QCRYPT · 2023

Two fundamental properties of quantum states that quantum information theory explores are pseudorandomness and provability of destruction. We introduce the notion of quantum pseudorandom states with proofs of destruction (PRSPD) that combines both these properties. Like standard pseudorandom states (PRS), these are efficiently generated quantum states that are indistinguishable from random, but they can also be measured to create a classical string. This string is verifiable (given the secret key) and certifies that the state has been destructed. We show that, similarly to PRS, PRSPD can be constructed from any post-quantum one-way function. As far as the authors are aware, this is the first construction of a family of states that satisfies both pseudorandomness and provability of destruction. We show that many cryptographic applications that were shown based on PRS variants using quantum communication can be based on (variants of) PRSPD using only classical communication. This includes symmetric encryption, message authentication, one-time signatures, commitments, and classically verifiable private quantum coins.

The powerful no-cloning principle of quantum mechanics can be leveraged to achieve interesting primitives, referred to as unclonable primitives, that are impossible to achieve classically. In the past few years, we have witnessed a surge of new unclonable primitives. While prior works have mainly focused on establishing feasibility results, another equally important direction, that of understanding the relationship between different unclonable primitives is still in its nascent stages. Moving forward, we need a more systematic study of unclonable primitives. To this end, we introduce a new framework called cloning games. This framework captures many fundamental unclonable primitives such as quantum money, copy-protection, unclonable encryption, single-decryptor encryption, and many more. By reasoning about different types of cloning games, we obtain many interesting implications to unclonable cryptography, including the following: 1) We obtain the first construction of information-theoretically secure single-decryptor encryption in the one-time setting. 2) We construct unclonable encryption in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states. Our work also provides a simpler security proof for the previous work. 3) We construct copy-protection for single-bit point functions in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states, and additionally, providing a simpler proof. 4) We establish a relationship between different challenge distributions of copy-protection schemes and single-decryptor encryption schemes. 5) Finally, we present a new construction of one-time encryption with certified deletion.

We show how to obfuscate pseudo-deterministic quantum circuits, assuming the quantum hardness of learning with errors (QLWE) and post-quantum virtual black-box (VBB) obfuscation for classical circuits. Given the classical description of a quantum circuit $Q$, our obfuscator outputs a quantum state $\ket{\widetilde{Q}}$ that can be used to evaluate $Q$ repeatedly on arbitrary inputs. Instantiating the VBB obfuscator for classical circuits with any candidate post-quantum indistinguishability obfuscator gives us the first candidate construction of indistinguishability obfuscation for all polynomial-size pseudo-deterministic quantum circuits. In particular, our scheme is the first candidate obfuscator for a class of circuits that is powerful enough to implement Shor's algorithm (SICOMP 1997). Our approach follows Bartusek and Malavolta (ITCS 2022), who obfuscate \emph{null} quantum circuits by obfuscating the verifier of an appropriate classical verification of quantum computation (CVQC) scheme. We go beyond null circuits by constructing a publicly-verifiable CVQC scheme for quantum \emph{partitioning} circuits, which can be used to verify the evaluation procedure of Mahadev's quantum fully-homomorphic encryption scheme (FOCS 2018). We achieve this by upgrading the one-time secure scheme of Bartusek (TCC 2021) to a fully reusable scheme, via a publicly-decodable \emph{Pauli functional commitment}, which we formally define and construct in this work. This commitment scheme, which satisfies a notion of binding against committers that can access the receiver's standard and Hadamard basis decoding functionalities, is constructed by building on techniques of Amos, Georgiou, Kiayias, and Zhandry (STOC 2020) introduced in the context of equivocal but collision-resistant hash functions.

We demonstrate quantum advantage with several basic assumptions, specifically based on only the existence of OWFs. We introduce inefficient-verifier proofs of quantumness (IV-PoQ), and construct it from classical bit commitments. IV-PoQ is an interactive protocol between a verifier and a quantum prover consisting of two phases. In the first phase, the verifier is probabilistic polynomial-time, and it interacts with the prover. In the second phase, the verifier becomes inefficient, and makes its decision based on the transcript of the first phase. If the prover is honest, the inefficient verifier accepts with high probability, but any classical malicious prover only has a small probability of being accepted by the inefficient verifier. Our construction demonstrates the following results: (1)If one-way functions exist, then IV-PoQ exist. (2)If distributional collision-resistant hash functions exist (which exist if hard-on-average problems in SZK exist), then constant-round IV-PoQ exist. We also demonstrate quantum advantage based on worst-case-hard assumptions. We define auxiliary-input IV-PoQ (AI-IV-PoQ) that only require that for any malicious prover, there exist infinitely many auxiliary inputs under which the prover cannot cheat. We construct AI-IV-PoQ from an auxiliary-input version of commitments in a similar way, showing that (1)If auxiliary-input one-way functions exist (which exist if CZK⊈BPP), then AI-IV-PoQ exist. (2)If auxiliary-input collision-resistant hash functions exist (which is equivalent to PWPP⊈FBPP) or SZK⊈BPP, then constant-round AI-IV-PoQ exist.

Can a sender non-interactively transmit one of two strings to a receiver without knowing which string was received? Does there exist minimally-interactive secure multiparty computation that only makes (black-box) use of symmetric-key primitives? We provide affirmative answers to these questions in a model where parties have access to shared EPR pairs, thus demonstrating the cryptographic power of this resource. - First, we construct a one-shot (i.e., single message) string oblivious transfer (OT) protocol with random receiver bit in the shared EPR pairs model, assuming the (sub-exponential) hardness of LWE. Building on this, we show that {\em secure teleportation through quantum channels} is possible. Specifically, given the description of any quantum operation $Q$, a sender with (quantum) input $\rho$ can send a single classical message that securely transmits $Q(\rho)$ to a receiver. That is, we realize an ideal quantum channel that takes input $\rho$ from the sender and provably delivers $Q(\rho)$ to the receiver without revealing any other information. This immediately gives a number of applications in the shared EPR pairs model: (1) non-interactive secure computation of unidirectional \emph{classical} randomized functionalities, (2) NIZK for QMA from standard (sub-exponential) hardness assumptions, and (3) a non-interactive \emph{zero-knowledge} state synthesis protocol. - Next, we construct a two-round (round-optimal) secure multiparty computation protocol for classical functionalities in the shared EPR pairs model that is \emph{unconditionally-secure} in the (quantum-accessible) random oracle model. Classically, both of these results cannot be obtained without some form of correlated randomness shared between the parties, and the only known approach is to have a trusted dealer set up random (string) OT correlations. In the quantum world, we show that shared EPR pairs (which are simple and can be deterministically generated) are sufficient. At the heart of our work are novel techniques for making use of entangling operations to generate string OT correlations, and for instantiating the Fiat-Shamir transform using correlation-intractability in the quantum setting.

We build quantum cryptosystems that support publicly-verifiable deletion from standard cryptographic assumptions. We introduce target-collapsing as a weakening of collapsing for hash functions, analogous to how second preimage resistance weakens collision resistance; that is, target-collapsing requires indistinguishability between superpositions and mixtures of preimages of an honestly sampled image. We show that target-collapsing hashes enable publicly-verifiable deletion ($\PVD$), proving conjectures from [Poremba, ITCS'23] and demonstrating that the Dual-Regev encryption (and corresponding fully homomorphic encryption) schemes support $\PVD$ under the LWE assumption. We further build on this framework to obtain a variety of primitives supporting publicly-verifiable deletion from weak cryptographic assumptions, including: - Commitments with $\PVD$ assuming the existence of injective one-way functions, or more generally, {\em almost-regular} one-way functions. Along the way, we demonstrate that (variants of) target-collapsing hashes can be built from almost-regular one-way functions. - Public-key encryption with $\PVD$ assuming trapdoored variants of injective (or almost-regular) one-way functions. We also demonstrate that the encryption scheme of [Hhan, Morimae, and Yamakawa, Eurocrypt'23] based on pseudorandom group actions has $\PVD$. - $X$ with $\PVD$ for $X \in \{$attribute-based encryption, quantum fully-homomorphic encryption, witness encryption, time-revocable encryption$\}$, assuming $X$ and trapdoored variants of injective (or almost-regular) one-way functions.

A test of quantumness is a protocol that allows a classical verifier to certify (only) that a prover is not classical. We show that tests of quantumness that follow a certain template, which captures recent proposals such as (Kalai et al., 2022), can in fact do much more. Namely, the same protocols can be used for certifying a qubit, a building-block that stands at the heart of applications such as certifiable randomness and classical delegation of quantum computation. Certifying qubits was previously only known to be possible based on the hardness of the Learning with Errors problem and the use of adaptive hardcore (Brakerski et al., 2018). Our framework allows certification of qubits based only on the existence of post-quantum trapdoor claw-free functions, or on quantum fully homomorphic encryption. These can be instantiated, for example, from Ring Learning with Errors. On the technical side, we show that the quantum soundness of any such protocol can be reduced to proving a bound on a simple algorithmic task: informally, answering "two challenges simultaneously'' in the protocol. Our reduction formalizes the intuition that these protocols demonstrate quantumness by leveraging the impossibility of rewinding a general quantum prover. This allows us to prove tight bounds on the quantum soundness of (Kahanamoku-Meyer et al., 2021) and (Kalai et al., 2022), showing that no quantum polynomial-time prover can succeed with probability larger than cos^2(π/8)≈0.853. Previously, only an upper bound on the success probability of classical provers, and a lower bound on the success probability of quantum provers, were known. We then extend this proof of quantum soundness to show that provers that approach the quantum soundness bound must perform almost anti-commuting measurements. This certifies that the prover holds a qubit.

Hybrid integration has the potential to overcome various limitations of integrated photonic material platforms. Here, we present the results of applying edge-couple hybrid integration to produce high performance quantum key distribution chips. We show low quantum bit error rate operation (< 1%) and positive secure key rates over 250 km of fibre spool.

Quantum key distribution (QKD) is a well-known application of quantum information theory that guarantees information-theoretically secure key exchange. While QKD systems are becoming commercially available, large-scale deployment of next-generation QKD systems requires photonic and electronic devices that are low-cost, small, and easily integrated with existing network infrastructure. Continuous variable (CV) QKD is a promising option for large-scale deployment due to its compatibility with standard telecom technology. Despite this, the secret key rates of CV-QKD systems have been limited to a few megabits per second due to the bandwidth bottleneck of the receiver and the limited symbol rate of the transmitter. Here, we present the first discrete-modulated coherent state CV-QKD system operating at a classical telecom symbol rate of 10 GBaud. This system generates keys at rates exceeding 0.7 Gb/s over a distance of 5 km and 0.3 Gb/s over a distance of 10 km while being secure against collective attacks in both the asymptotic and finite-size regimes. This is made possible by using a high-speed, co-integrated phase-diverse receiver consisting of a silicon photonics optical front-end and a custom-designed integrated transimpedance amplifier. Additionally, well-engineered digital signal processing is used for quantum state preparation and measurement. Our experiment sets a new record for secure quantum communication and paves the way for the next generation of CV-QKD systems.

We propose a fully-passive twin-field quantum key distribution (QKD) setup where basis choice, decoy-state preparation and encoding are all implemented entirely by post-processing without any active modulation. Our protocol can remove the potential side-channels from both source modulators and detectors, and additionally retain the high key rate advantage offered by twin-field QKD, thus offering great implementation security and good performance. Importantly, we also propose a post-processing strategy that uses mismatched phase slices and minimizes the effect of sifting. We show with numerical simulation that the new protocol can still beat the repeaterless bound and provide satisfactory key rate.

A coherent-state point-to-multipoint protocol is proposed to simultaneously support multiple independent quantum key distribution links between a single transmitter and massive receivers. Every prepared coherent state is measured by all receivers to generate raw keys, then processed with a secure and high-efficient key distillation method to remove the correlations between different links. The simulation results show that it can achieve remarkably high key rates even with a hundred of access points. Further, a proof-of-principle experiment with one network node and four end users has been demonstrated, where the average secret key rate of 4.1 Mbps between the transmitter and each one receiver is achieved, resulting in two orders-of-magnitude higher than previous networks. This scheme is a promising step towards a high-rate multi-user solution in a scalable quantum secure network.

We report a quantum key distribution system that is able to generate key at a record high key rate of 115.8 Mb/s over 10-km standard fibre. This attributes to a high-efficiency multi-pixel superconducting nanowire detector, a low-error integrated transmitter, and a fast post-processing algorithm.

Passive quantum key distribution (QKD) has been proposed for discrete variable (DV) protocols to eliminate side channels in the source. Unfortunately, the key rate of passive DV-QKD protocols suffers from sifting loss and additional quantum errors. In this work, we propose the general framework of passive continuous variable quantum key distribution. Rather surprisingly, we find that the passive source is a perfect candidate for the discrete-modulated continuous variable quantum key distribution (DMCV QKD) protocol. With the phase space remapping scheme, we show that passive DMCV QKD offers the same key rate as its active counterpart. Considering the important advantage of removing side channels that have plagued the active ones, passive DMCV QKD is a promising alternative. In addition, our protocol makes the system much simpler by allowing modulator-free quantum key distribution. Finally, we experimentally characterize the passive DMCV QKD source, thus showing its practicality.

