QCRYPT · 2025

Protocol security of quantum key distribution (QKD) protocols refers to the derivation of a rigorous mathematical statement asserting the security the protocol, starting from a precise mathematical model of the protocol. In this tutorial, we will introduce key concepts required to construct such proofs. We will highlight common gaps in the existing literature and discuss how they can be addressed. We will provide a brief overview of the different security proof techniques available, outlining how they work and comparing their strengths and limitations.

Microwave quantum communication is set to play an important role in future quantum networks because of its natural frequency compatibility with superconducting quantum processors and modern near-distance communication standards. To this end, I present the experimental realization of a continuous-variable quantum key distribution (QKD) protocol based on propagating displaced squeezed microwave states, which can be generated and detected using superconducting parametric devices. I demonstrate the unconditional security in our experimental QKD setting with a potential for secure microwave communication over distances up to 1000 m in the cryogenic environment. Furthermore, I present our ongoing efforts towards bringing quantum secure microwave communication to high temperatures by implementing quantum teleportation of coherent microwaves over thermal channels with fidelities exceeding the asymptotic no-cloning threshold. Finally, I discuss the feasibility and possible use cases of room temperature, open-air microwave quantum communication.

Traditional information technology relies on optical fibers as its backbone to connect base stations for extensive and flexible information coverage, thus being constrained by the coverage range of optical fibers. In recent years, new productive forces such as satellite internet and the low-altitude economy have gained growing attention. It is anticipated that a fiber-independent optical quantum information network built on mobile platforms can be developed to enable flexible quantum communication and other applications. The key to these applications is the development of miniaturized optoelectronic integrated devices with low noise, fast modulation, and high efficiency, so as to meet the urgent demands of emerging information technologies like high-security communication in mobile platform-based optical quantum information networks and modern applications such as the low-altitude economy. To this end, we have developed optoelectronic chip information devices including high-efficiency, lightweight quantum light sources and high-precision, lightweight tracking and aiming systems. Furthermore, we have completed a series of experiments on entangled photon distribution, entangled photon distribution via optical relays, and quantum key distribution, using UAVs and other mobile platforms. These efforts have laid the groundwork for constructing a low-altitude optical information network that integrates classical and quantum technologies, driving the advancement of next-generation quantum communication technology and the low-altitude economy.

The development of quantum networks is paramount towards practical and secure communications. Quantum digital signatures (QDS) offer an information-theoretically secure solution for ensuring data integrity, authenticity, and nonrepudiation, rapidly growing from proof-of-concept to robust demonstrations. However, previous QDS systems relied on expensive and bulky optical equipment, limiting large-scale deployment and reconfigurable networking construction. Here, we introduce and verify a chip-based QDS network, placing the complicated and expensive measurement devices in the central relay while each user needs only a low-cost transmitter. We demonstrate the network with a three-node setup using an integrated encoder chip and decoder chip. By developing a 1-decoy-state one-time universal hashing-QDS protocol, we achieve a maximum signature rate of 0.0414 times per second for a 1 Mbit messages over fiber distances up to 200 km, surpassing all current state-of-the-art QDS experiments. This study validates the feasibility of chip-based QDS, paving the way for large-scale deployment and integration with existing fiber infrastructure.

We demonstrate an entanglement-based quantum key distribution (QKD) system employing frequency-bin encoding. The entangled state is generated using two independent high-finesse ring resonators fabricated on a silicon photonic chip. The system implements the BBM92 protocol with a passive basis selection scheme and enables simultaneous acquisition of sixteen projective measurements across two mutually unbiased bases. To counteract random phase fluctuations induced by thermal instabilities in the transmission fiber, we apply a real-time adaptive phase correction to the measurement basis. We achieve stable QKD over a 26 km fiber spool with a secure key rate exceeding 4.5 bit/s.

In this work, we address the challenge of dynamically rerouting quantum key distribution (QKD) links during live operation without the need for a system restart. Our novel resynchronization method, combined with a qubit-based clock frequency recovery algorithm, enables seamless rerouting of quantum channels in software-defined networks (SDNs). We validate our method with our 625 MHz real-time BB84 QKD system, using free-running cost-effective quartz oscillators and without an optical clock channel. The effectiveness of our method is demonstrated by the reliable system operation covering fiber length changes exceeding 100 km and sustaining channel interruptions of multiple minutes. We believe that our findings will significantly enhance the utility of QKD systems and simplify their flexible integration into existing and future telecom infrastructures, including optically switched SDNs.

Quantum networks, which integrate multiple quantum computers and the channels connecting them, are crucial for distributed quantum information processing but remain inherently susceptible to channel noise. The channel purification protocol emerges as a promising technique for directly suppressing noise in quantum channels without complex encoding and decoding operations, making it particularly suitable for remote quantum information transmission in optical systems. In this work, leveraging the spatial and polarization degrees of freedom of photons, we propose a novel experimental configuration that efficiently implements the channel purification protocol, utilizing two Fredkin gates to coherently interfere independent noise channels. Based on this configuration, we experimentally demonstrate that the protocol can suppress the noise with various noise levels and forms. Furthermore, we apply our protocol in a practical application of entanglement distribution, showing that the channel purification can effectively protect the distributed entanglement from channel noise.

Quantum key distribution (QKD) has been proven to be an essential technology to resist the threat of quantum computing. Major technological powers such as the United States and countries in Europe have already begun the development of quantum key distribution networks. After years of technological research, China has further developed the operational-level 10,000-kilometre quantum secure communication network for business applications ‘China Quantum Communication Network’ (CN-QCN), developed based on ‘Shanghai-Beijing Backbone’. This report summarizes the advanced practices of CN-QCN in areas such as Backbone and　Metropolitan networks organization and network management. It also highlights several initiatives designed to enhance the network usability, proposes a method for evaluating the availability of quantum networks.

The no-cloning theorem leads to information-theoretic security in various quantum cryptographic protocols. However, this security typically derives from a possibly weaker property that classical information encoded in certain quantum states cannot be broadcast. To formally capture this property, we introduce the study of ``orthogonality broadcasting." When attempting to broadcast the orthogonality of two different qubit bases, we establish that the power of classical and quantum communication is equivalent. However, quantum communication is shown to be strictly more powerful for broadcasting orthogonality in higher dimensions. We then relate orthogonality broadcasting to quantum position verification and provide a new method for establishing error bounds in the no pre-shared entanglement model that can address protocols previous methods could not. Our key technical contribution is an uncertainty relation that uses the geometric relation of the states that undergo broadcasting rather than the non-commutative aspect of the final measurements.

The key rate of traditional QKD protocols scales linearly with the channel transmittance. TF-QKD improves this relation to the square root the channel transmittance, within the reach of current technology. In my tutorial talk, "Twin-field quantum key distribution experiments", I will introduce the fundamentals of twin-field quantum key distribution (TF-QKD) experiments. This would cover the basic implementation of the protocol, the key components of the experimental setup and the performance characteristics of practical TF-QKD systems. The talk will also address critical aspects of building a TF-QKD system, including the laser frequency locking techniques and phase fluctuation compensation methods. The talk will discuss the strategies for enhancing system performance, including the the noise and attenuation analysis, and the methods to optimize system performance. The talk will explore the related twin-field QKD protocols and the implementations.

I shall discuss two topics, which are loosely connected by Artur Ekert's E91 protocol, whose subtitles are (1) How quantum cryptography came to be, and (2) Who told you that Nature is nonlocal? The first tale will cover the period from Stephen Wiesner's seminal Conjugate Coding to Ekert's protocol; the second tale will start with EPR 1935, evolve through John Bell's 1964 seminal paper to the experiments that led to the 2022 Nobel Prize in Physics that purport to force us to renounce local realism, and culminate with my reasons to believe that Nature is local and realistic nevertheless.

Owing to its repeaterlike rate-loss scaling, twin-field quantum key distribution (TF-QKD) has repeatedly exhibited in the laboratory its superiority for secure communication over record fiber lengths. Field trials pose a new set of challenges, however, which must be addressed before the technology’s roll-out into the real world. Here, we verify in the field the viability of using independent optical frequency combs, installed at sites separated by a straight-line distance of 300 km, to achieve a versatile TF-QKD setup that has no need for optical frequency dissemination and thus enables an open and network-friendly fiber configuration. Our work represents an important step toward incorporation of long-haul fiber links into large quantum networks.

Quantum information allows us to build quantum money schemes, where a bank can issue banknotes in the form of authenticatable quantum states that cannot be cloned or counterfeited: a user in possession of k banknotes cannot produce k + 1 banknotes. Similar to paper banknotes, in existing quantum money schemes, a banknote consists of an unclonable quantum state and a classical serial number, signed by the bank. Thus, they lack one of the most fundamental properties cryptographers look for in a currency scheme: privacy/anonymity. In this work, we construct the first public-key quantum coin scheme, that is, a money scheme where all banknotes are identical. Assuming existence of subspace-hiding obfuscation, we construct a public-key quantum coin scheme. Further, we show that quantum coins do not necessarily provide privacy against all adversaries. Therefore, we develop formal definitions of privacy for quantum money schemes. Then, we construct the first public-key quantum money schemes that satisfy these security notions. Namely, assuming existence of indistinguishability obfuscation (iO) and hardness of Learning with Errors (LWE), we construct a public-key quantum money scheme with anonymity against users and traceability by authorities. a public-key quantum money scheme with untraceability (i.e. not even the bank/authorities can track banknotes). As another application, we show that the no-cloning principle allows us to construct schemes, with advanced security guarantees that are classically impossible, for a seemingly unrelated application: voting! Assuming existence of iO and hardness of LWE, we construct a universally verifiable quantum voting scheme with classical votes. Finally, to achieve our results, we develop a variety of technical tools, which we believe might be of independent interest. We show a new result called quantum-state read-once small-range distributions, which shows how to simulate superposition query access to an exponential size oracle with quantum-state outputs using single copy each of polynomially many state samples. We construct a deterministic classical signature scheme secure against quantum-query access to the signing oracle. We construct publicly rerandomizable encryption with strong correctness from LWE, where no adversary is able to produce a malicious ciphertext and a malicious random tape such that the ciphertext before and after rerandomization (with the malicious tape) decrypts to different values.

Quantum no-cloning theorem gives rise to the intriguing possibility of quantum copy protection where we encode a program or functionality in a quantum state such that a user in possession of k copies cannot create k + 1 copies, for any k. Introduced by Aaronson (CCC’09) over a decade ago, copy protection has proven to be notoriously hard to achieve. Previous work has been able to achieve copy-protection for various functionalities only in restricted models: (i) in the bounded collusion setting where k → k + 1 security is achieved for a-priori fixed collusion bound k (in the plain model with the same computational assumptions as ours, by Liu, Liu, Qian, Zhandry [TCC’22]), or, (ii) only k → 2k security is achieved (relative to a structured quantum oracle, by Aaronson [CCC’09]). In this work, we give the first unbounded collusion-resistant (i.e. multiple-copy secure) copy protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC’09). More specifically, we obtain the following results. We construct (i) public-key encryption, (ii) public-key functional encryption, (iii) signature and (iv) pseudorandom function schemes whose keys are copy-protected against unbounded collusions in the plain model (i.e. without any idealized oracles), assuming (post-quantum) subexponentially secure iO and LWE. We show that any unlearnable functionality can be copy-protected against unbounded collusions, relative to a classical oracle. As a corollary of our results, we rule out the existence of hyperefficient quantum shadow tomography, – even given non-black-box access to the measurements, assuming subexponentially secure iO and LWE, or, – unconditionally relative to a quantumly accessible classical oracle, and hence answer an open question by Aaronson (STOC’18). We obtain our results through a novel technique which uses identity-based encryption to construct multiple copy secure copy-protection schemes from 1-copy → 2-copy secure schemes. We believe our technique is of independent interest. Along the way, we also obtain the following results. We define and prove the security of new collusion-resistant monogamy-of-entanglement games for coset states. We construct a classical puncturable functional encryption scheme whose master secret key can be punctured at all functions f such that f(m0) ̸= f(m1).

Random numbers are used in a wide range of sciences. In many applications, generating unpredictable private random numbers is indispensable. Device-independent quantum random number generation is a framework that makes use of the intrinsic randomness of quantum processes to generate numbers that are fundamentally unpredictable according to our current understanding of physics. While device-independent quantum random number generation is an exceptional theoretical feat, the difficulty of controlling quantum systems makes it challenging to carry out in practice. It is therefore desirable to harness the full power of the quantum degrees of freedom (the dimension) that one can control. It is known that no more than 2log(d) bits of private device-independent randomness can be extracted from a quantum system of local dimension d. In this paper we demonstrate that this bound can be achieved for all dimensions d by providing a family of explicit protocols. In order to obtain our result, we develop new certification techniques that can be of wider interest in device-independent applications for scenarios in which complete certification ('self-testing') is impossible or impractical. With our C*-algebra representation tools, we are able to device-independently certify non-projective measurements for the purpose of randomness generation. Our protocols use a class of measurements we call "balanced informationally complete" (BIC) POVMs, which we anticipate to be useful in scenarios where normally symmetric informationally complete (SIC) POVMs are useful. Moreover, we explicitly construct BIC-POVMs in every dimension, circumventing the problem with SIC-POVMs which are only conjectured to exist in every dimension.

We present the strategic framework and technical foundations behind the development of the National Quantum-Safe Network (NQSN) in Singapore—a resilient, fully interoperable quantum-safe network. The testbed features a star-topology architecture built on production-grade fiber infrastructure, supporting multi-protocol quantum key distribution (QKD) and diverse applications from multiple vendors. A centralised key and network management system underpins its interoperability, enabling seamless integration across technologies. We further explore a range of quantum-secured use cases, including data center connectivity, edge computing, hybrid QKD–post-quantum cryptography (PQC) encryption, and multi-layer integration within the OSI stack. These technical insights demonstrate the feasibility and flexibility of deploying quantum-safe capabilities in a multi-input, multi-output network environment.

Transmission loss remains a major obstacle for long-distance demonstrations of nonlocality and device-independent applications. In this talk, I will discuss routed Bell experiments, in which a particle sent to one party in a Bell experiment can be measured either near or far from the source, as a promising approach to overcoming this challenge. I will explain how to characterize correlations in routed setups, how to compute device-independent key rates, and present a routed Bell inequality that can be violated by qubit entanglement with arbitrary loss.

Computational entropy notions play a central role in classical cryptography, with well-developed frameworks for analyzing unpredictability, leakage resilience, and pseudo-randomness. In the quantum setting, however, computational analogues of entropy remain largely unexplored. While quantum information theory provides powerful tools based on information-theoretic entropy, these do not capture the limitations of computationally bounded quantum adversaries. In this work, we initiate the study of quantum computational entropy by defining \emph{quantum computational unpredictability entropy}, a natural generalization of classical unpredictability entropy to the quantum setting. Our definition is based on the operational meaning of quantum min-entropy, but restricts the adversary to efficient quantum guessing strategies. We prove that this entropy satisfies several important properties, including a leakage chain rule that holds even in the presence of prior quantum side-information. We also show that unpredictability entropy supports pseudo-randomness extraction against quantum adversaries with bounded computational power. Together, these results lay a foundation for developing cryptographic tools that rely on min-entropy in the quantum computational setting.

Variational techniques have been recently developed to find tighter bounds on the von Neumann entropy in a completely device-independent (DI) setting. This, in turn, has led to significantly improved key rates of DI protocols, in both the asymptotic limit as well as in the finite-size regime. In this work, we derive novel variational expressions for Petz-Rényi divergences instead. We also derive two critical applications of this result. First, we show how these variational expressions can be used to further improve the finite-size key rate of DI protocols, by developing a fully-Rényi entropy accumulation theorem that can utilize these expressions for key rate computations. Second, we derive a security condition for DI advantage distillation that is based on the pretty good fidelity. We implement these techniques to derive increased noise tolerances for DIQKD protocols, which surpass the previously known bounds.

Quantum Random Number Generators (QRNGs) exploit intrinsic probabilistic quantum processes to generate true random numbers. This tutorial reviews the experimental methods and theoretical tools necessary for generating and certifying random numbers using quantum systems. We explore various QRNG implementations, discuss their advantages and limitations, and examine the protocols used to verify the randomness and security of the generated numbers.

Quantum key distribution (QKD) enables secure communication guaranteed by the fundamental laws of physics. While the Micius satellite has verified the feasibility of satellite-based QKD, deploying large-scale quantum constellations remains a challenge, requiring miniaturized satellites, portable ground stations, and real-time key exchange. To this end, I will present the development and launch of a quantum microsatellite and the subsequent demonstration of real-time satellite-ground QKD with multiple small-aperture, portable ground stations. During a single satellite pass, we generated a secure key of up to 1.07 million bits. Also, a secret key, enabling one-time pad encryption of images, is created between China and South Africa at locations separated by over 12,900 kilometers on Earth. This achievement represents a critical step toward a practical global quantum network. I will also present our ongoing progress in demonstrating daylight QKD, as well as the developments of a low-Earth-orbit satellite constellation prototype and a high-Earth-orbit quantum satellite.

Quantum key distribution (QKD) offers a theoretically secure method to share secret keys, yet practical implementations face challenges due to noise and loss over long-distance channels. Traditional QKD protocols require extensive noise compensation, hindering their industrial scalability and lowering the achievable key rates. Alternative protocols encode logical qubits in noise-resilient states, but at the cost of using many physical qubits, increasing susceptibility to loss and limiting transmission distance. In this talk, I will introduce a logical qubit encoding that uses antisymmetric Bell-states in the continuous photonic degrees of freedom, frequency and time. By leveraging the continuous space, I will show how we overcome this noise-loss robustness trade-off by minimising the number of photons per logical qubit, whilst optimising the encoding resilience over noise fluctuations. I will analyse the security of our encoding and demonstrate its robustness compared to existing state-of-the-art protocols. This approach provides a path towards scalable, efficient QKD implementations under realistic noise conditions.

Quantum key distribution (QKD) stands as the most successful application of quantum information science, providing information-theoretic security for key exchange. While it has evolved from proof-of-concept experiments to commercial products, widespread adoption requires chip-based integration to reduce costs, enable mass production, facilitate miniaturization, and enhance system performance. Here, we demonstrate the first fully photonic-integrated continuous-variable QKD (CVQKD) system operating at a classical telecom symbol rate of 16 GBaud. Our system integrates a silicon photonic transmitter circuit (excluding the laser source) and a 20 GHz photonic-electronic receiver, which features a phase-diverse silicon photonic integrated circuit and custom-designed GaAs pHEMT transimpedance amplifiers. Advanced digital signal processing allows our system to achieve the highest reported secure key rate to date, reaching 0.289 Gb/s and 0.246 Gb/s over a 20 km fiber link in the asymptotic and finite-size regimes, respectively. These results establish a record key rate and represent a critical step toward scalable, cost-effective, and mass-deployable quantum-secure communication using photonic-integrated CVQKD systems.

We demonstrate a practical high-performance mode-pairing quantum key distribution system that is able to surpass the repeaterless key rate bound using commercial lasers. We propose a frequency tracking scheme to address phase fluctuations and a theoretical model to analyze the phase noise and optimize the system parameters. Our system achieves a secret key rate of 47.8 bit/s over 403 km standard fiber, which is 2.92 times of the repeaterless bound. Furthermore, we compare the performance between MP-QKD and no-phase-locking TF-QKD under various practical conditions and show that MP-QKD exhibits superior performance at short distances with low error rates, while TF-QKD is more advantageous for long distances with consistent error rates.

Location can be strongly correlated to trust and identity: For example, when visiting a bank, you might trust the teller just by virtue of her position behind the counter. We would like to be able to use position as a cryptographic credential, being able to encrypt messages that can only be read at a certain location, or signing messages so that we are sure that they are sent from a promised spot. In this tutorial, we will study the task of quantum position verification (QPV) - where an untrusted party uses quantum information to prove their location, which enables more advanced tasks such as encrypting messages to be only read at a certain location. This is impossible to achieve if all communication and computation is classical, even under computational assumptions, and is an exciting possible use of quantum communication. In the session, we will start with an overview of basic protocols, inspired by BB84 quantum key distribution, and their security proofs. We will then go over some experimental obstacles on implementing such protocols in practice, and how to modify the protocols to overcome them. On the theoretical side, the QPV task turns out to be connected to the AdS/CFT correspondence, and to various topics in quantum communication and cryptography, because attacks require a form of non-local quantum computation (NLQC). We will go over these connections, and survey open questions on this topic.

Secure communication is a core task in cryptography which is focused on protecting the content of a message against eavesdroppers. In certain scenarios, however, the identities of the communicating parties are themselves sensitive and must remain concealed. This calls for anonymous communication protocols that ensure not only message secrecy but also the privacy of participants' identities. In this talk, I will present recent advances showing how quantum systems can offer advantages for anonymous communication in network settings. I will introduce a security framework that encompasses the secrecy of a shared key and the anonymity of the communicating users and show how the correlations of multipartite Greenberger-Horne-Zeilinger (GHZ) states enable protocols that outperform those based on bipartite entanglement. I will also highlight a recent experimental realization that demonstrates that these advantages are already accessible with current technology. Finally, I will outline open questions and possible directions for future research in this emerging area.

