This poster session takes place on Tue, 24 Aug, 15:30  17:30 on meetanyway.
Click link for instructions for authors of accepted posters
Download a ziparchive of all posters.
Posters presented in this session

Discretephaserandomized measurementdeviceindependent quantum key distributionZhu Cao (East China University of Science and Technology)[abstract]Abstract: Measurementdeviceindependent quantum key distribution removes all detectorside attacks in quantum cryptography, and in the meantime doubles the secure distance. The source side, however, is still vulnerable to various attacks. In particular, the continuous phase randomization assumption on the source side is normally not fulfilled in experimental implementation and may potentially open a loophole. In this work, we first show that indeed there are loopholes for imperfect phase randomization in measurementdeviceindependent quantum key distribution by providing a concrete attack. Then we propose a discretephaserandomized measurementdeviceindependent quantum key distribution protocol as a solution to close this sourceside loophole. [Phys. Rev. A 101, 062325]

Analysis of the effects of temperature increase on quantum random number generatorYuanhao Li (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Yangyang Fei (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Weilong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Xiangdong Meng (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Hong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Qianheng Duan (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Zhi Ma (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology)[abstract]Abstract: Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the superluminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase.

Quantum Computationally PredicateBinding Commitments with Application in Quantum ZeroKnowledge Arguments for NPJun Yan (Jinan University)[abstract]Abstract: A quantum bit commitment scheme is to realize bit (rather than qubit) commitment by exploiting quantum communication and quantum computation. In this work, we study the binding property of the quantum string commitment scheme obtained by composing a generic quantum computationallybinding bit commitment scheme in parallel. We show that the resulting scheme satisfies a stronger quantum computational binding property than the trivial honestbinding, which we call predicatebinding. Intuitively and very roughly, the predicatebinding property guarantees that given any inconsistent predicate pair over a set of strings (i.e. no strings in this set can satisfy both predicates), if a (claimed) quantum commitment can be opened so that the revealed string satisfies one predicate with certainty, then the same commitment cannot be opened so that the revealed string satisfies the other predicate except for a negligible probability. As an application, we plug a generic quantum perfectly(resp. statistically)hiding computationallybinding bit commitment scheme in Blum's zeroknowledge protocol for the NPcomplete language Hamiltonian Cycle. The quantum computational soundness of the resulting protocol will follow immediately from the quantum computational predicatebinding property of commitments. Combined with the perfect(resp. statistical) zeroknowledge property which can be similarly established as [Watrous], as well as known constructions of quantum computationallybinding bit commitment scheme, this gives rise to the first quantum perfect(resp. statistical) zeroknowledge argument system for all NP languages merely relying on quantumsecure oneway functions.

Quantum Receiver for PhaseShift Keying at the SinglePhoton LevelJasminder S. Sidhu (University of Strathclyde); Shuro Izumi (Technical University of Denmark); Jonas S. NeergaardNielsen (Technical University of Denmark); Cosmo Lupo (University of Sheffield); Ulrik L. Andersen (Technical University of Denmark)[abstract]Abstract: Quantum enhanced receivers are endowed with resources to achieve higher sensitivities than conventional technologies. For application in optical communications, they provide improved discriminatory capabilities for multiple nonorthogonal quantum states. In this work, we propose and experimentally demonstrate a new decoding scheme for quadrature phaseshift encoded signals. Our receiver surpasses the standard quantum limit and outperforms all previously known nonadaptive detectors at low input powers. Unlike existing approaches, the receiver only exploits linear optical elements and onoff photodetection. This circumvents the requirement for challenging feedforward operations that limit communication transmission rates and can be readily implemented with current technology.Poster presented by: Jasminder Sidhu

Quantum Private Information Retrieval for Quantum MessagesSeunghoan Song (Nagoya University); Masahito Hayashi (Southern University of Science and Technology)[abstract]Abstract: Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states. One trivial solution in both settings is downloading all states from the servers and the main goal of this paper is to find more efficient QPIR protocols. First, we prove that the trivial solution is optimal for oneserver QPIR in the blind setting. In oneround protocols, the same optimality holds even in the visible setting. On the other hand, when the user and the server share entanglement, we prove that there exists an efficient oneserver QPIR protocol in the blind setting. Furthermore, in the visible setting, we prove that it is possible to construct symmetric QPIR protocols in which the user obtains no information of the nontargeted messages. We construct twoserver symmetric QPIR protocols. Note that symmetric classical PIR is impossible without shared randomness unknown to the user.

Improving the performance of referenceframeindependent quantum key distribution through a turbulent atmosphereYang Xue (Air Force Engineering University); Lei Shi (Air Force Engineering University)[abstract]Abstract: Referenceframeindependent quantum key distribution (RFIQKD) can dispense with the requirements of active alignment on reference frames between legitimate users, which is beneficial for freespace implementation. However, the fluctuating transmittance due to atmospheric turbulence still remains a great challenge for improving the performance and has been seldom addressed. In this paper we extend the recently proposed prefixedthreshold realtime selection method to RFIQKD while combining practical consideration of the transmittance probability distribution model based on the finite aperture theory. Through numerical simulations, we present an estimation for the variance of the lognormal model with respect to distance and receiving aperture radius, and demonstrate the effectiveness of using this method in the RFI protocol. Considering the finitekey effects, simulation results show that the gap of the key rate with different reference frame deviations can be alleviated by increasing the data size. By adopting this method one can tolerate more serious transmission loss, especially in strong turbulence cases, which is helpful for future freespace experimental designs.

OnChip Quantum Autoencoder for Teleportation of HighDimensional Quantum StatesHui Zhang (Nanyang Technological University); Lingxiao Wan (Nanyang Technological University); Tobias Haug (National University of Singapore); WaiKeong Mok (National University of Singapore); Hong Cai (Institute of Microelectronics, A*STAR (Agency for Science, Technology and Research)); Muhammad Faeyz Karim (Nanyang Technological University); Kwek Leong Chuan (Nanyang Technological University; National University of Singapore; National Institute of Education, Singapore); Ai Qun Liu (Nanyang Technological University)[abstract]Abstract: Currently most quantum teleportation experiments are based on qubits. Here, we demonstrate a quantum autoencoder assisted teleportation for highdimensional quantum states. Our method of training the autoencoder allows us to take a finite sample of those states, learn how to compress them to qubits with nearly unit fidelity. After training, we can teleport any further states from the sender and reconstruct them with high fidelity on the receiver part. We verify the proposed scheme by teleporting a qutrit via a siliconphotonic chip. High fidelity is achieved between the input qutrit and the qutrit recovered from the teleported qubit.Poster presented by: Hui Zhang

Efficient verification of continuousvariable quantum states and devices without assuming identical and independent operationsYadong Wu (Hong Kong University); Ge Bai (Hong Kong University); Giulio Chiribella (Hong Kong University); Nana Liu (Shanghai Jiao Tong University)[abstract]Abstract: Continuousvariable quantum information, encoded into in finitedimensional quantum systems, is a promising platform for the realization of many quantum information protocols, including quantum computation, quantum metrology, quantum cryptography, and quantum communication. To successfully demonstrate these protocols, an essential step is the certi fication of multimode continuous variable quantum states and quantum devices. This problem is well studied under the assumption that multiple uses of the same device result into identical and independently distributed (i.i.d.) operations. However, in realistic scenarios, identical and independent state preparation and calls to the quantum devices cannot be generally guaranteed. Important instances include adversarial scenarios and instances of timedependent and correlated noise. In this paper, we propose the first set of reliable protocols for verifying multimode continuousvariable entangled states and devices in these noni.i.d scenarios.

Subexponential rate versus distance with time multiplexed quantum repeatersPrajit Dhara (Wyant College of Optical Sciences, The University of Arizona); Ashlesha Patil (Wyant College of Optical Sciences, The University of Arizona); Hari Krovi (Raytheon BBN Technologies); Saikat Guha (Wyant College of Optical Sciences, The University of Arizona)[abstract]Abstract: Shared entanglement between two remote parties is a key resource for Quantum Cryptography. Quantum communications capacity using direct transmission over length$L$ optical fiber scales as $R \sim e^{\alpha L}$, where $\alpha$ is the fiber's loss coefficient. The rate achieved using a linear chain of quantum repeaters equipped with quantum memories, probabilistic Bell state measurements (BSMs) and switches used for spatial multiplexing, but no quantum error correction was shown to surpass the directtransmission capacity. However, this rate still decays exponentially with the endtoend distance, viz., $R \sim e^{s{\alpha L}}$, with $s < 1$. We show that the introduction of temporal multiplexingi.e., the ability to perform BSMs among qubits at a repeater node that were successfully entangled with qubits at distinct neighboring nodes at {\em different} time stepsleads to a subexponential ratevs.distance scaling, i.e., $R \sim e^{t\sqrt{\alpha L}}$, which is not attainable with just spatial or spectral multiplexing. We evaluate analytical upper and lower bounds to this rate and obtain the exact rate by numerically optimizing the timemultiplexing block length and the number of repeater nodes. We further demonstrate that incorporating losses in the optical switches used to implement timemultiplexing degrades the ratevs.distance performance, eventually falling back to exponential scaling for very lossy switches. We also examine models for quantum memory decoherence and describe optimal regimes of operation to preserve the desired boost from temporal multiplexing. QM decoherence is seen to be more detrimental to the repeater's performance over switching losses.Poster presented by: Prajit Dhara

Efficient Routing in Quantum Key Distribution Networks with Trusted Nodes and RepeatersOmar Amer (University of Connecticut); Walter O. Krawec (University of Connecticut); Bing Wang (University of Connecticut)[abstract]Abstract: There are two critical challenges that must be addressed for Quantum Key Distribution (QKD) to achieve widescale adoption. First, overcoming distance limitations and second increasing secret key generation rates. Our work investigates the design of novel routing algorithms for nearfuture QKD networks to help mitigate these problems. The networks we consider also may serve as a bridge between today's QKD networks and the longterm goal of a true Quantum Internet.Poster presented by: Omar Amer

