Poster Session 2

Abstract: At present, the performance of quantum digital signatures (QDSs) is limited by key generation protocols (e.g., BB84 or measurement-device-independent protocols), which are fundamentally limited in terms of channel capacity. Fortunately, the recently proposed twin-field quantum key distribution can overcome this limit. Here, we for the first time propose a twin-field QDS (TF-QDS) protocol and give a corresponding security analysis. It can not only possess the highest security among all existing QDS protocols, but also exhibit outstanding performance in terms of both signature rates and secure transmission distances. Therefore, our work represents another step towards practical implementation of QDSs.

Abstract: The random number generators (RNGs) are an indispensable tool in cryptography. Of various types of RNG method, those using radiations from nuclear decays (radioactive RNG) has a relatively long history but their security has never been discussed rigorously in the literature. In this paper and in reference [T. Tsurumaru, T. Sasaki, and I. Tsutsui, arXiv:1912.09124 [quant-ph]], we propose a new method of the radioactive RNG that admits a simple and rigorous proof of security. The security proof is made possible here by exploiting the parity (space inversion) symmetry arising in the device, which has previously been unfocused but is generically available for a nuclide which decays by parity-conserving interactions.

Abstract: Quantum money allows a bank to mint quantum money states that can later be verified and cannot be forged. Usually, this requires a quantum communication infrastructure to transfer quantum states between the user and the bank. This work combines the notion of classical verification -- introduced by Gavinsky (CCC 2012) -- with the notion of user-generated money -- introduced here -- to introduce Semi-Quantum Money, the first quantum money scheme to require only classical communication with the (entirely classical) bank. This work features constructions for both a public memory-dependent semi-quantum money scheme, based on the works of Zhandry and Coladangelo, and for a private memoryless semi-quantum money scheme, based on the notion of Noisy Trapdoor Claw Free Functions (NTCF) introduced by Brakerski et al. (FOCS 2018). In terms of technique, our main contribution is a strong parallel repetition theorem for NTCF.

Abstract: The detection-efficiency mismatch is a common problem in practical quantum key distribution (QKD) systems. The security of quantum key distribution in this case is proved only under the assumption that either the output of the sender side or the input to the receiver side are single-photon signals, which impose a restriction over the class of possible eavesdropping strategies. Here we present a security proof without such a restriction and, thus, solve this important problem and prove the security of quantum key distribution with detection-efficiency mismatch against general attacks. In particular, we propose an adaptation of the decoy state method to the case of detection-efficiency mismatch.

Abstract: We study quantum period finding algorithms such as Simon and Shor (and its variants Ekerå-Håstad and Mosca-Ekert). For a periodic function $f$ these algorithms produce -- via some quantum embedding of $f$ -- a quantum superposition $\sum_x \ket{x}\ket{f(x)}$, which requires a certain amount of output qubits that represent $\ket{f(x)}$. We show that one can lower this amount to a single output qubit by hashing $f$ down to a single bit in an oracle setting. Namely, we replace the embedding of $f$ in quantum period finding circuits by oracle access to several embeddings of hashed versions of $f$. We show that on expectation this modification only doubles the required amount of quantum measurements, while significantly reducing the total number of qubits. For example, for Simon's period finding algorithm in some $n$-bit function $f: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$ our hashing technique reduces the required output qubits from $n$ down to $1$, and therefore the total amount of qubits from $2n$ to $n+1$. We also show that Simon's algorithm admits real world applications with only $n+1$ qubits by giving a concrete realization of a hashed version of the cryptographic Even-Mansour construction. Our oracle-based hashed version of the Ekerå-Håstad algorithm for factoring $n$-bit RSA reduces the required qubits from $(\frac 3 2 + o(1))n$ down to $(\frac 1 2 + o(1))n$. In principle our hashing approach also works for the Mosca-Ekert algorithm, but requires strong properties of the hash function family. A hashed version of Mosca-Ekert with as few as $\mathcal{O}(\log n)$ qubits would imply classical polynomial time factoring. keywords: Quantum period finding, Simon, Even-Mansour, Shor, Ekerå -Håstad, Mosca-Ekert, minimizing qubits

Abstract: One-way functions are fundamental tools for cryptography. Until now, quantum one-way functions have several input-output categories such as `classical-to-classical', `classical-to-quantum' and `quantum-to-classical', which are used for post-quantum cryptography or quantum cryptography. However, there are still no intrinsic `quantum-to-quantum' quantum one-way functions. In this paper, we propose the full quantum one-way function to design full quantum cryptographic schemes. By concatenating the `quantum-classical' one-way function and the rotation operation of a single qubit, the full quantum one-way function has the input and output of quantum states. We prove its one-way property from `easy computation' and `computationally difficult to invert'. Then we apply the full quantum one-way function to quantum identity authentication. Security analysis shows that the proposed quantum identity authentication scheme based on the full quantum one-way function is secure even under active attacks.