Aaronson, Atia, and Susskind (2020) established that efficiently mapping between quantum states |ψ⟩ and |φ⟩ is computationally equivalent to distinguishing their superpositions 1/√2(|ψ⟩ + |φ⟩) and 1/√2(|ψ⟩ − |φ⟩). We generalize this insight into a broader duality principle in quantum computation, wherein manipulating quantum states in one basis is equivalent to extracting their value in a complementary basis. In its most general form, this duality principle states that for a given group, the ability to implement a unitary representation of the group is computationally equivalent to the ability to perform a Fourier extraction from the invariant subspaces corresponding to its irreducible representations. Building on our duality principle, we present the following applications: (1) Quantum money, which captures quantum states that are verifiable but unclonable, and its stronger variant, quantum lightning, have long resisted constructions based on concrete cryptographic assumptions. While (public-key) quantum money has been constructed from indistinguishability obfuscation (iO)—an assumption widely considered too strong—quantum lightning has not been constructed from any such assumptions, with previous attempts based on assumptions that were later broken. We present the first construction of quantum lightning with a rigorous security proof, grounded in a plausible and well-founded cryptographic assumption. We extend the construction of Zhandry (2024) from Abelian group actions to non-Abelian group actions, and eliminate Zhandry’s reliance on a black-box model for justifying security. Instead, we prove a direct reduction to a computational assumption – the pre-action security of cryptographic group actions. We show how these group actions can be realized with various instantiations, including with the group actions of the symmetric group implicit in the McEliece cryptosystem. (2) We provide an alternative quantum money and lightning construction from one-way homomorphisms, showing that security holds under specific conditions on the homomorphism. Notably, our scheme exhibits the remarkable property that four distinct security notions—quantum lightning security, security against both worst-case cloning and average-case cloning, and security against preparing a specific canonical state – are all equivalent. (3) Quantum fire captures the notion of a samplable distribution on quantum states that are efficiently clonable, but not efficiently telegraphable, meaning they cannot be efficiently encoded as classical information. These states can be spread like fire, provided they are kept alive quantumly and do not decohere. The only previously known construction relied on a unitary quantum oracle, whereas we present the first candidate construction of quantum fire using a classical oracle. Based on joint work with John Bostanci and Mark Zhandry.

Quantum sensors are powerful tools for measuring physical quantities with high sensitivity, enabling, for instance, the mapping of Earth’s gravitational field , detecting very small changes of magnetic fields, or the passage of time. The underlying principle is to use a quantum state as a probe that interacts with the physical quantity of interest, thereby encoding relevant information into the state. Although individual quantum sensors may exhibit remarkable sensitivity, the precision of a certain measurement can be significantly enhanced when multiple probes are entangled. Distributed quantum sensing extends this further and leverages entanglement among spatially separated sensors, allowing them to function as a single, coherent system. This approach enables measurements across extended spatial regions, while surpassing the precision achievable by independent sensors. However, a significant challenge in a network setting is ensuring that sensors deployed across different parties serve as the necessary resources for the correct functioning of the target sensing task. This challenge has motivated the combination of quantum cryptography with quantum sensing. In this context, Shettell et al. introduced the notion of privacy for sensor networks, ensuring that, beyond the metrological advantage of cooperative estimation of a global function, parties can also maintain the privacy of their local information and control what data is accessible to others. In this work, we adopt this protocol and focus on a multi-user quantum sensor network framework to analyze the privacy aspects of this parameter estimation task, leveraging a high-quality four-party GHZ state source.

We develop a flexible and robust framework for finite-size security proofs of quantum key distribution (QKD) protocols under coherent attacks, applicable to both fixed- and variable-length protocols. Our methods achieve high finite-size key rates across a broad class of protocols while imposing minimal requirements. In particular, it eliminates the need for restrictive assumptions such as limited repetition rates or the implementation of virtual tomography procedures. To achieve this goal, we introduce new numerical techniques for the evaluation of conditional sandwiched Renyi entropies, enabling tight key rate bounds without compromising generality. In doing so, we find an alternative formulation of the ``QKD cone'' studied in previous work, which may be of independent interest. Moreover, we illustrate the versatility of our framework by applying it to several practically relevant protocols, including decoy-state protocols. Furthermore, we extend the analysis to accommodate realistic device imperfections, such as independent intensity and phase imperfections. Overall, our framework provides both greater scope of applicability and better key rates than existing techniques, especially for small block sizes, offering a scalable path toward secure quantum communication under realistic conditions.

Recent work of Bostanci, Nehoran, Zhandry (STOC'25, QIP'25) formalized the notion of quantum fire: A quantum state that can be cloned efficiently but cannot be converted to a classical string. Nehoran and Zhandry (QIP'23) gave a construction of quantum fire relative to an (inefficient) unitary quantum oracle, and proved its correctness and security. Bostanci et al (STOC'25, QIP'25) gave a candidate construction of quantum fire based on cryptographic group action assumptions, and proved its correctness. However, they do not have a proof of security, and the security is only conjectured without any justification at all. In this work, we give the first construction of (public-key) quantum fire relative to a classical oracle, and prove its correctness and security. This resolves the open question posed by Bostanci et al (STOC'25, QIP'25) and Nehoran and Zhandry (QIP'23). Further, assuming existence of one-way functions, our scheme can also be made efficient. We note that, even in the unitary quantum oracle setting, no efficient quantum fire scheme existed: Nehoran-Zhandry show that their unitary oracle cannot be made efficient. Implications to Physics: In quantum mechanics, various fundamental principles called no-go properties exist, such as no-cloning theorem, no-hiding theorem, no-deleting theorem, no-telegraphing theorem and so on. Most of these no-go properties have been shown to be equivalent to each other. However, our result gives the first (classical oracle) separation between no-go properties of quantum mechanics! Our result means that, relative to a classical oracle, no-telegraphing does not imply no-cloning. Note that, in the information-theoretic setting, no-cloning and no-telegraphing are equivalent. Our result means that the equivalency of the fundamental no-go principles of quantum mechanics that we take for granted might not hold in a computational world!

The degree of experimentally attainable nonlocality, as gauged by the loophole-free or effective violation of Bell inequalities, remains severely limited due to inefficient detectors. We address an experimentally motivated question: Which quantum strategies attain the maximal loophole-free nonlocality in the presence of inefficient detectors? For any Bell inequality and any specification of detection efficiencies, the optimal strategies are those that maximally violate a tilted version of the Bell inequality in ideal conditions. In the simplest scenario, we demonstrate that the quantum strategies that maximally violate the doubly-tilted versions of Clauser-Horne-Shimony-Holt inequality are unique up to local isometries. We utilize Jordan's lemma and Grobner basis-based proof technique to analytically derive self-testing statements for the entire family of doubly-tilted CHSH inequalities and numerically demonstrate their robustness. These results enable us to reveal the insufficiency of even high levels of the Navascues-Pironio-Acin hierarchy to saturate the maximum quantum violation of these inequalities.

Recent studies have revealed critical source-side vulnerabilities in practical quantum key distribution systems. Despite their demonstrated risks, these threats receive limited attention in both academic discussions and practical implementations. To highlight the urgency of addressing source-side vulnerabilities, we will report two widespread but overlooked loopholes: the induced-photorefractive effect and the pattern effect, including a report of the first-time system-level attack against a running MDI-QKD. Except for the attack, we will also report countermeasures against the loopholes, including a fully-passive QKD architecture resistant to encoding side-channels and a correlation-immune QKD protocol mitigating the pattern effect. These works provide essential insights and solutions for advancing the practical deployment of secure QKD systems.

Quantum key distribution (QKD) protocol has been proven to be informationally-theoretical security. Unfortunately, due to device imperfections in practice, QKD systems have exposed various vulnerabilities that are exploited by an eavesdropper to conduct quantum hackings, such as laser-seeding attacks, blinding attacks, etc. Most of these attacks currently remain only at the stage of possibility verification or white-box testing. In this paper, we propose and implemented plug-and-play attack on a QKD system as a black box, whose interface and access for the public are the only known information. Through this attack, we actively modified the gate positions and synchronization parameters of the QKD system during the calibration procedure, allowing the attack operate during the whole lifetime of the system running without being noticed. Furthermore, the implemented hacking system only connects to the quantum channel but has no access to the inside of QKD engine, which takes minutes to optimize the hacking parameters to start the eavesdropping. This work illustrates Eve's capability to successfully eavesdrop on keys from QKD systems under current conditions in a more intuitive and concrete way.

In this work, we derive the first lifting theorems for establishing security in the quantum random permutation and ideal cipher models. These theorems relate the success probability of an arbitrary quantum adversary to that of a classical algorithm making only a small number of classical queries. By applying these lifting theorems, we improve previous results and obtain new quantum query complexity bounds and post-quantum security results. Notably, we derive tight bounds for the quantum hardness of the double-sided zero search game and establish the post-quantum security for the preimage resistance, one-wayness, and multi-collision resistance of constant-round sponge, as well as the collision resistance of the Davies-Meyer construction.

Jian-Wei Pan, born on 11 March 1970, received his Bachelor (1992) and Master (1995) in Physics from the University of Science and Technology of China, Hefei, and his PhD (1999) from the University of Vienna. He is currently a Professor of Physics at the University of Science and Technology of China, an Academician of Chinese Academy of Sciences (CAS), a Fellow of the World Academy of Sciences (TWAS) and a foreign member of the Royal Society (London). He serves as the Director of the CAS Center for Excellence in Quantum Information and Quantum Physics. Prof. Jian-Wei Pan’s research fields focus on quantum foundations, quantum optics and quantum information. Pan pioneers in multi-particle interferometry and quantum experiments in space. He closed major loopholes for secure quantum communication associated with imperfect devices, making it a viable technology under realistic conditions. His group developed the quantum satellite Micius, demonstrated the first intercontinental quantum communication. These pioneering efforts bring global-scale secure quantum communication from a purely theoretical concept to reality. His group demonstrated quantum computational advantage, validating the feasibility of quantum computing systems to outperform classical machines in solving specific problems. He has also conducted a series of studies in quantum simulation with ultracold gas, including research on synthetic gauge potentials, atom-atom entanglement, ultracold molecular chemistry, and quantum simulation of the Fermi-Hubbard model.

High-dimensional (HD) entanglement promises both enhanced key rates and overcoming obstacles faced by modern-day quantum communication. However, modern convex optimization-based security arguments are limited by computational constraints; thus, accessible dimensions are far exceeded by progress in HD photonics, bringing forth a need for efficient methods to compute key rates for large encoding dimensions. In response to this problem, we present a flexible analytic framework facilitated by the dual of a semi-definite program and diagonalizing operators inspired by entanglement-witness theory, enabling the efficient computation of key rates in high-dimensional systems. To facilitate the latter, we show how matrix completion techniques can be incorporated to effectively yield improved, computable bounds on the key rate in paradigmatic high-dimensional systems of time- or frequency-bin entangled photons and beyond, revealing the potential for very high dimensions to surpass low dimensional protocols already with existing technology. In our accompanying work, we show how our findings can be used to establish finite-size security against coherent attacks for general HD-QKD protocols both in the fixed- and variable-length scenario and we examine the performance under realistic conditions. Detailed manuscripts for Refs. [1] and [2] can be found attached.

Remote state preparation with verifiability (RSPV) is an important quantum cryptographic primitive [GV19,Zha22]. In this primitive, a client would like to prepare a quantum state (sampled or chosen from a state family) on the server side, such that ideally the client knows its full description, while the server holds and only holds the state itself. In this work we make several contributions on its formulations, constructions and applications. In more detail: - We first work on the definitions and abstract properties of the RSPV problem. We select and compare different variants of definitions [GV19,Zha22,GMP22], and study their basic properties (like composability and amplification). - We also study a closely related question of how to certify the server's operations (instead of solely the states). We introduce a new notion named *remote operator application with verifiability* (ROAV). We compare this notion with related existing definitions [SW87,MY04,MV21,NZ23], study its abstract properties and leave its concrete constructions for further works. - Building on the abstract properties and existing results [BGKPV], we construct a series of new RSPV protocols. Our constructions not only simplify existing results [GV19] but also cover new state families, for example, states in the form of $\frac{1}{\sqrt{2}}(\ket{0}\ket{x_0}+\ket{1}\ket{x_1})$. All these constructions rely only on the existence of weak NTCF [BKVV,AMR22], without additional requirements like the adaptive hardcore bit property [BCMVV,AMR22]. - As a further application, we show that the classical verification of quantum computations (CVQC) problem [ABEM,Mah18] could be constructed from assumptions on group actions [ADMP20]. This is achieved by combining our results on RSPV with group-action-based instantiation of weak NTCF [AMR22], and then with the quantum-gadget-assisted quantum verification protocol [FKD18].

Asynchronous measurement-device-independent quantum key distribution (AMDI-QKD) stands out for its experimental simplicity and high key rate generation. To simplify the system further, we devise a post-measurement compensation scheme to accurately estimate the mutual frequency offset between two compact lasers using just the announced quantum-signal detection results, thereby obviating the need for optical reference light. As a result, we demonstrate an AMDI-QKD system operating at 2.5 GHz and achieving secure key rates (SKRs) of 537 and 101 kbit/s at distances of 100 and 201 km, respectively. By leveraging ultra-stable lasers, we achieve the highest SKRs with measurement-device-independent security within the 100 to 400 km range.

We derive a novel chain rule for a family of channel conditional entropies, covering von Neumann and sandwiched R\'{e}nyi entropies. In the process, we show that these channel conditional entropies are equal to their regularized version, and more generally, additive across tensor products of channels. For the purposes of cryptography, applying our chain rule to sequences of channels yields a new variant of R\'{e}nyi entropy accumulation, in which we can impose some specific forms of marginal-state constraint on the input states to each individual channel. This generalizes a recently introduced security proof technique that was developed to analyze prepare-and-measure QKD with no limitations on the repetition rate. In particular, our generalization yields ``fully adaptive'' protocols that can in principle update the entropy estimation procedure during the protocol itself, similar to the quantum probability estimation framework.

Quantum key distribution (QKD) enables information-theoretically secure communication, even in the era of quantum information. In all QKD systems, clock synchronization between two remote users---commonly referred to as Alice and Bob---is a fundamental requirement. This is typically achieved by transmitting an additional reference clock signal from Alice to Bob. In such a scheme, additional synchronization devices are required, increasing system complexity and introducing external noise. To address these issues, a novel synchronization technology, called the qubit-based synchronization method, was proposed. This method directly synchronizes two users using quantum signals, thereby dramatically reducing system complexity. However, previous qubit-based synchronization methods are not applicable to time-bin phase-encoding QKD systems, as multiple time slides introduce disturbances to time recovery. In this paper, we propose a machine-learning-enhanced qubit-based synchronization method. By introducing a K-nearest neighbor model, this method can efficiently classify each time slide in time-bin phase-encoding QKD, thereby enabling successful time recovery. We demonstrate our method using a time-bin phase-encoding reference-frame-independent (RFI)-QKD and successfully distribute secure key bits over up to 200 km of fiber spools. Our work simplifies the complexity of QKD system and significantly advances the practical application of QKD.

In the recent breakthrough result (Mastel and Slofstra, STOC24), the authors show that there is a two-player one-round perfect zero-knowledge MIP* protocol for RE. We build on their result to show that there exists a succinct two-player one-round perfect zero-knowledge MIP* protocol for RE with polylog question size and O(1) answer size, or with O(1) question size and polylog answer size. To prove our result, we analyze the four central compression techniques underlying the MIP*=RE proof (Ji et al., arXiv:2001.04383) --- question reduction, oracularization, answer reduction, and parallel repetition --- and show that they all preserve the perfect (as well as statistical and computational) zero-knowledge properties of the original protocol. Furthermore, we complete the study of the conversion between constraint-constraint and constraint-variable binary constraint system (BCS) nonlocal games, which provide a quantum information characterization of MIP* protocols. While Paddock (arXiv:2203.02525) established that any near perfect strategy for a constraint-variable game can be mapped to a constraint-constraint version, we prove the converse, fully establishing their equivalence.

How could quantum cryptography help us achieve what are not achievable in classical cryptography? In this work we study the classical cryptographic problem that two parties would like to perform secure computations *with long outputs*. As a basic primitive and example, we first consider the following problem which we call *secure function sampling* with long outputs: suppose $f:\{0,1\}^n\rightarrow \{0,1\}^m$ is a public, efficient classical function, where $m$ is big; Alice would like to sample $x$ from its domain and sends $f(x)$ to Bob; what Bob knows should be no more than $f(x)$ even if it behaves maliciously. Classical cryptography, like FHE and succinct arguments [Gen09,Kil92,HW15], allows us to achieve this task within communication complexity $O(n+m)$; could we achieve this task with communication complexity independent of $m$? In this work, we first design a quantum cryptographic protocol that achieves secure function sampling with approximate security, within $O(n)$ communication (omitting the dependency on the security parameter and error tolerance). We also prove the classical impossibility using techniques in [HW15], which means that our protocol indeed achieves a type of quantum advantage. Building on the secure function sampling protocol, we further construct protocols for general secure two-party computations [Yao86,GB01] with approximate security, with communication complexity only depending on the input length and the targeted security. In terms of the assumptions, we construct protocols for these problems assuming only the existence of collapsing hash functions [Unr16]; what's more, we also construct a classical-channel protocol for these problems additionally assuming the existence of noisy trapdoor claw-free functions [BCMVV,BKVV]

We present a robust and composable device-independent (DI) quantum protocol between two parties for oblivious transfer (OT) using Magic Square devices in the bounded storage model [DFR`07, DFSS08] in which the (honest and cheating) devices and parties have no long- term quantum memory. After a fixed constant (real-world) time interval, referred to as DELAY, the quantum states decohere completely. The adversary (cheating party), with full control over the devices, is allowed joint (non-IID) quantum operations on the devices, and there are no time and space complexity bounds placed on its powers. The running time of the honest parties is polylog(λ) (where λ is the security parameter). Our protocol has negligible (in λ) correctness and security errors and can be implemented in the NISQ (Noisy Intermediate Scale Quantum) era. By robustness, we mean that our protocol is correct even when devices are slightly off (by a small constant) from their ideal specification. This is an important property since small manufacturing errors in the real-world devices are inevitable. Our protocol is sequentially composable and, hence, can be used as a building block to construct larger protocols (including DI bit-commitment and DI secure multi-party computation) while still preserving correctness and security guarantees. None of the known DI protocols for OT in the literature are robust and secure against joint quantum attacks. This was a major open question in device-independent two-party distrustful cryptography, which we resolve. We prove a parallel repetition theorem for a certain class of entangled games with a hybrid (quantum-classical) strategy to show the security of our protocol. The hybrid strategy helps to incorporate DELAY in our protocol. This parallel repetition theorem is a main technical contribution of our work. Since our games use hybrid strategies and the inputs to our games are not independent, we use a novel combination of ideas from previous works showing parallel rep- etition of classical games [Raz95, Hol07], quantum games [JPY14, JMS20, JK22], and anchored games [BVY17, JK21]. Although we present security proof for protocols in the bounded storage model with no long-term quantum memory (after DELAY), we state (without further justification) that we can extend our results, along the lines of [JK22] and [DFR`07], to incorporate linear (in the number of devices) long term quantum memory and linear leakage between the devices.

Continuous-variable quantum key distribution (CVQKD) can allow remote users to share high-rate and unconditionally secure secret keys with capabilities of well compatibility with classical optical communication networks and effective resistance against background noise. We overcome the excess noise due to atmospheric effects especially in daylight without extra wavelength conversion and spectral filtering, and demonstrate for the first time all-day free-space quantum key distribution over 7 km in an urban atmosphere and 9.6 km in a marine atmosphere with Gaussian-modulated continuous variables. This achieved distribution distance of secure quantum secret keys is well beyond the effective thickness of the aerosphere, hence presenting a possible alternative way for realizing satellite-based quantum cryptography communication in daylight. Moreover, given that the CVQKD system is naturally compatible with existing ground fibre telecommunication networks, it marks an essential step for realizing integrated air-ground quantum access networks with cross-domain applications.

We show how to construct simulation secure one-time memories, and thus one-time programs, without computational assumptions in the presence of constraints on quantum hardware. Specifically, we build one-time memories from random linear codes and quantum random access codes (QRACs) when constrained to non-adaptive, constant depth, and D-dimensional geometrically-local quantum circuit for some constant D. We place no restrictions on the adversary's classical computational power, number of qubits it can use, or the coherence time of its qubits. Notably, our construction can still be secure even in the presence of fault tolerant quantum computation as long as the input qubits are encoded in a non-fault tolerant manner (e.g. encoded as high energy states in non-ideal hardware). Unfortunately though, our construction requires decoding random linear codes and thus does not run in polynomial time. We leave open the question of whether one can construct a polynomial time information theoretically secure one-time memory from geometrically local quantum circuits. Of potentially independent interest, we develop a progress bound for information leakage via collision entropy (Rényi entropy of order 2) along with a few key technical lemmas for a "mutual information" for collision entropies. We also develop new bounds on how much information a specific $2 \mapsto 1$ QRAC can leak about its input, which may be of independent interest as well.

We give novel and tighter lifting theorems for security games in the quantum random oracle model (QROM), as well as in Noisy Intermediate-Scale Quantum (NISQ) settings such as the hybrid query model, the noisy oracle and the bounded-depth models. At the core of our main results lies a novel measure-and-reprogram framework that we call coherent reprogramming. This framework gives a tighter lifting theorem for query complexity problems. Secondly, we provide, for the first time, a hybrid lifting theorem for hybrid algorithms that can perform both quantum and classical queries, as well as a lifting theorem for quantum algorithms with access to noisy oracles or bounded quantum depth. At the core of these results lies a novel measure-and-reprogram framework, called hybrid coherent measure-and-reprogramming, tailored specifically for hybrid algorithms. Equipped with both lifting theorems, we are able to prove directly both quantum and NISQ security and complexity results by calculating a single combinatorial quantity, relying solely on classical reasoning. Crucially, we derive the first direct product theorems in the average case, both in the quantum and the hybrid settings— i.e., an enabling tool to determine the hardness of solving multi-instance security games. This allows us to derive in a straightforward manner the hardness of various security games, for example (i) the non-uniform hardness of salted games, (ii) the hardness of specific cryptographic tasks such as the multiple instance version of one-wayness and collision-resistance, and (iii) uniform or non-uniform hardness of many other games.

Verifiable hybrid secret sharing (VHSS) is a task in which a secret quantum state must be split among n parties, such that they can only recover the secret if a sufficient number of parties cooperate, while small coalitions of parties learn nothing. Each party may hold classical and/or quantum shares, and the parties must be able to collectively verify that their shares can later be used to reconstruct a valid quantum state. Here, we explore the resource efficiency of VHSS protocols, critical for implementation in near-term quantum networks. Lipinska et al. [PRA 102(2):022405, 2020] recently introduced a protocol that required a reduced number of qubits per party. Building on this, we further optimize their protocol and reduce the quantum communication overhead. While the scaling with the number of parties remains unchanged, our improvements yield orders-of-magnitude reductions in the time required to successfully distribute and verify a quantum secret.

