Information security and data encryption [1,2] have risen to a pivotal position in the digital information era. The development of quantum communication provides us with new approaches for secure communication tasks, with the benefit of provable security provided by quantum mechanical laws. Quantum key distribution (QKD) protocol was proposed by Bennett and Brassard in 1984 (called BB84 QKD protocol) [3] to perform key exchanges between legitimate distant users. Hitherto, QKD has been well developed in optical fiber, laying the foundation for the establishment of quantum communication networks [4–6]. Compared with fiber, the free-space channel is also considered to be a befitting link for quantum communication. The atmosphere has several high transmission windows at particular wavelengths, which allows low-loss light transmission. Quantum communication can be established by using a free-space channel [7] for rough areas where optical fiber networks are not constructed. In addition, free-space quantum communication is valuable for long-distance quantum communication, combining earth-to-satellite and satellite-to-satellite communications. Due to nonbirefringence for the propagation of light in the atmosphere, the polarization of a single photon is maintained well, most free-space quantum communications are implemented using polarization encoding [8–12]. QKD ensures security through detection of eavesdropping on-site. Therefore QKD transmits random numbers first, and if it can assure no eavesdropping, the random numbers are adopted as keys for use to encrypt the message in a subsequent classical communication. But it cannot prevent the eavesdropper from obtaining the transmitted ciphertext.

In the past two decades, quantum secure direct communication (QSDC) was proposed and developed [13–16]. QSDC directly conveys safely secret messages over the quantum channel. Demonstration experiments have contributed the key technologies of QSDC, such as frequency coding [17], quantum memory [18], fiber entanglement source [19], and practical system for intra-city applications [20]. Up to now, this philosophy has been extended to numerous different theoretical proposals aimed to directly convey secret information over the quantum channel, which guarantees security by ensuring that the eavesdropper cannot simultaneously access the two parts of a correlated quantum state [13,14,16,21,22] or by encrypting information with the quantum state [15,23–25]. Recently, the measurement-device-independent (MDI) theories of QSDC have been established [26–28], MDI scheme for the single photon–based QSDC was given in Ref. [26], and that for the entanglement-based QSDC protocols in Refs. [13,14] is provided in Ref. [27]. The scheme that is secure against all defects in devices in QSDC, namely, the device-independent QSDC, was given in Ref. [29].

Against the aforementioned background, our main contributions are as follows. First, to the best of our knowledge, we report the first fully operational system for free-space QSDC with phase encoding. The transmitter and receiver modules are further developed by utilizing the most common fiber optical components. A round-trip optical architecture can also mitigate the problem of phase drift in the free-space channel so as to achieve a stable QSDC. Second, the security of the QSDC system is analyzed under the photon number splitting (PNS) attack for multi-photon components. The Gottesman-Lo-Lütkenhaus-Preskill (GLLP) theory [30] and decoy state [31–33] can be extended into our model to analyze security. One surprising result is that we can achieve secure information transmission by the two-photon component, which is consistent with the results of two-way QKD [34–36], a special case of the DL04 QSDC protocol [15]. This paper is arranged as follows. In Section 2, we review the details of the single photon–based QSDC protocol and show how we run it on a free-space experimental system with phase encoding. In Section 3, we present the experimental results. In Section 4, we analyze the security of the QSDC system. Finally, conclusions are given in Section 5.

The DL04 QSDC protocol [15] realized in this work has the following steps.System.Xml.XmlElementSystem.Xml.XmlElementSystem.Xml.XmlElementSystem.Xml.XmlElement

There are two error rates in the DL04 QSDC protocol, the DBER and the QBER, which ensure the security of the first transmission and the reliability of the second transmission, respectively.

The schematic of our experimental setup is shown in Fig. 1. The system is comprised of two legitimate users’ optical setups and a free-space channel between them. The apparatus of Alice and Bob all adopt fiber-optic components. Some low-absorption atmospheric spectral windows in the near-infrared, such as regions of λ∼850nm and λ∼1550nm, are usually considered for free-space quantum communications. Our system works at a wavelength of 1550 nm to take advantage of a peak in the typical atmospheric transmission window and the low attenuation dip in fiber-optic components.

