## List of Accepted Contributed Talks

(in order of submission)

- #10:A Quantum Money Solution to the Blockchain Scalability ProblemAndrea Coladangelo (Caltech); Or Sattath (Ben-Gurion University)[abstract]
**Abstract:**We put forward the idea that classical blockchains and smart contracts are potentially useful primitives not only for classical cryptography, but for quantum cryptography as well. Abstractly, a smart contract is a functionality that allows parties to deposit funds, and release them upon fulfillment of algorithmically checkable conditions, and can thus be employed as a formal tool to enforce monetary incentives. In this work, we give the first example of the use of smart contracts in a quantum setting. We describe a simple hybrid classical-quantum payment system whose main ingredients are a classical blockchain capable of handling stateful smart contracts, and quantum lightning, a strengthening of public-key quantum money introduced by Zhandry (Eurocrypt'19). Our hybrid payment system employs quantum states as banknotes and a classical blockchain to settle disputes and to keep track of the valid serial numbers. It has several desirable properties: it is decentralized, requiring no trust in any single entity; payments are as quick as quantum communication, regardless of the total number of users; when a quantum banknote is damaged or lost, the rightful owner can recover the lost value.Presenter live session: Andrea Coladangelo - #16:Quantum encryption with certified deletionAnne Broadbent (University of Ottawa); Rabib Islam (University of Ottawa)[abstract]
**Abstract:**Given a ciphertext, is it possible to prove the deletion of the underlying plaintext? Since classical ciphertexts can be copied, clearly such a feat is impossible using classical information alone. In stark contrast to this, we show that quantum encodings enable certified deletion. More precisely speaking, we show that it is possible to encrypt classical data into a quantum ciphertext such that the recipient of the ciphertext can produce a classical string which proves to the originator that the recipient has relinquished any chance of recovering the plaintext should the decryption key be revealed. Our scheme is feasible with current quantum technology: the honest parties only require quantum devices for single-qubit preparation and measurements; the scheme is also robust against noise in these devices. Furthermore, we provide an analysis that is suitable in the finite-key regimePresenter live session: Anne Broadbent - #17:Succinct Blind Quantum Computation Using a Random OracleJiayu Zhang (Boston University)[abstract]
**Abstract:**In the universal blind quantum computation problem, a client wants to make use of a single quantum server to evaluate $C\ket{0}$ where $C$ is an arbitrary quantum circuit while keeping $C$ secret. The client's goal is to use as few resources as possible. This problem, first raised by Broadbent, Fitzsimons and Kashefi\cite{UBQC}, has become fundamental to the study of quantum cryptography, not only because of its own importance, but also because it provides a testbed for new techniques that were later applied to related problems (for example, quantum computation verification). Previous works on this problem mainly focused on either information-theoretically (IT) secure protocols or techniques based on trapdoor assumptions (public key encryptions).\par In this paper we study how the availability of symmetric-key primitives, modeled by a random oracle, changes the complexity of universal blind quantum computation. We give a new universal blind quantum computation protocol. Similar to previous works on IT-secure protocols (for example, BFK\cite{UBQC}), our protocol has an offline phase and an online phase. In the offline phase the client prepares some quantum gadgets with relatively simple quantum gates and sends them to the server, and in the online phase the client is entirely classical --- it does not even need quantum storage. Crucially, the protocol's offline phase is \emph{succinct}, that is, its complexity is independent of the circuit size. Its complexity is only $poly(\kappa)$ where $poly$ is a fixed polynomial, and can be used to evaluate any circuit (or several circuits) of size up to $subexp(\kappa)$. In contrast, known schemes either require the client to perform quantum computations that scale with the size of the circuit \cite{UBQC}, or require trapdoor assumptions \cite{Mahadev2017}.Presenter live session: Jiayu Zhang - #18:High-Speed Measurement-Device-Independent Quantum Key Distribution with Integrated Silicon PhotonicsWei Li (University of Science and Technology of China); Kejin Wei (University of Science and Technology of China); Hao Tan (University of Science and Technology of China); Yang Li (University of Science and Technology of China); Hao Min (University of Science and Technology of China); Wei-Jun Zhang (Shanghai Institute of Microsystem and Information Technology); Hao Li (Shanghai Institute of Microsystem and Information Technology); Lixing You (Shanghai Institute of Microsystem and Information Technology); Zhen Wang (Shanghai Institute of Microsystem and Information Technology); Xiao Jiang (University of Science and Technology of China); Teng Yun Chen (University of Science and Technology of China); Sheng-Kai Liao (University of Science and Technology of China); Cheng-Zhi Peng (University of Science and Technology of China); Feihu Xu (University of Science and Technology of China); Jian-Wei Pan (University of Science and Technology of China)[abstract]
**Abstract:**Measurement-device-independent quantum key distribution (MDI-QKD) removes all detector side channels and enables secure QKD with an untrusted relay. It is suitable for building a star-type quantum access network, where the complicated and expensive measurement devices are placed in the central untrusted relay and each user requires only a low-cost transmitter, such as an integrated photonic chip. Here, we experimentally demonstrate a 1.25 GHz silicon photonic chip-based MDI-QKD system using polarization encoding. The photonic chip transmitters integrate the necessary encoding components for a standard QKD source. We implement random modulations of polarization states and decoy intensities, and demonstrate a finite-key secret rate of 31 bps over 36 dB channel loss (or 180 km standard fiber). This key rate is higher than state-of-the-art MDI-QKD experiments. The results show that silicon photonic chip-based MDI-QKD, benefiting from miniaturization, low-cost manufacture and compatibility with CMOS microelectronics, is a promising solution for future quantum secure networks.Presenter live session: Wei Li - #21:Experimental Measurement-Device-Independent Quantum Key Distribution with Uncharacterized SourcesXing-Yu Zhou (Nanjing University of Posts & Telecommunications); Hua-Jian Ding (Nanjing University of Posts & Telecommunications); Chun-Hui Zhang (Nanjing University of Posts & Telecommunications); Qin Wang (Nanjing University of Posts & Telecommunications)[abstract]
**Abstract:**The measurement-device-independent quantum key distribution (MDI-QKD) protocol plays an important role in quantum communications due to its high level of security and practicability. It can be immune to all side-channel attacks directed on the detecting devices. However, the protocol still contains strict requirements during state preparation in most existing MDI-QKD schemes, e.g., perfect state preparation or perfectly characterized sources, which are very hard to realize in practice. In this letter, we investigate uncharacterized MDI-QKD by utilizing a three-state method, greatly reducing the finite-size effect. The only requirement for state preparation is that the state are prepared in a bidimensional Hilbert space. Furthermore, a proof-of-principle demonstration over a 170 km transmission distance is achieved, representing the longest transmission distance under the same security level on record.Presenter live session: Qin Wang - #29:On Security Notions for Encryption in a Quantum WorldCéline Chevalier (University of Paris II); Ehsan Ebrahimi (University of Luxembourg); Quoc-Huy Vu (University of Paris II)[abstract]
**Abstract:**Indistinguishability against adaptive chosen-ciphertext attacks (IND-CCA2) is usually considered the most desirable security notion for classical encryption. In this work, we investigate its adaptation in the quantum world, when an adversary can perform superposition queries. The security of quantum-secure classical encryption has first been studied by Boneh and Zhandry (CRYPTO'13), but they restricted the adversary to classical challenge queries, which makes the indistinguishability only hold for classical messages (IND-qCCA2). In this work, we give the first security notions for fully quantum indistinguishability under quantum adaptive chosen-ciphertext attacks, where the indistinguishability holds for superposition of plaintexts (qIND-qCCA2). This resolves an open problem asked by Gagliardoni et al. (CRYPTO'16). The qCCA2 security is defined in Boneh-Zhandry's paper using string copying and comparison, which is inherent in the classical setting. Quantumly, it is unclear what it means for a ciphertext to be different from the challenge ciphertext, and how the challenger can check the equality. The classical approach would either violate the no-cloning theorem or lead to perturbing the adversary's state, which may be detectable. To remedy these problems, from the recent groundbreaking compressed oracle technique introduced by Zhandry (CRYPTO'19), we develop a generic framework that allows to record quantum queries for probabilistic functions. We then give definitions for fully quantum real-or-random indistinguishability under adaptive chosen-ciphertext attacks (qIND-qCCA2). In the symmetric setting, we show that various classical modes of encryption are trivially broken in our security notions. We then provide the first formal proof for quantum security of the Encrypt-then-MAC paradigm, which also answers an open problem posed by Boneh and Zhandry. In the public-key setting, we show how to achieve these stronger security notions (qIND-qCCA2) from any encryption scheme secure in the sense of Boneh-Zhandry (IND-qCCA2). Along the way, we also give the first definitions of non-malleability for classical encryption in the quantum world and show that the picture of the relations between these notions is essentially the same as in the classical setting.Presenter live session: Quoc-Huy Vu - #30:Secure Multi-party Quantum Computation with a Dishonest MajorityYfke Dulek (QuSoft and University of Amsterdam); Alex Grilo (QuSoft and CWI Amsterdam); Stacey Jeffery (QuSoft and CWI Amsterdam); Christian Majenz (QuSoft and CWI Amsterdam); Christian Schaffner (QuSoft and University of Amsterdam)[abstract]
**Abstract:**The cryptographic task of secure multi-party (classical) computation has received a lot of attention in the last decades. Even in the extreme case where a computation is performed be- tween k mutually distrustful players, and security is required even for the single honest player if all other players are colluding adversaries, secure protocols are known. For quantum com- putation, on the other hand, protocols allowing arbitrary dishonest majority have only been proven for k = 2. In this work, we generalize the approach taken by Dupuis, Nielsen and Salvail (CRYPTO 2012) in the two-party setting to devise a secure, efficient protocol for multi- party quantum computation for any number of players k, and prove security against up to k − 1 colluding adversaries. The quantum round complexity of the protocol for computing a quantum circuit of {CNOT, T} depth d is O(k · (d + log n)), where n is the security parameter. To achieve efficiency, we develop a novel public verification protocol for the Clifford authen- tication code, and a testing protocol for magic-state inputs, both using classical multi-party computation.Presenter live session: Alex Grilo - #36:Experimental quantum key distribution secure against malicious devicesVíctor Zapatero (University of Vigo, Spain); Wei Li (University of Science and Technology of China, Hefei, China); Feihu Xu (University of Science and Technology of China, Hefei, China); Marcos Curty (University of Vigo, Spain)[abstract]
**Abstract:**The fabrication of quantum key distribution (QKD) systems typically involves several parties, thus providing Eve with multiple opportunities to meddle with the devices. As a consequence, conventional hardware and/or software hacking attacks pose natural threats to the security of practical QKD. Fortunately, if the number of corrupted devices is limited, the security can be restored by using redundant apparatuses. Here, we report on the demonstration of a secure QKD setup with optical devices and classical post-processing units possibly controlled by an eavesdropper. We implement a 1.25 GHz chip-based measurement-device-independent QKD system secure against malicious devices on both the measurement and the users' sides. The secret key rate reaches 137 bps over a 24 dB channel loss. Our setup, benefiting from high clock rate, miniaturized transmitters and a cost-effective structure, provides a promising solution for widespread applications requiring uncompromising communication security.Presenter live session: Víctor Zapatero - #38:Security proof of practical quantum key distribution with detection-efficiency mismatchYanbao Zhang (NTT Basic Research Lab); Patrick J. Coles (Los Alamos National Laboratory); Adam Winick (Institute for Quantum Computing, Waterloo); Jie Lin (Institute for Quantum Computing, Waterloo); Norbert Lutkenhaus (Institute for Quantum Computing, Waterloo)[abstract]
**Abstract:**Quantum key distribution (QKD) protocols with threshold detectors are driving high-performance QKD demonstrations. The corresponding security proofs usually assume that all physical detectors have the same detection efficiency. However, the efficiencies of the detectors used in practice might show a mismatch depending on the manufacturing and setup of these detectors. A mismatch can also be induced as the different spatial-temporal modes of an incoming signal might couple differently to a detector. Here we develop a method that allows to provide security proofs without the usual assumption. Our method can take the detection-efficiency mismatch into account without having to restrict the attack strategy of the adversary. Especially, we do not rely on any photon-number cut-off of incoming signals such that our security proof is complete. Though we consider polarization encoding in the demonstration of our method, the method applies to a variety of coding mechanisms, including time-bin encoding, and also allows for general manipulations of the spatial-temporal modes by the adversary. We thus can close the long-standing question how to provide a valid, complete security proof of a QKD setup with characterized efficiency mismatch. Our method also shows that in the absence of efficiency mismatch, the key rate increases if the loss due to detection inefficiency is assumed to be outside of the adversary's control, as compared to the view where for a security proof this loss is attributed to the action of the adversary.Presenter live session: Yanbao Zhang - #40:Device-independent Randomness Expansion with Entangled PhotonsYanbao Zhang (NTT Basic Research Lab); Lynden K. Shalm (NIST-Boulder); Joshua C. Bienfang (NIST-Maryland); Collin Schlager (NIST-Boulder); Martin J. Stevens (NIST-Boulder); Michael D. Mazurek (NIST-Boulder); Carlos Abellan (Barcelona Institute of Science and Technology); Waldimar Amaya (Barcelona Institute of Science and Technology); Morgan W. Mitchell (Barcelona Institute of Science and Technology); Mohammad A. Alhejji (University of Colorado Boulder); Honghao Fu (University of Maryland); Joel Ornstein (University of Colorado Boulder); Richard P. Mirin (NIST-Boulder); Sae Woo Nam (NIST-Boulder); Emanuel Knill (NIST-Boulder)[abstract]
**Abstract:**With the growing availability of experimental loophole-free Bell tests, it has become possible to implement a new class of device-independent random number generators whose output can be certified to be uniformly random without requiring a detailed model of the quantum devices used. However, all previous experiments require many input bits in order to certify a small number of output bits, and it is an outstanding challenge to develop a system that generates more randomness than is used. Here, we devise a device-independent spot-checking protocol which uses only uniform bits as input. Implemented with a photonic loophole-free Bell test, we can produce 24% more certified output bits (1,181,264,237 bits) than consumed input bits (953,301,640 bits), which is 5 orders of magnitude more efficient than our previous work [Phys. Rev. Lett. 124, 010505 (2020)]. The experiment ran for 91.0 hours, creating randomness at an average rate of 3,606 bits/second with a soundness error bounded by 5.7e-7 in the presence of classical side information. Our system will allow for greater trust in public sources of randomness, such as randomness beacons, and the protocol may one day enable high-quality sources of private randomness as the device footprint shrinks.Presenter live session: Yanbao Zhang - #41:The Measure-and-Reprogram Technique 2.0: Multi-Round Fiat-Shamir and MoreJelle Don (CWI); Serge Fehr (CWI & Leiden University); Christian Majenz (CWI & QuSoft)[abstract]
**Abstract:**We revisit recent works by Don, Fehr, Majenz and Schaffner and by Liu and Zhandry on the security of the Fiat-Shamir transformation of sigma-protocols in the quantum random oracle model (QROM). Two natural questions that arise in this context are: (1) whether the results extend to the Fiat-Shamir transformation of *multi-round* interactive proofs, and (2) whether Don et al.'s O(q^2) loss in security is optimal. Firstly, we answer question (1) in the affirmative. As a byproduct of solving a technical difficulty in proving this result, we slightly improve the result of Don et al., equipping it with a cleaner bound and an even simpler proof. We apply our result to digital signature schemes showing that it can be used to prove strong security for schemes like MQDSS in the QROM. As another application we prove QROM-security of a non-interactive OR proof by Liu, Wei and Wong. As for question (2), we show via a Grover-search based attack that Don et al.'s quadratic security loss for the Fiat-Shamir transformation of sigma-protocols is optimal up to a small constant factor. This extends to our new multi-round result, proving it tight up to a factor that depends on the number of rounds only, i.e. is constant for any constant-round interactive proof.Presenter live session: Jelle Don - #44:Broadband Detector-Integrated On-Chip QKD Receiver for GHz Clock RatesFabian Beutel (University of Münster, Institute of Physics, 48149 Münster, Germany); Helge Gehring (University of Münster, Institute of Physics, 48149 Münster, Germany); Martin A. Wolff (University of Münster, Institute of Physics, 48149 Münster, Germany); Carsten Schuck (University of Münster, Institute of Physics, 48149 Münster, Germany); Wolfram Pernice (University of Münster, Institute of Physics, 48149 Münster, Germany)[abstract]
**Abstract:**We present an on-chip receiver for time-based quantum key distribution (QKD) protocols such as the three-state time-bin protocol. The device features fully integrated superconducting nanowire single-photon detectors (SNSPD), low-loss delay lines and broadband 3D fiber-to-chip couplers with a total footprint of 800x800µm^2 on a single chip. By using waveguide-integrated SNSPDs featuring small dead times and low dark-count rates we are able to operate at 2.5 GHz clock rates and achieve high performance without saturating the detector at short distances. The device is demonstrated to work for wavelengths from 1480 nm to 1610 nm, but can be easily adapted to also work at visible light (on the same chip).Presenter live session: Fabian Beutel - #46:Analytic quantum weak coin flipping protocols with arbitrarily small biasAtul Singh Arora (Universite libre de Bruxelles); Jeremie Roland (Universite libre de Bruxelles); Chrysoula Vlachou (Universite libre de Bruxelles)[abstract]
**Abstract:**Weak coin flipping (WCF) is a fundamental cryptographic primitive, where two distrustful parties need to remotely establish a shared random bit, whilst having opposite preferred outcomes. A WCF protocol is said to have bias ε if neither party can force their preferred outcome with probability greater than 1/2+ε. Classical WCF protocols are shown to have bias 1/2, i.e., a cheating party can always force their preferred outcome. A lower bias can only be achieved by employing extra assumptions, such as computational hardness. On the other hand, there exist quantum WCF protocols with arbitrarily small bias, as Mochon showed in his seminal work in 2007 [arXiv:0711.4114]. In particular, he proved the existence of a family of WCF protocols approaching bias ε(k) = 1/(4k + 2) for arbitrarily large k and proposed a protocol with bias 1/6. Last year, Arora, Roland and Weis presented a protocol with bias 1/10 and to go below this bias, they designed an algorithm that numerically constructs unitary matrices corresponding to WCF protocols with arbitrarily small bias [STOC’19, p.205-216]. In this work, we present new techniques which yield a fully analytical construction of WCF protocols with bias arbitrarily close to zero, thus achieving a solution that has been missing for more than a decade. Furthermore, our new techniques lead to a simplified proof of existence of WCF protocols by circumventing the non-constructive part of Mochon’s proof. The construction of an explicit WCF protocol approaching bias 1/14 is illustrated as an example.Presenter live session: Atul Singh Arora - merged with#49:Fast and simple qubit-based synchronization for quantum key distributionLuca Calderaro (Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Padova, via Gradenigo 6B, 35131 Padova, Italy); Andrea Stanco (Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Padova, via Gradenigo 6B, 35131 Padova, Italy); Costantino Agnesi (Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Padova, via Gradenigo 6B, 35131 Padova, Italy); Marco Avesani (Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Padova, via Gradenigo 6B, 35131 Padova, Italy); Daniele Dequal (Matera Laser Ranging Observatory, Agenzia Spaziale Italiana, Matera, Italy); Paolo Villoresi (Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Padova, via Gradenigo 6B, 35131 Padova, Italy); Giuseppe Vallone (Dipartimento di Ingegneria dell'Informazione, Università degli Studi di Padova, via Gradenigo 6B, 35131 Padova, Italy)[abstract]
**Abstract:**We propose Qubit4Sync, a synchronization method for Quantum Key Distribution (QKD) setups, based on the same qubits exchanged during the protocol and without requiring additional hardware other than the one necessary to prepare and measure the quantum states, in a similar fashion to the clock recovery used in classical communications. Our approach introduces a new cross-correlation algorithm achieving the lowest computational complexity, to our knowledge, for high channel losses. We tested the robustness of our scheme in a real QKD implementation, and we believe it may find application in other quantum communication protocolsPresenter live session: Luca Calderaro#55:Simple and robust QKD system with Qubit4Sync temporal synchronization and the POGNAC polarization encoderCostantino Agnesi (Università degli Studi di Padova); Marco Avesani (Università degli Studi di Padova); Luca Calderaro (Università degli Studi di Padova); Andrea Stanco (Università degli Studi di Padova); Giulio Foletto (Università degli Studi di Padova); Mujtaba Zahidy (Università degli Studi di Padova); Alessia Scriminich (Università degli Studi di Padova); Francesco Vedovato (Università degli Studi di Padova); Giuseppe Vallone (Università degli Studi di Padova); Paolo Villoresi (Università degli Studi di Padova)[abstract]**Abstract:**Here we present a simple and robust polarization encoded QKD experiment where synchronization, polarization compensation and QKD are all performed with the same optical setup, without requiring any changes or any additional hardware, by exploiting only the transmission of quantum states. Furthermore, the developed polarization encoder exhibits high stability and the lowest intrinsic Quantum Bit Error Rate ever reported.Presenter live session: Costantino Agnesi - #52:Experimental quantum conference key agreementAlessandro Fedrizzi (Heriot-Watt University); Massimiliano Proietti (Heriot-Watt University); Joseph Ho (Heriot-Watt University); Federico Grasselli (Heinrich-Heine University Duesseldorf); Peter Barrow (Heriot-Watt University); Mehul Malik (Heriot-Watt University)[abstract]
**Abstract:**Paradigmatic QKD protocols establish secure keys between pairs of users, however when more than two parties want to communicate, recently introduced quantum conference quantum key agreement (CKA) protocols can outperform 2-party primitives in terms of resource cost. In this contribution we report an implementation of a four-user quantum CKA protocol using polarisation-encoded multi-partite GHZ states at telecom wavelength. We distribute these states over up to 50km of optical fibre and implement custom multiparty error correction and privacy amplification on the resulting raw keys. From a finite-key analysis, we establish an information-theoretic secure key of up to 1.15 × 10^6 bits, which is used to encrypt and securely share an image between the four users. Surpassing the previous maximum distance for GHZ state transmission by more than an order of magnitude, these results demonstrate the viability of network protocols relying on multi-partite-entanglement. Future applications beyond quantum CKA include entanglement-assisted remote clock-synchronization, quantum secret sharing, and GHZ-based repeater protocols.Presenter live session: Alessandro Fedrizzi - merged with#54:Overcoming qubit-based QKD with efficient high-dimensional encodingIlaria Vagniluca (CNR - Istituto Nazionale di Ottica and University of Naples “Federico II"); Beatrice DaLio (CoE SPOC, DTU Fotonik, Technical University of Denmark); Davide Rusca (Group of Applied Physics, Université de Genève); Daniele Cozzolino (CoE SPOC, DTU Fotonik, Technical University of Denmark); Yunhong Ding (CoE SPOC, DTU Fotonik, Technical University of Denmark); Hugo Zbinden (Group of Applied Physics, Université de Genève); Alessandro Zavatta (CNR - Istituto Nazionale di Ottica and University of Florence); Leif Katsuo Oxenløwe (CoE SPOC, DTU Fotonik, Technical University of Denmark); Davide Bacco (CoE SPOC, DTU Fotonik, Technical University of Denmark)[abstract]
**Abstract:**We experimentally tested an alternative fiber-based setup for 4D-QKD, with time and phase encoding and one-decoy technique. We evaluated the secret key rate achievable in a finite-key scenario and we compared it with the binary-encoded BB84 protocol, which was tested with the same experimental setup. Our 4D-QKD system makes it possible to improve the secret key rate by more than a factor 2 in the saturation-regime of single-photon detectors, without requiring additional expensive resources to the 2D-QKD setup. In comparison to previous works, our scheme allows to measure the 4D states with a simplified and compact receiver, thus making it a cost-effective solution for practical and fiber-based QKD.Presenter live session: Ilaria Vagniluca#57:Towards high-dimensional quantum key distribution over a 2 km long multicore fiberBeatrice Da Lio (enter for Silicon Photonics for Optical Communication (SPOC), Department of Photonics Engineering, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark); Davide Bacco (enter for Silicon Photonics for Optical Communication (SPOC), Department of Photonics Engineering, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark); Daniele Cozzolino (enter for Silicon Photonics for Optical Communication (SPOC), Department of Photonics Engineering, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark); Nicola Biagi (CNR - Istituto Nazionale di Ottica (CNR-INO), Largo E. Fermi, 6 - 50125 Firenze, Italy); Yunhong Ding (enter for Silicon Photonics for Optical Communication (SPOC), Department of Photonics Engineering, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark); Karsten Rottwitt (enter for Silicon Photonics for Optical Communication (SPOC), Department of Photonics Engineering, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark); Alessandro Zavatta (CNR - Istituto Nazionale di Ottica (CNR-INO), Largo E. Fermi, 6 - 50125 Firenze, Italy); Leif K. Oxeløwe (enter for Silicon Photonics for Optical Communication (SPOC), Department of Photonics Engineering, Technical University of Denmark, 2800 Kgs. Lyngby, Denmark)[abstract]**Abstract:**High-dimensional quantum key distribution (QKD) with path-encoded qudits can largely benefit from the slower phase drifts characteristic of multicore fibers: however, such channels still require phase stabilisation systems to effectively transmit quantum states with an acceptable error rate. We propose a scheme that multiplexes a co-propagating wavelength to use as reference signal in a phase locked loop system, and simultaneously achieves state of the art repetition rates for the high-dimensional QKD system. These factors allow us to design a system that can reach a much higher secret key generation rate over a propagation distance that is order of magnitudes longer than what shown in previous results, making our path-encoded QKD system appealing and comparable in terms of performance with current quantum systems.Presenter live session: Davide Bacco - #56:Securing practical quantum cryptography with optical power limitersGong Zhang (Department of Electrical & Computer Engineering, National University of Singapore, Singapore); Ignatius William Primaatmaja (Centre for Quantum Technologies, National University of Singapore, Singapore); Jing Yan Haw (Department of Electrical & Computer Engineering, National University of Singapore, Singapore); Xiao Gong (Department of Electrical & Computer Engineering, National University of Singapore, Singapore); Chao Wang (Department of Electrical & Computer Engineering, National University of Singapore, Singapore); Charles C.-W. Lim (Department of Electrical & Computer Engineering, National University of Singapore, Singapore; Centre for Quantum Technologies, National University of Singapore, Singapore)[abstract]
**Abstract:**Given that most implementations of quantum cryptography systems require low light operations for security reasons, limiting the energy of incoming/outgoing optical signals is a central task. In this submission, we propose and demonstrate a novel and practical power limiter using the thermo-optical defocusing effect of an acrylic prism. The results show that a power limiting in the regime of mW or lower can be achieved, and at the same time possess desirable features like compactness, robustness, polarization and spectrum dimension independence, etc. Our work provides an effective way for limiting the incoming/outgoing optical energy, which is important for practical quantum cryptographic protocols. We believe it will attract much interest and possess the potential to become a standard tool for practical quantum applications.Presenter live session: Zhang Gong - #58:Non-interactive classical verification of quantum computationGorjan Alagic (University of Maryland and NIST); Andrew M. Childs (University of Maryland); Alex B. Grilo (CWI and QuSoft); Shih-Han Hung (University of Maryland)[abstract]
**Abstract:**In a recent breakthrough, Mahadev constructed an interactive protocol that enables a purely classical party to delegate any quantum computation to an untrusted quantum prover. In this work, we show that this same task can in fact be performed non-interactively and in zero-knowledge. Our protocols result from a sequence of significant improvements to the original four-message protocol of Mahadev. We begin by making the first message instance-independent and moving it to an offline setup phase. We then establish a parallel repetition theorem for the resulting three-message protocol, with an asymptotically optimal rate. This, in turn, enables an application of the Fiat-Shamir heuristic, eliminating the second message and giving a non-interactive protocol. Finally, we employ classical non-interactive zero-knowledge (NIZK) arguments and classical fully homomorphic encryption (FHE) to give a zero-knowledge variant of this construction. This yields the first purely classical NIZK argument system for QMA, a quantum analogue of NP. We establish the security of our protocols under standard assumptions in quantum-secure cryptography. Specifically, our protocols are secure in the Quantum Random Oracle Model, under the assumption that Learning with Errors is quantumly hard. The NIZK construction also requires circuit-private FHE.Presenter live session: Shih-Han Hung - #59:Experimental realisation of quantum oblivious transferRyan Amiri (IPaQS, Heriot-Watt University, Edinburgh, UK); Robert Stárek (Department of Optics, Palacky University, Olomouc, Czech Republic); Michal Mičuda (Department of Optics, Palacky University, Olomouc, Czech Republic); Ladislav Mišta (Department of Optics, Palacky University, Olomouc, Czech Republic); Miloslav Dušek (Department of Optics, Palacky University, Olomouc, Czech Republic); Petros Wallden (School of Informatics, University of Edinburgh, Edinburgh, UK); Erika Andersson (IPaQS, Heriot-Watt University, Edinburgh, UK)[abstract]
**Abstract:**Oblivious transfer (OT) is a cryptographic primitive which is universal for multiparty computation. Unfortunately, perfect information-theoretically secure (ITS) quantum oblivious transfer is impossible. Imperfect information-theoretically secure quantum oblivious transfer is possible, but the smallest possible cheating probabilities are not known. We present an imperfect information-theoretically secure quantum oblivious transfer protocol with no restrictions on dishonest parties, and its experimental implementation. The cheating probabilities are 0.75 and 0.729 for sender and receiver respectively, which is lower than in existing protocols. Using a photonic test-bed, we have implemented the protocol with honest parties, as well as optimal cheating strategies.Presenter live session: Robert Stárek - #65:Real-Time Self-Testing Quantum Random Number Generator with Non-classical StatesThibault Michel (ANU Canberra, Paris 6); Jing Yan Haw (ANU Canberra, NUS Singapore); Davide G. Marangon (U. Padova); Oliver Thearle (ANU Canberra); Giuseppe Vallone (U. Padova); Paolo Villoresi (U. Padova); Ping Koy Lam (ANU Canberra); Syed M. Assad (ANU Canberra)[abstract]
**Abstract:**Random numbers are a fundamental ingredient in fields such as simulation, modeling, and cryptography. Good random numbers should be independent and uniformly distributed. Moreover, for cryptographic applications, they should also be unpredictable. A fundamental feature of quantum theory is that certain measurement outcomes are intrinsically random and unpredictable. These can be harnessed to provide unconditionally secure random numbers. We demonstrate a real-time self-testing source-independent quantum random-number generator (SI QRNG) that uses squeezed light as a source. We generate secure random numbers by measuring the quadratures of the electromagnetic field without making any assumptions about the source other than an energy bound; only the detection device is trusted. We use homodyne detection to measure alternately the Q and P conjugate quadratures of our source. P measurements allow us to estimate a bound on any classical or quantum side information that a malicious eavesdropper may obtain. This bound gives the minimum number of secure bits we can extract from the Q measurement. We discuss the performance of different estimators for this bound. We operate this QRNG with a squeezed-state source and compare its performance with a thermal-state source. This is a demonstration of a QRNG using a squeezed state, as well as an implementation of real-time quadrature switching for a SI QRNG.Presenter live session: Thibault Michel - #66:Benchmarking a Quantum Random Number Generator with Machine LearningNhan Duy Truong (NeuroSyd Research Laboratory, University of Sydney, Australia); Jing Yan Haw (ECE,NUS | CQC2T, ANU Canberra); Syed Muhamad Assad (CQC2T, ANU Canberra); Ping Koy Lam (CQC2T, ANU Canberra); Omid Kavehei (NeuroSyd Research Laboratory, University of Sydney, Australia)[abstract]
**Abstract:**Random number generators (RNGs) that are crucial for cryptographic applications have been the subject of adversarial attacks. These attacks exploit environmental information to predict generated random numbers that are supposed to be truly random and unpredictable. Though quantum random number generators (QRNGs) are based on the intrinsic indeterministic nature of quantum properties, the presence of classical noise in the measurement process compromises the integrity of a QRNG. In this paper, we develop a predictive machine learning (ML) analysis to investigate the impact of deterministic classical noise in different stages of an optical continuous variable QRNG. Our ML model successfully detects inherent correlations when the deterministic noise sources are prominent. After appropriate filtering and randomness extraction processes are introduced, our QRNG system, in turn, demonstrates its robustness against ML. We further demonstrate the robustness of our ML approach by applying it to uniformly distributed random numbers from the QRNG and a congruential RNG. Hence, our result shows that ML has potentials in benchmarking the quality of RNG devices.Presenter live session: Jing Yan Haw - #74:Post-Quantum Zero Knowledge in Constant RoundsNir Bitansky (Tel Aviv University); Omri Shmueli (Tel Aviv University)[abstract]
**Abstract:**We construct the first constant-round zero-knowledge classical argument for NP secure against quantum attacks. We assume the existence of Quantum Fully Homomorphic Encryption and other standard primitives, known based on the Learning with Errors Assumption for quantum algorithms. As a corollary, we also obtain the first constant-round zero-knowledge quantum argument for QMA. At the heart of our protocol is a new no-cloning non-black-box simulation technique.Presenter live session: Omri Shmueli - #76:Efficient simulation of random states and random unitariesGorjan Alagic (QuICS, University of Maryland, and NIST, Gaithersburg, MD); Christian Majenz (QuSoft and Centrum Wiskunde & Informatica, Amsterdam); Alexander Russell (Department of Computer Science and Engineering, University of Connecticut, Storrs, CT)[abstract]
**Abstract:**We consider the problem of efficiently simulating random quantum states and random unitary operators, in a manner which is convincing to unbounded adversaries with black-box oracle access. In the case of simulating random states, the ideal object is an inputless oracle which outputs the same Haar-random n-qubit state whenever it is invoked. In the case of simulating random unitaries, the ideal object is an oracle which applies to its input the same Haar-random n-qubit unitary operator whenever it is invoked. This problem has only been previously considered for restricted adversaries. Against adversaries with an a priori bound on the number of queries, it is well-known that t-designs suffice. Against polynomial-time adversaries, one can use pseudorandom states (PRS) and pseudorandom unitaries (PRU), as defined in a recent work of Ji, Liu, and Song; unfortunately, no provably secure construction is known for PRUs. In our setting, we are concerned with unbounded adversaries. Nonetheless, we are able to give stateful quantum algorithms which simulate the ideal object in both settings of interest. In the case of Haar-random states, our simulator is polynomial-time, has negligible error, and can also simulate verification and reflection through the simulated state. This yields an immediate application to quantum money: a money scheme which is information-theoretically unforgeable and untraceable. In the case of Haar-random unitaries, our simulator takes polynomial space, but simulates both forward and inverse access with zero error. These results can be seen as the first significant steps in developing a theory of lazy sampling for random quantum objects.Presenter live session: Christian Majenz - #77:Numerical Calculations of Finite Key Rate for General Quantum Key Distribution ProtocolsIan George (University of Waterloo, Institute for Quantum Computing); Jie Lin (University of Waterloo, Institute for Quantum Computing); Norbert Lutkenhaus (University of Waterloo, Institute for Quantum Computing)[abstract]
**Abstract:**Finite key analysis of quantum key distribution (QKD) is an important tool for any QKD implementation. While much work has been done on the framework of finite key analysis, the application to individual protocols often relies on the the specific protocol being simple or highly symmetric as well as represented in small finite-dimensional Hilbert spaces. In this work, we extend our preexisting reliable, efficient, tight, and generic numerical method for calculating the asymptotic key rate of device-dependent QKD protocols in finite-dimensional Hilbert spaces to the finite key regime using the security analysis framework of Renner. We explain how this extension preserves the reliability, efficiency, and tightness of the asymptotic method. We then explore examples which illustrate both the generality of our method as well as the importance of parameter estimation and data processing within the framework.Presenter live session: Ian George - #80:Machine learning aided carrier recovery in continuous-variable quantum key distributionTobias Gehring (Technical University of Denmark); Hou-Man Chin (Technical University of Denmark); Nitin Jain (Technical University of Denmark); Darko Zibar (Technical University of Denmark); Ulrik Andersen (Technical University of Denmark)[abstract]
**Abstract:**The secret key rate of a continuous-variable quantum key distribution (CV-QKD) system is limited by excess noise. A key issue typical to all modern CV-QKD systems implemented with a reference or pilot signal and an independent local oscillator is controlling the excess noise generated from the frequency and phase noise accrued by the transmitter and receiver. Therefore accurate phase estimation and compensation, so-called carrier recovery, is a critical subsystem of CV-QKD. Here, we present the implementation of a machine learning framework based on Bayesian inference, namely an unscented Kalman filter (UKF), for estimation of phase noise and compare it to a standard reference method. Experimental results obtained over a 20 km fibre-optic link indicate that the UKF can ensure very low excess noise even at low pilot powers. The measurements exhibited low variance and high stability in excess noise over a wide range of pilot signal to noise ratios. This may enable CV-QKD systems with low implementation complexity which can seamlessly work on diverse transmission lines.Presenter live session: Tobias Gehring - #89:Impossibility of Quantum Virtual Black-Box Obfuscation of Classical CircuitsGorjan Alagic (QuICS, University of Maryland, NIST); Zvika Brakerski (Weizmann Institute of Science); Yfke Dulek (QuSoft; University of Amsterdam); Christian Schaffner (QuSoft; University of Amsterdam)[abstract]
**Abstract:**Virtual black-box obfuscation is a strong cryptographic primitive: it encrypts a circuit while maintaining its full input/output functionality. A remarkable result by Barak et al. (Crypto 2001) shows that a general obfuscator that obfuscates classical circuits into classical circuits can- not exist. A promising direction that circumvents this impossibility result is to obfuscate classical circuits into quantum states, which would potentially be better capable of hiding information about the obfuscated circuit. We show that, under the assumption that learning-with-errors (LWE) is hard for quantum computers, this quantum variant of virtual black-box obfuscation of classical circuits is generally impossible. On the way, we show that under the presence of dependent classical auxiliary input, even the small class of classical point functions cannot be quantum virtual black-box obfuscated.Presenter live session: Gorjan Alagic - #98:Robust device-independent quantum key distributionRene Schwonnek (NUS/ECE); Koon Tong Goh (NUS/ECE); Ignatius W. Primaatmaja (NUS/CQT); Ernest Y.-Z. Tan (ETHZ); Ramona Wolf (Leibniz Universität Hannover); Valerio Scarani (NUS/Physics/CQT); Charles C.-W. Lim (NUS/ECE/CQT)[abstract]
**Abstract:**Device-independent quantum key distribution (DIQKD) is the art of using untrusted devices to distribute secret keys in an unsecure network. It thus represents the ultimate form of cryptography, offering not only information-theoretic security against channel attacks, but also against attacks exploiting implementation loopholes~\cite{lydersen2010hacking}. At its heart, DIQKD utilises nonlocal correlations---detected and certified by a Bell inequality---to establish secret correlations between the users. In recent years, much progress has been made towards realising the first DIQKD experiments, but current proposals are just out of reach of today’s loophole-free Bell experiments. Here, in this work, we close the gap between the theory and practice of DIQKD with a simple variant of the original protocol based on the celebrated Clauser-Horne-Shimony-Holt (CHSH) Bell inequality. In using two randomly chosen key generating bases instead of one, we show that the noise tolerance of DIQKD can be significantly improved. In particular, the extended feasibility region now covers some of the most recent loophole-free CHSH experiments, hence indicating that the first realisation of DIQKD already lies within the range of these experiments.Presenter live session: Ernest Tan - merged with#99:An Integrated Chip Platform for Measurement-Device-Independent Quantum Key Distribution (MDI-QKD)Wei Luo (Nanyang Technological University); Lin Cao (Peking University); Yun Xiang Wang (University of Electronic Science and Technology of China); Jun Zou (Nanyang Technological University); Muhammad Faeyz Karim (Nanyang Technological University); Hong Cai (Institute of Microelectronics, Singapore); Xiao Long Hu (Tsinghua University); Cong Jiang (Tsinghua University); Xiao Qi Zhou (Sun Yat-sen University); Yu Feng Jin (Peking University); Shi Hai Sun (Sun Yat-sen University); Xiang Bin Wang (Tsinghua University); Leong Chuan Kwek (National University of Singapore); Ai Qun Liu (Nanyang Technological University)[abstract]
**Abstract:**An integrated chip system for MDI-QKD is demonstrated. The MDI-QKD transmitter chips and server chip work on a key rate per pulse of 2.923 × 10^(-6) over a distance corresponding to 50-km optical fiber with 25% detection efficiency.[YouTube, still waiting for Wei Luo]Presenter live session: Wei Luo#105:On-chip Time- and Polarization-Multiplexed Continuous-variable Quantum Key DistributionCao Lin (PEKING UNIVERSITY); Luo Wei (Nanyang Techological University); Zou Jun (Nanyang Techological University); Cai Hong (Institute of Microelectronics, A*STAR); Jin Yufeng (PEKING UNIVERSITY); Syed M Assad (Australian National University); Zhang Yichen (Beijing University of Posts and Telecommunications); Yu Song (Beijing University of Posts and Telecommunications); Leong Chuan Kwek (Nanyang Technological University); Liu Ai Qun (Nanyang Technological University)[abstract]**Abstract:**An integrated chip platform for CV-QKD system based on time and polarization multiplexing is designed and demonstrated. A proof-of-principle test is conducted, which shows the measurement results for key components. The secure key rate by simulation can reach 4 kbit/s at 40 km distance per transmission band.[YouTube, still waiting for Cao Lin]Presenter live session: Cao Lin - #100:Scalable Pseudorandom Quantum StatesZvika Brakerski (Weizmann Institute of Science); Omri Shmueli (Tel Aviv University)[abstract]
**Abstract:**Efficiently sampling a quantum state that is hard to distinguish from a truly random quantum state is an elementary task in quantum information theory that has both computational and physical uses. This is often referred to as pseudorandom (quantum) state generator, or PRS generator for short. In existing constructions of PRS generators, security scales with the number of qubits in the states, i.e. the (statistical) security parameter for an n-qubit PRS is roughly n. Perhaps counter-intuitively, n-qubit PRS are not known to imply k-qubit PRS even for k<n. Therefore the question of \emph{scalability} for PRS was thus far open: is it possible to construct n-qubit PRS generators with security parameter m for all n, m. Indeed, we believe that PRS with tiny (even constant) n and large m can be quite useful. We resolve the problem in this work, showing that any quantum-secure one-way function implies scalable PRS. We follow the paradigm of first showing a \emph{statistically} secure construction when given oracle access to a random function, and then replacing the random function with a quantum-secure (classical) pseudorandom function to achieve computational security. However, our methods deviate significantly from prior works since scalable pseudorandom states require randomizing the amplitudes of the quantum state, and not just the phase as in all prior works. We show how to achieve this using Gaussian sampling.Presenter live session: Omri Shmueli - #104:Device-independent randomness expansion against quantum side informationWen-Zhao Liu (University of Science and Technology of China); Ming-Han Li (University of Science and Technology of China); Sammy Ragy (University of York); Si-Ran Zhao (University of Science and Technology of China); Bing Bai (University of Science and Technology of China); Yang Liu (University of Science and Technology of China); Peter J. Brown (University of York); Jun Zhang (University of Science and Technology of China); Roger Colbeck (University of York); Jingyun Fan (Southern University of Science and Technology); Qiang Zhang (University of Science and Technology of China); Jian-Wei Pan (University of Science and Technology of China)[abstract]
**Abstract:**The ability to produce random numbers that are unknown to any outside party is crucial for many applications. Device-independent randomness generation (DIRNG) allows new randomness to be provably generated, without needing to trust the devices used for the protocol. This provides strong guarantees about the security of the output, but comes at the price of requiring the violation of a Bell inequality to implement. A further challenge is to make the bounds in the security proofs tight enough to allow expansion with contemporary technology. Thus, while randomness has been generated in recent experiments, the amount of randomness consumed in doing so has been too high to certify expansion based on existing theory. Here we present an experiment that demonstrates device-independent randomness expansion (DIRNE), i.e., where the generated randomness surpasses that consumed. By developing a loophole-free Bell test setup with a single photon detection efficiency of around 81% and exploiting a spot-checking protocol, we achieve a net gain of 2.63 × 10^8 certified bits with soundness error 5.74×10^{−8}. The experiment ran for 220 hours corresponding to an average rate of randomness generation of 8202 bits/s. By developing the Entropy Accumulation Theorem (EAT), we established security against quantum adversaries. We anticipate that this work will lead to further improvements that push device-independence towards commercial viability.[YouTube, still waiting for Wen-Zhao Liu]Presenter live session: Wen-Zhao Liu

## List and Download of Accepted Posters

(in order of submission)

Download a zip-archive of all posters available so far.

