• As research on building scalable quantum computers advances, it is important to be able to certify their correctness. Due to the exponential hardness of classically simulating quantum computation, straight-forward verification via this means fails. However, we can classically simulate small scale quantum computations and hence we are able to test that devices behave as expected in this domain. This constitutes the first step towards obtaining confidence in the anticipated quantum-advantage when we extend to scales that can no longer be simulated. Real devices have restrictions due to their architecture and limitations due to physical imperfections and noise. In this paper we extend the usual ideal simulations by considering those effects. We aim to provide a general methodology and framework for constructing simulations which emulate the physical system. These simulations should provide a benchmark for realistic devices and guide experimental research in the quest for quantum-advantage. To illustrate our methodology we give examples that involve networked architectures and the noise-model of the device developed by the Networked Quantum Information Technologies Hub (NQIT). For our simulations we use, with suitable modification, the classical simulator of Bravyi and Gosset while the specific problems considered belong to the Instantaneous Quantum Polynomial-time class. This class is believed to be hard for classical computational devices, and is regarded as a promising candidate for the first demonstration of quantum-advantage. We first consider a subclass of IQP, defined by Bermejo-Vega et al, involving two-dimensional dynamical quantum simulators, and then general instances of IQP, restricted to the architecture of NQIT.
  • We define the functionality of delegated pseudo-secret random qubit generator (PSRQG), where a classical client can instruct the preparation of a sequence of random qubits at some distant party. Their classical description is (computationally) unknown to any other party (including the distant party preparing them) but known to the client. We emphasize the unique feature that no quantum communication is required to implement PSRQG. This enables classical clients to perform a class of quantum communication protocols with only a public classical channel with a quantum server. A key such example is the delegated universal quantum computing. Using our functionality one could achieve for the first time a purely classical-client computational secure verifiable delegated universal quantum computing (also referred to as verifiable blind quantum computation). We give a concrete protocol (QFactory) implementing PSRQG, using the Learning-With-Errors problem to construct a trapdoor one-way function with certain desired properties (quantum-safe, two-regular, collision-resistant). We then prove the security in the Quantum-Honest-But-Curious setting and briefly discuss the extension to the malicious case.
  • Digital signatures play an important role in software distribution, modern communication and financial transactions, where it is important to detect forgery and tampering. Signatures are a cryptographic technique for validating the authenticity and integrity of messages, software, or digital documents. The security of currently used classical schemes relies on computational assumptions. Quantum digital signatures (QDS), on the other hand, provide information-theoretic security based on the laws of quantum physics. Recent work on QDS shows that such schemes do not require trusted quantum channels and are unconditionally secure against general coherent attacks. However, in practical QDS, just as in quantum key distribution (QKD), the detectors can be subjected to side-channel attacks, which can make the actual implementations insecure. Motivated by the idea of measurement-device-independent quantum key distribution (MDI-QKD), we present a measurement-device-independent QDS (MDI-QDS) scheme, which is secure against all detector side-channel attacks. Based on the rapid development of practical MDI-QKD, our MDI-QDS protocol could also be experimentally implemented, since it requires a similar experimental setup.
  • The relationship between correlations and entanglement has played a major role in understanding quantum theory since the work of Einstein, Podolsky and Rosen (1935). Tsirelson (1980) proved that Bell states, shared among two parties, when measured suitably, achieve the maximum non-local correlations allowed by quantum mechanics. Conversely, Reichardt, Unger and Vazirani (2013) showed that observing the maximal correlation value over a sequence of repeated measurements, implies that the underlying quantum state is close to a tensor product of maximally entangled states and, moreover, that it is measured according to an ideal strategy. However, this strong rigidity result comes at a high price, requiring a large number of entangled pairs to be tested. In this paper, we present a significant improvement in terms of the overhead by instead considering quantum steering where the device of the one side is trusted. We first demonstrate a robust one-sided device-independent version of self-testing, which characterises the shared state and measurement operators of two parties up to a certain bound. We show that this bound is optimal up to constant factors and we generalise the results for the most general attacks. This leads us to a rigidity theorem for maximal steering correlations. As a key application we give a one-sided device-independent protocol for verifiable delegated quantum computation, and compare it to other existing protocols, to highlight the cost of trust assumptions. Finally, we show that under reasonable assumptions, the states shared in order to run a certain type of verification protocol must be unitarily equivalent to perfect Bell states.
