Contact Info:

General Email: qcrypt2019@cs.mcgill.ca

Venue Address:

For web related issues please contact qcrypt2019web@cs.mcgill.ca

Skip to content
# QCrypt 2019

## 9th International Conference on Quantum Cryptography, held in Montreal, Canada, 26–30 August 2019

# Contact

Posted on by admin

Contact Info:

General Email: qcrypt2019@cs.mcgill.ca

Venue Address: 175 Avenue du Président-Kennedy, Montréal, QC, Canada

For web related issues please contact qcrypt2019web@cs.mcgill.ca

Controlling single-photon negative-feedback avalanche diodes using bright illumination

Nigar Sultana, Anqi Huang, Vadim Makarov, Thomas Jennewein

Any quantum key distribution (QKD) system trusts the detectors used for measuring the single-photons. However, in real world, their performance deviates from an ideal detector. Imperfections in the devices leave loopholes in the system that can lead to security threats. An eavesdropper Eve can get valuable partial or complete information on the key by exploiting various types of attacks. Here, we report blinding control of free-running negative feedback avalanche diodes, while these detectors are promising for long distance QKD applications because of their high quantum detection efficiencies at 1550 nm and low afterpulsing probability.

Michele Mosca

Michele Mosca is co-founder of the Institute for Quantum Computing at the University of Waterloo, a Professor in the Department of Combinatorics & Optimization of the Faculty of Mathematics, and a founding member of Waterloo’s Perimeter Institute for Theoretical Physics. He was the founding Director of CryptoWorks21, a training program in quantum-safe cryptography. He is a founder of the ETSI-IQC workshop series in Quantum-Safe Cryptography, and the not-for-profit Quantum-Safe Canada. He co-founded evolutionQ Inc. to support organizations as they evolve their quantum-vulnerable systems to quantum-safe ones and softwareQ Inc. to provide quantum software tools and services.

He obtained his doctorate in Mathematics in 1999 from Oxford on the topic of Quantum Computer Algorithms. His research interests include quantum computation and cryptographic tools designed to be safe against quantum technologies. He is globally recognized for his drive to help academia, industry and government prepare our cyber systems to be safe in an era with quantum computers.

Dr. Mosca’s awards and honours include 2010 Canada’s Top 40 Under 40, Queen Elizabeth II Diamond Jubilee Medal (2013), SJU Fr. Norm Choate Lifetime Achievement Award (2017), and a Knighthood (Cavaliere) in the Order of Merit of the Italian Republic (2018).

Building a more secure quantum future

Michele Mosca

While quantum computers will bring immense computing capability that cannot be achieved with any feasible amount of regular computing power, they also break some of the mostly widely used codes that we depend on to protect our digital systems. For the advent of a quantum computer to be a positive milestone in human history, we must first fix these fundamental building blocks of cyber security.

Come hear how this threat is actually a great opportunity to make our digital infrastructures more secure than they otherwise would be. And learn about the exciting science that underpins new tools for making our world more safe and secure, including quantum satellite communications.

10~Mb/s quantum key distribution

Zhiliang Yuan

I will start this talk with a review of various technological advances that have enabled the first 10 Mb/s quantum key distribution (QKD) system. I will then introduce our latest developments on photonic integration and implementation security of QKD optics.

Fundamental limits on key rates in DI-QKD

Eneet Kaur

Conditional mutual information-based measures such as intrinsic information and squashed entanglement have been important theoretical tools to obtain upper bounds on distillable secret-key rates, with the latter playing an important role for device-dependent quantum key distribution protocols. Inspired by this line of work, we propose an information-theoretic quantifier for Bell non-locality called intrinsic non-locality. It uses conditional mutual information to measure the deviation of a given bipartite correlation from one having a local-hidden-variable model. We prove that it satisfies certain desirable properties such as faithfulness, convexity, and monotonicity under local operations and shared randomness. Most especially, we then prove that intrinsic non-locality is an upper bound on the secret-key-agreement capacity of a large class of device-independent protocols conducted using a device characterized by a bipartite correlation. In other words, given a device characterized by such a bipartite correlation, the secret-key rate that can be extracted from this device with a device-independent protocol is bounded from above by intrinsic non-locality. Finally, we evaluate intrinsic non-locality to obtain an explicit bound on the secret-key rate that can be obtained from a specific bipartite correlation studied extensively in the device-independent literature.

Secure computing with classical and quantum resources

Stefanie Barz

Secure delegated computing is a key task for both classical and quantum networks. There exist both classical and quantum protocols for performing secure (quantum) computations in networks. In this talk, I will first give an overview of secure delegated quantum computing. Here, a client with no quantum-computational power can delegate a quantum computation to a fully fledged quantum server. I will particularly focus on experiments and vulnerabilities in the implementations. Further, I will focus on the interplay of classical and quantum approaches for delegated computing. I will demonstrate a way to perform classical (multiparty) computing amongst parties with limited computational resources. Our method harnesses quantum resources to increase the computational power of the individual parties. As particular examples, I will show how a client restricted to XOR gates can perform universal classical computation using single qubits. Further, I will demonstrate how a set of clients restricted to linear classical processing are able to jointly compute a non-linear multivariable function that lies beyond their individual capabilities. Finally, I will show proof-of-concept implementations using photonic qubits. Thus, this work highlights how minimal quantum and classical resources can be combined and exploited for classical computing.

Practical Quantum Security: A user perspective

Manfred Lochter

QKD is attracting more and more interest. In order to introduce QKD into networks, several aspects have to be considered. In the talk I will present BSI’s view on QKD, focussing mainly on security aspects. These security aspects include certification and approval requirements, evaluation criteria, the combination of QKD with “traditional” cryptography and the role of random number generation. I will argue that at the moment QKD is a technology that should only be used in hybrid modes, e.g. one should combine the Quantum Key-Agreement with a quantum-safe key-agreement in order to generate keys for symmetric encryption algorithms. It is well known that existing QKD devices are vulnerable to sidechannel atttacks. Therefore performance standards and evaluation criteria are needed, where evaluation should be performed according to internationally accepted criteria, e.g. the Common Criteria (CC). I will report on the status of a project that aims at developing a Protection Profile (PP) for QKD devices.

QKD based on satellite-ground entanglement distribution

Jigang Ren

Micius satellite was successfully launched into orbit in 2016. In the past three years, we have implemented a series of experimental works, including satellite-to-ground quantum key distribution, quantum entanglement distribution over 1000 km, ground-to-satellite quantum teleportation. The feasibility of a global quantum network has been demonstrated with ground quantum communication networks with optical fiber. In this report, we will present recent works based on Micius satellite, such as: space quantum key distribution and its application, quantum experiment based on quantum entanglement distribution, and expanded application of space quantum communication. The ongoing project in China of high orbit quantum satellite will also be introduced with results of several tests in ground.

Numerical analysis of decoy state BBM92 quantum key distribution protocol with multi-photon rejection source

Takumi Matsuura, Liang Min, Kazuhisa Ogawa, Atsushi Okamoto and Akihisa Tomita.

We have proposed that a modified Bennett-Brassard-Mermin92 (BBM92) protocol can reduce both zero-photon and multi-photon emission probabilities. In this report, we show by numerical simulation that the proposed methed allows over 300 km transmission with a standard fiber and avalanche photodiode based photon detectors.

An Integrated Photonic Chip for Measurement-Device-Independent Quantum Key Distribution

G Zhang, W Luo, X Y Wang, L Cao, X Q Zhou, J Zou, K J Wei, F H Xu, Y X Wang, X B Wang, L C Kwek and A Q Liu.

An integrated photonic transmitter chip for polarization-encoded measurement-device-independent quantum key distribution (MDI-QKD) is designed, fabricated and tested. The chip is capable of preparing four BB84 polarization states and demonstrates the potential of silicon photonics for quantum information applications.

Resource Analysis of Verifiable Quantum Secret Sharing on Quantum Repeater Networks

Mohammad Amin Taherkhani and Keivan Navi.

Quantum secret sharing (QSS) is one of the most important applications in the field of secure multi-party quantum computation \cite{Bro16}. Many variants of the algorithm have been proposed in theory from simple GHZ-state based to verifiable quantum secret sharing protocol as the more complex form of the algorithm \cite{Hil99}-\cite{Kog17}. Beside the theoretical efforts and also implementation of the small scale experimental setup \cite{Tit01}, the question for filling the gap between theoretical and experimental layers for engineering of practical QSS applications on large scale quantum repeater networks \cite{VanMeter14}-\cite{Dur99} remains open. In this work, we focus on analysis of quantum resources for execution of verifiable quantum secret on the end-nodes connected to entangled quantum network as a promising infrastructure for distributed secure quantum computation. The required quantum computational resources (in quantum gate level) and communication resources (number of Bell pairs and required fidelity) have been estimated in sharing phase, verification phase and reconstruction phase as the three separated phase of the protocol.

A quantum random number generator based on vacuum fluctuations with security against quantum side-information

Tobias Gehring, Cosmo Lupo, Arne Kordts, Dino Solar Nikolic, Nitin Jain, Stefano Pirandola, Thomas Brochmann Pedersen and Ulrik Lund Andersen.

Random numbers are the backbone of quantum key distribution and their quality have a profound impact on the security of the key. Quantum random number generators based on the homodyne measurement of vacuum fluctuations provide a simple but yet effective method. Here we present such a (dives dependent) quantum random number generator which provides security against quantum side-information without restrictions on the adversary. This is in contrast to previous implementations which achieved security against classical side-information only or against quantum side-information with the restriction of the adversary performing a homodyne measurement.

No purification in all discrete theories and the power of the complete extension

Marek Winczewski, Tamoghna Das, Karol Horodecki, Pawel Horodecki, Lukasz Pankowski, Marco Piani and Ravishankar Ramanathan.

Quantum theory has an outstanding property; namely each state has its well-defined purification – a state extremal in the set of states in larger Hilbert space. It is known that the classical theory and the theory of non-signaling boxes do not have purification for all of their states. These theories are examples of the so-called generalized probabilistic theories (GPTs). However, in any non-signaling GPT each state has several extensions to a larger system. We single out the most relevant among them, called a complete extension, unique up to local reversible operations on the extending system. We prove that this unique, finite dimensional extension bears an analogy to quantum purification in that (i) it allows for access to all ensembles of the extended system (ii) from complete extension one can generate any other extension. It then follows that access to the complete extension represents the total power of the most general non-signaling adversary. A complete extension of a maximally mixed box in two-party binary input binary output scenario is up to relabeling the famous Popescu-Rohrlich box. The latter thus emerges naturally without reference to the Bell’s non-locality. However, the complete extension is not a purification (a vertex) in the general case. Moreover, we show that all discrete convex theories do not provide purification for almost all of its states. In particular, the theory of contextuality does not possess purification. The complete extensions are by nature high- dimensional systems. However, we were able to provide an explicit structure of complete extension for the noisy Popescu-Rohrlich-boxes and the 3-cycle contextual box.

Controlling single-photon detector ID210 with bright light

Vladimir Chistiakov, Anqi Huang, Vladimir Egorov and Vadim Makarov.

We demonstrate that a commercially available single-photon detector ID Quantique id210 is vulnerable to blinding and can be fully controlled by bright illumination. This vulnerability can be exploited by an eavesdropper to perform a faked-states attack giving her full knowledge of the quantum key while leaving her completely unnoticed. This attack will work in a subcarrier-wave scheme QKD systems where quantum states are formed at spectral sidebands of an intense light through phase modulation and a major signal fraction is filtered out before detection. We have also suggested a simple optical scheme that could act as a potential countermeasure in SCW QKD.

Upper bounds on secure key against non-signaling adversary via non-signaling squashed secrecy monotones

Marek Winczewski, Tamoghna Das and Karol Horodecki.

We provide upper bounds on device independent key, secure against a non-signaling adversary (NSDI) achieved by a class of operations, currently used in both quantum and non-signaling device independent protocols. As the primary tool, we introduce a family of measures of non-locality by “squashing” secrecy monotones, known to upper bound the key rate in the secret key agreement scenario. In particular, a squashed secret key rate can be considered itself as an upper bound on the key in NSDI. However, we construct a much more computable example: – the non-signaling squashed intrinsic information of a conditional distribution (called squashed non-locality). We prove that the squashed non-locality exhibits several useful properties such as convexity, monotonicity, additivity on the tensor product of conditional distributions, and asymptotic continuity. Hence, as a measure of non-locality, it is interesting on its own. We demonstrate this approach by providing numerical upper bounds on this measure, suggests, in particular, that the non-locality and secrecy in NSDI are not equivalent. We construct explicit examples of a conditional distribution violating CHSH inequality, from which no key in NSDI can be obtained with direct measurements and public communication followed by classical post-processing. We define the secret key rate in terms of the complete extension, a counterpart of quantum purification in the non-signaling scenario, recently introduced in Winczewski et al. We show that the presented approach is equivalent to the already existing ones, including the one by Hanggi Renner and Wolf. Finally, we simplify the class of operations attaining maximal distinguishability of two devices with several unary inputs, and one input of arbitrary cardinality, which is of independent interest on its own in the context of Generalized Probability Theories.

Laser Annealing of InGaAs/InP SPADs for Application in QKD in Space

Mujtaba Zahidy, Nigar Sultana, Thomas Jennewein, Alberto Tosi, Fabio Signorelli, Klaus Pasquinelli, Andrea Giudice, Marta Bagatin, Simone Gerardin, Giuseppe Vallone and Paolo Villoresi.

Satellite based quantum communication is the promising way to realize quantum key distribution (QKD) in long intercontinental distances where optical fibers usually suffer from losses that increase exponentially with distance. InGaAs/InP single photon avalanche diodes (SPADs) are a suitable choice for daylight QKD due to relatively high detection efficiency in wavelength 0.9-1.7 $\mu$m, where background radiation is low. The performance of InGaAs/InP SPADs in terms of dark count rate (DCR) and afterpulsing makes this technology ready to be implemented in QKD systems on satellites. However, environmental conditions in outer space set crucial challenges in this respect.

In low-Earth orbits, space radiations, in the form of protons, electrons and heavy ions, can damage the semiconductor lattice of SPADs, introducing intra-bandgap energy levels that contribute to an increase in DCR and afterpulsing. Preserving SPADs and healing the damage in such environments is crucial for implementing satellite-based QKD, in which, for instance, DCR should be kept less than 200 cps.

Recently, it has been shown that deep cooling and thermal or laser annealing can fix the damage in silicon SPADs which were irradiated by high energy protons, thus recovering low DCR and low afterpulsing. We will perform laser annealing technique to heal or mitigate the damage caused by 3 $MeV$ proton beam irradiation on InGaAs/InP SPADs. Applying these techniques can recover the damages in the semiconductor lattice. These detectors involve multiple layers of InP, InGaAs and InGaAsP, with different doping levels. An important one is the n$+$ doped InP layer between absorption and multiplication regions that helps to shape the electric field and reduce field-assisted carrier generation in the absorption region. By choosing proper laser wavelength, we will investigate the effect of laser annealing both in the absorption and in the multiplication layers. Variation of DCR opens a backdoor to perform certain types of attacks to the QKD system. Our annealing technique can reduce the risk of such attacks.

AIT QKD Post Processing and Network Software

Oliver Maurhart, Christoph Pacher, Stefan Petscharnig and Michael Hentschel.

We present the software suite for QKD post processing and key distribution in trusted repeater networks that has been developed by AIT since 2004. This software provides a set of building blocks to integrate sifting, error estimation, error correction, confirmation, and privacy amplification. The software supports different DV- and CV-QKD protocols. Accompanying the basic QKD post-processing is the Quantum Point-to-Point Protocol (Q3P) node which enforces information-theoretically secure network peer-to-peer communication for classical applications.

Experimental demonstration of machine learning aided carrier phase recovery for CV-QKD

Hou-Man Chin, Nitin Jain, Darko Zibar, Tobias Gehring and Ulrik Andersen.

This work investigates the performance enhancement achieved by applying a Bayesian inference based carrier phase recovery algorithm to an experimental CV-QKD system modulating a Gaussian distribution in both optical quadratures.

Investigation of the dependence of noise characteristics of SPAD on the gate parameters in SWG single-photon detectors

Anton Losev, Vladimir Zavodilenko and Yuri Kurochkin.

We present a sine-wave gated single photon detector for quantum communication lines. In this report we give an investigation of the influence of gate parameters of the detector on different noise parameters of SPAD in the light of the developed circuit design.

Generalized framework for security analysis of continuous-variable quantum key distribution

Vladyslav Usenko.

We address security of practical continuous-variable quantum key distribution and develop a security analysis framework, which does not rely on phase-space symmetries of the signal states and correlations. In a general purification-based approach, following optimality of Gaussian collective attacks, we suggest designing an equivalent generally mixed two-mode state shared between the trusted parties and then purifying it using Bloch-Messiah decomposition. This allows to assess security of the schemes with arbitrary parameters, which can be typically expected in the experiments. It also allows to theoretically predict the role of asymmetries of signals and correlations on security of the protocols. Our method can be used for security analysis of practical continuous-variable schemes directly from the measured data without any symmetrization assumptions.

Array receiver for continuous variable quantum key distribution

Rupesh Kumar and Timothy P. Spiller.

Free-space quantum communication is an accelerating and highly active field for realizing long distance secure links using satellites and other areal platforms [1][2]. Compared to fibre based quantum key distribution system deployments, in free-space links, the quantum signal loss due to beam divergence reduces the secure key generation rate. Signal loss due to beam divergence highly affects the performance of continuous variable quantum key distribution (CV-QKD) system [3] howsoever its suitability for delivering keys under high background noise [4]. Larger aperture for receiver telescope can increase the signal to noise ratio (SNR) however it increases the cost of optical ground stations.

In this work, we will show an array configuration of optical receiver architecture that increases the signal collection efficiency at lower cost compared to single aperture telescope for CV-QKD. We show proof of principle experimental evidence- in terms of SNR and secure key rate, of the array receiver for CV-QKD.

Experimental demonstration of four-party conference key agreeement

Joseph Ho, Massimilliano Proietti and Alessandro Fedrizzi.

We report on an experimental proof-of-principle demonstration of conference key agreement using the N-party quantum conference key distribution (NQKD) scheme proposed by Grasselli and co-authors in [New J. Phys., 20, 113014]. We demonstrate the salient features of the protocol by implementing a high fidelity four-photon GHZ state based on heralded spontaneous parametric down conversion (SPDC) sources. Here a picosecond mode-locked laser (775 nm central wavelength and 80 MHz repetition rate) optically pumps two periodically poled KTP crystals embedded in Sagnac-type interferometers to produce polarization-entangled photon pairs at 1550 nm. After interfering one photon from each source on a polarizing beamsplitter the four-photon GHZ state is realized and sent through different lengths of optical fiber links for each party.

We perform parameter estimation outlined in the NQKD protocol, measuring in the XXXX and ZZZZ bases on the four photons to obtain the noise parameters Qx and Qz respectively. We evaluate the asymptotic key rates given by these noise parameters for a range of fiber lengths up to 50km and observe a reduction that scales with the expected transmission losses. We find the average value of Qz, which is the quantum bit error rate (QBER) shared by all parties, to be below 3% in all cases. We also examine finite key effects in the NQKD protocol by performing the additional steps of the protocol to establish >500000 raw bits prior to multiparty error correction and privacy amplification. We implement an active feedback procedure to stabilize the birefringent effects caused by the long fiber links, which otherwise introduces noise to the polarization encoded photons, and observe Qz to remain around 3% over the course of the longer measurement run.

Free-space Hong-Ou-Mandel interference under atmospheric turbulence

Shuang-Lin Li, Yu-Huai Li, Kui-Xing Yang, Yuan Cao, Juan Yin, Cheng-Zhi Peng and Jian-Wei Pan.

As a fundamental phenomenon of quantum mechanics, quantum interference makes quantum physics different from classical physics. Optical quantum interference plays essential roles in understanding the key concepts of quantum physics. Here, we experimentally demonstrate high visibility free-space Hong-Ou-Mandel interference with coherent pulses. A visibility of 0.408±0.008 is observed. With an additional SNSPD for the post-selection of intensity variation,the visibility is improved to 0.465±0.023, approaching the limitation of 0.5 for coherent states.

Experimental nonlocality-based randomness generation with nonprojective measurements

Santiago Gómez López, Alejandro Mattar, Esteban Gómez, Daniel Cavalcanti, Antonio Acín and Gustavo Lima.

We report on an optical setup generating more than one bit of randomness from one entangled bit. The amount of randomness is certified through the observation of Bell nonlocal correlation. To attain this result we implemented a high-purity entanglement source and a nonprojective three-outcome measurement. Our implementation achieves a gain of 27% of randomness as compared with the standard methods using projective measurements. Additionally, we estimate the amount of randomness certified in a one-sided device-independent scenario, through the observation of Einstein-Podolsky-Rosen steering. Our results prove that nonprojective quantum measurements allow extending the limits for nonlocality-based certified randomness generation using current technology.

Precision metrology of novel components for high bit rate QKD devices

Robert Kirkwood Starkwood, Ke Guo, Christopher Chunnilall, Alastair Sinclair, Taofiq Paraiso, Thomas Roger, Mirko Sanzaro, Innocenzo De Marco, Zhiliang Yuan and Andrew Shields.

Precise and accurate metrology is essential to assure correct operation of a QKD device as required by the security proof, and to identify whether any sidechannels have been created by the implementation. QKD hardware is developing rapidly and is transitioning to photonic integrated architectures to provide improvements in bit rate, affordability, power consumption, and form factor. Parallel advances in metrology are required to accommodate this new device technology.

The UK’s National Physical Laboratory (NPL) has expanded its measurement capability for characterising the quantum layer of QKD hardware in collaboration with Toshiba Research Europe Ltd (TREL), who have produced chip-scale components for GHz clock-rate phase-seeded QKD compatible with standard optical telecoms infrastructure [1,2].

We present SI-traceable measurements of a number of physical parameters performed at NPL. Reference laser light was used to interrogate on-chip interferometers, quantifying their response over a range of wavelengths and temperatures. The output of on-chip lasers which provide phase seeding and phase randomisation of the encoding states was characterised to verify the pulse-to-pulse dictation of optical coherence or phase randomisation.

[1] T K Paraiso et al., “On-chip modulator-free optical transmitter for quantum and classical communications”, Proc. SPIE 10921, 109210U, 2019;

[2] T K Paraiso et al., “A modulator-free quantum key distribution transmitter chip”, npj Quantum Information, 5 42, 2019.

This work has been funded by Innovate UK projects EQUIP (Project No: 103869) and AquaSeC (Project No: 104615), as part of the UK National Quantum Technologies Programme.

Hong-Ou-Mandel interference between heralded pulsed photon sources with PPKTP crystal at NIR wavelength

Bo Li, Yu-Huai Li, Yuan Cao, Juan Yin, Cheng-Zhi Peng and Jian-Wei Pan.

Heralded single photons with a wavelength of 780 nm were generated from 30-mm long PPKTP crystals. Under narrow band-pass ﬁltering, the spectral correlation was eliminated, and Hong-Ou-Mandel interference between two heralded single-photon sources was demonstrated.

Sensitivity analysis of Local-Local Oscillator CV-QKD by reference pulse modulation voltage fluctuation

Shengjun Ren, Shuai Yang, Adrian Wonfor, Richard Penty and Ian White.

