Poster Session 1

Abstract: Measurement-device-independent quantum key distribution removes all detector-side attacks in quantum cryptography, and in the meantime doubles the secure distance. The source side, however, is still vulnerable to various attacks. In particular, the continuous phase randomization assumption on the source side is normally not fulfilled in experimental implementation and may potentially open a loophole. In this work, we first show that indeed there are loopholes for imperfect phase randomization in measurement-device-independent quantum key distribution by providing a concrete attack. Then we propose a discrete-phase-randomized measurement-device-independent quantum key distribution protocol as a solution to close this source-side loophole. [Phys. Rev. A 101, 062325]

Abstract: Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the super-luminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase.

Abstract: A quantum bit commitment scheme is to realize bit (rather than qubit) commitment by exploiting quantum communication and quantum computation. In this work, we study the binding property of the quantum string commitment scheme obtained by composing a generic quantum computationally-binding bit commitment scheme in parallel. We show that the resulting scheme satisfies a stronger quantum computational binding property than the trivial honest-binding, which we call predicate-binding. Intuitively and very roughly, the predicate-binding property guarantees that given any inconsistent predicate pair over a set of strings (i.e. no strings in this set can satisfy both predicates), if a (claimed) quantum commitment can be opened so that the revealed string satisfies one predicate with certainty, then the same commitment cannot be opened so that the revealed string satisfies the other predicate except for a negligible probability. As an application, we plug a generic quantum perfectly(resp. statistically)-hiding computationally-binding bit commitment scheme in Blum's zero-knowledge protocol for the NP-complete language Hamiltonian Cycle. The quantum computational soundness of the resulting protocol will follow immediately from the quantum computational predicate-binding property of commitments. Combined with the perfect(resp. statistical) zero-knowledge property which can be similarly established as [Watrous], as well as known constructions of quantum computationally-binding bit commitment scheme, this gives rise to the first quantum perfect(resp. statistical) zero-knowledge argument system for all NP languages merely relying on quantum-secure one-way functions.

Abstract: Quantum enhanced receivers are endowed with resources to achieve higher sensitivities than conventional technologies. For application in optical communications, they provide improved discriminatory capabilities for multiple non-orthogonal quantum states. In this work, we propose and experimentally demonstrate a new decoding scheme for quadrature phase-shift encoded signals. Our receiver surpasses the standard quantum limit and outperforms all previously known non-adaptive detectors at low input powers. Unlike existing approaches, the receiver only exploits linear optical elements and on-off photo-detection. This circumvents the requirement for challenging feed-forward operations that limit communication transmission rates and can be readily implemented with current technology.

Abstract: Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states. One trivial solution in both settings is downloading all states from the servers and the main goal of this paper is to find more efficient QPIR protocols. First, we prove that the trivial solution is optimal for one-server QPIR in the blind setting. In one-round protocols, the same optimality holds even in the visible setting. On the other hand, when the user and the server share entanglement, we prove that there exists an efficient one-server QPIR protocol in the blind setting. Furthermore, in the visible setting, we prove that it is possible to construct symmetric QPIR protocols in which the user obtains no information of the non-targeted messages. We construct two-server symmetric QPIR protocols. Note that symmetric classical PIR is impossible without shared randomness unknown to the user.

Abstract: Reference-frame-independent quantum key distribution (RFI-QKD) can dispense with the requirements of active alignment on reference frames between legitimate users, which is beneficial for free-space implementation. However, the fluctuating transmittance due to atmospheric turbulence still remains a great challenge for improving the performance and has been seldom addressed. In this paper we extend the recently proposed prefixed-threshold real-time selection method to RFI-QKD while combining practical consideration of the transmittance probability distribution model based on the finite aperture theory. Through numerical simulations, we present an estimation for the variance of the log-normal model with respect to distance and receiving aperture radius, and demonstrate the effectiveness of using this method in the RFI protocol. Considering the finite-key effects, simulation results show that the gap of the key rate with different reference frame deviations can be alleviated by increasing the data size. By adopting this method one can tolerate more serious transmission loss, especially in strong turbulence cases, which is helpful for future free-space experimental designs.

Abstract: Currently most quantum teleportation experiments are based on qubits. Here, we demonstrate a quantum autoencoder assisted teleportation for high-dimensional quantum states. Our method of training the autoencoder allows us to take a finite sample of those states, learn how to compress them to qubits with nearly unit fidelity. After training, we can teleport any further states from the sender and reconstruct them with high fidelity on the receiver part. We verify the proposed scheme by teleporting a qutrit via a silicon-photonic chip. High fidelity is achieved between the input qutrit and the qutrit recovered from the teleported qubit.

Abstract: Continuous-variable quantum information, encoded into in finite-dimensional quantum systems, is a promising platform for the realization of many quantum information protocols, including quantum computation, quantum metrology, quantum cryptography, and quantum communication. To successfully demonstrate these protocols, an essential step is the certi fication of multimode continuous variable quantum states and quantum devices. This problem is well studied under the assumption that multiple uses of the same device result into identical and independently distributed (i.i.d.) operations. However, in realistic scenarios, identical and independent state preparation and calls to the quantum devices cannot be generally guaranteed. Important instances include adversarial scenarios and instances of time-dependent and correlated noise. In this paper, we propose the first set of reliable protocols for verifying multimode continuous-variable entangled states and devices in these non-i.i.d scenarios.

Abstract: Shared entanglement between two remote parties is a key resource for Quantum Cryptography. Quantum communications capacity using direct transmission over length-$L$ optical fiber scales as $R \sim e^{-\alpha L}$, where $\alpha$ is the fiber's loss coefficient. The rate achieved using a linear chain of quantum repeaters equipped with quantum memories, probabilistic Bell state measurements (BSMs) and switches used for spatial multiplexing, but no quantum error correction was shown to surpass the direct-transmission capacity. However, this rate still decays exponentially with the end-to-end distance, viz., $R \sim e^{-s{\alpha L}}$, with $s < 1$. We show that the introduction of temporal multiplexing---i.e., the ability to perform BSMs among qubits at a repeater node that were successfully entangled with qubits at distinct neighboring nodes at {\em different} time steps---leads to a sub-exponential rate-vs.-distance scaling, i.e., $R \sim e^{-t\sqrt{\alpha L}}$, which is not attainable with just spatial or spectral multiplexing. We evaluate analytical upper and lower bounds to this rate and obtain the exact rate by numerically optimizing the time-multiplexing block length and the number of repeater nodes. We further demonstrate that incorporating losses in the optical switches used to implement time-multiplexing degrades the rate-vs.-distance performance, eventually falling back to exponential scaling for very lossy switches. We also examine models for quantum memory decoherence and describe optimal regimes of operation to preserve the desired boost from temporal multiplexing. QM decoherence is seen to be more detrimental to the repeater's performance over switching losses.

Abstract: There are two critical challenges that must be addressed for Quantum Key Distribution (QKD) to achieve wide-scale adoption. First, overcoming distance limitations and second increasing secret key generation rates. Our work investigates the design of novel routing algorithms for near-future QKD networks to help mitigate these problems. The networks we consider also may serve as a bridge between today's QKD networks and the long-term goal of a true Quantum Internet.

