## Invited Speakers

Click on a speaker’s name to read the title and abstract for their presentation.

- /sessions/invited_groblacher
**Simon Gröblacher**Delft University of Technology - /sessions/invited_khurana
**Dakshita Khurana**University of Illinois Urbana-Champaign - /sessions/invited_pittaluga
**Mirko Pittaluga**Toshiba Cambridge - /sessions/invited_qi
**Bing Qi**Oak Ridge National Laboratory - /sessions/invited_upadhyaya
**Twesh Upadhyaya**University of Waterloo - /sessions/invited_wang
**Xiang-Bin Wang**Tsinghua University

## Tutorial Speakers

Click on a speaker’s name to read the title and abstract for their presentation.

## Industry Session

Click on a speaker’s name to read their bio.

- /sessions/industry_huttner
**Bruno Huttner**Director of Strategic Quantum Initiatives at ID Quantique - /sessions/industry_qi
**Wei Qi**CEO of CAS Quantum Network Co. - /sessions/industry_sasaki
**Masahide Sasaki**National Institute of Information and Communications Technology (NICT) - /sessions/industry_shields
**Andrew Shields**Head of Quantum Technology at Toshiba Europe - /sessions/industry_ursin
**Rupert Ursin**Founder and Scientist at qtlabs - /sessions/industry_wille
**Eric Wille**Optical System Engineer at European Space Agency (ESA)

## List of Accepted Contributed Talks

(in order of submission)

- merged with #47:Coexistence of a Quantum QKD Channel and 4×100 Gbps Classical Channels in Nested Antiresonant Nodeless Hollow Core FibreObada Alia (High performance networking group / University of Bristol); Rodrigo Stange Tessinari (High performance networking group / University of Bristol); Thomas Bradley (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); Hesham Sakr (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); Kerrianne Harrington (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); John Hayes (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); Yong Chen (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); Periklis Petropoulos (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); George Kanellos (High performance networking group / University of Bristol); David Richardson (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); Francesco Poletti (Optoelectronics Research Centre, University of Southampton, Southampton SO17 1BJ, UK); Reza Najebati (High performance networking group / University of Bristol); Dimitra simidunio (High performance networking group / University of Bristol)[abstract]
**Abstract:**We demonstrated for the first time a coexistence between a quantum QKD channel and 4×100 Gbps pm-qpsk carrier-grade classical optical channels in a 2 km Nested Antiresonant Nodeless Hollow Core fibre. Our results show a drop of less than 10% in the Secret Key Rate (SKR) when using a HCF compared to a significant drop of 97% in the SKR when quantum and classical signals coexist on a single core of a Multicore fibre (MCF) with equal losses, indicating that NANF type HCF significantly outperforms single-mode fibres (SMF) performance for quantum/classical coexistence. This significant difference in the SKR drop is due to the ultra-low nonlinear effects in HCF comparing to glass core fibres such as SMF and MCF.Presenter live session: Obada AliaThe limits of multiplexing of quantum and classical channels: Case study of a 2.5 GHz discrete variable QKD systemFadri Grünenfelder (University of Geneva); Rebecka Sax (University of Geneva); Alberto Boaron (University of Geneva); Hugo Zbinden (University of Geneva)[abstract]**Abstract:**To enable the widespread use of Quantum Key distribution, network integration is crucial. We present a case study where we investigate the performance of a 2.5 GHz simplified BB84 implementation using a wavelength of 1310nm multiplexed in a fiber together with 13 classical channels. We found that a secret key exchange at a distance of 95.5km and classical launch power up to 8.9dBm was possible. Further, we compare our results to previous results, both for continuous variable systems using a wavelength of 1550nm and discrete variable systems using either a wavelength of 1550nm or 1310nm. We find that both for long distance and for high power in the classical channels, the discrete variable systems perform better.Presenter live session: Fadri Grünenfelder - On the Compressed-Oracle Technique, and Post-Quantum Security of Proofs of Sequential WorkKai-Min Chung (Academia Sinica, Taiwan); Serge Fehr (CWI Cryptology Group and Leiden University, The Netherlands); Yu-Hsuan Huang (Academia Sinica, Taiwan); Tai-Ning Liao (National Taiwan University, Taiwan)[abstract]
**Abstract:**We revisit the so-called compressed oracle technique, introduced by Zhandry for analyzing quantum algorithms in the quantum random oracle model (QROM). To start off with, we offer a concise exposition of the technique, which easily extends to the parallel-query QROM, where in each query-round the considered algorithm may make several queries to the QROM in parallel. This variant of the QROM allows for a more fine-grained query-complexity analysis. Our main technical contribution is a framework that simplifies the use of (the parallel-query generalization of) the compressed oracle technique for proving query complexity results. With our framework in place, whenever applicable, it is possible to prove quantum query complexity lower bounds by means of purely classical reasoning. More than that, for typical examples the crucial classical observations that give rise to the classical bounds are sufficient to conclude the corresponding quantum bounds. We demonstrate this on a few examples, recovering known results (like the optimality of parallel Grover), but also obtaining new results (like the optimality of parallel BHT collision search). Our main target is the hardness of finding a q-chain with fewer than q parallel queries, i.e., a sequence x_0, x_1..., x_q with x_i = H(x_{i-1}) for all 1 <= i <= q. The above problem of finding a hash chain is of fundamental importance in the context of proofs of sequential work. Indeed, as a concrete cryptographic application of our techniques, we prove that the "Simple Proofs of Sequential Work" proposed by Cohen and Pietrzak remains secure against quantum attacks. Such an analysis is not simply a matter of plugging in our new bound; the entire protocol needs to be analyzed in the light of a quantum attack. Thanks to our framework, this can now be done with purely classical reasoning.Presenter live session: Yu-Hsuan Huang - Explicit asymptotic secret key rate of continuous-variable quantum key distribution with an arbitrary modulationAurélie Denys (Inria Paris); Peter Brown (ENS Lyon); Anthony Leverrier (Inria Paris)[abstract]
**Abstract:**We establish an analytical lower bound on the asymptotic secret key rate of continuous-variable quantum key distribution with an arbitrary modulation of coherent states. Previously, such bounds were only available for protocols with a Gaussian modulation, and numerical bounds existed in the case of simple phase-shift-keying modulations. The latter bounds were obtained as a solution of a convex optimization problem and our new analytical bound matches them, up to numerical precision. The more relevant case of quadrature amplitude modulation (QAM) could not be analyzed with the previous techniques,due to their large number of coherent states. Our bound shows that relatively small constellation sizes, with say 64 states, are essentially sufficient to obtain a performance close to a true Gaussian modulation and are therefore an attractive solution for large-scale deployment of continuous-variable quantum key distribution. We also derive similar bounds when the modulation consists of arbitrary states, not necessarily pure. - Finite key effects in satellite quantum key distributionJasminder S. Sidhu (University of Strathclyde); Thomas Brougham (University of Strathclyde); Duncan McArthur (University of Strathclyde); Roberto G. Pousa (University of Strathclyde); Daniel K. L. Oi (University of Strathclyde)[abstract]
**Abstract:**Global quantum communications will enable long-distance secure data transfer, networked distributed quantum information processing, and other entanglement-enabled technologies. Satellite quantum communication overcomes optical fibre range limitations, with the first realisations of satellite quantum key distribution (SatQKD) being rapidly developed. However, limited transmission times between satellite and ground station severely constrains the amount of secret key due to finite-block size effects. Here, we analyse these effects and the implications for system design and operation, utilising published results from the Micius satellite to construct an empirically-derived channel and system model for a trusted-node downlink employing efficient BB84 weak coherent pulse decoy states with optimised parameters. We quantify practical SatQKD performance limits and examine the effects of link efficiency, background light, source quality, and overpass geometries to estimate long-term key generation capacity. Our results provide a guide to the design and analysis of future SatQKD missions, and establishes performance benchmarks for both sources and detectors.Presenter live session: Jasminder Sidhu - The asymptotic performance of coherent-one-way quantum key distributionRóbert Trényi (University of Vigo); Marcos Curty (University of Vigo)[abstract]
**Abstract:**Coherent-one-way (COW) quantum key distribution (QKD) held the promise of distributing secret keys over long distances with a simple experimental setup while being robust against the photon-number splitting attack. Indeed, there are already commercial products implementing this scheme, and long distance realizations over 300 km have been reported recently. Surprisingly enough, however, here we show that its asymptotic secret key rate scales at most quadratically with the system's transmittance, thus solving a long standing problem. This means that COW is actually inappropriate for long distance QKD transmission. This is done by deriving the optimal zero-error attack, which is a type of attack where the eavesdropper does not introduce any error, but still prevents Alice and Bob from distilling a secure key. In doing so, we also show, for instance, that all implementations of the COW scheme reported so far in the scientific literature are insecure.Presenter live session: Róbert Trényi - High-rate quantum key distribution with silicon photonicsLikang Zhang (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Wei Li (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Hao Tan (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Yan-Lin Tang (QuantumCTek Co., Ltd., Hefei, Anhui 230088, China); Kejin Wei (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Sheng-Kai Liao (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Cheng-Zhi Peng (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Feihu Xu (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China); Jian-Wei Pan (Hefei National Laboratory for Physical Sciences at the Microscale and Department of Modern Physics, University of Science and Technology of China, Hefei 230026, China)[abstract]
**Abstract:**Quantum key distribution (QKD) can provide information-theoretic security governed by the law of quantum physics. Toward real-life applications, secret key rate is a key figure of merit of the QKD system. Here we demonstrate a 2.5-GHz polarization-encoding QKD system with an integrated silicon photonic transmitter that is able to generate a secret key rate of 2.42±0.04 Mbps over 101-km standard telecom fibers (19.6-dB loss). Such high rate attributes to the high clock-rate transmission and the ultra-low quantum bit error rate of 0.49%. The scalability, miniaturization and stability offered by silicon photonic technologies along with high-key-rate performance indicate that our system is a promising solution for large-scale deployment of QKD.Presenter live session: Likang Zhang - Realizing an entanglement-based multi-user quantum network with integrated photonicsWenjun Wen (Nanjing University); Zhiyu Chen (Nanjing University); Liangliang Lu (Nanjing University); Wenhan Yan (Nanjing University); Peiyu zhang (Nanjing University); Yanqing Lu (Nanjing University); Shining Zhu (Nanjing University); Xiao-Song Ma (Nanjing University)[abstract]
**Abstract:**Quantum network facilitates the secure transmission of information between different users. Establishing communication links among multiple users in a scalable and efficient way is important for realizing large-scale quantum network. Here we develop a time-energy entanglement-based dense wavelength division multiplexed network based on an integrated silicon nitride micro-ring resonator, which offers a wide frequency span (>100 nm) and narrow bandwidth modes (~ 5 pm). Six pairs of photons are selected to form a fully and simultaneously connected four-user quantum network. The observed quantum interference visibilities are well above the classical limits among all users. Our result paves the way for realizing large-scale quantum networks with integrated photonic architecture.Presenter live session: Wenjun Wen - merged with #45:A Black-Box Approach to Post-Quantum Zero-Knowledge in Constant RoundsNai-Hui Chia (University of Maryland); Kai-Min Chung (Academia Sinica); Takashi Yamakawa (NTT Secure Platform Laboratories)[abstract]
**Abstract:**In a recent seminal work, Bitansky and Shmueli (STOC '20) gave the first construction of a constant round zero-knowledge argument for NP secure against quantum attacks. However, their construction has several drawbacks compared to the classical counterparts. Specifically, their construction only achieves computational soundness, requires strong assumptions of quantum hardness of learning with errors (QLWE assumption) and the existence of quantum fully homomorphic encryption (QFHE), and relies on non-black-box simulation. In this paper, we resolve these issues at the cost of weakening the notion of zero-knowledge to what is called $\epsilon$-zero-knowledge. Concretely, we construct the following protocols: - We construct a constant round interactive proof for NP that satisfies statistical soundness and black-box $\epsilon$-zero-knowledge against quantum attacks assuming the existence of collapsing hash functions, which is a quantum counterpart of collision-resistant hash functions. Interestingly, this construction is just an adapted version of the classical protocol by Goldreich and Kahan (JoC '96) though the proof of $\epsilon$-zero-knowledge property against quantum adversaries requires novel ideas. - We construct a constant round interactive argument for NP that satisfies computational soundness and black-box $\epsilon$-zero-knowledge against quantum attacks only assuming the existence of post-quantum one-way functions. At the heart of our results is a new quantum rewinding technique that enables a simulator to extract a committed message of a malicious verifier while simulating verifier's internal state in an appropriate sense.Presenter live session: Takashi YamakawaOn the Impossibility of Post-Quantum Black-Box Zero-Knowledge in Constant RoundsNai-Hui Chia (University of Maryland); Kai-Min Chung (Academia Sinica); Qipeng Liu (Princeton University); Takashi Yamakawa (NTT Secure Platform Laboratories)[abstract]**Abstract:**We investigate the existence of constant-round post-quantum black-box zero-knowledge protocols for $\mathbf{NP}$. As a main result, we show that there is no constant-round post-quantum black-box zero-knowledge argument for $\mathbf{NP}$ unless $\mathbf{NP}\subseteq \mathbf{BQP}$. As constant-round black-box zero-knowledge arguments for $\mathbf{NP}$ exist in the classical setting, our main result points out a fundamental difference between post-quantum and classical zero-knowledge protocols. Combining previous results, we conclude that unless $\mathbf{NP}\subseteq \mathbf{BQP}$, constant-round post-quantum zero-knowledge protocols for $\mathbf{NP}$ exist if and only if we use non-black-box techniques or relax certain security requirements such as relaxing standard zero-knowledge to $\epsilon$-zero-knowledge. Additionally, we also prove that three-round and public-coin constant-round post-quantum black-box $\epsilon$-zero-knowledge arguments for $\mathbf{NP}$ do not exist unless $\mathbf{NP}\subseteq \mathbf{BQP}$.Presenter live session: Takashi Yamakawa - Position-based cryptography: Single-qubit protocol secure against multi-qubit attacksAndreas Bluhm (QMATH, University of Copenhagen); Matthias Christandl (QMATH, University of Copenhagen); Florian Speelman (QuSoft and University of Amsterdam)[abstract]
**Abstract:**While it is known that unconditionally secure position-based cryptography is impossible both in the classical and the quantum setting, it has been shown that some quantum protocols for position verification are secure against attackers which share a quantum state of bounded dimension. In this work, we consider the security of the qubit routing protocol. The protocol has the advantage that an honest prover only has to manipulate a single qubit and a classical string of length 2n. We show that the protocol is secure if each of the attackers holds at most n/2 - 3 qubits. With this, we show for the first time that there exists a quantum position verification protocol where the ratio between the quantum resources an honest prover needs and the quantum resources the attackers need to break the protocol is unbounded. The verifiers need only increase the amount of classical resources to force the attackers to use more quantum resources. Finally, we show that the qubit routing protocol is robust with respect to noise, making it appealing for applications.Presenter live session: Andreas Bluhm - Practical quantum tokens without quantum memories and experimental testsAdrian Kent (University of Cambridge); David Lowndes (University of Bristol); Damián Pitalúa-García (University of Cambridge); John Rarity (University of Bristol)[abstract]
**Abstract:**Unforgeable quantum money tokens were the rst invention of quantum information science, but remain technologically challenging as they require quantum memories and/or long distance quantum communication. More recently, virtual "S-money" tokens were introduced. These are generated by quantum cryptography, do not require quantum memories or long distance quantum communication, and yet in principle guarantee many of the security advantages of quantum money. Here, we describe implementations of S-money schemes with o-the-shelf quantum key distribution technology, and analyse security in the presence of noise, losses, and experimental imperfection. Our schemes satisfy near instant validation without cross-checking. We show that, given standard assumptions in mistrustful quantum cryptographic implementations, unforgeability and user privacy could be guaranteed with attainable re nements of our off-the-shelf setup. We discuss the possibilities for unconditionally secure (assumption-free) implementations.Presenter live session: Damián Pitalúa-García - Pathways for entanglement based quantum communication in the face of high noiseXiao-Min Hu (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Chao Zhang (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Yu Guo (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Fang-Xiang Wang (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Wen-Bo Xing (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Cen-Xiao Huang (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Bi-Heng Liu (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Yun-Feng Huang (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Chuan-Feng Li (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Guang-Can Guo (CAS Key Laboratory of Quantum Information, University of Science and Technology of China, Hefei); Xiaoqin Gao (Department of physics, University of Ottawa, Advanced Research Complex, 25 Templeton Street, K1N 6N5, Ottawa, ON, Canada); Matej Pivoluska (Institute of Computer Science, Masaryk University, Brno); Marcus Huber (Vienna Center for Quantum Science and Technology, Atominstitut, TU Wien, 1020 Vienna, Austria)[abstract]
**Abstract:**Entanglement based quantum communication offers an increased level of security in practical secret shared key distribution. One of the fundamental principles enabling this security -- the fact that interfering with one photon will destroy entanglement and thus be detectable -- is also the greatest obstacle. Random encounters of traveling photons, losses and technical imperfections make noise an inevitable part of any quantum communication scheme, severely limiting distance, key rate and environmental conditions in which QKD can be employed. Using photons entangled in their spatial degree of freedom, we show that the increased noise resistance of high-dimensional entanglement, can indeed be harnessed for practical key distribution schemes. We perform quantum key distribution in eight entangled paths at various levels of environmental noise and show key rates that, even after error correction and privacy amplification, still exceed 1 bit per photon pair and furthermore certify a secure key at noise levels that would prohibit comparable qubit based schemes from working.Presenter live session: Matej Pivoluska - Post-Quantum Succinct ArgumentsAlessandro Chiesa (UC Berkeley); Fermi Ma (Princeton and NTT Research); Nicholas Spooner (Boston University); Mark Zhandry (Princeton and NTT Research)[abstract]
**Abstract:**We prove that Kilian's four-message succinct argument system is post-quantum secure in the standard model when instantiated with any probabilistically checkable proof and any collapsing hash function (which in turn exist based on the post-quantum hardness of Learning with Errors). At the heart of our proof is a new "measure-and-repair" quantum rewinding procedure that achieves asymptotically optimal knowledge error.Presenter live session: Nick Spooner - MDI-QKD with 19.2 km free-space channelYuan Cao (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Yu-Huai Li (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Kui-Xing Yang (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Yang-Fan Jiang (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Shuang-Lin Li (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Xiao-Long Hu (Tsinghua University); Maimaiti Abulizi (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Cheng-Long Li (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Weijun Zhang (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Qi-Chao Sun (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Wei-Yue Liu (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Xiao Jiang (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Sheng-Kai Liao (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Ji-Gang Ren (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Hao Li (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Lixing You (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Zhen Wang (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Juan Yin (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Chao-Yang Lu (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Xiang-Bin Wang (University of Science and Technology of China and Tsinghua University); Qiang Zhang (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Cheng-Zhi Peng (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences); Jian-Wei Pan (University of Science and Technology of China and Shanghai Research Center for Quantum Sciences)[abstract]
**Abstract:**Measurement-device-independent quantum key distribution (MDI-QKD), based on two-photon interference, is immune to all attacks against the detection system and allows a QKD network with untrusted relays. Since the MDI-QKD protocol was proposed, fiber-based implementations aimed at longer distance, higher key rates and network verification have been rapidly developed. However, owing to the effect of atmospheric turbulence, MDI-QKD over free-space channel remains experimentally challenging. Herein, by developing a robust adaptive optics system, high-precision time synchronization and frequency locking between independent photon sources located far apart, we realized the first free-space MDI-QKD over a 19.2-km urban atmospheric channel, which well exceeds the effective atmospheric thickness. Our experiment takes the first step towards satellite-based MDI-QKD. Moreover, the technology developed herein opens the way to quantum experiments in free space involving long-distance interference of independent single photons. - Minimizing detection losses from time-bin quantum cryptography systems with few-mode fibre technologyAlvaro Alarcon (Linköping University); Joakim Argillander (Linköping University); Gustavo Lima (University of Concepcion); Guilherme Xavier (Linköping University)[abstract]
**Abstract:**Time-bin quantum cryptography systems have a fundamental post-selection loss at the detection stage, which increases with the dimension and that limits its application over long distances. Here, we are able to solve this long-standing hurdle by employing a few-mode fibre space-division multiplexing platform working with orbital angular momentum modes. In our scheme, we maintain the practicability provided by the time-bin scheme, while the quantum states are transmitted through a few-mode fibre in a configuration that does not introduce post-selection losses. We experimentally demonstrate our proposal by successfully transmitting phase-encoded single-photon states for quantum cryptography over 500 m of few-mode fibre, thus opening up new paths for quantum communication systems.Presenter live session: Alvaro Alarcon - Quantum Encryption with Certified Deletion, Revisited: Public Key, Attribute-Based, and Classical CommunicationTaiga Hiroka (Yukawa Institute for Theoretical Physics, Kyoto University); Tomoyuki Morimae (Yukawa Institute for Theoretical Physics, Kyoto University); Ryo Nishimaki (NTT Secure Platform Laboratories); Takashi Yamakawa (NTT Secure Platform Laboratories)[abstract]
**Abstract:**Broadbent and Islam (TCC '20) proposed a quantum cryptographic primitive called quantum encryption with certified deletion. In this primitive, a receiver in possession of a quantum ciphertext can generate a classical certificate that the encrypted message is deleted. Although their construction is information-theoretically secure, it is limited to the setting of one-time symmetric key encryption (SKE), where a sender and receiver have to share a common key in advance and the key can be used only once. Moreover, the sender has to generate a quantum state and send it to the receiver over a quantum channel in their construction. Although deletion certificates are privately verifiable, which means a verification key for a certificate has to be kept secret, in the definition by Broadbent and Islam, we can also consider public verifiability. In this work, we present various constructions of encryption with certified deletion. - Quantum communication case: We achieve (reusable-key) public key encryption (PKE) and attribute-based encryption (ABE) with certified deletion. Our PKE scheme with certified deletion is constructed assuming the existence of IND-CPA secure PKE, and our ABE scheme with certified deletion is constructed assuming the existence of indistinguishability obfuscation and one-way function. These two schemes are privately verifiable. - Classical communication case: We also achieve PKE with certified deletion that uses only classical communication. We give two schemes, a privately verifiable one and a publicly verifiable one. The former is constructed assuming the LWE assumption in the quantum random oracle model. The latter is constructed assuming the existence of one-shot signatures and extractable witness encryption.Presenter live session: Taiga Hiroka - Experimental Gaussian-modulated continuous-variable quantum key distribution with composable keysNitin Jain (Technical University of Denmark); Hou-Man Chin (Technical University of Denmark); Hossein Mani (Technical University of Denmark); Dino Solar Nikolic (Technical University of Denmark); Cosmo Lupo (University of Sheffield); Stefano Pirandola (University of York); Matthias Kolb (Austrian Institute of Technology); Christoph Pacher (Austrian Institute of Technology); Ulrik L. Andersen (Technical University of Denmark); Tobias Gehring (Technical University of Denmark)[abstract]
**Abstract:**Continuous-variable quantum key distribution offers a practical way for doing secure key exchange by means of broadband modulators and coherent detectors operating in the telecom band. Recent advances in theory and practice have improved the security and eased the system implementation. These include composable security with a finite number of distributed Gaussian-modulated coherent states and the use of pilot/reference signals and a real local oscillator for sharing the phase reference across the communicating parties. Here we report the first prepare-and-measure continuous-variable quantum key distribution experiment that can produce composable keys in the finite-size regime with security against collective attacks. Through novel improvements in the existing security proofs and a fast, yet low-noise and highly stable system operation, we obtain a secret key rate $>$5 Mbps over a 20 km long fiber channel. Our demonstration verifies the security of practical continuous-variable quantum key distribution when used for encryption or other cryptographic tasks.Presenter live session: Nitin Jain - QKD Attack Rating: Prioritizing is the key to Practical SecurityRupesh Kumar (University of York); Francesco Mazzoncini (Telecom Paris); Hao Qin (CAS Quantum Network); Romain Alléaume (Telecom Paris)[abstract]
**Abstract:**We have shown how to conduct QKD vulnerability assessment in practice, based on a sound methodology inherited from Common Criteria. Taking a running CV-QKD system as a reference platform, we have experimentally tested and rated two different attack paths exploiting a common threat: detector saturation. Our results illustrate the importance of rating attacks in order to prioritize the implementation of countermeasures and to steer the design and engineering of practical QKD systems towards the highest possible security standards, paving the way to their security certification.Presenter live session: Francesco Mazzoncini - Finite-size DIQKD with noisy preprocessing and random key measurementsErnest Y.-Z. Tan (ETH Zürich); Xavier Valcarce (Université Paris-Saclay); Pavel Sekatski (University of Geneva); Jean-Daniel Bancal (Université Paris-Saclay); René Schwonnek (Universität Siegen); Renato Renner (ETH Zürich); Nicolas Sangouard (Université Paris-Saclay); Charles C.