
As research on building scalable quantum computers advances, it is important
to be able to certify their correctness. Due to the exponential hardness of
classically simulating quantum computation, straightforward verification via
this means fails. However, we can classically simulate small scale quantum
computations and hence we are able to test that devices behave as expected in
this domain. This constitutes the first step towards obtaining confidence in
the anticipated quantumadvantage when we extend to scales that can no longer
be simulated.
Real devices have restrictions due to their architecture and limitations due
to physical imperfections and noise. In this paper we extend the usual ideal
simulations by considering those effects. We aim to provide a general
methodology and framework for constructing simulations which emulate the
physical system. These simulations should provide a benchmark for realistic
devices and guide experimental research in the quest for quantumadvantage.
To illustrate our methodology we give examples that involve networked
architectures and the noisemodel of the device developed by the Networked
Quantum Information Technologies Hub (NQIT). For our simulations we use, with
suitable modification, the classical simulator of Bravyi and Gosset while the
specific problems considered belong to the Instantaneous Quantum
Polynomialtime class. This class is believed to be hard for classical
computational devices, and is regarded as a promising candidate for the first
demonstration of quantumadvantage. We first consider a subclass of IQP,
defined by BermejoVega et al, involving twodimensional dynamical quantum
simulators, and then general instances of IQP, restricted to the architecture
of NQIT.

We define the functionality of delegated pseudosecret random qubit generator
(PSRQG), where a classical client can instruct the preparation of a sequence of
random qubits at some distant party. Their classical description is
(computationally) unknown to any other party (including the distant party
preparing them) but known to the client. We emphasize the unique feature that
no quantum communication is required to implement PSRQG. This enables classical
clients to perform a class of quantum communication protocols with only a
public classical channel with a quantum server. A key such example is the
delegated universal quantum computing. Using our functionality one could
achieve for the first time a purely classicalclient computational secure
verifiable delegated universal quantum computing (also referred to as
verifiable blind quantum computation). We give a concrete protocol (QFactory)
implementing PSRQG, using the LearningWithErrors problem to construct a
trapdoor oneway function with certain desired properties (quantumsafe,
tworegular, collisionresistant). We then prove the security in the
QuantumHonestButCurious setting and briefly discuss the extension to the
malicious case.

Digital signatures play an important role in software distribution, modern
communication and financial transactions, where it is important to detect
forgery and tampering. Signatures are a cryptographic technique for validating
the authenticity and integrity of messages, software, or digital documents. The
security of currently used classical schemes relies on computational
assumptions. Quantum digital signatures (QDS), on the other hand, provide
informationtheoretic security based on the laws of quantum physics. Recent
work on QDS shows that such schemes do not require trusted quantum channels and
are unconditionally secure against general coherent attacks. However, in
practical QDS, just as in quantum key distribution (QKD), the detectors can be
subjected to sidechannel attacks, which can make the actual implementations
insecure. Motivated by the idea of measurementdeviceindependent quantum key
distribution (MDIQKD), we present a measurementdeviceindependent QDS
(MDIQDS) scheme, which is secure against all detector sidechannel attacks.
Based on the rapid development of practical MDIQKD, our MDIQDS protocol could
also be experimentally implemented, since it requires a similar experimental
setup.

The relationship between correlations and entanglement has played a major
role in understanding quantum theory since the work of Einstein, Podolsky and
Rosen (1935). Tsirelson (1980) proved that Bell states, shared among two
parties, when measured suitably, achieve the maximum nonlocal correlations
allowed by quantum mechanics. Conversely, Reichardt, Unger and Vazirani (2013)
showed that observing the maximal correlation value over a sequence of repeated
measurements, implies that the underlying quantum state is close to a tensor
product of maximally entangled states and, moreover, that it is measured
according to an ideal strategy. However, this strong rigidity result comes at a
high price, requiring a large number of entangled pairs to be tested. In this
paper, we present a significant improvement in terms of the overhead by instead
considering quantum steering where the device of the one side is trusted. We
first demonstrate a robust onesided deviceindependent version of
selftesting, which characterises the shared state and measurement operators of
two parties up to a certain bound. We show that this bound is optimal up to
constant factors and we generalise the results for the most general attacks.
This leads us to a rigidity theorem for maximal steering correlations. As a key
application we give a onesided deviceindependent protocol for verifiable
delegated quantum computation, and compare it to other existing protocols, to
highlight the cost of trust assumptions. Finally, we show that under reasonable
assumptions, the states shared in order to run a certain type of verification
protocol must be unitarily equivalent to perfect Bell states.

