Program

Abstract: Measurement-device-independent quantum key distribution removes all detector-side attacks in quantum cryptography, and in the meantime doubles the secure distance. The source side, however, is still vulnerable to various attacks. In particular, the continuous phase randomization assumption on the source side is normally not fulfilled in experimental implementation and may potentially open a loophole. In this work, we first show that indeed there are loopholes for imperfect phase randomization in measurement-device-independent quantum key distribution by providing a concrete attack. Then we propose a discrete-phase-randomized measurement-device-independent quantum key distribution protocol as a solution to close this source-side loophole. [Phys. Rev. A 101, 062325]

Abstract: Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the super-luminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase.

Abstract: We propose three constructions of classically verifiable non-interactive proofs (CV-NIP) and non-interactive zero-knowledge proofs and arguments (CV-NIZK) for QMA in various preprocessing models.

Abstract: Device-independent quantum key distribution is a secure quantum cryptographic paradigm that allows two honest users to establish a secret key, while putting minimal trust in their devices. Most of the existing protocols have the following structure: First, a bipartite nonlocal quantum state is distributed between the honest users, who perform local projective measurements to establish nonlocal correlations. Then, they announce the implemented measurements and extract a secure key by post-processing their measurement outcomes. We show that no protocol of this form allows for establishing a secret key when implemented on certain entangled nonlocal states, namely on a range of entangled two-qubit Werner states. To prove this result, we introduce a technique for upper-bounding the asymptotic key rate of device-independent quantum key distribution protocols, based on a simple eavesdropping attack. Our results imply that either different tools---such as different reconciliation techniques or non-projective measurements---are needed for device-independent quantum key distribution in the large-noise regime, or Bell nonlocality is not sufficient for this task.

Abstract: A remarkable aspect of quantum theory is that certain measurement outcomes are entirely unpredictable to all possible observers. Such quantum events can be harnessed to generate numbers whose randomness is asserted based upon the underlying physical processes. We formally introduce, design, and experimentally demonstrate an ultrafast optical quantum random number generator that uses a totally untrusted photonic source. While considering completely general quantum attacks and using dedicated FPGA hardware for post-processing, we certify and generate in real time random numbers at a rate of 8.05 Gb/s with a composable security parameter of 10^{−10}. Composable security is the most stringent and useful security paradigm because any given protocol remains secure even if arbitrarily combined with other instances of the same, or other, protocols, thereby allowing the generated randomness to be utilized for arbitrary applications in cryptography and beyond. This work achieves the fastest generation of composably secure quantum random numbers ever reported.

Abstract: Quantum Key Distribution (QKD) allows unconditionally secure communication based on the laws of quantum mechanics rather then assumptions about computational hardness. Optimizing the operation parameters of a given QKD implementation is indispensable in order to achieve high secure key rates. So far, there exists no model that accurately describes entanglement-based QKD with continuous-wave pump lasers. For the first time, we analyze the underlying mechanisms for QKD with temporally uniform pair-creation probabilities and develop a simple but accurate model to calculate optimal trade-offs for maximal secure key rates. In particular, we find an optimization strategy of the source brightness for given losses and detection-time resolution. All experimental parameters utilized by the model can be inferred directly in standard QKD implementations, and no additional assessment of device performance is required. Comparison with experimental data shows the validity of our model. Our results yield a tool to determine optimal operation parameters for already existing QKD systems, to plan a full QKD implementation from scratch, and to determine fundamental key rate and distance limits of given connections.

Abstract: A quantum bit commitment scheme is to realize bit (rather than qubit) commitment by exploiting quantum communication and quantum computation. In this work, we study the binding property of the quantum string commitment scheme obtained by composing a generic quantum computationally-binding bit commitment scheme in parallel. We show that the resulting scheme satisfies a stronger quantum computational binding property than the trivial honest-binding, which we call predicate-binding. Intuitively and very roughly, the predicate-binding property guarantees that given any inconsistent predicate pair over a set of strings (i.e. no strings in this set can satisfy both predicates), if a (claimed) quantum commitment can be opened so that the revealed string satisfies one predicate with certainty, then the same commitment cannot be opened so that the revealed string satisfies the other predicate except for a negligible probability. As an application, we plug a generic quantum perfectly(resp. statistically)-hiding computationally-binding bit commitment scheme in Blum's zero-knowledge protocol for the NP-complete language Hamiltonian Cycle. The quantum computational soundness of the resulting protocol will follow immediately from the quantum computational predicate-binding property of commitments. Combined with the perfect(resp. statistical) zero-knowledge property which can be similarly established as [Watrous], as well as known constructions of quantum computationally-binding bit commitment scheme, this gives rise to the first quantum perfect(resp. statistical) zero-knowledge argument system for all NP languages merely relying on quantum-secure one-way functions.

Abstract: Quantum enhanced receivers are endowed with resources to achieve higher sensitivities than conventional technologies. For application in optical communications, they provide improved discriminatory capabilities for multiple non-orthogonal quantum states. In this work, we propose and experimentally demonstrate a new decoding scheme for quadrature phase-shift encoded signals. Our receiver surpasses the standard quantum limit and outperforms all previously known non-adaptive detectors at low input powers. Unlike existing approaches, the receiver only exploits linear optical elements and on-off photo-detection. This circumvents the requirement for challenging feed-forward operations that limit communication transmission rates and can be readily implemented with current technology.

Abstract: Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states. One trivial solution in both settings is downloading all states from the servers and the main goal of this paper is to find more efficient QPIR protocols. First, we prove that the trivial solution is optimal for one-server QPIR in the blind setting. In one-round protocols, the same optimality holds even in the visible setting. On the other hand, when the user and the server share entanglement, we prove that there exists an efficient one-server QPIR protocol in the blind setting. Furthermore, in the visible setting, we prove that it is possible to construct symmetric QPIR protocols in which the user obtains no information of the non-targeted messages. We construct two-server symmetric QPIR protocols. Note that symmetric classical PIR is impossible without shared randomness unknown to the user.

Abstract: We derive a general framework for a quantum metrology scheme where the quantum probes are exchanged via an unsecured quantum channel. We construct two protocols for this task which offer a trade-off between difficulty of implementation and efficiency. We show that, for both protocols, a malicious eavesdropper cannot access any information regarding the unknown parameter. We further derive general inequalities regarding how the uncertainty in a resource state for quantum metrology can bias the estimate and the precision. From this, we link the effectiveness of the cryptographic part of the protocol to the effectiveness of the metrology scheme with a (potentially) malicious probe resource state.

Abstract: Time-Correlated Single Photon Counting (TCSPC) and continuous time tagging of photon arrival times are very powerful tools in many areas of applied physics [1]. In optical quantum science, they are widely used for the characterization of non-classical light emitters and the detection of coincident photon arrival events. In light of the recent quantum technology initiatives, these timing devices play a central role as crucial technological building blocks. Here, we present a new scalable concept of multi-channel event timers with up to 64 channels, 5 ps digital resolution and accurate long-distance synchronization capabilities using the White Rabbit fiber network protocol [2]. We demonstrate a relative timing precision of about 40 ps to 50 ps r.m.s. over several kilometers distance in network topologies of different complexity and with different fiber lengths, with and without additional network traffic. One set of results measuring across 5 different devices in a simple star-topology using one White Rabbit switch is shown in Fig. 1 as an example. The new event timers have an extremely short dead time of <650 ps, which keeps up with the quick progress of development in the area of superconducting nanowires and other single photon detectors with short recovery times. The event timers feature two data interfaces to the host: a USB interface and a low-latency interface to external FPGAs, on which custom algorithms for real-time data processing can be implemented. In particular, the FPGA interface is presently being employed in a demonstrator of a high speed QKD system as part of the QuPAD project, funded by the German Federal Ministry of Eduaction and research, contract number 13N14953. The new design also provides several valuable features such as adjustable timing offsets for each input channel at full resolution, four external marker inputs for imaging and other synchronization tasks, as well as in/outputs for hardware driven experiment control, as established in various trendsetting instruments developed earlier [3-4]. References [1] P. Kapusta, M. Wahl, and R. Erdmann (eds.), Advanced Photon Counting - Applications, Methods, Instrumentation, (Springer International Publishing, 2015) [2] J. Serrano, P. Alvarez, M. Cattin, E. G. Cota, P. M. J. H. Lewis, T. Włostowski et al., "The White Rabbit Project", Proc. ICALEPCS TUC004, Kobe, Japan (2009). [3] M. Wahl, T. Roehlicke, S. Kulisch, S. Rohilla, B. Kraemer and A.C. Hocke, "Photon arrival time tagging with many channels, sub-nanosecond deadtime, very high throughput, and fiber optic remote synchronization", Rev. Sci. Instrum. 91, 013108 (2020). [4] M. Wahl, H.-J. Rahn, T. Roehlicke, R. Erdmann, G. Kell, A. Ahlrichs, M. Kernbach, A.W. Schell, and O. Benson, "Integrated multichannel photon timing instrument with very short dead time and high throughput ", Rev. Sci. Instrum. 84, 043102 (2013).

Abstract: Reference-frame-independent quantum key distribution (RFI-QKD) can dispense with the requirements of active alignment on reference frames between legitimate users, which is beneficial for free-space implementation. However, the fluctuating transmittance due to atmospheric turbulence still remains a great challenge for improving the performance and has been seldom addressed. In this paper we extend the recently proposed prefixed-threshold real-time selection method to RFI-QKD while combining practical consideration of the transmittance probability distribution model based on the finite aperture theory. Through numerical simulations, we present an estimation for the variance of the log-normal model with respect to distance and receiving aperture radius, and demonstrate the effectiveness of using this method in the RFI protocol. Considering the finite-key effects, simulation results show that the gap of the key rate with different reference frame deviations can be alleviated by increasing the data size. By adopting this method one can tolerate more serious transmission loss, especially in strong turbulence cases, which is helpful for future free-space experimental designs.

Abstract: The core of security proofs of quantum key distribution (QKD) is the estimation of a parameter that determines the amount of privacy amplification that the users need to apply in order to distil a secret key. To estimate this parameter using the observed data, one needs to apply concentration inequalities, such as random sampling theory or Azuma’s inequality. The latter can be straightforwardly employed in a wider class of QKD protocols, including those that do not rely on mutually unbiased encoding bases, such as the loss-tolerant (LT) protocol. However, when applied to real-life finite-length QKD experiments, Azuma’s inequality typically results in substantially lower secret-key rates. Here, we propose an alternative security analysis of the LT protocol against general attacks, for both its prepare-and-measure and measure-device-independent versions, that is based on random sampling theory. Consequently, our security proof provides considerably higher secret-key rates than the previous finite-key analysis based on Azuma’s inequality. This work opens up the possibility of using random sampling theory to provide alternative security proofs for other QKD protocols.

Abstract: Currently most quantum teleportation experiments are based on qubits. Here, we demonstrate a quantum autoencoder assisted teleportation for high-dimensional quantum states. Our method of training the autoencoder allows us to take a finite sample of those states, learn how to compress them to qubits with nearly unit fidelity. After training, we can teleport any further states from the sender and reconstruct them with high fidelity on the receiver part. We verify the proposed scheme by teleporting a qutrit via a silicon-photonic chip. High fidelity is achieved between the input qutrit and the qutrit recovered from the teleported qubit.

Abstract: Integrated photonics provides a route both to miniaturize quantum key distribution (QKD) devices and to enhance their performance. A key element for discrete-variable QKD is single-photon detector. It is necessary to integrate such device onto a photonic chip to enable the realization of practical and scalable quantum networks. Here, we report a successful interfacing of Complementary Metal-Oxide-Semiconductor (CMOS)-compatible silicon nanophotonics with optical waveguide-integrated superconducting nanowire single-photon detector (SNSPD). We perform the first optimal Bell-state measurement (BSM) of time-bin encoded qubits generated from two independent lasers benefited from the reduced dead time of SNSPD ∼3.4 ns. The optimal BSM enables an increased key rate of measurement-device-independent QKD, which is immune to all attacks against the detection system and hence provides the basis for a QKD network with untrusted relays. Together with the time-multiplexed technique, we have enhanced the sifted key rate by almost one order of magnitude. Combined with integrated QKD transmitters, a scalable, chip-based and cost-effective QKD network should become realizable in the near future.

Abstract: Quantum random numbers distinguish themselves from others by their intrinsic unpredictability arising from the principles of quantum mechanics. As such they are extremely useful in many scientific and real-world applications with considerable efforts going into their realizations. Most demonstrations focus on high asymptotic generation rates. For this goal, a large number of repeated trials are required to accumulate a significant store of certifiable randomness, resulting in a high latency between the initial request and the delivery of the requested random bits. Here we demonstrate low-latency real-time certifiable quantum randomness generation from measurements on photonic time-bin states. For this, we develop methods to efficiently certify randomness taking into account adversarial imperfections in both the state preparation and the measurement apparatus. Every 0.12 seconds we generate a block of 8192 random bits which are certified against all quantum adversaries with an error bounded by 2^{-64}. Our quantum random number generator is thus well suited for realizing a continuously operating, high-security, and high-speed quantum randomness beacon.

Abstract: Continuous-variable quantum information, encoded into in finite-dimensional quantum systems, is a promising platform for the realization of many quantum information protocols, including quantum computation, quantum metrology, quantum cryptography, and quantum communication. To successfully demonstrate these protocols, an essential step is the certi fication of multimode continuous variable quantum states and quantum devices. This problem is well studied under the assumption that multiple uses of the same device result into identical and independently distributed (i.i.d.) operations. However, in realistic scenarios, identical and independent state preparation and calls to the quantum devices cannot be generally guaranteed. Important instances include adversarial scenarios and instances of time-dependent and correlated noise. In this paper, we propose the first set of reliable protocols for verifying multimode continuous-variable entangled states and devices in these non-i.i.d scenarios.

Abstract: We prove impossibility of composable oblivious transfer in relativistic and quantum settings, and provide constructions between different versions of oblivious transfer and bit commitment. We do so in the abstract cryptography framework, with cryptographic resources instantiated as causal boxes in Minkowski space. This paper can be seen as an application of Vilasini et al’s approach to other cryptographic primitives.