-W. Lim (National University of Singapore)[abstract]
**Abstract:**The security of finite-length keys is essential for the implementation of device-independent quantum key distribution (DIQKD). Presently, there are several finite-size DIQKD security proofs, but they are mostly focused on standard DIQKD protocols and do not directly apply to the recent improved DIQKD protocols based on techniques such as noisy preprocessing and random key measurements. Here, we provide a general finite-size security proof that can simultaneously encompass these approaches, using tighter finite-size bounds than previous analyses. In doing so, we develop a method to compute tight lower bounds on the asymptotic keyrate for any such DIQKD protocol with binary inputs and outputs. With this, we show that positive asymptotic keyrates are achievable up to depolarizing noise values of 9.26%, exceeding all previously known noise thresholds. Furthermore, we also consider in greater detail a particular form of generalized CHSH inequality, and derive partial closed-form results for such cases. We discuss the potential advantage of this approach for realistic photonic implementations of DIQKD.Presenter live session: Ernest Y.-Z. Tan - Drone-based Quantum Key Distribution (QKD)Andrew Conrad (University of Illinois at Urbana-Champaign); Samantha Isaac (University of Illinois at Urbana-Champaign); Roderick Cochran (The Ohio State University); Daniel Sanchez-Rosales (The Ohio State University); Akash Gutha (The Ohio State University); Tahereh Rezaei (University of Illinois at Urbana-Champaign); Brian Wilens (University of Illinois at Urbana-Champaign); Daniel Gauthier (The Ohio State University); Paul Kwiat (University of Illinois at Urbana-Champaign)[abstract]
**Abstract:**Aerial Drones have been used in defense applications for decades, but recently the commercial use cases of drones have significantly increased to include package delivery, taxis, aerial photography, disaster relief, and even delivery of COVID-19 vaccines. Typically drones rely on a plurality of in-flight sensors for navigation and external command and control signals for tasking. As drones continue to proliferate our skies, the need to secure communication between drone constellations will become increasingly important, since the unmanned nature of drones offers new attack vectors which are not present for platforms with human operators. Quantum security protocols such as Quantum Key Distribution (QKD) offer unique advantages over classical approaches to secure the command-and-control signals of current and future drone constellations. In this presentation, we will report progress towards demonstrating QKD between two drones in flight. Critical subsystems and characterization data will be presented such as the QKD source, which is based on a resonant cavity Light Emitting Diodes (LED), as well as a secondary QKD source based on a fiber-coupled polarization modulator. The Pointing Acquisition, and Tracking (PAT) system provides both course alignment using Infrared (IR) beacons and cameras and fine alignment is achieved using Fast Steering Mirrors (FSM) and feedback position sensors. We will discuss QKD optical payloads, which were fabricated using a 3D printed bench to achieve a compact size and weight, single-photon detectors, an FPGA-based time-tagger and two time-synchronization approaches. Providing quantum security to emerging drone networks, including airborne and ground-based systems such as self-driving cars, is a critical enabling technology required to extend the future quantum internet to mobile platforms, with could play an essential role, e.g., for reconfigurable distributed quantum sensors.Presenter live session: Andrew Conrad - Medical Data Protection in transit and at rest during the OpenQKD testbed operation in GrazHannes Hübel (AIT Austrian Institute of Technology); Andreas Poppe (AIT Austrian Institute of Technology); Florian Kutschera (AIT Austrian Institute of Technology); Werner Strasser (fragmentiX Storage Solutions GmbH); Bernhard Zatoukal (fragmentiX Storage Solutions GmbH); Kurt Zatloukal (Medical University Graz); Heimo Müller (Medical University Graz); Sigurd Lax (Hospital LKH-Graz II)[abstract]
**Abstract:**We present data from a medical use-case demonstration from the OpenQKD project. The demonstration combined QKD with Secret Sharing to secure medical data both in transit and at rest. The network with 4 nodes and 4 links was running for more than two months in a deployed inner-city fiber network.Presenter live session: Andreas Poppe - Hidden Cosets and Applications to Unclonable CryptographyAndrea Coladangelo (University of California, Berkeley); Jiahui Liu (University of Texas at Austin); Qipeng Liu (Princeton University); Mark Zhandry (Princeton University & NTT Research)[abstract]
**Abstract:**In 2012, Aaronson and Christiano introduced the idea of hidden subspace states to build public-key quantum money [STOC '12]. Since then, this idea has been applied to realize several other cryptographic primitives which enjoy some form of unclonability. In this work, we propose a generalization of hidden subspace states to hidden coset states. We study different unclonable properties of coset states and several applications: (*) We show that, assuming indistinguishability obfuscation (iO), hidden coset states possess a certain direct product hardness property, which immediately implies a tokenized signature scheme in the plain model. Previously, a tokenized signature scheme was known only relative to an oracle, from a work of Ben-David and Sattath [QCrypt '17]. (*) Combining a tokenized signature scheme with extractable witness encryption, we give a construction of an unclonable decryption scheme in the plain model. The latter primitive was recently proposed by Georgiou and Zhandry [ePrint '20], who gave a construction relative to a classical oracle. (*) We conjecture that coset states satisfy a certain natural monogamy-of-entanglement property. Assuming this conjecture is true, we remove the requirement for extractable witness encryption in our unclonable decryption construction. As potential evidence in support of the conjecture, we prove a weaker version of this monogamy property, which we believe will still be of independent interest. (*) Finally, we give the first construction of a copy-protection scheme for pseudorandom functions (PRFs) in the plain model. Our scheme is secure either assuming iO, onw-way functions (OWFs) and extractable witness encryption, or assuming iO, OWFs, compute-and-compare obfuscation and the conjectured monogamy property mentioned above. This is the first example of a copy-protection scheme with provable security in the plain model for a class of functions that is not evasive.Presenter live session: Qipeng Liu - Device-independent lower bounds on the conditional von Neumann entropyPeter Brown (ENS Lyon); Hamza Fawzi (University of Cambridge); Omar Fawzi (ENS Lyon)[abstract]
**Abstract:**The rates of several device-independent (DI) protocols, including quantum key-distribution (QKD) and randomness expansion (RE), can be computed via an optimization of the conditional von Neumann entropy over a particular class of quantum states. In this work we introduce a numerical method to compute lower bounds on such rates. Our rate calculations are valid for systems on general separable Hilbert spaces and we also investigate the convergence of our method to the actual rate, proving convergence in certain situations. Applying our method to compute the rates of DI-RE and DI-QKD protocols we find substantial improvements over all previous numerical techniques, demonstrating significantly higher rates for both DI-RE and DI-QKD. In particular, for DI-QKD we show a new minimal detection efficiency threshold which is within the realm of current capabilities. Moreover, we demonstrate that our method is able to converge rapidly by recovering instances of all known tight analytical bounds. Finally, we note that our method is compatible with the entropy accumulation theorem and can thus be used to compute rates of finite round protocols and subsequently prove their security.Presenter live session: Peter Brown - Quantum conference key agreement using photonic graph stateJoseph Ho (Heriot-Watt University); Alex Pickston (Heriot-Watt University); Francesco Graffitti (Heriot-Watt University); Federico Grasselli (Heinrich Heine University Dusseldorf); Chris L Morrison (Heriot-Watt University); Massimiliano Proietti (Heriot-Watt University); Andres Ulibarrena (Heriot-Watt University); Alessandro Fedrizzi (Heriot-Watt University)[abstract]
**Abstract:**Quantum conference key agreement (CKA) is a cryptographic task for sharing a secret common key between multiple users. CKA has been established as a network protocol that can leverage multipartite entanglement (NQKD) to gain an advantage over contemporary two-party communication primitives (2QKD). Specifically, when performing QCKA in constrained quantum networks, e.g., with limited channel capacities, NQKD schemes can produce the conference key between N users with up to an N-1 rate advantage over 2QKD. QCKA has previously been implemented by direct transmission of a 4-photon GHZ state, however did not show the advantage comparison. Here we show this advantage using a universal network resource represented by a 6-qubit photonic graph state.Presenter live session: Joseph Ho - Privacy amplification and decoupling without smoothingFrédéric Dupuis (Université de Montréal)[abstract]
**Abstract:**We prove an achievability result for privacy amplification and decoupling in terms of the sandwiched Rényi entropy of order α ∈ (1,2]; this extends previous results which worked for α=2. The fact that this proof works for α close to 1 means that we can bypass the smooth min-entropy in the many applications where the bound comes from the fully quantum AEP or entropy accumulation (EAT), and carry out the whole proof using the Rényi entropy, thereby easily obtaining an error exponent for the final task. This effectively replaces smoothing, which is a difficult high-dimensional optimization problem, by an optimization problem over a single real parameter α. This can be applied directly to QKD security proofs---including device independent protocols---by combining it with the entropy accumulation theorem.Presenter live session: Frédéric Dupuis - Quantum Private BroadcastingAnne Broadbent (University of Ottawa); Carlos E. Gonzalez-Guillen (Universidad Politecnica de Madrid); Christine Schuknecht (University of Ottawa)[abstract]
**Abstract:**In Private Broadcasting, a single plaintext is broadcast to multiple recipients in an encrypted form, such that each recipient can decrypt locally. When the message is classical, a straightforward solution is to encrypt the plaintext with a single key shared among all parties, and to send to each recipient a copy of the ciphertext. Surprisingly, the analogous method is insufficient in the case where the message is quantum (i.e. in Quantum Private Broadcasting (QPB)). In this work, we give three solutions to QPB and compare them in terms of key lengths. The first method is the independent encryption with the quantum one-time pad, which requires a key linear in the number of recipients, t. We show that the key length can be decreased to be logarithmic in t by using unitary t-designs. Our main contribution is to show that this can be improved to a key length that is polynomial in the dimension of the symmetric subspace, using a new concept that we define of symmetric unitary t-designs, that may be of independent interest.Presenter live session: Christine Schuknecht - On the Round Complexity of Secure Quantum ComputationJames Bartusek (UC Berkeley); Andrea Coladangelo (UC Berkeley); Dakshita Khurana (UIUC); Fermi Ma (Princeton University and NTT Research)[abstract]
**Abstract:**We construct the first constant-round protocols for secure quantum computation in the two-party (2PQC) and multi-party (MPQC) settings with security against malicious adversaries. Our protocols are in the common random string (CRS) model. - Assuming two-message oblivious transfer (OT), we obtain (i) three-message 2PQC, and (ii) five-round MPQC with only three rounds of online (input-dependent) communication; such OT is known from quantum-hard Learning with Errors (QLWE). - Assuming sub-exponential hardness of QLWE, we obtain (i) three-round 2PQC with two online rounds and (ii) four-round MPQC with two online rounds. - When only one (out of two) parties receives output, we achieve minimal interaction (two messages) from two-message OT; classically, such protocols are known as non-interactive secure computation (NISC), and our result constitutes the first maliciously-secure quantum NISC. Additionally assuming reusable malicious designated-verifier NIZK arguments for NP (MDV-NIZKs), we give the first MDV-NIZKs for QMA that only require one copy of the witness. Finally, we perform a preliminary investigation into two-round secure quantum computation where each party must obtain output. On the negative side, we identify a broad class of simulation strategies that suffice for classical two-round secure computation that are unlikely to work in the quantum setting. Next, as a proof-of-concept, we show that two-round secure quantum computation exists with respect to a quantum oracle.Presenter live session: James Bartusek - Device-independent protocols from computational assumptionsTony Metger (ETH Zurich); Yfke Dulek (QuSoft and CWI Amsterdam); Andrea Coladangelo (University of California, Berkeley); Rotem Arnon-Friedman (Weizmann Institute of Science); Thomas Vidick (California Institute of Technology)[abstract]
**Abstract:**Device-independent protocols use untrusted quantum devices to achieve a cryptographic task. Such protocols are typically based on Bell inequalities and require the assumption that the quantum device is composed of separated non-communicating components. In this submission, we present protocols for self-testing and device-independent quantum key distribution (DIQKD) that are secure even if the components of the quantum device can exchange arbitrary quantum communication. Instead, we assume that the device cannot break a standard post-quantum cryptographic assumption. Importantly, the computational assumption only needs to hold during the protocol execution and only applies to the (adversarially prepared) device in possession of the (classical) user, while the adversary herself remains unbounded. The output of the protocol, e.g. secret keys in the case of DIQKD, is information-theoretically secure. For our self-testing protocol, we build on a recently introduced cryptographic tool (Brakerski et al., FOCS 2018; Mahadev, FOCS 2018) to show that a classical user can enforce a bipartite structure on the Hilbert space of a black-box quantum device, and certify that the device has prepared and measured a state that is entangled with respect to this bipartite structure. Using our self-testing protocol as a building block, we construct a protocol for DIQKD that leverages the computational assumption to produce information-theoretically secure keys. The security proof of our DIQKD protocol uses the self-testing theorem in a black-box way. Our self-testing theorem thus also serves as a first step towards a more general translation procedure for standard device-independent protocols to the setting of computationally bounded (but freely communicating) devices.Presenter live session: Tony Metger - System Integration of Photonic Integrated Quantum Communications ChipsTaofiq K Paraiso (Toshiba Europe Ltd); Thomas Roger (Toshiba Europe Ltd); Davide G Marangon (Toshiba Europe Ltd); Innocenzo De Marco (Toshiba Europe Ltd); Mirko Sanzaro (Toshiba Europe Ltd); Robert I Woodward (Toshiba Europe Ltd); James F Dynes (Toshiba Europe Ltd); Zhiliang Yuan (Toshiba Europe Ltd); Andrew J Shields (Toshiba Europe Ltd)[abstract]
**Abstract:**Integrated photonics presents an opportunity for low-cost and highly-reproducible quantum cryptographic systems. However, due to numerous challenges such as packaging, power consumption and interfacing multiple chips in real, a standalone deployable photonic integrated system is still missing. Here we address all these challenges to present a real-time quantum communication system using integrated photonics. The system operated without intervention over multiple days and is capable of secure key rates of > 470 kbps over 10 km of fiberPresenter live session: Robert Woodward - Post-quantum Resettably-Sound Zero KnowledgeNir Bitansky (Tel Aviv University); Michael Kellner (Tel Aviv University); Omri Shmueli (Tel Aviv University)[abstract]
**Abstract:**We study post-quantum zero-knowledge (classical) protocols that are sound against quantum resetting attacks. Our model is inspired by the classical model of resetting provers (Barak-Goldreich-Goldwasser-Lindell, FOCS `01), providing a malicious efficient prover with oracle access to the verifier's next-message-function, fixed to some initial random tape; thereby allowing it to effectively reset (or equivalently, rewind) the verifier. In our model, the prover has quantum access to the verifier's function, and in particular can query it in superposition. The motivation behind quantum resettable soundness is twofold: First, ensuring a strong security guarantee in scenarios where quantum resetting may be possible (e.g., smart cards, or virtual machines). Second, drawing intuition from the classical setting, we hope to improve our understanding of basic questions regarding post-quantum zero knowledge. We prove the following results: Black-Box Barriers: Quantum resetting exactly captures the power of black-box zero knowledge quantum simulators. Accordingly, resettable soundness cannot be achieved in conjunction with black-box zero knowledge, except for languages in \BQP. Leveraging this, we prove that constant-round public-coin, or three message, protocols cannot be black-box post-quantum zero-knowledge. For this, we show how to transform such protocols into quantumly resettably sound ones. The transformations are similar to classical ones, but their analysis is significantly more challenging due to the essential difference between classical and quantum resetting. A Resettably-Sound Non-Black-Box Zero-Knowledge Protocol: Under the (quantum) Learning with Errors assumption and quantum fully-homomorphic encryption, we construct a post-quantum resettably-sound zero knowledge protocol for \NP. We rely on non-black-box simulation techniques, thus overcoming the black-box barrier for such protocols. From Resettable Soundness to The Impossibility of Quantum Obfuscation: Assuming one-way functions, we prove that any quantumly-resettably-sound zero-knowledge protocol for \NP implies the impossibility of quantum obfuscation. Combined with the above result, this gives an alternative proof to several recent results on quantum unobfuscatability.Presenter live session: Michael Kellner

## List of Accepted Posters

(in order of submission)

Download a zip-archive of all posters.

- Discrete-phase-randomized measurement-device-independent quantum key distributionZhu Cao (East China University of Science and Technology)[abstract]
**Abstract:**Measurement-device-independent quantum key distribution removes all detector-side attacks in quantum cryptography, and in the meantime doubles the secure distance. The source side, however, is still vulnerable to various attacks. In particular, the continuous phase randomization assumption on the source side is normally not fulfilled in experimental implementation and may potentially open a loophole. In this work, we first show that indeed there are loopholes for imperfect phase randomization in measurement-device-independent quantum key distribution by providing a concrete attack. Then we propose a discrete-phase-randomized measurement-device-independent quantum key distribution protocol as a solution to close this source-side loophole. [Phys. Rev. A 101, 062325] - Analysis of the effects of temperature increase on quantum random number generatorYuanhao Li (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Yangyang Fei (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Weilong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Xiangdong Meng (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Hong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Qianheng Duan (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology); Zhi Ma (State Key Laboratory of Mathematical Engineering and Advanced Computing,Henan Key Laboratory of Network Cryptography Technology)[abstract]
**Abstract:**Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the super-luminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase. - Classically Veriﬁable (Dual-Mode) NIZK for QMA with PreprocessingTomoyuki Morimae (Kyoto University); Takashi Yamakawa (NTT)[abstract]
**Abstract:**We propose three constructions of classically verifiable non-interactive proofs (CV-NIP) and non-interactive zero-knowledge proofs and arguments (CV-NIZK) for QMA in various preprocessing models. - Bell nonlocality is not sufficient for the security of standard device-independent quantum key distribution protocolsMáté Farkas (ICFO); Maria Balanzó-Juandó (ICFO); Karol Łukanowski (University of Warsaw); Jan Kołodyński (University of Warsaw); Antonio Acín (ICFO)[abstract]
**Abstract:**Device-independent quantum key distribution is a secure quantum cryptographic paradigm that allows two honest users to establish a secret key, while putting minimal trust in their devices. Most of the existing protocols have the following structure: First, a bipartite nonlocal quantum state is distributed between the honest users, who perform local projective measurements to establish nonlocal correlations. Then, they announce the implemented measurements and extract a secure key by post-processing their measurement outcomes. We show that no protocol of this form allows for establishing a secret key when implemented on certain entangled nonlocal states, namely on a range of entangled two-qubit Werner states. To prove this result, we introduce a technique for upper-bounding the asymptotic key rate of device-independent quantum key distribution protocols, based on a simple eavesdropping attack. Our results imply that either different tools---such as different reconciliation techniques or non-projective measurements---are needed for device-independent quantum key distribution in the large-noise regime, or Bell nonlocality is not sufficient for this task. - Certified Quantum Random Numbers from Untrusted LightDavid Drahi (University of Oxford); Nathan Walk (Freie Universität); Matty J Hoban (Goldsmiths, University of London); Aleksey K Federov (Russian Quantum Center); Roman Shakhovoy (Russian Quantum Center); Yury Kurochkin (Russian Quantum Center); Akky Feimov (Russian Quantum Center); W Steven Kolthammer (Imperial College); Joshua Nunn (University of Bath); Jonathan Barrett (University of Oxford); Ian A Walmsley (Imperial College)[abstract]
**Abstract:**A remarkable aspect of quantum theory is that certain measurement outcomes are entirely unpredictable to all possible observers. Such quantum events can be harnessed to generate numbers whose randomness is asserted based upon the underlying physical processes. We formally introduce, design, and experimentally demonstrate an ultrafast optical quantum random number generator that uses a totally untrusted photonic source. While considering completely general quantum attacks and using dedicated FPGA hardware for post-processing, we certify and generate in real time random numbers at a rate of 8.05 Gb/s with a composable security parameter of 10^{−10}. Composable security is the most stringent and useful security paradigm because any given protocol remains secure even if arbitrarily combined with other instances of the same, or other, protocols, thereby allowing the generated randomness to be utilized for arbitrary applications in cryptography and beyond. This work achieves the fastest generation of composably secure quantum random numbers ever reported. - A model for optimizing quantum key distribution with continuous-wave-pumped entangled-photon sourcesSebastian Philipp Neumann (IQOQI Vienna, Austria); Thomas Scheidl (IQOQI Vienna, Austria); Mirela Selimovic (IQOQI Vienna, Austria); Matej Pivoluska (IQOQI Vienna, Austria); Bo Liu (College of Advanced Interdisciplinary Studies, NUDT, Changsha, China); Martin Bohmann (IQOQI Vienna, Austria); Rupert Ursin (IQOQI Vienna, Austria)[abstract]
**Abstract:**Quantum Key Distribution (QKD) allows unconditionally secure communication based on the laws of quantum mechanics rather then assumptions about computational hardness. Optimizing the operation parameters of a given QKD implementation is indispensable in order to achieve high secure key rates. So far, there exists no model that accurately describes entanglement-based QKD with continuous-wave pump lasers. For the first time, we analyze the underlying mechanisms for QKD with temporally uniform pair-creation probabilities and develop a simple but accurate model to calculate optimal trade-offs for maximal secure key rates. In particular, we find an optimization strategy of the source brightness for given losses and detection-time resolution. All experimental parameters utilized by the model can be inferred directly in standard QKD implementations, and no additional assessment of device performance is required. Comparison with experimental data shows the validity of our model. Our results yield a tool to determine optimal operation parameters for already existing QKD systems, to plan a full QKD implementation from scratch, and to determine fundamental key rate and distance limits of given connections. - Quantum Computationally Predicate-Binding Commitments with Application in Quantum Zero-Knowledge Arguments for NPJun Yan (Jinan University)[abstract]
**Abstract:**A quantum bit commitment scheme is to realize bit (rather than qubit) commitment by exploiting quantum communication and quantum computation. In this work, we study the binding property of the quantum string commitment scheme obtained by composing a generic quantum computationally-binding bit commitment scheme in parallel. We show that the resulting scheme satisfies a stronger quantum computational binding property than the trivial honest-binding, which we call predicate-binding. Intuitively and very roughly, the predicate-binding property guarantees that given any inconsistent predicate pair over a set of strings (i.e. no strings in this set can satisfy both predicates), if a (claimed) quantum commitment can be opened so that the revealed string satisfies one predicate with certainty, then the same commitment cannot be opened so that the revealed string satisfies the other predicate except for a negligible probability. As an application, we plug a generic quantum perfectly(resp. statistically)-hiding computationally-binding bit commitment scheme in Blum's zero-knowledge protocol for the NP-complete language Hamiltonian Cycle. The quantum computational soundness of the resulting protocol will follow immediately from the quantum computational predicate-binding property of commitments. Combined with the perfect(resp. statistical) zero-knowledge property which can be similarly established as [Watrous], as well as known constructions of quantum computationally-binding bit commitment scheme, this gives rise to the first quantum perfect(resp. statistical) zero-knowledge argument system for all NP languages merely relying on quantum-secure one-way functions. - Quantum Receiver for Phase-Shift Keying at the Single-Photon LevelJasminder S. Sidhu (University of Strathclyde); Shuro Izumi (Technical University of Denmark); Jonas S. Neergaard-Nielsen (Technical University of Denmark); Cosmo Lupo (University of Sheffield); Ulrik L. Andersen (Technical University of Denmark)[abstract]
**Abstract:**Quantum enhanced receivers are endowed with resources to achieve higher sensitivities than conventional technologies. For application in optical communications, they provide improved discriminatory capabilities for multiple non-orthogonal quantum states. In this work, we propose and experimentally demonstrate a new decoding scheme for quadrature phase-shift encoded signals. Our receiver surpasses the standard quantum limit and outperforms all previously known non-adaptive detectors at low input powers. Unlike existing approaches, the receiver only exploits linear optical elements and on-off photo-detection. This circumvents the requirement for challenging feed-forward operations that limit communication transmission rates and can be readily implemented with current technology. - Quantum Private Information Retrieval for Quantum MessagesSeunghoan Song (Nagoya University); Masahito Hayashi (Southern University of Science and Technology)[abstract]
**Abstract:**Quantum private information retrieval (QPIR) for quantum messages is the protocol in which a user retrieves one of the multiple quantum states from one or multiple servers without revealing which state is retrieved. We consider QPIR in two different settings: the blind setting, in which the servers contain one copy of the message states, and the visible setting, in which the servers contain the description of the message states. One trivial solution in both settings is downloading all states from the servers and the main goal of this paper is to find more efficient QPIR protocols. First, we prove that the trivial solution is optimal for one-server QPIR in the blind setting. In one-round protocols, the same optimality holds even in the visible setting. On the other hand, when the user and the server share entanglement, we prove that there exists an efficient one-server QPIR protocol in the blind setting. Furthermore, in the visible setting, we prove that it is possible to construct symmetric QPIR protocols in which the user obtains no information of the non-targeted messages. We construct two-server symmetric QPIR protocols. Note that symmetric classical PIR is impossible without shared randomness unknown to the user. - A Cryptographic approach to Quantum MetrologyNathan Shettell (LIP6); Elham Kashefi (LIP6); Damian Markham (LIP6)[abstract]
**Abstract:**We derive a general framework for a quantum metrology scheme where the quantum probes are exchanged via an unsecured quantum channel. We construct two protocols for this task which offer a trade-off between difficulty of implementation and efficiency. We show that, for both protocols, a malicious eavesdropper cannot access any information regarding the unknown parameter. We further derive general inequalities regarding how the uncertainty in a resource state for quantum metrology can bias the estimate and the precision. From this, we link the effectiveness of the cryptographic part of the protocol to the effectiveness of the metrology scheme with a (potentially) malicious probe resource state. - Remote synchronization of multiple ultrafast multi-channel time taggersTorsten Langer (PicoQuant GmbH); Tino Roehlicke (PicoQuant GmbH); Maximilian Diedrich (PicoQuant GmbH); Max Tillmann (PicoQuant GmbH); Michael Wahl (PicoQuant GmbH)[abstract]
**Abstract:**Time-Correlated Single Photon Counting (TCSPC) and continuous time tagging of photon arrival times are very powerful tools in many areas of applied physics [1]. In optical quantum science, they are widely used for the characterization of non-classical light emitters and the detection of coincident photon arrival events. In light of the recent quantum technology initiatives, these timing devices play a central role as crucial technological building blocks. Here, we present a new scalable concept of multi-channel event timers with up to 64 channels, 5 ps digital resolution and accurate long-distance synchronization capabilities using the White Rabbit fiber network protocol [2]. We demonstrate a relative timing precision of about 40 ps to 50 ps r.m.s. over several kilometers distance in network topologies of different complexity and with different fiber lengths, with and without additional network traffic. One set of results measuring across 5 different devices in a simple star-topology using one White Rabbit switch is shown in Fig. 1 as an example. The new event timers have an extremely short dead time of <650 ps, which keeps up with the quick progress of development in the area of superconducting nanowires and other single photon detectors with short recovery times. The event timers feature two data interfaces to the host: a USB interface and a low-latency interface to external FPGAs, on which custom algorithms for real-time data processing can be implemented. In particular, the FPGA interface is presently being employed in a demonstrator of a high speed QKD system as part of the QuPAD project, funded by the German Federal Ministry of Eduaction and research, contract number 13N14953. The new design also provides several valuable features such as adjustable timing offsets for each input channel at full resolution, four external marker inputs for imaging and other synchronization tasks, as well as in/outputs for hardware driven experiment control, as established in various trendsetting instruments developed earlier [3-4]. References [1] P. Kapusta, M. Wahl, and R. Erdmann (eds.), Advanced Photon Counting - Applications, Methods, Instrumentation, (Springer International Publishing, 2015) [2] J. Serrano, P. Alvarez, M. Cattin, E. G. Cota, P. M. J. H. Lewis, T. Włostowski et al., "The White Rabbit Project", Proc. ICALEPCS TUC004, Kobe, Japan (2009). [3] M. Wahl, T. Roehlicke, S. Kulisch, S. Rohilla, B. Kraemer and A.C. Hocke, "Photon arrival time tagging with many channels, sub-nanosecond deadtime, very high throughput, and fiber optic remote synchronization", Rev. Sci. Instrum. 