40-user fully connected entanglement-based quantum key distribution network without trusted node

Quantum key distribution (QKD) would play an important role in future information technologies due to its theoretically proven security based on the laws of quantum mechanics. How to realize QKDs among multiple users in an effective and simple way is crucial for its real applications in communication networks. In this work, we propose and demonstrate a fully connected QKD network without trusted node for a large number of users. Using flexible wavelength division multiplexing/demultiplexing and space division multiplexing, entanglement resources generated by a broadband energy-time entangled quantum light source are distributed to 40 users. Any two users share a part of entanglement resources, by which QKD is established between them. As a result, it realizes a fully connected network with 40 users and 780 QKD links. The performance of this network architecture is also discussed theoretically, showing its potential on developing quantum communication networks with large user numbers owing to its simplicity, scalability, and high efficiency.

However, an optimal method to build quantum communication networks based on QKD has yet to be developed. Quantum repeater-based networks [20][21][22] can be the ultimate blue print for constructing the global quantum Internet. However, quantum memory [23,24] and entanglement swapping [25,26] technologies still remain to be improved for practical applications. Meanwhile, trusted node networks [27][28][29][30] have been widely developed and implemented. Trusted node networks are suitable for constructing long-distance backbone core networks, however, they are inefficient for constructing multiple-user group networks. On the other hand, their security is compromised because every connected node in the network must be trusted, which is difficult to guarantee. Another type of QKD network is based on active switches [31][32][33], in which only some of the pairing users are connected at a time. The network efficiency is limited to some duty cycles of switches. Moreover, additional time is required to reinitialize the new communication channel when the topology is changed [34]. In addition, a type of point-to-multipoint network based on passive beam splitter and single-photon point-to-point QKD [35,36] has been investigated, in which single photons from a central node are distributed to multiple users by a passive beam splitter. Every user must exchange keys with the central node, implying that the central node must be trusted.
The last type of QKD network is the fully connected network without trusted node. Every user can be connected directly to each other. A type of fully connected quantum network with four users based on wavelength multiplexing has been reported in a pioneering study [37]. To fully connect the four users, 12 wavelength channels are required. Namely, a minimum of N × (N − 1) wavelength channels are required to fully connect N users, which limits the scalability of the scheme. Furthermore, an improved scheme was proposed by introducing a 1 × 2 beam splitter [38]. The scheme supported an eight-user fully connected QKD network with 16 wavelength channels. Recently, another type of fully connected QKD network was proposed [39]. In this scheme, resources of entangled photon pairs occupied with two correlated wavelength channels were directly distributed to eight users by a passive beam splitter to construct a fully connected subnet. To expand the user scale of the network, 16 such subnets were constructed using resources with different wavelength channel pairs. However, the connections between subnets relied on a trusted central node, which is an obvious weakness on its security.
In this work, we propose a two-layer QKD network architecture without trusted node, which could support a fully connected quantum communication network with stronger scalability. We specifically realize a 40-user fully connected QKD network supported by a broadband energy-time entangled photon pair source, in which each user can simultaneously generate secure keys with every other user via a QKD link. Five subnets are constructed using space multiplexing technology based on passive beam splitters. In each subnet, the entanglement resource of photon pairs with a correlated wavelength channel pair are randomly distributed to eight users, realizing a fully connected subnet. On the other hand, 10 additional entanglement resources with different correlated wavelength channel pairs are demultiplexed. The photons in these channels are flexibly multiplexed and distributed to different subnets, establishing connections between the subnets. Hence, the 40 users in the QKD network are fully connected without the assistance of trusted nodes. To the best of our knowledge, this is the largest experimentally demonstrated fully connected QKD network supported by a single quantum light source.

Network architecture
Based on space multiplexing and wavelength multiplexing of entangled photon pairs, we propose a two-layer fully connected QKD network architecture. The signal and idler photons of the energy-time entangled state from a broadband quantum light source are distributed to all users in the network. Entanglement resources of 15 correlated wavelength channel pairs from the broadband quantum light source are required to fully connect the 40 users. An illustration of the network architecture is shown in Fig. 1. The two wavelength channels with opposite subscripts belong to a specific correlated wavelength channel pair i.e., (λ 1 , λ −1 ), (λ 2 , λ −2 ), etc. The network architecture is segmented into two layers, the intra-subnet layer and inter-subnet layer. A sketch of the intra-subnet layer is shown in Fig. 1(a). In this layer, photons with a specific pair of correlated wavelengths are distributed to N users by a passive beam splitter. The signal and idler photons of this entanglement resource are randomly distributed to any user. Hence, each user will have coincidence events with any other user, thereby forming a subnet with a fully connected topology. If the user number of this subnet is appropriate, most photon pairs will be randomly distributed to two different users, which is a simple yet efficient approach to realize a fully connected network.