  • The application and analysis of the Cut-and-Choose technique in protocols secure against quantum adversaries is not a straightforward transposition of the classical case, among other reasons due to the difficulty to use rewinding in the quantum realm. We introduce a Quantum Computation Cut-and-Choose (QC-CC) technique which is a generalisation of the classical Cut-and-Choose in order to build quantum protocols secure against quantum covert adversaries. Such adversaries can deviate arbitrarily provided that their deviation is not detected. As an application of the QC-CC we give a protocol for securely performing two-party quantum computation with classical input/output. As basis we use secure delegated quantum computing (Broadbent et al 2009), and in particular the garbled quantum computation of (Kashefi et al 2016) that is secure against only a weak specious adversaries, defined in (Dupuis et al 2010). A unique property of these protocols is the separation between classical and quantum communications and the asymmetry between client and server, which enables us to sidestep the quantum rewinding issues. This opens the prospect of using the QC-CC to other quantum protocols with this separation. In our proof of security we adapt and use (at different parts) two quantum rewinding techniques, namely Watrous' oblivious q-rewinding (Watrous 2009) and Unruh's special q-rewinding (Unruh 2012). Our protocol achieves the same functionality as in previous works (e.g. Dupuis et al 2012), however using the QC-CC technique on the protocol from (Kashefi et al 2016) leads to the following key improvements: (i) only one-way offline quantum communication is necessary , (ii) only one party (server) needs to have involved quantum technological abilities, (iii) only minimal extra cryptographic primitives are required, namely one oblivious transfer for each input bit and quantum-safe commitments.
  • The universal blind quantum computation protocol (UBQC) (Broadbent, Fitzsimons, Kashefi 2009) enables an almost classical client to delegate a quantum computation to an untrusted quantum server (in form of a garbled quantum computation) while the security for the client is unconditional. In this contribution we explore the possibility of extending the verifiable UBQC (Fitzsimons, Kashefi 2012), to achieve further functionalities as was done for classical garbled computation. First, exploring the asymmetric nature of UBQC (client preparing only single qubits, while the server runs the entire quantum computation), we present a "Yao" type protocol for secure two party quantum computation. Similar to the classical setting (Yao 1986) our quantum Yao protocol is secure against a specious (quantum honest-but-curious) garbler, but in our case, against a (fully) malicious evaluator. Unlike the protocol in (Dupuis, Nielsen, Salvail 2010), we do not require any online-quantum communication between the garbler and the evaluator and thus no extra cryptographic primitive. This feature will allow us to construct a simple universal one-time compiler for any quantum computation using one-time memory, in a similar way with the classical work of (Goldwasser, Kalai, Rothblum 2008) while more efficiently than the previous work of (Broadbent, Gutoski, Stebila 2013).
  • In R.D. Sorkin's framework for logic in physics a clear separation is made between the collection of unasserted propositions about the physical world and the affirmation or denial of these propositions by the physical world. The unasserted propositions form a Boolean algebra because they correspond to subsets of an underlying set of spacetime histories. Physical rules of inference, apply not to the propositions in themselves but to the affirmation and denial of these propositions by the actual world. This physical logic may or may not respect the propositions' underlying Boolean structure. We prove that this logic is Boolean if and only if the following three axioms hold: (i) The world is affirmed, (ii) Modus Ponens and (iii) If a proposition is denied then its negation, or complement, is affirmed. When a physical system is governed by a dynamical law in the form of a quantum measure with the rule that events of zero measure are denied, the axioms (i) - (iii) prove to be too rigid and need to be modified. One promising scheme for quantum mechanics as quantum measure theory corresponds to replacing axiom (iii) with axiom (iv) Nature is as fine grained as the dynamics allows.