91, 013108 (2020). [4] M. Wahl, H.-J. Rahn, T. Roehlicke, R. Erdmann, G. Kell, A. Ahlrichs, M. Kernbach, A.W. Schell, and O. Benson, "Integrated multichannel photon timing instrument with very short dead time and high throughput ", Rev. Sci. Instrum. 84, 043102 (2013). - Improving the performance of reference-frame-independent quantum key distribution through a turbulent atmosphereYang Xue (Air Force Engineering University); Lei Shi (Air Force Engineering University)[abstract]
**Abstract:**Reference-frame-independent quantum key distribution (RFI-QKD) can dispense with the requirements of active alignment on reference frames between legitimate users, which is beneficial for free-space implementation. However, the fluctuating transmittance due to atmospheric turbulence still remains a great challenge for improving the performance and has been seldom addressed. In this paper we extend the recently proposed prefixed-threshold real-time selection method to RFI-QKD while combining practical consideration of the transmittance probability distribution model based on the finite aperture theory. Through numerical simulations, we present an estimation for the variance of the log-normal model with respect to distance and receiving aperture radius, and demonstrate the effectiveness of using this method in the RFI protocol. Considering the finite-key effects, simulation results show that the gap of the key rate with different reference frame deviations can be alleviated by increasing the data size. By adopting this method one can tolerate more serious transmission loss, especially in strong turbulence cases, which is helpful for future free-space experimental designs. - Finite-key analysis of loss-tolerant quantum key distribution based on random sampling theoryGuillermo Currás-Lorenzo (University of Leeds); Álvaro Navarrete (University of Vigo); Margarida Pereira (University of Vigo); Kiyoshi Tamaki (University of Toyama)[abstract]
**Abstract:**The core of security proofs of quantum key distribution (QKD) is the estimation of a parameter that determines the amount of privacy amplification that the users need to apply in order to distil a secret key. To estimate this parameter using the observed data, one needs to apply concentration inequalities, such as random sampling theory or Azuma’s inequality. The latter can be straightforwardly employed in a wider class of QKD protocols, including those that do not rely on mutually unbiased encoding bases, such as the loss-tolerant (LT) protocol. However, when applied to real-life finite-length QKD experiments, Azuma’s inequality typically results in substantially lower secret-key rates. Here, we propose an alternative security analysis of the LT protocol against general attacks, for both its prepare-and-measure and measure-device-independent versions, that is based on random sampling theory. Consequently, our security proof provides considerably higher secret-key rates than the previous finite-key analysis based on Azuma’s inequality. This work opens up the possibility of using random sampling theory to provide alternative security proofs for other QKD protocols. - On-Chip Quantum Autoencoder for Teleportation of High-Dimensional Quantum StatesHui Zhang (Nanyang Technological University); Lingxiao Wan (Nanyang Technological University); Tobias Haug (National University of Singapore); Wai-Keong Mok (National University of Singapore); Hong Cai (Institute of Microelectronics, A*STAR (Agency for Science, Technology and Research)); Muhammad Faeyz Karim (Nanyang Technological University); Kwek Leong Chuan (Nanyang Technological University; National University of Singapore; National Institute of Education, Singapore); Ai Qun Liu (Nanyang Technological University)[abstract]
**Abstract:**Currently most quantum teleportation experiments are based on qubits. Here, we demonstrate a quantum autoencoder assisted teleportation for high-dimensional quantum states. Our method of training the autoencoder allows us to take a finite sample of those states, learn how to compress them to qubits with nearly unit fidelity. After training, we can teleport any further states from the sender and reconstruct them with high fidelity on the receiver part. We verify the proposed scheme by teleporting a qutrit via a silicon-photonic chip. High fidelity is achieved between the input qutrit and the qutrit recovered from the teleported qubit. - An integrated heterogeneous superconducting–silicon-photonic platform for measurement-device-independent quantum key distributionXiaodong Zheng (Nanjing University); Peiyu Zhang (Nanjing University); Renyou Ge (Sun Yat-sen University); Liangliang Lu (Nanjing University); Guanglong He (Nanjing University); Qi Chen (Nanjing University); Fangchao Qu (Nanjing University); Labao Zhang (Nanjing University); Xinlun Cai (Sun Yat-sen University); Yanqing Lu (Nanjing University); Shining Zhu (Nanjing University); Peiheng Wu (Nanjing University); Xiao-Song Ma (Nanjing University)[abstract]
**Abstract:**Integrated photonics provides a route both to miniaturize quantum key distribution (QKD) devices and to enhance their performance. A key element for discrete-variable QKD is single-photon detector. It is necessary to integrate such device onto a photonic chip to enable the realization of practical and scalable quantum networks. Here, we report a successful interfacing of Complementary Metal-Oxide-Semiconductor (CMOS)-compatible silicon nanophotonics with optical waveguide-integrated superconducting nanowire single-photon detector (SNSPD). We perform the first optimal Bell-state measurement (BSM) of time-bin encoded qubits generated from two independent lasers benefited from the reduced dead time of SNSPD ∼3.4 ns. The optimal BSM enables an increased key rate of measurement-device-independent QKD, which is immune to all attacks against the detection system and hence provides the basis for a QKD network with untrusted relays. Together with the time-multiplexed technique, we have enhanced the sifted key rate by almost one order of magnitude. Combined with integrated QKD transmitters, a scalable, chip-based and cost-effective QKD network should become realizable in the near future. - A simple low-latency real-time certifiable quantum random number generatorYanbao Zhang (NTT Basic Research Lab); Hsin-Pin Lo (NTT Basic Research Lab); Alan Mink (NIST); Takuya Ikuta (NTT Basic Research Lab); Toshimori Honjo (NTT Basic Research Lab); Hiroki Takesue (NTT Basic Research Lab); William J. Munro (NTT Basic Research Lab)[abstract]
**Abstract:**Quantum random numbers distinguish themselves from others by their intrinsic unpredictability arising from the principles of quantum mechanics. As such they are extremely useful in many scientific and real-world applications with considerable efforts going into their realizations. Most demonstrations focus on high asymptotic generation rates. For this goal, a large number of repeated trials are required to accumulate a significant store of certifiable randomness, resulting in a high latency between the initial request and the delivery of the requested random bits. Here we demonstrate low-latency real-time certifiable quantum randomness generation from measurements on photonic time-bin states. For this, we develop methods to efficiently certify randomness taking into account adversarial imperfections in both the state preparation and the measurement apparatus. Every 0.12 seconds we generate a block of 8192 random bits which are certified against all quantum adversaries with an error bounded by 2^{-64}. Our quantum random number generator is thus well suited for realizing a continuously operating, high-security, and high-speed quantum randomness beacon. - Efficient verification of continuous-variable quantum states and devices without assuming identical and independent operationsYadong Wu (Hong Kong University); Ge Bai (Hong Kong University); Giulio Chiribella (Hong Kong University); Nana Liu (Shanghai Jiao Tong University)[abstract]
**Abstract:**Continuous-variable quantum information, encoded into in finite-dimensional quantum systems, is a promising platform for the realization of many quantum information protocols, including quantum computation, quantum metrology, quantum cryptography, and quantum communication. To successfully demonstrate these protocols, an essential step is the certi fication of multimode continuous variable quantum states and quantum devices. This problem is well studied under the assumption that multiple uses of the same device result into identical and independently distributed (i.i.d.) operations. However, in realistic scenarios, identical and independent state preparation and calls to the quantum devices cannot be generally guaranteed. Important instances include adversarial scenarios and instances of time-dependent and correlated noise. In this paper, we propose the first set of reliable protocols for verifying multimode continuous-variable entangled states and devices in these non-i.i.d scenarios. - Impossibility of composable Oblivious Transfer in relativistic quantum cryptographyLorenzo Laneve (Department of Computer Science, ETH Zurich); Lidia del Rio (Institute for Theoretical Physics, ETH Zurich)[abstract]
**Abstract:**We prove impossibility of composable oblivious transfer in relativistic and quantum settings, and provide constructions between different versions of oblivious transfer and bit commitment. We do so in the abstract cryptography framework, with cryptographic resources instantiated as causal boxes in Minkowski space. This paper can be seen as an application of Vilasini et al’s approach to other cryptographic primitives. - QEnclave - A composable treatment of quantum trusted execution environmentsYao Ma (LIP6, Sorbonne Université and VeriQloud); Elham Kashefi (LIP6, Sorbonne Université and School of Informatics, University of Edinburgh); Myrto Arapinis (School of Informatics, University of Edinburgh); Kaushik Chakraborty (School of Informatics, University of Edinburgh); Marc Kaplan (VeriQloud)[abstract]
**Abstract:**We introduce a secure hardware device named a QEnclave that can secure the remote execution of quantum operations while only using classical controls. This device extends to quantum computing the classical concept of a secure enclave which isolates a computation from its environment to provide privacy and tamper-resistance. Remarkably, our QEnclave only performs single-qubit rotations, but can nevertheless be used to secure an arbitrary quantum computation even if the qubit source is controlled by an adversary. More precisely, attaching a QEnclave to a quantum computer, a remote client controlling the QEnclave can securely delegate its computation to the server solely using classical communication. We investigate the security of our QEnclave by modeling it as an ideal functionality named Remote State Rotation. We show that this resource allows blind delegated quantum computing with perfect security. Our proof relies on standard tools from delegated quantum computing. Working in the Abstract Cryptography framework, we show a construction of remote state preparation from remote state rotation preserving the security. An immediate consequence is the weakening of the requirements for blind delegated computation. While previous delegated protocols were relying on a client that can either generate or measure quantum states, we show that this same functionality can be achieved with a client that only transforms quantum states without generating or measuring them. Combined with known impossibility results for implementing remote state preparation with classical communication, our construction suggests a new way for blind secure delegated computation. Computational assumptions that circumvent this impossibility induce large overheads that prevent their practical use. But our approach does not increase the complexity of the problem, and relies on hardware assumptions that are already used in practice for classical computations. It hence provides a better way of implementing blind remote delegation on real quantum computing systems. - Quantum Secure Direct Communication with Mutual Authentication using a Single BasisNayana Das` (Indian Statistical Institute, Kolkata); Goutam Paul (Indian Statistical Institute, Kolkata); Ritajit Majumdar (Indian Statistical Institute, Kolkata)[abstract]
**Abstract:**In this paper, we propose a new theoretical scheme for quantum secure direct communication (QSDC) with user authentication. Different from the previous QSDC protocols, the present protocol uses only one orthogonal basis of single-qubit states to encode the secret message. Moreover, this is a one-time and one-way communication protocol, which uses qubits prepared in a randomly chosen arbitrary basis, to transmit the secret message. We discuss the security of the proposed protocol against some common attacks and show that no eavesdropper can get any information from the quantum and classical channels. We have also studied the performance of this protocol under realistic device noise. We have executed the protocol in the IBMQ Armonk device and proposed a repetition code-based protection scheme that requires minimal overhead. - Multi-photon and side-channel attacks in mistrustful quantum cryptographyMathieu Bozzio (University of Vienna); Adrien Cavailles (Sorbonne Université); Eleni Diamanti (Sorbonne Université); Adrian Kent (University of Cambridge); Damián Pitalúa-García (University of Cambridge)[abstract]
**Abstract:**Mistrustful cryptography includes important tasks like bit commitment, oblivious transfer, coin flipping, secure computations, position authentication, digital signatures and secure unforgeable tokens. Practical quantum implementations presently use photonic setups. In many such implementations, Alice sends photon pulses encoding quantum states and Bob chooses measurements on these states. In practice, Bob generally uses single photon threshold detectors, which cannot distinguish the number of photons in detected pulses. Also, losses and other imperfections require Bob to report the detected pulses. Thus, malicious Alice can send and track multi-photon pulses and thereby gain information about Bob's measurement choices, violating the protocols' security. Here, we provide a theoretical framework for analysing such multi-photon attacks, and present known and new attacks. We illustrate the power of these attacks with an experiment, and study their application to earlier experimental demonstrations of mistrustful quantum cryptography. We analyse countermeasures based on selective reporting and prove them inadequate. We also discuss side-channel attacks where Alice controls further degrees of freedom or sends other physical systems. - Imperfect quantum oblivious transfer with one-sided securityDavid Reichmuth (IPaQS, Heriot-Watt University, Edinburgh, UK); Ittoop V. Puthoor (IPaQS, Heriot-Watt University, Edinburgh, UK); Petros Wallden (School of Informatics, University of Edinburgh, Edinburgh, UK); Erika Andersson (IPaQS, Heriot-Watt University, Edinburgh, UK)[abstract]
**Abstract:**Oblivious transfer (OT) is a cryptographic primitive which is universal for multiparty computation. Unfortunately, perfect information-theoretically (IT) secure quantum oblivious transfer is impossible (except with restrictions on cheating parties). Imperfect IT secure quantum oblivious transfer remains possible, but the smallest possible cheating probabilities are not known. Informally, in 1-out-of-2 oblivious transfer, a sender Alice has two bits x0, x1. A receiver Bob obtains one of these, xb, where b= 0 or b= 1. Alice should not be able to guess b, and Bob should not be able to guess the bit value he did not obtain. Bounds on cheating probabilities in quantum oblivious transfer have previously been investigated for complete protocols. “Complete” means that if sender Alice and receiver Bob both follow the protocol, the bit value Bob obtains correctly matches Alice’s bit value. Here we instead investigate incomplete protocols, where Bob obtains an incorrect bit value with probability pf. For complete protocols, both “classical” and quantum, it holds that if one party can cheat no better than with a random guess, then the other party can cheat perfectly. For incomplete protocols, in contrast, even with no restrictions on cheating parties, and when one party can cheat no better than with random guess, it is possible that the other party still cannot cheat perfectly; their cheating probability can be lower than in complete protocols. We find the optimal non-interactive protocols where Alice’s bit values are represented by four symmetric pure quantum states, and where Alice cannot cheat better than with a random guess. “Optimal” means that for a given pf, Bob’s cheating probability pr is as low as possible, and vice versa. We also show that quantum protocols can outperform classical non-interactive protocols. Our results also provide a lower bound on Bob’s cheating probability in interactive quantum protocols. An advantage of the non-interactive protocols we investigate is that they require neither entanglement nor quantum memory. The optimal protocols could be readily implemented using standard optical components. - Sub-exponential rate versus distance with time multiplexed quantum repeatersPrajit Dhara (Wyant College of Optical Sciences, The University of Arizona); Ashlesha Patil (Wyant College of Optical Sciences, The University of Arizona); Hari Krovi (Raytheon BBN Technologies); Saikat Guha (Wyant College of Optical Sciences, The University of Arizona)[abstract]
**Abstract:**Shared entanglement between two remote parties is a key resource for Quantum Cryptography. Quantum communications capacity using direct transmission over length-$L$ optical fiber scales as $R \sim e^{-\alpha L}$, where $\alpha$ is the fiber's loss coefficient. The rate achieved using a linear chain of quantum repeaters equipped with quantum memories, probabilistic Bell state measurements (BSMs) and switches used for spatial multiplexing, but no quantum error correction was shown to surpass the direct-transmission capacity. However, this rate still decays exponentially with the end-to-end distance, viz., $R \sim e^{-s{\alpha L}}$, with $s < 1$. We show that the introduction of temporal multiplexing---i.e., the ability to perform BSMs among qubits at a repeater node that were successfully entangled with qubits at distinct neighboring nodes at {\em different} time steps---leads to a sub-exponential rate-vs.-distance scaling, i.e., $R \sim e^{-t\sqrt{\alpha L}}$, which is not attainable with just spatial or spectral multiplexing. We evaluate analytical upper and lower bounds to this rate and obtain the exact rate by numerically optimizing the time-multiplexing block length and the number of repeater nodes. We further demonstrate that incorporating losses in the optical switches used to implement time-multiplexing degrades the rate-vs.-distance performance, eventually falling back to exponential scaling for very lossy switches. We also examine models for quantum memory decoherence and describe optimal regimes of operation to preserve the desired boost from temporal multiplexing. QM decoherence is seen to be more detrimental to the repeater's performance over switching losses. - Efficient Routing in Quantum Key Distribution Networks with Trusted Nodes and RepeatersOmar Amer (University of Connecticut); Walter O. Krawec (University of Connecticut); Bing Wang (University of Connecticut)[abstract]
**Abstract:**There are two critical challenges that must be addressed for Quantum Key Distribution (QKD) to achieve wide-scale adoption. First, overcoming distance limitations and second increasing secret key generation rates. Our work investigates the design of novel routing algorithms for near-future QKD networks to help mitigate these problems. The networks we consider also may serve as a bridge between today's QKD networks and the long-term goal of a true Quantum Internet. - Spooky action of a global distance: analysis of space-based entanglement distribution for the quantum internetSumeet Khatri (Louisiana State University); Anthony J. Brady (Louisiana State University); Renee A. Desporte (Louisiana State University); Manon P. Bart (Louisiana State University); Jonathan P. Dowling (Louisiana State University)[abstract]
**Abstract:**Recent experimental breakthroughs in satellite quantum communications have opened up the possibility of creating a global quantum internet using satellite links. This approach appears to be particularly viable in the near term, due to the lower attenuation of optical signals from satellite to ground, and due to the currently short coherence times of quantum memories. The latter prevents ground-based entanglement distribution using atmospheric or optical-fiber links at high rates over long distances. In this work, we propose a global-scale quantum internet consisting of a constellation of orbiting satellites that provides a continuous, on-demand entanglement distribution service to ground stations. The satellites can also function as untrusted nodes for the purpose of long-distance quantum-key distribution. We develop a technique for determining optimal satellite configurations with continuous coverage that balances both the total number of satellites and entanglement-distribution rates. Using this technique, we determine various optimal satellite configurations for a polar-orbit constellation, and we analyze the resulting satellite-to-ground loss and achievable entanglement-distribution rates for multiple ground station configurations. We also provide a comparison between these entanglement-distribution rates and the rates of ground-based quantum repeater schemes. Overall, our work provides the theoretical tools and the experimental guidance needed to make a satellite-based global quantum internet a reality. - Quantum Computing Chip with Error-Correction EncodingLingxiao Wan (Nanyang Technological University); Hui Zhang (Nanyang Technological University); Stefano Paesani (University of Bristol); Huihui Zhu (Nanyang Technological University); Bo Wang (Nanyang Technological University); Anthony Laing (University of Bristol); Leong Chuan Kwek (National University of Singapore); Ai-Qun Liu (Nanyang Technological University)[abstract]
**Abstract:**We design and fabricate a quantum photonic circuit to generate a 4-qubit state to load single qubit information and implement a quantum error correction code to demonstrate its capability of detecting and correcting a single-bit error. The encoded quantum information can be reconstructed from different types of errors and achieve an average state fidelity of 86%. We further extend the scheme to demonstrate fault-tolerant measurement-based quantum computing that allows us to redo the qubit operation against the failure of the teleportation process. - A Boson Sampling Chip for Graph Perfect MatchingLingxiao Wan (Nanyang Technological University); Zhu Huihui (Nanyang Technological University); Bo Wang (Nanyang Technological University); Hui Zhang (Nanyang Technological University); Leong Chuan Kwek (National University of Singapore); Ai-Qun Liu (Nanyang Technological University)[abstract]
**Abstract:**We map the perfect matching problem in graph theory to a reconfigurable GBS model with the connection of the Hafnian of a matrix. We configure the linear optical circuit and squeeze parameter of the GBS model according to the decomposed unitary matrix and diagonal matrix of the graph’s adjacency matrix. The perfect matching numbers can be directly acquired from the 4-photon coincidence counts with a distribution similarity of 0.9304. - Secure quantum key distribution with intensity correlationsVíctor Zapatero (University of Vigo, Spain); Álvaro Navarrete (University of Vigo, Spain); Marcos Curty (University of Vigo, Spain); Kiyoshi Tamaki (University of Toyama, Japan)[abstract]
**Abstract:**In decoy-state-based QKD, GHz clocked or higher frequency transmitters exhibit correlations between the intensities of succeeding pulses. As a consequence, every pulse leaks partial information about previous intensity settings to an eavesdropper, thus invalidating the fundamental principle of the decoy-states method, i.e., the independent character of the yields from the intensity settings. In this work, we present a technique that allows to incorporate arbitrary intensity correlations to the decoy-state analysis, thereby solving a pressing problem in the race towards practical high-speed QKD systems. As a side contribution, we present a non-standard derivation of the asymptotic key rate formula from the non-asymptotic one, in so revealing a largely dismissed necessary condition for the significance of the former. We discuss this condition in full detail. - Equivalence of three classical algorithms with quantum side information: Privacy amplification, error correction, and data compressionToyohiro Tsurumaru (Mitsubishi Electric Corporation)[abstract]
**Abstract:**Privacy amplification (PA) is an indispensable component in classical and quantum cryptography. Error correction (EC) and data compression (DC) algorithms are also indispensable in classical and quantum information theory. We here study these three algorithms (PA, EC, and DC) in the presence of quantum side information, and show that they all become equivalent in the one-shot scenario. As an application of this equivalence, we take previously known security bounds of PA, and translate them into coding theorems for EC and DC which have not been obtained previously. Further, we apply these results to simplify and improve our previous result that the two prevalent approaches to the security proof of quantum key distribution (QKD) are equivalent. We also propose a new method to simplify the security proof of QKD. - A real-time experimental QKD platform for quantum-secure telecom infrastructuresJan Krause (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Benedikt Lezius (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Richard Schilling (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Jonas Hilt (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Stefan Weide (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Nino Walenta (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Nicolas Perlot (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Ronald Freund (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI)[abstract]
**Abstract:**We present a quantum key distribution (QKD) platform targeting mid-range fiber, free-space and hybrid links. With its interfaces for third-party post-processing, commercial key management, encryptors and QRNG, the modular and flexible system enables easy integration into existing telecom infrastructures. Recent experiments demonstrate its seamless operation over fiber and free-space links. - Tamper Detection against Unitary OperatorsUpendra Kapshikar (Centre for Quantum Technologies, National university of Singapore); Naresh Goud Boddu (Centre for Quantum Technologies, National university of Singapore)[abstract]
**Abstract:**We consider (Enc, Dec) schemes which are used to encode a classical/quantum message m and derive an n-qubit quantum codeword ψ_m. The quantum codeword ψ_m can adversarially tamper via a unitary U∈F_u from some known tampering unitary family F_u, resulting in Uψ_mU†. Firstly, we initiate the general study of quantum tamper detection codes, which must detect that tampering occurred with high probability. In case there was no tampering, we would like to output the message m with a probability of 1. We show that quantum tamper detection codes exist for both classical messages and quantum messages for any family F_u of unitary operators, such that |F_u|<2^{2^{αn}} for some known constant α∈(0,1) and all the unitary operators satisfy one additional condition : Far from Identity : For each U∈F_u, we require that its modulus of trace value isn't too much i.e. $ |Trace(U)| \leq \phi N$, where N=2^n. Quantum tamper-detection codes are quantum generalizations of classical tamper detection codes studied by Jafargholi et al. Additionally for classical message m, if we must either output message m or detect that tampering occurred and output ⊥ with high probability, we show that it is possible without the restriction of Far from Identity condition for any family of unitary operators F_u, such that |F_u|<2^{2^αn}. We also provide efficient (Enc, Dec) schemes when the family of tampering unitary operators are from Pauli group Pn, which can be thought of as a quantum version of the algebraic manipulation detection (AMD) codes of Cramer et al. - Verifying BQP Computations on Noisy Devices with Minimal OverheadDominik Leichtle (Laboratoire d’Informatique de Paris 6, Sorbonne Université); Luka Music (Laboratoire d’Informatique de Paris 6, Sorbonne Université); Elham Kashefi (University of Edinburgh and CNRS LIP6 Sorbonne Universite); Harold Ollivier (INRIA)[abstract]
**Abstract:**With the development of delegated quantum computation, clients will want to ensure confidentiality of their data and