
Despite the enormous theoretical and experimental progress made so far in
quantum key distribution (QKD), the security of most existing QKD
implementations is not rigorously established yet. A critical obstacle is that
almost all existing security proofs make ideal assumptions on the QKD devices.
Problematically, such assumptions are hard to satisfy in the experiments, and
therefore it is not obvious how to apply such security proofs to practical QKD
systems. Fortunately, any imperfections and securityloopholes in the
measurement devices can be perfectly closed by measurementdeviceindependent
QKD (MDIQKD), and thus we only need to consider how to secure the source
devices. Among imperfections in the source devices, correlations between the
sending pulses are one of the principal problems. In this paper, we consider a
settingchoiceindependent correlation (SCIC) framework in which the sending
pulses can present arbitrary correlations but they are independent of the
previous setting choices such as the bit, the basis and the intensity settings.
Within the framework of SCIC, we consider the dominant fluctuations of the
sending states, such as the relative phases and the intensities, and provide a
selfcontained information theoretic security proof for the losstolerant QKD
protocol in the finitekey regime. We demonstrate the feasibility of secure
quantum communication within a reasonable number of pulses sent, and thus we
are convinced that our work constitutes a crucial step toward guaranteeing
implementation security of QKD.

Models of quantum systems on curved spacetimes lack sufficient experimental
verification. Some speculative theories suggest that quantum properties, such
as entanglement, may exhibit entirely different behavior to purely classical
systems. By measuring this effect or lack thereof, we can test the hypotheses
behind several such models. For instance, as predicted by Ralph and coworkers
[T C Ralph, G J Milburn, and T Downes, Phys. Rev. A, 79(2):22121, 2009, T C
Ralph and J Pienaar, New Journal of Physics, 16(8):85008, 2014], a bipartite
entangled system could decohere if each particle traversed through a different
gravitational field gradient. We propose to study this effect in a ground to
space uplink scenario. We extend the above theoretical predictions of Ralph and
coworkers and discuss the scientific consequences of detecting/failing to
detect the predicted gravitational decoherence. We present a detailed mission
design of the European Space Agency's (ESA) Space QUEST (Space  Quantum
Entanglement Space Test) mission, and study the feasibility of the mission
schema.

Freespace Quantum key distribution (QKD) allows two parties to share a
random key with unconditional security, between ground stations, between mobile
platforms, and even in satelliteground quantum communications. Atmospheric
turbulence causes fluctuations in transmittance, which further affect the
quantum bit error rate (QBER) and the secure key rate. Previous postselection
methods to combat atmospheric turbulence require a threshold value determined
after all quantum transmission. In contrast, here we propose a new method where
we predetermine the optimal threshold value even before quantum transmission.
Therefore, the receiver can discard useless data immediately, thus greatly
reducing data storage requirement and computing resource. Furthermore, our
method can be applied to a variety of protocols, including, for example, not
only singlephoton BB84, but also asymptotic and finitesize decoystate BB84,
which can greatly increase its practicality.

Several quantum key distribution (QKD) protocols employ iterative sifting.
After each quantum transmission round, Alice and Bob disclose part of their
setting information (including their basis choices) for the detected signals.
The quantum phase of the protocol then ends when the numbers of detected
signals per basis exceed certain preagreed threshold values. Recently,
however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative
sifting makes QKD insecure, especially in the finite key regime, if the
parameter estimation for privacy amplification uses the random sampling theory.
This implies that a number of existing finite key security proofs could be
flawed and cannot guarantee security. Here, we solve this serious problem by
showing that the use of Azuma's inequality for parameter estimation makes QKD
with iterative sifting secure again. This means that the existing protocols
whose security proof employs this inequality remain secure even if they employ
iterative sifting. Also, our results highlight a fundamental difference between
the random sampling theorem and Azuma's inequality in proving security.

In this paper, we study the Universal Blind Quantum Computing (UBQC)
protocol, which allows a client to perform quantum computation on a remote
quantum server and the Remote Blind qubit state Preparation (RBSP) protocol
which allows the client to prepare single qubits on the server's location with
week coherent pulses. This RBSP protocol is inefficient for small $ T $,
because the required number of pulses for generating one single qubit scales as
$ \mbox{O}(1/T^4) $, where $ T $ is the transmittance of the quantum channe
between the client and the server.
Our contribution in this paper is a modified RBSP protocol with decoy states.
This new protocol allows us to generate $ S $ single qubits simultaneously in a
single instance. With our new rotocol, we are able to reduce the number of weak
coherent pulses required for generating one single qubit from $ \mbox{O}(1/T^4)
$ to nearly $ \mbox{O}(1/T) $, significantly increasing the efficiency. For a
100 km standard telecom fiber of loss 0.2 dB/km, our method gives a six orders
of magnitude improvement in the speed, which is very significant.