### Tue, 11 Aug, 15:15 - 17:15

- #4:Universal limitations on quantum key distribution over a networkSiddhartha Das (École polytechnique de Bruxelles, Université libre de Bruxelles); Stefan Bäuml (ICFO-Institut de Ciencies Fotoniques, The Barcelona Institute of Science and Technology); Marek Winczewski (National Quantum Information Centre in Gdańsk, University of Gdańsk); Karol Horodecki (International Centre for Theory of Quantum Technologies, University of Gdańsk)[abstract]
**Abstract:**Entanglement is an intriguing quantum phenomenon with crucial implications for both fundamental physics and technological applications, e.g., quantum key distribution (QKD). In this paper, we show that multipartite private states from which secret keys are directly accessible to trusted partners are genuinely multipartite entangled states. With application to secure Quantum Internet, we consider the most general setup of multipartite quantum process (channel) in a network setting: multiplex quantum channel with involved parties having one of the three possible roles-- that of only sender or receiver, or both sender and receiver. We derive divergence-based measures for entangling abilities of multipartite quantum channels. We describe an LOCC-assisted secret key agreement (SKA) protocol for generation or distillation of key (private random bits) among multiple trusted allies connected through a quantum multiplex channel secure against a quantum eavesdropper, of which measurement-device-independent QKD and SKA protocols over quantum network laced with key repeaters are particular instances. We are able to provide upper bounds on the non-asymptotic private capacities, maximum rate at which secret key can be distilled via finite uses of channels, and lower bounds on asymptotic capacities. These bounds are expressed in terms of the divergence-based entanglement measures of the channels. Some of these measures lead to strong converse bounds on the private capacities. Our upper bounds on the private capacities also are upper bound on the multipartite quantum capacities where goal is to distill Greenberger{Horne{Zeilinger (GHZ) state. Also, we are able to derive upper bound on the secret key bits that can be distilled via LOCC among trusted allies sharing finite copies of multipartite quantum states.[no PDF yet] - #8:Security of QKD with weak basis-choice flawShihai Sun (School of Physics and Astronomy, Sun Yat-Sen University); Zhi-Yu Tian (School of Physics and Astronomy, Sun Yat-Sen University); Mei-Sheng Zhao (QuantumCTek Co. Ltd.); Yan M (QuantumCTek Co. Ltd.)[abstract]
**Abstract:**Quantum key distribution (QKD) provides a way to share unconditional secure key between two remote parties, but the deviation between theory and practice will break the security of generated key. In this article, we evaluate the security of QKD with weak basis-choice flaw, in which the random bit used by Alice and Bob to determine their bases are weakly controlled by Eve. In fact, a tight and analytical bound is obtained to estimate the phase error for both single photon source and weak coherent source, then the key rate can be rapidly improved. And the key rate of QKD with biased bases is also considered, in which Alice and Bob distill key from two bases independently. Furthermore, by evaluating the security of QKD under wavelength attack, the performance of a commercial beam splitter is measured, and then the key rate is estimated, which is just slightly reduced with our method.Poster presenter: Shihai Sun - #15:Linear programs for entanglement and key distribution in the quantum internetStefan Baeuml (ICFO-Institut de Ciencies Fotoniques); Koji Azuma (NTT Basic Research Laboratories); Go Kato (NTT Communication Science Laboratories); David Elkouss (Delft University of Technology)[abstract]
**Abstract:**Quantum networks will allow to implement communication tasks beyond the reach of their classical counterparts. A pressing and necessary issue for the design of quantum network protocols is the quantification of the rates at which these tasks can be performed. Here, we propose a simple recipe that yields efficiently computable lower and upper bounds on the maximum achievable rates. For this we make use of the max-flow min-cut theorem and its generalization to multi-commodity flows to obtain linear programs. We exemplify our recipe deriving the linear programs for bipartite settings, settings where multiple pairs of users obtain entanglement in parallel as well as multipartite settings, covering almost all known situations. We also make use of a generalization of the concept of paths between user pairs in a network to Steiner trees spanning a group of users wishing to establish Greenberger-Horne-Zeilinger states. - #37:Experimental semi-quantum key distribution with classical usersF. Massa (University of Vienna); P. Yadav (Algran Portugal); A. Moqanaki (University of Vienna); W. O. Krawec (University of Connecticut); P. Mateus (Inst. Superior Tecnico Lisbon); N. Paunkovic (Inst. Superior Tecnico Lisbon); A. Souto (Universidade de Lisboa); P. Walther (University of Vienna)[abstract]
**Abstract:**The use of quantum systems allows for new insights which promise to revolutionize information processing. Quantum cryptography, especially key distribution, has become one of the most prominent applications of quantum technology. However, this task still requires users to be capable of performing quantum operations, such as state preparation or measurements in multiple bases. A natural question, therefore, is can users' technological requirements be reduced? In this work, we experimentally demonstrate a novel quantum key distribution protocol where users are fully classical and quantum operations are only performed by an untrusted third party acting as a server. We derive an information theoretic proof of security for our protocol along with an experimental demonstration.Poster presenter: Walter O. Krawec - #45:Semi-Device-Independent Heterodyne-based Quantum Random Number GeneratorHamid Tebyanian (Dipartimento di Ingegneria dell’Informazione, Università degli Studi di Padova, Padova, Italia); Marco Avesani (Dipartimento di Ingegneria dell’Informazione, Università degli Studi di Padova, Padova, Italia); Paolo Villoresi (Dipartimento di Ingegneria dell’Informazione, Università degli Studi di Padova, Padova, Italia); Giuseppe Vallone (Dipartimento di Ingegneria dell’Informazione, Università degli Studi di Padova, Padova, Italia)[abstract]
**Abstract:**Randomness is a fundamental feature of quantum mechanics, which is an invaluable resource for both classical and quantum technologies. Practical quantum random number generators (QRNG) usually need to trust their devices, but their security can be jeopardized in case of imperfections or malicious external actions. In this work, we present a robust implementation of a Semi-Device-Independent QRNG that guarantees both security and fast generation rates. The system works in a prepare and measure scenario where measurement and source are untrusted, but a bound on the energy of the prepared states is assumed. Our implementation exploits heterodyne detection, which offers increased generation rate and improved long-term stability compared to alternative measurement strategies. In particular, due to the tomographic properties of heterodyne measurement, we can compensate for fast phase fluctuations via post-processing, avoiding complex active phase stabilization systems. As a result, our scheme combines high security and speed with a simple setup featuring only commercial-off-the-shelf components, making it an attractive solution in many practical scenarios.[no PDF yet] - #48:Security analysis of discrete-modulated continuous-variable quantum key distributionJie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Twesh Upadhyaya (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo)[abstract]
**Abstract:**Discrete-modulated continuous-variable quantum key distribution protocols are favorable due to the experimental simplicity and inherited properties of continuous-variable protocols. We provide a tight numerical key rate analysis of discrete-modulated continuous-variable quantum key distribution protocols in the asymptotic limit against collective attacks. As a specific example, we analyze the key rate of the quadrature phase-shift keying (QPSK) scheme in both the paranoid and realistic scenarios. When the detector noises are trusted, the QPSK scheme is expected to reach around 100 km with currently feasible experimental parameters. For both scenarios, we also investigate the performance of post-selection of data for the reverse reconciliation scheme and show that post-selection can provide improvements in the key rate as well as reducing the amount of data for post-processing.Poster presenter: Jie Lin - #51:Finite Block Length Analysis on Incoherent Randomness Extraction and Quantum Coherence DistillationMasahito Hayashi (Southern University of Science and Technology); Kun Fang (University of Waterloo)[abstract]
**Abstract:**Randomness is one of the key ingredients to information processing in practice, especially for computation and cryptography. A vast number of applications critically rely on abundant, high-quality random numbers that are generated securely. In this work we introduce a variant of randomness extraction framework, named \emph{incoherent randomness extraction} (IRE), in the context of quantum coherence theory where free incoherent operations are employed. This cryptographic framework unveils a new perspective to the study of quantum coherence distillation (QCD) by an \emph{exact} one-shot connection, that is, the maximum number of secure random bits extractable from a single instance of \emph{unstructured} quantum state is precisely equal to the maximum number of coherent bits that can be distilled from the same state. This exact relation not only sharpens our understanding on the operational equivalence between randomness and coherence, but also enables us to derive tight second order expansions (estimation of the number of extractable random bits/distillable coherent bits to the order~$o(\sqrt{n})$ where $n$ is the number of the prepared source states) of both tasks in the independent and identically distributed setting. Remarkably, the incoherent operation classes that can empower coherence distillation for generic states all lead to the same second order expansions, indicating their operational equivalence for QCD as well as IRE in both asymptotic and large block length regimes. As a by-product, we showcase a proof of the strong converse property for IRE from its second order expansion, excluding a possible tradeoff between the insecurity threshold and the rate of extractable randomness of a protocol. This also contributes to an alternative strong converse proof for QCD due to their exact one-shot correspondence.Poster presenter: Kun Fang - #60:Nonlocal games, synchronous correlations, and Bell inequalitiesNishant Rodrigues (University of Maryland); Brad Lackey (Microsoft Quantum)[abstract]
**Abstract:**Nonlocal games with synchronous correlations are a natural generalization of functions between two finite sets. In this work we examine analogues of Bell's inequalities for such correlations, and derive a synchronous device-independent quantum key distribution protocol. This protocol has the advantage of symmetry between the two users and self-testing while generating shared secret key without requiring a preshared secret. We show that, unlike general correlations and the CHSH inequality, there can be no quantum Bell violation among synchronous correlations with two measurement settings. However we exhibit explicit analogues of Bell's inequalities for synchronous correlations with three measurement settings and two outputs, provide an analogue of Tsirl'son's bound in this setting, and prove existence and rigidity of quantum correlations that saturate this bound. We conclude by posing a security assumption that bypasses the locality, or causality, loophole and examine the protocol's robustness against measurement error and depolarization noise. - #67:Efficient quantum random number generation with full entropy extraction from SPAD based systemsAndrea Stanco (University of Padova, Department of Information Engineering); Davide Giacomo Marangon (University of Padova, Department of Information Engineering); Giuseppe Vallone (University of Padova, Department of Information Engineering); Samuel Burri (EPFL); Edoardo Charbon (EPFL); Paolo Villoresi (University of Padova, Department of Information Engineering)[abstract]
**Abstract:**We present two different QRNG devices which allow to maximize the entropy extraction of a system and so the generation rate. The two devices use single-photon avalanche diode along (SPAD) with FPGA device. The first device, Randy, uses only one SPAD and with a post-processing based on the Peres algorithm [Y. Peres, Ann. Statist. 20, 590 (1992)], has a generation rate of 1.8 Mbit/s. The second device, LinoSPAD, which is a CMOS SPAD array based device and integrate also a time-to-digital converter (TDC) on its FPGA, has a final generation rate of 310 Mbit/s thanks to a improved post-processing procedure which also includes the Zhou-Bruck algorithm [H. Zhou and J. Bruck, arXiv:1209.0726 (2012)].Poster presenter: Andrea Stanco - #69:Post-Quantum Verification of Fujisaki-OkamotoDominique Unruh (University of Tartu)[abstract]
**Abstract:**We present a computer-verified formalization of the post-quantum security proof of the Fujisaki-Okamoto transform (as analyzed by Hövelmanns, Kiltz, Schäge, and Unruh, PKC 2020). The formalization is done in quantum relational Hoare logic and checked in the qrhl-tool (Unruh, POPL 2019).[no PDF yet] - #71:Performance and security of 5 GHz repetition rate polarization-based Quantum Key DistributionFadri Grünenfelder (University of Geneva); Alberto Boaron (University of Geneva); Davide Rusca (University of Geneva); Anthony Martin (Institut de Physique de Nice); Hugo Zbinden (University of Geneva)[abstract]
**Abstract:**We implement 5 GHz clocked polarization-based simplified BB84 protocol. Secret keys can be distributed over 151.5 km of standard telecom fiber at a rate of 54.5 kbps. The high clock frequency might give rise to correlations between the pulses. We characterize the correlations in decoy intensity, polarization and in the phase between the pulses and discuss their impact on the security of the protocol.Poster presenter: Fadri Grünenfelder - #79:Efficient optimization of secret-key rates in quantum repeater chainsTim Coopmans (Delft University of Technology); Boxi Li (Eidgenössische Technische Hochschule Zürich); Sebastiaan Brand (Leiden University); David Elkouss (Delft University of Technology)[abstract]
**Abstract:**Losses in the physical transmission medium fundamentally limit the distance that quantum key distribution schemes can cover. By means of quantum repeaters, the reach of these schemes can be extended and chains of quantum repeaters could in principle cover arbitrarily long distances. Here, we first provide an efficient algorithm for completely characterizing the behaviour of a large class of repeater chain protocols. The algorithm determines the fidelity and generation time (waiting time) of the first generated entangled pair between the end nodes of a quantum repeater chain. It has polynomial runtime in the size of the support of the waiting time probability distribution. This runtime improves upon the exponential runtime of existing algorithms and allows us to analyze repeater chains of thousands of segments for some parameter regimes. Second, we use the algorithm for optimizing the achievable secret key rate. For this, we consider a family of repeater schemes generalizing the BDCZ scheme. In particular, the schemes incorporate a cut-off condition that enables to mitigate the effects of decoherence. We find that the use of the optimal cut-off extends the parameter regime for which secret key can be generated and moreover significantly increases the secret-key rate for a large range of parameters. Our algorithms thus serve as useful tools for the design and realization of long-distance quantum key distribution networks.Poster presenter: Tim Coopmans - #82:Fading channel estimation for free-space continuous-variable secure quantum communicationLászló Ruppert (Palacky University Olomouc); Christian Peuntinger (Max-Planck-Institut für die Physik des Lichts); Bettina Heim (Max-Planck-Institut für die Physik des Lichts); Kevin Günthner (Max-Planck-Institut für die Physik des Lichts); Vladyslav C. Usenko (Palacky University Olomouc); Dominique Elser (Max-Planck-Institut für die Physik des Lichts); Gerd Leuchs (Max-Planck-Institut für die Physik des Lichts); Radim Filip (Palacky University Olomouc); Christoph Marquardt (Max-Planck-Institut für die Physik des Lichts)[abstract]
**Abstract:**We investigate estimation of fluctuating channels and its effect on security of continuous-variable quantum key distribution. We propose a novel estimation scheme which is based on the clusterization of the estimated transmittance data. We show that uncertainty about whether the transmittance is fixed or not results in a lower key rate. However, if the total number of measurements is large, one can obtain using our method a key rate similar to the non-fluctuating channel even for highly fluctuating channels. We also verify our theoretical assumptions using experimental data from an atmospheric quantum channel. Our method is therefore promising for secure quantum communication over strongly fluctuating turbulent atmospheric channels.Poster presenter: László Ruppert - #85:Everlasting Secure Key Agreement with performance beyond QKD in a Quantum Computational Hybrid security modelNilesh Vyas (Telecom Paris); Romain Alléaume (Telecom Paris)[abstract]
**Abstract:**Extending the functionality and overcoming the performance limitation under which QKD can operate requires either quantum repeaters or new security models. Investigating the latter option, we introduce the Quantum Computational Hybrid (QCH) security model, where we assume that computationally secure encryption may only be broken after a time much longer than the coherence time of available quantum memories. We propose an explicit d-dimensional key distribution protocol, that we call MUB-Quantum Computational Timelock (MUB-QCT) where one bit is encoded on a qudit state chosen among d + 1 mutually unbiased bases (MUBs). Short-term-secure encryption is used to share the basis information with legitimate users while keeping it unknown from Eve until after her quantum memory decoheres. This allows to reduce Eve’s optimal attack to an immediate measurement followed by post-measurement decoding. We demonstrate that MUB-QCT enables everlasting secure key distribution with input states containing up to O(\sqrt{d})photons. This leads to a series of important improvements when compared to QKD: on the functional side, the ability to operate securely between one sender and many receivers, whose implementation can moreover be untrusted ; significant performance increase, characterized by a O(\sqrt{d}) multiplication of key rates and an extension by 25km x log(d) of the attainable distance over fiber. Implementable with a large number of modes with current or near-term multimode photonics technologies, the MUB-QCT construction has the potential to provide a radical shift to the performance and practicality of quantum key distribution.Poster presenter: Nilesh Vyas - #86:Quantum Memory Optimization with Quantum Machine Learning for Quantum Secure Direct CommunicationLaszlo Gyongyosi (Univ of Southampton, Budapest Univ of Tech, Hungarian Academy of Sciences)[abstract]
**Abstract:**Quantum memories are a fundamental of any global-scale quantum Internet, since these units are necessary for guaranteeing an optimal performance in a high-performance quantum networking scenario. The main problem of quantum memories is the low retrieval efficiency of the systems from the registers of the quantum memory. Here, we define a novel quantum memory called high-retrieval-efficiency (HRE) quantum memory for the quantum Internet. An HRE quantum memory unit integrates local unitary operations on its hardware level for the optimization of the readout procedure and utilizes the advanced techniques of quantum machine learning. The local unitaries of an HRE quantum memory achieve the optimization of the readout procedure in an unsupervised manner without the use of any labeled data or training sequences. The HRE quantum memory is a particularly convenient unit for the construction of a powerful, global-scale quantum Internet.[no PDF yet] - #87:Breaking simple quantum position verification protocols with little entanglementAndrea Olivo (Inria Paris, LPGP, Université Paris Sud); Ulysse Chabaud (LIP6, Sorbonne Université); André Chailloux (Inria Paris); Frédéric Grosshans (LIP6, CNRS, Sorbonne Université)[abstract]
**Abstract:**Position verification is a cryptographic primitive aiming at securely certifying the location of a party in space. Informationally-secure PV was shown to be impossible through the existence of universal attacks both in the classical setting [Chandran et al., 2009] and in the quantum setting [Buhrman et al., 2014; Beigi and König,2011]. However, while classical attacks require the same amount of resources than the protocol, known universal quantum attacks make use of an exponential amount of entanglement through a technique known as Instantaneous Nonlocal Quantum Computation. In this paper, we characterize attacks to a "BB84-like" protocol already proposed in previous work [Kent et al., 2011], based on single photons polarized at an angle θ. We consider adversaries sharing maximally entangled pairs of qudits and find low-dimensional INQC attacks. We find exact attacks against some rational angles, including some sitting outside of the Clifford hierarchy (e.g. π/6), and show no θ allows to tolerate errors higher than ~0.5% against adversaries holding two ebits per protocol's qubit.Poster presenter: Andrea Olivo - #90:Quantum Random Number Generator based on Violations of the Free CHSH-3 InequalityANOMAN Don Jean Baptiste (Université de Limoges); ARNAULT François (Université de Limoges); NALDI Simone (Université de Limoges)[abstract]
**Abstract:**We describe a protocol for generating random numbers based on the existence of quantum violations of a free version of Clauser-Horne-Shimony-Holt inequality for qutrit, namely CHSH-3. Our method uses semidefinite programming relaxations to compute such violations. In a standard setting the CHSH-3 inequality involves two separated qutrits and compatible measurement, that is, commuting with each other, yielding the known quantum bound of $1+\sqrt{11/3} \approx 2.9149$ . In our framework, $d$-dimensional quantum systems (qudits) where $d$ is not fixed {\it a priori}, and measurement operators possibly not compatible, are allowed. This loss of constraints yields a higher value of $4$ for the maximum expectation of CHSH-3, attained for $d=3 $ and non-commutative measurements for one party. Based on such upper bound on the violation of free CHSH-3, which appear to be a non-algebraic bound, we develop a random number generator with only one party. Our protocol generates a maximal entropy and its security is based, through self testing arguments, on the attainability of the maximal violation of the free CHSH-3 for quantum systems.