The laser pulses are emitted at Bob with a repetition frequency of 16 MHz and a pulse width of 200 ps. They are reduced to a specific attenuated level at the input of Bob’s station. To be more specific, Bob modulates a random phase ϕ1B∈{0,π/2,π,3π/2} on the pulse by using his phase modulator (PM) located in the long-path of the asymmetric Mach–Zehnder interferometer. It is equivalent to the preparation of four initial states in the DL04 QSDC protocol. The photons are transported to a triplet fiber-optic collimator (TFOC) where they are output to a free-space channel and then collected by Alice’s collimator for coupling into the single-mode fiber. In our proof-of-principle experimental demonstration, Alice’s and Bob’s collimators are separated by 10 m with four mirror reflections. A 50/50 beam splitter (BS) in Alice’s system randomly reflects or transmits the incoming photons to two different paths: the lower and upper paths in Fig. 1, one for detecting eavesdropping and the other for encoding secret information. For the lower path, Alice detects the photon with her interferometer by randomly applying phase modulation ϕ1A∈{0,π/2} to the pulse passing over the long-path, and then a DBER is obtained by public discussion between Alice and Bob. By contrast, in the upper path, an encoding operation I or Y is performed on the pulse (previously passing over the long-path at Bob) by adding a phase ϕ2A=0 or ϕ2A=π after it passes through the Faraday rotator (FR). Finally, by the time of the pulse arriving back to Bob’s station, Bob applies phase modulation ϕ2B to the pulse for finishing measurement according to the initial phase modulation that he has imposed. To estimate the QBER, the measurement results of checking bits are compared with Alice’s encoding. The photons are detected by InGaAs avalanche photodiodes gated in Geiger mode and cooled to −50°C, with a gate width of 1 ns and an efficiency of 5.57% as well as a dark count probability of 1×10−6 per gate.

In this setup, all pulses propagate over a loop with the FR and the PM to perform information encoding. The Faraday mirror in Muller’s scheme [38] is replaced by the FR. All pulses only pass through the PM once compared with the Faraday mirror as a reflection terminal, so this loop has less attenuation than the original Muller’s scheme. It will help to improve the repetition rate of our QSDC system. The pulses are delivered through the same optical path to convey information, the phase is very stable, and the light propagation with an FR automatically compensates for all polarization fluctuations in the optical links. Furthermore, this system has a low requirement on the PM, since the PM is consistent with the conventional one that only requires both its input and output fibers are polarization-maintaining fibers [39]. The polarization controller (PC) located at the Alice site is used to compensate polarization drift in the fiber so that the pulses are completely transmitted at the polarization beam splitter (PBS), guiding the short (long) path pulse which comes from Bob into Alice’s long (short) path. This free-space QSDC system is controlled as well as synchronized by two field-programmable gate array (FPGA) devices, and specific computer software programs are developed at Alice’s and Bob’s terminal.

The experiment is conducted in a lab platform. Figure 2 shows the interference fringes. Both curves are coincident with a sinusoidal pattern. Interference visibility of single-trip (Bob-to-Alice) and round-trip (Bob-to-Alice-to-Bob) is 97.37% and 99.48%, respectively. Although the light is susceptible to scatter in free space, producing phase aberrations which perturb quantum bits, stable interference can still be observed in our experiment system.

To guarantee the reliable transmission of secret information, low-density parity-check code [20,40] is applied to our free-space QSDC system, and the compensation algorithm that aims to eliminate phase shift of a single photon in the free-space channel is equipped. A transmission rate of 500 bps is obtained, and consequently, files of reasonable sizes, such as text, picture, and audio, can be transmitted directly over the quantum channel by running our system. In the experiment test, Alice transmits an image of size 800×525pixels (194 k) to Bob, and Fig. 3 shows the variation of DBER and QBER during the transmission time. The average of DBER and QBER during image transmission is 1.90%±0.32% and 0.49%±0.27%, respectively. High visibility of the interferometer is crucial to obtain a low error rate in our free-space QSDC system. The QBER through a round-trip optical path is obtained where phase drifts are auto-compensated by the modified Muller’s scheme, while the DBER is detected through a single-trip optical path using phase compensation algorithm to mitigate phase shifts. This active compensation is not as efficient as the auto-compensation, and therefore DBER is higher than QBER, as shown in Fig. 3. The phenomenon of DBER higher than QBER is consistent with the result of Fig. 2, in which the interference visibility of the single-trip is lower than that of the round-trip, since the interference visibility has an important influence on the bit error rate of the phase-encoding scheme. The round-trip interferometer which has the same optical path for the two interfering pulses produces better interference than the single-trip where the two interfering pulses have only approximately the same optical path. Therefore, the interference visibility of round-trip is higher than that of single-trip. The interference visibility test is generally used to assess the performance of interferometer while the effect of the dark count of single-photon detectors is included. We maintain the detectors’ maximum count of ∼3000 by improving the light intensity during the interference visibility test of the round-trip. In this count rate, the influence of the dark count could be ignored. As a result, the count curves are given as Fig. 2.