Abstract: Quantum cryptography has developed some fundamental primitives on encryption of quantum data, such as quantum one-time pad and quantum IND (indistinguishability)-security. Compared with other terms in quantum cryptography, quantum obfuscation attracts less attention and is still in its infancy due to its difficulty in implementation and application. In this paper, we define a quantum point function and construct its obfuscation, then demonstrate the validity of applying quantum point obfuscation to quantum symmetric encryption scheme. We rigorously prove that IND-secure quantum symmetric encryption can be realized by quantum point obfuscators. Furthermore, with the properties of combinability or auxiliary inputs, a quantum point obfuscator can implement IND-CPA (indistinguishability under chosen plaintext attack)-secure quantum symmetric encryption or leakage-resilient quantum symmetric encryption, respectively. This work presents new usage of a quantum obfuscator and will complement the theory of quantum obfuscation.

Abstract: The signal of the photon must be phase modulated by Phase Modulation(PM), which plays a very important role in a continuous-variable quantum key distribution system. However, there may exits a drift of voltage in actual system. In this paper, we study the influence of the imperfect PM on the system performance of the CVQKD system. The result shows that the imperfect PM can threat the security of CVQKD system and choosing a reasonable noise module can be passively improved the security of system. We also propose a way to contain modulation noise in practical CVQKD systems.

Abstract: High-dimensional entanglement promises to increase the information capacity of photons and isnow routinely generated exploiting spatio-temporal degrees of freedom of single photons. A curiousfeature of these systems is the possibility to certify entanglement despite strong noise in the data.We show that it is also possible to exploit this noisy entanglement by introducing a protocol thatuses mutliple subspaces of the high-dimensional system simultaneously. Our protocol can be used toincrease key rates in realistic conditions. To that end, we conduct two simulations of our protocol fornoise models that apply to the two most commonly used sources of high-dimensional entanglement:time-bins and spatial modes.

Abstract: Quantum private information retrieval (QPIR) is a protocol that a user retrieves one of f files from non- communicating n servers by downloading quantum systems without revealing the identity of the target file. As variants of the QPIR with stronger security requirements, the symmetric QPIR is a protocol that the files except for the target file are not leaked to the user, and the t-private QPIR is a protocol that the identity of the target file is kept secret even if at most t servers may collude to reveal the identity. The QPIR capacity is the maximum ratio of the one file size to the size of downloaded quantum systems, and we prove that the symmetric t-private QPIR capacity is min{1, 2(n − t)/n} for any 1 ≤ t < n. We construct a capacity-achieving QPIR protocol by the stabilizer formalism and prove the optimality of our protocol. The proposed capacity is greater than the classical counterpart.

Abstract: MACsec (Media Access Control Security) is an IEEE 802.1AE standard for secure communication on Ethernet links. MACsec ensures the confidentiality, integrity and origin authenticity of Ethernet frames. The secrecy of MACsec stems from a root key that is either configured as a pre-shared key or derived from a mutual authentication protocol. However, both methods are not ideal because such root key may be disclosed by human mistakes or broken by quantum attacks. In this paper, we investigate QKD (quantum key distribution) as an alternative source of trust for MACsec. QKD can be used as either a root key provider or a session key generator. We develop a new key exchange protocol based on QKD for Ethernet networks. We verified by experiment that QKD could be well integrated into MACsec without performance degradation.

Abstract: In a quantum money scheme, a bank can issue money that users cannot counterfeit. Similar to bills of paper money, most quantum money schemes assign a unique serial number to each money state, thus potentially compromising the privacy of the users of quantum money. However in a quantum coins scheme, just like the traditional currency coin scheme, all the money states are exact copies of each other, providing a better level of privacy for the users. A quantum money scheme can be private, i.e., only the bank can verify the money states, or public, meaning anyone can verify. In this work, we propose a way to lift any private quantum coin scheme -- which is known to exist based on the existence of one-way functions, due to Ji, Liu, and Song (CRYPTO'18) -- to a scheme that closely resembles a public quantum coin scheme. Verification of a new coin is done by comparing it to the coins the user already possesses, by using a projector on to the symmetric subspace. No public coin scheme was known prior to this work. It is also the first construction that is very close to a public quantum money scheme and is provably secure based on standard assumptions. The lifting technique when instantiated with the private quantum coins scheme, due to Mosca and Stebila 2010, gives rise to the first construction that is very close to an inefficient unconditionally secure public quantum money scheme.