If the digital-to-analog converter (DAC) present in Alice exhibits any deviation from ideal performance, this will lead to a large modulation voltage fluctuation after the amplification required to drive amplitude or phase modulators. Both the reference and signal pulses are produced using this distorted modulation signal, hence enhancing the inaccuracy of Bob’s phase estimation. The modulation noise (distortion) from the DAC voltage to the quantum signal is demonstrated in [6]. However similar modulation errors on the reference pulse have hitherto been ignored and thus its effect on LLO CV-QKD has been neglected. In this work, we investigate the origin of reference pulse modulation voltage fluctuations by comparing the performance of DACs (with and without amplifiers) with commercial arbitrary wave generators (AWG) for different modulation input waveforms.

Discrete-continuous variable quantum key distribution with untrusted homodyne measurement

Emilien Lavie.

We analysed the security of coherent states protocols with untrusted homodyne detection using a numerical method. We explored the gain of 3 main modifications such as sending more test states, using more measurement settings and slicing the outcomes. The preliminary results are promising for very short distances, but further work is required to make this design more robust to loss.

LEO trusted node constellations for global QKD

Antia Lamas-Linares, Tom Vergoossen, Robert Bedington, Sergio Loarte, Hans Kuiper and Alexander Ling.

The development of a truly global QKD distribution network requires the ability to distribute keys between any two ground stations. This can be achieved with a constellation of satellites acting as trusted nodes communicating with accessible ground stations. Based on the work published by IQC we model different combinations of ground stations and constellation configurations. We consider night time operation and cloud cover and use the real data from the Micius satellite to verify our model.

The operational concept is that the satellites build up a buffer of secure key with every ground station they pass. At a later time, when two ground nodes wish to communicate securely, a symmetric key can be produced by performing an XOR on the buffered keys held within the satellites for the two ground nodes. These XOR keys are delivered classically via relay nodes in higher orbits (e.g. geostationary) to allow for secure communications with minimal latency. Inter-satellite QKD links are not required, but can be used to balance the stored keys between satellites and thus maximise the options available for XOR keys. Trade-offs of different constellation types, key usage patterns, and ground node arrangements will be discussed along with the latest satellite QKD developments from CQT and their spin out company SpeQtral.

Quantum key repeater based quantum networks for secret sharing

Minjin Choi and Soojoon Lee.

Sharing a perfectly secure secret sharing state is a way to perform a secure secret sharing in quantum networks. The first model that we consider is a star-shaped network where a one-way quantum key repeater is centrally located and connects users. We also consider another model with a one-way quantum key repeater that connects groups of users. In both cases, we show that users cannot obtain any high quantum-key-repeater rate from the preshared states with low distillable entanglement.

Characterization of Gram matrices of multimode coherent states

Ashutosh Marwah and Norbert Lutkenhaus.

Quantum communication protocols are typically formulated in terms of abstract qudit states and operations, leaving the question of an experimental realization open. Direct translation of these protocols, say into single photons with some d-dimensional degree of freedom, are typically challenging to realize. Multimode coherent states, on the other hand, can be easily generated experimentally. Reformulation of protocols in terms of these states has been a successful strategy for implementation of quantum protocols. Quantum key distribution and the quantum fingerprinting protocol have both followed this route. In this paper, we characterize the Gram matrices of multimode coherent states in an attempt to understand the class of communication protocols, which can be implemented using these states. As a side product, we are able to use this characterization to show that the Hadamard exponential of a Euclidean distance matrix is positive semidefinite. We also derive the closure of the Gram matrices, which can be implemented in this way, so that we also characterize those matrices, which can be approximated arbitrarily well using multi-mode coherent states. Using this we show that Gram matrices of mutually unbiased bases cannot be approximated arbitrarily well using multi-mode coherent states.

Quantum model of decoherence for coherent states in the fiber optical channels

Andrei Gaidash, Anton Kozubov and George Miroshnichenko.

Recently we proposed the quantum model of decoherence in polarization domain for the fiber optical channels. The latter paper describes various polarization-related effects (birefringence, dichroism, etc.) considering dynamics of single photons, which is essential for the original BB84 quantum key distribution protocol. However, protocols that utilize coherent states became popular, especially decoy states protocol. Therefore, we would like to present at QCRYPT’19 continuation of proposed work considering dynamics of multi-mode (both spectral and polarization modes) coherent states in the fiber optical channels. Study of considered effects allows to develop compensating/filtering/recovering countermeasures in order to provide better performance of quantum key distribution real-life implementations.

Measurements towards providing security assurance of the UKQNtel QKD link

Anthony Vaquero-Stainer, Christopher Chunnilall, Alastair Sinclair, Catherine White, Joseph Pearse, Adrian Wonfor, Andrew Lord and Timothy Spiller.

The UKQNtel is a recently installed, commercial-grade, QKD link that directly connects the research facilities of BT Labs and the University of Cambridge. It uses ID Quantique QKD hardware over 125 km of standard BT optical fibre between Cambridge and Adastral Park. Three BT Exchanges act as trusted nodes along the route. The link forms part of the UK Quantum Network (UKQN) being built by the Quantum Communications Hub, a collaboration between research and industry, supported by the UK National Quantum Technologies Programme. It is intended to host trial projects focused on quantum secure network technologies and services with potential for commercial exploitation by industry.

Although QKD protocols can be proven unconditionally secure in theory, differences between the physically implemented system and its theoretical model can introduce vulnerabilities. Physical characterisation is therefore important in assessing the security claims of practical QKD systems.

The National Physical Laboratory (NPL) has previously developed SI-traceable single-photon measurements for the quantum layer of GHz-clocked QKD systems which implement the BB84 protocol in the 1550 nm telecom band using phase encoding and gated detectors.

NPL is working with the Quantum Communications Hub to extend its measurement capability and develop a suite of measurements to characterise the operating quantum-layer physical properties of the UKQNtel link. The link implements the coherent one-way protocol over a quantum channel at 1310 nm with classical and QKD service channels in the 1550 nm band. Free-running single- photon avalanche detectors are used in the receivers.

Important transmitter properties include the mean photon number, temporal band- width and jitter of the single-photon pulses, as well as their spectral content. For the COW protocol, the coherence between pulses is an important parameter. Receiver properties primarily concern the single-photon detectors, for example their dark count probability, after-pulse probability and detection efficiency. Measurements which test for vulnerabilities to hacking attacks are also required.

The results of measurements which are first being performed at BT Adastral Park (transmitter) and subsequently at Cambridge University (receiver) will be presented.

Single-photon interference at telecom wavelength with 42.66 GHz repetition rate

Sophie Zeiger, Fabian Laudenbach, Bernhard Schrenk, Michael Hentschel, Hannes Hübel and Christoph Pacher.

We present an ultrafast source for telecom photon pairs based on parametric downconversion in a ppKTP crystal. Our source is pumped by a self-assembled 777 nm picosecond laser, operating at a tunable repetition rate of up to 42.66 GHz, and emits photons of high spectral purity.

Key distribution in Quantum Computational Hybrid (QCH) security model with performance beyond QKD

Nilesh Vyas and Romain Alléaume.

We define the Quantum Computational Hybrid (QCH) security model in the following way: computational encryption is assumed to be perfectly secure during a relatively short computational time, while quantum storage coherence time is assumed to be much smaller than computational time.

In this QCH model, we introduce a novel generic construction, that we call Quantum Computational Time-lock (QCT). In QCT, Alice and Bob perform quantum communication on a d-dimensional quantum channel and are allowed to send the order of d classical secret k, before the quantum communication. A natural question is whether QCT allows for better performance or functionality, in quantum cryptography.

We answer positively to this question by proposing an explicit key distribution protocol using the QCT construction, where we encode a classical string, X of log(d) bits on a quantum state using a full set of (d + 1) MUBs. The security of the protocol is proved using the assumptions of QCH model, which restricts an adversary to perform immediate measurement on receiving the quantum state and use the post-measurement information at the end of computational time to decode the key bits, rather than storing the state in a quantum memory. Our proof is related to quantum state discrimination with post-measurement information as described by (S. Wehner et al., Physical Review A 82, 022326 (2010)). Here, we bound the information, that an adversary can extract, by calculating the maximum success probability or the guessing probability to guess the key bits. We proved that for the aforementioned encoding, the guessing probability is of the order of O(1/√d). Our protocol can allow sending multiple copies of the quantum state unlike in QKD. We show that when restricting an adversary to perform the individual measurement, m< <√d copies of the quantum state could be sent while still guaranteeing the security of the protocol. This is an important practical gain over QKD which can exhibit a high tolerance to errors and to losses and can have performance beyond QKD, while still guaranteeing everlasting security.

Quantum model of decoherence in polarization domain for the fiber channel

Anton Kozubov, Andrei Gaidash and George Miroshnichenko.

In this work we consider the Liouville equation; it describes the dynamics of the photon density matrix in the Schrödinger representation based on Markov approximation in the channel without dispersion. The equation contains a relaxation superoperator dependent on the phenomenological parameters of the optical fiber. These parameters allow to take into account the phenomena of birefringence and optical activity, isotropic absorption and dichroism. We also present in our work that these parameters affect not only the polarization of the states but the length of Stokes vector. Hence developed technique describes the decoherence process in the polarization domain in quantum case and allows to analyse the dynamics of single-photon states in quantum (depolarizing) channel more properly. We also present the visual illustration of polarization states evolution in polarization-coded quantum key distribution BB84 protocol as an example. We estimate quantum bit error rates dependence on channel length. Also we examine maximal allowed channel length dependent on various configurations of channel parameters.

Security of the round-robin differential phase shift protocol with a non-i.i.d. source and an imperfect passive phase modulation

Takaya Matsuura, Toshihiko Sasaki and Masato Koashi.

We consider the security of the round-robin differential phase shift quantum key distribution protocol with a faulty transmitter. Our special interest is the security with the use of correlated pulse source, which has not been dealt with in the past. We propose a scheme for modifying the experimental setups of the transmitter used in the RRDPS protocol in order to ensure the security of the protocol with the use of correlated pulse source. This setup is also expected to allow the use of imperfect passive phase modulator as an encoder.

True randomness certified from loop-hole free Bell test

Xing Chen, Ilja Gerhardt, Jörg Wrachtrup, Robert Garthoff, Kai Redeker and Wenjamin Rosenfeld.

The loop-hole free test of Bell’s inequality allows to prove the quantum and non-local character of nature. It further allows to certify quantum random numbers with a very limited set of prior assumptions [1,2]. The randomness certified by Bell’s theorem was extracted by singlet probability $p(a|x)$ in previous studies, which does not fully extract the device-independent (DI) randomness in the experimental data. For instance, from the singlet probability $p(a|x)$, when the Bell-parameter of the Clauser-Horne-Shimony-Holt (CHSH) inequality equals to $2\sqrt{2}$, the DI randomness in per raw event data (one event data means the output data $a,b$ from one experimental run) is 1.23 bits [3,4,5], while with the singlet probability $p(a|x)$, only 1 bit DI randomness can be extracted.\\

A more precise and smaller upper bound has been deduced by semi-defined-programs (SDP), but it is not convenient for practical use and it is difficult to guarantee the security of the randomness from SDP. Here, we develop an analytic upper bound for joint outcome probability $p(ab|xy)$, such we can extract all the DI randomness from the Bell test data. Note that this upper bound of $p(ab|xy)$ is derived from the worst guessing probability with input $x,y$ and output $a,b$. Subsequently, there are no extra assumption about the experimental devices, so with this upper bound of $p(ab|xy)$, the randomness from the experimental data can still be considered as device-independent.\\

A weaker limit for the extraction of randomness from experimental data is the bound on so-called semi-device-independent (SDI) conditions. These utilize e.g.\ dimension witnesses [6,7]. Here a smaller upper bound of $p(ab|xy)$ is derived, and substantial more randomness can be extracted than in the device-independent cases. With this new bound of $p(ab|xy)$, even when the Bell-parameter of CHSH inequality equals to 2 or slightly below, certified randomness can still be extracted under certain conditions. Of course the number of assumptions is increased accordingly.\\

The Bell-test data from the loop-hole free experiment in Munich was analyzed [8]. In this experiment, 55568 events were recorded. Among them, 27683 events were acquired for the $\ket{\psi^-}$ state, and 27885 events data for $\ket{\psi^+}$ state. Take $\ket{\psi^+}$ as an example, the correlation value of the $\ket{\psi^+}$ data is $2.085\pm0.02$ [8]. With the model in~\cite{pironio_nature_2010}, the DI randomness in per raw outcome data is 0.032 bits. In our updated model, the DI randomness in per event data can be increased to 0.062 bits. This implies that 94\% more randomness from the same experimental data can be extracted. If we relax the conditions to the extraction of semi-device-independent conditions 0.091 bits of randomness per raw event can be extracted, which exceeds the prior values by approx.\ 47\%.

[1] R. Colbeck, PhD dissertation, Univ. Cambridge (2009).

[2] S. Pironio, A. Ac´ın, S. Massar, A. B. de la Giroday, D. N. Matsukevich, P. Maunz, S. Olmschenk, D. Hayes, L. Luo, T. A. Manning, et al., Nature 464, 1021 EP 2010).

[3] A. Acin, S. Massar, and S. Pironio, Phys. Rev. Lett. 108, 100402 (2012).

[4] H.-W. Li, P. Mironowicz, M. Paw lowski, Z.-Q. Yin, Y.-C. Wu, S. Wang, W. Chen, H.-G. Hu, G.-C. Guo, and Z.-F. Han, Phys. Rev. A 87, 020302 (2013).

[5] J.-D. Bancal, L. Sheridan, and V. Scarani, New Journal of Physics 16, 033011 (2014).

[6] J. Bowles, M. T. Quintino, and N. Brunner, Phys. Rev. Lett. 112, 140407 (2014).

[7] T. Lunghi, J. B. Brask, C. C. W. Lim, Q. Lavigne, J. Bowles, A. Martin, H. Zbinden, and N. Brunner, Phys. Rev. Lett. 114, 150501 (2015).

[8] W. Rosenfeld, D. Burchardt, R. Garthoff, K. Redeker, N. Ortegel, M. Rau, and H. Weinfurter, Phys. Rev. Lett. 119, 010402 (2017).

Quantum Key Distribution System Immune to Polarization-Induced Signal Fading with Quarter-Wave Plate Reflector-Michelson Interferometers

Huaxing Xu, Shaohua Wang, Yang Huang, Yaqi Song and Changlei Wang.

We design a quarter-wave plate reflector-Michelson interferometer based intrinsic-stabilization QKD system, which can be free of polarization disturbances caused by quantum channel and optical devices. The experimental result shows that the QKD system has long-term low quantum bit error rate, and the safe key rate is about 7.34 kbps over 50.4 km standard optical fiber in the lab.

An improved shot-noise unit calibration method for continuous-variable quantum key distribution

Yichen Zhang, Yundi Huang, Zhengyu Li, Bingjie Xu, Song Yu and Hong Guo.

We propose a new shot-noise unit(SNU) calibration method for continuous-variable quantum key distribution, the proposed calibration method only demands one step to evaluate the SNU, which can not only simplify system implementations and calibration procedure, but also reduce the statistical fluctuations from the finite sampling signals. The secret key rate calculation is compared with the conventional method of SNU calibration based on the derived entanglement-based model.

Numerical Calculations of Finite Key Rate for General QKD Protocols

Ian George and Norbert Lutkenhaus.

A great deal of theory over the past 15 years has been developed for calculating the key rate for provably secure quantum key distribution (QKD). Of particular interest to actual implementation of QKD is the finite key rate which takes into account that only a finite number of signals are exchanged, and thus there are correction terms with respect to the asymptotic key rate. Furthermore, unlike the asymptotic analysis, finite key analysis is able to address the most general class of attacks by an eavesdropper Eve, referred to as coherent attacks. Our work focuses on designing a numerical method to calculate tight finite size key rates that can be used for general QKD protocols without relying on special structures in the protocol. This bridges the gap between the theoretical analysis and the actual implementation for a large class of protocols. The hope is for this software to ultimately be useful for the implementer of a QKD protocol to be able to check the security of their implementation given their empirical data and their specific protocol with ease.

Field trial of a finite-key quantum key distribution system in the Florence metropolitan area

Davide Bacco, Ilaria Vagniluca, Beatrice Da Lio, Nicola Biagi, Adriano Della Frera, Davide Calonico, Costanza Toninelli, Francesco Saverio Cataliotti, Marco Bellini, Leif Katsuo Oxenløwe and Alessandro Zavatta.

In-field demonstrations in real-world scenarios boost the development of a rising technology towards its integration in existing infrastructures. Although quantum key distribution (QKD) devices are already adopted outside the laboratories, current field implementations still suffer from high costs and low performances, preventing this emerging technology from a large-scale deployment in telecommunication networks.

Here we present a simple, practical and efficient QKD scheme with finite-key analysis, performed over a 21 dB-losses fiber link installed in the metropolitan area of Florence (Italy). Coexistence of quantum and weak classical communication is also demonstrated by transmitting an optical synchronization signal through the same fiber link.

Satellite-based links for Quantum Key Distribution: beam effects and weather dependence

Carlo Liorni, Hermann Kampermann and Dagmar Bruß.

The technical requirements to deploy quantum communication protocols on ground-based fiber networks are very demanding, when global distances are pursued. A very appealing alternative is represented by satellite-based optical links. Such free-space links will exhibit fluctuating performances, depending on the weather conditions in the site of the ground station. In this work we address the problem of estimating the Probability Distribution of the Transmittance in both satellite-to-ground and ground-to-satellite configurations, taking into account the contribution of the turbulence and the presence of scattering particles like haze or fog droplets. This information is then used to assess the performances of the channel when used for Quantum Key Distribution. We calculate weather-dependent secret key rates, focusing in particular on two implementations of the famous BB-84 protocol with polarization encoding, using true-single-photon sources or Weak Coherent Pulses. We take into account finite key corrections and show that they can be quite detrimental, due to the short duration of the satellite pass. We analyse the performances of both medium-sized satellites and nano-satellites, very appealing for their low cost and easy deployment.

Such satellite-based optical links can be used in conjunction with quantum repeater stations to achieve truly global distances. This solution has the important benefit that only few repeaters are necessary, while usually hundreds of them are used in ground-based implementations. The integration between satellite-based links and ground repeater networks can be envisaged to represent the backbone of the future Quantum Internet.

POVM based quantum random number generator

Hamid Tebyanian, Marco Avesani, Giuseppe Vallone and Paolo Villoresi.

Randomness is a fundamental feature of quantum mechanics, which is an invaluable resource for both classical and quantum technologies. Typically the amount of random bits that can be certified is bounded by the dimension of the measured quantum system. In this work, we show that using Positive Operator Valued Measurement (POVM) is possible to arbitrarily increase the number of certified bits for any fixed dimension. Moreover, the use of POVM makes it possible to verify the randomness without any assumption on the source. The amount of extractable random bits is estimated by optimizing the bounded conditional min-entropy over all possible eavesdropper strategies. The optimization problem is solved analytically and checked numerically, through semidefinite programming (SDP). Moreover, it is shown that by increasing the number of POVMs, the amount of extractable random bits grows accordingly. Lastly, we experimentally demonstrate our method with a compact Quantum Random Number Generator that employs qubits and POVM up to 6 outcomes.

Random numbers are necessary for many different applications, ranging from simulations to cryptography and tests of fundamental physics. Despite their everyday use, the generation and certification of randomness is a complicated task. Classical processes cannot generate genuine randomness since the laws of classical physics are fully deterministic. Thus, it is impossible to certify the randomness and the privacy from a classical process since, in theory, the result can be always be predicted by the user or by a malicious attacker. On the other hand, randomness is an intrinsic feature of quantum mechanics due to the probabilistic nature of its laws. The outcome of some processes cannot be predicted in any way by any observer, even if all the properties of the system are known with absolute precision. However, the generation and certification of randomness, even from quantum processes, always requires some assumptions. The tightest type of certification is given by Device- Independent (DI) protocols where the violation of a Bell inequality can certify the randomness and the privacy of the numbers without any assumption on the devices used. Unfortunately, DI-QRNG are extremely demanding from the experimental point of view and provide performance that cannot satisfy the needs of practical implementations. Recently a new class of protocols, called Semi-Device-Independent have been proposed as a compromise between the DI and the trusted ones. They work in the same scenario of DI but make some weak assumptions on the inner working of the devices. Nevertheless, almost all the DI and SDI protocol discussed employ projective measurements, thus limiting the maximal certification to 1 bit per measurement. While projective measurements can only certify up to one bit of randomness for every pair of qubits, POVM can saturate the optimal bound of more than one bit (depends on POVM).

In this work, we focus on the prepare and measure scheme, where coherence is the resource. We show that

using POVM increases the number of random bits that can be certified per measurement but also the security is improved, since the certification is done without any assumption on the source, in a Source-Device-Independent (SDI) way. We explicate that the amount of randomness, for a fixed dimension of the POVM, scales with the num- ber of POVM outcomes, consequently that an unbounded amount of random bits can be certified for any dimension of the measured quantum system. Next, we experimentally validate our findings for a two-dimensional system with performing three, four, and six numbers of POVM outcomes with a facile optical setup.

Bipartite and multipartite QKD via single-photon interference

Federico Grasselli, Álvaro Navarrete, Marcos Curty, Hermann Kampermann and Dagmar Bruss.

Twin-Field (TF) QKD has been proven to beat the point-to-point private capacity of a lossy quantum channel, thanks to performing single-photon interference in an untrusted node. We focus on the TF-QKD protocol introduced by Curty et al., whose security relies on the estimation of the detection statistics of Fock-states through the decoy-state method. We derive analytical bounds on these quantities assuming either two, three or four independent decoy intensity settings for each party, and we investigate the protocol’s performance. We show that two decoy intensity settings are enough to beat the point-to-point private capacity of the channel, that the protocol is fairly robust against uncorrelated intensity fluctuations of the optical pulses and that one can extract a secret key even when the losses in the two channels are highly asymmetric.

We then generalize the protocol to the multipartite scenario, by devising a conference key agreement (CKA) protocol where the users simultaneously distill a secret conference key through single-photon interference. The new CKA is better suited to high-loss scenarios than previous multipartite QKD schemes and employs for the first time a W-class state as its entanglement resource. We compare its performance with the iterative use of bipartite QKD protocols.

Inﬂuence of the Imperfect Faraday Mirror on the Continuous Variable Quantum Key Distribution System

Cao Zhengwen and Liang Kexin.

The polarization state of the photon will be deflected by 90◦under the action of the Faraday Mirror (FM), which plays an important role in a continuous variable quantum key distribution (CVQKD) system for the reason of the following polarization multiplexing process. However, there may exist a rotating angle deviation (θ) in the actual situation that can affect the performance of the CVQKD system. Here we study the influence of the imperfect FM on the system performance of the CVQKD system under realistic conditions of quantum channel and detector. The result shows that the secret key rate of the CVQKD system changes periodically as the increase of θ, and within a period, the values of the secret key rates are distributed symmetrically with respect to the central value of the period. Given this periodicity and symmetry, the work can help us solve the problem of how to better ensure the performance of the CVQKD system with imperfect FM.

Test of Local Realism into the Past without Detection and Locality Loopholes

Ming-Han Li, Cheng Wu, Yanbao Zhang, Wen-Zhao Liu, Bing Bai, Yang Liu, Weijun Zhang, Qi Zhao, Hao Li, Zhen Wang, Lixing You, W. J. Munro, Juan Yin, Jun Zhang, Cheng-Zhi Peng, Xiongfeng Ma, Qiang Zhang, Jingyun Fan and Jian-Wei Pan.