Quantum key distribution (QKD) promises unconditional security in data
communication and is currently being deployed in commercial applications.
Nonetheless, before QKD can be widely adopted, it faces a number of important
challenges such as secret key rate, distance, size, cost and practical
security. Here, we survey those key challenges and the approaches that are
currently being taken to address them.

We present a silicon optical transmitter for polarizationencoded quantum key
distribution (QKD). The chip was fabricated in a standard silicon photonic
foundry process and integrated a pulse generator, intensity modulator, variable
optical attenuator, and polarization modulator in a 1.3 mm $\times$ 3 mm die
area. The devices in the photonic circuit meet the requirements for QKD. The
transmitter was used in a proofofconcept demonstration of the BB84 QKD
protocol over a 5 km long fiber link.

The quantum internet holds promise for performing quantum communication, such
as quantum teleportation and quantum key distribution (QKD), freely between any
parties all over the globe. Such a future quantum network, depending on the
communication distance of the requesting parties, necessitates to invoke
several classes of optical quantum communication such as pointtopoint
communication protocols, intercity QKD protocols and quantum repeater
protocols. Recently, Takeoka, Guha and Wilde (TGW) have presented a fundamental
rateloss tradeoff on quantum communication capacity and secret key agreement
capacity of any lossy channel assisted by unlimited forward and backward
classical communication [Nat. Commun. 5, 5235 (2014)]. However, this bound is
applicable only to the simplest class of quantum communication, i.e., the
pointtopoint communication protocols, and it has thus remained open to grasp
the potential of a `worldwide' quantum network. Here we generalize the TGW
bound to be applicable to any type of twoparty quantum communication over the
quantum internet, including other indispensable but much more intricate classes
of quantum communication, intercity QKD protocols and quantum repeater
protocols. We also show that there is essentially no scaling gap between our
bound and the quantum communication efficiencies of known protocols. Therefore,
our result, corresponding to a fundamental and practical limitation for the
quantum internet, will contribute to design an efficient quantum internet in
the future.

Measurementdeviceindependent quantum key distribution (MDIQKD), which is
immune to all detector sidechannel attacks, is the most promising solution to
the security issues in practical quantum key distribution systems. Though
several experimental demonstrations of MDI QKD have been reported, they all
make one crucial but not yet verified assumption, that is there are no flaws in
state preparation. Such an assumption is unrealistic and security loopholes
remain in the source. Here we present, to our knowledge, the first MDIQKD
experiment with state preparation flaws taken into consideration. By applying a
novel security proof by Tamaki \textit{et al} (Phys. Rev. A 90, 052314 (2014)),
we distribute secure keys over fiber links up to 40 km with imperfect sources,
which would not have been possible under previous security proofs. By closing
loopholes in both the sources and the detectors, our work shows the feasibility
of secure QKD with practical imperfect devices.

We propose a freespace reconfigurable quantum key distribution (QKD) network
to secure communication among mobile users. Depends on the trustworthiness of
the network relay, the users can implement either the highly secure
measurementdeviceindependent QKD, or the highly efficient decoy state BB84
QKD. Based on the same quantum infrastructure, we also propose a loss tolerant
quantum position verification scheme, which could allow the QKD users to
initiate the QKD process without relying on preshared key.

The security of source has become an increasingly important issue in quantum
cryptography. Based on the framework of measurementdeviceindependent
quantumkeydistribution (MDIQKD), the source becomes the only region
exploitable by a potential eavesdropper (Eve). Phase randomization is a
cornerstone assumption in most discretevariable (DV) quantum communication
protocols (e.g., QKD, quantum coin tossing, weak coherent state blind quantum
computing, and so on), and the violation of such an assumption is thus fatal to
the security of those protocols. In this paper, we show a simple quantum
hacking strategy, with commercial and homemade pulsed lasers, by Eve that
allows her to actively tamper with the source and violate such an assumption,
without leaving a trace afterwards. Furthermore, our attack may also be valid
for continuousvariable (CV) QKD, which is another main class of QKD protocol,
since, excepting the phase random assumption, other parameters (e.g.,
intensity) could also be changed, which directly determine the security of
CVQKD.

We demonstrate that, with a fair comparison, the secret key rate of
discretevariable measurementdeviceindependent quantum key distribution
(DVMDIQKD) with highefficiency singlephoton detectors and good system
alignment is typically rather high and thus highly suitable for not only long
distance communication but also metropolitan networks. The previous reservation
on the key rate and suitability of DVMDIQKD for metropolitan networks
expressed by Pirandola et al. [Nature Photon. 9, 397 (2015)] was based on an
unfair comparison with lowefficiency detectors and high quantum bit error
rate, and is, in our opinion, unjustified.