A sketch of the inter-subnet layer is shown in Fig. 1(b). Two subnets are illustrated as two fully connected mesh graphs, which are supported by two independent entanglement resources with different correlated wavelength channel pairs (λ 1 / λ −1 and λ 2 / λ −2 ). An additional entanglement resource with the correlated wavelength channel pair of (λ 6 / λ −6 ) is introduced to connect the two subnets. The signal and idler photons with the entanglement resource of (λ 6 / λ −6 ) are separated by wavelength division multiplexing components and distributed to the two corresponding subnets. The photons are randomly distributed to the users by the same passive beam splitter along with photons of wavelengths (λ 1 / λ −1 ) or (λ 2 / λ −2 ) in each subnet. Therefore, each user in one subnet will have coincidence events with any user in the other subnet due to entangled photon pairs with correlated wavelengths (λ 6 / λ −6 ). Hence, based on this two-layer network architecture, any two users in the network have a connection of coincidence events, realizing a fully connected entanglement distribution network. In this work, we realize a large-scale entanglement distribution network with 40 users based on this architecture, as shown in Fig. 1(c). Five fully connected subnets (A, B, C, D, and E) are supported by five entanglement resources (from λ 1 / λ −1 to λ 5 / λ −5 ). Ten additional entanglement resources (from λ 6 / λ −6 to λ 15 / λ −15 ) are introduced to realize the full connections among the five subnets. Hence, each user in the five subnets have coincidence events with any other user in the network, namely, every pair of users can share an entangled resource. Based on the shared entanglement resource, any two users in the network could establish QKD between them, realizing a fully connected QKD network without trust node. The detailed wavelength allocation of users is given in Supplementary Materials (See Supplementary Table 2). Each user in the network connects with the entanglement resource provider by one optical fiber, in which photons of six specific wavelength channels are sent to the user. Two of them are the correlated wavelength channels supporting the connections in the subnet. The other four wavelength channels are used to connect the users between different subnets. represent wavelength channels corresponding to a specific entanglement resource. (a) Sketch of the intra-subnet layer. Entangled photon pairs with two correlated wavelength channels are distributed randomly to users by a passive beam splitter. As the signal and idler photons in a pair move randomly to the users, each user will have coincidence events with any other user. Hence, it constructs a fully connected QKD network without trusted node, thereby forming a subnet in the network architecture. (b) Sketch of the inter-subnet layer. Green and purple squares denote users in two subnets, which are supported by two entanglement resources (λ 1 /λ − 1 and λ 2 /λ − 2 ) separately. To establish connections between these two subnets, an additional entanglement resource (λ 6 / λ − 6 ) is used. The signal and idler photons of this resource are separated by wavelength division multiplexing components and distributed to users in these two subnets by the same passive beam splitters along with photons of wavelength λ 1 /λ − 1 or λ 2 /λ − 2 in the intra-subnet layer. Hence, each user in one subnet will have coincidence events with any user in the other subnet by sharing an entanglement resource. Therefore, all users in the network are fully connected. (c) Based on this two-layer network architecture, a fully connected QKD network with five subnets is constructed in this work. Each user receives six wavelength channels. Two of them belong to the pair of correlated wavelength channels supporting the connection in the subnet. The other four wavelength channels are used to connect the users between different subnets

Experimental setup
The experimental system of the 40-user fully connected QKD network without trusted node is shown in Fig. 2. In the experiments, broadband energy-time entangled photon pairs are generated by spontaneous four-wave mixing (SFWM) under continuous wave pumping in a silicon waveguide of length 3 mm. The central wavelength of the pump light is 1545.32 nm, corresponding to the International Telecommunication Union (ITU) channel of C40. Owing to the energy conservation of the SWFM process, the signal and idler photons are distributed symmetrically around the pump light wavelength. They are separated by an arrayed waveguide grating system based on their wavelengths with 100 GHz spacing (See Supplementary Fig. 4(a) in Supplementary Materials). Fifteen entanglement resources are extracted from the quantum light source, which corresponded to correlated wavelength channel pairs of C35/C45, C34/C46, …, C21/C59, as shown in Fig. 2(b). The corresponding coincidences of entangled photon pairs with correlated wavelength channels can be seen in Supplementary Materials, Supplementary Fig. 4(b). The first five entanglement resources (represented in green) are used to support the connection of users in the five subnets. The remaining 10 entanglement resources (represented in orange) are used to connect users between the subnets. Subsequently, these wavelength channels are multiplexed by commercial dense wavelength division multiplexing components, as illustrated in Fig. 1(c), and then sent to the passive beam splitters. In each subnet, the passive beam splitter distributes the input photons to all users randomly. The quantum light source, wavelength demultiplex/multiplex components, and passive beam splitters can be treated as a provider of entanglement resources for the network. Two specific users in subnet A received the photons from the provider through optical fibers of 1 km and 2 km, separately. Other users connected to the provider by short fiber patch cords.