Inspired by the recent remarkable progress in the experimental test of local realism, we report here such a test that achieves an efficiency greater than (78%)^2 for entangled photon pairs separated by 183 m. Further utilizing the randomness in cosmic photons from pairs of stars on the opposite sides of the sky for the measurement setting choices, we not only close the locality and detection loopholes simultaneously, but also test the null hypothesis against local hidden variable mechanisms for events that took place 11 years ago (13 orders of magnitude longer than previous experiments). After considering the bias in measurement setting choices, we obtain an upper bound on the p value of 7.87 × 10^−4, which clearly indicates the rejection with high confidence of potential local hidden variable models. One may further push the time constraint on local hidden variable mechanisms deep into the cosmic history by taking advantage of the randomness in photon emissions from quasars with large aperture telescopes.

Machine learning continuous-variable quantum key distribution

Qin Liao, Hai Zhong and Ying Guo.

We propose a brand-new protocol called machine learning continuous-variable quantum key distribution (ML-CVQKD), aiming to break the limitation of traditional pattern in CVQKD and establish a cross research platform between CVQKD and machine learning. ML-CVQKD divides the whole system into state learning process and state prediction process. The former is used for training and estimating quantum classifier, and the latter is used for predicting unlabeled signal states. Meanwhile, a quantum multi-label classification (QMLC) algorithm is designed as an embedded classifier for ML-CVQKD. Feature extraction for coherent state and machine learning-based criteria for CVQKD are successively suggested. QMLC-embedded ML-CVQKD protocol could improve the performance of CVQKD system in terms of both secret key rate and transmission distance, and it provides a novel approach for improving the practical CVQKD system.

Switch-based quantum network for the cost reduction of QKD

Alexander Duplinskiy, Oleg Fat’yanov, Igor Pavlov, Aleksey Fedorov, Vladimir Kurochkin and Yury Kurochkin.

Quantum key distribution (QKD) allows one to establish a secure data link between two distant users – the transmitter (Alice) and the receiver (Bob). QKD between two users is only the first stage of this novel technology. For its widespread adoption, it is necessary to develop multi-user quantum networks that are the basis for the success of future quantum information technology. Currently, such networks are often deployed as part of conventional urban fiber-optic networks, although large-scale implementation still remains a major challenge [1]. Communication via fibers is carried out by single photons. Therefore, there is a fundamental limitation on the length of a quantum communication channel due to the increase of losses in optical fiber as its length increases. To enlarge the operational QKD distance, successive links from the trusted nodes with Alice and Bob are constructed that are connected by fiber-optic lines up to 100 km long. The longest network, about 2000 km, consists of 32 point-to-point nodes each of which contains both a transmitter and a receiver [2].

The ubiquitous commercial application of quantum networks requires a significant cost reduction of QKD equipment. Usually the receiver is more expensive than transmitter: the former employs two or more pricely single-photon detectors. We propose a practical solution that will reduce the cost of extended quantum networks. The main idea is to employ only one communication device – either a receiver or a transmitter – in each trusted node, in contrast to the standard solution where both devices are installed in the node (see Fig. 1). At first, the fiber-optic switches (FSW) provide pair-wise links between two neighboring communication nodes (A and B to the right of it). Then other neighboring nodes are connected (A and B to the left of it). This circuit will provide continuous encryption of the transmitted data with a quantum key. For a system with the transmission set-up time of up to 5 minutes and the duration of a communication session of 30 minutes between switching, the QKD rate will be ~40% of that in a conventional system without switches. The main parameters of QRate commercial QKD system are summarized in [3].

Fig.1. A – transmitter, В – receiver, QC – quantum channel, FSW – fiber switch.

1. Qiang Zhang, Feihu Xu, Yu-Ao Chen et al., Optics express, 26, 24260, (2018).

2. J. Qiu, Nature 508, 441, (2014).

3. A.V. Duplinskiy, E.O. Kiktenko, N.O. Pozhar et al., J. Russ. Laser Res. 39, 113, (2018).

Atmospheric continuous-variable quantum key distribution based on adaptive optics

Geng Chai, Zhengwen Cao, Peng Huang and Guihua Zeng.

In order to effectively suppress the excess noise through correcting the turbulence-induced distortions on the quality of the propagated quantum signal, we study the feasibility of adaptive optics (AO) in continuous-variable quantum key distribution (CVQKD) over the atmospheric link. The results show that phase-only AO compensation exhibits excellent performance in controlling the excess noise, which is embodied in substantially extending the secure propagation distance and improving the secret key rate of CVQKD. And thereby the development and improvement of AO has the potential advantage to break the distance constraints of free space due to turbulence-dominated factors.

High Accuracy Phase Compensation Scheme in Continuous-Variable Quantum Key Distribution

Dengwen Li, Peng Huang, Tao Wang, Shiyu Wang, Rui Chen and Zeng Guihua.

Phase compensation is a dispensable procedure to reduce the difference between legitimate parties in continuous-variable quantum key distribution (CVQKD) because of the unavoidable phase drift of the quantum signals. However, it is a difficult task to compensate the fast drifted phase accurately. Here, we propose a novel phase compensation scheme based on an optimal iteration algorithm. Analysis shows that this scheme can make the phase compensation reach a higher precision level while simultaneously ensuring the efficiency. When the accuracy is determined, we can minimize the number of iterations by controlling the step-length to increase the algorithm efficiency. Moreover, we can improve the accuracy of phase compensation by means of changing the step-length. This work breaks the bottleneck of accuracy problem in phase compensation and contributes to the performance of the whole CVQKD system.

Feasibility of All-day Quantum Communication with Coherent Detection

Shiyu Wang, Peng Huang, Tao Wang, Hongxin Ma, Dengwen Li and Guihua Zeng.

To construct global quantum communication networks, reliable free-space quantum key distribution is essential, while there has appeared a bottleneck severely hindering the practical implementation, i.e., background noises. Rather than questing for filters closer to ultimate performance, we seek a preferable solution from continuous-variable techniques employing coherent detection. In this regard, we investigate the dependence of continuous-variable quantum key distribution performance on background noises, whose validity is experimentally verified. Results indicate effective resistance against background noises. This characteristic demonstrates the feasibility of all-day free-space quantum communication using coherent detection, thus offering an alternative candidate for building the networks.

Predicting Optimal Parameters using Random Forest for Quantum Key Distribution

Huajian Ding, Jing-Yang Liu, Chun-Mei Zhang and Qin Wang.

For practical decoy-state quantum key distribution (QKD) in finite-data case, a full parameter optimization greatly improves its key rate. To gain such optimal performance, search algorithms are used quite frequently despite the relevantly high time and space overhead, especially in complicated QKD systems or large scale QKD networks. Here, we present a different method with random forest to predict rather than search the optimal parameters according to the given system conditions. Firstly, we select symmetric 3-intensity measurement-device-independent QKD (MDI-QKD) as an example to show our method’s prediction accuracy and computational speed. Moreover, we construct another model applicable to both BB84 and MDI protocol for parameters prediction simultaneously. The numerical simulations demonstrates our predicting method enjoys a low time and space overhead than traditional search methods. Meanwhile, compared with similar works, our method achieves a high accuracy and generalization capability proved by thousands of tests.

Hyperentangled Time-bin and Polarization Quantum Key Distribution

Joseph Chapman, Charles Ci Wen Lim and Paul Kwiat.

Fiber-based quantum key distribution (QKD) networks are currently limited to metropolitan distances without quantum repeaters. To reach longer distances, satellite-based QKD links have been proposed to extend the network domain. We have developed a quantum communication system suitable for realistic satellite-to ground communication. With this system, using polarization entangled photons, we have executed an entanglement-based QKD protocol developed by Bennett, Brassard, and Mermin in 1992 (BBM92), achieving quantum bit error rates (QBER) below 2%. More importantly, we demonstrate low QBER execution of a higher dimensional hyperentanglement-based QKD protocol (HEQKD) using photons simultaneously entangled in polarization and time-bin. We verify the security of our protocol using a rigorous, nite-key analysis, and show that it is suitable for a spaceto-ground link, after incorporating a certain Doppler shift compensation scheme. Finally, we demonstrate a distinct advantage to using HEQKD over BBM92.

Discrete-modulated continuous-variable measurement-device-independent quantum key distribution

Hong-Xin Ma, Peng Huang, Dong-Yun Bai, Tao Wang, Shi-Yu Wang, Wan-Su Bao and Gui-Hua Zeng.

We propose a long-distance continuous-variable measurement-device-independent quantum key distribution (CV-MDI-QKD) protocol with discrete modulation. This kind of discrete-modulated schemes have good compatibility with efficient error correction code, which lead to higher reconciliation efficiency even at low signal-to-noise ratio (SNR). Security analysis shows that the proposed protocol is secure against arbitrary collective attacks in the asymptotic limit with proper use of decoy states. And with the using of discrete modulation, the proposed CV-MDI-QKD protocol has simpler implementation and outperform previous protocols in terms of achievable maximal transmission distance, which precisely solve the bottleneck of the original Gaussian-modulated CV-MDI-QKD protocol.

Smart contracts meet quantum cryptography

Andrea Coladangelo.

We put forward the idea that classical blockchains and smart contracts are potentially useful primitives not only for classical cryptography, but for quantum cryptography as well. Abstractly, a smart contract is a functionality that allows parties to deposit funds, and release them upon fulfillment of algorithmically checkable conditions, and can thus be employed as a formal tool to enforce monetary incentives. In this work, we give the first example of the use of smart contracts in a quantum setting. We describe a hybrid classical-quantum payment system whose main ingredients are a classical blockchain capable of handling stateful smart contracts, and quantum lightning, a strengthening of public-key quantum money introduced by Zhandry [Cryptology ePrint Archive, Report 2017/1080, 2017]. The resulting hybrid payment system uses quantum states as banknotes and a classical blockchain to settle disputes and to keep track of the valid serial numbers. It has several desirable properties: it is decentralized, requiring no trust in any single entity; payments are as quick as quantum communication, regardless of the total number of users; when a quantum banknote is damaged or lost, the rightful owner can recover the lost value.

Satellite quantum key distribution under restricted eavesdropping scenarios

Sima Bahrani, Masoud Ghalaii, Carlo Liorni, Alexander Ling, Charles Lim, Rupesh Kumar, Timothy Spiller, Stefano Pirandola, Bruno Huttner, Norbert Lutkenhaus and Mohsen Razavi.

We consider several eavesdropping scenarios, relevant to satellite-based quantum key distribution, in which the eavesdropper, Eve, has only limited access to Alice and/or Bob stations. For instance, Eve can only receive an attenuated version of the transmitted signals. We show that in the case of the BB84 protocol with coherent pulses, this limitation on Eve would allow Alice to send signals with larger intensities, than the optimal value under an ideal Eve, without compromising the security of the protocol. This can result in higher key rates than what can be achieved when unrestricted eavesdropping is possible. The same result also holds for continuous-variable protocols.

Underwater Quantum Communication with Twisted Photons

Felix Hufnagel, Frédéric Bouchard, Alicia Sit, Florence Grenapin, Khabat Heshami, Duncan England, Yingwen Zhang, Gerd Leuchs and Ebrahim Karimi.

Quantum communication is the leading option in the future of secure communications. Since the first demonstration of quantum key distribution in 1984, there have been many demonstrations of practical communications systems both in fiber and in free space. However, there has not been any investigation into underwater quantum communications. We experimentally test the feasibility of performing underwater quantum communication using spatial modes through uncontrolled outdoor channels.

Urban free-space quantum cryptography with structured photons

Alicia Sit, Frédéric Bouchard, Robert Fickler, Khabat Heshami, Christoph Marquardt, Gerd Leuchs, Robert W. Boyd and Ebrahim Karimi.

Quantum key distribution allows for the theoretically secure transmission of information between two distant users. Implementing so-called high-dimensional protocols promise increases in the error tolerance and information capacity. Transmitting over free-space channels, however, is susceptible to environmental disturbances such as atmospheric turbulence. Here, we show the feasibility of implementing a 4-dimensional BB84 protocol in an urban environment using photons possessing both spin and orbital angular momentum.

Practical quantum tokens without quantum memories

Damian Pitalua Garcia and Adrian Kent.

We extend a quantum protocol of Kent’s S-money to a realistic experimental scenario that considers losses, errors, and other experimental imperfections. Bob (the bank) and Alice (the user, or acquirer) agree on spacetime regions Q_i, called presentation points, where the token can be presented, in exchange for a resource, for i\in\{0,1\}^M, and for some predetermined integer M>0. In the causal past of all the spacetime regions Q_i, for i\in\{0,1\}^M, Bob gives the token to Alice encoded in N quantum states, randomly chosen from a predetermined set. Alice measures the received states randomly along predetermined bases and reports to Bob the set of received quantum states. Alice’s token presented to Bob at a spacetime region Q_b consists in classical data obtained from her classical measurement outcomes. Thus, the scheme is advantageous over standard quantum money schemes because it does not need quantum state storage. The token scheme gives Alice the freedom to choose her presentation point Q_b after having performed the quantum measurements. Furthermore, the scheme satisfies instant validation: Bob can validate the token at a presentation point without needing further communication with distant agents. Thus, the scheme is very useful in applications where short time delays are problematic, for example, in applications where relativistic signalling constraints are important, like in high speed financial markets or in high speed networks. We show that for suitable values of the experimental parameters, the presented scheme satisfies, with unconditional security, the properties of unforgeability, i.e. Alice cannot have a token be validated by Bob at more than one presentation point, and future privacy, i.e. Bob cannot know the presentation point where Alice will present the token.

One-out-of-m spacetime-constrained oblivious transfer

Damian Pitalua Garcia.

In one-out-of-m spacetime-constrained oblivious transfer (SCOT), Alice and Bob agree on m pairwise spacelike separated output spacetime regions R_0, R_1, …, R_{m-1} in an agreed reference frame in a spacetime that is Minkowski, or close to Minkowski; Alice inputs a message x_i in the causal past of a spacetime point Q_i of R_i, for i =0, 1,…, m-1; Bob inputs a number b from the set {0,1,…,m-1} in the intersection of the causal pasts of Q_0, Q_1,…,Q_{m_1} and outputs x_b in R_b; Alice remains oblivious to b anywhere in spacetime; and Bob is unable to obtain x_i in R_i and x_j in R_j for any pair of diferent numbers i, j. We introduce unconditionally secure one-out-of-m SCOT protocols for arbitrary integers m greater than 1. We define the task of one-out-of-m distributed quantum access with classical memory (DQACM), which works as a subroutine to implement a class PCC of one-out-of-m SCOT protocols where distant agents only need to communicate classically. We present unconditionally secure one-out-of-m DQACM protocols and one-out-of-m SCOT protocols of the class PCC, for arbitrary integers m greater than 1. We discuss various generalizations of SCOT. In particular, we introduce a straightforward extension of SCOT to a k-out-of-m setting, and suggest protocols where distant agents only need to communicate classically, while we leave the investigation of their security as an open problem.

Oblivious-Transfer is harder than Bit-Commitment in realistic Measurement-Device Independent settings

Jeremy Ribeiro and Stephanie Wehner.

Among the most studied tasks in Quantum Cryptography one can find Bit Commitment (BC) and Oblivious Transfer (OT), two central cryptographic primitives. In this paper we propose for the first time protocols for these tasks in the measurement-device independent (MDI) settings and analyze their security. These security proofs even hold when the measurement-devices behave maliciously. We analyze two different cases: first we assume the parties have access to perfect single photon sources (but still in the presence of noise and losses), and second we assume that they only have imperfect single photon sources. In the first case we propose a protocol for both BC and OT and prove their security in the Noisy Quantum Storage model. Interestingly, in the case where honest parties do not have access to perfect single photon sources, we find that BC is still possible, but that it is “more difficult” to get a secure protocol for OT: We show that there is a whole class of protocols that cannot be secure. All our security analyses are done in the finite round regime. If our “impossibility” result is corroborated by similar or more general results, it will be the first time that we observe a separation between BC and OT, which is surprising considering that, when quantum communication is allowed, BC and OT are known to be equivalent.

S-money: virtual tokens for a relativistic economy

Adrian Kent.

We propose definitions and implementations of “S-money” – virtual tokens designed for high value fast transactions on networks with relativistic or other trusted signalling constraints, defined by inputs that in general are made at many network points, some or all of which may be space-like separated. We argue that one significant way of characterising types of money in space-time is via the “summoning” tasks they can solve: that is, how flexibly the money can be propagated to a desired space-time point in response to relevant information received at various space-time points. We show that S-money is more flexible than standard quantum or classical money in the sense that it can solve deterministic summoning tasks that they cannot. It requires the issuer and user to have networks of agents with classical data storage and communication, but no long term quantum state storage, and is feasible with current technology. User privacy can be incorporated by secure bit commitment and zero knowledge proof protocols. The level of privacy feasible in given scenarios depends on efficiency and composable security questions that remain to be systematically addressed.

Ping-pong authentication protocol for quantum key distribution

Evgeny Kiktenko, Aleksei Malyshev, Maxim Gavreev, Anton Bozhedarov, Nikolai Pozhar, Maxim Anufriyev and Aleksey Fedorov.

Quantum key distribution (QKD) enables unconditionally secure communication between distinct parties using a quantum channel and an authentic public channel. Reducing the portion of quantum-generated secret keys, that is consumed during the authentication procedure, is of significant importance for improving the performance of QKD systems. In the present work, we develop a lightweight authentication protocol for QKD based on a `ping-pong’ scheme of authenticity check for QKD.

An important feature of this scheme is that the only one authentication tag is generated and transmitted during each of the QKD post-processing rounds. For the tag generation purpose, we design an unconditionally secure procedure based on the concept of key recycling. The procedure is based on the combination of almost universal$_2$ polynomial hashing, XOR universal$_2$ Toeplitz hashing, and one-time pad (OTP) encryption. We also demonstrate how to minimize both the length of the recycled key and the size of the authentication key, that is required for OTP encryption. Finally, we provide a security analysis of the full key growing process in the framework of universally composable security.

The Art of Post-truth in Quantum Cryptography

Gilles Brassard, Norbert Lütkenhaus, Louis Salvail and Sara Zafar Jafarzadeh.

We define different levels and flavours of deniability in the context of Quantum Key Distribution (QKD) protocols and investigate the relations among them. We prove that QKD protocols based on discretizing quantum error correction codes are universal deniable and provide two examples of it. Furthermore, we introduce a class of QKD protocols that we call prepare-and-measure (which includes BB84) and prove that they are not deniable in any level or flavour. We provide illustrative examples. It can be argued that perfect deniability brings the art of post-truth to unprecedented heights!

An approach for security evaluation and certification of a complete quantum communication system

Shihan Sajeed, Poompong Chaiwongkhot, Anqi Huang, Vadim Makarov, Hao Qin, Vladimir Egorov, Artur Gleim, Anton Kozubov, Andrei Gaidash, Vladimir Chistiakov and Artur Vasiliev.

Although quantum communication systems are being developed and deployed on a global scale nowadays, hardly any security certification methodology exists. This is ironic since security is the main concern behind the shift from classical to quantum cryptography. In this work we have presented the first security evaluation and certification methodology of a complete quantum communication system. To do so, we have subdivided the complete system implementation into seven layers based on a hierarchical order of information flow and categorized the implementation imperfections based on the hardness of the solution. Our methodology requires an iterative interaction between the security evaluation team and the manufacturer to reach the desired level of security. As an example of this, we present the security evaluation results that we performed on the sub-carrier wave quantum key distribution system from ITMO University and Quantum Communications Ltd and the follow-up works. We believe that our security evaluation method will pave the way for future security audits of quantum communication system and be incorporated among the future standards.

New protocols in high-dimensional quantum key distribution with twisted photons

Frédéric Bouchard, Khabat Heshami, Alicia Sit, Felix Hufnagel, Robert Fickler, Duncan England and Ebrahim Karimi.

Quantum key distribution has become one of the most mature developments in the field of quantum information. On one hand, commercial systems are already available, and on the other hand, new quantum cryptographic protocols are still being proposed and investigated at the fundamental level. One class of quantum key distribution protocols that has attracted attention recently are known as high-dimensional protocols. These protocols hold promises in terms of information capacity and noise tolerance. Here, we experimentally investigated new high-dimensional protocols based on the well-established experimental platform known as twisted photons.

Finite-key analysis for differential phase encoded measurement-device-independent quantum key distribution

Shashank Ranu, Anil Prabhakar and Prabha Mandayam.

This paper presents a novel measurement-device-independent quantum key distribution (MDI-QKD) protocol based on phase encoding. Our protocol uses a differential-phase-shifted (DPS) keying scheme wherein a single photon is realized as a linear superposition of three orthogonal paths. We show that our DPS-MDI-QKD protocol maps to an entanglement-based scheme, thus leading to a finite-key analysis for the proposed scheme and establishing its security against general attacks.

General optimization of SPDC sources for quantum communication applications

Mikolaj Lasota, Karolina Sedziak-Kacprowicz and Piotr Kolenderski.

At present times many different quantum protocols are typically implemented utilizing photon sources based on spontaneous parametric down-conversion (SPDC) process. Therefore, formulating reliable guidelines for optimization of such sources for quantum communication applications can be seen as a very important task from the practical point of view. In this work we present on overview of the results obtained by our group during the investigation of this problem, published in a series of recent papers.

Semi-Device Independent Quantum Money

Karol Horodecki and Maciej Stankiewicz.

The seminal idea of quantum money not forgeable due to laws of Quantum Mechanics proposed by Stephen Wiesner, has laid foundations for the Quantum Information Theory in early ’70s. Recently, several other schemes for quantum currencies have been proposed, all however relying on the assumption that the mint does not cooperate with the counterfeiter. Drawing inspirations from the semi-device independent quantum key distribution protocol, we introduce the first scheme of quantum money with this assumption partially relaxed, along with the proof of its unforgeability. Significance of this protocol is supported by an impossibility result, which we prove, stating that there is no both fully device independent and secure money scheme. Finally, we formulate a quantum analogue of the Oresme-Copernicus-Gresham’s law of economy.

Secure Quantum Communication by Preserving an Optimal Measurement

Joonwoo Bae.

In the distribution of quantum states over a long distance for quantum communication tasks, states generally suffer from unwanted interactions with an environment. In practical realizations, the re-alignment of a measurement is needed according to how a state is transformed, as well as the methods of protecting of the states against an adversarial environment. We here present a protocol that preserves an optimal measurement for distinguishing quantum states over a quantum channel, without verifications of the channel or resulting states. The preservation protocol can also enhance optimal state discrimination, i.e., distinguishability is better protected. A proof-of-principle experimental demonstration of the preservation protocol is presented with the polarization encoding on photonic qubits. The enhancement of distinguishability is also demonstrated experimentally. We incorporate the preservation protocol to prepare-and-measure quantum key distribution, and show that a higher error rate can be tolerated, e.g., up to $20.7\%$ in the Bennett-Brassard 1984 protocol by using two-way classical communication.

Experimental time-reversed adaptive Bell measurement towards all-photonic quantum repeaters

Rikizo Ikuta, Yasushi Hasegawa, Nobuyuki Matsuda, Kiyoshi Tamaki, Hoi-Kwong Lo, Takashi Yamamoto, Koji Azuma and Nobuyuki Imoto.

An all-optical network is identified as a promising infrastructure for fast and energy-efficient communication. Recently, it has been shown that its quantum version based on ‘all-photonic quantum repeaters’ -inheriting, at least, the same advantages- expands its possibility to the quantum realm, that is, a global quantum internet with applications far beyond the conventional Internet. Here we report a proof-of-principle experiment for a key component for the all-photonic repeaters – called all-photonic time-reversed adaptive (TRA) Bell measurement, with a proposal for the implementation. In particular, our TRA measurement – based only on optical devices without any quantum memories and any quantum error correction – passively but selectively performs the Bell measurement only on single photons that have successfully survived their lossy travel over optical channels. In fact, our experiment shows that only the survived single-photon state is faithfully teleported without the disturbance from the other lost photons, as the theory predicts.

