• Despite the enormous theoretical and experimental progress made so far in quantum key distribution (QKD), the security of most existing QKD implementations is not rigorously established yet. A critical obstacle is that almost all existing security proofs make ideal assumptions on the QKD devices. Problematically, such assumptions are hard to satisfy in the experiments, and therefore it is not obvious how to apply such security proofs to practical QKD systems. Fortunately, any imperfections and security-loopholes in the measurement devices can be perfectly closed by measurement-device-independent QKD (MDI-QKD), and thus we only need to consider how to secure the source devices. Among imperfections in the source devices, correlations between the sending pulses are one of the principal problems. In this paper, we consider a setting-choice-independent correlation (SCIC) framework in which the sending pulses can present arbitrary correlations but they are independent of the previous setting choices such as the bit, the basis and the intensity settings. Within the framework of SCIC, we consider the dominant fluctuations of the sending states, such as the relative phases and the intensities, and provide a self-contained information theoretic security proof for the loss-tolerant QKD protocol in the finite-key regime. We demonstrate the feasibility of secure quantum communication within a reasonable number of pulses sent, and thus we are convinced that our work constitutes a crucial step toward guaranteeing implementation security of QKD.
  • Security proofs of quantum key distribution (QKD) typically assume that the devices of the legitimate users are perfectly shielded from the eavesdropper. This assumption is, however, very hard to meet in practice, and thus the security of current QKD implementations is not guaranteed. Here, we fill this gap by providing a finite-key security analysis for QKD which is valid against arbitrary information leakage from the state preparation process of the legitimate users. For this, we extend the techniques introduced in (New J. Phys. 18, 065008, (2016)) to the finite-key regime, and we evaluate the security of a leaky decoy-state BB84 protocol with biased basis choice, which is one of the most implemented QKD schemes today. Our simulation results demonstrate the practicability of QKD over long distances and within a reasonable time frame given that the legitimate users' devices are sufficiently isolated.
  • In recent years, there has been a great effort to prove the security of quantum key distribution (QKD) with a minimum number of assumptions. Besides its intrinsic theoretical interest, this would allow for larger tolerance against device imperfections in the actual implementations. However, even in this device-independent scenario, one assumption seems unavoidable, that is, the presence of a protected space devoid of any unwanted information leakage in which the legitimate parties can privately generate, process and store their classical data. In this paper we relax this unrealistic and hardly feasible assumption and introduce a general formalism to tackle the information leakage problem in most of existing QKD systems. More specifically, we prove the security of optical QKD systems using phase and intensity modulators in their transmitters, which leak the setting information in an arbitrary manner. We apply our security proof to cases of practical interest and show key rates similar to those obtained in a perfectly shielded environment. Our work constitutes a fundamental step forward in guaranteeing implementation security of quantum communication systems.
  • The experimental characterization of multi-photon quantum interference effects in optical networks is essential in many applications of photonic quantum technologies, which include quantum computing and quantum communication as two prominent examples. However, such characterization often requires technologies which are beyond our current experimental capabilities, and today's methods suffer from errors due to the use of imperfect sources and photodetectors. In this paper, we introduce a simple experimental technique to characterise multi-photon quantum interference by means of practical laser sources and threshold single-photon detectors. Our technique is based on well-known methods in quantum cryptography which use decoy settings to tightly estimate the statistics provided by perfect devices. As an illustration of its practicality, we use this technique to obtain a tight estimation of both the generalized Hong-Ou-Mandel dip in a beamsplitter with six input photons, as well as the three-photon coincidence probability at the output of a tritter.
  • Several quantum key distribution (QKD) protocols employ iterative sifting. After each quantum transmission round, Alice and Bob disclose part of their setting information (including their basis choices) for the detected signals. The quantum phase of the protocol then ends when the numbers of detected signals per basis exceed certain pre-agreed threshold values. Recently, however, Pfister et al. [New J. Phys. 18 053001 (2016)] showed that iterative sifting makes QKD insecure, especially in the finite key regime, if the parameter estimation for privacy amplification uses the random sampling theory. This implies that a number of existing finite key security proofs could be flawed and cannot guarantee security. Here, we solve this serious problem by showing that the use of Azuma's inequality for parameter estimation makes QKD with iterative sifting secure again. This means that the existing protocols whose security proof employs this inequality remain secure even if they employ iterative sifting. Also, our results highlight a fundamental difference between the random sampling theorem and Azuma's inequality in proving security.