Decoy-state quantum key distribution (QKD) is undoubtedly the most efficient solution to handle multi-photon signals emitted by laser sources, and provides the same secret key rate scaling as ideal single-photon sources. It requires, however, that the phase of each emitted pulse is uniformly random. This might be difficult to guarantee in practice, due to inevitable device imperfections and/or the use of an external phase modulator for phase randomization, which limits the possible selected phases to a finite set. Here, we investigate the security of decoy-state QKD with arbitrary, continuous or discrete, non-uniform phase randomization, and show that this technique is quite robust to deviations from the ideal uniformly random scenario. For this, we combine a novel parameter estimation technique based on semi-definite programming, with the use of basis mismatched events, to tightly estimate the parameters that determine the achievable secret key rate. In doing so, we demonstrate that our analysis can significantly outperform previous results that address more restricted scenarios.

The design of quantum protocols for secure key generation poses many challenges: On the one hand, they need to be practical concerning experimental realisations. On the other hand, their theoretical description must be simple enough to allow for a security proof against all possible attacks. Often, these two requirements are in conflict with each other, and the differential phase shift (DPS) QKD protocol exemplifies these difficulties: It is designed to be implementable with current optical telecommunication technology, which, for this protocol, comes at the cost that many standard security proof techniques do not apply to it. After about 20 years since its invention, this work presents the first full security proof of DPS QKD against general attacks, including finite-size effects. The proof combines techniques from quantum information theory, quantum optics, and relativity. We first give a security proof of a QKD protocol whose security stems from relativistic constraints. We then show that security of DPS QKD can be reduced to security of the relativistic protocol. In addition, we show that coherent attacks on the DPS protocol are, in fact, stronger than collective attacks.

The performance of quantum key distribution (QKD) is severely limited by multiphoton emissions, due to the photon-number-splitting attack. The most efficient solution, the decoy-state method, requires that the phases of all transmitted pulses are independent and uniformly random. In practice, however, these phases are often correlated, especially in high-speed systems, which opens a security loophole. Here, we address this pressing problem by providing a security proof for decoy-state QKD with correlated phases that offers key rates close to the ideal scenario. Our work paves the way towards high-performance secure QKD with practical laser sources, and may have applications beyond QKD.

Quantum key distribution (QKD) aims to generate secure private keys shared by two remote parties. With its security being protected by principles of quantum mechanics, some technology challenges remain towards the practical application of QKD. The major one is the distance limit, which is caused by the fact that a quantum signal cannot be amplified while the channel loss is exponential with the distance for photon transmission in optical fiber. Here using the 3-intensity sending-or-not-sending protocol with the actively-odd-parity-pairing method, we demonstrate a fiber-based twin-field QKD over 1002 km. In our experiment, we developed a dual-band phase estimation and ultra-low noise superconducting nanowire single-photon detectors to suppress the system noise to around 0.02 Hz. The secure key rate is $9.53\times10^{-12}$ per pulse through 1002 km fiber in the asymptotic regime, and $8.75\times10^{-12}$ per pulse at 952 km considering the finite size effect. Our work constitutes a critical step toward the future large-scale quantum network.

As the proliferation of automation in smart transportation continues, there is a need to secure communication links of “on-the-go” future mobile platforms. In this effort, we implement decoy-state quantum key distribution (QKD), which provides provably secure communication, to mobile platforms such as drones and vehicles. Unlike demonstrations in fiber of fixed point-to-point, QKD between mobile platforms provides unique challenges such as designing systems with reduced size, weight, and power, establishing a stable line-of-sight as the platforms are in motion, and maintaining performance over a wide operating temperature range, etc. We design our QKD transmitter and receiver using a modular design that is platform-agnostic. This allows us to deploy the same QKD system on an octocopter drone and a car without any hardware or software modifications. We describe critical subsystems including our resonant-cavity QKD source, custom prepare and measure optics, pointing, acquisition, and tracking system, single-photon detector, field-programmable gate array-based time-tagger, and qubit-based time-synchronization algorithm. Our achievements include drone-to-drone QKD, drone-to-car quantum transmission, and high-speed (70 mph) vehicle-to-vehicle quantum transmission on a U.S. Interstate Highway.

The security of prepare-and-measure satellite-based quantum key distribution (QKD), under restricted eavesdropping scenarios, is addressed. We particularly consider cases where the eavesdropper, Eve, has limited access to the transmitted signal by Alice, and/or Bob’s receiver station. For instance, Eve can only receive an attenuated version of the transmitted signals. This results in settings where an uncharacterized bypass channel, inaccessible to Eve, can also carry signals to Bob. We obtain generic bounds on the key rate in the presence of bypass channels and apply them to continuous-variable QKD protocols with Gaussian encoding as well as to the family of BB84 protocols. We find regimes of operation in which the above restrictions on Eve can considerably improve system performance. Our work opens up new security frameworks for spaceborne quantum communications systems.

We explore the cryptographic power of arbitrary shared physical resources. The most general such resource is access to a fresh entangled quantum state at the outset of each protocol execution. We call this the Common Reference Quantum State (CRQS) model, in analogy to the well-known Common Reference String (CRS). The CRQS model is a natural generalization of the CRS model but appears to be more powerful: in the two-party setting, a CRQS can sometimes exhibit properties associated with a Random Oracle queried once by measuring a maximally entangled state in one of many mutually unbiased bases. We formalize this notion as a Weak One-Time Random Oracle (WOTRO), where we only ask of the m–bit output to have some randomness when conditioned on the n–bit input. We show that when n − m ∈ ω(lg n), any protocol for WOTRO in the CRQS model can be attacked by an (inefficient) adversary. Moreover, our adversary is efficiently simulatable, which rules out the possibility of proving the computational security of a scheme by a fully black-box reduction to a cryptographic game assumption. On the other hand, we introduce a non-game quantum assumption for hash functions that implies WOTRO in the CRQ$ model (where the CRQS consists only of EPR pairs). We first build a statistically secure WOTRO protocol where m = n, then hash the output. The impossibility of WOTRO has the following consequences. First, we show the fully-black-box impossibility of a quantum Fiat-Shamir transform, extending the impossibility result of Bitansky et al. (TCC ’13) to the CRQS model. Second, we show a fully-black-box impossibility result for a strenghtened version of quantum lightning (Zhandry, Eurocrypt ’19) where quantum bolts have an additional parameter that cannot be changed without generating new bolts. Our results also apply to 2–message protocols in the plain model.

We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions…) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing additional information on it, even in a non-interactive way and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstatesQIP and ZKstatesQMA.

Recently, significant progress has been made toward quantumly secure multi-party computation (MPC) in the stand-alone setting. In sharp contrast, the picture of concurrently secure MPC (or even 2PC), for both classical and quantum functionalities, still remains unclear. Quantum information behaves in a fundamentally different way, making the job of adversary harder and easier at the same time. Thus, it is unclear if the positive or negative results from the classical setting still apply. This work initiates a systematic study of concurrent secure computation in the quantum setting. We obtain a mix of positive and negative results. We first show that assuming the existence of post-quantum one-way functions (PQ-OWFs), concurrently secure 2PC (and thus MPC) for quantum functionalities is impossible. Next, we focus on the bounded-concurrent setting, where we obtain simulation-sound zero-knowledge arguments for both NP and QMA, assuming PQ-OWFs. This is obtained by a new design of simulation-sound gadget which is compatible with the quantum rewinding strategy recently developed by Ananth, Chung, and La Placa [CRYPTO'21] for bounded-concurrent post-quantum ZK. Moreover, we show that our technique is general enough---It also leads to quantum-secure bounded-concurrent coin-flipping protocols, and eventually general-purpose 2PC and MPC, for both classical and quantum functionalities. All these constructions can be based on the quantum hardness of Learning with Errors.

We give a tight characterization of the relation between loss-tolerance and error rate of the most popular protocol for quantum position verification (QPV), which is based on BB84 states, and generalizations of this protocol. Combining it with classical information, we show for the first time a fault-tolerant protocol that is secure against attackers who pre-share a linear amount of entanglement (in the classical information), arbitrarily slow quantum information and that tolerates a certain amount of photon loss. We also extend this analysis to the case of more than two bases, showing even stronger loss-tolerance for that case. Finally, we show that our techniques can be applied to improve the analysis of one-sided device-independent QKD protocols.

We consider the security of Quantum Key Distribution (QKD) protocols consisting of a finite number of rounds. We provide a security proof that is both and provides tight finite-size correction terms. In particular, when expanded in the block length $n$, the rate of randomness generation has the optimal asymptotic rate and optimal leading-order finite-size correction term. The proof is also general, applying to generic randomness generation and QKD protocols that have fully characterized devices and consist of a finite number of rounds.

“Non-Malleable Randomness Encoder” (NMRE) was introduced by Kanukurthi, Obbattu, and Sekar [KOS18] as a useful cryptographic primitive helpful in the construction of non- malleable codes. To the best of our knowledge, their construction is not known to be quantum secure. We provide a construction of a first rate-$1/2$, $2$-split, quantum secure NMRE and use this in a black-box manner, to construct for the first time the following: 1. rate $1/11$, $3$-split, quantum non-malleable code, 2. rate $1/3$, $3$-split, quantum secure non-malleable code, 3. rate $1/5$, $2$-split, quantum secure non-malleable code.

Non-malleable codes are fundamental objects at the intersection of cryptography and coding theory. These codes provide security guarantees even in settings where error correction and detection are impossible, and have found applications to several other cryptographic tasks. Roughly speaking, a non-malleable code for a family of tampering functions guarantees that no adversary can tamper (using functions from this family) the encoding of a given message into the encoding of a related distinct message. We focus on the split-state tampering model, one of the strongest and most well-studied adversarial tampering models. In this model, a codeword is split into two parts which are stored in physically distant servers, and the adversary can then independently tamper with each part using arbitrary functions. Previous works on non-malleable codes in the split-state tampering model only considered the encoding of classical messages. Furthermore, until the recent work by Aggarwal, Boddu, and Jain (arXiv 2022), adversaries with quantum capabilities and shared entanglement had not been considered, and it is a priori not clear whether previous coding schemes remain secure in this model. In this work, we introduce the notion of split-state non-malleable codes for quantum messages secure against quantum adversaries with shared entanglement. We construct explicit codes in this model by relying on a recent quantum-secure 2-source non-malleable randomness encoder by Batra, Boddu, and Jain [BBJ23], arguments from Aggarwal, Boddu and Jain [ABJ22] and with use of unitary 2-designs. 1) More precisely, we construct the first efficiently encodable and decodable split-state non- malleable code for quantum messages (while preserving entanglement with external sys- tems) achieving security against quantum adversaries having shared entanglement with codeword length n, any message length at most $n^\Omega(1)$, and error $2^{-n^{\Omega(1)}}$. 2) For the case of uniform quantum message, we provide the first constant rate (rate 1/11) non-malleable code (while preserving entanglement with external systems) achieving code- word length n and error $2^{-n^{\Omega(1)}}$. .

Emerging communication and cryptography applications call for reliable, fast, unpredictable random number generators. Quantum random number generation allows for the creation of truly unpredictable numbers thanks to the inherent randomness available in quantum mechanics. A popular approach is using the quantum vacuum state to generate random numbers. While convenient, this approach was generally limited in speed compared to other schemes. Here, through custom co-design of opto-electronic integrated circuits and side-information reduction by digital filtering, we experimentally demonstrated an ultrafast generation rate of 100 Gbit/s, setting a new record for vacuum-based quantum random number generation by one order of magnitude. Furthermore, our experimental demonstrations are well supported by an upgraded device-dependent framework that is secure against both classical and quantum side-information and that also properly considers the non-linearity in the digitization process. This ultrafast secure random number generator in the chip-scale platform holds promise for next generation communication and cryptography applications.

Quantum transmission links are central elements in essentially all implementations of quantum information protocols. Emerging progress in quantum technologies involving such links needs to be accompanied by appropriate certification tools. In adversarial scenarios, a certification method can be vulnerable to attacks if too much trust is placed on the underlying system. Here, we propose a protocol in a device independent framework, which allows for the certification of practical quantum transmission links in scenarios where minimal assumptions are made about the functioning of the certification setup. We take in particular unavoidable transmission losses into account by modeling the link as a completely-positive trace-decreasing map. We also crucially remove the assumption of independent and identically distributed samples, which is known to be incompatible with adversarial settings. Finally, in view of the use of the certified transmitted states for follow-up applications, our protocol allows to estimate the quality of the state and does not certify the channel only. To illustrate the practical relevance and the feasibility of our protocol with currently available technology we provide an experimental implementation based on a state-of-the-art polarization entangled photon pair source in a Sagnac configuration and analyse its robustness for realistic losses and errors.