High-Dimensional Quantum Communication Complexity beyond Strategies Based on Bell’s Theorem

Daniel Martínez, Armin Tavakoli, Mauricio Casanova, Gustavo Cañas, Breno Marques and Gustavo Lima.

Quantum resources can improve communication complexity problems (CCPs) beyond their classical constraints. One quantum approach is to share entanglement and create correlations violating a Bell inequality, which can then assist classical communication. A second approach is to resort solely to the preparation, transmission and measurement of a single quantum system; in other words quantum communication. Here, we show the advantages of the latter over the former in high-dimensional Hilbert space. We focus on a family of CCPs, based on facet Bell inequalities, study the advantage of high-dimensional quantum communication, and realise such quantum communication strategies using up to ten-dimensional systems. The experiment demonstrates, for growing dimension, an increasing advantage over quantum strategies based on Bell inequality violation. For sufficiently high dimensions, quantum communication also surpasses the limitations of the post-quantum Bell correlations obeying only locality in the macroscopic limit. We find that the advantages are tied to the use of measurements that are not rank-one projective, and provide an experimental semi-device-independent falsification of such measurements in Hilbert space dimension six.

Quantum Sampling and Entropic Uncertainty, with Applications

Walter Krawec.

In this abstract, we show how the technique of quantum sampling, originally derived by Bouman and Fehr in 2010, has several interesting applications in quantum information science. In particular, we use quantum sampling to derive a novel entropic uncertainty relation, based on smooth min-entropy, for non-i.i.d. states. We then use this to provide an alternative proof of the famous Maassen and Uffink entropic uncertainty relation. We also show a cryptographic application for quantum random number generators (QRNG)

Resource-efficient verification of quantum computing using Serfling's bound

Yuki Takeuchi, Atul Mantri, Tomoyuki Morimae, Akihiro Mizutani and Joseph Fitzsimons.

Verifying quantum states is central to certifying the correct operation of various quantum information processing tasks. In particular, in measurement-based quantum computing, checking whether correct graph states are generated is essential for reliable quantum computing. Several verification protocols for graph states have been proposed, but none of these are particularly resource efficient: multiple copies are required to extract a single state that is guaranteed to be close to the ideal one. The best protocol currently known requires $O(n^{15})$ copies of the state, where $n$ is the size of the graph state. In this presentation, we construct a significantly more resource-efficient verification protocol for graph states that only requires $O(n^5\log{n})$ copies. The key idea is to employ Serfling’s bound, which is a probability inequality in classical statistics. Utilizing Serfling’s bound also enables us to generalize our protocol for qudit and continuous-variable graph states. Constructing a resource-efficient verification protocol for them is non-trivial. For example, the previous verification protocols for qubit graph states that use the quantum de Finetti theorem cannot be generalized to qudit and continuous-variable graph states without tremendously increasing the resource overhead. This is because the overhead caused by the quantum de Finetti theorem depends on the local dimension. On the other hand, in our protocol, the resource overhead is independent of the local dimension, and therefore generalizing to qudit or continuous-variable graph states does not increase the overhead. The flexibility of Serfling’s bound also makes our protocol robust: our protocol accepts slightly noisy but still useful graph states.

Advantage distillation for device-independent quantum key distribution

Ernest Y.-Z. Tan, Charles C.-W. Lim and Renato Renner.

We derive a sufficient condition for advantage distillation to be secure against collective attacks in device-independent quantum key distribution (DIQKD), focusing on the repetition-code protocol. In addition, we describe a semidefinite programming method to check whether this condition holds for any probability distribution obtained in a DIQKD protocol. Applying our method to various probability distributions, we find that advantage distillation is possible up to depolarising-noise values of $q = 9.1\%$ or limited detector efficiencies of $\eta = 89.1\%$ in a 2-input 2-output scenario. This exceeds the noise thresholds of $q = 7.1\%$ or $\eta = 90.9\%$ respectively for DIQKD with one-way error correction using the CHSH inequality, thereby showing that it is possible to distill secret key beyond those thresholds.

Remote blind state preparation with weak coherent pulses in field

Yangfan Jiang, Kejin Wei, Liang Huang, Ke Xu, Qichao Sun, Yuzhe Zhang, Weijun Zhang, Hao Li, Lixing You, Zhen Wang, Hoi-Kwong Lo, Feihu Xu, Qiang Zhang and Jianwei Pan.

Quantum computing has seen tremendous progress in the past years. Due to the implementation complexity and cost, the future path of quantum computation is strongly believed to delegate computational tasks to powerful quantum servers on cloud. Universal blind quantum computing (UBQC) provides the protocol for the secure delegation of arbitrary quantum computations, and it has received significant attention. However, a great challenge in UBQC is how to transmit quantum state over long distance securely and reliably. Here, we solve this challenge by proposing and demonstrating a resource-efficient remote blind qubit preparation (RBQP) protocol with weak coherent pulses for the client to produce, using a compact and low-cost laser. We demonstrate the protocol in field, experimentally verifying the protocol over 100-km fiber. Our experiment uses a quantum teleportation setup in telecom wavelength and generates 1000 secure qubits with an average fidelity of (86.9 ± 1.5)%, which exceeds the quantum no-cloning fidelity of equatorial qubit states. The results prove the feasibility of UBQC over long distances, and thus serving as a key milestone towards secure cloud quantum computing.

An adaptive framework for quantum-secure device-independent randomness expansion

Peter Brown, Sammy Ragy and Roger Colbeck.

Device-independent randomness expansion protocols offer the ability to expand an initial random string without relying on details of how the devices work for security. A large amount of work to date has centered around a particular protocol based on spot-checking the devices using the CHSH inequality. Here we go beyond this, by combining semidefinite programming techniques with the recently strengthened entropy accumulation theorem we give a general framework for constructing randomness expansion protocols that are secure against quantum adversaries. Our construction provides a highly flexible template protocol with easily calculable randomness expansion rates that can be fine-tuned to the requirements of a user. We apply the framework to several protocols based on different tests of nonlocality (including ones incorporating multiple tests simultaneously), comparing their respective randomness expansion rates and demonstrating a robust and quantum-secure method for generating up to two-bits of randomness per entangled qubit pair.

Afterpulse Analysis for Quantum Key Distribution

Yuanguanjie Fan, Chao Wang, Shuang Wang, Zhen-Qiang Yin, He Liu, Wei Chen, De-Yong He, Zheng-Fu Han and Guangcan Guo.

The afterpulse effect is an intrinsic characteristic of the single-photon avalanche photodiode that has been widely used in quantum key distribution (QKD). As QKD systems move into the gigahertz regime, the afterpulse effect is no longer ignorable, which will lead to a great deviation compared with the existing analytical model. Here we develop an analytical model to make QKD systems more afterpulse compatible. In addition, we obtain the secure key rate for our model with the analysis of statistical fluctuation using Hoeffding’s inequality and Azuma’s inequality. Our results show that the optimized parameters of the afterpulse-compatible model can provide a much higher key rate than the optimized parameters of the previous afterpulse-omitted model in the same situation.

Practical quantum digital signature with a gigahertz BB84 quantum key distribution system

Xue-Bi An.

Quantum digital signature (QDS) can guarantee message integrity and non-repudiation with information-theoretical security, and it has attracted more attention recently. Since proposed by Andersson et al. [Phys. Rev. A 93, 032325(2016)], a quantum digital signature protocol using an insecure channel has been realized with several different quantum key distribution (QKD) systems. Here we report an experimental QDS based on a BB84 QKD system. An asymmetric Faraday–Sagnac–Michelson interferometer structure has been designed in our system, which is intrinsically stable against channel disturbance. The innovatory structure supports the system to work at high speed and, in practice, the repetition rate is in gigahertz. A 0.044 bit/s signature rate has been attained with a 25 dB channel loss composed of a 25 km installed fiber with additional optical attenuation in a 10^−10 security level. Thus, our QDS device is stable and highly efficient. Our work provides a further step for the practical application of QDS. This work has been published in Jan. 2019 [Opt. lett. 44, 139-142(2019)].

On the obfuscatability of quantum point functions

Tao Shang, Ranyiliu Chen and Jianwei Liu.

The goal of this work is to provide a positive result of quantum obfuscation. Point functions have been widely discussed in classical obfuscation theory but yet not formally defined in the quantum setting. To analyze the obfuscatability of quantum point functions, we start with preliminaries on quantum obfuscation, giving out the oracle-implementable relationship of two quantum circuit families and some obfuscations of combined quantum circuits. Then we present the strict definition of a quantum point function and discuss its variants of multiple points and multiple qubits. Under the quantum-accessible random oracle model, we obtain the obfuscatability of quantum point function families by means of reduction. Finally, we discuss the application of quantum obfuscation in quantum zero-knowledge. As a start of study on quantum point functions, our work will be inspiring in the future development of quantum obfuscation theory.

Simple source device independent continuous variable quantum random number generator

Davide G. Marangon, Peter Raymond Smith, Marco Lucamarini, Zhiliang Yuan and Andrew Shield.

Phase randomized optical homodyne detection is a well known technique for performing quantum state tomography.

So far, it has been mainly considered a sophisticated tool for laboratory experiments but unsuitable for practical applications.

In this work, we change the perspective and employ this technique to set up a novel practical continuous-variable quantum random number generator.

We exploit a phase-randomized local oscillator realized with a gain-switched laser to bound the min-entropy and extract true randomness from a completely uncharacterized input, potentially controlled by a malicious adversary.

In so doing, we achieve an equivalent rate of 270 Mbit/s.

In contrast to other source-device-independent quantum random number generators, the one presented herein does not require additional active optical components, thus representing a viable solution for future compact, modulator-free, certified generators of randomness.

Estimation of side channels in QKD via second-order interference

Alexander Duplinskiy and Denis Sych.

Side-channel information leakage in a quantum key distribution system increases the eavesdropper’s knowledge about the secret key and therefore needs to be taken into consideration. The quantitative difference between the emitted optical pulses, however, is difficult to obtain. To date, the estimations are based on the individual measurements on a few degrees of freedom, such as spatial, temporal, and spectral distributions. Such approach does not guarantee the security of the source, as information about the key can be leaked out through uncharacterized mode parameters. Here we introduce a method for the integral side-channel impact evaluation. The method is based on the visibility measurement of Hong-Ou-Mandel interference between phase-randomized weak coherent pulses. The visibility allows to quantify distinguishability of optical pulses with respect to all possible degrees of freedom simultaneously. We note that side-channel information leakage can lead to two different effects on the BB84 decoy-state protocol: bases distinguishability and distinguishability between signal and decoy states. We show how these effects can be upper bounded using the results of the interference experiments. As a result, we calculate the key generation rate depending on the obtained visibility.

A simple security proof for continuous variable quantum Quantum Key distribution with intensity fluctuating source

Chenyang Li and Hoi-Kwong Lo.

Quantum Key Distribution (QKD) in principle offers unconditional security based on the laws of physics. Continuous variable (CV) quantum key distribution has the potential for high-key-rate and low-cost implementations using standard telecom components. Despite tremendous theoretical and experimental progress in continuous variable quantum key distribution, the security has not been rigorously established for most current continuous variable quantum key distribution systems that have imperfections. Among the imperfections, intensity fluctuation is a significant principal problem affecting security. In this paper, we provide a simple security proof for continuous variable quantum key distribution system with an intensity fluctuating source. Specifically, depending on the participants’ knowledge of intensity fluctuations, the imperfect systems are divided into four cases for security proofs. Our proof is simple to implement without any hardware adjustment for the current continuous variable quantum key distribution system.

Generation of polarization-entangled photon-pairs in Sagnac interferometer with polarization maintaining fiber

Youn Seok Lee, Mengyu Xie, Ramy Tannous and Thomas Jennewein.

Quantum communication is mostly implemented over two categories of channels: optical fiber and free-space, whose optimal wavelengths are in the near-infrared and visible, respectively. We present polarization-entangled photon-pair source by Sagnac interferometer with commercially available polarization maintaining fibers (PMFs), which may be applicable for the link between optical fiber and free-space channels. Photon-pairs are produced from the PMF at the wavelength of 764 nm and 1221 nm with a bandwidth of 2 nm via type-I spontaneous four-wave mixing (SFWM) process through birefringent phase-matching under pulsed-pump at the wavelength of 940 nm. By twisting the fiber by 90 degree in Sagnac interferometer, two SFWM processes of producing orthogonally polarized photon-pairs are superposed, thereby generating polarization-entangled state, as shown in Figure 1. The Phase-matching condition, spectral bandwidth, pair generation rate, as well as Raman noise are theoretically investigated for given chromatic dispersions of three different commercial PMFs, and experimentally confirmed for one PMF.

Experimental feasibility of 6-4 State Reference Frame Independent channel for Quantum Key Distribution

Ramy Tannous, Zhangdong Ye, Jeongwan Jin, Katanya Kuntz, Norbert Lutkenhaus and Thomas Jennewein.

We present results from a proof-of-concept experiment that demonstrates a novel reference frame independent quantum key distribution protocol using polarization entangled photons. Our protocol entails performing a 4-state measurement rather than a tomographically complete 6-state measurement at one of the receivers. We demonstrate the feasibility of this protocol by showing it to be resistant to any slow varying birefringent phases incurred in polarization maintaining fibers. Despite the reduced measurement, we observe an average quantum bit error ratio of 3.3%, indicating that the protocol is suitable for quantum key distribution.

Asymptotic security of continuous-variable quantum key distribution with a discrete modulation

Shouvik Ghorai, Philippe Grangier, Eleni Diamanti and Anthony Leverrier.

We establish a lower bound on the asymptotic secret key rate of continuous-variable quantum key distribution with a discrete modulation of coherent states. The bound is valid against collective attacks and is obtained by formulating the problem as a semidefinite program. We illustrate our general approach with the quadrature phase-shift keying (QPSK) modulation scheme and show that distances over 100 km are achievable for realistic values of noise. We also discuss the application to more complex quadrature amplitude modulations (QAM) schemes. This work is a major step towards establishing the full security of continuous-variable protocols with a discrete modulation in the finite-size regime and opens the way to large-scale deployment of these protocols for quantum key distribution.

Improvement of continuous variable quantum key distribution system using cascaded parametric amplifier

Yupeng Gong, Rupesh Kumar, Adrian Wonfor, Peter Vasil’Ev, Richard Penty and Ian White.

Continuous variable quantum key distribution (CVQKD) has attracted much research interest owing to the merit of being compatible with telecom components and its high tolerance to noise. Research has proposed and demonstrated ways in which to increase the secure distance and key rate by controlling the excess noise [1], employing efficient post-processing methods [2], and utilizing optical amplifiers [3]. However, classical optical amplifiers, including both phase sensitive and phase insensitive versions, are believed only to be able to act as the optical preamplifier compensating for non-ideal practical coherent detectors. This is because classical optical amplifiers have a non-zero noise figure which will degrade the CVQKD performance if used in the channel.

However, in this poster, we explore use cascaded non-degenerate parametric amplification to effectively increase the SNR of the CVQKD signal and hence improve the performance of the system. We encode quantum information on one mode of the correlated quantum field and show that, even after transmission, the signal port SNR can be effectively improved after the second stage of amplification. The correlated quantum filed can be seen as a noise reference. In addition, by choosing the right gain relationship between the two parametric amplifiers, we can have the output excess noise effectively reduced and hence improve the performance.

Building UKQNtel - creating a practical, commercially viable Quantum Network.

Joseph Pearse, Adrian Wonfor, Arash Bahrami, Gordon Duan, Catherine White, Richard V Penty, Andrew Lord and Timothy Spiller.

Since the advent of Quantum Key Distribution our ability to communicate securely has advanced significantly, but the technology is only recently becoming commercially viable. The transition from pure lab based QKD links to practical systems, co-existing with multiple classical channels, should be as seamless as possible, but the majority of QKD implementations today use research equipment, making adoption of QKD technology inaccessible to commercial end users.

This work focuses on a practical implementation of QKD, using the equipment and environment corresponding to a real-word telecoms network. To achieve this a trusted node network, UKQNtel, has been developed, spanning over 120 km of fibre. It connects academic and industry partners in Cambridge and Ipswich with 3 intermediate trusted nodes in-between; and is capable of securing communications with data rates of 500 Gb/s over a single fibre in each direction. At Cambridge it connects to the Cambridge Quantum Network, part of the wider UK Quantum Network (UKQN), enabling interaction across to the Bristol Quantum Network. Thus the UKQNtel forms a key part of the UK-wide UKQN.

The UKQNtel uses entirely off-the-shelf commercial equipment, with QKD systems which employ the loss tolerant COW[1,2,3] protocol, in parallel with five 100Gb/s polarisation multiplexed QPSK classical channels. The fibre infrastructure has not been specially selected, and thus exhibits the defects and losses associated with a real world fibre network.

Data from 5x100G line cards are multiplexed onto the same fibre as the COW quantum channel, alongside the classical supervisory channels supporting the network. In order to minimise interaction between the quantum and classical channels the classical channels are placed in the C-band, with the quantum channel given a wavelength of 1310 nm, where the magnitude of anti-Stokes scattering from the classical channels is low. To further decrease interactions, the classical traffic is launched at relatively modest powers for telecommunications, with these powers being amplified at EDFAs in each trusted node within the network.

Long term operation of the UKQNtel has been achieved with QBERs in the range of 1.8 to 3.3% and end-to-end secure key rates of at least 750 bits/s in the presence of the classical traffic. Detailed results on the UKQNtel performance will be presented at the conference.

This work was supported by the UK EPSRC Quantum Technology Hub for Quantum Communications Technologies projects EP/N015207/1 and EP/M013472/1.

[1] D. Stucki, N. Brunner, N. Gisin et al, ‘Fast and simple one-way quantum key distribution’, Appl. Phys. Lett., vol. 87, no. 19, p. 194108, Nov. 2005.

[2] D. Stucki, S. Fasel, N. Gisin et al, ‘Coherent one-way quantum key distribution’, in Photon Counting Applications, Quantum Optics, and Quantum Cryptography, 2007, vol. 6583, p. 65830L.

[3] ‘Clavis3 QKD Platform – ID Quantique’. https://www.idquantique.com/single-photon-systems/products/clavis3-qkd-platform/ , accessed 16 June 2019.

Semi-device-independent quantum money with coherent states

Mathieu Bozzio, Eleni Diamanti and Frédéric Grosshans.

Wiesner’s unforgeable quantum money scheme is widely celebrated as the first quantum information application. Based on the no-cloning property of quantum mechanics, this scheme allows for the creation of credit cards used in authenticated transactions offering security guarantees impossible to achieve by classical means.

A quantum credit card scheme consists of a mint, who prepares a quantum state and hands it to a client. The client stores the state in a quantum memory until she wants to make a payment. When a transaction must occur, the client hands the quantum state to a merchant, whose payment terminal performs local measurements and sends a string of classical data to a distant bank for verification. Based on this classical data, the bank verifies whether the credit card state does originate from the honest mint, and whether it is likely that is has been counterfeited or not.

Recently, experimental interest in quantum money has grown, with demonstration of forgery of quantum banknotes [1] and implementation of weak coherent state- based quantum credit card schemes, secure in a trusted terminal scenario [2, 3], in the prospect of near-future implementations with a quantum memory. These require new security proofs tackling the optimal cloning of coherent states, differing from qubit-based quantum money and also quantum key distribution proofs.

To our knowledge, no practical security proof has ever been established in an untrusted terminal setting: i.e. the bank does not trust the distant terminal’s quantum measurements and classical data. In this work, we derive a quantum money security proof which incorporates semi-device-independence to deal with both trusted and untrusted payment terminals in the presence of experimental imperfections. Our analysis uses semidefinite programming in the coherent state framework and aims at simultaneously optimizing over the noise and losses introduced by a dishonest party.

We assume no bound on the dimensions of the quantum states, and we show numerically that the adversary does not gain any advantage in performing a correlated attack on the n states stored in the credit card. We discuss secure regimes of operation in both fixed and randomized phase settings, taking into account experimental imperfections. We note the existence of independent work in [4] which also studies semi-device-independent quantum money in the case where the mint is untrusted, without our focus on realistic implementation.

Finally, we study the evolution of protocol security in the presence of a decohering optical quantum memory and identify secure credit card lifetimes for a specific configuration.

A full-length version of this work can be found in [5].

[1] K. Bartkiewicz, A. Cernoch, G. Chimczak, K. Lemr, A. ˇ Miranowicz, and F. Nori, npj Quantum Inf. 3, 7 (2017).

[2] M. Bozzio, A. Orieux, L. T. Vidarte, I. Zaquine, I. Kerenidis, and E. Diamanti, npj Quantum Inf. 4, 5 (2018).

[3] J.-Y. Guan, J.-M. Arrazola, R. Amiri, W. Zhang, H. Li, L. You, Z. Wang, Q. Zhang, and J.-W. Pan, Phys. Rev. A 97, 032338 (2018).

[4] K. Horodecki and M. Stankiewicz, (2018), arXiv:1811.10552.

[5] M. Bozzio, E. Diamanti, and F. Grosshans, Phys. Rev. A 99, 022336 (2019).

OpenQKD – (A proposal for) A European Quantum Key Distribution Testbed

Hannes Hübel, Christoph Pacher, Fabian Laudenbach, Christian Monyk, Martin Stierle and Helmut Leopold.

In November 2018 a consortium of 38 partners led by the AIT Austrian Institute of Technology has submitted a detailed proposal named “OpenQKD” to setup a European QKD testbed during the next three years to the European Commission.

This project proposal has been ranked #1 and is currently under negotiation with the EC. We are confident that the Grant Agreement with the EC will have been signed at the very latest at the start of QCrypt 2019 and that we can present details of this initiative.

Semideﬁnite programming for MDI QKD security analysis employing mixed initial states

J. Eli Bourassa, William Primaatmaja, Emilien Lavie, Koon Tong Goh, Charles Lim and Hoi-Kwong Lo.

In [1], the authors develop a semideﬁnite programming framework for key rate analysis of MDI QKD protocols employing pure initial states. Brieﬂy, the security analysis from [1] involves constructing a Gram matrix (matrix of vector inner products) corresponding to the vectors representing Eve’s side information. As Gram matrices are positive semideﬁnite, and since Eve’s Gram matrix can be linearly constrained using a) the inner products of the pure initial states, b) the detection probabilities, and c) the bit errors, the analysis lends naturally to a semideﬁnite program for estimating the worst case phase error rate consistent with the constraints.

In this poster, we generalize the formalism to include mixed initial states. We consider protocols where one has a trusted-but-noisy source which does not produce pure states, and we assume Eve does not hold the puriﬁcation of the source. A framework for mixed states is required for treating preparation noise in any realistic model of a protocol, and for treating protocols that purposefully employ mixed states (e.g. decoy states).

We will present one approach for generalizing the framework from [1] which involves considering a virtual protocol in which Eve is provided puriﬁcations of the mixed initial states; however, we have freedom to choose the puriﬁcations Eve receives. With such a puriﬁcation we can directly apply the formalism from [1], but with updated expressions for bit errors and detection probabilities based on the noisiness of the states.