  • Digital signatures play an important role in software distribution, modern communication and financial transactions, where it is important to detect forgery and tampering. Signatures are a cryptographic technique for validating the authenticity and integrity of messages, software, or digital documents. The security of currently used classical schemes relies on computational assumptions. Quantum digital signatures (QDS), on the other hand, provide information-theoretic security based on the laws of quantum physics. Recent work on QDS shows that such schemes do not require trusted quantum channels and are unconditionally secure against general coherent attacks. However, in practical QDS, just as in quantum key distribution (QKD), the detectors can be subjected to side-channel attacks, which can make the actual implementations insecure. Motivated by the idea of measurement-device-independent quantum key distribution (MDI-QKD), we present a measurement-device-independent QDS (MDI-QDS) scheme, which is secure against all detector side-channel attacks. Based on the rapid development of practical MDI-QKD, our MDI-QDS protocol could also be experimentally implemented, since it requires a similar experimental setup.
  • Quantum digital signatures (QDS) provide a means for signing electronic communications with informationtheoretic security. However, all previous demonstrations of quantum digital signatures assume trusted measurement devices. This renders them vulnerable against detector side-channel attacks, just like quantum key distribution. Here, we exploit a measurement-device-independent (MDI) quantum network, over a 200-square-kilometer metropolitan area, to perform a field test of a three-party measurement-device-independent quantum digital signature (MDI-QDS) scheme that is secure against any detector side-channel attack. In so doing, we are able to successfully sign a binary message with a security level of about 1E-7. Remarkably, our work demonstrates the feasibility of MDI-QDS for practical applications.
  • Detector-device-independent quantum key distribution (ddiQKD) held the promise of being robust to detector side-channels, a major security loophole in QKD implementations. In contrast to what has been claimed, however, we demonstrate that the security of ddiQKD is not based on post-selected entanglement, and we introduce various eavesdropping strategies that show that ddiQKD is in fact insecure against detector side-channel attacks as well as against other attacks that exploit device's imperfections of the receiver. Our attacks are valid even when the QKD apparatuses are built by the legitimate users of the system themselves, and thus free of malicious modifications, which is a key assumption in ddiQKD.
  • We demonstrate that, with a fair comparison, the secret key rate of discrete-variable measurement-device-independent quantum key distribution (DV-MDI-QKD) with high-efficiency single-photon detectors and good system alignment is typically rather high and thus highly suitable for not only long distance communication but also metropolitan networks. The previous reservation on the key rate and suitability of DV-MDI-QKD for metropolitan networks expressed by Pirandola et al. [Nature Photon. 9, 397 (2015)] was based on an unfair comparison with low-efficiency detectors and high quantum bit error rate, and is, in our opinion, unjustified.
  • Secure communication plays a crucial role in the Internet Age. Quantum mechanics may revolutionise cryptography as we know it today. In this Review Article, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After a brief introduction to recent experimental progress and challenges, we survey the latest developments in quantum hacking and counter-measures against it.
  • Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach---measurement-device-independent quantum key distribution---has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time-frame of signal transmission.
  • In recent years, the gap between theory and practice in quantum key distribution (QKD) has been significantly narrowed, particularly for QKD systems with arbitrarily awed optical receivers. The status for QKD systems with imperfect light sources is however less satisfactory, in the sense that the resulting secure key rates are often overly-dependent on the quality of state preparation. This is especially the case when the channel loss is high. Very recently, to overcome this limitation, Tamaki et al proposed a QKD protocol based on the so-called rejected data analysis, and showed that its security|in the limit of infinitely long keys|is almost independent of any encoding flaw in the qubit space, being this protocol compatible with the decoy state method. Here, as a step towards practical QKD, we show that a similar conclusion is reached in the finite-key regime, even when the intensity of the light source is unstable. More concretely, we derive security bounds for a wide class of realistic light sources and show that the bounds are also efficient in the presence of high channel loss. Our results strongly suggest the feasibility of long distance provably-secure communication with imperfect light sources.
  • In theory, quantum key distribution (QKD) provides information-theoretic security based on the laws of physics. Owing to the imperfections of real-life implementations, however, there is a big gap between the theory and practice of QKD, which has been recently exploited by several quantum hacking activities. To fill this gap, a novel approach, called measurement-device-independent QKD (mdiQKD), has been proposed. It can remove all side-channels from the measurement unit, arguably the most vulnerable part in QKD systems, thus offering a clear avenue towards secure QKD realisations. Here, we review the latest developments in the framework of mdiQKD, together with its assumptions, strengths and weaknesses.
