## List of Accepted Contributed Talks

(in order of submission)

- Security of differential phase shift quantum key distribution from relativistic principlesMartin Sandfuchs (ETH Zürich); Marcus Haberland (Max Planck Institute for Gravitational Physics, ETH Zürich); V. Vilasini (ETH Zürich); Ramona Wolf (ETH Zürich)[abstract]
**Abstract:**The design of quantum protocols for secure key generation poses many challenges: On the one hand, they need to be practical concerning experimental realisations. On the other hand, their theoretical description must be simple enough to allow for a security proof against all possible attacks. Often, these two requirements are in conflict with each other, and the differential phase shift (DPS) QKD protocol exemplifies these difficulties: It is designed to be implementable with current optical telecommunication technology, which, for this protocol, comes at the cost that many standard security proof techniques do not apply to it. After about 20 years since its invention, this work presents the first full security proof of DPS QKD against general attacks, including finite-size effects. The proof combines techniques from quantum information theory, quantum optics, and relativity. We first give a security proof of a QKD protocol whose security stems from relativistic constraints. We then show that security of DPS QKD can be reduced to security of the relativistic protocol. In addition, we show that coherent attacks on the DPS protocol are, in fact, stronger than collective attacks. - Experimental Twin-Field Quantum Key Distribution Over 1000 km Fiber DistanceYang Liu (Jinan Institute of Quantum Technology)[abstract]
**Abstract:**Quantum key distribution (QKD) aims to generate secure private keys shared by two remote parties. With its security being protected by principles of quantum mechanics, some technology challenges remain towards the practical application of QKD. The major one is the distance limit, which is caused by the fact that a quantum signal cannot be amplified while the channel loss is exponential with the distance for photon transmission in optical fiber. Here using the 3-intensity sending-or-not-sending protocol with the actively-odd-parity-pairing method, we demonstrate a fiber-based twin-field QKD over 1002 km. In our experiment, we developed a dual-band phase estimation and ultra-low noise superconducting nanowire single-photon detectors to suppress the system noise to around 0.02 Hz. The secure key rate is $9.53\times10^{-12}$ per pulse through 1002 km fiber in the asymptotic regime, and $8.75\times10^{-12}$ per pulse at 952 km considering the finite size effect. Our work constitutes a critical step toward the future large-scale quantum network. - merged with #31:Security of quantum key distribution with imperfect phase randomisationGuillermo Currás-Lorenzo (University of Vigo); Kiyoshi Tamaki (University of Toyama); Marcos Curty (University of Vigo)[abstract]
**Abstract:**The performance of quantum key distribution (QKD) is severely limited by multiphoton emissions, due to the photon-number-splitting attack. The most efficient solution, the decoy-state method, requires that the phases of all transmitted pulses are independent and uniformly random. In practice, however, these phases are often correlated, especially in high-speed systems, which opens a security loophole. Here, we address this pressing problem by providing a security proof for decoy-state QKD with correlated phases that offers key rates close to the ideal scenario. Our work paves the way towards high-performance secure QKD with practical laser sources, and may have applications beyond QKD.Security bounds for quantum key distribution with arbitrary phase randomizationXoel Sixto (Universidade de Vigo); Guillermo Currás-Lorenzo (University of Toyama); Kiyoshi Tamaki (University of Toyama); Marcos Curty (Universidade de Vigo)[abstract]**Abstract:**Decoy-state quantum key distribution (QKD) is undoubtedly the most efficient solution to handle multi-photon signals emitted by laser sources, and provides the same secret key rate scaling as ideal single-photon sources. It requires, however, that the phase of each emitted pulse is uniformly random. This might be difficult to guarantee in practice, due to inevitable device imperfections and/or the use of an external phase modulator for phase randomization, which limits the possible selected phases to a finite set. Here, we investigate the security of decoy-state QKD with arbitrary, continuous or discrete, non-uniform phase randomization, and show that this technique is quite robust to deviations from the ideal uniformly random scenario. For this, we combine a novel parameter estimation technique based on semi-definite programming, with the use of basis mismatched events, to tightly estimate the parameters that determine the achievable secret key rate. In doing so, we demonstrate that our analysis can significantly outperform previous results that address more restricted scenarios. - High-Rate Quantum Key Distribution exceeding 110Mb/sWei Li (University of Science and Technology of China); Likang Zhang (University of Science and Technology of China); Hao Tan (University of Science and Technology of China); Yichen Lu (University of Science and Technology of China); Sheng-Kai Liao (University of Science and Technology of China); Jia Huang (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Hao Li (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Zhen Wang (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Hao-Kun Mao (Harbin Institute of Technology); Bingze Yan (Harbin Institute of Technology); Qiong Li (Harbin Institute of Technology); Yang Liu (Jinan Institute of Quantum Technology); Qiang Zhang (University of Science and Technology of China); Cheng-Zhi Peng (University of Science and Technology of China); Lixing You (Shanghai Institute of Microsystem and Information Technology, Chinese Academy of Sciences); Feihu Xu (University of Science and Technology of China); Jianwei Pan (University of Science and Technology of China)[abstract]
**Abstract:**We report a quantum key distribution system that is able to generate key at a record high key rate of 115.8 Mb/s over 10-km standard fibre. This attributes to a high-efficiency multi-pixel superconducting nanowire detector, a low-error integrated transmitter, and a fast post-processing algorithm. - Experimental cheat-sensitive quantum weak coin flippingSimon Neves (University of Geneva, Sorbonne Université); Verena Yacoub (Sorbonne Université, CNRS, LIP6); Ulysse Chabaud (CNRS, INRIA, ENS); Mathieu Bozzio (University of Vienna); Iordanis Kerenidis (Université de Paris, CNRS, IRIF); Eleni Diamanti (Sorbonne Université, CNRS, LIP6)[abstract]
**Abstract:**As in modern communication networks, the security of quantum networks will rely on complex cryptographic tasks that are based on a handful of fundamental primitives. Weak coin flipping (WCF) is a significant such primitive which allows two mistrustful parties to agree on a random bit while they favor opposite outcomes. Remarkably, perfect information-theoretic security can be achieved in principle for quantum WCF, which is impossible for a classical coin flip without computational assumptions or trusting a third party. In this work, we overcome conceptual and practical issues that have prevented the experimental demonstration of this primitive to date, and demonstrate how quantum resources can provide cheat sensitivity, whereby each party can detect a cheating opponent, and an honest party is never sanctioned. Such a property is not known to be classically achievable with information-theoretic security. Our experiment implements a refined, loss-tolerant version of a recently proposed theoretical protocol and exploits heralded single photons generated by spontaneous parametric down-conversion, a carefully optimized linear optical interferometer including beam splitters with variable reflectivities and a fast optical switch for the verification step. High values of our protocol benchmarks are maintained for attenuation corresponding to several kilometers of telecom optical fiber. - Experimental Certification of Quantum Transmission via Bell's TheoremSimon Neves (University of Geneva, Sorbonne Université); Laura Dos Santos Martins (Sorbonne Université, CNRS, LIP6); Verena Yacoub (Sorbonne Université, CNRS, LIP6); Pascal Lefebvre (Sorbonne Université, CNRS, LIP6); Ivan Supic (Sorbonne Université, CNRS, LIP6); Damian Markham (Sorbonne Université, CNRS, LIP6); Eleni Diamanti (Sorbonne Université, CNRS, LIP6)[abstract]
**Abstract:**Quantum transmission links are central elements in essentially all implementations of quantum information protocols. Emerging progress in quantum technologies involving such links needs to be accompanied by appropriate certification tools. In adversarial scenarios, a certification method can be vulnerable to attacks if too much trust is placed on the underlying system. Here, we propose a protocol in a device independent framework, which allows for the certification of practical quantum transmission links in scenarios where minimal assumptions are made about the functioning of the certification setup. We take in particular unavoidable transmission losses into account by modeling the link as a completely-positive trace-decreasing map. We also crucially remove the assumption of independent and identically distributed samples, which is known to be incompatible with adversarial settings. Finally, in view of the use of the certified transmitted states for follow-up applications, our protocol allows to estimate the quality of the state and does not certify the channel only. To illustrate the practical relevance and the feasibility of our protocol with currently available technology we provide an experimental implementation based on a state-of-the-art polarization entangled photon pair source in a Sagnac configuration and analyse its robustness for realistic losses and errors. - Quantum Key Distribution Links between Mobile PlatformsAndrew Conrad (University of Illinois Urbana Champaign); Samantha Isaac (University of Illinois Urbana Champaign); Roderick Cochran (The Ohio State University); Daniel Sanchez-Rosales (The Ohio State University); Timur Javid (University of Illinois Urbana Champaign); Shuen Wu (University of Illinois Urbana Champaign); Dan Gauthier (The Ohio State University); Paul Kwiat (University of Illinois Urbana-Champaign)[abstract]
**Abstract:**As the proliferation of automation in smart transportation continues, there is a need to secure communication links of “on-the-go” future mobile platforms. In this effort, we implement decoy-state quantum key distribution (QKD), which provides provably secure communication, to mobile platforms such as drones and vehicles. Unlike demonstrations in fiber of fixed point-to-point, QKD between mobile platforms provides unique challenges such as designing systems with reduced size, weight, and power, establishing a stable line-of-sight as the platforms are in motion, and maintaining performance over a wide operating temperature range, etc. We design our QKD transmitter and receiver using a modular design that is platform-agnostic. This allows us to deploy the same QKD system on an octocopter drone and a car without any hardware or software modifications. We describe critical subsystems including our resonant-cavity QKD source, custom prepare and measure optics, pointing, acquisition, and tracking system, single-photon detector, field-programmable gate array-based time-tagger, and qubit-based time-synchronization algorithm. Our achievements include drone-to-drone QKD, drone-to-car quantum transmission, and high-speed (70 mph) vehicle-to-vehicle quantum transmission on a U.S. Interstate Highway. - Entropy Accumulation under Post-Quantum Cryptographic AssumptionsIlya Merkulov (Weizmann Institute of Science); Rotem Arnon-Friedman (Weizmann Institute of Science)[abstract]
**Abstract:**In device-independent (DI) quantum protocols, the security statements are oblivious to the characterization of the quantum apparatus– they are based solely on the classical interaction with the devices as well as some well-defined assumptions. The most commonly known setup is the so-called non-local one, in which two devices that cannot communicate with each other present a violation of a Bell inequality. In recent years, a new variant of DI protocols, requiring only a single device, arose. In this novel research avenue, the no-communication assumption is replaced with a computational assumption which states that the device cannot solve certain post-quantum cryptographic tasks. The protocols in literature that have been analyzed in this setting, e.g., randomness certification, used ad hoc proof techniques. In addition, the strength of the achieved results is hard to judge due to their complexity. Here, we build on ideas coming from the study of non-local DI protocols and develop a new modular proof technique for the single-device computational setting. We present a flexible framework for proving the security of such protocols by utilizing a combination of tools from quantum information theory, such as the entropic uncertainty relation and the entropy accumulation theorem. This leads to an insightful and simple proof of security as well as to explicit quantitative bounds. Our work thus acts as the basis for the analysis of future protocols for DI randomness generation, expansion, amplification, and key distribution based on post-quantum cryptographic assumptions. - merged with #30:Resource-efficient quantum key distribution with using integrated silicon photonicsKejin Wei (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Xiao Hu (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Yongqiang Du (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Xin Hua (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Zhengeng Zhao (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Ye Chen (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Chunfeng Huang (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Xi Xiao (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China)[abstract]
**Abstract:**Integrated photonics provides a promising platform for quantum key distribution (QKD) system in terms of miniaturization, robustness and scalability. Tremendous QKD works based on integrated photonics have been reported. Nonetheless, most current chip-based QKD implementations require additional off-chip hardware to demodulate quantum states or perform auxiliary tasks such as time synchronization and polarization basis tracking. Here, we report a demonstration of resource-efficient chip-based BB84 QKD with a silicon-based encoder and decoder. In our scheme, the time synchronization and polarization compensation are implemented relying on the preparation and measurement of the quantum states generated by on-chip devices, thus no need additional hardware. The experimental tests show that our scheme is highly stable with a low intrinsic QBER of 0.50 ± 0.02% in a 6-h continuous run. Furthermore, over a commercial fiber channel up to 150 km, the system enables realizing secure key distribution at a rate of 866 bps. Our demonstration paves the way for low-cost, wafer-scale manufactured QKD system.Fully chip-based decoder for polarization-encoding quantum key distributionYongqiang Du (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Xun Zhu (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Xin Hua (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Zhengeng Zhao (School of Physical Science and Technology, Guangxi University, Nanning 530004, China); Xiao Hu (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Yi Qian (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Xi Xiao (National Information Optoelectronics Innovation Center (NOEIC), Wuhan 430074, China); Kejin Wei (School of Physical Science and Technology, Guangxi University, Nanning 530004, China)[abstract]**Abstract:**Silicon-based polarization-encoding quantum key distribution (QKD) has been extensively studied due to its advantageous characteristics of its low cost and robustness. However, given the difficulty of fabricating polarized independent components on the chip, previous studies have only adopted off-chip devices to demodulate the quantum states or perform polarization compensation. In the current work, a fully chip-based decoder for polarization-encoding QKD was proposed. The chip realized a polarization state analyzer and compensated for the BB84 protocol without the requirement of additional hardware, which was based on a polarization-to-path conversion method utilizing a polarization splitter-rotator. The chip was fabricated adopting a standard silicon photonics foundry, which was of a compact design and suitable for mass production. In the experimental stability test, an average quantum bit error rate of 0.59% was achieved through continuous operation for 10 h without any polarization feedback. Furthermore, the chip enabled the automatic compensation of the fiber polarization drift when utilizing the developed feedback algorithm, which was emulated by a random fiber polarization scrambler. Moreover, a finite-key secret rate of 240 bps over a fiber spool of 100 km was achieved in the case of the QKD demonstration. This study marks an important step toward the integrated, practical, and large-scale deployment of QKD systems. - merged with #54:Passive continuous variable quantum key distributionChenyang Li (University of Toronto); Chengqiu Hu (University of Hongkong); Wenyuan Wang (University of Hongkong); Rong Wang (University of Hongkong); Hoi-Kwong Lo (University of Toronto)[abstract]
**Abstract:**Passive quantum key distribution (QKD) has been proposed for discrete variable (DV) protocols to eliminate side channels in the source. Unfortunately, the key rate of passive DV-QKD protocols suffers from sifting loss and additional quantum errors. In this work, we propose the general framework of passive continuous variable quantum key distribution. Rather surprisingly, we find that the passive source is a perfect candidate for the discrete-modulated continuous variable quantum key distribution (DMCV QKD) protocol. With the phase space remapping scheme, we show that passive DMCV QKD offers the same key rate as its active counterpart. Considering the important advantage of removing side channels that have plagued the active ones, passive DMCV QKD is a promising alternative. In addition, our protocol makes the system much simpler by allowing modulator-free quantum key distribution. Finally, we experimentally characterize the passive DMCV QKD source, thus showing its practicality.Fully-Passive Twin-Field Quantum Key DistributionWenyuan Wang (University of Hong Kong); Rong Wang (University of Hong Kong); Hoi-Kwong Lo (University of Hong Kong, University of Toronto, Quantum Bridge Technologies)[abstract]**Abstract:**We propose a fully-passive twin-field quantum key distribution (QKD) setup where basis choice, decoy-state preparation and encoding are all implemented entirely by post-processing without any active modulation. Our protocol can remove the potential side-channels from both source modulators and detectors, and additionally retain the high key rate advantage offered by twin-field QKD, thus offering great implementation security and good performance. Importantly, we also propose a post-processing strategy that uses mismatched phase slices and minimizes the effect of sifting. We show with numerical simulation that the new protocol can still beat the repeaterless bound and provide satisfactory key rate. - Quantum Advantage from One-Way FunctionsTomoyuki Morimae (Kyoto University); Takashi Yamakawa (NTT Social Informatics Laboratories)[abstract]
**Abstract:**We demonstrate quantum advantage with several basic assumptions, specifically based on only the existence of OWFs. We introduce inefficient-verifier proofs of quantumness (IV-PoQ), and construct it from classical bit commitments. IV-PoQ is an interactive protocol between a verifier and a quantum prover consisting of two phases. In the first phase, the verifier is probabilistic polynomial-time, and it interacts with the prover. In the second phase, the verifier becomes inefficient, and makes its decision based on the transcript of the first phase. If the prover is honest, the inefficient verifier accepts with high probability, but any classical malicious prover only has a small probability of being accepted by the inefficient verifier. Our construction demonstrates the following results: (1)If one-way functions exist, then IV-PoQ exist. (2)If distributional collision-resistant hash functions exist (which exist if hard-on-average problems in SZK exist), then constant-round IV-PoQ exist. We also demonstrate quantum advantage based on worst-case-hard assumptions. We define auxiliary-input IV-PoQ (AI-IV-PoQ) that only require that for any malicious prover, there exist infinitely many auxiliary inputs under which the prover cannot cheat. We construct AI-IV-PoQ from an auxiliary-input version of commitments in a similar way, showing that (1)If auxiliary-input one-way functions exist (which exist if CZK⊈BPP), then AI-IV-PoQ exist. (2)If auxiliary-input collision-resistant hash functions exist (which is equivalent to PWPP⊈FBPP) or SZK⊈BPP, then constant-round AI-IV-PoQ exist. - Simple Tests of Quantumness Also Certify QubitsZvika Brakerski (Weizmann Institute of Science); Alexandru Gheorghiu (Chalmers University of Technology); Gregory D. Kahanamoku-Meyer (Lawrence Berkeley National Laboratory & UC Berkeley); Eitan Porat (Weizmann Institute of Science); Thomas Vidick (Weizmann Institute of Science)[abstract]
**Abstract:**A test of quantumness is a protocol that allows a classical verifier to certify (only) that a prover is not classical. We show that tests of quantumness that follow a certain template, which captures recent proposals such as (Kalai et al., 2022), can in fact do much more. Namely, the same protocols can be used for certifying a qubit, a building-block that stands at the heart of applications such as certifiable randomness and classical delegation of quantum computation. Certifying qubits was previously only known to be possible based on the hardness of the Learning with Errors problem and the use of adaptive hardcore (Brakerski et al., 2018). Our framework allows certification of qubits based only on the existence of post-quantum trapdoor claw-free functions, or on quantum fully homomorphic encryption. These can be instantiated, for example, from Ring Learning with Errors. On the technical side, we show that the quantum soundness of any such protocol can be reduced to proving a bound on a simple algorithmic task: informally, answering "two challenges simultaneously'' in the protocol. Our reduction formalizes the intuition that these protocols demonstrate quantumness by leveraging the impossibility of rewinding a general quantum prover. This allows us to prove tight bounds on the quantum soundness of (Kahanamoku-Meyer et al., 2021) and (Kalai et al., 2022), showing that no quantum polynomial-time prover can succeed with probability larger than cos^2(π/8)≈0.853. Previously, only an upper bound on the success probability of classical provers, and a lower bound on the success probability of quantum provers, were known. We then extend this proof of quantum soundness to show that provers that approach the quantum soundness bound must perform almost anti-commuting measurements. This certifies that the prover holds a qubit. - Long Distance Quantum Key Distribution Overcomes the Rate-Loss Limit with Open Quantum ChannelLai Zhou (Beijing Academy of Quantum Information Sciences); Jinping Lin (Beijing Academy of Quantum Information Science); Yuan-Mei Xie (Nanjing University); Yu-Shuo Lu (Nanjing University); Yumang Jing (Beijing Academy of Quantum Information Science); Hua-Lei Yin (Nanjing University, Beijing Academy of Quantum Information Science); Zhiliang Yuan (Beijing Academy of Quantum Information Sciences)[abstract]
**Abstract:**Twin-field quantum key distribution (TF-QKD) can break the rate-loss limit but its implementation requires global phase tracking and usually also cumbersome interferometric implementations, which are often impractical for network deployment. We remove the above shortcomings with two different solutions. In the first solution, we introduce locally generated frequency combs to stabilise an open channel, and develop a simple and versatile TF-QKD setup that does not need service fibre. In the second, we implement a simple measurement device independent (MDI) QKD with post-measurement pairing technique. We demonstrate the capability of asynchronous MDI-QKD overcoming the linear rate-loss limit without global phase tracking. - The Application of Hybrid Photonic Integration to Quantum Key DistributionJoseph Dolphin (University of Cambridge); Taofiq K. Paraiso (Toshiba Europe Ltd); Han Du (Toshiba Europe Ltd); Andrew J Shields (Toshiba Europe Ltd)[abstract]
**Abstract:**Hybrid integration has the potential to overcome various limitations of integrated photonic material platforms. Here, we present the results of applying edge-couple hybrid integration to produce high performance quantum key distribution chips. We show low quantum bit error rate operation (< 1%) and positive secure key rates over 250 km of fibre spool. - On Concurrent Multi-Party Quantum ComputationVipul Goyal (NTT Research & Carnegie Mellon University); Xiao Liang (NTT Research); Giulio Malavolta (Max Planck Institute for Security and Privacy)[abstract]
**Abstract:**Recently, significant progress has been made toward quantumly secure multi-party computation (MPC) in the stand-alone setting. In sharp contrast, the picture of concurrently secure MPC (or even 2PC), for both classical and quantum functionalities, still remains unclear. Quantum information behaves in a fundamentally different way, making the job of adversary harder and easier at the same time. Thus, it is unclear if the positive or negative results from the classical setting still apply. This work initiates a systematic study of concurrent secure computation in the quantum setting. We obtain a mix of positive and negative results. We first show that assuming the existence of post-quantum one-way functions (PQ-OWFs), concurrently secure 2PC (and thus MPC) for quantum functionalities is impossible. Next, we focus on the bounded-concurrent setting, where we obtain simulation-sound zero-knowledge arguments for both NP and QMA, assuming PQ-OWFs. This is obtained by a new design of simulation-sound gadget which is compatible with the quantum rewinding strategy recently developed by Ananth, Chung, and La Placa [CRYPTO'21] for bounded-concurrent post-quantum ZK. Moreover, we show that our technique is general enough---It also leads to quantum-secure bounded-concurrent coin-flipping protocols, and eventually general-purpose 2PC and MPC, for both classical and quantum functionalities. All these constructions can be based on the quantum hardness of Learning with Errors. - Single-qubit loss-tolerant quantum position verification protocol secure against entangled attackersLlorenc Escola Farras (QuSoft); Florian Speelman (University of Amsterdam, QuSoft)[abstract]
**Abstract:**We give a tight characterization of the relation between loss-tolerance and error rate of the most popular protocol for quantum position verification (QPV), which is based on BB84 states, and generalizations of this protocol. Combining it with classical information, we show for the first time a fault-tolerant protocol that is secure against attackers who pre-share a linear amount of entanglement (in the classical information), arbitrarily slow quantum information and that tolerates a certain amount of photon loss. We also extend this analysis to the case of more than two bases, showing even stronger loss-tolerance for that case. Finally, we show that our techniques can be applied to improve the analysis of one-sided device-independent QKD protocols. - Fiat-Shamir for Proofs Lacks a Proof Even in the Presence of Shared EntanglementFrédéric Dupuis (Université de Montréal); Philippe Lamontagne (National Research Council Canada); Louis Salvail (Université de Montréal)[abstract]
**Abstract:**We explore the cryptographic power of arbitrary shared physical resources. The most general such resource is access to a fresh entangled quantum state at the outset of each protocol execution. We call this the Common Reference Quantum State (CRQS) model, in analogy to the well-known Common Reference String (CRS). The CRQS model is a natural generalization of the CRS model but appears to be more powerful: in the two-party setting, a CRQS can sometimes exhibit properties associated with a Random Oracle queried once by measuring a maximally entangled state in one of many mutually unbiased bases. We formalize this notion as a Weak One-Time Random Oracle (WOTRO), where we only ask of the m–bit output to have some randomness when conditioned on the n–bit input. We show that when n − m ∈ ω(lg n), any protocol for WOTRO in the CRQS model can be attacked by an (inefficient) adversary. Moreover, our adversary is efficiently simulatable, which rules out the possibility of proving the computational security of a scheme by a fully black-box reduction to a cryptographic game assumption. On the other hand, we introduce a non-game quantum assumption for hash functions that implies WOTRO in the CRQ$ model (where the CRQS consists only of EPR pairs). We first build a statistically secure WOTRO protocol where m = n, then hash the output. The impossibility of WOTRO has the following consequences. First, we show the fully-black-box impossibility of a quantum Fiat-Shamir transform, extending the impossibility result of Bitansky et al. (TCC ’13) to the CRQS model. Second, we show a fully-black-box impossibility result for a strenghtened version of quantum lightning (Zhandry, Eurocrypt ’19) where quantum bolts have an additional parameter that cannot be changed without generating new bolts. Our results also apply to 2–message protocols in the plain model. - Obfuscation of Pseudo-Deterministic Quantum CircuitsJames Bartusek (UC Berkeley); Fuyuki Kitagawa (NTT Social Informatics Laboratories); Ryo Nishimaki (NTT Social Informatics Laboratories); Takashi Yamakawa (NTT Social Informatics Laboratories)[abstract]
**Abstract:**We show how to obfuscate pseudo-deterministic quantum circuits, assuming the quantum hardness of learning with errors (QLWE) and post-quantum virtual black-box (VBB) obfuscation for classical circuits. Given the classical description of a quantum circuit $Q$, our obfuscator outputs a quantum state $\ket{\widetilde{Q}}$ that can be used to evaluate $Q$ repeatedly on arbitrary inputs. Instantiating the VBB obfuscator for classical circuits with any candidate post-quantum indistinguishability obfuscator gives us the first candidate construction of indistinguishability obfuscation for all polynomial-size pseudo-deterministic