Spooky action of a global distance: analysis of spacebased entanglement distribution for the quantum internetSumeet Khatri (Louisiana State University); Anthony J. Brady (Louisiana State University); Renee A. Desporte (Louisiana State University); Manon P. Bart (Louisiana State University); Jonathan P. Dowling (Louisiana State University)[abstract]Abstract: Recent experimental breakthroughs in satellite quantum communications have opened up the possibility of creating a global quantum internet using satellite links. This approach appears to be particularly viable in the near term, due to the lower attenuation of optical signals from satellite to ground, and due to the currently short coherence times of quantum memories. The latter prevents groundbased entanglement distribution using atmospheric or opticalfiber links at high rates over long distances. In this work, we propose a globalscale quantum internet consisting of a constellation of orbiting satellites that provides a continuous, ondemand entanglement distribution service to ground stations. The satellites can also function as untrusted nodes for the purpose of longdistance quantumkey distribution. We develop a technique for determining optimal satellite configurations with continuous coverage that balances both the total number of satellites and entanglementdistribution rates. Using this technique, we determine various optimal satellite configurations for a polarorbit constellation, and we analyze the resulting satellitetoground loss and achievable entanglementdistribution rates for multiple ground station configurations. We also provide a comparison between these entanglementdistribution rates and the rates of groundbased quantum repeater schemes. Overall, our work provides the theoretical tools and the experimental guidance needed to make a satellitebased global quantum internet a reality.Poster presented by: Sumeet Khatri

Secure quantum key distribution with intensity correlationsVĂctor Zapatero (University of Vigo, Spain); Ălvaro Navarrete (University of Vigo, Spain); Marcos Curty (University of Vigo, Spain); Kiyoshi Tamaki (University of Toyama, Japan)[abstract]Abstract: In decoystatebased QKD, GHz clocked or higher frequency transmitters exhibit correlations between the intensities of succeeding pulses. As a consequence, every pulse leaks partial information about previous intensity settings to an eavesdropper, thus invalidating the fundamental principle of the decoystates method, i.e., the independent character of the yields from the intensity settings. In this work, we present a technique that allows to incorporate arbitrary intensity correlations to the decoystate analysis, thereby solving a pressing problem in the race towards practical highspeed QKD systems. As a side contribution, we present a nonstandard derivation of the asymptotic key rate formula from the nonasymptotic one, in so revealing a largely dismissed necessary condition for the significance of the former. We discuss this condition in full detail.Poster presented by: VĂctor Zapatero

Equivalence of three classical algorithms with quantum side information: Privacy amplification, error correction, and data compressionToyohiro Tsurumaru (Mitsubishi Electric Corporation)[abstract]Abstract: Privacy amplification (PA) is an indispensable component in classical and quantum cryptography. Error correction (EC) and data compression (DC) algorithms are also indispensable in classical and quantum information theory. We here study these three algorithms (PA, EC, and DC) in the presence of quantum side information, and show that they all become equivalent in the oneshot scenario. As an application of this equivalence, we take previously known security bounds of PA, and translate them into coding theorems for EC and DC which have not been obtained previously. Further, we apply these results to simplify and improve our previous result that the two prevalent approaches to the security proof of quantum key distribution (QKD) are equivalent. We also propose a new method to simplify the security proof of QKD.

A realtime experimental QKD platform for quantumsecure telecom infrastructuresJan Krause (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Benedikt Lezius (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Richard Schilling (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Jonas Hilt (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Stefan Weide (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Nino Walenta (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Nicolas Perlot (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Ronald Freund (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI)[abstract]Abstract: We present a quantum key distribution (QKD) platform targeting midrange fiber, freespace and hybrid links. With its interfaces for thirdparty postprocessing, commercial key management, encryptors and QRNG, the modular and flexible system enables easy integration into existing telecom infrastructures. Recent experiments demonstrate its seamless operation over fiber and freespace links.

Tamper Detection against Unitary OperatorsUpendra Kapshikar (Centre for Quantum Technologies, National university of Singapore); Naresh Goud Boddu (Centre for Quantum Technologies, National university of Singapore)[abstract]Abstract: We consider (Enc, Dec) schemes which are used to encode a classical/quantum message m and derive an nqubit quantum codeword Ï_m. The quantum codeword Ï_m can adversarially tamper via a unitary UâF_u from some known tampering unitary family F_u, resulting in UÏ_mUâ . Firstly, we initiate the general study of quantum tamper detection codes, which must detect that tampering occurred with high probability. In case there was no tampering, we would like to output the message m with a probability of 1. We show that quantum tamper detection codes exist for both classical messages and quantum messages for any family F_u of unitary operators, such that F_u<2^{2^{Î±n}} for some known constant Î±â(0,1) and all the unitary operators satisfy one additional condition : Far from Identity : For each UâF_u, we require that its modulus of trace value isn't too much i.e. $ Trace(U) \leq \phi N$, where N=2^n. Quantum tamperdetection codes are quantum generalizations of classical tamper detection codes studied by Jafargholi et al. Additionally for classical message m, if we must either output message m or detect that tampering occurred and output â„ with high probability, we show that it is possible without the restriction of Far from Identity condition for any family of unitary operators F_u, such that F_u<2^{2^Î±n}. We also provide efficient (Enc, Dec) schemes when the family of tampering unitary operators are from Pauli group Pn, which can be thought of as a quantum version of the algebraic manipulation detection (AMD) codes of Cramer et al.

Verifying BQP Computations on Noisy Devices with Minimal OverheadDominik Leichtle (Laboratoire dâInformatique de Paris 6, Sorbonne UniversitĂ©); Luka Music (Laboratoire dâInformatique de Paris 6, Sorbonne UniversitĂ©); Elham Kashefi (University of Edinburgh and CNRS LIP6 Sorbonne Universite); Harold Ollivier (INRIA)[abstract]Abstract: With the development of delegated quantum computation, clients will want to ensure confidentiality of their data and algorithms, and the integrity of their computations. While protocols for blind and verifiable quantum computation exist, they suffer from high overheads and from oversensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. We introduce the first blind and verifiable protocol for delegating BQP computations to a powerful server with repetition as the only overhead. It is composably statistically secure with exponentiallylow bounds and can tolerate a constant amount of global noise.

Measurementdeviceindependent quantum key distribution with directly modulated lasersYuen San Lo (Toshiba Europe Ltd and University College London); Robert Woodward (Toshiba Europe Ltd and University of York); Mirko Pittaluga (Toshiba Europe Ltd and University of Leeds); Mariella Minder (Toshiba Europe Ltd and University of Cambridge); Taofiq Paraiso (Toshiba Europe Ltd); Marco Lucamarini (Toshiba Europe Ltd); Zhiliang Yuan (Toshiba Europe Ltd); Andrew Shields (Toshiba Europe Ltd)[abstract]Abstract: We demonstrate a simple and compact MDIQKD system design based on optical injection locking and gainswitching techniques, capable of directly encoding phasemodulated timebin bits. Our results improve upon the stateoftheart key rates by an order of magnitude.

Hacking a Quantum Random Number GeneratorPeter Raymond Smith (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom); Davide Marangon (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom); Marco Lucamarini (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom;Department of Physics and York Centre for Quantum Technologies, University of York, YO10 5DD York, United Kingdom); Zhiliang Yuan (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom); Andrew Shields (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom)[abstract]Abstract: Random number generators underpin the security of current and future cryptographic systems and are therefore a likely target for attackers. Quantum random number generators have been hailed as the ultimate sources of randomness. However, as shown in this work, the susceptibility of the sensitive electronics required to implement such devices poses a serious threat to their security. We present the first outofband electromagnetic injection attack on a quantum random number generator through which an adversary can gain full control of the output. In our first experiment, the adversary forces the binary output of the generator to become an alternating string of 1s and 0s, with near 100% success. This attack may be spotted by a vigilant user performing statistical tests on their output strings. We therefore envisage a second more subtle attack in which the adversary forces the output to be a random pattern known to them, thus rendering any protection based on statistical tests ineffective.Poster presented by: Peter Raymond Smith

Practical Parallel Selftesting of Bell States via Magic RectanglesSean A. Adamson (University of Edinburgh); Petros Wallden (University of Edinburgh)[abstract]Abstract: Selftesting is a method to verify that one has a particular quantum state from purely classical statistics. For practical applications, such as deviceindependent delegated verifiable quantum computation, it is crucial that one selftests multiple Bell states in parallel while keeping the quantum capabilities required of one side to a minimum. In this work, we use the $3 \times n$ magic rectangle games (generalisations of the magic square game) to obtain a selftest for $n$ Bell states where the one side needs only to measure singlequbit Pauli observables. The protocol requires small input sizes (constant for Alice and $O(\log n)$ bits for Bob) and is robust with robustness $O(n^{5/2} \sqrt{\varepsilon})$, where $\varepsilon$ is the closeness of the observed correlations to the ideal. To achieve the desired selftest we introduce a onesidelocal quantum strategy for the magic square game that wins with certainty, generalise this strategy to the family of $3 \times n$ magic rectangle games, and supplement these nonlocal games with extra check rounds (of single and pairs of observables).

Thirtysix entangled officers of Euler and nonadditive quantum errorcorrecting codesSUHAIL AHMAD RATHER (Department of Physics, Indian Institute of Technology Madras, Chennai 600036, India); ADAM BURCHARDT (Institute of Theoretical Physics, Jagiellonian University, ul. Lojasiewicza 11, 30348 Krakow, Poland); WOJCIEH BRUZDA (Institute of Theoretical Physics, Jagiellonian University, ul. Lojasiewicza 11, 30348 Krakow, Poland); GRZEGORZ RACHEL MIELDZIOC (Center for Theoretical Physics, Polish Academy of Sciences, Al. Lotnikow 32/46, 02668 Warszawa, Poland); ARUL LAKSHMINARAYAN (Department of Physics, Indian Institute of Technology Madras, Chennai 600036, India); KAROL ZYCZKOWSKI (Center for Theoretical Physics, Polish Academy of Sciences, Al. Lotnikow 32/46, 02668 Warszawa, Poland)[abstract]Abstract: The negative solution to the famous problem of 36 officers of Euler implies that there are no two orthogonal Latin squares of order six. We show that the problem has a solution, provided the officers are entangled, and construct orthogonal quantum Latin squares of this size. As a consequence, we find an Absolutely Maximally Entangled state AME(4,6) of four subsystems with six levels each, equivalently a 2unitary matrix of size 36, which maximizes the entangling power among all bipartite unitary gates of this dimension, or a perfect tensor with four indices, each running from one to six. This special state deserves the appellation golden AME state as the golden ratio appears prominently in its elements. This result allows us to construct a pure nonadditive quhex quantum error detection code ((3,6,2))_6, which saturates the Singleton bound and allows one to encode a 6level state into a triplet of such states.Poster presented by: Suhail Ahmad Rather

A MultiValued Quantum Fully Homomorphic Encryption SchemeYuanjing Zhang (Beihang University); Tao Shang (Beihang University); Jianwei Liu (Beihang University)[abstract]Abstract: Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a noninteractive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multivalued quantum point obfuscation. One is with singlequbit point obfuscation and the other is with multiqubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators.