algorithms, and the integrity of their computations. While protocols for blind and verifiable quantum computation exist, they suffer from high overheads and from over-sensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. We introduce the first blind and verifiable protocol for delegating BQP computations to a powerful server with repetition as the only overhead. It is composably statistically secure with exponentially-low bounds and can tolerate a constant amount of global noise. - Fast and Simple One-Way High-Dimensional Quantum Key DistributionKfir Sulimany (The Hebrew University of Jerusalem); Rom Dudkiewicz (The Hebrew University of Jerusalem); Simcha Korenblit (The Hebrew University of Jerusalem); Hagai S. Eisenberg (The Hebrew University of Jerusalem); Yaron Bromberg (The Hebrew University of Jerusalem); Michael Ben-Or (The Hebrew University of Jerusalem)[abstract]
**Abstract:**High-dimensional quantum key distribution (QKD) provides ultimate secure communication with secure key rates that cannot be obtained by QKD protocols with binary encoding. However, so far the proposed protocols required additional experimental resources, thus raising the cost of practical high-dimensional systems and limiting their use. Here, we analyze and demonstrate a novel scheme for fiber-based arbitrary-dimensional QKD, based on the most popular commercial hardware for binary time bins encoding. Quantum state transmission is tested over 40 km channel length of standard single-mode fiber, exhibiting a two-fold enhancement of the secret key rate in comparison to the binary Coherent One Way (COW) protocol, without introducing any hardware modifications. This work holds a great potential to enhance the performance of already installed QKD systems by software update alone. - Measurement-device-independent quantum key distribution with directly modulated lasersYuen San Lo (Toshiba Europe Ltd and University College London); Robert Woodward (Toshiba Europe Ltd and University of York); Mirko Pittaluga (Toshiba Europe Ltd and University of Leeds); Mariella Minder (Toshiba Europe Ltd and University of Cambridge); Taofiq Paraiso (Toshiba Europe Ltd); Marco Lucamarini (Toshiba Europe Ltd); Zhiliang Yuan (Toshiba Europe Ltd); Andrew Shields (Toshiba Europe Ltd)[abstract]
**Abstract:**We demonstrate a simple and compact MDI-QKD system design based on optical injection locking and gain-switching techniques, capable of directly encoding phase-modulated time-bin bits. Our results improve upon the state-of-the-art key rates by an order of magnitude. - Noise-Tolerant Quantum Tokens for MACAmit Behera (Ben-Gurion University); Or Sattath (Ben-Gurion University); Uriel Shinar (Ben-Gurion University)[abstract]
**Abstract:**Message Authentication Code or MAC, is a well-studied cryptographic primitive that is used in order to authenticate communication between two parties sharing a secret key. A Tokenized MAC or TMAC is a related cryptographic primitive, introduced by Ben-David & Sattath (QCrypt'17) which allows to delegate limited signing authority to third parties via the use of single-use quantum signing tokens. These tokens can be issued using the secret key, such that each token can be used to sign at most one document. We provide an elementary construction for TMAC based on BB84 states. Our construction can tolerate up to 14% noise, making it the first noise-tolerant TMAC construction. The simplicity of the quantum states required for our construction combined with the noise-tolerance, makes it practically more feasible than the previous TMAC construction. The TMAC is existentially unforgeable against adversaries with signing and verification oracles (i.e., analogous to EUF-CMA security for MAC), assuming post-quantum collision-resistant hash functions exist. - Hacking a Quantum Random Number GeneratorPeter Raymond Smith (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom); Davide Marangon (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom); Marco Lucamarini (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom;Department of Physics and York Centre for Quantum Technologies, University of York, YO10 5DD York, United Kingdom); Zhiliang Yuan (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom); Andrew Shields (Toshiba Europe Ltd, 208 Cambridge Science Park, Milton Road, Cambridge, CB4 0GZ, United Kingdom)[abstract]
**Abstract:**Random number generators underpin the security of current and future cryptographic systems and are therefore a likely target for attackers. Quantum random number generators have been hailed as the ultimate sources of randomness. However, as shown in this work, the susceptibility of the sensitive electronics required to implement such devices poses a serious threat to their security. We present the first out-of-band electromagnetic injection attack on a quantum random number generator through which an adversary can gain full control of the output. In our first experiment, the adversary forces the binary output of the generator to become an alternating string of 1s and 0s, with near 100% success. This attack may be spotted by a vigilant user performing statistical tests on their output strings. We therefore envisage a second more subtle attack in which the adversary forces the output to be a random pattern known to them, thus rendering any protection based on statistical tests ineffective. - Practical Parallel Self-testing of Bell States via Magic RectanglesSean A. Adamson (University of Edinburgh); Petros Wallden (University of Edinburgh)[abstract]
**Abstract:**Self-testing is a method to verify that one has a particular quantum state from purely classical statistics. For practical applications, such as device-independent delegated verifiable quantum computation, it is crucial that one self-tests multiple Bell states in parallel while keeping the quantum capabilities required of one side to a minimum. In this work, we use the $3 \times n$ magic rectangle games (generalisations of the magic square game) to obtain a self-test for $n$ Bell states where the one side needs only to measure single-qubit Pauli observables. The protocol requires small input sizes (constant for Alice and $O(\log n)$ bits for Bob) and is robust with robustness $O(n^{5/2} \sqrt{\varepsilon})$, where $\varepsilon$ is the closeness of the observed correlations to the ideal. To achieve the desired self-test we introduce a one-side-local quantum strategy for the magic square game that wins with certainty, generalise this strategy to the family of $3 \times n$ magic rectangle games, and supplement these nonlocal games with extra check rounds (of single and pairs of observables). - Thirty-six entangled officers of Euler and nonadditive quantum error-correcting codesSUHAIL AHMAD RATHER (Department of Physics, Indian Institute of Technology Madras, Chennai 600036, India); ADAM BURCHARDT (Institute of Theoretical Physics, Jagiellonian University, ul. Lojasiewicza 11, 30--348 Krakow, Poland); WOJCIEH BRUZDA (Institute of Theoretical Physics, Jagiellonian University, ul. Lojasiewicza 11, 30--348 Krakow, Poland); GRZEGORZ RACHEL MIELDZIOC (Center for Theoretical Physics, Polish Academy of Sciences, Al. Lotnikow 32/46, 02-668 Warszawa, Poland); ARUL LAKSHMINARAYAN (Department of Physics, Indian Institute of Technology Madras, Chennai 600036, India); KAROL ZYCZKOWSKI (Center for Theoretical Physics, Polish Academy of Sciences, Al. Lotnikow 32/46, 02-668 Warszawa, Poland)[abstract]
**Abstract:**The negative solution to the famous problem of 36 officers of Euler implies that there are no two orthogonal Latin squares of order six. We show that the problem has a solution, provided the officers are entangled, and construct orthogonal quantum Latin squares of this size. As a consequence, we find an Absolutely Maximally Entangled state AME(4,6) of four subsystems with six levels each, equivalently a 2-unitary matrix of size 36, which maximizes the entangling power among all bipartite unitary gates of this dimension, or a perfect tensor with four indices, each running from one to six. This special state deserves the appellation golden AME state as the golden ratio appears prominently in its elements. This result allows us to construct a pure non-additive quhex quantum error detection code ((3,6,2))_6, which saturates the Singleton bound and allows one to encode a 6-level state into a triplet of such states. - A Multi-Valued Quantum Fully Homomorphic Encryption SchemeYuanjing Zhang (Beihang University); Tao Shang (Beihang University); Jianwei Liu (Beihang University)[abstract]
**Abstract:**Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a noninteractive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multi-valued quantum point obfuscation. One is with single-qubit point obfuscation and the other is with multi-qubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators. - Quantum magic rectangles: Characterization and application to certified randomness expansionSean Adamson (University of Edinburgh); Petros Wallden (University of Edinburgh)[abstract]
**Abstract:**We study a generalization of the Mermin–Peres magic square game to arbitrary rectangular dimensions. After exhibiting some general properties, these rectangular games are fully characterized in terms of their optimal win probabilities for quantum strategies. We find that for $m \times n$ rectangular games of dimensions $m,n \geq 3$, there are quantum strategies that win with certainty, while for dimensions $1 \times n$ quantum strategies do not outperform classical strategies. The final case of dimensions $2 \times n$ is richer, and we give upper and lower bounds that both outperform the classical strategies. Finally, we apply our findings to quantum certified randomness expansion to find the noise tolerance and rates for all magic rectangle games. To do this, we use our previous results to obtain the winning probability of games with a distinguished input for which the devices give a deterministic outcome and follow the analysis of C. A. Miller and Y. Shi (2017). - Secure Software Leasing Without AssumptionsAnne Broadbent (University of Ottawa); Stacey Jeffery (QuSoft and CWI); Sébastien Lord (University of Ottawa); Supartha Podder (University of Ottawa); Aarthi Sundaram (Microsoft)[abstract]
**Abstract:**Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit C from a circuit class, SSL produces an encoding of C that enables a recipient to evaluate C, and also enables the originator of the software to verify that the software has been returned --- meaning that the recipient has relinquished the possibility of any further use of the software. Clearly, such a functionality is unachievable using classical information alone, since it is impossible to prevent a user from keeping a copy of the software. Recent results have shown the achievability of SSL using quantum information for a class of functions called compute-and-compare (these are a generalization of the well-known point functions). These prior works, however all make use of setup or computational assumptions. Here, we show that SSL is achievable for compute-and-compare circuits without any assumptions. Our technique involves the study of quantum copy-protection, which is a notion related to SSL, but where the encoding procedure inherently prevents a would-be quantum software pirate from splitting a single copy of an encoding for C into two parts, each of which enables a user to evaluate C. We show that point functions can be copy-protected without any assumptions, for a novel security definition involving one honest and one malicious evaluator; this is achieved by showing that from any quantum message authentication code, we can derive such an honest-malicious copy-protection scheme. We then show that a generic honest-malicious copy-protection scheme implies SSL; by prior work, this yields SSL for compute-and-compare functions. - Quantum Key Distribution with Few AssumptionsMarie Ioannou (GAP, University of Geneva); Maria Ana Pereira (GAP, University of Geneva); Davide Rusca (GAP, University of Geneva); Fadri Grünenfelder (GAP, University of Geneva); Alberto Boaron (GAP, University of Geneva); Matthieu Perrenoud (GAP, University of Geneva); Alastair A. Abbott (GAP, University of Geneva); Pavel Sekatski (GAP, University of Geneva); Jean-Daniel Bancal (Université Paris-Saclay, CEA, CNRS); Nicolas Maring (GAP, University of Geneva); Hugo Zbinden (GAP, University of Geneva); Nicolas Brunner (GAP, University of Geneva)[abstract]
**Abstract:**We investigate a class of partially device-independent quantum key distribution protocols based on a prepare-and-measure setup which simplifies their implementation. The security of the protocols is based on the assumption that Alice’s prepared states have limited overlaps, but no explicit bound on the Hilbert space dimension is required. The protocols are therefore immune to attacks on Bob’s device, such as blinding attacks. The users can establish a secret key while continuously monitoring the correct functioning of their devices through observed statistics. We report a proof- of-principle demonstration, involving mostly off-the-shelf equipment, as well as a high-efficiency superconducting nanowire detector. A positive key rate is demonstrated over a 4.8km low-loss optical fiber with finite-key analysis. The prospects of implementing these protocols over longer distances is discussed. - A non-interactive XOR quantum oblivious transfer protocolLara Stroh (Heriot-Watt University); Robert Stárek (Palacký University Olomouc); Ittoop V. Puthoor (Heriot-Watt University); Michal Mičuda (Palacký University Olomouc); Ladislav Mišta (Palacký University Olomouc); Miloslav Dušek (Palacký University Olomouc); Erika Andersson (Heriot-Watt University)[abstract]
**Abstract:**Oblivious transfer (OT) is an important cryptographic primitive for transmitting information between two non-trusting parties and can be used as basic building block to implement any two-party computation. One variant of OT is XOR oblivious transfer (XOT), where the sender Alice has two bits and sends them to the receiver Bob. Bob will obtain either the first bit, the second bit, or their XOR. In an honest run of the protocol, Bob should not learn anything more than this, and Alice should not be able to tell what Bob has learned. Unfortunately, perfect quantum OT is impossible with information-theoretic security, so we focus on obtaining the smallest possible cheating probabilities for dishonest parties, when there are no restrictions imposed on them. We present a non-interactive quantum XOT protocol with classical post-processing, where the cheating probabilities are 1/2 for Alice and 3/4 for Bob. Reversing this protocol, so that Bob becomes the sender of a quantum state and Alice the receiver who measures it, while still implementing oblivious transfer from Alice to Bob, we show that the cheating probabilities for both parties stay the same as for the unreversed protocol. The reversed protocol is even easier to implement. The quantum XOT protocol outperforms classical XOT protocols. Lastly, we are in the process of implementing both the unreversed and the reversed protocol experimentally. - Improved device-independent randomness expansion rates from tight bounds on the two sided randomness using CHSH testsRutvij Bhavsar (University of York); Sammy Ragy (University of York); Roger Colbeck (University of York)[abstract]
**Abstract:**A device-independent randomness expansion protocol aims to take an initial random string and generate a longer one, where the security of the protocol does not rely on knowing the inner workings of the devices used to run it. In order to do so, the protocol tests that the devices violate a Bell inequality and one then needs to bound the amount of extractable randomness in terms of the observed violation. The entropy accumulation theorem gives a bound in terms of the single-round von Neumann entropy of any strategy achieving the observed score. Tight bounds on this are known for the one-sided randomness when using the Clauser-Horne-Shimony-Holt (CHSH) game. Here we find the minimum von Neumann entropies for a given CHSH score relevant for one and two sided randomness that can be applied to various protocols. In particular, we show the gain that can be made by using the two-sided randomness and by using a protocol without spot-checking where the input randomness is recycled. We also discuss protocols that fully close the locality loophole while expanding randomness. Although our bounds are mostly numerical, we conjecture analytic formulae for the curves in two cases. - Coherent phase fluctuations suppression for real-world twin-field quantum key distributionIvo Pietro Degiovanni (INRIM Istituto Nazionale di Ricerca Metrologica); Cecilia Clivati (INRIM Istituto Nazionale di Ricerca Metrologica); Alice Meda (INRIM Istituto Nazionale di Ricerca Metrologica); Simone Donadello (INRIM Istituto Nazionale di Ricerca Metrologica); Salvatore Virzi’ (INRIM Istituto Nazionale di Ricerca Metrologica); Marco Genovese (INRIM Istituto Nazionale di Ricerca Metrologica); Filippo Levi (INRIM Istituto Nazionale di Ricerca Metrologica); Alberto Mura (INRIM Istituto Nazionale di Ricerca Metrologica); Davide Calonico (INRIM Istituto Nazionale di Ricerca Metrologica); Mirko Pittaluga (Toshiba Europe Ltd, Cambridge, U.K.); Zhiliang Yuan (Toshiba Europe Ltd, Cambridge, U.K.); Andrew Shields (Toshiba Europe Ltd, Cambridge, U.K.); Marco Lucamarini (University of York)[abstract]
**Abstract:**Quantum key distribution (QKD) ensures the sharing of secret cryptographic keys between distant entities (typically called Alice and Bob), whose intrinsic security is guaranteed by the laws of nature [1–3]. Besides pioneering experiments involving satellite transmission [4], the challenge is the integration of this technology in telecommunication fiber networks, in particular in long haul segments [5–11]. The longest achievable communication distance is limited by the channel loss which increases exponentially with the fiber length and noise in the deployed single photon detector. The secure QKD key rate decreases exponentially with the channel fiber length. Although the communication distance could be extended using quantum repeaters, the related research is still at a proof-of-principle level [12]. Presently the widely adopted solution is the exploitation of trusted nodes, whose security represents however a significant technical issue. An innovative approach that overcomes, at least partially, the need for trusted node is represented by the recently proposed QKD protocol dubbed twin-field QKD (TF-QKD) [13]. In TF-QKD, the information is encoded on dim laser pulses generated at distant Alice and Bob terminals and sent through optical fiber over half of the entire communication distance to the central node, Charlie, where they interfere. For this reason, the TF-QKD has weaker dependence on channel losses, essentially doubling the communication distance with respect to the conventional prepare-and-measure QKD solution. TF-QKDhas been proved secure against general attacks (see e.g. [14–18]), but its implementation is challenging as the optical pulses sent by Alice and Bob are required to be phase-coherent and preserve coherence when reaching Charlie after travelling the long fiber paths. While phase coherence can be achieved by phase-locking the two QKD lasers in Alice and Bob to a common reference laser transmitted through a service channel, uncorrelated phase changes due to the length and refractive index fluctuations in the long optical fibers still remain and will reduce the visibility of the interference measurement. In the TF-QKD proof-of-principle experiments [19–26], this effect was mitigated by interleaving the QKD frames with classical transmission frames that were used to periodically realign the phases of interfering pulses. Here we present an alternative solution derived from the metrological research community, more precisely from atomic clocks comparison technology. Specifically, transmission of coherent laser radiation over thousand-kilometer-long fibers is exploited for the comparison of distant atomic clocks at the highest accuracy [27–32]. In this case phase fluctuations in long fiber also need to be addressed, othewise they would substantially degrade the comparison results. Precise comparison among these atomic clocks are made possible by the use of ultra-stable lasers and the active cancellation of the noise introduced by connecting fibers. Here we demonstrate that this technique can be successfully adapted into a TF-QKD setup. More specifically, we designed and developed an apparatus suitable for actively cancelling phase fluctuations of both the lasers and of the connecting fibers in a TF-QKD setup. This is achieved by transmitting an additional sensing laser light at a slightly different wavelength in the same fiber as the QKD dim pulses. In Charlie, this sensing laser is used for the fiber optical length stabilisation. We show that this multiplexed solution can be properly tuned in order to avoid a sizeable impact on the number of background photons observed by the single-photon detectors in the QKD channels, allowing simultaneous key streaming and channels stabilization, ensuring longer duty-cycles of the QKD process and a tighter control of the optical phase on long-haul deployed fibers. Furthermore, we tested our solution in a real-world network where the net losses between Alice and Bob are as high as 65 dB, resulting here in a distance of 206 km, or equivalent at 325 km on a fiber haul at common nominal losses of 0.2 dB/km [33]. References [1] Bennett, C. H. & Brassard, G. Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014). [2] Scarani, V. et al. The security of practical quantum key distribution. Rev. Mod. Phys. 81, 1301 (2009). [3] Kwong Lo, H., Curty, M. & Tamaki, K. Secure quantum key distribution. Nature Photonics 8, 595-604 (2014). [4] Liao, S-K., Cai, W-Q., Pan, J-W. Satellite-to-ground quantum key distribution, Nature 549, 43-47 (2017) [5] Peev, M. et al. The SECOQC quantum key distribution network in Vienna, New J. Phys. 11, 075001 (2009). [6] Sasaki, M. et al. Field test of quantum key distribution in the Tokyo QKD Network. Opt. Expr. 19, 10387 (2011). [7] Dynes, J. F. et al. Cambridge quantum network. npj Quantum Inf. 5, 101 (2019). [8] Shimizu K., et al. Performance of long-distance quantum key distribution over 90-km optical links installed in a field environment of Tokyo metropolitan area. J. Lightwave Technol. 32,, 141-51 (2014). [9] Bacco, D. et al. Field trial of a three-state quantum key distribution scheme in the Florence metropolitan area. EPJ Quantum Technol.6, 5 (2019). [10] Choi, I. et al. Field trial of a quantum secured 10 Gb/s DWDM transmission system over a single installed fiber. Opt. Expr 22, 23121-23128 (2014). [11] Dixon, A. R. et al. Quantum key distribution with hacking countermeasures and long term field trial, Sci. Rep. 7, 7583 (2017). [12] Xu, F., Ma, X., Zhang, Q., Lo, H-K. & Pan, J-W. Secure quantum key distribution with realistic devices. Rev. Mod. Phys. 92, 025002 (2020) [13] Lucamarini, M., Yuan, Z. L., Dynes, J. F., Shields, A. J. Overcoming the rate-distance limit of quantum key distribution without quantum repeaters. Nature 557, 400-403 (2018). [14] Ma, X. Zeng, P., & Zhou, H. Phase-Matching Quantum Key Distribution. Phys. Rev. X 8, 031043 (2018). [15] Wang, X-B., Yu, Z-W. & Hu, X-L. Twin-field quantum key distribution with large misalignment error. Phys. Rev. A 98, 062323 (2018). [16] Lin J. & Lutkenhaus, N. Simple security analysis of phase-matching measurement-device-independent quantum key distribution. Phys. Rev. A 98, 042332 (2018); [17] Curty, M., Azuma, K. & Lo, H.-K. Simple security proof of twin-field type quantum key distribution protocol. npj Quantum Inf. 5, 64 (2019) [18] Yin, H-L. & Chen, Z-B. Finite-key analysis for twin-field quantum key distribution with composable security, Sci Rep. 9, 17113 (2019). [19] Wang, S. et al. Beating the Fundamental Rate-Distance Limit in a Proof-of-Principle Quantum Key Distribution System. Phys. Rev. X 9, 021046 (2019) [20] Minder, M. et al. Experimental quantum key distribution beyond the repeaterless secret key capacity. Nature Photon. 13, 334-338 (2019) [21] X. Zhong, Hu, J., Curty, M., Qian, L. & Lo, H-K. Proof-of-Principle Experimental Demonstration of Twin-Field Type Quantum Key Distribution. Phys. Rev. Lett. 123, 100506 (2019) [22] Chen, J-P. et al. Sending-or-Not-Sending with Independent Lasers: Secure Twin-Field Quantum Key Distribution over 509 km. Phys. Rev. Lett. 124, 070501 (2020). [23] Fang, X-T., et al. Implementation of quantum key distribution surpassing the linear rate transmittance bound. Nature Photon 14, 422-425 (2020). [24] Pittaluga M, et al., 600 km repeater-like quantum communications with dual-band stabilisation, arXiv:2012.15099 (2020) [25] Hui Liu et al., Field Test of Twin-Field Quantum Key Distribution through Sending-or-Not-Sending over 428 km, arXiv:2101.00276 (2021) [26] Jiu-Peng Chen et al., Twin-Field Quantum Key Distribution over 511 km Optical Fiber Linking two Distant Metropolitans, arXiv:2102.00433 (2021) [27] Clivati, C. et al. Optical frequency transfer over submarine fiber links. Optica 5, 893 (2018). [28] Clivati, C. et al. Common-clock very long baseline interferometry using a coherent optical fiber link. Optica 7, 1031-1037 (2020) [29] Grotti, J. et al. Geodesy and metrology with a transportable optical clock. Nature Physics 14, 437-441 (2018). [30] Lisdat, C. et al. A clock network for geodesy and fundamental science. Nat.Comm. 7, 12443 (2016). [31] Delva, P. et al. Test of Special Relativity Using a Fiber Network of Optical Clocks, Phys. Rev. Lett. 118, 221102 (2017). [32] Guena, J. First international comparison of fountain primary frequency standards via a long distance optical fiber link. Metrologia 54, 348 (2017). [33] Clivati, C. et al. Coherent phase transfer for real-world twin-field quantum key distribution, arXiv:2012.15199 (2021) - Thermal State Quantum Key DistributionAdam Walton (University of Leeds); Benjamin Varcoe (University of Leeds); David Jennings (University of Leeds); Anne Ghesquière (University of Leeds)[abstract]
**Abstract:**A central broadcast Quantum Key Distribution protocol employs a thermal source to produce a secret key between Alice and Bob in the presence of an eavesdropper, Eve. Intensity correlations arising due to the Hanbury Brown and Twiss effect are used to produce correlated strings of quadrature measurements between each party, which may then be converted into bit strings. Using analytic methods, as well as through Monte Carlo simulations, we find that the correlations survive a series of beam splitters, and that the bit strings produced are suitable for distilling into a shared key. As thermal sources are already regularly used in modern communications equipment, this may allow quantum key distribution to be performed without using specialist equipment, with future work focusing on experimental implementations of the protocol in the microwave region. - Practical Semi-Device Independent Randomness Generation Based on Quantum State's IndistinguishabilityHamid Tebyanian (University of Padova); Mujtaba Zahidy (University of Padova); Marco Avesani (University of Padova); Andrea Stanco (University of Padova); Paolo Villoresi (University of Padova); Giuseppe Vallone (University of Padova)[abstract]
**Abstract:**Semi-device independent (Semi-DI) quantum random number generators (QRNG) gained attention for security applications, offering an excellent trade-off between security and generation rate. This paper presents a proof-of-principle time-bin encoding semi-DI QRNG experiments based on a prepare-and-measure scheme. The protocol requires two simple assumptions and a measurable condition: an upper-bound on the prepared pulses' energy. We lower-bound the conditional min-entropy from the energy-bound and the input-output correlation, determining the amount of genuine randomness that can be certified. Moreover, we present a generalized optimization problem for bounding the min-entropy in the case of multiple input and outcomes, in the form of a semidefinite program (SDP). The protocol is tested with a simple experimental setup, capable of realizing two configurations for the ternary time-bin encoding scheme. The experimental setup is easy-to-implement and comprises commercially available off-the-shelf (COTS) components at the telecom wavelength, granting a secure and certifiable entropy source. The combination of ease-of-implementation, scalability, high security level and output-entropy, make our system a promising candidate for commercial QRNGs. - Resource-efficient energy test and parameter estimation in continuous-variable quantum key distributionCosmo Lupo (University of Sheffield)[abstract]
**Abstract:**Symmetry plays a fundamental role in the security analysis of quantum key distribution (QKD). Here we review how symmetry is exploited in continuous-variable (CV) QKD to prove the optimality of Gaussian attacks in the finite-size regime. We then apply these results to improve the efficiency, and thus the key rate, of these protocols. First we show how to improve the efficiency and practicality of the energy test, which is one important routine aimed at establishing an upper bound on the effective dimensions of the otherwise infinite-dimensional Hilbert space of CV systems. Second, we show how the routine of parameter estimation can be made resource efficient in measurement-device independent (MDI) QKD. These results show that all the raw data can be used both for key extraction and for the routines of energy test and parameter estimation. Furthermore, the improved energy test does not require active symmetrization of the measured data, which can be computationally demanding. - Improved analytical bounds on delivery times of long-distance entanglementTim Coopmans (QuTech (Delft University of Technology)); Sebastiaan Brand (Leiden University); David Elkouss (QuTech (Delft University of Technology))[abstract]
**Abstract:**The fundamental distance limit for quantum key distribution due to photon loss can be overcome by intermediate nodes called quantum repeaters. We provide analytical bounds on the mean and quantiles of the entanglement delivery time for a very general class of repeater schemes, which significantly improve upon existing work. Our bounds enable the analytical assessment of repeater in the presence of time-dependent noise, such as imperfect memories, and are useful for the design and analysis of network sizes beyond the reach of numerics. - The “quantum annoying” property of password-authenticated key exchange protocolsEdward Eaton (University of Waterloo); Douglas Stebila (University of Waterloo)[abstract]
**Abstract:**During the Crypto Forum Research Group (CFRG)'s standardization of password-authenticated key exchange (PAKE) protocols, a novel property emerged: a PAKE scheme is said to be ``quantum-annoying'' if a quantum computer can compromise the security of the scheme, but only by solving one discrete logarithm for each guess of a password. Considering that early quantum computers will likely take quite long to solve even a single