  • In principle, quantum key distribution (QKD) offers unconditional security based on the laws of physics. In practice, flaws in the state preparation undermine the security of QKD systems, as standard theoretical approaches to deal with state preparation flaws are not loss-tolerant. An eavesdropper can enhance and exploit such imperfections through quantum channel loss, thus dramatically lowering the key generation rate. Crucially, the security analyses of most existing QKD experiments are rather unrealistic as they typically neglect this effect. Here, we propose a novel and general approach that makes QKD loss-tolerant to state preparation flaws. Importantly, it suggests that the state preparation process in QKD can be significantly less precise than initially thought. Our method can widely apply to other quantum cryptographic protocols.
  • Due to its ability to tolerate high channel loss, decoy-state quantum key distribution (QKD) has been one of the main focuses within the QKD community. Notably, several experimental groups have demonstrated that it is secure and feasible under real-world conditions. Crucially, however, the security and feasibility claims made by most of these experiments were obtained under the assumption that the eavesdropper is restricted to particular types of attacks or that the finite-key effects are neglected. Unfortunately, such assumptions are not possible to guarantee in practice. In this work, we provide concise and tight finite-key security bounds for practical decoy-state QKD that are valid against general attacks.
  • A novel protocol - measurement-device-independent quantum key distribution (MDI-QKD) - removes all attacks from the detection system, the most vulnerable part in QKD implementations. In this paper, we present an analysis for practical aspects of MDI-QKD. To evaluate its performance, we study various error sources by developing a general system model. We find that MDI-QKD is highly practical and thus can be easily implemented with standard optical devices. Moreover, we present a simple analytical method with only two (general) decoy states for the finite decoy-state analysis. This method can be used directly by experimentalists to demonstrate MDI-QKD. By combining the system model with the finite decoy-state method, we present a general framework for the optimal choice of the intensities of the signal and decoy states. Furthermore, we consider a common situation, namely asymmetric MDI-QKD, in which the two quantum channels have different transmittances. We investigate its properties and discuss how to optimize its performance. Our work is of interest not only to experiments demonstrating MDI-QKD but also to other non-QKD experiments involving quantum interference.
  • We investigate limitations imposed by sequential attacks on the performance of differential-phase-shift quantum key distribution protocols that use pulsed coherent light. In particular, we analyze two sequential attacks based on unambiguous state discrimination and minimum error discrimination, respectively, of the signal states emitted by the source. Sequential attacks represent a special type of intercept-resend attacks and, therefore, they do not allow the distribution of a secret key.
  • Bit commitment is a fundamental cryptographic task that guarantees a secure commitment between two mutually mistrustful parties and is a building block for many cryptographic primitives, including coin tossing, zero-knowledge proofs, oblivious transfer and secure two-party computation. Unconditionally secure bit commitment was thought to be impossible until recent theoretical protocols that combine quantum mechanics and relativity were shown to elude previous impossibility proofs. Here we implement such a bit commitment protocol. In the experiment, the committer performs quantum measurements using two quantum key distribution systems and the results are transmitted via free-space optical communication to two agents separated with more than 20 km. The security of the protocol relies on the properties of quantum information and relativity theory. We show that, in each run of the experiment, a bit is successfully committed with less than 5.68*10^-2 cheating probability. Our result demonstrates unconditionally secure bit commitment and the experimental feasibility of relativistic quantum communication.
  • Distributed-phase-reference quantum key distribution stands out for its easy implementation with present day technology. Since many years, a full security proof of these schemes in a realistic setting has been elusive. For the first time, we solve this long standing problem and present a generic method to prove the security of such protocols against general attacks. To illustrate our result we provide lower bounds on the key generation rate of a variant of the coherent-one-way quantum key distribution protocol. In contrast to standard predictions, it appears to scale quadratically with the system transmittance.
  • How to remove detector side channel attacks has been a notoriously hard problem in quantum cryptography. Here, we propose a simple solution to this problem---*measurement* device independent quantum key distribution. It not only removes all detector side channels, but also doubles the secure distance with conventional lasers. Our proposal can be implemented with standard optical components with low detection efficiency and highly lossy channels. In contrast to the previous solution of full device independent QKD, the realization of our idea does not require detectors of near unity detection efficiency in combination with a qubit amplifier (based on teleportation) or a quantum non-demolition measurement of the number of photons in a pulse. Furthermore, its key generation rate is many orders of magnitude higher than that based on full device independent QKD. The results show that long-distance quantum cryptography over say 200km will remain secure even with seriously flawed detectors.