Secure Software Leasing Without AssumptionsAnne Broadbent (University of Ottawa); Stacey Jeffery (QuSoft and CWI); SĂ©bastien Lord (University of Ottawa); Supartha Podder (University of Ottawa); Aarthi Sundaram (Microsoft)[abstract]Abstract: Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit C from a circuit class, SSL produces an encoding of C that enables a recipient to evaluate C, and also enables the originator of the software to verify that the software has been returned  meaning that the recipient has relinquished the possibility of any further use of the software. Clearly, such a functionality is unachievable using classical information alone, since it is impossible to prevent a user from keeping a copy of the software. Recent results have shown the achievability of SSL using quantum information for a class of functions called computeandcompare (these are a generalization of the wellknown point functions). These prior works, however all make use of setup or computational assumptions. Here, we show that SSL is achievable for computeandcompare circuits without any assumptions. Our technique involves the study of quantum copyprotection, which is a notion related to SSL, but where the encoding procedure inherently prevents a wouldbe quantum software pirate from splitting a single copy of an encoding for C into two parts, each of which enables a user to evaluate C. We show that point functions can be copyprotected without any assumptions, for a novel security definition involving one honest and one malicious evaluator; this is achieved by showing that from any quantum message authentication code, we can derive such an honestmalicious copyprotection scheme. We then show that a generic honestmalicious copyprotection scheme implies SSL; by prior work, this yields SSL for computeandcompare functions.Poster presented by: SĂ©bastien Lord

Quantum Key Distribution with Few AssumptionsMarie Ioannou (GAP, University of Geneva); Maria Ana Pereira (GAP, University of Geneva); Davide Rusca (GAP, University of Geneva); Fadri GrĂŒnenfelder (GAP, University of Geneva); Alberto Boaron (GAP, University of Geneva); Matthieu Perrenoud (GAP, University of Geneva); Alastair A. Abbott (GAP, University of Geneva); Pavel Sekatski (GAP, University of Geneva); JeanDaniel Bancal (UniversitĂ© ParisSaclay, CEA, CNRS); Nicolas Maring (GAP, University of Geneva); Hugo Zbinden (GAP, University of Geneva); Nicolas Brunner (GAP, University of Geneva)[abstract]Abstract: We investigate a class of partially deviceindependent quantum key distribution protocols based on a prepareandmeasure setup which simplifies their implementation. The security of the protocols is based on the assumption that Aliceâs prepared states have limited overlaps, but no explicit bound on the Hilbert space dimension is required. The protocols are therefore immune to attacks on Bobâs device, such as blinding attacks. The users can establish a secret key while continuously monitoring the correct functioning of their devices through observed statistics. We report a proof ofprinciple demonstration, involving mostly offtheshelf equipment, as well as a highefficiency superconducting nanowire detector. A positive key rate is demonstrated over a 4.8km lowloss optical fiber with finitekey analysis. The prospects of implementing these protocols over longer distances is discussed.

A noninteractive XOR quantum oblivious transfer protocolLara Stroh (HeriotWatt University); Robert StĂĄrek (PalackĂœ University Olomouc); Ittoop V. Puthoor (HeriotWatt University); Michal MiÄuda (PalackĂœ University Olomouc); Ladislav MiĆĄta (PalackĂœ University Olomouc); Miloslav DuĆĄek (PalackĂœ University Olomouc); Erika Andersson (HeriotWatt University)[abstract]Abstract: Oblivious transfer (OT) is an important cryptographic primitive for transmitting information between two nontrusting parties and can be used as basic building block to implement any twoparty computation. One variant of OT is XOR oblivious transfer (XOT), where the sender Alice has two bits and sends them to the receiver Bob. Bob will obtain either the first bit, the second bit, or their XOR. In an honest run of the protocol, Bob should not learn anything more than this, and Alice should not be able to tell what Bob has learned. Unfortunately, perfect quantum OT is impossible with informationtheoretic security, so we focus on obtaining the smallest possible cheating probabilities for dishonest parties, when there are no restrictions imposed on them. We present a noninteractive quantum XOT protocol with classical postprocessing, where the cheating probabilities are 1/2 for Alice and 3/4 for Bob. Reversing this protocol, so that Bob becomes the sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob, we show that the cheating probabilities for both parties stay the same as for the unreversed protocol. The reversed protocol is even easier to implement. The quantum XOT protocol outperforms classical XOT protocols. Lastly, we are in the process of implementing both the unreversed and the reversed protocol experimentally.

Improved deviceindependent randomness expansion rates from tight bounds on the two sided randomness using CHSH testsRutvij Bhavsar (University of York); Sammy Ragy (University of York); Roger Colbeck (University of York)[abstract]Abstract: A deviceindependent randomness expansion protocol aims to take an initial random string and generate a longer one, where the security of the protocol does not rely on knowing the inner workings of the devices used to run it. In order to do so, the protocol tests that the devices violate a Bell inequality and one then needs to bound the amount of extractable randomness in terms of the observed violation. The entropy accumulation theorem gives a bound in terms of the singleround von Neumann entropy of any strategy achieving the observed score. Tight bounds on this are known for the onesided randomness when using the ClauserHorneShimonyHolt (CHSH) game. Here we find the minimum von Neumann entropies for a given CHSH score relevant for one and two sided randomness that can be applied to various protocols. In particular, we show the gain that can be made by using the twosided randomness and by using a protocol without spotchecking where the input randomness is recycled. We also discuss protocols that fully close the locality loophole while expanding randomness. Although our bounds are mostly numerical, we conjecture analytic formulae for the curves in two cases.Poster presented by: Rutvij Bhavsar

Coherent phase fluctuations suppression for realworld twinfield quantum key distributionIvo Pietro Degiovanni (INRIM Istituto Nazionale di Ricerca Metrologica); Cecilia Clivati (INRIM Istituto Nazionale di Ricerca Metrologica); Alice Meda (INRIM Istituto Nazionale di Ricerca Metrologica); Simone Donadello (INRIM Istituto Nazionale di Ricerca Metrologica); Salvatore Virziâ (INRIM Istituto Nazionale di Ricerca Metrologica); Marco Genovese (INRIM Istituto Nazionale di Ricerca Metrologica); Filippo Levi (INRIM Istituto Nazionale di Ricerca Metrologica); Alberto Mura (INRIM Istituto Nazionale di Ricerca Metrologica); Davide Calonico (INRIM Istituto Nazionale di Ricerca Metrologica); Mirko Pittaluga (Toshiba Europe Ltd, Cambridge, U.K.); Zhiliang Yuan (Toshiba Europe Ltd, Cambridge, U.K.); Andrew Shields (Toshiba Europe Ltd, Cambridge, U.K.); Marco Lucamarini (University of York)[abstract]Abstract: Quantum key distribution (QKD) ensures the sharing of secret cryptographic keys between distant entities (typically called Alice and Bob), whose intrinsic security is guaranteed by the laws of nature [1â3]. Besides pioneering experiments involving satellite transmission [4], the challenge is the integration of this technology in telecommunication fiber networks, in particular in long haul segments [5â11]. The longest achievable communication distance is limited by the channel loss which increases exponentially with the fiber length and noise in the deployed single photon detector. The secure QKD key rate decreases exponentially with the channel fiber length. Although the communication distance could be extended using quantum repeaters, the related research is still at a proofofprinciple level [12]. Presently the widely adopted solution is the exploitation of trusted nodes, whose security represents however a significant technical issue. An innovative approach that overcomes, at least partially, the need for trusted node is represented by the recently proposed QKD protocol dubbed twinfield QKD (TFQKD) [13]. In TFQKD, the information is encoded on dim laser pulses generated at distant Alice and Bob terminals and sent through optical fiber over half of the entire communication distance to the central node, Charlie, where they interfere. For this reason, the TFQKD has weaker dependence on channel losses, essentially doubling the communication distance with respect to the conventional prepareandmeasure QKD solution. TFQKDhas been proved secure against general attacks (see e.g. [14â18]), but its implementation is challenging as the optical pulses sent by Alice and Bob are required to be phasecoherent and preserve coherence when reaching Charlie after travelling the long fiber paths. While phase coherence can be achieved by phaselocking the two QKD lasers in Alice and Bob to a common reference laser transmitted through a service channel, uncorrelated phase changes due to the length and refractive index fluctuations in the long optical fibers still remain and will reduce the visibility of the interference measurement. In the TFQKD proofofprinciple experiments [19â26], this effect was mitigated by interleaving the QKD frames with classical transmission frames that were used to periodically realign the phases of interfering pulses. Here we present an alternative solution derived from the metrological research community, more precisely from atomic clocks comparison technology. Specifically, transmission of coherent laser radiation over thousandkilometerlong fibers is exploited for the comparison of distant atomic clocks at the highest accuracy [27â32]. In this case phase fluctuations in long fiber also need to be addressed, othewise they would substantially degrade the comparison results. Precise comparison among these atomic clocks are made possible by the use of ultrastable lasers and the active cancellation of the noise introduced by connecting fibers. Here we demonstrate that this technique can be successfully adapted into a TFQKD setup. More specifically, we designed and developed an apparatus suitable for actively cancelling phase fluctuations of both the lasers and of the connecting fibers in a TFQKD setup. This is achieved by transmitting an additional sensing laser light at a slightly different wavelength in the same fiber as the QKD dim pulses. In Charlie, this sensing laser is used for the fiber optical length stabilisation. We show that this multiplexed solution can be properly tuned in order to avoid a sizeable impact on the number of background photons observed by the singlephoton detectors in the QKD channels, allowing simultaneous key streaming and channels stabilization, ensuring longer dutycycles of the QKD process and a tighter control of the optical phase on longhaul deployed fibers. Furthermore, we tested our solution in a realworld network where the net losses between Alice and Bob are as high as 65 dB, resulting here in a distance of 206 km, or equivalent at 325 km on a fiber haul at common nominal losses of 0.2 dB/km [33]. References [1] Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7â11 (2014). [2] Scarani, V. et al. The security of practical quantum key distribution. Rev. Mod. Phys. 81, 1301 (2009). [3] Kwong Lo, H., Curty, M. & Tamaki, K. Secure quantum key distribution. Nature Photonics 8, 595604 (2014). [4] Liao, SK., Cai, WQ., Pan, JW. Satellitetoground quantum key distribution, Nature 549, 4347 (2017) [5] Peev, M. et al. The SECOQC quantum key distribution network in Vienna, New J. Phys. 11, 075001 (2009). [6] Sasaki, M. et al. Field test of quantum key distribution in the Tokyo QKD Network. Opt. Expr. 19, 10387 (2011). [7] Dynes, J. F. et al. Cambridge quantum network. npj Quantum Inf. 5, 101 (2019). [8] Shimizu K., et al. Performance of longdistance quantum key distribution over 90km optical links installed in a field environment of Tokyo metropolitan area. J. Lightwave Technol. 32,, 14151 (2014). [9] Bacco, D. et al. Field trial of a threestate quantum key distribution scheme in the Florence metropolitan area. EPJ Quantum Technol.6, 5 (2019). [10] Choi, I. et al. Field trial of a quantum secured 10 Gb/s DWDM transmission system over a single installed fiber. Opt. Expr 22, 2312123128 (2014). [11] Dixon, A. R. et al. Quantum key distribution with hacking countermeasures and long term field trial, Sci. Rep. 7, 7583 (2017). [12] Xu, F., Ma, X., Zhang, Q., Lo, HK. & Pan, JW. Secure quantum key distribution with realistic devices. Rev. Mod. Phys. 92, 025002 (2020) [13] Lucamarini, M., Yuan, Z. L., Dynes, J. F., Shields, A. J. Overcoming the ratedistance limit of quantum key distribution without quantum repeaters. Nature 557, 400403 (2018). [14] Ma, X. Zeng, P., & Zhou, H. PhaseMatching Quantum Key Distribution. Phys. Rev. X 8, 031043 (2018). [15] Wang, XB., Yu, ZW. & Hu, XL. Twinfield quantum key distribution with large misalignment error. Phys. Rev. A 98, 062323 (2018). [16] Lin J. & Lutkenhaus, N. Simple security analysis of phasematching measurementdeviceindependent quantum key distribution. Phys. Rev. A 98, 042332 (2018); [17] Curty, M., Azuma, K. & Lo, H.K. Simple security proof of twinfield type quantum key distribution protocol. npj Quantum Inf. 5, 64 (2019) [18] Yin, HL. & Chen, ZB. Finitekey analysis for twinfield quantum key distribution with composable security, Sci Rep. 9, 17113 (2019). [19] Wang, S. et al. Beating the Fundamental RateDistance Limit in a ProofofPrinciple Quantum Key Distribution System. Phys. Rev. X 9, 021046 (2019) [20] Minder, M. et al. Experimental quantum key distribution beyond the repeaterless secret key capacity. Nature Photon. 13, 334338 (2019) [21] X. Zhong, Hu, J., Curty, M., Qian, L. & Lo, HK. ProofofPrinciple Experimental Demonstration of TwinField Type Quantum Key Distribution. Phys. Rev. Lett. 123, 100506 (2019) [22] Chen, JP. et al. SendingorNotSending with Independent Lasers: Secure TwinField Quantum Key Distribution over 509 km. Phys. Rev. Lett. 124, 070501 (2020). [23] Fang, XT., et al. Implementation of quantum key distribution surpassing the linear rate transmittance bound. Nature Photon 14, 422425 (2020). [24] Pittaluga M, et al., 600 km repeaterlike quantum communications with dualband stabilisation, arXiv:2012.15099 (2020) [25] Hui Liu et al., Field Test of TwinField Quantum Key Distribution through SendingorNotSending over 428 km, arXiv:2101.00276 (2021) [26] JiuPeng Chen et al., TwinField Quantum Key Distribution over 511 km Optical Fiber Linking two Distant Metropolitans, arXiv:2102.00433 (2021) [27] Clivati, C. et al. Optical frequency transfer over submarine fiber links. Optica 5, 893 (2018). [28] Clivati, C. et al. Commonclock very long baseline interferometry using a coherent optical fiber link. Optica 7, 10311037 (2020) [29] Grotti, J. et al. Geodesy and metrology with a transportable optical clock. Nature Physics 14, 437441 (2018). [30] Lisdat, C. et al. A clock network for geodesy and fundamental science. Nat.Comm. 7, 12443 (2016). [31] Delva, P. et al. Test of Special Relativity Using a Fiber Network of Optical Clocks, Phys. Rev. Lett. 118, 221102 (2017). [32] Guena, J. First international comparison of fountain primary frequency standards via a long distance optical fiber link. Metrologia 54, 348 (2017). [33] Clivati, C. et al. Coherent phase transfer for realworld twinfield quantum key distribution, arXiv:2012.15199 (2021)