As in modern communication networks, the security of quantum networks will rely on complex cryptographic tasks that are based on a handful of fundamental primitives. Weak coin flipping (WCF) is a significant such primitive which allows two mistrustful parties to agree on a random bit while they favor opposite outcomes. Remarkably, perfect information-theoretic security can be achieved in principle for quantum WCF, which is impossible for a classical coin flip without computational assumptions or trusting a third party. In this work, we overcome conceptual and practical issues that have prevented the experimental demonstration of this primitive to date, and demonstrate how quantum resources can provide cheat sensitivity, whereby each party can detect a cheating opponent, and an honest party is never sanctioned. Such a property is not known to be classically achievable with information-theoretic security. Our experiment implements a refined, loss-tolerant version of a recently proposed theoretical protocol and exploits heralded single photons generated by spontaneous parametric down-conversion, a carefully optimized linear optical interferometer including beam splitters with variable reflectivities and a fast optical switch for the verification step. High values of our protocol benchmarks are maintained for attenuation corresponding to several kilometers of telecom optical fiber.

Silicon-based polarization-encoding quantum key distribution (QKD) has been extensively studied due to its advantageous characteristics of its low cost and robustness. However, given the difficulty of fabricating polarized independent components on the chip, previous studies have only adopted off-chip devices to demodulate the quantum states or perform polarization compensation. In the current work, a fully chip-based decoder for polarization-encoding QKD was proposed. The chip realized a polarization state analyzer and compensated for the BB84 protocol without the requirement of additional hardware, which was based on a polarization-to-path conversion method utilizing a polarization splitter-rotator. The chip was fabricated adopting a standard silicon photonics foundry, which was of a compact design and suitable for mass production. In the experimental stability test, an average quantum bit error rate of 0.59% was achieved through continuous operation for 10 h without any polarization feedback. Furthermore, the chip enabled the automatic compensation of the fiber polarization drift when utilizing the developed feedback algorithm, which was emulated by a random fiber polarization scrambler. Moreover, a finite-key secret rate of 240 bps over a fiber spool of 100 km was achieved in the case of the QKD demonstration. This study marks an important step toward the integrated, practical, and large-scale deployment of QKD systems.

Integrated photonics provides a promising platform for quantum key distribution (QKD) system in terms of miniaturization, robustness and scalability. Tremendous QKD works based on integrated photonics have been reported. Nonetheless, most current chip-based QKD implementations require additional off-chip hardware to demodulate quantum states or perform auxiliary tasks such as time synchronization and polarization basis tracking. Here, we report a demonstration of resource-efficient chip-based BB84 QKD with a silicon-based encoder and decoder. In our scheme, the time synchronization and polarization compensation are implemented relying on the preparation and measurement of the quantum states generated by on-chip devices, thus no need additional hardware. The experimental tests show that our scheme is highly stable with a low intrinsic QBER of 0.50 ± 0.02% in a 6-h continuous run. Furthermore, over a commercial fiber channel up to 150 km, the system enables realizing secure key distribution at a rate of 866 bps. Our demonstration paves the way for low-cost, wafer-scale manufactured QKD system.

Superconducting-nanowire single-photon detectors (SNSPDs) have enabled the realization of several quantum optics technologies thanks to their high detection efficiency, low dark-counts, and fast recovery time. Here, we will present a 14-pixel SNSPD array with a maximum system detection efficiency (SDE) of 90% that remains above 80% up to 400 Mcps, and we demonstrate the ability to reach detection rates of 1.5 Gcps with an absolute SDE of 45%. Furthermore, we will explain how such device has been integrated in a QKD set-up and enabled high-speed QKD, with secret-key rates exceeding 60 Mbps over a distance of 10 km. Moreover when used in a QKD setup, the array can improve resilience against blinding attacks by monitoring the coincidence clicks between the pixels. Finally we will show that the detector is able to distinguish few-photon number states in an optical pulse with high fidelity, without posing strict limitations on the shape of the incoming light. We achieve a 2-photon fidelity of 74% and 57% for a 3-photon state, which represent state-of-the-art results for fibre-coupled SNSPDs. Such detectors could find immediate application in LOQC protocols where the capability to distinguish few photon-number states is sufficient – that is, either ‘1’ vs ‘more than 1 photons’.

In device-independent (DI) quantum protocols, the security statements are oblivious to the characterization of the quantum apparatus– they are based solely on the classical interaction with the devices as well as some well-defined assumptions. The most commonly known setup is the so-called non-local one, in which two devices that cannot communicate with each other present a violation of a Bell inequality. In recent years, a new variant of DI protocols, requiring only a single device, arose. In this novel research avenue, the no-communication assumption is replaced with a computational assumption which states that the device cannot solve certain post-quantum cryptographic tasks. The protocols in literature that have been analyzed in this setting, e.g., randomness certification, used ad hoc proof techniques. In addition, the strength of the achieved results is hard to judge due to their complexity. Here, we build on ideas coming from the study of non-local DI protocols and develop a new modular proof technique for the single-device computational setting. We present a flexible framework for proving the security of such protocols by utilizing a combination of tools from quantum information theory, such as the entropic uncertainty relation and the entropy accumulation theorem. This leads to an insightful and simple proof of security as well as to explicit quantitative bounds. Our work thus acts as the basis for the analysis of future protocols for DI randomness generation, expansion, amplification, and key distribution based on post-quantum cryptographic assumptions.

We develop an extension of a recently introduced subspace coset state monogamy-of-entanglement game [Coladangelo, Liu, Liu, and Zhandry; Crypto'21] to general group coset states, which are uniform superpositions over elements of a subgroup to which has been applied a group-theoretic generalization of the quantum one-time pad. We give a general bound on the winning probability of a monogamy game constructed from subgroup coset states that applies to a wide range of finite and infinite groups. To study the infinite-group case, we use and further develop a measure-theoretic formalism that allows us to express continuous-variable measurements as operator-valued generalizations of probability measures. We apply the monogamy game bound to various physically relevant groups, yielding realizations of the game in continuous-variable modes as well as in rotational states of a polyatomic molecule. We obtain explicit strong bounds in the case of specific group-space and subgroup combinations. As an application, we provide the first proof of one sided-device independent security of a squeezed-state continuous-variable quantum key distribution protocol against general coherent attacks.

Given that reliable cloud quantum computers are becoming closer to reality, the concept of delegation of quantum computations and its verifiability is of central interest. Many models have been proposed, each with specific strengths and weaknesses. Here, we put forth a new model where the client trusts only its classical processing, makes no computational assumptions, and interacts with a quantum server in a \emph{single} round. In addition, during a set-up phase, the client specifies the size $n$ of the computation and receives an untrusted, \emph{off-the-shelf (OTS)} quantum device that is used to report the outcome of a single constant-sized measurement from a predetermined logarithmic-sized input. In the OTS model, we thus picture that a single quantum server does the bulk of the computations, while the OTS device is used as an untrusted and generic verification device, all in a single round. We show how to delegate polynomial-time quantum computations in the OTS model. Scaling up the technique also yields an interactive proof system for all of QMA, which, furthermore, we show can be accomplished in statistical zero-knowledge. This yields the first relativistic (one-round), two-prover zero-knowledge proof system for QMA. As a proof approach, we provide a new self-test for $n$-EPR pairs using only constant-sized Pauli measurements, and show how it provides a new avenue for the use of simulatable codes for local Hamiltonian verification. Along the way, we also provide an enhanced version of a well-known stability result due to Gowers and Hatami and show how it completes a common argument used in self-testing.

The ideal Quantum random number generator (QRNG) is a black box which allows the users to test the quantum nature of the generated numbers. Producing a device which is close to this ideal is very demanding and will yield a low rate of random bits. Here we propose a simple setup which is self-testing on the detection part, meaning that only the source has to be characterized. We expect the implementation of this device to yield a random bit rate of around 10 Mpbs.

We propose and demonstrate an upgraded quantum key distribution protocol based on time-bin entanglement source with access control through introducing phase randomization. The upgraded source can protect users from memory attacks at a negligible cost.

The key relay protocol (KRP) plays an important role in improving the performance and the security of quantum key distribution (QKD) networks. On the other hand, there is also an existing research field called secure network coding (SNC), which has similar goal and structure. We here analyze differences and similarities between the KRP and SNC rigorously. We found, rather surprisingly, that there is a definite gap in security between the KRP and SNC; that is, certain KRPs achieve better security than any SNC schemes on the same graph. We also found that this gap can be closed if we generalize the notion of SNC by adding free public channels; that is, KRPs are equivalent to SNC schemes augmented with free public channels.

The reliability of quantum resources can be compromised in practice due to the complexity of their generation processes and/or the potential manipulations by untrusted parties during transmission. When performing an information task with an unreliable quantum resource, it is incorrect to treat the random variables associated with repeated experimental trials as independent and identically distributed (i.i.d.). To certify the performance of such a task, one can make a random decision in each trial, either to spot-check some property of the quantum resource or to utilize the resource for the task. The task considered can be quantum key distribution, quantum randomness expansion, verifiable quantum computation, or resource allocation in quantum networks. Unfortunately, existing methods for certifying quantum performance through spot-checking are not suitable for non-i.i.d. repeated trials without additional assumptions. Here we present a novel method to address this challenge. The method works efficiently with a finite number of non-i.i.d. trials. Furthermore, our method can be adapted to estimate quantum properties in situations where the quantum resource is spot-checked and destroyed by a measurement during each non-i.i.d. repeated trial.

In this work, we present the design considerations and architecture of an optical ground station being developed on National University of Singapore campus. The primary objective of the station is to enable quantum key distribution and facilitate other free space communication protocols. The development of the optical ground station is underway and it is projected to be commissioned by 2023. We elaborate on the building blocks and design techniques of the optical ground station in Singapore that can receive i.e downlink weak quantum signals from a satellite and perform necessary analysis to generate secret keys in a quantum key distribution experiment. We emphasize on the different subsystems namely the telescope system, quantum receiver, polarization correction system, and the pointing, acquisition and tracking system. We envision our ground station to support a range of beacon wavelengths to ensure its compatibility with various similar satellite missions. The working lab-configuration of the station is able to receive and analyse state of photons around 800 nm. To achieve a global quantum network, cross-compatibility among optical ground stations and quantum satellites is crucial. To facilitate this, we have initiated a collaboration with various academic groups involved in satellite based quantum key distribution research to standardize the configuration of an optical ground station. This collaboration aspires to create cross-compatibility among multiple optical ground stations and quantum satellites to enhance the efforts of a global quantum network.

Quantum key distribution offers unconditionally secure keys for communicating parties. Although using high-dimensional quantum systems in QKD protocols does offer considerable advantages, which has been extensively shown in different experiments, analytical security proofs for high-dimensional protocols are not abundant. This is partly because many QKD protocols lack certain ``symmetry'' in terms of the parties' capabilities and responsibilities, which complicates security proofs. In this work, we consider one such protocol and provide analytical security proof and compare our results against prior work showing an advantage of our method. We also develop a continuity bound for conditional quantum entropies which is pertinent to our analysis here and may have applications in other scenarios also.

Secure multi-party computation (SMPC) protocols allow several parties that distrust each other to collectively compute a function on their inputs. In this paper, we introduce a protocol that lifts classical SMPC to quantum SMPC in a composably and statistically secure way, even for a single honest party. Unlike previous quantum SMPC protocols, our proposal only requires very limited quantum resources from all but one party; it suffices that the weak parties, i.e. the clients, are able to prepare single-qubit states in the X-Y plane. The novel quantum SMPC protocol is constructed in a naturally modular way, and relies on a new technique for quantum verification that is of independent interest. This verification technique requires the remote preparation of states only in a single plane of the Bloch sphere. In the course of proving the security of the new verification protocol, we also uncover a fundamental invariance that is inherent to measurement-based quantum computing.