The application and analysis of the CutandChoose technique in protocols
secure against quantum adversaries is not a straightforward transposition of
the classical case, among other reasons due to the difficulty to use rewinding
in the quantum realm. We introduce a Quantum Computation CutandChoose (QCCC)
technique which is a generalisation of the classical CutandChoose in order to
build quantum protocols secure against quantum covert adversaries. Such
adversaries can deviate arbitrarily provided that their deviation is not
detected. As an application of the QCCC we give a protocol for securely
performing twoparty quantum computation with classical input/output. As basis
we use secure delegated quantum computing (Broadbent et al 2009), and in
particular the garbled quantum computation of (Kashefi et al 2016) that is
secure against only a weak specious adversaries, defined in (Dupuis et al
2010). A unique property of these protocols is the separation between classical
and quantum communications and the asymmetry between client and server, which
enables us to sidestep the quantum rewinding issues. This opens the prospect of
using the QCCC to other quantum protocols with this separation. In our proof
of security we adapt and use (at different parts) two quantum rewinding
techniques, namely Watrous' oblivious qrewinding (Watrous 2009) and Unruh's
special qrewinding (Unruh 2012). Our protocol achieves the same functionality
as in previous works (e.g. Dupuis et al 2012), however using the QCCC
technique on the protocol from (Kashefi et al 2016) leads to the following key
improvements: (i) only oneway offline quantum communication is necessary ,
(ii) only one party (server) needs to have involved quantum technological
abilities, (iii) only minimal extra cryptographic primitives are required,
namely one oblivious transfer for each input bit and quantumsafe commitments.

The universal blind quantum computation protocol (UBQC) (Broadbent,
Fitzsimons, Kashefi 2009) enables an almost classical client to delegate a
quantum computation to an untrusted quantum server (in form of a garbled
quantum computation) while the security for the client is unconditional. In
this contribution we explore the possibility of extending the verifiable UBQC
(Fitzsimons, Kashefi 2012), to achieve further functionalities as was done for
classical garbled computation. First, exploring the asymmetric nature of UBQC
(client preparing only single qubits, while the server runs the entire quantum
computation), we present a "Yao" type protocol for secure two party quantum
computation. Similar to the classical setting (Yao 1986) our quantum Yao
protocol is secure against a specious (quantum honestbutcurious) garbler, but
in our case, against a (fully) malicious evaluator. Unlike the protocol in
(Dupuis, Nielsen, Salvail 2010), we do not require any onlinequantum
communication between the garbler and the evaluator and thus no extra
cryptographic primitive. This feature will allow us to construct a simple
universal onetime compiler for any quantum computation using onetime memory,
in a similar way with the classical work of (Goldwasser, Kalai, Rothblum 2008)
while more efficiently than the previous work of (Broadbent, Gutoski, Stebila
2013).

In R.D. Sorkin's framework for logic in physics a clear separation is made
between the collection of unasserted propositions about the physical world and
the affirmation or denial of these propositions by the physical world. The
unasserted propositions form a Boolean algebra because they correspond to
subsets of an underlying set of spacetime histories. Physical rules of
inference, apply not to the propositions in themselves but to the affirmation
and denial of these propositions by the actual world. This physical logic may
or may not respect the propositions' underlying Boolean structure. We prove
that this logic is Boolean if and only if the following three axioms hold: (i)
The world is affirmed, (ii) Modus Ponens and (iii) If a proposition is denied
then its negation, or complement, is affirmed. When a physical system is
governed by a dynamical law in the form of a quantum measure with the rule that
events of zero measure are denied, the axioms (i)  (iii) prove to be too rigid
and need to be modified. One promising scheme for quantum mechanics as quantum
measure theory corresponds to replacing axiom (iii) with axiom (iv) Nature is
as fine grained as the dynamics allows.