Thermal State Quantum Key DistributionAdam Walton (University of Leeds); Benjamin Varcoe (University of Leeds); David Jennings (University of Leeds); Anne GhesquiĂšre (University of Leeds)[abstract]Abstract: A central broadcast Quantum Key Distribution protocol employs a thermal source to produce a secret key between Alice and Bob in the presence of an eavesdropper, Eve. Intensity correlations arising due to the Hanbury Brown and Twiss effect are used to produce correlated strings of quadrature measurements between each party, which may then be converted into bit strings. Using analytic methods, as well as through Monte Carlo simulations, we find that the correlations survive a series of beam splitters, and that the bit strings produced are suitable for distilling into a shared key. As thermal sources are already regularly used in modern communications equipment, this may allow quantum key distribution to be performed without using specialist equipment, with future work focusing on experimental implementations of the protocol in the microwave region.

Resourceefficient energy test and parameter estimation in continuousvariable quantum key distributionCosmo Lupo (University of Sheffield)[abstract]Abstract: Symmetry plays a fundamental role in the security analysis of quantum key distribution (QKD). Here we review how symmetry is exploited in continuousvariable (CV) QKD to prove the optimality of Gaussian attacks in the finitesize regime. We then apply these results to improve the efficiency, and thus the key rate, of these protocols. First we show how to improve the efficiency and practicality of the energy test, which is one important routine aimed at establishing an upper bound on the effective dimensions of the otherwise infinitedimensional Hilbert space of CV systems. Second, we show how the routine of parameter estimation can be made resource efficient in measurementdevice independent (MDI) QKD. These results show that all the raw data can be used both for key extraction and for the routines of energy test and parameter estimation. Furthermore, the improved energy test does not require active symmetrization of the measured data, which can be computationally demanding.

Improved analytical bounds on delivery times of longdistance entanglementTim Coopmans (QuTech (Delft University of Technology)); Sebastiaan Brand (Leiden University); David Elkouss (QuTech (Delft University of Technology))[abstract]Abstract: The fundamental distance limit for quantum key distribution due to photon loss can be overcome by intermediate nodes called quantum repeaters. We provide analytical bounds on the mean and quantiles of the entanglement delivery time for a very general class of repeater schemes, which significantly improve upon existing work. Our bounds enable the analytical assessment of repeater in the presence of timedependent noise, such as imperfect memories, and are useful for the design and analysis of network sizes beyond the reach of numerics.Poster presented by: Tim Coopmans

Fidelity Bounds for DeviceIndependent Advantage DistillationThomas Hahn (ETH ZĂŒrich); Ernest Y.Z. Tan (ETH ZĂŒrich)[abstract]Abstract: It is known that advantage distillation (that is, information reconciliation using twoway communication) improves noise tolerances for quantum key distribution (QKD) setups. Twoway communication is hence also of interest in the deviceindependent case, where noise tolerance bounds for oneway error correction are currently too low to be experimentally feasible. Existing security proofs for deviceindependent advantage distillation rely on fidelityrelated security conditions, but previous bounds on the fidelity were not tight. We improve on those results by developing an algorithm that returns arbitrarily tight lower bounds on the fidelity. Our results give new insight on how strong the fidelityrelated security conditions are. Finally, we conjecture a necessary security condition that naturally complements the existing sufficient conditions.Poster presented by: Thomas A. Hahn

Quantum Keyless Private Communication vs. Quantum Key Distribution for Space LinksAngeles VazquezCastro (Autonomous University of Barcelona and Centre for Space Research (CERES) of Institut dâEstudis Espacials de Catalunya (IEECUAB)); Davide Rusca (Group of Applied Physics, Univ. of Geneva); Hugo Zbinden (Group of Applied Physics, Univ. of Geneva)[abstract]Abstract: We study information theoretical security for space links between a satellite and a groundstation. Quantum key distribution (QKD) is a well established method for information theoretical secure communication, giving the eavesdropper unlimited access to the channel and technological resources only limited by the laws of quantum physics. But QKD for space links is extremely challenging, the achieved key rates are extremely low, and daytime operating impossible. However, eavesdropping on a channel in freespace without being noticed seems complicated, given the constraints imposed by orbital mechanics. If we also exclude eavesdropper's presence in a given area around the emitter and receiver, we can guarantee that he has only access to a fraction of the optical signal. In this setting, quantum keyless private (direct) communication based on the wiretap channel model is a valid alternative to provide information theoretical security. Like for QKD, we assume the legitimate users to be limited by stateoftheart technology, while the potential eavesdropper is only limited by physical laws: either by specifying her detection strategy (Helstrom detector) or by bounding her knowledge, assuming the most powerful strategy through the Holevo information. Nevertheless, we demonstrate information theoretical secure communication rates (positive keyless private capacity) over a classicalquantum wiretap channel using onokeying of coherent states. We present numerical results for a setting equivalent to the recent experiments with the Micius satellite and compare them to the fundamental limit for the secret key rate of QKD. We obtain much higher rates compared with QKD with exclusion area of less than 13 meters for Low Earth Orbit (LEO) satellites. Moreover, we show that the wiretap channel quantum keyless privacy is much less sensitive to noise and signal dynamics and daytime operation is possible.Poster presented by: Angeles VazquezCastro

Quantumaccess security of the Winternitz onetime signature schemeChristian Majenz (Centrum Wiskunde & Informatica, QuSoft); Chanelle Matadah Manfouo (African Institute for Mathematical Science & Quantum Leap Africa, Rwanda); Maris Ozols (University of Amsterdam and QuSoft)[abstract]Abstract: Quantumaccess security, where an attacker is granted superposition access to secretkeyed functionalities, is a fundamental security model and its study has inspired results in postquantum security. We revisit, and fill a gap in, the quantumaccess security analysis of the Lamport onetime signature scheme (OTS) in the quantum random oracle model (QROM) by Alagic et al. (Eurocrypt 2020). We then go on to generalize the technique to the Winternitz OTS. Along the way, we develop a tool for the analysis of hash chains in the QROM based on the superposition oracle technique by Zhandry (Crypto 2019) which might be of independent interest.Poster presented by: Chanelle Matadah Manfouo

Robust Self Testing of All Pure Bipartite Maximally Entangled States via Quantum SteeringHarshank Shrotriya (Centre for Quantum Technologies, NUS); Kishor Bharti (Centre for Quantum Technologies, NUS); LeongChuan Kwek (Centre for Quantum Technologies, NUS)[abstract]Abstract: The idea of selftesting is to render guarantees concerning the inner workings of a device based on the measurement statistics. It is one of the most formidable quantum certification and benchmarking schemes. Here, we have shown that any bipartite pure entangled state can be selftested through Quantum Steering. Analogous to the tilted CHSH inequality, we use a steering inequality called Tilted Steering Inequality for selftesting any pure twoqubit entangled state. We have further used this inequality to selftest any bipartite pure entangled state by certifying twodimensional subspaces of the qudit state by observing the structure of the set of assemblages obtained on the trusted side after measurements are made on the untrusted side. Finally, as a novel feature of self testing via steering, we use the notion of Assemblage based Robust Self Testing to provide robustness bounds for the self testing result in the case of pure maximally entangled states of any local dimension.