quantum circuits. In particular, our scheme is the first candidate obfuscator for a class of circuits that is powerful enough to implement Shor's algorithm (SICOMP 1997). Our approach follows Bartusek and Malavolta (ITCS 2022), who obfuscate \emph{null} quantum circuits by obfuscating the verifier of an appropriate classical verification of quantum computation (CVQC) scheme. We go beyond null circuits by constructing a publicly-verifiable CVQC scheme for quantum \emph{partitioning} circuits, which can be used to verify the evaluation procedure of Mahadev's quantum fully-homomorphic encryption scheme (FOCS 2018). We achieve this by upgrading the one-time secure scheme of Bartusek (TCC 2021) to a fully reusable scheme, via a publicly-decodable \emph{Pauli functional commitment}, which we formally define and construct in this work. This commitment scheme, which satisfies a notion of binding against committers that can access the receiver's standard and Hadamard basis decoding functionalities, is constructed by building on techniques of Amos, Georgiou, Kiayias, and Zhandry (STOC 2020) introduced in the context of equivocal but collision-resistant hash functions. - Quantum delegation with an off-the-shelf deviceAnne Broadbent (University of Ottawa); Arthur Mehta (University of Ottawa); Yuming Zhao (University of Waterloo)[abstract]
**Abstract:**Given that reliable cloud quantum computers are becoming closer to reality, the concept of delegation of quantum computations and its verifiability is of central interest. Many models have been proposed, each with specific strengths and weaknesses. Here, we put forth a new model where the client trusts only its classical processing, makes no computational assumptions, and interacts with a quantum server in a \emph{single} round. In addition, during a set-up phase, the client specifies the size $n$ of the computation and receives an untrusted, \emph{off-the-shelf (OTS)} quantum device that is used to report the outcome of a single constant-sized measurement from a predetermined logarithmic-sized input. In the OTS model, we thus picture that a single quantum server does the bulk of the computations, while the OTS device is used as an untrusted and generic verification device, all in a single round. We show how to delegate polynomial-time quantum computations in the OTS model. Scaling up the technique also yields an interactive proof system for all of QMA, which, furthermore, we show can be accomplished in statistical zero-knowledge. This yields the first relativistic (one-round), two-prover zero-knowledge proof system for QMA. As a proof approach, we provide a new self-test for $n$-EPR pairs using only constant-sized Pauli measurements, and show how it provides a new avenue for the use of simulatable codes for local Hamiltonian verification. Along the way, we also provide an enhanced version of a well-known stability result due to Gowers and Hatami and show how it completes a common argument used in self-testing. - Publicly-Verifiable Deletion via Target-Collapsing FunctionsJames Bartusek (UC Berkeley); Dakshita Khurana (UIUC); Alexander Poremba (Caltech)[abstract]
**Abstract:**We build quantum cryptosystems that support publicly-verifiable deletion from standard cryptographic assumptions. We introduce target-collapsing as a weakening of collapsing for hash functions, analogous to how second preimage resistance weakens collision resistance; that is, target-collapsing requires indistinguishability between superpositions and mixtures of preimages of an honestly sampled image. We show that target-collapsing hashes enable publicly-verifiable deletion ($\PVD$), proving conjectures from [Poremba, ITCS'23] and demonstrating that the Dual-Regev encryption (and corresponding fully homomorphic encryption) schemes support $\PVD$ under the LWE assumption. We further build on this framework to obtain a variety of primitives supporting publicly-verifiable deletion from weak cryptographic assumptions, including: - Commitments with $\PVD$ assuming the existence of injective one-way functions, or more generally, {\em almost-regular} one-way functions. Along the way, we demonstrate that (variants of) target-collapsing hashes can be built from almost-regular one-way functions. - Public-key encryption with $\PVD$ assuming trapdoored variants of injective (or almost-regular) one-way functions. We also demonstrate that the encryption scheme of [Hhan, Morimae, and Yamakawa, Eurocrypt'23] based on pseudorandom group actions has $\PVD$. - $X$ with $\PVD$ for $X \in \{$attribute-based encryption, quantum fully-homomorphic encryption, witness encryption, time-revocable encryption$\}$, assuming $X$ and trapdoored variants of injective (or almost-regular) one-way functions. - Secure Computation with Shared EPR Pair (Or: How to Teleport in Zero-Knowledge)James Bartusek (UC Berkeley); Dakshita Khurana (UIUC); Akshayaram Srinivasan (Tata Institute of Fundamental Research)[abstract]
**Abstract:**Can a sender non-interactively transmit one of two strings to a receiver without knowing which string was received? Does there exist minimally-interactive secure multiparty computation that only makes (black-box) use of symmetric-key primitives? We provide affirmative answers to these questions in a model where parties have access to shared EPR pairs, thus demonstrating the cryptographic power of this resource. - First, we construct a one-shot (i.e., single message) string oblivious transfer (OT) protocol with random receiver bit in the shared EPR pairs model, assuming the (sub-exponential) hardness of LWE. Building on this, we show that {\em secure teleportation through quantum channels} is possible. Specifically, given the description of any quantum operation $Q$, a sender with (quantum) input $\rho$ can send a single classical message that securely transmits $Q(\rho)$ to a receiver. That is, we realize an ideal quantum channel that takes input $\rho$ from the sender and provably delivers $Q(\rho)$ to the receiver without revealing any other information. This immediately gives a number of applications in the shared EPR pairs model: (1) non-interactive secure computation of unidirectional \emph{classical} randomized functionalities, (2) NIZK for QMA from standard (sub-exponential) hardness assumptions, and (3) a non-interactive \emph{zero-knowledge} state synthesis protocol. - Next, we construct a two-round (round-optimal) secure multiparty computation protocol for classical functionalities in the shared EPR pairs model that is \emph{unconditionally-secure} in the (quantum-accessible) random oracle model. Classically, both of these results cannot be obtained without some form of correlated randomness shared between the parties, and the only known approach is to have a trusted dealer set up random (string) OT correlations. In the quantum world, we show that shared EPR pairs (which are simple and can be deterministically generated) are sufficient. At the heart of our work are novel techniques for making use of entangling operations to generate string OT correlations, and for instantiating the Fiat-Shamir transform using correlation-intractability in the quantum setting. - Cloning Games: A General Framework for Unclonable PrimitivesPrabhanjan Ananth (UCSB); Fatih Kaleoglu (UCSB); Qipeng Liu (Simons Institute)[abstract]
**Abstract:**The powerful no-cloning principle of quantum mechanics can be leveraged to achieve interesting primitives, referred to as unclonable primitives, that are impossible to achieve classically. In the past few years, we have witnessed a surge of new unclonable primitives. While prior works have mainly focused on establishing feasibility results, another equally important direction, that of understanding the relationship between different unclonable primitives is still in its nascent stages. Moving forward, we need a more systematic study of unclonable primitives. To this end, we introduce a new framework called cloning games. This framework captures many fundamental unclonable primitives such as quantum money, copy-protection, unclonable encryption, single-decryptor encryption, and many more. By reasoning about different types of cloning games, we obtain many interesting implications to unclonable cryptography, including the following: 1) We obtain the first construction of information-theoretically secure single-decryptor encryption in the one-time setting. 2) We construct unclonable encryption in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states. Our work also provides a simpler security proof for the previous work. 3) We construct copy-protection for single-bit point functions in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states, and additionally, providing a simpler proof. 4) We establish a relationship between different challenge distributions of copy-protection schemes and single-decryptor encryption schemes. 5) Finally, we present a new construction of one-time encryption with certified deletion. - Group coset monogamy games and an application to device-independent continuous-variable QKDEric Culf (University of Waterloo); Thomas Vidick (Caltech/Weizmann Institute); Victor V. Albert (NIST/University of Maryland)[abstract]
**Abstract:**We develop an extension of a recently introduced subspace coset state monogamy-of-entanglement game [Coladangelo, Liu, Liu, and Zhandry; Crypto'21] to general group coset states, which are uniform superpositions over elements of a subgroup to which has been applied a group-theoretic generalization of the quantum one-time pad. We give a general bound on the winning probability of a monogamy game constructed from subgroup coset states that applies to a wide range of finite and infinite groups. To study the infinite-group case, we use and further develop a measure-theoretic formalism that allows us to express continuous-variable measurements as operator-valued generalizations of probability measures. We apply the monogamy game bound to various physically relevant groups, yielding realizations of the game in continuous-variable modes as well as in rotational states of a polyatomic molecule. We obtain explicit strong bounds in the case of specific group-space and subgroup combinations. As an application, we provide the first proof of one sided-device independent security of a squeezed-state continuous-variable quantum key distribution protocol against general coherent attacks. - merged with #84:Quantum secure non-malleable randomness encoder and its applicationsRishabh Batra (CQT, NUS); Naresh Goud Boddu (NTT Research); Rahul Jain (CQT, NUS)[abstract]
**Abstract:**“Non-Malleable Randomness Encoder” (NMRE) was introduced by Kanukurthi, Obbattu, and Sekar [KOS18] as a useful cryptographic primitive helpful in the construction of non- malleable codes. To the best of our knowledge, their construction is not known to be quantum secure. We provide a construction of a first rate-$1/2$, $2$-split, quantum secure NMRE and use this in a black-box manner, to construct for the first time the following: 1. rate $1/11$, $3$-split, quantum non-malleable code, 2. rate $1/3$, $3$-split, quantum secure non-malleable code, 3. rate $1/5$, $2$-split, quantum secure non-malleable code.Split-State Non-Malleable Codes for Quantum MessagesNaresh Goud Boddu (NTT Research); Vipul Goyal (Carnegie Mellon University and NTT Research); Rahul Jain (National University of Singapore); Joao Ribeiro (NOVA LINCS and NOVA School of Science and Technology)[abstract]**Abstract:**Non-malleable codes are fundamental objects at the intersection of cryptography and coding theory. These codes provide security guarantees even in settings where error correction and detection are impossible, and have found applications to several other cryptographic tasks. Roughly speaking, a non-malleable code for a family of tampering functions guarantees that no adversary can tamper (using functions from this family) the encoding of a given message into the encoding of a related distinct message. We focus on the split-state tampering model, one of the strongest and most well-studied adversarial tampering models. In this model, a codeword is split into two parts which are stored in physically distant servers, and the adversary can then independently tamper with each part using arbitrary functions. Previous works on non-malleable codes in the split-state tampering model only considered the encoding of classical messages. Furthermore, until the recent work by Aggarwal, Boddu, and Jain (arXiv 2022), adversaries with quantum capabilities and shared entanglement had not been considered, and it is a priori not clear whether previous coding schemes remain secure in this model. In this work, we introduce the notion of split-state non-malleable codes for quantum messages secure against quantum adversaries with shared entanglement. We construct explicit codes in this model by relying on a recent quantum-secure 2-source non-malleable randomness encoder by Batra, Boddu, and Jain [BBJ23], arguments from Aggarwal, Boddu and Jain [ABJ22] and with use of unitary 2-designs. 1) More precisely, we construct the first efficiently encodable and decodable split-state non- malleable code for quantum messages (while preserving entanglement with external sys- tems) achieving security against quantum adversaries having shared entanglement with codeword length n, any message length at most $n^\Omega(1)$, and error $2^{-n^{\Omega(1)}}$. 