Abstract: Private information retrieval (PIR) is a database query protocol that provides user privacy, in that the user can learn a particular entry of the database of his interest but his query would be hidden from the data centre. Symmetric private information retrieval (SPIR) takes PIR further by additionally offering database privacy, where the user cannot learn any additional entries of the database. Unconditionally secure SPIR solutions with multiple databases are known classically, but are unrealistic because they require long shared secret keys between the parties for secure communication and shared randomness in the protocol. Here, we propose using quantum key distribution (QKD) instead for a practical implementation, which can realise both the secure communication and shared randomness requirements. We prove that QKD maintains the security of the SPIR protocol and that it is also secure against any external eavesdropper. We also show how such a classical-quantum system could be implemented practically, using the example of a two-database SPIR protocol with keys generated by measurement device-independent QKD. Through key rate calculations, we show that such an implementation is feasible at the metropolitan level with current QKD technology.

Abstract: Solid-state quantum light sources emitting triggered single photons or entangled photon pairs have the potential to boost the performance of quantum key distribution (QKD) systems. Proof-of-principle experiments affirmed these prospects, but further efforts are necessary to push this field beyond its current status. In this work, we report on tools for the performance optimization of QKD systems using single-photon sources (SPSs). For this purpose, we developed a basic QKD testbed comprising a triggered solid-state single-photon source and a receiver module designed for four-state polarization coding via the BB84 protocol. Exploiting temporal filtering of the signal acceptance time window in a two-dimensional parameter space we analyze the sifted key fraction and the quantum bit error ratio (QBER) expected in in full implementations of QKD. Furthermore, we demonstrate real-time security monitoring by analyzing the QBER and the photon statistics, in terms of g(2)(\tau), inside the quantum channel in real-time during the key distribution process. This is achieved by correlating the photon flux recorded at the four ports of our receiver. Our findings can be directly applied and extended for advanced schemes of quantum communication representing an important contribution towards the development of QKD-secured communication networks based on quantum light sources.

Abstract: In the age of measurement-device-independent quantum key distribution (MDI QKD) and twin- field QKD (TF QKD), the source units of these QKD schemes may become a new ``Achilles' heel" of the whole system. An adversary, Eve, can conduct various attacks on the sources by injecting lasers, whose power is limited by the laser-induced damage threshold of the quantum channel. Such an amount of power may modify the characteristics of components in a source. In this work, we study possible components to protect the source from the light-injected attacks, i.e., Trojan-horse attack, the laser-seeding attack, and the laser-damage attack. Experimental testing shows that fiber-optics isolators and circulators are good passive countermeasures because they sacrifice themselves' isolation under a high-power laser to protect other components behind them. Moreover, we find that illuminated by the high-power laser, integrated photonics QKD chips only lose the transmission of the coupler before any other change happens for the other components in the chips.

Abstract: We reverse-engineer, test and analyse hardware and firmware of the commercial quantum-optical random number generator Quantis from ID Quantique. We show that > 99% of its output data originates in physically random processes: random timing of photon absorption in a semiconductor material, and random growth of avalanche owing to impact ionisation. We have also found minor non-random contributions from imperfections in detector electronics and an internal processing algorithm. Our work shows that the design quality of a commercial quantum-optical randomness source can be verified without cooperation of the manufacturer and without access to the engineering documentation.

Abstract: We present a composably secure protocol allowing n parties to test an entanglement generation resource controlled by a possibly dishonest party. The test consists only in local quantum operations and authenticated classical communication once a state is shared among them and provides composable security, namely it can be used as a secure subroutine by n honest parties within larger communication protocols to test if a source is sharing quantum states that are at least Ɛ-close to the GHZ state. This claim comes on top of previous results on multipartite entanglement verification where the security was studied in the usual game-based model. Here, we improve the protocol to make it more suitable for practical use in a quantum network and we study its security in the Abstract Cryptography framework to highlight composability issues and avoid hidden assumptions. This framework is a top-to-bottom theory that makes explicit any piece of information that each component (party or resource) gets at every time-step of the protocol. Moreover any security proof, which amounts to showing indistinguishability between an ideal resource having the desired security properties (up to local simulation) and the concrete resource representing the protocol, is composable for free in this setting. This allows us to readily compose our basic protocol in order to create a composably secure multi-round protocol enabling honest parties to obtain a state close to a GHZ state or an abort signal, even in the presence of a noisy or malicious source. Our protocol can typically be used as a subroutine in a Quantum Internet, to securely share a GHZ state among the network before performing a communication or computation protocol.

Abstract: Characterising the input-output photon-number distribution of an unknown optical quantum channel is an important task especially in the case of quantum cryptography. In practice, this would require true photon number sources and photon-number-resolving detectors, but these technologies are still work-in-progress. In this work, we propose an efficient technique called double-decoy method which can provide relevant partial information of the input-output photon-number distribution, including the fraction of events in which the unknown quantum channel accepts and outputs a single photon. These detections correspond to events in which the transmitted single photon survives a basis-independent filter just before the measurement. We apply the double-decoy method to quantum key distribution (QKD) and show that it can substantially reduce the background noise and systematic error at the privacy amplification level, thereby improving the current secret key rate and achievable distance for standard QKD protocols. We also believe that several applications beyond cryptography will benefit from this technique.