Quantum computers has a major influence on our modern computing platforms. New way of delegated quantum computation solutions continues to be introduced by researchers. The basic functionality of delegated quantum computation enables a classical client to delegates quantum computation related jobs to remote untrusted server with appropriate security measures. However, only very few techniques are addressed the security challenges and its feasibility to implement in practice. One of the solution is quantum trusted execution environment (Q-TEE), which ensures a secure and practical way to build a remote quantum computing server with classical client. In this work, we explore some new features of a quantum-TEE (QTEE), which can be seen as aiding secure computation on a quantum computer. It is reasonable to expect that a QTEE may be required to authenticate classical entities relating to a particular quantum computation. For example, a client, which has submitted a particular job, may require a proof that the quantum computation was indeed executed in that particular computer. Such a QTEE may be envisaged to be using a post-quantum signature scheme like DILITHIUM or Falcon. The quantum computing platform provider would use its secret key to sign various classical entities. The signature can be verified by using the provider's public key. We propose a design of a QTEE which uses Tokenized Signature Scheme (TSS). We also point out that such a QTEE has certain advantages over the naive DS-based ones. Ben-David and Sattath introduced the primitive called (public key) Tokenized Signature Scheme, which can be used in a situation where a owner wants to delegate the power to sign to a signer. The owner, after generating the signing and verification keys (using PPT called KeyGen) (similar to key generation in a DS), creates a certain number of quantum tokens (using QPT called TokenGen) and gives them to designated signers. The signers authenticate classical messages (using QPT called Sign) by generating a classical string called signature, on behalf of the owner and at her behest, using the owner-provided tokens. The verification (using PPT called Vrfy) can be run by anyone using the public key, the signature and the message. The authors also give a construction of TSS using subspace states. A quantum computation platform provider can generate its own key pair and generate tokens. The computers owned by the service provider may be equipped with a QTEE based on a candidate TSS scheme. The quantum tokens are loaded onto the QTEE, which are used for signing. We point out some advantages of such a construction. Firstly, the secret key of the owner is never revealed and all the computers controlled by the provider authenticate in the same manner. Secondly, the trust assumption on the QTEE may be relaxed. A secure TSS is expected to have the following unforgeability property. An adversarial signer can not sign n+1 messages if it has only n tokens. Thirdly, in a situation where the client pays for such authentication services, quantum tokens can be budgeted and monetized. A complete design of a QTEE, supporting various secure quantum computation related requirements, may be achived with a TSS at its core. A TSS supporting aggregation and aggregated-verification brings in added advantage. Meaningful analogues of remote attestation (RA) and direct anonymous attestation (DAA) in this setting may also be explored. The development of quantum- based TEE techniques enables service providers to implement proprietary quantum computing devices in practice. Also, it allows classical users to perform remote quantum computation at very high security levels.

Validation of the randomness of a quantum random number generator (QRNG) can be performed via robust statistical testing, which generally reduces to the problem of finding long range patterns in the generated random bit sequence. This problem is computationally exhaustive and poses one of important challenges for industrial implementation of self-testing integrated QRNG devices. Furthermore, classical statistical testing cannot in principle confirm the quantum non-determinism (from which the QRNG device can deviate due to its implementation imperfections). Instead, classical testing can confirm that up to certain parameters threshold, deterministic patterns were not detected. The device independent QRNG schemes are based on quantum entanglement, which is a non-classical resource that can be verified in terms of quantum measurements non-classical correlations statistically violating Bell type (e.g. CHSH) inequalities for classical limits on such correlations. This reults in a fundamental (independent from a technical implementation) confirmation that the process used to generate randomness based on entangled quantum states is indeed non-deterministic. In this paper we describe a series of recent experimental developments focused on generating quantum entanglement based randomness in a quntum optics device-independent approach, with validation of the randomness through experimentally verified violation of the CHSH inequality [1]. The experimental setup for entanglement based QRNG involves generation of entanglement in photon polarizations in the SPDC type II process with a single-photon detectors (SPAD) for quantum measurements of entangled photons. Statistical processing of the measurements outcomes shows violation of the classical limits on the correlations, violating the CHSH inequality and hence proving that the QRNG generated randomness is based on a quantum, non-deterministic process. The further direction for this research is towards miniaturization of the robust quantum optics setups to be more adequate for integrated entanglement QRNG devices. This work is part of the NCBR research and development project (contract no. POIR.01.01.01-00-0173/15) aimed at advancing QRNG setups with technical achievements reported in the SeQre.net platform [2]. 1. J.F. Clauser, M.A. Horne, A. Shimony, R.A. Holt, Proposed experiment to test local hidden-variable theories, Phys. Rev. Lett., 23 (15): 880–4, doi: https://doi.org/10.1103%2FPhysRevLett.23.880, (1969) 2. SeQre.net, Quantum Cryptography R&D Platform managed by the Department of Quantum Technology at WUST and CompSecur / SeQre, https://seqre.net/qrng

Decoy-state quantum key distribution (QKD) represents nowadays the best countermeasure to attacks exploiting multi-photon emissions in realistic sources. A fundamental requirement is the uniform and independent distribution of phases of the transmitted pulses. However, this can not be true for lasers working under high-speed gain-switching conditions, as residual photons in the cavity can induce phase correlations across consecutive pulses. A security proof robust against such imperfections has been recently proposed, which requires knowledge of a parameter that quantifies how close the conditional distribution of each phase is to a uniform distribution. In this work we propose an experimental method to characterise this parameter in realistic setup conditions and we extend the application to the case of arbitrary length of correlations, aiming to enable experimental verification of the implementation security.

The present study analyzes the efficiency of employing quantum error correction codes (QECC) to encode quantum information states in the context of Quantum Key Distribution (QKD). Specifically, the possibility of enhancing the security and reliability of QKD systems by adding a secondary layer of quantum coding to the states emitted by Alice in the \textit{Prepare-and-Measure} protocols is exhaustively quantified. Such an encoding scheme would be expected to be achievable by means of quantum hardware potentially available in the mid-term. This last statement refers to the assumed reasonable interconnectivity and scalability requirements that may be imposed on the physical encoding capabilities of a quantum processor for the case here considered, since only 1-qubit states are used in QKD. The model for quantum states transmission here considered does not impose any restrictions on the quantum channel, but does assume that the noise and errors to which qubits may be subject in QKD links can be characterized by discrete transformations. That is, depending on the physical encoding scheme chosen for photon's polarization, errors such as bit-flip or phase-shift errors (among others) can be corrected through logical gates derived from Pauli operators, which, along with identity, form the basis $\{I,X,Y,Z\}$ for 1-qubit discrete error operators of the form: \begin{equation} E = \left(\begin{array}{cc} \alpha_0 & \alpha_1\\ \alpha_2 & \alpha_3 \end{array}\right) \end{equation} \medskip Such a consideration imposes the need to be able to identify and correct up to a total of $k = 1 + 3n$ different types of errors (including no error at all, bit-flip, phase-shift, and combinations of the previous) that may affect a QKD state (encoded in an $n-$qubit physical state). In line with previous scalability arguments, that requires for the number of physical qubits needed to achieve such encoding to be lower bounded by the product of the previous magnitude and the dimension of the quantum code $C$ used (which, in the context of QKD, shall be $\mathrm{dim}(C) = 2$). Therefore, if $m=1$ is the number of qubits to be encoded for each transmitted state in QKD, the condition: \begin{equation} 2^n \geq dim(C)(1+3n) \end{equation} imposes a a minimum of $n=5$ physical qubits in a quantum algorithm to carry out encoding and correction of a 1-qubit quantum state. However, it should be noted that, beyond the anticipated error types, the efficiency of identifying errors in a key distilled through QKD (i.e., for all purposes, the correctable QBER associated with each transmission) will be all the more efficient the greater the number n of physical qubits available in a processor for such encoding (of the order of $2^{n-1}$). Thus, the minimum requirements of the quantum hardware topology for the feasibility of this type of encoding are specified, as well as the optimal trade-off in terms of the assumable QBER against different types of attacks, supported by future advances in quantum processor scalability. In this sense, beyond the security considerations associated with QKD implementations of this nature, the goal of this analysis is to parallelly discern the potential speed-up of employing quantum algorithms to carry out error correction of QKD keys and their potential superiority over classical error correction processes in the future. In this regard, two types of QECC are tested in this work. On the one hand, the widespread use of low-density parity check (LDPC)-type linear codes (being linearity a requirement that quantum error correction codes must necessarily satisfy) naturally leads to considering their use in Quantum CSS (Calderbank, Shor \& Steane) codes. The efficiency and performance benefits of LDPC codes applied to QKD are therefore as well transferable to a quantum processor in this context. The performance of these codes applied in QKD is contrasted, secondly, with stabilizer codes. It can be anticipated that the latter may present challenges in the initial algorithm for the encoding of the states emitted by Alice, however the decoding circuit algorithms can be implemented with relative simplicity -albeit scalability limitations- through 1-qubit logical gates (such is also the case with CSS codes once the parity matrix of the LDPC code is known, whose speed advantages over the classical use of belief-propagation algorithms are showed here). On the previous precepts, this study focuses on carrying out a comparative analysis of the convenience of potentially benefitting from the performance of either type of code, while analyzing technical considerations derived from the experimental implementation of QECC protocols in this QKD hybrid approach. The most important considerations are the following: -Complexity. From the point of view of reliability of these types of implementations, potential disadvantages are analyzed in terms of complexity added to real physical systems. Not only is the experimental complexity increase of combining quantum hardware with QKD optical transmissions estimated, but also the anticipation of additional error sources, considering the acceptable threshold values of decoding techniques and calibration errors for real applications and security proofs. - Efficiency. In terms of efficiency and overall code performance, estimated times (for different prospective states of quantum processor advancement) for quantum key generation through these techniques are simulated, and the circumstances under which each may be most convenient are identified. - Components demands. Increased demand for quality of the optics involved in the QKD protocol is expected. Protocols of this nature further increase the demand for high-quality transmissions, especially regarding photon sources, which may have a significant impact on both implementability and its associated costs. - Overhead. Additional overhead needs are projected in terms of code design, number of qubits required depending on the use case, as well as measurement operators necessary for error detection and correction. Consequently, partial limits have been found on the amount of data that can be transmitted in a QKD system that integrates this methodology, which is projected to be overcome when widely available quantum hardware reaches sufficient maturity. - Side channel attacks. Possible vulnerabilities to quantum hacking are preliminarily identified, and a testing method is suggested for this type of QECC-based QKD systems. In addition to the previous analyses, the authors note that one of the most significant features of -both of- the codes here analyzed is that they carry out the identification of errors that affect quantum states at the time of reception, while preserving the encoded quantum information in photons. In this sense, a protocol of these characteristics allows to anticipate, in some applications, the error correction process to the security analysis (although the syndromes of each of the states can be stored classically and the correction processed once the QBER estimation is finished). This can constitute a significant disadvantage in unnecessary computational energy costs when the transmission is not considered secure, but may also be exploited for beneficial applications on certain use cases. With all of the above, the work here presented collects the results on the aforementioned considerations, quantitative cost analysis and future feasibility prospects of this QECC-QKD proposal, as well as details on design and integration considerations, and requirements of both the QKD and quantum hardware components that support this type of implementation.

We report a method for continuously stabilizing the polarization change of photons when propagating across fibers. This technique operates at single-photon-level intensity and therefore imposes minimal noise onto the quantum channel, allowing for un-interrupted operation of a quantum network.

Besides discrete-variable QKD, where single photon detection is used, continuous-variable (CV) protocols are using homodyne detection and are thus promising to be compatible with existing classical coherent communication technology. Originally, the research on CV QKD protocols mostly focused on Gaussian modulation (see review [1]), where one assumes that Alice can continuously displace coherent states according to a 2D Gaussian distribution. This modulation allows the security proofs to take advance of Gaussian optimality conditions, but experimental implementations can only reach this pattern up to some finite discretization. Another approach is to directly use a discrete-modulated (DM) CV QKD protocol. Here, Alice is required to prepare a finite number of displaced coherent states, aiming for a higher experimental simplicity, with the drawback of higher theoretical complexity. Recently, new security proofs such as [2] and corresponding experiments [3,4] could show the feasibility of systems using quadrature amplitude modulation (QAM) with 64 and 256 displaced states. However, the security proof was limited to the asymptotic regime and since the experiments did not use implemented error correction codes, one could only estimate the achievable key rates, but could not generate the secret key itself. In this poster, we demonstrate experiments with a protocol with a smaller constellation size of four coherent states that share the same amplitude but are shifted by 90° in phase (QPSK modulation). We exploit a recently published security proof providing tight secret key rates for collective attacks even in the finite size regime [5]. Furthermore, we show that the QPSK data is compatible with our implemented low density parity check (LDPC) codes for binary symmetric channels. This allows us to perform the full QKD protocol from experimental quantum state exchange to classical post processing and to generate a secret key shared between Alice and Bob. For this purpose, we use a laboratory system based on polarization encoding in the Stokes parameters which is equivalent to a QPSK pattern in phase space. This scheme is designed to cope with the challenges of a turbulent atmospheric channel. While the fluctuating nature of such a channel can be targeted by sub-binning the transmission channels [6], the atmosphere is in general non-birefringent, allowing for atmospheric quantum communications [7]. [1] F. Laudenbach et al., Adv. Quantum Technol. 1, 1800011 (2018) [2] A. Denys et al., Quantum 5, 540 (2021) [3] F. Roumestan et al., arXiv:2207.11702 (2022) [4] Y. Pan et al., Optics Letters 47, 3307-3310 (2022) [5] F. Kanitschar et al., arXiv:2301.08686v1 (2023) [6] V. Usenko et al., New J. Phys. 14, 093048 (2012) [7] B. Heim et al., New J. Phys. 16, 113018 (2014)

Uncloneable encryption, first introduced by Broadbent and Lord (TQC 2020) is a quantum encryption scheme in which a quantum ciphertext cannot be distributed between two non-communicating parties such that, given access to the decryption key, both parties cannot learn the underlying plaintext. In this work, we introduce a variant of uncloneable encryption in which several possible decryption keys can decrypt a particular encryption, and the security requirement is that two parties who receive independently generated decryption keys cannot both learn the underlying ciphertext. We show that this variant of uncloneable encryption can be achieved device-independently, i.e., without trusting the quantum states and measurements used in the scheme. Moreover, we show our variant of uncloneable encryption works just as well as the original definition in constructing quantum money, and can be used to get uncloneable bits without using the quantum random oracle model. Finally, we show that a simple modification of our scheme yields a single-decryptor encryption scheme, which was a related notion introduced by Georgiou and Zhandry. In particular, the resulting single-decryptor encryption scheme achieves device-independent security with respect to a standard definition of security against random plaintexts.