Abstract: We introduce a secure hardware device named a QEnclave that can secure the remote execution of quantum operations while only using classical controls. This device extends to quantum computing the classical concept of a secure enclave which isolates a computation from its environment to provide privacy and tamper-resistance. Remarkably, our QEnclave only performs single-qubit rotations, but can nevertheless be used to secure an arbitrary quantum computation even if the qubit source is controlled by an adversary. More precisely, attaching a QEnclave to a quantum computer, a remote client controlling the QEnclave can securely delegate its computation to the server solely using classical communication. We investigate the security of our QEnclave by modeling it as an ideal functionality named Remote State Rotation. We show that this resource allows blind delegated quantum computing with perfect security. Our proof relies on standard tools from delegated quantum computing. Working in the Abstract Cryptography framework, we show a construction of remote state preparation from remote state rotation preserving the security. An immediate consequence is the weakening of the requirements for blind delegated computation. While previous delegated protocols were relying on a client that can either generate or measure quantum states, we show that this same functionality can be achieved with a client that only transforms quantum states without generating or measuring them. Combined with known impossibility results for implementing remote state preparation with classical communication, our construction suggests a new way for blind secure delegated computation. Computational assumptions that circumvent this impossibility induce large overheads that prevent their practical use. But our approach does not increase the complexity of the problem, and relies on hardware assumptions that are already used in practice for classical computations. It hence provides a better way of implementing blind remote delegation on real quantum computing systems.

Abstract: In this paper, we propose a new theoretical scheme for quantum secure direct communication (QSDC) with user authentication. Different from the previous QSDC protocols, the present protocol uses only one orthogonal basis of single-qubit states to encode the secret message. Moreover, this is a one-time and one-way communication protocol, which uses qubits prepared in a randomly chosen arbitrary basis, to transmit the secret message. We discuss the security of the proposed protocol against some common attacks and show that no eavesdropper can get any information from the quantum and classical channels. We have also studied the performance of this protocol under realistic device noise. We have executed the protocol in the IBMQ Armonk device and proposed a repetition code-based protection scheme that requires minimal overhead.

Abstract: Mistrustful cryptography includes important tasks like bit commitment, oblivious transfer, coin flipping, secure computations, position authentication, digital signatures and secure unforgeable tokens. Practical quantum implementations presently use photonic setups. In many such implementations, Alice sends photon pulses encoding quantum states and Bob chooses measurements on these states. In practice, Bob generally uses single photon threshold detectors, which cannot distinguish the number of photons in detected pulses. Also, losses and other imperfections require Bob to report the detected pulses. Thus, malicious Alice can send and track multi-photon pulses and thereby gain information about Bob's measurement choices, violating the protocols' security. Here, we provide a theoretical framework for analysing such multi-photon attacks, and present known and new attacks. We illustrate the power of these attacks with an experiment, and study their application to earlier experimental demonstrations of mistrustful quantum cryptography. We analyse countermeasures based on selective reporting and prove them inadequate. We also discuss side-channel attacks where Alice controls further degrees of freedom or sends other physical systems.

Abstract: Oblivious transfer (OT) is a cryptographic primitive which is universal for multiparty computation. Unfortunately, perfect information-theoretically (IT) secure quantum oblivious transfer is impossible (except with restrictions on cheating parties). Imperfect IT secure quantum oblivious transfer remains possible, but the smallest possible cheating probabilities are not known. Informally, in 1-out-of-2 oblivious transfer, a sender Alice has two bits x0, x1. A receiver Bob obtains one of these, xb, where b= 0 or b= 1. Alice should not be able to guess b, and Bob should not be able to guess the bit value he did not obtain. Bounds on cheating probabilities in quantum oblivious transfer have previously been investigated for complete protocols. “Complete” means that if sender Alice and receiver Bob both follow the protocol, the bit value Bob obtains correctly matches Alice’s bit value. Here we instead investigate incomplete protocols, where Bob obtains an incorrect bit value with probability pf. For complete protocols, both “classical” and quantum, it holds that if one party can cheat no better than with a random guess, then the other party can cheat perfectly. For incomplete protocols, in contrast, even with no restrictions on cheating parties, and when one party can cheat no better than with random guess, it is possible that the other party still cannot cheat perfectly; their cheating probability can be lower than in complete protocols. We find the optimal non-interactive protocols where Alice’s bit values are represented by four symmetric pure quantum states, and where Alice cannot cheat better than with a random guess. “Optimal” means that for a given pf, Bob’s cheating probability pr is as low as possible, and vice versa. We also show that quantum protocols can outperform classical non-interactive protocols. Our results also provide a lower bound on Bob’s cheating probability in interactive quantum protocols. An advantage of the non-interactive protocols we investigate is that they require neither entanglement nor quantum memory. The optimal protocols could be readily implemented using standard optical components.

Abstract: Shared entanglement between two remote parties is a key resource for Quantum Cryptography. Quantum communications capacity using direct transmission over length-$L$ optical fiber scales as $R \sim e^{-\alpha L}$, where $\alpha$ is the fiber's loss coefficient. The rate achieved using a linear chain of quantum repeaters equipped with quantum memories, probabilistic Bell state measurements (BSMs) and switches used for spatial multiplexing, but no quantum error correction was shown to surpass the direct-transmission capacity. However, this rate still decays exponentially with the end-to-end distance, viz., $R \sim e^{-s{\alpha L}}$, with $s < 1$. We show that the introduction of temporal multiplexing---i.e., the ability to perform BSMs among qubits at a repeater node that were successfully entangled with qubits at distinct neighboring nodes at {\em different} time steps---leads to a sub-exponential rate-vs.-distance scaling, i.e., $R \sim e^{-t\sqrt{\alpha L}}$, which is not attainable with just spatial or spectral multiplexing. We evaluate analytical upper and lower bounds to this rate and obtain the exact rate by numerically optimizing the time-multiplexing block length and the number of repeater nodes. We further demonstrate that incorporating losses in the optical switches used to implement time-multiplexing degrades the rate-vs.-distance performance, eventually falling back to exponential scaling for very lossy switches. We also examine models for quantum memory decoherence and describe optimal regimes of operation to preserve the desired boost from temporal multiplexing. QM decoherence is seen to be more detrimental to the repeater's performance over switching losses.

Abstract: There are two critical challenges that must be addressed for Quantum Key Distribution (QKD) to achieve wide-scale adoption. First, overcoming distance limitations and second increasing secret key generation rates. Our work investigates the design of novel routing algorithms for near-future QKD networks to help mitigate these problems. The networks we consider also may serve as a bridge between today's QKD networks and the long-term goal of a true Quantum Internet.

Abstract: Recent experimental breakthroughs in satellite quantum communications have opened up the possibility of creating a global quantum internet using satellite links. This approach appears to be particularly viable in the near term, due to the lower attenuation of optical signals from satellite to ground, and due to the currently short coherence times of quantum memories. The latter prevents ground-based entanglement distribution using atmospheric or optical-fiber links at high rates over long distances. In this work, we propose a global-scale quantum internet consisting of a constellation of orbiting satellites that provides a continuous, on-demand entanglement distribution service to ground stations. The satellites can also function as untrusted nodes for the purpose of long-distance quantum-key distribution. We develop a technique for determining optimal satellite configurations with continuous coverage that balances both the total number of satellites and entanglement-distribution rates. Using this technique, we determine various optimal satellite configurations for a polar-orbit constellation, and we analyze the resulting satellite-to-ground loss and achievable entanglement-distribution rates for multiple ground station configurations. We also provide a comparison between these entanglement-distribution rates and the rates of ground-based quantum repeater schemes. Overall, our work provides the theoretical tools and the experimental guidance needed to make a satellite-based global quantum internet a reality.

Abstract: We design and fabricate a quantum photonic circuit to generate a 4-qubit state to load single qubit information and implement a quantum error correction code to demonstrate its capability of detecting and correcting a single-bit error. The encoded quantum information can be reconstructed from different types of errors and achieve an average state fidelity of 86%. We further extend the scheme to demonstrate fault-tolerant measurement-based quantum computing that allows us to redo the qubit operation against the failure of the teleportation process.

Abstract: We map the perfect matching problem in graph theory to a reconfigurable GBS model with the connection of the Hafnian of a matrix. We configure the linear optical circuit and squeeze parameter of the GBS model according to the decomposed unitary matrix and diagonal matrix of the graph’s adjacency matrix. The perfect matching numbers can be directly acquired from the 4-photon coincidence counts with a distribution similarity of 0.9304.

Abstract: In decoy-state-based QKD, GHz clocked or higher frequency transmitters exhibit correlations between the intensities of succeeding pulses. As a consequence, every pulse leaks partial information about previous intensity settings to an eavesdropper, thus invalidating the fundamental principle of the decoy-states method, i.e., the independent character of the yields from the intensity settings. In this work, we present a technique that allows to incorporate arbitrary intensity correlations to the decoy-state analysis, thereby solving a pressing problem in the race towards practical high-speed QKD systems. As a side contribution, we present a non-standard derivation of the asymptotic key rate formula from the non-asymptotic one, in so revealing a largely dismissed necessary condition for the significance of the former. We discuss this condition in full detail.

Abstract: Privacy amplification (PA) is an indispensable component in classical and quantum cryptography. Error correction (EC) and data compression (DC) algorithms are also indispensable in classical and quantum information theory. We here study these three algorithms (PA, EC, and DC) in the presence of quantum side information, and show that they all become equivalent in the one-shot scenario. As an application of this equivalence, we take previously known security bounds of PA, and translate them into coding theorems for EC and DC which have not been obtained previously. Further, we apply these results to simplify and improve our previous result that the two prevalent approaches to the security proof of quantum key distribution (QKD) are equivalent. We also propose a new method to simplify the security proof of QKD.

Abstract: We present a quantum key distribution (QKD) platform targeting mid-range fiber, free-space and hybrid links. With its interfaces for third-party post-processing, commercial key management, encryptors and QRNG, the modular and flexible system enables easy integration into existing telecom infrastructures. Recent experiments demonstrate its seamless operation over fiber and free-space links.

Abstract: We consider (Enc, Dec) schemes which are used to encode a classical/quantum message m and derive an n-qubit quantum codeword ψ_m. The quantum codeword ψ_m can adversarially tamper via a unitary U∈F_u from some known tampering unitary family F_u, resulting in Uψ_mU†. Firstly, we initiate the general study of quantum tamper detection codes, which must detect that tampering occurred with high probability. In case there was no tampering, we would like to output the message m with a probability of 1. We show that quantum tamper detection codes exist for both classical messages and quantum messages for any family F_u of unitary operators, such that |F_u|<2^{2^{αn}} for some known constant α∈(0,1) and all the unitary operators satisfy one additional condition : Far from Identity : For each U∈F_u, we require that its modulus of trace value isn't too much i.e. $ |Trace(U)| \leq \phi N$, where N=2^n. Quantum tamper-detection codes are quantum generalizations of classical tamper detection codes studied by Jafargholi et al. Additionally for classical message m, if we must either output message m or detect that tampering occurred and output ⊥ with high probability, we show that it is possible without the restriction of Far from Identity condition for any family of unitary operators F_u, such that |F_u|<2^{2^αn}. We also provide efficient (Enc, Dec) schemes when the family of tampering unitary operators are from Pauli group Pn, which can be thought of as a quantum version of the algebraic manipulation detection (AMD) codes of Cramer et al.

Abstract: With the development of delegated quantum computation, clients will want to ensure confidentiality of their data and algorithms, and the integrity of their computations. While protocols for blind and verifiable quantum computation exist, they suffer from high overheads and from over-sensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. We introduce the first blind and verifiable protocol for delegating BQP computations to a powerful server with repetition as the only overhead. It is composably statistically secure with exponentially-low bounds and can tolerate a constant amount of global noise.

Abstract: High-dimensional quantum key distribution (QKD) provides ultimate secure communication with secure key rates that cannot be obtained by QKD protocols with binary encoding. However, so far the proposed protocols required additional experimental resources, thus raising the cost of practical high-dimensional systems and limiting their use. Here, we analyze and demonstrate a novel scheme for fiber-based arbitrary-dimensional QKD, based on the most popular commercial hardware for binary time bins encoding. Quantum state transmission is tested over 40 km channel length of standard single-mode fiber, exhibiting a two-fold enhancement of the secret key rate in comparison to the binary Coherent One Way (COW) protocol, without introducing any hardware modifications. This work holds a great potential to enhance the performance of already installed QKD systems by software update alone.

Abstract: We demonstrate a simple and compact MDI-QKD system design based on optical injection locking and gain-switching techniques, capable of directly encoding phase-modulated time-bin bits. Our results improve upon the state-of-the-art key rates by an order of magnitude.

Abstract: Message Authentication Code or MAC, is a well-studied cryptographic primitive that is used in order to authenticate communication between two parties sharing a secret key. A Tokenized MAC or TMAC is a related cryptographic primitive, introduced by Ben-David & Sattath (QCrypt'17) which allows to delegate limited signing authority to third parties via the use of single-use quantum signing tokens. These tokens can be issued using the secret key, such that each token can be used to sign at most one document. We provide an elementary construction for TMAC based on BB84 states. Our construction can tolerate up to 14% noise, making it the first noise-tolerant TMAC construction. The simplicity of the quantum states required for our construction combined with the noise-tolerance, makes it practically more feasible than the previous TMAC construction. The TMAC is existentially unforgeable against adversaries with signing and verification oracles (i.e., analogous to EUF-CMA security for MAC), assuming post-quantum collision-resistant hash functions exist.

Abstract: Random number generators underpin the security of current and future cryptographic systems and are therefore a likely target for attackers. Quantum random number generators have been hailed as the ultimate sources of randomness. However, as shown in this work, the susceptibility of the sensitive electronics required to implement such devices poses a serious threat to their security. We present the first out-of-band electromagnetic injection attack on a quantum random number generator through which an adversary can gain full control of the output. In our first experiment, the adversary forces the binary output of the generator to become an alternating string of 1s and 0s, with near 100% success. This attack may be spotted by a vigilant user performing statistical tests on their output strings. We therefore envisage a second more subtle attack in which the adversary forces the output to be a random pattern known to them, thus rendering any protection based on statistical tests ineffective.

Abstract: Self-testing is a method to verify that one has a particular quantum state from purely classical statistics. For practical applications, such as device-independent delegated verifiable quantum computation, it is crucial that one self-tests multiple Bell states in parallel while keeping the quantum capabilities required of one side to a minimum. In this work, we use the $3 \times n$ magic rectangle games (generalisations of the magic square game) to obtain a self-test for $n$ Bell states where the one side needs only to measure single-qubit Pauli observables. The protocol requires small input sizes (constant for Alice and $O(\log n)$ bits for Bob) and is robust with robustness $O(n^{5/2} \sqrt{\varepsilon})$, where $\varepsilon$ is the closeness of the observed correlations to the ideal. To achieve the desired self-test we introduce a one-side-local quantum strategy for the magic square game that wins with certainty, generalise this strategy to the family of $3 \times n$ magic rectangle games, and supplement these nonlocal games with extra check rounds (of single and pairs of observables).