Abstract: Recent experimental breakthroughs in satellite quantum communications have opened up the possibility of creating a global quantum internet using satellite links. This approach appears to be particularly viable in the near term, due to the lower attenuation of optical signals from satellite to ground, and due to the currently short coherence times of quantum memories. The latter prevents ground-based entanglement distribution using atmospheric or optical-fiber links at high rates over long distances. In this work, we propose a global-scale quantum internet consisting of a constellation of orbiting satellites that provides a continuous, on-demand entanglement distribution service to ground stations. The satellites can also function as untrusted nodes for the purpose of long-distance quantum-key distribution. We develop a technique for determining optimal satellite configurations with continuous coverage that balances both the total number of satellites and entanglement-distribution rates. Using this technique, we determine various optimal satellite configurations for a polar-orbit constellation, and we analyze the resulting satellite-to-ground loss and achievable entanglement-distribution rates for multiple ground station configurations. We also provide a comparison between these entanglement-distribution rates and the rates of ground-based quantum repeater schemes. Overall, our work provides the theoretical tools and the experimental guidance needed to make a satellite-based global quantum internet a reality.

Abstract: In decoy-state-based QKD, GHz clocked or higher frequency transmitters exhibit correlations between the intensities of succeeding pulses. As a consequence, every pulse leaks partial information about previous intensity settings to an eavesdropper, thus invalidating the fundamental principle of the decoy-states method, i.e., the independent character of the yields from the intensity settings. In this work, we present a technique that allows to incorporate arbitrary intensity correlations to the decoy-state analysis, thereby solving a pressing problem in the race towards practical high-speed QKD systems. As a side contribution, we present a non-standard derivation of the asymptotic key rate formula from the non-asymptotic one, in so revealing a largely dismissed necessary condition for the significance of the former. We discuss this condition in full detail.

Abstract: Privacy amplification (PA) is an indispensable component in classical and quantum cryptography. Error correction (EC) and data compression (DC) algorithms are also indispensable in classical and quantum information theory. We here study these three algorithms (PA, EC, and DC) in the presence of quantum side information, and show that they all become equivalent in the one-shot scenario. As an application of this equivalence, we take previously known security bounds of PA, and translate them into coding theorems for EC and DC which have not been obtained previously. Further, we apply these results to simplify and improve our previous result that the two prevalent approaches to the security proof of quantum key distribution (QKD) are equivalent. We also propose a new method to simplify the security proof of QKD.

Abstract: We present a quantum key distribution (QKD) platform targeting mid-range fiber, free-space and hybrid links. With its interfaces for third-party post-processing, commercial key management, encryptors and QRNG, the modular and flexible system enables easy integration into existing telecom infrastructures. Recent experiments demonstrate its seamless operation over fiber and free-space links.

Abstract: We consider (Enc, Dec) schemes which are used to encode a classical/quantum message m and derive an n-qubit quantum codeword ψ_m. The quantum codeword ψ_m can adversarially tamper via a unitary U∈F_u from some known tampering unitary family F_u, resulting in Uψ_mU†. Firstly, we initiate the general study of quantum tamper detection codes, which must detect that tampering occurred with high probability. In case there was no tampering, we would like to output the message m with a probability of 1. We show that quantum tamper detection codes exist for both classical messages and quantum messages for any family F_u of unitary operators, such that |F_u|<2^{2^{αn}} for some known constant α∈(0,1) and all the unitary operators satisfy one additional condition : Far from Identity : For each U∈F_u, we require that its modulus of trace value isn't too much i.e. $ |Trace(U)| \leq \phi N$, where N=2^n. Quantum tamper-detection codes are quantum generalizations of classical tamper detection codes studied by Jafargholi et al. Additionally for classical message m, if we must either output message m or detect that tampering occurred and output ⊥ with high probability, we show that it is possible without the restriction of Far from Identity condition for any family of unitary operators F_u, such that |F_u|<2^{2^αn}. We also provide efficient (Enc, Dec) schemes when the family of tampering unitary operators are from Pauli group Pn, which can be thought of as a quantum version of the algebraic manipulation detection (AMD) codes of Cramer et al.

Abstract: With the development of delegated quantum computation, clients will want to ensure confidentiality of their data and algorithms, and the integrity of their computations. While protocols for blind and verifiable quantum computation exist, they suffer from high overheads and from over-sensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. We introduce the first blind and verifiable protocol for delegating BQP computations to a powerful server with repetition as the only overhead. It is composably statistically secure with exponentially-low bounds and can tolerate a constant amount of global noise.

Abstract: We demonstrate a simple and compact MDI-QKD system design based on optical injection locking and gain-switching techniques, capable of directly encoding phase-modulated time-bin bits. Our results improve upon the state-of-the-art key rates by an order of magnitude.

Abstract: Random number generators underpin the security of current and future cryptographic systems and are therefore a likely target for attackers. Quantum random number generators have been hailed as the ultimate sources of randomness. However, as shown in this work, the susceptibility of the sensitive electronics required to implement such devices poses a serious threat to their security. We present the first out-of-band electromagnetic injection attack on a quantum random number generator through which an adversary can gain full control of the output. In our first experiment, the adversary forces the binary output of the generator to become an alternating string of 1s and 0s, with near 100% success. This attack may be spotted by a vigilant user performing statistical tests on their output strings. We therefore envisage a second more subtle attack in which the adversary forces the output to be a random pattern known to them, thus rendering any protection based on statistical tests ineffective.

Abstract: Self-testing is a method to verify that one has a particular quantum state from purely classical statistics. For practical applications, such as device-independent delegated verifiable quantum computation, it is crucial that one self-tests multiple Bell states in parallel while keeping the quantum capabilities required of one side to a minimum. In this work, we use the $3 \times n$ magic rectangle games (generalisations of the magic square game) to obtain a self-test for $n$ Bell states where the one side needs only to measure single-qubit Pauli observables. The protocol requires small input sizes (constant for Alice and $O(\log n)$ bits for Bob) and is robust with robustness $O(n^{5/2} \sqrt{\varepsilon})$, where $\varepsilon$ is the closeness of the observed correlations to the ideal. To achieve the desired self-test we introduce a one-side-local quantum strategy for the magic square game that wins with certainty, generalise this strategy to the family of $3 \times n$ magic rectangle games, and supplement these nonlocal games with extra check rounds (of single and pairs of observables).

Abstract: The negative solution to the famous problem of 36 officers of Euler implies that there are no two orthogonal Latin squares of order six. We show that the problem has a solution, provided the officers are entangled, and construct orthogonal quantum Latin squares of this size. As a consequence, we find an Absolutely Maximally Entangled state AME(4,6) of four subsystems with six levels each, equivalently a 2-unitary matrix of size 36, which maximizes the entangling power among all bipartite unitary gates of this dimension, or a perfect tensor with four indices, each running from one to six. This special state deserves the appellation golden AME state as the golden ratio appears prominently in its elements. This result allows us to construct a pure non-additive quhex quantum error detection code ((3,6,2))_6, which saturates the Singleton bound and allows one to encode a 6-level state into a triplet of such states.

Abstract: Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a noninteractive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multi-valued quantum point obfuscation. One is with single-qubit point obfuscation and the other is with multi-qubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators.

Abstract: Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit C from a circuit class, SSL produces an encoding of C that enables a recipient to evaluate C, and also enables the originator of the software to verify that the software has been returned --- meaning that the recipient has relinquished the possibility of any further use of the software. Clearly, such a functionality is unachievable using classical information alone, since it is impossible to prevent a user from keeping a copy of the software. Recent results have shown the achievability of SSL using quantum information for a class of functions called compute-and-compare (these are a generalization of the well-known point functions). These prior works, however all make use of setup or computational assumptions. Here, we show that SSL is achievable for compute-and-compare circuits without any assumptions. Our technique involves the study of quantum copy-protection, which is a notion related to SSL, but where the encoding procedure inherently prevents a would-be quantum software pirate from splitting a single copy of an encoding for C into two parts, each of which enables a user to evaluate C. We show that point functions can be copy-protected without any assumptions, for a novel security definition involving one honest and one malicious evaluator; this is achieved by showing that from any quantum message authentication code, we can derive such an honest-malicious copy-protection scheme. We then show that a generic honest-malicious copy-protection scheme implies SSL; by prior work, this yields SSL for compute-and-compare functions.