2) For the case of uniform quantum message, we provide the first constant rate (rate 1/11) non-malleable code (while preserving entanglement with external systems) achieving code- word length n and error $2^{-n^{\Omega(1)}}$. . - High-Rate Point-to-Multipoint QKD NetworkYiming Bian (State Key Laboratory of Information Photonics and Optical Communications, School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China); Yan Pan (Science and Technology on Communication Security Laboratory, Institute of Southwestern Communication, Chengdu 610041, China); Yichen Zhang (State Key Laboratory of Information Photonics and Optical Communications, School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China); Heng Wang (Science and Technology on Communication Security Laboratory, Institute of Southwestern Communication, Chengdu 610041, China); Jie Yang (Science and Technology on Communication Security Laboratory, Institute of Southwestern Communication, Chengdu 610041, China); Jiayi Dou (State Key Laboratory of Information Photonics and Optical Communications, School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China); Yang Li (Science and Technology on Communication Security Laboratory, Institute of Southwestern Communication, Chengdu 610041, China); Wei Huang (Science and Technology on Communication Security Laboratory, Institute of Southwestern Communication, Chengdu 610041, China); Song Yu (State Key Laboratory of Information Photonics and Optical Communications, School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China); Bingjie Xu (Science and Technology on Communication Security Laboratory, Institute of Southwestern Communication, Chengdu 610041, China); Hong Guo (State Key Laboratory of Advanced Optical Communication Systems and Networks, School of Electronics, and Center for Quantum Information Technology, Peking University, Beijing 100871, China)[abstract]
**Abstract:**A coherent-state point-to-multipoint protocol is proposed to simultaneously support multiple independent quantum key distribution links between a single transmitter and massive receivers. Every prepared coherent state is measured by all receivers to generate raw keys, then processed with a secure and high-efficient key distillation method to remove the correlations between different links. The simulation results show that it can achieve remarkably high key rates even with a hundred of access points. Further, a proof-of-principle experiment with one network node and four end users has been demonstrated, where the average secret key rate of 4.1 Mbps between the transmitter and each one receiver is achieved, resulting in two orders-of-magnitude higher than previous networks. This scheme is a promising step towards a high-rate multi-user solution in a scalable quantum secure network. - Pseudorandomness with Proof of Destruction and ApplicationsAmit Behera (Ben-Gurion University); Zvika Brakerski (Weizmann Institute of Science); Or Sattath (Ben-Gurion University); Omri Shmueli (Tel Aviv University)[abstract]
**Abstract:**Two fundamental properties of quantum states that quantum information theory explores are pseudorandomness and provability of destruction. We introduce the notion of quantum pseudorandom states with proofs of destruction (PRSPD) that combines both these properties. Like standard pseudorandom states (PRS), these are efficiently generated quantum states that are indistinguishable from random, but they can also be measured to create a classical string. This string is verifiable (given the secret key) and certifies that the state has been destructed. We show that, similarly to PRS, PRSPD can be constructed from any post-quantum one-way function. As far as the authors are aware, this is the first construction of a family of states that satisfies both pseudorandomness and provability of destruction. We show that many cryptographic applications that were shown based on PRS variants using quantum communication can be based on (variants of) PRSPD using only classical communication. This includes symmetric encryption, message authentication, one-time signatures, commitments, and classically verifiable private quantum coins. - 100 Gbit/s Integrated Quantum Random Number Generator Based on Vacuum FluctuationsCedric Bruynsteen (imec-Ghent University); Tobias Gehring (Technical University of Denmark); Cosmo Lupo (Politechnico Di Bari); Johan Bauwelinck (imec-Ghent University); Xin Yin (imec-Ghent University)[abstract]
**Abstract:**Emerging communication and cryptography applications call for reliable, fast, unpredictable random number generators. Quantum random number generation allows for the creation of truly unpredictable numbers thanks to the inherent randomness available in quantum mechanics. A popular approach is using the quantum vacuum state to generate random numbers. While convenient, this approach was generally limited in speed compared to other schemes. Here, through custom co-design of opto-electronic integrated circuits and side-information reduction by digital filtering, we experimentally demonstrated an ultrafast generation rate of 100 Gbit/s, setting a new record for vacuum-based quantum random number generation by one order of magnitude. Furthermore, our experimental demonstrations are well supported by an upgraded device-dependent framework that is secure against both classical and quantum side-information and that also properly considers the non-linearity in the digitization process. This ultrafast secure random number generator in the chip-scale platform holds promise for next generation communication and cryptography applications. - Oblivious Transfer from Zero-Knowledge Proofs, Or How to Achieve Round-Optimal Quantum Oblivious Transfer and Zero-Knowledge Proofs on Quantum StatesLéo Colisson (Centrum Wiskunde & Informatica, QuSoft, Netherlands); Garazi Muguruza (University of Amsterdam, QuSoft, Netherlands); Florian Speelman (University of Amsterdam, QuSoft, Netherlands)[abstract]
**Abstract:**We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions…) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing additional information on it, even in a non-interactive way and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstatesQIP and ZKstatesQMA. - Satellite-Based Quantum Key Distribution in the Presence of Bypass ChannelsMasoud Ghalaii (University of Leeds); Sima Bahrani (University of Bristol); Carlo Liorni (University of Dusseldorf); Federico Grasselli (University of Dusseldorf); Hermann Kampermann (University of Dusseldorf); Lewis Wooltorton (University of Bristol); Rupesh Kumar (University of York); Stefano Pirandola (University of York); Timothy Spiller (University of York); Alexander Ling (National University of Singapore); Bruno Huttner (ID Quantique); Mohsen Razavi (University of Leeds)[abstract]
**Abstract:**The security of prepare-and-measure satellite-based quantum key distribution (QKD), under restricted eavesdropping scenarios, is addressed. We particularly consider cases where the eavesdropper, Eve, has limited access to the transmitted signal by Alice, and/or Bob’s receiver station. For instance, Eve can only receive an attenuated version of the transmitted signals. This results in settings where an uncharacterized bypass channel, inaccessible to Eve, can also carry signals to Bob. We obtain generic bounds on the key rate in the presence of bypass channels and apply them to continuous-variable QKD protocols with Gaussian encoding as well as to the family of BB84 protocols. We find regimes of operation in which the above restrictions on Eve can considerably improve system performance. Our work opens up new security frameworks for spaceborne quantum communications systems. - 10 GBaud Continuous-Variable Quantum Key Distribution Enabled by Integrated Photonic-Electronic ReceiversAdnan A.E. Hajomer (TECHNICAL UNIVERSITY OF DENMARK); C´edric Bruynsteen (Ghent University-imec); Ivan Derkach (TECHNICAL UNIVERSITY OF DENMARK); Nitin Jain (TECHNICAL UNIVERSITY OF DENMARK); Ulrik L. Andersen (TECHNICAL UNIVERSITY OF DENMARK); Xin Yin (Ghent University-imec); Tobias Gehring (TECHNICAL UNIVERSITY OF DENMARK)[abstract]
**Abstract:**Quantum key distribution (QKD) is a well-known application of quantum information theory that guarantees information-theoretically secure key exchange. While QKD systems are becoming commercially available, large-scale deployment of next-generation QKD systems requires photonic and electronic devices that are low-cost, small, and easily integrated with existing network infrastructure. Continuous variable (CV) QKD is a promising option for large-scale deployment due to its compatibility with standard telecom technology. Despite this, the secret key rates of CV-QKD systems have been limited to a few megabits per second due to the bandwidth bottleneck of the receiver and the limited symbol rate of the transmitter. Here, we present the first discrete-modulated coherent state CV-QKD system operating at a classical telecom symbol rate of 10 GBaud. This system generates keys at rates exceeding 0.7 Gb/s over a distance of 5 km and 0.3 Gb/s over a distance of 10 km while being secure against collective attacks in both the asymptotic and finite-size regimes. This is made possible by using a high-speed, co-integrated phase-diverse receiver consisting of a silicon photonics optical front-end and a custom-designed integrated transimpedance amplifier. Additionally, well-engineered digital signal processing is used for quantum state preparation and measurement. Our experiment sets a new record for secure quantum communication and paves the way for the next generation of CV-QKD systems. - Ultra-fast multipixel SNSPD arrays with photon-number capabilities for quantum applicationsGiovanni V. Resta (ID Quantique SA); Lorenzo Stasi (ID Quantique SA); Matthieu Perrenoud (University of Geneva); Rob Thew (University of Geneva); Hugo Zbinden (University of Geneva); Félix Bussières (ID Quantique SA)[abstract]
**Abstract:**Superconducting-nanowire single-photon detectors (SNSPDs) have enabled the realization of several quantum optics technologies thanks to their high detection efficiency, low dark-counts, and fast recovery time. Here, we will present a 14-pixel SNSPD array with a maximum system detection efficiency (SDE) of 90% that remains above 80% up to 400 Mcps, and we demonstrate the ability to reach detection rates of 1.5 Gcps with an absolute SDE of 45%. Furthermore, we will explain how such device has been integrated in a QKD set-up and enabled high-speed QKD, with secret-key rates exceeding 60 Mbps over a distance of 10 km. Moreover when used in a QKD setup, the array can improve resilience against blinding attacks by monitoring the coincidence clicks between the pixels. Finally we will show that the detector is able to distinguish few-photon number states in an optical pulse with high fidelity, without posing strict limitations on the shape of the incoming light. We achieve a 2-photon fidelity of 74% and 57% for a 3-photon state, which represent state-of-the-art results for fibre-coupled SNSPDs. Such detectors could find immediate application in LOQC protocols where the capability to distinguish few photon-number states is sufficient – that is, either ‘1’ vs ‘more than 1 photons’. - On the finite size security of quantum key distributionPeter Brown (Telecom Paris); Thomas van Himbeeck (Telecom Paris)[abstract]
**Abstract:**We consider the security of Quantum Key Distribution (QKD) protocols consisting of a finite number of rounds. We provide a security proof that is both and provides tight finite-size correction terms. In particular, when expanded in the block length $n$, the rate of randomness generation has the optimal asymptotic rate and optimal leading-order finite-size correction term. The proof is also general, applying to generic randomness generation and QKD protocols that have fully characterized devices and consist of a finite number of rounds.

## List of Accepted Posters

(in order of submission)

- Reference-Frame-Independent quantum communication among multiple partiesDonghwa Lee (Korea Institute of Science and Technology); Kyujin Shin (Korea Institute of Science and Technology); Hyang-Tag Lim (Korea Institute of Science and Technology); Yosep Kim (Korea Institute of Science and Technology); Yong-Su Kim (Korea Institute of Science and Technology)[abstract]
**Abstract:**It is usually essential to have a common reference frame between two communication parties to perform quantum communication. Notably, Reference-Frame-Independent Quantum Key Distribution (RFI-QKD) provides a practical way to generate secret keys between two remote parties without sharing standard reference frames. Here, we have shown that the RFI-QKD protocol can be expanded into a multiparty system with Greenberger-Horne-Zeilinger (GHZ) entangled state. We derive the asymptotic key rate and perform the proof-of-principle experiment to verify the proposed multiparty protocols feasibility. Considering that sharing a common reference frame becomes more difficult as the number of parties increases, our protocol provides a new path to implement multipartite quantum communication in real world. - Effect of light injection on the security of practical quantum key distributionLiying Han (University of Science and Technology of China); Yang Li (University of Science and Technology of China); Hao Tan (University of Science and Technology of China); Weiyang Zhang (University of Science and Technology of China); Wenqi Cai (University of Science and Technology of China); Juan Yin (University of Science and Technology of China); Jigang Ren (University of Science and Technology of China); Feihu Xu (University of Science and Technology of China); Shengkai Liao (University of Science and Technology of China); Chengzhi Peng (University of Science and Technology of China)[abstract]
**Abstract:**Quantum key distribution (QKD) based on the fundamental laws of quantum physics can allow the distribution of secure keys between distant users. However, the imperfections in realistic devices may lead to potential security risks, which must be accurately characterized and considered in practical security analysis. High-speed optical modulators, being as one of the core components of practical QKD systems, can be used to prepare the required quantum states. Here, we find that optical modulators based on LiNbO3, including phase modulators and intensity modulators, are vulnerable to photorefractive effect caused by external light injection. By changing the power of external light, eavesdroppers can control the intensities of the prepared states, posing a potential threat to the security of QKD. We have experimentally demonstrated the influence of light injection on LiNbO3-based optical modulators and analyzed the security risks caused by the potential green light injection attack, along with the corresponding countermeasures. - Implementation of a privacy preserving publicly verifiable quantum random number generatorTanvirul Islam (CQT, National University of Singapore); Anindya Banerji (CQT, National University of Singapore); Chin Jia Boon (CQT, National University of Singapore); Wang Rui (CQT, National University of Singapore); Ayesha Reezwana (CQT, National University of Singapore); James A. Grieve (Quantum Research Centre, Technology Innovation Institute, Abu Dhabi); Rodrigo Piera (Quantum Research Centre, Technology Innovation Institute, Abu Dhabi); Alexander Ling (Department of Physics and CQT, National University of Singapore)[abstract]
**Abstract:**Verifying the quality of a random number generator involves performing computationally intensive statistical tests on large data sets commonly in the range of gigabytes. Limitations on computing power can restrict an end-user's ability to perform such verification. There are also applications where the user needs to publicly demonstrate that the random bits they are using pass the statistical tests without the bits being revealed. We report the implementation of an entanglement-based protocol that allows a third party to publicly perform statistical tests without compromising the privacy of the random bits. - General treatment of trusted gaussian noise in continuous variable quantum key distributionShinichiro Yamano (The University of Tokyo); Takaya Matsuura (RMIT University); Yui Kuramochi (Kyushu University); Toshihiko Sasaki (The University of Tokyo); Masato Koashi (The University of Tokyo)[abstract]
**Abstract:**Continuous Variable (CV) quantum key distribution (QKD) is a promising candidate for practical implementations due to its compatibility with the existing communication technology. A trusted device scenario assuming that an adversary has no access to imperfections in the detector is expected to provide significant improvement in the key rate, but such an endeavor so far was made separately for specific protocols and for specific proof techniques. Here, we develop a simple and general treatment that can incorporate the effects of Gaussian trusted noises for any protocol that uses homodyne/heterodyne measurements. In our method, a rescaling of the outcome of a noisy homodyne/heterodyne detector renders it equivalent to the outcome of a noiseless detector with a tiny additional loss, thanks to a noise-loss equivalence well-known in quantum optics. Since this method is independent of protocols and security proofs, it is applicable to Gaussian-modulation and discrete-modulation protocols and to any proof techniques developed so far and yet to be discovered as well. - On Zero-Knowledge Proofs over the Quantum InternetMark Carney (Quantum Village Inc.)