We introduce a quantum random number generator (QRNG) based on a looped photonic architecture that generates two \textbf{statistically independent} random sequences with equivalent entropy properties. One sequence can be kept private for cryptographic applications, while the other can be made public to enable external verification of randomness quality. A key distinction from previous approaches lies in the \textbf{robustness of the system}: the encoding of both sequences relies on the \emph{same optical loop and the same detector}. As a result, any change in the hardware — due to degradation, misalignment, or external perturbation — will affect both outputs equivalently. This ensures that deviations in entropy or performance are reflected equally in both sequences, allowing the public output to serve as a reliable indicator of the generator’s internal behavior.

In a proof of knowledge (PoK), a verifier becomes convinced that a prover possesses privileged information. In combination with zero- knowledge proof systems, PoKs are an important part of secure protocols such as digital signature schemes and authentication schemes as they en- able a prover to demonstrate posession of a certain piece of information (such as a private key or a credential), without revealing it. Formally, A PoK is defined via the existence of an extractor, which is capable of recon- structing the key information that makes a verifier accept, given oracle access to the prover. We extend the concept of a PoK in the setting of a single classical verifier and two quantum provers, and exhibit the PoK property for the Hamil- tonian game, a non-local game between a single classical verifier and two quantum provers for the local Hamiltonian problem. More specifically, we construct an extractor which, given oracle access to a provers’ strategy that leads to high acceptance probability, is able to reconstruct the ground state of a local Hamiltonian. Our result can be seen as a new form of self- testing, where, in addition to certifying a pre-shared entangled state and the prover’s strategy, the verifier also certifies a local quantum state. This technique thus provides a method to ascertain that a prover has access to a quantum system, in particular, a ground state, Thus indicating a new level of verification for a proof of quantumness.

In recent years, quantum key distribution (QKD) has transitioned from a purely academic field to a commercially available cryptographic solution, supported by mathematically formulated security proofs. However, due to the fragmented nature of the literature, obtaining a comprehensive understanding of these proofs and their limitations remains a considerable challenge. Our work addresses this by providing a rigorous finite-size security proof for the 1-decoy and 2-decoy BB84 protocols against coherent attacks, based on Renner's entropic uncertainty relation (EUR) framework. We resolve key technical issues in previous analyses, including the treatment of fixed-length protocols and acceptance testing. Special attention is given to the 1-decoy protocol, where statistics are computed after error correction, leading to important subtleties when applying the entropic uncertainty relation. By unifying and refining results from the literature, our work contributes to a more robust and accessible understanding of QKD security.

We describe a simple and flexible method to implement semi-definite programming relaxations to bound the set of quantum correlations. The method relies on obtaining equality constraints from randomly sampled moment matrices and hence allows the user to easily access the set of quantum behavior in diverse operational scenarios, with the advantage of being easy to implement and adapt to new types of constraints. We studied under which conditions this method can be applied, grounding our analysis on some analytical results and some numerical derivations based on a large number of generated scenarios.

Performing a measurement on one half of an entangled pair of systems remotely prepares the other half in an ensemble of quantum states. Now consider any set of ensembles that mix to the same density operator. The Schrödinger--HJW theorem states that one can remotely prepare any chosen ensemble from this set by a choice of measurement performed on one half of a fixed entangled state. We generalise this result to show that any set of ensembles can be remotely prepared if one is allowed to post-select on the outcome of the preparing measurement. The probability that the remote preparation is successful is then lower bounded in terms of the distance between the ensembles. In a prepare-and-measure quantum key distribution protocol the distance between the ensembles represents the amount of information that is leaked about the choice of ensemble, e.g. the choice of basis in the BB84 protocol. Using our generalised result, we can prove the security of such protocols from only the fundamental assumption of how much information is leaked about the choice of ensemble/basis, i.e. from bounded basis-dependency.

In many cryptographic tasks, we encounter situations where we would like to retrieve some information about two incompatible observables. A natural strategy to tackle this problem involves consecutive measurements of two observables, raising the critical question: How does the information gained from the first measurement relate to that obtained through both consecutive measurements? A loose relation between these two quantities has been established by the consecutive measurement theorem and is found useful in quantum proofs of knowledge and nonlocal games. In this work, we establish a tight consecutive measurement theorem, and apply our theorem to improve the best-known bounds on the quantum value of CHSH_q(p) games and their parallel repetition. Moreover, we explore a novel application of the consecutive measurement theorem to find tighter trade-off relations for quantum oblivious transfer in most regimes. This advancement enhances the analytical toolkit to study quantum advantage and has direct implications for quantum cryptographic protocols.

Continous-Variable Quantum Key Distribution (CV-QKD) relies on accurate noise calibration at the receiver to ensure the security of quantum communication. Traditional calibration methods often oversimplify noise characteristics, neglecting the impact of local oscillator (LO) noise and the critical role of noise dynamics, which can lead to imprecise Shot Noise Calibration (SNC). Our contributions are threefold: 1) we propose an operational framework for calibration, relying on the notion of stationarity 2) in this framework, we give a method allowing to derive the optimal calibration time 3) leveraging our knowledge of noise dynamics, we introduce a novel SNC method. We demonstrate that our improved calibration techniques offer higher performance and higher tolerance to receiver defects, which can enhance the performance and cost-effectiveness of CV-QKD systems.

Enhancing the performance of quantum key distribution is crucial, driving the exploration of various key distillation techniques to increase the key rate and tolerable error rate. It is imperative to develop a comprehensive framework to encapsulate and enhance the existing methods. In this work, we propose an advantage distillation framework for quantum key distribution. Building on the entanglement distillation protocol, our framework integrates all the existing key distillation methods and offers better generalization and performance. Using classical linear codes, our framework can achieve higher key rates, particularly without one-time pad encryption for postprocessing. Our approach provides insights into existing protocols and offers a systematic way for future enhancements of quantum key distribution protocols.

Satellite-based quantum key distribution (QKD) is crucial for establishing global quantum networks, while current implementations are restricted to low-Earth-orbit satellites and nighttime operations. Geosynchronous-Earth-orbit (GEO) satellites present a compelling alternative, offering continuous availability and wide-area coverage. The primary obstacles are the substantial link loss inherent to GEO distances and high daytime ambient noise, which severely degrade the signal-to-noise ratio and hinder secure key generation. To address the challenge of daytime ambient noise, we implemented a multi-faceted filtering strategy across spatial, spectral, and temporal domains. Notably, an additional background reduction of approximately 5.2 dB was achieved using the 854.45 nm Fraunhofer line for spectral noise suppression. Simultaneously, we employed deep-learning-based adaptive optics, improving single-mode fiber coupling efficiency by approximately 1.4∼5.2 dB. We then experimentally validated all-day QKD over a metropolitan 7-km free-space channel, demonstrating continuous QKD operation throughout the day with maximum tolerable channel loss exceeding 62 dB. This represents an improvement of over one order of magnitude and surpasses the projected daytime loss budget for GEO satellite links. These results signify a major advancement towards practical, globally accessible quantum communication via GEO satellites.

We propose an all-photonic protocol for distributing multipartite entangled states in quantum networks, extending the two-party quantum repeater scheme of Azuma et al. (2015) to the multipartite regime. By introducing a minimal change to the measurement pattern at user nodes, our method achieves GHZ state distribution among multiple users without the need for quantum memories.This approach maintains the core structure of the original protocol, demonstrating that scalable, memory-free entanglement distribution is achievable using only photonic resources and measurement-based operations.

In this study, we constructed a full end-to-end atmospheric channel model for a GEO quantum exchange. This model allowed to assess the performances of two MDI-QKD protocols in such conditions : MP-QKD and TF-QKD, thus setting the limits of these protocols with current and future technology on detection, emission and optic tools. We demonstrated that an untrusted GEO link between two independent parties can be achieved when using reasonable size of telescope diameter. The key rates predicted would allow transmitting up to 260 bit/s for TF-QKD and up to 180 bit/s for MP-QKD for a telescope pupil diameter of 1m at 2.5 GHz of repetition rate.

In polarization-based Quantum Key Distribution (QKD), imperfections in the states of polarization (SoPs)—such as limited orthogonality within a basis and insufficient mutual unbiasedness between bases—can significantly increase the quantum bit error rate (QBER), undermining the reliability and security of key exchange. Reducing QBER is therefore critical for enhancing protocol robustness and extending the operational range of practical QKD systems [1]. This issue is particularly pronounced in compact and lightweight implementations using Photonic Integrated Circuits (PICs), where the high level of integration restricts the flexibility to optimize or substitute individual polarization-controlling components. Although some degree of electrical tunability is possible, dependence on active feedback and real-time correction compromises the intrinsic advantages of simplicity, stability, and low power consumption. A passive approach requiring minimal intervention is thus especially desirable. We present an analytic method for determining the optimal unitary transformation that minimizes QBER under given non-ideal SoPs. When the polarization states are not mutually orthogonal, it is unclear how to align or transform them to ensure secure and efficient operation. Our method addresses this ambiguity by introducing QBER minimization as a physically meaningful and practical criterion for optimizing polarization alignment, as exemplified by scenarios such as six-state polarization encoding in reference-frame-independent QKD [2]. For the optimal transformation, we derive a closed-form expression, which can be implemented using static optical elements such as waveplates or integrated passive structures [3]. The proposed framework identifies the transformation direction that maximizes QKD performance. While initially designed for fixed SoPs, it is also expected to outperform iterative methods in dynamic environments by enabling fast, precomputed correction. As such, it is particularly useful in passive or resource-constrained polarization-based QKD systems, where active control is undesirable or impractical.

Quantum networks have recently generated significant interest due to enhanced functionalities and security, including offering the capability to securely calculate a linear function of several parameters which themselves remain private. This allows joint estimation of a parameter using the precision advantage of quantum sensing. In this work, we extend the functionality of previously considered schemes to allow for some subset of the network, without sharing their own private network, to carry out parameter estimation together without revealing the identities of participants, either to each other or to the rest of the network, while being guaranteed that only the relevant parties have inputted their parameter.

Practical quantum key distribution (QKD) protocols require a finite-size security proof. The phase error correction (PEC) approach is one of the general strategies for security analyses that has successfully proved finite-size security for many protocols. However, the asymptotically optimal key rate cannot, in general, be achieved with the conventional PEC approach due to the reduction to the estimation problem of the classical quantity, the phase error rate. In this work, we propose a new PEC-type strategy that can provably achieve the asymptotically optimal key rate. The key piece for this is a virtual protocol based on the universal source compression with quantum side information, which is of independent interest. Combined with the reduction method to collective attacks, this enables us to directly estimate the phase error pattern rather than the estimation via the phase error rate, and thus leads to asymptotically tight analyses. As a result, the security of any permutation-symmetrizable QKD protocol gets reduced to the estimation problem of the single conditional R\'enyi entropy, which can be efficiently solved by a convex optimization.

Device-independent conference key agreement (DI-CKA) realizes information-theoretically secure key distribution among more than two remote parties without any assumptions on the inner workings of the devices, relying instead on the violation of Bell inequalities. While several DI-CKA protocols based on Greenberger-Horne-Zeilinger states have been proposed, it remains an open question whether W states can also be used for DI-CKA. In this study, we affirmatively answer this open question by constructing Bell inequalities that are maximally violated by W states.

Bell nonlocality is of broad interest not only because of its foundational significance in quantum theory, but also due to its applications in quantum technologies such as device-independent quantum key distribution (DI-QKD) and quantum randomness expansion. However, it is still challenging to obtain large Bell violation for long distance in experiment. In this work, we propose a loophole-free Bell test protocol using continuous-variable (CV) codes and cavity-QED system. We evaluate the performance of this protocol by calculating the CHSH parameter S and the secret key rate (SKR) in DI-QKD scenario. Various experimental imperfections are considered in the numerical calculation to provide insight into the feasibility and reliability of this protocol. Our results show that Bell violations are achievable up to approximately 18 km with a decent entanglement distribution rate and the SKR for DI-QKD can reach near 100 bits/s at 10 km, significantly outperforming the existing protocols. All the elements in this protocol are reachable with current technologies, so we believe this approach using CV codes provides a feasible and promising route towards practical realization of long-distance Bell nonlocality and secure DI-QKD systems.

Integrating quantum key distribution (QKD) with classical data transmission over the same fiber is crucial for scalable quantum-secured communication. However, noise from classical channels limits QKD distance. We demonstrate the longest-distance continuous-variable QKD (CVQKD) over 120 km (20 dB loss) coexisting with a fully populated coarse wavelength division multiplexing system. Natural mode filtering of the local oscillator and phase noise mitigation enabled this without additional filtering or wavelength reallocation. Benchmarking against a commercial discrete-variable QKD system and considering finite-size effects confirms the feasibility of CVQKD as a plug-and-play solution for typical 80–100 km long-haul optical networks. Our results set a record distance for CVQKD, showing its potential for cost-effective, large-scale deployment in existing network infrastructure.

Quantum communication is emerging as a foundational element of future secure information systems, with applications ranging from key distribution to direct message transmission. Widely used standards such as the Digital Video Broadcasting – Satellite – Second Generation Extension (DVB-S2X) can be considered for satellite-based quantum communication scenarios, where resource constraints and channel impairments must be carefully addressed. While much of the early work in quantum security focused on asymptotic analyses or relied on models rooted in classical wiretap theory, there is a growing need for frameworks that provide operational security guarantees in finite-length and non-asymptotic regimes. In this work, we address that gap by introducing a composable security metric based on the trace distance, derived from α-order Rényi information. Our model, illustrated in Fig. 1 (left), serves as a general abstraction of quantum communication systems subject to eavesdropping, which includes protocols of the family known as Quantum Direct Secure Communication (QDSC), which aim to transmit confidential messages directly over quantum channels. The proposed framework allows for precise evaluation of secrecy leakage under realistic conditions and offers an alternative to traditional key-based paradigms, thereby contributing to the broader effort of enabling keyless secure and efficient quantum communication. Our key result is a composable bound on the trace distance, which solely depends on an αparameterized mutual information term. Unlike conventional methods based on ε-smooth min-entropy, our approach avoids smoothing altogether while still ensuring composability. This leads to analytically tractable bounds and a clearer understanding of the trade-off between coding rate and secrecy. As a practical application, we apply our bounds to a one-way information flow where BPSK-modulated coherent quantum states carry secret information over lossy bosonic channels, consistent with DVB-S2X satellite links. Our results, illustrated in Fig. 1 (right) provide two-fold insights. First, we demonstrate the usefulness of our bound for practical design of reliable and secret space links. Second, we quantify the reliability-secrecy trade-off by numerically showing that the finitelength physical-layer secrecy can be guaranteed only if coding rates are appropriately adjusted.

Secure Delegated Quantum Computation (SDQC) protocols allow a client to delegate a quantum computation to a powerful remote server while ensuring the privacy and the integrity of its computation. Recent resource-efficient and noise- robust protocols led to experimental proofs of concept. Yet, their physical re- quirements are still too stringent to be added directly to the roadmap of quantum hardware vendors. To address part of this issue, this paper shows how to alleviate the necessity for the client to have a single-photon source. It proposes a protocol that ensures that, among a sufficiently large block of transmitted weak coherent pulses, at least one of them was emitted as a single photon. This can then be used through quantum privacy amplification techniques to prepare a single secure qubit to be used in an SDQC protocol. As such, the obtained guarantee can also be used for Quantum Key Distribution (QKD) where the privacy amplification step is classical. In doing so, it proposes a workaround for a weakness in the security proof of the decoy state method. The simplest instantiation of the protocol with only 2 intensities already shows improved scaling at low transmittance and adds verifiability to previous SDQC proposals.

Quantum key distribution (QKD) is the fastest-growing and relatively mature technology in the field of quantum information, enabling information-theoretically secure key distribution between two remote users. Although QKD based on off-the-shelf telecom components has been validated in both laboratory and field tests, its high cost and large volume remain major obstacles to large-scale deployment. Photonic integration, featured by its compact size and low cost, offers an effective approach to addressing the above challenges faced by QKD. Here, we implement a high-performance, integrated local local oscillator continuous-variable (CV) QKD system based on an integrated silicon photonic transmitter and receiver. By employing a high-speed silicon photonic integrated in-phase and quadrature modulator, a high signal-to-noise ratio and high bandwidth silicon photonic integrated heterodyne detector, and digital signal processing, our CV-QKD system achieves a symbol rate of up to 1.5625 GBaud. Furthermore, the system achieves high secret key rates of 14.7 and 2.46 Mbps over 25.8 and 50.4 km standard single-mode fiber, respectively, using an 8-phase-shift keying discrete modulation. Our fully integrated CV-QKD system with high symbol rate and long transmission distance pays the way for the quantum secure communication network at metropolitan area.

Detecting quantum states faithfully is the basis of quantum cryptography. Unfortunately, detector control attacks allow eavesdroppers to manipulate the click of detectors, leading to information leakage and security breaches. Here we propose a control-resistant detection method to close the loophole. Our method is to use a signal sorter to detect the eavesdropping attacks and an analytical tool to quantify them. The results indicate that, without optical component changes and performance loss, the eavesdropping can not only be perceived but its information leakage can also be tightly estimated.

Chip-based quantum key distribution (QKD) systems offer improved efficiency but may also introduce previously unrecognized security vulnerabilities. In this work, we identify and experimentally characterize cross-polarization-intensity (CPI) correlations in a real-world chip-based QKD system. Moreover, we introduce a security analysis that incorporates CPI correlations and apply it to evaluate the performance of an integrated high-speed QKD system. Our results emphasize the need for rigorous security assessments in chip-based QKD implementations.

We characterized intermodal crosstalk in a linearly polarized (LP) mode-multiplexed quantum key distribution (QKD) system based on photonic lanterns. Building on prior QKD demonstrations over few-mode fiber, we performed single-photon-level measurements to evaluate mode isolation and implement automated mode stabilization. Optimized temporal filtering revealed the system’s maximum achievable key rates. Our findings support the practical implementation of QKD multiplexing using LP modes.

Photons play an important role in quantum information processing as they are easy to manipulate locally and transfer over a long distance. Photonic qubits are widely used in tasks such as linear optical quantum computing (LOQC), quantum sensing/metrology, and quantum communication. However, to date, efficient high-speed single photon sources are still difficult to make. Here, we propose that we can use "classical" phase-randomized coherent states, combined with post-processing, to perform various quantum information processing tasks. Specifically, we divide the tasks into two scenarios: ones with a circuit of a known Hilbert space dimension, describable by a unitary matrix, such as LOQC and metrology, as well as ones with an unknown channel, such as quantum communication. We propose methods that can hugely improve the numerical precision and applicable dimensions in both scenarios, including a machine learning method for the former and a linear interpolation method for the latter, opening up a wide variety of applications that can be implemented with easily attainable coherent light sources and threshold detectors, such as quantum metrology or universal fully-passive state preparation.

Turbulence is a complex and chaotic fluid motion state. Atmospheric turbulence presents significant challenges for applications such as remote sensing,astronomical observations, and free-space quantum key distribution (QKD), due to its rapid evolution across temporal and spatial scales. Traditional methods for correcting atmospheric turbulence encounter difficulties, particularly under strong daytime turbulence conditions. In this study, we develop a deep learning-based adaptive method to correct strong atmospheric turbulence in field conditions, facilitating the turbulence correction over 1.4 km and 7 km free-space channels. Experimental results present better correction performance compared to wavefront sensor-based methods, yielding a 2–4 dB Strehl ratio improvement. Additionally, our approach directly estimates phase information from a defocused camera, significantly reducing the implementation cost of adaptive systems. Furthermore, we evaluate the performance of a daytime free-space QKD system incorporating our deep learning–based method, leading to higher key rates and longer propagation distances. Our method provides a practical and efficient solution for daytime QKD applications.

This study presents the design and implementation of a QKD-based encryption system for securing specific user data traffic over 5G network backbone. Experimental results demonstrate the effectiveness and practical feasibility of the proposed QCF within 5G network environments.

Detector noise is a critical factor in determining the performance of a quantum key distribution (QKD) system. In continuous-variable (CV) QKD with optical coherent detection, the trusted detector noise model is widely used to enhance both the secret key rate and transmission distance. This model assumes that noise from the coherent detector is inherently random and cannot be accessed or manipulated by an adversary. Its validity rests on two key assumptions: (1) the detector can be accurately calibrated by the legitimate user and remains isolated from the adversary, and (2) the detector noise is truly random. So far, extensive research has focused on detector calibration and countermeasures against detector side-channel attacks. However, there is no strong evidence supporting assumption (2). In this paper, we analyze the electrical noise of a commercial balanced Photoreceiver, which has been applied in CV-QKD implementations, and demonstrate that assumption (2) is unjustified. To address this issue, we propose a “calibrated detector noise” model for CV-QKD, which relies solely on assumption (1). Numerical simulations comparing different noise models indicate that the new model can achieve a secret key rate comparable to the trusted-noise model, without depending on the questionable assumption of “truly random” detector noise.

Device-independent (DI) cryptography represents the highest level of security, enabling cryptographic primitives to be executed safely on untrusted hardware. Moreover, with successful proof-of-concept demonstrations in randomness expansion, randomness amplification, and quantum key distribution, the field is steadily advancing toward commercial viability. Critical to this continued progression is the development of tighter finite-size security proofs. In this work, we provide a simple method to obtain tighter finite size security proofs for protocols based on the CHSH game which is the nonlocality test used in all of the proof-of-concept experiments. We achieve this by analytically solving key-rate optimization problems based on Rényi entropies, providing a simple method to obtain tighter finite-size key rates.