Abstract: To reduce the frame error rate of polar-based information reconciliation (IR) scheme with high reconciliation efficiency, we propose the Shannon-limit approached (SLA) IR scheme, in which the block checked decoder of polar code is proposed to determine the error sub-blocks in the forward reconciliation and the errors are corrected in the acknowledgment reconciliation. And the experimental results show that the SLA IR scheme reduces the $\varepsilon$-correctness to $10^{-8}$ and improves the efficiency to better than 1.091 with the IR block size of 128Mb. Otherwise, the SLA IR scheme reaches the efficiency of 1.055 with the quantum bit error rate (QBER) of 0.02, when the block length reaches to 1Gb, which is hundred times larger than the state-of-art implemented polar codes-based IR schemes and further reduce the finite length effect.

Abstract: When wavelength multiplexing a large number of quantum communication channels and time-phase coding is used, it’s desired in terms of cost and complexity to minimize the number of interferometers. Here, we demonstrate that a visibility sufficiently high to enable QKD operation can be maintained with only a single interferometer at the receiver and without the need for additional high frequency phase modulation.

Abstract: We have come a long way since the first implementation of a quantum key distribution (QKD) system and various attacks have been demonstrated, such as the Trojan Horse Attack (THA). In this attack, the eavesdropper Eve gains information by analysing the back-reflections of light she shines into the QKD system. Almost all attacks have been demonstrated on devices based on fibre components. However, the first chip-scale QKD devices are being developed now, utilising the small size of integrated optics, the stability of the optical system and the ease at which it can be mass-produced, showing great commercial potential. Here we discuss a THA on chip-scale QKD. First, points of reflection in a QKD transmitter chip were found via a reflectometry. Based on this we give an experimental set-up to implement a THA which would give Eve access to 50% of the key. Full experimental results of this attack are expected in the next two to three months.

Abstract: Quantum state elimination measurements tell us what states a quantum system does not have. This is different from state discrimination, where one tries to determine what the state of a quantum system is, rather than what it is not. Apart from being of fundamental interest, quantum state elimination may find uses in quantum communication and quantum cryptography. We consider unambiguous elimination of a pair of quantum states, and present a possible optical realisation of the scheme.

Abstract: Recently, major progress has been made towards the realisation of the quantum internet to enable a broad range of applications that would be out of reach for classical internet. Most of these applications such as delegated quantum computation require running a secure identification protocol between a low-resource and a high-resource party to provide secure communication. Physical Unclonable Functions (PUFs) have been shown as resource-efficient hardware solutions for providing secure identification schemes in both classical and quantum settings. In this work, we propose two identification protocols based on quantum PUFs (qPUFs) as defined recently by Arapinis et al. In the first protocol, the low-resource party wishes to prove its identity to the high-resource party and in the second protocol, it is vice versa. Unlike existing identification protocols based on Quantum Read-out of PUFs which rely on the security against a specific family of attacks, our protocols provide provable exponential security against any Quantum Polynomial-Time adversary with only polynomial resource parties. We provide a comprehensive comparison between the two proposed protocols in terms of resources such as quantum memory and computing ability required in both parties as well as the communication overhead between them. A stand-out feature of our second protocol is secure identification of a high-resource party by running a purely classical verification algorithm. This is achieved by delegating quantum operations to the high-resource party and utilising the resulting classical outcomes for identification. An interesting application idea that emerges from our second protocol is certification or benchmarking of general quantum computation schemes based on purely running a classical test on the resulting measurement outcomes.

Abstract: In this research, we study different approaches to construct Key Generation and Distribution Schemes using Quantum Key Distribution systems. Three schemes are proposed and analyzed. The main question to answer is what happens if a part of the newly shared key is used for authentication while sharing other keys? We consider several attacks, their complexity and probability. It is shown that a hybrid approach, when authentication keys are derived from a mixture of pre-shared keys and key from QKD protocol, is more advantageous.

Abstract: Our ability to trust that a random number is truly random is essential for fields as diverse as cryptography and fundamental tests of quantum mechanics. Device-independent quantum random number generators (QRNGs) provide a means of completely trusted randomness, but are highly impractical due to their strict technological requirements, such as loophole-free quantum nonlocality. By making fixed assumptions on specific parts of the device, semi-device-independent QRNGs lower these requirements drastically. However, this {has usually been} done at the cost of limiting their flexibility and security to a specific physical implementation and level of trust. Here we propose and experimentally test a new framework for semi-device-independent randomness certification that employs a flexible set of assumptions, allowing it to be applied in a range of physical scenarios involving both quantum and classical entropy sources. At the heart of our method lies a source of trusted vacuum in the form of a signal shutter, which enables the honesty of partially trusted measurement devices to be tested and provides lower bounds on the guessing probability of their measurement outcomes. We experimentally verify our protocol with a photonic setup and generate secure random bits under three different source assumptions with varying degrees of security and resulting data rates. Our work demonstrates a simple and practical way for achieving semi-device-independent randomness generation with user-defined flexibility in terms of levels of trust and physical implementations.