[abstract]
**Abstract:**This paper presents a new method for quantum identity authentication (QIA) protocols. The logic of classical zero-knowledge proofs (ZKPs) due to Schnorr is applied in quantum circuits and algorithms. This novel approach gives an exact way with which a prover $P$ can prove they know some secret by encapsulating it in a quantum state before sending to a verifier $V$ by means of a quantum channel - allowing for a ZKP wherein an eavesdropper or manipulation can be detected with a fail-safe design. This is achieved by moving away from the hardness of the Discrete Logarithm Problem towards the hardness of estimating quantum states. This paper presents a method with which this can be achieved and some bounds for the security of the protocol provided. With the anticipated advent of a `quantum internet', such protocols and ideas may soon have utility and execution in the real world. - Powerful Primitives in the Bounded Quantum Storage ModelMohammed Barhoush (University of Montreal); Louis Salvail (University of Montreal)[abstract]
**Abstract:**The bounded quantum storage model aims to achieve security against computationally unbounded adversaries that are restricted only with respect to their quantum memories. In this work, we provide everlasting and information-theoretic secure constructions in this model for the following powerful primitives: (1) CCA1-secure symmetric key encryption, message-authentication, and one-time programs. These schemes require no quantum memory for the honest user, while they can be made secure against adversaries with arbitrarily large memories by increasing the transmission length sufficiently. (2) CCA1-secure asymmetric key encryption, encryption tokens, signatures, and signature tokens. These schemes are secure against adversaries with roughly $e^{\sqrt{m}}$ quantum memory where $m$ is the quantum memory required for the honest user. All of the constructions additionally satisfy notions of disappearing and unclonable security. - Lattice-Based Quantum Advantage from Rotated MeasurementsYusuf Alnawakhtha (University of Maryland--College Park); Atul Mantri (University of Maryland--College Park); Carl Miller (National Institute of Standards and Technology, University of Maryland--College Park); Daochen Wang (University of Maryland--College Park)[abstract]
**Abstract:**Trapdoor claw-free functions (TCFs) are immensely valuable in cryptographic interactions between a classical client and a quantum server. Typically, a protocol has the quantum server prepare a superposition of two-bit strings of a claw and then measure it using Pauli-X or Z measurements. In this paper, we demonstrate a new technique that uses the entire range of qubit measurements from the XY-plane. We show the advantage of this approach in two applications. First, building on (Brakerski et al. 2018, Kalai et al. 2022), we show an optimized two-round proof of quantumness whose security can be expressed directly in terms of the hardness of the LWE (learning with errors) problem. Second, we construct a one-round protocol for blind remote preparation of an arbitrary state on the XY-plane up to a Pauli-Z correction. - On the Two-sided Permutation Inversion ProblemGorjan Alagic (University of Maryland and NIST); Chen Bai (University of Maryland-College Park); Alexander Poremba (California Institute of Technology); Kaiyan Shi (University of Maryland-College Park)[abstract]
**Abstract:**In the permutation inversion problem, the task is to find the preimage of some challenge value, given oracle access to the permutation. This is a fundamental problem in query complexity, and appears in many contexts, particularly cryptography. In this work, we examine the setting in which the oracle allows for quantum queries to both the forward and the inverse direction of the permutation—except that the challenge value cannot be submitted to the latter. Within that setting, we consider two options for the inversion algorithm: whether it can get quantum advice about the permutation, and whether it must produce the entire preimage (search) or only the first bit (decision). We prove several theorems connecting the hardness of the resulting variations of the inversion problem, and establish lower bounds for them. Our results indicate that, perhaps surprisingly, the inversion problem does not become significantly easier when the adversary is granted oracle access to the inverse, provided it cannot query the challenge itself. - Robustness of implemented device-independent protocols and device-dependent QKD against constrained leakageErnest Y.-Z. Tan (University of Waterloo)[abstract]
**Abstract:**Device-independent (DI) protocols have experienced significant progress in recent years, with a series of demonstrations of DI randomness generation or expansion, as well as DI quantum key distribution. However, existing security proofs for those demonstrations rely on a typical assumption in DI cryptography, that the devices do not leak any unwanted information to each other or to an adversary. This assumption may be difficult to perfectly enforce in practice. While there exist other DI security proofs that account for a constrained amount of such leakage, the techniques used are somewhat unsuited for analyzing the recent DI protocol demonstrations. In this work, we address this issue by studying a constrained leakage model suited for this purpose, which should also be relevant for future similar experiments. Our proof structure is compatible with recent proof techniques for flexibly analyzing a wide range of DI protocol implementations. With our approach, we compute some estimates of the effects of leakage on the keyrates of those protocols, hence providing a clearer understanding of the amount of leakage that can be allowed while still obtaining positive keyrates. Our results and techniques should also be relevant in proving security of device-dependent QKD against constrained leakage. - Uncloneable Cryptographic Primitives with InteractionAnne Broadbent (University of Ottawa); Eric Culf (University of Waterloo)[abstract]
**Abstract:**Much of the strength of quantum cryptography may be attributed to the no-cloning property of quantum information. We construct three new cryptographic primitives whose security is based on uncloneability, and that have in common that their security can be established via a novel monogamy-of-entanglement (MoE) property: -- We define interactive uncloneable encryption, a version of the uncloneable encryption defined by Broadbent and Lord [TQC 2020] where the receiver must partake in an interaction with the sender in order to decrypt the ciphertext. We provide a one-round construction that is secure in the information-theoretic setting, in the sense that no other receiver may learn the message even if she eavesdrops on all the interactions. -- We provide a way to make a bit string commitment scheme uncloneable. The scheme is augmented with a check step chronologically in between the commit and open steps, where an honest sender verifies that the commitment may not be opened by an eavesdropper, even if the receiver is malicious. Our construction preserves the assumptions of the original commitment while requiring only a polynomial decrease in the length of the committed string. -- We construct a receiver-independent quantum key distribution (QKD) scheme, which strengthens the notion of one-sided device independent QKD of Tomamichel, Fehr, Kaniewski, and Wehner (TFKW) [NJP 2013] by also permitting the receiver's classical device to be untrusted. Explicitly, the sender remains fully trusted while only the receiver's communication is trusted. We provide a construction that achieves the same asymptotic error tolerance as the scheme of TFKW. To show security, we prove an extension of the MoE property of coset states introduced by Coladangelo, Liu, Liu, and Zhandry [Crypto 2021]. In our stronger version, the player Charlie also receives Bob's answer prior to making his guess, thus simulating a party who eavesdrops on an interaction. To make use of this property, we express it as a new type of entropic uncertainty relation which arises naturally from the structure of the underlying MoE game. - Device-independent uncloneable encryptionSrijita Kundu (University of Waterloo); Ernest Y.-Z. Tan (University of Waterloo)[abstract]
**Abstract:**Uncloneable encryption, first introduced by Broadbent and Lord (TQC 2020) is a quantum encryption scheme in which a quantum ciphertext cannot be distributed between two non-communicating parties such that, given access to the decryption key, both parties cannot learn the underlying plaintext. In this work, we introduce a variant of uncloneable encryption in which several possible decryption keys can decrypt a particular encryption, and the security requirement is that two parties who receive independently generated decryption keys cannot both learn the underlying ciphertext. We show that this variant of uncloneable encryption can be achieved device-independently, i.e., without trusting the quantum states and measurements used in the scheme. Moreover, we show our variant of uncloneable encryption works just as well as the original definition in constructing quantum money, and can be used to get uncloneable bits without using the quantum random oracle model. Finally, we show that a simple modification of our scheme yields a single-decryptor encryption scheme, which was a related notion introduced by Georgiou and Zhandry. In particular, the resulting single-decryptor encryption scheme achieves device-independent security with respect to a standard definition of security against random plaintexts. - Efficient polar encoding for information reconciliation in QKDSnehasis Addy (University of Calgary); Somnath Panja (University of Calgary); Sabyasachi Dutta (University of Calgary); Daniel Oblak (University of Calgary); Reihaneh Safavi-Naini (University of Calgary)[abstract]
**Abstract:**Quantum Key Distribution (QKD) enables two parties to establish common secret keys by transmitting bits encoded in quantum systems (qubits), which provides unconditional security. QKD introduces errors during quantum communication, which need to be corrected post-key exchange. Typical error-correcting codes in the context of QKD include Cascade, Low-density parity check (LDPC) codes, and polar codes. In our work, we use polar codes, which are state-of-the-art error-correcting codes meeting the requirements of a QKD system. We provide an implementation of an encoder for polar codes based on reliability sequence, which is computationally efficient and can be implemented in QKD postprocessing. Our work on improving the efficiency of QKD postprocessing is highly relevant for the commercialization of QKD. - Eavesdropper localization in quantum channels using stimulated Brillouin scatteringAlexandra Popp (Max Planck Institute for the Science of Light); Florian Sedlmeir (University of Otago); Birgit Stiller (Max Planck Institute for the Science of Light); Christoph Marquardt (Friedrich-Alexander-Universität Erlangen-Nürnberg)[abstract]
**Abstract:**At its core quantum key distribution (QKD) offers information theoretical security based on the laws of physics. In deployments one has to take into account practical security and resilience. The latter includes the localization of a possible eavesdropper after an anomaly has been detected by the QKD system to avoid denial-of-service. In this work, we present a novel approach to eavesdropper localization inside a quantum channel based on opto-acoustic interaction. Employing localized stimulated Brillouin scattering, we are able to localize common eavesdropping approaches such as evanescent outcoupling as low as 1% of optical transmission power to the cm level. Furthermore we are capable to distinguish multiple nominally indistinguishable fibers from different manufacturers, paving the way for high security applications. Finally we show, that this approach surpasses traditional OTDR technology. - Access-controlled entanglement source against memory attack in quantum cryptographyHaoyang Wang (Beijing University of Posts and Telecommunications); Qiang Zeng (Beijing Academy of Quantum Information Sciences); Huihong Yuan (Beijing Academy of Quantum Information Sciences); Yuanbin Fan (Beijing Academy of Quantum Information Sciences); Lai Zhou (Beijing Academy of Quantum Information Sciences); Yuanfei Gao (Beijing Academy of Quantum Information Sciences); Haiqiang Ma (Beijing University of Posts and Telecommunications); Zhiliang Yuan (Beijing Academy of Quantum Information Sciences)[abstract]
**Abstract:**We propose and demonstrate an upgraded quantum key distribution protocol based on time-bin entanglement source with access control through introducing phase randomization. The upgraded source can protect users from memory attacks at a negligible cost. - Parameter Optimisation for CV-QKD with arbitrary modulationJoão dos Reis Frazão (TU/e); Aaron Albores-Mejia (TU/e); Boris Škorić (TU/e); Chigo Okonkwo (TU/e)[abstract]
**Abstract:**A multidimensional optimisation analysis for CV-QKD systems with practical constraints is presented. We demonstrate secret-key-rates >1Mb/s for 30km transmission with arbitrary discrete modulation, utilising 10dB receiver clearance and 100kHz summedlinewidth as a cost-effective implementation. - Simulation of device-independent quantum key distribution protocolsOttó Hanyecz (Eötvös Loránd University, Budapest, Hungary AND Wigner Research Centre for Physics, Budapest, Hungary); Mátyás Koniorczyk (Wigner Research Centre for Physics, Budapest, Hungary)[abstract]
**Abstract:**We implement a simulation of a recent device-independent quantum key distribution (DIQKD) protocol to investigate its features, especially with respect to the effect of imperfections such as noise or loopholes. The simulation is based on a RESTful API recently introduced by us, capable of implementing nonlocal no-signaling correlations via communication with a server instead of making measurements on quantum systems. The presented framework can be used in development projects for testing and experimenting, before putting a DIQKD-based solution into production, replacing the API with actual quantum devices. - Fundamental limits on quantum cloning from the no-signalling principleYanglin Hu (National University of Singapore, Centre for Quantum Technologies); Marco Tomamichel (National University of Singapore)[abstract]
**Abstract:**The no-cloning theorem is a cornerstone of quantum cryptography. Here we generalize and rederive under weaker assumptions various upper bounds on the maximum achievable fidelity of probabilistic and deterministic cloning machines. Building on ideas by Gisin [Phys.~Lett.