Abstract: The negative solution to the famous problem of 36 officers of Euler implies that there are no two orthogonal Latin squares of order six. We show that the problem has a solution, provided the officers are entangled, and construct orthogonal quantum Latin squares of this size. As a consequence, we find an Absolutely Maximally Entangled state AME(4,6) of four subsystems with six levels each, equivalently a 2-unitary matrix of size 36, which maximizes the entangling power among all bipartite unitary gates of this dimension, or a perfect tensor with four indices, each running from one to six. This special state deserves the appellation golden AME state as the golden ratio appears prominently in its elements. This result allows us to construct a pure non-additive quhex quantum error detection code ((3,6,2))_6, which saturates the Singleton bound and allows one to encode a 6-level state into a triplet of such states.

Abstract: Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a noninteractive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multi-valued quantum point obfuscation. One is with single-qubit point obfuscation and the other is with multi-qubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators.

Abstract: We study a generalization of the Mermin–Peres magic square game to arbitrary rectangular dimensions. After exhibiting some general properties, these rectangular games are fully characterized in terms of their optimal win probabilities for quantum strategies. We find that for $m \times n$ rectangular games of dimensions $m,n \geq 3$, there are quantum strategies that win with certainty, while for dimensions $1 \times n$ quantum strategies do not outperform classical strategies. The final case of dimensions $2 \times n$ is richer, and we give upper and lower bounds that both outperform the classical strategies. Finally, we apply our findings to quantum certified randomness expansion to find the noise tolerance and rates for all magic rectangle games. To do this, we use our previous results to obtain the winning probability of games with a distinguished input for which the devices give a deterministic outcome and follow the analysis of C. A. Miller and Y. Shi (2017).

Abstract: Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit C from a circuit class, SSL produces an encoding of C that enables a recipient to evaluate C, and also enables the originator of the software to verify that the software has been returned --- meaning that the recipient has relinquished the possibility of any further use of the software. Clearly, such a functionality is unachievable using classical information alone, since it is impossible to prevent a user from keeping a copy of the software. Recent results have shown the achievability of SSL using quantum information for a class of functions called compute-and-compare (these are a generalization of the well-known point functions). These prior works, however all make use of setup or computational assumptions. Here, we show that SSL is achievable for compute-and-compare circuits without any assumptions. Our technique involves the study of quantum copy-protection, which is a notion related to SSL, but where the encoding procedure inherently prevents a would-be quantum software pirate from splitting a single copy of an encoding for C into two parts, each of which enables a user to evaluate C. We show that point functions can be copy-protected without any assumptions, for a novel security definition involving one honest and one malicious evaluator; this is achieved by showing that from any quantum message authentication code, we can derive such an honest-malicious copy-protection scheme. We then show that a generic honest-malicious copy-protection scheme implies SSL; by prior work, this yields SSL for compute-and-compare functions.

Abstract: We investigate a class of partially device-independent quantum key distribution protocols based on a prepare-and-measure setup which simplifies their implementation. The security of the protocols is based on the assumption that Alice’s prepared states have limited overlaps, but no explicit bound on the Hilbert space dimension is required. The protocols are therefore immune to attacks on Bob’s device, such as blinding attacks. The users can establish a secret key while continuously monitoring the correct functioning of their devices through observed statistics. We report a proof- of-principle demonstration, involving mostly off-the-shelf equipment, as well as a high-efficiency superconducting nanowire detector. A positive key rate is demonstrated over a 4.8km low-loss optical fiber with finite-key analysis. The prospects of implementing these protocols over longer distances is discussed.

Abstract: Oblivious transfer (OT) is an important cryptographic primitive for transmitting information between two non-trusting parties and can be used as basic building block to implement any two-party computation. One variant of OT is XOR oblivious transfer (XOT), where the sender Alice has two bits and sends them to the receiver Bob. Bob will obtain either the first bit, the second bit, or their XOR. In an honest run of the protocol, Bob should not learn anything more than this, and Alice should not be able to tell what Bob has learned. Unfortunately, perfect quantum OT is impossible with information-theoretic security, so we focus on obtaining the smallest possible cheating probabilities for dishonest parties, when there are no restrictions imposed on them. We present a non-interactive quantum XOT protocol with classical post-processing, where the cheating probabilities are 1/2 for Alice and 3/4 for Bob. Reversing this protocol, so that Bob becomes the sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob, we show that the cheating probabilities for both parties stay the same as for the unreversed protocol. The reversed protocol is even easier to implement. The quantum XOT protocol outperforms classical XOT protocols. Lastly, we are in the process of implementing both the unreversed and the reversed protocol experimentally.

Abstract: A device-independent randomness expansion protocol aims to take an initial random string and generate a longer one, where the security of the protocol does not rely on knowing the inner workings of the devices used to run it. In order to do so, the protocol tests that the devices violate a Bell inequality and one then needs to bound the amount of extractable randomness in terms of the observed violation. The entropy accumulation theorem gives a bound in terms of the single-round von Neumann entropy of any strategy achieving the observed score. Tight bounds on this are known for the one-sided randomness when using the Clauser-Horne-Shimony-Holt (CHSH) game. Here we find the minimum von Neumann entropies for a given CHSH score relevant for one and two sided randomness that can be applied to various protocols. In particular, we show the gain that can be made by using the two-sided randomness and by using a protocol without spot-checking where the input randomness is recycled. We also discuss protocols that fully close the locality loophole while expanding randomness. Although our bounds are mostly numerical, we conjecture analytic formulae for the curves in two cases.

Abstract: Quantum key distribution (QKD) ensures the sharing of secret cryptographic keys between distant entities (typically called Alice and Bob), whose intrinsic security is guaranteed by the laws of nature [1–3]. Besides pioneering experiments involving satellite transmission [4], the challenge is the integration of this technology in telecommunication fiber networks, in particular in long haul segments [5–11]. The longest achievable communication distance is limited by the channel loss which increases exponentially with the fiber length and noise in the deployed single photon detector. The secure QKD key rate decreases exponentially with the channel fiber length. Although the communication distance could be extended using quantum repeaters, the related research is still at a proof-of-principle level [12]. Presently the widely adopted solution is the exploitation of trusted nodes, whose security represents however a significant technical issue. An innovative approach that overcomes, at least partially, the need for trusted node is represented by the recently proposed QKD protocol dubbed twin-field QKD (TF-QKD) [13]. In TF-QKD, the information is encoded on dim laser pulses generated at distant Alice and Bob terminals and sent through optical fiber over half of the entire communication distance to the central node, Charlie, where they interfere. For this reason, the TF-QKD has weaker dependence on channel losses, essentially doubling the communication distance with respect to the conventional prepare-and-measure QKD solution. TF-QKDhas been proved secure against general attacks (see e.g. [14–18]), but its implementation is challenging as the optical pulses sent by Alice and Bob are required to be phase-coherent and preserve coherence when reaching Charlie after travelling the long fiber paths. While phase coherence can be achieved by phase-locking the two QKD lasers in Alice and Bob to a common reference laser transmitted through a service channel, uncorrelated phase changes due to the length and refractive index fluctuations in the long optical fibers still remain and will reduce the visibility of the interference measurement. In the TF-QKD proof-of-principle experiments [19–26], this effect was mitigated by interleaving the QKD frames with classical transmission frames that were used to periodically realign the phases of interfering pulses. Here we present an alternative solution derived from the metrological research community, more precisely from atomic clocks comparison technology. Specifically, transmission of coherent laser radiation over thousand-kilometer-long fibers is exploited for the comparison of distant atomic clocks at the highest accuracy [27–32]. In this case phase fluctuations in long fiber also need to be addressed, othewise they would substantially degrade the comparison results. Precise comparison among these atomic clocks are made possible by the use of ultra-stable lasers and the active cancellation of the noise introduced by connecting fibers. Here we demonstrate that this technique can be successfully adapted into a TF-QKD setup. More specifically, we designed and developed an apparatus suitable for actively cancelling phase fluctuations of both the lasers and of the connecting fibers in a TF-QKD setup. This is achieved by transmitting an additional sensing laser light at a slightly different wavelength in the same fiber as the QKD dim pulses. In Charlie, this sensing laser is used for the fiber optical length stabilisation. We show that this multiplexed solution can be properly tuned in order to avoid a sizeable impact on the number of background photons observed by the single-photon detectors in the QKD channels, allowing simultaneous key streaming and channels stabilization, ensuring longer duty-cycles of the QKD process and a tighter control of the optical phase on long-haul deployed fibers. Furthermore, we tested our solution in a real-world network where the net losses between Alice and Bob are as high as 65 dB, resulting here in a distance of 206 km, or equivalent at 325 km on a fiber haul at common nominal losses of 0.2 dB/km [33]. References [1] Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014). [2] Scarani, V. et al. The security of practical quantum key distribution. Rev. Mod. Phys. 81, 1301 (2009). [3] Kwong Lo, H., Curty, M. & Tamaki, K. Secure quantum key distribution. Nature Photonics 8, 595-604 (2014). [4] Liao, S-K., Cai, W-Q., Pan, J-W. Satellite-to-ground quantum key distribution, Nature 549, 43-47 (2017) [5] Peev, M. et al. The SECOQC quantum key distribution network in Vienna, New J. Phys. 11, 075001 (2009). [6] Sasaki, M. et al. Field test of quantum key distribution in the Tokyo QKD Network. Opt. Expr. 19, 10387 (2011). [7] Dynes, J. F. et al. Cambridge quantum network. npj Quantum Inf. 5, 101 (2019). [8] Shimizu K., et al. Performance of long-distance quantum key distribution over 90-km optical links installed in a field environment of Tokyo metropolitan area. J. Lightwave Technol. 32,, 141-51 (2014). [9] Bacco, D. et al. Field trial of a three-state quantum key distribution scheme in the Florence metropolitan area. EPJ Quantum Technol.6, 5 (2019). [10] Choi, I. et al. Field trial of a quantum secured 10 Gb/s DWDM transmission system over a single installed fiber. Opt. Expr 22, 23121-23128 (2014). [11] Dixon, A. R. et al. Quantum key distribution with hacking countermeasures and long term field trial, Sci. Rep. 7, 7583 (2017). [12] Xu, F., Ma, X., Zhang, Q., Lo, H-K. & Pan, J-W. Secure quantum key distribution with realistic devices. Rev. Mod. Phys. 92, 025002 (2020) [13] Lucamarini, M., Yuan, Z. L., Dynes, J. F., Shields, A. J. Overcoming the rate-distance limit of quantum key distribution without quantum repeaters. Nature 557, 400-403 (2018). [14] Ma, X. Zeng, P., & Zhou, H. Phase-Matching Quantum Key Distribution. Phys. Rev. X 8, 031043 (2018). [15] Wang, X-B., Yu, Z-W. & Hu, X-L. Twin-field quantum key distribution with large misalignment error. Phys. Rev. A 98, 062323 (2018). [16] Lin J. & Lutkenhaus, N. Simple security analysis of phase-matching measurement-device-independent quantum key distribution. Phys. Rev. A 98, 042332 (2018); [17] Curty, M., Azuma, K. & Lo, H.-K. Simple security proof of twin-field type quantum key distribution protocol. npj Quantum Inf. 5, 64 (2019) [18] Yin, H-L. & Chen, Z-B. Finite-key analysis for twin-field quantum key distribution with composable security, Sci Rep. 9, 17113 (2019). [19] Wang, S. et al. Beating the Fundamental Rate-Distance Limit in a Proof-of-Principle Quantum Key Distribution System. Phys. Rev. X 9, 021046 (2019) [20] Minder, M. et al. Experimental quantum key distribution beyond the repeaterless secret key capacity. Nature Photon. 13, 334-338 (2019) [21] X. Zhong, Hu, J., Curty, M., Qian, L. & Lo, H-K. Proof-of-Principle Experimental Demonstration of Twin-Field Type Quantum Key Distribution. Phys. Rev. Lett. 123, 100506 (2019) [22] Chen, J-P. et al. Sending-or-Not-Sending with Independent Lasers: Secure Twin-Field Quantum Key Distribution over 509 km. Phys. Rev. Lett. 124, 070501 (2020). [23] Fang, X-T., et al. Implementation of quantum key distribution surpassing the linear rate transmittance bound. Nature Photon 14, 422-425 (2020). [24] Pittaluga M, et al., 600 km repeater-like quantum communications with dual-band stabilisation, arXiv:2012.15099 (2020) [25] Hui Liu et al., Field Test of Twin-Field Quantum Key Distribution through Sending-or-Not-Sending over 428 km, arXiv:2101.00276 (2021) [26] Jiu-Peng Chen et al., Twin-Field Quantum Key Distribution over 511 km Optical Fiber Linking two Distant Metropolitans, arXiv:2102.00433 (2021) [27] Clivati, C. et al. Optical frequency transfer over submarine fiber links. Optica 5, 893 (2018). [28] Clivati, C. et al. Common-clock very long baseline interferometry using a coherent optical fiber link. Optica 7, 1031-1037 (2020) [29] Grotti, J. et al. Geodesy and metrology with a transportable optical clock. Nature Physics 14, 437-441 (2018). [30] Lisdat, C. et al. A clock network for geodesy and fundamental science. Nat.Comm. 7, 12443 (2016). [31] Delva, P. et al. Test of Special Relativity Using a Fiber Network of Optical Clocks, Phys. Rev. Lett. 118, 221102 (2017). [32] Guena, J. First international comparison of fountain primary frequency standards via a long distance optical fiber link. Metrologia 54, 348 (2017). [33] Clivati, C. et al. Coherent phase transfer for real-world twin-field quantum key distribution, arXiv:2012.15199 (2021)

Abstract: A central broadcast Quantum Key Distribution protocol employs a thermal source to produce a secret key between Alice and Bob in the presence of an eavesdropper, Eve. Intensity correlations arising due to the Hanbury Brown and Twiss effect are used to produce correlated strings of quadrature measurements between each party, which may then be converted into bit strings. Using analytic methods, as well as through Monte Carlo simulations, we find that the correlations survive a series of beam splitters, and that the bit strings produced are suitable for distilling into a shared key. As thermal sources are already regularly used in modern communications equipment, this may allow quantum key distribution to be performed without using specialist equipment, with future work focusing on experimental implementations of the protocol in the microwave region.