Abstract: Quantum key distribution (QKD) contrasts with classical cryptographic methods because it provides information-theoretical security on the distilled key. In some security demanding contexts, the perfect confidentiality that can be obtained with QKD combined with One-Time-Pad, may be insufficient. This will be in particular the case if the mere existence of communication can divulge crucial information. Performing QKD covertly solves this by insuring low probability of detection for the QKD signal states. We study here for the first time Covert continuous variable (CV) QKD. We establish, in the general case of a thermal noise channel, that the covertness conditions impose drastic limits to the performance of such protocols. We then propose an original solution to overcome this limitation by performing a computationally-secure coherent block encoding, analogous to spread spectrum, to the signal pulses of a Gaussian modulated coherent state CV-QKD protocol. The resulting protocol provides covertness, under computational assumptions while preserving the information-theoretical security on the final QKD key. We show that our method enables QKD over realistic WDM environments such as a 30 km optical backbone populated by 25 standard channels.

Abstract: We consider a device-independent scenario where N parties test the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality. By exploiting the inequality’s symmetries, we drastically simplify the general form of the quantum state that can be considered, without loss of generality. We then derive an upper bound on the maximal violation of the MABK inequality attained by an arbitrary N-qubit state, as a function of the state’s parameters. The two results enable us to derive analytical bounds on the von Neumann entropy of the parties’ outcomes, conditioned on the eavesdropper’s information. These quantities are crucial for the security of many cryptographic protocols and better bounds lead to more robust protocols. In particular, we bound the conditional entropy of a single party’s outcome and the joint conditional entropy of two parties’ outcomes, as a function of the MABK violation observed by three parties. We extend the former bound to N parties and prove its tightness, while we observe that the latter significantly improves previous results.

Abstract: With the emergence of quantum communication, it is of folkloric belief that allowing an Adversary to perform superposition queries to otherwise classical cryptographic protocols and forcing the honest players to perform actions coherently on quantum states automatically breaks the schemes' security. Another intuition is that enforcing measurements on the exchanged messages is enough to protect protocols from these attacks. However, the reality is much more complex. The security models dealing with superposition attacks only consider unconditional security. The first seminal papers date back to 1997 and prove the impossibility of unconditionally-secure bit-commitment schemes. Follow-up works heavily rely on this assumption of unconditional security to prove strong impossibility results and their proof techniques cannot be applied to the computational setting. They essentially indicate that ideal primitives should in fact measure the input state. On the opposite, security models considering computational security assume that all supposedly classical messages are measured, which forbids by construction the analysis of superposition attacks. To fill in the gap between those models, Boneh and Zhandry have started to study the quantum computational security for classical primitives in their seminal work at Crypto'13, but only in the single-party setting. To the best of our knowledge, an equivalent model in the multiparty setting is still missing. In this work, we propose the first computational security model considering superposition attacks for multiparty protocols. We show that our new security model is satisfiable by proving the security of the well-known One-Time-Pad protocol and show an attack on a variant of the equally reputable Yao Protocol for Secure Two-Party Computations. The post-mortem of this attack reveals the precise points of failure, yielding highly counter-intuitive results: The attack vector consists of a (classically) seemingly inoffensive message and a measurement performed by the honest player. This example shows that adding extra classical communication, which is harmless for classical security, can make the protocol become subject to superposition attacks. Our results show that intuitions can be misleading when reasoning about cryptographic protocols in a quantum world, and that there is no evident answer to provide for either the vulnerabilities of classical protocols to superposition attacks or the adapted countermeasures.

Abstract: Bitcoin and its underlying blockchain protocol have received recently significant attention in the context of building distributed systems as well as from the perspective of the foundations of the consensus problem. At the same time, the rapid development of quantum technologies brings the possibility of quantum computing devices from a theoretical concept to an emerging technology. Motivated by this, in this work we revisit the formal security of the core of the Bitcoin protocol, called the Bitcoin backbone, in the presence of an adversary that has access to a scalable quantum computer. We prove that the protocol’s essential properties stand in the post-quantum setting assuming a general quantum adversary with suitably bounded number of queries in the Quantum Random Oracle (QRO) model. In order to achieve this, we investigate and bound the quantum complexity of a Chain-of-Proofs-of-Work search problem which is at the core of the blockchain protocol. Our results imply that security can be shown by bounding the quantum queries so that each quantum query is worth O(p^{−1/2}) classical ones and that the wait time for safe settlement is expanded by a multiplicative factor of O(p^{−1/6}), where p is the probability of success of a single classical query to the protocol’s underlying hash function.