The main task in considering the virtual protocol is determining which puriﬁcation to provide Eve. We show that in the case of MDI QKD protocols in which Alice and Bob each only use two initial states, such as the MDI B92 protocol [2], an optimal choice of puriﬁcation is provided by the ﬁdelities between the initial states. Drawing intuition from [3], we additionally show that the same puriﬁcation technique based on ﬁdelities provides far from optimal key rates when considering protocols with more than two states. We provide a better, but sub-optimal, puriﬁcation that is notably appropriate for treating preparation noise that is independent of the target state one is trying to prepare.

For a concrete example of a protocol employing mixed states, we consider the many-basis phase-encoding MDI QKD protocol [4], and provide a realistic model for inclusion of phase and amplitude noise in the preparation of states.

References

[1] I. W. Primaatmaja, E. Lavie, K. T. Goh, C. Wang, and C. C. W. Lim, “Almost-tight and versatile security analysis of measurement-device-independent quantum key distribution,” arXiv preprint arXiv:1901.01942, 2019.

[2] A. Ferenczi, “Security proof methods for quantum key distribution protocols,” 2013.

[3] R. Jozsa and J. Schlienz, “Distinguishability of states and von neumann entropy,” Phys. Rev. A, vol. 62, p. 012301, Jun 2000.

[4] K. Tamaki, H.-K. Lo, C.-H. F. Fung, and B. Qi, “Phase encoding schemes for measurement-device-independent quantum key distribution with basis-dependent ﬂaw,” Phys. Rev. A, vol. 85, p. 042307, Apr 2012.

Field trials of quantum key distribution over a metropolitan fiber network

Peiyu Zhang.

Quantum key distribution (QKD) based on the laws of quantum mechanics can offer information-theoretic security. An important step in the real-world application of QKD is the deployment of field tests over commercial fibers. Here we deploy QKD over Nanjing University fiber network using three important QKD protocols- Coherent One Way (COW), three-state time-bin and BB84 -with performance comparable to the state-of-the-art. With these field tests of our QKD system, we have extended a higher security key rate per pulse over installed commercial fiber network with an optimized scheme in real-time feedback control. The weak coherent tomography of the system is also carried out to characterize the network, which is particularly useful for analyzing the performance of quantum communication and quantum cryptography.

Quantum ICT deployment on 5G Commercial Network

Min Hyung Kim and Chulhwan Hwang.

In 2019, the world’s first 5G Commercial Network began operation in Korea. 5G is expected to distribute information seamlessly regardless of wired and wireless, and protection of the circulated information becomes more important issue. SK Telecom applied quantum ICT technology in 5G network by using IDQ technology and explained what each one means.

Application of QKD system in the construction of encrypted backhaul and backbone network, application of QKD Trusted Repeater for long distance backhunnel and backbone network.

Challenges in high-speed quantum key distribution

Alberto Boaron, Davide Rusca, Gianluca Boso, Raphael Houlmann, Fadri Grünenfelder, Cédric Vulliez, Misael Caloz, Matthieu Perrenoud, Gaetan Gras, Claire Autebert, Félix Bussières, Anthony Martin and Hugo Zbinden.

We use a 2.5 GHz clocked QKD system to perform high-speed QKD.

Quantum steering using optical hybrid continuous- and discrete-variable entanglement

Adrien Cavaillès, Hanna Le Jeannic, Jeremy Raskop, Tom Darras, Giovanni

Guccione, Damian Markham, Eleni Diamanti and Julien Laurat.

Optical hybrid quantum information processing joins the traditionaly separated discrete- (DV) and continuous-variable (CV) tools and concepts. In this approach, DV states, such as single photons, and CV states, for example Schrödinger cat states |cat±> = |α> ± |−α>, are used in conjunction to exploit the benefits of both encodings. We report on the use of hybrid entanglement of light to demonstrate quantum steering of a CV system through local measurements on a DV node. This represents a stepping stone towards the realization of secure one-sided device independent protocols (1SDI) involving parties using disparate encodings.

Bounding the information leakage in quantum hacking using photon statistics

Gaëtan Gras, Davide Rusca, Hugo Zbinden and Félix Bussières.

Quantum key distribution offers a theoretically secure way to communicate between two distant parties, Alice and Bob. Unfortunately, imperfections might opens loopholes that can be exploited by an eavesdroppper, Eve. Countermeasures can be implemented in order to close these loopholes. In this poster, we propose a countermeasure to detector control attacks. This countermeasures allows us to bound the information leaked using only the statistics measured by Bob.

The CHSH inequality for a single qutrit

Don Jean Baptiste Anoman, François Arnault and Simone Naldi.

We show how to achieve the CHSH-2 violation with qutrit using relationships between the biphotonics qubits and qutrits.

Quantum key distribution over quantum repeaters with repetition codes

Yumang Jing, Daniel Leal and Mohsen Razavi.

In this work, we study the performance of a quantum key distribution (QKD) system that is run over a quantum repeater with three and five-qubit repetition codes by accounting for various sources of error in the setup. We employ a novel hybrid numerical-analytic approach, which relies on linearity of the quantum states and quantum circuits, and the transversality of the code employed to minimize the required approximations in the analysis. This will enable us to obtain a more accurate picture of the requirements of such systems in practice, and whether, any simplified version of them, can realistically be built with current technologies. With the final entangled state being calculated, we can then assess the dependence of secret key generation rate in our QKD system on relevant error parameters. Furthermore, we find the repeater rate, i.e., the number of entangled links generated between Alice and Bob per second per memory, in the case of nitrogen-vacancy centers in diamond (NV-centers). We calculate the optimal normalized secret key rate as a function of the total distance between Alice and Bob in the absence and presence of multiplexing case.

Developing Characterisation Measurements for Quantum Key Distribution

Sophie Albosh.

DEVICE CHARACTERISATION

The security of a quantum key distribution (QKD) protocol is ensured through a theoretical security proof, where this proof is based on the laws of physics and a model of the physical system. Deviations between the model of the system and the physical implementation are known as side-channels and can be exploited by an eavesdropper in an attempt to tracelessly gain information about the key. To avoid this, the physical QKD system must be fully characterised, so that an accurate and comprehensive model of the setup can be generated [1]. The phase of light is widely used in QKD protocols, both as an encoding parameter and as a security measure [2–4]. The phase of the light emitted from a QKD transmitter should meet the requirements of the security proof and the specification of the system model and therefore must be characterised.

PHASE MEASUREMENTS

There are many ways in which to characterise the phases sent by a QKD transmitter; the least intrusive is to perform phase measurements on the light emitted from the device. This method requires basic timing and control signals from the transmitter, but otherwise treats the hardware as a ‘black box’, removing any need to dismantle or interfere with the device. The light emitted from QKD transmitters is usually in the form of a highly attenuated laser pulse train. Therefore, phase measurements must be made at the single-photon level, where successive pulses are interfered using an asymmetric Mach-Zehnder interferometer (AMZI). During a measurement, the optical path length (OPL) difference within the interferometer must be precisely controlled to achieve accurate phase measurements.

INTERFEROMETER STABILITY

Presented here is a data set taken from an AMZI formed out of polarization maintaining optical fibre, with an OPL difference between the arms of 0.2 m. The OPL difference within an interferometer is susceptible to temperature fluctuations due to the thermo-optic effect and the thermal expansion of the waveguide. It is therefore important to temperature control the AMZI during a measurement.

The interferometer is actively temperature controlled using a heater circuit and a PID controller chip and the change in the OPL difference between the two arms of the AMZI is assessed using a frequency-stable CW laser (1561 nm). The results from one of the interferometer outputs is shown in the figure included in the supplementary material, where over a 2-hour period the temperature was maintained to within 0.004 ◦C and the OPL difference was stable to within 16 nm (1.02 % of the wavelength). Achieving this level of stability is key to the precision and accuracy of the results, as any changes in the OPL difference can be mistaken for changes in the phase of the input laser pulses being measured.

These results are one aspect of ongoing work towards high precision phase measurements for the purpose of QKD transmitter characterisation. The performance of the instrumentation and further developments will be presented.

[1] M. Lucamarini et al., Implementation Security of Quantum Cryptography Introduction, challenges, solutions, ETSI, White Paper No. 27, 2018.

[2] C.H. Bennett and G. Brassard, Quantum Cryptography: Public Key Distribution and Coin Tossing, Proceedings of IEEE International Conference on Computers, Systems and
Signal Processing, 1:175–179, 1984.

[3] D. Stucki, N. Brunner, N. Gisin, V. Scarani, and H. Zbinden. Fast and simple one-way quantum key distribution. Appl. Phys. Lett., 87:194108, 2005.

[4] K. Inoue, E. Waks, and Y. Yamamoto. Differential Phase Shift Quantum Key Distribution. Phys. Rev. Lett., 89(3):37902, 2002.

Coincidence Detection Quantum Key Distribution Protocol

Ayan Biswas, Anindya Banerji, Nijil Lal C.K. and Ravindra P. Singh.

In this article, we introduce a novel quantum key distribution protocol, coincidence detection quantum key distribution protocol. In this, we utilize the inherent Poissonian nature of weak coherent pulses to achieve a secure rate over a longer distance as compared to standard decoy state quantum key distribution and also can track the presence of Eve from the multiphoton(mainly consisting of two photons) pulses. We show that, using this method the key rate can also be increased as some of the multi-photon pulses can also contribute to the final key.

Algorithmic Approach to Design Highly Efficient MET-LDPC Codes with Cascade Structure

Hossein Mani, Tobias Gehring, Christoph Pacher and Ulrik Lund Andersen.

Error reconciliation is one of the most challenging parts in continuous-variable quantum key distribution (CVQKD) over long distances because it requires highly efficient error correction codes with low rate. State-of-the-art for low rate codes are so-called Multi-Edge-Type Low-Density Parity-Check (MET-LDPC) codes. The METLDPC

codes are a generalization of the concept of irregular LDPC codes (single-edge-type LDPC (SET-LDPC)).

Designing highly efficient low rate MET-LDPC codes is always a challenging and complicated problem. In this paper, we propose a new algorithmic approach for designing MET-LDPC codes. We exploit the advantages of the cascade structure for MET-LDPC codes and introduce an optimization process to design highly efficient codes.

POGNAC: an all-fiber self-compensating polarization modulator for QKD

Costantino Agnesi, Marco Avesani, Andrea Stanco, Paolo Villoresi and Giuseppe Vallone.

Quantum key distribution (QKD) allows distant parties to exchange cryptographic keys with unconditional security by encoding information on the degrees of freedom of photons. Polarization encoding has been extensively used for QKD along free-space, optical fiber, and satellite links. However, the polarization encoders used in such implementations are unstable, expensive, and complex and can even exhibit side channels that undermine the security of the protocol. In our recent work we propose and test a new polarization encoder: the POGNAC (for POlarization SaGNAC). The POGNAC combines a simple design and high stability reaching an low intrinsic quantum bit error rate. Since realization is possible from the 800 to the 1550 nm band using commercial off-the-shelf devices, our polarization modulator is a promising solution for free-space, fiber, and satellite-based QKD.

Improvement of unidimensional continuous-variable quantum key distribution by using heralded hybrid amplifier

Kunlin Zhou, Ying Guo and Liao Qin.

We propose an improved scheme for unidimensional continuous-variable quantum key distribution (UCVQKD) using heralded hybrid linear amplifier, aiming to simplify the implementation and improve secret key rate. Compared with symmetrical continuous-variable quantum key distribution protocol (CVQKD), our scheme only modulates one quadrature of the coherent state with security ensuring. Furthermore, the heralded hybrid linear amplifier concatenates a deterministic linear amplifier (DLA) and a noiseless linear amplifier (NLA), which can tune between the high-gain or high noise-reduction. Due to two linear amplifiers are concatenated as a hybrid amplifier, the gain value of each amplifier is individually adjustable, therefore, we should find out some optimal reasonable range for gain value of NLA and DLA to maximize the performance of our proposed scheme. Thus, our simulation result shows that when the gain value of DLA should less-than 3.1, the performance of noise-reduce will prominent increase. Furthermore, when adopting homodyne measurement, the optimal gain range for two amplifiers are 2≤gNLA≤3.5 and 1≤gDLA≤2, while adopting heterodyne measurement, the optimal gain range for two amplifiers are 2≤gNLA≤4 and 1≤gDLA≤2. Security analysis shows that the proposed scheme can be secured under the collective attacks. Compared with traditional UCVQKD using noiseless amplifier, the security transmission distance of proposed protocol is increased by 24 kilometers. Moreover, our scheme not only simplifies the modulation process but also has approximate performance with symmetrical CVQKD in terms of maximal security transmission distance.

Practical Quantum Key Distribution with Geometrically Uniform States

Konstantin Kravtsov and Sergei Molotkov.

It is well-known that weak coherent pulses-based implementation of the plain BB84 is insecure starting with quite moderate loss levels, while better alternatives were developed as early as 2004. The goal of the current paper is to extend the best solution from that time and combine it with the now conventional decoy state technique. The resulting QKD protocol is secure not only due to the employed decoy states, but is also immune to attacks due to its superior inner structure.

Implementation of a polarization-based BB84 protocol at 5~GHz repetition rate

Fadri Grünenfelder, Alberto Boaron, Davide Rusca, Anthony Martin and Hugo Zbinden.

We present a high-speed implementation of a polarization-based QKD protocol. We use a modified version of the original BB84 protocol with three polarization states. As a source we employ phase-randomized weak coherent laser pulses and we prevent photon-number-splitting attacks by implementing the 1-decoy method.

Unambiguous state discrimination of phase-coded multi-mode weak coherent states

Andrei Gaidash, Anton Kozubov and George Miroshnichenko.

For the last decades huge amount of different theoretical and experimental works have been performed where a lot of various schemes with weak coherent sources instead of true single photon sources were suggested due to their utility. Some of them use phase coding protocols instead of the original ones based on the polarization. Although phase-coded quantum states can be generated not in a usual way by electro-optical phase modulation and it can be implemented as in subcarrier wave quantum key distribution system (SCW QKD). Unfortunately, phase-coded quantum states in the set have overlapping with each other and that gives a crucial opportunity to Eve to provide unambiguous state discrimination (USD). Thus we would like to study properties of USD related to multi-mode phase-modulated coherent states.

Trusted Devices in Continuous-Variable Quantum Key Distribution

Fabian Laudenbach and Christoph Pacher.

In CV-QKD the trusted-device assumption allows for a significant improvement in terms of key rate and achievable transmission distance. We present an efficient way to mathematically analyse the impact of trusted devices on the Holevo information and a numerical analysis of how different security assumptions affect the performance of practical CV-QKD implementations. Moreover, we show that under particular circumstances, detection noise can even be beneficial for the key rate.

Bragg-Reflection Waveguides as Photon Pair Sources for Polymer Photonic Circuits

Hannah Thiel.

Recent advances in quantum photonic technology enable increasingly complex quantum communication and cryptography experiments. Quantum key distribution (QKD) is arguably the most advanced field with many realistic use-cases identified and promising experiments going beyond the stage of proof-of-principle. However, many implementations of QKD still suffer from their large size, high cost, and limited availability. On-chip sources of encoded quantum keys are a critical component towards commercialization of QKD devices. As a way to further reduce the cost and size, these sources should operate at room temperature, incorporate on-chip active optics such as lasers, and be pigtailed with optical fibers. In order to be able to make use of existing telecommunication infrastructure, the photons created need to be in the telecom C-band and experience minimal decoherence during transmission. A very robust form of entanglement is time-bin entanglement as it does not suffer from depolarization or polarization mode dispersion in long fiber networks.

In order to overcome the limitations of other sources, we are developing Bragg-reflection waveguides (BRWs), compact and low-cost semiconductor sources of photon pairs in the telecom wavelength range that work at room temperature. BRWs can be precisely fabricated via molecular beam epitaxy and reactive ion etching. They are made of the AlGaAs material system which offers a high second order nonlinearity enabling the process of parametric down-conversion (PDC). In order to achieve phase-matching, a key requirement for photon pair sources, the effective refractive index of each waveguide mode can be controlled. The correlated photon pairs produced in the BRWs via PDC can then be used as heralded single photons or can be polarization or time-bin entangled, as has been shown by our group[1].

So far the PDC process has been driven by an external pump laser. In order to achieve portability and integrability, we exploit the direct bandgap of GaAs and set our BRW up as a laser diode. This internal laser consists of a layer of AlGaInAs quantum dots as gain media surrounded by a quantum well for improved carrier accumulation. To enable electrically pumped PDC, the quantum dot laser spectrum needs to overlap with the phase matching wavelength. Therefore, we electrically contact the sample and investigate the dependence of the lasing spectrum on the applied voltage and the sample temperature. We find that both parameters can tune the lasing wavelength over a range of several nanometers. This tunability will enable phase matching of the on-chip laser and facilitate direct electrically pumped generation of photon pairs via PDC.

Semiconductor BRWs promise ultra-compact photon pair sources, however, suffer from low-efficiency coupling to optical fiber and require bulk-optic elements to separate the generated photons. To overcome these limitations, we work towards hybrid integration of BRWs with polymer light-wave technology. We integrate our BRWs into a versatile polymer photonic platform called the Polyboard[2] that can host thin-film optical elements on-chip and couple efficiently to optical fiber. This will allow us to eventually realize on-chip generation of time-bin entangled photons. We optimize the waveguide geometries to maximize the mode-overlap between the BRW and Polyboard and minimize the coupling losses.

Ultimately, the optimization of these electrically pumped samples and their integration into polymer networks will allow us to establish bright, on-chip sources of time-bin or polarization entangled photon pairs in the telecom wavelength range working at room temperature.

[1] Schlager et al., Temporally Versatile Polarization Entanglement from Bragg-Reflection Waveguides, Optics Letters 42 (11) (2017) 2102. doi: 10.1364/ol.42.002102. Chen et al., High-Concurrence Time-Bin Entangled Photon Pairs from Optimized Bragg-Reflection Waveguides, APL Photonics 3 (2018) 080804. doi: 10.1063/1.5038186.

[2] Kleinert et al., Photonic Integrated Devices and Functions on Hybrid Polymer Platform, Proc. SPIE 10098 (2017). doi: 10.1117/12.2256987.

Device-independent secret key rate from optimized Bell inequality violation

Sarnava Datta, Timo Holz, Hermann Kampermann and Dagmar Bruß.

We introduce a Device-Independent Quantum Key Distribution (DIQKD) scenario where a Bell inequality (BI) will be constructed from the performed measurement data instead of using a predetermined BI. Given the observed data of a DIQKD protocol involving n parties, m measurement settings per party and k outcomes per measurement, our goal is to find an optimal (n,m,k ) BI which maximizes the achievable DI secret key rate.

Quantum control attack on quantum key distribution systems

Anton Kozubov, Andrei Gaidash and George Miroshnichenko.

In this paper we present the quantum control attack on quantum key distribution systems. The cornerstone of the attack is that Eve can use unitary (polar) decomposition of her positive-operator valued measure elements, which allows her to realize the feed-forward operation (quantum control), change the states in the channel after her measurement and impose them to Bob. Below we consider the general eavesdropping strategy and the conditions those should be satisfied to provide the attack successfully. Moreover we consider several types of the attack, each of them is based on a different type of discrimination. We also provide the example on two non-orthogonal states and discuss different strategies in this case.

A theoretical framework for PUFs and QR-PUFs

Giulio Gianfelici, Hermann Kampermann and Dagmar Bruß.

We introduce a theoretical framework to describe Physical Unclonable Functions [1,2] (PUFs), including extensions to quantum protocols, so-called Quantum Readout PUFs (QR-PUF) [3].

(QR-)PUFs are physical systems with challenge-response behaviour intended to be hard to clone or simulate. Their use has been proposed in several cryptographic protocols, with particular emphasis on authentication.

We design a general authentication protocol, which is applicable to different physical implementations of (QR-)PUFs, and discuss the main properties which quantify the quality of such devices.

Our purpose is to find an agreement about theoretical assumptions and definitions behind the intuitive ideas of (QR-)PUFs, improving our ability to characterise the security of such devices in cryptographic protocols and to compare the performances between different (QR-)PUFs.

Such an agreement will allow us to derive security thresholds for (QR-)PUF authentication and possibly to develop further new authentication protocols.

[1] R. Pappu, Physical one-way functions, Ph.D.thesis, MIT (2001).

[2] R. Pappu, B. Recht, J. Taylor, N. Gershenfeld, Physical one-way functions, Science 297, 2026 (2002).

[3] B.Škorić, Quantum Readout of Physical Unclonable Functions, Progress in Cryptology – AFRICACRYPT 2010, 369-386 (2010).

Provably Private Storage

Xavier Coiteux-Roy, Bart van der Vecht and Stefan Wolf.

Alice is storing private data on an external server. She would like to encrypt it in an information-theoretic secure way, but that is not an option because of Shannon’s theorem: the private key would be as long as the message—and then, where would she store it? A solution to shrink the key was proposed in an earlier work: aim for eavesdropping detection rather than eavesdropping prevention. It was left open whether the strong notion of indistinguishable security could be reached in this way. We confirm it here by building over various steps a scheme for provable information-theoretically secure private storage (PPS). It encodes classical information into quantum states à la BB84, and uses randomness extractors to amplify privacy. We show that exploiting special relativity is necessary to reach information-theoretic indistinguishable security, and that it is sufficient in our case.

High-efficiency reconciliation protocol for continuous-variable quantum key distribution under wide SNR range

Chao Zhou, Xiangyu Wang, Yichen Zhang, Zhiguo Zhang, Song Yu and Hong Guo.

We propose a high-efficiency reconciliation protocol for continuous-variable quantum key distribution based on Raptor codes, which achieves efficiency higher than 95% in the range of signal-to-noise ratios from -20dB to 0dB.

Quantum Random Oracle Model based on Remote State Preparation

Min-Sung Kang, Yeon-Ho Choi, Yong-Su Kim, Young-Wook Cho, Sang Wook Han and Sung Moon.

In modern cryptography, a typical example of the one-way function is a random oracle [1,2]. The random oracle is virtual black box which output random bit in equal length when queried by all parties even including an adversary [3]. Although a true random oracle does not exist in real world, well-defined one-way function can emulate the behavior of random oracle. The important requirements of random oracle are preimage resistance, second preimage resistance, and collision resistance [2,4]. In particular, collision resistance is widely tested to validate the security because it is the weakest one [4,5].

One the same principle, in quantum cryptography, a quantum one-way function is represented with a quantum random oracle model. The first quantum random oracle model was proposed by Boneh et al. [6], and the official name of this model is a quantum-accessible random oracle model. Later, Zhandry improved Boneh et al.’s quantum-accessible random oracle model [7]. In 2013, Boneh and Zhandry explained quantum-secure digital signatures and quantum chosen ciphertext by introducing a quantum random oracle model [8]. Recently, Shang et al. showed that SWAP test-based signature is a quantum collision resistant one-way function using a quantum random oracle model [3].

In this presentation, we propose a quantum random oracle model based on remote quantum state preparation [9]. Unlike teleportation using the Bell state measurement, the proposed model is easy to implement because it is based on a remote state preparation that can transmit an arbitrary quantum state with only a single qubit measurement. In addition, this procedure is the same as the quantum one-way function because it is irreversible. To prove this, we show that the proposed model has a quantum collision resistance. In addition, we compare this model with modern cryptographic models. Figure 1 is the schematic representation of our quantum random oracle model.

References

[1] M. Bellare and P. Rogaway, in Proceedings of the 1st ACM conference on Computer and communications security (ACM, 1993), pp. 62.

[2] J. Katz and Y. Lindell, Introduction to modern cryptography (CRC press, 2014).

[3] T. Shang, Q. Lei, and J. Liu, Physical Review A 94, 042314 (2016).