Abstract: Semi-device independent (Semi-DI) quantum random number generators (QRNG) gained attention for security applications, offering an excellent trade-off between security and generation rate. This paper presents a proof-of-principle time-bin encoding semi-DI QRNG experiments based on a prepare-and-measure scheme. The protocol requires two simple assumptions and a measurable condition: an upper-bound on the prepared pulses' energy. We lower-bound the conditional min-entropy from the energy-bound and the input-output correlation, determining the amount of genuine randomness that can be certified. Moreover, we present a generalized optimization problem for bounding the min-entropy in the case of multiple input and outcomes, in the form of a semidefinite program (SDP). The protocol is tested with a simple experimental setup, capable of realizing two configurations for the ternary time-bin encoding scheme. The experimental setup is easy-to-implement and comprises commercially available off-the-shelf (COTS) components at the telecom wavelength, granting a secure and certifiable entropy source. The combination of ease-of-implementation, scalability, high security level and output-entropy, make our system a promising candidate for commercial QRNGs.

Abstract: Symmetry plays a fundamental role in the security analysis of quantum key distribution (QKD). Here we review how symmetry is exploited in continuous-variable (CV) QKD to prove the optimality of Gaussian attacks in the finite-size regime. We then apply these results to improve the efficiency, and thus the key rate, of these protocols. First we show how to improve the efficiency and practicality of the energy test, which is one important routine aimed at establishing an upper bound on the effective dimensions of the otherwise infinite-dimensional Hilbert space of CV systems. Second, we show how the routine of parameter estimation can be made resource efficient in measurement-device independent (MDI) QKD. These results show that all the raw data can be used both for key extraction and for the routines of energy test and parameter estimation. Furthermore, the improved energy test does not require active symmetrization of the measured data, which can be computationally demanding.

Abstract: The fundamental distance limit for quantum key distribution due to photon loss can be overcome by intermediate nodes called quantum repeaters. We provide analytical bounds on the mean and quantiles of the entanglement delivery time for a very general class of repeater schemes, which significantly improve upon existing work. Our bounds enable the analytical assessment of repeater in the presence of time-dependent noise, such as imperfect memories, and are useful for the design and analysis of network sizes beyond the reach of numerics.

Abstract: During the Crypto Forum Research Group (CFRG)'s standardization of password-authenticated key exchange (PAKE) protocols, a novel property emerged: a PAKE scheme is said to be ``quantum-annoying'' if a quantum computer can compromise the security of the scheme, but only by solving one discrete logarithm for each guess of a password. Considering that early quantum computers will likely take quite long to solve even a single discrete logarithm, a quantum-annoying PAKE, combined with a large password space, could delay the need for a post-quantum replacement by years, or even decades. In this paper, we make the first steps towards formalizing the quantum-annoying property. We consider a classical adversary in an extension of the generic group model in which the adversary has access to an oracle that solves discrete logarithms. While this idealized model does not fully capture the range of operations available to an adversary with a general-purpose quantum computer, this model does allow us to quantify security in terms of the number of discrete logarithms solved. We apply this approach to the CPace protocol, a balanced PAKE advancing through the CFRG standardization process, and show that the CPaceBase variant is secure in the generic group model with a discrete logarithm oracle.

Abstract: We study the implementation of quantum-key-distribution (QKD) systems over quantum-repeater infrastructures. We particularly consider quantum repeaters with encoding and compare them with probabilistic quantum repeaters. To that end, we propose two decoder structures for encoded repeaters that not only improve system performance but also make the implementation aspects easier by removing two-qubit gates from the QKD decoder. By developing several scalable numerical and analytical techniques, we then identify the resilience of the setup to various sources of error in gates, measurement modules, and initialization of the setup. We apply our techniques to three- and five-qubit repetition codes and obtain the normalized secret key generation rate per memory per second for encoded and probabilistic quantum repeaters. We quantify the regimes of operation, where one class of repeater outperforms the other, and find that there are feasible regimes of operation where encoded repeaters—based on simple three-qubit repetition codes—could offer practical advantages.

Abstract: The second quantum revolution is underway and the deployment of Quantum Technologies (QT) keeps pace with it. This technological paradigm-switch creates opportunities and challenges for industry, innovation and society. Several large companies, as well as start-ups, have started to develop and engineer quantum devices or begun to integrate them into their products: the commercial success of QT, together with progress in research and development, relies on certification and reliability built upon internationally agreed standards and metrological traceability. In this scenario, a group of European National Metrology Institutes (NMIs) and Delegated Institutes (DIs) have recently created a European Metrology Network for Quantum Technologies (EMN-Q) under the auspices of EURAMET, the European association of NMIs and the regional metrology organisation (RMO) of Europe. In this talk, a short overview of the EMN-Q organization will be provided, together with a report about the current status of the Strategic Research Agenda and on the Technological Roadmaps. Afterwards, the discussion will be focused on QKD and how the EMN-Q has started to answer to the metrology needs of the QKD community.

Abstract: In this paper, we continue the line of work initiated by Boneh and Zhandry at CRYPTO 2013 and EUROCRYPT 2013 in which they formally define the notion of unforgeability against quantum adversaries. We develop a general and parameterised quantum game-based security model unifying unforgeability for both classical and quantum constructions allowing us for the first time to present a complete quantum cryptanalysis framework for unforgeability. In particular, we prove how our definitions subsume previous ones while considering more fine-grained adversarial models, capturing the full spectrum of superposition attacks. The subtlety here resides in the characterisation of a forgery. We show that the strongest level of unforgeability in our framework, namely existential unforgeability, can only be achieved if only orthogonal to previously queried messages are considered to be forgeries. We further show that deterministic constructions can only achieve the weaker notion of unforgeability, that is selective unforgeability, against such adversaries, but that selective unforgeability breaks if more general quantum adversaries (capable of general superposition attacks) are considered. On the other hand, we show that PRF is sufficient for constructing a selective unforgeable classical primitive against full quantum adversaries. Moreover, we show similar positive results relying on Pseudorandom Unitaries (PRU) for quantum primitives. \\ These results demonstrate the generality of our framework that could be applicable to other primitives beyond the cases analysed in this paper.

Abstract: It is known that advantage distillation (that is, information reconciliation using two-way communication) improves noise tolerances for quantum key distribution (QKD) setups. Two-way communication is hence also of interest in the device-independent case, where noise tolerance bounds for one-way error correction are currently too low to be experimentally feasible. Existing security proofs for device-independent advantage distillation rely on fidelity-related security conditions, but previous bounds on the fidelity were not tight. We improve on those results by developing an algorithm that returns arbitrarily tight lower bounds on the fidelity. Our results give new insight on how strong the fidelity-related security conditions are. Finally, we conjecture a necessary security condition that naturally complements the existing sufficient conditions.

Abstract: Quantum entanglement of pure states is usually quantified via the entanglement entropy, the von Neumann entropy of the reduced state. Entanglement entropy is closely related to entanglement distillation, a process for converting quantum states into singlets, which can then be used for various quantum technological tasks. The relation between entanglement entropy and entanglement distillation has been known only for the asymptotic setting, and the meaning of entanglement entropy in the single- copy regime has so far remained open. Here we close this gap by considering entanglement catalysis. We prove that entanglement entropy completely characterizes state transformations in the presence of entangled catalysts. Our results suggest that catalysis is useful for a broad range of quantum information protocols, giving asymptotic results an operational meaning also in the single-copy setup.

Abstract: We study information theoretical security for space links between a satellite and a ground-station. Quantum key distribution (QKD) is a well established method for information theoretical secure communication, giving the eavesdropper unlimited access to the channel and technological resources only limited by the laws of quantum physics. But QKD for space links is extremely challenging, the achieved key rates are extremely low, and day-time operating impossible. However, eavesdropping on a channel in free-space without being noticed seems complicated, given the constraints imposed by orbital mechanics. If we also exclude eavesdropper's presence in a given area around the emitter and receiver, we can guarantee that he has only access to a fraction of the optical signal. In this setting, quantum keyless private (direct) communication based on the wiretap channel model is a valid alternative to provide information theoretical security. Like for QKD, we assume the legitimate users to be limited by state-of-the-art technology, while the potential eavesdropper is only limited by physical laws: either by specifying her detection strategy (Helstrom detector) or by bounding her knowledge, assuming the most powerful strategy through the Holevo information. Nevertheless, we demonstrate information theoretical secure communication rates (positive keyless private capacity) over a classical-quantum wiretap channel using on-o-keying of coherent states. We present numerical results for a setting equivalent to the recent experiments with the Micius satellite and compare them to the fundamental limit for the secret key rate of QKD. We obtain much higher rates compared with QKD with exclusion area of less than 13 meters for Low Earth Orbit (LEO) satellites. Moreover, we show that the wiretap channel quantum keyless privacy is much less sensitive to noise and signal dynamics and daytime operation is possible.

Abstract: We study uncloneable quantum encryption schemes for classical messages as recently proposed by Broadbent and Lord. We focus on the information-theoretic setting and give several limitations on the structure and security of these schemes: Concretely, 1) We give an explicit cloning-indistinguishable attack that succeeds with probability 12+μ/16 where μ is related to the largest eigenvalue of the resulting quantum ciphertexts. 2) The *simultaneous* one-way-to-hiding (O2H) lemma is an important technique in recent works on uncloneable encryption and quantum copy protection. We give an explicit example which shatters the hope of reducing the multiplicative "security loss" constant in this lemma to below 9/8. 3) For a uniform message distribution, we partially characterize the scheme with the minimal success probability for cloning attacks. 4) Under natural symmetry conditions, we prove that the rank of the ciphertext density operators has to grow at least logarithmically in the number of messages to ensure uncloneable security.

Abstract: We describe a QKD field trial running on urban fibers deployed in Padua, Italy. This is the first validation outside of the laboratory environment of a new low-error and calibration-free polarization encoder, called iPOGNAC, which we also present here. Our system is resource- and cost-effective, and can be installed quickly in an existing fiber network.

Abstract: QKD is an emerging industry. Numbers of forecasts indicate rapid growth making it more and more affordable not only to large companies also with the use of service models. At the same time information security is very conservative industry. Digital information security specialists usually do not study quantum mechanics and it cause sense of magic dealing with QKD. The only way to close this gap is education. Most available education solutions focus its efforts on theoretical explanation. Meanwhile if we look at education of telecommunication industry specialists there are a lot of workshops dealing with signal processing equipment. In this work we want to share our experience of creating new competence on World Skills specialists competition. We believe that explanation of QKD via workshops where students can touch by hands optics, electronics and software can change specialist perception from magic to telecommunication equipment.

Abstract: Quantum-access security, where an attacker is granted superposition access to secret-keyed functionalities, is a fundamental security model and its study has inspired results in post-quantum security. We revisit, and fill a gap in, the quantum-access security analysis of the Lamport one-time signature scheme (OTS) in the quantum random oracle model (QROM) by Alagic et al. (Eurocrypt 2020). We then go on to generalize the technique to the Winternitz OTS. Along the way, we develop a tool for the analysis of hash chains in the QROM based on the superposition oracle technique by Zhandry (Crypto 2019) which might be of independent interest.

Abstract: We investigate estimation of fluctuating channels and its effect on security of continuous-variable quantum key distribution. We propose a novel estimation scheme which is based on the clusterization of the estimated transmittance data. We show that uncertainty about whether the transmittance is fixed or not results in a lower key rate. However, if the total number of measurements is large, one can obtain using our method a key rate similar to the non-fluctuating channel even for highly fluctuating channels. We also verify our theoretical assumptions using experimental data from an atmospheric quantum channel. Our method is therefore promising for secure quantum communication over strongly fluctuating turbulent atmospheric channels.

Abstract: The idea of self-testing is to render guarantees concerning the inner workings of a device based on the measurement statistics. It is one of the most formidable quantum certification and benchmarking schemes. Here, we have shown that any bipartite pure entangled state can be self-tested through Quantum Steering. Analogous to the tilted CHSH inequality, we use a steering inequality called Tilted Steering Inequality for self-testing any pure two-qubit entangled state. We have further used this inequality to self-test any bipartite pure entangled state by certifying two-dimensional sub-spaces of the qudit state by observing the structure of the set of assemblages obtained on the trusted side after measurements are made on the un-trusted side. Finally, as a novel feature of self testing via steering, we use the notion of Assemblage based Robust Self Testing to provide robustness bounds for the self testing result in the case of pure maximally entangled states of any local dimension.

Abstract: We derive a device-independent quantum key distribution protocol based on synchronous correlations and their Bell inequalities. This protocol offers several advantages over other device-independent schemes including symmetry between the two users and no need for preshared randomness. We close a "synchronicity" loophole by showing an almost synchronous correlation inherits the self-testing property of the associated synchronous correlation. We also pose a new security assumption that closes the "locality" (or "causality") loophole: an unbounded adversary with even a small uncertainty about the users' choice of measurement bases cannot produce any almost synchronous correlation that approximately maximally violates a synchronous Bell inequality.

Abstract: Twin-field quantum key distribution (TFQKD) systems have shown great promise for implementing practical long-distance secure quantum communication due to its measurement-device-independent nature and its ability to offer fundamentally superior rate-loss scaling than conventional point-to-point QKD systems. A surge of research has produced many variants of protocols and experimental demonstrations. To make TFQKD more applicable in quantum communication, a study of TFQKD in a networking setting is essential. In this work, we experimentally demonstrate a proof-of-principle Sagnac-interferometer based TFQKD network with three users and one untrusted central node. We show that our network enables users to share secure keys with channel losses up to 58dB, and channel loss asymmetric up to 15dB. In some cases, the secure key rates still beat the rate-loss bounds for conventional point-to-point repeaterless QKD systems. It is to our knowledge the first multi-user-pair TFQKD network demonstration, an important step in advancing quantum communication network technologies.

Abstract: We identify a time-dependent passive source side-channel in common measurement-device-independent quantum key distribution implementations that rely on Faraday mirrors for stable phase modulation. We model the time-dependence of the side channel and use this information in conjunction with a recently developed numerical security proof technique based on semidefinite programming to quantify the impact on the secure key rate of the protocol. We explore the sensitivity of security to the parameters of the side channel and the choice of model for the signal.