At its core quantum key distribution (QKD) offers information theoretical security based on the laws of physics. In deployments one has to take into account practical security and resilience. The latter includes the localization of a possible eavesdropper after an anomaly has been detected by the QKD system to avoid denial-of-service. In this work, we present a novel approach to eavesdropper localization inside a quantum channel based on opto-acoustic interaction. Employing localized stimulated Brillouin scattering, we are able to localize common eavesdropping approaches such as evanescent outcoupling as low as 1% of optical transmission power to the cm level. Furthermore we are capable to distinguish multiple nominally indistinguishable fibers from different manufacturers, paving the way for high security applications. Finally we show, that this approach surpasses traditional OTDR technology.

In this work, we investigate the effect of the Kalman filter, an algorithm predicting future values of a system, for reducing pointing errors and improving the tracking performance of the coarse tracking system. We present the pointing error based on the angular velocity of the target when the Kalman filter is applied to the tracking algorithm. The tracking system is mounted on a fixed tripod, while the mobile platform moves around the system at a constant speed as a target. The effect of the Kalman filter on the performance of the tracking system and future work will be given.

Quantum key distribution (QKD) based on the fundamental laws of quantum physics can allow the distribution of secure keys between distant users. However, the imperfections in realistic devices may lead to potential security risks, which must be accurately characterized and considered in practical security analysis. High-speed optical modulators, being as one of the core components of practical QKD systems, can be used to prepare the required quantum states. Here, we find that optical modulators based on LiNbO3, including phase modulators and intensity modulators, are vulnerable to photorefractive effect caused by external light injection. By changing the power of external light, eavesdroppers can control the intensities of the prepared states, posing a potential threat to the security of QKD. We have experimentally demonstrated the influence of light injection on LiNbO3-based optical modulators and analyzed the security risks caused by the potential green light injection attack, along with the corresponding countermeasures.

Quantum Key Distribution (QKD) enables two parties to establish common secret keys by transmitting bits encoded in quantum systems (qubits), which provides unconditional security. QKD introduces errors during quantum communication, which need to be corrected post-key exchange. Typical error-correcting codes in the context of QKD include Cascade, Low-density parity check (LDPC) codes, and polar codes. In our work, we use polar codes, which are state-of-the-art error-correcting codes meeting the requirements of a QKD system. We provide an implementation of an encoder for polar codes based on reliability sequence, which is computationally efficient and can be implemented in QKD postprocessing. Our work on improving the efficiency of QKD postprocessing is highly relevant for the commercialization of QKD.

We show the security of multi-user key establishment on a single line of quantum communication. More precisely, we consider a quantum communication architecture where the qubit generation and measurement happen at the two ends of the line, whilst intermediate parties are limited to single-qubit unitary transforms. This network topology has been previously introduced to implement quantum-assisted secret-sharing protocols for classical data, as well as the key establishment, and secure computing. This architecture has numerous advantages. The intermediate nodes are only using simplified hardware, which makes them easier to implement. Moreover, key establishment between arbitrary pairs of parties in the network does not require key routing through intermediate nodes. This is in contrast with quantum key distribution networks for which non- adjacent nodes need intermediate ones to route keys, thereby revealing these keys to intermediate parties and consuming previously established ones to secure the routing process. Our main result is to show the security of key establishment on quantum line networks. We show the security using the framework of abstract cryptography. This immediately makes the security composable, showing that the keys can be used for encryption or other tasks.

Here we report on the experimental results implementing robust anonymous quantum conference key agreement using GHZ states. Results confirm the advantage when allowing for the use of multipartite entanglement along with bipartite entanglement.

We present experimental findings of a versatile quantum key distribution (QKD) system for diverse application scenarios such as long-distance, metropolitan, and last-mile/in-house links. This is enabled by the system’s dual-wavelength support, automatic initialization, stabilizing feedback loops, and modular design, which allows for usage of commercial detectors and encryptors.

This work experimentally investigates the impact of residual phase noise on CVQKD systems using phase profiles obtained through simulated Wiener phase processes and experimental measurements, and compares the experimental measurements to the theoretical calculation.

Quantum key distribution (QKD) systems provide a method for two users to exchange a provably secure key that can be used to establish an unconditionally secure communication channel. Here we present an FPGA-controlled prepare-and-measure BB84 polarization-based decoy state protocol using light-emitting diodes (LEDs). Our setup uses three separate LEDs driven by a field-programmable gate array (FPGA) that go through different optical paths that set the state of polarization. Each LED is connected to two GPIO pins via a different resistive path. By setting one pin to high impedance and driving the other with a nanosecond-scale electrical signal, we can choose between signal and decoy states. We can thus send 3 signal states, 3 decoy states, and 3 vacuum states. To prevent side-channel attacks multi-source QKD systems require that each state is indistinguishable from the others in the spatial, spectral, and temporal degrees-of-freedom on the photon. We do this by passing the 3 photonic wavepackets through the same single-mode fiber and 1-nm-bandwith spectral filter and use dynamic shifting of the FPGA phase-locked-loops to control the phase and the width of the electrical pulses that drive the LEDs, which allows us to control the optical pulses produced by the LEDs. Both spectral and temporal profiles are shown in Figure 1. We control the timing of the photonic wavepackets to a resolution of 78 ps. Additionally, we use the FPGA to generate true random states as required by the BB84 protocol. To quantify the indistinguishability of Alice’s various states, we use the mutual information to calculate the fraction of the final sifted key that an eavesdropper would know after making temporal and/or spectral measurements on every state that is sent. We are able to achieve 2.39e-05 and 4.31e-05 mutual information fraction leaked in the spectral and temporal waveforms, respectively. Furthermore we put our scheme into practice with a simple tabletop QKD setup where we are able to achieve 1.7% quantum bit-error rate (QBER) in the L/R bases and 2.1% QBER in the H/V bases. Additionally, our system's SWaP restrictions make it very desirable for highly mobile platforms such as drones.

Advances in the security analysis of continuous-variable quantum key distribution (CVQKD) protocols with true discrete modulation aim to unlock the same performance as that obtained from `traditional' protocols based on Gaussian modulation. We report a CVQKD experiment using 4 states that utilizes a composable security proof to generate a secret key fraction of $5.6 \times 10^{-3}$ bits/symbol over 10 km channel, while providing security against collective attacks.

Global-scale quantum communication networks will require efficient long-distance distribution of quantum signals. Optical fibre communication channels have range constraints due to exponential losses in the absence of quantum memories and repeaters. Satellites enable intercontinental quantum communication by exploiting more benign inverse square free-space attenuation and long sight lines. However, the design and engineering of satellite quantum key distribution (QKD) systems are difficult and characteristic differences to terrestrial QKD networks and operations pose additional challenges. The typical approach to modelling satellite QKD (SatQKD) has been to estimate performances with a fully optimised protocol parameter space and with few payload and platform resource limitations. Here, we analyse how practical constraints affect the performance of SatQKD for the Bennett-Brassard 1984 (BB84) weak coherent pulse decoy state protocol with finite-key size effects. We consider engineering limitations and trade-offs in mission design including limited in-orbit tunability, quantum random number generation rates and storage, and source intensity uncertainty. We quantify practical SatQKD performance limits to determine the long-term key generation capacity and provide important performance benchmarks to support the design of upcoming missions.

An important goal in quantum key distribution (QKD) is the task of providing a finite-size security proof without assuming that the states across the protocol rounds are independent and identically distributed (IID). For prepare-and-measure QKD, one recently developed approach for obtaining such proofs is the generalized entropy accumulation theorem (GEAT), but thus far it has only been applied to study a small selection of protocols. In this work, we present techniques for applying the GEAT in finite-size analysis of generic prepare-and-measure protocols, incorporating several methods to optimize the min-tradeoff function and minimize the second-order term in the GEAT. As a particular focus, we analyze decoy-state protocols and present a method for generically obtaining min-tradeoff functions for such protocols, even those where a closed-form expression for the asymptotic rate is not known. Furthermore, we highlight that the techniques we develop in the process should also yield improved bounds on the keyrates of decoy-state protocols even in the asymptotic limit.

Decoy state methods improve the feasibility of quantum key distribution (QKD) by enabling the use of simple, robust sources, and techniques have been developed to allow for the use of decoy analysis in the regime where only a finite number of signals are sent. We present an iid security proof for finite-size key rates of prepare-and-measure protocols with probabilistic testing, including decoy state methods, within a composable security framework that allows for future extensions to device imperfections. Additionally, we improve the acceptance set over previous works through the use of entrywise constraints, allowing us to efficiently perform decoy state protocols. Moreover, we introduce a new figure of merit, the expected key rate, to capture the tradeoff between aborting too often and achieving high key rates, which allows for increased practicality of QKD implementations.

The no-cloning theorem is a cornerstone of quantum cryptography. Here we generalize and rederive under weaker assumptions various upper bounds on the maximum achievable fidelity of probabilistic and deterministic cloning machines. Building on ideas by Gisin [Phys.~Lett.~A, 1998], our results hold even for cloning machines that do not obey the laws of quantum mechanics, as long as remote state preparation is possible and the non-signalling principle holds. We apply our general theorem to several subsets of states that are of interest in quantum cryptography.

Continuous Variable (CV) quantum key distribution (QKD) is a promising candidate for practical implementations due to its compatibility with the existing communication technology. A trusted device scenario assuming that an adversary has no access to imperfections in the detector is expected to provide significant improvement in the key rate, but such an endeavor so far was made separately for specific protocols and for specific proof techniques. Here, we develop a simple and general treatment that can incorporate the effects of Gaussian trusted noises for any protocol that uses homodyne/heterodyne measurements. In our method, a rescaling of the outcome of a noisy homodyne/heterodyne detector renders it equivalent to the outcome of a noiseless detector with a tiny additional loss, thanks to a noise-loss equivalence well-known in quantum optics. Since this method is independent of protocols and security proofs, it is applicable to Gaussian-modulation and discrete-modulation protocols and to any proof techniques developed so far and yet to be discovered as well.

We detail our experiments towards generating GHZ states encoded into time-bin qubits using a 2x2 optical switch. We present a theoretical model founded on phase-space techniques to corroborate our experimental findings.

In our work, we provide a clean security analysis of a new high-dimensional QKD setup with a Franson interferometer in the asymptotic limit and calculate secure key rates using a recent method developed. We argue that our new protocol is not only experimentally easier, as it does not require tomography of the polarization degree of freedom, but also allows for a clean security analysis without assumptions that were implicitly hidden in earlier analyses of similar and related protocols. We build a realistic noise model that takes environmental photons, dark counts, channel losses and non-unit detection efficiency into account and show that our new protocol allows secure key rates for twice as many environmental photons than comparable protocols available in literature. We want to highlight that while the security analysis of our protocol is rigorous and clean, the compared key rates for the compared protocol are actually only an upper bound (due to the assumptions implicitly hidden described earlier), so our new protocol outperforms previous settings by at least a factor of 2. Current free-space QKD implementations are only operable during night when environmental photons are low, but fail to provide secure keys during twilight and daytime, which is a major obstacle towards broad practical usage. Thus, doubling the robustness against environmental photons marks an important step forwards towards daylight-independent Quantum Key Distribution implementations.

Quantum information technologies that utilize entangled photon pairs assume a single- photon source. While this assumption poses no significant issues when the channel loss is low, high loss can have a detrimental impact on the system's performance. To overcome high loss, the most intuitive solution is to increase the gain of entangled photon pairs by sending a large quantity of them. However, high-gain sources tend to degrade the quantum quality of entangled photon pair sources. We derived the density matrix of the quantum state in the distribution of polarization-entangled photon pairs under the non- symmetric channel losses with threshold detectors. We analyzed the variation of the CHSH inequality parameter S and the effective photon state transfer probability 𝑁𝑚 by changing the non-linear gain γ. The increase and subsequent decrease in Nm with increasing γ can be interpreted as follows: when γ is small, the state is not properly transmitted due to high loss, but as γ increases, the error probability, such as double-click events, increases due to the influence of multi-photon events, leading to a decrease in Nm. This result indicates the need to optimize the brightness of the light source for practical implementation in quantum information technologies. This study is expected to contribute to the analysis of discrete variable quantum key distribution(DVQKD) systems like BBM92, E91, and long- distance quantum imaging systems in the future.