[4] D. R. Stinson, Cryptography: theory and practice (CRC press, 2005).

[5] J. Katz, A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, Handbook of applied cryptography (CRC press, 1996).

[6] D. Boneh, Ö. Dagdelen, M. Fischlin, A. Lehmann, C. Schaffner, and M. Zhandry, in International Conference on the Theory and Application of Cryptology and Information Security (Springer, 2011), pp. 41.

[7] M. Zhandry, in Foundations of Computer Science (FOCS), 2012 IEEE 53rd Annual Symposium on (IEEE, 2012), pp. 679.

[8] D. Boneh and M. Zhandry, in Advances in Cryptology–CRYPTO 2013 (Springer, 2013), pp. 361.

[9] M.-S. Kang, Y.-H. Choi, Y.-S. Kim, Y.-W. Cho, S.-Y. Lee, S.-W. Han, and S. Moon, Physica Scripta 93, 115102 (2018).

[10] H. Buhrman, R. Cleve, J. Watrous, and R. De Wolf, Physical Review Letters 87, 167902 (2001).

Asymptotic security analysis of discrete-modulated continuous-variable quantum key distribution

Jie Lin, Twesh Upadhyaya and Norbert Lütkenhaus.

Continuous-variable quantum key distribution (CV-QKD) protocols with discrete modulation are interesting due to their experimental simplicity and their great potential for the massive deployment in the quantum-secured networks, but their security analysis is less advanced than that of Gaussian modulation schemes. We analyze the security of two variants of CV-QKD protocol with quaternary modulation against collective attacks in the asymptotic limit, paving the way for a full security proof with finite-size effects. Our security analysis based on a numerical optimization of the asymptotic key rate formula can produce tight key rates. From our analysis, we show that this protocol is capable of reaching around 200 km with experimentally feasible parameters, achieving much higher key rates over long distances compared with binary and ternary modulation schemes and yielding key rates comparable to Gaussian modulation schemes. Furthermore, our security analysis method allows us to evaluate variations of the discrete-modulated protocols, including direct and reverse reconciliation, postselection strategies, and also schemes with more than four coherent states. We demonstrate that postselection in combination with reverse reconciliation can improve the key rates.

Pseudorandom basis choice in quantum cryptography on symmetric coherent states

Ashot Avanesov and Dmitry Kronberg.

We consider the use of pseudorandom number generatorsin quantum cryptography. We show that their use in quantum cryptography allows us to increase the key generation rate with very weak assumptions about the capabilities of the eavesdropper. A practical protocol scheme for quantum key distribution on coherent states, using pseudorandom sequences, is proposed. The cryptographic security of the proposed protocol against a beam splitting attack is considered.

Practical Implementation of Privacy Amplification in Quantum Key Distribution

Ririka Takahashi, Yoshimichi Tanizawa and Alexander Dixon.

This paper discusses a high-speed privacy amplification implementation for practical use in a quantum key distribution system. The implementation on a CPU without any extra accelerator achieved a throughput of 65 Mb/s by using a parallelization technique. We also propose a method to increase the secure key rate in the case of limited machine resources by selecting the optimal block size. The result shows the secure key rate increases compared with that for a system using the fixed block size.

Faking photon number on transition-edge sensor

Poompong Chaiwongkhot, Anqi Huang, Jiaqiang Zhong, Hao Qin, Sheng-Cai Shi and Vadim Makarov.

Transition-edge sensor (TES) is a photon detector with ability to discriminate photon number state. Here, we report experimental demonstration of vulnerabilities in TES against an adversary Eve who tries to take control the detection outcome. First, we found that Eve could fake a photon number detection result by sending multiple photons with a proportionally lower photon energy. Second, the photon number output could be replicated by coupling additional bright pulsed laser with a proper peak power. As an example of exploitation, we model a fake-state attack on a QKD system with the TES under test as a single photon detector. This, to our knowledge, is the first demonstration of potential vulnerabilities of TES to hacking attacks. Countermeasures to such attacks will need to be considered in the future, if TES begin getting employed in secure quantum communication schemes.

Development of post–processing board for efficiently biased random bits

Ken-Ichiro Yoshino.

Physical random number generators (RNGs) are important especially in high-end security system, such as quantum key distribution (QKD). There are many researches and developments for physical RNGs. Although usual RNGs output “0” and “1” with equal probabilities, most QKD systems require biased random bits for basis selection and decoy method. Simple way of biasing is AND operation for some bits. For example, AND for two unbiased bits can produce “1” with probability of 1/4 (mark rate is 1/4). However the number of random bits decreases to 1/2 in this method. In general it is difficult to prepare a lot of physical random bits, so efficient biasing method is desired. In this paper we report the development of a post-processing board with efficient biasing method using Knuth-Yao algorithm.

Long-Distance Continuous-Variable Quantum Key Distribution with Entangled States

Yongmin Li, Ning Wang, Shanna Du, Wenyuan Liu, Xuyang Wang and Kunchi Peng.

We experimentally demonstrate long-distance continuous-variable quantum key distribution over a 50-km standard optical fiber based on continuous-variable Einstein-Podolsky-Rosen entangled states. The entanglement survives despite being distributed over a high-loss optical fiber channel. At a channel excess noise level of 0.01 shot-noise units, we achieve an asymptotic secret key rate of 0.03 bit per sample, which is superior to the optimized coherent-state protocol. The superiority is even more evident at a highchannel excess noise level of 0.1 shot-noise units. Our work paves the way toward practical applications of continuous-variable quantum key distribution under high amounts of excess channel noise.

Beating the repeaterless bound with adaptive measurement-device-independent quantum key distribution

Róbert Trényi, Koji Azuma and Marcos Curty.

Surpassing the repeaterless bound is a crucial task on the way towards realising long-distance quantum key distribution. In this paper, we focus on the protocol proposed by Azuma et al. in [Nature Communications 6, 10171 (2015)], which can beat this bound with idealised devices. We investigate the robustness of this protocol against imperfections in realistic setups, particularly the multiple-photon pair components emitted by practical entanglement sources. In doing so, we derive necessary conditions on the photon-number statistics of the sources in order to beat the repeaterless bound. We show, for instance, that parametric down-conversion sources do not satisfy the required conditions and thus cannot be used to outperform this bound.

Secure quantum key distribution with dishonest devices

Víctor Zapatero and Marcos Curty.

In a QKD protocol of any kind, all the devices are assumed to be honest by hypothesis. This assumption is clearly not justified, as it forces the legitimate parties to trust their classical and quantum hardware providers. Indeed, even trusted vendors do not manufacture all the chips and optical components by themselves, but they typically rely on secondary and tertiary supplies. This renders the verification of all QKD components a very difficult task. Crucially though, the presence of malicious devices could totally compromise the security of QKD in many different ways. Recently, a solution to this was proposed based on the assumption that not all the devices are dishonest, which is the minimum requirement for a secret key to be distillable. Precisely, the use of verifiable secret sharing (VSS) schemes together with privacy amplification (PA) techniques may allow to guarantee the security of QKD in some restricted adversarial scenarios, with the main drawback that the secret key bits consumed for authentication purposes increases due to the redundant use of the authenticated classical channel. In this work, we propose a more efficient way to use VSS and PA to reduce such authentication cost, and we apply it to well known QKD protocols. By doing this, we demonstrate the feasibility and the usefulness of applying the aforementioned techniques to restore the security of QKD in the presence of dishonest devices.

Finite-key security analysis of quantum key distribution with flawed and leaky sources

Margarida Pereira, Marcos Curty and Kiyoshi Tamaki.

The practical implementation of QKD relies on physical devices, whose behaviour must be well characterised in order to guarantee its security. However, most security proofs of QKD today make unrealistic assumptions and ignore many device imperfections. Recently, the generalised loss-tolerant protocol [M. Pereira el al, arXiv: 1902.02126 (2019)] was proposed to accommodate several imperfections and to remove the qubit assumption in the sending signals. In particular, that work considers state preparation flaws, mode dependency of the phase modulator and Trojan horse attacks in an asymptotic key regime. Such formalism can be applied to any multi-mode scenario, which is a useful tool to enhance implementation security. Here, we extend the security analysis of the generalised loss-tolerant protocol to the finite-key regime. By simulating the secret key rate for flawed and leaky sources, we show that the resulting performance is robust against general imperfections. Our work constitutes an important step forward towards bridging the gap between the theory and the practice of QKD.

The reduced optical attenuation opens a loophole for Eve in practical continuous-variable quantum key distribution systems

Yi Zheng, Peng Huang, Anqi Huang, Jinye Peng, Zhengwen Cao and Guihua Zeng.

In a practical CVQKD system, the optical attenuator can adjust the Gaussian-modulated coherent states and the local oscillator signal to an optimal value for guaranteeing the secyrity of the system and optimizing the performance of the system. However, the performance of the optical attenuator may deteriorate due to the intentional and unintentional damage of the device. In this paper, we investigate the practical security of a CVQKD system with reduced optical attenuation. We ﬁnd that the secret key rate of the system may be overestimated based on the investigation of parameter estimation under the effects of reduced optical attenuation. This opens a security loophole for Eve to successfully perform an intercept-resend attack in a practical CVQKD system. To close this loophole, we add an optical fuse at Alice’s output port and design a scheme to monitor the level of optical attenuation in real time, which can make the secret key rate of the system evaluated precisely. The analysis shows that these countermeasures can effectively resist this potential attack.

Polarization-state tracking in continuous-variable quantum key distribution

Tao Wang, Peng Huang, Shiyu Wang, Hongxin Ma, Dengwen Li and Guihua Zeng.

Continuous-variable quantum key distribution (CV-QKD) with a real local oscillator (LO) has been extensively studied recently due to its security and simplicity. However, due to the random birefringence effect in fiber, the state of polarization (SOP) of quantum signal dynamically changes when arriving at the receiver, leading to imperfect interference in coherent detection and resulting in performance degradation. To solve this, Kalman filter algorithm is first employed in CV-QKD to estimate the polarization misalignment, thereby achieving polarization demultiplexing at the data level, and ultimately recovering the quantum signal with the help of a two-step phase compensation. The signal transmission and processing is simulated, which verifies the SOP tracking ability and the immunity to the fast phase drift.

Secret Key Reconciliation for Long-Distance Quantum Key Distribution with Discrete and Continuous Variables

Laszlo Gyongyosi.

We define a novel high-performance secret key reconciliation method for long-distance quantum key distribution (QKD) [1-5]. The aim of the reconciliation method is to establish a secret key between the sender and the receiver using the measurement results (raw data) of the parties. We provide a novel secret key extraction method for long-distance QKD, and study the performance of the reconciliation method. We derive the results for discrete-variable (DV) and continuous-variable (CV) long-distance QKD. We evaluate the statistical distributions of the raw data and the noise distribution on the secret key, and study the attributes of the reconciliation framework. The results are particularly convenient for experimental long-distance quantum key distribution.

Drone-Based Quantum Key Distribution (QKD)

Andrew Conrad, Kyle Herndon, Brian Wilens, Samantha Isaac, Alex Hill, Daniel Sanchez-Rosales, Daniel Gauthier and Paul Kwiat.

Aerial drones, including fixed-wing and multi-copter platforms, are increasing in popularity among the general public including hobbyists, as well as finding demand by corporations, local government, law enforcement, and military applications. As drone prevalence increases, there is a growing need to secure communications between drones within drone networks, especially in a world with quantum computers on the verge of demonstrating quantum supremacy. Quantum Cryptography offers the benefits of provably secure communications. Historically, quantum cryptography has been demonstrated in fixed fiber optic networks and through free-space through fixed locations. Recently, Quantum Key Distribution (QKD) has been demonstrated from ground stations to satellites in low earth orbit as well as from ground stations to airplanes. However, to date, QKD links have not been demonstrated for drones. Significant challenges exist for performing QKD between drones. For instance, unlike airplanes or Satellites, drones have significant limitations on the Size, Weight, and Power (SWaP) of the payload. Moreover, there are additional challenges including aligning the optical paths of both drones while in flight. Notwithstanding the aforementioned challenges, there are significant rewards to extending quantum networks using flexible reconfigure platforms like drones, such as potentially solving the last-mile problem of distributing quantum keys in dense city environments.

Modular QKD setup for research and development applications

Yury Kurochkin, Vadim Rodimin, Vladimir Kurochkin, Mikhail Ponomarev, Tatiana Kazieva and Aleksey Fedorov.

There are many protocols and optic schemes developed for QKD. However, new ideas in this field do not run low. It is tempting to create some kind of universal platform for the rapid prototyping new QKD devices so that a PhD student without skills of development of FPGA applications coped with such a task.

We present a system for optical experiments and rapid prototyping of fiber optical devices. The platform has real-time FPGA functionality combined with the ease of programming on LabVIEW. The platform consists of a small optic table for standard fiber components fastening, a motherboard for modulators, SPDs and other active components connection. The motherboard, in turn, is connected to the PC with a National Instrument PCIe R-series board installed. Main functions, such as basic control signals generating, collecting and transferring data to the host level of the computer are performed by the R-series board.

Using two developed devises we composed a set for QKD by BB84 protocol by means of plug&play optic scheme. The specs of the currently used R-series board PCIe-7841R allows the laser pulses frequency at least 20MHz. The developed system has engineering, scientific and educational potential.

The work was supported by the Russian Science Foundation under Grant No. 17-71-20146.

Finite-key security analysis of a simple twin-field quantum key distribution protocol

Guillermo Currás Lorenzo, Marcos Curty, Koji Azuma and Mohsen Razavi.

Protocols based on twin-field quantum key distribution (TF-QKD) are predicted to beat the current records in terms of both secret key rate and total distance. A recent simple proposal is perhaps one of the strongest candidates, since it could improve the secret key rate obtainable by almost an order of magnitude with respect to the original protocol while being experimentally easier to implement as well. However, particularities of its security proof make its extension to the finite-key regime more challenging than that of other protocols. In this work, we overcome these issues and present a finite-key security analysis against coherent attacks, showing that this simple TF-QKD setup could overcome the fundamental bounds on repeaterless QKD links for a block size of $10^{11}$ transmitted signals.

Hacking single-photon detector in quantum key distribution via pulse illumination

Zhihao Wu, Anqi Huang, Huan Chen, Shi-Hai Sun, Jiangfang Ding, Xiaogang Qiang, Ping Xu, Xiang Fu, Mingtang Deng and Junjie Wu.

Although measurement-device-independent quantum key distribution (MDI QKD) can remove all detection-related loopholes, it is not widely implemented as a commercial product. Thus, it is still necessary to study the security of a practical single-photon detectors, especial for the international standardization of QKD. Here we demonstrate a pulse illumination attack on an avalanche photodiode while bypassing its photocurrent monitor. The reported photocurrent under the attack keeps to the similar level to that of the normal working state. Moreover, clicks of the blinded APD can be fully controlled by Eve in a standard prepare-and-measure QKD system.

A continuous variable quantum repeater based on entanglement distillation with quantum scissors

Kaushik Seshadreesan, Hari Krovi and Saikat Guha.

Transmission of quantum information across large distances is central to realizing the vision of the quantum internet. The primary hurdle in this quest is photon loss, which limits the rates and range of distributing entanglement. Overcoming this requires quantum repeaters. In this work, we propose a second generation, multiplexing-based quantum repeater scheme using continuous variables (CV). The scheme involves transmission of CV Gaussian entangled states, entanglement distillation using noiseless linear amplifiers (NLA) built using the so-called quantum scissors, a probabilistic non-Gaussian operation that noiselessly amplifies a state while truncating them in Fock space, optical fiber memory and switches. The repeater can be built using known quantum photonic components, and it will attain an entanglement generation rate higher than what is possible with direct optical transmission.

Selection for Free-Space Measurement-Device-Independent Quantum Key Distribution

Wenyuan Wang, Feihu Xu and Hoi-Kwong Lo. Prefixed-threshold Real-Time

Measurement-Device-Independent (MDI) QKD eliminates detector side channels in QKD and allows an untrusted relay between two users. A desirable yet highly challenging application is to implement MDI-QKD through free-space channels. One of the major factors that affect the secure key rate in free-space MDI-QKD is atmospheric turbulence. In this work we show two important results: First, the independent fluctuations of transmittances in the two channels can significantly reduce MDI-QKD performance due to turbulence-induced channel asymmetry. Second, we consider the Prefixed Real-Time Selection (P-RTS) method we formerly introduced to decoy-state BB84 and extend it to MDI-QKD. Users can monitor classical transmittances in their channels and improve performance by post-selecting signals in real-time, based on thresholds conveniently pre-determined before the experiment. We show that we can establish a simple 2-dimensional threshold between Alice and Bob to post-select signals and greatly extend the maximum range of MDI-QKD in the presence of turbulence, which can be an important step towards future free-space MDI-QKD experiments.

QFactory: classically-instructed remote secret qubits preparation

Alexandru Cojocaru, Leo Colisson, Elham Kashefi and Petros Wallden.

The functionality of classically-instructed remotely prepared random secret qubits was introduced in (Cojocaru et al 2018) as a way to enable classical parties to participate in secure quantum computation and communications protocols. The idea is that a classical party (client) instructs a quantum party (server) to generate a qubit to the server’s side that is random, unknown to the server but known to the client. Such task is only possible under computational assumptions. In this contribution we define a simpler (basic) primitive consisting of only BB84

states, and give a protocol that realizes this primitive and that is secure against the strongest possible adversary (an arbitrarily deviating malicious server). The specific functions used, were constructed based on known trapdoor one-way functions, resulting to the security of our basic primitive being reduced to the hardness of the Learning With Errors problem. We then give a number of extensions, building on this basic module: extension to larger set of states (that

includes non-Clifford states); proper consideration of the abort case; and verifiablity on the module level. The latter is based on “blind self-testing”, a notion we introduced, proved in a limited setting and conjectured its validity for the most general case.

Upper Bounds on Device Independent Key Secure Against Non-Signaling Adversary via the Complete Extension and Squashed Nonlocality

Marek Winczewski, Tamoghna Das, Karol Horodecki, Pawel Horodecki, Lukasz Pankowsk, Marco Piani and Ravishankar Ramanathan.

Quantum theory has a well defined property of purification, i.e., any quantum state, which is not pure, can always be extended to an extremal state in higher dimensional Hilbert space. It is well known that some theories like classical theory do not possess this feature. We define the notion of the complete extension that is a counterpart of quantum purification in the no-signaling theory. We show that it possess similar properties as its quantum analog, however in generic case it is not an extremal state. We employ the complete extension of a bipartite non-signaling normalized probability distribution (called a box) in the protocol of device independent key distillation. In this case the initial bipartite box is shared by the honest parties and the non-signaling eavesdropper controls the extending system. We considering identically independent distributions (iid) attack and the procedure of ”squashing” secrecy monotones known in the secret key agreement scenario. This allows us to provide an upper bound on the secure key rate obtained under a wide class of operations. We then introduce a new measure of non-locality called the squashed non-locality and show its properties. For exemplary boxes we provide the numerical upper bounds on the distillable key in considered scenario. We also show that are non-local boxes, from which one can not distill key via considered protocols.

Anonymity for practical quantum networks

Anupama Unnikrishnan, Ian MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham and Iordanis Kerenidis.

Quantum communication networks have the potential to revolutionise information and communication technologies. A crucial yet challenging functionality required in any network is the ability to guarantee the anonymity of two parties, the Sender and the Receiver, when they wish to transmit a message through the network. Such anonymity is an increasingly valuable commodity in our information age. Here, we present a new protocol for players in a network to communicate both classical and quantum messages in a way that protects identity. Our work combines the power of classical and quantum protocols in a novel way, guaranteeing security against untrusted sources. As required for a realistic network, we ensure anonymity even in the presence of malicious parties. We define error-tolerant notions of anonymity, essential for realistic implementations, which we show can be achieved. Crucially, compared to previous results, we demonstrate a dramatic reduction in the required resources, leading to a practical protocol that can be performed with currently available experimental technology.

Machine Learning for Optimal Parameter Prediction in Quantum Key Distribution

Wenyuan Wang and Hoi-Kwong Lo.

For practical quantum key distribution (QKD) with finite-size effects, parameter optimization – the choice of intensities and probabilities of sending them – is a crucial step in obtaining a high key rate. Traditionally, such an optimization relies on brute-force search, or local search algorithm such as coordinate descent. Here we present a new method of using a neural network to learn to predict the optimal parameters for QKD with any given set of experiment device properties and quantum channel conditions as input. We show that this method is a general approach that applies to various protocols such as symmetric/asymmetric Measurement-Device-Independent (MDI) QKD as well as BB84. The neural network parameter prediction is highly accurate (preserving over 99.99% of the key rate found by local search for several tested protocols). Most importantly, it is 100-1000 times faster than local search and requires much less compute power. With it, we can deploy QKD to low-power (<5w) devices, such as single-board computers and smartphones, and obtain optimal parameters in real-time within milliseconds. Here we propose two important use cases: (1) Free-space QKD such as drone-to-drone, handheld, and satellite-based QKD systems, which have limited power budget for the devices and also requirement on real-time responsiveness, and (2) a quantum Internet of Things (IoT) where numerous small, portable devices can be interconnected, and there could be a large number of connections in the network. With neural networks, even a small device such as a smartphone can easily serve as a relay that can optimize thousands of pairs of connections in seconds.

Quantum Key Distribution with Small Satellites

Ömer Bayraktar, Peter Freiwang, Daniel Garbe, Matthias Grünefeld, Roland Haber, Lukas Knips, Christoph Marquardt, Leonhard Mayr, Florian Moll, Jonas Pudelko, Benjamin Rödiger, Wenjamin Rosenfeld, Klaus Schilling, Christopher Schmidt and Harald Weinfurter.

Only QKD with small satellites has the potential of cost effective secure communication on a global scale. Here we present the space mission QUBE, which intends to evaluate highly integrated QKD hardware in space and to study the feasibility of using Cube-Satellites for world wide key exchange.

Achieving high key rates in satellite-based QKD

Sebastian Ecker, Bo Liu, Matthias Fink, Johannes Handsteiner, Dominik Rauch, Fabian Steinlechner, Thomas Scheidl, Anton Zeilinger and Rupert Ursin.

Entanglement distribution over long distances has gained a fair share of attention with the successful launch of dedicated quantum satellites. While these first missions are an important first step towards a permanent quantum satellite infrastructure, entanglement-based quantum key distribution (QKD) between two parties on ground has not been demonstrated yet. In order to be forearmed for future low earth orbit (LEO) satellite missions aimed at distributing a secure key, we developed a high-brightness polarization-entangled photon pair source, a transmitter module and a receiver module capable of satellite tracking. We employed this state-of-the-art quantum hardware to distribute photons over a representative terrestrial free-space link with a distance of 143 km, emulating a LEO downlink scenario, and extracted secure key rates up to 301 bits per second. Additionally, we developed a QKD model which incorporates the photon statistics of our source. This model allowed us to optimize the secure key rate over a high-loss channel and it will be a valuable tool for the design of future down-link missions.

Asymptotic security of discrete-modulation protocols for continuous-variable quantum key distribution

Eneet Kaur, Saikat Guha and Mark M. Wilde.

We consider discrete-modulation protocols for continuous-variable quantum key distribution (CV-QKD) that employ a modulation constellation consisting of a finite number of coherent states and that use a homodyne-detection receiver. We establish a security proof for collective attacks in the asymptotic regime, and we provide a formula for an achievable secret-key rate. Previous works established security proofs for Gaussian-modulation CV-QKD protocols or for discrete-modulation protocols with two or three coherent states. The main constituents of our approach include approximating a complex, isotropic Gaussian probability distribution by a finite-size Gauss-Hermite constellation, applying entropic continuity bounds, and leveraging previous security proofs for Gaussian-modulation protocols. As an application of our method, we calculate secret-key rates achievable over a pure-loss bosonic channel. Our results indicate that in the high-loss regime and for sufficiently large constellation size, the achievable key rates scale optimally, i.e., proportional to the channel’s transmissivity, and they approach the rates achieved by a Gaussian-modulation protocol as the constellation size is increased.