~A, 1998], our results hold even for cloning machines that do not obey the laws of quantum mechanics, as long as remote state preparation is possible and the non-signalling principle holds. We apply our general theorem to several subsets of states that are of interest in quantum cryptography. - Establishing shared secret keys on quantum line networks: protocol and securityMina Doosti (University of Edinburgh); Lucas Hanouz (VeriQloud); Anne Marin (VeriQloud); Elham Kashefi (University of Edinburgh); Marc Kaplan (VeriQloud)[abstract]
**Abstract:**We show the security of multi-user key establishment on a single line of quantum communication. More precisely, we consider a quantum communication architecture where the qubit generation and measurement happen at the two ends of the line, whilst intermediate parties are limited to single-qubit unitary transforms. This network topology has been previously introduced to implement quantum-assisted secret-sharing protocols for classical data, as well as the key establishment, and secure computing. This architecture has numerous advantages. The intermediate nodes are only using simplified hardware, which makes them easier to implement. Moreover, key establishment between arbitrary pairs of parties in the network does not require key routing through intermediate nodes. This is in contrast with quantum key distribution networks for which non- adjacent nodes need intermediate ones to route keys, thereby revealing these keys to intermediate parties and consuming previously established ones to secure the routing process. Our main result is to show the security of key establishment on quantum line networks. We show the security using the framework of abstract cryptography. This immediately makes the security composable, showing that the keys can be used for encryption or other tasks. - Finite key performance of satellite quantum key distribution under practical constraintsJasminder S. Sidhu (The University of Strathclyde); Thomas Brougham (The University of Strathclyde); Duncan McArthur (The University of Strathclyde); Roberto G. Pousa (The University of Strathclyde); Daniel K. L. Oi (The University of Strathclyde)[abstract]
**Abstract:**Global-scale quantum communication networks will require efficient long-distance distribution of quantum signals. Optical fibre communication channels have range constraints due to exponential losses in the absence of quantum memories and repeaters. Satellites enable intercontinental quantum communication by exploiting more benign inverse square free-space attenuation and long sight lines. However, the design and engineering of satellite quantum key distribution (QKD) systems are difficult and characteristic differences to terrestrial QKD networks and operations pose additional challenges. The typical approach to modelling satellite QKD (SatQKD) has been to estimate performances with a fully optimised protocol parameter space and with few payload and platform resource limitations. Here, we analyse how practical constraints affect the performance of SatQKD for the Bennett-Brassard 1984 (BB84) weak coherent pulse decoy state protocol with finite-key size effects. We consider engineering limitations and trade-offs in mission design including limited in-orbit tunability, quantum random number generation rates and storage, and source intensity uncertainty. We quantify practical SatQKD performance limits to determine the long-term key generation capacity and provide important performance benchmarks to support the design of upcoming missions. - Real-world data encryption with continuous-variable measurement device-independent quantum key distributionAdnan A.E. Hajomer (TECHNICAL UNIVERSITY OF DENMARK); Ulrik L. Andersen (TECHNICAL UNIVERSITY OF DENMARK); Tobias Gehring (TECHNICAL UNIVERSITY OF DENMARK)[abstract]
**Abstract:**Measurement-device-independent (MDI) QKD removes all side-channel attacks on detectors. Continuous variable (CV) MDI-QKD based on coherent states is a promising candidate for integration into existing telecom infrastructure. Despite previous demonstrations of the concept and the potential for secure communication offered by CV MDI-QKD, a practical implementation of the system for real-world data encryption has yet to be achieved. Here, we introduce a simple and practical CV MDI-QKD system that can coexist with classical telecommunications channels. This is achieved through the use of a new relay structure, a real-time phase locking system and a well-designed digital signal-processing pipeline. Our design demonstrates the first practical CV MDI-QKD system, operating at a symbol rate of 20 MBaud and generating keys that are secure against collective attacks in both the finite-size and asymptotic regimes. This sets an important milestone towards in-field implementation and integration of high-performance CV MDI-QKD into telecom networks. - Practical High-Dimensional Quantum Key Distribution Protocol over deployed Multicore fiberMujtaba Zahidy (Technical University of Denmark); Domenico Ribezzo (University of Naples Federico II); Claudia De Lazzari (QTI S.r.l.); Ilaria Vagniluca (QTI S.r.l.); Nicola Biagi (QTI S.r.l.); Tommaso Occhipinti (QTI S.r.l.); Leif K. Oxenlowe (Technical University of Denmark); Michael Galili (Technical University of Denmark); Tetsuya Hayashi (Optical Communications Laboratory, Sumitomo Electric Industries, Ltd.); Dajana Cassioli (Department of Information Engineering, Computer Science and Mathematics, University of L’Aquila); Antonio Mecozzi (University of L'Aquila); Cristian Antonelli (University of L'Aquila); Alessandro Zavatta (Istituto Nazionale di Ottica, Consiglio Nazionale delle Ricerche (CNR-INO)); Davide Bacco (University of Florence)[abstract]
**Abstract:**Quantum key distribution (QKD) is introduced to make encryption and transmission of data over any public channel unconditionally secure. A key requirement of such a promise is to have access to an encryption key with a similar length as the message and data itself. While QKD has become mature and the key rate significantly increased over the past 20 years, there is still a notable gap between data transmission and key generation rates. High-dimensional QKD is proposed as a method to respond to this demand. Here, we demonstrate a 4-dimensional path-\&-time encoding QKD system with more than 100\% improvement compared to a standard 2D system in the same test-bed, a 52-km deployed multicore fiber link. - Interactive Oracle Arguments in the QROM and Applications to Succinct Verification of Quantum ComputationIslam Faisal (Boston University)[abstract]
**Abstract:**This work is motivated by the following question: can an untrusted quantum server convince a classical verifier of the answer to an efficient quantum computation using only polylogarithmic communication? We show how to achieve this in the quantum random oracle model (QROM), after a non-succinct instance-independent setup phase. We introduce and formalize the notion of post-quantum interactive oracle arguments for languages in QMA, a generalization of interactive oracle proofs (Ben-Sasson--Chiesa--Spooner). We then show how to compile any non-adaptive public-coin interactive oracle argument (with private setup) into a succinct argument (with setup) in the QROM. To conditionally answer our motivating question via this framework under the post-quantum hardness assumption of LWE, we show that the XZ local Hamiltonian problem with at least inverse-polylogarithmic relative promise gap has an interactive oracle argument with instance-independent setup, which we can then compile. Assuming a variant of the quantum PCP conjecture that we introduce called the weak XZ quantum PCP conjecture, we obtain a succinct argument for QMA (and consequently the verification of quantum computation) in the QROM (with non-succinct instance-independent setup) which makes only black-box use of the underlying cryptographic primitives. The full version of this preprint is available at: https://eprint.iacr.org/2023/421 - Long-distance continuous-variable quantum key distribution over 100 km fiber with local local oscillatorAdnan Hajomer (TECHNICAL UNIVERSITY OF DENMARK); Ivan Derkach (TECHNICAL UNIVERSITY OF DENMARK); Nitin Jain (TECHNICAL UNIVERSITY OF DENMARK); Hou-Man Chin (TECHNICAL UNIVERSITY OF DENMARK); Ulrik L. Andersen (TECHNICAL UNIVERSITY OF DENMARK); Tobias Gehring (TECHNICAL UNIVERSITY OF DENMARK)[abstract]
**Abstract:**Quantum key distribution (QKD) enables two remote parties to share encryption keys with security based on physical laws. Continuous variable (CV) QKD based on coherent states and coherent detection is a suitable scheme for integration into existing telecom networks. However, thus far, long-distance CV-QKD has only been demonstrated using a highly complex transmitted local oscillator scheme, opening security loopholes for eavesdroppers and limiting its potential applications. Here, we report a long-distance CV-QKD experiment with a locally generated local oscillator over a 100 km fiber channel. This record-breaking distance is enabled by controlling the phase-noise component of excess noise, using a machine-learning framework for carrier recovery and optimizing the modulation variance. We consider the full CV-QKD protocol implementation and demonstrate the generation of keys secure against collective attacks in asymptotic and finite-size regimes. Our results set an essential milestone for CV quantum access networks realization, where a high loss budget is required, and pave the way for large-scale deployment of secure QK. - Unifying Quantum Verification and Error-Detection: Theory and Tools for OptimisationsTheodoros Kapourniotis (University of Warwick); Elham Kashefi (LIP6, Sorbonne University, University of Edinburgh); Dominik Leichtle (LIP6, Sorbonne University); Luka Music (Quandela); Harold Ollivier (INRIA Paris)[abstract]
**Abstract:**With the recent availability of cloud quantum computing services, the question of verifying quantum computations delegated by a client to a quantum server is becoming of practical interest. While Verifiable Blind Quantum Computing (VBQC) has emerged as one of the key approaches to address this challenge, current protocols still need to be optimised before they are truly practical. To this end, we establish a fundamental correspondence between error-detection and verification and provide sufficient conditions to both achieve security in the Abstract Cryptography framework and optimise resource overheads of all known VBQC-based protocols. As a direct application, we demonstrate how to systematise the search for new efficient and robust verification protocols for BQP computations. While we have chosen Measurement-Based Quantum Computing (MBQC) as the working model for the presentation of our results, one could expand the domain of applicability of our framework via direct known translation between the circuit model and MBQC. - Asymmetric Quantum Secure Multi-Party Computation With Weak Clients Against Dishonest MajorityTheodoros Kapourniotis (Department of Physics, University of Warwick); Elham Kashefi (School of Informatics, University of Edinburgh; LIP6, Sorbonne Université); Dominik Leichtle (LIP6, Sorbonne Université); Luka Music (Quandela); Harold Ollivier (DI-ENS, Ecole Normale Supérieure, INRIA)[abstract]
**Abstract:**Secure multi-party computation (SMPC) protocols allow several parties that distrust each other to collectively compute a function on their inputs. In this paper, we introduce a protocol that lifts classical SMPC to quantum SMPC in a composably and statistically secure way, even for a single honest party. Unlike previous quantum SMPC protocols, our proposal only requires very limited quantum resources from all but one party; it suffices that the weak parties, i.e. the clients, are able to prepare single-qubit states in the X-Y plane. The novel quantum SMPC protocol is constructed in a naturally modular way, and relies on a new technique for quantum verification that is of independent interest. This verification technique requires the remote preparation of states only in a single plane of the Bloch sphere. In the course of proving the security of the new verification protocol, we also uncover a fundamental invariance that is inherent to measurement-based quantum computing. - Comparative Analysis of Hybrid Quantum Error Correction (QEC)-Quantum Key Distribution (QKD) Protocols: Technical Considerations, Efficiency and Feasibility.Aida García-Callejo (Spanish National Research Council (CSIC)); Andrés Ruiz-Chamorro (Spanish National Research Council (CSIC)); Pablo Arteaga (Spanish National Research Council (CSIC)); Daniel Cano (Spanish National Research Council (CSIC)); Verónica Fernández (Spanish National Research Council (CSIC))[abstract]
**Abstract:**The present study analyzes the efficiency of employing quantum error correction codes (QECC) to encode quantum information states in the context of Quantum Key Distribution (QKD). Specifically, the possibility of enhancing the security and reliability of QKD systems by adding a secondary layer of quantum coding to the states emitted by Alice in the \textit{Prepare-and-Measure} protocols is exhaustively quantified. Such an encoding scheme would be expected to be achievable by means of quantum hardware potentially available in the mid-term. This last statement refers to the assumed reasonable interconnectivity and scalability requirements that may be imposed on the physical encoding capabilities of a quantum processor for the case here considered, since only 1-qubit states are used in QKD. The model for quantum states transmission here considered does not impose any restrictions on the quantum channel, but does assume that the noise and errors to which qubits may be subject in QKD links can be characterized by discrete transformations. That is, depending on the physical encoding scheme chosen for photon's polarization, errors such as bit-flip or phase-shift errors (among others) can be corrected through logical gates derived from Pauli operators, which, along with identity, form the basis $\{I,X,Y,Z\}$ for 1-qubit discrete error operators of the form: \begin{equation} E = \left(\begin{array}{cc} \alpha_0 & \alpha_1\\ \alpha_2 & \alpha_3 \end{array}\right) \end{equation} \medskip Such a consideration imposes the need to be able to identify and correct up to a total of $k = 1 + 3n$ different types of errors (including no error at all, bit-flip, phase-shift, and combinations of the previous) that may affect a QKD state (encoded in an $n-$qubit physical state). In line with previous scalability arguments, that requires for the number of physical qubits needed to achieve such encoding to be lower bounded by the product of the previous magnitude and the dimension of the quantum code $C$ used (which, in the context of QKD, shall be $\mathrm{dim}(C) = 2$). Therefore, if $m=1$ is the number of qubits to be encoded for each transmitted state in QKD, the condition: \begin{equation} 2^n \geq dim(C)(1+3n) \end{equation} imposes a a minimum of $n=5$ physical qubits in a quantum algorithm to carry out encoding and correction of a 1-qubit quantum state. However, it should be noted that, beyond the anticipated error types, the efficiency of identifying errors in a key distilled through QKD (i.e., for all purposes, the correctable QBER associated with each transmission) will be all the more efficient the greater the number n of physical qubits available in a processor for such encoding (of the order of $2^{n-1}$). Thus, the minimum requirements of the quantum hardware topology for the feasibility of this type of encoding are specified, as well as the optimal trade-off in terms of the assumable QBER against different types of attacks, supported by future advances in quantum processor scalability. In this sense, beyond the security considerations associated with QKD implementations of this nature, the goal of this analysis is to parallelly discern the potential speed-up of employing quantum algorithms to carry out error correction of QKD keys and their potential superiority over classical error correction processes in the future. In this regard, two types of QECC are tested in this work. On the one hand, the widespread use of low-density parity check (LDPC)-type linear codes (being linearity a requirement that quantum