Secure communication plays a crucial role in the Internet Age. Quantum
mechanics may revolutionise cryptography as we know it today. In this Review
Article, we introduce the motivation and the current state of the art of
research in quantum cryptography. In particular, we discuss the present
security model together with its assumptions, strengths and weaknesses. After a
brief introduction to recent experimental progress and challenges, we survey
the latest developments in quantum hacking and countermeasures against it.

Quantum key distribution promises unconditionally secure communications.
However, as practical devices tend to deviate from their specifications, the
security of some practical systems is no longer valid. In particular, an
adversary can exploit imperfect detectors to learn a large part of the secret
key, even though the security proof claims otherwise. Recently, a practical
approachmeasurementdeviceindependent quantum key distributionhas been
proposed to solve this problem. However, so far its security has only been
fully proven under the assumption that the legitimate users of the system have
unlimited resources. Here we fill this gap and provide a rigorous security
proof against general attacks in the finitekey regime. This is obtained by
applying large deviation theory, specifically the Chernoff bound, to perform
parameter estimation. For the first time we demonstrate the feasibility of
longdistance implementations of measurementdeviceindependent quantum key
distribution within a reasonable timeframe of signal transmission.

Coherent state photon sources are widely used in quantum information
processing. In many applications, such as quantum key distribution (QKD), a
coherent state is functioned as a mixture of Fock states by assuming its phase
is continuously randomized. In practice, such a crucial assumption is often not
satisfied and, therefore, the security of existing QKD experiments is not
guaranteed. To bridge this gap, we provide a rigorous security proof of QKD
with discretephaserandomized coherent state sources. Our results show that
the performance of the discretephase randomization case is close to its
continuous counterpart with only a small number (say, 10) of discrete phases.
Comparing to the conventional continuous phase randomization case, where an
infinite amount of random bits are required, our result shows that only a small
amount (say, 4 bits) of randomness is needed.

Decoystate quantum key distribution (QKD) is a standard technique in current
quantum cryptographic implementations. Unfortunately, existing experiments have
two important drawbacks: the state preparation is assumed to be perfect without
errors and the employed security proofs do not fully consider the finitekey
effects for general attacks. These two drawbacks mean that existing experiments
are not guaranteed to be secure in practice. Here, we perform an experiment
that for the first time shows secure QKD with imperfect state preparations over
long distances and achieves rigorous finitekey security bounds for decoystate
QKD against coherent attacks in the universally composable framework. We
quantify the source flaws experimentally and demonstrate a QKD implementation
that is tolerant to channel loss despite the source flaws. Our implementation
considers more realworld problems than most previous experiments and our
theory can be applied to general QKD systems. These features constitute a step
towards secure QKD with imperfect devices.

Quantum communication holds the promise of creating disruptive technologies
that will play an essential role in future communication networks. For example,
the study of quantum communication complexity has shown that quantum
communication allows exponential reductions in the information that must be
transmitted to solve distributed computational tasks. Recently, protocols that
realize this advantage using optical implementations have been proposed. Here
we report a proof of concept experimental demonstration of a quantum
fingerprinting system that is capable of transmitting less information than the
best known classical protocol. Our implementation is based on a modified
version of a commercial quantum key distribution system using offtheshelf
optical components over telecom wavelengths, and is practical for messages as
large as 100 Mbits, even in the presence of experimental imperfections. Our
results provide a first step in the development of experimental quantum
communication complexity.

In theory, quantum key distribution (QKD) provides informationtheoretic
security based on the laws of physics. Owing to the imperfections of reallife
implementations, however, there is a big gap between the theory and practice of
QKD, which has been recently exploited by several quantum hacking activities.
To fill this gap, a novel approach, called measurementdeviceindependent QKD
(mdiQKD), has been proposed. It can remove all sidechannels from the
measurement unit, arguably the most vulnerable part in QKD systems, thus
offering a clear avenue towards secure QKD realisations. Here, we review the
latest developments in the framework of mdiQKD, together with its assumptions,
strengths and weaknesses.

Measurementdeviceindependent quantum key distribution (MDIQKD) has been
demonstrated in both laboratories and fieldtests using attenuated lasers
combined with the decoystate technique. Although researchers have studied
various decoystate MDIQKD protocols with two or three decoy states, a clear
comparison between these protocols is still missing. This invokes the question
of how many types of decoy states are needed for practical MDIQKD. Moreover,
the system parameters to implement decoystate MDIQKD are only partially
optimized in all previous works, which casts doubt on the actual performance of
former demonstrations. Here, we present analytical and numerical decoystate
methods with one, two and three decoy states. We provide a clear comparison
among these methods and find that two decoy states already enable a near
optimal estimation and more decoy states cannot improve the key rate much in
either asymptotic or finitedata settings. Furthermore, we perform a full
optimization of system parameters and show that full optimization can
significantly improve the key rate in the finitedata setting. By simulating a
real experiment, we find that full optimization can increase the key rate by
more than one order of magnitude compared to nonoptimization. A local search
method to optimize efficiently the system parameters is proposed. This method
can be four orders of magnitude faster than a trivial exhaustive search to
achieve a similar optimal key rate. We expect that this local search method
could be valuable for general fields in physics.