Digital signatures are widely used in modern communication to guarantee
authenticity and transferability of messages, The security of currently used
classical schemes relies on computational assumptions. We present a quantum
signature scheme that does not require trusted quantum channels. We prove that
it is unconditionally secure against the most general coherent attacks, and
show that it requires the transmission of significantly fewer quantum states
than previous schemes. We also show that the quantum channel noise threshold
for our scheme is less strict than for distilling a secure key using quantum
key distribution. This shows that direct quantum signature schemes can be
preferable to signature schemes relying on secret shared keys generated using
quantum key distribution.

Digital signatures guarantee the authorship of electronic communications.
Currently used "classical" signature schemes rely on unproven computational
assumptions for security, while quantum signatures rely only on the laws of
quantum mechanics. Previous quantum signature schemes have used unambiguous
quantum measurements. Such measurements, however, sometimes give no result,
reducing the efficiency of the protocol. Here, we instead use heterodyne
detection, which always gives a result, although there is always some
uncertainty. We experimentally demonstrate feasibility in a real environment by
distributing signature states through a noisy 1.6km freespace channel. Our
results show that continuousvariable heterodyne detection improves the
signature rate for this type of scheme and therefore represents an interesting
direction in the search for practical quantum signature schemes.

Recent developments make the possibility of achieving scalable quantum
networks and quantum devices closer. From the computational point of view these
emerging technologies become relevant when they are no longer classically
simulatable. Hence a pressing challenge is the construction of practical
methods to verify the correctness of the outcome produced by universal or
nonuniversal quantum devices. A promising approach that has been extensively
explored is the scheme of verification via encryption through blind quantum
computing initiated by Fitzsimons and Kashefi. We present here a new
construction that simplifies the required resources for any such verifiable
blind quantum computating protocol. We obtain an overhead that is linear in the
size of the input, while the security parameter remains independent of the size
of the computation and can be made exponentially small. Furthermore our
construction is generic and could be applied to any nonuniversal scheme with a
given underlying graph.

We present an experimental realization of a quantum digital signature
protocol which, together with a standard quantum key distribution link,
increases transmission distance to kilometre ranges, three orders of magnitude
larger than in previous realizations. The bitrate is also significantly
increased compared with previous quantum signature demonstrations. This work
illustrates that quantum digital signatures can be realized with optical
components similar to those used for quantum key distribution, and could be
implemented in existing optical fiber networks.

Digital signatures are widely used in electronic communications to secure
important tasks such as financial transactions, software updates, and legal
contracts. The signature schemes that are in use today are based on publickey
cryptography and derive their security from computational assumptions. However,
it is possible to construct unconditionally secure signature protocols. In
particular, using quantum communication, it is possible to construct signature
schemes with security based on fundamental principles of quantum mechanics.
Several quantum signature protocols have been proposed, but none of them has
been explicitly generalized to more than three participants, and their security
goals have not been formally defined. Here, we first extend the security
definitions of Swanson and Stinson (2011) so that they can apply also to the
quantum case, and introduce a formal definition of transferability based on
different verification levels. We then prove several properties that multiparty
signature protocols with informationtheoretic security  quantum or classical
 must satisfy in order to achieve their security goals. We also express two
existing quantum signature protocols with three parties in the security
framework we have introduced. Finally, we generalize a quantum signature
protocol given in WalldenDunjkoKentAndersson (2015) to the multiparty case,
proving its security against forging, repudiation and nontransferability.
Notably, this protocol can be implemented using any pointtopoint quantum key
distribution network and therefore is ready to be experimentally demonstrated.

Recent advances in theoretical and experimental quantum computing bring us
closer to scalable quantum computing devices. This makes the need for protocols
that verify the correct functionality of quantum operations timely and has led
to the field of quantum verification. In this paper we address key challenges
to make quantum verification protocols applicable to experimental
implementations. We prove the robustness of the single server verifiable
universal blind quantum computing protocol of Fitzsimons and Kashefi (2012) in
the most general scenario. This includes the case where the purification of the
deviated input state is in the hands of an adversarial server. The proved
robustness property allows the composition of this protocol with a
deviceindependent state tomography protocol that we give, which is based on
the rigidity of CHSH games as proposed by Reichardt, Unger and Vazirani (2013).
The resulting composite protocol has lower round complexity for the
verification of entangled quantum servers with a classical verifier and, as we
show, can be made fault tolerant.