Quantum sensing is a promising technology capable of demonstrating clear advantage over comparable classical techniques for precise measurement. One application of quantum sensing is in function estimation, which can be done using a network of entangled quantum sensors, allowing for measurements with greater optimal sensitivity than unentangled sensing protocols. Since quantum sensor networks will likely be used to measure data that should remain private (e.g., biomedical data), it is imperative that these protocols include a cryptographic mechanism to hide sensitive information. In this work, we show that entangled sensor networks are vulnerable to differential attacks. To mitigate these attacks, we introduce secure sensing protocols based on differential privacy. We reconcile Heisenberg-limited scaling and differential privacy and introduce several protocols achieving varying balances between the two. We show that our protocols are resilient to attacks by quantum adversaries and we find advantages in the privacy-utility trade-off when using quantum resources.

We propose a discrete-modulated coherent-state basis-encoding quantum key distribution (DMCS-BE-QKD) protocol, where the secret keys are encoded in the random choice of two measurement bases and it only needs simple binary sequence error correction. We analyze the secret key rate of DMCS-BE-QKD protocol under collective attacks in the linear Gaussian channel. The results show that DMCS-BE-QKD can greatly enhance the ability to tolerate the channel loss and excess noise compared to the original DMCS-CVQKD protocol. Finally, a proof-of-principle experiment is conducted under a 50.5 km optical fiber to verify the feasibility of DMCS-BE-QKD.

We consider discrete phase randomisation (DPR) for several quantum key distribution (QKD) protocols. Full continuous phase randomisation of weak laser pulses (WCPs) would create an output state that is diagonal in Fock basis. This will simplify the security proof of QKD protocols that rely on WCPs or decoy states. In practice, however, such an ideal phase randomisation may not be achievable. Instead, we may actively choose a discrete number of global phase values for our WCPs. The security proof with DPR has been reported for several QKD protocols, which often requires numerical optimisation. In this work, we develop analytical bounds on the secret key generation rate for BB84 and measurement-device-independent (MDI) QKD protocols with DPR. These analytical bounds closely match the numerical results. We then extend our results to the newly proposed mode-pairing (MP) QKD protocols, which offer favourable rate-versus-distance scaling, with DPR. We show that the number of phase slices needed for MP-QKD to approach the ideal case is larger than that of MDI-QKD.

Quantum message authentication (QMA) plays a crucial role in quantum cryptography, which ensures the authenticity and integrity of transmitted quantum messages. However, most existing QMA protocols suffer from high quantum resource consumption and exhibit low communication efficiency in large-scale quantum networks. To overcome these challenges, we first design an efficient quaternion authentication code that reduces the number of required trap qubits. Based on this, we then propose a dynamically adjustable multi-party QMA protocol with identifiable abort, capable of detecting malicious participants when the protocol terminates with the aid of a semi-quantum trusted third party (SQ-TTP). Furthermore, by the combined use of dynamic grouping and parallel transmission mechanisms, the proposed protocol significantly reduces the consumption of resources including keys and trap qubits. These advancements make the proposed protocol offer a more efficient and practical solution for QMA in large-scale quantum communication networks.

Our study shows that the rate of random number generation by QRNG based on interference of laser pulses is significantly more limited than expected. An increase in generation speed requires shortening the duration of laser pulses. However, the interference of short laser pulses from a single laser diode is problematic due to jitter and phase modulation (chirp). The optically injection-locked configuration proposed by L. C. Comandar for MDI QKD does not have the above disadvantages and therefore enables the design of QRNG with a high speed of random number generation.

Quantum key distribution stands as a cornerstone of quantum information science, enabling secure communication based on fundamental quantum principles. In reality, practical implementations often rely on the decoy-state method to ensure security against photon-number-splitting attacks. A significant challenge in realistic quantum cryptosystems arises from statistical fluctuations due to finite data sizes, which complicate the key-rate estimation because of the nonlinear dependence on the phase error rate. In this study, we refine and enhance the key rate bound for the decoy-state method and introduce an improved statistical fluctuation analysis framework. By integrating our refined bound with this advanced fluctuation analysis, we achieve higher key generation rates, as demonstrated in numerical simulations of the one-decoy-state method --- a simple yet increasingly practical protocol --- under typical experimental conditions. Notably, our approach to fluctuation analysis extends beyond quantum cryptography, offering broad applicability to various quantum information processing tasks, particularly those involving linear relationships between objectives and experimental variables.

Local local oscillator (LLO) continuous-variable quantum key distribution (CV-QKD) offers enhanced security and simplified implementation compared to transmitting local oscillator (TLO) schemes, but generally requires high-power pilot tones for carrier phase recovery. Among various LLO schemes, the sequential LLO scheme features low hardware complexity, yet suffers from limited quantum signal repetition frequency due to its alternating pilot-signal structure, which reduces the secret key rate. To address this, we propose an optimized scheme that increases the proportion of quantum signals and applies exponentially weighted phase prediction. A particle filter (PF)-based algorithm is further introduced to compensate for reduced pilot tone ratio. Experimental results over 30 km fiber demonstrate that the optimized scheme suppresses excess noise below 0.008 SNU, stabilizes transmittance around 0.25, and improves the secret key rate by over 147%, even when accounting for algorithmic complexity.

Quantum Key Distribution (QKD) is currently being discussed as a technology to safeguard communication in a future where quantum computers compromise traditional public-key cryptosystems. We conduct a comprehensive security evaluation of QKD-based solutions, focusing on real-world use cases sourced from academic literature and industry reports. We analyze these use cases, assess their security, and identify the possible advantages of deploying QKD-based solutions. We further compare QKD-based solutions with Post-Quantum Cryptography (PQC), the alternative approach to achieving security when quantum computers compromise traditional public-key cryptosystems, evaluating their respective suitability for each scenario. Based on this comparative analysis, we critically discuss and comment on which use cases QKD is suited for, considering factors such as implementation complexity, scalability, and long-term security. Our findings contribute to a better understanding of the role QKD could play in future cryptographic infrastructures and offer guidance to decision-makers considering the deployment of QKD.

Continuous Variable Quantum Key Distribution (CVQKD) is a promising secure communication technology, whose system performance is limited by excess noise caused by phase/polarization drift. However, traditional compensation methods for suppressing excess noise face some challenges, such as dedicated hardware modules hindering system integration and channel fluctuations reducing the robustness of compensation algorithms. We introduce an ensemble learning based framework for excess noise suppression to address these issues. The framework realizes the collaborative suppression of the original excess noise in the system and the additional excess noise generated by channel fluctuations, achieving 90% of the overall suppression rate when the transmittance decreases by 35%. Meanwhile, the secret key rate is increased by an order of magnitude with the repetition frequency. Compared with other schemes, it substantially enhances the performance and robustness of CVQKD systems under dynamic channel conditions without increasing hardware complexity. This is a crucial step in promoting the practical and integrated development of future quantum networks.

We report on an experimental demonstration of a recently proposed (n, n)-QSS (quantum secret sharing) protocol, which can be shown to be secure against participant attacks, using a four-photon GHZ state. Our work leverages the generation of high-quality and high-brightness non-linear single photon sources to achieve a secure key rate of 745 bits/sec in the asymptotic regime marking an important step toward scalable quantum-secure communication in networks.

Quantum key distribution (QKD) ensures information-theoretic security and remains resilient against future quantum attacks. Hollow-core fiber (HCF), with its ultra-low loss, low nonlinearity, and low latency, offers a promising medium for the coexistence of QKD and classical communications. While prior studies have demonstrated such coexistence over short HCF links, challenges remain in scaling to longer distances due to noise and attenuation. In this study, we experimentally investigate the coexistence of commercial QKD and classical signals over a 20 km HCF for the first time. We evaluate noise photon levels and analyze the wavelength dependence of QKD performance under varying classical power conditions. Results show that spontaneous Raman scattering (SpRS) remains a significant source of noise, and increased classical power degrades the secure key rate. However, classical wavelength variations have minimal effect on QKD performance. These findings provide insights into the feasibility and limitations of long-distance QKD over HCF, guiding future integration with classical networks.

Quantum key distribution (QKD) theoretically provides unconditional security between remote parties. However, guaranteeing practical security through device characterisation alone is challenging in real-world implementations due to the multi-dimensional spaces in which the devices may be operated. The side-channel-secure (SCS)-QKD protocol, which only requires bounding the upper limits of the intensities for the two states, theoretically provides a rigorous solution to the challenge and achieves measurement-device-independent security in detection and security for whatever multi-dimensional side channel attack in the source. Here, we demonstrate a practical implementation of SCS-QKD, achieving a secure key rate of 6.60 kbps through a 50.5 km fibre and a maximum distribution distance of 101.1 km while accounting for finite-size effects. Our experiment also represents an approximate forty-times improvement over the previous experiment.

Quantum fingerprinting (QF) enables exponential reduction of information transmission in communication complexity tasks. Coherent QF implementations rely upon a direct optical link to maintain coherence between the users, violating the no-shared-randomness rule. Here, we propose and experimentally demonstrate a novel QF protocol based on asynchronous coincidence pairing from the interference results between independent, remotely prepared coherent fields. Over a length of 20 km telecom fiber, our setup has outperformed the classical algorithm, for the first time without being susceptible to shared randomness. This work advances the practical application of QF in communication complexity.

Oblivious transfer (OT) is a fundamental primitive in cryptography, allowing the construction of general multi-party computation. Recent results have proved the possibility of quantum protocols from one-way functions, which is expected to be weaker than the assumptions needed in OT in the classical setting. In particular, a recent result by Diamanti et al. provided a quantum protocol for OT considering practical aspects of the protocol, while maintaining its composable security. In this work, we provide the first experimental implementation of a composable oblivious transfer protocol from OWF. The setup implements a weak-coherent pulses BB84 state source in polarization encoding, whose experimental parameters are employed to optimize the theoretical security bounds. The obtained security parameters are then used to perform a secure execution of the protocol, whose performances are profiled and compared with the literature benchmark.

Quantum money is the first invention in quantum information science, promising advantages over classical money by simultaneously achieving unforgeability, user privacy, and instant validation. However, standard quantum money relies on quantum memories and long-distance quantum communication, which are technologically extremely challenging. Quantum "S-money" tokens eliminate these technological requirements while preserving unforgeability, user privacy, and instant validation. Here, we report the first full experimental demonstration of quantum S-tokens, proven secure despite errors, losses and experimental imperfections. The heralded single-photon source with a high system efficiency of 88.24% protects against arbitrary multi-photon attacks arising from losses in the quantum token generation. Following short-range quantum communication, the token is stored, transacted, and verified using classical bits. We demonstrate a transaction time advantage over intra-city 2.77 km and inter-city 60.54 km optical fibre networks, compared with optimal classical cross-checking schemes. Our implementation demonstrates the practicality of quantum S-tokens for applications requiring high security, privacy and minimal transaction times, like financial trading and network control. It is also the first demonstration of a quantitative quantum time advantage in relativistic cryptography, showing the enhanced cryptographic power of simultaneously considering quantum and relativistic physics.

Despite the range of security guarantees offered by the laws of quantum theory, quantum-cryptographic schemes all face the same practical challenge: participants must ensure that the messages they receive originate from the right person. This authentication step is typically achieved by integrating classical methods, assumed hard for quantum computers, into quantum systems. Here, we propose an alternative solution to replace a central link of the authentication chain with a quantum commitment scheme that is information-theoretically secure against attackers holding a perfect quantum memory of thousands of qubits. In this way, all other parts of the authentication rely only on the fundamental and widely accepted conjecture that P/=NP. Our protocol can be implemented with all standard sources such as down-conversion and highly-attenuated laser states. We however employ a single-photon source emitting directly in the telecom C-band to show how its performance may be boosted by several orders of magnitude, even at moderate channel loss. Over a deployed optical fiber link, we achieve 128-bit security by detecting 10^9 photons, allowing for 66 secure re-uses of the public-private key pair.

Satellite-based quantum key distribution (QKD) holds the potential to establish global quantum communication networks. While satellite QKD has been extensively demonstrated using polarization encoding, time-bin encoding offers distinct advantages, such as simplifying polarization-maintaining telescope designs and being insensitive to satellite-ground relative motion. In this work, we developed a high-speed 625-MHz QKD light source using a robust Sagnac-interferometer-based modulation scheme and subsequently demonstrated time-bin QKD over a 7 km urban terrestrial free-space channel. This experiment successfully operated over a channel traversing an equivalent atmospheric thickness and loss exceeding that of typical satellite-to-ground links, achieving a low quantum bit error rate of 0.87% and a secure key rate of 134 bps@51.4 dB. Furthermore, by using a half-wave plate to simulate the polarization basis rotation inherent in such links, we verified the robustness of time-bin encoding for satellite scenarios. The results validate time-bin encoding as a compelling alternative and lay the technical foundation for future satellite QKD applications.

Quantum metrology and cryptography can be combined in a distributed and/or remote sensing setting, where distant end-users with limited quantum capabilities can employ quantum states, transmitted by a quantum-powerful provider via a quantum network, to perform quantum-enhanced parameter estimation in a private fashion. Previous works on the subject have been limited by restricted assumptions on the capabilities of a potential eavesdropper and the use of abort-based protocols that prevent a simple practical realization. Here we introduce, theoretically analyze, and experimentally demonstrate single- and two-way protocols for distributed sensing combining several unique and desirable features: (i) a safety-threshold mechanism that allows the protocol to proceed in low-noise cases and quantifying the potential tampering with respect to the ideal estimation procedure, effectively paving the way for wide-spread practical realizations; (ii) equivalence of entanglement-based and mutually-unbiased-bases-based formulations; (iii) robustness against collective attacks via a LOCC-de-Finetti theorem, for the first time to our knowledge. Finally, we demonstrate our protocols in a photonic-based implementation, observing that the possibility of guaranteeing a safety threshold may come at a significant price in terms of the estimation bias, potentially overestimating the effect of tampering in practical settings.

Bypassing the use of quantum coherent source and active modulations, passive-state-preparation (PSP) continuous-variable quantum key distribution (CVQKD) with thermal source provides a solution of high-speed on-chip modulators. However, the field experiment of free-space PSP CVQKD has still not been realized due to the lack of efficient excess noise suppression techniques via high-loss free-space channels. Here, we realize the PSP CVQKD field test over an urban free-space channel with record-breaking attenuation from -12.24 dB to -15.59 dB. Specifically, a novel scheme is proposed to reduce excess noise from PSP, and efficient quantum coherence detection alongside advanced digital signal processing algorithms is developed to achieve low-noise synchronized raw data acquisition. The secure keys are successfully generated, with statistical summation values of 0.85 kbps during the day and 1.52 kbps at night.

Ensuring information privacy in modern communication systems has become increasingly critical. Quantum key distribution (QKD), leveraging the principles of quantum mechanics, provides information-theoretically secure key sharing and has matured into the most advanced quantum communication application. Despite successful demonstrations and emerging commercial deployments, the widespread adoption of QKD is hindered by the high cost of building dedicated quantum networks. A promising and cost-effective alternative is the integration of QKD into classical fiber-optic infrastructure, particularly using standard single-mode fibers. However, this approach is limited by noise and nonlinear effects such as spontaneous Raman scattering. Recent advancements in space-division multiplexing (SDM) have led to the development of uncoupled-core multi-core fibers (MCFs), which offer spatial separation between quantum and classical signals, mitigating interference. While previous QKD-MCF coexistence studies have been restricted to lab environments and non-standard large-diameter fibers, we demonstrate, for the first time, the coexistence of QKD and classical communication channels, in a realistic field-deployed scenario. One of the cores was dedicated to QKD and the other cores to classical transmission. The system was tested with 110-Tb/s traffic over 25.2 km of field-deployed MCF with a 125-µm cladding. Our results mark a significant step forward in integrating QKD with classical communication based on uncoupled-core MCF technology.

Free space quantum key distribution (QKD) has now achieved a groundbreaking advancement in secure communication, enabling long-distance private key exchange and ensuring unbreakable encryption. However, complete compatibility between fiber and free-space infrastructures remains a challenge for a fully integrated QKD system. Indeed, free space and fiber-based QKD commonly utilize different wavelengths and qubit encoding schemes that optimize photon transmission in their respective channels. Free-space QKD state generators usually employ visible light due to their lower beam divergence compared to longer wavelengths and polarization encoding for their resilience against turbulence. In contrast, fiber-based QKD primarily utilizes the C-band, which exhibits the lowest losses in silica fibers, and employs time-bin encoding to mitigate the effects of polarization instability in optical fibers. In our field trial, we demonstrate the viability of performinging QKD from a remote sender (Alice) to a fiber-based receiver (Bob) using the same signal without any wavelength or encoding conversion. We employ a time-bin encoded QKD protocol operating in the C-band through horizontally turbulent free-space channels and a pre-existing dark fiber infrastructure. We tested the setup over 50 m and 500 m free space long links, reaching an average secure key rate of 793 kbps and 40 kbps during several hours of measurement. The results put a step forward the interoperability between free-space and fiber-based infrastructures, opening new possibilities for connecting terminal users with satellites in hybrid systems.

Quantum error correction (QEC) has many connections with quantum communication and cryptography, which holds significant academic and commercial value. Among the various QEC paradigms, topological quantum error correction (TQEC) stands out with the most experimental successes. In this extended abstract, we build upon existing knowledge of TQEC by developing a generalized theoretical framework for future communication and computation. We provide theoretical frameworks for using 2-manifolds for TQEC purposes. Subsequently, we extend the construction of TQEC codes to higher-dimensional manifolds and present a methodology for their implementation. Finally, we apply these principles to construct TQEC codes on the Klein bottle $K$ and evaluate their efficacy for quantum error correction. This work contributes to the advancement of TQEC by proposing a broader class of codes and demonstrating their theoretical and practical potential, especially for quantum communication purposes.

Quantum communication offers a novel approach to secure transmission of information, where its security is based on the laws of quantum mechanics, rather than computational assumptions. The concept of such a system has been in existence since the 1980s, with the BB84 quantum key distribution protocol serving as a significant early example. Over the years, this innovative system has been industrialized and is now employed by various governmental and business organizations, showcasing its practical applications and importance in enhancing secure communications. Despite its success, the standardization of this technology is still underway. As a result, deploying quantum communication systems within the existing network infrastructure faces challenges, particularly due to the need for high levels of assurance and trust. Formal verification has been shown to be useful for building assurance in safety-critical systems at various levels, including both software and hardware. While some proofs of quantum and post-quantum security have been explored through formal verification and high-level descriptions, the investigation of lower-level subsystems remains less developed. In fact, the majority of attacks on quantum communication systems arise from implementation loopholes. Therefore, the verification of the corresponding system level remains essential for establishing assurance. With the current ETSI and ISO standards for QKD, along with certification methods, there is a significant basis for implementing formal verification techniques in quantum communication systems. In this work, we use the Algebra of Communication Process (ACP) and its associated tool, MCLR2, to specify two levels of a quantum communication system. The first level (1) consists of digital and software algorithms that directly control the electronics and optics, including their calibration. This level may include algorithms for maintaining the temperature of avalanche photodiodes (APDs), managing bias voltage, and controlling gating. The second level (2) involves software that determines which subroutine from level (1) to execute. For instance, it decides when the APDs should be cooled or when gating control should be initiated. Our aim in using such symbolic and formal verification techniques is to detect software vulnerabilities that potentially lead to known implementation loopholes and attacks on quantum communication systems. To achieve this, we first map levels (1) and (2) structures to the MCLR2 specification language. Next, we check for various properties, including deadlock, starvation, and livelocks. Finally, we examine which known attacks can be initiated in the presence of such malicious behavior.

We propose a synergistic routing, wavelength assignment, and power configuration (SRWP) strategy for the conversion of classical optical resources to support quantum communications towards hybrid quantum-classical optical networks, increasing the average SKR from 8.99 kbit/s to 0.52 Mbit/s at GHz-level pulse repetition rates, and maintaining blocking probability to 1.2% in a mesh network.

Twin-field quantum key distribution (TF-QKD) elevates the secure key rate from a linear to a square-root dependence on channel loss while preserving measurement-device-independent security. This protocol is uniquely positioned to enable global-scale quantum networks, even under extreme channel loss. While the first free-space TF-QKD has been experimentally implemented recently, the next step would be extending such protocol to the satellite platform. Here, we comprehensively addressed the challenges of performing satellite-ground TF-QKD. The biggest challenge, the Doppler effect, owing to the fast movement of the satellite, was considered. By developing the technical of laser frequency control and clock synchronization, the Doppler frequency shift on the spectrum and the period of the optical pulse are experimentally simulated and compensated. TF-QKD was performed with such simulation and compensation. The network configuration and losses are also analyzed. Our result paves the way towards satellite-based TF-QKD.

Modern information and communications security has relied on public-key cryptosystems-such as RSA and ECC-based on computational complexity. With the accelerating global research and investment in quantum computing, however, warnings that these traditional schemes could be fundamentally broken by quantum algorithms such as Shor’s algorithm[1] are becoming increasingly realistic. As a result, quantum key distribution (QKD), which provides security independent of computational complexity by harnessing quantum-mechanical principles, has emerged as a promising alternative. QKD has advanced from laboratory experiments to inter-city trials, nationwide fiber-optic networks, and satellite links. Nevertheless, challenges in manufacturing, especially cost, size, and power consumption, continue to hinder the commercialization of QKD. To mitigate these issues, photonic integrated circuit (PIC) transmitters and receivers based on silicon, InP, SiN, and LiNbO_3 platforms have been developed[2,3,4]; to our knowledge, no commercial form-factor transmitter integrating both the light source and the modulator has been reported. In this work, we present the first QKD transmitter that hybrid-integrates a laser source, asymmetric delay interferometer, variable optical attenuator, and phase modulator into a CFP2 form-factor. We first measure and report the performance of each component, including the pulse characteristics depending on the system rate, the interferometer characteristics, the maximum optical attenuation, and the phase modulator’s half-wave voltage (V_pi). Furthermore, using the integrated transmitter, we implement a phase-encoding BB84 system, measure the interference visibility as a function of the phase modulator’s drive voltage and the sifted-key rate, then calculate the resulting quantum bit error rate (QBER) and secret-key rate (SKR).