Experiment on scalable multiuser Sagnac twinfield quantum key distribution networkXiaoqing Zhong (University of Toronro); Wenyuan Wang (University of Toronto); Reem Mandil (University of Toronto); Li Qian (University of Toronto); HoiKwong Lo (University of Toronto; University of Hong Kong)[abstract]Abstract: Twinfield quantum key distribution (TFQKD) systems have shown great promise for implementing practical longdistance secure quantum communication due to its measurementdeviceindependent nature and its ability to offer fundamentally superior rateloss scaling than conventional pointtopoint QKD systems. A surge of research has produced many variants of protocols and experimental demonstrations. To make TFQKD more applicable in quantum communication, a study of TFQKD in a networking setting is essential. In this work, we experimentally demonstrate a proofofprinciple Sagnacinterferometer based TFQKD network with three users and one untrusted central node. We show that our network enables users to share secure keys with channel losses up to 58dB, and channel loss asymmetric up to 15dB. In some cases, the secure key rates still beat the rateloss bounds for conventional pointtopoint repeaterless QKD systems. It is to our knowledge the first multiuserpair TFQKD network demonstration, an important step in advancing quantum communication network technologies.

Measurement deviceindependent quantum key distribution with timedependent source sidechannelsAmita Gnanapandithan (University of Toronto); Eli Bourassa (University of Toronto); Li Qian (University of Toronto); HoiKwong Lo (University of Toronto)[abstract]Abstract: We identify a timedependent passive source sidechannel in common measurementdeviceindependent quantum key distribution implementations that rely on Faraday mirrors for stable phase modulation. We model the timedependence of the side channel and use this information in conjunction with a recently developed numerical security proof technique based on semidefinite programming to quantify the impact on the secure key rate of the protocol. We explore the sensitivity of security to the parameters of the side channel and the choice of model for the signal.

Towards experimental implementation of symmetric private information retrieval with measurementdeviceindependent quantum networkChao Wang (National University of Singapore); Wen Yu Kon (National University of Singapore); Charles Lim (National University of Singapore)[abstract]Abstract: Quantum key distribution (QKD) provides a practical method for distant parties to establish identical and secret keys. However, how quantum technologies can be practically used to protect user privacy with provable security remains an open question. Here, we report the first steps of our efforts to experimentally implement a symmetric private information retrieval (SPIR) scheme with QKD keys for fingerprint data retrieval. In the QKD layer, a threeuser Measurementdeviceindependent QKD network is utilised for secure key distribution among the enquirer and data centres. In the application layer, an informationtheoretically secure SPIR protocol is implemented to ensure both the privacy of the enquirer and the security of the database. Preliminary experimental results of the MDI QKD network implementation is presented, and simulations of the SPIR+QKD performance are also shown based on the experimental characterisation data.

Generalised DecoyState Scheme for Rigorous Characterization of SinglePhoton DetectorsGong Zhang (National University of Singapore); Haibo Wang (National University of Singapore); Jishen Zhang (National University of Singapore); Chao Wang (National University of Singapore); Haiwen Xu (National University of Singapore); Yan Liang (University of Shanghai for Science and Technology); Charles CiWen Lim (National University of Singapore); Xiao Gong (National University of Singapore)[abstract]Abstract: Characterizing the singlephoton detection efficiency (SPDE) of a singlephoton detector (SPD) is an essential but nontrivial task for various applications. Conventional methods require detailed detector models to calculate the estimated SPDE, which are not always available. In this work, a generalized method based on decoystate for accurate characterization of SPDs is proposed and experimentally demonstrated. This work provides a new toolbox for rigorous SPD characterization with relaxed assumptions on the detector model, opening new possibilities in device calibration standards and quantum information applications.

Secure TwoParty Quantum Computation Over Classical ChannelsMichele Ciampi (The University of Edinburgh); Alexandru Cojocaru (Inria); Elham Kashefi (The University of Edinburgh and Sorbonne Universite); Atul Mantri (University of Maryland)[abstract]Abstract: Secure twoparty computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output of the computation. In this work, we take the first steps towards understanding the setting where: 1) the two parties (Alice and Bob) can communicate only via a classical channel, 2) the input of Bob is quantum and 3) the input of Alice is classical. Our first result indicates that in this setting it is in general impossible to realize a twoparty quantum functionality with blackbox simulation in the case of malicious quantum adversaries. In particular, we show that the existence of a secure protocol that relies only on classical channels would contradict the quantum nocloning argument. We circumvent this following three different approaches. The first is by considering a weaker security notion called onesided simulation security. This notion protects the input of one party (the quantum Bob) in the standard simulationbased sense, and protects the privacy of the other party's input (the classical Alice). We realize our protocol relying on the learning with errors assumption. As a result, we put forward a first construction of secure onesided quantum twoparty computation over classical networks. The second way to circumvent the impossibility result, while at the same time providing standard simulationbased security also against Bob, is by assuming that the quantum input has an efficient classical representation. Finally, we focus our attention on the class of zeroknowledge functionalities, and provide a protocol for such a class for specific QMA relations. We note that the direct implication of our result is that Mahadev's protocol for classical verification of quantum computations (FOCS'18) can be turned into a zeroknowledge proof of quantum knowledge protocol with classical verifiers. To the best of our knowledge, we are the first to instantiate such a primitive.

Efficient Construction of Quantum Physical Unclonable Functions with Unitary tdesignsNiraj Kumar (University of Edinburgh); Rawad Mezher (University of Edinburgh); Elham Kashefi (University of Edinburgh)[abstract]Abstract: Quantum physical unclonable functions, or QPUFs, are rapidly emerging as theoretical hardware solutions to provide secure cryptographic functionalities such as key exchange, message authentication, entity identification among others. Recent works have shown that in order to provide provable security of these solutions against any quantum polynomial time adversary, QPUFs are required to be a unitary sampled uniformly randomly from the Haar measure. This however is known to require an exponential amount of resources. In this work, we propose an efficient construction of these devices using unitary tdesigns, called QPUF_t. Along the way, we modify the existing security definitions of QPUFs to include efficient constructions and showcase that QPUF_t still retains the provable security guarantees against a bounded quantum polynomial adversary with tquery access to the device. This also provides the first use case of unitary tdesign construction for arbitrary t, as opposed to previous applications of tdesigns where usually a few (relatively low) values of t are known to be useful for performing some task. We study the noiseresilience of QPUF_t against specific types of noise, unitary noise, and show that some resilience can be achieved particularly when the error rates affecting individual qubits become smaller as the system size increases. To make the noise resilience more realistic and meaningful, we conclude that some notion of error mitigation or correction should be introduced.

Quantum Measurement AdversaryDivesh Aggarwal (Centre for Quantum Technologies, National university of Singapore); Naresh Goud Boddu (Centre for Quantum Technologies, National university of Singapore); Rahul Jain (Centre for Quantum Technologies, National university of Singapore); Maciej Obremski (Centre for Quantum Technologies, National university of Singapore)[abstract]Abstract: Multisourceextractors are functions that extract uniform randomness from multiple (weak) sources of randomness. With the advent of quantum computers, it is natural to investigate the security of multisourceextractors against adversaries with quantum sideinformation on the sources of randomness (potentially generated using quantum entanglement). Quantum multi sourceextractors were considered by Kasher and Kempe (for the quantumindependent adversary and the quantumboundedstorageadversary), Chung, Li, and Wu (for the general entangledadversary), and ArnonFriedman, Portmann, and Scholz (for the quantumMarkov adversary). In this work, we propose two new models of adversaries, the quantummeasurementadversary (qmadv) and the quantumcommunicationadversary (qcadv). qmadv generates sideinformation postmeasurement outcomes and qcadv generates sideinformation using a communication protocol. We show that: 1. qmadv is the strongest adversary among all the known adversaries, in the sense that the sideinformation of all other adversaries can be generated by qmadv. 2. The (generalized) innerproduct function (in fact a general class of twowise independent functions) continue to work as a good extractor against qmadv (with matching parameters as that of Chor and Goldreich against classicaladversaries). 3. A nonmalleable extractor proposed by Li (against classicaladversaries) continues to be secure against quantum sideinformation. A nonmalleable extractor (nmext) for two sources (X, Y) is an extractor such that nmext(X, Y) is uniform and independent of nmext(X, Y')YY', where Y' is not equal to Y and Y' is generated by the adversary using Y and the sideinformation on X. 4. A modification (not needing any local uniform randomness) of the Dodis and Wich's protocol for privacyamplification is secure against active quantum adversaries. This strengthens on a recent result due to Aggarwal, Chung, Lin, and Vidick which uses local uniform randomness. 5. As a byproduct, we reproduce the quantum communication complexity lower bound for the (generalized) innerproduct function via different proof techniques.

Provablysecure quantum randomness expansion with untrusted homodyne detection secure against quantum sideinformationIgnatius William Primaatmaja (Centre for Quantum Technologies); Jianran Zhang (National University of Singapore); Jing Yan Haw (National University of Singapore); Raymond Ho (National University of Singapore); Gong Zhang (National University of Singapore); Chao Wang (National University of Singapore); Charles CiWen Lim (National University of Singapore)[abstract]Abstract: Quantum random number generators (QRNGs) could generate numbers that are certifiably random even to a potential adversary who holds some sideinformation. However, many QRNGs require extremely precise characterisation of the source of the quantum states and the measurement apparatus. In this work, we propose a semideviceindependent QRNG protocol with untrusted homodyne detection. We show that our protocol is secure against quantum sideinformation, taking into account finitesize effects without making any assumption on the measurement device.

