated below as Theorem 2, to actually bound the entropy S(A|C). The value leak EC represents the number of (classical) bits exchanged between Alice and Bob during the error correction. Again, using [31], we take leak (1) and p err is the probability to generate opposite key bits during the entire protocol. Note that µ will also be a function of P E , since the smaller that is, the larger µ will be. [32]): Let ρ AC be a quantum state of the form:

Theorem 2. (From
Then, the von Neumann entropy S(A|C) ρ may be bounded by At a high level, our security proof involves bounding the conditional von Neumann entropy S(A|C) of the system assuming an adversarial server. This is achieved by first writing out an explicit description of the overall state's density operator (including the photons in the interferometer, the agents, and the Server/adversary). We then show how certain important qualities of the state, namely the overlap of various ancilla vectors of the adversary, may be determined through observable statistics (such as, for instance, p err ). Finally, we use Theorem 2 to bound the conditional entropy and Theorem 1 to determine a final bound on the secret key rate. These steps are algebraically involved and so are derived in detail in the appendices. Namely, in Appendix C we derive the key rate for the ideal-qubit case. This first stage also helps to develop the intuition of the proof used for the more complicated scenario involving practical device imperfections, presented in Appendix D. Bounding S(A|C) is the critical, and challenging, element of any QKD security proof. The techniques to bound this quantity developed in this work may be useful in other protocols as well.
Our security analysis takes into account the finite detection efficiencies of commercial single-photon detectors and multi-photon components in the quantum state received by Alice and Bob (see Appendix A), but does not consider other imperfections which can be used by an eavesdropper to gain information about the key. This is in general an issue for all cryptographic protocols, both classical and quantum, as it is in practice very challenging to consider all potential side channels in the security analysis [33][34][35][36][37]. However, specific attacks can be countered by technical adaptations of the experimental set-up. As an example, let us consider the frequency dependence of the APD's detection efficiency. By sending photons at frequencies outside the detection bandwidth of the users' detectors, an eavesdropper can in fact gain information about the agents' actions while remaining completely undetected. This specific issue can be solved by employing bandpass filters that block any incoming light at undetectable frequencies. Similar strategies can be used for other degrees of freedom which the eavesdropper could exploit to prepare undetectable photons (e.g. time, spatial mode, etc.). Current photonic technology provides effective filtering systems for all these degrees of freedom [38][39][40][41], which allows the users to counter the described category of attacks at the price of a more complicated set-up and a reduction in the secret key rate.

Experimental Results
To obtain the numerical values from the lower-bounds on S(A|C) and other terms from the expression (2) for the secret key rate, r, we measure the probability of the raw key generation, p key , and the probability of error in the raw key, p err , after 10 5 rounds of the protocol. Formally, p key is defined to be the probability of Alice and Bob not rejecting a round, while p err is the probability that, conditioned on a raw key bit being distilled, that the raw key bit contains an error (e.g., Alice has a 0 while Bob has a 1). Note that 10 5 rounds is not sufficient to actually produce a secret key through this protocol under these operating conditions as our later evaluations show; however, it is sufficient as a proof of concept to gather experimental statistics and evaluate what the key-rate would be had we continued the experiment for a longer duration.
The values of p key and p err are evaluated in three different ways: direct estimation over the full data set, direct estimation over a randomly chosen subset of 10 4 rounds and indirect estimation. In the direct estimation, the users sacrifice a part of the raw key for verification procedure (see Appendix E.1 for details). In the indirect estimation, discussed in detail in Appendix E.2, Alice obtains p key and p err , using the information received from Bob during the verification phase. This allows the parties to avoid the loss of key digits, at a price of higher uncertainty on the estimated values, which are calculated from several experimentally obtained quantities, each with its error. The results are reported in Table 1.