error correction codes must necessarily satisfy) naturally leads to considering their use in Quantum CSS (Calderbank, Shor \& Steane) codes. The efficiency and performance benefits of LDPC codes applied to QKD are therefore as well transferable to a quantum processor in this context. The performance of these codes applied in QKD is contrasted, secondly, with stabilizer codes. It can be anticipated that the latter may present challenges in the initial algorithm for the encoding of the states emitted by Alice, however the decoding circuit algorithms can be implemented with relative simplicity -albeit scalability limitations- through 1-qubit logical gates (such is also the case with CSS codes once the parity matrix of the LDPC code is known, whose speed advantages over the classical use of belief-propagation algorithms are showed here). On the previous precepts, this study focuses on carrying out a comparative analysis of the convenience of potentially benefitting from the performance of either type of code, while analyzing technical considerations derived from the experimental implementation of QECC protocols in this QKD hybrid approach. The most important considerations are the following: -Complexity. From the point of view of reliability of these types of implementations, potential disadvantages are analyzed in terms of complexity added to real physical systems. Not only is the experimental complexity increase of combining quantum hardware with QKD optical transmissions estimated, but also the anticipation of additional error sources, considering the acceptable threshold values of decoding techniques and calibration errors for real applications and security proofs. - Efficiency. In terms of efficiency and overall code performance, estimated times (for different prospective states of quantum processor advancement) for quantum key generation through these techniques are simulated, and the circumstances under which each may be most convenient are identified. - Components demands. Increased demand for quality of the optics involved in the QKD protocol is expected. Protocols of this nature further increase the demand for high-quality transmissions, especially regarding photon sources, which may have a significant impact on both implementability and its associated costs. - Overhead. Additional overhead needs are projected in terms of code design, number of qubits required depending on the use case, as well as measurement operators necessary for error detection and correction. Consequently, partial limits have been found on the amount of data that can be transmitted in a QKD system that integrates this methodology, which is projected to be overcome when widely available quantum hardware reaches sufficient maturity. - Side channel attacks. Possible vulnerabilities to quantum hacking are preliminarily identified, and a testing method is suggested for this type of QECC-based QKD systems. In addition to the previous analyses, the authors note that one of the most significant features of -both of- the codes here analyzed is that they carry out the identification of errors that affect quantum states at the time of reception, while preserving the encoded quantum information in photons. In this sense, a protocol of these characteristics allows to anticipate, in some applications, the error correction process to the security analysis (although the syndromes of each of the states can be stored classically and the correction processed once the QBER estimation is finished). This can constitute a significant disadvantage in unnecessary computational energy costs when the transmission is not considered secure, but may also be exploited for beneficial applications on certain use cases. With all of the above, the work here presented collects the results on the aforementioned considerations, quantitative cost analysis and future feasibility prospects of this QECC-QKD proposal, as well as details on design and integration considerations, and requirements of both the QKD and quantum hardware components that support this type of implementation. - Quantum Cryptanalysis of Affine CipherMahima Mary Mathews (IIIT Kottayam); Panchami V (IIIT Kottayam)[abstract]
**Abstract:**Quantum Algorithms reduce the computational complexity or solve certain difficult problems that were originally impossible to solve with classical computers. Grover's search algorithm is a Quantum computation algorithm that can find target elements from a set of unstructured data with the best possible, O(√N ) queries. Grover's search Quantum circuits implemented accurately can be used to successfully search and find the keys of Symmetric ciphers. However, very few demonstrations of such practical cryptanalysis are available. In this paper, practical Quantum cryptanalysis circuits for Affine Cipher are proposed and demonstrated, that successfully break the cipher by finding the keys. - Sample-size-reduction of quantum states for the noisy linear problem and approximate QRAMKabgyun Jeong (Seoul National University)[abstract]
**Abstract:**Quantum supremacy poses that a realistic quantum computer can perform a calculation that classical computers cannot in any reasonable amount of time. It has become a topic of significant research interest since the birth of the field, and it is intrinsically based on the efficient construction of quantum algorithms. It has been shown that there exists an expeditious way to solve the noisy linear (or learning with errors) problems in quantum machine learning theory via a well-posed quantum sampling over pure quantum states. In this paper, we propose an advanced method to reduce the sample size in the noisy linear structure, through a technique of randomizing quantum states, namely, $\varepsilon$-random technique. Particularly, we show that it is possible to reduce a quantum sample size in a quantum random access memory (QRAM) to the linearithmic order, in terms of the dimensions of the input-data. Thus, we achieve a shorter run-time for the noisy linear problem. - High-Dimensional Quantum Key Distribution using Time-Bin EntanglementFlorian Kanitschar (Technische Universität Wien); Alexandra Bergmayr (Technische Universität Wien); Matej Pivoluska (Technische Universität Wien); Marcus Huber (Technische Universität Wien)[abstract]
**Abstract:**In our work, we provide a clean security analysis of a new high-dimensional QKD setup with a Franson interferometer in the asymptotic limit and calculate secure key rates using a recent method developed. We argue that our new protocol is not only experimentally easier, as it does not require tomography of the polarization degree of freedom, but also allows for a clean security analysis without assumptions that were implicitly hidden in earlier analyses of similar and related protocols. We build a realistic noise model that takes environmental photons, dark counts, channel losses and non-unit detection efficiency into account and show that our new protocol allows secure key rates for twice as many environmental photons than comparable protocols available in literature. We want to highlight that while the security analysis of our protocol is rigorous and clean, the compared key rates for the compared protocol are actually only an upper bound (due to the assumptions implicitly hidden described earlier), so our new protocol outperforms previous settings by at least a factor of 2. Current free-space QKD implementations are only operable during night when environmental photons are low, but fail to provide secure keys during twilight and daytime, which is a major obstacle towards broad practical usage. Thus, doubling the robustness against environmental photons marks an important step forwards towards daylight-independent Quantum Key Distribution implementations. - Multi-User Continuous-Variable Quantum Key Distribution with Discrete ModulationFlorian Kanitschar (Technische Universität Wien & AIT Austrian Institute of Technology); Christoph Pacher (AIT Austrian Institute of Technology & FragmentiX Storage Solution GmbH)[abstract]
**Abstract:**In our work, we explore various multi-user scenarios for Continuous Variable Quantum Key Distribution with discrete modulation. We propose and analyse DM CV-QKD protocols for various different multi-user scenarios such as * One Alice to $n$ Bobs, where the Bobs do not trust each other, * One Alice to $n$ Bobs, where $m<n$ Bobs trust each other, * Conference Key Agreement between one Alice and $n$ Bobs. One common feature of all protocols that we study is that Alice's source does not need any additional expensive components except state-of-the-art beamsplitters, therefore we call it `cheap source'. This makes the transmitter of our proposed protocols easily implementable in experiments and demonstrations. In our work, we calculate asymptotic secret key rates for a range of parameters and different trust scenarios and show that in the asymptotic limit multi-user DM CV-QKD is possible for distances relevant for mid-sized urban area networks between at least 16 user. This highlights, that DM CV-QKD can be extended to the multi-user scenario and remains a feasible candidate also for early implementations of Quantum Key Distribution in local networks. - Maximal device-independent randomness certification by more than two observers through bipartite Bell testsLewis Wooltorton (University of York, UK); Peter Brown (Télécom Paris, France); Roger Colbeck (University of York, UK)[abstract]
**Abstract:**Nonlocal tests on multipartite quantum correlations can certify randomness in a device-independent (DI) way. Such correlations admit a rich structure, making the task of choosing an appropriate witness, known as a Bell inequality, difficult. For example, extremal Bell inequalities are tight witnesses of nonlocality, however achieving their maximum violation places constraints on the underlying quantum system, which are often incompatible with optimal randomness generation. As a result we find a trade-off between maximum randomness and Bell violation. Understanding this trade-off for more than two parties has not been explored, and would inform the best way to generate DI randomness in this setting. Moreover, suitable techniques that enable maximum randomness certification for arbitrarily many parties are missing. Here, we study the maximum amount of randomness that can be certified by correlations exhibiting a violation of the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality. We find that maximum quantum violation and maximum randomness are incompatible for any even number of parties, with incompatibility diminishing as the number of parties grow, and conjecture the precise trade-off. We also show that maximum MABK violation is not necessary for maximum randomness for odd numbers of parties. To obtain our results, we derive new families of Bell inequalities certifying maximum randomness from a new technique for randomness certification, which we call "expanding Bell inequalities". Our technique allows one to take a bipartite Bell expression, known as the seed, and transform it into a multipartite Bell inequality tailored for randomness certification, showing how intuition learned in the bipartite case can find use in more complex scenarios. - Advantage of the key relay protocol over secure network codingGo Kato (NICT); Mikio Fujiwara (NICT); Toyohiro Tsurumaru (Mitsubishi Electric Corporation)[abstract]
**Abstract:**The key relay protocol (KRP) plays an important role in improving the performance and the security of quantum key distribution (QKD) networks. On the other hand, there is also an existing research field called secure network coding (SNC), which has similar goal and structure. We here analyze differences and similarities between the KRP and SNC rigorously. We found, rather surprisingly, that there is a definite gap in security between the KRP and SNC; that is, certain KRPs achieve better security than any SNC schemes on the same graph. We also found that this gap can be closed if we generalize the notion of SNC by adding free public channels; that is, KRPs are equivalent to SNC schemes augmented with free public channels. - An optical ground station in Singapore for satellite-to-ground quantum communicationAyesha Reezwana (CQT, National University of Singapore); Moritz Mihm (CQT, National University of Singapore); Xi Wang (CQT, National University of Singapore); Karabee Batta (CQT, National University of Singapore); Alexander Ling (National University of Singapore)[abstract]
**Abstract:**In this work, we present the design considerations and architecture of an optical ground station being developed on National University of Singapore campus. The primary objective of the station is to enable quantum key distribution and facilitate other free space communication protocols. The development of the optical ground station is underway and it is projected to be commissioned by 2023. We elaborate on the building blocks and design techniques of the optical ground station in Singapore that can receive i.e downlink weak quantum signals from a satellite and perform necessary analysis to generate secret keys in a quantum key distribution experiment. We emphasize on the different subsystems namely the telescope system, quantum receiver, polarization correction system, and the pointing, acquisition and tracking system. We envision our ground station to support a range of beacon wavelengths to ensure its compatibility with various similar satellite missions. The working lab-configuration of the station is able to receive and analyse state of photons around 800 nm. To achieve a global quantum network, cross-compatibility among optical ground stations and quantum satellites is crucial. To facilitate this, we have initiated a collaboration with various academic groups involved in satellite based quantum key distribution research to standardize the configuration of an optical ground station. This collaboration aspires to create cross-compatibility among multiple optical ground stations and quantum satellites to enhance the efforts of a global quantum network. - Experimental demonstration of a QKD platform over long-distance-, metro-, and last-mile linksJan Krause (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Nino Walenta (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Benedikt Lezius (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Richard Schilling (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI); Ronald Freund (Fraunhofer Institute for Telecommunications, Heinrich Hertz Institute, HHI)[abstract]
**Abstract:**We present experimental findings of a versatile quantum key distribution (QKD) system for diverse application scenarios such as long-distance, metropolitan, and last-mile/in-house links. This is enabled by the system’s dual-wavelength support, automatic initialization, stabilizing feedback loops, and modular design, which allows for usage of commercial detectors and encryptors. - Twin-Field Quantum Key Distribution in network configurationsCarlo Liorni (Leonardo Labs Quantum Technologies); Gianluca Bertaina (INRIM); Cecilia Clivati (INRIM); Simone Donadello (INRIM); Alice Meda (INRIM); Salvatore Virzi’ (INRIM); Marco Gramegna (INRIM); Ulpiani Pierfrancesco (Leonardo Labs Quantum Technologies); Ivo Pietro Degiovanni (INRIM); Massimiliano Dispenza (Leonardo Labs Quantum Technologies)[abstract]
**Abstract:**Twin-Field Quantum Key Distribution (TF-QKD) is an innovative family of protocols characterized by a weaker dependence of the achievable secret key rate on the channel loss, with respect to conventional QKD solutions. In this work, we discuss several important aspects encountered in TF-QKD when transitioning from point-to-point links to a network configuration. 