Abstract: To demonstrate quantum protocols on a global scale, a quantum repeater is a vital technology to improve the efficiency of entanglement distribution. Entanglement distribution consists of two steps; share entanglements between neighboring quantum repeaters, and perform entanglement distillation and swapping. In this paper, we propose a framework for the first step, efficient Bell measurement between adjacent quantum repeaters, using quantum memories based on cavity quantum electrodynamics (QED) systems. Our framework maximizes a distillable entanglement rate of the protocol by optimizing the parameters of a cavity QED system and pulse length of photons according to the number of available memories at repeater nodes. We demonstrate our theory with a nanofiber cavity QED system with trapped atoms, which is one of the most promising quantum devices for the quantum network. We show that with practical parameters, Bell measurements with quantum memories can outperform those without memories, and we show several trade-off relations between accessible parameters in experiments. Our results extend the limits of entanglement distribution with quantum repeaters using available technology, and reveal that the multiplexing of the cavity QED systems is effective for improving the performance of entanglement distribution.

Abstract: Quantum key distribution (QKD) provides a practical method for distant parties to establish identical and secret keys. However, how quantum technologies can be practically used to protect user privacy with provable security remains an open question. Here, we report the first steps of our efforts to experimentally implement a symmetric private information retrieval (SPIR) scheme with QKD keys for fingerprint data retrieval. In the QKD layer, a three-user Measurement-device-independent QKD network is utilised for secure key distribution among the enquirer and data centres. In the application layer, an information-theoretically secure SPIR protocol is implemented to ensure both the privacy of the enquirer and the security of the database. Preliminary experimental results of the MDI QKD network implementation is presented, and simulations of the SPIR+QKD performance are also shown based on the experimental characterisation data.

Abstract: Cryptanalysis of quantum cryptographic systems generally involves finding optimal adversarial attack strategies on the underlying protocols. The core principle of modeling quantum attacks often reduces to the ability of the adversary to clone unknown quantum states and to extract thereby meaningful secret information. Explicit optimal attack strategies typically require high computational resources due to large circuit depths or, in many cases, are unknown. Here we introduce variational quantum cloning (VarQlone), a cryptanalysis algorithm based on quantum machine learning, which allows an adversary to obtain optimal approximate cloning strategies with short depth quantum circuits, trained using hybrid classical-quantum techniques. The algorithm contains operationally meaningful cost functions with theoretical guarantees, quantum circuit structure learning and gradient-descent-based optimization. Our approach enables the end-to-end discovery of hardware-efficient quantum circuits to clone specific families of quantum states, which we demonstrate in implementation on the Rigetti Aspen quantum hardware. We connect these results to quantum cryptographic primitives and derive explicit attacks facilitated by VarQlone. We expect that quantum machine learning will serve as a resource for improving attacks on current and future quantum cryptographic protocols.

Abstract: Characterizing the single-photon detection efficiency (SPDE) of a single-photon detector (SPD) is an essential but nontrivial task for various applications. Conventional methods require detailed detector models to calculate the estimated SPDE, which are not always available. In this work, a generalized method based on decoy-state for accurate characterization of SPDs is proposed and experimentally demonstrated. This work provides a new toolbox for rigorous SPD characterization with relaxed assumptions on the detector model, opening new possibilities in device calibration standards and quantum information applications.

Abstract: Secure two-party computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output of the computation. In this work, we take the first steps towards understanding the setting where: 1) the two parties (Alice and Bob) can communicate only via a classical channel, 2) the input of Bob is quantum and 3) the input of Alice is classical. Our first result indicates that in this setting it is in general impossible to realize a two-party quantum functionality with black-box simulation in the case of malicious quantum adversaries. In particular, we show that the existence of a secure protocol that relies only on classical channels would contradict the quantum no-cloning argument. We circumvent this following three different approaches. The first is by considering a weaker security notion called one-sided simulation security. This notion protects the input of one party (the quantum Bob) in the standard simulation-based sense, and protects the privacy of the other party's input (the classical Alice). We realize our protocol relying on the learning with errors assumption. As a result, we put forward a first construction of secure one-sided quantum two-party computation over classical networks. The second way to circumvent the impossibility result, while at the same time providing standard simulation-based security also against Bob, is by assuming that the quantum input has an efficient classical representation. Finally, we focus our attention on the class of zero-knowledge functionalities, and provide a protocol for such a class for specific QMA relations. We note that the direct implication of our result is that Mahadev's protocol for classical verification of quantum computations (FOCS'18) can be turned into a zero-knowledge proof of quantum knowledge protocol with classical verifiers. To the best of our knowledge, we are the first to instantiate such a primitive.

Abstract: Quantum physical unclonable functions, or QPUFs, are rapidly emerging as theoretical hardware solutions to provide secure cryptographic functionalities such as key exchange, message authentication, entity identification among others. Recent works have shown that in order to provide provable security of these solutions against any quantum polynomial time adversary, QPUFs are required to be a unitary sampled uniformly randomly from the Haar measure. This however is known to require an exponential amount of resources. In this work, we propose an efficient construction of these devices using unitary t-designs, called QPUF_t. Along the way, we modify the existing security definitions of QPUFs to include efficient constructions and showcase that QPUF_t still retains the provable security guarantees against a bounded quantum polynomial adversary with t-query access to the device. This also provides the first use case of unitary t-design construction for arbitrary t, as opposed to previous applications of t-designs where usually a few (relatively low) values of t are known to be useful for performing some task. We study the noise-resilience of QPUF_t against specific types of noise, unitary noise, and show that some resilience can be achieved particularly when the error rates affecting individual qubits become smaller as the system size increases. To make the noise resilience more realistic and meaningful, we conclude that some notion of error mitigation or correction should be introduced.

Abstract: The coexistence of classical and quantum communication within the same fiber optics infrastructure is still an open challenge to be solved. In fact, most of the practical implementations of quantum key distribution (QKD) are accomplished by taking advantage of dark fiber channels, i.e. fiber-optics links totally dedicated to the transmission of quantum signals. This prevents the intense classical light to affect the qubit error rate, but strongly reduces the possibilities for a full deployment of QKD technologies in large-scale and realistic applications. Looking for a solution several approaches have been tested, generally based on multiplexing of different degrees of freedom of photons. In our work we combined a dense-wavelength-division-multiplexing scheme with two different home-made single photon detection stages able to convert C-band photons into photons detectable by a silicon photon counter, by exploiting sum-frequency-generation process in nonlinear crystals. We compared the results with an off-the-shelf InGaAs single-photon detector, equipping it with polarization and wavelength filters, that was tested under the same experimental conditions. Injecting an intense light laser into a different DWDM channel to simulate a real-worl QKD scenario, we demonstrated that our up-conversion based detector makes QKD feasible with a classical launch power of 4 dB higher than the one affordable by the InGaAs detector. This result paves the way to the employment of quantum communication in many realistic situations, by enabling the usage of already existing telecom infrastructures, where the noise levels are not manageable by current single photon avalanche detectors.

Abstract: Multi-source-extractors are functions that extract uniform randomness from multiple (weak) sources of randomness. With the advent of quantum computers, it is natural to investigate the security of multi-source-extractors against adversaries with quantum side-information on the sources of randomness (potentially generated using quantum entanglement). Quantum multi- source-extractors were considered by Kasher and Kempe (for the quantum-independent- adversary and the quantum-bounded-storage-adversary), Chung, Li, and Wu (for the general- entangled-adversary), and Arnon-Friedman, Portmann, and Scholz (for the quantum-Markov- adversary). In this work, we propose two new models of adversaries, the quantum-measurement-adversary (qm-adv) and the quantum-communication-adversary (qc-adv). qm-adv generates side-information post-measurement outcomes and qc-adv generates side-information using a communication protocol. We show that: 1. qm-adv is the strongest adversary among all the known adversaries, in the sense that the side-information of all other adversaries can be generated by qm-adv. 2. The (generalized) inner-product function (in fact a general class of two-wise independent functions) continue to work as a good extractor against qm-adv (with matching parameters as that of Chor and Goldreich against classical-adversaries). 3. A non-malleable extractor proposed by Li (against classical-adversaries) continues to be secure against quantum side-information. A non-malleable extractor (nm-ext) for two sources (X, Y) is an extractor such that nm-ext(X, Y) is uniform and independent of nm-ext(X, Y')YY', where Y' is not equal to Y and Y' is generated by the adversary using Y and the side-information on X. 4. A modification (not needing any local uniform randomness) of the Dodis and Wich's protocol for privacy-amplification is secure against active quantum adversaries. This strengthens on a recent result due to Aggarwal, Chung, Lin, and Vidick which uses local uniform randomness. 5. As a byproduct, we reproduce the quantum communication complexity lower bound for the (generalized) inner-product function via different proof techniques.

Abstract: Quantum random number generators (QRNGs) could generate numbers that are certifiably random even to a potential adversary who holds some side-information. However, many QRNGs require extremely precise characterisation of the source of the quantum states and the measurement apparatus. In this work, we propose a semi-device-independent QRNG protocol with untrusted homodyne detection. We show that our protocol is secure against quantum side-information, taking into account finite-size effects without making any assumption on the measurement device.

Abstract: We provide the first inner bounds for sending private classical information over a quantum multiple access channel. We do so by using three powerful information theoretic techniques: rate splitting, quantum simultaneous decoding for multiple access channels, and a novel smoothed distributed covering lemma for classical quantum channels. Our inner bounds are given in the one shot setting and accordingly the three techniques used are all very recent ones specifically designed to work in this setting. The last technique is new to this work and is our main technical advancement. For the asymptotic iid setting, our one shot inner bounds lead to the natural quantum analogue of the best classical inner bounds for this problem.

Abstract: We propose a novel Quantum Private Query (QPQ) scheme using EPR-pairs with full Device Independent (DI) certification. To the best of our knowledge, this is the first time we provide such a full DI-QPQ protocol. Our proposed scheme exploits self-testing of shared EPR-pairs along with the self testing of projective measurement operators in a setting where the parties don't trust each other. To certify full DI, our scheme also exploits a technique to self-test a particular class of POVM elements that are used in the protocol. This makes the DI-testing of this proposed scheme slightly different from the traditional DI-QKD scheme. Further, we provide formal security analysis and obtain an upper bound on the maximum cheating probabilities for both dishonest client as well as dishonest server.

Abstract: The finite-size security of a discrete-modulation continuous variable (CV) quantum key distribution (QKD) protocol was recently reported, but the obtained key rate of the protocol was low compared to the recent asymptotic analyses. In this work, we significantly improve the performance of the protocol by refining the finite-size security analysis based on a reverse reconciliation. The idea of the refinement is motivated by the recently established equivalence of the privacy amplification and the phase error correction. Our refined analysis is a step towards complete security proof of high-performance discrete-modulation CV QKD.

Abstract: In this work, we study loss-tolerant quantum position verification (QPV) protocols. We propose a new fully loss-tolerant protocol, based on the SWAP test, with several desirable properties. The task of the protocol, which can be implemented using only a single beam splitter and two detectors, is to estimate the overlap between two input states. By formulating possible attacks as a semi-definite program (SDP), we prove full loss tolerance against unentangled attackers restricted to local operations and classical communication (LOCC), and additionally show that the attack probability decays exponentially under parallel repetition of rounds. Furthermore, we investigate the role of loss and quantum communication attacks in QPV in general. A protocol that is provably secure against unentangled attackers restricted to LOCC, but can be perfectly attacked by local operations and a single round of simultaneous quantum communication, is constructed. However, we show that any protocol secure against classical communication can be transformed into a protocol secure against quantum communication. Finally, we observe that any QPV protocol can be attacked with a linear amount of entanglement if the loss is high enough.

Abstract: We recently introduced a "quantum router" architecture that improves entanglement fidelities in chains of multiplexed repeaters. Here, we address local entanglement routing across general network graphs of routers to optimize entanglement rates and fidelities. Our proposed routing strategy achieves close-to-optimal rates in the limit of high multiplexing.

Abstract: Error correction is an essential step in the classical post-processing of all quantum key distribution (QKD) protocols. We present error correction methods optimized for discrete variable (DV) QKD and make them freely available as an ongoing open-source project (github.com/XQP-Munich/LDPC4QKD). Our methods are based on irregular quasi-cyclic (QC) low density parity check (LDPC) codes and state-of-the-art rate adaption techniques.

Abstract: Among all existing quantum key distribution (QKD) protocols, the round-robin-differential-phase-shift (RRDPS) protocol is one of the unique protocols. Because it can be running without monitoring signal disturbance, which improves its tolerance of error rate and does well in the finite-key scenario. Considering that a tight finite-key analysis with a practical phase-randomized source is still missing, we propose an improved security proof of RRDPS against the most general coherent attack based on the entropic uncertainty relation. We also introduce Azuma’s inequality into our proof, which can tackle finite-key effects. The results indicate experimentally acceptable numbers of pulses are sufficient to approach the asymptotic bound closely. This method may be the optimal one in the finite-key analysis for the RRDPS protocol.

Abstract: Encoding quantum information in continuous variables is intrinsically faulty. Nevertheless, redundant qubits can be used for error correction, as proposed in Phys. Rev. A 64, 012310 (2001). We show how to experimentally implement this encoding using time-frequency continuous degrees of freedom of photon pairs produced by spontaneous parametric down conversion. We illustrate our results using an integrated AlGaAs photon-pair source. We show how single qubit gates can be implemented and propose a theoretical scheme for correcting errors in a circuit-like and in a measurement-based architecture. Finally, I propose a teleportation-based quantum error correction protocol adapted for such grid states.

Abstract: Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the super-luminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase.

Abstract: Quantum attacks to single-photon detectors with bright-light are known for more than a decade. Many countermeasures were suggested to protect detectors, but the most of them can close some attacks with given parameters but not a whole attack group. To solve the problem we are developing automated testbench that emulates attacks by an eavesdropper Eve. It combines emission of pulse laser and continuous-wave laser and observes detector's response. In future we hope to automatically prepare reports on detectors' safety or show bright-light attacks that were not covered by detectors' countermeasures.

Abstract: Quantum key distribution (QKD) has been widely studied for its inherent security against eavesdropping. Among them, free-space QKD has been actively studied for its wide range of applications. For global-scale quantum network, satellite-to-ground quantum key distribution has been studied in major countries around the world. Also, due to recent progress on drone and autonomous vehicle technologies and applications, short to intermediate-range applications for small moving platforms are gaining more interests than before. For applying QKD on these platforms, one of the most challenging requirements is reducing the size and weight of the QKD system, including beam tracking components. In this study, we report a compact beam tracking system and its tracking performance on a moving transmitter. The coarse tracking part of the system consists of pan-tilt module and a CMOS camera. The fine tracking part consists of a MEMS-based fast steering mirror (FSM) and a quadrant-cell photodetector module. By using compact MEMS-based FSM, the size of the system was reduced to 15 × 15 × 30 cm and can be further reduced by using smaller optical components. For testing the tracking performance, transmitter on a moving platform was placed 1 m away from the fixed tracking system and moved at a constant speed along a circular track around the tracking system. A diverging 650 nm laser source on the transmitter was used as a tracking target for both coarse and fine tracking. When tracking the target moving at angular speed of 20 mrad/s, angular error was less than 0.12° and beam tracking induced optical loss into a multimode fiber was measured to be lower than 2.5 dB.