  • Signal state preparation in quantum key distribution schemes can be realized using either an active or a passive source. Passive sources might be valuable in some scenarios; for instance, in those experimental setups operating at high transmission rates, since no externally driven element is required. Typical passive transmitters involve parametric down-conversion. More recently, it has been shown that phase-randomized coherent pulses also allow passive generation of decoy states and Bennett-Brassard 1984 (BB84) polarization signals, though the combination of both setups in a single passive source is cumbersome. In this paper, we present a complete passive transmitter that prepares decoy-state BB84 signals using coherent light. Our method employs sum-frequency generation together with linear optical components and classical photodetectors. In the asymptotic limit of an infinite long experiment, the resulting secret key rate (per pulse) is comparable to the one delivered by an active decoy-state BB84 setup with an infinite number of decoy settings.
  • Device-independent quantum key distribution does not need a precise quantum mechanical model of employed devices to guarantee security. Despite of its beauty, it is still a very challenging experimental task. We compare a recent proposal by Gisin et al. [Phys. Rev. Lett. 105, 070501 (2010)] to close the detection loophole problem with that of a simpler quantum relay based on entanglement swapping with linear optics. Our full-mode analysis for both schemes confirms that, in contrast to recent beliefs, the second scheme can indeed provide a positive key rate which is even considerably higher than that of the first alternative. The resulting key rates and required detection efficiencies of approx. 95% for both schemes, however, strongly depend on the underlying security proof.
  • The noisy-storage model allows the implementation of secure two-party protocols under the sole assumption that no large-scale reliable quantum storage is available to the cheating party. No quantum storage is thereby required for the honest parties. Examples of such protocols include bit commitment, oblivious transfer and secure identification. Here, we provide a guideline for the practical implementation of such protocols. In particular, we analyze security in a practical setting where the honest parties themselves are unable to perform perfect operations and need to deal with practical problems such as errors during transmission and detector inefficiencies. We provide explicit security parameters for two different experimental setups using weak coherent, and parametric down conversion sources. In addition, we analyze a modification of the protocols based on decoy states.
  • Most experimental realizations of quantum key distribution are based on the Bennett-Brassard 1984 (so-called BB84) protocol. In a typical optical implementation of this scheme, the sender uses an active source to produce the required BB84 signal states. While active state preparation of BB84 signals is a simple and elegant solution in principle, in practice passive state preparation might be desirable in some scenarios, for instance, in those experimental setups operating at high transmission rates. Passive schemes might also be more robust against side-channel attacks than active sources. Typical passive devices involve parametric down-conversion. In this paper, we show that both coherent light and practical single photon sources are also suitable for passive generation of BB84 signal states. Our method does not require any external-driven element, but only linear optical components and photodetectors. In the case of coherent light, the resulting key rate is similar to the one delivered by an active source. When the sender uses practical single photon sources, however, the distance covered by a passive transmitter might be longer than the one of an active configuration.
  • Decoy states have been proven to be a very useful method for significantly enhancing the performance of quantum key distribution systems with practical light sources. While active modulation of the intensity of the laser pulses is an effective way of preparing decoy states in principle, in practice passive preparation might be desirable in some scenarios. Typical passive schemes involve parametric down-conversion. More recently, it has been shown that phase randomized weak coherent pulses (WCP) can also be used for the same purpose [M. Curty {\it et al.}, Opt. Lett. {\bf 34}, 3238 (2009).] This proposal requires only linear optics together with a simple threshold photon detector, which shows the practical feasibility of the method. Most importantly, the resulting secret key rate is comparable to the one delivered by an active decoy state setup with an infinite number of decoy settings. In this paper we extend these results, now showing specifically the analysis for other practical scenarios with different light sources and photo-detectors. In particular, we consider sources emitting thermal states, phase randomized WCP, and strong coherent light in combination with several types of photo-detectors, like, for instance, threshold photon detectors, photon number resolving detectors, and classical photo-detectors. Our analysis includes as well the effect that detection inefficiencies and noise in the form of dark counts shown by current threshold detectors might have on the final secret ket rate. Moreover, we provide estimations on the effects that statistical fluctuations due to a finite data size can have in practical implementations.