Abstract: We investigate a class of partially device-independent quantum key distribution protocols based on a prepare-and-measure setup which simplifies their implementation. The security of the protocols is based on the assumption that Alice’s prepared states have limited overlaps, but no explicit bound on the Hilbert space dimension is required. The protocols are therefore immune to attacks on Bob’s device, such as blinding attacks. The users can establish a secret key while continuously monitoring the correct functioning of their devices through observed statistics. We report a proof- of-principle demonstration, involving mostly off-the-shelf equipment, as well as a high-efficiency superconducting nanowire detector. A positive key rate is demonstrated over a 4.8km low-loss optical fiber with finite-key analysis. The prospects of implementing these protocols over longer distances is discussed.

Abstract: Oblivious transfer (OT) is an important cryptographic primitive for transmitting information between two non-trusting parties and can be used as basic building block to implement any two-party computation. One variant of OT is XOR oblivious transfer (XOT), where the sender Alice has two bits and sends them to the receiver Bob. Bob will obtain either the first bit, the second bit, or their XOR. In an honest run of the protocol, Bob should not learn anything more than this, and Alice should not be able to tell what Bob has learned. Unfortunately, perfect quantum OT is impossible with information-theoretic security, so we focus on obtaining the smallest possible cheating probabilities for dishonest parties, when there are no restrictions imposed on them. We present a non-interactive quantum XOT protocol with classical post-processing, where the cheating probabilities are 1/2 for Alice and 3/4 for Bob. Reversing this protocol, so that Bob becomes the sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob, we show that the cheating probabilities for both parties stay the same as for the unreversed protocol. The reversed protocol is even easier to implement. The quantum XOT protocol outperforms classical XOT protocols. Lastly, we are in the process of implementing both the unreversed and the reversed protocol experimentally.

Abstract: A device-independent randomness expansion protocol aims to take an initial random string and generate a longer one, where the security of the protocol does not rely on knowing the inner workings of the devices used to run it. In order to do so, the protocol tests that the devices violate a Bell inequality and one then needs to bound the amount of extractable randomness in terms of the observed violation. The entropy accumulation theorem gives a bound in terms of the single-round von Neumann entropy of any strategy achieving the observed score. Tight bounds on this are known for the one-sided randomness when using the Clauser-Horne-Shimony-Holt (CHSH) game. Here we find the minimum von Neumann entropies for a given CHSH score relevant for one and two sided randomness that can be applied to various protocols. In particular, we show the gain that can be made by using the two-sided randomness and by using a protocol without spot-checking where the input randomness is recycled. We also discuss protocols that fully close the locality loophole while expanding randomness. Although our bounds are mostly numerical, we conjecture analytic formulae for the curves in two cases.

Abstract: Quantum key distribution (QKD) ensures the sharing of secret cryptographic keys between distant entities (typically called Alice and Bob), whose intrinsic security is guaranteed by the laws of nature [1–3]. Besides pioneering experiments involving satellite transmission [4], the challenge is the integration of this technology in telecommunication fiber networks, in particular in long haul segments [5–11]. The longest achievable communication distance is limited by the channel loss which increases exponentially with the fiber length and noise in the deployed single photon detector. The secure QKD key rate decreases exponentially with the channel fiber length. Although the communication distance could be extended using quantum repeaters, the related research is still at a proof-of-principle level [12]. Presently the widely adopted solution is the exploitation of trusted nodes, whose security represents however a significant technical issue. An innovative approach that overcomes, at least partially, the need for trusted node is represented by the recently proposed QKD protocol dubbed twin-field QKD (TF-QKD) [13]. In TF-QKD, the information is encoded on dim laser pulses generated at distant Alice and Bob terminals and sent through optical fiber over half of the entire communication distance to the central node, Charlie, where they interfere. For this reason, the TF-QKD has weaker dependence on channel losses, essentially doubling the communication distance with respect to the conventional prepare-and-measure QKD solution. TF-QKDhas been proved secure against general attacks (see e.g. [14–18]), but its implementation is challenging as the optical pulses sent by Alice and Bob are required to be phase-coherent and preserve coherence when reaching Charlie after travelling the long fiber paths. While phase coherence can be achieved by phase-locking the two QKD lasers in Alice and Bob to a common reference laser transmitted through a service channel, uncorrelated phase changes due to the length and refractive index fluctuations in the long optical fibers still remain and will reduce the visibility of the interference measurement. In the TF-QKD proof-of-principle experiments [19–26], this effect was mitigated by interleaving the QKD frames with classical transmission frames that were used to periodically realign the phases of interfering pulses. Here we present an alternative solution derived from the metrological research community, more precisely from atomic clocks comparison technology. Specifically, transmission of coherent laser radiation over thousand-kilometer-long fibers is exploited for the comparison of distant atomic clocks at the highest accuracy [27–32]. In this case phase fluctuations in long fiber also need to be addressed, othewise they would substantially degrade the comparison results. Precise comparison among these atomic clocks are made possible by the use of ultra-stable lasers and the active cancellation of the noise introduced by connecting fibers. Here we demonstrate that this technique can be successfully adapted into a TF-QKD setup. More specifically, we designed and developed an apparatus suitable for actively cancelling phase fluctuations of both the lasers and of the connecting fibers in a TF-QKD setup. This is achieved by transmitting an additional sensing laser light at a slightly different wavelength in the same fiber as the QKD dim pulses. In Charlie, this sensing laser is used for the fiber optical length stabilisation. We show that this multiplexed solution can be properly tuned in order to avoid a sizeable impact on the number of background photons observed by the single-photon detectors in the QKD channels, allowing simultaneous key streaming and channels stabilization, ensuring longer duty-cycles of the QKD process and a tighter control of the optical phase on long-haul deployed fibers. Furthermore, we tested our solution in a real-world network where the net losses between Alice and Bob are as high as 65 dB, resulting here in a distance of 206 km, or equivalent at 325 km on a fiber haul at common nominal losses of 0.2 dB/km [33]. References [1] Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014). [2] Scarani, V. et al. The security of practical quantum key distribution. Rev. Mod. Phys. 81, 1301 (2009). [3] Kwong Lo, H., Curty, M. & Tamaki, K. Secure quantum key distribution. Nature Photonics 8, 595-604 (2014). [4] Liao, S-K., Cai, W-Q., Pan, J-W. Satellite-to-ground quantum key distribution, Nature 549, 43-47 (2017) [5] Peev, M. et al. The SECOQC quantum key distribution network in Vienna, New J. Phys. 11, 075001 (2009). [6] Sasaki, M. et al. Field test of quantum key distribution in the Tokyo QKD Network. Opt. Expr. 19, 10387 (2011). [7] Dynes, J. F. et al. Cambridge quantum network. npj Quantum Inf. 5, 101 (2019). [8] Shimizu K., et al. Performance of long-distance quantum key distribution over 90-km optical links installed in a field environment of Tokyo metropolitan area. J. Lightwave Technol. 32,, 141-51 (2014). [9] Bacco, D. et al. Field trial of a three-state quantum key distribution scheme in the Florence metropolitan area. EPJ Quantum Technol.6, 5 (2019). [10] Choi, I. et al. Field trial of a quantum secured 10 Gb/s DWDM transmission system over a single installed fiber. Opt. Expr 22, 23121-23128 (2014). [11] Dixon, A. R. et al. Quantum key distribution with hacking countermeasures and long term field trial, Sci. Rep. 7, 7583 (2017). [12] Xu, F., Ma, X., Zhang, Q., Lo, H-K. & Pan, J-W. Secure quantum key distribution with realistic devices. Rev. Mod. Phys. 92, 025002 (2020) [13] Lucamarini, M., Yuan, Z. L., Dynes, J. F., Shields, A. J. Overcoming the rate-distance limit of quantum key distribution without quantum repeaters. Nature 557, 400-403 (2018). [14] Ma, X. Zeng, P., & Zhou, H. Phase-Matching Quantum Key Distribution. Phys. Rev. X 8, 031043 (2018). [15] Wang, X-B., Yu, Z-W. & Hu, X-L. Twin-field quantum key distribution with large misalignment error. Phys. Rev. A 98, 062323 (2018). [16] Lin J. & Lutkenhaus, N. Simple security analysis of phase-matching measurement-device-independent quantum key distribution. Phys. Rev. A 98, 042332 (2018); [17] Curty, M., Azuma, K. & Lo, H.-K. Simple security proof of twin-field type quantum key distribution protocol. npj Quantum Inf. 5, 64 (2019) [18] Yin, H-L. & Chen, Z-B. Finite-key analysis for twin-field quantum key distribution with composable security, Sci Rep. 9, 17113 (2019). [19] Wang, S. et al. Beating the Fundamental Rate-Distance Limit in a Proof-of-Principle Quantum Key Distribution System. Phys. Rev. X 9, 021046 (2019) [20] Minder, M. et al. Experimental quantum key distribution beyond the repeaterless secret key capacity. Nature Photon. 13, 334-338 (2019) [21] X. Zhong, Hu, J., Curty, M., Qian, L. & Lo, H-K. Proof-of-Principle Experimental Demonstration of Twin-Field Type Quantum Key Distribution. Phys. Rev. Lett. 123, 100506 (2019) [22] Chen, J-P. et al. Sending-or-Not-Sending with Independent Lasers: Secure Twin-Field Quantum Key Distribution over 509 km. Phys. Rev. Lett. 124, 070501 (2020). [23] Fang, X-T., et al. Implementation of quantum key distribution surpassing the linear rate transmittance bound. Nature Photon 14, 422-425 (2020). [24] Pittaluga M, et al., 600 km repeater-like quantum communications with dual-band stabilisation, arXiv:2012.15099 (2020) [25] Hui Liu et al., Field Test of Twin-Field Quantum Key Distribution through Sending-or-Not-Sending over 428 km, arXiv:2101.00276 (2021) [26] Jiu-Peng Chen et al., Twin-Field Quantum Key Distribution over 511 km Optical Fiber Linking two Distant Metropolitans, arXiv:2102.00433 (2021) [27] Clivati, C. et al. Optical frequency transfer over submarine fiber links. Optica 5, 893 (2018). [28] Clivati, C. et al. Common-clock very long baseline interferometry using a coherent optical fiber link. Optica 7, 1031-1037 (2020) [29] Grotti, J. et al. Geodesy and metrology with a transportable optical clock. Nature Physics 14, 437-441 (2018). [30] Lisdat, C. et al. A clock network for geodesy and fundamental science. Nat.Comm. 7, 12443 (2016). [31] Delva, P. et al. Test of Special Relativity Using a Fiber Network of Optical Clocks, Phys. Rev. Lett. 118, 221102 (2017). [32] Guena, J. First international comparison of fountain primary frequency standards via a long distance optical fiber link. Metrologia 54, 348 (2017). [33] Clivati, C. et al. Coherent phase transfer for real-world twin-field quantum key distribution, arXiv:2012.15199 (2021)