Coherent State Oblivious Transfer using Homodyne Detection

David Reichmuth.

We present a protocol for quantum oblivious transfer using coherent states and homodyne detection. In 1-2 oblivious transfer a sender, Alice, holds two classical bits, and a receiver, Bob, obtains one, and only one, of them, in such a way that Alice does not know which bit Bob obtained. Both Alice and Bob may attempt to cheat.

We map classical bit values {x0,x1} to four coherent states which Alice sends to Bob. As coherent states have non-zero overlaps, error-less distinction between states is not possible, which gives rise to an inherent protocol failure probability. The existence of a failure probability allows us to construct a protocol in which Bob actively chooses which bit value he wishes to obtain, which means that by no-signalling, Alice cannot cheat. This is not possible in protocols with zero failure probability, which have been examined in the field so far.

Delegating Quantum Computation Using Only Hash Functions

Jiayu Zhang.

In this paper, we construct a new scheme for delegating a large circuit family, which we call “C+P circuits”. “C+P” circuits are the circuits composed of Toffoli gates and diagonal gates. Our scheme is non-interactive, only requires small quantum resources on the client side, and can be proved secure in the quantum random oracle model, without relying on additional assumptions, for example, the existence of fully homomorphic encryption. In practice the random oracle can be replaced by appropriate hash functions or symmetric key encryption schemes, for example, SHA-3, AES.

This protocol allows a client to delegate the most expensive part of some quantum algorithms, for example, Shor’s algorithm. The previous protocols that are powerful enough to delegate Shor’s algorithm require either many rounds of interactions or the existence of FHE. The quantum resources required by the client are fewer than when it runs Shor’s algorithm locally.

Different from many previous protocols, our scheme is not based on quantum one time pad, but on a new encoding called “entanglement encoding”. We then generalize the garbled circuit to reversible garbled circuit to allow the computation on this encoding.

To prove the security of this protocol, we study key dependent message(KDM) security in the quantum random oracle model. Then as a natural generalization, we define and study quantum KDM security. KDM security was not previously studied in quantum settings.

Qubit-based Quantum Key Recycling over a noisy channel

Daan Leermakers and Boris Škorić.

Quantum Key Recycling aims to re-use the keys employed in quantum encryption and quantum authentication schemes. QKR protocols can achieve better round complexity than Quantum Key Distribution. We consider a QKR protocol that works with qubits, as opposed to high-dimensional qudits. A security proof was given by Fehr and Salvail [1] in the case where there is practically no noise. A high-rate scheme for the noisy case was proposed by Sˇkori ́c and de Vries [2], based on eight-state encoding. However, a security proof was not given. In this paper we introduce a protocol modification to [2] and provide a security proof. The modified protocol has high rate not only for 8- state encoding, but also 6-state and BB84 encoding. Our proof is based on a bound on the trace distance between the real quantum state of the system and a state in which the keys are completely secure. It turns out that the rate is higher than suggested by previous results. Asymptotically the rate equals the rate of Quantum Key Distribution with one-way postprocessing.

Practical quantum key distribution with non-phase-randomized coherent states

Li Liu, Yukun Wang, Charles Ci Wen Lim, Emilien Lavie, Arno Ricou, Chao Wang and Fenzhuo Guo.

Quantum key distribution (QKD) based on coherent states is well known for its implementation simplicity, but it suffers from loss-dependent attacks based on optimal unambiguous state discrimination. Crucially, previous research has suggested that coherent-state QKD is limited to short distances, typically below 100 km assuming standard optical fiber loss and system parameters. In this work, we propose a six-coherent-state phase-encoding QKD protocol that is able to tolerate the total loss of up to 38 dB assuming realistic system parameters, and up to 56 dB loss assuming zero noise. The security of the protocol is calculated using a recently developed security proof technique based on semi-definite programming, which assumes only the inner-product information of the encoded coherent states, the expected statistics, and that the measurement is basis-independent. Our results thus suggest that coherent-state QKD could be a promising candidate for high-speed provably-secure QKD.

Verifiable Hybrid Secret Sharing: Reducing Quantum Resources

Victoria Lipinska, Glaucia Murta and Stephanie Wehner.

Secret sharing is a task for a network, which allows us to securely split a secret message among n network nodes, in such a way that the secret can be reconstructed only if a minimum number of k nodes work together. The splitting and sharing of the message is often performed by one designated node – the dealer. If the nodes do not trust the dealer they may wish to verify the consistency of their shares and make sure that at the end of the protocol there is one well-defined secret that they can reconstruct. In this case, the secret sharing protocol involves an additional step of verification of the shares, and we talk about verifiable secret sharing. A quantum analog of the protocol, namely verifiable quantum secret sharing (VQSS), was shown to be essential for secure multiparty quantum computation and fast quantum byzantine agreement. In early stages of quantum network development, it would be desirable to implement VQSS on a network with ability to control only small qubit systems. However, existing protocols require many qubits per node. Here we address a question of whether verifiable secret sharing scheme can be realized on a quantum network with as few qubits per node as possible. We answer this question positively by presenting a scheme which significantly reduces quantum resources necessary for sharing a quantum secret in a verifiable way. We make use of classical resources to combine classical encryption of the quantum secret with an existing VQSS scheme. In this way we achieve a verifiable hybrid secret sharing scheme, where each node holds single-qubit shares. This solution may enable qubit reductions for future implementations of schemes which use VQSS as a subroutine.

Continuous-variable QKD network in Qingdao

Yichen Zhang, Ziyang Chen, Bingjie Chu, Chao Zhou, Xiangyu Wang, Yijia Zhao, Yifan Xu, Chao Xu, Hongjie Wang, Ziyong Zheng, Yundi Huang, Chunchao Xu, Xiaoxiong Zhang, Tao Shen, Ge Huang, Yunwu Zheng, Zhaoxuan Fei, Weinan Huang, Menglin Zhu, Luyu Huang, Bin Luo, Song Yu and Hong Guo.

We report long-term performances of three nodes continuous-variable QKD network in Qingdao, China, which is the first long-term demonstration with clear applications of continuous-variable QKD network through existing commercial fiber links.

Optimal collective CV-QKD attack through all-optical teleportation

Spyros Tserkis, Nedasadat Hosseinidehaj, Nathan Walk and Timothy C. Ralph.

In Gaussian continuous-variable (CV) QKD, both optimal individual and collective eavesdropping attacks can be modeled through the entangling cloner scheme, which however implies an unrealistic assumption that the eavesdropper can noiselessly transmit information regardless of the distance. For individual attacks, one of the realistic alternatives to the entangling cloner is the CV teleportation protocol, which by construction cannot be extended to collective attacks due to its dependence on individual Bell-type measurements. In this work, we introduce an eavesdropping setup that models both optimal individual and optimal collective attacks based on the all-optical teleportation protocol that does not require any measurement. We show that for individual attacks this scheme is equivalent to the CV teleportation protocol, but for collective attacks it represents a realistic alternative to the entangling cloner scheme. Further, we show that the maximum information that an eavesdropper can physically extract, also known as the Holevo bound, cannot be reached with finite entanglement resources.

Multilayer Structure of a Scalable Quantum Key Distribution (QKD) Network

Andrey Zhilyaev, Anastasiia Nikolaeva, Mikhail Borodin and Vladimir Sergeev.

The paper considers the construction of a secure multi-site network based on quantum key distribution using the trusted nodes approach. Specifics of the implementation of the multilayer structure of QKD networks are identified and described. A new four-layer network structure is proposed. An important feature of the proposed structure is that there is no need to separate nodes by roles. Special attention is paid to the functions of the network layers, their interaction and security issues of the network as a whole. The authors proposed the definition of a quantum-protected key (QPK) term, naturally occurred when passing from direct quantum channels to the multi-site QKD network. The importance of creating a common interface of interaction between the host-consumer of quantum-protected keys and the quantum-protected keys management layer is also substantiated.

Quantum key distribution with simply characterized light sources

Akihiro Mizutani, Toshihiko Sasaki, Yuki Takeuchi, Kiyoshi Tamaki and Masato Koashi.

To guarantee the security of quantum key distribution (QKD), several assumptions on light sources must be satisfied. For example, each random bit information is precisely encoded on an optical pulse and the photon-number probability distribution of the pulse is exactly known. Unfortunately, however, it is hard to check if all the assumptions are really met in practice, and hence it is preferable that we have minimal number of device assumptions. In this work, we adopt the differential-phase-shift (DPS) QKD protocol, which has been implemented in the field demonstration of the Tokyo QKD network, and drastically mitigate the requirements on light sources. Specifically, we only assume the independence among emitted pulses, and the photon number statistics up to three photons. Remarkably, no other detailed characterizations are required. Based on the mitigated assumptions, we firstly provide an information-theoretic security proof of the DPS protocol while retaining the simplicity of this protocol. Our security proof significantly relaxes demands for light sources, which paves a route to guarantee implementation security with simple verification of the devices.

Quantum key distribution secure against malicious optical devices and classical post-processing units

Hoi-Kwong Lo and Marcos Curty.

The current paradigm for the security of quantum key distribution (QKD) suffers from two fundamental weaknesses. First, covert channels have emerged as an important threat which can break the security of even device-independent QKD (DI-QKD). Second, security proofs often assume that the classical post-processing units of a QKD system are trusted. This is a rather strong assumption and is very hard to justify in practice.

Here, we propose a new paradigm for the security of QKD which solves these two fundamental problems. Specifically, we show that by using verifiable secret sharing

and privacy amplification, together with multiple optical devices and classical post-processing units, one could re-establish the security of QKD with malicious devices. Our techniques are general and apply to both DI-QKD and non-DI-QKD.

On-chip near-perfect quality entanglement for multi-user quantum key distribution

Dorian Oser, Florent Mazeas, Carlos Alonso Ramos, Xavier Le Roux, Laurent Vivien, Sébastien Tanzilli, Éric Cassan and Laurent Labonté.

The combination of quantum optics and integrated photonics gives the ability of manipulating, generating, and detecting various quantum states on single chips. One of the major challenge is the on-chip rejection of the pump which contaminate the quantum pair generated by non-linear process. We demonstrated the integration on a single silicon chip a photon-pair generator. The production simultaneously of multiplexed pairs with near-perfect quality was achieved using a ring resonator cavity and a cascaded multimode filter. This new type pump-rejection filter shows a large pump suppression (>60dB) without any active tuning. All wavelengths are compatible with the ITU channels and with telecom components.

Quantum Walks and Quantum Key Distribution

Chrysoula Vlachou, Walter Krawec, Paulo Mateus, Nikola Paunkovic and Andre Souto.

In this work, we show how quantum walks may be used to construct secure quantum key distribution (QKD) systems. In particular, we develop a new QKD protocol, based on a quantum walk on the cycle. We perform a complete information theoretic security analysis against arbitrary, coherent, attacks and show how the quantum walk settings (e.g., coin operator, time steps, and dimension of the cycle) greatly affect security. Finally, we show that, for optimal walk settings, our protocol can tolerate high levels of channel noise.

An optimal local model to practically emulate Bell inequalities

Shihan Sajeed, Vadim Makarov, Nigar Sultana and Charles Ci Wen Lim.

We show how an adversary can emulate a Bell inequality using existing detector control methods if the Bell test is not loophole-free. For a Clauser-Horne-Shimony-Holt inequality, our model fakes a maximum violation predicted by quantum mechanics for a detector efficiency up to the threshold efficiency of about 0.8284. When the inequality is re-calibrated by incorporating non-detection events, our model emulates its exact local bound. Thus existing technologies may allow the adversary to practically subvert quantum protocols all the way up to the local limit, which hints that Bell tests need to be loophole-free for their correct application.

Attack-resistant quantum random number generator based on the interference of laser pulses with random phase

Roman Shakhovoy, Violetta Sharoglazova, Alexandr Udaltsov, Vladimir Kurochkin and Yury Kurochkin.

We propose an attack-resistant optical QRNG, which uses an idea of M. Jofre et al. [1] to employ as an entropy source the random phase of semiconductor laser radiation converted to the amplitude modulation via the interference of laser pulses in the interferometer. The laser is modulated by the pulse driver over lasing threshold and a continuous train of pulses is sent to the Michelson interferometer, where the delay time of the longer arm is chosen to be a multiple of the pulse repetition period. The photodiode then detects the interference of two pulses emitted by the laser at different moments of time and thus having random phases. Afterwards, the signal from the photodetector is processed with the statistics control (SC) unit, which is employed to find the probability density of the random signal. As an embodiment of the SC unit we used a high-speed comparator, where the profile of the density distribution was restored using the threshold voltage Vth sweep. Obtained statistics is then used to determine the contribution from external classical noise and possible influence of the adversary. This information is then used to set up the digitizer so that it discards the signals, which could be potentially subject to the impact of classical fluctuations, i.e. could be compromised. The digitizer, in turn, is represented by two comparators, whose threshold voltages difference was determined by the so-called effective reduction factor related to quantum-to-classical noise ratio. Under normal operating regime the system continuously calculates (on-the-fly) the actual value of performing thus the self-testing and self-tuning of the QRNG.

The proposed scheme is designed to be low-priced and optimized for potential production.

References

M. Jofre, M. Curty, F. Steinlechner, G. Anzolin, J. P. Torres, M. W. Mitchell and V. Pruneri, Opt. Express, 19, 20665 (2011)

Leftover hashing from quantum error correction: Unifying the two approaches to the security proof of quantum key distribution

Toyohiro Tsurumaru.

We show that the Mayers-Shor-Preskill approach and Renner’s approach to the security proof of quantum key distribution (QKD) are essentially the same. We begin our analysis by considering a special case of QKD called privacy amplification (PA). PA itself is an important building block of cryptography, both classical and quantum. The standard theoretical tool used for its security proof is called the leftover hashing lemma (LHL). We present a direct connection between the LHL and the coding theorem of a certain quantum error correction code. Then we apply this result to prove the equivalence between the two approaches to the security proof of QKD.

Two protocols in Twin-Field QKD

Xiang-Bin Wang.

We construct two protocols in twin-field quantum key distribution. One is sending or not sending protocol, which can tolerant large misalignment error of long-distance single-photon interference in the twin-field QKD. Even with 35% misalignment error, the secure distance of this protocol can still exceed 500 km. Another is an encoding-side-channel-free QKD protocol. With this protocol, the QKD process is secure even if a real-life source with imperfections in the encoding side channel space, and the secure distance can exceed 200 km.

Can you sign a quantum state?

Gorjan Alagic

Cryptography with quantum states exhibits a number of surprising and counterintuitive features. In an intriguing 2002 paper, Barnum et al. argued that these strange features imply that digital signatures for quantum states are impossible. In this work, we thoroughly explore this question from a theoretical crypto perspective. We expand on the work of Barnum et al. and show that even very weak forms of signing quantum states are impossible; essentially, if a signature scheme is secure, then it is classical. We then show a positive result: it is possible to sign quantum states, provided that they are also encrypted with the public key of the intended recipient. Following classical nomenclature, we call this notion quantum signcryption. Classically, signcryption is only interesting if it provides superior efficiency to simultaneous encryption and signing. Our results imply that, quantumly, it is far more interesting: by the laws of quantum mechanics, it is the only signing method available. We develop security definitions for quantum signcryption, ranging from a simple one-time two-user setting, to a chosen-ciphertext-secure many-time multi-user setting. We also give secure constructions based on post-quantum public-key primitives. (Joint work with Tommaso Gagliardoni and Christian Majenz.)

DI-QKD and DI-QRNG, discussing security proofs and practical challenges

Rotem Arnon Friedman

Device-independent cryptography goes beyond conventional quantum cryptography by providing security that holds independently of the quality of the physical devices used to implement the cryptographic protocols. In this tutorial we will present existing device-independent quantum key distribution protocols and discuss the ideas underlying their security proofs. In particular, the tutorial will cover the best practices for using known techniques to prove security of device-independent protocols. Lastly, we will present several open questions whose solutions have the potential of bringing the quantum cryptography community closer to an experimental realization of device-independent quantum key distribution.

Zero-knowledge proofs meet quantum computing

Fang Song

Zero-knowledge proof systems have played a fundamental role in complexity theory and cryptography since its invention. I will introduce the basic definitions and constructions of zero-knowledge proof systems, and discuss the new questions that arise in a quantum setting. This includes making classical ZK proofs secure against quantum adversaries as well as making quantum interactive proof systems zero-knowledge.

Accepted Posters

Please Click here to view the list of accepted posters (this file contains 11 pages).

Quantum fully homomorphic encryption

Zvika Brakerski

Fully homomorphic encryption schemes (FHE) allow to apply arbitrary efficient computation to encrypted data without decrypting it first. This allows a client to delegate computation to a computationally powerful server without compromising the privacy of the input. This notion was proposed by Rivest, Adleman and Dertouzos in 1978, but a first candidate was only proposed 30 years later by Gentry.

Broadbent and Jeffery (2015) asked whether it is possible to construct a *quantum* analog, which will allow to apply an arbitrary quantumly efficient computation to (classical or quantum) encrypted data. The ultimate notion of Quantum FHE (QFHE) scheme will allow even to a classical client privately delegate computation to a quantum server.

The talk will survey the exciting recent advancement on this question, through the first “ultimate” candidate proposed by Mahadev (2018) and beyond. Connections to other quantum-cryptographic primitives and open questions will also be discussed.

Implementation Security of QKD

Norbert Lütkenhaus

In this tutorial we will clarify the difference between protocol and implementation security. While the framework for protocol security is well developed, the field of studying implementation security is still in flow. We will see several examples how implementations of QKD devices may be attacked via side-channel attacks. These attacks use the difference between actual implementations and the model assumptions of security proofs as a lever. Subsequently, we will discuss what can be done to mitigate the issues arising from potential side-channel attacks. Finally, we will discuss what statements we can actually make about QKD implementations.

Quantum techniques in post-quantum crypto

Mark L. Zhandry

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof techniques allow the reduction to record information about the adversary’s queries, a crucial feature of many classical ROM proofs. In this work, we give a new QROM proof technique that overcomes this “recording barrier”, allowing for efficient on-the-fly simulation of random oracles, roughly analogous to the usual classical simulation. We then use this new technique to give the first proof of indifferentiability for domain extension, as well as other applications.

Quantum networks of diamond spins

Ronald Hanson

Entanglement – the property that particles can share a single quantum state – is arguably the most counterintuitive yet potentially most powerful element in quantum theory. The non-local features of quantum theory are highlighted by the conflict between entanglement and local causality discovered by John Bell. Decades of Bell inequality tests, culminating in a series of loophole-free tests in 2015, have confirmed the non- locality of nature [1].

Future quantum networks [2] may harness these unique features of entanglement in a range of exciting applications, such as quantum computation and simulation, secure communication, enhanced metrology for astronomy and time-keeping as well as fundamental investigations. To fulfill these promises, a strong worldwide effort is ongoing to gain precise control over the full quantum dynamics of multi-particle nodes and to wire them up using quantum-photonic channels.

Here I will present recent and ongoing work with the specific target of realizing the first multi-node network wired by quantum entanglement, including first primitive network experiments [3,4] using diamond-based quantum network nodes.

[1] For a popular account of these experiments, see e.g. Ronald Hanson and Krister Shalm, Scientific American 319, 58-65 (2018).

[2] Quantum internet: A vision for the road ahead, S Wehner, D Elkouss, R Hanson, Science 362 (6412), eaam9288 (2018).

[3] N. Kalb et al., Science 356, 928 (2017).

[4] P.C. Humphreys et al., Nature 558, 268 (2018).

Fast and practical implementation of self-testing QRNG based on an energy bound

Davide Rusca, Thomas van Himbeeck, Anthony Martin, Jonatan Bohr Brask, Hamid Tebyanian, Stefano Pironio, Nicolas Brunner and Hugo Zbinden.

We present a scheme for a self-testing quantum random number generator. Compared to the fully device-independent model, our scheme requires an extra natural assumption, namely that the mean energy per signal is bounded. The scheme is self-testing, as it allows the user to verify in real-time the correct functioning of the setup, hence guaranteeing the continuous generation of certified random bits. Based on a prepare-and-measure setup, our scheme is practical, and we implement it using only off-the-shelf fibred-optical components. The randomness generation rate is 112 Mbits/s, comparable to the best commercial solutions. Overall, we believe that this scheme achieves a promising trade-off between the required assumptions, ease-of-implementation and performance.

Non-malleability for quantum public-key encryption

Christian Majenz, Christian Schaffner and Jeroen van Wier.

We present a definition for non-malleability in the setting of public-key quantum cryptography. Overcoming the notorious “recording barrier” known from generalizing other integrity-like security notions to quantum encryption, we generalize one of the equivalent classical definitions, comparison-based non-malleability, and show how it can be fulfilled. In addition, we further explore one-time non-malleability notions for symmetric-key quantum encryption known from the literature by defining plaintext and ciphertext variants and characterizing their relation. To show satisfiability of our presented definition, we use these refined one-time notions, as well as a post-quantum CNM scheme, to construct a hybrid scheme.

Computationally-secure and composable remote state preparation

Alexandru Gheorghiu and Thomas Vidick.

We introduce a protocol between a classical polynomial-time verifier and a quantum polynomial-time prover that allows the verifier to securely delegate to the prover the preparation of certain single-qubit quantum states. The protocol realizes the following functionality, with computational security: the verifier chooses one of the observables Z, X, Y, (X+Y)/sqrt(2), (X-Y)/sqrt(2); the prover receives a uniformly random eigenstate of the observable chosen by the verifier; the verifier receives a classical description of that state. The prover is unaware of which state he received and moreover, the verifier can check with high confidence whether the preparation was successful.

The delegated preparation of single-qubit states is an elementary building block in many quantum cryptographic protocols. We expect our implementation of “random remote state preparation with verification”, a functionality first defined in (Dunjko and Kashefi 2014), to be useful for removing the need for quantum communication in such protocols while keeping functionality.

The main application that we detail is to a protocol for blind and verifiable delegated quantum computation (DQC) that builds on the work of (Fitzsimons and Kashefi 2018), who provided such a protocol with quantum communication. Recently, both blind an verifiable DQC were shown to be possible, under computational assumptions, with a classical polynomial-time client (Mahadev 2017, Mahadev 2018). Compared to the work of Mahadev, our protocol is more modular, applies to the measurement-based model of computation (instead of the Hamiltonian model) and is composable.

Our proof of security builds on ideas introduced in (Brakerski et al. 2018).

Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability

Jan Czajkowski, Christian Majenz, Christian Schaffner and Sebastian Zur.

Game-playing proofs constitute a powerful framework for classical cryptographic security arguments, most notably applied in the context of indifferentiability. An essential ingredient in such proofs is lazy sampling of random primitives.

We develop a quantum game-playing proof framework by generalizing two recently developed proof techniques. First, we describe how Zhandry’s compressed quantum oracles~\cite{zhandry2018record} can be used to do quantum lazy sampling from non-uniform function distributions. Second, we observe how Unruh’s one-way-to-hiding lemma~\cite{unruh2015revocable} can also be applied to compressed oracles, providing a quantum counterpart to the fundamental lemma of game-playing.

