• In this work, we present a reliable, efficient, and tight numerical method for calculating key rates for finite-dimensional quantum key distribution (QKD) protocols. We illustrate our approach by finding higher key rates than those previously reported in the literature for several interesting scenarios (e.g., the Trojan-horse attack and the phase-coherent BB84 protocol). Our method will ultimately improve our ability to automate key rate calculations and, hence, to develop a user-friendly software package that could be used widely by QKD researchers.
  • Quantum information degrades over distance due to the unavoidable imperfections of the transmission channels, with loss as the leading factor. This simple fact hinders quantum communication, as it relies on propagating quantum systems. A solution to this issue is to introduce quantum repeaters at regular intervals along a lossy channel, to revive the quantum signal. In this work we study unitary one-way quantum repeaters, which do not need to perform measurements and do not require quantum memories, and are therefore considerably simpler than other schemes. We introduce and analyze two methods to construct Hamiltonians that generate a repeater interaction that can beat the fundamental repeaterless key rate bound even in the presence of an additional coupling loss, with signals that contain only a handful of photons. The natural evolution of this work will be to approximate a repeater interaction by combining simple optical elements.
  • Quantum key distribution (QKD) promises information theoretic secure key as long as the device performs as assumed in the theoretical model. One of the assumptions is an absence of information leakage about individual photon detection outcomes of the receiver unit. Here we investigate the information leakage from a QKD receiver due to photon emission caused by detection events in single-photon detectors (backflash). We test commercial silicon avalanche photodiodes and a photomultiplier tube, and find that the former emit backflashes. We study the spectral, timing and polarization characteristics of these backflash photons. We experimentally demonstrate on a free-space QKD receiver that an eavesdropper can distinguish which detector has clicked inside it, and thus acquire secret information. A set of countermeasures both in theory and on the physical devices are discussed.
  • We propose a protocol based on coherent states and linear optics operations for solving the appointment-scheduling problem. Our main protocol leaks strictly less information about each party's input than the optimal classical protocol, even when considering experimental errors. Along with the ability to generate constant-amplitude coherent states over two modes, this protocol requires the ability to transfer these modes back-and-forth between the two parties multiple times with low coupling loss. The implementation requirements are thus still challenging. Along the way, we develop new tools to study quantum information cost of interactive protocols in the finite regime.
  • We introduce several families of quantum fingerprinting protocols to evaluate the equality function on two $n$-bit strings in the simultaneous message passing model. The original quantum fingerprinting protocol uses a tensor product of a small number of $\mathcal{O}(\log n)$-qubit high dimensional signals [Buhrman et al. 2001], whereas a recently-proposed optical protocol uses a tensor product of $\mathcal{O}(n)$ single-qubit signals, while maintaining the $\mathcal{O}(\log n)$ information leakage of the original protocol [Arrazola and L\"utkenhaus 2014]. We find a family of protocols which interpolate between the original and optical protocols while maintaining the $\mathcal{O}(\log n)$ information leakage, thus demonstrating a trade-off between the number of signals sent and the dimension of each signal. There has been interest in experimental realization of the recently-proposed optical protocol using coherent states [Xu et al. 2015, Guan et al. 2016], but as the required number of laser pulses grows linearly with the input size $n$, eventual challenges for the long-time stability of experimental set-ups arise. We find a coherent state protocol which reduces the number of signals by a factor $1/2$ while also reducing the information leakage. Our reduction makes use of a simple modulation scheme in optical phase space, and we find that more complex modulation schemes are not advantageous. Using a similar technique, we improve a recently-proposed coherent state protocol for evaluating the Euclidean distance between two real unit vectors [Kumar et al. 2017] by reducing the number of signals by a factor $1/2$ and also reducing the information leakage.
  • The security analysis of quantum key distribution is difficult to perform when there is efficiency mismatch between various threshold detectors involved in an experimental setup. Even the verification that the device actually performs in the quantum domain, referred to as the task of entanglement verification, is hard to perform. In this article we provide such an entanglement-verification method for characterized detection-efficiency mismatch. Our method does not rely on a cut-off of photon numbers in the optical signal. It can be applied independently of the degrees of freedom involved, thus covering, for example, efficiency mismatch in polarization and time-bin modes, but also in spatial modes. The evaluation of typical experimental scenarios suggests that an increase of detection-efficiency mismatch will drive the performance of a given setup out of the quantum domain.