Oneshot inner bounds for sending private classical information over a quantum MACSayantan Chakraborty (Tata Institute of Fundamental Research, Mumbai); Aditya Nema (Nagoya University); Pranab Sen (Tata Institute of Fundamental Research, Mumbai)[abstract]Abstract: We provide the first inner bounds for sending private classical information over a quantum multiple access channel. We do so by using three powerful information theoretic techniques: rate splitting, quantum simultaneous decoding for multiple access channels, and a novel smoothed distributed covering lemma for classical quantum channels. Our inner bounds are given in the one shot setting and accordingly the three techniques used are all very recent ones specifically designed to work in this setting. The last technique is new to this work and is our main technical advancement. For the asymptotic iid setting, our one shot inner bounds lead to the natural quantum analogue of the best classical inner bounds for this problem.Poster presented by: Sayantan Chakraborty

Improved and Formal Proposal for Device Independent Quantum Private QueryJyotirmoy Basak (Indian Statistical Institute, Kolkata); Kaushik Chakraborty (The University of Edinburgh); Arpita Maitra (TCG Centre for Research and Education in Science and Technology, India); Subhamoy Maitra (Indian Statistical Institute, Kolkata)[abstract]Abstract: We propose a novel Quantum Private Query (QPQ) scheme using EPRpairs with full Device Independent (DI) certification. To the best of our knowledge, this is the first time we provide such a full DIQPQ protocol. Our proposed scheme exploits selftesting of shared EPRpairs along with the self testing of projective measurement operators in a setting where the parties don't trust each other. To certify full DI, our scheme also exploits a technique to selftest a particular class of POVM elements that are used in the protocol. This makes the DItesting of this proposed scheme slightly different from the traditional DIQKD scheme. Further, we provide formal security analysis and obtain an upper bound on the maximum cheating probabilities for both dishonest client as well as dishonest server.

Routing Strategies for Multiplexed, HighFidelity Quantum NetworksYuan Lee (Massachusetts Institute of Technology); Eric Bersin (Massachusetts Institute of Technology); Wenhan Dai (Massachusetts Institute of Technology); Dirk Englund (Massachusetts Institute of Technology)[abstract]Abstract: We recently introduced a "quantum router" architecture that improves entanglement fidelities in chains of multiplexed repeaters. Here, we address local entanglement routing across general network graphs of routers to optimize entanglement rates and fidelities. Our proposed routing strategy achieves closetooptimal rates in the limit of high multiplexing.Poster presented by: Yuan Lee

Analysis of the effects of temperature increase on quantum random number generatorYuanhao Li (State Key Laboratory of Mathematical Engineering and Advanced Computing); Yangyang Fei (State Key Laboratory of Mathematical Engineering and Advanced Computing); Weilong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing); Xiangdong Meng (State Key Laboratory of Mathematical Engineering and Advanced Computing); Hong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing); Qianheng Duan (State Key Laboratory of Mathematical Engineering and Advanced Computing); Zhi Ma (State Key Laboratory of Mathematical Engineering and Advanced Computing)[abstract]Abstract: Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the superluminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase.

Quantum digital signatures with smaller public keysBoris Skoric (TU Eindhoven)[abstract]Abstract: We introduce a variant of GottesmanChuang quantum signatures [GC01] in which we sign nonbinary symbols instead of bits. The public keys are fingerprinting states, just as in [GC01], but we allow for multiple ways to reveal the private key partially. This reduces the number of qubits expended per message bit. We give a security proof and we present numerical results that show how the improvement in public key size depends on the message length.Poster presented by: Boris Skoric

A Case Study of Quantum Key Distribution Operating in Private 5G Network SystemYU YU (TOSHIBA); Takahiro Yamaura (TOSHIBA); Ririka Takahashi (TOSHIBA); Yoshimichi Tanizawa (TOSHIBA)[abstract]Abstract: In this paper, an experimental scenario of remote control with equipment operating at the manufacturing site over private 5G network has been demonstrated. To further enhance the security level, quantum key distribution (QKD) has been applied to this private 5G network system. The results reveal that QKD could be applicable to provide secure communications in private 5G network system for practical use.

Effect of Device Imperfection on Reference Frame Independent Quantum Key DistributionKyongchun Lim (ETRI); ByungSeok Choi (ETRI); Ju Hee Baek (ETRI); Minchul Kim (ETRI); JoongSeon Choe (ETRI); KapJoong Kim (ETRI); YoungHo Ko (ETRI); Chun Ju Youn (ETRI)[abstract]Abstract: Quantum key distribution (QKD) provides capability of secure communication between two remote locations. Depending on its applications, for the surroundings that fiber connection between two remote locations becomes impossible, QKD should be performed through freespace. Such QKD is called as freespace QKD. The applications corresponds to moving objects such as vehicle, aircraft, and satellite. In such freespace QKD, one fundamental characteristic is that transmitter and receiver are moving in real time. In case of conventional BB84 like QKD protocols requiring an identical reference frame between the transmitter and receiver, its performance can be affected by the moving characteristic because the relative movement causes reference frame deviation between them. This can be alleviated with active compensation of the reference frame, but it makes QKD system complex. In the protocol point of view, one has been proposed and it is called as reference frame independent (RFI) QKD. However, RFI QKD is based on ideal situation such as symmetric channels depending on encoded quantum states. This usually cannot achieved in real QKD system due to device imperfections. In this paper, we theoretically analyze how the device imperfections affect on the performance RFI QKD. In order to verify the theoretical analysis, we implement a freespace RFI QKD system with practical devices and identify the effect of device imperfections on RFI QKD.

Quantum authentication ticketsHazel Murray (Munster Technological University, Ireland); Jerry Horgan (Walton Institute, Ireland); Deirdre Kilbane (Walton Institute, Ireland); David Malone (Maynooth University, Ireland)[abstract]Abstract: Ticket based authentication systems are used across the internet. They allow an entity or device to be issued a ticket which can be used to repeated authenticate to a service. We propose a quantum ticket algorithm (based on Gavinsky's coin scheme [1]) which offers protection against phishing, replay and maninthemiddle attacks, and authentication with the service does not require either quantum or encrypted communication channels. It also provides inbuilt ticket expiration and graded stepup authentication depending on levels of trust and risk.Poster presented by: Quantum authentication tickets

Finitesize security proof of discretemodulation continuousvariable quantum key distribution using only heterodyne measurementShinichiro Yamano (The University of Tokyo); Takaya Matsuura (The University of Tokyo); Yui Kuramochi (The University of Tokyo); Toshihiko Sasaki (The University of Tokyo); Masato Koashi (The University of Tokyo)[abstract]Abstract: Recently the finitesize security of a continuousvariable quantum key distribution protocol was reported, in which homodyne measurement is used for generating raw key and heterodyne measurement for monitoring. Here we improve the security proof to allow the use of heterodyne measurement for both purposes. The new protocol not only simplifies the receiver apparatus but also alleviates the necessity of actively locking the phases of the sender's and the receiver's local oscillators. The comparison of the key rates of the two protocols shows that replacing homodyne measurement with heterodyne measurement worsens the channel loss dependence by only 1 dB, which is better than a naive expectation of a 3 dB penalty.Poster presented by: Shinichiro Yamano

Security analysis of a CVQKD downstream access networkYundi Huang (Beijing University of Posts and Telecommunications); Tao Shen (Beijing University of Posts and Telecommunications); Xiangyu Wang (Beijing University of Posts and Telecommunications); Ziyang Chen (Peking University); Bingjie Xu (Institute of Southwestern Communication); Song Yu (Beijing University of Posts and Telecommunications); Hong Guo (Peking University)[abstract]Abstract: Quantum key distribution (QKD) which enables the secure distribution of symmetric keys between two legitimate parties is of great importance in future network security [1, 2]. Access network that connects multiple endusers with one network backbone can be combined with QKD to build security for endusers in a scalable and costeffective way. Access network can have upstream stream transmission direction and downstream transmission direction. For upstream transmission, signals are transmitted from the endusers optical network units (ONUs), combined at the optical distribution network (ODN), and then forwarded to the optical line terminal (OLT) through single fiber. For downstream transmission direction, signals are sent from the OLT and separated at the ODN, then distributed to ONUs in the network. Though previous QKD access network demonstrations are all based on upstream transmission direction [3], the downstream access network on the other hand may offer extra advantages, since no time multiplexing technique is applied, the crosstalk is minimized, also, only passive beam splitter is sufficient to distribute the signals, and no active controls or calibrations are required at the intermediate optical distribution network node, signals are simply broadcasted to the ONUs [4]. However, it is not straight forward to integrate QKD into the downstream access network, for discretevariable QKD, the quantum signals cannot be deterministically distributed to the ONUs. More importantly, since every ONU gets a copy of the transmitted quantum signals, it is crucial that the final secret key is private against other ONUs in the downstream access network. Here, we prove that QKD downstream access network can be realized by using continuousvariable (CV) QKD [5], the corresponding implementation can deterministically perform QKD [6] with the activated ONU, the network still only applies passive beamsplitter to distribute quantum signals. The secrecy against other parties in the network is achieved by considering a reinforced Eve during the security analysis. The security analysis can be conducted with only the optical line terminal and the activated ONU, and no other parties assistances are required. Our work provides the security analysis framework for realizing QKD in the downstream access network which will boost the diversity for constructing practical QKD networks. This work was supported by the Key Program of National Natural Science Foundation of China under Grant No. 61531003, National Natural Science Foundation of China under Grant No. 62001041, China Postdoctoral Science Foundation under Grant No. 2020TQ0016, Sichuan Science and Technology Program under Grant No. 2020YFG0289 and the Fund of State Key Laboratory of Information Photonics and Optical Communications. [1] V. Scarani, H. BechmannPasquinucci, N. J. Cerf, M. Dusek, N. LĂŒtkenhaus, and M. Peev, The security of practical quantum key distribution, Rev. Mod. Phys. 81, 1301 (2009). [2] F. Xu, X. Ma, Q. Zhang, H.K. Lo, and J.W. Pan, Secure quantum key distribution with realistic devices, Rev. Mod. Phys. 92, 025002 (2020). [3] B. FrÂšohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 6972 (2013). [4] ITU. G.984.1: Gigabitcapable passive optical networks (gpon): General characteristics. ITUT (2008). [5] S. Pirandola, et al., Advances in quantum cryptography, Adv. in Opt. and Photon. 12, 1012 (2020). [6] Y. Zhang, et al., Continuousvariable QKD over 50km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019).