[no PDF yet]Poster presenter: Anoman Don Jean Baptiste - #94:Is Classical Remote State Preparation Composable?Christian Badertscher (University of Edinburgh); Alexandru Cojocaru (University of Edinburgh); Léo Colisson (LIP6 Sorbonne Université); Elham Kashefi (University of Edinburgh and LIP6 Sorbonne Université); Dominik Leichtle (LIP6 Sorbonne Université); Atul Mantri (University of Maryland); Petros Wallden (University of Edinburgh)[abstract]
**Abstract:**Classical remote state preparation (RSPCC) is a primitive that allows an honest client to prepare a quantum state remotely with the help of an (untrustworthy) server using only a classical communication channel. With this primitive quantum protocols (such as secure delegation of quantum computations) become accessible to classical clients, by removing the need for a quantum channel. Since this cryptographic primitive’s main role is to be a building block within larger protocols, it is of utmost importance to examine its security under composition. In this work we present three results related to the composability of RSPCC protocols: 1. As our first main result, we show that no classical remote state preparation protocol RSPCC can be composable in the Abstract Cryptography framework [MR11], even when the distinguisher is computationally bounded. In other words, remote state preparation cannot be constructed with only a classical channel. 2. We further show that any classical-client delegated quantum computing protocol that uses the universal blind quantum computation (UBQC) protocol [BFK09] and a RSPCC protocol as a subroutine cannot be composable. 3. Upon relaxing the security requirement, we show that replacing the quantum channel of the UBQC protocol by the particular RSPCC protocol of [CCKW19] is secure in the game-based security framework.Poster presenter: Léo Colisson - #95:Security for Quantum NetworksSalini Karuvade (University of Calgary); Barry C. Sanders (University of Calgary)[abstract]
**Abstract:**Reliable and efficient functioning of a quantum network depends on identifying and mitigating security risks originating from within and outside the network. We aim to construct a comprehensive framework for developing and assessing secure quantum networks. We articulate issues for making quantum networks secure in general, summarise the state of the art and identify priority directions for further investigation. Our analysis builds on the secure communication protocols developed for classical layered network architectures such as the open-systems interconnection (OSI) model and the transmission control protocol/internet protocol (TCP/IP) model. Our work will lead to the development of a hardware-independent framework for securing general quantum networks that allows developers to identify mandatory security mechanisms and incorporate additional security requirements of the clients during design of the networks.Poster presenter: Salini Karuvade - #96:Quantum repeaters based on concatenated bosonic and discrete-variable quantum codesFilip Rozpedek (University of Chicago); Kyungjoo Noh (Yale University); Qian Xu (University of Chicago); Saikat Guha (University of Arizona); Liang Jiang (University of Chicago)[abstract]
**Abstract:**We propose a novel architecture of quantum-error-correction-based quantum repeaters that combines the techniques used in discrete and continuous variable quantum information. Specifically, we propose to encode the transmitted qubits in a concatenated code consisting of two levels. On the first level we use a continuous variable GKP code which encodes the qubit in a single bosonic mode. On the second level we use a small discrete variable code, encoding a logical qubit in as few as seven physical qubits. Such an architecture introduces two major novelties which allow us to make efficient use of resources. Firstly, our architecture makes use of two types of quantum repeaters: the simpler GKP repeaters that need to only be able to store and correct errors on a single GKP qubit and more powerful but more costly multi-qubit repeaters that additionally can correct errors on the higher level. We find that the combination of using the two types of repeaters enables us to achieve performance needed in practical scenarios with a significantly reduced cost with respect to an architecture based solely on multiqubit repeaters. Secondly the use of continuous variable GKP code on the lower level has the advantage of providing us with the information about the success probability of the specific GKP correction round. This analog information, unique to bosonic codes, provides significant boost in performance when used to correct second level errors in the multi-qubit repeaters.Poster presenter: Filip Rozpedek - #101:Entanglement generation in a quantum network at distance-independent ratesAshlesha Patil (College of Optical Sciences, The University of Arizona, Tucson, AZ, USA); Mihir Pant (Massachusetts Institute of Technology, Cambridge, MA, USA); Dirk Englund (Massachusetts Institute of Technology, Cambridge, MA, USA); Don Towsley (College of Information and Computer Sciences, University of Massachusetts, Amherst, MA, USA); Saikat Guha (College of Optical Sciences, The University of Arizona, Tucson, AZ, USA)[abstract]
**Abstract:**We develop a protocol that allows a pair of users to sift a secret key starting from shared variable-length Greenberger-Horne-Zeilinger (GHZ) states. It is an extension of the BBM’92 protocol which relies on measurements in the matching basis for entanglement witness. We then design an entanglement generation scheme over a quantum network that equips the quantum key generation protocol to achieve key rates that are independent of the distance between the two users. The key new insight in our protocol is to allow a repeater node to use n-qubit GHZ projective measurements that can fuse n successful entangled links, i.e., two-qubit entangled Bell pairs shared across network edges, incident at that node, into an n-qubit GHZ state shared by the far nodes of those edges. If we allow even 3-fusions at the nodes, we find by developing a connection to a modified version of the site-bond percolation problem that despite lossy (hence probabilistic) link-level entanglement generation, and probabilistic success of the fusion measurements at nodes, one can generate entanglement between end two parties at a rate that stays constant as the distance between them increases. This is not possible to attain with any (non-error-corrected) quantum networking protocol using Bell measurements alone.Poster presenter: Ashlesha Patil - #110:Quantum repeaters in spaceCarlo Liorni (Heinrich-Heine-Universität Düsseldorf); Hermann Kampermann (Heinrich-Heine-Universität Düsseldorf); Dagmar Bruß (Heinrich-Heine-Universität Düsseldorf)[abstract]
**Abstract:**Entanglement distribution between very distant parties allows several interesting quantum-enabled protocols to be performed, in the fields of quantum communication, metrology and distributed computation. However, achieving this task over global distances (thousands of km) is very daunting, due to the exponential losses of light in optical fibres. The concept of a quantum repeater has been introduced to counter this problem. Such a device allows, using quantum memories and protocols based on entanglement swapping or quantum error correction, to connect several elementary links and enlarge the achievable distance. An alternative solution is represented by satellite-relayed free-space channels, that have already been proven to be feasible with current technology. Using a double downlink from a single satellite, however, the maximum distance between the ground stations is limited to {1500-2000} km, due to the additional losses encountered at low elevation angles. Through quantum repeaters, few of these satellite links can be chained together to reach global distances. In this work we propose and study a scheme in which entanglement sources and quantum repeaters are placed on board of satellites, orbiting around the Earth in the string of pearls configuration. This allows to connect two users on the ground via free-space optical links outside the atmosphere, achieving far superior distance-to-loss ratio with respect to the standard fibre-based implementation. In this way, a small number of intermediate nodes is enough to achieve entanglement distribution over global distances at a reasonable rate. The performance of this repeater chain is assessed in terms of the secret key rate achievable by the BB-84 cryptographic protocol, taking into account the most important sources of noise. We perform a comparison with other repeater chain architectures and show that our scheme is superior in almost every situation, achieving higher key rates, reliability and flexibility. These results have been obtained assuming reasonably conservative values of the parameters of the setup, such as the size of the optical elements and the efficiency of the quantum memories. The feasibility of the implementation in the mid-term future is analysed, based on recent developments in space-borne technology. We finally discuss some exemplary orbital configurations to connect several pairs of cities around the world with very small satellite constellations and estimate the cost of such an infrastructure. The integration of satellite-based links with ground repeater networks can be envisaged to represent the backbone of the future Quantum Internet. C. Liorni, H. Kampermann, D. Bruß, arXiv:2005.10146, 2020Poster presenter: Carlo Liorni - #112:CubeSat Based Quantum CommunicationPeide Zhang (University of Bristol); Elliott Hastings (University of Bristol); David Lowndes (University of Bristol); Siddarth Joshi (University of Bristol); John Rarity (University of Bristol); Daniel Oi (University of Strathclyde); Cassandra Mercury (Craft Prospect Ltd); Jasminder S. Sidhu (University of Strathclyde); Steve Greenland (Craft Prospect Ltd); Luca Mazzarella (NASA, Jet Propulsion Laboratory); Doug McNeil (Craft Prospect Ltd); Sonali Mohapatra (Craft Prospect Ltd)[abstract]
**Abstract:**Space-based quantum key distribution (QKD) overcomes the limits of distance between terrestrial users caused by losses in optical fibre. Thus, it is the most promising method to establish a global scale QKD network. While the first QKD platform in the space - “the Micius satellite” – was a ground-breaking proof of principle demonstration, it is not a commercially favourable solution. We present our Cube-Sat payload design which has a more economically viable key-rate. The whole system is consisting of two parts, a 2U transmitter payload in Cube Satellite and an Optical Ground Station (OGS) working as receiver. The system is designed for polarisation based BB84/Decoy-State protocol with 100Mhz key transmission rate. In order to avoid the light pollution near the metropolitan centres and provide flexibility, we present our progress towards a mobile OGS which will be able to act as a receiver for the quantum signal.Poster presenter: Peide Zhang - #113:Free-space single-mode receiver with adaptive optics for quantum communicationKui-Xing Yang (Department of Modern Physics and National Laboratory for Physical Sciences at Microscale, Shanghai Branch, University of Science and Technology of China, Heifei, Anhui 230026, China. CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, Shanghai Branch, University of Science and Technology of China, Hefei, Anhui 230026, China. Shanghai Research Center for Quantum Science, Shanghai 201315, China.); Maimaiti Abulizi (Department of Modern Physics and National Laboratory for Physical Sciences at Microscale, Shanghai Branch, University of Science and Technology of China, Heifei, Anhui 230026, China. CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, Shanghai Branch, University of Science and Technology of China, Hefei, Anhui 230026, China. Shanghai Research Center for Quantum Science, Shanghai 201315, China.); Yu-Huai Li (Department of Modern Physics and National Laboratory for Physical Sciences at Microscale, Shanghai Branch, University of Science and Technology of China, Heifei, Anhui 230026, China. CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, Shanghai Branch, University of Science and Technology of China, Hefei, Anhui 230026, China. Shanghai Research Center for Quantum Science, Shanghai 201315, China.); Bo-Yang Zhang (Department of Modern Physics and National Laboratory for Physical Sciences at Microscale, Shanghai Branch, University of Science and Technology of China, Heifei, Anhui 230026, China. CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, Shanghai Branch, University of Science and Technology of China, Hefei, Anhui 230026, China. Shanghai Research Center for Quantum Science, Shanghai 201315, China.); Shuang-Lin Li (Department of Modern Physics and National Laboratory for Physical Sciences at Microscale, Shanghai Branch, University of Science and Technology of China, Heifei, Anhui 230026, China. CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, Shanghai Branch, University of Science and Technology of China, Hefei, Anhui 230026, China. Shanghai Research Center for Quantum Science, Shanghai 201315, China.); Yuan Cao (Department of Modern Physics and National Laboratory for Physical Sciences at Microscale, Shanghai Branch, University of Science and Technology of China, Heifei, Anhui 230026, China. CAS Center for Excellence and Synergetic Innovation Center in Quantum Information and Quantum Physics, Shanghai Branch, University of Science and Technology of China, Hefei, Anhui 230026, China. Shanghai Research Center for Quantum Science, Shanghai 201315, China.)[abstract]
**Abstract:**Satellite-based quantum communication is a promising approach for realizing globalscale quantum networks. However, due to atmospheric turbulence, achieving a highly efficient and stable spatial single-mode receiver, which is very important for daylight free-space quantum key distribution and more complex quantum information tasks involving quantum interference, is difficult. Here, we develop a spatial single-mode receiver with an adaptive optics (AO) system based on a modal version of the stochastic parallel gradient descent algorithm (M-SPGD) and conduct a field test of its performance over an 8 km urban terrestrial free-space channel. Our experimental results demonstrate the AO technology based on M-SPGD has a great boosting for single-mode receiver and is useful for large-scale quantum communication.Poster presenter: Kui-Xing Yang - #114:Improving key rates of the unbalanced phase-encoded BB84 protocol using the flag-state squashing modelNicky Kai Hong Li (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo)[abstract]
**Abstract:**All phase-encoded BB84 implementations have signal states with unbalanced amplitudes in practice. Thus, the original security analyses a priori do not apply to them. Previous security proofs use signal tagging of multi-photon pulses to recover the behaviour of regular BB84. This is overly conservative, as for unbalanced signals, the photon-number splitting attack does not leak full information to Eve. In this work, we exploit the flag-state squashing model to preserve some parts of the multi-photon generated private information in our analysis. Using a numerical proof technique, we obtain significantly higher key rates compared with previously published results in the low-loss regime. It turns out that the usual scenario of untrusted dark counts runs into conceptual difficulties in some parameter regime. Thus, we discuss the trusted dark count scenario in this paper as well. We also report a gain in key rates when part of the total loss is known to be induced by a trusted device. We highlight that all these key rate improvements can be achieved without modification of the experimental setup.Poster presenter: Nicky Kai Hong Li - #115:Quantum random number generators with entanglement for public randomness testingJanusz E. Jacak (Dept. of Quantum Technologies, Wroclaw University of Sciecne and Technology, Wroclaw, Poland); Witold A. Jacak (Dept. of Quantum Technologies, Wroclaw University of Sciecne and Technology, Wroclaw, Poland); Wojciech A. Donderowicz (Compsecur Sp z o.o., Wroclaw, Poland); Piotr Jóźwiak (Dept. of Applied Informatics, Wroclaw University of Sciecne and Technology, Wroclaw, Poland); Lucjan Jacak (Dept. of Quantum Technologies, Wroclaw University of Sciecne and Technology, Wroclaw, Poland)[abstract]
**Abstract:**We present a simple idealistic quantum entanglement based protocol for quantum random number generation allowing a trusted third party to publicly perform arbitrarily complex tests of randomness without any violation of the secrecy of the generated bit sequences. The protocol diminishes also an average time of the randomness testing (thus enabling arbitrary shortening of this time with increasing number of entangled qubits).Poster presenter: Witold A. Jacak - #116:Franchised Quantum MoneyBhaskar Roberts (UC Berkeley, Princeton University); Mark Zhandry (Princeton University, NTT Research)[abstract]
**Abstract:**Classical bits can be copied, but quantum bits, in general, cannot. As a result, there is interest in creating uncounterfeitable quantum money, in which a set of qubits can be spent as money but cannot be duplicated. To function as money, there must be a way to verify that a given state is a valid banknote and not a counterfeit. Many recent efforts have tried to allow public key verification, where any untrusted user, even a would-be counterfeiter, can verify the banknotes. However, despite many attempts, a secure construction of public-key quantum money has remained elusive. Here we introduce franchised quantum money, a new notion that is weaker than public key quantum money but brings us closer to realizing it. Franchised quantum money allows any untrusted user to verify banknotes using a unique secret key. Furthermore, we give a construction of franchised quantum money and prove security assuming the quantum hardness of the short-integer solution problem (SIS). This is the first construction of quantum money that allows an untrusted user to verify the banknotes, and which has a proof of security based on widespread assumptions. It is therefore an important step toward public key quantum money. Under franchised quantum money, untrusted users receive unique secret verification keys. With their key, a user can verify banknotes without the mint involved, but they cannot create counterfeit money that would fool another user. This is different from public key quantum money because the verification key may actually enable counterfeiting, but the only person that the counterfeiter can fool is themselves. Here is how franchised quantum money might be useful: consider a group of large corporations, mutually distrustful, that nevertheless want to make transactions with each other. Further, a trusted third party, the mint, will administer the money system. While the mint cannot make verification public-key, it can franchise the ability to verify banknotes to the group of untrusted corporations. The mint gives each corporation a unique secret verification key that allows them to verify banknotes from another corporation. Now what if one corporation decides to start using its key to copy money? Since each corporation gets a different key, any banknotes that the corporation produces will fail to verify when a different key is used. Therefore the dishonest corporation will not be able to fool anyone but themselves. Public key quantum money has eluded sophisticated attempts to construct it directly, so franchised quantum money is useful as a stepping stone. Although franchised quantum money is not public-key, it still enables verification without the mint involved, which is the main feature of interest for public key quantum money. Further, we give a construction of franchised quantum money with a proof of security based on widely-held assumptions about the SIS problem. Franchised quantum money offers greater security than existing constructions of quantum money, and brings us closer to public-key verification.Poster presenter: Bhaskar Roberts - #121:Communicating using non-maximally entangled statesSujan Vijayaraj (Vellore Institute of Technology, Vellore, India); S. Balakrishnan (Vellore Institute of Technology, Vellore, India); K. Senthilnathan (Vellore Institute of Technology, Vellore, India)[abstract]
**Abstract:**Quantum communication in general helps deter potential eavesdropping in the course of transmission of bits to enable secure communication between two or more parties. In this paper, we propose a novel quasi-quantum secure direct communication scheme using non-maximally entangled states. The proposed scheme is simple to implement using existing techniques and significantly reduces the number of leaked bits. As a result long sequences or the whole sequence of data can be communicated at once before error checking for a potential eavesdropper. Also a cipher can be used in the protocol for retrieving the bits that are lost due to security. The qubit efficiency of the proposed protocol is found to be 40 %.Poster presenter: Sujan Vijayaraj - #122:Vulnerabilities of Quantum LightningBhaskar Roberts (UC Berkeley, Princeton University)[abstract]
**Abstract:**Zhandry recently defined a new cryptographic object called quantum lightning, which has a number of useful applications, including a strong form of quantum money. Further, Zhandry proposed a construction of quantum lightning based on superpositions of low-rank matrices. The scheme is unusual, so it is difficult to analyze whether the scheme is secure and difficult to base the scheme’s security on any widespread computational assumptions. Instead, Zhandry proposed a new hardness assumption that, if true, could be used to prove security. While the new hardness assumption is plausible, it has not been rigorously analyzed. In this work, we analyze the hardness assumption to determine how, if at all, it can be justified. We show that Zhandry’s hardness assumption is in fact false, so the proof of security for Zhandry’s scheme does not hold. While the scheme itself has not been proven insecure, our analysis suggests an approach to developing attacks that might prove the scheme insecure.Poster presenter: Bhaskar Roberts - #123:Hong-Ou-Mandel interference between heralded pulsed photon sources with PPKTPBo Li (University of Science and Technology of China)[abstract]
**Abstract:**Heralded single photons with a wavelength of 780 nm were generated from 30-mm long PPKTP crystals. The spectral correlation was eliminated under narrow band-pass filtering, and Hong-Ou-Mandel interference between two heralded single-photon sources was demonstrated.Poster presenter: Bo Li - #124:The loss tolerant protocol with a twistJ. Eli Bourassa (University of Toronto); Ignatius William Primaatmaja (National University of Singapore); Charles Ci Wen Lim (National University of Singapore); Hoi-Kwong Lo (University of Toronto)[abstract]
**Abstract:**The security of measurement device-independent quantum key distribution (MDI QKD) relies on a thorough characterization of one's optical source