Subsequently, we use our game-playing framework to prove quantum indifferentiability of the sponge construction, assuming a random internal function or a random permutation. Our results upgrade post-quantum security of SHA-3 to the same level that is proven against classical adversaries.

Composable and Finite Computational Security of Quantum Message Transmission

Fabio Banfi, Ueli Maurer, Christopher Portmann and Jiamin Zhu.

Recent research in quantum cryptography has led to the development of schemes that encrypt and authenticate quantum messages with computational security. The security definitions used so far in the literature are asymptotic, game-based, and not known to be composable. We show how to define finite, composable, computational security for secure quantum message transmission. The new definitions do not involve any games or oracles, they are directly operational: a scheme is secure if it transforms an insecure channel and a shared key into an ideal secure channel from Alice to Bob, i.e., one which only allows Eve to block messages and learn their size, but not change them or read them. By modifying the ideal channel to provide Eve with more or less capabilities, one gets an array of different security notions. By design these transformations are composable, resulting in composable security.

Crucially, the new definitions are finite. Security does not rely on the asymptotic hardness of a computational problem. Instead, one proves a finite reduction: if an adversary can distinguish the constructed (real) channel from the ideal one (for some fixed security parameters), then she can solve a finite instance of some computational problem. Such a finite statement is needed to make security claims about concrete implementations.

We then prove that (slightly modified versions of) protocols proposed in the literature satisfy these composable definitions. And finally, we study the relations between some game-based definitions and our composable ones. In particular, we look at notions of quantum authenticated encryption and QCCA2, and show that they suffer from the same issues as their classical counterparts: they exclude certain protocols which are arguably secure.

Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

Jelle Don, Serge Fehr, Christian Majenz and Christian Schaffner.

The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any so-called sigma-protocol, into a non-interactive proof in the random-oracle model.

We study this transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition.

Our main result is a generic reduction that transforms any quantum dishonest prover attacking the Fiat-Shamir transformation in the quantum random-oracle model into a similarly successful quantum dishonest prover attacking the underlying sigma-protocol (in the standard model). Applied to the standard soundness and proof-of-knowledge definitions, our reduction implies that both these security properties, in both the computational and the statistical variant, are preserved under the Fiat-Shamir transformation even when allowing quantum attacks.

Our result improves and completes the partial results that have been known so far, but it also proves wrong certain claims made in the literature.

In the context of post-quantum secure signature schemes, our results imply that for any sigma-protocol that is a proof-of-knowledge against quantum dishonest provers (and that satisfies some additional natural properties), the corresponding Fiat-Shamir signature scheme is secure in the quantum random-oracle model.

For example, we can conclude that the non-optimized version of Fish, which is the bare Fiat-Shamir variant of the NIST candidate Picnic, is secure in the quantum random-oracle model.

Fast and practical implementation of self-testing QRNG based on an energy bound **merged with** Correlations and Randomness Generation based on an Energy Constraint

Davide Rusca, Thomas van Himbeeck, Anthony Martin, Jonatan Bohr Brask, Hamid Tebyanian, Stefano Pironio, Nicolas Brunner and Hugo Zbinden.

Fast and practical implementation of self-testing QRNG based on an energy bound

**merged with**

Thomas Van Himbeeck and Stefano Pironio.

Correlations and Randomness Generation based on an Energy Constraint

In a previous paper, we introduced a semi-device-independent scheme consisting of an untrusted source sending quantum states to an untrusted measuring device, with the sole assumption that the average energy of the states emitted by the source is bounded. Given this energy constraint, we showed that certain correlations between the source and the measuring device can only occur if the outcomes of the measurement are non-deterministic, i.e., these correlations certify the presence of randomness.

In the present paper, we go further and show how to quantify the randomness as a function of the correlations and prove the soundness of a QRNG protocol exploiting this relation. For this purpose, we introduce (1) a semidefinite characterization of the set of quantum correlations, (2) an algorithm to lower-bound the Shannon entropy as a function of the correlations and (3) a proof of soundness using finite trials compatible with our energy assumption.

Efficient Randomness Certification by Quantum Probability Estimation

Yanbao Zhang, Honghao Fu, Krister Shalm, Joshua Bienfang, Martin Stevens, Michael Mazurek, Sae Woo Nam, Carlos Abellan, Waldimar Amaya, Morgan Mitchell, Carl Miller, Alan Mink and Emanuel Knill.

Applications of randomness such as private key generation and public randomness beacons require small blocks of certified random bits on demand. Device-independent quantum random number generators can produce such random bits, but existing quantum-proof protocols and loophole-free implementations suffer from high latency, requiring many hours to produce any random bits. Here we develop a broadly applicable framework, quantum probability estimation, for yielding efficient quantum-proof protocols. The framework is general and encompasses methods from previous works [Miller and Shi, SIAM Journal on Computing 46, 1304 (2017); Arnon-Friedman et al., Nature Communications 9, 459 (2018)]. Quantum probability estimation can adapt to changing experimental conditions, allows stopping the experiment as soon as the prespecified randomness goal is achieved, and can tolerate imperfect knowledge of the input distribution. Moreover, we demonstrate device-independent quantum randomness generation from a loophole-free Bell test with quantum probability estimation, obtaining multiple blocks of 512 random bits with an average experiment time of less than 5 minutes per block and with certified error bounded by $2^{-64}\approx 5.42\times 10^{-20}$.

Erasable Bit Commitment from Temporary Quantum Trust

Norbert Lütkenhaus, Ashutosh Marwah and Dave Touchette.

We introduce the idea of temporarily trusted quantum nodes. We introduce a new primitive in that model, erasable bit commitment, which is a variant on standard two-party bit commitment. We show how to implement this primitive in our new model with temporarily trusted nodes. The erasable property allows Alice, in the case that the trust period is about to expire, to ask the trusted nodes to erase her commitment in such a way that a future coalition, after the trust period, of all trusted nodes together with Bob cannot extract any information about the commitment. This is impossible classically.

A caveat is that after such an erasure, Alice is not committed to a classical value anymore. We provide a robust protocol which requires a constant number of trusted nodes and which can handle a small fraction of dishonest trusted nodes as well as implementation errors. Our approach lends itself to actual optical implementations, and requires memory during the trust period.

Security Analysis of Quantum Physical Unclonable Functions

Myrto Arapinis, Mahshid Delavar, Mina Doosti and Elham Kashefi.

Physical Unclonable Functions (PUFs) are physical devices that have unique behaviour which is hard to clone. These hardware structures are considered as an effective and feasible security primitive.

The application of a wide variety of PUF structures for different security purposes such as identification and key generation has been widely studied in the context of Classical PUFs. In addition, the quantum-readout PUF (QR-PUF) has been studied as a proposition for a quantum version of classical PUFs. In this paper, we do a comprehensive study on Quantum Physical Unclonable Functions with quantum cryptographic tools. We use a quantum game-based security framework for our analysis and we define a new class of quantum attacks, called General Quantum Emulation Attack (GQEA), applicable on current quantum-readout and hybrid quantum-classical PUFs. This class of attacks are based on using a database of inputs and outputs to emulate the action of an unknown quantum transformation on a new input. We define a concrete attack based on an existing emulation algorithm and use it to show the vulnerability of the current schemes under this attack. Furthermore, we formally define a QPUF for the first time and discuss the security of Unitary QPUFs (UQPUFs) by formally defining the unforgeability property of UQPUFs. We prove any UQPUF provides selective unforgeability property while they cannot provide unconditional and existential unforgeabilities.

Uncloneable Quantum Encryption via Oracles

Anne Broadbent and Sébastien Lord.

Quantum information is well-known to achieve cryptographic feats that are unattainable using classical information alone. Here, we add to this repertoire by introducing a new cryptographic functionality called uncloneable encryption. This functionality allows the encryption of a classical message such that two collaborating but isolated adversaries are prevented from simultaneously recovering the message, even when the encryption key is revealed. Clearly, such functionality is unattainable using classical information alone.

We formally define uncloneable encryption, and show how to achieve it using Wiesnerâ€™s conjugate coding, combined with a quantum-secure pseudorandom function (qPRF). Modelling the qPRF as a quantum oracle, we show security by adapting techniques from the quantum one-way-to-hiding lemma, as well as using bounds from quantum monogamy-of-entanglement games.

Proof-of-principle experimental demonstration of twin-field type quantum key distribution

Xiaoqing Zhong, Jianyong Hu, Marcos Curty, Li Qian and Hoi-Kwong Lo.

The twin-field (TF) quantum key distribution (QKD) protocol and its variants are highly attractive because they can beat the well-known fundamental limit of secret key rate for point-to-point (point-to-point bound) QKD without quantum repeaters. In this paper, we perform a proof-of-principle experimental demonstration of TF-QKD based on the protocol proposed by Curty et al., which removes the need for post-selection on the matching of a global phase from the original TF-QKD. Furthermore, we employ a Sagnac loop structure to overcome the major difficulty in the practical implementation of TF-QKD, namely, the need to stabilize the phase of the quantum state over kilometers of fiber. The experimental results show that the secret key rate of TF-QKD at high loss region can surpass the point-to-point bound of QKD with current technology.

Experimental Twin Field Quantum Key Distribution beyond the repeaterless secret key capacity bound

Mariella Minder, Mirko Pittaluga, George L. Roberts, Marco Lucamarini, James F. Dynes, Zhiliang Yuan and Andrew J. Shields.

We demonstrate the first experimental overcoming of the repeaterless secret key capacity (PLOB) bound through the implementation of the Twin Field Quantum Key Distribution (TF-QKD) protocol. We distribute secret keys at record channel losses (> 90 dB). We assess the prospects for real-world implementation of TF-QKD.

Experimental Twin-Field Quantum Key Distribution Through Sending-or-Not-Sending

Yang Liu, Zong-Wen Yu, Weijun Zhang, Jian-Yu Guan, Jiu-Peng Chen, Chi Zhang, Xiao-Long Hu, Hao Li, Teng-Yun Chen, Lixing You, Zhen Wang, Xiang-Bin Wang, Qiang Zhang and Jian-Wei Pan.

Channel loss is one of the most severe limitation to extend the transmission distance of quan- tum key distribution in practice. The twin-field quantum key distribution can achieve a much longer transmission distance with improving the key rate from the linear scale of channel loss in the traditional decoy-state method to the square root scale of the channel transmittance. Here we demonstrate the real-optical-fibre experimental results of twin-field quantum key distribution through the sending-or-not-sending protocol, which is fault tolerant to large misalignment error. The phase locking technology developed in the frequency transfer field is adopted to ensure Aliceâ€™s and Bobâ€™s source wavelengths are locked to each other. Phase reference pulses are used to monitor the phase difference between the channel. Further with a high performance single photon detector, we obtain the positive key rates for different distances, specifically, the obtained secure key rate at 150 km is higher than that of the measurement device independent QKD.

Operator dominance method: a simple monitoring scheme of a TF-type QKD in finite-size regime

Kento Maeda, Toshihiko Sasaki and Masato Koashi.

Quantum key distribution (QKD) with conventional optics tools is limited to a linear scaling of the repeaterless bound. Recently, twin field (TF) QKD was conjectured to beat the limit by using an untrusted central station conducting a single-photon interference detection.

So far, the effort to prove the conjecture was confined to the infinite key limit which neglected the time and cost for monitoring an adversary’s act. Here we propose a variant of TF-type QKD protocol equipped with a novel monitoring scheme and provide a finite-size-key security proof. We show that the protocol beats the linear bound in a reasonable running time of sending 10^12 pulses, which positively solves the conjecture.

Perfect zero knowledge for quantum multiprover interactive proofs

Alex Bredariol Grilo, William Slofstra and Henry Yuen.

In this work we consider the interplay between multiprover interactive proofs, quantum entanglement, and zero knowledge proofs â€” notions that are central pillars of complexity theory, cryptography, and quantum information. In particular, we study the relationship between the complexity class MIPâˆ—, the set of languages decidable by multiprover interactive proofs with quantumly entangled provers, and the class PZK-MIPâˆ—, which is the set of languages decidable by MIPâˆ— protocols that furthermore possess the perfect zero knowledge property.

Our main result is that the two classes are equal, i.e., MIPâˆ— = PZK-MIPâˆ— . This result provides a quantum analogue of the celebrated result of Ben-Or, Goldwasser, Kilian, and Wigderson (STOC 1988) who show that MIP = PZK-MIP (in other words, all classical multiprover interactive protocols can be made zero knowledge). We prove our result by showing that every MIPâˆ— protocol can be efficiently transformed into an equivalent zero knowledge MIPâˆ— protocol in a manner that preserves the completeness-soundness gap. Combining our transformation with previous results by Slofstra (Forum of Mathematics, Pi 2019) and Fitzsimons, Ji, Vidick and Yuen (STOC 2019) yields the corollary that all co-recursively enumerable languages (which include undecidable problems and every decidable problem) have zero knowledge MIPâˆ— protocols withvanishing promise gap.

Classical zero-knowledge arguments for quantum computations

Thomas Vidick and Tina Zhang.

We show that every language in QMA admits a classical-verifier, quantum-prover zero-knowledge argument system which is sound against quantum polynomial-time provers and zero-knowledge for classical (and quantum) polynomial-time verifiers. The protocol builds upon two recent results: a computational zero-knowledge proof system for languages in QMA, with a quantum verifier, introduced by Broadbent et al. (FOCS 2016), and an argument system for languages in QMA, with a classical verifier, introduced by Mahadev (FOCS 2018).

Device-independent certification of one-shot distillable entanglement

Rotem Arnon-Friedman and Jean-Daniel Bancal.

Sources producing high amounts of entanglement are essential for quantum cryptography. Given an uncharacterized source, manufactured by a possibly untrusted entity, how can we certify that it produces a lot of entanglement? We initiate the study of operational device-independent entanglement certification by presenting a device-independent protocol that lower-bounds the one-shot distillable entanglement of the remaining quantum state after the execution of the protocol. By this, the protocol certifies the amount of â€œuseful entanglementâ€ available for proceeding applications. Importantly, our protocol does not abort, with high probability, when testing realistically noisy sources.

A simple protocol for verifiable delegation of quantum computation in one round

Alex Bredariol Grilo.

The importance of being able to verify quantum computation delegated to remote servers increases with recent development of quantum technologies. In some of the proposed protocols for this task, a client delegates her quantum computation to non-communicating servers in multiple rounds of communication. In this work, we propose the first protocol where the client delegates her quantum computation to two servers in one-round of communication. Another advantage of our protocol is that it is conceptually simpler than previous protocols. The parameters of our protocol also make it possible to prove security even if the servers are allowed to communicate, but respecting the plausible assumption that information cannot be propagated faster than speed of light, making it the first relativistic protocol for quantum computation.

A numerical method for computing reliable secret key rates for device-independent quantum key distribution

René Schwonnek, Ernest Y.-Z. Tan, Ramona Wolf, Koon Tong Goh and Charles C.-W. Lim.

In this QCRYPT submission, we present a numerical toolbox that is capable of producing non-trivial lower bounds on the asymptotic secret key rate of any device-independent quantum key distribution (DIQKD) protocol. The main mechanism of our toolbox is a new method for estimating the entropy production of a quantum channel, giving rise to bounds that can be computed using the family of semidefinite programs (SDPs) known as the Navascues-Pironio-Acin (NPA) hierarchy.

Quantum advantage for probabilistic one-time programs

Marie-Christine Roehsner, Joshua Kettlewell, Tiago Batalhao, Joseph Fitzsimons and Philip Walther.

One-time programs, computer programs which self-destruct after being run only once, are a powerful building block in cryptography and would allow for new forms of secure software distribution. However, ideal one-time programs have been proved to be unachievable using either classical or quantum resources. Here we relax the definition of one-time programs to allow some probability of error in the output and show that quantum mechanics offers security advantages over purely classical resources. We introduce a scheme for encoding probabilistic one-time programs as quantum states with prescribed measurement settings, explore their security, and experimentally demonstrate various one-time programs using measurements on single-photon states. These include classical logic gates, a program to solve Yaoâ€™s millionaires problem, and a one-time delegation of a digital signature. By combining quantum and classical technology, we demonstrate that quantum techniques can enhance computing capabilities even before full-scale quantum computers are available.

Experimental demonstration of quantum advantage for one-way communication complexity with application in construction of robust quantum money

Niraj Kumar, Iordanis Kerenidis and Eleni Diamanti.

The goal of demonstrating a quantum advantage with currently available experimental systems is of utmost importance in quantum information science. While this remains elusive for quantum computation, the field of communication complexity offers the possibility to already explore and showcase this advantage for useful tasks. Here, we define such a task, the Sampling Matching problem, which is inspired by the Hidden Matching problem and features an exponential gap between quantum and classical protocols in the one-way communication model. Our problem allows by its conception a proof-of-principle photonic implementation based on encoding in the phase of coherent states of light, the use of a fixed size linear optic circuit, and single-photon detection. This enables us to demonstrate experimentally an advantage in the transmitted information resource beyond a threshold input size, which would have been impossible to reach for the original Hidden Matching problem. Our demonstration has implications in various communication and cryptographic settings.

Specifically we have used it to introduce a robust practical quantum money-scheme. Our scheme involves an honest Bank who prepares the note by independently and uniformly selecting multiple n-bit binary secret strings which are encoded into the single photon states. The note is then distributed among untrusted holders. To carry out the transaction, the note holder sends the note to the honest local verifiers of the Bank. The verifier runs the Sampling Matching scheme on some randomly selected copies of the note and forwards the classical measurement outcome to the Bank. The Bank then declares the validity of the note. Our private-key money scheme includes multiple features such as single round classical interaction of the local verifier with the Bank, optimal note re-usability (linear in the size of Bank note), linear verification circuit size, and an unconditional security against any adversary trying to forge the Bank note while tolerating the noise of up to 21.4%. The simplistic nature of our verification scheme using Sampling Matching allows for the ability to reach a maximal theoretical noise tolerance of 25%, as conjectured by Amiri et al [Phys Rev A 95, 062334].

Almost-tight and versatile security analysis of measurement-device-independent quantum key distribution

Ignatius William Primaatmaja, Emilien Lavie, Koon Tong Goh, Chao Wang and Charles Ci Wen Lim.

Measurement-device-independent quantum key distribution (MDI-QKD) is the only known QKD scheme that can completely overcome the problem of detection side-channel attacks. Yet, despite its practical importance, there is no standard approach towards proving the security of MDI-QKD. Here, we present a simple numerical method that can efficiently compute almost-tight security bounds for any discretely modulated MDI-QKD protocol. To demonstrate the broad utility of our method, we use it to analyze the security of coherent-state MDI-QKD, decoy-state MDI-QKD with leaky sources, and a variant of twin-field QKD called phase-matching QKD. In all of the numerical simulations (using realistic detection models) we find that our method gives significantly higher secret key rates than those obtained with current security proof techniques. Interestingly, we also find that phase-matching QKD using only two coherent test states is enough to overcome the fundamental rate-distance limit of QKD. Taken together, these findings suggest that our security proof method enables a versatile, fast, and possibly optimal approach towards the security validation of practical MDI-QKD systems.

Continuous Variable Quantum Key Distribution Multiplexed with High Throughput Coherent Channels

Tobias Eriksson, Takuya Hirano, Benjamin Puttnam, Georg Rademacher, Ruben LuÃs, Mikio Fujiwara, Ryo Namiki, Yoshinari Awaji, Masahiro Takeoka, Naoya Wada and Masahide Sasaki.

We show joint propagation of CV-QKD with successful secret key generation over 24 hours with 100 state-of-the-art EDFA amplified coherent WDM channels amounting to a total classical bitrate of 18.3~Tbit/s.

Chip-Based Measurement-Device-Independent Quantum Key Distribution

Henry Semenenko, Philip Sibson, Andy Hart, Mark Thompson and Chris Erven.

Measurement-device-independent quantum key distribution (MDI-QKD) offers a method of distributing shared randomness for use in symmetric key cryptography, while integrated optics provides a promising platform for ubiquitous quantum communication. This work experimentally demonstrates the use of indium phosphide (InP) devices for MDI-QKD. We generate 100 ps pulses for 2 GHz clocked, time-bin encoded BB84 states with random phases through a novel gain switching technique. By interfering two independent InP devices, we achieve 50 bps at 100 km and pre-empt the availability of integrated receivers which will increase rates through inherent scalability.

QCoSOne: a chip-based prototype for daylight free-space QKD at telecom wavelength for future satellite optical payloads

Marco Avesani, Luca Calderaro, Matteo Schiavon, Costantino Agnesi, Alberto Santamato, Andrea Stanco, Mujtaba Zahidy, Alessia Scriminich, Giulio Foletto, Giampiero Contestabile, Marco Chiesa, Alessandro Nottola, Davide Rotta, Stefano Tirelli, Massimo Artiglia, Alberto Montanaro, Marco Romagnoli, Vito Sorianello, Daniele Dequal, Giuseppe Bianco, Claudia Facchinetti, Alberto Tuozzi, Francesco Vedovato, Giuseppe Vallone and Paolo Villoresi.

Space-based quantum key distribution would allow, in the near future, secure communications be- tween parties over continental distances, complementing short-range fiber-based quantum networks. However, further demonstrations of daylight operations over free-space channels and the full compatibility with the telecom-based fiber infrastructure are still necessary. Here we present the prototype for daylight QKD at 1550 nm we developed as a demonstrator for application of QKD both on ground and in Space. Our QKD source, exploiting integrated silicon photonics technology, allows to reach a QBER of 1% during the field-test performed over a 145 m link, and represents a promising resource to design quantum optical payloads to be implemented in future satellite missions.

High-dimensional chip-to-chip entanglement distribution through multicore fibre

Daniel Llewellyn, Caterina Vigliar, Benjamin Slater, Beatrice Da Lio, Stefano Paesani, Jorge Barreto, Dondu Sahin, Massimo Borghi, John G. Rarity, Leif K. OxenlÃ¸we, Karsten Rottwitt, Jianwei Wang, Yunhong Ding, Mark G. Thompson and Davide Bacco.

In this work we report the first chip-to-chip multidimensional entanglement distribution. The faithful generation and transmission of the multidimensional quantum states relies on two main ingredients: silicon integrated photonics, offering a compelling platform for quantum information processing, and multicore fibres, which allows the reliable transmission of path encoded qudits.

On the Capacity Region of Bipartite and Tripartite Entanglement Switching and Key Distribution

Gayane Vardoyan, Saikat Guha, Philippe Nain and Don Towsley.

We study a quantum switch serving a set of users. The function of the switch is to convert bipartite entanglement generated over individual links connecting each user to the switch, into bipartite or tripartite entangled states among (pairs or groups of) users at the highest possible rates at a fixed ratio. Such entanglement can then be converted to quantum-secure shared secret bits among pairs or triples of users using E91-like Quantum Key Distribution (QKD) protocols. The switch can store a certain number of qubits in a quantum memory for a certain length of time, and can make two-qubit Bell-basis measurements or three-qubit GHZ-basis projective measurements on qubits held in the memory. We model a set of randomized switching policies. Discovering that some are better than others, we present analytical results for the case where the switch stores one qubit per user at a given time step, and find that the best policies outperform a time division multiplexing (TDM) policy for sharing the switch between bipartite and tripartite entanglement generation. This performance improvement decreases as the number of users grows. The model is easily augmented to study the capacity region in the presence of qubit decoherence, obtaining similar results. Moreover, decoherence appears to have little effect on capacity. We also study a smaller class of policies when the switch can store two qubits per user. The full manuscript can be found at https://arxiv.org/abs/1901.06786.

test 434

sdsad sad sad

test 232

test 23 232