Strengthening practical continuousvariable quantum key distribution against measurement angular errorTao Shen (Beijing University of Posts and Telecommunications); Yundi Huang (Beijing University of Posts and Telecommunications); Xiangyu Wang (Beijing University of Posts and Telecommunications); Huiping Tian (Beijing University of Posts and Telecommunications); Ziyang Chen (Peking University); Song Yu (Beijing University of Posts and Telecommunications)[abstract]Abstract: Continuousvariable quantum key distribution (CVQKD) provides a way for two remote participants called Alice and Bob to establish symmetric keys through an unsafe channel \cite{weedbrook2012gaussian,grosshans2003quantum}. Continuousvariable quantum key distribution (CVQKD) based on commercial devices such as lasers and coherent detectors is moving towards practical. Experimental implementation of the CVQKD systems using Gaussianmodulated coherent states (GMCS) has made significant progress recently \cite{zhang2019continuous}. At the mean time, the problems of performance degradation caused by imperfections of those experimental devices remain unsolved absolutely \cite{pirandola2020advances}. A nonorthogonal measurement angular error between quadrature components $X$ and $P$ from coherent detection is always ignored in the current experimental scheme. The optical phase shifter that constantly rotates the local oscillator phase is a necessity in continuousvariable quantum key distribution systems using heterodyne detection. In previous experimental implementations, the optical phase shifter is generally regarded as an ideal passive optical device that perfectly rotates the phase of the electromagnetic wave of $90^\circ$ \cite{wang2020high}. However,under the action of external force, the fibre is stretched or compressed within the elastic deformation range, and parameters such as the fibre change's geometrical size and refractive index change, thus causing the phase change of the transmitted signal in the fibre. Therefore, the phase shifter is somewhat susceptible to environmental changes and can hardly shift the phase by $90^\circ$ exactly Considering this, we propose a concrete interpretation of measurement angular error in practical systems and the corresponding entanglementbased description. Simultaneously, an estimation method of the measurement angular error and corresponding compensation scheme are demonstrated in some ways. We conclude that measurement angular error severely degrades the security, but the proposed calibration and compensation method can significantly help improve the performance of the practical CVQKD systems. Undoubtedly, it is worth observing that our work is to strengthen practical security resulted from devices' imperfection.

Practical security of a chipbased continuousvariable quantum key distribution systemLang Li (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, Peopleâs Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, Peopleâs Republic of China); Peng Huang (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, Peopleâs Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, Peopleâs Republic of China); Tao Wang (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, Peopleâs Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, Peopleâs Republic of China); Guihua Zeng (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, Peopleâs Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, Peopleâs Republic of China)[abstract]Abstract: A chipbased continousvariable quantumkeydistribution (CVQKD) system with a high practical confidentiality performance is crucial for constructing quantum metropolitan communication networks, but imperfections in the chipbased modulation will threaten the practical security of the chipbased CVQKD system. In this paper, we combine the plasma dispersion effect of free carriers to model the carrier fluctuations and reveal the essential mechanism of carrier fluctuationsâ influence on the system. The simulations show that the chipbased CVQKD system may face potential loophole threats or its performance will dramatically decrease under different carrier fluctuations. Moreover, two preliminary defense strategies are proposed to completely solve the practical security problems commonly induced by modulators in general chipbased CVQKD systems. This work proposes a set of modeling and analysis methods for general chipbased CVQKD systemsâ modulators, which provides constructive methods to build the chipbased CVQKD system with more rigorous practical security.

Dynamic polarization control for freespace continuousvariable quantum key distributionShiyu Wang (Shanghai Jiao Tong University); Peng Huang (Shanghai Jiao Tong University); Tao Wang (Shanghai Jiao Tong University); Guihua Zeng (Shanghai Jiao Tong University)[abstract]Abstract: We propose a dynamic polarization control scheme for freespace continuousvariable quantum key distribution and verify its validity via simulations and an experiment performed over a 150 m freespace channel. The results indicate the capability of the scheme to effectively control the states of polarization for freespace continuousvariable quantum communication.

A Software Tool for Mapping and Executing Distributed Quantum Computations on a Network SimulatorDavide Ferrari (University of Parma); Saverio Nasturzio (University of Parma); Michele Amoretti (University of Parma)[abstract]Abstract: The growing demand for largescale quantum computers is motivating research on distributed quantum computing (DQC) architectures. To support the research community in the design and evaluation of distributed quantum protocols, many simulators have been devised. However, the process of setting up a simulation requires strong expertise in the simulator itself, thus being inconvenient for those who are only interested in protocol evaluation or in the design of supporting tools such as quantum compilers. In this work, we present DQC Executor, a software tool that accepts as input the description of the network and the code of the algorithm, and then executes the simulation. The tool automatically constructs the network topology and maps the computation onto it, in a frameworkagnostic way and transparently to the user. DQC Executor currently supports automatic deployment of distributed quantum algorithms to the NetSquid simulator.Poster presented by: Davide Ferrari

A MultiValued Quantum Fully Homomorphic Encryption SchemeYuanjing Zhang (Beihang University); Tao Shang (Beihang University); Jianwei Liu (Beihang University)[abstract]Abstract: Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a noninteractive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multivalued quantum point obfuscation. One is with singlequbit point obfuscation and the other is with multiqubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators.

Entropy bounds for multipartite deviceindependent cryptographyFederico Grasselli (Heinrich Heine University Dusseldorf); GlĂĄucia Murta (Heinrich Heine University Dusseldorf); Hermann Kampermann (Heinrich Heine University Dusseldorf); Dagmar Bruss (Heinrich Heine University Dusseldorf)[abstract]Abstract: When the outcomes of a set of parties measuring their local quantum systems exhibit nonlocal correlations by violating a Bell inequality, one can infer that such outcomes are secret to some extent. This is at the core of the security of many deviceindependent (DI) protocols, such as DI randomness expansion and DI conference key agreement. We quantify the amount of secret randomness in the partiesâ outcomes by analytically computing their conditional von Neumann entropies as a function of the Bell violation, for different Bell inequalities.Poster presented by: Federico Grasselli

A quantum key distribution simulator for BB84type protocols with decoy statesFlorian Prawits (AIT Austrian Institute of Technology)[abstract]Abstract: BB84type DVQKD protocols that implement weak coherent laser pulses as the carrier for the encoded information are severely limited in their maximally achievable transmission distance due to the inherent threat of photon number splitting (PNS) attacks. This potential weakness can be elegantly eliminated by the adaption of the protocol to include socalled decoy states (DS) in the transmission. These decoy states allow Alice and Bob to probe their transmission channel and statistically infer whether a PNS type attack is occurring, thus precluding Eve from successfully using this strategy. The added degrees of freedom of deciding how often to send decoy states and which intensities to use for them however further complicates the already complex task of predicting the impact on protocol performance and finding a set of suitable parameters to achieve optimal secret key rates (skr). In order to predict optimal performance, as a function of characteristics of the QKD setup like channel losses and device imperfections, state preparation fidelity, decoy state parameters and finite size effects, the software simulator pyDSsim has been developed. The tool is written in Python and implements the recent security proof framework introduced in [1,2]. The software can be scripted from the command line or used via a graphical user interface (GUI: QT5 framework) for easy exploration via parametrized xy plots of over 40 different variables, allowing a comprehensive evaluation of their interdependencies. The main feature however is the option to numerically compute the set of protocol variables for a given QKDsetup which maximizes the secret key rate under constraints typical for practical implementations: fixed block sizes or fixed acquisition times for the raw key. To this end two different algorithms (differentialevolution [3] and LBFGSB [4]) are utilized, allowing for a crosscheck of the acquired results and choice between speed and accuracy of the approach. References [1] Rusca, D., Boaron, A., GrĂŒnenfelder, F., Martin, A. & Zbinden, H. Finitekey analysis on the 1decoy state QKD protocol. Appl. Phys. Lett. 112, 171104 (2018) [2] Lim, C. C. W., Curty, M., Walenta, N., Xu, F. & Zbinden, H. Concise security bounds for practical decoystate quantum key distribution. Phys. Rev. A 89, 022307 (2014) [3] R. H. Byrd, P. Lu and J. Nocedal. A Limited Memory Algorithm for Bound Constrained Optimization, (1995), SIAM Journal on Scientific and Statistical Computing, 16, 5, pp. 11901208. [4] Storn, R and Price, K, Differential Evolution  a Simple and Efficient Heuristic for Global Optimization over Continuous Spaces, Journal of Global Optimization, 1997, 11, 341  359.Poster presented by: Florian Prawits

Hacking the selfdifferencing avalanche detectors via pulse illuminationBinwu Gao (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Anqi Huang (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Zhihao Wu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Yingwen Liu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Weixu Shi (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Ping Xu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Junjie Wu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China)[abstract]Abstract: Quantum key distribution (QKD) has been proved to be informationtheoretically secure in theory. In practice, the selfdifferencing avalanche photodiode detectors (SDAPDs) are commonly used in highspeed QKD systems. However, we experimentally show that the SD APD under test can be successfully hacked by the pulseillumination attack. This attack might compromise the security of a highspeed QKD system with SDAPDs. This study also indicates that the bestpractice criteria for practical security of SDAPDs might take the threat of pulseillumination attack into account.