discrete logarithm, a quantum-annoying PAKE, combined with a large password space, could delay the need for a post-quantum replacement by years, or even decades. In this paper, we make the first steps towards formalizing the quantum-annoying property. We consider a classical adversary in an extension of the generic group model in which the adversary has access to an oracle that solves discrete logarithms. While this idealized model does not fully capture the range of operations available to an adversary with a general-purpose quantum computer, this model does allow us to quantify security in terms of the number of discrete logarithms solved. We apply this approach to the CPace protocol, a balanced PAKE advancing through the CFRG standardization process, and show that the CPaceBase variant is secure in the generic group model with a discrete logarithm oracle. - Quantum key distribution over quantum repeaters with encodingYumang Jing (University of Leeds); Mohsen Razavi (University of Leeds)[abstract]
**Abstract:**We study the implementation of quantum-key-distribution (QKD) systems over quantum-repeater infrastructures. We particularly consider quantum repeaters with encoding and compare them with probabilistic quantum repeaters. To that end, we propose two decoder structures for encoded repeaters that not only improve system performance but also make the implementation aspects easier by removing two-qubit gates from the QKD decoder. By developing several scalable numerical and analytical techniques, we then identify the resilience of the setup to various sources of error in gates, measurement modules, and initialization of the setup. We apply our techniques to three- and five-qubit repetition codes and obtain the normalized secret key generation rate per memory per second for encoded and probabilistic quantum repeaters. We quantify the regimes of operation, where one class of repeater outperforms the other, and find that there are feasible regimes of operation where encoded repeaters—based on simple three-qubit repetition codes—could offer practical advantages. - Metrology for Quantum Communication: results and perspectives in the context of the EURAMET European Metrology Network for Quantum TechnologiesMarco Gramegna (INRIM | EMN-Q); Ivo Pietro Degiovanni (INRIM Istituto Nazionale di Ricerca Metrologica)[abstract]
**Abstract:**The second quantum revolution is underway and the deployment of Quantum Technologies (QT) keeps pace with it. This technological paradigm-switch creates opportunities and challenges for industry, innovation and society. Several large companies, as well as start-ups, have started to develop and engineer quantum devices or begun to integrate them into their products: the commercial success of QT, together with progress in research and development, relies on certification and reliability built upon internationally agreed standards and metrological traceability. In this scenario, a group of European National Metrology Institutes (NMIs) and Delegated Institutes (DIs) have recently created a European Metrology Network for Quantum Technologies (EMN-Q) under the auspices of EURAMET, the European association of NMIs and the regional metrology organisation (RMO) of Europe. In this talk, a short overview of the EMN-Q organization will be provided, together with a report about the current status of the Strategic Research Agenda and on the Technological Roadmaps. Afterwards, the discussion will be focused on QKD and how the EMN-Q has started to answer to the metrology needs of the QKD community. - A Unified Framework For Quantum UnforgeabilityMina Doosti (University of Edinburgh); Mahshid Delavar (University of Edinburgh); Elham Kashefi (University of Edinburgh, CNRS, Sorbonne University); Myrto Arapinis (University of Edinburgh)[abstract]
**Abstract:**In this paper, we continue the line of work initiated by Boneh and Zhandry at CRYPTO 2013 and EUROCRYPT 2013 in which they formally define the notion of unforgeability against quantum adversaries. We develop a general and parameterised quantum game-based security model unifying unforgeability for both classical and quantum constructions allowing us for the first time to present a complete quantum cryptanalysis framework for unforgeability. In particular, we prove how our definitions subsume previous ones while considering more fine-grained adversarial models, capturing the full spectrum of superposition attacks. The subtlety here resides in the characterisation of a forgery. We show that the strongest level of unforgeability in our framework, namely existential unforgeability, can only be achieved if only orthogonal to previously queried messages are considered to be forgeries. We further show that deterministic constructions can only achieve the weaker notion of unforgeability, that is selective unforgeability, against such adversaries, but that selective unforgeability breaks if more general quantum adversaries (capable of general superposition attacks) are considered. On the other hand, we show that PRF is sufficient for constructing a selective unforgeable classical primitive against full quantum adversaries. Moreover, we show similar positive results relying on Pseudorandom Unitaries (PRU) for quantum primitives. \\ These results demonstrate the generality of our framework that could be applicable to other primitives beyond the cases analysed in this paper. - Fidelity Bounds for Device-Independent Advantage DistillationThomas Hahn (ETH Zürich); Ernest Y.-Z. Tan (ETH Zürich)[abstract]
**Abstract:**It is known that advantage distillation (that is, information reconciliation using two-way communication) improves noise tolerances for quantum key distribution (QKD) setups. Two-way communication is hence also of interest in the device-independent case, where noise tolerance bounds for one-way error correction are currently too low to be experimentally feasible. Existing security proofs for device-independent advantage distillation rely on fidelity-related security conditions, but previous bounds on the fidelity were not tight. We improve on those results by developing an algorithm that returns arbitrarily tight lower bounds on the fidelity. Our results give new insight on how strong the fidelity-related security conditions are. Finally, we conjecture a necessary security condition that naturally complements the existing sufficient conditions. - Catalytic EntanglementTulja Varun Kondra (Centre for Quantum Optical Technologies, Centre of New Technologies, University of Warsaw); Chandan Datta (Centre for Quantum Optical Technologies, Centre of New Technologies, University of Warsaw); Alexander Streltsov (Centre for Quantum Optical Technologies, Centre of New Technologies, University of Warsaw)[abstract]
**Abstract:**Quantum entanglement of pure states is usually quantified via the entanglement entropy, the von Neumann entropy of the reduced state. Entanglement entropy is closely related to entanglement distillation, a process for converting quantum states into singlets, which can then be used for various quantum technological tasks. The relation between entanglement entropy and entanglement distillation has been known only for the asymptotic setting, and the meaning of entanglement entropy in the single- copy regime has so far remained open. Here we close this gap by considering entanglement catalysis. We prove that entanglement entropy completely characterizes state transformations in the presence of entangled catalysts. Our results suggest that catalysis is useful for a broad range of quantum information protocols, giving asymptotic results an operational meaning also in the single-copy setup. - Quantum Keyless Private Communication vs. Quantum Key Distribution for Space LinksAngeles Vazquez-Castro (Autonomous University of Barcelona and Centre for Space Research (CERES) of Institut d’Estudis Espacials de Catalunya (IEEC-UAB)); Davide Rusca (Group of Applied Physics, Univ. of Geneva); Hugo Zbinden (Group of Applied Physics, Univ. of Geneva)[abstract]
**Abstract:**We study information theoretical security for space links between a satellite and a ground-station. Quantum key distribution (QKD) is a well established method for information theoretical secure communication, giving the eavesdropper unlimited access to the channel and technological resources only limited by the laws of quantum physics. But QKD for space links is extremely challenging, the achieved key rates are extremely low, and day-time operating impossible. However, eavesdropping on a channel in free-space without being noticed seems complicated, given the constraints imposed by orbital mechanics. If we also exclude eavesdropper's presence in a given area around the emitter and receiver, we can guarantee that he has only access to a fraction of the optical signal. In this setting, quantum keyless private (direct) communication based on the wiretap channel model is a valid alternative to provide information theoretical security. Like for QKD, we assume the legitimate users to be limited by state-of-the-art technology, while the potential eavesdropper is only limited by physical laws: either by specifying her detection strategy (Helstrom detector) or by bounding her knowledge, assuming the most powerful strategy through the Holevo information. Nevertheless, we demonstrate information theoretical secure communication rates (positive keyless private capacity) over a classical-quantum wiretap channel using on-o-keying of coherent states. We present numerical results for a setting equivalent to the recent experiments with the Micius satellite and compare them to the fundamental limit for the secret key rate of QKD. We obtain much higher rates compared with QKD with exclusion area of less than 13 meters for Low Earth Orbit (LEO) satellites. Moreover, we show that the wiretap channel quantum keyless privacy is much less sensitive to noise and signal dynamics and daytime operation is possible. - Limitations on Uncloneable Encryption and Simultaneous One-Way-to-HidingChristian Majenz (CWI, QuSoft); Christian Schaffner (University of Amsterdam, QuSoft); Mehrdad Tahmasbi (University of Amsterdam, QuSoft)[abstract]
**Abstract:**We study uncloneable quantum encryption schemes for classical messages as recently proposed by Broadbent and Lord. We focus on the information-theoretic setting and give several limitations on the structure and security of these schemes: Concretely, 1) We give an explicit cloning-indistinguishable attack that succeeds with probability 12+μ/16 where μ is related to the largest eigenvalue of the resulting quantum ciphertexts. 2) The *simultaneous* one-way-to-hiding (O2H) lemma is an important technique in recent works on uncloneable encryption and quantum copy protection. We give an explicit example which shatters the hope of reducing the multiplicative "security loss" constant in this lemma to below 9/8. 3) For a uniform message distribution, we partially characterize the scheme with the minimal success probability for cloning attacks. 4) Under natural symmetry conditions, we prove that the rank of the ciphertext density operators has to grow at least logarithmically in the number of messages to ensure uncloneable security. - A resource-effective QKD field-trial in Padua with the iPOGNAC encoderMarco Avesani (Università degli Studi di Padova); Luca Calderaro (Università degli Studi di Padova); Giulio Foletto (Università degli Studi di Padova); Costantino Agnesi (Università degli Studi di Padova); Francesco Picciariello (Università degli Studi di Padova); Francesco Santagiustina (Università degli Studi di Padova); Alessia Scriminich (Università degli Studi di Padova); Andrea Stanco (Università degli Studi di Padova); Francesco Vedovato (Università degli Studi di Padova); Mujtaba Zahidy (Università degli Studi di Padova); Giuseppe Vallone (Università degli Studi di Padova); Paolo Villoresi (Università degli Studi di Padova)[abstract]
**Abstract:**We describe a QKD field trial running on urban fibers deployed in Padua, Italy. This is the first validation outside of the laboratory environment of a new low-error and calibration-free polarization encoder, called iPOGNAC, which we also present here. Our system is resource- and cost-effective, and can be installed quickly in an existing fiber network. - Education aspects to create QKD industryYury Kurochkin (Russian Quantum Center); Vadim Rodimin (QRate); Vladimir Kurochkin (National University of Science and Technology MISiS); Evgeniy Krivoshein (QRate)[abstract]
**Abstract:**QKD is an emerging industry. Numbers of forecasts indicate rapid growth making it more and more affordable not only to large companies also with the use of service models. At the same time information security is very conservative industry. Digital information security specialists usually do not study quantum mechanics and it cause sense of magic dealing with QKD. The only way to close this gap is education. Most available education solutions focus its efforts on theoretical explanation. Meanwhile if we look at education of telecommunication industry specialists there are a lot of workshops dealing with signal processing equipment. In this work we want to share our experience of creating new competence on World Skills specialists competition. We believe that explanation of QKD via workshops where students can touch by hands optics, electronics and software can change specialist perception from magic to telecommunication equipment. - Quantum-access security of the Winternitz one-time signature schemeChristian Majenz (Centrum Wiskunde & Informatica, QuSoft); Chanelle Matadah Manfouo (African Institute for Mathematical Science & Quantum Leap Africa, Rwanda); Maris Ozols (University of Amsterdam and QuSoft)[abstract]
**Abstract:**Quantum-access security, where an attacker is granted superposition access to secret-keyed functionalities, is a fundamental security model and its study has inspired results in post-quantum security. We revisit, and fill a gap in, the quantum-access security analysis of the Lamport one-time signature scheme (OTS) in the quantum random oracle model (QROM) by Alagic et al. (Eurocrypt 2020). We then go on to generalize the technique to the Winternitz OTS. Along the way, we develop a tool for the analysis of hash chains in the QROM based on the superposition oracle technique by Zhandry (Crypto 2019) which might be of independent interest. - Fading channel estimation for free-space continuous-variable secure quantum communicationLászló Ruppert (Palacky University Olomouc); Christian Peuntinger (Max-Planck-Institut für die Physik des Lichts); Bettina Heim (Max-Planck-Institut für die Physik des Lichts); Kevin Günthner (Max-Planck-Institut für die Physik des Lichts); Vladyslav C. Usenko (Palacky University Olomouc); Dominique Elser (Max-Planck-Institut für die Physik des Lichts); Gerd Leuchs (Max-Planck-Institut für die Physik des Lichts); Radim Filip (Palacky University Olomouc); Christoph Marquardt (Max-Planck-Institut für die Physik des Lichts)[abstract]
**Abstract:**We investigate estimation of fluctuating channels and its effect on security of continuous-variable quantum key distribution. We propose a novel estimation scheme which is based on the clusterization of the estimated transmittance data. We show that uncertainty about whether the transmittance is fixed or not results in a lower key rate. However, if the total number of measurements is large, one can obtain using our method a key rate similar to the non-fluctuating channel even for highly fluctuating channels. We also verify our theoretical assumptions using experimental data from an atmospheric quantum channel. Our method is therefore promising for secure quantum communication over strongly fluctuating turbulent atmospheric channels. - Robust Self Testing of All Pure Bipartite Maximally Entangled States via Quantum SteeringHarshank Shrotriya (Centre for Quantum Technologies, NUS); Kishor Bharti (Centre for Quantum Technologies, NUS); Leong-Chuan Kwek (Centre for Quantum Technologies, NUS)[abstract]
**Abstract:**The idea of self-testing is to render guarantees concerning the inner workings of a device based on the measurement statistics. It is one of the most formidable quantum certification and benchmarking schemes. Here, we have shown that any bipartite pure entangled state can be self-tested through Quantum Steering. Analogous to the tilted CHSH inequality, we use a steering inequality called Tilted Steering Inequality for self-testing any pure two-qubit entangled state. We have further used this inequality to self-test any bipartite pure entangled state by certifying two-dimensional sub-spaces of the qudit state by observing the structure of the set of assemblages obtained on the trusted side after measurements are made on the un-trusted side. Finally, as a novel feature of self testing via steering, we use the notion of Assemblage based Robust Self Testing to provide robustness bounds for the self testing result in the case of pure maximally entangled states of any local dimension. - Fully device-independent quantum key distribution using synchronous correlationsNishant Rodrigues (University of Maryland); Brad Lackey (Microsoft Quantum)[abstract]
**Abstract:**We derive a device-independent quantum key distribution protocol based on synchronous correlations and their Bell inequalities. This protocol offers several advantages over other device-independent schemes including symmetry between the two users and no need for preshared randomness. We close a "synchronicity" loophole by showing an almost synchronous correlation inherits the self-testing property of the associated synchronous correlation. We also pose a new security assumption that closes the "locality" (or "causality") loophole: an unbounded adversary with even a small uncertainty about the users' choice of measurement bases cannot produce any almost synchronous correlation that approximately maximally violates a synchronous Bell inequality. - Experiment on scalable multi-user Sagnac twin-field quantum key distribution networkXiaoqing Zhong (University of Toronro); Wenyuan Wang (University of Toronto); Reem Mandil (University of Toronto); Li Qian (University of Toronto); Hoi-Kwong Lo (University of Toronto; University of Hong Kong)[abstract]
**Abstract:**Twin-field quantum key distribution (TFQKD) systems have shown great promise for implementing practical long-distance secure quantum communication due to its measurement-device-independent nature and its ability to offer fundamentally superior rate-loss scaling than conventional point-to-point QKD systems. A surge of research has produced many variants of protocols and experimental demonstrations. To make TFQKD more applicable in quantum communication, a study of TFQKD in a networking setting is essential. In this work, we experimentally demonstrate a proof-of-principle Sagnac-interferometer based TFQKD network with three users and one untrusted central node. We show that our network enables users to share secure keys with channel losses up to 58dB, and channel loss asymmetric up to 15dB. In some cases, the secure key rates still beat the rate-loss bounds for conventional point-to-point repeaterless QKD systems. It is to our knowledge the first multi-user-pair TFQKD network demonstration, an important step in advancing quantum communication network technologies. - Measurement device-independent quantum key distribution with time-dependent source side-channelsAmita Gnanapandithan (University of Toronto); Eli Bourassa (University of Toronto); Li Qian (University of Toronto); Hoi-Kwong Lo (University of Toronto)[abstract]
**Abstract:**We identify a time-dependent passive source side-channel in common measurement-device-independent quantum key distribution implementations that rely on Faraday mirrors for stable phase modulation. We model the time-dependence of the side channel and use this information in conjunction with a recently developed numerical security proof technique based on semidefinite programming to quantify the impact on the secure key rate of the protocol. We explore the sensitivity of security to the parameters of the side channel and the choice of model for the signal. - A framework for efficient entanglement distribution with cavity QED systemsSachi Tamechika (NTT Secure Platform Laboratories); Yasunari Suzuki (NTT Secure Platform Laboratories); Yuuki Tokunaga (NTT Secure Platform Laboratories); Takao Aoki (Department of Applied Physics, Waseda University)[abstract]
**Abstract:**To demonstrate quantum protocols on a global scale, a quantum repeater is a vital technology to improve the efficiency of entanglement distribution. Entanglement distribution consists of two steps; share entanglements between neighboring quantum repeaters, and perform entanglement distillation and swapping. In this paper, we propose a framework for the first step, efficient Bell measurement between adjacent quantum repeaters, using quantum memories based on cavity quantum electrodynamics (QED) systems. Our framework maximizes a distillable entanglement rate of the protocol by optimizing the parameters of a cavity QED system and pulse length of photons according to the number of available memories at repeater nodes. We demonstrate our theory with a nanofiber cavity QED system with trapped atoms, which is one of the most promising quantum devices for the quantum network. We show that with practical parameters, Bell measurements with quantum memories can outperform those without memories, and we show several trade-off relations between accessible parameters in experiments. Our results extend the limits of entanglement distribution with quantum repeaters using available technology, and reveal that the multiplexing of the cavity QED systems is effective for improving the performance of entanglement distribution. - Towards experimental implementation of symmetric private information retrieval with measurement-device-independent quantum networkChao Wang (National University of Singapore); Wen Yu Kon (National University of Singapore); Charles Lim (National University of Singapore)[abstract]
**Abstract:**Quantum key distribution (QKD) provides a practical method for distant parties to establish identical and secret keys. However, how quantum technologies can be practically used to protect user privacy with provable security remains an open question. Here, we report the first steps of our efforts to experimentally implement a symmetric private information retrieval (SPIR) scheme with QKD keys for fingerprint data retrieval. In the QKD layer, a three-user Measurement-device-independent QKD network is utilised for secure key distribution among the enquirer and data centres. In the application layer, an information-theoretically secure SPIR protocol is implemented to ensure both the privacy of the enquirer and the security of the database. Preliminary experimental results of the MDI QKD network implementation is presented, and simulations of the SPIR+QKD performance are also shown based on the experimental characterisation data. - Practical Quantum Cryptanalysis by Variational Quantum CloningBrian Coyle (University of Edinburgh); Mina Doosti (University of Edinburgh); Elham Kashefi (University of Edinburgh, CNRS, LIP6, Sorbonne University); Niraj Kumar (University of Edinburgh)[abstract]
**Abstract:**Cryptanalysis of quantum cryptographic systems generally involves finding optimal adversarial attack strategies on the underlying protocols. The core principle of modeling quantum attacks often reduces to the ability of the adversary to clone unknown quantum states and to extract thereby meaningful secret information. Explicit optimal attack strategies typically require high computational resources due to large circuit depths or, in many cases, are unknown. Here we introduce variational quantum cloning (VarQlone), a cryptanalysis algorithm based on quantum machine learning, which allows an adversary to obtain optimal approximate cloning strategies with short depth quantum circuits, trained using hybrid classical-quantum techniques. The algorithm contains operationally meaningful cost functions with theoretical guarantees, quantum circuit structure learning and gradient-descent-based optimization. Our approach enables the end-to-end discovery of hardware-efficient quantum circuits to clone specific families of quantum states, which we demonstrate in implementation on the Rigetti Aspen quantum hardware. We connect these results to quantum cryptographic primitives and derive explicit attacks facilitated by VarQlone. We expect that quantum machine learning will serve as a resource for improving attacks on current and future quantum cryptographic protocols. - Generalised Decoy-State Scheme for Rigorous Characterization of Single-Photon DetectorsGong Zhang (National University of Singapore); Haibo Wang (National University of Singapore); Jishen Zhang (National University of Singapore); Chao Wang (National University of Singapore); Haiwen Xu (National University of Singapore); Yan Liang (University of Shanghai for Science and Technology); Charles Ci-Wen Lim (National University of Singapore); Xiao Gong (National University of Singapore)[abstract]
**Abstract:**Characterizing the single-photon detection efficiency (SPDE) of a single-photon detector (SPD) is an essential but nontrivial task for various applications. Conventional methods require detailed detector models to calculate the estimated SPDE, which are not always available. In this work, a generalized method based on decoy-state for accurate characterization of SPDs is proposed and experimentally demonstrated. This work provides a new toolbox for rigorous SPD characterization with relaxed assumptions on the detector model, opening new possibilities in device calibration standards and quantum information applications. - Secure Two-Party Quantum Computation Over Classical ChannelsMichele Ciampi (The University of Edinburgh); Alexandru Cojocaru (Inria); Elham Kashefi (The University of Edinburgh and Sorbonne Universite); Atul Mantri (University of Maryland)[abstract]
**Abstract:**Secure two-party computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output of the computation. In this work, we take the first steps towards understanding the setting where: 1) the two parties (Alice and Bob) can communicate only via a classical channel, 2) the input of Bob is quantum and 3) the input of Alice is classical. Our first result indicates that in this setting it is in general impossible to realize a two-party quantum functionality with black-box simulation in the case of malicious quantum adversaries. In particular, we show that the existence of a secure protocol that relies only on classical channels would contradict the quantum no-cloning argument. We circumvent this following three different approaches. The first is by considering a weaker security notion called one-sided simulation security. This notion protects the input of one party (the quantum Bob) in the standard simulation-based sense, and protects the privacy of the other party's input (the classical Alice). We realize our protocol relying on the learning with errors assumption. As a result, we put forward a first construction of secure one-sided quantum two-party computation over classical networks. The second way to circumvent the impossibility result, while at the same time providing standard simulation-based security also against Bob, is by assuming that the quantum input has an efficient classical representation. Finally, we focus our attention on the class of zero-knowledge functionalities, and provide a protocol for such a class for specific QMA relations. We note that the direct implication of our result is that Mahadev's protocol for classical verification of quantum computations (FOCS'18) can be turned into a zero-knowledge proof of quantum knowledge protocol with classical verifiers. To the best of our knowledge, we are the first to instantiate such a primitive. - Efficient Construction of Quantum Physical Unclonable Functions with Unitary t-designsNiraj Kumar (University of Edinburgh); Rawad Mezher (University of Edinburgh); Elham Kashefi (University of Edinburgh)[abstract]
**Abstract:**Quantum physical unclonable functions, or QPUFs, are rapidly emerging as theoretical hardware solutions to provide secure cryptographic functionalities such as key exchange, message authentication, entity identification among others. Recent works have shown that in order to provide provable security of these solutions against any quantum polynomial time adversary, QPUFs are required to be a unitary sampled uniformly randomly from the Haar measure. This however is known to require an exponential amount of resources. In this work, we propose an efficient construction of these devices using unitary t-designs, called QPUF_t. Along the way, we modify the existing security definitions of QPUFs to include efficient constructions and showcase that QPUF_t still retains the provable security guarantees against a bounded quantum polynomial adversary with t-query access to the device. This also provides the first use case of unitary t-design construction for arbitrary t, as opposed to previous applications of t-designs where usually a few (relatively low) values of t are known to be useful for performing some task. We study the noise-resilience of QPUF_t against specific types of noise, unitary noise, and show that some resilience can be achieved particularly when the error rates affecting individual qubits become smaller as the system size increases. To make the noise resilience more realistic and meaningful, we conclude that some notion of error mitigation or correction should be introduced. - Dense-wavelength division multiplexing of quantum and classical communication over a deployed fiber link enabled by up-conversion assisted detectorsIlaria Vagniluca (CNR - Istituto Nazionale di Ottica and University of Naples); Domenico Ribezzo (CNR - Istituto Nazionale di Ottica and University of Naples); Davide Bacco (Technical University of Denmark); Alessandro Zavatta (CNR - Istituto Nazionale di Ottica)[abstract]
**Abstract:**The coexistence of classical and quantum communication within the same fiber optics infrastructure is still an open challenge to be solved. In fact, most of the practical implementations of quantum key distribution (QKD) are accomplished by taking advantage of dark fiber channels, i.e. fiber-optics links totally dedicated to the transmission of quantum signals. This prevents the intense classical light to affect the qubit error rate, but strongly reduces the possibilities for a full deployment of QKD technologies in large-scale and realistic applications. Looking for a solution several approaches have been tested, generally based on multiplexing of different degrees of freedom of photons. In our work we combined a dense-wavelength-division-multiplexing scheme with two different home-made single photon detection stages able to convert C-band photons into photons detectable by a silicon photon counter, by exploiting sum-frequency-generation process in nonlinear crystals. We compared the results with an off-the-shelf InGaAs single-photon detector, equipping it with polarization and wavelength filters, that was tested under the same experimental conditions. Injecting an intense light laser into a different DWDM channel to simulate a real-worl QKD scenario, we demonstrated that our up-conversion based detector makes QKD feasible with a classical launch power of 4 dB higher than the one affordable by the InGaAs detector. This result paves the way to the employment of quantum communication in many realistic situations, by enabling the usage of already existing telecom infrastructures, where the noise levels are not manageable by current single photon avalanche detectors. - Quantum Measurement AdversaryDivesh Aggarwal (Centre for Quantum Technologies, National university of Singapore); Naresh Goud Boddu (Centre for Quantum Technologies, National university of Singapore); Rahul Jain (Centre for Quantum Technologies, National university of Singapore); Maciej Obremski (Centre for Quantum Technologies, National university of Singapore)[abstract]
**Abstract:**Multi-source-extractors are functions that extract uniform randomness from multiple (weak) sources of randomness. With the advent of quantum computers, it is natural to investigate the security of multi-source-extractors against adversaries with quantum side-information on the sources of randomness (potentially generated using quantum entanglement). Quantum multi- source-extractors were considered by Kasher and Kempe (for the quantum-independent- adversary and the quantum-bounded-storage-adversary), Chung, Li, and Wu (for the general- entangled-adversary), and Arnon-Friedman, Portmann, and Scholz (for the quantum-Markov- adversary). In this work, we propose two new models of adversaries, the quantum-measurement-adversary (qm-adv) and the quantum-communication-adversary (qc-adv). qm-adv generates side-information post-measurement outcomes and qc-adv generates side-information using a communication protocol. We show that: 1. qm-adv is the strongest adversary among all the known adversaries, in the sense that the side-information of all other adversaries can be generated by qm-adv. 2. The (generalized) inner-product function (in fact a general class of two-wise independent functions) continue to work as a good extractor against qm-adv (with matching parameters as that of Chor and Goldreich against classical-adversaries). 