Digital signatures guarantee the authenticity and transferability of
messages, and are widely used in modern communication. The security of
currently used classical digital signature schemes, however, relies on
computational assumptions. In contrast, quantum digital signature (QDS) schemes
offer informationtheoretic security guaranteed by the laws of quantum
mechanics. We present two QDS protocols which have the same experimental
requirements as quantum key distribution, which is already commercially
available. We also present the first security proof for any QDS scheme against
coherent forging attacks.

The best developed formulation of closed system quantum theory that handles
multipletime statements, is the consistent (or decoherent) histories approach.
The most important weaknesses of the approach is that it gives rise to many
different consistent sets, and it has been argued that a complete
interpretation should be accompanied with a natural mechanism leading to a
(possibly) unique preferred consistent set. The existence of multiple
consistent sets becomes more problematic because it allows the existence of
contrary inferences (Kent 1997). We analyse the conceptual difficulties that
arise from the existence of multiple consistent sets and provide a suggestion
for a natural set selection criterion. This criterion does not lead to a unique
physical consistent set, however it evades the existence of consistent sets
with contrary inferences. The criterion is based on the concept of preclusion
and the requirement that probability one propositions and their inferences
should be noncontextual. The allowed consistent sets turnout to be compatible
with coevents which are the ontology of an alternative, histories based,
formulation.

Digital signatures are widely used to provide security for electronic
communications, for example in financial transactions and electronic mail.
Currently used classical digital signature schemes, however, only offer
security relying on unproven computational assumptions. In contrast, quantum
digital signatures (QDS) offer informationtheoretic security based on laws of
quantum mechanics (e.g. Gottesman and Chuang 2001). Here, security against
forging relies on the impossibility of perfectly distinguishing between
nonorthogonal quantum states. A serious drawback of previous QDS schemes is
however that they require longterm quantum memory, making them unfeasible in
practice. We present the first realisation of a scheme (Dunjko et al 2013) that
does not need quantum memory, and which also uses only standard linear optical
components and photodetectors. To achieve this, the recipients measure the
distributed quantum signature states using a new type of quantum measurement,
quantum state elimination (e.g. Barnett 2009, Bandyopadhyay et al 2013). This
significantly advances QDS as a quantum technology with potential for real
applications.

Knowing about optimal quantum measurements is important for many applications
in quantum information and quantum communication. However, deriving optimal
quantum measurements is often difficult. We present a collection of results for
minimumcost quantum measurements, and give examples of how they can be used.
Among other results, we show that a minimumcost measurement for a set of given
pure states is formally equivalent to a minimumerror measurement for mixed
states of those same pure states. For pure symmetric states it turns out that
for a certain class of cost matrices, the minimumcost measurement is the
squareroot measurement. That is, the optimal minimumcost measurement is in
this case the same as the minimumerror measurement. Finally, we consider
sequences of individual ``local" systems, and examine when the global
minimumcost measurement is a sequence of optimal local measurements. We also
consider an example where the global minimumcost measurement is, perhaps
counterintuitively, not a sequence of local measurements, and discuss how this
is related to related to the PuseyBarrettRudolph argument for the nature of
the wave function.

Following the argument of Pusey, Barrett and Rudolph (Nature Phys. 8:476,
2012), new interest has been raised on whether one can interpret statevectors
(pure states) in a statistical way ($\psi$epistemic theories), or if each of
them corresponds to a different ontological entity. Each interpretation of
quantum theory assumes different ontology and one could ask if the PBR argument
carries over. Here we examine this question for histories formulations in
general with particular attention to the coevent formulation. Statevectors
appear as the initial state that enters into the quantum measure. While the PBR
argument goes through up to a point, the failure to meet some of the
assumptions they made does not allow one to reach their conclusion. However,
the author believes that the "statistical interpretation" is still impossible
for coevents even if this is not proven by the PBR argument.

We introduce a framework for studying nonlocality and contextuality inspired
by the path integral formulation of quantum theory. We prove that the existence
of a strongly positive joint quantum measure  the quantum analogue of a joint
probability measure  on a set of experimental probabilities implies the
NavascuesPironioAcin (NPA) condition $Q^1$ and is implied by the stronger NPA
condition $Q^{1+AB}$. A related condition is shown to be equivalent to
$Q^{1+AB}$.