Based on the probabilities in Table 1, we obtain the dependence of the final secret key rate, r, on the number of rounds, N , see Equation (2). This dependence is plotted in Figure 3, for different values of the detection losses of D A and D B , assumed to be the same. The details of how the curves were obtained are discussed in Appendices D and F. As expected, an increase in the detection loss degrades the performance of the protocol. We also report in Figure 4 the dependence of the secret key rate on the loss in the quantum channel between the server and each user, assumed to be the same for both, Alice and Bob. We present plots for different values of the detection efficiency and the quantum bit error rate (QBER), which is defined as the fraction of errors in the sifted key. More details on how these plots are obtained can be found in Appendix G. Given the results of Figure 4, we can compare the performance of our protocol to that of other QKD schemes. A natural candidate for the comparison is measurement-device-independent (MDI) QKD [42], which also involves an external server performing the detection. To our knowledge the best implementation to date of MDI-QKD achieves a secret key rate of about 10 −4 for 7 dB of channel transmission loss [43]. We obtain a similar key rate at the same transmission loss, as shown by the dashed line in Figure 4. However, the secret key rate for our experimental parameters quickly decreases for higher losses, contrary to the realization in [43], where a secret key rate of 4.9 × 10 −6 is reported for 20.4 dB of loss. Nevertheless, by considering QBER = 0, we obtain rates of the order of 10 −4 for about 18 dB of channel loss. These results indicate that our protocol can perform as good as MDI-QKD for transmission losses up to about 7 dB, at least within the boundaries of our experimental implementation. At the moment, it is not clear if the performance could be made comparable also for higher losses, which however would require a more advanced experimental realization of our protocol.
Additionally, we stress that our estimated rates are lower-bounds and the actual key rates could be significantly higher. Indeed, to compute these lower bounds on S(A|C), we took advantage of the strong subadditivity of von Neumann entropy by actually discarding several components of the entropy function (components which would only have increased Eve's uncertainty -thus, by discarding them, we are giving an unrealistic advantage to the adversary causing the key rate to drop). Such a method gives a worst-case computation.

Conclusions
In our work, we propose and experimentally implement a novel QKD protocol allowing two classical users to establish a shared secret key using the services of an untrusted quantum server, which provides a superimposed single photon as a feasible quantum resource. We underline the applicability of our scheme by providing an information-theoretic security analysis of our protocol in the finite-key setting, which takes into account imperfect detection efficiency and multiphoton emission from the source, and by calculating the secret key rate.
Experimentally, the main challenge of the protocol is that it requires phase stability in the interferometer formed between the users and the server. This issue can be addressed by using intrinsically phase-stable schemes, like Sagnac configurations [44]. In this case, however, a quantum channel between Alice and Bob is also necessary.
As an immediate future line of research, our security analysis of finite keys in the presence of experimental imperfections can be applied to show the same security levels for other cryptographic schemes, such as counterfactual quantum cryptography [45][46][47][48][49], or the key distribution based upon recently proposed two-way communication with one photon [50,51].
In practical terms, recent progresses in bright deterministic single-photon sources [52], high-efficiency detectors [53] and fast switches [27] promise to push our scheme towards real-world applications.

A Extraction of the secret key
In order to compute the secret key rate described above, one needs to compute S(A|C) for a given system. Before we proceed to discuss the ideal and experimental scenario, let us first define some useful terminology.
Let us denote the Hilbert spaces corresponding to Alice's and Bob's equipments as Here, |D c and |D v denote the states of a detector, the first corresponding to the case of a photon causing a click, and the second corresponding to the case when there were no photons, resulting in a no-click. The detectors' state corresponding to the case when an incoming photon was lost is denoted as |D . The state |D corresponds to a loss, while |D c to a click, of the photon at time t = t, when two non-simultaneous photons were emitted by the source at times t and t . Finally, |R denotes the state of a reflecting mirror. Note that the states corresponding to a click, |D c and |D c , and the ones corresponding to no-click, |D v , |D and |D are macroscopically distinguishable between each other as groups of those with or without clicks; and also to |R . However, the first two, |D c and |D c , are not distinguishable among each other, since in our set-up, Alice and Bob do not keep track of the detection times. Moreover, the latter three states, |D v , |D and |D , also cannot be distinguished among each other, since without performing sophisticated quantum measurements, one cannot distinguish whether a detector did not click because there were no photons present, or they were lost.