3. A non-malleable extractor proposed by Li (against classical-adversaries) continues to be secure against quantum side-information. A non-malleable extractor (nm-ext) for two sources (X, Y) is an extractor such that nm-ext(X, Y) is uniform and independent of nm-ext(X, Y')YY', where Y' is not equal to Y and Y' is generated by the adversary using Y and the side-information on X. 4. A modification (not needing any local uniform randomness) of the Dodis and Wich's protocol for privacy-amplification is secure against active quantum adversaries. This strengthens on a recent result due to Aggarwal, Chung, Lin, and Vidick which uses local uniform randomness. 5. As a byproduct, we reproduce the quantum communication complexity lower bound for the (generalized) inner-product function via different proof techniques. - Provably-secure quantum randomness expansion with untrusted homodyne detection secure against quantum side-informationIgnatius William Primaatmaja (Centre for Quantum Technologies); Jianran Zhang (National University of Singapore); Jing Yan Haw (National University of Singapore); Raymond Ho (National University of Singapore); Gong Zhang (National University of Singapore); Chao Wang (National University of Singapore); Charles Ci-Wen Lim (National University of Singapore)[abstract]
**Abstract:**Quantum random number generators (QRNGs) could generate numbers that are certifiably random even to a potential adversary who holds some side-information. However, many QRNGs require extremely precise characterisation of the source of the quantum states and the measurement apparatus. In this work, we propose a semi-device-independent QRNG protocol with untrusted homodyne detection. We show that our protocol is secure against quantum side-information, taking into account finite-size effects without making any assumption on the measurement device. - One-shot inner bounds for sending private classical information over a quantum MACSayantan Chakraborty (Tata Institute of Fundamental Research, Mumbai); Aditya Nema (Nagoya University); Pranab Sen (Tata Institute of Fundamental Research, Mumbai)[abstract]
**Abstract:**We provide the first inner bounds for sending private classical information over a quantum multiple access channel. We do so by using three powerful information theoretic techniques: rate splitting, quantum simultaneous decoding for multiple access channels, and a novel smoothed distributed covering lemma for classical quantum channels. Our inner bounds are given in the one shot setting and accordingly the three techniques used are all very recent ones specifically designed to work in this setting. The last technique is new to this work and is our main technical advancement. For the asymptotic iid setting, our one shot inner bounds lead to the natural quantum analogue of the best classical inner bounds for this problem. - Improved and Formal Proposal for Device Independent Quantum Private QueryJyotirmoy Basak (Indian Statistical Institute, Kolkata); Kaushik Chakraborty (The University of Edinburgh); Arpita Maitra (TCG Centre for Research and Education in Science and Technology, India); Subhamoy Maitra (Indian Statistical Institute, Kolkata)[abstract]
**Abstract:**We propose a novel Quantum Private Query (QPQ) scheme using EPR-pairs with full Device Independent (DI) certification. To the best of our knowledge, this is the first time we provide such a full DI-QPQ protocol. Our proposed scheme exploits self-testing of shared EPR-pairs along with the self testing of projective measurement operators in a setting where the parties don't trust each other. To certify full DI, our scheme also exploits a technique to self-test a particular class of POVM elements that are used in the protocol. This makes the DI-testing of this proposed scheme slightly different from the traditional DI-QKD scheme. Further, we provide formal security analysis and obtain an upper bound on the maximum cheating probabilities for both dishonest client as well as dishonest server. - Refined finite-size security analysis of discrete-modulation continuous variable quantum key distribution based on reverse reconciliationTakaya Matsuura (The University of Tokyo); Shinichiro Yamano (The University of Tokyo); Yui Kuramochi (The University of Tokyo); Toshihiko Sasaki (The University of Tokyo); Masato Koashi (The University of Tokyo)[abstract]
**Abstract:**The finite-size security of a discrete-modulation continuous variable (CV) quantum key distribution (QKD) protocol was recently reported, but the obtained key rate of the protocol was low compared to the recent asymptotic analyses. In this work, we significantly improve the performance of the protocol by refining the finite-size security analysis based on a reverse reconciliation. The idea of the refinement is motivated by the recently established equivalence of the privacy amplification and the phase error correction. Our refined analysis is a step towards complete security proof of high-performance discrete-modulation CV QKD. - New Protocols and Ideas Towards Practical Quantum Position VerificationRene Allerstorfer (QuSoft/CWI); Harry Buhrman (QuSoft/CWI); Florian Speelman (QuSoft and University of Amsterdam); Philip Verduyn Lunel (QuSoft/CWI)[abstract]
**Abstract:**In this work, we study loss-tolerant quantum position verification (QPV) protocols. We propose a new fully loss-tolerant protocol, based on the SWAP test, with several desirable properties. The task of the protocol, which can be implemented using only a single beam splitter and two detectors, is to estimate the overlap between two input states. By formulating possible attacks as a semi-definite program (SDP), we prove full loss tolerance against unentangled attackers restricted to local operations and classical communication (LOCC), and additionally show that the attack probability decays exponentially under parallel repetition of rounds. Furthermore, we investigate the role of loss and quantum communication attacks in QPV in general. A protocol that is provably secure against unentangled attackers restricted to LOCC, but can be perfectly attacked by local operations and a single round of simultaneous quantum communication, is constructed. However, we show that any protocol secure against classical communication can be transformed into a protocol secure against quantum communication. Finally, we observe that any QPV protocol can be attacked with a linear amount of entanglement if the loss is high enough. - Routing Strategies for Multiplexed, High-Fidelity Quantum NetworksYuan Lee (Massachusetts Institute of Technology); Eric Bersin (Massachusetts Institute of Technology); Wenhan Dai (Massachusetts Institute of Technology); Dirk Englund (Massachusetts Institute of Technology)[abstract]
**Abstract:**We recently introduced a "quantum router" architecture that improves entanglement fidelities in chains of multiplexed repeaters. Here, we address local entanglement routing across general network graphs of routers to optimize entanglement rates and fidelities. Our proposed routing strategy achieves close-to-optimal rates in the limit of high multiplexing. - Open Source LDPC-based error correctionAdomas Baliuka (LMU Munich, Munich Center for Quantum Science and Technology); Elsa Dupraz (IMT Atlantique); Harald Weinfurter (LMU Munich, Munich Center for Quantum Science and Technology, Max Planck Institute of Quantum Optics)[abstract]
**Abstract:**Error correction is an essential step in the classical post-processing of all quantum key distribution (QKD) protocols. We present error correction methods optimized for discrete variable (DV) QKD and make them freely available as an ongoing open-source project (github.com/XQP-Munich/LDPC4QKD). Our methods are based on irregular quasi-cyclic (QC) low density parity check (LDPC) codes and state-of-the-art rate adaption techniques. - Tight finite-key analysis for RRDPS protocolHang Liu (University of Science and Technology of China); Zhen-Qiang Yin (University of Science and Technology of China); Rong Wang (University of Science and Technology of China); Ze-Hao Wang (University of Science and Technology of China); Shuang Wang (University of Science and Technology of China); Wei Chen (University of Science and Technology of China); Guang-Can Guo (University of Science and Technology of China); Zheng-Fu Han (University of Science and Technology of China)[abstract]
**Abstract:**Among all existing quantum key distribution (QKD) protocols, the round-robin-differential-phase-shift (RRDPS) protocol is one of the unique protocols. Because it can be running without monitoring signal disturbance, which improves its tolerance of error rate and does well in the finite-key scenario. Considering that a tight finite-key analysis with a practical phase-randomized source is still missing, we propose an improved security proof of RRDPS against the most general coherent attack based on the entropic uncertainty relation. We also introduce Azuma’s inequality into our proof, which can tackle finite-key effects. The results indicate experimentally acceptable numbers of pulses are sufficient to approach the asymptotic bound closely. This method may be the optimal one in the finite-key analysis for the RRDPS protocol. - Encoding a qubit into the continuous variables of a single photonNicolas Fabre (Centre of New technologies, Warsaw University)[abstract]
**Abstract:**Encoding quantum information in continuous variables is intrinsically faulty. Nevertheless, redundant qubits can be used for error correction, as proposed in Phys. Rev. A 64, 012310 (2001). We show how to experimentally implement this encoding using time-frequency continuous degrees of freedom of photon pairs produced by spontaneous parametric down conversion. We illustrate our results using an integrated AlGaAs photon-pair source. We show how single qubit gates can be implemented and propose a theoretical scheme for correcting errors in a circuit-like and in a measurement-based architecture. Finally, I propose a teleportation-based quantum error correction protocol adapted for such grid states. - Analysis of the effects of temperature increase on quantum random number generatorYuanhao Li (State Key Laboratory of Mathematical Engineering and Advanced Computing); Yangyang Fei (State Key Laboratory of Mathematical Engineering and Advanced Computing); Weilong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing); Xiangdong Meng (State Key Laboratory of Mathematical Engineering and Advanced Computing); Hong Wang (State Key Laboratory of Mathematical Engineering and Advanced Computing); Qianheng Duan (State Key Laboratory of Mathematical Engineering and Advanced Computing); Zhi Ma (State Key Laboratory of Mathematical Engineering and Advanced Computing)[abstract]
**Abstract:**Quantum random number generator (QRNG) relies on the intrinsic randomness of quantum mechanics to produce true random numbers which are important in many fields. QRNGs with semiconductor light source have attracted a lot of attention due to their operational simplicity and high generation rate. However, the temperature of light source may vary due to imperfect devices and other factors. There is still a lack of study on the effects of temperature variations on the security of practical QRNG. We fill this gap by presenting a numerical method for studying the effects of temperature increase on the super-luminescent emitting diode (SLED) based QRNG and propose some strategies toward robust QRNG against temperature increase. - Automated testbench for checking vulnerability of single-photon detectors to bright-light attackKonstantin Zaitsev (Russian Quantum Center); Polina Acheva (Russian Quantum Center); Vadim Makarov (Russian Quantum Center)[abstract]
**Abstract:**Quantum attacks to single-photon detectors with bright-light are known for more than a decade. Many countermeasures were suggested to protect detectors, but the most of them can close some attacks with given parameters but not a whole attack group. To solve the problem we are developing automated testbench that emulates attacks by an eavesdropper Eve. It combines emission of pulse laser and continuous-wave laser and observes detector's response. In future we hope to automatically prepare reports on detectors' safety or show bright-light attacks that were not covered by detectors' countermeasures. - Beam tracking system using pan-tilt module and MEMS-based fast steering mirror in quantum key distributionMinchul Kim (Electronics and Telecommunications Research Institute); Kyongchun Lim (Electronics and Telecommunications Research Institute); Byung-Seok Choi (Electronics and Telecommunications Research Institute); Joong-Seon Choe (Electronics and Telecommunications Research Institute); Kap-Joong Kim (Electronics and Telecommunications Research Institute); Young-Ho Ko (Electronics and Telecommunications Research Institute); Ju Hee Baek (Electronics and Telecommunications Research Institute); Chun Ju Youn (Electronics and Telecommunications Research Institute)[abstract]
**Abstract:**Quantum key distribution (QKD) has been widely studied for its inherent security against eavesdropping. Among them, free-space QKD has been actively studied for its wide range of applications. For global-scale quantum network, satellite-to-ground quantum key distribution has been studied in major countries around the world. Also, due to recent progress on drone and autonomous vehicle technologies and applications, short to intermediate-range applications for small moving platforms are gaining more interests than before. For applying QKD on these platforms, one of the most challenging requirements is reducing the size and weight of the QKD system, including beam tracking components. In this study, we report a compact beam tracking system and its tracking performance on a moving transmitter. The coarse tracking part of the system consists of pan-tilt module and a CMOS camera. The fine tracking part consists of a MEMS-based fast steering mirror (FSM) and a quadrant-cell photodetector module. By using compact MEMS-based FSM, the size of the system was reduced to 15 × 15 × 30 cm and can be further reduced by using smaller optical components. For testing the tracking performance, transmitter on a moving platform was placed 1 m away from the fixed tracking system and moved at a constant speed along a circular track around the tracking system. A diverging 650 nm laser source on the transmitter was used as a tracking target for both coarse and fine tracking. When tracking the target moving at angular speed of 20 mrad/s, angular error was less than 0.12° and beam tracking induced optical loss into a multimode fiber was measured to be lower than 2.5 dB. - Quantum digital signatures with smaller public keysBoris Skoric (TU Eindhoven)[abstract]
**Abstract:**We introduce a variant of Gottesman-Chuang quantum signatures [GC01] in which we sign nonbinary symbols instead of bits. The public keys are fingerprinting states, just as in [GC01], but we allow for multiple ways to reveal the private key partially. This reduces the number of qubits expended per message bit. We give a security proof and we present numerical results that show how the improvement in public key size depends on the message length. - A Case Study of Quantum Key Distribution Operating in Private 5G Network SystemYU YU (TOSHIBA); Takahiro Yamaura (TOSHIBA); Ririka Takahashi (TOSHIBA); Yoshimichi Tanizawa (TOSHIBA)[abstract]
**Abstract:**In this paper, an experimental scenario of remote control with equipment operating at the manufacturing site over private 5G network has been demonstrated. To further enhance the security level, quantum key distribution (QKD) has been applied to this private 5G network system. The results reveal that QKD could be applicable to provide secure communications in private 5G network system for practical use. - Practical Quantum Key Distribution Secure Against Side ChannelsÁlvaro Navarrete (University of Vigo); Margarida Pereira (University of Vigo); Marcos Curty (University of Vigo); Kiyoshi Tamaki (University of Toyama)[abstract]
**Abstract:**There is a large gap between theory and practice in quantum key distribution (QKD) because real devices do not satisfy the assumptions required by the security proofs. We close this gap by introducing a simple and practical measurement-device-independent-QKD type of protocol, based on the transmission of coherent light, for which we prove its security against any possible imperfection and/or side channel from the quantum communication part of the QKD devices. Our approach only requires to experimentally characterize an upper bound of one single parameter for each of the pulses sent, which describes the quality of the source. Moreover, unlike device-independent (DI) QKD, it can accommodate information leakage from the users’ laboratories, which is essential to guarantee the security of QKD implementations. In this sense, its security goes beyond that provided by DI QKD, yet it delivers a secret key rate that is various orders of magnitude greater than that of DI QKD. - Near-maximal Polarization Entanglement for Device-Independent Quantum Key Distribution at 2.1 μmAdetunmise Dada (University of Glasgow); Jędrzej Kaniewski (University of Warsaw); Corin Gawith (Covesion Limited & University of Southampton); Martin Lavery (University of Glasgow); Robert H. Hadfield (University of Glasgow); Daniele Faccio (University of Glasgow); Matteo Clerici (University of Glasgow)[abstract]
**Abstract:**The ability to generate highly entangled states and access the full quantum state space is crucial for most advanced quantum information tasks. However, in the mid-infrared band, the capability for full state tomography or the demonstration of states that are sufficiently entangled, e.g., to allow positive secure key rates for entanglement-based quantum key distribution (QKD) have not been achieved to date. At a wavelength of 2.1 μm, we demonstrate full state tomography of two-photon states and show near-maximal violation of the Clauser-Horne-Shimony-Holt (CHSH) Bell inequality with an order-of-magnitude improvement over the state of the art in terms of the number of standard deviations above the classical limit. We obtain a positive secure-key rate for the first time using mid-infrared photons (0.417 bits/pair, with a quantum bit error rate of 5.43%) in a proof-of-principle device-independent (DI) QKD scenario, demonstrating the viability of DIQKD at 2.1 μm. We further exploit the quality of the entangled state by obtaining (via computations on the measured state) the violation of a new Bell inequality tailored for a weak or less-rigid form of self-testing, which is of fundamental interest. These results at 2.1 μm pave the way for robust, DI quantum information applications in the mid-infrared region. - Effect of Device Imperfection on Reference Frame Independent Quantum Key DistributionKyongchun Lim (ETRI); Byung-Seok Choi (ETRI); Ju Hee Baek (ETRI); Minchul Kim (ETRI); Joong-Seon Choe (ETRI); Kap-Joong Kim (ETRI); Young-Ho Ko (ETRI); Chun Ju Youn (ETRI)[abstract]
**Abstract:**Quantum key distribution (QKD) provides capability of secure communication between two remote locations. Depending on its applications, for the surroundings that fiber connection between two remote locations becomes impossible, QKD should be performed through free-space. Such QKD is called as free-space QKD. The applications corresponds to moving objects such as vehicle, aircraft, and satellite. In such free-space QKD, one fundamental characteristic is that transmitter and receiver are moving in real time. In case of conventional BB84 like QKD protocols requiring an identical reference frame between the transmitter and receiver, its performance can be affected by the moving characteristic because the relative movement causes reference frame deviation between them. This can be alleviated with active compensation of the reference frame, but it makes QKD system complex. In the protocol point of view, one has been proposed and it is called as reference frame independent (RFI) QKD. However, RFI QKD is based on ideal situation such as symmetric channels depending on encoded quantum states. This usually cannot achieved in real QKD system due to device imperfections. In this paper, we theoretically analyze how the device imperfections affect on the performance RFI QKD. In order to verify the theoretical analysis, we implement a free-space RFI QKD system with practical devices and identify the effect of device imperfections on RFI QKD. - Quantum authentication ticketsHazel Murray (Munster Technological University, Ireland); Jerry Horgan (Walton Institute, Ireland); Deirdre Kilbane (Walton Institute, Ireland); David Malone (Maynooth University, Ireland)[abstract]
**Abstract:**Ticket based authentication systems are used across the internet. They allow an entity or device to be issued a ticket which can be used to repeated authenticate to a service. We propose a quantum ticket algorithm (based on Gavinsky's coin scheme [1]) which offers protection against phishing, replay and man-in-the-middle attacks, and authentication with the service does not require either quantum or encrypted communication channels. It also provides in-built ticket expiration and graded step-up authentication depending on levels of trust and risk. - Towards high-dimensional QKD in deployed multicore fiberMujtaba Zahidy (Technical University of Denmark); Nicola Biagi (Istituto Nazionale di Ottica (CNR-INO), Florence, Italy); Antonio Mecozzi (Department of Physical and Chemical Sciences, University of L’Aquila, L’Aquila, Italy); Cristian Antonelli (Department of Physical and Chemical Sciences, University of L’Aquila, L’Aquila, Italy); Leif K. Oxenløwe (Technical University of Denmark); Alessandro Zavatta (Istituto Nazionale di Ottica (CNR-INO), Florence, Italy); Davide Bacco (Technical University of Denmark)[abstract]
**Abstract:**The demand for higher secret key rates, in conjunction with the need for extending the reach of quantum key distribution has led to the devising of multiple novel protocols. Most of these protocols make use of qubits, owing to the simplicity with which they can be encoded in quantum communication systems that are available today. On the other hand, high-dimensional quantum states, yet more challenging to generate and transmit, enable higher secret-key rates and are more robust against errors in the process of quantum key distribution. A promising implementation of high-dimensional QKD is the one based on path encoding in optical-fiber quantum channels [1], where the most straightforward choice would be the use of multiple fibers. This choice, however, is challenged by the intrinsic non-homogeneity of different fibers. A more practical alternative is the one offered by multi-core fiber (MCF) technology, which has matured in recent years in the context of space-division multiplexed classical optical communications. In both cases, a key requirement is that the relative phase between spatial paths is preserved, which requires some phase-stabilization procedure in the presence of propagation-induced random phase drift. High-dimensional QKD in MCFs has been recently investigated in [1], where 4-dimensional QKD on a 2-km-long MCF was demonstrated. This was possible thanks to a phase stabilization scheme in which the phase fluctuations of a co-propagating classical continuous-wave laser signal were monitored in order to compensate for the phase drift. The same stabilization system was successfully tested more recently in the unique SDM test-bed in L'Aquila [2], in Italy, on various strands of deployed MCFs, up to a total length of 26 km [2]. In this work, we aim at developing a real-time high-dimensional QKD system based on joint path and time-bin encoding in MCFs. By using two fiber cores and two time bins, we generate 4-dimensional states. - A generalized efficiency mismatch attack to bypass detection-scrambling countermeasureMd Abduhu Ruhul Fatin (Bangladesh Univ. of Engineering and Tech.); Shihan Sajeed (IQC, University of Waterloo)[abstract]
**Abstract:**Imperfections in the receiver setup of quantum cryptography systems may allow an eavesdropper to use it as a control parameter to attack the system. Mismatch of sensitivity in the receiver's photodetectors is one of the imperfections that can potentially be exploited by an eavesdropper. Published researches have shown that scrambling the role of the photodetectors in the receiver can be one of the countermeasure strategies to protect the system. In this work, we show that the proposed countermeasure can be bypassed if the attack is generalized by including more attack variables. Using experimental results from existing publications, we show that detector randomization effectively prevents the initial attack but fails to do so when Eve generalizes her attack strategy. Thus, unless new techniques are proposed to strengthen the existing detector-scrambling countermeasure strategies, it cannot guarantee security against detector efficiency mismatch based attacks. Our result and methodology could be used to security-certify a free-space quantum communication receiver against all types of detector-efficiency-mismatch type attacks. - Finite-size security proof of discrete-modulation continuous-variable quantum key distribution using only heterodyne measurementShinichiro Yamano (The University of Tokyo); Takaya Matsuura (The University of Tokyo); Yui Kuramochi (The University of Tokyo); Toshihiko Sasaki (The University of Tokyo); Masato Koashi (The University of Tokyo)[abstract]
**Abstract:**Recently the finite-size security of a continuous-variable quantum key distribution protocol was reported, in which homodyne measurement is used for generating raw key and heterodyne measurement for monitoring. Here we improve the security proof to allow the use of heterodyne measurement for both purposes. The new protocol not only simplifies the receiver apparatus but also alleviates the necessity of actively locking the phases of the sender's and the receiver's local oscillators. The comparison of the key rates of the two protocols shows that replacing homodyne measurement with heterodyne measurement worsens the channel loss dependence by only 1 dB, which is better than a naive expectation of a 3 dB penalty. - High Dimensional Quantum Key Distribution System Using Structured Light.MUHAMMAD KAMRAN KAMI (NED UNIVERSITY OF ENGINEERING & TECHNOLOGY); Dr. Muhammad Mubashir Khan (NED UNIVERSITY OF ENGINEERING & TECHNOLOGY); Dr. Tahir Malik (NED UNIVERSITY OF ENGINEERING & TECHNOLOGY)[abstract]
**Abstract:**When combined with well-established theories of contemporary physics, quantum key distribution (QKD) has emerged as a safe method for secret key distribution that may be used to protect sensitive information. Numerous fascinating and creative ideas have been suggested for QKD since its inception in 1984 to enhance the security and efficiency of the system while also taking into consideration its applications and practical implementation. To achieve longer communication distances in QKD without compromising its security, schemes with high error rates for long-distance communication have been developed. One such scheme is the so-called KMB09 protocol, which was developed to make use of higher dimensional photon states, which are not possible with the standard BB84 scheme. However, because of the unique architecture of the KMB09 protocol, no practical implementation of the protocol has yet been disclosed to the public. Here we present a framework for the realistic construction of a QKD system that operates in two or more dimensions of photon states and executes the KMB09 protocol with a decoy-state scheme. We describe the design of a KMB09 protocol-based QKD system and its simulation for practical implementation, which is based on the encoding of secret bits in higher-order Gaussian beam spatial modes, as well as the modeling of the system. We use orbital angular momentum (OAM) degree of freedom which is the most dynamic and easy handle feature that researchers utilize for the implementation of robust and state-of-the-art HD-QKD systems. Laguerre Gaussian, a higher-order Gaussian beam having special features associated with the OAM. Photons carrying OAM in Laguerre Gaussians beams can create several mutually unbiased basis (MUBs), which are extensively employed for protocol implementation. We constructed three MUBs in four-dimensional Hilbert space, one is reserved for a standard basis and the remaining two behave as a measurement basis. Besides this, we also used intensity variation for the generations of the qubits to employ the decoy-state scheme (vacuum plus weak coherent pulses), which relieves us from Photon Number Splitting (PNS) attack and also helped in the safe transfer of secret keys. The suggested framework is assessed particularly in terms of efficiency or success rate while dealing with photon states in two and four dimensions. Here we initially plot the number of iterations data on fixed qubits length in comparison with the efficiency of the HD protocol (KMB09) observed during simulation per iteration. We also plot the percentage error of the simulated efficiency and the efficiency of the analytical model of the KMB09 based system. We discover that the simulation results using our proposed framework are consistent with the numerical and analytical findings obtained using the same QKD model that was previously published. We have so far reached our first milestone that is the development of the HD-QKD system based on the KMB09 protocol. Now we are focusing on the error rates developed in the system due to intrusion and also handle attacks like intercept-resend-attacks. We will also incorporate losses due to turbulence in the quantum channel of our free space HD QKD system in the future. - Security analysis of a CV-QKD downstream access networkYundi Huang (Beijing University of Posts and Telecommunications); Tao Shen (Beijing University of Posts and Telecommunications); Xiangyu Wang (Beijing University of Posts and Telecommunications); Ziyang Chen (Peking University); Bingjie Xu (Institute of Southwestern Communication); Song Yu (Beijing University of Posts and Telecommunications); Hong Guo (Peking University)[abstract]
**Abstract:**Quantum key distribution (QKD) which enables the secure distribution of symmetric keys between two legitimate parties is of great importance in future network security [1, 2]. Access network that connects multiple end-users with one network backbone can be combined with QKD to build security for end-users in a scalable and cost-effective way. Access network can have upstream stream transmission direction and downstream transmission direction. For upstream transmission, signals are transmitted from the end-users optical network units (ONUs), combined at the optical distribution network (ODN), and then forwarded to the optical line terminal (OLT) through single fiber. For downstream transmission direction, signals are sent from the OLT and separated at the ODN, then distributed to ONUs in the network. Though previous QKD access network demonstrations are all based on upstream transmission direction [3], the downstream access network on the other hand may offer extra advantages, since no time multiplexing technique is applied, the crosstalk is minimized, also, only passive beam- splitter is sufficient to distribute the signals, and no active controls or calibrations are required at the intermediate optical distribution network node, signals are simply broadcasted to the ONUs [4]. However, it is not straight- forward to integrate QKD into the downstream access network, for discrete-variable QKD, the quantum signals cannot be deterministically distributed to the ONUs. More importantly, since every ONU gets a copy of the transmitted quantum signals, it is crucial that the final secret key is private against other ONUs in the downstream access network. Here, we prove that QKD downstream access network can be realized by using continuous-variable (CV) QKD [5], the corresponding implementation can deterministically perform QKD [6] with the activated ONU, the network still only applies passive beamsplitter to distribute quantum signals. The secrecy against other parties in the network is achieved by considering a reinforced Eve during the security analysis. The security analysis can be conducted with only the optical line terminal and the activated ONU, and no other parties assistances are required. Our work provides the security analysis framework for realizing QKD in the downstream access network which will boost the diversity for constructing practical QKD networks. This work was supported by the Key Program of National Natural Science Foundation of China under Grant No. 61531003, National Natural Science Foundation of China under Grant No. 62001041, China Postdoctoral Science Foundation under Grant No. 2020TQ0016, Sichuan Science and Technology Program under Grant No. 2020YFG0289 and the Fund of State Key Laboratory of Information Photonics and Optical Communications. [1] V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dusek, N. Lütkenhaus, and M. Peev, The security of practical quantum key distribution, Rev. Mod. Phys. 81, 1301 (2009). [2] F. Xu, X. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, Secure quantum key distribution with realistic devices, Rev. Mod. Phys. 92, 025002 (2020). [3] B. Fr¨ohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 69-72 (2013). [4] ITU. G.984.1: Gigabit-capable passive optical networks (gpon): General characteristics. ITU-T (2008). [5] S. Pirandola, et al., Advances in quantum cryptography, Adv. in Opt. and Photon. 12, 1012 (2020). [6] Y. Zhang, et al., Continuous-variable QKD over 50km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019). - Strengthening practical continuous-variable quantum key distribution against measurement angular errorTao Shen (Beijing University of Posts and Telecommunications); Yundi Huang (Beijing University of Posts and Telecommunications); Xiangyu Wang (Beijing University of Posts and Telecommunications); Huiping Tian (Beijing University of Posts and Telecommunications); Ziyang Chen (Peking University); Song Yu (Beijing University of Posts and Telecommunications)[abstract]
**Abstract:**Continuous-variable quantum key distribution (CV-QKD) provides a way for two remote participants called Alice and Bob to establish symmetric keys through an unsafe channel \cite{weedbrook2012gaussian,grosshans2003quantum}. Continuous-variable quantum key distribution (CV-QKD) based on commercial devices such as lasers and coherent detectors is moving towards practical. Experimental implementation of the CV-QKD systems using Gaussian-modulated coherent states (GMCS) has made significant progress recently \cite{zhang2019continuous}. At the mean time, the problems of performance degradation caused by imperfections of those experimental devices remain unsolved absolutely \cite{pirandola2020advances}. A non-orthogonal measurement angular error between quadrature components $X$ and $P$ from coherent detection is always ignored in the current experimental scheme. The optical phase shifter that constantly rotates the local oscillator phase is a necessity in continuous-variable quantum key distribution systems using heterodyne detection. In previous experimental implementations, the optical phase shifter is generally regarded as an ideal passive optical device that perfectly rotates the phase of the electromagnetic wave of $90^\circ$ \cite{wang2020high}. However,under the action of external force, the fibre is stretched or compressed within the elastic deformation range, and parameters such as the fibre change's geometrical size and refractive index change, thus causing the phase change of the transmitted signal in the fibre. Therefore, the phase shifter is somewhat susceptible to environmental changes and can hardly shift the phase by $90^\circ$ exactly Considering this, we propose a concrete interpretation of measurement angular error in practical systems and the corresponding entanglement-based description. Simultaneously, an estimation method of the measurement angular error and corresponding compensation scheme are demonstrated in some ways. We conclude that measurement angular error severely degrades the security, but the proposed calibration and compensation method can significantly help improve the performance of the practical CV-QKD systems. Undoubtedly, it is worth observing that our work is to strengthen practical security resulted from devices' imperfection. - Practical security of a chip-based continuous-variable quantum key distribution systemLang Li (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, People’s Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, People’s Republic of China); Peng Huang (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, People’s Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, People’s Republic of China); Tao Wang (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, People’s Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, People’s Republic of China); Guihua Zeng (Center for Quantum Sensing and Information Processing, State Key Laboratory of Advanced Optical Communication Systems and Networks, Shanghai Jiao Tong University, Shanghai 200240, People’s Republic of China and Shanghai Research Center for Quantum Sciences, Shanghai 201315, People’s Republic of China)[abstract]
**Abstract:**A chip-based continous-variable quantum-key-distribution (CVQKD) system with a high practical confidentiality performance is crucial for constructing quantum metropolitan communication networks, but imperfections in the chip-based modulation will threaten the practical security of the chip-based CVQKD system. In this paper, we combine the plasma dispersion effect of free carriers to model the carrier fluctuations and reveal the essential mechanism of carrier fluctuations’ influence on the system. The simulations show that the chip-based CVQKD system may face potential loophole threats or its performance will dramatically decrease under different carrier fluctuations. Moreover, two preliminary defense strategies are proposed to completely solve the practical security problems commonly induced by modulators in general chip-based CVQKD systems. This work proposes a set of modeling and analysis methods for general chip-based CVQKD systems’ modulators, which provides constructive methods to build the chip-based CVQKD system with more rigorous practical security. - MIMO Terahertz Quantum Key DistributionNeel Kanth Kundu (Department of Electronic and Computer Engineering, The Hong Kong University of Science and Technology); Soumya P. Dash (School of Electrical Sciences, Indian Institute of Technology Bhubaneswar); Matthew R. McKay (Department of Electronic and Computer Engineering, The Hong Kong University of Science and Technology); Ranjan K. Mallik (Department of Electrical Engineering, Indian Institute of Technology Delhi)[abstract]
**Abstract:**We propose a multiple-input multiple-output (MIMO) quantum key distribution (QKD) scheme for improving the secret key rates and increasing the maximum transmission distance for terahertz (THz) frequency range applications operating at room temperature. We propose a transmit beamforming and receive combining scheme that converts the rank-$r$ MIMO channel between Alice and Bob into $r$ parallel lossy quantum channels whose transmittances depend on the non-zero singular values of the MIMO channel. The MIMO transmission scheme provides a multiplexing gain of $r$, along with a beamforming and array gain equal to the product of the number of transmit and receive antennas. This improves the secret key rate and extends the maximum transmission distance. Our simulation results show that multiple antennas are necessary to overcome the high free-space path loss at THz frequencies. Positive key rates are achievable in the $10-30$ THz frequency range that can be used for both indoor and outdoor QKD applications for beyond fifth generation ultra-secure wireless communications systems. - Dynamic polarization control for free-space continuous-variable quantum key distributionShiyu Wang (Shanghai Jiao Tong University); Peng Huang (Shanghai Jiao Tong University); Tao Wang (Shanghai Jiao Tong University); Guihua Zeng (Shanghai Jiao Tong University)[abstract]
**Abstract:**We propose a dynamic polarization control scheme for free-space continuous-variable quantum key distribution and verify its validity via simulations and an experiment performed over a 150 m free-space channel. The results indicate the capability of the scheme to effectively control the states of polarization for free-space continuous-variable quantum communication. - A Software Tool for Mapping and Executing Distributed Quantum Computations on a Network SimulatorDavide Ferrari (University of Parma); Saverio Nasturzio (University of Parma); Michele Amoretti (University of Parma)[abstract]
**Abstract:**The growing demand for large-scale quantum computers is motivating research on distributed quantum computing (DQC) architectures. To support the research community in the design and evaluation of distributed quantum protocols, many simulators have been devised. However, the process of setting up a simulation requires strong expertise in the simulator itself, thus being inconvenient for those who are only interested in protocol evaluation or in the design of supporting tools such as quantum compilers. In this work, we present DQC Executor, a software tool that accepts as input the description of the network and the code of the algorithm, and then executes the simulation. The tool automatically constructs the network topology and maps the computation onto it, in a framework-agnostic way and transparently to the user. DQC Executor currently supports automatic deployment of distributed quantum algorithms to the NetSquid simulator. - Code efficiency, frame error rate and secure key rateHossein Mani (Technical University of Denmark); Tobias Gehring (Technical University of Denmark); Ulrik L. Andersen (Technical University of Denmark); Bernhard Oemer (Austrian Institute of Technology); Christoph Pacher (Austrian Institute of Technology)[abstract]
**Abstract:**See the short abstract in the attached file. In this poster, we present the finite length efficiency of some of our codes and show how it can improve the secret key rate. For this, the FER performance of some of these codes is plotted versus the efficiency and then we plot the secret key rate versus distance by replacing our codes with other existing codes in the literature. - A Multi-Valued Quantum Fully Homomorphic Encryption SchemeYuanjing Zhang (Beihang University); Tao Shang (Beihang University); Jianwei Liu (Beihang University)[abstract]
**Abstract:**Fully homomorphic encryption enables computation on encrypted data while maintaining secrecy. This leads to an important open question whether quantum computation can be delegated and verified in a non-interactive manner or not. In this paper, we affirmatively answer this question by constructing quantum fully homomorphic encryption (QFHE) schemes with quantum obfuscation. For different scenarios, we propose two QFHE schemes with multi-valued quantum point obfuscation. One is with single-qubit point obfuscation and the other is with multi-qubit point obfuscation. The correctness of two QFHE schemes is proved theoretically. The evaluator does not know the decryption key and does not require a regular interaction with a user. The output state has the property of complete mixture, which guarantees the security. Moreover, the security level of the QFHE schemes depends on quantum obfuscation and encryption operators. - Entropy bounds for multipartite device-independent cryptographyFederico Grasselli (Heinrich Heine University Dusseldorf); Gláucia Murta (Heinrich Heine University Dusseldorf); Hermann Kampermann (Heinrich Heine University Dusseldorf); Dagmar Bruss (Heinrich Heine University Dusseldorf)[abstract]
**Abstract:**When the outcomes of a set of parties measuring their local quantum systems exhibit non-local correlations by violating a Bell inequality, one can infer that such outcomes are secret to some extent. This is at the core of the security of many device-independent (DI) protocols, such as DI randomness expansion and DI conference key agreement. We quantify the amount of secret randomness in the parties’ outcomes by analytically computing their conditional von Neumann entropies as a function of the Bell violation, for different Bell inequalities. - A quantum key distribution simulator for BB84-type protocols with decoy statesFlorian Prawits (AIT Austrian Institute of Technology)[abstract]
**Abstract:**BB84-type DV-QKD protocols that implement weak coherent laser pulses as the carrier for the encoded information are severely limited in their maximally achievable transmission distance due to the inherent threat of photon number splitting (PNS) attacks. This potential weakness can be elegantly eliminated by the adaption of the protocol to include so-called decoy states (DS) in the transmission. These decoy states allow Alice and Bob to probe their transmission channel and statistically infer whether a PNS type attack is occurring, thus precluding Eve from successfully using this strategy. The added degrees of freedom of deciding how often to send decoy states and which intensities to use for them however further complicates the already complex task of predicting the impact on protocol performance and finding a set of suitable parameters to achieve optimal secret key rates (skr). In order to predict optimal performance, as a function of characteristics of the QKD setup like channel losses and device imperfections, state preparation fidelity, decoy state parameters and finite size effects, the software simulator pyDSsim has been developed. The tool is written in Python and implements the recent security proof framework introduced in [1,2]. The software can be scripted from the command line or used via a graphical user interface (GUI: QT5 framework) for easy exploration via parametrized x-y plots of over 40 different variables, allowing a comprehensive evaluation of their interdependencies. The main feature however is the option to numerically compute the set of protocol variables for a given QKD-setup which maximizes the secret key rate under constraints typical for practical implementations: fixed block sizes or fixed acquisition times for the raw key. To this end two different algorithms (differential-evolution [3] and L-BFGS-B [4]) are utilized, allowing for a cross-check of the acquired results and choice between speed and accuracy of the approach. References [1] Rusca, D., Boaron, A., Grünenfelder, F., Martin, A. & Zbinden, H. Finite-key analysis on the 1-decoy state QKD protocol. Appl. Phys. Lett. 112, 171104 (2018) [2] Lim, C. C. W., Curty, M., Walenta, N., Xu, F. & Zbinden, H. Concise security bounds for practical decoy-state quantum key distribution. Phys. Rev. A 89, 022307 (2014) [3] R. H. Byrd, P. Lu and J. Nocedal. A Limited Memory Algorithm for Bound Constrained Optimization, (1995), SIAM Journal on Scientific and Statistical Computing, 16, 5, pp. 1190-1208. [4] Storn, R and Price, K, Differential Evolution - a Simple and Efficient Heuristic for Global Optimization over Continuous Spaces, Journal of Global Optimization, 1997, 11, 341 - 359. - Genome Sequence Data Storage System using distributed storage system on QKD networkKazuaki Doi (toshiba corporation); Ririka Takahashi (toshiba corporation); Akira Murakami (toshiba corporation); Mamiko Kujiraoka (toshiba corporation); Alexander R. Dixon (toshiba corporation); Yoshimichi Tanizawa (toshiba corporation); Hideaki Sato (toshiba corporation); Muneaki Shimada (Tohoku University); Yasunobu Okamura (Tohoku University); Fuji Nagmi (Tohoku University); Mikio Fujiwara (NICT)[abstract]
**Abstract:**We developed a genome sequence data storage system using a distributed storage system on a quantum key distribution (QKD) network and have successfully demonstrated secure storage and data reconstruction for genome sequence data. The proposed system thus has potential for use as a distributed storage system in genome analysis. - High effective efficiency LDPC codes for CV-QKDThomas Symul (QuintessenceLabs); Andrew M. Lance (QuintessenceLabs); Sarah Johnson (University of Newcastle)[abstract]
**Abstract:**High efficiency error reconciliation, typically achieved by using Multi Edge Low Density Parity Codes (ME-LDPC), is necessary for CV-QKD to reach large transmission distance. The commonly accepted definition of the efficiency, however, is problematic as it does not take into account the Frame Error Rate (FER) of LDPC, and therefore is theoretically and provably unbounded (i.e. can tend to infinity), if one can accept increasingly larger FER. Here we report new ME-LDPC code construction allowing high efficiency (>0.91) with very low FER (<0.008), allowing for a large effective efficiency, over a large continuous range of SNR (between -20.5dB to -6dB). - Qubit-based clock synchronization for QKD systems using a Bayesian approachRoderick D. Cochran (The Ohio State University); Daniel J. Gauthier (Ohio State University)[abstract]
**Abstract:**Quantum key distribution (QKD) provides a method for two users to exchange a provably secure key, which requires synchronizing the user’s clocks. Qubit-based synchronization protocols directly use the transmitted quantum states and thus avoid the need for additional classical synchronization hardware, but previous approaches sacrifice secure key either directly or indirectly. Here, we introduce a Bayesian probabilistic algorithm that incorporates all published information to efficiently find the clock offset without sacrificing any secure key [1]. Additionally, the output of the algorithm is a probability, which allows us to quantify our confidence in the synchronization. For demonstration purposes, we present a model system with accompanying simulations of an efficient three-state BB84 prepare-and-measure protocol with decoy states. Our algorithm exploits the correlations between Alice’s published basis and mean photon number choices (which must already be published for the protocol) and Bob’s measurement outcomes to probabilistically determine the most likely clock offset. We perform cross-correlations using Fast Fourier Transforms to count the number of each type of event pairing for each potential offset (e.g., how many times Alice sent a decoy state in the horizontal/vertical polarization basis and Bob registered a click in the horizontal detector). Taking these along with a lookup table for the probabilities of the different event pairings, we determine the synchronization probability of the different potential offsets using Bayesian analysis. In our simulations, we find that we can achieve a 95% synchronization confidence using a string length of only 4,140 communication bin widths, meaning we can tolerate clock drift approaching 1 part in 4,140 in this example when simulating this system with a dark count probability per communication bin width of 8⨉10-4 and a received mean photon number of 0.01. The relationship between the received mean photon number and the number of communication bin widths required to achieve a 95% synchronization confidence is shown in Fig. 1. - Training a quantum workforce: Towards BB84 for engineering studentsLukas Mairhofer (FH Technikum Wien)[abstract]
**Abstract:**In this poster we will present a truly quantum hands-on setup for training engineering students in quantum cryptography with the BB84 protocol. We supplement this setup with a web-based simulation of the protocol which will be available to the public. - Hacking the self-differencing avalanche detectors via pulse illuminationBinwu Gao (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Anqi Huang (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Zhihao Wu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Yingwen Liu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Weixu Shi (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Ping Xu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China); Junjie Wu (Institute for Quantum Information & State Key Laboratory of High Performance Computing, College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China)[abstract]
**Abstract:**Quantum key distribution (QKD) has been proved to be information-theoretically secure in theory. In practice, the self-differencing avalanche photodiode detectors (SD-APDs) are commonly used in high-speed QKD systems. However, we experimentally show that the SD- APD under test can be successfully hacked by the pulse-illumination attack. This attack might compromise the security of a high-speed QKD system with SD-APDs. This study also indicates that the best-practice criteria for practical security of SD-APDs might take the threat of pulse-illumination attack into account. - Certification of Random Number Generators using Machine LearningNg Hong Jie (National University of Singapore); Raymond Ho (National University of Singapore); Syed M Assad (The Australian National University); Ping Koy Lam (The Australian National University); Omid Kavehei (ARC Training Centre for Innovative BioEngineering, School of Biomedical Engineering, The University of Sydney); Wang Chao (National University of Singapore); Nhan Duy Truong (ARC Training Centre for Innovative BioEngineering, School of Biomedical Engineering, The University of Sydney); Jing Yan Haw (National University of Singapore)[abstract]
**Abstract:**Two coveted qualities for a random number generator (RNG) are uniformity and unpredictability. A Pseudo-RNG (PRNG) produces a uniform output, but it is predictable when one has knowledge of the seed and implementation parameters. While a quantum-RNG (QRNG) produces an unpredictable output, it is not necessarily uniform and hence typically requires randomness extraction. We examine these two aspects in RNGs by utilizing a machine learning cryptanalysis, showing the applicability of the tool in uncovering hidden correlations and implementation failures. - Postselection Strategies for Continuous-Variable Quantum Key Distribution Protocols with Quadrature Phase-Shift Keying ModulationFlorian Kanitschar (TU Wien / AIT - Austrian Institute of Technology); Christoph Pacher (AIT - Austrian Institute of Technology)[abstract]
**Abstract:**Continuous-variable quantum key distribution with phase-shift keying modulation is a promising candidate for practical applications of quantum cryptography due to high compatibility with existing telecommunication infrastructure. It is known that postselection, i.e., omitting those parts of the raw key where an adversary might have gained more information than the communicating parties, can improve the secure key rate significantly. We introduce a new cross-shaped postselection strategy and use a recent numerical security proof framework to compare it to other existing postselection strategies. Furthermore, we provide novel analytical results for the operators that define the respective postselection regions in phase space for each of the postselection strategies, enabling a quicker evaluation without introducing additional numerical errors. Motivated by the high computatoinal effort for the error-correction phase, we point out how postselection can be used to reduce the raw key (so, the data that has to be error-corrected) significantly without lowering the secure key rate considerably. As therefore Bob uses his measurement outcomes directly without requiring any additional computations, the cross-shaped scheme can be implemented easily both in new and existing QKD systems. - Quantum key distribution with a bright source of telecom single photons based on quantum frequency conversionChristopher L. Morrison (Heriot-Watt University); Francesco Graffitti (Heriot-Watt University); Zhe Xian Koong (Heriot-Watt University); Nick G. Stoltz (University of California, Santa Barbara); Roberto G. Pousa (University of Strathclyde); Dirk Bouwmeester (Leiden University); Luca Mazzarella (California Institute of Technology); John Jeffers (University of Strathclyde); Daniel K. L. Oi (University of Strathclyde); Alessandro Fedrizzi (Heriot-Watt University); Brian D. Gerardot (Heriot-Watt University)[abstract]
**Abstract:**We demonstrate fibre-based quantum key distribution over 175 km using a bright frequency converted quantum dot single-photon source. The source is capable of producing count rates approaching 2 MHz at 1550 nm with second order correlations on the order of 3%. This allows for a measured key rate of 130 bps (100 kbps) at 175 km (50 km) in the asymptotic regime using static encoding and predicted positive key rate out to 188 km. This can be extended to 240 km using ultra-low loss fibre based on the measured source parameters. - Single trusted qubit is necessary and sufficient for quantum realisation of extremal no-signaling statisticsMichał Banacki (University of Gdańsk, International Centre for Theory of Quantum Technologies, Faculty of Mathematics, Physics and Informatics); Ravishankar Ramanathan (The University of Hong Kong, Department of Computer Science); Ricard Ravell Rodriguez (University of Gdańsk, International Centre for Theory of Quantum Technologies); Paweł Horodecki (University of Gdańsk, International Centre for Theory of Quantum Technologies; Gdańsk University of Technology, Faculty of Applied Physics and Mathematics, National Quantum Information Centre)[abstract]
**Abstract:**We consider quantum statistics from the perspective of post-quantum no-signaling theories in which either none or only a certain number of systems are trusted. These scenarios can be fully described by so-called no-signaling boxes or no-signaling assemblages respectively. It has been shown so far that in the usual Bell non-locality scenario with a single measurement run, quantum correlations can never reproduce an extremal non-local point within the set of no-signaling boxes. We provide here a general no-go rule showing that the latter stays true even if arbitrary sequential measurements are allowed. On the other hand, we prove a positive result showing that already a single trusted qubit is enough for quantum theory to produce a self-testable extremal point within the corresponding set of no-signaling assemblages. This result provides a tool that opens up possibilities for security proofs of cryptographic protocols against general no-signaling adversaries in semi-device-independent scenarios. - Bounds on device-independent quantum key distribution rates for devices and channelsEneet (Kaur); Karol (Horodecki); Siddhartha Das (Université libre de Bruxelles)[abstract]
**Abstract:**In this work, we develop upper bounds for key rates for device-independent key distribution protocols, devices, and channels. We study the reduced cc-squashed entanglement and show that it is a convex functional. As a result, we show that the convex hull of the currently known bounds is a tighter upper bound on the device-independent key rates of standard CHSH-based protocol. We further provide tighter bounds for DIQKD key rates achievable by any protocol applied to the CHSH-based device. This bound is based on reduced relative entropy of entanglement optimized over decompositions into local and non-local parts. In the scenario of quantum channels, we obtain upper bounds for device-independent private capacity for the CHSH based protocols. We show that the DI private capacity for the CHSH based protocols on depolarizing and erasure channels is limited by the secret key capacity of dephasing channels. - Resource analysis for quantum-aided Byzantine agreementZoltán Guba (Budapest University of Technology and Economics, Budapest, Hungary); István Finta (Nokia Bell Labs, Budapest, Hungary); Ákos Budai (Budapest University of Technology and Economics, Budapest, Hungary); Lóránt Farkas (Nokia Bell Labs, Budapest, Hungary); Zoltán Zimborás (Budapest University of Technology and Economics, Budapest, Hungary); András Pályi (Budapest University of Technology and Economics, Budapest, Hungary)[abstract]