Abstract: We initiate a systematic study to provide upper bounds on device-independent key, secure against a non-signaling adversary (NSDI), distilled by a wide class of operations, currently used in both quantum and non-signaling device-independent protocols. These operations consist of a direct measurements on the devices followed by Local Operations and Public Communication (MDLOPC). We formulate a security condition for the considered class of protocols, that is based on the newly introduced non-signaling norm. This norm takes supremum over certain operations, that can be used to discriminate devices. It is shown that the security condition based on this norm, is equivalent to two security conditions present in the literature. We employ the idea of ``squashing" on the secrecy monotones, which provide upper bounds on the key rate in secret key agreement (SKA) scenario, and show that squashed secrecy monotones are the upper bounds on NSDI key. As an important instance, an upper bound on NSDI key rate called ``squashed non-locality", has been constructed. It exhibits several important properties, including convexity, monotonicity, and additivity on tensor products. Using this bound, we identify numerically a domain of two binary inputs and two binary outputs non-local devices for which the squashed non-locality is zero. Therefore one can not distill key from them via MDLOPC operations. These are mixtures of Popescu-Rohrlich (PR) and anti-PR box with the weight of PR less than 80%. This example confirms the intuition that non-locality need not imply secrecy in the non-signaling scenario. The approach is general, describing how to construct other tighter yet possibly less computable upper bounds. Our technique for obtaining upper bounds is based on the non-signaling analog of quantum purification: the complete extension. This extension provides the ultimate eavesdropping power with the minimal consumption of eavesdropper's memory and, as we prove, yields equivalent security conditions as previously known in the literature.

Abstract: By making reasonable assumptions on realistic systems, we propose and implement the first ultra-high-speed CHSH experiment working at 40GHz demonstrating a gigabit quantum certified random number throughput. Moreover, our scheme is suitable for optical chip design since it only requires standard optical components and balanced detectors. Furthermore, our scheme paves the way for the promising research direction to utilise noisy detectors for quantum system construction, which might be helpful for certain noise-sensitive applications, e.g. quantum sensing and quantum computing.

Abstract: We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations.

Abstract: we propose a synchronization method that do not need additional modulation devices and can synchronize under phase shifts. It can be used in passive preparation CVQKD schemes that are inconvenient to add synchronization frames into key strings by modulation devices.

Abstract: Large-scale and flexible deployment of quantum networks is possible with reliable free-space quantum key distribution. However, signal fading occurs in free-space channels and causes various adverse effects. Under this circumstance, phase compensation becomes a challenging task for quantum key distribution using continuous variables. Here we investigate the feasibility of implementing phase compensation via simply computing the correlation between transmitted and received data. Demonstration and performance analysis are conducted with real transmittance of a 150-m free-space fading channel; results indicate the applicability of this compensation scheme to free-space quantum communication systems.

Abstract: The finite-key security of the standard three-intensity decoy-state quantum key distribution QKD) protocol in the presence of information leakage has been analyzed (Wang et al. in New J Phys 20:083027, 2018). On the other hand, the 1-decoy state QKD protocol has been proved to be able to achieve higher secret key rate than the three-intensity decoy-state QKD protocol in the finite-key regime by using only two different intensity settings (Davide et al. in Appl Phys Lett 112:171104, 2018). In this work, we analyze the finite-key security of the 1-decoy state QKD protocol with a leaky intensity modulator, which is used to generate the decoy state. In particular, we simulate the secret key rate under three practical cases of Trojan-horse attacks. Our simulation results demonstrate that the 1-decoy state QKD protocol can be secure over long distances within a reasonable time frame given that the intensity modulator is sufficiently isolated. By comparing the simulation results to those presented in Wang et al. (2018), we find that, as expected, the 1-decoy state QKD protocol is more robust against information leakage from the intensity modulator for all achievable distances.

Abstract: We developed a system for real-time transmission of genome sequence data using quantum cryptography and have succeeded in the quantum cryptography transmission of genome sequence data with data volumes exceeding several hundred gigabytes. This demonstrated that quantum cryptography can transmit large amounts of data and has practical applications in the fields of genomic research and genomic medicine.

Abstract: Free-space quantum key distribution (QKD) is a promising solution for secure communication between two remote parties through free space. Due to the possibility of free space communication, in general, the application candidates of free space QKD are focused on secure communication between moving terminals. Such applications have characteristics such as moving position, outside operation, and limited internal space and power consumption. First, the moving position of a terminal needs active compensation of a shared reference between transmitter and receiver because general QKD protocols requires a shared reference frame, i.e., polarization reference in a QKD protocol using polarization encoding. This can be solved by using reference frame independent (RFI) QKD. Second, the outside operation brings intensive noise issue caused by the sun light which significantly degrades the performance of free-space QKD. The change of operating wavelength of QKD to 1550-nm and single mode fiber coupling can significantly alleviate the noise issue. Finally, the limitation of internal space requires to chip scale implementation. The use of 1550-nm wavelength provides comparability of integrated (silicon) photonic chips which is already studied in the fiber based QKD. In this paper, we provide a 1550-nm free-space RFI QKD system which incorporates the aforementioned solutions while the previous free-space RFI QKD is realized with visible wavelength. We also shows that our system achieves about 0.8% quantum bit error rate (QBER) without additional blocking out external light to the receiver through single mode fiber coupling. This low QBER indicates the possibility of daylight free-space QKD.