We denote the server's Hilbert space as H S = span{|0 S , |1 S , |v S , |m S } consists of macroscopic orthogonal states modeling classical messages "0", "1", "v" (vacuum) and "m" (multiple clicks), respectively. Additionally, we denote server's ancilla system by C, spanned by the Hilbert space H C , which a dishonest server can entangle with the photons sent to Alice and Bob to extract information about the exchanged key.
Let us assume Alice tosses a fair coin to decide whether she will detect or reflect the photon, and set the initial state of the apparatus accordingly, resulting in a proper mixture of the two states, |D v A D v | and |R A R|, and analogously for Bob. Without the loss of generality, we can always include the coin states into the macroscopic description of the apparatus states, such that the purified initial state of Alice's apparatus is and analogously for Bob, making their joint state as Note that due to possible imperfect single-photon sources, and the presence of adversaries, the number of photons present is not necessarily fixed to be one. Thus, we will use a number basis to describe the photonic states. In this paper, we will decompose the overall Fock space of the photons in Alice's and Bob's arms as where |0, 0 f ≡ |v f represents the vacuum state, |1, 0 f represents a photon in Alice's arm and |0, 1 f to be in Bob's arm. Similarly, |2, 0 f , and |0, 2 f , represent two non-simultaneous photons in Alice' and Bob's arms, respectively; whereas |1, 1 f and |1 , 1 f represent the case of two non-simultaneous photons when the first one went to Alice's arm while the second to Bob and vice-versa, respectively. F k f denotes the sub-space corresponding to the multi-photon case of k > 2 photons. The action of photonic creation operatorsâ † andb † , in terms of the number basis |a, b f , with a, b ∈ N 0 being the number of photons in Alice's and Bob's arms, respectively, is given by We can now proceed to analyze the experimental implementation of our protocol with imperfect single-photon sources and detectors, as well as the noisy and lossy channels.
We assume an untrusted server that can attack before Alice and Bob perform their respective operations, as well as after (which is equivalent to allowing Eve to intercept the photons exchanged between an honest server and the agents). We consider a poissonian probabilistic single photon source, emitting vacuum state with probability p 0 , single photons with probability p 1 , two non-simultaneous photons with probability p 2 , etc., within a time slot of interval T , as whereâ † (t) andâ † (t ) represent photon creation at times t and t , respectively. In our particular implementation, the average number of photons is 0.35, yielding p 0 = 0.705, p 1 = 0.247, p 2 = 0.043. For simplicity, and in order to compare the theoretical analysis with our experimental data, the probability to emit higher numbers of photons is considered negligible, i.e., p 0 + p 1 + p 2 ≈ 1. Thus, the initial photon state is Nevertheless, our analysis can straightforwardly generalised to an arbitrary number of emitted photons. Note that, for simplicity, we omitted the time integrals in the definition of the single-and two-photon states, |1 f and |2 f , respectively, as we consider that the users do not keep track of the photon detection times, meaning that, at the end of each round, Alice, Bob and the server only have access to the number of detections they recorded. This makes our analysis also applicable to the case of simultaneous multi-photon emission.
After passing through the first 50/50 beam splitter of our interferometer, described byâ Upon possible further action of the adversary, the most general photon-server (normalized) state is given by where |c a,b C ∈ H C (not necessarily orthogonal, nor normalized states) are associated to the cases when there are a and b photons entering Alice's and Bob's arms, respectively. Nevertheless, the states |c a,b C are arbitrary and contain any number of photons. Therefore, the overall state before the photon(s) enter Alice's and Bob's labs is where primed and unprimed states of the apparatuses correspond to at times t and t, respectively. Note that we assume that Alice and Bob trust their detectors with their finite detection efficiencies. Therefore, upon applying U 1 , given in terms of Alice's and Bob's local actions described by (12), we obtain the state Upon leaving Alice's and Bob's labs, the server (or Eve) will apply a quantum instrument to the returning photon-server state. This can be modelled as an isometry I : where states |e a,b a ,b C ∈ H C are again not necessarily normalized, nor orthogonal. Note that, due to the action of U 1 , the photon numbers a, b are no longer correlated to a , b ∈ {0, 1, 2}; nevertheless, we still have a + b ≤ 2. From this, one obtains the final state between the users and the server, |φ 2 ABSC = I |φ 1 ABf C . Using Theorem 2, one can lower bound the conditional entropy S(A|C), as explained in detail in the next section.