As the volume of data and connections exchanged across telecom/datacom networks continues to increase, there is a growing need for technologies that deploy quantum key distribution (QKD) on a large scale in a practical and sustainable manner. To realize high-speed, real-time communication of large-volume data using one-time pad cryptography with QKD modules, it will be important to multiplex QKD modules in the future. Furthermore, it is necessary to consider the physical size of the device for the practical application of multiplexed QKD modules. In this study, we focused on miniaturizing the key distillation process required at the back end of the QKD chip. To reduce the size of the device, it is necessary to estimate as accurately as possible the minimum computing power required to run the key distillation process for the target secret key rate (SKR). However, the performance of the key distillation process requires computing power and involves the exchange of messages via classical channels. Therefore, we evaluate the performance by a network simulator before performing evaluations on the actual equipment. In this paper, we focus on the behavior of classical communication paths in the multiplexed QKD system, which is a problem in studying the key distillation process, and we evaluate it with the simulator. Specifically, we clarify the relationship between the required performance of the key distillation process (i.e., throughput) and the target SKR, which is necessary to realize a part of the key distillation process in hardware.

Verifying the quality of a random number generator involves performing computationally intensive statistical tests on large data sets commonly in the range of gigabytes. Limitations on computing power can restrict an end-user's ability to perform such verification. There are also applications where the user needs to publicly demonstrate that the random bits they are using pass the statistical tests without the bits being revealed. We report the implementation of an entanglement-based protocol that allows a third party to publicly perform statistical tests without compromising the privacy of the random bits.

The no-go theorem regarding unconditionally secure Quantum Bit Commitment protocols is a relevant result in quantum cryptography. The impossibility proof for Quantum Bit Commitment has been used to prove the impossibility of unditional security for other protocols, such as Quantum Oblivious Transfer or One-Sided Two Party Computation. In this paper, we extend the same proof to the non-deterministic version of Quantum Private Queries, a protocol addressing the Symmetric-Private Information Retrieval problem. Moreover, we prove the equivalence between Quantum Private Queries and Quantum Bit Commitment and One-Sided Two Party Computation protocols.

This work is motivated by the following question: can an untrusted quantum server convince a classical verifier of the answer to an efficient quantum computation using only polylogarithmic communication? We show how to achieve this in the quantum random oracle model (QROM), after a non-succinct instance-independent setup phase. We introduce and formalize the notion of post-quantum interactive oracle arguments for languages in QMA, a generalization of interactive oracle proofs (Ben-Sasson--Chiesa--Spooner). We then show how to compile any non-adaptive public-coin interactive oracle argument (with private setup) into a succinct argument (with setup) in the QROM. To conditionally answer our motivating question via this framework under the post-quantum hardness assumption of LWE, we show that the XZ local Hamiltonian problem with at least inverse-polylogarithmic relative promise gap has an interactive oracle argument with instance-independent setup, which we can then compile. Assuming a variant of the quantum PCP conjecture that we introduce called the weak XZ quantum PCP conjecture, we obtain a succinct argument for QMA (and consequently the verification of quantum computation) in the QROM (with non-succinct instance-independent setup) which makes only black-box use of the underlying cryptographic primitives. The full version of this preprint is available at: https://eprint.iacr.org/2023/421

To construct a large-scale quantum key distribution network (QKDN) as future secure infrastructure, it is necessary interwork many QKDNs. Here, we demonstrate an interoperable key relay between two different types of QKDNs: a centralized QKDN and a distributed QKDN. In the demonstration, we build an experimental environment for interworking by using physical QKDNs and implement three fundamental functions (key relay, delivery confirmation, and status information collection) for performing key relay between heterogeneous QKDNs.

Trapdoor claw-free functions (TCFs) are immensely valuable in cryptographic interactions between a classical client and a quantum server. Typically, a protocol has the quantum server prepare a superposition of two-bit strings of a claw and then measure it using Pauli-X or Z measurements. In this paper, we demonstrate a new technique that uses the entire range of qubit measurements from the XY-plane. We show the advantage of this approach in two applications. First, building on (Brakerski et al. 2018, Kalai et al. 2022), we show an optimized two-round proof of quantumness whose security can be expressed directly in terms of the hardness of the LWE (learning with errors) problem. Second, we construct a one-round protocol for blind remote preparation of an arbitrary state on the XY-plane up to a Pauli-Z correction.

Quantum key distribution (QKD) enables two remote parties to share encryption keys with security based on physical laws. Continuous variable (CV) QKD based on coherent states and coherent detection is a suitable scheme for integration into existing telecom networks. However, thus far, long-distance CV-QKD has only been demonstrated using a highly complex transmitted local oscillator scheme, opening security loopholes for eavesdroppers and limiting its potential applications. Here, we report a long-distance CV-QKD experiment with a locally generated local oscillator over a 100 km fiber channel. This record-breaking distance is enabled by controlling the phase-noise component of excess noise, using a machine-learning framework for carrier recovery and optimizing the modulation variance. We consider the full CV-QKD protocol implementation and demonstrate the generation of keys secure against collective attacks in asymptotic and finite-size regimes. Our results set an essential milestone for CV quantum access networks realization, where a high loss budget is required, and pave the way for large-scale deployment of secure QK.

Nonlocal tests on multipartite quantum correlations can certify randomness in a device-independent (DI) way. Such correlations admit a rich structure, making the task of choosing an appropriate witness, known as a Bell inequality, difficult. For example, extremal Bell inequalities are tight witnesses of nonlocality, however achieving their maximum violation places constraints on the underlying quantum system, which are often incompatible with optimal randomness generation. As a result we find a trade-off between maximum randomness and Bell violation. Understanding this trade-off for more than two parties has not been explored, and would inform the best way to generate DI randomness in this setting. Moreover, suitable techniques that enable maximum randomness certification for arbitrarily many parties are missing. Here, we study the maximum amount of randomness that can be certified by correlations exhibiting a violation of the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality. We find that maximum quantum violation and maximum randomness are incompatible for any even number of parties, with incompatibility diminishing as the number of parties grow, and conjecture the precise trade-off. We also show that maximum MABK violation is not necessary for maximum randomness for odd numbers of parties. To obtain our results, we derive new families of Bell inequalities certifying maximum randomness from a new technique for randomness certification, which we call "expanding Bell inequalities". Our technique allows one to take a bipartite Bell expression, known as the seed, and transform it into a multipartite Bell inequality tailored for randomness certification, showing how intuition learned in the bipartite case can find use in more complex scenarios.

As our lives and interactions become more dependent on the internet, our security needs continue to evolve. Future transactions will likely be secured by quantum means such as point-to-point quantum key distribution and more complex quantum protocols. Quantum key distribution has the potential to revolutionize secure communication, but it is often limited by device imperfections and environmental factors such as weather conditions. Currently, quantum key distribution schemes based on orbital angular momentum-carrying optical beams employ conventional settings. As a result, various attacks, such as detector side-channel attacks, are possible, and these beams are subject to spatial aberrations because of atmospheric turbulence and poor weather conditions. As a result, we present a novel approach to measurement device-independent quantum key distribution scheme using vortex vector modes and scalar beams that is capable of achieving high key rates even under diverse weather conditions, including clear skies, light rain, and fog. Furthermore, adopting this approach maximizes the advantages of both orbital angular momentum states and measurement device-independent quantum key distribution. According to our implementation, a secure key can be transmitted up to a maximum distance of approximately 178 kilometers under clear conditions, and we can transmit signals up to a comparable distance of approximately 160 kilometers under adverse weather conditions. Since these distances are comparable, this work presents a significant advance, illustrating how measurement device-independent quantum key distribution can be implemented using vortex vector modes. Most significantly, results demonstrate the effectiveness of this approach, opening up new possibilities for secure long-distance communication under adverse weather conditions.

In our work, we explore various multi-user scenarios for Continuous Variable Quantum Key Distribution with discrete modulation. We propose and analyse DM CV-QKD protocols for various different multi-user scenarios such as * One Alice to $n$ Bobs, where the Bobs do not trust each other, * One Alice to $n$ Bobs, where $m<n$ Bobs trust each other, * Conference Key Agreement between one Alice and $n$ Bobs. One common feature of all protocols that we study is that Alice's source does not need any additional expensive components except state-of-the-art beamsplitters, therefore we call it `cheap source'. This makes the transmitter of our proposed protocols easily implementable in experiments and demonstrations. In our work, we calculate asymptotic secret key rates for a range of parameters and different trust scenarios and show that in the asymptotic limit multi-user DM CV-QKD is possible for distances relevant for mid-sized urban area networks between at least 16 user. This highlights, that DM CV-QKD can be extended to the multi-user scenario and remains a feasible candidate also for early implementations of Quantum Key Distribution in local networks.

Two new concepts of quantum random number generators (QRNG) are presented. The first one is related with the application of quantum entanglement to producing several mutually coupled in a random manner bit sequences, which can be used in cryptographic applications and verified in a parallel manner allowing for entropy measurement in real time in public domain using arbitrary large resources for patterns detection, but without compromising the secrecy of coupled by quantum entanglement dual random binary sequences. This is a new concept for verification of fidelity of random bit sequences in a fully non-destructive way, allowing for various applications of generated random bits for which secrecy is important (e.g. in cryptograhic applications). The idea is the development of former our proposal [1]. The second concept is reletad to our progress in prototyping of miniaturized QRNG utilizing the quantum transitions allong the Fermi golden rule as the entropy source, developed for application to quantum cryptography (QKD) systems based on continuous variables. The prototype exploiting, as the source of the entropy, the photoelectric process in a photodiode coupled to a small LED is miniaturized to size of 2 cm [2] and produces the random sequence with a rate of 1 Mb/s. We present current developments of the concept towards its further miniaturization to sizes suitable for using this QRNG device in portable computers, mobile phones and miniaturized terminals for QKD using non-entangled photons. 1. Janusz E. Jacak, Witold A. Jacak, Wojciech A. Donderowicz, Lucjan Jacak, Quantum random number generators with entanglement for public randomness testing, Scientific Reports, (2020) 10:164, https://doi.org/10.1038/s41598-019-56706-2 2. Marcin M. Jacak, Piotr Jóźwiak, Jakub Niemczuk, Janusz E. Jacak, Quantum generators of random numbers, Scientific Reports, (2021) 11:16108, https://doi.org/10.1038/s41598-021-95388-7

This paper presents a new method for quantum identity authentication (QIA) protocols. The logic of classical zero-knowledge proofs (ZKPs) due to Schnorr is applied in quantum circuits and algorithms. This novel approach gives an exact way with which a prover $P$ can prove they know some secret by encapsulating it in a quantum state before sending to a verifier $V$ by means of a quantum channel - allowing for a ZKP wherein an eavesdropper or manipulation can be detected with a fail-safe design. This is achieved by moving away from the hardness of the Discrete Logarithm Problem towards the hardness of estimating quantum states. This paper presents a method with which this can be achieved and some bounds for the security of the protocol provided. With the anticipated advent of a `quantum internet', such protocols and ideas may soon have utility and execution in the real world.

In the permutation inversion problem, the task is to find the preimage of some challenge value, given oracle access to the permutation. This is a fundamental problem in query complexity, and appears in many contexts, particularly cryptography. In this work, we examine the setting in which the oracle allows for quantum queries to both the forward and the inverse direction of the permutation—except that the challenge value cannot be submitted to the latter. Within that setting, we consider two options for the inversion algorithm: whether it can get quantum advice about the permutation, and whether it must produce the entire preimage (search) or only the first bit (decision). We prove several theorems connecting the hardness of the resulting variations of the inversion problem, and establish lower bounds for them. Our results indicate that, perhaps surprisingly, the inversion problem does not become significantly easier when the adversary is granted oracle access to the inverse, provided it cannot query the challenge itself.

A multidimensional optimisation analysis for CV-QKD systems with practical constraints is presented. We demonstrate secret-key-rates >1Mb/s for 30km transmission with arbitrary discrete modulation, utilising 10dB receiver clearance and 100kHz summedlinewidth as a cost-effective implementation.

The postselection technique is a widely used tool to lift the security of Quantum Key Distribution (QKD) protocols against IID collective attacks to coherent attacks. While various other approaches for proving security against coherent attacks exist, they have limitations that make them less suitable for typical optical prepare-and-measure protocols. We identify and address some limitations of the postselection technique as applied to optical prepare-and-measure QKD protocols. We extend this analysis to decoy-state protocols, which are essential for long-distance QKD. Finally, we also improve the practical applicability of the postselection technique. Thus, we argue that the postselection technique, with the relevant modifications, is the only lift to coherent attacks that can be broadly applied to optical implementations of generic prepare-and-measure QKD protocols.