Abstract: We introduce a variant of Gottesman-Chuang quantum signatures [GC01] in which we sign nonbinary symbols instead of bits. The public keys are fingerprinting states, just as in [GC01], but we allow for multiple ways to reveal the private key partially. This reduces the number of qubits expended per message bit. We give a security proof and we present numerical results that show how the improvement in public key size depends on the message length.

Abstract: In this paper, an experimental scenario of remote control with equipment operating at the manufacturing site over private 5G network has been demonstrated. To further enhance the security level, quantum key distribution (QKD) has been applied to this private 5G network system. The results reveal that QKD could be applicable to provide secure communications in private 5G network system for practical use.

Abstract: There is a large gap between theory and practice in quantum key distribution (QKD) because real devices do not satisfy the assumptions required by the security proofs. We close this gap by introducing a simple and practical measurement-device-independent-QKD type of protocol, based on the transmission of coherent light, for which we prove its security against any possible imperfection and/or side channel from the quantum communication part of the QKD devices. Our approach only requires to experimentally characterize an upper bound of one single parameter for each of the pulses sent, which describes the quality of the source. Moreover, unlike device-independent (DI) QKD, it can accommodate information leakage from the users’ laboratories, which is essential to guarantee the security of QKD implementations. In this sense, its security goes beyond that provided by DI QKD, yet it delivers a secret key rate that is various orders of magnitude greater than that of DI QKD.

Abstract: The ability to generate highly entangled states and access the full quantum state space is crucial for most advanced quantum information tasks. However, in the mid-infrared band, the capability for full state tomography or the demonstration of states that are sufficiently entangled, e.g., to allow positive secure key rates for entanglement-based quantum key distribution (QKD) have not been achieved to date. At a wavelength of 2.1 μm, we demonstrate full state tomography of two-photon states and show near-maximal violation of the Clauser-Horne-Shimony-Holt (CHSH) Bell inequality with an order-of-magnitude improvement over the state of the art in terms of the number of standard deviations above the classical limit. We obtain a positive secure-key rate for the first time using mid-infrared photons (0.417 bits/pair, with a quantum bit error rate of 5.43%) in a proof-of-principle device-independent (DI) QKD scenario, demonstrating the viability of DIQKD at 2.1 μm. We further exploit the quality of the entangled state by obtaining (via computations on the measured state) the violation of a new Bell inequality tailored for a weak or less-rigid form of self-testing, which is of fundamental interest. These results at 2.1 μm pave the way for robust, DI quantum information applications in the mid-infrared region.

Abstract: Quantum key distribution (QKD) provides capability of secure communication between two remote locations. Depending on its applications, for the surroundings that fiber connection between two remote locations becomes impossible, QKD should be performed through free-space. Such QKD is called as free-space QKD. The applications corresponds to moving objects such as vehicle, aircraft, and satellite. In such free-space QKD, one fundamental characteristic is that transmitter and receiver are moving in real time. In case of conventional BB84 like QKD protocols requiring an identical reference frame between the transmitter and receiver, its performance can be affected by the moving characteristic because the relative movement causes reference frame deviation between them. This can be alleviated with active compensation of the reference frame, but it makes QKD system complex. In the protocol point of view, one has been proposed and it is called as reference frame independent (RFI) QKD. However, RFI QKD is based on ideal situation such as symmetric channels depending on encoded quantum states. This usually cannot achieved in real QKD system due to device imperfections. In this paper, we theoretically analyze how the device imperfections affect on the performance RFI QKD. In order to verify the theoretical analysis, we implement a free-space RFI QKD system with practical devices and identify the effect of device imperfections on RFI QKD.

Abstract: Ticket based authentication systems are used across the internet. They allow an entity or device to be issued a ticket which can be used to repeated authenticate to a service. We propose a quantum ticket algorithm (based on Gavinsky's coin scheme [1]) which offers protection against phishing, replay and man-in-the-middle attacks, and authentication with the service does not require either quantum or encrypted communication channels. It also provides in-built ticket expiration and graded step-up authentication depending on levels of trust and risk.

Abstract: The demand for higher secret key rates, in conjunction with the need for extending the reach of quantum key distribution has led to the devising of multiple novel protocols. Most of these protocols make use of qubits, owing to the simplicity with which they can be encoded in quantum communication systems that are available today. On the other hand, high-dimensional quantum states, yet more challenging to generate and transmit, enable higher secret-key rates and are more robust against errors in the process of quantum key distribution. A promising implementation of high-dimensional QKD is the one based on path encoding in optical-fiber quantum channels [1], where the most straightforward choice would be the use of multiple fibers. This choice, however, is challenged by the intrinsic non-homogeneity of different fibers. A more practical alternative is the one offered by multi-core fiber (MCF) technology, which has matured in recent years in the context of space-division multiplexed classical optical communications. In both cases, a key requirement is that the relative phase between spatial paths is preserved, which requires some phase-stabilization procedure in the presence of propagation-induced random phase drift. High-dimensional QKD in MCFs has been recently investigated in [1], where 4-dimensional QKD on a 2-km-long MCF was demonstrated. This was possible thanks to a phase stabilization scheme in which the phase fluctuations of a co-propagating classical continuous-wave laser signal were monitored in order to compensate for the phase drift. The same stabilization system was successfully tested more recently in the unique SDM test-bed in L'Aquila [2], in Italy, on various strands of deployed MCFs, up to a total length of 26 km [2]. In this work, we aim at developing a real-time high-dimensional QKD system based on joint path and time-bin encoding in MCFs. By using two fiber cores and two time bins, we generate 4-dimensional states.

Abstract: Imperfections in the receiver setup of quantum cryptography systems may allow an eavesdropper to use it as a control parameter to attack the system. Mismatch of sensitivity in the receiver's photodetectors is one of the imperfections that can potentially be exploited by an eavesdropper. Published researches have shown that scrambling the role of the photodetectors in the receiver can be one of the countermeasure strategies to protect the system. In this work, we show that the proposed countermeasure can be bypassed if the attack is generalized by including more attack variables. Using experimental results from existing publications, we show that detector randomization effectively prevents the initial attack but fails to do so when Eve generalizes her attack strategy. Thus, unless new techniques are proposed to strengthen the existing detector-scrambling countermeasure strategies, it cannot guarantee security against detector efficiency mismatch based attacks. Our result and methodology could be used to security-certify a free-space quantum communication receiver against all types of detector-efficiency-mismatch type attacks.

Abstract: Recently the finite-size security of a continuous-variable quantum key distribution protocol was reported, in which homodyne measurement is used for generating raw key and heterodyne measurement for monitoring. Here we improve the security proof to allow the use of heterodyne measurement for both purposes. The new protocol not only simplifies the receiver apparatus but also alleviates the necessity of actively locking the phases of the sender's and the receiver's local oscillators. The comparison of the key rates of the two protocols shows that replacing homodyne measurement with heterodyne measurement worsens the channel loss dependence by only 1 dB, which is better than a naive expectation of a 3 dB penalty.

Abstract: When combined with well-established theories of contemporary physics, quantum key distribution (QKD) has emerged as a safe method for secret key distribution that may be used to protect sensitive information. Numerous fascinating and creative ideas have been suggested for QKD since its inception in 1984 to enhance the security and efficiency of the system while also taking into consideration its applications and practical implementation. To achieve longer communication distances in QKD without compromising its security, schemes with high error rates for long-distance communication have been developed. One such scheme is the so-called KMB09 protocol, which was developed to make use of higher dimensional photon states, which are not possible with the standard BB84 scheme. However, because of the unique architecture of the KMB09 protocol, no practical implementation of the protocol has yet been disclosed to the public. Here we present a framework for the realistic construction of a QKD system that operates in two or more dimensions of photon states and executes the KMB09 protocol with a decoy-state scheme. We describe the design of a KMB09 protocol-based QKD system and its simulation for practical implementation, which is based on the encoding of secret bits in higher-order Gaussian beam spatial modes, as well as the modeling of the system. We use orbital angular momentum (OAM) degree of freedom which is the most dynamic and easy handle feature that researchers utilize for the implementation of robust and state-of-the-art HD-QKD systems. Laguerre Gaussian, a higher-order Gaussian beam having special features associated with the OAM. Photons carrying OAM in Laguerre Gaussians beams can create several mutually unbiased basis (MUBs), which are extensively employed for protocol implementation. We constructed three MUBs in four-dimensional Hilbert space, one is reserved for a standard basis and the remaining two behave as a measurement basis. Besides this, we also used intensity variation for the generations of the qubits to employ the decoy-state scheme (vacuum plus weak coherent pulses), which relieves us from Photon Number Splitting (PNS) attack and also helped in the safe transfer of secret keys. The suggested framework is assessed particularly in terms of efficiency or success rate while dealing with photon states in two and four dimensions. Here we initially plot the number of iterations data on fixed qubits length in comparison with the efficiency of the HD protocol (KMB09) observed during simulation per iteration. We also plot the percentage error of the simulated efficiency and the efficiency of the analytical model of the KMB09 based system. We discover that the simulation results using our proposed framework are consistent with the numerical and analytical findings obtained using the same QKD model that was previously published. We have so far reached our first milestone that is the development of the HD-QKD system based on the KMB09 protocol. Now we are focusing on the error rates developed in the system due to intrusion and also handle attacks like intercept-resend-attacks. We will also incorporate losses due to turbulence in the quantum channel of our free space HD QKD system in the future.

Abstract: Quantum key distribution (QKD) which enables the secure distribution of symmetric keys between two legitimate parties is of great importance in future network security [1, 2]. Access network that connects multiple end-users with one network backbone can be combined with QKD to build security for end-users in a scalable and cost-effective way. Access network can have upstream stream transmission direction and downstream transmission direction. For upstream transmission, signals are transmitted from the end-users optical network units (ONUs), combined at the optical distribution network (ODN), and then forwarded to the optical line terminal (OLT) through single fiber. For downstream transmission direction, signals are sent from the OLT and separated at the ODN, then distributed to ONUs in the network. Though previous QKD access network demonstrations are all based on upstream transmission direction [3], the downstream access network on the other hand may offer extra advantages, since no time multiplexing technique is applied, the crosstalk is minimized, also, only passive beam- splitter is sufficient to distribute the signals, and no active controls or calibrations are required at the intermediate optical distribution network node, signals are simply broadcasted to the ONUs [4]. However, it is not straight- forward to integrate QKD into the downstream access network, for discrete-variable QKD, the quantum signals cannot be deterministically distributed to the ONUs. More importantly, since every ONU gets a copy of the transmitted quantum signals, it is crucial that the final secret key is private against other ONUs in the downstream access network. Here, we prove that QKD downstream access network can be realized by using continuous-variable (CV) QKD [5], the corresponding implementation can deterministically perform QKD [6] with the activated ONU, the network still only applies passive beamsplitter to distribute quantum signals. The secrecy against other parties in the network is achieved by considering a reinforced Eve during the security analysis. The security analysis can be conducted with only the optical line terminal and the activated ONU, and no other parties assistances are required. Our work provides the security analysis framework for realizing QKD in the downstream access network which will boost the diversity for constructing practical QKD networks. This work was supported by the Key Program of National Natural Science Foundation of China under Grant No. 61531003, National Natural Science Foundation of China under Grant No. 62001041, China Postdoctoral Science Foundation under Grant No. 2020TQ0016, Sichuan Science and Technology Program under Grant No. 2020YFG0289 and the Fund of State Key Laboratory of Information Photonics and Optical Communications. [1] V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, The security of practical quantum key distribution, Rev. Mod. Phys. 81, 1301 (2009). [2] F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Secure quantum key distribution with realistic devices, Rev. Mod. Phys. 92, 025002 (2020). [3] B. Fr¨ohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 69-72 (2013). [4] ITU. G.984.1: Gigabit-capable passive optical networks (gpon): General characteristics. ITU-T (2008). [5] S. Pirandola, et al., Advances in quantum cryptography, Adv. in Opt. and Photon. 12, 1012 (2020). [6] Y. Zhang, et al., Continuous-variable QKD over 50km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019).

Abstract: Continuous-variable quantum key distribution (CV-QKD) provides a way for two remote participants called Alice and Bob to establish symmetric keys through an unsafe channel \cite{weedbrook2012gaussian,grosshans2003quantum}. Continuous-variable quantum key distribution (CV-QKD) based on commercial devices such as lasers and coherent detectors is moving towards practical. Experimental implementation of the CV-QKD systems using Gaussian-modulated coherent states (GMCS) has made significant progress recently \cite{zhang2019continuous}. At the mean time, the problems of performance degradation caused by imperfections of those experimental devices remain unsolved absolutely \cite{pirandola2020advances}. A non-orthogonal measurement angular error between quadrature components $X$ and $P$ from coherent detection is always ignored in the current experimental scheme. The optical phase shifter that constantly rotates the local oscillator phase is a necessity in continuous-variable quantum key distribution systems using heterodyne detection. In previous experimental implementations, the optical phase shifter is generally regarded as an ideal passive optical device that perfectly rotates the phase of the electromagnetic wave of $90^\circ$ \cite{wang2020high}. However,under the action of external force, the fibre is stretched or compressed within the elastic deformation range, and parameters such as the fibre change's geometrical size and refractive index change, thus causing the phase change of the transmitted signal in the fibre. Therefore, the phase shifter is somewhat susceptible to environmental changes and can hardly shift the phase by $90^\circ$ exactly Considering this, we propose a concrete interpretation of measurement angular error in practical systems and the corresponding entanglement-based description. Simultaneously, an estimation method of the measurement angular error and corresponding compensation scheme are demonstrated in some ways. We conclude that measurement angular error severely degrades the security, but the proposed calibration and compensation method can significantly help improve the performance of the practical CV-QKD systems. Undoubtedly, it is worth observing that our work is to strengthen practical security resulted from devices' imperfection.