B Two particular attacks B.1 Adaptive attack with a single photon
The adaptive attack with a single photon that is fed in an agent's laboratory several times during a single round of the key distribution protocol is based on the interaction-free measurement proposed in [54], depict in Figure 5. An agent, say Alice, is placed in one arm of an interferometer which consist of an input polarizing beam splitter and standard balanced beam splitter on its output. Before entering the interferometer, the initial polarization state, say horizontal state |ψ 0 = |H , is rotated by a certain angle θ, so that before the polarizing beam splitter it is |ψ θ = cos θ |H + sin θ |V . In case Alice decided to "reflect", at the output of the interferometer the polarization state of the photon will stay the same, |ψ θ . In case she decided to "detect", with probability sin 2 θ the photon will end up in Alice's laboratory and be absorbed, while with probability cos 2 θ it will leave the interferometer in polarization state |ψ 0 . In the case of the latter, the process is repeated, up to M times. If the rotation angle is chosen to be θ = π/2M , after M iterations the polarization state will be |ψ π/2 = |V in case Alice decided to "reflect", while it will stay "frozen" to |ψ 0 = |H in case she decided to "detect", i.e., the two states will be fully distinguishable, and Eve would know Alice's action. The probability that a photon will not end in Alice's arm M consecutive times when she decided to "detect" is p = cos 2M θ = (cos π 2M ) 2M , which for large M behaves like p ∼ 1 − π 2 /4M → 1. Thus, with probability arbitrarily close to 1 Eve can learn Alice's action without triggering her detector ("activating the bomb" from the original scenario discussed in [54]). But in our case, the aim of Eve is to simulate, as much as possible, the honest scenario, in which Alice's detector will click in about half of the cases. This is achieved with pretty good accuracy for M = 4 already, as we have that p = (cos π 8 ) 8 ≈ 0.53. Nevertheless, if Eve wanted to learn the actions of both agents, she would need to perform two such measurements performed on both agents. But this would inevitably lead to increased double clicks in rounds when both agents decide to "detect" (Note that in order to learn the action of a single agent, say Alice, Eve should perform measurement after her laboratory, thus destroying any possible coherence between photon(s) state in Alice's and Bob's labs). During the parameter estimation phase, Alice and Bob can infer such increased probability of coincidences, and thus detect eavesdropping.

B.2 Multi-photon attack
This is a version of the above interaction attack in which instead of sending a single photon through the interferometer M times, Eve sends M photons only once, in order to learn action of a single agent. Thus, it suffers from the same deficiency as the previous attack: Alice's photon detection is not correlated with Bob's one and therefore will change the joint detection statistics. Again, note that in order to learn the action of a single agent, Eve must perform her measurement on the photons outside her/his lab, thus destroying any possible coherence. In other words, sending a coherent superposition between photon states sent to Alice and Bob offers no advantage.
But this attack features additional problem, in that Eve cannot fully distinguish between an agent's actions, leading her to announce inconsistent messages allowing Alice and Bob to additionally detect cheating. Let us first describe this attack in more detail. Eve sends a multi-photon state |Ψ θ (M ) = |ψ θ ⊗M = (cos θ |H + sin θ |V ) ⊗M . If Alice decides to "reflect", Eve will receive the same M -photon state |Ψ θ (M ) at the output of the interferometer. In case she decides to "detect" and at least one of the photons ends in her arm, there will be less then M photons at the output of the interferometer, and Eve can thus infer Alice's action. But if not a single photon gets detected by Alice, at the output of the interferometer we would have the M -photon state |Ψ 0 (M ) = |ψ 0 ⊗M = |H ⊗M . Thus, Eve cannot distinguish the two actions by measuring the photon number, and she needs to subsequently perform polarization measurement. The optimal discrimination probability for the two states is given in terms of the transition probabilityp = | Ψ 0 |Ψ θ | 2 = | ψ 0 |ψ θ | 2M = cos 2M θ, which is precisely the probability that in the case of deciding to "detect" none of M photons end up in Alice's arm. On the other hand, as before we want that this probability is equal to 1/2, to match the honest scenario. Thus, if Eve wants to emulate the honest scenario, she must set θ such that the output polarization states are far from fully distinguishable. In other words, the adversary will necessarily occasionally announce messages that are inconsistent with the agents' actions, thus revealing eavesdropping. One can straightforwardly apply our methodology to this case to obtain quantitative expression for the secret key rate. Therefore, we omit this rather complex, but straightforward analysis.