The bounded quantum storage model aims to achieve security against computationally unbounded adversaries that are restricted only with respect to their quantum memories. In this work, we provide everlasting and information-theoretic secure constructions in this model for the following powerful primitives: (1) CCA1-secure symmetric key encryption, message-authentication, and one-time programs. These schemes require no quantum memory for the honest user, while they can be made secure against adversaries with arbitrarily large memories by increasing the transmission length sufficiently. (2) CCA1-secure asymmetric key encryption, encryption tokens, signatures, and signature tokens. These schemes are secure against adversaries with roughly $e^{\sqrt{m}}$ quantum memory where $m$ is the quantum memory required for the honest user. All of the constructions additionally satisfy notions of disappearing and unclonable security.

Quantum key distribution (QKD) is introduced to make encryption and transmission of data over any public channel unconditionally secure. A key requirement of such a promise is to have access to an encryption key with a similar length as the message and data itself. While QKD has become mature and the key rate significantly increased over the past 20 years, there is still a notable gap between data transmission and key generation rates. High-dimensional QKD is proposed as a method to respond to this demand. Here, we demonstrate a 4-dimensional path-\&-time encoding QKD system with more than 100\% improvement compared to a standard 2D system in the same test-bed, a 52-km deployed multicore fiber link.

This research introduces a simplified variation of the time-based BB84 protocol, employing time-bin encoding and one decoy state. The proposed approach significantly simplifies the security analysis, enabling the identification of potential vulnerabilities by avoiding interference in the transmission of specific state combinations. This simplification reduces the reliance on finite key analysis and allows us to better characterize the source imperfections without much compromise on the secret key rate (SKR).

Without access to robust quantum memory or gates, long distance QKD relies upon trusted relays. Several implementations place these relays on satellites, however they are limited in computational power and numerically intensive tasks such as privacy amplification cause bottlenecks for continuous key exchange. Currently, one solution is the simplified trusted relay which leaves all privacy amplification to the end parties at a potentially significant cost to key rate. We developed a post processing technique called pre-privacy amplification which performs a small and efficient post processing step to boost key rates without any additional rounds of communication. For a simplified trusted relay running an asymptotic qubit six-state protocol, we demonstrate an increase to the maximum tolerable QBER from 9.05% to 11.7%. We also identify several sufficient conditions to determine functionally unique pre-privacy amplification maps, and connect it to the graph isomorphism problem.

In the context of telecommunications-wavelength fiberoptic resources, quantum-classical coexistence is considered an economical approach for efficient quantum networking, such as through (dense) wavelength-division multiplexing. However, inadequate filter isolation can introduce unwanted crosstalk noise. In this study, we investigate polarization-entangled photons contaminated by highly polarized classical signals, mapping them to maximally entangled mixed states (MEMS). Notably, MEMS can be effectively concentrated using a local filtering technique commonly referred to as the Procrustean method. To achieve this, we employ programmable polarization-dependent loss emulators (PDLEs), resulting in significant enhancements in the measured state fidelities.

Quantum Algorithms reduce the computational complexity or solve certain difficult problems that were originally impossible to solve with classical computers. Grover's search algorithm is a Quantum computation algorithm that can find target elements from a set of unstructured data with the best possible, O(√N ) queries. Grover's search Quantum circuits implemented accurately can be used to successfully search and find the keys of Symmetric ciphers. However, very few demonstrations of such practical cryptanalysis are available. In this paper, practical Quantum cryptanalysis circuits for Affine Cipher are proposed and demonstrated, that successfully break the cipher by finding the keys.

Measurements in quantum physics are inherently random. Moreover, it is possible to certify quantum randomness from systems that are only partially characterized by the user. Here, we propose a simple quantum random number generator (QRNG) that requires only a single photodiode and one laser. We trust only the quantum efficiency of the photodiode and the characterization of the detector, leaving the laser in control of the eavesdropper. Such a QRNG is source-device-independent and its optical setup is among the simplest setups achieving source-device independence.

High brightness, low-g2 single-photon sources (SPSs) are an alternative to commonly employed weak coherent pulse (WCP) sources for discrete variable quantum key distribution (QKD) and offer potential key-rate and finite-block scaling advantages. However, the loss tolerance of SPS-based QKD is compromised by photon number splitting (PNS) attacks against non-negligible multiphoton emissions. Decoy state (DS) techniques mitigate against PNS attacks, with WCP-DS QKD over several hundred km in fibre being demonstrated. Here, we adapt the DS method to any practical SPS that can easily generate multiple photon number distributions (PND) by attenuating its original photon emissions. Hence, we provide finite-key security bounds for a Multi-PND (adapted 2-Decoy) protocol using Efficient BB84 with optimised parameters. We use a particular true quantum dot source to compare its key rate generation with a Single-PND (adapted Non-Decoy) protocol for several finite block sizes. As expected, the Multi-PND gives higher key rates than the Single-PND, except for considerably small blocks. Moreover, the Multi-PND protocol goes beyond 200 km of tolerable fibre distance for high acquisition times. In this work, we set a generalised method to employ the DS techniques with any realistic SPS and further research may be done implementing distinct SPS characteristics.

Dense coding is known as an attractive quantum information protocol. While the original study considers the noiseless setting, many subsequent studies extended this result to more general settings. However, all of them focused only on the communication speed in various noisy settings. While dense coding with the noiseless setting realizes twice communication speed, it also realizes quantum secure direct communication (QSDC) as follows.In dense coding, the sender, Alice, and the receiver, Bob, share perfect Bell states and Alice encodes her message by application of a unitary operation. Since Alice's local state is a completely mixed state, the eavesdropper, Eve, cannot obtain any information about the message even when Eve intercepts the transmitted quantum state. However, it is not easy to share a perfect Bell state. Hence, we need to consider secure communication under imperfect shared state. Specifically, we study secure direct communication by using a general preshared quantum state and a generalization of dense coding. In this scenario, Alice is allowed to apply a unitary operation on the preshared state to encode her message, and the set of allowed unitary operations forms a group. To decode the message, Bob is allowed to apply a measurement across his own system and the system he receives. In the worst scenario, we guarantee that Eve obtains no information for the message even when Eve access the joint system between the system that she intercepts and her original system of the preshared state. For a practical application, we construct a modular wiretap code by concatenating inverse universal hashing and an arbitrary error correcting code. Combining the wiretap code with error verification, we propose a concrete protocol for the private dense coding model and derive an upper bound of information leakage in the finite-length setting. We also discuss how to apply our scenario to the case with discrete Weyl-Heisenberg representation when the preshared state is unknown. In this case, Pauli encoding operation and Pauli channel are considered. Hence, our protocol can be applied many similar tasks.

Quantum key distribution (QKD) provides a method for two users to exchange a provably secure key, which requires synchronizing the user’s clocks. Qubit-based synchronization protocols directly use the transmitted quantum states and thus avoid the need for additional classical synchronization hardware, but previous approaches sacrifice secure key either directly or indirectly. Here, we introduce a Bayesian probabilistic algorithm that incorporates all published information to efficiently find the clock offset without sacrificing any secure key [1]. Additionally, the output of the algorithm is a probability, which allows us to quantify our confidence in the synchronization. Our experimental system employs an efficient three-state BB84 prepare-and-measure protocol with decoy states. Our algorithm exploits the correlations between Alice’s published basis and mean photon number choices (which must already be published for the protocol) and Bob’s measurement outcomes to probabilistically determine the most likely clock offset. We perform cross-correlations using Fast Fourier Transforms to count the number of each type of event pairing for each potential offset (e.g., how many times Alice sent a decoy state in the horizontal/vertical polarization basis and Bob registered a click in the horizontal detector). Taking these along with a lookup table for the probabilities of the different event pairings, we determine the synchronization probability of the different potential offsets using Bayesian analysis. To demonstrate the robust nature of this algorithm, we tracked its performance using simulated data with varying parameters. We find that we can achieve a 95% synchronization confidence using a string length of only 4,140 communication bin widths, meaning we can tolerate clock drift approaching 1 part in 4,140 in this example when simulating this system with a dark count probability per communication bin width of 8⨉10-4 and a received mean photon number of 0.01. The relationship between the received mean photon number and the number of communication bin widths required to achieve a 95% synchronization confidence is shown in Fig. 1. We applied this algorithm to data collected from our drone-to-done QKD experiments, with a received mean photon number of 0.043, achieving quantum bit error rates of 0.0106, 0.0287, and 0.0361 for our 3 states.

Measurement-device-independent (MDI) QKD removes all side-channel attacks on detectors. Continuous variable (CV) MDI-QKD based on coherent states is a promising candidate for integration into existing telecom infrastructure. Despite previous demonstrations of the concept and the potential for secure communication offered by CV MDI-QKD, a practical implementation of the system for real-world data encryption has yet to be achieved. Here, we introduce a simple and practical CV MDI-QKD system that can coexist with classical telecommunications channels. This is achieved through the use of a new relay structure, a real-time phase locking system and a well-designed digital signal-processing pipeline. Our design demonstrates the first practical CV MDI-QKD system, operating at a symbol rate of 20 MBaud and generating keys that are secure against collective attacks in both the finite-size and asymptotic regimes. This sets an important milestone towards in-field implementation and integration of high-performance CV MDI-QKD into telecom networks.

It is usually essential to have a common reference frame between two communication parties to perform quantum communication. Notably,  Reference-Frame-Independent Quantum Key Distribution (RFI-QKD) provides a practical way to generate secret keys between two remote parties without sharing standard reference frames. Here, we have shown that the RFI-QKD protocol can be expanded into a multiparty system with Greenberger-Horne-Zeilinger (GHZ) entangled state. We derive the asymptotic key rate and perform the proof-of-principle experiment to verify the proposed multiparty protocols feasibility. Considering that sharing a common reference frame becomes more difficult as the number of parties increases, our protocol provides a new path to implement multipartite quantum communication in real world.

The coherent one-way (COW) protocol is a promising commercial solution to practical quantum key distribution (QKD) due to its simple optical implementation. However, the non-IID structure of COW due to its inter-signal coherence makes standard security analysis inapplicable. Recently, it has been shown that a modified COW setup allows standard IID analysis, but at the cost of imposing extra limitations and increasing the number of pulses required for each bit. Here we propose a variant that possesses the IID structure and completely retains the optical setup of COW, but with a different data processing scheme that ignores inter-signal information. We obtain key rate lower bound close to analysis for the previously proposed IID variant, and achieves a higher number of key bits transmitted per second.

Recent years have seen tremendous progress in increasing distances for distribution of quantum states and quantum entanglement, most notably in quantum key distribution. Even though these advances point towards breaching 1000 km and more in the near future, true global connectivity for secure intercontinental quantum links will likely require the operation of trusted networks based on quantum repeaters. To overcome associated losses in even the best optical fibers on ground, operating repeater nodes in space to utilize low-loss inter-satellite links may prove to be the only viable strategy. Successfully deployed QKD experiments and quantum technology in space, brings this idea closer to realization. Nevertheless, conceptual designs [9, 10] and component development are still in their infancy and it will require extraordinary engineering achievements to materialize robust space-based quantum networks. Here, we present recent efforts at the German Aerospace Center (DLR) to investigate the realization of robust global quantum networks. We are developing a holistic approach which bundles expertise on the necessary components for space-based quantum repeaters, i.e. photon sources, quantum memories, optical links, laser terminals, and orbital simulations. From this, we derive a common set of requirements to push concrete technological implementation. The long-term goal of this project is to develop space-hardened components for successful operation of intercontinental space-based quantum networks.

Device-independent (DI) protocols have experienced significant progress in recent years, with a series of demonstrations of DI randomness generation or expansion, as well as DI quantum key distribution. However, existing security proofs for those demonstrations rely on a typical assumption in DI cryptography, that the devices do not leak any unwanted information to each other or to an adversary. This assumption may be difficult to perfectly enforce in practice. While there exist other DI security proofs that account for a constrained amount of such leakage, the techniques used are somewhat unsuited for analyzing the recent DI protocol demonstrations. In this work, we address this issue by studying a constrained leakage model suited for this purpose, which should also be relevant for future similar experiments. Our proof structure is compatible with recent proof techniques for flexibly analyzing a wide range of DI protocol implementations. With our approach, we compute some estimates of the effects of leakage on the keyrates of those protocols, hence providing a clearer understanding of the amount of leakage that can be allowed while still obtaining positive keyrates. Our results and techniques should also be relevant in proving security of device-dependent QKD against constrained leakage.

Quantum supremacy poses that a realistic quantum computer can perform a calculation that classical computers cannot in any reasonable amount of time. It has become a topic of significant research interest since the birth of the field, and it is intrinsically based on the efficient construction of quantum algorithms. It has been shown that there exists an expeditious way to solve the noisy linear (or learning with errors) problems in quantum machine learning theory via a well-posed quantum sampling over pure quantum states. In this paper, we propose an advanced method to reduce the sample size in the noisy linear structure, through a technique of randomizing quantum states, namely, $\varepsilon$-random technique. Particularly, we show that it is possible to reduce a quantum sample size in a quantum random access memory (QRAM) to the linearithmic order, in terms of the dimensions of the input-data. Thus, we achieve a shorter run-time for the noisy linear problem.