**Abstract:**In distributed computing, a Byzantine fault is a condition where a component behaves inconsistently, showing different symptoms to different components of the system. Consensus among the correct components can be reached by appropriately crafted communication protocols, even in the presence of byzantine faults. Quantum-aided protocols built upon distributed entangled quantum states are worth considering, as they are more resilient than traditional ones. Based on earlier ideas, here we introduce a parameter-dependent family of quantum-aided weak broadcast protocols, and prove their security. We analyze the resource requirements as functions of the protocol parameters, and locate the parameter range where these requirements are minimal. Hence, our work illustrates the engineering aspects of future deployments of such protocols in practice. Following earlier work demonstrating the suitability of noisy intermediate-scale quantum (NISQ) devices for the study of quantum networks, we show how to prepare our resource quantum state on publicly available IBM quantum computers. We outline follow-up tasks toward practical quantum-aided byzantine fault tolerance. - Resilient Chip‐Scale QKD with Integrated Hacking PreventionFriederike Jöhlinger (University of Bristol); Lawrence Rosenfeld (University of Bristol); Henry Semenenko (University of Bristol); Djeylan Aktas (University of Bristol); John Rarity (University of Bristol)[abstract]
**Abstract:**Recently, the first integrated Measurement Device Independent Quantum Key Distribution (MDI QKD) system has been implemented here in Bristol (Semenenko, 2020). To build on this result and work towards improved security and key rates, a new indium phosphide (InP) transmitter chip has been designed for a second-generation MDI QKD implementation. The new chip contains two laser sources, including a distributed feedback laser to allow for faster pulsing and high-speed phase modulators with a bandwidth of up to 30 GHz. With the new lasers and phase modulators a higher pulse rate will be achieved, leading to better key rates. Additionally, an on-chip photodiode can be used to monitor incoming light. This makes the chip much more resilient against hacking attacks, such as a Trojan Horse or Laser Damage Attacks. Since MDI QKD is intrinsically protected against detector attacks, this means that this new MDI QKD system will show great security overall. - Categorical composable cryptographyAnne Broadbent (University of Ottawa); Martti Karvonen (University of Ottawa)[abstract]
**Abstract:**In arXiv:2105.05949, we initiate a categorical study of composable security definitions in cryptography. We formalize the simulation paradigm of cryptography in terms of category theory and show that protocols secure against abstract attacks form a symmetric monoidal category, thus giving an abstract model of composable security definitions in cryptography. Our model is able to incorporate computational security, set-up assumptions and various attack models such as colluding or independently acting subsets of adversaries in a modular, flexible fashion. Amongst other benefits, the categorical language allows using string diagrams to prove results cryptographically: in particular, we can promote "figures illustrating the proof" found in the cryptographic literature into honest proofs. - Software tool for the performance evaluation of satellite quantum key distribution linksAndrea Stanco (Università degli Studi di Padova); Giulio Foletto (Università degli Studi di Padova); Alessia Scriminich (Università degli Studi di Padova); Lorenzo Dal Corso (Qascom S.r.l.); Luca Canzian (Qascom S.r.l.); Francesco Petroni (Sitael S.p.A.); Giuseppe Piscopiello (Sitael S.p.A.); Gilles Mariotti (Sitael S.p.A.); Luca De Filippis (Sitael S.p.A.); Giuseppe Vallone (Università degli Studi di Padova); Paolo Villoresi (Università degli Studi di Padova)[abstract]
**Abstract:**The 18-month project called PROtocols for Space sEcure Quantum cOmmunication (PROSEQO), funded by the European Space Agency, was coordinated by the University of Padova with Sitael and Qascom as industrial partners. The scope of the project was to assess the protocols feasible for Satellite QKD and then realize an analytical model to describe all the elements that contribute to the Secret Key Rate (SKR). The analytical model was integrated in a dedicated software able to get several input parameters and orbit descriptions and calculate the final SKR. The software was tested in 10 different case studies. Therefore, this can be a useful tool for future Satellite QKD missions as a preliminary step to evaluate mission feasibility. It could also be the starting point for a numerical overview on the practicability of a satellite QKD infrastructure. - A Quantum-Prover Interactive Proof for Simon's ProblemSamuel Ducharme (Université de Montréal)[abstract]
**Abstract:**Simon's problem is one of the few black-box problems known to be in BQP but not in BPP. Although Simon's algorithm can be used to solve this problem efficiently, it isn't so easy for someone with access to a large-scale quantum computer (the prover) to convince someone whose computing power is in BPP (the verifier) of the validity of their computation. I present an interactive protocol that aims to accomplish this goal if the verifier has access to a quantum computer with a constant number of qubits. This protocol adapts some of the known techniques using quantum authentication schemes for non-black-box problems. It also uses a novel technique that consists of randomly doing “trap rounds” that are similar to Simon's algorithm iterations but instead ask the prover to call the black-box function on a randomly-generated polynomial-size superposition state chosen so that the verifier can detect the prover's attempts at cheating. - Actively-Stabilised Variable-Asymmetry Mach-Zehnder Interferometer for QKD Device CharacterisationSophie Albosh (University of York and National Physical Laboratory); T.P. Spiller (University of York); C.J. Chunnilall (National Physical Laboratory)[abstract]
**Abstract:**Please see the attached pdf version of the extended abstract. - Preparing Indistinguishable States for a Prepare-and-Measure BB84 Polarization-Based Decoy State QKD Protocol Using Three FPGA-Driven LEDsDaniel Sanchez-Rosales (Ohio State University); Roderick D. Cochran (Ohio State University); Daniel J. Gauthier (Ohio State University)[abstract]
**Abstract:**Quantum key distribution (QKD) systems provide a method for two users to exchange a provably secure key that can be used to securely exchange a cryptographic key. In prepare-and-measure QKD protocols, the indistinguishability of states is an important aspect for preventing side-channel attacks. Here we consider the indistinguishability of states in a prepare-and-measure three-state BB84 polarization-based decoy state protocol using light-emitting diodes (LEDs). In addition, our system is designed to operate under size, weight, and power (SWaP) restrictions such as that needed for drone-based QKD. Our setup uses three separate LEDs driven by a field-programmable gate array (FPGA) that go through different optical paths that set the state of polarization. Each LED is connected to two GPIO pins via a different resistive path. By setting one pin to high impedance and driving the other with a nanosecond-scale electrical signal, we can choose between signal and decoy states. We can thus send 3 signal states, 3 decoy states, and 3 vacuum states, using only 3 separate sources driven by a single low-cost and light-weight FPGA. We must guarantee that these sources are indistinguishable from each other in the spatial, spectral, and temporal degrees-of-freedom on the photon. We make them nearly indistinguishable by passing the 3 photonic wavepackets through the same single-mode fiber and 1-nm-bandwith spectral filter, and use dynamic shifting of the FPGA phase-locked-loops to control the phase and the width of the electrical pulses that drive the LEDs, which allows us to control the optical pulses produced by the LEDs. We control the timing of the photonic wavepackets to a resolution of 250 ps. To quantify spectral indistinguishability, we measure filtered spectra for all states, which are overlaid in Fig. 1a, and find that their overlap is 94.6%. To measure the temporal indistinguishability, we drive a single LED with a 10 ns wide electrical signal at a repetition rate of 12.5 MHz. The resulting photonic wavepacket is measured by a single-photon detector whose electrical output is measured by a time-to-digital converter and histogrammed. The temporal waveforms of all 6 states are overlaid and shown in Fig. 1b with a measured overlap of 97.1%. - A Quantum Key Distribution Testbed using a Plug-and-Play Telecom-wavelength Single-Photon SourceTimm Kupko (TU Berlin); Lucas Rickert (TU Berlin); Felix Urban (TU Berlin); Jan Große (TU Berlin); Nicole Srocka (TU Berlin); Sven Rodt (TU Berlin); Anna Musial (Wroclaw University); Kinga Zolnacz (Wroclaw University); Pawel Mergo (Marie Curie Sklodowska University); Kamil Dybka (Fibrain Sp. z o.o.); Waclaw Urbanczyk (Wroclaw University); Grzegorz Sek (Wroclaw University); Sven Burger (Zuse Institute Berlin); Stephan Reitzenstein (TU Berlin); Tobias Heindel (TU Berlin)[abstract]
**Abstract:**Deterministic solid-state quantum light sources are key building blocks in photonic quantum technologies. While several proof-of-principle experiments of quantum communication using such sources have been realized, all of them required bulky setups. Here, we evaluate for the first time the performance of a compact and stand-alone fiber-coupled single-photon source emitting in the telecom O-band (1321nm) for its application in quantum key distribution (QKD). For this purpose, we developed a compact 19” rack module including a deterministically fiber-coupled quantum dot single-photon source integrated into a Stirling cryocooler, a pulsed diode laser for driving the quantum dot, and a fiber-based spectral filter. We further employed this compact quantum light source in a QKD testbed designed for polarization coding via the BB84 protocol resulting in g20 = 0.10+\-0.01 and a raw key rate of up to 4.72(13)kHz using an external laser for excitation. In this setting we investigate the achievable performance expected in full implementations of QKD. Using 2D temporal filtering on receiver side, we evaluate optimal parameter settings for different QKD transmission scenarios taking also finite key size effects into account. Using optimized parameter sets for the temporal acceptance time window, we predict a maximal tolerable loss of 23.19dB. Finally, we compare our results to previous QKD systems using quantum dot single-photon sources. Our study represents an important step forward in the development of fiber-based quantum-secured communication networks exploiting sub-Poissonian quantum light sources. - QuNet: Mobile Free-Space Quantum Communication SystemChristopher Spiess (Fraunhofer IOF); Sebastian Toepfer (Fraunhofer IOF); Sakshi Sharma (Fraunhofer IOF); Thomas Grafenauer (AIT Austrian Institute of Technology GmbH); Roland Lieger (AIT Austrian Institute of Technology GmbH); Bernhard Ömer (AIT Austrian Institute of Technology GmbH); Stefan Petscharnig (AIT Austrian Institute of Technology GmbH); Manuel Warum (AIT Austrian Institute of Technology GmbH); Christoph Pacher (AIT Austrian Institute of Technology GmbH); Andrej Krzic (Fraunhofer IOF); Gregor Sauer (Fraunhofer IOF); Matthias Goy (Fraunhofer IOF); René Berlich (Fraunhofer IOF); Teresa Kopf (Fraunhofer IOF); Thomas Peschel (Fraunhofer IOF); Christoph Damm (Fraunhofer IOF); Aoife Brady (Fraunhofer IOF); Daniel Rieländer (Fraunhofer IOF); Fabian Steinlechner (Fraunhofer IOF)[abstract]
**Abstract:**We report on a portable quantum communication platform and its application in quantum key distribution over a terrestrial free-space link. We outline on the complete chain from an efficient field-ready entangled photon source and custom-made mirror telescopes with adaptive optics for efficient link transmission to autonomous timing synchronization of detection events and subsequent secure key extraction. - Finite-Key Analysis of Quantum Key Distribution using Entropy AccumulationThomas Van Himbeeck (University of Toronto & Waterloo); Jie Lin (University of Waterloo); Ian George (University of Illinois); Kun Fang (Baidu Research); Norbert Lütkenhaus (University of Waterloo)[abstract]
**Abstract:**The pursuit of tight finite-key analysis for general QKD protocols is an exciting but challenging task for theorists. Entropy accumulation theorem (EAT) was developed recently and been successfully applied to device-independent QKD protocols. In the present work, we use EAT to prove the security of a very large class of entanglement-based QKD protocols, covering most discrete-variable protocols as well as their optical implementations. - Clock recovery for a CV-QKD systemHou-Man Chin (TECHNICAL UNIVERSITY OF DENMARK); Nitin Jain (TECHNICAL UNIVERSITY OF DENMARK); Ulrik L. Andersen (TECHNICAL UNIVERSITY OF DENMARK); Tobias Gehring (TECHNICAL UNIVERSITY OF DENMARK); Darko Zibar (TECHNICAL UNIVERSITY OF DENMARK)[abstract]
**Abstract:**This work experimentally investigates a clock recovery algorithm’s performance for a gaussian modulated CV-QKD system operating over 20km of fibre using a frequency multiplexed classical signal. - Quantum Key Distribution with Characterized Source DefectsShlok Nahar (University of Waterloo); Norbert Lütkenhaus (University of Waterloo)[abstract]
**Abstract:**We develop general tools to be able to numerically calculate key rates for quantum key distribution protocols with characterized source defects. These tools include performing decoy-state analysis for optical protocols where the signal states are not fully phase-randomised. We apply these tools for the three-state protocol when the signal states are not fully phase-randomised due to a high repetition rate. Our results suggest that the small amounts of residual coherences do not greatly affect the key rate. - Robust Interior Point Method for Quantum Key Distribution Rate ComputationHao Hu (Department of Combinatorics and Optimization, Faculty of Mathematics, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Jiyoung Im (Department of Combinatorics and Optimization, Faculty of Mathematics, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Jie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Henry Wolkowicz (Department of Combinatorics and Optimization, Faculty of Mathematics, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1)[abstract]
**Abstract:**Security proof methods for quantum key distribution, QKD, that are based on the numerical key rate calculation problem, are powerful in principle. However, the practicality of the methods are limited by computational resources and the efficiency and accuracy of the underlying algorithms for convex optimization. We derive a stable reformulation of the convex nonlinear semidefinite programming, SDP, model for the key rate calculation problems. We use this to develop an efficient, accurate algorithm. The reformulation is based on novel forms of facial reduction, FR, for both the linear constraints and nonlinear relative entropy objective function. This allows for a Gauss-Newton type interior-point approach that avoids the need for perturbations to obtain strict feasibility, a technique currently used in the literature. The result is high accuracy solutions with theoretically proven lower bounds for the original QKD from the FR stable reformulation. This provides novel contributions for FR for general SDP. We report on empirical results that dramatically improve on speed and accuracy, as well as solving previously intractable problems. - Information Rates with Non Ideal Photon Detectors in Time-Entanglement Based QKDDunbar Birnie (Rutgers University); Emina Soljanin (Rutgers University); Chris Cheng (Rutgers University)[abstract]
**Abstract:**We consider QKD based on time entangled photons, with detectors that exhibit timing jitter and detector downtime. Timing jitter introduces local errors, necessitating key reconciliation. The detector downtime introduces memory which results in key bits that are not uniformly random. Both effects cause key rate loss. We focus on detector downtime and develop a method to compute the key rate loss. - Reducing Network Cooling Cost using Twin-Field Quantum Key DistributionVasileios Karavias (University of Cambridge); Andrew Lord (BT); Mike Payne (University of Cambridge)[abstract]
**Abstract:**Improving the rates and distances over which quantum secure keys are generated is a major challenge. New source and detector hardware can improve key rates significantly, however it can require expensive cooling. We show that Twin-Field Quantum Key Distribution (TF-QKD) has an advantageous topology allowing the localisation of cooled detectors. This setup for a quantum network allows a fully connected network solution, i.e. one where every connection has non-zero key rates, in a box with sides of length up to 110km with just 4 cooled nodes, while Decoy state BB84 is only capable of up to 80km with 40 cooled nodes, and 50km if no nodes are cooled. The average key rate in the network of the localised, cooled TF-QKD is >30 times greater than the uncooled Decoy BB84 solution and ∼0.9 those of cooled Decoy BB84. To reduce the cost of the network further, switches can be used in the network. These switches have losses ranging between 1−2dB. Adding these losses to the model shows further the advantages of TF-QKD in a network. Decoy BB84 is only able to generate fully connected solutions up to 20km if all nodes are cooled for a 40 node network for 1dB losses. In comparison, using TF-QKD, 70km networks are possible with just 4 cooling locations for the same losses. The simulation shows the significant benefits in using TF-QKD in a switched network, and suggests that further work in this direction is necessary. - A trustless decentralized protocol for distributed consensus of public quantum random numbersLac Nguyen (Physics Department, Stevens Institute of Technology, 1 Castle Point Terrace, Hoboken, NJ 07030, USA); Jeevanandha Ramanathan (Physics Department, Stevens Institute of Technology, 1 Castle Point Terrace, Hoboken, NJ 07030, USA); Michelle Mei Wang (Physics Department, Stevens Institute of Technology, 1 Castle Point Terrace, Hoboken, NJ 07030, USA); Yong Meng Sua (Physics Department, Stevens Institute of Technology, 1 Castle Point Terrace, Hoboken, NJ 07030, USA); Yuping Huang (Physics Department, Stevens Institute of Technology, 1 Castle Point Terrace, Hoboken, NJ 07030, USA)[abstract]
**Abstract:**Quantum random number generators (QRNGs) provide intrinsic unpredictability originating from fundamental quantum mechanics. Most demonstrations focus on creating a self-tested, device-independent generator to retain genuineness from imperfect implementations. However, these efforts benefit only individual users, not beacon users. The difference is, QRNG users have physical access to their own trustless devices while beacon users only receive numbers broadcasted from a centralized source of randomness. Thus, in applications where multiple participants need a common set of RNs,they are obligated to trust the honesty of QRNG manufacturers, or a third party, and security of the communication. In this paper, we introduce the first consensus protocol that produces QRNs ina decentralized environment (dQRNG) where all N users can contribute in the generation process and verify the randomness of numbers they collect. Security of the protocol is guaranteed given(N-1) dishonest participants. We realize our protocol by performing a proof-of-principle experiment with four players. - One-time memory from isolated Majorana islandsSourav Kundu (University of Southern California); Ben Reichardt (University of Southern California)[abstract]
**Abstract:**We know that classical one-time memory is a cryptographic primitive which is sufficient to construct both classical one-time programs and quantum one-time programs. We propose a construction of one-time memory (OTM) from isolated Majorana islands. The proposed 1-out-of-2 OTM stores two bits, wherein any one chosen bit can be perfectly obtained, whereas the other bit is destroyed with high probability. We prove that a malicious recipient performing an arbitrary sequence of strong and weak measurements can not obtain more information than an honest recipient performing only strong measurements. We show that errors on the two stored bits can be corrected by a pair of classical codes obtained from a quantum CSS code. We compare several popular CSS codes and obtain the best codes for different regimes of physical error rate, availability of chosen bit and availability of remaining bit. Finally, we show that the construction for 1/2 OTMs can be generalized into efficient constructions for 1/n OTMs and (n−1)/n OTMs. - New Quantum Source for satellite-based QKD.Sungeun (Paul) Oh (University of Waterloo)[abstract]
**Abstract:**Canada has recently begun to work on the satellite-based QKD project, known as Quantum Encryption and Science Satellite (QEYSSat) mission. Its first satellite launch is expected in the year of 2023. As I am involved in this mission, I would like to introduce the new quantum source that is currently in the progress of development. The aim was to develop a quantum source for the entanglement-based QKD that can sufficiently overcome the current distance limits. By introducing some of the important criteria for building the source, I will explain what has been achieved, then how this in the end will take us one step further toward the future quantum network. - Tight Bounds for Inverting Permutations via Compressed Oracle ArgumentsAnsis Rosmanis (Nagoya University)[abstract]
**Abstract:**In his seminal work on recording quantum queries [Crypto 2019], Zhandry studied interactions between quantum query algorithms and the quantum oracle corresponding to random functions. Zhandry presented a framework for interpreting various states in the quantum space of the oracle that can be used to provide security proofs in quantum cryptography. In this paper, we introduce a similar interpretation for the case when the oracle corresponds to random permutations instead of random functions. Because both random functions and random permutations are highly significant in security proofs, we hope that the present framework will find applications in quantum cryptography. Additionally, we show how this framework can be used to prove that the success probability for a k-query quantum algorithm that attempts to invert a random N-element permutation is at most O(k^2/N). - Towards a relationship between single photon nature and randomnessVardaan Mongia (Physical Research Laboratory); Satyajeet Patil (Physical Research Laboratory); Ayan Biswas (Physical Research Laboratory); RP Singh (Physical Research Laboratory)[abstract]
**Abstract:**Quantum Random Number Generators (QRNGs) are an integral part of cryptography. In this work, we exploit the relationship between the quality of randomness of discrete variable QRNGs(min-entropy(X)) and the quality of single photon source from SPDC sources (second-order correlation: g(2)(0)). This work provides another stitch between the two fields of information theory and quantum optics. We show the variation of the two parameters (min-entropy(X)) and b(=1- g(2)(0)) on various grounds, say, variation with orbital angular momentum (OAM) of the spatial mode, with time delay, etc. We propose a relationship between min-entropy(X) and g(2)(0) and also give a physical significance to min-entropy(X). - Unidimensional two-way continuous-variable quantum key distributionnYiming Bian (BUPT); Luyu Huang (BUPT); Yichen Zhang (BUPT)[abstract]
**Abstract:**We report a unidimensional two-way continuous-variable quantum key distribution protocol, which shows the potential of secure communication with simple modulation method in noisy situations. - Building A Two-mode Squeezed Vacuum Source for Quantum CommunicationsIgor Konieczniak (University of York); Rupesh Kumar (University of York); Tim Spiller (University of York)[abstract]
**Abstract:**Abstract A Two-Mode Squeezed Vacuum (TMSV) is a quantum resource proven useful in several aplications in Quantum Technology, one of them being Quantum Key Distribution (QKD). Here we report the building of a TMSV source for use in QKD. Our system will comprise of two OPO, with its squeezed vacuum outputs combined in a balanced beam splitters. Active controls are employed for cavities stabilization, squeezing phase lock and relative phase lock between squeezed fields. The new cavity for the first OPO was designed and is in operation. Our target is to obtain 13 dB of corrected squeezing for the amplitude quadrature and a combined Duan inequality violation of up to 10 dB. We will show the status and our more recent results towards those goals. - All-photonic two-way quantum repeaters with multiplexing based on concatenated bosonic and discrete-variable quantum codesFilip Rozpedek (Pritzker School of Molecular Engineering, University of Chicago); Kaushik P. Seshadreesan (James C. Wyant College of Optical Sciences, University of Arizona); Liang Jiang (Pritzker School of Molecular Engineering, University of Chicago); Saikat Guha (James C. Wyant College of Optical Sciences, University of Arizona)[abstract]
**Abstract:**We propose a novel strategy of using the Gottesman-Kitaev-Preskill (GKP) code in a two-way repeater architecture with multiplexing. The crucial feature of the GKP code that we make use of, is the fact that GKP qubits easily admit deterministic two-qubit gates, hence allowing for deterministic entanglement swapping. Furthermore, thanks to the availability of the analog information generated during the measurement of the GKP qubits, we can design better entanglement swapping procedures between the multiplexed elementary links. To boost the loss-resilience of our encoded qubits, we consider a concatenation of the GKP code with the discrete variable [[7,1,3]] code which has already proven effective in the context of quantum repeater schemes. We find that our architecture allows for high-rate near-deterministic end-to-end entanglement generation with much larger repeater spacing than for the previously considered error-correction based repeater schemes. - An Open-source Software Platform for Numerical Key Rate Calculation of General Quantum Key Distribution ProtocolsWenyuan Wang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Jie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Ian George (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Twesh Upadhyaya (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Adam Winick (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Shlok A. Nahar (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Kai-Hong Li (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Kun Fang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Natansh Mathur (India Institute of Technology Roorkee); John Burniston (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Max Chemtov (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Shahabeddin M. Aslmarand (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Yanbao Zhang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo; NTT Basic Research Laboratories and NTT Research Center for Theoretical Quantum Physics, NTT Corporation); Christopher Boehm (University of Freiburg); Patrick Coles (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo)[abstract]
**Abstract:**In this work, we present an open-source software platform that calculates key rate for general QKD protocols, building upon the numerical framework proposed by our group that can perform automated security proof of QKD protocols. The software platform is fully modularized with mutually independent modules for descriptions of protocols/channels, solvers for bounding key rate, and parameter optimization algorithms. It currently supports BB84 and measurement-device-independent QKD (including decoy states), as well as discrete-modulated continuous variable QKD. It also supports finite-size analysis for non-decoy-state protocols. We hope that the open-sourcing can attract theorists to test new protocols and/or contribute to new solvers, as well as appeal to experimentalists who wish to analyze their data or optimize parameters for new experiments. - Satellite-based QKD: Mission Design, Link-Budgets and Key-RatesManuel Erhard (Quantum Technology Laboratories GmbH); Armin Hochrainer (Quantum Technology Laboratories GmbH); Johannes Handsteiner (Quantum Technology Laboratories GmbH); Matthias Fink (Quantum Technology Laboratories GmbH); Thomas Herbst (Quantum Technology Laboratories GmbH); Henning Weier (Quantum Technology Laboratories GmbH); Thomas Scheidl (Quantum Technology Laboratories GmbH)[abstract]
**Abstract:**Quantum Key Distribution (QKD) is a fast growing scientific as well as commercial field. Governments as well as private businesses seek for enhanced security solutions that can withstand future hacking attacks on classical cryptographic protocols. Today, there exists a vast amount of different QKD protocols that claim to offer “unconditional” security. However, looking in more detail many subtleties lead to different security levels, or in worst-case scenarios to no security at all. Thus, it is of upmost importance to appropriately select and design QKD protocols and networks. In this work (presented as a poster), we present and compare three different QKD protocols, concerning their security, key-rate performance, and applicability especially for satellite-based QKD networks. Our main results from this study are presented and we introduce the key requirements and the basic workflow of the design and optimization of a trusted-node based and free European QKD network. Finally, realistic satellite missions and their expected secure key rates in various situations are presented. - Numerical Security Proof for Decoy-State BB84 and Measurement-Device-Independent QKD Resistant against Large Basis MisalignmentWenyuan Wang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo)[abstract]
**Abstract:**In this work, we incorporate decoy-state analysis into a well-established numerical framework for key rate calculation, and apply the numerical framework to decoy-state BB84 and measurement-device-independent (MDI) QKD protocols as examples. Additionally, we make use of "fine-grain statistics", a variation of existing QKD protocols to make use of originally discarded data and get better key rate. We show that such variations can grant protocols resilience against any unknown and slowly changing rotation along one axis, similar to reference-frame-independent QKD, but without the need for encoding physically in an additional rotation-invariant basis. Such an analysis can easily be applied to existing systems, or even data already recorded in previous experiments, to gain significantly higher key rate when considerable misalignment is present, extending the maximum distance for BB84 and MDI-QKD and reducing the need for manual alignment in an experiment.