Measurement-device-independent quantum key distribution (MDIQKD) can resist all attacks on the detection devices, but there are still some security issues related to the source side. One possible solution is to use the passive protocol to eliminate the side channels introduced by active modulators at the source. Recently, a fully passive QKD protocol was proposed that could simultaneously achieve passive encoding and passive decoy-state modulation using linear optics. In this work, we propose a fully passive MDIQKD scheme that can protect the system from both side channels of source modulators and attacks on the measurement devices, which can significantly improve the implementation security of the QKD systems. We provide a specific passive encoding strategy and a method for decoy-state analysis, followed by simulation results for the secure key rate in the asymptotic scenario. Our work offers a feasible way to improve the implementation security of QKD systems and serves as a reference for achieving passive QKD schemes using realistic devices.

Quantum key distribution (QKD) provides information-theoretic security guaranteed by the laws of quantum mechanics, making it resistant to future computational threats, including quantum computers. While QKD technology shows great promise, its widespread adoption depends heavily on its usability and viability, with key rate performance and cost-effectiveness serving as critical evaluation metrics. In this work, we report an integrated silicon photonics-based QKD system that achieves a secret key rate of 1.213 Gbps over a metropolitan distance of 10 km with polarization multiplexing. Our contributions are twofold. First, in the quantum optical layer, we developed an on-chip quantum transmitter and an efficient quantum receiver that operate at 40 Gbaud/s at room temperature. Second, we designed a discrete-modulated continuous variable (DM CV) QKD implementation with efficient information reconciliation based on polar codes, enabling potentially high-throughput real-time data processing. Our results demonstrate a practical QKD solution that combines high performance with cost efficiency. We anticipate this research will pave the way for large-scale quantum secure networks.

In this study, a high integrated and broadband entropy source of quantum random number generator (QRNG) based on the vacuum fluctuation is designed and verified experimentally. The size of hybrid chip, which is the heart core of entropy source, composed of laser chip and silicon photonics chip is reduced to 6.3×2.6×1.5 mm3. The 3 dB bandwidth of the balanced homodyne detector in entropy source based on cascaded radio frequency amplifier is 2.4 GHz, and the common mode rejection ratio was greater than 25 dB. A quantum to classical noise ratio of 9.48 dB was achieved when the photoelectron current is 1 mA. The noise equivalent power is 8.85 pW/√Hz, and the equivalent transimpedance is 22.8 K. The equalizer technology is utilized to optimize the quantum random number generation rate by eliminate the dependence of the adjacent samples. The quantum random number generation speed can achieve 67.9 Gbps under average conditional minimum entropy and 61.9 Gbps under worst-case conditional minimum entropy. The hybrid chip in our paper promote the QRNG entropy source based on vacuum fluctuation to a higher integration and faster stage.

Privacy amplification is a critical component in quantum key distribution (QKD) to eliminate eavesdropper information and distill unconditional secure keys. In this paper, a privacy amplification algorithm using two-dimensional cellular automata (2D CA) for quantum key distribution (QKD) is presented. The proposed algorithm decreases the computation complexity and increases the processing speed. Unlike conventional Toeplitz hash algorithms, the proposed algorithm utilizes the inherent parallelism of 2D CA to enable simultaneous multi-bit confusion through cyclic row shifts and XOR operations. And we prove that the 2D CA-based algorithm is a universal hash family and satisfies the principle of privacy amplification. The results of NIST randomness test and avalanche test show that the proposed algorithm has great randomness performance. Finally, we implement the proposed algorithm in field-programmable gate array (FPGA). The experimental results on a Xilinx Artix-7 FPGA demonstrate that our scheme achieves high throughput and significantly reduces hardware resource consumption.

The advent of quantum computers has significantly challenged the security of traditional cryptographic systems, prompting a surge in research on quantum key distribution (QKD). Continuous-variable QKD (CVQKD) resists noise well, but the local local oscillator (LLO) CVQKD has limits in high-attenuation channels. Bottleneck challenges include ensuring stable low-noise transmission and accurately estimating parameters under fluctuating channel conditions. We propose a LLO-CVQKD scheme that combines the main quantum system with an auxiliary quantum system, featuring time-varying parameter compensation and time-varying channel transmittance estimation capabilities. Through experimental validation, we first demonstrate high-rate secure quantum key distribution over high-loss free-space channels. Specifically, we achieve asymptotic key rates of 403.896 kbps in 21.5 dB average attenuation free-space channels with turbulence at a 1 GHz repetition rate.

We report a 16QAM-modulated continuous-variable quantum key distribution system employing semidefinite programming to guarantee composable security, achieving a record-breaking secret key rate of 18.93 Mb/s over a 25 km fiber channel. Our system offers a performance advantage of more than one order of magnitude compared to previous continuous-variable quantum key distribution systems, while maintaining low complexity and being cost-effective.

Most current proposals for entanglement distribution networks assume a connection-oriented approach, where resources along a path may be reserved before the start of the session. This strategy, however, does not match the common practice in the existing infrastructure for the Internet, which relies on connectionless packet switching. In our work, we study how a hop-by-hop teleportation can be used to perform entanglement distribution across a network without any prior resource reservation. Specifically, we investigate the attainable secret key generation rate between two users employing this protocol in a repeater chain setup. We analyze this scenario for deterministic quantum repeaters with and without encoding, where we consider a three-qubit repetition code for error detection in the former case. Typical models for the operational errors in these protocols are considered. Our results suggest that the usage of quantum error detection schemes will enable trust-free secret key distribution at distances of interest.

Authentication is a fundamental building block of secure quantum networks, essential for quantum cryptographic protocols and often debated as a key limitation of quantum key distribution (QKD) in security standards. Most quantum-safe authentication schemes rely on small pre-shared keys or post-quantum computational assumptions. In this work, we introduce a new authentication approach that combines hardware assumptions, particularly Physical Unclonable Functions (PUFs), along with fundamental quantum properties of non-local states, such as local indistinguishability, to achieve a provable security in an entanglement-based protocol. We propose two protocols for different scenarios in entanglement-enabled quantum networks. The first protocol, referred to as the offline protocol, requires pre-distributed entangled states but no quantum communication during the process of authentication. It enables a server to authenticate clients at any time with only minimal classical communication. The second, an online protocol, requires quantum communication but only necessitates entangled state generation on the Prover’s side. For this, we introduce a novel hardware module, the Hybrid Entangled PUF (HEPUF). Both protocols use weakly secure, off-the-shelf classical PUFs as their hardware module, yet we prove that quantum properties such as local indistinguishability enable exponential security for authentication, even in a single round. We provide a full security analysis for both protocols and establish them as the first entanglement-based extension of hardware-based quantum authentication. These protocols are suitable for implementation across various platforms, particularly photonics-based ones, and offer a practical and flexible solution to the long-standing challenge of authentication in quantum communication networks.

Heterogeneous multicore fibers (Hetero-MCFs) offer relatively lower inter-core crosstalk (XT) and improved bend resistance, making them feasible for the coexistence of quantum key distribution (QKD) and classical communications. However, detailed analyses of their impact on QKD performance remain limited. This study comprehensively investigates the significant effects of core layouts and XT on QKD performance in Hetero-MCFs under varying QKD service demands in theory. When allocating classical and quantum cores based on the maximum XT levels, hexagonal Hetero-MCFs perform the worst under low QKD service demand (LD), but comparably and superior to circular layouts under high QKD service demand (HD). The challenge of determining optimal parameters for the central core in hexagonal Hetero-MCFs critically influences overall QKD performance in both HD and LD scenarios. To address this, we propose a novel trench-assisted Hetero-MCF structure featuring an interleaved hexagonal core layout. This structure achieves at least 29-fold improvement in transmission distance for LD and 32-fold for HD scenarios compared to the benchmark, by utilizing two types of heterogeneous cores and providing greater flexibility. Our results also show that deploying homogeneous cores as quantum channels in Hetero-MCFs enhances QKD performance. Even with strict fabrication tolerances, the proposed structure maintains stable QKD performance with a maximum fluctuation of only 12%. These innovations provide valuable insights for analyzing the performance of Hetero-MCFs under varying QKD demands and further developing their co-fiber transmission applications.

Security analyses in quantum key distribution (QKD) and other adversarial quantum tasks often assume perfect device models. However, real-world implementations often deviate from these models. Thus, it is important to develop security proofs that account for such deviations from ideality. In this work, we develop a general framework for analysing imperfect threshold detectors, treating uncharacterised device parameters such as dark counts and detection efficiencies as adversarially controlled within some ranges. This approach enables a rigorous worst-case analysis, ensuring security proofs remain valid under realistic conditions. Our results strengthen the connection between theoretical security and practical implementations by introducing a flexible framework for integrating detector imperfections into adversarial quantum protocols.

The discrimination of coherent states is a crucial component in quantum communication with continuous variables, especially in quantum key distribution protocols, which rely on the ability to distinguish among different coherent states to establish a shared secret key between two parties. In this work, we propose and analyze a novel strategy for distinguishing among N phase-symmetric coherent states, which optimally takes unambiguous discrimination (UD) to the deterministic regime, at the inevitable cost of having nonzero probability of error. Despite the disturbance introduced by the UD process, we show that for N > 2, the “failure” states of UD still retain residual information about the original input states, which can be further used for discrimination. Rather than discarding inconclusive outcomes, we show that the “failure” states of UD can be optimally recycled by performing a sequential minimum-error (ME) measurement. This strategy, which we call information recycling, combines benefits from both ME and optimal UD: It always provides conclusive results while allowing for a subset of those results to be error-free, which are identifiable by an ancillary system. Our results broaden the possibilities of sequential discrimination strategies for continuous-variable quantum states and motivate the investigation of applications to quantum communication protocols.

Integrating fiber optic sensing and disturbance localization technologies with QKD network systems enables the communication system to detect external interferences and achieve efficient, multifunctional integration. The main advantage of this integration lies in the use of fiber optic sensing and disturbance localization technologies, which not only allow the system to monitor potential external interferences that could affect the communication link but also provide real-time localization of their sources. By introducing this sensing capability, the communication system can respond quickly to sudden events and make necessary adjustments, effectively ensuring the stability and security of the communication. Moreover, the hybrid system that integrates sensing, communication, and localization functions enables these capabilities to work in synergy within the same network. Specifically, the system can flexibly switch between communication, sensing, and localization modes according to the actual needs of the network. For instance, during communication, the system can switch to sensing mode to monitor the status of communication lines in real-time, perform dynamic interference detection and localization, and ensure that the communication signal is not affected by external disturbances. In case of network anomalies or interference, the system can quickly switch to localization mode, identify the issue, and resolve it, ensuring intelligent, flexible responses that optimize communication efficiency and security. In addition, integrating communication, sensing, and localization functions into a single system significantly reduces the need for additional equipment and resources. For example, shared channels and equipment not only lower the overall cost of the system but also avoid unnecessary resource waste caused by redundancy between different subsystems. As multi-functional integration progresses, the system becomes more compact, reducing the complex coupling between subsystems in traditional systems, thus improving overall performance and scalability. In this work, we propose a hybrid system based on the Sagnac loop structure, successfully integrating QKD, fiber optic weak measurement sensing, and zero-frequency disturbance localization technologies. Experimental validation of this system demonstrates that the three functions can work efficiently in tandem, fulfilling different roles in various application scenarios. In particular, while performing QKD communication tasks, the system can monitor the communication lines in real-time using fiber optic weak measurement technology, and use disturbance localization technology to identify and locate potential sources of interference. By integrating these technologies, the system preserves QKD's security and stability while boosting communication efficiency through sensing and localization, ensuring reliable quantum communication in complex environments. The core innovation of this research lies in the effective integration of the QKD system and fiber optic sensing system through the special Sagnac loop optical structure. The Sagnac loop itself possesses self-alignment and phase compensation advantages, which allow the QKD system to maintain high stability without external compensation, while enabling the sensing system to accurately measure small phase changes. This structure simplifies quantum communication devices, reduces system complexity, and enables seamless integration of fiber optic sensing for multifunctional applications.

Photonic integration in quantum communication holds significant potential for miniaturization and enabling commercial applications. Among various platforms, thin-film lithium niobate (TFLN) stands out due to its exceptional combination of high electro-optical efficiency, low propagation loss, and compact footprint. Here, we demonstrate a 2.5 GHz chip-to-chip fully integrated quantum key distribution (QKD) system based on a TFLN platform, which incorporates high-speed dual-polarization time-bin phase encoding and decoding functionalities. We achieve an extremely low quantum bit error rate of 0.53% and a secret key rate exceeding 10 Mbps over 25 km fiber spools. The design of cascaded Mach–Zehnder modulators effectively suppresses the patterning effect in high speed QKD. Notably, the TFLN chips used in both the transmitter and receiver share a similar architecture, highlighting the potential for creating a homogeneous transceiver. This work paves the way for high-speed, miniaturized QKD systems based on the lithium niobate integrated platform.

Communication and sensing technologies play crucial roles in various aspects of modern society. The seamless combination of communication and sensing systems has attracted significant interest in recent years. Without adding core devices, vibration-sensing functions can be integrated to build a quantum network with high efficiency and versatility. In this study, we propose and demonstrate a network architecture that integrates a downstream quantum access network (DQAN) and vibration sensing in optical fibers. By encoding the key information of eight users simultaneously on the sidemode quantum states of a single laser source and successively separating them using a specially designed narrow-bandwidth filter network, we achieved a secure and efficient DQAN with an average key rate of 19.4 kbps over an 80 km single-mode fiber. Meanwhile, vibration locations with spatial resolutions of 131, 25, and 4 m at vibration frequencies of 100 Hz, 1 kHz, and 10 kHz, respectively, were implemented using the existing DQAN system infrastructure. The results indicate that the backward probe beam has a negligible effect on the DQAN system. Our integrated architecture provides a viable and cost-effective solution for building a quantum communication sensor network and paves the way for the functionality expansion of quantum communication networks.

The quantum internet has the potential to enable applications that are fundamentally unattainable with classical internet technologies. One of its most notable applications is the quantum key distribution (QKD) network, which enables two distant nodes to establish a secure cryptographic key based on the principles of quantum mechanics. However, the heavy reliance on interference in existing QKD protocols undermines the robustness of both the system and the corresponding network infrastructure. We propose an interference-free quantum network architecture based on a Kramers-Kronig receiver. Specifically, we introduce a continuous-variable QKD protocol employing direct detection without the need for interference, wherein the quadrature components are recovered via the Kramers-Kronig relation. Building upon this foundation, we extend the protocol to continuous-variable quantum access networks, thereby demonstrating the enhanced robustness and cost-effectiveness afforded by interference-free detection. Experimental results indicate that each user within the access network can achieve a secret key rate of 200 kbit/s using only a single photodetector and without the inclusion of interference structures. This approach offers a promising direction for constructing interference-free quantum networks and represents a significant step toward the realization of a large-scale quantum internet.

Qubit-based synchronization offers a novel approach for quantum key distribution (QKD), simplifying system architecture and reducing implementation costs by leveraging the exchanged qubits. However, the performance of such schemes hinges on accumulating sufficient qubit events, rendering them vulnerable to local clock drift—particularly in high-channel-loss scenarios. This study investigates the impact of frequency instability in non-ideal oscillators, emphasizing clock drift-induced deterioration on QKD performance in these challenging, lossy conditions. We develop a computational model to quantify the secure key rate of QKD systems as a function of clock frequency stability. Through simulations and experimental validation with two distinct clock configurations, we demonstrate that oscillator stability becomes a key bottleneck in high-loss scenarios. By integrating target frequency scanning and clock offset recovery method, we verify our model via Monte Carlo simulations. Experimental validation confirms these findings, demonstrating a secure key rate of 0.37 bps at 67 dB channel loss—empirically validating the trade-off relationship among clock frequency stability, channel loss and acquisition time.

We prove that binary linear error correcting codes (ECCs) can act as deterministic extractors in a randomness expansion protocol, achieving rates comparable to existing seeded extractors. In addition to reducing the initial randomness consumed, the computational cost of implementing some binary linear ECCs is significantly lower in terms of both computation time and memory size.

Device-independent quantum key distribution (DIQKD) provides the strongest form of quantum security, as it allows two honest users to establish secure communication channels even when using fully uncharacterized quantum devices. The security proof of DIQKD is derived from the violation of a Bell inequality, mitigating side-channel attacks by asserting the presence of nonlocality. This enhanced security comes at the cost of a challenging implementation, especially over long distances, as losses make Bell tests difficult to conduct successfully. Here, we propose a photonic realization of DIQKD, utilizing a heralded preparation of a single-photon path entangled state between the honest users. Being based on single-photon interference effects, the obtained secret key rate scales with the square root of the quantum channel transmittance. This leads to positive key rates over distances of up to hundreds of kilometers, making the proposed setup a promising candidate for securing long-distance communication in quantum networks.

High-dimensional entanglement not only offers a high security level for quantum communication but also promises improved information capacity and noise resistance of the system. However, due to various constraints on different high-dimensional degrees of freedom, whether these advantages can bring improvement to the actual implementation is still not well proven. Here we present a scheme to fully utilize these advantages over long-distance noisy fiber channels. We exploit polarization and time-bin hyperentanglement to achieve high-dimensional coding, and observe significant enhancements in secure key rates and noise tolerance that surpass the capabilities of qubit systems. Moreover, we constructed a four-user high-dimensional entangled QKD network over a metropolitan-scale and demonstrated its advantages in key rate, noise resilience, and networking flexibility in complex noisy network environments. Our demonstration validates the potential of high-dimensional entanglement for quantum communications over long-distance noisy channels, paving the way for a resilient and resource-efficient quantum network.

Quantum communication over global distances relies on the faithful distribution of entanglement, which can be achieved either via satellites or through fibre-based quantum networks with quantum memories. While satellite links are fundamentally constrained in coverage and by cost, memory-based networks offer a scalable alternative—provided their core components reach sufficient technological maturity. In this work, we investigate the loading process of spin-based quantum memories, focusing on the noise introduced when attempts to store incoming photonic qubits fail. While decoherence and readout errors have been the subject of substantial prior research, loading-induced noise—in particular the effect of lost heralding photons after spin interaction—remains largely unexplored in repeater protocol design. We close this gap by providing a detailed analysis of this specific source of noise, which has so far received limited attention. To mitigate the loading-induced noise, we propose a reinitialisation strategy that resets the memory after a maximal cutoff time if loading fails. We model the associated noise channel, quantify the trade-offs between rate and fidelity, and optimise the strategy across a range of link distances for memory-assisted MDI-QKD. The results demonstrate that protocol-level control of memory loading substantially improves entanglement distribution performance, paving the way for more reliable near-term quantum networks.

Bandwidth-limited devices in the transmitter of fast QKD implementations cause pulse correlations that leak information about previous setting choices. To take them into account in the existing security proofs, a measure of their strengths is needed. This is experimentally challenging, especially for long-range correlations, which are not experimentally accessible. In this work, we propose a new characterization method that exploits a linear model of the modulation devices. We show that this model predicts an upper bound for arbitrary order correlations that makes their characterization possible. We also present experimental results using the proposed method. In doing so, we can retrieve security even in the presence of arbitrary long correlations, with similar performance to classical security proofs.

We present the Abu Dhabi Quantum Optical Ground Station (ADQOGS), a versatile optical ground station designed for diverse satellite-based quantum key distribution (QKD) missions. As the first of its kind in the Middle East, ADQOGS’s primary goal is to connect the UAE to global quantum-secured communication networks, thus overcoming the limited reach of terrestrial, fiber-based, QKD lines. The ability of the station to accommodate the reception and emission of multiwavelength optical signals promotes the diversification of space-based trusted nodes and allows a novel parallel trusted node approach to space QKD.

In distributed systems, Byzantine consensus serves as a practical approach to addressing the Byzantine general problem. Previous research has exploited quantum resources to develop quantum-detectable Byzantine consensus protocols, aiming to surpass the 1/3 fault-tolerance bound. However, these consensus protocols are designed under the assumption of secure channel. They ignored malicious participants' attacks on the communication process. In this paper, we introduce a new quantum protocol for quantum Byzantine consensus utilizing the full quantum one-way function, which is the foundation for generating verification state in list distribution phase and secure message in agreement phase. By relying on the quantum circuit of the full quantum one-way function, the honest participants are able to reach consensus, while the malicious participants are effectively detected. In order to enhance the scalability of the proposed quantum Byzantine consensus protocol, we categorize the participants into three-member groups when the number of participants is n > 3. Meanwhile, the election of commander is introduced in agreement phase. In the proposed multi-party quantum Byzantine consensus protocol, the full quantum one-way function verifies the honesty of the participants both in list distribution phase and agreement phase. Security analysis demonstrates that the proposed multiparty quantum Byzantine consensus protocol is secure against quantum attacks and the dishonest behaviors of participants.

Quantum key distribution (QKD) serves as a cornerstone of secure quantum communication, providing unconditional security grounded in quantum mechanics. While trusted-node networks have facilitated early QKD deployment, their vulnerability to node compromise underscores the need for untrusted-node architectures. Measurement-device -independent QKD (MDI-QKD) and twin-field QKD (TF-QKD) have emerged as leading candidates, addressing security vulnerabilities and extending transmission distances. Despite the wide adoptions in various fiber scaling, no integrated implementation of these two protocols has been demonstrated to date. Here, we present a multi-protocol system that seamlessly integrates TF-QKD and MDI-QKD into one untrusted-node-based architecture. Utilizing an efficient phase estimation method based on asymmetric interferometers, we convert twin-field global phase tracking to relative phase calibration, allowing near continuous running of both protocols. Experiments demonstrate secure key rates for sending -or-not-sending QKD and MDI-QKD protocol over fiber distances of 710 km and 501 km in the asymptotic case, respectively. The results align with theoretical simulations and show the ability to surpass the absolute repeaterless key capacity. Our work offers an unified framework for deploying multi-protocol QKD networks, laying the foundation for scalable quantum infrastructures that can meet a wide range of security and performance needs.