output, especially any noise in the state preparation process. Here, we provide an extension of the loss-tolerant protocol [Phys. Rev. A 90, 052314 (2014)], a leading proof technique for analyzing the security of QKD, to MDI QKD protocols that employ mixed signal states. We first reframe the core of the proof technique, noting its generalization to treat d-dimensional signal encodings. Concentrating on the qubit signal state case, we find that the mixed states can be interpreted as providing Alice and Bob with a virtual shield system they can employ to reduce Eve's knowledge of the secret key. We then introduce a simple semidefinite programming method for optimizing the virtual twisting operations they can perform on the shield system to yield a higher key rate, along with an example calculation of fundamentally achievable key rates in the case of random polarization modulation error.Poster presenter: J. Eli Bourassa - #125:Noisy pre-processing facilitating a photonic realisation of device-independent quantum key distributionMelvyn Ho (University of Basel); Pavel Sekatski (University of Basel); Ernest Y-Z. Tan (ETHZ); Renato Renner (ETHZ); Jean-Daniel Bancal (University of Geneva); Nicolas Sangouard (University of Basel)[abstract]
**Abstract:**Device-independent quantum key distribution provides security even when the equipment used to communicate over the quantum channel is largely uncharacterized. An experimental demonstration of device-independent quantum key distribution is however challenging. A central obstacle in photonic implementations is that the global detection efficiency, i.e., the probability that the signals sent over the quantum channel are successfully received, must be above a certain threshold. We here propose a method to significantly relax this threshold, while maintaining provable device-independent security. This is achieved with a protocol that adds artificial noise, which cannot be known or controlled by an adversary, to the initial measurement data (the raw key). Focusing on a realistic photonic setup using a source based on spontaneous parametric down conversion, we give explicit bounds on the minimal required global detection efficiency.Poster presenter: Jean-Daniel Bancal - #128:Dissipative dynamics of quantum states in the fiber channelAndrei Gaidash (ITMO University); Anton Kozubov (ITMO University); George Miroshnichenko (ITMO University)[abstract]
**Abstract:**In this paper we consider the Liouville equation that describes the quantum non-unitary dynamics of quantum states in optical fiber.We consider particular case of thermalization aiming to applications related to various quantum information protocols; however the model can be generalized in various ways taking into account more features (external pump, nonlinear interactions, continuous spectra, free space propagation, etc.). In order to obtain the appropriate evolution models for states in the channel we use the SU(1,1) algebra formalism in the Liouville representation. Developed model is applied in cases of two different initial states as an example. The first is single- and multi-frequency-mode (e.g. wavelength-division-multiplexed) weak coherent states in quantum notation as rather simple but useful example. This particular example is of interest since weak coherent states are commonly used tool in various fields of optics, e.g. optical communication, quantum key distribution, etc. Results for coherent states are well agreed with classical theories however in order to highlight quantum features of developed theory we also consider the case of non-classical light, in particular Fock states. Considered implementation of model takes into account dichroism, retardance, thermalization, dispersion, decoherence in polarization domain. We derive expressions of evolved states, mean photon number and estimate the Stokes parameters as well as degree of polarization. Considered examples explicitly demonstrates all the features and effects of developed approach. Described approach allows to connect the information properties of quantum channels with its physical ones. In order to illustrate this statement we consider BB84 quantum key distribution protocol and investigate behavior of quantum bit error rate affected by considered physical phenomena in optical fiber.Poster presenter: Andrei Gaidash - #129:Complete Bell state analyser for photonic qubits using semi-demolition or entangled non-demolition measurementsAnton Kozubov (ITMO University); Andrei Gaidash (ITMO University); George Miroshnichenko (ITMO University)[abstract]
**Abstract:**In this paper we present for the first time two possible techniques for deterministic two-step complete Bell state analyzer of optical (polarization) qubits using semi-demolition or entangled non-demolition measurements. Main difference to a prior studies in the field is that we do not use hyperentanglement or representation of the Bell states as concatenated Greenber–Horne–Zeilinger (C-GHZ) state to provide the discrimination. We demonstrate two different approaches for complete Bell state measurement based on different types of filtration. In entangled non-demolition measurement we allocate two pairs of the states from each other as the filtration process. The approach can be based on the utilization of cubic (Kerr) nonlinearity and auxiliary mode. In semi-demolition measurement two states are unambiguously discriminated and hence destroyed; however two other states passes the filter without modification. The measurement destroys the single photon subspace in every mode and preserves the superposition of zero and two photons. It can be realized with discrete photodetection based on microresonator with atoms. Such filtration can be considered as quadratic nonlinearity just as any measurement. The most significant about this approach is that we do not transform the initial states using any type of filtration based on different nonlinearities. - #130:Twin-field quantum key distribution with discrete phase randomizationGuillermo Curras Lorenzo (University of Leeds); Lewis Wooltorton (University of Leeds); Mohsen Razavi (University of Leeds)[abstract]
**Abstract:**Twin-field (TF) quantum key distribution (QKD) can overcome fundamental secret-key-rate bounds on point-to-point QKD links, allowing us to reach longer distances than ever before. Since its introduction, several practical TF-QKD variants have been proposed, and some of them have already been implemented experimentally. All of them assume that the users can emit weak coherent pulses with a continuous random phase, either to generate the key, or to prove its security. In practice, this assumption is often not satisfied, which could open up security loopholes in their implementations. Here, we propose and prove the security of a TF-QKD variant that relies exclusively on discrete phase randomisation, which is easier to achieve in practice. Remarkably, our results show that it can also provide higher secret-key rates than other variants.Poster presenter: Guillermo Currás Lorenzo - #131:Two MET-LDPC codes designed for long distance CV-QKDHossein Mani (Technical University of Denmark); Bernhard Ömer (Austrian Institute of Technology); Ulrik Lund Andersen (Technical University of Denmark); Tobias Gehring (Technical University of Denmark); Christoph Pacher (Austrian Institute of Technology)[abstract]
**Abstract:**Here in this poster we present two new MET-LDPC codes designed for rates 0.02 and 0.01 with even higher efficiency: β = 99.2% and β = 98.7% , respectively. We will present simulation results to demonstrate their performance. The presented codes can be used by different reconciliation strategies to increase the distance of CV-QKD.Poster presenter: Hossein Mani - #132:AIT QKD Post Processing and Network SoftwareOliver Maurhart (AIT Austrian Institute of Technology GmbH); Stefan Petscharnig (AIT Austrian Institute of Technology GmbH); Thomas Grafenauer (AIT Austrian Institute of Technology GmbH); Michael Hentschel (AIT Austrian Institute of Technology GmbH); Bernhard Ömer (AIT Austrian Institute of Technology GmbH); Philipp-Sebastian Vogt (AIT Austrian Institute of Technology GmbH); Christoph Pacher (AIT Austrian Institute of Technology GmbH)[abstract]
**Abstract:**Since 2004 AIT has developed a software suite for QKD post processing and key routing in trusted repeater networks. This software provides a set of building blocks to integrate sifting, error estimation, error correction, confirmation, privacy amplification and information-theoretically secure message authentication. Accompanying the QKD post-processing is the Quantum Point-to-Point Protocol (Q3P) node which enforces information-theoretically secure network peer-to-peer communication for classical applications. We already reported on the support for different DV and CV-QKD protocols, and high-performance error correction using GPUs for terrestrial QKD. Here we will discuss the following new capabilities of the software * a low dependency footprint for future use on satellites, * hibernation of QKD post-processing pipelines and switching between them for key establishment with different ground terminals and satellites, * CoAP interfaces to cover demands of the control and management plane in today’s network environment, and * the port to ARM/FPGA SoC boards. The CoAP interfaces allow rapid scripting of QKD modules or AIT QKD based applications with Python or even Bash. Utilities and tools, as well as a boilerplate setup for QKD module coding projects, also support the creation of new QKD post-processing modules or QKD based user applications. The AIT QKD software is bundled with management tools, partly GUI oriented. The software is available under different license options and AIT welcomes suggestions from academic groups or industry to co-operate.[no PDF yet]Poster presenter: Oliver Maurhart - #134:A quantum random number generator based on a polymer photonic-integration platformMartin Achleitner (AIT Austrian Institute of Technology); Lena Hansen (Fraunhofer Heinrich Hertz Institute); Hauke Conradi (Fraunhofer Heinrich Hertz Institute); Moritz Kleinert (Fraunhofer Heinrich Hertz Institute); Christoph Pacher (AIT Austrian Institute of Technology); Hannes Hübel (AIT Austrian Institute of Technology)[abstract]
**Abstract:**Quantum random number generators (QRNG) are a well-studied quantum resource for information and communication technologies. Offering the randomness derived from quantum mechanical principles, QRNGs will replace current technologies of pseudo random number generation. However, prices and form factors must come down, if this technology is to feed mobile or IoT devices in the future. We present a step in this direction by realizing a QRNG in the polymer-based photonic integration platform PolyBoard.Poster presenter: Martin Achleitner - #136:Parallelizing Single-Photon Detection for Ultra-Fast Quantum Key DistributionMatthias Häußler (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Martin A. Wolff (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Fabian Beutel (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Helge Gehring (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Robin Stegmüller (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Nicolai Walter (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Wladick Hartmann (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Max Tillmann (PicoQuant GmbH, Rudower Chaussee 29, 12489 Berlin, Germany); Michael Wahl (PicoQuant GmbH, Rudower Chaussee 29, 12489 Berlin, Germany); Tino Röhlicke (PicoQuant GmbH, Rudower Chaussee 29, 12489 Berlin, Germany); Andreas Bülter (PicoQuant GmbH, Rudower Chaussee 29, 12489 Berlin, Germany); Doreen Wernicke (Entropy GmbH, Gmunder Straße 37a, 81379 München, Germany); Nicolas Perlot (Fraunhofer Heinrich Hertz Institute, Einsteinufer 37, 10587 Berlin, Germany); Jasper Rödiger (Fraunhofer Heinrich Hertz Institute, Einsteinufer 37, 10587 Berlin, Germany); Wolfram H. P. Pernice (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany); Carsten Schuck (Institute of Physics, University of Münster, Heisenbergstraße 11, 48149 Münster, Germany)[abstract]
**Abstract:**Emerging quantum technologies, such as quantum key distribution, increase the demand for reliable tools that enable single-photon generation, manipulation and sensing on an increasingly large scale. In the framework of integrated photonics, these needs can be fulfilled by patterning highly stable photonic devices on monolithic silicon chips in CMOS compatible processes. In this work we show how advanced single-photon detection capabilities are achieved on a silicon chip, realizing a 4x4 array of waveguide-integrated superconducting nanowire single-photon detectors (SNSPDs). Our detectors are fabricated from highly uniform superconducting NbTiN thin films in a U-shape geometry atop of silicon nitride strip waveguides [1]. The nanophotonic circuitry is interfaced with scalable 3D polymeric out-of-plane fiber-to-chip couplers [2] featuring high broadband transmission in the telecom regime. In order to address each detector individually via a separate fiber-optic channel, we precisely align a 16-channel 2D fiber array to the 4x4 coupler matrix. We evaluate the performance of our waveguide-integrated SNSPD array in a cost-efficient closed-cycle cryostat at 3.5 K. We find dark count rates below 10 Hz combined with a superior system detection efficiency of up to 50 % at 30 MHz count rate for telecom-wavelength photons. In addition, we achieve 120 ps timing jitter with a simple two-stage room-temperature amplification approach. Our detector arrays pave the way for parallelized multi-channel single-photon detection and will therewith enable ultra-fast quantum key distribution. Furthermore, our approach allows for integrating sophisticated nanophotonic devices with waveguide-coupled single-photon detectors providing additional variability and functionality.Poster presenter: Matthias Häußler - #137:The QKD Testbed project OPENQKDHannes Hübel (AIT Austian Institute of Technology)[abstract]
**Abstract:**The OPENQKD project is currently the largest QKD-focused initiative in Europe comprising of 38 partners. The project brings together a multidisciplinary team of the leading European telecommunication equipment manufacturers, end-users and critical infrastructure providers, network operators, QKD equipment providers, digital security professionals and scientists from 13 countries to reinforce Europe’s position at the forefront of quantum communication capabilities globally. We present here the first deployment results from selected testbeds, list the demonstration sites and associated use cases. We will also provide an overview of the QKD devices built for the project and a timetable for the future deployments.Poster presenter: Hannes Hübel - #138:Security Proof for Discrete-Modulated Continuous-Variable Quantum Key Distribution without Photon-Number Cut-off AssumptionTwesh Upadhyaya (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Thomas Van Himbeeck (Institute for Quantum Computing, University of Waterloo, University of Toronto); Jie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo); Norbert Lutkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo)[abstract]
**Abstract:**In this work, we provide a complete, unconditional, asymptotic security analysis of DMCVQKD with four or more states. We do not need the photon-number cut-off assumption required in previous proofs. We derive inequalities that relate the result of a suitably chosen finite-dimensional optimization to the key rate. We solve the optimization numerically and utilize uniform continuity bounds to derive tight key rate lower bounds. We find that the key rates are comparable to previous conditional security proofs with the cut-off assumption, and to those achieved by Gaussian-modulated CVQKD.Poster presenter: Twesh Upadhyaya - #139:Towards an Open-source Software Platform for Numerical Key Rate Calculation of General Quantum Key Distribution ProtocolsJie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Ian George (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Kai-Hong Li (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Kun Fang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Twesh Upadhyaya (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Natansh Mathur (India Institute of Technology Roorkee, Roorkee, India, 247667); Max Chemtov (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Slock A. Nahar (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Shahabeddin M. Aslmarand (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Thomas Van Himbeeck (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Yanbao Zhang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1; NTT Basic Research Laboratories and NTT Research Center for Theoretical Quantum Physics, NTT Corporation, 3-1 Morinosato-Wakamiya, Atsugi, Kanagawa, Japan 243-0198); Christopher Boehm (University of Freiburg, Freiburg im Breisgau, Germany 79085); Patrick Coles (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1; Theoretical Division, Los Alamos National Laboratory, Los Alamos, NM 87545, US); Adam Winick (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Wenyuan Wang (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1)[abstract]
**Abstract:**A numerical approach for the calculation of QKD key rates allows a uniform framework to be applied to general QKD protocols. Based on our group's previous work, we would like to build a universal software platform that is fully modularized and user-friendly, where one can easily swap in and out different QKD protocol descriptions, channel simulation models or experimental data, backend numerical solvers, and parameter optimization algorithms. Our goal is to build an open-source platform that can be both useful for theorists testing new protocols as well as experimentalists looking for optimal parameters or analyzing their experimental data.Poster presenter: Wenyuan Wang - #141:Field Test of QKD Secured Video Conference System for Clinical UseRirika Takahashi (Corporate Research and Development Center, Toshiba Corporation); Yoshimichi Tanizawa (Corporate Research and Development Center, Toshiba Corporation); Alexander R. Dixon (Corporate Research and Development Center, Toshiba Corporation); Akira Murakami (Corporate Research and Development Center, Toshiba Corporation); Kazuaki Doi (Corporate Research and Development Center, Toshiba Corporation); Mamiko Kujiraoka (Corporate Research and Development Center, Toshiba Corporation); Hideaki Sato (Corporate Research and Development Center, Toshiba Corporation); Muneaki Shimada (Tohoku University Hospital, Tohoku University); Inaho Danjoh (Tohoku Medical Megabank Organization, Tohoku University); Fumiki Katsuoka (Tohoku Medical Megabank Organization, Tohoku University and Advanced Research Center for Innovations in Next-Generation Medicine, Tohoku University); Yasunobu Okamura (Tohoku Medical Megabank Organization, Tohoku University and Advanced Research Center for Innovations in Next-Generation Medicine, Tohoku University); Fuji Nagami (Tohoku Medical Megabank Organization, Tohoku University and Advanced Research Center for Innovations in Next-Generation Medicine, Tohoku University)[abstract]
**Abstract:**To realize highly secure communication required for sensitive personal information, quantum key distribution (QKD) was applied to a video conference system for clinical use in a field trial. We demonstrated that the system provides a QKD secured environment for discussion and for sharing screens of patient cases among medical experts. The results indicated that our QKD system’s secure key rate is sufficient for a video conference in real time. This demonstrated that QKD is applicable to video conference systems for practical use.Poster presenter: Ririka Takahashi - #145:Improving the performance of CV-QKD with multi-mode signalsRupesh Kumar (Department of Physics, University of York); Igor Konieczniak (Department of Physics, University of York); Tim Spiller (Department of Physics, University of York)[abstract]
**Abstract:**Continuous variable quantum key distribution (CV-QKD) uses shot-noise limited detection for measuring the quadratures of the signal sent by Alice over the quanutm channel. Typically, the signal transmission rate is limited by the bandwidth of the detection. One of the drawbacks of CV-QKD systems is low secure key generation rate at longer transmission distances. High bandwidth detectors—which allow higher signal transmission rates—cannot improve the key generation rate as these increase the electronic noise variance. Electronic noise variance in CV-QKD systems is considered as a trusted noise source and so theoretically, it does not have a great impact on the final key rate. However, from the practical point of view, there is impact on the performance of error correction codes—such as low density parity codes (LDPC). Increased electronic noise decreases the signalto-noise ratio (SNR). Constructing LDPC at lower SNR is a bottleneck for achieving long distance CV-QKD. Multi-mode signals can improve the SNR of CV-QKD system to a significant extent. In this work, we consider a multi-mode signal based CV-QKD system where signal modes are jointly measured in order to reduce the impact of electronic noise on the SNR.Poster presenter: Rupesh Kumar - #147:Influence of birefringent fiber joints on the visibility drift in a Mach–Zehnder interferometerG M Krylov (QRate, Moscow, Russia); O V Fat'yanov (QRate, Moscow, Russia); A V Duplinskii (QRate, Moscow, Russia); Y V Kurochkin (QRate, Moscow, Russia)[abstract]
**Abstract:**It is shown that imperfect joints of linear birefringent fibers in a fiber interferometer may result in an uncontrolled visibility drift under varying environmental conditions even with a standard phase matching device. As an example, a double Mach –Zehnder interferometer is considered, which is employed in schemes of quantum key distribution. Results of numerical simulation demonstrate the standard deviation of QBER, which is comparable to an average QBER.Poster presenter: Georgii Krylov

### Thu, 13 Aug, 11:00 - 13:00

- #7:Twin-field quantum digital signaturesChun-Hui Zhang (Nanjing University of Posts and Telecommunications); Yu-Teng Fan (Nanjing University of Posts and Telecommunications); Chun-Mei Zhang (Nanjing University of Posts and Telecommunications); Guang-Can Guo (Nanjing University of Posts and Telecommunications); Qin Wang (Nanjing University of Posts and Telecommunications)[abstract]
