• A quantum money scheme enables a trusted bank to provide untrusted users with verifiable quantum banknotes that cannot be forged. In this work, we report an experimental demonstration of the preparation and verification of unforgeable quantum banknotes. We employ a security analysis that takes experimental imperfections fully into account. We measure a total of $3.6\times 10^6$ states in one verification round, limiting the forging probability to $10^{-7}$ based on the security analysis. Our results demonstrate the feasibility of preparing and verifying quantum banknotes using currently available experimental techniques.
  • Covert communication allows us to transmit messages in such a way that it is not possible to detect that the communication is occurring. This provides protection in situations where knowledge that people are talking to each other may be incriminating to them. In this work, we study how covert communication can be used for a different purpose: secret key expansion. First, we show that any message transmitted in a secure covert protocol is also secret and therefore unknown to an adversary. We then propose a protocol that uses covert communication where the amount of key consumed in the protocol is smaller than the transmitted key, thus leading to secure secret key expansion. We derive precise conditions showing that secret key expansion from covert communication is possible when there are sufficiently low levels of noise for a given security level. We conclude by examining how secret key expansion from covert communication can be performed in a computational security model.
  • Digital signatures play an important role in software distribution, modern communication and financial transactions, where it is important to detect forgery and tampering. Signatures are a cryptographic technique for validating the authenticity and integrity of messages, software, or digital documents. The security of currently used classical schemes relies on computational assumptions. Quantum digital signatures (QDS), on the other hand, provide information-theoretic security based on the laws of quantum physics. Recent work on QDS shows that such schemes do not require trusted quantum channels and are unconditionally secure against general coherent attacks. However, in practical QDS, just as in quantum key distribution (QKD), the detectors can be subjected to side-channel attacks, which can make the actual implementations insecure. Motivated by the idea of measurement-device-independent quantum key distribution (MDI-QKD), we present a measurement-device-independent QDS (MDI-QDS) scheme, which is secure against all detector side-channel attacks. Based on the rapid development of practical MDI-QKD, our MDI-QDS protocol could also be experimentally implemented, since it requires a similar experimental setup.
  • We present a family of quantum money schemes with classical verification which display a number of benefits over previous proposals. Our schemes are based on hidden matching quantum retrieval games and they tolerate noise up to 23%, which we conjecture reaches 25% asymptotically as the dimension of the underlying hidden matching states is increased. Furthermore, we prove that 25% is the maximum tolerable noise for a wide class of quantum money schemes with classical verification, meaning our schemes are almost optimally noise tolerant. We use methods in semi-definite programming to prove security in a substantially different manner to previous proposals, leading to two main advantages: first, coin verification involves only a constant number of states (with respect to coin size), thereby allowing for smaller coins; second, the re-usability of coins within our scheme grows linearly with the size of the coin, which is known to be optimal. Lastly, we suggest methods by which the coins in our protocol could be implemented using weak coherent states and verified using existing experimental techniques, even in the presence of detector inefficiencies.
  • Digital signatures are widely used in modern communication to guarantee authenticity and transferability of messages, The security of currently used classical schemes relies on computational assumptions. We present a quantum signature scheme that does not require trusted quantum channels. We prove that it is unconditionally secure against the most general coherent attacks, and show that it requires the transmission of significantly fewer quantum states than previous schemes. We also show that the quantum channel noise threshold for our scheme is less strict than for distilling a secure key using quantum key distribution. This shows that direct quantum signature schemes can be preferable to signature schemes relying on secret shared keys generated using quantum key distribution.
  • Quantum digital signatures apply quantum mechanics to the problem of guaranteeing message integrity and non-repudiation with information-theoretical security, which are complementary to the confidentiality realized by quantum key distribution. Previous experimental demonstrations have been limited to transmission distances of less than 5-km of optical fiber in a laboratory setting. Here we report the first demonstration of quantum digital signatures over installed optical fiber as well as the longest transmission link reported to date. This demonstration used a 90-km long differential phase shift quantum key distribution system to achieve approximately one signed bit per second - an increase in the signature generation rate of several orders of magnitude over previous optical fiber demonstrations.
  • We present an experimental realization of a quantum digital signature protocol which, together with a standard quantum key distribution link, increases transmission distance to kilometre ranges, three orders of magnitude larger than in previous realizations. The bit-rate is also significantly increased compared with previous quantum signature demonstrations. This work illustrates that quantum digital signatures can be realized with optical components similar to those used for quantum key distribution, and could be implemented in existing optical fiber networks.
  • Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols - signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA) - are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally secure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.