Abstract: A central broadcast Quantum Key Distribution protocol employs a thermal source to produce a secret key between Alice and Bob in the presence of an eavesdropper, Eve. Intensity correlations arising due to the Hanbury Brown and Twiss effect are used to produce correlated strings of quadrature measurements between each party, which may then be converted into bit strings. Using analytic methods, as well as through Monte Carlo simulations, we find that the correlations survive a series of beam splitters, and that the bit strings produced are suitable for distilling into a shared key. As thermal sources are already regularly used in modern communications equipment, this may allow quantum key distribution to be performed without using specialist equipment, with future work focusing on experimental implementations of the protocol in the microwave region.

Abstract: Symmetry plays a fundamental role in the security analysis of quantum key distribution (QKD). Here we review how symmetry is exploited in continuous-variable (CV) QKD to prove the optimality of Gaussian attacks in the finite-size regime. We then apply these results to improve the efficiency, and thus the key rate, of these protocols. First we show how to improve the efficiency and practicality of the energy test, which is one important routine aimed at establishing an upper bound on the effective dimensions of the otherwise infinite-dimensional Hilbert space of CV systems. Second, we show how the routine of parameter estimation can be made resource efficient in measurement-device independent (MDI) QKD. These results show that all the raw data can be used both for key extraction and for the routines of energy test and parameter estimation. Furthermore, the improved energy test does not require active symmetrization of the measured data, which can be computationally demanding.

Abstract: The fundamental distance limit for quantum key distribution due to photon loss can be overcome by intermediate nodes called quantum repeaters. We provide analytical bounds on the mean and quantiles of the entanglement delivery time for a very general class of repeater schemes, which significantly improve upon existing work. Our bounds enable the analytical assessment of repeater in the presence of time-dependent noise, such as imperfect memories, and are useful for the design and analysis of network sizes beyond the reach of numerics.

Abstract: It is known that advantage distillation (that is, information reconciliation using two-way communication) improves noise tolerances for quantum key distribution (QKD) setups. Two-way communication is hence also of interest in the device-independent case, where noise tolerance bounds for one-way error correction are currently too low to be experimentally feasible. Existing security proofs for device-independent advantage distillation rely on fidelity-related security conditions, but previous bounds on the fidelity were not tight. We improve on those results by developing an algorithm that returns arbitrarily tight lower bounds on the fidelity. Our results give new insight on how strong the fidelity-related security conditions are. Finally, we conjecture a necessary security condition that naturally complements the existing sufficient conditions.

Abstract: We study information theoretical security for space links between a satellite and a ground-station. Quantum key distribution (QKD) is a well established method for information theoretical secure communication, giving the eavesdropper unlimited access to the channel and technological resources only limited by the laws of quantum physics. But QKD for space links is extremely challenging, the achieved key rates are extremely low, and day-time operating impossible. However, eavesdropping on a channel in free-space without being noticed seems complicated, given the constraints imposed by orbital mechanics. If we also exclude eavesdropper's presence in a given area around the emitter and receiver, we can guarantee that he has only access to a fraction of the optical signal. In this setting, quantum keyless private (direct) communication based on the wiretap channel model is a valid alternative to provide information theoretical security. Like for QKD, we assume the legitimate users to be limited by state-of-the-art technology, while the potential eavesdropper is only limited by physical laws: either by specifying her detection strategy (Helstrom detector) or by bounding her knowledge, assuming the most powerful strategy through the Holevo information. Nevertheless, we demonstrate information theoretical secure communication rates (positive keyless private capacity) over a classical-quantum wiretap channel using on-o-keying of coherent states. We present numerical results for a setting equivalent to the recent experiments with the Micius satellite and compare them to the fundamental limit for the secret key rate of QKD. We obtain much higher rates compared with QKD with exclusion area of less than 13 meters for Low Earth Orbit (LEO) satellites. Moreover, we show that the wiretap channel quantum keyless privacy is much less sensitive to noise and signal dynamics and daytime operation is possible.