**Abstract:**At present, the performance of quantum digital signatures (QDSs) is limited by key generation protocols (e.g., BB84 or measurement-device-independent protocols), which are fundamentally limited in terms of channel capacity. Fortunately, the recently proposed twin-field quantum key distribution can overcome this limit. Here, we for the first time propose a twin-field QDS (TF-QDS) protocol and give a corresponding security analysis. It can not only possess the highest security among all existing QDS protocols, but also exhibit outstanding performance in terms of both signature rates and secure transmission distances. Therefore, our work represents another step towards practical implementation of QDSs. - #9:Secure random number generation from parity symmetric radiationsToyohiro Tsurumaru (Mitsubishi Electric Corporation); Toshihiko Sasaki (The University of Tokyo); Izumi Tsutsui (High Energy Accelerator Research Organization (KEK))[abstract]
**Abstract:**The random number generators (RNGs) are an indispensable tool in cryptography. Of various types of RNG method, those using radiations from nuclear decays (radioactive RNG) has a relatively long history but their security has never been discussed rigorously in the literature. In this paper and in reference [T. Tsurumaru, T. Sasaki, and I. Tsutsui, arXiv:1912.09124 [quant-ph]], we propose a new method of the radioactive RNG that admits a simple and rigorous proof of security. The security proof is made possible here by exploiting the parity (space inversion) symmetry arising in the device, which has previously been unfocused but is generically available for a nuclide which decays by parity-conserving interactions.Poster presenter: Toyohiro Tsurumaru - #11:Semi-Quantum MoneyRoy Radian (Ben Gurion University of the Negev); Or Sattath (Ben Gurion University of the Negev)[abstract]
**Abstract:**Quantum money allows a bank to mint quantum money states that can later be verified and cannot be forged. Usually, this requires a quantum communication infrastructure to transfer quantum states between the user and the bank. This work combines the notion of classical verification -- introduced by Gavinsky (CCC 2012) -- with the notion of user-generated money -- introduced here -- to introduce Semi-Quantum Money, the first quantum money scheme to require only classical communication with the (entirely classical) bank. This work features constructions for both a public memory-dependent semi-quantum money scheme, based on the works of Zhandry and Coladangelo, and for a private memoryless semi-quantum money scheme, based on the notion of Noisy Trapdoor Claw Free Functions (NTCF) introduced by Brakerski et al. (FOCS 2018). In terms of technique, our main contribution is a strong parallel repetition theorem for NTCF.Poster presenter: Roy Radian - #12:Security of quantum key distribution with detection-efficiency mismatch in the multiphoton caseAnton Trushechkin (Steklov Mathematical Institute of Russian Academy of Sciences)[abstract]
**Abstract:**The detection-efficiency mismatch is a common problem in practical quantum key distribution (QKD) systems. The security of quantum key distribution in this case is proved only under the assumption that either the output of the sender side or the input to the receiver side are single-photon signals, which impose a restriction over the class of possible eavesdropping strategies. Here we present a security proof without such a restriction and, thus, solve this important problem and prove the security of quantum key distribution with detection-efficiency mismatch against general attacks. In particular, we propose an adaptation of the decoy state method to the case of detection-efficiency mismatch.Poster presenter: Anton Trushechkin - #13:Quantum Period Finding is Compression RobustAlex May (Ruhr university Bochum); Lars Schlieper (Ruhr university Bochum)[abstract]
**Abstract:**We study quantum period finding algorithms such as Simon and Shor (and its variants Ekerå-Håstad and Mosca-Ekert). For a periodic function $f$ these algorithms produce -- via some quantum embedding of $f$ -- a quantum superposition $\sum_x \ket{x}\ket{f(x)}$, which requires a certain amount of output qubits that represent $\ket{f(x)}$. We show that one can lower this amount to a single output qubit by hashing $f$ down to a single bit in an oracle setting. Namely, we replace the embedding of $f$ in quantum period finding circuits by oracle access to several embeddings of hashed versions of $f$. We show that on expectation this modification only doubles the required amount of quantum measurements, while significantly reducing the total number of qubits. For example, for Simon's period finding algorithm in some $n$-bit function $f: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$ our hashing technique reduces the required output qubits from $n$ down to $1$, and therefore the total amount of qubits from $2n$ to $n+1$. We also show that Simon's algorithm admits real world applications with only $n+1$ qubits by giving a concrete realization of a hashed version of the cryptographic Even-Mansour construction. Our oracle-based hashed version of the Ekerå-Håstad algorithm for factoring $n$-bit RSA reduces the required qubits from $(\frac 3 2 + o(1))n$ down to $(\frac 1 2 + o(1))n$. In principle our hashing approach also works for the Mosca-Ekert algorithm, but requires strong properties of the hash function family. A hashed version of Mosca-Ekert with as few as $\mathcal{O}(\log n)$ qubits would imply classical polynomial time factoring. keywords: Quantum period finding, Simon, Even-Mansour, Shor, Ekerå -Håstad, Mosca-Ekert, minimizing qubitsPoster presenter: Lars Schlieper - #14:Noisy Simon Period FindingAlex May (Ruhr University Bochum); Lars Schlieper (Ruhr University Bochum); Joanthan Schwinger (Ruhr University Bochum)[abstract]
**Abstract:**Let $f: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$ be a Boolean function with period $\vec s$. It is well-known that Simon's algorithm finds $\vec s$ in time polynomial in $n$ on quantum devices that are capable of performing error-correction. However, today's quantum devices are inherently noisy, too limited for error correction, and Simon's algorithm is not error-tolerant. We show that even noisy quantum period finding computations lead to speedups in comparison to purely classical computations. More precisely, we implemented Simon's quantum period finding circuit on the $15$-qubit quantum device IBM Q 16 Melbourne. Our experiments show that with a certain probability $\tau(n)$ we measure erroneous vectors that are not orthogonal to $\vec s$. We propose new, simple, but very effective smoothing techniques to classically mitigate physical noise effects such as e.g. IBM Q's bias towards the $0$-qubit. After smoothing, our noisy quantum device provides us a statistical distribution that we can easily transform into an LPN instance with parameters $n$ and $\tau(n)$. Hence, in the noisy case we may not hope to find periods in time polynomial in $n$. However, we still obtain quantum advantage even for large errors $\tau(n)$ close to $\frac 1 2$. Thus, period finding does not necessarily require full quantum error correction capability. keywords: Noise-tolerant Simon period finding, IBM Q 16, LPN algorithms, quantum advantagePoster presenter: Lars Schlieper - #22:Full quantum one-way function for quantum cryptographyTao Shang (Beihang University); Yao Tang (Beihang University); Ranyiliu Chen (Beihang University); Jianwei Liu (Beihang University)[abstract]
**Abstract:**One-way functions are fundamental tools for cryptography. Until now, quantum one-way functions have several input-output categories such as `classical-to-classical', `classical-to-quantum' and `quantum-to-classical', which are used for post-quantum cryptography or quantum cryptography. However, there are still no intrinsic `quantum-to-quantum' quantum one-way functions. In this paper, we propose the full quantum one-way function to design full quantum cryptographic schemes. By concatenating the `quantum-classical' one-way function and the rotation operation of a single qubit, the full quantum one-way function has the input and output of quantum states. We prove its one-way property from `easy computation' and `computationally difficult to invert'. Then we apply the full quantum one-way function to quantum identity authentication. Security analysis shows that the proposed quantum identity authentication scheme based on the full quantum one-way function is secure even under active attacks.Poster presenter: Tao Shang, Yao Tang - #23:IND-secure quantum symmetric encryption based on point obfuscationRanyiliu Chen (Beihang University); Tao Shang (Beihang University); Jianwei Liu (Beihang University)[abstract]
**Abstract:**Quantum cryptography has developed some fundamental primitives on encryption of quantum data, such as quantum one-time pad and quantum IND (indistinguishability)-security. Compared with other terms in quantum cryptography, quantum obfuscation attracts less attention and is still in its infancy due to its difficulty in implementation and application. In this paper, we define a quantum point function and construct its obfuscation, then demonstrate the validity of applying quantum point obfuscation to quantum symmetric encryption scheme. We rigorously prove that IND-secure quantum symmetric encryption can be realized by quantum point obfuscators. Furthermore, with the properties of combinability or auxiliary inputs, a quantum point obfuscator can implement IND-CPA (indistinguishability under chosen plaintext attack)-secure quantum symmetric encryption or leakage-resilient quantum symmetric encryption, respectively. This work presents new usage of a quantum obfuscator and will complement the theory of quantum obfuscation. - #24:The Improvement of Security for Continuous-Variable Quantum Key Distribution with Imperfect Phase ModulationZhengwen Cao (School of Information Science and Technology, Northwest University Xi’an, 710127, China); Chenhao Zhang (School of Information Science and Technology, Northwest University Xi’an, 710127, China); Geng Chai (School of Information Science and Technology, Northwest University Xi’an, 710127, China); Chen He (School of Information Science and Technology, Northwest University Xi’an, 710127, China)[abstract]
**Abstract:**The signal of the photon must be phase modulated by Phase Modulation(PM), which plays a very important role in a continuous-variable quantum key distribution system. However, there may exits a drift of voltage in actual system. In this paper, we study the influence of the imperfect PM on the system performance of the CVQKD system. The result shows that the imperfect PM can threat the security of CVQKD system and choosing a reasonable noise module can be passively improved the security of system. We also propose a way to contain modulation noise in practical CVQKD systems.Poster presenter: Zhengwen Cao - #26:Quantum key distribution overcoming extreme noise:simultaneous subspace coding using high-dimensional entanglementMirdit Doda (Institute for Quantum Optics and Quantum Information - IQOQI Vienna; Institute of Physics, Slovak Academy of Sciences, Bratislava, Slovakia); Marcus Huber (nstitute for Quantum Optics and Quantum Information - IQOQI Vienna,Austrian Academy of Sciences, Boltzmanngasse 3, 1090 Vienna, Austria); Gláucia Murta (Institut f ̈ur Theoretische Physik III, Heinrich-Heine-Universit ̈at D ̈usseldorf,Universit ̈atsstraße 1, D-40225 D ̈usseldorf, Germany); Matej Pivoluska (Institute of Physics, Slovak Academy of Sciences, 845 11 Bratislava, Slovakia; Institute of Computer Science, Masaryk University, 602 00 Brno, Czech Republic); Martin Plesch (Institute of Physics, Slovak Academy of Sciences, 845 11 Bratislava, Slovakia; Institute of Computer Science, Masaryk University, 602 00 Brno, Czech Republic); Chrysoula Vlachou (Center for Quantum Information and Communication - QuIC,Universit ́e libre de Bruxelles, Brussels, Belgium)[abstract]
**Abstract:**High-dimensional entanglement promises to increase the information capacity of photons and isnow routinely generated exploiting spatio-temporal degrees of freedom of single photons. A curiousfeature of these systems is the possibility to certify entanglement despite strong noise in the data.We show that it is also possible to exploit this noisy entanglement by introducing a protocol thatuses mutliple subspaces of the high-dimensional system simultaneously. Our protocol can be used toincrease key rates in realistic conditions. To that end, we conduct two simulations of our protocol fornoise models that apply to the two most commonly used sources of high-dimensional entanglement:time-bins and spatial modes.Poster presenter: Chrysoula Vlachou - #27:Capacity of Quantum Private Information Retrieval with Colluding ServersSeunghoan Song (Nagoya University); Masahito Hayashi (Southern University of Science and Technology)[abstract]
**Abstract:**Quantum private information retrieval (QPIR) is a protocol that a user retrieves one of f files from non- communicating n servers by downloading quantum systems without revealing the identity of the target file. As variants of the QPIR with stronger security requirements, the symmetric QPIR is a protocol that the files except for the target file are not leaked to the user, and the t-private QPIR is a protocol that the identity of the target file is kept secret even if at most t servers may collude to reveal the identity. The QPIR capacity is the maximum ratio of the one file size to the size of downloaded quantum systems, and we prove that the symmetric t-private QPIR capacity is min{1, 2(n − t)/n} for any 1 ≤ t < n. We construct a capacity-achieving QPIR protocol by the stabilizer formalism and prove the optimality of our protocol. The proposed capacity is greater than the classical counterpart.Poster presenter: Seunghoan Song - #33:Using QKD in MACsec for Secure Ethernet NetworksJoo Yeon Cho (ADVA Optical Networking SE); Andrew Sergeev (ADVA Optical Networking SE)[abstract]
**Abstract:**MACsec (Media Access Control Security) is an IEEE 802.1AE standard for secure communication on Ethernet links. MACsec ensures the confidentiality, integrity and origin authenticity of Ethernet frames. The secrecy of MACsec stems from a root key that is either configured as a pre-shared key or derived from a mutual authentication protocol. However, both methods are not ideal because such root key may be disclosed by human mistakes or broken by quantum attacks. In this paper, we investigate QKD (quantum key distribution) as an alternative source of trust for MACsec. QKD can be used as either a root key provider or a session key generator. We develop a new key exchange protocol based on QKD for Ethernet networks. We verified by experiment that QKD could be well integrated into MACsec without performance degradation.Poster presenter: Joo Yeon Cho - #34:Almost Public Quantum CoinsAmit Behera (Ben-Gurion University of the Negev); Or Sattath (Ben-Gurion University of the Negev)[abstract]
**Abstract:**In a quantum money scheme, a bank can issue money that users cannot counterfeit. Similar to bills of paper money, most quantum money schemes assign a unique serial number to each money state, thus potentially compromising the privacy of the users of quantum money. However in a quantum coins scheme, just like the traditional currency coin scheme, all the money states are exact copies of each other, providing a better level of privacy for the users. A quantum money scheme can be private, i.e., only the bank can verify the money states, or public, meaning anyone can verify. In this work, we propose a way to lift any private quantum coin scheme -- which is known to exist based on the existence of one-way functions, due to Ji, Liu, and Song (CRYPTO'18) -- to a scheme that closely resembles a public quantum coin scheme. Verification of a new coin is done by comparing it to the coins the user already possesses, by using a projector on to the symmetric subspace. No public coin scheme was known prior to this work. It is also the first construction that is very close to a public quantum money scheme and is provably secure based on standard assumptions. The lifting technique when instantiated with the private quantum coins scheme, due to Mosca and Stebila 2010, gives rise to the first construction that is very close to an inefficient unconditionally secure public quantum money scheme.Poster presenter: Amit Behera - #39:Provably secure symmetric private information retrieval with quantum cryptographyWen Yu Kon (National University of Singapore); Charles Ci Wen Lim (National University of Singapore)[abstract]
**Abstract:**Private information retrieval (PIR) is a database query protocol that provides user privacy, in that the user can learn a particular entry of the database of his interest but his query would be hidden from the data centre. Symmetric private information retrieval (SPIR) takes PIR further by additionally offering database privacy, where the user cannot learn any additional entries of the database. Unconditionally secure SPIR solutions with multiple databases are known classically, but are unrealistic because they require long shared secret keys between the parties for secure communication and shared randomness in the protocol. Here, we propose using quantum key distribution (QKD) instead for a practical implementation, which can realise both the secure communication and shared randomness requirements. We prove that QKD maintains the security of the SPIR protocol and that it is also secure against any external eavesdropper. We also show how such a classical-quantum system could be implemented practically, using the example of a two-database SPIR protocol with keys generated by measurement device-independent QKD. Through key rate calculations, we show that such an implementation is feasible at the metropolitan level with current QKD technology.Poster presenter: Wen Yu Kon - #42:Tools for the Performance Optimization of Single-Photon Quantum Key DistributionTimm Kupko (Technische Universität Berlin); Martin v. Helversen (Technische Universität Berlin); Lucas Rickert (Technische Universität Berlin); André Strittmatter (Otto-von-Guericke Universität Magdeburg); Manuel Gschrey (Technische Universität Berlin); Sven Rodt (Technische Universität Berlin); Stephan Reitzenstein (Technische Universität Berlin); Tobias Heindel (Technische Universität Berlin)[abstract]
**Abstract:**Solid-state quantum light sources emitting triggered single photons or entangled photon pairs have the potential to boost the performance of quantum key distribution (QKD) systems. Proof-of-principle experiments affirmed these prospects, but further efforts are necessary to push this field beyond its current status. In this work, we report on tools for the performance optimization of QKD systems using single-photon sources (SPSs). For this purpose, we developed a basic QKD testbed comprising a triggered solid-state single-photon source and a receiver module designed for four-state polarization coding via the BB84 protocol. Exploiting temporal filtering of the signal acceptance time window in a two-dimensional parameter space we analyze the sifted key fraction and the quantum bit error ratio (QBER) expected in in full implementations of QKD. Furthermore, we demonstrate real-time security monitoring by analyzing the QBER and the photon statistics, in terms of g(2)(\tau), inside the quantum channel in real-time during the key distribution process. This is achieved by correlating the photon flux recorded at the four ports of our receiver. Our findings can be directly applied and extended for advanced schemes of quantum communication representing an important contribution towards the development of QKD-secured communication networks based on quantum light sources.Poster presenter: Timm Kupko - #43:Protecting QKD sources against light-injection attacksDaria Ruzhitskaya (Russian Quantum Center); Anastasiya Ponosova (Russian Quantum Center); Friederike Johlinger (University of Bristol); Poompong Chaiwongkhot (University of Waterloo); Vladimir Egorov (ITMO University); Djeylan Aktas (University of Bristol); John Rarity (University of Bristol); Chris Erven (University of Bristol); Vadim Makarov (Russian Quantum Center); Anqi Huang (National University of Defense Technology)[abstract]
**Abstract:**In the age of measurement-device-independent quantum key distribution (MDI QKD) and twin- field QKD (TF QKD), the source units of these QKD schemes may become a new ``Achilles' heel" of the whole system. An adversary, Eve, can conduct various attacks on the sources by injecting lasers, whose power is limited by the laser-induced damage threshold of the quantum channel. Such an amount of power may modify the characteristics of components in a source. In this work, we study possible components to protect the source from the light-injected attacks, i.e., Trojan-horse attack, the laser-seeding attack, and the laser-damage attack. Experimental testing shows that fiber-optics isolators and circulators are good passive countermeasures because they sacrifice themselves' isolation under a high-power laser to protect other components behind them. Moreover, we find that illuminated by the high-power laser, integrated photonics QKD chips only lose the transmission of the coupler before any other change happens for the other components in the chips.Poster presenter: Anqi Huang - #47:Independent security analysis of a commercial quantum random number generator Quantis from ID QuantiqueMikhail Petrov (); Igor Radchenko (); Damian Steiger (); Renato Renner (); Matthias Troyer (); Vadim Makarov ()[abstract]
**Abstract:**We reverse-engineer, test and analyse hardware and firmware of the commercial quantum-optical random number generator Quantis from ID Quantique. We show that > 99% of its output data originates in physically random processes: random timing of photon absorption in a semiconductor material, and random growth of avalanche owing to impact ionisation. We have also found minor non-random contributions from imperfections in detector electronics and an internal processing algorithm. Our work shows that the design quality of a commercial quantum-optical randomness source can be verified without cooperation of the manufacturer and without access to the engineering documentation.Poster presenter: Mikhail Petrov - #50:Composable Security for Multipartite Entanglement VerificationRaja Yehia (LIP6, Sorbonne Université); Eleni Diamanti (LIP6, CNRS, Sorbonne Université); Iordanis Kerenidis (IRIF, CNRS, Université de Paris)[abstract]
**Abstract:**We present a composably secure protocol allowing n parties to test an entanglement generation resource controlled by a possibly dishonest party. The test consists only in local quantum operations and authenticated classical communication once a state is shared among them and provides composable security, namely it can be used as a secure subroutine by n honest parties within larger communication protocols to test if a source is sharing quantum states that are at least Ɛ-close to the GHZ state. This claim comes on top of previous results on multipartite entanglement verification where the security was studied in the usual game-based model. Here, we improve the protocol to make it more suitable for practical use in a quantum network and we study its security in the Abstract Cryptography framework to highlight composability issues and avoid hidden assumptions. This framework is a top-to-bottom theory that makes explicit any piece of information that each component (party or resource) gets at every time-step of the protocol. Moreover any security proof, which amounts to showing indistinguishability between an ideal resource having the desired security properties (up to local simulation) and the concrete resource representing the protocol, is composable for free in this setting. This allows us to readily compose our basic protocol in order to create a composably secure multi-round protocol enabling honest