In each user, a normal dispersion component, an anomalous dispersion component, and two NbN superconducting nanowire single-photon detectors (SNSPDs) are equipped for performing symmetric dispersive optics QKD (DO-QKD) [39]. The symmetric DO-QKD is modified from the conventional DO-QKD scheme [40][41][42] to fully adapt to the entanglement distribution network based on passive beam splitters. Highdimensional encoding based on the time of recorded single-photon detection events can be used in symmetric DO-QKD to improve the utilization of coincidence events by multi-bit key generation per coincidence.

Experimental results
First, the properties of the entanglement distribution were measured to verify the feasibility of the network architecture and to evaluate the quality of coincidences between the users. For each user, the photons were directly detected by the SNSPD. The results are shown in Fig. 3. Figure 3(a) shows the typical results for two specific users in the same subnet. The five peaks show the results of coincidence counts in the five subnets (A, B, C, D, and E), which were supported by the resources of correlated wavelength channel pairs of (C35, C45), (C34, C46), (C33, C47), (C32, C48), and (C31, C49), respectively. For clarity, the coincidence peaks of the five subnets are plotted in the same figure with different offsets in the time delays. The time window for the coincidence measurement was 128 ps. It can be seen that the coincidence to accidental coincidence ratios (CARs) of all the peaks are higher than 70. Figure 3(b) shows the typical coincidence results between users of different subnets. In each subnet, one specific user was selected to perform the coincidence measurement. Hence, 10 connections existed among the five users in different subnets. The 10 peaks in the figure show the coincidence results of the 10 connections with different time offsets for clarity. The time window for the coincidence measurement was 128 ps. The first coincidence peak is marked as AB, which indicates the result for the users from subnets A and B. It was supported by the entanglement resource with correlated wavelength channel pair (λ 6 , λ −6 ), and so on for the other coincidence peaks. All the peaks show CARs exceeding 60. The results in Fig. 3 show that the photon pairs distributed to any two users can be well discriminated under a narrow coincidence window by the coincidences, regardless of whether they are in the same or different subnets. It is noteworthy that the average coincidence counts between two users in different subnets are smaller than those between two users in the same subnet. It is due to the difference of photon pair distributions in these two cases. For two users in different subnets, the signal and idler photons in a pair are distributed to the two users by two different beam splitters respectively. If the two beam splitters both have n output ports, the possibility that the two users could receive this photon pair is proportional to 1/n 2 . On the other hand, for two users in the same subnet, the signal and idler photons in a pair are distributed to the two users by the same beam splitter. There are two situations, i.e., the signal photon is guided to one user and the idler photon is guided to the other user, and vice versa. If the beam splitter also has n output ports, the possibility that the two users could receive this photon pair is proportional to 2/n 2 , considering the contributions of both situations. Thereby it will result in an almost two-fold coincidence counts for two users in the same subnet, compared to two users in different subnets. The differences in coincidence counts shown in Fig. 3(b) are primarily due to the differences in insertion loss induced by the wavelength division multiplexers for the photon pairs of different entanglement resources.