  • Bound secret information is classical information that contains secrecy but from which secrecy cannot be extracted. The existence of bound secrecy has been conjectured but is currently unproven, and in this work we provide analytical and numerical evidence for its existence. Specifically, we consider two-way post-processing protocols in prepare-and-measure quantum key distribution based on the well-known six-state signal states. In terms of the quantum bit-error rate $Q$ of the classical data, such protocols currently exist for $Q<\frac{5-\sqrt{5}}{10}\approx 27.6\%$. On the other hand, for $Q\geq\frac{1}{3}$ no such protocol can exist as the observed data is compatible with an intercept-resend attack. This leaves the interesting question of whether successful protocols exist in the interval $\frac{5-\sqrt{5}}{10}\leq Q<\frac{1}{3}$. Previous work has shown that a necessary condition for the existence of two-way post-processing protocols for distilling secret key is breaking the symmetric extendability of the underlying quantum state shared by Alice and Bob. Using this result, it has been proven that symmetric extendability can be broken up to the $27.6\%$ lower bound using the advantage distillation protocol. In this work, we first show that to break symmetric extendability it is sufficient to consider a generalized form of advantage distillation consisting of one round of post-selection by Bob on a block of his data. We then provide evidence that such generalized protocols cannot break symmetric extendability beyond $27.6\%$. We thus have evidence to believe that $27.6\%$ is an upper bound on two-way post-processing and that the interval $\frac{5-\sqrt{5}}{10}\leq Q<\frac{1}{3}$ is a domain of bound secrecy.
  • Quantum information processing provides remarkable advantages over its classical counterpart. Quantum optical systems are proved to be sufficient for realizing general quantum tasks, which however often rely on single photon sources. In practice, imperfect single photon sources, such as weak coherent state source, are used instead, which will inevitably limit the power in demonstrating quantum effects. For instance, with imperfect photon sources, the key rate of the BB84 quantum key distribution protocol will be very low, which fortunately can be resolved by utilizing the decoy state method. As a generalization, we investigate an efficient way to simulate single photons with imperfect ones to an arbitrary desired accuracy when the number of photonic inputs is small. Based on this simulator, we can thus replace the tasks that involve only a few single photon inputs with the ones that only make use of imperfect photon sources. In addition, our method also provides a quantum simulator to quantum computation based on quantum optics. In the main context, we take phase randomized coherent state as an example for analysis. A general photon source applies similarly and may provide some further advantages for certain tasks.
  • We investigate a quantum repeater scheme for quantum key distribution based on the work by Muralidharan et al., Phys. Rev. Lett. 112, 250501 (2014). Our scheme extends that work by making use of error syndrome measurement outcomes available at the repeater stations. We show how to calculate the secret key rates for the case of optimizing the syndrome information, while the known key rate is based on a scenario of coarse-graining the syndrome information. We show that these key rates can surpass the Pirandola-Laurenza-Ottaviani-Banchi bound on secret key rates of direct transmission over lossy bosonic channels.
  • Quantum key distribution (QKD) allows for communication with security guaranteed by quantum theory. The main theoretical problem in QKD is to calculate the secret key rate for a given protocol. Analytical formulas are known for protocols with symmetries, since symmetry simplifies the analysis. However, experimental imperfections break symmetries, hence the effect of imperfections on key rates is difficult to estimate. Furthermore, it is an interesting question whether (intentionally) asymmetric protocols could outperform symmetric ones. Here, we develop a robust numerical approach for calculating the key rate for arbitrary discrete-variable QKD protocols. Ultimately this will allow researchers to study "unstructured" protocols, that is, those that lack symmetry. Our approach relies on transforming the key rate calculation to the dual optimization problem, which dramatically reduces the number of parameters and hence the calculation time. We illustrate our method by investigating some unstructured protocols for which the key rate was previously unknown.
  • A central assumption in quantum key distribution (QKD) is that Eve has no knowledge about which rounds will be used for parameter estimation or key distillation. Here we show that this assumption is violated for iterative sifting, a sifting procedure that has been employed in some (but not all) of the recently suggested QKD protocols in order to increase their efficiency. We show that iterative sifting leads to two security issues: (1) some rounds are more likely to be key rounds than others, (2) the public communication of past measurement choices changes this bias round by round. We analyze these two previously unnoticed problems, present eavesdropping strategies that exploit them, and find that the two problems are independent. We discuss some sifting protocols in the literature that are immune to these problems. While some of these would be inefficient replacements for iterative sifting, we find that the sifting subroutine of an asymptotically secure protocol suggested by Lo et al (2005 J. Cryptol. 18 133-65), which we call LCA sifting, has an efficiency on par with that of iterative sifting. One of our main results is to show that LCA sifting can be adapted to achieve secure sifting in the finite-key regime. More precisely, we combine LCA sifting with a certain parameter estimation protocol, and we prove the finite-key security of this combination. Hence we propose that LCA sifting should replace iterative sifting in future QKD implementations. More generally, we present two formal criteria for a sifting protocol that guarantee its finite-key security. Our criteria may guide the design of future protocols and inspire a more rigorous QKD analysis, which has neglected sifting-related attacks so far.