parties to obtain a state close to a GHZ state or an abort signal, even in the presence of a noisy or malicious source. Our protocol can typically be used as a subroutine in a Quantum Internet, to securely share a GHZ state among the network before performing a communication or computation protocol.Poster presenter: Raja Yehia - #53:Characterising the photon-number distribution of quantum channels with double-decoy method and its application to quantum cryptographyEmilien Lavie (NUS/ECE Singapore); Ignatius William Primaatmaja (NUS/CQT Singapore); Charles Ci Wen Lim (NUS/ECE Singapore)[abstract]
**Abstract:**Characterising the input-output photon-number distribution of an unknown optical quantum channel is an important task especially in the case of quantum cryptography. In practice, this would require true photon number sources and photon-number-resolving detectors, but these technologies are still work-in-progress. In this work, we propose an efficient technique called double-decoy method which can provide relevant partial information of the input-output photon-number distribution, including the fraction of events in which the unknown quantum channel accepts and outputs a single photon. These detections correspond to events in which the transmitted single photon survives a basis-independent filter just before the measurement. We apply the double-decoy method to quantum key distribution (QKD) and show that it can substantially reduce the background noise and systematic error at the privacy amplification level, thereby improving the current secret key rate and achievable distance for standard QKD protocols. We also believe that several applications beyond cryptography will benefit from this technique.Poster presenter: Emilien Lavie - #61:Shannon-Limit Approached Information Reconciliation for Quantum CommunicationBang-Ying Tang (College of Computer Science and Technology, National University of Defense Technology); Bo Liu (College of Advanced Interdisciplinary Studies, National University of Defense Technology); Wan-Rong Yu (College of Computer Science and Technology, National University of Defense Technology); Chun-Qing Wu (College of Computer Science and Technology, National University of Defense Technology)[abstract]
**Abstract:**To reduce the frame error rate of polar-based information reconciliation (IR) scheme with high reconciliation efficiency, we propose the Shannon-limit approached (SLA) IR scheme, in which the block checked decoder of polar code is proposed to determine the error sub-blocks in the forward reconciliation and the errors are corrected in the acknowledgment reconciliation. And the experimental results show that the SLA IR scheme reduces the $\varepsilon$-correctness to $10^{-8}$ and improves the efficiency to better than 1.091 with the IR block size of 128Mb. Otherwise, the SLA IR scheme reaches the efficiency of 1.055 with the quantum bit error rate (QBER) of 0.02, when the block length reaches to 1Gb, which is hundred times larger than the state-of-art implemented polar codes-based IR schemes and further reduce the finite length effect.Poster presenter: Bang-Ying Tang - #63:A simplified receiver for 32 channel wavelength-division multiplexing QKDJonas Hanke (Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institute); Jasper Rödiger (Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institute); Nino Walenta (Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institute); Nicolas Perlot (Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institute); Ronald Freund (Fraunhofer Institute for Telecommunications, Heinrich-Hertz-Institute)[abstract]
**Abstract:**When wavelength multiplexing a large number of quantum communication channels and time-phase coding is used, it’s desired in terms of cost and complexity to minimize the number of interferometers. Here, we demonstrate that a visibility sufficiently high to enable QKD operation can be maintained with only a single interferometer at the receiver and without the need for additional high frequency phase modulation.Poster presenter: Jonas Hanke - #64:Trojan Horse Attack on Chip-Scale Quantum Key DistributionFriederike Jöhlinger (University of Bristol); Henry Semenko (University of Bristol); Djeylan Aktas (University of Bristol); Philip Sibson (KETS Quantum Security); Chris Erven (University of Bristol); John Rarity (University of Bristol)[abstract]
**Abstract:**We have come a long way since the first implementation of a quantum key distribution (QKD) system and various attacks have been demonstrated, such as the Trojan Horse Attack (THA). In this attack, the eavesdropper Eve gains information by analysing the back-reflections of light she shines into the QKD system. Almost all attacks have been demonstrated on devices based on fibre components. However, the first chip-scale QKD devices are being developed now, utilising the small size of integrated optics, the stability of the optical system and the ease at which it can be mass-produced, showing great commercial potential. Here we discuss a THA on chip-scale QKD. First, points of reflection in a QKD transmitter chip were found via a reflectometry. Based on this we give an experimental set-up to implement a THA which would give Eve access to 50% of the key. Full experimental results of this attack are expected in the next two to three months.Poster presenter: Friederike Jöhlinger - #68:Unambiguous elimination of pairs of quantum states for quantum communicationIttoop Vergheese Puthoor (Institute of Photonics and Quantum Sciences, Heriot-Watt University, UK); Jonathan Crickmore (Institute of Photonics and Quantum Sciences, Heriot-Watt University, UK); Joseph Ho (Institute of Photonics and Quantum Sciences, Heriot-Watt University, UK); Berke Ricketti (Institute of Photonics and Quantum Sciences, Heriot-Watt University, UK); Sarah Croke (School of Physics and Astronomy, University of Glasgow, UK); Mark Hillery (Department of Physics and Astronomy, Hunter College of the City University of New York, USA); Alessandro Fedrizzi (Institute of Photonics and Quantum Sciences, Heriot-Watt University, UK); Erika Andersson (Institute of Photonics and Quantum Sciences, Heriot-Watt University, UK)[abstract]
**Abstract:**Quantum state elimination measurements tell us what states a quantum system does not have. This is different from state discrimination, where one tries to determine what the state of a quantum system is, rather than what it is not. Apart from being of fundamental interest, quantum state elimination may find uses in quantum communication and quantum cryptography. We consider unambiguous elimination of a pair of quantum states, and present a possible optical realisation of the scheme.Poster presenter: Ittoop Vergheese Puthoor - #72:Client-Server Identification Protocols with Quantum PUFMina Doosti (School of Informatics, University of Edinburgh); Niraj Kumar (School of Informatics, University of Edinburgh); Mahshid Delavar (School of Informatics, University of Edinburgh); Elham Kashefi (School of Informatics, University of Edinburgh)[abstract]
**Abstract:**Recently, major progress has been made towards the realisation of the quantum internet to enable a broad range of applications that would be out of reach for classical internet. Most of these applications such as delegated quantum computation require running a secure identification protocol between a low-resource and a high-resource party to provide secure communication. Physical Unclonable Functions (PUFs) have been shown as resource-efficient hardware solutions for providing secure identification schemes in both classical and quantum settings. In this work, we propose two identification protocols based on quantum PUFs (qPUFs) as defined recently by Arapinis et al. In the first protocol, the low-resource party wishes to prove its identity to the high-resource party and in the second protocol, it is vice versa. Unlike existing identification protocols based on Quantum Read-out of PUFs which rely on the security against a specific family of attacks, our protocols provide provable exponential security against any Quantum Polynomial-Time adversary with only polynomial resource parties. We provide a comprehensive comparison between the two proposed protocols in terms of resources such as quantum memory and computing ability required in both parties as well as the communication overhead between them. A stand-out feature of our second protocol is secure identification of a high-resource party by running a purely classical verification algorithm. This is achieved by delegating quantum operations to the high-resource party and utilising the resulting classical outcomes for identification. An interesting application idea that emerges from our second protocol is certification or benchmarking of general quantum computation schemes based on purely running a classical test on the resulting measurement outcomes.Poster presenter: Mina Doosti, Mahshid Delavar, Niraj Kumar - #73:On Key Generation Schemes with QKD for ApplicationsMikhail Borodin (JSC InfoTeCS, Moscow, Russia); Alexey Urivskiy (JSC InfoTeCS, Moscow, Russia); Andrey Zhilyaev (JSC InfoTeCS, Moscow, Russia)[abstract]
**Abstract:**In this research, we study different approaches to construct Key Generation and Distribution Schemes using Quantum Key Distribution systems. Three schemes are proposed and analyzed. The main question to answer is what happens if a part of the newly shared key is used for authentication while sharing other keys? We consider several attacks, their complexity and probability. It is shown that a hybrid approach, when authentication keys are derived from a mixture of pre-shared keys and key from QKD protocol, is more advantageous.Poster presenter: Andrey Zhilyaev - #75:Semi-Device-Independent Random Number Generation with Flexible AssumptionsMatej Pivoluska (Institute of Computer Science, Masaryk University, Brno and Institute of Physics, Slovak Academy of Sciences, Bratislava); Martin Plesch (Institute of Computer Science, Masaryk University, Brno and Institute of Physics, Slovak Academy of Sciences, Bratislava); Máté Farkas (Institute of Theoretical Physics and Astrophysics, National Quantum Information Centre, Faculty of Mathematics, Physics and Informatics, and International Centre for Theory of Quantum Technologies University of Gdansk); Natália Ružičková (Institute of Science and Technology, Klosterneuburg); Clara Flegel (Institute of Photonics and Quantum Sciences, Heriot-Watt University, Edinburgh); Natalia Herrera Valencia (Institute of Photonics and Quantum Sciences, Heriot-Watt University, Edinburgh); Will McCutcheon (Institute of Photonics and Quantum Sciences, Heriot-Watt University, Edinburgh); Mehul Malik (Institute of Photonics and Quantum Sciences, Heriot-Watt University, Edinburgh); Edgar A. Aguilar (Institute of Quantum Optics and Quantum Information, Austrian Academy of Sciences, Vienna)[abstract]
**Abstract:**Our ability to trust that a random number is truly random is essential for fields as diverse as cryptography and fundamental tests of quantum mechanics. Device-independent quantum random number generators (QRNGs) provide a means of completely trusted randomness, but are highly impractical due to their strict technological requirements, such as loophole-free quantum nonlocality. By making fixed assumptions on specific parts of the device, semi-device-independent QRNGs lower these requirements drastically. However, this {has usually been} done at the cost of limiting their flexibility and security to a specific physical implementation and level of trust. Here we propose and experimentally test a new framework for semi-device-independent randomness certification that employs a flexible set of assumptions, allowing it to be applied in a range of physical scenarios involving both quantum and classical entropy sources. At the heart of our method lies a source of trusted vacuum in the form of a signal shutter, which enables the honesty of partially trusted measurement devices to be tested and provides lower bounds on the guessing probability of their measurement outcomes. We experimentally verify our protocol with a photonic setup and generate secure random bits under three different source assumptions with varying degrees of security and resulting data rates. Our work demonstrates a simple and practical way for achieving semi-device-independent randomness generation with user-defined flexibility in terms of levels of trust and physical implementations.Poster presenter: Matej Pivoluska - #78:Covert Continuous-Variable Quantum Key DistributionRaphaël Aymeric (Télécom Paris); David Fainsin (Télécom Paris); Romain Alléaume (Télécom Paris)[abstract]
**Abstract:**Quantum key distribution (QKD) contrasts with classical cryptographic methods because it provides information-theoretical security on the distilled key. In some security demanding contexts, the perfect confidentiality that can be obtained with QKD combined with One-Time-Pad, may be insufficient. This will be in particular the case if the mere existence of communication can divulge crucial information. Performing QKD covertly solves this by insuring low probability of detection for the QKD signal states. We study here for the first time Covert continuous variable (CV) QKD. We establish, in the general case of a thermal noise channel, that the covertness conditions impose drastic limits to the performance of such protocols. We then propose an original solution to overcome this limitation by performing a computationally-secure coherent block encoding, analogous to spread spectrum, to the signal pulses of a Gaussian modulated coherent state CV-QKD protocol. The resulting protocol provides covertness, under computational assumptions while preserving the information-theoretical security on the final QKD key. We show that our method enables QKD over realistic WDM environments such as a 30 km optical backbone populated by 25 standard channels.[no PDF yet]Poster presenter: Raphaël AYMERIC - #81:Non-restrictive state reduction and analytical bounds in a multipartite device-independent scenarioFederico Grasselli (Heinrich-Heine-Universität Düsseldorf); Gláucia Murta (Heinrich-Heine-Universität Düsseldorf); Hermann Kampermann (Heinrich-Heine-Universität Düsseldorf); Dagmar Bruss (Heinrich-Heine-Universität Düsseldorf)[abstract]
**Abstract:**We consider a device-independent scenario where N parties test the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality. By exploiting the inequality’s symmetries, we drastically simplify the general form of the quantum state that can be considered, without loss of generality. We then derive an upper bound on the maximal violation of the MABK inequality attained by an arbitrary N-qubit state, as a function of the state’s parameters. The two results enable us to derive analytical bounds on the von Neumann entropy of the parties’ outcomes, conditioned on the eavesdropper’s information. These quantities are crucial for the security of many cryptographic protocols and better bounds lead to more robust protocols. In particular, we bound the conditional entropy of a single party’s outcome and the joint conditional entropy of two parties’ outcomes, as a function of the MABK violation observed by three parties. We extend the former bound to N parties and prove its tightness, while we observe that the latter significantly improves previous results.[no PDF yet]Poster presenter: Gláucia Murta - #84:Dispelling Myths on Superposition Attacks: Formal Security Model and Attack AnalysesLuka Music (Département Informatique et Réseaux, CNRS, Sorbonne Université); Céline Chevalier (Université Panthéon-Assas Paris 2); Elham Kashefi (Département Informatique et Réseaux, CNRS, Sorbonne Université; School of Informatics, University of Edinburgh)[abstract]
**Abstract:**With the emergence of quantum communication, it is of folkloric belief that allowing an Adversary to perform superposition queries to otherwise classical cryptographic protocols and forcing the honest players to perform actions coherently on quantum states automatically breaks the schemes' security. Another intuition is that enforcing measurements on the exchanged messages is enough to protect protocols from these attacks. However, the reality is much more complex. The security models dealing with superposition attacks only consider unconditional security. The first seminal papers date back to 1997 and prove the impossibility of unconditionally-secure bit-commitment schemes. Follow-up works heavily rely on this assumption of unconditional security to prove strong impossibility results and their proof techniques cannot be applied to the computational setting. They essentially indicate that ideal primitives should in fact measure the input state. On the opposite, security models considering computational security assume that all supposedly classical messages are measured, which forbids by construction the analysis of superposition attacks. To fill in the gap between those models, Boneh and Zhandry have started to study the quantum computational security for classical primitives in their seminal work at Crypto'13, but only in the single-party setting. To the best of our knowledge, an equivalent model in the multiparty setting is still missing. In this work, we propose the first computational security model considering superposition attacks for multiparty protocols. We show that our new security model is satisfiable by proving the security of the well-known One-Time-Pad protocol and show an attack on a variant of the equally reputable Yao Protocol for Secure Two-Party Computations. The post-mortem of this attack reveals the precise points of failure, yielding highly counter-intuitive results: The attack vector consists of a (classically) seemingly inoffensive message and a measurement performed by the honest player. This example shows that adding extra classical communication, which is harmless for classical security, can make the protocol become subject to superposition attacks. Our results show that intuitions can be misleading when reasoning about cryptographic protocols in a quantum world, and that there is no evident answer to provide for either the vulnerabilities of classical protocols to superposition attacks or the adapted countermeasures.Poster presenter: Luka Music - #92:The Bitcoin Backbone Protocol Against Quantum AdversariesAlexandru Cojocaru (University of Edinburgh); Juan Garay (Texas A&M University); Aggelos Kiayias (University of Edinburgh and IOHK); Fang Song (Texas A&M University); Petros Wallden (University of Edinburgh)[abstract]
**Abstract:**Bitcoin and its underlying blockchain protocol have received recently significant attention in the context of building distributed systems as well as from the perspective of the foundations of the consensus problem. At the same time, the rapid development of quantum technologies brings the possibility of quantum computing devices from a theoretical concept to an emerging technology. Motivated by this, in this work we revisit the formal security of the core of the Bitcoin protocol, called the Bitcoin backbone, in the presence of an adversary that has access to a scalable quantum computer. We prove that the protocol’s essential properties stand in the post-quantum setting assuming a general quantum adversary with suitably bounded number of queries in the Quantum Random Oracle (QRO) model. In order to achieve this, we investigate and bound the quantum complexity of a Chain-of-Proofs-of-Work search problem which is at the core of the blockchain protocol. Our results imply that security can be shown by bounding the quantum queries so that each quantum query is worth O(p^{−1/2}) classical ones and that the wait time for safe settlement is expanded by a multiplicative factor of O(p^{−1/6}), where p is the probability of success of a single classical query to the protocol’s underlying hash function.Poster presenter: Alexandru Cojocaru - #93:Limitations on device independent secure key via squashed non-localityMarek Winczewski (Institute of Theoretical Physics and Astrophysics and National Quantum Information Centre in Gdańsk, University of Gdańsk, 80-952 Gdańsk, Poland International Centre for Theory of Quantum Technologies, University of Gdańsk, 80-952 Gdańsk, Poland); Tamoghna Das (International Centre for Theory of Quantum Technologies, University of Gdańsk, 80-952 Gdańsk); Karol Horodecki (International Centre for Theory of Quantum Technologies, University of Gdańsk, 80-952 Gdańsk, Poland and Institute of Informatics and National Quantum Information Centre in Gdańsk, Faculty of Mathematics, Physics and Informatics, University of Gdańsk, 80-952 Gdańsk, Poland)[abstract]
**Abstract:**We initiate a systematic study to provide upper bounds on device-independent key, secure against a non-signaling adversary (NSDI), distilled by a wide class of operations, currently used in both quantum and non-signaling device-independent protocols. These operations consist of a direct measurements on the devices followed by Local Operations and Public Communication (MDLOPC). We formulate a security condition for the considered class of protocols, that is based on the newly introduced non-signaling norm. This norm takes supremum over certain operations, that can be used to discriminate devices. It is shown that the security condition based on this norm, is equivalent to two security conditions present in the literature. We employ the idea of ``squashing" on the secrecy monotones, which provide upper bounds on the key rate in secret key agreement (SKA) scenario, and show that squashed secrecy monotones are the upper bounds on NSDI key. As an important instance, an upper bound on NSDI key rate called ``squashed non-locality", has been constructed. It exhibits several important properties, including convexity, monotonicity, and additivity on tensor products. Using this bound, we identify numerically a domain of two binary inputs and two binary outputs non-local devices for which the squashed non-locality is zero. Therefore one can not distill key from them via MDLOPC operations. These are mixtures of Popescu-Rohrlich (PR) and anti-PR box with the weight of PR less than 80%. This example confirms the intuition that non-locality need not imply secrecy in the non-signaling scenario. The approach is general, describing how to construct other tighter yet possibly less computable upper bounds. Our technique for obtaining upper bounds is based on the non-signaling analog of quantum purification: the complete extension. This extension provides the ultimate eavesdropping power with the minimal consumption of eavesdropper's memory and, as we prove, yields equivalent security conditions as previously known in the literature.[no PDF yet] - #102:Ultrafast and practical Bell-based quantum randomness generation with classical optical homodyne detectionChao Wang (Department of Electrical Computer Engineering, National University of Singapore, Singapore); Yukun Wang (Department of Electrical Computer Engineering, National University of Singapore, Singapore); Koon Tong Goh (Department of Electrical Computer Engineering, National University of Singapore, Singapore); Gong Zhang (Department of Electrical Computer Engineering, National University of Singapore, Singapore); Jing Yan Haw (Department of Electrical Computer Engineering, National University of Singapore, Singapore); Charles C.