Quantum networks require the integration of quantum and coherent signals into the existing fiber infrastructure, to implement entanglement-based quantum key distribution (QKD) over metropolitan distances. Current approaches to this integration rely on spectral multiplexing, consuming bandwidth and imposing limitations to routing and switching. In this work, we present the first experimental demonstration of temporal multiplexing of entangled photons and coherent signals on a single frequency channel using serrodyne modulation. This enables hybrid quantum communication, fully compatible with the existing telecommunication infrastructure and paves the way for efficient hybrid networking and continuous channel monitoring.

An efficient paradigm for multi-party computation (MPC) are protocols structured around access to shared pre-processed computational resources. In this model, distributed correlations are initially disseminated to participants in some form of shared randomness. This allows for a phase of computation, thereafter, built on information theoretic broadcasting primitives with efficient round complexity. While privacy against a malicious adversary is trivial in this phase, the same information theoretic guarantees cannot be met when distributing shared randomness classically, without strong setup assumptions, such as a trusted Dealer and private channels. We present a novel approach for generating these correlations from entangled quantum graph states, and yield information theoretic privacy guarantees that hold against a malicious adversary, with limited assumptions. Our primary contribution is a tripartite resource state and measurement-based protocol for extracting a binary \textit{multiplication triple}, a special form of shared randomness that enables the private multiplication of a bit conjunction. Here, we employ a third party as a Referee, and demand only an honest pair among the three parties. The role of this Referee is weaker than that of a Dealer, as the Referee learns nothings about the underlying shared randomness that is disseminated. We prove perfect privacy for our protocol, assuming access to an ideal copy of the resource state, an assumption that is based on the existence of graph state verification protocols. Finally, we demonstrate its application as a primitive for more complex Boolean functionalities such as 1-out-of-2 oblivious transfer (OT) and MPC for an arbitrary $N$-party Boolean function, assuming access to the proper broadcasting channel.

High-speed quantum key distribution (QKD) systems have achieved repetition frequencies above gigahertz through advanced technologies and devices, laying an important foundation for the deployment of high-key-rate QKD system. However, these advancements may introduce unknown security loopholes into the QKD system. For an eavesdropper Eve, it is challenging to exploit these security loopholes performing the intercept-and-resend attacks due to the limited time window under the high repetition frequency. Here, we propose a muted attack that does not require intercept-and-resend operation, which is applicable to high-speed QKD systems. By exploiting the security loophole of the width discriminator on the single photon avalanche detector (SPAD), Eve can control whether Bob’s detector is capable of receiving photons from Alice, allowing her to learn nearly all the keys. Additionally, we verified through experimental tests that Eve only needs to match the period of the hacking pulse with the dead time of the SPAD and ensure that each pulse contains hundreds of photons. This study reveals the security loopholes introduced by the state-of-the-art devices in high-speed QKD systems.

Quantum networks revolutionize the way of information transmission and are an essential step in building a quantum internet. Generally, the information capacity per user-channel in a quantum network drastically decreases with the increase of network capacity, making it difficultly scale to large-user scenarios. To break this limit, we propose a network capacity-independent quantum network (NCI-QN) that maintains constant information capacity per user-channel regardless of network scale, overcoming the scalability bottleneck in conventional quantum networks. The architecture employs a multi-mode time-frequency framework, with theoretical analysis extending PLOB and Holevo bounds to network scenarios to establish capacity independence. Experimentally, we demonstrate a 19-user NCI-QN using optical frequency combs in quantum key distribution, achieving a record 8.75 Gbps composable finite-size secure key rate.

Quantum key distribution (QKD) enables the exchange of cryptographic keys with information-theoretic security. However, real-world implementations of QKD are often limited by noise, losses, and imperfect devices. High-dimensional quantum systems offer a promising route to overcome these limitations, enabling denser information encoding and enhanced resilience to noise and loss compared to traditional qubit-based protocols. On the other hand, device-independent (DI) protocols can address all adversarial cases due to device imperfections; however, existing security proofs have not shown any advantage associated with higher dimensions. In this work, we present a robust high-dimensional one-sided DI-QKD (1sDI-QKD) protocol whose security is certified through violations of quantum steering inequalities. By relaxing assumptions on one of the parties while still leveraging high dimensions, this approach improves the practicality of the protocols over fully device-independent QKD, offering promising experimental implications. We investigate 1sDI-QKD utilizing high-dimensional entanglement systems based on Srivastav et al. [PhysRevX.12.041023] framework and show that reverse reconciliation leverages the inherent asymmetry of the steering scenario, resulting in significantly higher key rates in the asymptotic regime as we increase the dimensions. Furthermore, we analyze the protocol's robustness to depolarizing noise and detection inefficiencies. Our results demonstrate the enhanced noise robustness and loss tolerance of high-dimensional 1sDI-QKD. The next step will be to experimentally validate these advantages, establishing high-dimensional 1sDI-QKD as a strong candidate for secure quantum communication under realistic conditions.

Remote state preparation (RSP) allows one party to remotely prepare a known quantum state on another party's qubit using entanglement. This can be used in quantum networks to perform applications such as blind quantum computing or long-distance quantum key distribution (QKD) with quantum repeaters. Devices to perform RSP, referred to as a client, ideally have low hardware requirements, such as only sending photonic qubits. A weak coherent pulse source offers a practical alternative to true single-photon sources and is already widely used in QKD. Here, we introduce two new protocols to the previously known protocol for RSP with a weak-coherent-pulse-based device. The known technique uses a double-click (DC) protocol, where a photon from both the server and the client needs to reach an intermediate Bell state measurement. Here, we add to that a single-click (SC) RSP protocol, which requires only one photon to reach the Bell state measurement, allowing for better performance in certain regimes. In addition, we introduce a double-single-click (DSC) protocol, where the SC protocol is repeated twice, and a CNOT gate is applied between the resulting qubits. DSC mitigates the need for phase stabilization in certain regimes, lowering technical complexity while still improving performance compared to DC in some regimes. We compare these protocols in terms of fidelity and rate, finding that SC consistently achieves higher rates than DC and, interestingly, does not suffer from an inherently lower fidelity than the DC, as is the case for entanglement generation. Although SC provides stronger performance, DSC can still show performance improvements over DC, and it may have reduced technical complexity compared to SC. Lastly, we show how these protocols can be used in long-distance QKD using quantum repeaters.

Quantum Dots can generate on-demand, highly indistinguishable photons for quantum information purposes. We make use of a high performance quantum dot with dynamic polarization modulation in order to experimentally implement the BB84 protocol. State preparation is achieved with a custom built pulse-pattern generator and a 10^5-bit random sequence controlling an electro-optical modulator and an 80 MHz repetition rate. These are then detected in a 4 state polarization analyzer with which we record a QBER of 2.9%. In order to gauge the performance of the protocol, we make use of advanced numerical techniques to compute lower bounds on secure key rates. These techniques allow us to demonstrate the security and performance of this protocol while considering device imperfections such as the source on Alice's side and unequal detection efficiencies on Bob's side. Our detailed analysis of the protocol’s performance including device imperfections is an important step towards practical implementations of QKD.

Numerical security proofs offer a versatile approach for evaluating the secret-key generation rate of quantum key distribution (QKD) protocols. However, existing methods typically require perfect source characterization, which is unrealistic in practice due to the presence of inevitable encoding imperfections and side channels. In this paper, we introduce a novel security proof technique based on semidefinite programming that can evaluate the secret-key rate for both prepare-and-measure and measurement-device-independent QKD protocols when only partial information about the emitted states is available, significantly improving the applicability and practical relevance compared to existing numerical techniques. We demonstrate that our method can outperform current analytical approaches addressing partial state characterization in terms of achievable secret-key rates, particularly for protocols with non-qubit encoding spaces. This represents a significant step towards bridging the gap between theoretical security proofs and practical QKD implementations.

One of the main candidates of post-quantum cryptography is lattice-based cryptography. Its cryptographic security against quantum attackers is based on the worst-case hardness of lattice problems like the shortest vector problem (SVP), which asks to find the shortest non-zero vector in an integer lattice. Asymptotic quantum speedups for solving SVP are known and rely on Grover's search. However, to assess the security of lattice-based cryptography against these Grover-like quantum speedups, it is necessary to carry out a precise resource estimation beyond asymptotic scalings. In this work, we perform a careful analysis on the resources required to implement several sieving algorithms aided by Grover's search for dimensions of cryptographic interests. For such, we take into account fixed-point quantum arithmetic operations, non-asymptotic Grover's search, the cost of using quantum random access memory (QRAM), different physical architectures, and quantum error correction. We find that even under very optimistic assumptions like circuit-level noise of $10^{-5}$, code cycles of 100 ns, reaction time of 1 $\mu$s, and using state-of-the-art arithmetic circuits and quantum error-correction protocols, the best sieving algorithms require $\approx 10^{13}$ physical qubits and $\approx 10^{31}$ years to solve SVP on a lattice of dimension 400, which is roughly the dimension in which SVP is to be solved in order to break the minimally secure post-quantum cryptographic standards currently being proposed by NIST. We estimate that a 6-GHz-clock-rate single-core classical computer would take roughly the same amount of time to solve the same problem. We conclude that there is currently little to no quantum speedup in the dimensions of cryptographic interest and the possibility of realising a considerable quantum speedup using quantum sieving algorithms would require significant breakthroughs in theoretical protocols and hardware development.

In quantum Shannon theory, various kinds of quantum entropies are used to characterize the capacities of noisy physical systems. Among them, min-entropy and its smooth version attract wide interest especially in the field of quantum cryptography as they can be used to bound the information obtained by an adversary. However, calculating the exact value or non-trivial bounds of min-entropy are extremely difficult because the composite system dimension may scale exponentially with the dimension of its subsystem. Here, we develop a one-shot lower bound calculation technique for the min-entropy of a classical-quantum state that is applicable to both finite and infinite dimensional reduced quantum states. Moreover, we show our technique is of practical interest in at least three situations. First, it offers an alternative tight finite-data analysis for the BB84 quantum key distribution scheme. Second, it gives the best finite-key bound known to date for a variant of device independent quantum key distribution protocol. Third, it provides a security proof for a novel source-independent continuous-variable quantum random number generation protocol. These results show the effectiveness and wide applicability of our approach.

We investigate the practical requirements for certifying high-dimensional quantum entanglement using existing matrix completion techniques. Focusing on time-bin entangled systems, we simulate the measurement of selected diagonals of the density matrix to identify minimal yet effective configurations. Our results indicate that measuring the main diagonal along with just two off-diagonals is often sufficient to tightly lower-bound the Schmidt number, entanglement of formation, and distillable secret key rate. We further develop a method for selecting an optimal set of diagonals based on the dimension of the system - corresponding to an optimal choice of interferometer delays. This work offers experimental guidance for efficient entanglement certification in high-dimensional quantum systems.

We show that there exists a quantum oracle relative to which quantum commitments exist but no (efficiently verifiable) one-way state generators exist. Both have been widely considered candidates for replacing one-way functions as the minimal assumption for cryptography—the weakest cryptographic assumption implied by all of computational cryptography. Recent work has shown that commitments can be constructed from one-way state generators, but the other direction has remained open. Our results rule out any black-box construction, and thus settle this crucial open problem, suggesting that quantum commitments (as well as its equivalency class of EFI pairs, quantum oblivious transfer, and secure quantum multiparty computation) appear to be strictly weakest among all known cryptographic primitives.

In this work, we demonstrate a new kind of attack on laser sources in quantum key distribution systems - the optical-pumping attack. We investigated its influence on a single distributed feedback laser diode and an optically injection-locked source configuration. The spectral dependency of this attack was also examined. We managed to increase the energy of emitted pulses using attackers light at several wavelengths. The developed optical-pumping attack should be considered as a possible threat to the security of QKD systems because the increase of pulse energy leads to overestimation of secret key rate between Alice and Bob, giving more information about secret key to Eve.

Recent experimental implementations of publicly verifiable quantum random number generators (PV-QRNGs) based on quantum entanglement reflect growing interest in this emerging paradigm of QRNG technology, originally proposed in our earlier work. These implementations employ specific representatives of entangled multi-qubit state families defined by us, which enable public verification of randomness without revealing the generated strings. PV-QRNGs address the limitations of local computational testing and offer enhanced scalability and reliability. This approach is especially relevant in the context of quantum and post-quantum cryptography, where the certification of high-quality randomness is essential. We present the theoretical foundations of PV-QRNGs and explore their potential to advance secure, scalable, and transparently verifiable quantum randomness generation.

Ma and Huang recently proved that the PFC construction, introduced by Metger, Poremba, Sinha and Yuen [MPSY24], gives an adaptive-secure pseudorandom unitary family (PRU). Their proof developed a new path recording technique. In this work, we show that a linear number of sequential repetitions of the parallel Kac's Walk, introduced by Lu, Qin, Song, Yao and Zhao [LQSY+24], also forms an adaptive-secure PRU, confirming a conjecture therein. Moreover, it additionally satisfies strong security against adversaries making inverse queries. This gives an alternative PRU construction, and provides another instance demonstrating the power of the path recording technique. We also discuss some further simplifications and implications.

Two QKD systems employing different encoding schemes are evaluated over a mixed 29.5km fiber infrastructure, including 16km of aerial fiber segments. The work examines the systems’ performance and compares it to corresponding in-lab fiber setups.

Abstract—Quantum computing has become a threat to classical cryptography, and PQC hash-based signature schemes offer a promising post-quantum alternative. This paper analyzes XMSS, LMSS, SHAKE-256 and WOTS+, evaluating key generation, signing, verification time, and memory usage. The results highlight performance and security, providing practical insight into the implementation of efficient and quantum-resistant digital signature schemes for future cryptographic systems.

Quantum Key Distribution (QKD) has been actively studied due to its unconditional security against eavesdropping, especially in the era of quantum computing. Among various QKD implementations, free-space QKD—which transmits and receives single photons through free-space channels—has gained significant attention due to its lower signal attenuation over long distances and its potential for establishing global quantum networks without the need for fiber-optic infrastructure. Recently, it has also emerged as a promising solution for secure communications on mobile platforms such as drones and autonomous vehicles. To integrate QKD systems into compact mobile platforms, it is essential to achieve system miniaturization and weight reduction, while also maintaining stable optical link in environments with motion and vibration. One effective approach is the use of gimbal-based beam tracking systems, as gimbals are well-established technologies that provide high stabilization performance with relatively low weight, making them ideal for mobile use. In this study, we investigate the performance of a lightweight gimbal-based beam tracking system in an outdoor environment. Lasers with visible-wavelength and CMOS cameras were used as beacon beams and detectors to implement the tracking system. To compensate for the limited angular resolution of the gimbal, beam expansion of the beacon beam and appropriate design of fine tracking is incorporated. The results demonstrate the feasibility of using gimbal-based tracking systems for free-space QKD applications on mobile platforms.

The gold-standard for security in quantum cryptographic protocols is information-theoretic security, because such a form of security that makes no assumptions on the hardness of any computational problems and relies only on the fundamental laws of quantum mechanics, will be surely future-proof. Here, we revisit a permutational-key quantum homomorphic encryption protocol with information-theoretic security. We explain how this protocol can be integrated with quantum error correction that allows the error correction encoding to be a homomorphism. This feature enables both client and server to apply the encoding and decoding step for the quantum error correction, without use of the encrypting permutation-key.

We provide a security proof for quantum key distribution (QKD) protocols using passive detection setups within the entropic uncertainty relation (EUR) framework. Passive detection avoids the need for active basis choice but introduces challenges due to beam splitters and imperfections in detectors. We show how to define and bound the phase-error rate in passive detection setups, even when detector imperfections are not precisely known but lie within known ranges. Our analysis applies in the finite-size regime against general coherent attacks.

Photonic integrated circuits (PICs) are emerging as a key enabler for compact, rugged and mass-producible quantum key distribution (QKD) terminals, dramatically reducing size, weight, power and cost while facilitating co-packaging with classical transceivers. However, inevitable fabrication asymmetries and on-chip optical components such as modulator, attenuator, and wavelength division multiplexer (WDM) introduce polarization dependent loss (PDL) of up to several decibels. In polarization-based QKD that employs multiple polarization states, such intrinsic PDL can distort those states and thereby degrade overall system performance. The impact is particularly severe in polarization-based reference frame independent (RFI) QKD, where the six polarization states must remain mutually unbiased and orthogonal within each basis so that the secret key rate depends only on the quantum bit error rate (QBER) and the security parameter. PDL skews the Jones amplitudes, breaks these state relations, inflates QBER and can drive the secret key rate to low values at moderate channel loss. To counter this impairment, post-selection methods non-optically compensating PDL have been proposed. In this work, we introduce an optical PDL compensation which is a passive optical compensator consisting of a matched PDL element followed by a half-wave plate that swaps the orthogonal polarization components. The combined transfer matrix is effectively polarization-isotropic apart from a uniform attenuation so both the security parameter and the secret key rate are preserved, at the expense of additional insertion loss. Experiments with a free-space RFI QKD link confirm the scheme’s effectiveness: while uncompensated PDL quickly degrades secret key raete, the compensator restores state and sustains secret key rate across the entire operating range explored, validating the effectiveness of the compensator and demonstrating a practical path toward PDL tolerant, PIC-based QKD systems.

The information-theoretical security (ITS) of Quantum Key Distribution (QKD) relies on the presence of an ITS authenticated channel. Typically, implementations often keep the whole process ITS by pre-sharing secret key material which is required to perform ITS authentication. Pre-sharing key material is not necessarily practical when parties are separated by hundreds of kilometers, however, Post Quantum Cryptography (PQC) along with Public Key Infrastructure (PKI) could be used to cover said inconvenience. This work defines a realistic bounded adversary and adapts a security framework, tools used to prove that the keys distilled through QKD remain ITS when authentication is handled with PQC and PKI.

High-speed, stable, and precisely modulated optical sources are essential components in quantum key distribution (QKD) systems. Picosecond-scale narrow pulses, in particular, are critical for supporting high-rate QKD protocols by enabling tight temporal filtering, reducing background noise, and enhancing secure key generation rates. To meet these demands, gain-switched distributed feedback (DFB) lasers are widely adopted in practical systems. Their direct modulation capability simplifies the transmitter design and eliminates the need for external pulse carving circuits. In addition, the gain-switching process inherently introduces phase randomization between pulses—an important security feature required in protocols such as decoy-state scheme. However, conventional driving circuits for gain-switched lasers often depend on complex, high-power digital electronics, which are bulky and inefficient. These characteristics significantly limit their deployment in mobile, airborne, or satellite-based QKD platforms, where stringent constraints on size, weight, and power consumption must be met. In this work, we present a compact, energy-efficient laser driver module designed for mobile QKD applications. The module integrates a DFB laser, sinusoidal driving unit, and analog temperature control (ATC) circuit in a footprint of only 6.1 × 3.9 × 1.1 cm³. A wideband low-noise amplifier (LNA) with over 20 dB gain amplifies an external sinusoidal clock signal, directly driving the DFB laser into the gain-switching regime. This approach produces high-quality picosecond optical pulses through rapid carrier accumulation and recombination, without the need for digital pulse generation logic. The design supports a tunable repetition rate from 200 MHz to 2.5 GHz, with total power consumption reduced by over 90% compared to conventional pulse-based drivers. To ensure wavelength stability—critical for interference-based QKD protocols—we implement a fully analog feedback-based temperature control scheme. A thermistor-based sensor monitors the laser’s thermal environment and drives a TEC through an integrated error amplifier and integrator circuit. This analog loop achieves <0.01 K temperature fluctuation over a 0–50 °C range. In parallel, we suppress bias current noise via RF filtering, stabilizing the center wavelength within 1 pm. This integrated solution enables field-deployable QKD systems to operate stably under strict size, weight, and power (SWaP) constraints. The proposed module is compatible with various QKD protocols and encoding methods and can significantly extend operational lifetime on battery-powered platforms. By enhancing both temporal and spectral stability while minimizing power draw, our work paves the way for practical and scalable mobile quantum communication.

Quantum key distribution (QKD) provides theoretical secure solutions to realize remote key distribution. However, there are many kinds of device loopholes giving rise to a great obstacle to its practical security. Some existing studies have addressed certain vulnerabilities. But it is hard to eliminate all potential loopholes while maintaining high performance. In this article, we propose a new QKD protocol called phase-coding side-channel-secure (PC-SCS) protocol. This protocol can be immune to all uncorrelated side channels of the source part and all loopholes of the measurement part. A finite-key security analysis against coherent attack of the new protocol is given. The proposed protocol only requires modulation of two phases, which can avoid the challenge of preparing perfect vacuum states. Numerical simulation shows that a practical transmission distance of 300 km in fiber can be realized by the PC-SCS protocol.

We present two Device Independent Quantum Random Number Generator (DI-QRNG) protocols using two self-testing methodologies in Preparation \& Measure (P\&M) scenario. These two methodologies are the variants of two well known non-local games, namely CHSH and pseudo-telepathy games, in P\&M framework. We exploit them as distinguishers in black-box settings to differentiate the classical and the quantum paradigms and hence to certify the Device Independence. The first self-test was proposed by Tavakoli et al. (Phys. Rev. A, 2018). We show that this is actually a P\&M variant of the CHSH game. Then based on this self-test, we design our first DI-QRNG protocol. We also propose a new self-testing methodology, which is the first of its kind that is reducible from pseudo-telepathy game in P\&M framework. Based on this new self-test, we design our second DI-QRNG protocol.

Regarding minimal assumptions, most of classical cryptography is known to depend on the existence of One-Way Functions (OWFs). However, recent evidence has shown that this is not the case when considering quantum resources. Besides the well known unconditional security of Quantum Key Distribution, it is now known that computational cryptography may be built on weaker primitives than OWFs, e.g., pseudo-random states [JLS18], one-way state generators [MY23], or EFI pairs of states [BCQ23]. We consider a new quantum resource, pseudo-entanglement, and show that the existence of EFI pairs, one of the current main candidates for the weakest computational assumption for cryptography (necessary for commitments, oblivious transfer, secure multi-party computation, computational zero-knowledge proofs), implies the existence of pseudo-entanglement, as defined by [ABF+24, ABV23] under some reasonable adaptations. We prove this by constructing a new family of pseudo-entangled quantum states given only EFI pairs. Our result has important implications for the field of computational cryptography. It shows that if pseudo-entanglement does not exist, then most of cryptography cannot exist either. Moreover, it establishes pseudo-entanglement as a new minimal assumption for most of computational cryptography, which may pave the way for the unification of other assumptions into a single primitive. Finally, pseudo-entanglement connects physical phenomena and efficient computation, thus, our result strengthens the connection between cryptography and the physical world.