Subsequently, the performance of the QKD in this network was measured using the setup shown in Fig. 2(a). A symmetric DO-QKD was applied to realize secure key generation in all the links in the network. In this QKD scheme, the arrival time of photons was recorded and used for key generation and security tests. A high-dimensional time encoding process with three levels was optimized to attain the maximum secure key generation rates. For example, for typical two users in subnet A and B, after the optimization process, the raw key generation rate between the two users is 35.2 bits per second (bps) under a QBER of 7.6%. Through security test, secure key rate of 22 bps is obtained. More details of the symmetric DO-QKD, key generation and security test are introduced in the Supplementary Materials. Figure 4 shows the measurement results of QKD performance. First, we randomly selected a subnet, which is subnet A in our experiment, and the secure key rates between any two users in subnet A were measured, as shown in Fig. 4 (a). There are 28 links in the subnet, which are labeled by numbers along the x-axis. Since two specific users receive photons from the provider through transmission fibers of 1 and 2 km respectively, the links including these two users have different transmission conditions. Link 1 has transmission fibers of 1 and 2 km on two sides, separately. Links 2-7 only have transmission fibers of 1 km on one side, whereas links 8-13 only have transmission fibers of 2 km on one side. Links 14-28 do not have these transmission fibers. It can be seen that all the links exhibited similar performances since the lengths of transmission fibers introduced in the experiment are quite short. The average secure key rate is ~ 51 bps. To demonstrate the secure key generation between two users in different subnets, we randomly selected one user in each of the five subnets. There were ten links among the five users. The performances of the symmetric DO-QKD of these links were measured, and the results are shown in Fig. 4(b). The letters on the top of each result indicate the two subnets of the two users of the corresponding link. All the links with the user from subnet A (1-4) have transmission fibers of 1 km on one side. Other links (5-10) do not contain transmission fibers. It can be seen that all these links show similar performances. The average secure key rate is ~ 22 bps, which is lower than that shown in Fig. 4(a). It is consistent with the coincidence results of entanglement distribution. The corresponding results of quantum bit error rate (QBER) between the users in the subnet A and in each two of the five subnets are shown in Fig.4(c) and Fig.4(d). The QBERs are all bounding at less than 8% by the bin sifting process.

Discussion
In this work, we proposed a QKD network architecture with two layers, based on quantum entanglement distribution by both wavelength division multiplexing (WDM) and space division multiplexing (SDM). A natural question is how to fully utilize its capacity. A simple comparison can be used to explain the best application form of this architecture. Let's consider three cases. In all of them, m 2 entanglement resources (m is a positive integer) are provided by a broadband quantum light source. They locate at different wavelength channel pairs and could be divided by WDM. Each entanglement resource has a photon pair generation rate of δ. Moreover, the losses of optical components and optical fibers for entanglement distribution are neglected for simplicity.
The first case is a single layer network with only SDM, in which all the entanglement resources are send to all the users by a passive beam splitter. The user number is set as m × n (n is also a positive integer). Since photons are send to all the users randomly by the beam splitter, the received single-photon rate of a specific user is Also, the received photon pair rate of any two specific users is R c,1 = 2 m 2 (m×n) 2 δ = 2 n 2 δ. A parameter R c /R s is introduced to characterize the ratio of noise photons received by a specific user when establishing QKD with another user. The smaller the R c /R s , the greater the ratio of noise photons received by a specific user. In this case, it can be seen that R c /R s = 1/(m × n), showing that the ratio of noise photons received by a specific user is totally determined by the user number of the network.
The second case is the proposed two-layer network with both WDM and SDM. Assuming that the network has m subnets and each subnet has n users, the total user number is also m × n. In the network, m entanglement resources support m subnet as shown in Fig. 1(a), while m(m − 1) entanglement resources are used to realize connections between different subnets as shown in Fig. 1(b). This setting means that any two subnets are connected by 2 entanglement resources, which ensures that the received photon pair rate between any two users is the same, no matter they are in the same subnet or not. It is easy to calculate the received single-photon rate of a specific user and the received photon pair rate of any two specific users in this network It can be seen that they are the same with those of the first case. It seems that the twolayer network architecture has no advantage comparing with the single-layer one.
However, it is worth noting that in the two-layer network architecture, each entanglement resource only contributes to a part of connections in the network. For a specific connection in a subnet, only one entanglement resource supports it. While, for a specific connection between different subnets, only two entanglement resources support it. If the connection is used to realize QKD, the photons of corresponding entanglement resources could be selected by optical filters at the users. It is the third case, the two-layer network with entanglement resource selection at user ends. It can be expected that the entanglement resource selection would not impact the received photon pair rate of the two users, but the received single-photon rate of a specific user would be reduced to Hence, R c /R s = 1/n, it is only determined by the user number in a subnet. If n = 1, it is the case of fully-connected network only based on WDM [34]. As a conclusion, above comparisons show that the proposed two-layer network architecture has better coincidence performance than the single-layer one if entanglement resource selection is applied at user ends. Moreover, the single-layer network and the fully-connected WDM quantum network [34] in the previous works could be looked as two special cases of the two-layer network architecture in this work.