Abstract: Quantum-access security, where an attacker is granted superposition access to secret-keyed functionalities, is a fundamental security model and its study has inspired results in post-quantum security. We revisit, and fill a gap in, the quantum-access security analysis of the Lamport one-time signature scheme (OTS) in the quantum random oracle model (QROM) by Alagic et al. (Eurocrypt 2020). We then go on to generalize the technique to the Winternitz OTS. Along the way, we develop a tool for the analysis of hash chains in the QROM based on the superposition oracle technique by Zhandry (Crypto 2019) which might be of independent interest.

Abstract: The idea of self-testing is to render guarantees concerning the inner workings of a device based on the measurement statistics. It is one of the most formidable quantum certification and benchmarking schemes. Here, we have shown that any bipartite pure entangled state can be self-tested through Quantum Steering. Analogous to the tilted CHSH inequality, we use a steering inequality called Tilted Steering Inequality for self-testing any pure two-qubit entangled state. We have further used this inequality to self-test any bipartite pure entangled state by certifying two-dimensional sub-spaces of the qudit state by observing the structure of the set of assemblages obtained on the trusted side after measurements are made on the un-trusted side. Finally, as a novel feature of self testing via steering, we use the notion of Assemblage based Robust Self Testing to provide robustness bounds for the self testing result in the case of pure maximally entangled states of any local dimension.

Abstract: Twin-field quantum key distribution (TFQKD) systems have shown great promise for implementing practical long-distance secure quantum communication due to its measurement-device-independent nature and its ability to offer fundamentally superior rate-loss scaling than conventional point-to-point QKD systems. A surge of research has produced many variants of protocols and experimental demonstrations. To make TFQKD more applicable in quantum communication, a study of TFQKD in a networking setting is essential. In this work, we experimentally demonstrate a proof-of-principle Sagnac-interferometer based TFQKD network with three users and one untrusted central node. We show that our network enables users to share secure keys with channel losses up to 58dB, and channel loss asymmetric up to 15dB. In some cases, the secure key rates still beat the rate-loss bounds for conventional point-to-point repeaterless QKD systems. It is to our knowledge the first multi-user-pair TFQKD network demonstration, an important step in advancing quantum communication network technologies.

Abstract: We identify a time-dependent passive source side-channel in common measurement-device-independent quantum key distribution implementations that rely on Faraday mirrors for stable phase modulation. We model the time-dependence of the side channel and use this information in conjunction with a recently developed numerical security proof technique based on semidefinite programming to quantify the impact on the secure key rate of the protocol. We explore the sensitivity of security to the parameters of the side channel and the choice of model for the signal.

Abstract: Quantum key distribution (QKD) provides a practical method for distant parties to establish identical and secret keys. However, how quantum technologies can be practically used to protect user privacy with provable security remains an open question. Here, we report the first steps of our efforts to experimentally implement a symmetric private information retrieval (SPIR) scheme with QKD keys for fingerprint data retrieval. In the QKD layer, a three-user Measurement-device-independent QKD network is utilised for secure key distribution among the enquirer and data centres. In the application layer, an information-theoretically secure SPIR protocol is implemented to ensure both the privacy of the enquirer and the security of the database. Preliminary experimental results of the MDI QKD network implementation is presented, and simulations of the SPIR+QKD performance are also shown based on the experimental characterisation data.

Abstract: Characterizing the single-photon detection efficiency (SPDE) of a single-photon detector (SPD) is an essential but nontrivial task for various applications. Conventional methods require detailed detector models to calculate the estimated SPDE, which are not always available. In this work, a generalized method based on decoy-state for accurate characterization of SPDs is proposed and experimentally demonstrated. This work provides a new toolbox for rigorous SPD characterization with relaxed assumptions on the detector model, opening new possibilities in device calibration standards and quantum information applications.

Abstract: Secure two-party computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output of the computation. In this work, we take the first steps towards understanding the setting where: 1) the two parties (Alice and Bob) can communicate only via a classical channel, 2) the input of Bob is quantum and 3) the input of Alice is classical. Our first result indicates that in this setting it is in general impossible to realize a two-party quantum functionality with black-box simulation in the case of malicious quantum adversaries. In particular, we show that the existence of a secure protocol that relies only on classical channels would contradict the quantum no-cloning argument. We circumvent this following three different approaches. The first is by considering a weaker security notion called one-sided simulation security. This notion protects the input of one party (the quantum Bob) in the standard simulation-based sense, and protects the privacy of the other party's input (the classical Alice). We realize our protocol relying on the learning with errors assumption. As a result, we put forward a first construction of secure one-sided quantum two-party computation over classical networks. The second way to circumvent the impossibility result, while at the same time providing standard simulation-based security also against Bob, is by assuming that the quantum input has an efficient classical representation. Finally, we focus our attention on the class of zero-knowledge functionalities, and provide a protocol for such a class for specific QMA relations. We note that the direct implication of our result is that Mahadev's protocol for classical verification of quantum computations (FOCS'18) can be turned into a zero-knowledge proof of quantum knowledge protocol with classical verifiers. To the best of our knowledge, we are the first to instantiate such a primitive.

Abstract: Quantum physical unclonable functions, or QPUFs, are rapidly emerging as theoretical hardware solutions to provide secure cryptographic functionalities such as key exchange, message authentication, entity identification among others. Recent works have shown that in order to provide provable security of these solutions against any quantum polynomial time adversary, QPUFs are required to be a unitary sampled uniformly randomly from the Haar measure. This however is known to require an exponential amount of resources. In this work, we propose an efficient construction of these devices using unitary t-designs, called QPUF_t. Along the way, we modify the existing security definitions of QPUFs to include efficient constructions and showcase that QPUF_t still retains the provable security guarantees against a bounded quantum polynomial adversary with t-query access to the device. This also provides the first use case of unitary t-design construction for arbitrary t, as opposed to previous applications of t-designs where usually a few (relatively low) values of t are known to be useful for performing some task. We study the noise-resilience of QPUF_t against specific types of noise, unitary noise, and show that some resilience can be achieved particularly when the error rates affecting individual qubits become smaller as the system size increases. To make the noise resilience more realistic and meaningful, we conclude that some notion of error mitigation or correction should be introduced.

Abstract: Multi-source-extractors are functions that extract uniform randomness from multiple (weak) sources of randomness. With the advent of quantum computers, it is natural to investigate the security of multi-source-extractors against adversaries with quantum side-information on the sources of randomness (potentially generated using quantum entanglement). Quantum multi- source-extractors were considered by Kasher and Kempe (for the quantum-independent- adversary and the quantum-bounded-storage-adversary), Chung, Li, and Wu (for the general- entangled-adversary), and Arnon-Friedman, Portmann, and Scholz (for the quantum-Markov- adversary). In this work, we propose two new models of adversaries, the quantum-measurement-adversary (qm-adv) and the quantum-communication-adversary (qc-adv). qm-adv generates side-information post-measurement outcomes and qc-adv generates side-information using a communication protocol. We show that: 1. qm-adv is the strongest adversary among all the known adversaries, in the sense that the side-information of all other adversaries can be generated by qm-adv. 2. The (generalized) inner-product function (in fact a general class of two-wise independent functions) continue to work as a good extractor against qm-adv (with matching parameters as that of Chor and Goldreich against classical-adversaries). 3. A non-malleable extractor proposed by Li (against classical-adversaries) continues to be secure against quantum side-information. A non-malleable extractor (nm-ext) for two sources (X, Y) is an extractor such that nm-ext(X, Y) is uniform and independent of nm-ext(X, Y')YY', where Y' is not equal to Y and Y' is generated by the adversary using Y and the side-information on X. 4. A modification (not needing any local uniform randomness) of the Dodis and Wich's protocol for privacy-amplification is secure against active quantum adversaries. This strengthens on a recent result due to Aggarwal, Chung, Lin, and Vidick which uses local uniform randomness. 5. As a byproduct, we reproduce the quantum communication complexity lower bound for the (generalized) inner-product function via different proof techniques.