The secrecy capacity lower bound of the DL04 QSDC is given in Ref. [20] according to Wyner’s wiretap channel theory [41], which can be written as where I(A:B) is the mutual information between Alice and Bob, while I(A:E) is the maximum information that Eve can steal, and p0 is the probability that Alice performs operation I during her information encoding. Hence, Cs defines the asymptotic information rate at which Alice can convey to Bob over the quantum channel with the guarantee that Eve has negligible information about the transmitted secret information. Remarkably, the asymptotic regime cannot be met for practical implementation, which has been fully considered in QKD [42]. The finite size of a block in the practical implementation of block-transmission-based QSDC [13–15] is actually the finite-size regime, and the block size would affect the security of QSDC. However, the finite-size analysis of QKD cannot be directly invoked for QSDC, since negotiating random secret key bits is different from transmitting secret information bits. The finite-size effect of QSDC would be an interesting direction for future research.

The general collective attacks on a single photon have been taken into account in many works [20,43–45]. However, practical quantum communication systems are usually implemented with weak coherent light sources. The pulse generated from such a light source can be written as a mixture of Fock states: ρ=∫(1/2π)dθ|μeiθ⟩⟨μeiθ|=∑np(n,μ)|n⟩⟨n|, in which the number of photons n follows the Poisson distribution p(n,μ)=e−μμn/n! with mean photon number μ and phase θ. It occasionally emits multiple photons. Unfortunately, the pulses containing multiple photons cannot be secure in some quantum communication protocols when they are under PNS attack [31], namely, Eve splits one of the photons from the pulse that contains two or more photons for measuring. Here, we suggest a photon number splitting attack according to the two-way characteristic of the DL04 QSDC, which combines the PNS attack as well as the collective attack. Hence, the security analysis of this system is given in the context of both the general collective attack on a single photon and the PNS attack on multiple photons.

The attack strategies of Eve are shown in Fig. 4. Eve has the ability to discern the number of photons in every pulse, and then the specific attack strategies performed by Eve would be divided into two types. On the one hand, if the pulse in the forward quantum channel contains only one photon (n=1), Eve performs the collective attack on this photon [20,43]. To be more specific, Eve prepares ancilla states each of which interacts individually with the photons sent from Bob-to-Alice, and these ancilla states are stored in the quantum memory until the photons are returned from Alice after secret information has been encoded. Eve would perform the optimal measurement by combining her ancilla states and the encoded states in order to obtain the secret information. According to Ref. [20], the maximum information that Eve can obtain from a single photon is I(A:E)n=1=h(2e1BA), in which we have assumed reasonably that Eve introduces equivalent error rate in the X and Z basis, and e1BA is the DBER originated from a single photon. On the other hand, if the pulse in the forward quantum channel is with photon number greater than 1 (n>1), Eve can perform the PNS attack.

Let us start with case n≥3. The four linearly independent states ({|0⟩⊗n,|1⟩⊗n,|+⟩⊗n,|−⟩⊗n},n≥3) could be unambiguously discriminated [46], hence there is a powerful attack that Eve can get all secret information for the pulse that contains multi-photon components (n≥3), and it goes as follows. Eve captures this pulse sent from Bob, and then a new photon in the right state that is based on her successful unambiguous discrimination would be prepared and transmitted to Alice. If Eve fails to discriminate the multi-photon state, she blocks it. After the secret information encoding is finished by Alice, Eve captures the pulse again and she can deterministically decode the secret information based on the known initial state. Consequently, the pulses with multiple photons (n≥3) referred to as multi-photon states cannot provide secrecy capacity in the DL04 QSDC protocol.