-W. Lim (Department of Electrical Computer Engineering, National University of Singapore, Singapore; Centre for Quantum Technologies, National University of Singapore, Singapore)[abstract]
**Abstract:**By making reasonable assumptions on realistic systems, we propose and implement the first ultra-high-speed CHSH experiment working at 40GHz demonstrating a gigabit quantum certified random number throughput. Moreover, our scheme is suitable for optical chip design since it only requires standard optical components and balanced detectors. Furthermore, our scheme paves the way for the promising research direction to utilise noisy detectors for quantum system construction, which might be helpful for certain noise-sensitive applications, e.g. quantum sensing and quantum computing.[no PDF yet] - #103:Classical proofs of quantum knowledgeThomas Vidick (California Institute of Technology); Tina Zhang (California Institute of Technology)[abstract]
**Abstract:**We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations.Poster presenter: Tina Zhang - #107:Robust and high-efficiency frame synchronization scheme for continuous-variable quantum key distribution with simple processRui Chen (Shanghai Jiaotong University); Peng Huang (Shanghai Jiaotong University); Dengwen Li (Shanghai Jiaotong University); Guihua Zeng (Shanghai Jiaotong University)[abstract]
**Abstract:**we propose a synchronization method that do not need additional modulation devices and can synchronize under phase shifts. It can be used in passive preparation CVQKD schemes that are inconvenient to add synchronization frames into key strings by modulation devices.[no PDF yet] - #109:Phase compensation for free-space continuous-variable quantum key distributionShiyu Wang (State Key Laboratory of Advanced Optical Communication Systems and Networks, Center of Quantum Sensing and Information Processing, Shanghai Jiao Tong University, Shanghai 200240, China); Peng Huang (State Key Laboratory of Advanced Optical Communication Systems and Networks, Center of Quantum Sensing and Information Processing, Shanghai Jiao Tong University, Shanghai 200240, China); Miaomiao Liu (State Key Laboratory of Advanced Optical Communication Systems and Networks, Center of Quantum Sensing and Information Processing, Shanghai Jiao Tong University, Shanghai 200240, China); Tao Wang (State Key Laboratory of Advanced Optical Communication Systems and Networks, Center of Quantum Sensing and Information Processing, Shanghai Jiao Tong University, Shanghai 200240, China); Ping Wang (State Key Laboratory of Advanced Optical Communication Systems and Networks, Center of Quantum Sensing and Information Processing, Shanghai Jiao Tong University, Shanghai 200240, China); Guihua Zeng (State Key Laboratory of Advanced Optical Communication Systems and Networks, Center of Quantum Sensing and Information Processing, Shanghai Jiao Tong University, Shanghai 200240, China)[abstract]
**Abstract:**Large-scale and flexible deployment of quantum networks is possible with reliable free-space quantum key distribution. However, signal fading occurs in free-space channels and causes various adverse effects. Under this circumstance, phase compensation becomes a challenging task for quantum key distribution using continuous variables. Here we investigate the feasibility of implementing phase compensation via simply computing the correlation between transmitted and received data. Demonstration and performance analysis are conducted with real transmittance of a 150-m free-space fading channel; results indicate the applicability of this compensation scheme to free-space quantum communication systems.Poster presenter: Shiyu Wang - #111:Finite-key security analysis of the 1-decoy state QKD protocol with a leaky intensity modulatorWEILONG WANG (State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou , China); XIANGDONG MENG (State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou , China); YANGYANG FEI (State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou , China); YUANHAO LI (State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou , China); ZHI MA (State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou , China)[abstract]
**Abstract:**The finite-key security of the standard three-intensity decoy-state quantum key distribution QKD) protocol in the presence of information leakage has been analyzed (Wang et al. in New J Phys 20:083027, 2018). On the other hand, the 1-decoy state QKD protocol has been proved to be able to achieve higher secret key rate than the three-intensity decoy-state QKD protocol in the finite-key regime by using only two different intensity settings (Davide et al. in Appl Phys Lett 112:171104, 2018). In this work, we analyze the finite-key security of the 1-decoy state QKD protocol with a leaky intensity modulator, which is used to generate the decoy state. In particular, we simulate the secret key rate under three practical cases of Trojan-horse attacks. Our simulation results demonstrate that the 1-decoy state QKD protocol can be secure over long distances within a reasonable time frame given that the intensity modulator is sufficiently isolated. By comparing the simulation results to those presented in Wang et al. (2018), we find that, as expected, the 1-decoy state QKD protocol is more robust against information leakage from the intensity modulator for all achievable distances.Poster presenter: WEILONG WANG - #117:Demonstration of Real-time Transmission of Large-scale Genome Sequence Data Using Quantum CryptographyAkira Murakami (Corporate Research & Development Center, Toshiba Corporation); Mamiko Kujiraoka (Corporate Research & Development Center, Toshiba Corporation); Ririka Takahashi (Corporate Research & Development Center, Toshiba Corporation); Alexander R. Dixon (Corporate Research & Development Center, Toshiba Corporation); Yoshimichi Tanizawa (Corporate Research & Development Center, Toshiba Corporation); Hideaki Sato (Corporate Research & Development Center, Toshiba Corporation); Zhiliang Yuan (Cambridge Research Laboratory, Toshiba Europe Limited); Winci Tam (Cambridge Research Laboratory, Toshiba Europe Limited); Andrew Sharpe (Cambridge Research Laboratory, Toshiba Europe Limited); James Dynes (Cambridge Research Laboratory, Toshiba Europe Limited); Marco Lucamarini (Cambridge Research Laboratory, Toshiba Europe Limited); Andrew Shields (Cambridge Research Laboratory, Toshiba Europe Limited); Muneaki Shimada (Tohoku University Hospital, Tohoku University); Inaho Danjoh (Tohoku Medical Megabank Organization, Tohoku University); Fumiki Katsuoka (Tohoku Medical Megabank Organization, Tohoku University; Advanced Research Center for Innovations in Next-Generation Medicine, Tohoku University); Yasunobu Okamura (Tohoku Medical Megabank Organization, Tohoku University; Advanced Research Center for Innovations in Next-Generation Medicine, Tohoku University); Fuji Nagami (Tohoku Medical Megabank Organization, Tohoku University; Advanced Research Center for Innovations in Next-Generation Medicine, Tohoku University)[abstract]
**Abstract:**We developed a system for real-time transmission of genome sequence data using quantum cryptography and have succeeded in the quantum cryptography transmission of genome sequence data with data volumes exceeding several hundred gigabytes. This demonstrated that quantum cryptography can transmit large amounts of data and has practical applications in the fields of genomic research and genomic medicine. - #118:1550-nm free-space reference frame independent quantum key distribution systemKyongchun Lim (ETRI); Byung-Seok Choi (ETRI); Ju Hee Baek (ETRI); Minchul Kim (ETRI); Joong-Seon Choe (ETRI); Kap-Joong Kim (ETRI); Young-Ho Ko (ETRI); Chun Ju Youn (ETRI)[abstract]
**Abstract:**Free-space quantum key distribution (QKD) is a promising solution for secure communication between two remote parties through free space. Due to the possibility of free space communication, in general, the application candidates of free space QKD are focused on secure communication between moving terminals. Such applications have characteristics such as moving position, outside operation, and limited internal space and power consumption. First, the moving position of a terminal needs active compensation of a shared reference between transmitter and receiver because general QKD protocols requires a shared reference frame, i.e., polarization reference in a QKD protocol using polarization encoding. This can be solved by using reference frame independent (RFI) QKD. Second, the outside operation brings intensive noise issue caused by the sun light which significantly degrades the performance of free-space QKD. The change of operating wavelength of QKD to 1550-nm and single mode fiber coupling can significantly alleviate the noise issue. Finally, the limitation of internal space requires to chip scale implementation. The use of 1550-nm wavelength provides comparability of integrated (silicon) photonic chips which is already studied in the fiber based QKD. In this paper, we provide a 1550-nm free-space RFI QKD system which incorporates the aforementioned solutions while the previous free-space RFI QKD is realized with visible wavelength. We also shows that our system achieves about 0.8% quantum bit error rate (QBER) without additional blocking out external light to the receiver through single mode fiber coupling. This low QBER indicates the possibility of daylight free-space QKD.Poster presenter: Kyongchun Lim - #120:Effect of atmospheric turbulence in CV-QKD with passive EveEmma Medlock (Department of Physics, University of York); Rupesh Kumar (Department of Physics, University of York); Tim Spiller (Department of Physics, University of York)[abstract]
**Abstract:**We consider passive eavesdropping in continuous-variable quantum key distribution (CV-QKD) over atmospheric turbulence channels. We study the effect of turbulence in creating independent channels from Alice to Bob and Eve, and examine the performance of transmitted local oscillator (TLO) and local local oscillator (LLO) based CV-QKD system.[no PDF yet]Poster presenter: Emma Medlock - #126:Simple integration of quantum and beam tracking channels for free-space quantum key distributionMinchul Kim (ETRI); Kyongchun Lim (ETRI); Byung-Seok Choi (ETRI); Joong-Seon Choe (ETRI); Kap-Joong Kim (ETRI); Young-Ho Ko (ETRI); Ju Hee Baek (ETRI); Chun Ju Youn (ETRI)[abstract]
**Abstract:**Free-space quantum key distribution (QKD) has received an increasing attention for its inherent secure communication between two remote systems. Most of the free-space QKD systems require integration of various signals such as quantum and beam tracking channels with different wavelengths into the same optical path for beam tracking. The beam tracking system, consisting of fast steering mirrors and position detectors, maintains optical beam path by adjusting the misalignments induced by moving terminals, vibrations and atmospheric turbulence in the free-space QKD system. Most QKD systems use dichroic mirrors for combining and separating quantum and beam tracking channels through free-space alignment. However, integration of such channels in free-space could require a large volume space, much alignment effort for mode overlap and can be easily affected by mechanical shock. In this paper, we report the effect of using a fiber-based wavelength division multiplexing (WDM) filter for integrating the quantum and beam tracking channels in free-space QKD systems. A custom-made WDM filter was used in the transmitter part of the free-space BB84 QKD system, combining a 785 nm signal for quantum channel and a 1550 nm signal for beam tracking channel. HI780 fiber was selected for common output port of the device to maintain the orthogonality of polarization states and beam quality of the quantum channel. Although 1550 nm signal can suffer from the insertion and bending loss caused by smaller core size of the HI780 fiber, we could reduce the loss as low as 1.4 dB by designing the fiber with length within about 15 cm, well straightened. We could also obtain good beam quality and mode overlap of the quantum and beam tracking channels by using the common output port of the WDM filter.Poster presenter: Minchul Kim - #127:Increasing loss-budget of a free-space CVQKD systemIgor Konieczniak (University of York); Rupesh Kumar (University of York); Gerald Bonner (Fraunhofer Centre for Applied Photonics); Tim Spiller (University of York)[abstract]
**Abstract:**Quantum Key Distribution (QKD) over a free-space channel is challenging due to inefficient coupling of received signals to the detection system. A narrow detector cross-section, such as with fibre coupling to a telescope, reduces the field of view (FOV) and thus increases the loss due to atmospheric turbulence. A larger detector cross-section increases the FOV; however, the corresponding increase in background noise also increases the QBER associated with a Discrete Variable (DV) QKD system. On the contrary, Continuous Variable (CV) QKD systems are highly tolerant to background noise, but their performance is still limited by the channel loss. The FOV of the receiver is defined as the area expressed in solid angle from which the detector can accepts signal. A simple geometrical analysis reveals FOV as $\Theta = 2\tan^{-1}(d/2F)$, where $d$ is the detector diameter and $F$ is the effective focal length of the receiver telescope. With a large-area detector, one can design the signal collection optics, such that the FOV of the telescope with a given aperture can be larger. In this work, we present a larger FOV receiver system for CVQKD which reduces the channel loss due to beam wandering and atmospheric turbulence. We will describe the performance of the receiver system in terms of shot-noise sensitivity, loss reduction and enhancement in secure key rate, compared to a typical fibre-coupled receiver system.Poster presenter: Igor Konieczniak - #133:Standardization and Certification of QKD-Devices and QKD-NetworksOliver Maurhart (AIT); Thomas Länger (AIT); Andreas Poppe (AIT); Christoph Pacher (AIT); Martin Stierle (AIT); Helmut Leopold (AIT)[abstract]
**Abstract:**The transition of Quantum Technologies (QT) being no longer pure basic research but touching applied fields with emerging products is companied by requests for standardization and certification. The call of the markets requesting products based on QT will require alignment of QT products to match not only the need for standards but also the proof to fulfil certification procedures. We will isolate and identify the most promising candidates for this endeavour and by listing challenges, obstacles and dependencies we will propose a strategy and envision a standardization roadmap - #140:Simple Method for Asymmetric Twin-Field Quantum Key DistributionWenyuan Wang (Centre for Quantum Information and Quantum Control (CQIQC), Dept. of Electrical & Computer Engineering and Dept. of Physics, University of Toronto, Toronto, Ontario, M5S 3G4, Canada; Current address: Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Waterloo, Ontario, Canada N2L 3G1); Hoi-Kwong Lo (Centre for Quantum Information and Quantum Control (CQIQC), Dept. of Electrical & Computer Engineering and Dept. of Physics, University of Toronto, Toronto, Ontario, M5S 3G4, Canada)[abstract]
**Abstract:**Twin-Field quantum key distribution (TF-QKD) can beat the linear bound of repeaterless QKD systems. After the proposal of the original protocol, multiple papers have extended the protocol to prove its security. However, these works are limited to the case where the two channels have equal amount of loss (i.e. are symmetric). In a practical network setting, it is very likely that the channels are asymmetric due to e.g. geographical locations. In this work we extend a version of the TF-QKD protocol to the scenario with asymmetric channels. We show that by simply adjusting the two signal states of the two users (and not necessarily the decoy states) they can effectively compensate for channel asymmetry and consistently obtain higher key rate than either using no compensation or using the strategy of deliberately adding fibre to the shorter channel. We perform simulation with realistic parameters and finite data size, and show that our method works well and has a clear advantage over prior art methods in the presence of channel asymmetry.Poster presenter: Wenyuan Wang - #142:A high efficiency reconciliation method for free-space continuous-variable QKD based on rate compatible codesChao Zhou (Beijing University of Posts and Telecommunications (BUPT)); Xiangyu Wang (Beijing University of Posts and Telecommunications (BUPT)); Yichen Zhang (Beijing University of Posts and Telecommunications (BUPT)); Zhiguo Zhang (Beijing University of Posts and Telecommunications (BUPT)); Song Yu (Beijing University of Posts and Telecommunications (BUPT)); Hong Guo (Peking University)[abstract]
**Abstract:**We propose a high efficiency reconciliation method for continuous-variable quantum key distribution over free-space channel based on rate compatible codes, which achieves stable reconciliation efficiency of more than 95% under the fluctuation of the SNR (as low as -16 dB).Poster presenter: Chao Zhou - #143:An upstream access network based on continuous-variable quantum key distributionYundi Huang (Beijing University of Posts and Telecommunications); Yichen Zhang (Beijing University of Posts and Telecommunications); Tao Shen (Beijing University of Posts and Telecommunications); Ge Huang (Beijing University of Posts and Telecommunications); Song Yu (Beijing University of Posts and Telecommunications); Hong Guo (Peking University)[abstract]
**Abstract:**Quantum key distribution (QKD) is designed to establish symmetric keys among two legitimate parties. Continuous variable (CV) QKD that uses the coherent states and homodyne detection can only apply the cost-effective telecommunication components[1]. The field test of CV-QKD has reached over 50 km[2], and under the laboratory conditions, experimental demonstration of over 200km has been reported [3], thus, has revealed great potentials in practical implementations. The access network that allows multitude end-users to connect to the nodal network is a necessary in the modern network infrastructure since it is suitable for general home-to-home scenarios. Quantum access network was first proposed [4] and demonstrated in field tests [5] for discrete variable QKD. Here, we report an upstream access network based on CV-QKD. In our experimental demonstrations, two transmitters Alice are deployed as optical network units that simultaneously send signals to the network, the receiver Bob is acted as the optical line terminal. The optical distribution network is located between the optical network units and the optical line terminal to couple the signals. The signals generated from each optical network unit are required to pass through a variable delay line to calibrate the arriving time at the optical distribution network before being transmitted. The signals are then simultaneously sent to the optical distribution network through fibers of 5.3 km and 12.3 km respectively. When the signals approach to the optical distribution network, dynamic polarization control modules are firstly applied in each path to pre-compensate the polarization. The signals are then coupled through a beamsplitter and forwarded to the optical line terminal. With a system repetition frequency of 2.5 MHz, we obtain the averaged secret key rates of 55 kbps and 22 kbps for Alice No. 1 and Alice No. 2 respectively. The total secret key rates has reached 77 kbps which suggests a higher network capacity. The excess noise is relatively stable, yet there are small fluctuations in the secret key rates. To one step further reduce the loss, the wavelength division multiplexing devices can be used at the optical distribution network. This is especially beneficial when the quantum signal has to co-propagate with classical data channels in the same fiber [6,7]. The upstream access network implementations can be easily extended to a higher repetition frequency system or to support more users. The demonstration experiments provide the possibility of building practical large-scale CV-QKD networks. This work is supported by the Key Program of National Natural Science Foundation of China under Grants No. 61531003, and the Fund of CETC under Grant No. 6141B08231115. References 1. C.Weedbrook, S. Pirandola, R. Garc´ıa-Patr´on, N. J. Cerf, T. C. Ralph, J. H. Shapiro and S. Lloyd, Gaussian quantum information, Rev. Mod. Phys. 84, 621 (2012). 2. Y. Zhang, Z. Li, Z. Chen, C. Weedbrook, Y. Zhao, X. Wang, Y. Huang, C. Xu, X. Zhang, Z. Wang, M. Li, X. Zhang, Z. Zheng, B. Chu, X. Gao, N. Meng,W. Cai, X.Wang, G.Wang, S. Yu and H. Guo, Continuous- variable QKD over 50 km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019). 3. Y. Zhang, Z. Chen, S. Pirandola, X. Wang, C. Zhou, B. Chu, Y. Zhao, B. Xu, S. Yu and H. Guo, Long- distance continuous-variable quantum key distribution over 202.81 km fiber, arXiv:2001.02555 (2020). (Accepted by Phys. Rev. Lett.) 4. B. Fr¨ohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 69-72 (2013). 5. B. K. Park, M. K. Woo, Y. S. Kim, Y. W. Cho, S. Moon and S. W. Han, User-independent optical path length compensation scheme with sub-nanosecond timing resolution for a 1* N quantum key distribution network system, Photon. Res. 8, 296 (2020). 6. T. A. Eriksson, T. Hirano, B. J. Puttnam, G. Rademacher, R. S. Lu´ıs, M. Fujiwara, R. Namiki, Y. Awaji, M. Takeoka, N. Wada and M. Sasaki, Wavelength division multiplexing of continuous variable quantum key distribution and 18.3 Tbit/s data channels, Commun. Phys. 2, 9 (2019). 7. B. Chu, Y. Zhang, Y. Zhao, Y. Xu, X. Chen, X. Wang and S. Yu, Crosstalk-induced impact of coexisting DWDM network on continuous-variable QKD, 16th International Conference on the Design of Reliable Communication Networks DRCN, Milano, Italy, pp. 1-5 (2020).Poster presenter: Yundi Huang - #144:Dual-polarization continuous-variable quantum key distribution with discrete modulationBinjie Chu (Beijing University of Posts and Telecommunications); Yichen Zhang (Beijing University of Posts and Telecommunications); Yifan Xu (Beijing University of Posts and Telecommunications); Song Yu (Beijing University of Posts and Telecommunications); Hong Guo (Peking University)[abstract]
**Abstract:**We report the polarization-multiplexed CV-QKD with four-state modulation capable of full use of two orthogonal polarization channels and experimentally investigate it. We design a polarization and phase compensation scheme by introducing a pair of rather than one single regularly spaced reference data timemultiplexed with weaker signal data. The polarization mixing and relative phase can be estimated simultaneously by using the transmitted reference data and the corresponding detection data to calculate a overall rotation matrix, and compensated by rotating Bob's received data. The results show that combined with our efficient polarization and phase compensation scheme this low-complexity scheme can further improve the secret key rate and prompt CV-QKD to be network-compatible and on-chip integrated.Poster presenter: Binjie Chu