Abstract: A chip-based continous-variable quantum-key-distribution (CVQKD) system with a high practical confidentiality performance is crucial for constructing quantum metropolitan communication networks, but imperfections in the chip-based modulation will threaten the practical security of the chip-based CVQKD system. In this paper, we combine the plasma dispersion effect of free carriers to model the carrier fluctuations and reveal the essential mechanism of carrier fluctuations’ influence on the system. The simulations show that the chip-based CVQKD system may face potential loophole threats or its performance will dramatically decrease under different carrier fluctuations. Moreover, two preliminary defense strategies are proposed to completely solve the practical security problems commonly induced by modulators in general chip-based CVQKD systems. This work proposes a set of modeling and analysis methods for general chip-based CVQKD systems’ modulators, which provides constructive methods to build the chip-based CVQKD system with more rigorous practical security.

Abstract: We propose a multiple-input multiple-output (MIMO) quantum key distribution (QKD) scheme for improving the secret key rates and increasing the maximum transmission distance for terahertz (THz) frequency range applications operating at room temperature. We propose a transmit beamforming and receive combining scheme that converts the rank-$r$ MIMO channel between Alice and Bob into $r$ parallel lossy quantum channels whose transmittances depend on the non-zero singular values of the MIMO channel. The MIMO transmission scheme provides a multiplexing gain of $r$, along with a beamforming and array gain equal to the product of the number of transmit and receive antennas. This improves the secret key rate and extends the maximum transmission distance. Our simulation results show that multiple antennas are necessary to overcome the high free-space path loss at THz frequencies. Positive key rates are achievable in the $10-30$ THz frequency range that can be used for both indoor and outdoor QKD applications for beyond fifth generation ultra-secure wireless communications systems.

Abstract: We propose a dynamic polarization control scheme for free-space continuous-variable quantum key distribution and verify its validity via simulations and an experiment performed over a 150 m free-space channel. The results indicate the capability of the scheme to effectively control the states of polarization for free-space continuous-variable quantum communication.

Abstract: The growing demand for large-scale quantum computers is motivating research on distributed quantum computing (DQC) architectures. To support the research community in the design and evaluation of distributed quantum protocols, many simulators have been devised. However, the process of setting up a simulation requires strong expertise in the simulator itself, thus being inconvenient for those who are only interested in protocol evaluation or in the design of supporting tools such as quantum compilers. In this work, we present DQC Executor, a software tool that accepts as input the description of the network and the code of the algorithm, and then executes the simulation. The tool automatically constructs the network topology and maps the computation onto it, in a framework-agnostic way and transparently to the user. DQC Executor currently supports automatic deployment of distributed quantum algorithms to the NetSquid simulator.

Abstract: See the short abstract in the attached file. In this poster, we present the finite length efficiency of some of our codes and show how it can improve the secret key rate. For this, the FER performance of some of these codes is plotted versus the efficiency and then we plot the secret key rate versus distance by replacing our codes with other existing codes in the literature.

Abstract: Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a non-interactive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multi-valued quantum point obfuscation. One is with single-qubit point obfuscation and the other is with multi-qubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators.

Abstract: When the outcomes of a set of parties measuring their local quantum systems exhibit non-local correlations by violating a Bell inequality, one can infer that such outcomes are secret to some extent. This is at the core of the security of many device-independent (DI) protocols, such as DI randomness expansion and DI conference key agreement. We quantify the amount of secret randomness in the parties’ outcomes by analytically computing their conditional von Neumann entropies as a function of the Bell violation, for different Bell inequalities.

Abstract: BB84-type DV-QKD protocols that implement weak coherent laser pulses as the carrier for the encoded information are severely limited in their maximally achievable transmission distance due to the inherent threat of photon number splitting (PNS) attacks. This potential weakness can be elegantly eliminated by the adaption of the protocol to include so-called decoy states (DS) in the transmission. These decoy states allow Alice and Bob to probe their transmission channel and statistically infer whether a PNS type attack is occurring, thus precluding Eve from successfully using this strategy. The added degrees of freedom of deciding how often to send decoy states and which intensities to use for them however further complicates the already complex task of predicting the impact on protocol performance and finding a set of suitable parameters to achieve optimal secret key rates (skr). In order to predict optimal performance, as a function of characteristics of the QKD setup like channel losses and device imperfections, state preparation fidelity, decoy state parameters and finite size effects, the software simulator pyDSsim has been developed. The tool is written in Python and implements the recent security proof framework introduced in [1,2]. The software can be scripted from the command line or used via a graphical user interface (GUI: QT5 framework) for easy exploration via parametrized x-y plots of over 40 different variables, allowing a comprehensive evaluation of their interdependencies. The main feature however is the option to numerically compute the set of protocol variables for a given QKD-setup which maximizes the secret key rate under constraints typical for practical implementations: fixed block sizes or fixed acquisition times for the raw key. To this end two different algorithms (differential-evolution [3] and L-BFGS-B [4]) are utilized, allowing for a cross-check of the acquired results and choice between speed and accuracy of the approach. References [1] Rusca, D., Boaron, A., Grünenfelder, F., Martin, A. & Zbinden, H. Finite-key analysis on the 1-decoy state QKD protocol. Appl. Phys. Lett. 112, 171104 (2018) [2] Lim, C. C. W., Curty, M., Walenta, N., Xu, F. & Zbinden, H. Concise security bounds for practical decoy-state quantum key distribution. Phys. Rev. A 89, 022307 (2014) [3] R. H. Byrd, P. Lu and J. Nocedal. A Limited Memory Algorithm for Bound Constrained Optimization, (1995), SIAM Journal on Scientific and Statistical Computing, 16, 5, pp. 1190-1208. [4] Storn, R and Price, K, Differential Evolution - a Simple and Efficient Heuristic for Global Optimization over Continuous Spaces, Journal of Global Optimization, 1997, 11, 341 - 359.

Abstract: We developed a genome sequence data storage system using a distributed storage system on a quantum key distribution (QKD) network and have successfully demonstrated secure storage and data reconstruction for genome sequence data. The proposed system thus has potential for use as a distributed storage system in genome analysis.

Abstract: High efficiency error reconciliation, typically achieved by using Multi Edge Low Density Parity Codes (ME-LDPC), is necessary for CV-QKD to reach large transmission distance. The commonly accepted definition of the efficiency, however, is problematic as it does not take into account the Frame Error Rate (FER) of LDPC, and therefore is theoretically and provably unbounded (i.e. can tend to infinity), if one can accept increasingly larger FER. Here we report new ME-LDPC code construction allowing high efficiency (>0.91) with very low FER (<0.008), allowing for a large effective efficiency, over a large continuous range of SNR (between -20.5dB to -6dB).

Abstract: Quantum key distribution (QKD) provides a method for two users to exchange a provably secure key, which requires synchronizing the user’s clocks. Qubit-based synchronization protocols directly use the transmitted quantum states and thus avoid the need for additional classical synchronization hardware, but previous approaches sacrifice secure key either directly or indirectly. Here, we introduce a Bayesian probabilistic algorithm that incorporates all published information to efficiently find the clock offset without sacrificing any secure key [1]. Additionally, the output of the algorithm is a probability, which allows us to quantify our confidence in the synchronization. For demonstration purposes, we present a model system with accompanying simulations of an efficient three-state BB84 prepare-and-measure protocol with decoy states. Our algorithm exploits the correlations between Alice’s published basis and mean photon number choices (which must already be published for the protocol) and Bob’s measurement outcomes to probabilistically determine the most likely clock offset. We perform cross-correlations using Fast Fourier Transforms to count the number of each type of event pairing for each potential offset (e.g., how many times Alice sent a decoy state in the horizontal/vertical polarization basis and Bob registered a click in the horizontal detector). Taking these along with a lookup table for the probabilities of the different event pairings, we determine the synchronization probability of the different potential offsets using Bayesian analysis. In our simulations, we find that we can achieve a 95% synchronization confidence using a string length of only 4,140 communication bin widths, meaning we can tolerate clock drift approaching 1 part in 4,140 in this example when simulating this system with a dark count probability per communication bin width of 8⨉10-4 and a received mean photon number of 0.01. The relationship between the received mean photon number and the number of communication bin widths required to achieve a 95% synchronization confidence is shown in Fig. 1.

Abstract: In this poster we will present a truly quantum hands-on setup for training engineering students in quantum cryptography with the BB84 protocol. We supplement this setup with a web-based simulation of the protocol which will be available to the public.

Abstract: Quantum key distribution (QKD) has been proved to be information-theoretically secure in theory. In practice, the self-differencing avalanche photodiode detectors (SD-APDs) are commonly used in high-speed QKD systems. However, we experimentally show that the SD- APD under test can be successfully hacked by the pulse-illumination attack. This attack might compromise the security of a high-speed QKD system with SD-APDs. This study also indicates that the best-practice criteria for practical security of SD-APDs might take the threat of pulse-illumination attack into account.

Abstract: Two coveted qualities for a random number generator (RNG) are uniformity and unpredictability. A Pseudo-RNG (PRNG) produces a uniform output, but it is predictable when one has knowledge of the seed and implementation parameters. While a quantum-RNG (QRNG) produces an unpredictable output, it is not necessarily uniform and hence typically requires randomness extraction. We examine these two aspects in RNGs by utilizing a machine learning cryptanalysis, showing the applicability of the tool in uncovering hidden correlations and implementation failures.

Abstract: Continuous-variable quantum key distribution with phase-shift keying modulation is a promising candidate for practical applications of quantum cryptography due to high compatibility with existing telecommunication infrastructure. It is known that postselection, i.e., omitting those parts of the raw key where an adversary might have gained more information than the communicating parties, can improve the secure key rate significantly. We introduce a new cross-shaped postselection strategy and use a recent numerical security proof framework to compare it to other existing postselection strategies. Furthermore, we provide novel analytical results for the operators that define the respective postselection regions in phase space for each of the postselection strategies, enabling a quicker evaluation without introducing additional numerical errors. Motivated by the high computatoinal effort for the error-correction phase, we point out how postselection can be used to reduce the raw key (so, the data that has to be error-corrected) significantly without lowering the secure key rate considerably. As therefore Bob uses his measurement outcomes directly without requiring any additional computations, the cross-shaped scheme can be implemented easily both in new and existing QKD systems.

Abstract: We demonstrate fibre-based quantum key distribution over 175 km using a bright frequency converted quantum dot single-photon source. The source is capable of producing count rates approaching 2 MHz at 1550 nm with second order correlations on the order of 3%. This allows for a measured key rate of 130 bps (100 kbps) at 175 km (50 km) in the asymptotic regime using static encoding and predicted positive key rate out to 188 km. This can be extended to 240 km using ultra-low loss fibre based on the measured source parameters.

Abstract: We consider quantum statistics from the perspective of post-quantum no-signaling theories in which either none or only a certain number of systems are trusted. These scenarios can be fully described by so-called no-signaling boxes or no-signaling assemblages respectively. It has been shown so far that in the usual Bell non-locality scenario with a single measurement run, quantum correlations can never reproduce an extremal non-local point within the set of no-signaling boxes. We provide here a general no-go rule showing that the latter stays true even if arbitrary sequential measurements are allowed. On the other hand, we prove a positive result showing that already a single trusted qubit is enough for quantum theory to produce a self-testable extremal point within the corresponding set of no-signaling assemblages. This result provides a tool that opens up possibilities for security proofs of cryptographic protocols against general no-signaling adversaries in semi-device-independent scenarios.

Abstract: In this work, we develop upper bounds for key rates for device-independent key distribution protocols, devices, and channels. We study the reduced cc-squashed entanglement and show that it is a convex functional. As a result, we show that the convex hull of the currently known bounds is a tighter upper bound on the device-independent key rates of standard CHSH-based protocol. We further provide tighter bounds for DIQKD key rates achievable by any protocol applied to the CHSH-based device. This bound is based on reduced relative entropy of entanglement optimized over decompositions into local and non-local parts. In the scenario of quantum channels, we obtain upper bounds for device-independent private capacity for the CHSH based protocols. We show that the DI private capacity for the CHSH based protocols on depolarizing and erasure channels is limited by the secret key capacity of dephasing channels.

Abstract: In distributed computing, a Byzantine fault is a condition where a component behaves inconsistently, showing different symptoms to different components of the system. Consensus among the correct components can be reached by appropriately crafted communication protocols, even in the presence of byzantine faults. Quantum-aided protocols built upon distributed entangled quantum states are worth considering, as they are more resilient than traditional ones. Based on earlier ideas, here we introduce a parameter-dependent family of quantum-aided weak broadcast protocols, and prove their security. We analyze the resource requirements as functions of the protocol parameters, and locate the parameter range where these requirements are minimal. Hence, our work illustrates the engineering aspects of future deployments of such protocols in practice. Following earlier work demonstrating the suitability of noisy intermediate-scale quantum (NISQ) devices for the study of quantum networks, we show how to prepare our resource quantum state on publicly available IBM quantum computers. We outline follow-up tasks toward practical quantum-aided byzantine fault tolerance.

Abstract: Recently, the first integrated Measurement Device Independent Quantum Key Distribution (MDI QKD) system has been implemented here in Bristol (Semenenko, 2020). To build on this result and work towards improved security and key rates, a new indium phosphide (InP) transmitter chip has been designed for a second-generation MDI QKD implementation. The new chip contains two laser sources, including a distributed feedback laser to allow for faster pulsing and high-speed phase modulators with a bandwidth of up to 30 GHz. With the new lasers and phase modulators a higher pulse rate will be achieved, leading to better key rates. Additionally, an on-chip photodiode can be used to monitor incoming light. This makes the chip much more resilient against hacking attacks, such as a Trojan Horse or Laser Damage Attacks. Since MDI QKD is intrinsically protected against detector attacks, this means that this new MDI QKD system will show great security overall.

Abstract: In arXiv:2105.05949, we initiate a categorical study of composable security definitions in cryptography. We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting subsets of adversaries in a modular, flexible fashion. Amongst other benefits, the categorical language allows using string diagrams to prove results cryptographically: in particular, we can promote "figures illustrating the proof" found in the cryptographic literature into honest proofs.

Abstract: The 18-month project called PROtocols for Space sEcure Quantum cOmmunication (PROSEQO), funded by the European Space Agency, was coordinated by the University of Padova with Sitael and Qascom as industrial partners. The scope of the project was to assess the protocols feasible for Satellite QKD and then realize an analytical model to describe all the elements that contribute to the Secret Key Rate (SKR). The analytical model was integrated in a dedicated software able to get several input parameters and orbit descriptions and calculate the final SKR. The software was tested in 10 different case studies. Therefore, this can be a useful tool for future Satellite QKD missions as a preliminary step to evaluate mission feasibility. It could also be the starting point for a numerical overview on the practicability of a satellite QKD infrastructure.