Indeed, I(A:E)n≥3=1, and we need to derive the secrecy capacity that two-photon components can achieve under the PNS attack. In the PNS attack, Eve splits one of the photons from the pulse that contains two photons in the forward quantum channel and retains it. As for the other photon, she applies the collective attack, as detailed above in the case of n=1. What is unusual is that Eve can get two intercepted photons from each pulse, and these states will be combined with her ancillas for the optimal measurement. We assume that the initial state prepared by Bob is ρB=(|00⟩⟨00|+|11⟩⟨11|+|++⟩⟨++|+|--⟩⟨--|)/4. Eve’s quantum operation in the PNS attack can be represented as where U is an unitary operation performed on two particles, i.e., one photon of ρB together with |E⟩ and |E⟩ (|E⟩0000, |E⟩0001, |E⟩1110, and |E⟩1111) is the ancilla state before (after) attack. The effect of Alice’s encoding unitary operation Y (single-particle operation) on the photons can be written as Hence, after Eve’s attack, the joint state of two photons and Eve’s ancilla in the forward quantum channel is ρBE=U(ρB⊗|E⟩⟨E|)U†. During the information encoding, if Alice performs unitary operation I or Y with the probability of p0 and p1 on the photons, respectively, the joint state would become ρBE0=U(ρB⊗|E⟩⟨E|)U† or ρBE1=YU(ρB⊗|E⟩⟨E|)U†Y† with respective probabilities. Thus, the joint state that Eve can access in the backward quantum channel is where p0+p1=1.

The maximum information that Eve can steal I(A:E) is given by the Holevo bound χ [45,47], that is, where S(ρ)=−Tr(ρlog2ρ) represents the von Neumann entropy. On the one hand, since the density operators ρBE0 and ρBE1 are only different in unitary operation from ρB⊗|E⟩⟨E|, we can conclude that S(ρBE0)=S(ρBE1)=S(ρB⊗|E⟩⟨E|)=3/2. On the other hand, we must obtain the eigenvalues of the joint state ρBEA in order to calculate the von Neumann entropy S(ρBEA). We can simplify the process of calculating eigenvalues by using the Gram matrix representation, which is proved to have the same eigenvalues with its corresponding density operator [48]. For the joint state ρBEA, its Gram matrix is given by Note that the above analysis applies to the most general PNS attack. To illustrate the use of the above result, we assume that Eve’s attack operator U is symmetric, which further means that her attack could be modeled as a depolarizing channel [49]. The depolarizing channel is a typical model invoked in the unconditional security proofs of some QKD protocols, as detailed in Refs. [44,50,51]. Hence, in addition to the conditions of orthonormality, ⟨E0000|E0000⟩+⟨E0001|E0001⟩=1 and ⟨E1110|E1110⟩+⟨E1111|E1111⟩=1, there are some equations of the depolarizing channel to calculate the specific values of Gram matrix’s elements, which are given as follows [20,44]: where e2BA is the DBER caused by two photons from Bob-to-Alice. Furthermore, we assume that p0=p1=1/2 [20]. After cumbersome calculations, we can get that the eigenvalues of ρBEA are λ1,2BEA=0, λ3,4BEA=1/4, λ5,6BEA=(1−2e2BA)/4, and λ7,8BEA=2e2BA/4. Therefore, S(ρBEA)=−Tr(ρBEAlog2ρBEA)=−∑iλiBEAlog2(λiBEA)=2+h(2e2)/2, where h(x)=−xlog2(x)−(1−x)log2(1−x) is the binary Shannon entropy. According to Eq. (5), the maximum information that Eve can steal via the pulse containing two photons is One important conclusion we can draw from Eq. (8) is that the DL04 QSDC protocol [15] has the ability to defend against the PNS attack in the case of two photons, since I(A:E)n=2 could be below one. The basic physics is that no basis announcement is required in QSDC for information decoding, while basis comparison is necessary for establishing the common secret keys in the BB84 QKD [3].

In order to analyze the practical QSDC experiment system, let us calculate I(A:B) and I(A:E) under the frame of Eve performing the general collective attack on a single photon and the PNS attack on multi-photons, considering the device and channel losses. Assume that αBA and αBAB are the channel attenuation of different paths BA and BAB, respectively. As can be seen in Fig. 4, Eve performs her eavesdropping after Alice finishes information encoding, which indicates αBAB=2αBA. Thus, we have the channel transmissions as follows: and then the concomitant overall transmissions are given by where ηoptBA and ηoptBAB are the specific devices’ intrinsic optical losses, while ηDA and ηDB are the detection efficiency of Alice and Bob, respectively. The transmittances of n-photon state through different paths are ηnBA=1−(1−ηBA)n and ηnBAB=1−(1−ηBAB)n. With Y0A and Y0B as background detection events of different parties, the yields become YnA=Y0A+ηnBA−ηnBAY0A≈Y0A+ηnBA and YnB≈Y0B+ηnBAB, and the overall signal gains and the error rates are given by [52] and where e0=1/2 is the error rate of background, Qμ,nBA (Qμ,nBAE and Qμ,nBAB) is the n-photon signal gain at Alice (Eve and Bob), and edetBA and edetBAB are intrinsic detector error rates which can be calculated by the visibilities V of the detection system: edetBA=(1−VBA)/2 and edetBAB=(1−VBAB)/2 [53]. The derivation of Qμ,nBAE is given in Appendix A.