Recent active studies have demonstrated that cryptography without one-way functions (OWFs) could be possible in the quantum world. Many fundamental primitives that are natural quantum analogs of OWFs or pseudorandom generators (PRGs) have been introduced, and their mutual relations and applications have been studied. Among them, pseudorandom function-like state generators (PRFSGs) [Ananth, Qian, and Yuen, Crypto 2022] are one of the most important primitives. PRFSGs are a natural quantum analogue of pseudorandom functions (PRFs), and imply many applications such as IND-CPA secret-key encryption (SKE) and EUF-CMA message authentication code (MAC). However, only known constructions of (many-query-secure) PRFSGs are ones from OWFs or pseudorandom unitaries (PRUs). In this paper, we construct classically-accessible adaptive secure PRFSGs in the invertible quantum Haar random oracle (QHRO) model which is introduced in [Chen and Movassagh, Quantum]. The invertible QHRO model is an idealized model where any party can access a public single Haar random unitary and its inverse, which can be considered as a quantum analog of the random oracle model. Our PRFSG constructions resemble the classical Even-Mansour encryption based on a single permutation, and are secure against any unbounded polynomial number of queries to the oracle and construction. To our knowledge, this is the first application in the invertible QHRO model without any assumption or conjecture. The previous best constructions in the idealized model are PRFSGs secure up to $o(\secp/\log \secp)$ queries in the common Haar state model [Ananth, Gulati, and Lin, TCC 2024] and (inverseless) PRUs in a relaxed QRHO model without inverse access [Ananth, Bostanci, Gulati, and Lin, Eurocrypt 2025]. We develop new techniques on Haar random unitaries to prove the selective and adaptive security of our PRFSGs. For selective security, we introduce a new formula, which we call the Haar twirl approximation formula. For adaptive security, we show the unitary reprogramming lemma and the unitary resampling lemma along with the several technical tools for unitary oracle security proof with pure state queries. These have their own interest, and may have many further applications. In particular, by using the approximation formula, we give an alternative proof of the non-adaptive security of the PFC ensemble [Metger, Poremba, Sinha, and Yuen, FOCS 2024] as an additional result. Finally, we prove that our construction is not PRUs or quantum-accessible non-adaptive PRFSGs by presenting quantum polynomial time attacks. Our attack is based on generalizing the hidden subgroup problem where the relevant function outputs quantum states.

We discuss the status of security proofs for practical decoy-state Quantum Key Distribution using the BB84 protocol, pertaining to optical implementations using weak coherent pulses and threshold photo-detectors. Our focus is on the gaps in the existing literature. Gaps might result, for example, from a mismatch of protocol detail choices and proof technique elements, from proofs relying on earlier results that made different assumptions, or from protocol choices that do not consider real-world requirements. While substantial progress has been made, our overview draws attention to the details that still require our attention.

In just very few recent years Quantum Key Distribution (QKD) has witnessed major advances regarding the maturity and availability of commercial QKD devices as well as adaptation and testing of the technology in a number of large-scale projects (in particular in the EU). QKD provides a key exchange mechanism that is completely secure against eavesdropping according to the laws of the physics. Although such level of security might not be fully matched by current devices, here we will assume that QKD networks are able to generate identical bit streams at K nodes of our choice with perfect security against eavesdropping (for K>2, however, an appropriate key-relay protocol is additionally required). The development of QKD networks, however, poses two major challenges: 1) QKD does not provide any inherent authentication mechanism. Currently OTP-based authentication is usually adapted, but it lacks scalability and for larger networks private/public key authentication schemes will be eventually needed. Given well justified concerns about the possibility of future attacks by quantum computers on classical asymmetric cryptography, post-quantum algorithm (PQC) based schemes essentially remain the only viable authentication option. 2) In foreseeable term QKD networks will remain limited to connections between larger data centres and to benefit 'ordinary users' provision of QKD as a service (QaaS) will be needed. Connections of such users to QKD network will remain to be on based asymmetric cryptography, which again leaves PQC as the only secure option. This leads to the problem of integration of two expectedly secure, but somewhat competing cryptographic techniques - QKD and PQC - into communication networks in such a way, that the strengths of these both approaches are fully exploited and the overall security is increased from complementary usage of both of them. The proposals for such integrated communication network solutions are sometimes called 'software-based QKD networks', however, most of these proposals only outline the overall architecture , but does not provide implementation details at the level of specific protocols an algorithms that could be used. To address these shortcomings, in our previous work we have developed a 'butterfly protocol' that provides QaaS by integrating both QKD and PQC techniques and is secure against a successful attack on any single communication link it uses. The full benefits of using this protocol, however, still partially rely on additional assumptions on comparative security of communication links within different subnetworks. In the current work we examine the problem of QKD and PQC integration and provision of QaaS from a somewhat different perspective. We consider larger multi-node QKD networks with dynamic topology -- i.e. in which new QKD nodes and links can be added or removed, and we also assume that there could be few network nodes that are compromised and can not be trusted. The network topology is regarded as generally known, but it is not centrally managed, the network nodes can can gradually gather the information about the overall topology by communicating with their neighbour nodes. Within this setting we are developing protocols for the two following scenarios. Multi-node key relay. This requires generation of identical QKD keys at K>2 freely chosen nodes (with typical values being K=3 and K=4) in a way that is secure against attack by any single node involved in key material routing - i.e. any such attack should be unable to compromise key stream in more than a single node. The availability of the same key material from more than 2 nodes allows to overcome a single link vulnerability of QaaS by providing independent set of nodes at which the negotiated QKD keys can additionally verified. The schemes for key relay between multiple nodes have been well studied, but usually without the assumptions of the potential presence of a malicious node. Multi path routing. This requires establishing of at least two non-intersecting routing paths between any pair of nodes (provided that at least two non-intersecting paths between them exists). Using two distinct routing paths protects against an attack from a single malicious node on any of them. The possibility of such an attack has been assessed already in the context of SECOQC project. The authors propose a key relay protocol over two independent paths, however, its efficiency can be improved, and the authors do not address the problem of establishing such independent routing paths. For establishing such non-intersecting paths between any pairs of network nodes we have adapted a version of maximum flow algorithm that is executed asynchronously and locally at each of the nodes. The algorithm actually guarantees finding the maximum number of independent routing paths between any pair of nodes, however, it is comparatively inefficient (especially when compared with algorithms for establishing single routes), and potentially can be improved, if we require finding of at least two, but not not the all disjoint paths . As far as we know, the problem of presence of malicious nodes in QKD has been occasionally studied before, but mainly form the perspective of impact on overall performance and without focus on identifying and neutralising malicious nodes.

Quantum technologies play a central role in establishing new ways of quantum-secured communication. We investigate Free Space Quantum Communication and explore the advantage of implementing Quantum Key Distribution with a light source in the Mid-Infrared (>3 μm) region of the electromagnetic spectrum. We simulate and show that, for non-optimal weather conditions, Mid-Infrared can outperform the most commonly used telecom wavelength.

Quantum random number generation leverages the inherent randomness of quantum systems to produce fundamentally nondeterministic outputs. We experimentally demonstrate a compact QRNG using single photons emitted by a quantum dot and coupled into an optical nanofiber’s guided mode. The randomness originates from single photons randomly occupying one of two fiber output paths, and we assign a single qubit state for the path basis. The generated sequence passes the NIST randomness test suite, achieving a 1.8 Mbps generation rate with high single-photon purity of g2(0)= 0.07±0.04. This alignment-free nanofiber platform offers a scalable, efficient photonic QRNG solution, suitable for quantum cryptography and secure key distribution.

We investigate the problem of conference key agreement in pair entangled networks (PEN) where the parties can share bipartite entangled states. In such networks, a source whose global state factorizes into bipartite “pair-entangled network” (PEN) states is distributed to honest parties which can perform local operations and public classical post-processing (LOSR+PP) to establish a shared secret key among each other. In this setting, we derive several new upper bounds on the achievable conference key rate. In particular for pure PEN states we show that the optimal key rate can be achieved by a bipartite QKD strategy.

Digital signatures are a powerful cryptographic tool widely employed across various industries for securely authenticating the identity of a signer during communication between signers and verifiers. While quantum digital signatures have been extensively studied, the security still depends on a trusted third-party. To address this limitation and enhance the applicability in real-world scenarios, here we propose a novel quantum digital signature protocol without a trusted third-party to further improve the security. We note that a quantum one-way function can work appropriately in digital signature due to the intrinsic non-cloning property for quantum states. Secret keys in the protocol are constituted by classical private keys and quantum public keys because we assume that no user is trusted in the protocol. We prove that the protocol has information-theoretical unforgeability. Moreover, it satisfies other important secure properties, including asymmetry, undeniability, and expandability.

The generation and manipulation of single photons at telecommunication wavelengths play a vital role for the quantum networks based on optical fiber infrastructures. Extensive protocols have previously been proposed and implemented by using the photons from weak coherent laser pulses for long-distance communication. One such robust and mature solution for stable communication is time-bin states for practical fiber networks. Semiconductor quantum dots (QDs) are one of the genuine quantum light sources with deterministic single-photon emissions and have recently achieved a significant milestone in terms of high-brightness single-photon emission at the telecommunication wavelengths, assisted by the micro- and nanophotonic technology. This poster presents the first demonstration of the time-bin encoded quantum key distribution (QKD) using the telecom single photons from a QD. In the experiment, three time-bin states are randomly prepared with the active modulation on each single photon in a 16-bit repeating sequence, after the photons have passed through a Sagnac interferometer incorporating Mach-Zehnder interferometer. An average quantum bit error ratio (QBER) of less than 1% is achieved for the Z-basis of the system is achieved at a quantum channel distance of 0 km, resulting in a secure key rate (SKR) of over 10 kbits/s in the finite-key regime. The stable preparation, transmission, and readout of the single-photon time-bin qubits is validated by implementing time-dependent QBER/SKR measurements over 6 hours for the cases of variable optical fiber channels ranging from 0 to 120 km. A maximum tolerable transmission distance of 127 km is identified as the system error ratio approaches the security threshold, resulting in a SKR of approximately 15 bits/s, which is still realistic for practical applications. The improvement of system performance in terms of the light source, optical setups, and instruments has been comprehensively analyzed. Unlike previous research activities concerning QKD with polarized single photons, the successful verification of the QKD with time-bin encoded single-photon qubits in this study demonstrates the feasibility of realizing robust and scalable quantum communication network based on solid-state single-photon technology.

Intensity correlations between neighboring pulses open a prevalent yet often overlooked security loophole in decoy-state quantum key distribution (QKD). As a solution, we present and experimentally demonstrate an intensity-correlation-tolerant QKD protocol that mitigates the negative effect that this phenomenon has on the secret key rate according to existing security analyses. Compared to previous approaches, our method significantly enhances the robustness against correlations, notably improving both the maximum transmission distances and the achievable secret key rates across different scenarios. By relaxing constraints on correlation parameters, our protocol enables practical devices to counter intensity correlations. We experimentally demonstrate this first practical solution that directly overcomes this security vulnerability, establish the feasibility and efficacy of our proposal, taking a major step towards loophole-free and high-performance QKD.

Quantum networks are moving rapidly from research laboratories to practical applications. Most quantum networks are based on the trusted node approach because the distance for quantum key distribution (QKD) is limited by photon loss. Shorter distances quantum networks providing any to any connectivity require N(N-1)/2 dark fiber lines, where N is the number of users. Telecom operators, which are the most active players in quantum networks today, can become trusted node owners, which may be an additional barrier to the adoption of quantum networks. An alternative solution is to use entanglement in quantum networks at the city level. In our work we have demonstrated it on a network with three nodes. The center of the network is the PPLN-based source for polarization entangled photon pairs at 1310 and 1316nm. The outputs of the source are connected to a 2x32 optical switch to which any two users can be connected in pairs. To make the receiver suitable for measuring both photons, we have assembled a 2-wavelength Bragg filter that enables the measurement of photons in both wavelengths with a bandwidth of 2 nm. The receivers are designed to be completely passive - the fiber is connected to the BBM92 polarization projection system in free space box, followed by single photon detectors and a time tagger. Polarization distortion is compensated with a fiber-based polarization controller on the source side using the publicly announced QBER. The key is followed by the standard procedures of sifting, cascade error correction and finite key e=10-10 privacy amplification. The derived keys are uploaded to 10G L2/L3 encryption systems, which are able to establish quantum-safe VPN tunnels between any participants. List below describes results of a key rate for 3 node network when the entangled source is connected to a 2x32 optical switch and its outputs are connected to receivers A1(direct) and A2, A3 with 10 km fiber spools each. All secret key tares include finite key size effects A2 (10 km) - A1 (direct). QBER ~2.8%, Secret key rate ~125 b/s A3 (10 km) - A2 (10km). QBER ~4.9%, Secret key rate ~50 b/s A3 (10 km) - A1 (direct). QBER ~3.9%, Secret key rate ~100 b/s

While one-way functions (OWFs) serve as the minimal assumption for computational cryptography in the classical setting, in quantum cryptography, we have even weaker cryptographic assumptions such as pseudo-random states, and EFI pairs, among others. Moreover, the minimal assumption for computational quantum cryptography remains an open question. Recently, it has been shown that pseudoentanglement is necessary for the existence of quantum cryptography (Goulão and Elkouss 2024), but no cryptographic construction has been built from it. In this work, we study the cryptographic usefulness of quantum pseudoresources —a pair of families of quantum states that exhibit a gap in their resource content yet remain computationally indistinguishable. We show that quantum pseudoresources imply a variant of EFI pairs, which we call EPFI pairs, and that these are equivalent to quantum commitments and thus EFI pairs. Our results suggest that, just as randomness is fundamental to classical cryptography, quantum resources may play a similarly crucial role in the quantum setting. Finally, we focus on the specific case of entanglement, analyzing different definitions of pseudoentanglement and their implications for constructing EPFI pairs. Moreover, we propose a new cryptographic functionality that is intrinsically dependent on entanglement as a resource.

An important problem for QKD at long distances is the PLOB bound. It follows from the fact that an eavesdropper can perform any actions with the quantum states sent over the quantum channel, which is a standart assumption in QKD. Here, we propose an alternative model which explicitly uses the restrictions of quantum thermodynamics, which prevent the eavesdropper from exploiting all the photons lost in the channel. We consider this solution as chanel device dependent (CDD) QKD which is better at long distances than conventional QKD with trusted nodes.

High-quality randomness underpins modern cryptography, yet real quantum random-number generators (QRNGs) can betray subtle correlations introduced by hardware imperfections and environmental drift. We introduce a quantum-inspired deep-learning framework that detects such residual structure with sensitivities unattainable by clas- sical statistical batteries. The architecture intertwines a hierarchy of fractal-memory recurrent layers, a Kerr-oscillator bifurcation model that projects learned patterns into a quantum Hilbert space, and a topological loss based on persistent homology. Device-specific noise—beam-splitter imbalance, detector dark counts, homodyne electronic noise—is injected during training so that optimisation jointly minimises prediction error, topological divergence and loss of quantum fidelity while a reinforcement signal rewards rapid anomaly discovery. Public DV, CV and IBMQ datasets that satisfy all NIST and Diehard tests nevertheless yield bit- prediction accuracies between 0.72 and 0.83 and KL divergences of 3.9×10−2–5.2×10−2, demonstrating that “true” quantum randomness can harbour exploitable patterns unless carefully characterised and extracted.

Measurement-device-independent quantum key distribution (MDI-QKD) is considered one of the most promising protocols due to its high performance and security. To implement the MDI-QKD system in practice, clock synchronization is a crucial step to correctly generate the secret keys. However, as practical applications advance, the complexity and cost of synchronization have become significant challenges for the implementation of MDI-QKD. In this study, we introduce a qubit-based synchronization algorithm specifically designed for MDI-QKD. By utilizing the property of Hong-Ou-Mandel interference, we achieve clock synchronization between parties of MDI-QKD without the need for additional hardware. The cost-effectiveness and simplicity of this approach are expected to significantly facilitate the practical deployment of MDI-QKD.

Quantum key distribution (QKD) is a method that enables two remote parties to share a secure key string. Clock synchronization between two parties is a crucial step in the normal operation of QKD. Qubit-based synchronization can achieve clock synchronization by transmitting quantum states between two remote parties, eliminating the necessity for hardware synchronization and thereby greatly reducing the hardware requirements of a QKD system. Nonetheless, classical qubitbased synchronization exhibits poor performance in continuous and high-loss systems, hindering its wide applicability in various scenarios. Here, we propose a qubit-based distributed frame synchronization method that can achieve time recovery in a continuously running system and resist higher losses. Experimental results show that the proposed method outperforms the advanced qubit-based synchronization method Qubit4Sync in a continuously running system. Particularly, the results demonstrate that our method surpasses all previous works in key parameters, including frequency and the synchronization length. We believe our method is applicable to a broad range of QKD scenarios, including drone-based QKD and quantum network construction.

We develop a chip-based continuous-variable quantum key distribution system using an integrated optical switch for real-time shot noise calibration. Experimental results demonstrate a secure key rate of 12.30 Mbps over 25.3 km, establishing foundational capabilities for practical applications.

In light of the growing widely utilized single-photon avalanche detectors, dead time is inevitable due to the presence of afterpulse. Dead time is a critical factor that influences the count rate and the secret key rate (SKR) of quantum key distribution (QKD). It is particularly significant in time-binencoding systems, while prior models fail to accurately estimate the gains. Of note, it introduces correlations between early bins and late bins, hence bits with strong correlation and security risks. Here, we put forward a realistic model that precisely characterizes the response of detectors for time-bin-encoding systems. Our model not only improves the accuracy of gain predictions, showing an excellent match with the Monte Carlo simulation results, but also provides theoretical support for data processing, helping to mitigate security risks. Finally, leveraging our model, we can get a much higher SKR than prior models and further enhance the performance of practical QKD systems by adjusting the detector parameters. Our simulation results demonstrate that our model is essential for the application and deployment of QKD systems in practice.

We demonstrated a configurable on-chip entangled photon source for BBM92 quantum key distribution (QKD) networks. Built on a scalable silicon-on-insulator (SOI) platform, our design incorporates tunable ring resonators. These allow precise, on-chip adjustment of the quality factor (Q-factor), which is central to optimizing the brightness and noise of the source. Our extensive characterization shows this source achieves a coincidence-to-accidental ratio (CAR) of 48239, $g^2(0)$ of $6.8\times10^{-4}$ and raw coincidence rate of 212k counts/second. This exceeds performance reported in the literature. This performance directly translates to higher secure key rates, lower QBER and QKD robustness. The ability to fine-tune source parameters provides flexibility, allowing adaptation to diverse network conditions and optimization for specific QKD applications. This research marks a step toward creating compact, efficient, and reconfigurable entangled sources for practical and scalable quantum communication.

The reference-frame-independent quantum key distribution (RFI QKD) protocol enables QKD systems to function effectively despite slowly varying reference frames, offering a distinct advantage in practical scenarios, particularly in mobile platforms. In this study, we successfully distribute secure key bits over a 250-km optical fiber distance by developing an RFI QKD system with a repetition rate of 150 MHz. Benefiting from high repetition rate, we achieve a finite-key secret key rate of 49.65 bit/s at a distance of 200 km, which is more than 3 times higher than state-of-the-art systems. Our work dramatically extends the transmission distance and enhances the secret key rate of RFI QKD, significantly promoting its practical application.

Device-Independent quantum key distribution (DI-QKD) enables the distribution of secret keys over an untrusted network with uncharacterized devices1, whose security is guaranteed by certification of quantum correlations between remote, legitimate parties through violation of Bell inequalities2. However, implementations of DI-QKD protocols in practice are impeded by the detection loophole, imposing stringent detection efficiency thresholds, preventing practical realizations of DI-QKD. To overcome this limitation, the novel concept of routed Bell tests was recently introduced3,4,5. Here, we propose a DI-QKD protocol based on the routed Bell tests with only standard quantum optical tools, namely two-mode squeezed states, displacement-based measurements and on/off detectors. Fig. 1(a) illustrates this in more detail. Two honest, distant parties, Alice and Bob, each receive one mode of a two-mode squeezed state, and perform displacement-operations, D(α) and D(β_L ), on their received mode and detect it with an on/off detector with detection efficiencies η_A and η_(B_L ), where Alice has her input choices x∈{0,1}, and Bob has his input choices y∈{0,1,2}, obtaining classical outputs a,b∈{0,1}. In addition, Bob can route his mode via a switch with input z∈{S,L} towards another displacement-based measurement device with displacement operation D(β_S ), with input choices and classical outputs denoted by y ̂∈{0,1} and b ̂∈{0,1} respectively, and detection efficiency η_(B_S ), where η_(B_S )≥η_(B_L ). It is crucial that Bob’s routing choice z should not have an influence on Alice’s measurement input and outcomes. We denote (x,y,z)=(0,2,L) as key generation rounds where some rounds are used for estimating error correction cost, and others to construct their keys, and all other input combinations are used to certify their correlations. We optimize for Alice and Bob’s displacement operation D(α),D(β_S ) and D(β_L) and compute the lower bounds on the key rate using numerical optimization6, setting η_A=η_(B_L ). In Fig. 1(b), we observe that our protocol allows us to relax the detection efficiency requirements and see improved key rates against an unrouted protocol, facilitating the possibility of realizing long-distance DI-QKD in the future.