Quantum Digital Signatures (QDS) allow for the exchange of messages from one
sender to multiple recipients, with the guarantee that messages cannot be
forged or tampered with. Additionally, messages cannot be repudiated  if one
recipient accepts a message, she is guaranteed that others will accept the same
message as well. While messaging with these types of security guarantees are
routinely performed in the modern digital world, current technologies only
offer security under computational assumptions. QDS, on the other hand, offer
security guaranteed by quantum mechanics. All thus far proposed variants of QDS
require longterm, high quality storage of quantum information, making them
unfeasible in the foreseeable future. Here, we present the first QDS scheme
where no quantum memory is required, and all quantum information processing can
be performed using just linear optics. This makes QDS feasible with current
technology.

Understanding quantum theory has been a subject of debate from its birth.
Many different formulations and interpretations have been proposed. Here we
examine a recent novel formulation, namely the coevents formulation. It is a
histories formulation and has as starting point the Feynman path integral and
the decoherence functional. The new ontology turns out to be that of a
coarsegrained history. We start with a quantum measure defined on the space of
histories, and the existence of zero covers rules out singlehistory as
potential reality (the Kochen Specker theorem casted in histories form is a
special case of a zero cover). We see that allowing coarsegrained histories as
potential realities avoids the previous paradoxes, maintains deductive
noncontextual logic (alas nonBoolean) and gives rise to a unique classical
domain. Moreover, we can recover the probabilistic predictions of quantum
theory with the use of the Cournot's principle. This formulation, being both a
realist formulation and based on histories, is well suited conceptually for the
purposes of quantum gravity and cosmology.

In order to construct a quantum theory of gravity, we may have to abandon
certain assumptions we were making. In particular, the concept of spacetime as
a continuum substratum is questioned. Causal Sets is an attempt to construct a
quantum theory of gravity starting with a fundamentally discrete spacetime. In
this contribution we review the whole approach, focusing on some recent
developments in the kinematics and dynamics of the approach.

Any discrete approach to quantum gravity must provide some prescription as to
how to deduce continuum properties from the discrete substructure. In the
causal set approach it is straightforward to deduce timelike distances, but
surprisingly difficult to extract spacelike distances, because of the unique
combination of discreteness with local Lorentz invariance in that approach. We
propose a number of methods to overcome this difficulty, one of which
reproduces the spatial distance between two points in a finite region of
Minkowski space. We provide numerical evidence that this definition can be used
to define a `spatial nearest neighbor' relation on a causal set, and conjecture
that this can be exploited to define the length of `continuous curves' in
causal sets which are approximated by curved spacetime. This provides evidence
in support of the ``Hauptvermutung'' of causal sets.

Anhomomorphic logic is a new interpretation of Quantum Theory (due to R.
Sorkin). It is a histories formulation (c.f. consistent histories, quantum
measure theory). In this approach, reality is a coevent, which is essentially
an assignment of a truth value {True, False} to each question. The way this
assignment is done mimics classical physics in as much as possible allowing
however for sufficient flexibility to accommodate quantum 'paradoxes', as is
shown by the analysis of KochenSpecker theorem. In this contribution, after
briefly reviewing the approach, we will examine how probabilistic predictions
can arise. The Cournot principle and the use of approximate preclusions will
play a crucial role. Facing similar problems in interpreting probability as in
classical probability theory, we will resort to the weak form of Cournot
principle, where possible realities will be preclusive coevents and the
quantum measure is used to obtain predictions. Examples considered, includes
the fair coin and the double slit pattern arguably one of the most important
paradigms for quantum theory.

Sorkin has introduced a new, observer independent, interpretation of quantum
mechanics that can give a successful realist account of the 'quantum
microworld' as well as explaining how classicality emerges at the level of
observable events for a range of systems including single time 'Copenhagen
measurements'. This 'coevent interpretation' presents us with a new ontology,
in which a single 'coevent' is real. A new ontology necessitates a review of
the dynamical & predictive mechanism of a theory, and in this paper we begin
the process by exploring means of expressing the dynamical and predictive
content of histories theories in terms of coevents.