In principle, quantum key distribution (QKD) offers unconditional security
based on the laws of physics. In practice, flaws in the state preparation
undermine the security of QKD systems, as standard theoretical approaches to
deal with state preparation flaws are not losstolerant. An eavesdropper can
enhance and exploit such imperfections through quantum channel loss, thus
dramatically lowering the key generation rate. Crucially, the security analyses
of most existing QKD experiments are rather unrealistic as they typically
neglect this effect. Here, we propose a novel and general approach that makes
QKD losstolerant to state preparation flaws. Importantly, it suggests that the
state preparation process in QKD can be significantly less precise than
initially thought. Our method can widely apply to other quantum cryptographic
protocols.

A novel protocol  measurementdeviceindependent quantum key distribution
(MDIQKD)  removes all attacks from the detection system, the most vulnerable
part in QKD implementations. In this paper, we present an analysis for
practical aspects of MDIQKD. To evaluate its performance, we study various
error sources by developing a general system model. We find that MDIQKD is
highly practical and thus can be easily implemented with standard optical
devices. Moreover, we present a simple analytical method with only two
(general) decoy states for the finite decoystate analysis. This method can be
used directly by experimentalists to demonstrate MDIQKD. By combining the
system model with the finite decoystate method, we present a general framework
for the optimal choice of the intensities of the signal and decoy states.
Furthermore, we consider a common situation, namely asymmetric MDIQKD, in
which the two quantum channels have different transmittances. We investigate
its properties and discuss how to optimize its performance. Our work is of
interest not only to experiments demonstrating MDIQKD but also to other
nonQKD experiments involving quantum interference.

Quantum communication holds promise for unconditionally secure transmission
of secret messages and faithful transfer of unknown quantum states. Photons
appear to be the medium of choice for quantum communication. Owing to photon
losses, robust quantum communication over long lossy channels requires quantum
repeaters. It is widely believed that a necessary and highly demanding
requirement for quantum repeaters is the existence of matter quantum memories
at the repeater nodes. Here we show that such a requirement is, in fact,
unnecessary by introducing the concept of all photonic quantum repeaters based
on flying qubits. As an example of the realization of this concept, we present
a protocol based on photonic cluster state machine guns and a losstolerant
measurement equipped with local highspeed active feedforwards. We show that,
with such an all photonic quantum repeater, the communication efficiency still
scales polynomially with the channel distance. Our result paves a new route
toward quantum repeaters with efficient singlephoton sources rather than
matter quantum memories.

We present a practical method that can make quantum key distribution (QKD),
for the first time, both ultralongdistance and immune to all attacks in the
detection system. This method is an important extension of the
measurementdeviceindependent QKD (MDIQKD)  MDIQKD with entangled photon
sources in the middle. By proposing a general model and simulating an
entanglement based QKD experiment, we find that MDIQKD with one entangled
photon source in the middle can practically tolerate 77 dB combined loss (367km
standard telecom fiber) in the asymptotic limit, and it can still tolerate 60
dB combined loss (286km standard telecom fiber) in the finitekey case with
stateoftheart detectors. Our general model can also be applied to other
nonQKD experiments involving entangled photon sources and Bell state
measurements.

We investigate limitations imposed by sequential attacks on the performance
of differentialphaseshift quantum key distribution protocols that use pulsed
coherent light. In particular, we analyze two sequential attacks based on
unambiguous state discrimination and minimum error discrimination,
respectively, of the signal states emitted by the source. Sequential attacks
represent a special type of interceptresend attacks and, therefore, they do
not allow the distribution of a secret key.

We demonstrate the first implementation of polarization encoding
measurementdeviceindependent quantum key distribution (MDIQKD), which is
immune to all detector sidechannel attacks. Active phase randomization of each
individual pulse is implemented to protect against attacks on imperfect
sources. By optimizing the parameters in the decoy state protocol, we show that
it is feasible to implement polarization encoding MDIQKD over large optical
fiber distances. A 1600bit secure key is generated between two parties
separated by 10 km of telecom fibers. Our work suggests the possibility of
building a MDIQKD network, in which complicated and expensive detection system
is placed in a central node and users connected to it can perform confidential
communication by preparing polarization qubits with compact and lowcost
equipment. Since MDIQKD is highly compatible with the quantum network, our
work brings the realization of quantum internet one step closer.