According to the theory of binary symmetric channel and binary erasure channel [54], the mutual information between Alice and Bob can be calculated as where QμBAB is the overall signal gain of Bob after a round-trip BAB, and EμBAB is the QBER. The secret information that Eve can obtain from a single photon by using the collective attack is [20,43] where e1BA is the DBER caused by the single photon. Given the above, the lower bound of secrecy capacity is Obviously, now we need to discuss how to evaluate the DBERs in Eq. (15) caused by single-photon (e1BA) states and two-photon (e2BA) states.

There is a pessimistic assumption in the GLLP theory [30]: all multi-photon signals could be detected by Alice and all errors originate from a single photon. Hence, the upper bound of e1BA is evaluated by where EμBA is the DBER, and QμBA is the overall signal gain at Alice’s terminal after the BA path. However, the GLLP theory cannot give us a real value of e2BA, in other words, e2BA=0 with its assumption. In this case, I(A:E)n=2=Qμ,n=2BAE·(1/2) according to Eqs. (8) and (15), which means Eve can obtain a part of the secret information from the two-photon state by zero-DBER eavesdropping. Actually, it is a special case of our PNS attack. Eve intercepts one photon in the forward quantum channel but does nothing for the other and forwards it directly (no error rate here, e2BA=0). After Alice finishes secret information encoding, Eve intercepts the encoded photon and combines the intercepted two photons to read the secret information. Note that the PNS attack needs to be combined with the unambiguous state discrimination (USD) attack [55], namely, Eve obtains information by discriminating the states before and after Alice’s encoding operation, since there is no basis reconciliation in the DL04 QSDC protocol [15]. The upper bound on the maximum probability to discriminate two mixed states is 1/2 [56], which matches the above-mentioned result I(A:E)n=2=Qμ,n=2BAE·(1/2) we have obtained under the PNS attack, in which the secret information Eve may steal from the two-photon state is 1/2 without considering her reception rate Qμ,n=2BAE. Based on the assumption of GLLP, the value of Qμ,n=1BAE=QμBA−p(n≥2,μ)−p(0,μ)Y0A−p(1,μ)Y0A, Qμ,n=2BAE=p(2,μ)−p(2,μ)Y0A, and Qμ,n≥3BAE=p(n≥3,μ)−p(n≥3,μ)Y0A in GLLP can be estimated by combining the Eq. (A5) and the constraint of the first formula of Eq. (11) for maximizing I(A:E).

One way to beat the PNS attack in QKD is by utilizing decoy-state method [31–33]. This method also can be integrated into the DL04 QSDC [15], and we consider the decoy state here only for detecting the PNS attack, leaving the problem of whether it can be used to transmit secret information for future work. More importantly, the decoy state can provide a better estimation of the DBER. Bob randomly uses the signal source or the decoy source to prepare the initial states and sends them to Alice. Once these states are received by Alice, she randomly chooses some of them to publicly discuss with Bob for eavesdropping detection that is the same as Step (2) in Section 2.A. Bob announces where the decoy states are and then their transmission properties would be tested by Alice. It is impossible for Eve to discriminate which ones are the decoy states; in this way, if Eve still performs the PNS attack in the forward quantum channel, the counting rate of the system in path of BA will be inevitably disturbed. If Alice and Bob confirm that the forward quantum channel has not been tapped, Alice will use the remaining signal states for information encoding.

Much of the decoy-state research in the Scarani-Acin-Ribordy-Gisin 2004 (SARG 04) QKD protocol [57–60] has shown how the decoy-state method can be used to estimate the error rate caused by two photons. Inspired by these previous works, we use four decoy states: one vacuum state and three weak decoy states (ν1, ν2, and ν3) to estimate our e2BA, so that the background rate can be estimated by the vacuum state, i.e., Y0A=QvacBA and e0=EvacBA=1/2. The upper bounds of single-photon DBER and two-photon DBER are, respectively, given by [60] and where and Furthermore, the above mean photon numbers μ, ν1, ν2, and ν3 meet the following conditions: Results with explicit examples obtained from Eq. (15) are given in Fig. 6.