Abstract: Quantum random number generators (QRNGs) could generate numbers that are certifiably random even to a potential adversary who holds some side-information. However, many QRNGs require extremely precise characterisation of the source of the quantum states and the measurement apparatus. In this work, we propose a semi-device-independent QRNG protocol with untrusted homodyne detection. We show that our protocol is secure against quantum side-information, taking into account finite-size effects without making any assumption on the measurement device.

Abstract: We provide the first inner bounds for sending private classical information over a quantum multiple access channel. We do so by using three powerful information theoretic techniques: rate splitting, quantum simultaneous decoding for multiple access channels, and a novel smoothed distributed covering lemma for classical quantum channels. Our inner bounds are given in the one shot setting and accordingly the three techniques used are all very recent ones specifically designed to work in this setting. The last technique is new to this work and is our main technical advancement. For the asymptotic iid setting, our one shot inner bounds lead to the natural quantum analogue of the best classical inner bounds for this problem.

Abstract: We propose a novel Quantum Private Query (QPQ) scheme using EPR-pairs with full Device Independent (DI) certification. To the best of our knowledge, this is the first time we provide such a full DI-QPQ protocol. Our proposed scheme exploits self-testing of shared EPR-pairs along with the self testing of projective measurement operators in a setting where the parties don't trust each other. To certify full DI, our scheme also exploits a technique to self-test a particular class of POVM elements that are used in the protocol. This makes the DI-testing of this proposed scheme slightly different from the traditional DI-QKD scheme. Further, we provide formal security analysis and obtain an upper bound on the maximum cheating probabilities for both dishonest client as well as dishonest server.

Abstract: We recently introduced a "quantum router" architecture that improves entanglement fidelities in chains of multiplexed repeaters. Here, we address local entanglement routing across general network graphs of routers to optimize entanglement rates and fidelities. Our proposed routing strategy achieves close-to-optimal rates in the limit of high multiplexing.

Abstract: Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the super-luminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase.

Abstract: We introduce a variant of Gottesman-Chuang quantum signatures [GC01] in which we sign nonbinary symbols instead of bits. The public keys are fingerprinting states, just as in [GC01], but we allow for multiple ways to reveal the private key partially. This reduces the number of qubits expended per message bit. We give a security proof and we present numerical results that show how the improvement in public key size depends on the message length.

Abstract: In this paper, an experimental scenario of remote control with equipment operating at the manufacturing site over private 5G network has been demonstrated. To further enhance the security level, quantum key distribution (QKD) has been applied to this private 5G network system. The results reveal that QKD could be applicable to provide secure communications in private 5G network system for practical use.

Abstract: Quantum key distribution (QKD) provides capability of secure communication between two remote locations. Depending on its applications, for the surroundings that fiber connection between two remote locations becomes impossible, QKD should be performed through free-space. Such QKD is called as free-space QKD. The applications corresponds to moving objects such as vehicle, aircraft, and satellite. In such free-space QKD, one fundamental characteristic is that transmitter and receiver are moving in real time. In case of conventional BB84 like QKD protocols requiring an identical reference frame between the transmitter and receiver, its performance can be affected by the moving characteristic because the relative movement causes reference frame deviation between them. This can be alleviated with active compensation of the reference frame, but it makes QKD system complex. In the protocol point of view, one has been proposed and it is called as reference frame independent (RFI) QKD. However, RFI QKD is based on ideal situation such as symmetric channels depending on encoded quantum states. This usually cannot achieved in real QKD system due to device imperfections. In this paper, we theoretically analyze how the device imperfections affect on the performance RFI QKD. In order to verify the theoretical analysis, we implement a free-space RFI QKD system with practical devices and identify the effect of device imperfections on RFI QKD.

Abstract: Ticket based authentication systems are used across the internet. They allow an entity or device to be issued a ticket which can be used to repeated authenticate to a service. We propose a quantum ticket algorithm (based on Gavinsky's coin scheme [1]) which offers protection against phishing, replay and man-in-the-middle attacks, and authentication with the service does not require either quantum or encrypted communication channels. It also provides in-built ticket expiration and graded step-up authentication depending on levels of trust and risk.

Abstract: Recently the finite-size security of a continuous-variable quantum key distribution protocol was reported, in which homodyne measurement is used for generating raw key and heterodyne measurement for monitoring. Here we improve the security proof to allow the use of heterodyne measurement for both purposes. The new protocol not only simplifies the receiver apparatus but also alleviates the necessity of actively locking the phases of the sender's and the receiver's local oscillators. The comparison of the key rates of the two protocols shows that replacing homodyne measurement with heterodyne measurement worsens the channel loss dependence by only 1 dB, which is better than a naive expectation of a 3 dB penalty.

Abstract: Quantum key distribution (QKD) which enables the secure distribution of symmetric keys between two legitimate parties is of great importance in future network security [1, 2]. Access network that connects multiple end-users with one network backbone can be combined with QKD to build security for end-users in a scalable and cost-effective way. Access network can have upstream stream transmission direction and downstream transmission direction. For upstream transmission, signals are transmitted from the end-users optical network units (ONUs), combined at the optical distribution network (ODN), and then forwarded to the optical line terminal (OLT) through single fiber. For downstream transmission direction, signals are sent from the OLT and separated at the ODN, then distributed to ONUs in the network. Though previous QKD access network demonstrations are all based on upstream transmission direction [3], the downstream access network on the other hand may offer extra advantages, since no time multiplexing technique is applied, the crosstalk is minimized, also, only passive beam- splitter is sufficient to distribute the signals, and no active controls or calibrations are required at the intermediate optical distribution network node, signals are simply broadcasted to the ONUs [4]. However, it is not straight- forward to integrate QKD into the downstream access network, for discrete-variable QKD, the quantum signals cannot be deterministically distributed to the ONUs. More importantly, since every ONU gets a copy of the transmitted quantum signals, it is crucial that the final secret key is private against other ONUs in the downstream access network. Here, we prove that QKD downstream access network can be realized by using continuous-variable (CV) QKD [5], the corresponding implementation can deterministically perform QKD [6] with the activated ONU, the network still only applies passive beamsplitter to distribute quantum signals. The secrecy against other parties in the network is achieved by considering a reinforced Eve during the security analysis. The security analysis can be conducted with only the optical line terminal and the activated ONU, and no other parties assistances are required. Our work provides the security analysis framework for realizing QKD in the downstream access network which will boost the diversity for constructing practical QKD networks. This work was supported by the Key Program of National Natural Science Foundation of China under Grant No. 61531003, National Natural Science Foundation of China under Grant No. 62001041, China Postdoctoral Science Foundation under Grant No. 2020TQ0016, Sichuan Science and Technology Program under Grant No. 2020YFG0289 and the Fund of State Key Laboratory of Information Photonics and Optical Communications. [1] V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, The security of practical quantum key distribution, Rev. Mod. Phys. 81, 1301 (2009). [2] F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Secure quantum key distribution with realistic devices, Rev. Mod. Phys. 92, 025002 (2020). [3] B. Fr¨ohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 69-72 (2013). [4] ITU. G.984.1: Gigabit-capable passive optical networks (gpon): General characteristics. ITU-T (2008). [5] S. Pirandola, et al., Advances in quantum cryptography, Adv. in Opt. and Photon. 12, 1012 (2020). [6] Y. Zhang, et al., Continuous-variable QKD over 50km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019).