  • Complex cryptographic protocols are often constructed from simpler building-blocks. In order to advance quantum cryptography, it is important to study practical building-blocks that can be used to develop new protocols. An example is quantum retrieval games (QRGs), which have broad applicability and have already been used to construct quantum money schemes. In this work, we introduce a general construction of quantum retrieval games based on the hidden matching problem and show how they can be implemented in practice using available technology. More precisely, we provide a general method to construct (1-out-of-k) QRGs, proving that their cheating probabilities decrease exponentially in $k$. In particular, we define new QRGs based on coherent states of light, which can be implemented even in the presence of experimental imperfections. Our results constitute a new tool in the arsenal of the practical quantum cryptographer.
  • Quantum key distribution (QKD) has the potential to improve communications security by offering cryptographic keys whose security relies on the fundamental properties of quantum physics. The use of a trusted quantum receiver on an orbiting satellite is the most practical near-term solution to the challenge of achieving long-distance (global-scale) QKD, currently limited to a few hundred kilometers on the ground. This scenario presents unique challenges, such as high photon losses and restricted classical data transmission and processing power due to the limitations of a typical satellite platform. Here we demonstrate the feasibility of such a system by implementing a QKD protocol, with optical transmission and full post-processing, in the high-loss regime using minimized computing hardware at the receiver. Employing weak coherent pulses with decoy states, we demonstrate the production of secure key bits at up to 56.5 dB of photon loss. We further illustrate the feasibility of a satellite uplink by generating secure key while experimentally emulating the varying channel losses predicted for realistic low-Earth-orbit satellite passes at 600 km altitude. With a 76 MHz source and including finite-size analysis, we extract 3374 bits of secure key from the best pass. We also illustrate the potential benefit of combining multiple passes together: while one suboptimal "upper-quartile" pass produces no finite-sized key with our source, the combination of three such passes allows us to extract 165 bits of secure key. Alternatively, we find that by increasing the signal rate to 300 MHz it would be possible to extract 21570 bits of secure finite-sized key in just a single upper-quartile pass.
  • We introduce a new continuous-variable quantum key distribution (CV-QKD) protocol, self-referenced CV-QKD, that eliminates the need for transmission of a high-power local oscillator between the communicating parties. In this protocol, each signal pulse is accompanied by a reference pulse (or a pair of twin reference pulses), used to align Alice's and Bob's measurement bases. The method of phase estimation and compensation based on the reference pulse measurement can be viewed as a quantum analog of intradyne detection used in classical coherent communication, which extracts the phase information from the modulated signal. We present a proof-of-principle, fiber-based experimental demonstration of the protocol and quantify the expected secret key rates by expressing them in terms of experimental parameters. Our analysis of the secret key rate fully takes into account the inherent uncertainty associated with the quantum nature of the reference pulse(s) and quantifies the limit at which the theoretical key rate approaches that of the respective conventional protocol that requires local oscillator transmission. The self-referenced protocol greatly simplifies the hardware required for CV-QKD, especially for potential integrated photonics implementations of transmitters and receivers, with minimum sacrifice of performance. As such, it provides a pathway towards scalable integrated CV-QKD transceivers, a vital step towards large-scale QKD networks.
  • Despite the tremendous progress of quantum cryptography, efficient quantum communication over long distances (>1000km) remains an outstanding challenge due to fiber attenuation and operation errors accumulated over the entire communication distance. Quantum repeaters, as a promising approach, can overcome both photon loss and operation errors, and hence significantly speedup the communication rate. Depending on the methods used to correct loss and operation errors, all the proposed QR schemes can be classified into three categories (generations). Here we present the first systematic comparison of three generations of quantum repeaters by evaluating the cost of both temporal and physical resources, and identify the optimized quantum repeater architecture for a given set of experimental parameters. Our work provides a roadmap for the experimental realizations of highly efficient quantum networks over transcontinental distances.
  • We propose a scheme for performing quantum key distribution (QKD) which has the potential to beat schemes based on the direct transmission of photons between the communicating parties. In our proposal, the communicating parties exchange photons with two quantum memories placed between them. This is a very simple quantum repeater scheme and can be implemented with currently available technology. Ideally, its secret key rate scales as the square root of the transmittivity of the optical channel, which is superior to QKD schemes based on direct transmission because key rates for the latter scale at best linearly with transmittivity. Taking into account various imperfections in each component of our setup, we present parameter regimes in which our protocol outperforms protocols based on direct transmission.
  • In free-space quantum key distribution (QKD), the sensitivity of the receiver's detector channels may depend differently on the spatial mode of incoming photons. Consequently, an attacker can control the spatial mode to break security. We experimentally investigate a standard polarization QKD receiver, and identify sources of efficiency mismatch in its optical scheme. We model a practical intercept-and-resend attack and show that it would break security in most situations. We show experimentally that adding an appropriately chosen spatial filter at the receiver's entrance is an effective countermeasure.