The devices’ intrinsic optical losses are measured from our experimental setup. There is an altogether loss of 4.3 dB from PBS and PM. The attenuation of the short-arm optical link of the Mach–Zehnder interferometer is 2.3 dB. Suppose Eve’s detection efficiency is ηDE=100% and without background detection events, while Alice and Bob utilize the superconducting single-photon detector with detection efficiency ηDA=ηDB=70% and background detection events Y0A=Y0B=8×10−8. γA=(1−k)×10−2.3/10×70% and γE=k×10−4.3/10×k×100%, where k originates from a (1‒k):k BS. Then, the overall device intrinsic optical losses of Alice and Bob are given by ηoptBA=(1−k)×10−2.3/10 and ηoptBAE=k2×10−6.6/10, respectively. The intrinsic detector error rates edetBA=1.31% and edetBAB=0.26% are deduced from system visibilities. Furthermore, the value of k is fixed by γA=γE. We then performed a numerical simulation to estimate the secrecy capacity under Eve’s attacks with this setup in terms of maximum optical link attention.

Figure 5 shows the secrecy capacity of the free-space QSDC system with different mean photon numbers given by the GLLP theory. There is a trade-off between the secrecy capacity and the maximum tolerable attenuation. The maximum tolerable attenuation would be very small with the large mean photon numbers due to the high multi-photon probability in pulse, and it is susceptible to the PNS attack. However, it is infeasible to improve the maximum tolerable attenuation by reducing the mean photon numbers drastically on account of the decrease in the secrecy capacity. Hence, we choose the mean photon number μ=0.01 as the near-optimal value to highlight performance, as this is its preferable performance both in the secrecy capacity and in the maximum tolerable attenuation. Consequently, as shown in Fig. 5, the channel attenuation of secure communication against the collective attack as well as the PNS and USD attack for the QSDC system with realistic devices is less than 5.8 dB.

By contrast, as shown in Fig. 6, the secrecy capacity and the maximum tolerable attenuation can be greatly increased by using a decoy-state method. To be more specific, the maximum tolerable attenuation of decoy state method is 3.9 times that of GLLP. The results show that the decoy state can accurately estimate the DBER caused by a single- and two-photon state in which it plays a positive role in improving communication performance, rather than the GLLP theory that gives a poor estimation. As seen in Fig. 6, the contribution of a two-photon state to the secrecy capacity cannot be completely disregarded, especially when the system is operated with a comparatively higher mean photon number. For GLLP, there is even no secrecy capacity at μ = 0.1 if the contribution of two-photon components has not been considered.

In clear weather conditions, when the typical atmosphere attenuation is 0.5–2 dB/km [61,62], it is feasible to exchange secret information by free-space QSDC based on phase encoding for two users over more than 1 km without using a decoy state, which is a typical distance between two terminals in a secure area. If the decoy-state method is applied, this secure communication distance could be further improved. One typical usage scenario would be applied in indoor environments for wireless communication, known as the quantum Li-Fi system [63].

We have constructed a free-space QSDC system based on phase encoding. The asymmetric Mach–Zehnder interferometers serve as transmitter and receiver with convincing fringe visibilities. The system can be operated to transmit text, picture, and audio, with a low average QBER of 0.49%±0.27%. This indicates the feasibility of phase encoding–based QSDC over a free-space channel. The security analysis of free-space QSDC has been given under the general collective attack on a single photon and the PNS attack on multi-photons, making a beneficial step to calculate the secrecy capacity of the QSDC system using a practical light source. Furthermore, the PNS attack is a general strategy that is applicable in explaining the previous PNS plus USD attack [56]. Our results show that the DL04 QSDC protocol is robust against the PNS attack in the depolarizing channel, and the secrecy capacity is increased significantly after considering the security of two-photon components, especially under the framework of a decoy state. As for future investigation, the effects of background light noise need to be considered in the free-space QSDC system. Decreasing the intrinsic loss of optical setups and optimizing the decoy-state method will be beneficial for long-distance transmission of QSDC over a free-space channel. It is worth mentioning that the phase drift of the photon must be carefully handled by the free-space QSDC system with phase encoding. Hence, the maximum communication distance of free-space QSDC with phase-encoding needs to be further investigated.