Abstract: Continuous-variable quantum key distribution (CV-QKD) provides a way for two remote participants called Alice and Bob to establish symmetric keys through an unsafe channel \cite{weedbrook2012gaussian,grosshans2003quantum}. Continuous-variable quantum key distribution (CV-QKD) based on commercial devices such as lasers and coherent detectors is moving towards practical. Experimental implementation of the CV-QKD systems using Gaussian-modulated coherent states (GMCS) has made significant progress recently \cite{zhang2019continuous}. At the mean time, the problems of performance degradation caused by imperfections of those experimental devices remain unsolved absolutely \cite{pirandola2020advances}. A non-orthogonal measurement angular error between quadrature components $X$ and $P$ from coherent detection is always ignored in the current experimental scheme. The optical phase shifter that constantly rotates the local oscillator phase is a necessity in continuous-variable quantum key distribution systems using heterodyne detection. In previous experimental implementations, the optical phase shifter is generally regarded as an ideal passive optical device that perfectly rotates the phase of the electromagnetic wave of $90^\circ$ \cite{wang2020high}. However,under the action of external force, the fibre is stretched or compressed within the elastic deformation range, and parameters such as the fibre change's geometrical size and refractive index change, thus causing the phase change of the transmitted signal in the fibre. Therefore, the phase shifter is somewhat susceptible to environmental changes and can hardly shift the phase by $90^\circ$ exactly Considering this, we propose a concrete interpretation of measurement angular error in practical systems and the corresponding entanglement-based description. Simultaneously, an estimation method of the measurement angular error and corresponding compensation scheme are demonstrated in some ways. We conclude that measurement angular error severely degrades the security, but the proposed calibration and compensation method can significantly help improve the performance of the practical CV-QKD systems. Undoubtedly, it is worth observing that our work is to strengthen practical security resulted from devices' imperfection.

Abstract: A chip-based continous-variable quantum-key-distribution (CVQKD) system with a high practical confidentiality performance is crucial for constructing quantum metropolitan communication networks, but imperfections in the chip-based modulation will threaten the practical security of the chip-based CVQKD system. In this paper, we combine the plasma dispersion effect of free carriers to model the carrier fluctuations and reveal the essential mechanism of carrier fluctuations’ influence on the system. The simulations show that the chip-based CVQKD system may face potential loophole threats or its performance will dramatically decrease under different carrier fluctuations. Moreover, two preliminary defense strategies are proposed to completely solve the practical security problems commonly induced by modulators in general chip-based CVQKD systems. This work proposes a set of modeling and analysis methods for general chip-based CVQKD systems’ modulators, which provides constructive methods to build the chip-based CVQKD system with more rigorous practical security.

Abstract: We propose a dynamic polarization control scheme for free-space continuous-variable quantum key distribution and verify its validity via simulations and an experiment performed over a 150 m free-space channel. The results indicate the capability of the scheme to effectively control the states of polarization for free-space continuous-variable quantum communication.

Abstract: The growing demand for large-scale quantum computers is motivating research on distributed quantum computing (DQC) architectures. To support the research community in the design and evaluation of distributed quantum protocols, many simulators have been devised. However, the process of setting up a simulation requires strong expertise in the simulator itself, thus being inconvenient for those who are only interested in protocol evaluation or in the design of supporting tools such as quantum compilers. In this work, we present DQC Executor, a software tool that accepts as input the description of the network and the code of the algorithm, and then executes the simulation. The tool automatically constructs the network topology and maps the computation onto it, in a framework-agnostic way and transparently to the user. DQC Executor currently supports automatic deployment of distributed quantum algorithms to the NetSquid simulator.

Abstract: Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a non-interactive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multi-valued quantum point obfuscation. One is with single-qubit point obfuscation and the other is with multi-qubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators.

Abstract: When the outcomes of a set of parties measuring their local quantum systems exhibit non-local correlations by violating a Bell inequality, one can infer that such outcomes are secret to some extent. This is at the core of the security of many device-independent (DI) protocols, such as DI randomness expansion and DI conference key agreement. We quantify the amount of secret randomness in the parties’ outcomes by analytically computing their conditional von Neumann entropies as a function of the Bell violation, for different Bell inequalities.

Abstract: BB84-type DV-QKD protocols that implement weak coherent laser pulses as the carrier for the encoded information are severely limited in their maximally achievable transmission distance due to the inherent threat of photon number splitting (PNS) attacks. This potential weakness can be elegantly eliminated by the adaption of the protocol to include so-called decoy states (DS) in the transmission. These decoy states allow Alice and Bob to probe their transmission channel and statistically infer whether a PNS type attack is occurring, thus precluding Eve from successfully using this strategy. The added degrees of freedom of deciding how often to send decoy states and which intensities to use for them however further complicates the already complex task of predicting the impact on protocol performance and finding a set of suitable parameters to achieve optimal secret key rates (skr). In order to predict optimal performance, as a function of characteristics of the QKD setup like channel losses and device imperfections, state preparation fidelity, decoy state parameters and finite size effects, the software simulator pyDSsim has been developed. The tool is written in Python and implements the recent security proof framework introduced in [1,2]. The software can be scripted from the command line or used via a graphical user interface (GUI: QT5 framework) for easy exploration via parametrized x-y plots of over 40 different variables, allowing a comprehensive evaluation of their interdependencies. The main feature however is the option to numerically compute the set of protocol variables for a given QKD-setup which maximizes the secret key rate under constraints typical for practical implementations: fixed block sizes or fixed acquisition times for the raw key. To this end two different algorithms (differential-evolution [3] and L-BFGS-B [4]) are utilized, allowing for a cross-check of the acquired results and choice between speed and accuracy of the approach. References [1] Rusca, D., Boaron, A., Grünenfelder, F., Martin, A. & Zbinden, H. Finite-key analysis on the 1-decoy state QKD protocol. Appl. Phys. Lett. 112, 171104 (2018) [2] Lim, C. C. W., Curty, M., Walenta, N., Xu, F. & Zbinden, H. Concise security bounds for practical decoy-state quantum key distribution. Phys. Rev. A 89, 022307 (2014) [3] R. H. Byrd, P. Lu and J. Nocedal. A Limited Memory Algorithm for Bound Constrained Optimization, (1995), SIAM Journal on Scientific and Statistical Computing, 16, 5, pp. 1190-1208. [4] Storn, R and Price, K, Differential Evolution - a Simple and Efficient Heuristic for Global Optimization over Continuous Spaces, Journal of Global Optimization, 1997, 11, 341 - 359.

Abstract: Quantum key distribution (QKD) has been proved to be information-theoretically secure in theory. In practice, the self-differencing avalanche photodiode detectors (SD-APDs) are commonly used in high-speed QKD systems. However, we experimentally show that the SD- APD under test can be successfully hacked by the pulse-illumination attack. This attack might compromise the security of a high-speed QKD system with SD-APDs. This study also indicates that the best-practice criteria for practical security of SD-APDs might take the threat of pulse-illumination attack into account.

Abstract: The 18-month project called PROtocols for Space sEcure Quantum cOmmunication (PROSEQO), funded by the European Space Agency, was coordinated by the University of Padova with Sitael and Qascom as industrial partners. The scope of the project was to assess the protocols feasible for Satellite QKD and then realize an analytical model to describe all the elements that contribute to the Secret Key Rate (SKR). The analytical model was integrated in a dedicated software able to get several input parameters and orbit descriptions and calculate the final SKR. The software was tested in 10 different case studies. Therefore, this can be a useful tool for future Satellite QKD missions as a preliminary step to evaluate mission feasibility. It could also be the starting point for a numerical overview on the practicability of a satellite QKD infrastructure.