C Security Analysis -Ideal case
In Appendix D, we show how to prove the security of our protocol in the general case, assuming practical devices. To develop the intuition behind the proof in that section, however, we first consider the ideal case scenario. Here, we assume that the server has a perfect single-photon source, Alice's and Bob's detectors are perfect, which means they have 100% detection efficiency and zero dark counts, but there may be channel loss. Therefore, the perfect single photon state that Alice and Bob expect to be sent is with |1, 0 f and |0, 1 f representing the photon located in Alice's and Bob's arms, respectively. However, we assume that the following entangled state is sent to Alice and Bob by the server (or Eve) where |c a,b C ∈ H C are not necessarily orthogonal nor normalized. Note that, this is the state arriving at A and B's lab, and so it also incorporates channel loss in the |0, 0 f ⊗ |c 0,0 term. Moreover, as per usual in QKD security proofs, Alice and Bob can enforce symmetry, and so, we may assume c 0,1 |c 0,1 C = c 1,0 |c 1,0 . Therefore, we can write the joint initial state as and, therefore Following this, as in the experimental case, the adversary will apply a quantum instrument to the returning photon state which, as before, can be modeled as an isometry, whose action is defined as where states from H C are not necessarily normalized nor orthogonal, and a, b are no longer correlated with a , b due to Alice's and Bob's actions given by Equation (17). Note that since we are assuming an ideal case, the term corresponding to the message "m" is absent from the above equation.
We are interested only in the rounds when the server announces "1" and neither Alice nor Bob detect a photon, and the users generate the key. Thus, while writing the state after the server applies I on |φ 1 ABf C , we will omit writing the server's message state |1 S (corresponding to announcing a result "1"). The final density operator representing the state of the system ABC, conditioned on the event that the server sends the message "1" and none of the users detects a photon (only the rounds used for key generation), is where the states |k i,j C are associated to Alice establishing the value i and Bob j as a key bit, are given by Note that, though we are assuming in this ideal setting, that A and B's devices are ideal, the adversarial server may still "simulate" imperfect detectors which may have, for instance, dark counts (incorporated in the term f 0,0 0,0 |f 0,0 0,0 which is the probability the server sends a positive message in the event a vacuum actually enters its lab). The normalization constant N is, again, the probability to obtain the result 1, p(1), when there were no clicks at the users' detectors, and is given by N = k 0,0 |k 0,0 + k 1,1 |k 1,1 + k 1,0 |k 1,0 + k 0,1 |k 0,1 = p(1).
At this point, we compute the conditional entropy between Alice and the adversary, S(A|C), for the rounds where raw key bits are generated. Using Equation (20), the density operator, after dropping off-diagonal terms, with |k i,j C k l,m |, for (i, j) = (l, m), is The state |D v ,R D v ,R|, describing Alice detecting without a click and Bob reflecting, is associated to a shared key bit 0. Similarly, |R,D v R,D v | is associated to a key bit 1. Whereas, |R,R R,R| and |D v ,D v D v ,D v | corresponds to errors in the key, when the two users establish opposite key bit values.
Now that we have a description of the quantum state, we can use Theorem 2 to compute a bound on the conditional entropy S(A|C) leading us to: with λ 0 is defined as in Equation (37).
We present the dependence of the secret key rate r on the total number of rounds N for different values of Q (including the one obtained from the experimental set-up) in Figure 6 for T = 1. Other parameters are taken from [31] as = 10 −5 , EC = 10 −10 and = 10 −7 . We also assume P E = 10 −11 . In Figure 7, we report key-rate as a function of total transmission loss in one direction where we set p d to be a negligible 10 −8 to consider ideal devices on the server also.