Abstract: Simon's problem is one of the few black-box problems known to be in BQP but not in BPP. Although Simon's algorithm can be used to solve this problem efficiently, it isn't so easy for someone with access to a large-scale quantum computer (the prover) to convince someone whose computing power is in BPP (the verifier) of the validity of their computation. I present an interactive protocol that aims to accomplish this goal if the verifier has access to a quantum computer with a constant number of qubits. This protocol adapts some of the known techniques using quantum authentication schemes for non-black-box problems. It also uses a novel technique that consists of randomly doing “trap rounds” that are similar to Simon's algorithm iterations but instead ask the prover to call the black-box function on a randomly-generated polynomial-size superposition state chosen so that the verifier can detect the prover's attempts at cheating.

Abstract: Please see the attached pdf version of the extended abstract.

Abstract: Quantum key distribution (QKD) systems provide a method for two users to exchange a provably secure key that can be used to securely exchange a cryptographic key. In prepare-and-measure QKD protocols, the indistinguishability of states is an important aspect for preventing side-channel attacks. Here we consider the indistinguishability of states in a prepare-and-measure three-state BB84 polarization-based decoy state protocol using light-emitting diodes (LEDs). In addition, our system is designed to operate under size, weight, and power (SWaP) restrictions such as that needed for drone-based QKD. Our setup uses three separate LEDs driven by a field-programmable gate array (FPGA) that go through different optical paths that set the state of polarization. Each LED is connected to two GPIO pins via a different resistive path. By setting one pin to high impedance and driving the other with a nanosecond-scale electrical signal, we can choose between signal and decoy states. We can thus send 3 signal states, 3 decoy states, and 3 vacuum states, using only 3 separate sources driven by a single low-cost and light-weight FPGA. We must guarantee that these sources are indistinguishable from each other in the spatial, spectral, and temporal degrees-of-freedom on the photon. We make them nearly indistinguishable by passing the 3 photonic wavepackets through the same single-mode fiber and 1-nm-bandwith spectral filter, and use dynamic shifting of the FPGA phase-locked-loops to control the phase and the width of the electrical pulses that drive the LEDs, which allows us to control the optical pulses produced by the LEDs. We control the timing of the photonic wavepackets to a resolution of 250 ps. To quantify spectral indistinguishability, we measure filtered spectra for all states, which are overlaid in Fig. 1a, and find that their overlap is 94.6%. To measure the temporal indistinguishability, we drive a single LED with a 10 ns wide electrical signal at a repetition rate of 12.5 MHz. The resulting photonic wavepacket is measured by a single-photon detector whose electrical output is measured by a time-to-digital converter and histogrammed. The temporal waveforms of all 6 states are overlaid and shown in Fig. 1b with a measured overlap of 97.1%.

Abstract: Deterministic solid-state quantum light sources are key building blocks in photonic quantum technologies. While several proof-of-principle experiments of quantum communication using such sources have been realized, all of them required bulky setups. Here, we evaluate for the first time the performance of a compact and stand-alone fiber-coupled single-photon source emitting in the telecom O-band (1321nm) for its application in quantum key distribution (QKD). For this purpose, we developed a compact 19” rack module including a deterministically fiber-coupled quantum dot single-photon source integrated into a Stirling cryocooler, a pulsed diode laser for driving the quantum dot, and a fiber-based spectral filter. We further employed this compact quantum light source in a QKD testbed designed for polarization coding via the BB84 protocol resulting in g20 = 0.10+\-0.01 and a raw key rate of up to 4.72(13)kHz using an external laser for excitation. In this setting we investigate the achievable performance expected in full implementations of QKD. Using 2D temporal filtering on receiver side, we evaluate optimal parameter settings for different QKD transmission scenarios taking also finite key size effects into account. Using optimized parameter sets for the temporal acceptance time window, we predict a maximal tolerable loss of 23.19dB. Finally, we compare our results to previous QKD systems using quantum dot single-photon sources. Our study represents an important step forward in the development of fiber-based quantum-secured communication networks exploiting sub-Poissonian quantum light sources.

Abstract: We report on a portable quantum communication platform and its application in quantum key distribution over a terrestrial free-space link. We outline on the complete chain from an efficient field-ready entangled photon source and custom-made mirror telescopes with adaptive optics for efficient link transmission to autonomous timing synchronization of detection events and subsequent secure key extraction.

Abstract: The pursuit of tight finite-key analysis for general QKD protocols is an exciting but challenging task for theorists. Entropy accumulation theorem (EAT) was developed recently and been successfully applied to device-independent QKD protocols. In the present work, we use EAT to prove the security of a very large class of entanglement-based QKD protocols, covering most discrete-variable protocols as well as their optical implementations.

Abstract: This work experimentally investigates a clock recovery algorithm’s performance for a gaussian modulated CV-QKD system operating over 20km of fibre using a frequency multiplexed classical signal.

Abstract: We develop general tools to be able to numerically calculate key rates for quantum key distribution protocols with characterized source defects. These tools include performing decoy-state analysis for optical protocols where the signal states are not fully phase-randomised. We apply these tools for the three-state protocol when the signal states are not fully phase-randomised due to a high repetition rate. Our results suggest that the small amounts of residual coherences do not greatly affect the key rate.

Abstract: Security proof methods for quantum key distribution, QKD, that are based on the numerical key rate calculation problem, are powerful in principle. However, the practicality of the methods are limited by computational resources and the efficiency and accuracy of the underlying algorithms for convex optimization. We derive a stable reformulation of the convex nonlinear semidefinite programming, SDP, model for the key rate calculation problems. We use this to develop an efficient, accurate algorithm. The reformulation is based on novel forms of facial reduction, FR, for both the linear constraints and nonlinear relative entropy objective function. This allows for a Gauss-Newton type interior-point approach that avoids the need for perturbations to obtain strict feasibility, a technique currently used in the literature. The result is high accuracy solutions with theoretically proven lower bounds for the original QKD from the FR stable reformulation. This provides novel contributions for FR for general SDP. We report on empirical results that dramatically improve on speed and accuracy, as well as solving previously intractable problems.

Abstract: We consider QKD based on time entangled photons, with detectors that exhibit timing jitter and detector downtime. Timing jitter introduces local errors, necessitating key reconciliation. The detector downtime introduces memory which results in key bits that are not uniformly random. Both effects cause key rate loss. We focus on detector downtime and develop a method to compute the key rate loss.

Abstract: Improving the rates and distances over which quantum secure keys are generated is a major challenge. New source and detector hardware can improve key rates significantly, however it can require expensive cooling. We show that Twin-Field Quantum Key Distribution (TF-QKD) has an advantageous topology allowing the localisation of cooled detectors. This setup for a quantum network allows a fully connected network solution, i.e. one where every connection has non-zero key rates, in a box with sides of length up to 110km with just 4 cooled nodes, while Decoy state BB84 is only capable of up to 80km with 40 cooled nodes, and 50km if no nodes are cooled. The average key rate in the network of the localised, cooled TF-QKD is >30 times greater than the uncooled Decoy BB84 solution and ∼0.9 those of cooled Decoy BB84. To reduce the cost of the network further, switches can be used in the network. These switches have losses ranging between 1−2dB. Adding these losses to the model shows further the advantages of TF-QKD in a network. Decoy BB84 is only able to generate fully connected solutions up to 20km if all nodes are cooled for a 40 node network for 1dB losses. In comparison, using TF-QKD, 70km networks are possible with just 4 cooling locations for the same losses. The simulation shows the significant benefits in using TF-QKD in a switched network, and suggests that further work in this direction is necessary.

Abstract: Quantum random number generators (QRNGs) provide intrinsic unpredictability originating from fundamental quantum mechanics. Most demonstrations focus on creating a self-tested, device-independent generator to retain genuineness from imperfect implementations. However, these efforts benefit only individual users, not beacon users. The difference is, QRNG users have physical access to their own trustless devices while beacon users only receive numbers broadcasted from a centralized source of randomness. Thus, in applications where multiple participants need a common set of RNs,they are obligated to trust the honesty of QRNG manufacturers, or a third party, and security of the communication. In this paper, we introduce the first consensus protocol that produces QRNs ina decentralized environment (dQRNG) where all N users can contribute in the generation process and verify the randomness of numbers they collect. Security of the protocol is guaranteed given(N-1) dishonest participants. We realize our protocol by performing a proof-of-principle experiment with four players.

Abstract: We know that classical one-time memory is a cryptographic primitive which is sufficient to construct both classical one-time programs and quantum one-time programs. We propose a construction of one-time memory (OTM) from isolated Majorana islands. The proposed 1-out-of-2 OTM stores two bits, wherein any one chosen bit can be perfectly obtained, whereas the other bit is destroyed with high probability. We prove that a malicious recipient performing an arbitrary sequence of strong and weak measurements can not obtain more information than an honest recipient performing only strong measurements. We show that errors on the two stored bits can be corrected by a pair of classical codes obtained from a quantum CSS code. We compare several popular CSS codes and obtain the best codes for different regimes of physical error rate, availability of chosen bit and availability of remaining bit. Finally, we show that the construction for 1/2 OTMs can be generalized into efficient constructions for 1/n OTMs and (n−1)/n OTMs.

Abstract: Canada has recently begun to work on the satellite-based QKD project, known as Quantum Encryption and Science Satellite (QEYSSat) mission. Its first satellite launch is expected in the year of 2023. As I am involved in this mission, I would like to introduce the new quantum source that is currently in the progress of development. The aim was to develop a quantum source for the entanglement-based QKD that can sufficiently overcome the current distance limits. By introducing some of the important criteria for building the source, I will explain what has been achieved, then how this in the end will take us one step further toward the future quantum network.

Abstract: In his seminal work on recording quantum queries [Crypto 2019], Zhandry studied interactions between quantum query algorithms and the quantum oracle corresponding to random functions. Zhandry presented a framework for interpreting various states in the quantum space of the oracle that can be used to provide security proofs in quantum cryptography. In this paper, we introduce a similar interpretation for the case when the oracle corresponds to random permutations instead of random functions. Because both random functions and random permutations are highly significant in security proofs, we hope that the present framework will find applications in quantum cryptography. Additionally, we show how this framework can be used to prove that the success probability for a k-query quantum algorithm that attempts to invert a random N-element permutation is at most O(k^2/N).

Abstract: Quantum Random Number Generators (QRNGs) are an integral part of cryptography. In this work, we exploit the relationship between the quality of randomness of discrete variable QRNGs(min-entropy(X)) and the quality of single photon source from SPDC sources (second-order correlation: g(2)(0)). This work provides another stitch between the two fields of information theory and quantum optics. We show the variation of the two parameters (min-entropy(X)) and b(=1- g(2)(0)) on various grounds, say, variation with orbital angular momentum (OAM) of the spatial mode, with time delay, etc. We propose a relationship between min-entropy(X) and g(2)(0) and also give a physical significance to min-entropy(X).

Abstract: We report a unidimensional two-way continuous-variable quantum key distribution protocol, which shows the potential of secure communication with simple modulation method in noisy situations.

Abstract: Abstract A Two-Mode Squeezed Vacuum (TMSV) is a quantum resource proven useful in several aplications in Quantum Technology, one of them being Quantum Key Distribution (QKD). Here we report the building of a TMSV source for use in QKD. Our system will comprise of two OPO, with its squeezed vacuum outputs combined in a balanced beam splitters. Active controls are employed for cavities stabilization, squeezing phase lock and relative phase lock between squeezed fields. The new cavity for the first OPO was designed and is in operation. Our target is to obtain 13 dB of corrected squeezing for the amplitude quadrature and a combined Duan inequality violation of up to 10 dB. We will show the status and our more recent results towards those goals.

Abstract: We propose a novel strategy of using the Gottesman-Kitaev-Preskill (GKP) code in a two-way repeater architecture with multiplexing. The crucial feature of the GKP code that we make use of, is the fact that GKP qubits easily admit deterministic two-qubit gates, hence allowing for deterministic entanglement swapping. Furthermore, thanks to the availability of the analog information generated during the measurement of the GKP qubits, we can design better entanglement swapping procedures between the multiplexed elementary links. To boost the loss-resilience of our encoded qubits, we consider a concatenation of the GKP code with the discrete variable [[7,1,3]] code which has already proven effective in the context of quantum repeater schemes. We find that our architecture allows for high-rate near-deterministic end-to-end entanglement generation with much larger repeater spacing than for the previously considered error-correction based repeater schemes.

Abstract: In this work, we present an open-source software platform that calculates key rate for general QKD protocols, building upon the numerical framework proposed by our group that can perform automated security proof of QKD protocols. The software platform is fully modularized with mutually independent modules for descriptions of protocols/channels, solvers for bounding key rate, and parameter optimization algorithms. It currently supports BB84 and measurement-device-independent QKD (including decoy states), as well as discrete-modulated continuous variable QKD. It also supports finite-size analysis for non-decoy-state protocols. We hope that the open-sourcing can attract theorists to test new protocols and/or contribute to new solvers, as well as appeal to experimentalists who wish to analyze their data or optimize parameters for new experiments.

Abstract: Quantum Key Distribution (QKD) is a fast growing scientific as well as commercial field. Governments as well as private businesses seek for enhanced security solutions that can withstand future hacking attacks on classical cryptographic protocols. Today, there exists a vast amount of different QKD protocols that claim to offer “unconditional” security. However, looking in more detail many subtleties lead to different security levels, or in worst-case scenarios to no security at all. Thus, it is of upmost importance to appropriately select and design QKD protocols and networks. In this work (presented as a poster), we present and compare three different QKD protocols, concerning their security, key-rate performance, and applicability especially for satellite-based QKD networks. Our main results from this study are presented and we introduce the key requirements and the basic workflow of the design and optimization of a trusted-node based and free European QKD network. Finally, realistic satellite missions and their expected secure key rates in various situations are presented.

Abstract: In this work, we incorporate decoy-state analysis into a well-established numerical framework for key rate calculation, and apply the numerical framework to decoy-state BB84 and measurement-device-independent (MDI) QKD protocols as examples. Additionally, we make use of "fine-grain statistics", a variation of existing QKD protocols to make use of originally discarded data and get better key rate. We show that such variations can grant protocols resilience against any unknown and slowly changing rotation along one axis, similar to reference-frame-independent QKD, but without the need for encoding physically in an additional rotation-invariant basis. Such an analysis can easily be applied to existing systems, or even data already recorded in previous experiments, to gain significantly higher key rate when considerable misalignment is present, extending the maximum distance for BB84 and MDI-QKD and reducing the need for manual alignment in an experiment.