We present a numerical framework for the reliable estimation of conditional von Neumann entropy in device-independent quantum cryptography and randomness extraction sceratios. By leveraging a hierarchy of semidefinite programs derived from the Navascués--Pironio--Acín (NPA) hierarchy, our method efficiently computes entropy bounds based solely on observed statistics, under the assumption that quantum mechanics holds true. Our approach is built on a recent integral representation presented by [Frenkel, Quantum 7, 1102 (2023)] and extends the landscape of methods for computing provable lower bounds on the conditional von Neumann entropy. Notably, it requires approximately half as many support variables compared to the Brown--Fawzi--Fawzi method, with the additional advantage that these variables can be chosen projectively. The method facilitates the derivation of provable bounds on extractable randomness even in noisy scenarios and aligns with modern entropy accumulation theorems. This makes our framework a versatile tool for practical quantum cryptographic protocols, broadening the possibilities for secure communication in untrusted environments.

The remote clock synchronization in the Quantum Key Distribution (QKD) system usually relies on the transmission of synchronous optical pulses. However, the real-time jitter in the free-space channel can lead to the loss of synchronous optical pulses and the drift of the time reference. Moreover, the non-uniform distribution of channel loss in the existing post-processing methods will reduce the encoding efficiency of the filtered keys. The traditional solutions monitor the link attenuation information through independent synchronous optical signals and actively discard the key data during high-loss periods. However, this solution requires additional hardware support and has synchronization constraints. This study proposes a synchronization scheme based on real-time automatic threshold selection. By analyzing the time drift characteristics of the synchronous detector under different link attenuation conditions, this method directly realizes the automatic screening of high-loss data. This method eliminates the dependence on real-time monitoring of synchronous optical signals and achieves the automation of threshold setting through hardware architecture optimization. This solution can improve the encoding efficiency of the free-space QKD system and its principle is applicable to synchronous systems based on protocols such as BB84. This research provides a new technical path for the design of synchronization schemes for free-space quantum communication systems.

This study presents a dynamic satellite-ground quantum key distribution (QKD) model that incorporates time-evolving turbulence with a complete optical stack, including diffraction, atmospheric influence, tracking system, fiber coupling, and the background noise. And the finite key performance of BB84 protocol is estimated using time-resolved losses and noises. Results shows a GEO-to-Lijiang link can still deliver 20–117 kbit per 10¹² pulse under strong turbulence during the night, and the parameters scan identify diffraction-dominated attenuation—not background noise—is the chief bottleneck. The study evaluates the secret key rate under different atmospheric and temporal conditions, offering insights into optimizing satellite-ground QKD systems for practical use.

Bit commitment is a fundamental cryptographic primitive and a cornerstone for numerous two- party cryptographic protocols, including zero-knowledge proofs. However, it has been proven that unconditionally secure bit commitment, both classical and quantum, is impossible. In this work, we demonstrate that imposing a restriction on the committing party to perform only separable operations enables secure quantum bit commitment schemes. Specifically, we prove that in any perfectly hiding bit commitment protocol, an honestly-committing party limited to separable operations will be detected with high probability if they attempt to alter their commitment. To illustrate our findings, we present an example protocol.

The conventional point-to-point setting of a Quantum Key Distribution (QKD) protocol typically considers two directly connected remote parties that aim to establish secret keys. This work proposes a natural generalization of a well-established point-to-point discrete-modulated continuous-variable (CV) QKD protocol to the point-to-multipoint setting. We explore four different trust levels among the communicating parties and provide secure key rates for the loss-only channel and the lossy & noisy channel both in the asymptotic limit and in the finite-size regime. We experimentally demonstrate the feasibility of our protocols in an access network topology with 10 km-long access links, achieving a key rate of $7.09 \times 10^{-3}$ bits per symbol or of 0.866 Mbit/s. Our study shows that discrete-modulated CV-QKD is a suitable candidate to connect several dozens of users in a point-to-multipoint network, achieving high rates at a reduced cost, using off-the-shelf components employed in modern communication infrastructure.

We investigate the security of a quantum key distribution scheme, where Bob right after each detection announces publicly his choice of measurement basis, and the measurement results if the measurement is performed in the testing basis (used for parameter estimation). Such a scheme saves memory and communication time on both sides by not sending all the classical information only at the end of each block but immediately after each detection. We prove its security and show that this method will not reduce the key rate compared to conventional sifting.

Secret sharing is a fundamental primitive in cryptography, and it can be achieved even with perfect security. However, the distribution of shares requires computational assumptions, which can compromise the overall security of the protocol. While traditional Quantum Key Distribution (QKD) can maintain security, its widespread deployment in general networks would incur prohibitive costs. In this work, we present a quantum protocol for distributing additive secret sharing of 0, which we prove to be composably secure within the Abstract Cryptography framework. Moreover, our protocol targets the Qline, a recently proposed quantum network architecture designed to simplify and reduce the cost of quantum communication. Once the shares are distributed, they can be used to securely perform a wide range of cryptographic tasks, including standard additive secret sharing, anonymous veto, and symmetric key establishment.

Current implementations of quantum key distribution (QKD) typically rely on prepare-and-measure (P&M) schemes. Unfortunately, these implementations are not completely secure, unless security proofs fully incorporate all imperfections of real devices. So far, existing proofs have primarily focused on imperfections of either the light source or the measurement device. In this work, we establish a security proof for the loss-tolerant P&M QKD protocol that incorporates imperfections in both the source and the detectors. Specifically, we demonstrate the security of this scheme when the emitted states deviate from the ideal ones and Bob’s measurement device does not meet the basis-independent detection efficiency condition. Furthermore, we conduct an experiment to characterise the detection efficiency mismatch of commercial single-photon detectors as a function of the polarisation state of the input light, and determine the expected secret key rate in the presence of state preparation flaws when using such detectors. Our work provides a way towards guaranteeing the security of actual implementations of widely deployed P&M QKD.

Quantum key distribution (QKD) promises information-theoretic security based on quantum mechanics, but practical implementations face security vulnerabilities due to device imperfections. While recent advances have separately addressed source and detector imperfections, real-world QKD systems suffer from both simultaneously. Here, we demonstrate that existing phase-error-estimation-based security proof techniques can be integrated into a unified security proof that simultaneously accounts for both types of imperfections. This represents an important step toward closing the gap between theoretical security proofs and practical QKD implementations.

Known protocols for the secure delegation of quantum computations from a client to a server in an information-theoretic setting require quantum communication. In this work, we investigate methods to reduce the communication overhead. First, we establish an impossibility result by proving that local processes on the server side cannot increase the number of qubits required for the computation. We develop a series of no-go results that prohibit such a process within an information-theoretic framework. Second, we present a possibility result by introducing the notion of selectively blind quantum computing (SBQC), a protocol that minimizes the number of encrypted qubits in the computation when delegating one computation from a pre-known set of computations. This approach, which we term can reduce communication costs drastically depending on the type of the possible computations and the differences between them.

The power of quantum random number generation is more than just the ability to create truly random numbers. It can also enable self-testing, which allows the user to verify the implementation integrity of critical quantum components with minimal assumptions. In this work, we develop and implement a self-testing quantum random number generator (QRNG) chipset capable of generating 15.33 Mbits of certifiable randomness in each run, producing an expansion rate of 5.11×10-4 at a repetition rate of 10 MHz. The chip design is based on a highly loss-and-noise tolerant measurement-device-independent protocol, where random coherent states encoded using quadrature phase shift keying (QPSK) are used to self-test the quantum homodyne detection unit, well-known to be challenging to characterise in practice. Importantly, this proposal opens up the possibility to implement miniaturised self-testing QRNG devices at production scale using standard silicon photonics foundry platforms.

The performance of quantum key distribution (QKD) heavily depends on statistical inference. For a broad class of protocols, the central statistical task is a random sampling problem, customarily addressed using exponential tail bounds on the hypergeometric distribution. Here, we provide an alternative solution for this task of unprecedented tightness among QKD security analyses. As a by-product, confidence intervals for the average of non-identical Bernoulli parameters follow too. These naturally fit in statistical analyses of decoy-state QKD and also outperform standard tools. Lastly, we show that, in a vast parameter regime, the use of tail bounds is not enforced because the cumulative mass function of the hypergeometric distribution is accurately computable. This sharply decreases the minimum block sizes necessary for QKD, and reveals the tightness of our simple analytical bounds when moderate-to-large blocks are considered. Mannalath, V., Zapatero, V., & Curty, M. (2024). Sharp finite statistics for quantum key distribution. arXiv:2410.04095 (2024). Currently under consideration in Phys. Rev. Lett. (second round of revision).

Nowadays, quantum key distribution (QKD) is gradually moving from the laboratory to practical applications. However, imperfections of practical QKD devices inevitably cause side-channel information leakage, and thus hinder its practical implementations. Among them, there is one critical vulnerability that is often neglected, i.e., leakage of electromagnetic field (LEMF). In this work, we carry out investigations on the impact of LEMF by using a phase-coding QKD system as an example, and give corresponding security analysis. Simulation results show that LEMF may cause fatal security issues if it is ignored. Finally, to address this security issue, we provide corresponding solutions.

In quantum cryptography, fundamental laws of quantum physics are exploited to enhance the security of cryptographic tasks. Quantum key distribution (QKD) is by far the most studied protocol to date, enabling the establishment of a secret key between trusted parties. Many practical use-cases in communication networks, however, involve parties who do not know or trust each other. The most fundamental quantum cryptographic building block in such a distrustful setting is quantum coin flipping, which, in its original version has been proposed in the seminal work by C.H. Bennett and G. Brassard in 1984. Interestingly, few experimental studies of quantum coin flipping have been reported to date using weak coherent pulses (WCPs), sources based on spontaneous parametric down conversion (SPDC) exploiting entanglement, or heralded single-photon states. Here, we experimentally implement a quantum strong coin flipping (QSCF) protocol using single-photon states and demonstrate an advantage compared to both classical realizations and implementations using faint laser pulses. We achieve this by employing a state-of-the-art deterministic single-photon source based on the Purcell-enhanced emission of a semiconductor quantum dot in combination with fast polarization-state encoding with sufficiently low quantum bit error ratio. The reduced multi-photon emission of the single-photon source yields a smaller bias of the coin flipping protocol compared to an attenuated laser implementation, both in simulations and in the experiment. By demonstrating a single-photon quantum advantage in a cryptographic primitive beyond QKD, our work represents an important advance towards the implementation of complex cryptographic tasks in a future quantum internet.

Quantum communication protocols, offering information-theoretic security, position satellite-based quantum key distribution (QKD) as a pivotal enabler for secure global communication networks. To ensure practical utility for end-users, the placement of optical ground stations (OGSs) must be strategically determined based on the topology of terrestrial quantum networks. Importantly, the site selection criteria recognize that free-space channels, unlike astronomical sites, are not optimized for such applications. Therefore, a comprehensive characterization of free-space channels in diverse environments is essential for designing and implementing a robust global quantum network. In this study, we present a measurement-based characterization of the atmospheric channel at the Abu Dhabi Quantum Optical Ground Station (ADQOGS). Two complementary experimental setups were employed: a ground-based weather station, which continuously monitors key atmospheric parameters, and a quantum acquisition and tracking system that integrates single-photon detectors, mounted on an RC telescope. These setups enable the simultaneous acquisition of classical and quantum signals, both of which are critical for assessing satellite QKD links. We report the experimental results acquired at the ADQOGS site, focusing on key atmospheric parameters impacting satellite-ground quantum communication. Specifically, we show measurements of atmospheric turbulence and background light. The results were analyzed to evaluate their impact on link availability and overall QKD performance in different scenarios. Our findings offer valuable insights for optimizing satellite-ground quantum links, enhancing link stability, and informing the design of future large-scale quantum-secure communication networks. This work contributes to the ongoing efforts toward establishing a robust global quantum communication infrastructure.

We have studied the spectral characteristics of fiber-optical components in the ranges of 400-800 nm and 1500-2100 nm: different types of attenuators, isolators, circulators and wavelength-division multiplexing (WDM) filters were considered for both ranges. Our work has demonstrated that the spectral characteristics of isolators under test significantly depend on temperature, and their changes may result in vulnerabilities.

Recent advances in loophole-free Bell tests have profoundly impacted quantum cryptography, yet their security assumes trusted random number generators (RNGs) for measurement choices—a vulnerability termed the freedom-of-choice loophole. Here, we demonstrate that classical systems can spoof Bell violations under ostensibly loophole-free conditions using compromised RNGs. By synchronizing laser-generated separable states with imperfect RNG outputs in an optical setup, we simulate a CHSH test closing locality and detection loopholes. With full RNG access, we achieve a near-maximal CHSH value of 3.99, exceeding quantum limits. Crucially, partial RNG knowledge suffices: predetermining 10.6% of bits reproduces our “loophole free” optical system's CHSH value of 2.007, while Santha-Vazirani generators with 0.38-biased bits enable optimal spoofing. Even weakly correlated RNGs coordinated via entangled states—deviating by 0.04 from independence—allow violations. Prediction-based ratio analysis gives a P-value upper bound of 10^(-18266), misleadingly implying non-classicality if RNG flaws are ignored. Strikingly, we extract "device-independent" random bits from simulated outcomes, mirroring cryptographic protocols. This exposes a critical flaw: compromised input randomness invalidates security guarantees in Bell-inequality-based cryptography. Our findings mandate rigorous verification of both RNG integrity and Bell violations to ensure quantum cryptographic security.

Quantum Key Distribution (QKD) is a field with a potentially major impact on cybersecurity and telecommunications. QKD protocols allow two distant parties to share a secret key regardless of the capacities of an eavesdropper. Thanks to quantum physics laws, an attempt to measure the signal on a quantum channel will necessarily introduce a disturbance, thus an eavesdropper cannot go unnoticed. The first protocols studied used Discrete Variables (DV), but their implementation requires specific technology such as single-photon detectors. Protocols using so-called continuous variables (CV) allow for the use of standard telecommunication components. Recent studies show that high key rates can be achieved using CV-QKD. Exail coordinates the QKISS project, as part of the development of the European Quantum Communication Infrastructure (EuroQCI), together with Thales SIX, LIP6 (CNRS/Sorbonne Université) and Institut d'Optique (CNRS), with the aim of industrializing CV-QKD systems.We have explored different hardware and software configurations to reduce the excess noise and increase the secret key rate of our prototype system. Based on these studies, we have built a demonstrator, used to realize field tests. We are also inlvolved in different European projects, to concretize the European Quantum Communication Infrastructure.

Continuous-variable measurement-device-independent quantum key distribution (CV-MDI QKD) can address vulnerabilities on the detection side of a QKD system. The core of this protocol involves continuous-variable Bell measurements performed by an untrusted third party. However, in high-speed systems, spectrum broadening causes Bell measurements to deviate from the ideal single-mode scenario, resulting in mode mismatches, reduced performance, and compromised security. Here, we introduce temporal modes (TMs) to analyze the security and performance of CV-MDI QKD under continuous-mode scenarios. The mismatch between Bob’s transmitting mode and Bell-measurement mode has a more significant effect on system performance compared to that on Alice’s side. When the Bell receiver is close to Bob and the mismatch is set to just 5%, the transmission distance drastically decreases from 87.96 km to 18.50 km. In comparison, the same mismatch for Alice reduces the distance to 86.83 km. This greater degradation on Bob’s side can be attributed to the asymmetry in the data modification step. These results indicate that, in scenarios involving continuous-mode interference, such as large-scale MDI network setups, careful consideration of each user’s TM characteristics is crucial. Rigorous precalibration of these modes is essential to ensure the system’s reliability and efficiency.

Rabin oblivious transfer is the cryptographic task where Alice wishes to receive a bit from Bob but it may get lost with probability 1/2. In this work, we provide protocol designs which yield quantum protocols with improved security. Moreover, we provide a constant lower bound on any Rabin oblivious transfer protocol. To quantify the security of this task with asymmetric cheating notions, we introduce the notion of cheating advantage which may be of independent interest in the study of other asymmetric cryptographic primitives as well.

We experimentally demonstrate a feasible experimental setup that implements the original B92 QKD protocol with strong reference pulses. The observed performance of the scheme is quite promising and allows for actual quantum key distribution, provided the corresponding theoretic foundation is developed. Our results on the latter will be provided elsewhere.

Hong-Ou-Mandel (HOM) interference is the foundation of quantum optics to test the degree of indistinguishability of two incoming photons, playing a key role in quantum communication, sensing, and photonic quantum computing. Realizing high-visibility HOM interference with massively parallel optical channels is challenging due to the lack of available natural optical references for aligning independent arrayed laser pairs. Here, we demonstrate 50 parallel comb-teeth pairs of continuous-wave weak coherent photons HOM interference using two independently frequency post-aligned soliton microcombs (SMCs), achieving an average fringe visibility over 46%. The frequencies of all comb-teeth pairs are long-term aligned by developing two sets of fully frequency-stabilized SMCs with independent reference and adjusting free spectral range beyond 100 kilohertz through perturbations in soliton state. The verification experiment proves the feasibility of constructing massively quantum information channels by coopting classical wavelength division multiplexing measurement-device-independent quantum key distribution (MDI-QKD), which paves the way for practical large-scale quantum communication systems.

This paper develops a procedure and system for evaluating QKD (Quantum Key Distribution) optical systems, and presents some of the results as examples. The system is based on infrastructure utilizing 1550 nm wavelength pulsed laser diodes. To reduce time and human resource waste due to the complexity of QKD devices, an automated system is currently being developed. This evaluation system allows for the assessment of various performance parameters, including detector characteristics such as detection efficiency, after-pulsing probability, dead time, and dark count rate, as well as light source characteristics, quantum channel encoding tests, and transmission band assessments.

Given the devastating security compromises caused by side-channel attacks on existing classical systems, can we store our private data encoded as a quantum state so that they can be kept private in the face of arbitrary side-channel attacks? The unclonable nature of quantum information allows us to build various quantum protection schemes for cryptographic information such as secret keys. Examples of quantum protection notions include copy-protection, secure leasing, and finally, unbounded leakage-resilience, which was recently introduced by C¸ akan, Goyal, Liu-Zhang and Ribeiro (TCC’24). C¸ akan et al show that secrets of various cryptographic schemes (such as cryptographic keys or secret shares) can be protected by storing them as quantum states so that they satisfy LOCC (local operation and classical communication) leakage-resilience: the scheme can tolerate any unbounded amount of adaptive leakage over unbounded rounds. As a special case (dubbed 1-round leakage), this also means that those quantum states cannot be converted to classical strings (without completely losing their functionality). In this work, we continue the study of unbounded/LOCC leakage-resilience and consider new primitives and even stronger security notions. • Assuming the existence of a classical X ∈ {secret-key encryption, public-key encryption} scheme, we construct an X scheme with LOCC leakage-resilient ciphertexts. This guarantees that an adversary who obtains LOCC-leakage on ciphertexts cannot learn anything about their contents, even if they obtain the secret key later on. • Assuming the existence of a classical signature scheme and indistinguishability obfuscation (iO), we construct a signature scheme with LOCC leakage-resilient signatures. This guarantees that an adversary who obtains LOCC-leakage on various signatures cannot produce any valid signatures at all other than the ones it obtained honestly! • Assuming the existence of one-way functions and indistinguishability obfuscation (iO), we construct a NIZK proof system with LOCC leakage-resilient proofs. This guarantees that an adversary who obtains LOCC-leakage on a NIZK proof of an hard instance cannot produce a valid proof! • Finally, we introduce the notion of post-challenge unbounded leakage-resilient encryption. This is a new security definition where the adversary receives the challenge ciphertext before obtaining leakage. This is ensures that for any scheme that satisfies this notion, all future and past communications will be secure even in the face of unbounded leakage resilience. This is in stark constrast to previous work, which only guarantees security of future communications after leakage. We give a secure construction in the quantum random oracle model, assuming existence of iO and hardness of LWE.

We investigate three promising Quantum Digital Signature (QDS) protocols that can sign arbitrarily long documents with information-theoretic security. We re-derive the security proof of each scheme obtaining, where possible, tighter security bounds while closing security loopholes caused by using non-authenticated communication. In one case, we upgrade the QDS protocol to information-theoretic security by replacing NIST-recommended hash functions with universal hashing. We systematically compare the performance of the three protocols by optimizing over their parameters and deduce the protocol requiring the shortest signatures and the minimal number of preshared secret bits. Finally, we propose a multi-partite QDS protocol that retains the best features of the analyzed protocols while allowing for an arbitrary number of receivers.

We have considered various approaches to measuring insertion losses by fiber-optic elements. As a result, we have demonstrated that WDM-filter losses do not add up when using a laser source for measurements. We also demonstrated that using a supercontinuum source leads to an underestimation of the insertion losses.

Quantum state verification plays a vital role in many quantum cryptographic protocols, as it allows using quantum states from an untrusted source. While some progress has been made in this direction, the question of whether the most prevalent type of quantum state verification, namely cut-and-choose verification, can be efficient and secure, is still not answered in full generality. In this work, we show a fundamental limit for quantum state verification for all cut-and-choose approaches used to verify arbitrary quantum states. We provide a no-go result showing that the cut-and-choose techniques cannot lead to quantum state verification protocols that are both efficient and secure. We show this trade-off for stand-alone and composable security, where the scaling of the lower bound for the security parameters renders cut-and-choose quantum state verification effectively useless.

With the rapid development of quantum computing technology, the classical cryptosystem will face a significant threat. It is an urgent security issue to study the security impact of quantum computing on classical cryptosystems and provide reliable cryptographic primitives for the post-quantum era. A powerful way to solve this problem is to quantize the classical cryptanalysis tools and use the improved versions for cryptanalysis. In this paper, we propose a quantum zero correlation analysis algorithm based on the Bernstein-Vazirani and Grover algorithms. It can find zero correlation linear hulls for Feistel and SPN ciphers. We prove the correctness of the algorithm and analyze its complexity. Compared with the classical algorithms, the proposed quantum algorithm has significant advantages when the number of encryption rounds of block ciphers is large. Moreover, compared with the existing quantum zero correlation linear analysis, the proposed algorithm is more efficient and does not depend on the algebraic characteristics of the target cipher, which makes the algorithm has more flexible application scenarios.