D Security Analysis -General Case
By straightforward algebra, from Equations (11), (12) and (13), we get |φ 2 ABSC = I |φ 1 ABf C . However, we are only interested in the key-generation rounds, i.e., we condition to the event when the server announces "1" and neither Alice nor Bob receives a click. Hence, omitting writing the message state |1 S , the final density operator (without the off-diagonal terms) of the system ABC is Note that, as before, we use commas in the states from H A ⊗ H B to separate the quantum numbers defining Alice's and Bob's apparatus states: |D D ,R AB means that Alice opted to detect, unsuccessfully (due to finite detection efficiency) the two photons present in her lab, while Bob set his apparatus to reflect, etc. The states |k i,j C , etc., are associated to the cases when Alice establishes the value i and Bob j as a key bit, and are given by |k 0,0 = 1 2 |f 0,0 0,0 + |f 0, Above, as well as in rest of the Appendix, for simplicity we omit writing the labels of the quantum states (A, B, C, S and f ), whenever it is implicitly unambiguous to which space they belong by their quantum numbers (D v , 0, 0, etc.).
The normalization constant N from Equation (30) is the probability to obtain the result "1" when there were no clicks at the agents' detectors, given by In ρ ABC , given by Equation (30), the state |D v ,R D v ,R| describes Alice detecting without a click and Bob reflecting, and is associated to a shared key bit of 0. Let us define p 0,0 = p(D v ,R ; 1) = k 0,0 |k 0,0 as the joint probability for the event when Alice detects vacuum and Bob reflects, and the server announces the result "1", which corresponds to the users sharing a key bit of 0. Here we use the semicolon (;) to denote logical AND operation between two propositions. Note that |D ,R D ,R|, |D ,R D ,R|, and |D D ,R D D ,R| also correspond to a shared key bit of 0, and are a consequence of Alice's imperfect detector and multi-photon events. Therefore, one can analogously define the probabilities p 1 0,0 , p 2 0,0 and p 3 0,0 , such that the total probability of the users sharing a key bit of 0 can be given byp 0,0 = p 0,0 + p 1 0,0 + p 2 0,0 + p 3 0,0 . Analogously, the probabilities, p 1,1 , p 1 1,1 , p 2 1,1 and p 3 1,1 , associated to a key bit 1 are defined. The k ij 's with i = j are associated to the errors, i.e., when the two users establish opposite key bit values. From the above definitions, using k ij and N , we have k 0,0 |k 0,0 + k 1 0,0 |k 1 0,0 + k 2 0,0 |k 2 0,0 + k 3 0,0 |k 3 Here, by p(P|C) we denote the conditional probability that the proposition P holds (in the above case, Alice detects and observes no clicks, while Bob reflects), given that the condition C is satisfied (in the above case, the server announces "1"). Therefore, using the following terminology for different probabilities (to be used in parameter estimation described in the next section), the probability to share the key is given by p key = k 0,0 |k 0,0 + k 1 0,0 |k 1 0,0 + k 2 0,0 |k 2 0,0 + k 3 0,0 |k 3 0,0 + k 1,1 |k 1,1 + k 1 1,1 |k 1 1,1 + k 2 1,1 |k 2 1,1 + k 3 1,1 |k 3 where p(D v ,R ∨ D ,R ∨ D ,R ∨ D D ,R ; 1) represents the joint probability of the following event: Alice detects vacuum, Bob reflects, and the server announces the result "1"; and analogously for the other term. As before, we use the semicolon (;) to denote logical AND operation between two propositions, instead of introducing the additional parenthesis for the first one, and using the standard symbol ∧. The probability of error in the raw key is given by p err = k 0,1 |k 0,1 + k 1 0,1 |k 1 0,1 + k 2 0,1 |k 2 0,1 + k 3 0,1 |k 3 0,1 + k 4 0,1 |k 4 0,1 + k 5 0,1 |k 5 0,1 + k 6 0,1 |k 6 0,1 + k 1,0 |k 1,0 = p 0,1 + p 1 0,1 + p 2 0,1 + p 3 0,1 + p 4 0,1 + p 5 0,1 + p 6 0,1 + p 1,0 =p 0,1 +p 1,0 represents the joint probability of the event: Alice and Bob both detect vacuum, and that the server announces the result "1"; and analogously for the other term. Note that the probabilitiesp i,j can be observed from the experiment directly.