  • Digital signatures are widely used in modern communication to guarantee authenticity and transferability of messages, The security of currently used classical schemes relies on computational assumptions. We present a quantum signature scheme that does not require trusted quantum channels. We prove that it is unconditionally secure against the most general coherent attacks, and show that it requires the transmission of significantly fewer quantum states than previous schemes. We also show that the quantum channel noise threshold for our scheme is less strict than for distilling a secure key using quantum key distribution. This shows that direct quantum signature schemes can be preferable to signature schemes relying on secret shared keys generated using quantum key distribution.
  • Digital signatures guarantee the authorship of electronic communications. Currently used "classical" signature schemes rely on unproven computational assumptions for security, while quantum signatures rely only on the laws of quantum mechanics. Previous quantum signature schemes have used unambiguous quantum measurements. Such measurements, however, sometimes give no result, reducing the efficiency of the protocol. Here, we instead use heterodyne detection, which always gives a result, although there is always some uncertainty. We experimentally demonstrate feasibility in a real environment by distributing signature states through a noisy 1.6km free-space channel. Our results show that continuous-variable heterodyne detection improves the signature rate for this type of scheme and therefore represents an interesting direction in the search for practical quantum signature schemes.
  • Recent developments make the possibility of achieving scalable quantum networks and quantum devices closer. From the computational point of view these emerging technologies become relevant when they are no longer classically simulatable. Hence a pressing challenge is the construction of practical methods to verify the correctness of the outcome produced by universal or non-universal quantum devices. A promising approach that has been extensively explored is the scheme of verification via encryption through blind quantum computing initiated by Fitzsimons and Kashefi. We present here a new construction that simplifies the required resources for any such verifiable blind quantum computating protocol. We obtain an overhead that is linear in the size of the input, while the security parameter remains independent of the size of the computation and can be made exponentially small. Furthermore our construction is generic and could be applied to any non-universal scheme with a given underlying graph.
  • We present an experimental realization of a quantum digital signature protocol which, together with a standard quantum key distribution link, increases transmission distance to kilometre ranges, three orders of magnitude larger than in previous realizations. The bit-rate is also significantly increased compared with previous quantum signature demonstrations. This work illustrates that quantum digital signatures can be realized with optical components similar to those used for quantum key distribution, and could be implemented in existing optical fiber networks.
  • Digital signatures are widely used in electronic communications to secure important tasks such as financial transactions, software updates, and legal contracts. The signature schemes that are in use today are based on public-key cryptography and derive their security from computational assumptions. However, it is possible to construct unconditionally secure signature protocols. In particular, using quantum communication, it is possible to construct signature schemes with security based on fundamental principles of quantum mechanics. Several quantum signature protocols have been proposed, but none of them has been explicitly generalized to more than three participants, and their security goals have not been formally defined. Here, we first extend the security definitions of Swanson and Stinson (2011) so that they can apply also to the quantum case, and introduce a formal definition of transferability based on different verification levels. We then prove several properties that multiparty signature protocols with information-theoretic security -- quantum or classical -- must satisfy in order to achieve their security goals. We also express two existing quantum signature protocols with three parties in the security framework we have introduced. Finally, we generalize a quantum signature protocol given in Wallden-Dunjko-Kent-Andersson (2015) to the multiparty case, proving its security against forging, repudiation and non-transferability. Notably, this protocol can be implemented using any point-to-point quantum key distribution network and therefore is ready to be experimentally demonstrated.
  • Recent advances in theoretical and experimental quantum computing bring us closer to scalable quantum computing devices. This makes the need for protocols that verify the correct functionality of quantum operations timely and has led to the field of quantum verification. In this paper we address key challenges to make quantum verification protocols applicable to experimental implementations. We prove the robustness of the single server verifiable universal blind quantum computing protocol of Fitzsimons and Kashefi (2012) in the most general scenario. This includes the case where the purification of the deviated input state is in the hands of an adversarial server. The proved robustness property allows the composition of this protocol with a device-independent state tomography protocol that we give, which is based on the rigidity of CHSH games as proposed by Reichardt, Unger and Vazirani (2013). The resulting composite protocol has lower round complexity for the verification of entangled quantum servers with a classical verifier and, as we show, can be made fault tolerant.