Abstract: Simon's problem is one of the few black-box problems known to be in BQP but not in BPP. Although Simon's algorithm can be used to solve this problem efficiently, it isn't so easy for someone with access to a large-scale quantum computer (the prover) to convince someone whose computing power is in BPP (the verifier) of the validity of their computation. I present an interactive protocol that aims to accomplish this goal if the verifier has access to a quantum computer with a constant number of qubits. This protocol adapts some of the known techniques using quantum authentication schemes for non-black-box problems. It also uses a novel technique that consists of randomly doing “trap rounds” that are similar to Simon's algorithm iterations but instead ask the prover to call the black-box function on a randomly-generated polynomial-size superposition state chosen so that the verifier can detect the prover's attempts at cheating.

Abstract: This work experimentally investigates a clock recovery algorithm’s performance for a gaussian modulated CV-QKD system operating over 20km of fibre using a frequency multiplexed classical signal.

Abstract: We develop general tools to be able to numerically calculate key rates for quantum key distribution protocols with characterized source defects. These tools include performing decoy-state analysis for optical protocols where the signal states are not fully phase-randomised. We apply these tools for the three-state protocol when the signal states are not fully phase-randomised due to a high repetition rate. Our results suggest that the small amounts of residual coherences do not greatly affect the key rate.

Abstract: Security proof methods for quantum key distribution, QKD, that are based on the numerical key rate calculation problem, are powerful in principle. However, the practicality of the methods are limited by computational resources and the efficiency and accuracy of the underlying algorithms for convex optimization. We derive a stable reformulation of the convex nonlinear semidefinite programming, SDP, model for the key rate calculation problems. We use this to develop an efficient, accurate algorithm. The reformulation is based on novel forms of facial reduction, FR, for both the linear constraints and nonlinear relative entropy objective function. This allows for a Gauss-Newton type interior-point approach that avoids the need for perturbations to obtain strict feasibility, a technique currently used in the literature. The result is high accuracy solutions with theoretically proven lower bounds for the original QKD from the FR stable reformulation. This provides novel contributions for FR for general SDP. We report on empirical results that dramatically improve on speed and accuracy, as well as solving previously intractable problems.

Abstract: We consider QKD based on time entangled photons, with detectors that exhibit timing jitter and detector downtime. Timing jitter introduces local errors, necessitating key reconciliation. The detector downtime introduces memory which results in key bits that are not uniformly random. Both effects cause key rate loss. We focus on detector downtime and develop a method to compute the key rate loss.

Abstract: Improving the rates and distances over which quantum secure keys are generated is a major challenge. New source and detector hardware can improve key rates significantly, however it can require expensive cooling. We show that Twin-Field Quantum Key Distribution (TF-QKD) has an advantageous topology allowing the localisation of cooled detectors. This setup for a quantum network allows a fully connected network solution, i.e. one where every connection has non-zero key rates, in a box with sides of length up to 110km with just 4 cooled nodes, while Decoy state BB84 is only capable of up to 80km with 40 cooled nodes, and 50km if no nodes are cooled. The average key rate in the network of the localised, cooled TF-QKD is >30 times greater than the uncooled Decoy BB84 solution and ∼0.9 those of cooled Decoy BB84. To reduce the cost of the network further, switches can be used in the network. These switches have losses ranging between 1−2dB. Adding these losses to the model shows further the advantages of TF-QKD in a network. Decoy BB84 is only able to generate fully connected solutions up to 20km if all nodes are cooled for a 40 node network for 1dB losses. In comparison, using TF-QKD, 70km networks are possible with just 4 cooling locations for the same losses. The simulation shows the significant benefits in using TF-QKD in a switched network, and suggests that further work in this direction is necessary.

Abstract: We know that classical one-time memory is a cryptographic primitive which is sufficient to construct both classical one-time programs and quantum one-time programs. We propose a construction of one-time memory (OTM) from isolated Majorana islands. The proposed 1-out-of-2 OTM stores two bits, wherein any one chosen bit can be perfectly obtained, whereas the other bit is destroyed with high probability. We prove that a malicious recipient performing an arbitrary sequence of strong and weak measurements can not obtain more information than an honest recipient performing only strong measurements. We show that errors on the two stored bits can be corrected by a pair of classical codes obtained from a quantum CSS code. We compare several popular CSS codes and obtain the best codes for different regimes of physical error rate, availability of chosen bit and availability of remaining bit. Finally, we show that the construction for 1/2 OTMs can be generalized into efficient constructions for 1/n OTMs and (n−1)/n OTMs.

Abstract: Canada has recently begun to work on the satellite-based QKD project, known as Quantum Encryption and Science Satellite (QEYSSat) mission. Its first satellite launch is expected in the year of 2023. As I am involved in this mission, I would like to introduce the new quantum source that is currently in the progress of development. The aim was to develop a quantum source for the entanglement-based QKD that can sufficiently overcome the current distance limits. By introducing some of the important criteria for building the source, I will explain what has been achieved, then how this in the end will take us one step further toward the future quantum network.

Abstract: In his seminal work on recording quantum queries [Crypto 2019], Zhandry studied interactions between quantum query algorithms and the quantum oracle corresponding to random functions. Zhandry presented a framework for interpreting various states in the quantum space of the oracle that can be used to provide security proofs in quantum cryptography. In this paper, we introduce a similar interpretation for the case when the oracle corresponds to random permutations instead of random functions. Because both random functions and random permutations are highly significant in security proofs, we hope that the present framework will find applications in quantum cryptography. Additionally, we show how this framework can be used to prove that the success probability for a k-query quantum algorithm that attempts to invert a random N-element permutation is at most O(k^2/N).

Abstract: We report a unidimensional two-way continuous-variable quantum key distribution protocol, which shows the potential of secure communication with simple modulation method in noisy situations.

Abstract: We propose a novel strategy of using the Gottesman-Kitaev-Preskill (GKP) code in a two-way repeater architecture with multiplexing. The crucial feature of the GKP code that we make use of, is the fact that GKP qubits easily admit deterministic two-qubit gates, hence allowing for deterministic entanglement swapping. Furthermore, thanks to the availability of the analog information generated during the measurement of the GKP qubits, we can design better entanglement swapping procedures between the multiplexed elementary links. To boost the loss-resilience of our encoded qubits, we consider a concatenation of the GKP code with the discrete variable [[7,1,3]] code which has already proven effective in the context of quantum repeater schemes. We find that our architecture allows for high-rate near-deterministic end-to-end entanglement generation with much larger repeater spacing than for the previously considered error-correction based repeater schemes.

Abstract: Quantum Key Distribution (QKD) is a fast growing scientific as well as commercial field. Governments as well as private businesses seek for enhanced security solutions that can withstand future hacking attacks on classical cryptographic protocols. Today, there exists a vast amount of different QKD protocols that claim to offer “unconditional” security. However, looking in more detail many subtleties lead to different security levels, or in worst-case scenarios to no security at all. Thus, it is of upmost importance to appropriately select and design QKD protocols and networks. In this work (presented as a poster), we present and compare three different QKD protocols, concerning their security, key-rate performance, and applicability especially for satellite-based QKD networks. Our main results from this study are presented and we introduce the key requirements and the basic workflow of the design and optimization of a trusted-node based and free European QKD network. Finally, realistic satellite missions and their expected secure key rates in various situations are presented.