To obtain the secret key rate, we again use the bound given in Theorem 2, as where h(·) is the binary Shannon entropy, and λ i 's are defined in the following way The first four terms in S(A|C) correspond to the keys shared between Alice and Bob, while the last term corresponds to errors in the key. However, we estimate the lower bound on S(A|C) by considering only the first term since its contribution to the entropy is far larger than that of any of the other terms. From the expression (37) for λ 0 , we see that minimizing S(A|C) essentially means minimizing Re k 0,0 |k 1,1 . Therefore, in addition to different probabilities obtained from the experiment, we also need to estimate Re k 0,0 |k 1,1 . We proceed by computing the lower bound for Re 2 k 0,0 |k 1,1 , i.e., for |Re k 0,0 |k 1,1 |. Notice that the lower it is, the closer to 1/2 λ 0 is, i.e., the closer to 1 the h(λ 0 ) is, and the worst case scenario for S(A|C), has the lowest value. Let us use the following notation for simplification, |x = |f 1,0 1,0 + |f 2,0 2,0 , |y = |f 0,1 0,1 + |f 0,2 0,2 , |z = |f 1,1 1,1 + |f 1 ,1 1 ,1 .

E Parameter estimation
Here, we briefly explain how to estimate the relevant probabilities, p 0,0 , p 1,1 and p 0,1 , to compute S(A|C) in Equation (36), to eventually obtain the secret key rate given by Equation (1) from the main text. Due to the nature of this protocol, in the ideal case, one expects p(1) = 1/8 (see Appendix C for details), which is further reduced in the experimental case of imperfect detectors, etc. Therefore, it is useful if these probabilities could be computed without sacrificing any key-generation rounds. Below, we discuss the case with direct estimation where Alice and Bob use part of the key to obtain these probabilities, as well as the case of indirect estimation where no key-generation rounds are wasted.

E.1 Direct estimation
Here, we sacrifice µ instances of the total N raw key-generation rounds, to directly compute the relevant probabilities. However, since Alice's and Bob's detectors are imperfect, they cannot compute p 0,0 = p(D v ,R ; 1) and p 1,1 = p(R,D v ; 1) directly, as they cannot differentiate the event D v ,R from the events D ,R, D ,R and D D ,R, and analogously for R,D v . However, they can obtainp 0,0 = p 0,0 + p 1 0,0 + p 2 0,0 + p 3 0,0 = p(D v ,R ∨ D ,R ∨ D ,R ∨ D D ,R ; 1) directly, and alsop 1,1 . They can then compute p 1 0,0 = k 1 0,0 |k 1 0,0 , p 2 0,0 = k 2 0,0 |k 2 0,0 and p 3 0,0 = k 3 0,0 |k 3 0,0 , to eventually obtain p 0,0 . From Equation (31) one has Even though Alice and Bob cannot compute the above probabilities, they can estimate them by looking at the events corresponding to the clicks, using the expressions subset of a larger implementation and, therefore, use them to estimate the secret key rate. The probability of server announcing "1" during these rounds is p(1) = 0.0162. Therefore, the amount of keys wasted during the parameter estimations is 1620 bits. The probabilities of Equations (51) and ( We assume = 10 −5 , EC = 10 −10 and P E = 10 −11 . The value is a factor in the min-entropy expression used for the key rate computation and may actually be set by the user arbitrarily to maximize the key rate (see Lemma 1 from [31]). However, for our evaluations we simply set = 10 −7 (optimizing this could only improve our results). For parameter estimation, we take P E = 10 −11 and assume a confidence interval δ = 10 −4 , given our experimental errors. The calculated secret key rate corresponds to the minimum lower bound of the entropy S(A|C) (see Equation (36)) over the confidence interval of the experimental probabilities. This minimum occurs for the highest value of the error probability p err and the lowest of p key , and therefore represents the worst possible key rate within our experimental uncertainty.