  • Digital signatures guarantee the authenticity and transferability of messages, and are widely used in modern communication. The security of currently used classical digital signature schemes, however, relies on computational assumptions. In contrast, quantum digital signature (QDS) schemes offer information-theoretic security guaranteed by the laws of quantum mechanics. We present two QDS protocols which have the same experimental requirements as quantum key distribution, which is already commercially available. We also present the first security proof for any QDS scheme against coherent forging attacks.
  • The best developed formulation of closed system quantum theory that handles multiple-time statements, is the consistent (or decoherent) histories approach. The most important weaknesses of the approach is that it gives rise to many different consistent sets, and it has been argued that a complete interpretation should be accompanied with a natural mechanism leading to a (possibly) unique preferred consistent set. The existence of multiple consistent sets becomes more problematic because it allows the existence of contrary inferences (Kent 1997). We analyse the conceptual difficulties that arise from the existence of multiple consistent sets and provide a suggestion for a natural set selection criterion. This criterion does not lead to a unique physical consistent set, however it evades the existence of consistent sets with contrary inferences. The criterion is based on the concept of preclusion and the requirement that probability one propositions and their inferences should be noncontextual. The allowed consistent sets turn-out to be compatible with coevents which are the ontology of an alternative, histories based, formulation.
  • Digital signatures are widely used to provide security for electronic communications, for example in financial transactions and electronic mail. Currently used classical digital signature schemes, however, only offer security relying on unproven computational assumptions. In contrast, quantum digital signatures (QDS) offer information-theoretic security based on laws of quantum mechanics (e.g. Gottesman and Chuang 2001). Here, security against forging relies on the impossibility of perfectly distinguishing between non-orthogonal quantum states. A serious drawback of previous QDS schemes is however that they require long-term quantum memory, making them unfeasible in practice. We present the first realisation of a scheme (Dunjko et al 2013) that does not need quantum memory, and which also uses only standard linear optical components and photodetectors. To achieve this, the recipients measure the distributed quantum signature states using a new type of quantum measurement, quantum state elimination (e.g. Barnett 2009, Bandyopadhyay et al 2013). This significantly advances QDS as a quantum technology with potential for real applications.
  • Knowing about optimal quantum measurements is important for many applications in quantum information and quantum communication. However, deriving optimal quantum measurements is often difficult. We present a collection of results for minimum-cost quantum measurements, and give examples of how they can be used. Among other results, we show that a minimum-cost measurement for a set of given pure states is formally equivalent to a minimum-error measurement for mixed states of those same pure states. For pure symmetric states it turns out that for a certain class of cost matrices, the minimum-cost measurement is the square-root measurement. That is, the optimal minimum-cost measurement is in this case the same as the minimum-error measurement. Finally, we consider sequences of individual ``local" systems, and examine when the global minimum-cost measurement is a sequence of optimal local measurements. We also consider an example where the global minimum-cost measurement is, perhaps counter-intuitively, not a sequence of local measurements, and discuss how this is related to related to the Pusey-Barrett-Rudolph argument for the nature of the wave function.
  • Following the argument of Pusey, Barrett and Rudolph (Nature Phys. 8:476, 2012), new interest has been raised on whether one can interpret state-vectors (pure states) in a statistical way ($\psi$-epistemic theories), or if each of them corresponds to a different ontological entity. Each interpretation of quantum theory assumes different ontology and one could ask if the PBR argument carries over. Here we examine this question for histories formulations in general with particular attention to the co-event formulation. State-vectors appear as the initial state that enters into the quantum measure. While the PBR argument goes through up to a point, the failure to meet some of the assumptions they made does not allow one to reach their conclusion. However, the author believes that the "statistical interpretation" is still impossible for co-events even if this is not proven by the PBR argument.
  • We introduce a framework for studying non-locality and contextuality inspired by the path integral formulation of quantum theory. We prove that the existence of a strongly positive joint quantum measure -- the quantum analogue of a joint probability measure -- on a set of experimental probabilities implies the Navascues-Pironio-Acin (NPA) condition $Q^1$ and is implied by the stronger NPA condition $Q^{1+AB}$. A related condition is shown to be equivalent to $Q^{1+AB}$.