In this work, we analyze the security of a QKD repeater chain where some, but not all, repeaters and fiber links are under the control of an adversary. We show how to bound the quantum min-entropy for this scenario, needed to compute key-rates in the finite-key scenario. Our proof methods may also have numerous applications in other areas of QKD and quantum cryptographic research. Finally we evaluate our new bound and show that positive key-rates are possible even in noisy scenarios. Since early quantum repeaters are bound to be noisy, yet also bound to be partially trustworthy in some scenarios, our work shows improved bit generation rates are possible for early QKD networks.

Properties of quantum mechanics have enabled the emergence of quantum cryptographic protocols achieving important goals which are proven to be impossible classically. Unfortunately, this usually comes at the cost of needing quantum power from every party in the protocol, while arguably a more realistic scenario would be a network of classical clients, classically interacting with a quantum server. In this paper, we focus on copy-protection, which is a quantum primitive that allows a program to be evaluated, but not copied, and has shown interest especially due to its links to other unclonable cryptographic primitives. Our main contribution is to show how to dequantize existing quantum copy-protection from hidden coset states, by giving a construction for classically-instructed remote state preparation for coset states. We also present the first secure copy-protection scheme for point-functions in the plain model, to which our dequantizer can be applied.

Succinct Non-interactive Arguments (SNARGs) are cryptographic protocols that enable a prover to demonstrate the validity of an $\NP$ statement to a verifier using a single message of size poly-logarithmic in the size of the $\NP$ statement and witness. Currently, SNARGs are only known to exist based on non-standard cryptographic assumptions, and were shown to be inherently challenging to obtain from standard assumptions by the work of \cite{STOC:GenWic11}. The work proved that standard (black-box) proof techniques are insufficient to prove the security of a SNARG based on any standard (falsifiable) cryptographic assumption. We extend the result of \cite{STOC:GenWic11} to the quantum setting, where parties can perform quantum computations and communicate using quantum information. The result of \cite{STOC:GenWic11} uses the meta-reduction paradigm, which is a general technique for obtaining cryptographic impossibility results. To obtain our result, we extend the above paradigm to the quantum setting, which we believe to be of independent interest.

In recent times, field trials of quantum key distribution (QKD) have been conducted using the existing optical fiber infrastructure. However, one significant challenge faced during these trials is ensuring the stability of QKD operation. The instability of QKD operation is caused by the two factors: random fluctuations in polarization of photon over time and time drift of the photon as it traverses the deployed optical fiber. These issues are unavoidable due to the inability to accurately estimate and control factors such as temperature, vibration, and stress in the deployed optical fiber. To address this instability, various solutions based on active or passive optics have been proposed. In this paper, we present an active optics-based simple polarization stabilizer utilizing an optical polarizer, an active polarization controller, and a single photon detector. For the fast operation, we utilize only 2 out of the 4 axes of the polarization controller for the stabilizer. The experimental results verify the stability of the stabilizer.

We implement a simulation of a recent device-independent quantum key distribution (DIQKD) protocol to investigate its features, especially with respect to the effect of imperfections such as noise or loopholes. The simulation is based on a RESTful API recently introduced by us, capable of implementing nonlocal no-signaling correlations via communication with a server instead of making measurements on quantum systems. The presented framework can be used in development projects for testing and experimenting, before putting a DIQKD-based solution into production, replacing the API with actual quantum devices.

Satellite-based implementations are essential to realise QKD systems with global reach. Our current work aims to develop a consistent protocol that specifies the individual procedural steps of Decoy-State BB84 for space applications, accompanied by a rigorous security analysis. To this end, we are bringing together the results of decades of fundamental research and patching gaps where necessary to make it ready for application in accredited systems. On the poster, we will present interim results as well as the main challenges we are facing. For a more detailed abstract, please see the submitted pdf file above.

Quantum key distribution (QKD) aims to extract secret keys from correlations between quantum systems. Most QKD research focuses on "device-dependent" protocols whose security is conditioned on their quantum devices operating within specified tolerances. These assumptions on device operation render device-dependent protocols vulnerable to attacks that exploit the differences in real devices and their models in security proofs, and hence threaten the security of such protocols. Alternatively, Device-independent (DI) QKD seeks to achieve security with minimal assumptions on quantum devices by relying on quantum correlations that violate Bell inequalities, overcoming this short-coming of device-dependent QKD. Our work is motivated by the following two observations. First, DIQKD is more secure but has worse noise and loss tolerances than device-dependent QKD. This point has motivated investigations into new techniques to improve these tolerance thresholds such as random key generation, random post-selection, noisy pre-processing and advantage distillation, the last of which we investigate, and which describes a two-way communication procedure in the error correction step of the protocol. Second, the precise circumstances in which DIQKD is possible are unclear, since not all correlations that violate Bell inequalities can be used to distill a secret key in DIQKD. Under the independent and identically distributed (IID) collective attacks framework, previous work sought to resolve both problems by implementing DIQKD with an advantage distillation protocol called the repetition-code protocol. The authors derived both a sufficient and a conjectured necessary condition for security based on the fidelity between some states in the protocol. However, the significance of their results was limited by a gap between the two security conditions, which prevented the calculation of tight noise tolerance bounds and suggested that the fidelity is not the right quantity to consider to characterize exactly when key distillation in DIQKD is possible. Furthermore, in our work we replace the fidelity in the security proofs with the quantum Chernoff divergence, a measure of distinguishability in symmetric hypothesis testing, and achieve equivalent sufficient and necessary conditions for security for the repetition-code DIQKD protocol under the i.i.d collective attacks framework. Consequently, our work strongly indicates that quantum Chernoff divergence is the relevant quantity to describe the security of the repetition-code DIQKD protocol. With our new security condition, we show that the noise tolerance thresholds of the repetition-code DIQKD protocol outperform even one-way DIQKD protocols implemented with noisy pre-processing and random key measurements.

Quantum entanglement is a preliminary requirement for many protocols in quantum computing, communication, and sensing. Entanglement is typically achieved by having two particles created from the same source [1]. However, creating quantum networks and internet requires distributing and manipulating quantum states between remote nodes through protocols such as quantum entanglement. Here we report high-fidelity entanglement swapping using time-bin qubits, with the aim of distributing entanglement between national laboratories in the United States. References: [1] Zhang, W., Xu, D., amp; Chen, L. (2023). Polarization entanglement from parametric down-conversion with an LED pump. Physical Review Applied, 19(5). https://doi.org/10.1103/physrevapplied.19.0540

Quantum dot-based entangled photon sources are promising candidates for quantum key distribution (QKD), as they can in principle emit deterministically, with high brightness and low multiphoton contribution. However, quantum dots (QD) often inherently possess a fine structure splitting (FSS). Since the entangled photonic state in the presence of non-zero FSS is oscillating, one must settle for a lower efficiency source through temporal post-selection or a lower measured entanglement fidelity. In both cases, the overall key rate is reduced. Our QKD analysis shows that this trade-off can be overcome by constructing a time-resolved QKD protocol where all photon pairs emitted by a QD with non-zero FSS can be used in secret key generation. This protocol works only when the detection system's temporal resolution is much smaller than the FSS period. By implementing our protocol, higher key rates can be achieved as compared to previous QKD experiments with QD entangled photon pair sources. Additionally, unlike previous security analyses that assume perfect qubit states, we rigorously bound the effect of any multi-photon components of the optical state on the key rate, which is more applicable to practical implementations.

Twin-Field Quantum Key Distribution (TF-QKD) is an innovative family of protocols characterized by a weaker dependence of the achievable secret key rate on the channel loss, with respect to conventional QKD solutions. In this work, we discuss several important aspects encountered in TF-QKD when transitioning from point-to-point links to a network configuration. 1) The effects of path length mismatch between the two arms of the link (A-C and B-C) is discussed in several configurations. 2) The noise contributions (stronger in in-field deployment) are meticulously analyzed, their effect on the final key rate is estimated and solutions to mitigate the problem are implemented. 3) The topic of building complex and large networks with TF-QKD is tackled to find advantageous configurations. Interconnected macro-star networks based on TF-QKD are simulated by means of the “qkdnetsim” package of the network simulator “ns3”. The upcoming deployment of national QKD networks requires dedicated studies in this direction to build efficient and long-range solutions, compatible with current telecom standards.

Twin-field quantum key distribution (TF-QKD) and its variants provide a promising solution for sharing information-theoretic secure keys between intercity peers since they are able to overcome the fundamental rate-transmittance bound without quantum repeaters. In this paper, we propose to improve the key rate at long distances and the maximum achievable distance for TF-QKD by deriving the error rates under three mutually unbiased bases, i.e., σX, σY , and σZ in two-dimensional Hilbert space. Moreover, learning these error rates, one can add noisy preprocessing to further improve its performance. We also observe that higher bit error rates do not necessarily imply lower key rates when noisy preprocessing is added. Our method does not change the existing physical implementation or experimental operation, but only requires simple postprocessing of the experimental data, which can be directly used to improve the key rate performance of the existing QKD system. The simulation results demonstrate its notable enhancements in terms of key rate at long distances and the maximum achievable distance for the phase-encoded TF-QKD protocol.

Much of the strength of quantum cryptography may be attributed to the no-cloning property of quantum information. We construct three new cryptographic primitives whose security is based on uncloneability, and that have in common that their security can be established via a novel monogamy-of-entanglement (MoE) property: -- We define interactive uncloneable encryption, a version of the uncloneable encryption defined by Broadbent and Lord [TQC 2020] where the receiver must partake in an interaction with the sender in order to decrypt the ciphertext. We provide a one-round construction that is secure in the information-theoretic setting, in the sense that no other receiver may learn the message even if she eavesdrops on all the interactions. -- We provide a way to make a bit string commitment scheme uncloneable. The scheme is augmented with a check step chronologically in between the commit and open steps, where an honest sender verifies that the commitment may not be opened by an eavesdropper, even if the receiver is malicious. Our construction preserves the assumptions of the original commitment while requiring only a polynomial decrease in the length of the committed string. -- We construct a receiver-independent quantum key distribution (QKD) scheme, which strengthens the notion of one-sided device independent QKD of Tomamichel, Fehr, Kaniewski, and Wehner (TFKW) [NJP 2013] by also permitting the receiver's classical device to be untrusted. Explicitly, the sender remains fully trusted while only the receiver's communication is trusted. We provide a construction that achieves the same asymptotic error tolerance as the scheme of TFKW. To show security, we prove an extension of the MoE property of coset states introduced by Coladangelo, Liu, Liu, and Zhandry [Crypto 2021]. In our stronger version, the player Charlie also receives Bob's answer prior to making his guess, thus simulating a party who eavesdrops on an interaction. To make use of this property, we express it as a new type of entropic uncertainty relation which arises naturally from the structure of the underlying MoE game.

With the recent availability of cloud quantum computing services, the question of verifying quantum computations delegated by a client to a quantum server is becoming of practical interest. While Verifiable Blind Quantum Computing (VBQC) has emerged as one of the key approaches to address this challenge, current protocols still need to be optimised before they are truly practical. To this end, we establish a fundamental correspondence between error-detection and verification and provide sufficient conditions to both achieve security in the Abstract Cryptography framework and optimise resource overheads of all known VBQC-based protocols. As a direct application, we demonstrate how to systematise the search for new efficient and robust verification protocols for BQP computations. While we have chosen Measurement-Based Quantum Computing (MBQC) as the working model for the presentation of our results, one could expand the domain of applicability of our framework via direct known translation between the circuit model and MBQC.

It is well-known in classical cryptography that standard (black-box) proof techniques are insufficient to establish the security of statistical NIZK arguments for NP based on any standard (falsifiable) cryptographic assumption. In this work, we extend this impossibility result to a quantum scenario where quantum computations and communications are incorporated into the protocol. The classical result is demonstrated using the meta-reduction paradigm, which is a typical technique employed to generate cryptographic impossibility results. In our work, we extend this technique to the quantum setting to prove our results.

We point out a critical flaw in the analysis of Quantum Key Distribution (QKD) protocols that employ the two-way error correction protocol Cascade. Specifically, this flaw stems from an incom-plete consideration of all two-way communication that occurs during the Cascade protocol. We present a straightforward and elegant alternative approach that addresses this flaw and produces valid key rates. We exemplify our new approach by comparing its key rates with those generated using older, incorrect approaches, for Qubit BB84 and Decoy-State BB84 protocols. We show that in many practically relevant situations, our rectified approach produces the same key rate as older, incorrect approaches. However, in other scenarios, our approach produces valid key rates that are lower, highlighting the importance of properly accounting for all two-way communication during Cascade.