E.2 Indirect estimation
To avoid wasting the rounds used for key-generation (when "1" was announced without any clicks at Alice's and Bob's detectors), we can use the remaining rounds (when "0","v" or "m" was announced or "1" was announced with click(s) at Alice's and Bob's detectors) for parameter estimation. For these cases, Alice and Bob can communicate over an authenticated channel to convey their respective action choices and resulting states to each other. Therefore, they can communicate for the non-useful rounds where server announces "0","v" or "m", as well as the rounds where any of them detects a photon in case the server announces "1". This method can be applied also in the ideal case described in Section C, but we present it only once for brevity.
We know that p 0 the explicit dependence on the general parameters,p A andp B , as N (p A ,p B ) = k 0,0 |k 0,0 + p A p A k 1 0,0 |k 1 0,0 + k 2 0,0 |k 2 0,0 + Moreover, p err = p(1) − p key is also modified accordingly, to be used in computing Q = p err /p(1) to obtain the secret key rate presented in Figure 3 from the main paper.

G Dependence on transmission loss
In this section, we provide a brief analysis of the dependence of the key rate on the channel losses, for the case of imperfect photon sources and detectors. The channel loss, after photons passing a distance L through a medium described by the absorption coefficient α (in dB/unit distance), is given by = αL. In our protocol, the photons are traveling from the server to the agents, and back, meaning that the total distance L is twice the distance between the server and the agents. This is also the maximal distance between Alice and Bob, achieved when the two are at the opposite sides of the server. First, note that in general, the all-powerful adversary is bounded only by the laws of physics. In particular, it can vary the number of photons in front of Alice's and Bob's labs at will. But such assumption would seem to turn senseless the whole loss analysis. Moreover, the agents can check the photon number statistics in their labs, thus the adversary must keep them at the levels of the honest case. Finally, note that the overall photon-adversary state in front of the agents has the same shape as in the lossless case. Indeed, expression 11 represents the most general photon-adversary state that contains up to two photons, in which the probabilities of having zero, one, or two photons are incorporated in the norms of vectors |c a,b C ∈ H C .
In our table-top experimental implementation, due to the low transmission loss in air for the considered distance, we can assume that the loss is for all practical purposes zero. Let us fix the source parameters p 1 and p 2 (the probabilities of single-and double-photon emission per pulse, respectively), the detector efficiency p d (for simplicity, we assume that the agent's detectors have the same efficiency), and take a certain number of rounds N . For that, we can calculate the key rate r( = 0; N ), presented in Figure 4 from the main text. We have that N = N 0 + N 1 + N 2 , where N i is the number of rounds with i = 0, 1, 2 emitted photons.
Given the transmission probability T ( ) = e − 10 , one can calculate where N i ( ) are the expected numbers of rounds with i = 0, 1, 2 photons present. Note that N 0 ( ) + N 1 ( ) + N 2 ( ) = N 0 + N 1 + N 2 = N . Consider the number of rounds N < N , for which N 1 ( ) = p 1 N and calculate the secret key r(0; N ). Then, we have that r( ; N ) ≥ r(0; N ), the secret key for N rounds in the configuration with L = 0 is the lower bound of the secret key for N rounds with the loss . This bound is based on the following two arguments: 1. The vacuum pulses neither contribute to the key generation, nor to eavesdropping (they leak no information to the adversary). Thus, only the numbers of single-photon emissions and double-photon emissions are relevant, i.e., whenever we have the key rate for the number of rounds that involve certain numbers of the single-photon and double-photon emissions, we can take this result as valid for any case of having the same single-and double-photon rounds (provided there are no higher-photon rounds).
satisfied. In other words, the profile of the source changes with . But, the ratio N 1 ( )/N 2 ( ) increases: as grows, there are proportionally more single-photon rounds than double-photon ones, meaning it is more likely that Alice and Bob receive a single photon than two photons. Since double-photon rounds are the ones that, on one side might induce errors in the key, and on the other help the adversary, we actually have that our r( = 0; N ) is in fact the lower bound for r( > 0; N ).
Thus, having our results r(N ) for = 0, our key rate as a function of the loss is given bỹ where byr we denote the functional dependence of the key rate on the losses, which is different from the dependence of r on the number of rounds for = 0. Using the second line of (62), N 1 = p 1 N and N 2 = p 2 N , we finally haver ( ) = r 10 − /10 p 1 + 2 · 10 − /10 1 − 10 − /10 p 2 N .