  • Quantum Digital Signatures (QDS) allow for the exchange of messages from one sender to multiple recipients, with the guarantee that messages cannot be forged or tampered with. Additionally, messages cannot be repudiated -- if one recipient accepts a message, she is guaranteed that others will accept the same message as well. While messaging with these types of security guarantees are routinely performed in the modern digital world, current technologies only offer security under computational assumptions. QDS, on the other hand, offer security guaranteed by quantum mechanics. All thus far proposed variants of QDS require long-term, high quality storage of quantum information, making them unfeasible in the foreseeable future. Here, we present the first QDS scheme where no quantum memory is required, and all quantum information processing can be performed using just linear optics. This makes QDS feasible with current technology.
  • Understanding quantum theory has been a subject of debate from its birth. Many different formulations and interpretations have been proposed. Here we examine a recent novel formulation, namely the coevents formulation. It is a histories formulation and has as starting point the Feynman path integral and the decoherence functional. The new ontology turns out to be that of a coarse-grained history. We start with a quantum measure defined on the space of histories, and the existence of zero covers rules out single-history as potential reality (the Kochen Specker theorem casted in histories form is a special case of a zero cover). We see that allowing coarse-grained histories as potential realities avoids the previous paradoxes, maintains deductive non-contextual logic (alas non-Boolean) and gives rise to a unique classical domain. Moreover, we can recover the probabilistic predictions of quantum theory with the use of the Cournot's principle. This formulation, being both a realist formulation and based on histories, is well suited conceptually for the purposes of quantum gravity and cosmology.
  • In order to construct a quantum theory of gravity, we may have to abandon certain assumptions we were making. In particular, the concept of spacetime as a continuum substratum is questioned. Causal Sets is an attempt to construct a quantum theory of gravity starting with a fundamentally discrete spacetime. In this contribution we review the whole approach, focusing on some recent developments in the kinematics and dynamics of the approach.
  • Any discrete approach to quantum gravity must provide some prescription as to how to deduce continuum properties from the discrete substructure. In the causal set approach it is straightforward to deduce timelike distances, but surprisingly difficult to extract spacelike distances, because of the unique combination of discreteness with local Lorentz invariance in that approach. We propose a number of methods to overcome this difficulty, one of which reproduces the spatial distance between two points in a finite region of Minkowski space. We provide numerical evidence that this definition can be used to define a `spatial nearest neighbor' relation on a causal set, and conjecture that this can be exploited to define the length of `continuous curves' in causal sets which are approximated by curved spacetime. This provides evidence in support of the ``Hauptvermutung'' of causal sets.
  • Anhomomorphic logic is a new interpretation of Quantum Theory (due to R. Sorkin). It is a histories formulation (c.f. consistent histories, quantum measure theory). In this approach, reality is a co-event, which is essentially an assignment of a truth value {True, False} to each question. The way this assignment is done mimics classical physics in as much as possible allowing however for sufficient flexibility to accommodate quantum 'paradoxes', as is shown by the analysis of Kochen-Specker theorem. In this contribution, after briefly reviewing the approach, we will examine how probabilistic predictions can arise. The Cournot principle and the use of approximate preclusions will play a crucial role. Facing similar problems in interpreting probability as in classical probability theory, we will resort to the weak form of Cournot principle, where possible realities will be preclusive co-events and the quantum measure is used to obtain predictions. Examples considered, includes the fair coin and the double slit pattern arguably one of the most important paradigms for quantum theory.
  • Sorkin has introduced a new, observer independent, interpretation of quantum mechanics that can give a successful realist account of the 'quantum microworld' as well as explaining how classicality emerges at the level of observable events for a range of systems including single time 'Copenhagen measurements'. This 'co-event interpretation' presents us with a new ontology, in which a single 'co-event' is real. A new ontology necessitates a review of the dynamical & predictive mechanism of a theory, and in this paper we begin the process by exploring means of expressing the dynamical and predictive content of histories theories in terms of co-events.