To analyze the performance of QKD realized in this network architecture, more factors should be considered, such as the number and performance of the quantum resources provided by the quantum light source, the losses introduced by transmission fibers and components for entanglement distribution, and the performance of the single-photon detectors. Beside their efficiency and dark count rate, the counting rate of the single-photon detectors is also important in this network architecture, since it determine how many entanglement resources could be introduced in this network. To explore the potential of this network architecture on realizing fullyconnected QKD network with large user number, we established a theoretical model of DO-QKD and calculated the performance of QKD links in the networks of above three cases (The method and main parameters are introduced in the supplementary materials). The results are shown in Fig. 5. Figure 5 (a) is a contour map showing the secure key rate between any two users in the single-layer network. The x-label is the user number in the network. The y-label is the entanglement resources introduced into the network, which is indicated by the total photon pair rate provided by the quantum light source. It can be seen that the secure key rate decreases with increasing user number under a given photon pair rate, since the optical loss of the QKD link between two users rises if output port number of the passive beam splitter increases. On the other hand, for a specific user number, the secure key rate rises with increasing photon pair rate firstly, then decreases after it reaches a maximum. There are two reasons that account for the performance degradation under high photon pair rate. On one hand, for the single-photon events recorded by a user, if more than one single-photon events are recorded in one frame, they should be discarded in the frame-sifting process of the DO-QKD protocol. It would lead to the decreased coincidence count between two users, reducing the raw key rate. On the other hand, the correlation between photons of two users will decrease when a large number of useful single-photon events are discarded, which would lead to a decreased security, reducing the secure key capacity. The dash line in the figure is the upper limit of the entanglement resources introduced into the network, which is determined by the counting rate of the single-photon detectors. Hence, only the performance under the dash line is available, indicating that the performance of single-photon detectors is crucial for scaling the quantum network. The calculation results of two-layer network without entanglement resource selection is shown in Fig. 5(b). In the calculation, it is assumed that the network has 5 subnets (m = 5), hence the user number should be a multiple of 5 and the contour is plotted by interpolation. The number of the entanglement resources should be m 2 = 25. The y-label shows the total contributions of all the 25 entanglement resources when changing δ. It can be seen that the QKD performances of this network is almost the same with those of the single-layer network. The performance of two-layer network with entanglement resource selection are calculated under the same parameter setting as Fig. 5(b), which is shown in Fig. 5(c). It is clear that the QKD performance is highly improved comparing with those of the single-layer network, showing the benefits of entanglement resource selection. The comparison among the QKD performance in Fig. 5 agrees with the above qualitative analysis. Since photons of different wavelengths are not distinguished in the single-layer network, the entanglement resource selection by optical filter at user side is a prominent advantage of the two-layer network.
In the experiment of this work, the entanglement resources introduced into the network is quite small (total photon pair rate is about 0.06 GHz), which is far from the limitations introduced by the frame-sifting process of the DO-QKD protocol and the counting rate of the single-photon detectors. The calculation results in Fig. 5 show that the network performances are almost the same in all the cases when total photon pair rate is lower than 0.1 GHz. On the other hand, to realize large-scale quantum network, massive entanglement resources should be introduced into the network through an ultra-broadband quantum light source, or multiple quantum light sources. In this condition, entanglement resource selection is crucial for the network performance and scalability.
In this work, we focused on the application scenarios with short transmission distance and large user number, such as local area networks, campus networks and community access networks. It can be expected that a network with smaller user number could support longer transmission distance by reducing the additional loss introduced by the multi-port beam splitters. An extreme case is that the entanglement distribution is only realized by WDM and no multi-port beam splitter is applied in the network. In this case, each link is supported by one entanglement resource to realize point-to-point QKD. Our previous work has shown that in this network the entanglement-based DO-QKD protocol could support fiber transmission links of several tens kilometers with reasonable secure key rate [42].

Conclusions
In this work, we propose a fully connected QKD network architecture without trusted node for a large number of users. It has two layers, by which the entanglement resources provided by a broadband quantum light source are distributed to users by WDM and SDM. Any two users in the network share a part of entanglement resources, by which QKD is established between them. The experiment demonstration realizes a fully connected network with 40 users and 780 QKD links. The average secure key rate between users in the same subnet is ~ 51 bps and that between users in different subnets is ~ 22 bps. The performance of this network architecture is also discussed theoretically. It shows that the proposed two-layer network architecture has better performance than the single-layer network with passive beam splitter, if entanglement resource selection at user ends is applied. It provides an effective and simple way to realize quantum communication networks with large user numbers.