Abstract: We consider passive eavesdropping in continuous-variable quantum key distribution (CV-QKD) over atmospheric turbulence channels. We study the effect of turbulence in creating independent channels from Alice to Bob and Eve, and examine the performance of transmitted local oscillator (TLO) and local local oscillator (LLO) based CV-QKD system.

Abstract: Free-space quantum key distribution (QKD) has received an increasing attention for its inherent secure communication between two remote systems. Most of the free-space QKD systems require integration of various signals such as quantum and beam tracking channels with different wavelengths into the same optical path for beam tracking. The beam tracking system, consisting of fast steering mirrors and position detectors, maintains optical beam path by adjusting the misalignments induced by moving terminals, vibrations and atmospheric turbulence in the free-space QKD system. Most QKD systems use dichroic mirrors for combining and separating quantum and beam tracking channels through free-space alignment. However, integration of such channels in free-space could require a large volume space, much alignment effort for mode overlap and can be easily affected by mechanical shock. In this paper, we report the effect of using a fiber-based wavelength division multiplexing (WDM) filter for integrating the quantum and beam tracking channels in free-space QKD systems. A custom-made WDM filter was used in the transmitter part of the free-space BB84 QKD system, combining a 785 nm signal for quantum channel and a 1550 nm signal for beam tracking channel. HI780 fiber was selected for common output port of the device to maintain the orthogonality of polarization states and beam quality of the quantum channel. Although 1550 nm signal can suffer from the insertion and bending loss caused by smaller core size of the HI780 fiber, we could reduce the loss as low as 1.4 dB by designing the fiber with length within about 15 cm, well straightened. We could also obtain good beam quality and mode overlap of the quantum and beam tracking channels by using the common output port of the WDM filter.

Abstract: Quantum Key Distribution (QKD) over a free-space channel is challenging due to inefficient coupling of received signals to the detection system. A narrow detector cross-section, such as with fibre coupling to a telescope, reduces the field of view (FOV) and thus increases the loss due to atmospheric turbulence. A larger detector cross-section increases the FOV; however, the corresponding increase in background noise also increases the QBER associated with a Discrete Variable (DV) QKD system. On the contrary, Continuous Variable (CV) QKD systems are highly tolerant to background noise, but their performance is still limited by the channel loss. The FOV of the receiver is defined as the area expressed in solid angle from which the detector can accepts signal. A simple geometrical analysis reveals FOV as $\Theta = 2\tan^{-1}(d/2F)$, where $d$ is the detector diameter and $F$ is the effective focal length of the receiver telescope. With a large-area detector, one can design the signal collection optics, such that the FOV of the telescope with a given aperture can be larger. In this work, we present a larger FOV receiver system for CVQKD which reduces the channel loss due to beam wandering and atmospheric turbulence. We will describe the performance of the receiver system in terms of shot-noise sensitivity, loss reduction and enhancement in secure key rate, compared to a typical fibre-coupled receiver system.

Abstract: The transition of Quantum Technologies (QT) being no longer pure basic research but touching applied fields with emerging products is companied by requests for standardization and certification. The call of the markets requesting products based on QT will require alignment of QT products to match not only the need for standards but also the proof to fulfil certification procedures. We will isolate and identify the most promising candidates for this endeavour and by listing challenges, obstacles and dependencies we will propose a strategy and envision a standardization roadmap

Abstract: Twin-Field quantum key distribution (TF-QKD) can beat the linear bound of repeaterless QKD systems. After the proposal of the original protocol, multiple papers have extended the protocol to prove its security. However, these works are limited to the case where the two channels have equal amount of loss (i.e. are symmetric). In a practical network setting, it is very likely that the channels are asymmetric due to e.g. geographical locations. In this work we extend a version of the TF-QKD protocol to the scenario with asymmetric channels. We show that by simply adjusting the two signal states of the two users (and not necessarily the decoy states) they can effectively compensate for channel asymmetry and consistently obtain higher key rate than either using no compensation or using the strategy of deliberately adding fibre to the shorter channel. We perform simulation with realistic parameters and finite data size, and show that our method works well and has a clear advantage over prior art methods in the presence of channel asymmetry.

Abstract: We propose a high efficiency reconciliation method for continuous-variable quantum key distribution over free-space channel based on rate compatible codes, which achieves stable reconciliation efficiency of more than 95% under the fluctuation of the SNR (as low as -16 dB).