  • The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.
  • Higher transmission loss diminishes the performance of optical communication|be it the rate at which classical or quantum data can be sent reliably, or the secure key generation rate of quantum key distribution (QKD). Loss compounds with distance|exponentially in an optical fiber, and inverse-square with distance for a free-space channel. In order to boost classical communication rates over long distances, it is customary to introduce regenerative relays at intermediate points along the channel. It is therefore natural to speculate whether untended regenerative stations, such as phase-insensitive or phase-sensitive optical amplifiers, could serve as repeaters for long-distance QKD. The primary result of this paper rules out all bosonic Gaussian channels to be useful as QKD repeaters, which include phase-insensitive and phase-sensitive amplifiers as special cases, for any QKD protocol. We also delineate the conditions under which a Gaussian relay renders a lossy channel entanglement breaking, which in turn makes the channel useless for QKD.
  • We propose a QKD protocol for trusted node relays. Our protocol shifts the communication and computational weight of classical post-processing to the end users by reassigning the roles of error correction and privacy amplification, while leaving the exchange of quantum signals untouched. We perform a security analysis for this protocol based on the BB84 protocol on the level of infinite key formulas, taking into account weak coherent implementations involving decoy analysis.
  • We introduce a general mapping for encoding quantum communication protocols involving pure states of multiple qubits, unitary transformations, and projective measurements into another set of protocols that employ coherent states of light in a superposition of optical modes, linear optics transformations and measurements with single-photon threshold detectors. This provides a general framework for transforming protocols in quantum communication into a form in which they can be implemented with current technology. We explore the similarity between properties of the original qubit protocols and the coherent-state protocols obtained from the mapping and make use of the mapping to construct new protocols in the context of quantum communication complexity and quantum digital signatures. Our results have the potential of bringing a wide class of quantum communication protocols closer to their experimental demonstration.
  • A protocol with the potential of beating the existing distance records for conventional quantum key distribution (QKD) systems is proposed. It borrows ideas from quantum repeaters by using memories in the middle of the link, and that of measurement-device-independent QKD, which only requires optical source equipment at the user's end. For certain fast memories, our scheme allows a higher repetition rate than that of quantum repeaters, thereby requiring lower coherence times. By accounting for various sources of nonideality, such as memory decoherence, dark counts, misalignment errors, and background noise, as well as timing issues with memories, we develop a mathematical framework within which we can compare QKD systems with and without memories. In particular, we show that with the state-of-the-art technology for quantum memories, it is possible to devise memory-assisted QKD systems that, at certain distances of practical interest, outperform current QKD implementations.
  • We present a protocol for quantum fingerprinting that is ready to be implemented with current technology and is robust to experimental errors. The basis of our scheme is an implementation of the signal states in terms of a coherent state in a superposition of time-bin modes. Experimentally, this requires only the ability to prepare coherent states of low amplitude, and to interfere them in a balanced beam splitter. The states used in the protocol are arbitrarily close in trace distance to states of $\mathcal{O}(\log_2 n)$ qubits, thus exhibiting an exponential separation in communication complexity compared to the classical case. The protocol uses a number of optical modes that is proportional to the size $n$ of the input bit-strings, but a total mean photon number that is constant and independent of $n$. Given the expended resources, our protocol achieves a task that is provably impossible using classical communication only. In fact, even in the presence of realistic experimental errors and loss, we show that there exist a large range of input sizes for which our quantum protocol requires communication that can be more than two orders of magnitude smaller than a classical fingerprinting protocol.
  • We present an experimental study of higher-dimensional quantum key distribution protocols based on mutually unbiased bases, implemented by means of photons carrying orbital angular momentum. We perform (d+1) mutually unbiased measurements in a classical prepare and measure scheme and on a pair of entangled photons for dimensions ranging from d = 2 to 5. In our analysis, we pay attention to the detection efficiency and photon pair creation probability. As security measures, we determine from experimental data the average error rate, the mutual information shared between the sender and receiver and the secret key generation rate per photon. We demonstrate that increasing the dimension leads to an increased information capacity as well as higher key generation rates per photon up to a dimension of d = 4.
  • Quantum repeaters (QRs) provide a way of enabling long distance quantum communication by establishing entangled qubits between remote locations. We investigate a new approach to QRs in which quantum information can be faithfully transmitted via a noisy channel without the use of long distance teleportation, thus eliminating the need to establish remote entangled links. Our approach makes use of small encoding blocks to fault-tolerantly correct both operational and photon loss errors. We describe a way to optimize the resource requirement for these QRs with the aim of the generation of a secure key. Numerical calculations indicate that the number of quantum memory bits required for our scheme has favorable poly-logarithmic scaling with the distance across which the communication is desired.