Software tool for the performance evaluation of satellite quantum key distribution linksAndrea Stanco (UniversitĂ degli Studi di Padova); Giulio Foletto (UniversitĂ degli Studi di Padova); Alessia Scriminich (UniversitĂ degli Studi di Padova); Lorenzo Dal Corso (Qascom S.r.l.); Luca Canzian (Qascom S.r.l.); Francesco Petroni (Sitael S.p.A.); Giuseppe Piscopiello (Sitael S.p.A.); Gilles Mariotti (Sitael S.p.A.); Luca De Filippis (Sitael S.p.A.); Giuseppe Vallone (UniversitĂ degli Studi di Padova); Paolo Villoresi (UniversitĂ degli Studi di Padova)[abstract]Abstract: The 18month project called PROtocols for Space sEcure Quantum cOmmunication (PROSEQO), funded by the European Space Agency, was coordinated by the University of Padova with Sitael and Qascom as industrial partners. The scope of the project was to assess the protocols feasible for Satellite QKD and then realize an analytical model to describe all the elements that contribute to the Secret Key Rate (SKR). The analytical model was integrated in a dedicated software able to get several input parameters and orbit descriptions and calculate the final SKR. The software was tested in 10 different case studies. Therefore, this can be a useful tool for future Satellite QKD missions as a preliminary step to evaluate mission feasibility. It could also be the starting point for a numerical overview on the practicability of a satellite QKD infrastructure.Poster presented by: Andrea Stanco

A QuantumProver Interactive Proof for Simon's ProblemSamuel Ducharme (UniversitĂ© de MontrĂ©al)[abstract]Abstract: Simon's problem is one of the few blackbox problems known to be in BQP but not in BPP. Although Simon's algorithm can be used to solve this problem efficiently, it isn't so easy for someone with access to a largescale quantum computer (the prover) to convince someone whose computing power is in BPP (the verifier) of the validity of their computation. I present an interactive protocol that aims to accomplish this goal if the verifier has access to a quantum computer with a constant number of qubits. This protocol adapts some of the known techniques using quantum authentication schemes for nonblackbox problems. It also uses a novel technique that consists of randomly doing âtrap roundsâ that are similar to Simon's algorithm iterations but instead ask the prover to call the blackbox function on a randomlygenerated polynomialsize superposition state chosen so that the verifier can detect the prover's attempts at cheating.Poster presented by: Samuel Ducharme

Clock recovery for a CVQKD systemHouMan Chin (TECHNICAL UNIVERSITY OF DENMARK); Nitin Jain (TECHNICAL UNIVERSITY OF DENMARK); Ulrik L. Andersen (TECHNICAL UNIVERSITY OF DENMARK); Tobias Gehring (TECHNICAL UNIVERSITY OF DENMARK); Darko Zibar (TECHNICAL UNIVERSITY OF DENMARK)[abstract]Abstract: This work experimentally investigates a clock recovery algorithmâs performance for a gaussian modulated CVQKD system operating over 20km of fibre using a frequency multiplexed classical signal.Poster presented by: HouMan Chin

Quantum Key Distribution with Characterized Source DefectsShlok Nahar (University of Waterloo); Norbert LĂŒtkenhaus (University of Waterloo)[abstract]Abstract: We develop general tools to be able to numerically calculate key rates for quantum key distribution protocols with characterized source defects. These tools include performing decoystate analysis for optical protocols where the signal states are not fully phaserandomised. We apply these tools for the threestate protocol when the signal states are not fully phaserandomised due to a high repetition rate. Our results suggest that the small amounts of residual coherences do not greatly affect the key rate.

Robust Interior Point Method for Quantum Key Distribution Rate ComputationHao Hu (Department of Combinatorics and Optimization, Faculty of Mathematics, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Jiyoung Im (Department of Combinatorics and Optimization, Faculty of Mathematics, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Jie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Norbert LĂŒtkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Henry Wolkowicz (Department of Combinatorics and Optimization, Faculty of Mathematics, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1)[abstract]Abstract: Security proof methods for quantum key distribution, QKD, that are based on the numerical key rate calculation problem, are powerful in principle. However, the practicality of the methods are limited by computational resources and the efficiency and accuracy of the underlying algorithms for convex optimization. We derive a stable reformulation of the convex nonlinear semidefinite programming, SDP, model for the key rate calculation problems. We use this to develop an efficient, accurate algorithm. The reformulation is based on novel forms of facial reduction, FR, for both the linear constraints and nonlinear relative entropy objective function. This allows for a GaussNewton type interiorpoint approach that avoids the need for perturbations to obtain strict feasibility, a technique currently used in the literature. The result is high accuracy solutions with theoretically proven lower bounds for the original QKD from the FR stable reformulation. This provides novel contributions for FR for general SDP. We report on empirical results that dramatically improve on speed and accuracy, as well as solving previously intractable problems.

Information Rates with Non Ideal Photon Detectors in TimeEntanglement Based QKDDunbar Birnie (Rutgers University); Emina Soljanin (Rutgers University); Chris Cheng (Rutgers University)[abstract]Abstract: We consider QKD based on time entangled photons, with detectors that exhibit timing jitter and detector downtime. Timing jitter introduces local errors, necessitating key reconciliation. The detector downtime introduces memory which results in key bits that are not uniformly random. Both effects cause key rate loss. We focus on detector downtime and develop a method to compute the key rate loss.Poster presented by: Christopher Cheng

Reducing Network Cooling Cost using TwinField Quantum Key DistributionVasileios Karavias (University of Cambridge); Andrew Lord (BT); Mike Payne (University of Cambridge)[abstract]Abstract: Improving the rates and distances over which quantum secure keys are generated is a major challenge. New source and detector hardware can improve key rates significantly, however it can require expensive cooling. We show that TwinField Quantum Key Distribution (TFQKD) has an advantageous topology allowing the localisation of cooled detectors. This setup for a quantum network allows a fully connected network solution, i.e. one where every connection has nonzero key rates, in a box with sides of length up to 110km with just 4 cooled nodes, while Decoy state BB84 is only capable of up to 80km with 40 cooled nodes, and 50km if no nodes are cooled. The average key rate in the network of the localised, cooled TFQKD is >30 times greater than the uncooled Decoy BB84 solution and âŒ0.9 those of cooled Decoy BB84. To reduce the cost of the network further, switches can be used in the network. These switches have losses ranging between 1â2dB. Adding these losses to the model shows further the advantages of TFQKD in a network. Decoy BB84 is only able to generate fully connected solutions up to 20km if all nodes are cooled for a 40 node network for 1dB losses. In comparison, using TFQKD, 70km networks are possible with just 4 cooling locations for the same losses. The simulation shows the significant benefits in using TFQKD in a switched network, and suggests that further work in this direction is necessary.Poster presented by: Vasileios Karavias

Onetime memory from isolated Majorana islandsSourav Kundu (University of Southern California); Ben Reichardt (University of Southern California)[abstract]Abstract: We know that classical onetime memory is a cryptographic primitive which is sufficient to construct both classical onetime programs and quantum onetime programs. We propose a construction of onetime memory (OTM) from isolated Majorana islands. The proposed 1outof2 OTM stores two bits, wherein any one chosen bit can be perfectly obtained, whereas the other bit is destroyed with high probability. We prove that a malicious recipient performing an arbitrary sequence of strong and weak measurements can not obtain more information than an honest recipient performing only strong measurements. We show that errors on the two stored bits can be corrected by a pair of classical codes obtained from a quantum CSS code. We compare several popular CSS codes and obtain the best codes for different regimes of physical error rate, availability of chosen bit and availability of remaining bit. Finally, we show that the construction for 1/2 OTMs can be generalized into efficient constructions for 1/n OTMs and (nâ1)/n OTMs.Poster presented by: Sourav Kundu

New Quantum Source for satellitebased QKD.Sungeun (Paul) Oh (University of Waterloo)[abstract]Abstract: Canada has recently begun to work on the satellitebased QKD project, known as Quantum Encryption and Science Satellite (QEYSSat) mission. Its first satellite launch is expected in the year of 2023. As I am involved in this mission, I would like to introduce the new quantum source that is currently in the progress of development. The aim was to develop a quantum source for the entanglementbased QKD that can sufficiently overcome the current distance limits. By introducing some of the important criteria for building the source, I will explain what has been achieved, then how this in the end will take us one step further toward the future quantum network.Poster presented by: Sungeun Oh

Tight Bounds for Inverting Permutations via Compressed Oracle ArgumentsAnsis Rosmanis (Nagoya University)[abstract]Abstract: In his seminal work on recording quantum queries [Crypto 2019], Zhandry studied interactions between quantum query algorithms and the quantum oracle corresponding to random functions. Zhandry presented a framework for interpreting various states in the quantum space of the oracle that can be used to provide security proofs in quantum cryptography. In this paper, we introduce a similar interpretation for the case when the oracle corresponds to random permutations instead of random functions. Because both random functions and random permutations are highly significant in security proofs, we hope that the present framework will find applications in quantum cryptography. Additionally, we show how this framework can be used to prove that the success probability for a kquery quantum algorithm that attempts to invert a random Nelement permutation is at most O(k^2/N).

Unidimensional twoway continuousvariable quantum key distributionnYiming Bian (BUPT); Luyu Huang (BUPT); Yichen Zhang (BUPT)[abstract]Abstract: We report a unidimensional twoway continuousvariable quantum key distribution protocol, which shows the potential of secure communication with simple modulation method in noisy situations.

Allphotonic twoway quantum repeaters with multiplexing based on concatenated bosonic and discretevariable quantum codesFilip Rozpedek (Pritzker School of Molecular Engineering, University of Chicago); Kaushik P. Seshadreesan (James C. Wyant College of Optical Sciences, University of Arizona); Liang Jiang (Pritzker School of Molecular Engineering, University of Chicago); Saikat Guha (James C. Wyant College of Optical Sciences, University of Arizona)[abstract]Abstract: We propose a novel strategy of using the GottesmanKitaevPreskill (GKP) code in a twoway repeater architecture with multiplexing. The crucial feature of the GKP code that we make use of, is the fact that GKP qubits easily admit deterministic twoqubit gates, hence allowing for deterministic entanglement swapping. Furthermore, thanks to the availability of the analog information generated during the measurement of the GKP qubits, we can design better entanglement swapping procedures between the multiplexed elementary links. To boost the lossresilience of our encoded qubits, we consider a concatenation of the GKP code with the discrete variable [[7,1,3]] code which has already proven effective in the context of quantum repeater schemes. We find that our architecture allows for highrate neardeterministic endtoend entanglement generation with much larger repeater spacing than for the previously considered errorcorrection based repeater schemes.Poster presented by: Filip Rozpedek

Satellitebased QKD: Mission Design, LinkBudgets and KeyRatesManuel Erhard (Quantum Technology Laboratories GmbH); Armin Hochrainer (Quantum Technology Laboratories GmbH); Johannes Handsteiner (Quantum Technology Laboratories GmbH); Matthias Fink (Quantum Technology Laboratories GmbH); Thomas Herbst (Quantum Technology Laboratories GmbH); Henning Weier (Quantum Technology Laboratories GmbH); Thomas Scheidl (Quantum Technology Laboratories GmbH)[abstract]Abstract: Quantum Key Distribution (QKD) is a fast growing scientific as well as commercial field. Governments as well as private businesses seek for enhanced security solutions that can withstand future hacking attacks on classical cryptographic protocols. Today, there exists a vast amount of different QKD protocols that claim to offer âunconditionalâ security. However, looking in more detail many subtleties lead to different security levels, or in worstcase scenarios to no security at all. Thus, it is of upmost importance to appropriately select and design QKD protocols and networks. In this work (presented as a poster), we present and compare three different QKD protocols, concerning their security, keyrate performance, and applicability especially for satellitebased QKD networks. Our main results from this study are presented and we introduce the key requirements and the basic workflow of the design and optimization of a trustednode based and free European QKD network. Finally, realistic satellite missions and their expected secure key rates in various situations are presented.