Abstract: Quantum key distribution (QKD) is designed to establish symmetric keys among two legitimate parties. Continuous variable (CV) QKD that uses the coherent states and homodyne detection can only apply the cost-effective telecommunication components[1]. The field test of CV-QKD has reached over 50 km[2], and under the laboratory conditions, experimental demonstration of over 200km has been reported [3], thus, has revealed great potentials in practical implementations. The access network that allows multitude end-users to connect to the nodal network is a necessary in the modern network infrastructure since it is suitable for general home-to-home scenarios. Quantum access network was first proposed [4] and demonstrated in field tests [5] for discrete variable QKD. Here, we report an upstream access network based on CV-QKD. In our experimental demonstrations, two transmitters Alice are deployed as optical network units that simultaneously send signals to the network, the receiver Bob is acted as the optical line terminal. The optical distribution network is located between the optical network units and the optical line terminal to couple the signals. The signals generated from each optical network unit are required to pass through a variable delay line to calibrate the arriving time at the optical distribution network before being transmitted. The signals are then simultaneously sent to the optical distribution network through fibers of 5.3 km and 12.3 km respectively. When the signals approach to the optical distribution network, dynamic polarization control modules are firstly applied in each path to pre-compensate the polarization. The signals are then coupled through a beamsplitter and forwarded to the optical line terminal. With a system repetition frequency of 2.5 MHz, we obtain the averaged secret key rates of 55 kbps and 22 kbps for Alice No. 1 and Alice No. 2 respectively. The total secret key rates has reached 77 kbps which suggests a higher network capacity. The excess noise is relatively stable, yet there are small fluctuations in the secret key rates. To one step further reduce the loss, the wavelength division multiplexing devices can be used at the optical distribution network. This is especially beneficial when the quantum signal has to co-propagate with classical data channels in the same fiber [6,7]. The upstream access network implementations can be easily extended to a higher repetition frequency system or to support more users. The demonstration experiments provide the possibility of building practical large-scale CV-QKD networks. This work is supported by the Key Program of National Natural Science Foundation of China under Grants No. 61531003, and the Fund of CETC under Grant No. 6141B08231115. References 1. C.Weedbrook, S. Pirandola, R. Garc´ıa-Patr´on, N. J. Cerf, T. C. Ralph, J. H. Shapiro and S. Lloyd, Gaussian quantum information, Rev. Mod. Phys. 84, 621 (2012). 2. Y. Zhang, Z. Li, Z. Chen, C. Weedbrook, Y. Zhao, X. Wang, Y. Huang, C. Xu, X. Zhang, Z. Wang, M. Li, X. Zhang, Z. Zheng, B. Chu, X. Gao, N. Meng,W. Cai, X.Wang, G.Wang, S. Yu and H. Guo, Continuous- variable QKD over 50 km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019). 3. Y. Zhang, Z. Chen, S. Pirandola, X. Wang, C. Zhou, B. Chu, Y. Zhao, B. Xu, S. Yu and H. Guo, Long- distance continuous-variable quantum key distribution over 202.81 km fiber, arXiv:2001.02555 (2020). (Accepted by Phys. Rev. Lett.) 4. B. Fr¨ohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 69-72 (2013). 5. B. K. Park, M. K. Woo, Y. S. Kim, Y. W. Cho, S. Moon and S. W. Han, User-independent optical path length compensation scheme with sub-nanosecond timing resolution for a 1* N quantum key distribution network system, Photon. Res. 8, 296 (2020). 6. T. A. Eriksson, T. Hirano, B. J. Puttnam, G. Rademacher, R. S. Lu´ıs, M. Fujiwara, R. Namiki, Y. Awaji, M. Takeoka, N. Wada and M. Sasaki, Wavelength division multiplexing of continuous variable quantum key distribution and 18.3 Tbit/s data channels, Commun. Phys. 2, 9 (2019). 7. B. Chu, Y. Zhang, Y. Zhao, Y. Xu, X. Chen, X. Wang and S. Yu, Crosstalk-induced impact of coexisting DWDM network on continuous-variable QKD, 16th International Conference on the Design of Reliable Communication Networks DRCN, Milano, Italy, pp. 1-5 (2020).

Abstract: We report the polarization-multiplexed CV-QKD with four-state modulation capable of full use of two orthogonal polarization channels and experimentally investigate it. We design a polarization and phase compensation scheme by introducing a pair of rather than one single regularly spaced reference data timemultiplexed with weaker signal data. The polarization mixing and relative phase can be estimated simultaneously by using the transmitted reference data and the corresponding detection data to calculate a overall rotation matrix, and compensated by rotating Bob's received data. The results show that combined with our efficient polarization and phase compensation scheme this low-complexity scheme can further improve the secret key rate and prompt CV-QKD to be network-compatible and on-chip integrated.