1) The effects of path length mismatch between the two arms of the link (A-C and B-C) is discussed in several configurations. 2) The noise contributions (stronger in in-field deployment) are meticulously analyzed, their effect on the final key rate is estimated and solutions to mitigate the problem are implemented. 3) The topic of building complex and large networks with TF-QKD is tackled to find advantageous configurations. Interconnected macro-star networks based on TF-QKD are simulated by means of the “qkdnetsim” package of the network simulator “ns3”. The upcoming deployment of national QKD networks requires dedicated studies in this direction to build efficient and long-range solutions, compatible with current telecom standards. - Procrustean entanglement concentration for quantum-classical coexistenceHsuan-Hao Lu (Oak Ridge National Laboratory); Muneer Alshowkan (Oak Ridge National Laboratory); Jude Alnas (Duke University); Joseph M. Lukens (Arizona State University); Nicholas A. Peters (Oak Ridge National Laboratory)[abstract]
**Abstract:**In the context of telecommunications-wavelength fiberoptic resources, quantum-classical coexistence is considered an economical approach for efficient quantum networking, such as through (dense) wavelength-division multiplexing. However, inadequate filter isolation can introduce unwanted crosstalk noise. In this study, we investigate polarization-entangled photons contaminated by highly polarized classical signals, mapping them to maximally entangled mixed states (MEMS). Notably, MEMS can be effectively concentrated using a local filtering technique commonly referred to as the Procrustean method. To achieve this, we employ programmable polarization-dependent loss emulators (PDLEs), resulting in significant enhancements in the measured state fidelities. - Measurement device-independent quantum key distribution with vortex vector modes under diverse weather conditionsMhlambululi Mafu (Case Western Reserve University); Comfort Sekga (Botswana International University of Science and Technology)[abstract]
**Abstract:**As our lives and interactions become more dependent on the internet, our security needs continue to evolve. Future transactions will likely be secured by quantum means such as point-to-point quantum key distribution and more complex quantum protocols. Quantum key distribution has the potential to revolutionize secure communication, but it is often limited by device imperfections and environmental factors such as weather conditions. Currently, quantum key distribution schemes based on orbital angular momentum-carrying optical beams employ conventional settings. As a result, various attacks, such as detector side-channel attacks, are possible, and these beams are subject to spatial aberrations because of atmospheric turbulence and poor weather conditions. As a result, we present a novel approach to measurement device-independent quantum key distribution scheme using vortex vector modes and scalar beams that is capable of achieving high key rates even under diverse weather conditions, including clear skies, light rain, and fog. Furthermore, adopting this approach maximizes the advantages of both orbital angular momentum states and measurement device-independent quantum key distribution. According to our implementation, a secure key can be transmitted up to a maximum distance of approximately 178 kilometers under clear conditions, and we can transmit signals up to a comparable distance of approximately 160 kilometers under adverse weather conditions. Since these distances are comparable, this work presents a significant advance, illustrating how measurement device-independent quantum key distribution can be implemented using vortex vector modes. Most significantly, results demonstrate the effectiveness of this approach, opening up new possibilities for secure long-distance communication under adverse weather conditions. - Twin-field quantum key distribution with three mutually unbiased basesYao Zhou (CAS Key Laboratory of Quantum Information, USTC); Zhen-Qiang Yin (CAS Key Laboratory of Quantum Information, USTC)[abstract]
**Abstract:**Twin-field quantum key distribution (TF-QKD) and its variants provide a promising solution for sharing information-theoretic secure keys between intercity peers since they are able to overcome the fundamental rate-transmittance bound without quantum repeaters. In this paper, we propose to improve the key rate at long distances and the maximum achievable distance for TF-QKD by deriving the error rates under three mutually unbiased bases, i.e., σX, σY , and σZ in two-dimensional Hilbert space. Moreover, learning these error rates, one can add noisy preprocessing to further improve its performance. We also observe that higher bit error rates do not necessarily imply lower key rates when noisy preprocessing is added. Our method does not change the existing physical implementation or experimental operation, but only requires simple postprocessing of the experimental data, which can be directly used to improve the key rate performance of the existing QKD system. The simulation results demonstrate its notable enhancements in terms of key rate at long distances and the maximum achievable distance for the phase-encoded TF-QKD protocol. - Implementation of a multiplexed quantum key distribution system simulator with a detailed secure key generation modelMasashi Ito (Corporate Research and Development Center, Toshiba Corporation); Yutaro Ishigaki (Corporate Research and Development Center, Toshiba Corporation); Keisuke Mera (Corporate Research and Development Center, Toshiba Corporation); Yoshimichi Tanizawa (Corporate Research and Development Center, Toshiba Corporation); Taofiq K. Paraiso (Cambridge Research Laboratory, Toshiba Euro Limited); Katsuyuki Kimura (Corporate Research and Development Center, Toshiba Corporation); Koji Kanazawa (Corporate Research and Development Center, Toshiba Corporation); Andrew J. Shields (Cambridge Research Laboratory, Toshiba Euro Limited)[abstract]
**Abstract:**As the volume of data and connections exchanged across telecom/datacom networks continues to increase, there is a growing need for technologies that deploy quantum key distribution (QKD) on a large scale in a practical and sustainable manner. To realize high-speed, real-time communication of large-volume data using one-time pad cryptography with QKD modules, it will be important to multiplex QKD modules in the future. Furthermore, it is necessary to consider the physical size of the device for the practical application of multiplexed QKD modules. In this study, we focused on miniaturizing the key distillation process required at the back end of the QKD chip. To reduce the size of the device, it is necessary to estimate as accurately as possible the minimum computing power required to run the key distillation process for the target secret key rate (SKR). However, the performance of the key distillation process requires computing power and involves the exchange of messages via classical channels. Therefore, we evaluate the performance by a network simulator before performing evaluations on the actual equipment. In this paper, we focus on the behavior of classical communication paths in the multiplexed QKD system, which is a problem in studying the key distillation process, and we evaluate it with the simulator. Specifically, we clarify the relationship between the required performance of the key distillation process (i.e., throughput) and the target SKR, which is necessary to realize a part of the key distillation process in hardware. - Impossibility of probabilistic Quantum Private QueriesSilvia Onofri (Scuola Normale Superiore); Vittorio Giovannetti (Scuola Normale Superiore)[abstract]
**Abstract:**The no-go theorem regarding unconditionally secure Quantum Bit Commitment protocols is a relevant result in quantum cryptography. The impossibility proof for Quantum Bit Commitment has been used to prove the impossibility of unditional security for other protocols, such as Quantum Oblivious Transfer or One-Sided Two Party Computation. In this paper, we extend the same proof to the non-deterministic version of Quantum Private Queries, a protocol addressing the Symmetric-Private Information Retrieval problem. Moreover, we prove the equivalence between Quantum Private Queries and Quantum Bit Commitment and One-Sided Two Party Computation protocols. - A Simple and Self-Testing Quantum Random Number GeneratorFadri Grünenfelder (University of Vigo); Ana Blázquez (University of Vigo); Davide Rusca (University of Vigo); Hugo Zbinden (University of Vigo)[abstract]
**Abstract:**The ideal Quantum random number generator (QRNG) is a black box which allows the users to test the quantum nature of the generated numbers. Producing a device which is close to this ideal is very demanding and will yield a low rate of random bits. Here we propose a simple setup which is self-testing on the detection part, meaning that only the source has to be characterized. We expect the implementation of this device to yield a random bit rate of around 10 Mpbs. - Interoperable key relay between heterogeneous QKDNsMayuko Koezuka (Toshiba Corporation); Ririka Takahashi (Toshiba Corporation); Yoshimichi Tanizawa (Toshiba Corporation); Yasuhiro Fujiyoshi (Toshiba Corporation); Yasuhiro Katsube (Toshiba Corporation); Hideaki Sato (Toshiba Corporation); Masanori Suzuki (NEC Corporation); Kazushi Sugyo (NEC Corporation); Takao Ochi (NEC Corporation); Kaoru Kenyoshi (National Institute of Information and Communications Technology); Mikio Fujiwara (National Institute of Information and Communications Technology); Masahide Sasaki (National Institute of Information and Communications Technology)[abstract]
**Abstract:**To construct a large-scale quantum key distribution network (QKDN) as future secure infrastructure, it is necessary interwork many QKDNs. Here, we demonstrate an interoperable key relay between two different types of QKDNs: a centralized QKDN and a distributed QKDN. In the demonstration, we build an experimental environment for interworking by using physical QKDNs and implement three fundamental functions (key relay, delivery confirmation, and status information collection) for performing key relay between heterogeneous QKDNs. - Taking quantum key distribution from fundamental science to accredited systems in spacePhilipp Sohr (Vienna University of Technology / Quantum Technology Laboratories GmbH); Matej Pivoluska (Vienna University of Technology / Quantum Technology Laboratories GmbH); Sebastian Ecker (Quantum Technology Laboratories GmbH); Manuel Erhard (Quantum Technology Laboratories GmbH)[abstract]
**Abstract:**Satellite-based implementations are essential to realise QKD systems with global reach. Our current work aims to develop a consistent protocol that specifies the individual procedural steps of Decoy-State BB84 for space applications, accompanied by a rigorous security analysis. To this end, we are bringing together the results of decades of fundamental research and patching gaps where necessary to make it ready for application in accredited systems. On the poster, we will present interim results as well as the main challenges we are facing. For a more detailed abstract, please see the submitted pdf file above. - Effect of Kalman Filter on Coarse Tracking System for Quantum Key Distribution System Moving at Constant VelocityMinchul Kim (Electronics and Telecommunications Research Institute); Kyongchun Lim (Electronics and Telecommunications Research Institute); Byung-seok Choi (Electronics and Telecommunications Research Institute); Joong-Seon Choe (Electronics and Telecommunications Research Institute); Kap-Joong Kim (Electronics and Telecommunications Research Institute); Ju Hee Baek (Electronics and Telecommunications Research Institute); Young-Ho Ko (Electronics and Telecommunications Research Institute); Chun Ju Youn (Electronics and Telecommunications Research Institute)[abstract]
**Abstract:**In this work, we investigate the effect of the Kalman filter, an algorithm predicting future values of a system, for reducing pointing errors and improving the tracking performance of the coarse tracking system. We present the pointing error based on the angular velocity of the target when the Kalman filter is applied to the tracking algorithm. The tracking system is mounted on a fixed tripod, while the mobile platform moves around the system at a constant speed as a target. The effect of the Kalman filter on the performance of the tracking system and future work will be given. - Security of Partially Corrupted Repeater ChainsWalter Krawec (University of Connecticut); Adrian Harkness (Lehigh University); Bing Wang (University of Connecticut)[abstract]
**Abstract:**In this work, we analyze the security of a QKD repeater chain where some, but not all, repeaters and fiber links are under the control of an adversary. We show how to bound the quantum min-entropy for this scenario, needed to compute key-rates in the finite-key scenario. Our proof methods may also have numerous applications in other areas of QKD and quantum cryptographic research. Finally we evaluate our new bound and show that positive key-rates are possible even in noisy scenarios. Since early quantum repeaters are bound to be noisy, yet also bound to be partially trustworthy in some scenarios, our work shows improved bit generation rates are possible for early QKD networks. - Pre-Privacy Amplification: A Method to Boost Key Rate in Resource Constrained EnvironmentsJohn Burniston (University of Waterloo); Norbert Lütkenhaus (University of Waterloo)[abstract]
**Abstract:**Without access to robust quantum memory or gates, long distance QKD relies upon trusted relays. Several implementations place these relays on satellites, however they are limited in computational power and numerically intensive tasks such as privacy amplification cause bottlenecks for continuous key exchange. Currently, one solution is the simplified trusted relay which leaves all privacy amplification to the end parties at a potentially significant cost to key rate. We developed a post processing technique called pre-privacy amplification which performs a small and efficient post processing step to boost key rates without any additional rounds of communication. For a simplified trusted relay running an asymptotic qubit six-state protocol, we demonstrate an increase to the maximum tolerable QBER from 9.05% to 11.7%. We also identify several sufficient conditions to determine functionally unique pre-privacy amplification maps, and connect it to the graph isomorphism problem. - Finite-size analysis of prepare-and-measure and decoy-state quantum key distribution via entropy accumulationLars Kamin (Institute for Quantum Computing, University of Waterloo); Amir Arqand (Institute for Quantum Computing, University of Waterloo); Ian George (University of Illinois Urbana-Champaign); Jie Lin (University of Toronto); Norbert Lütkenhaus (University of Waterloo); Ernest Y.-Z. Tan (Institute for Quantum Computing, University of Waterloo)[abstract]
**Abstract:**An important goal in quantum key distribution (QKD) is the task of providing a finite-size security proof without assuming that the states across the protocol rounds are independent and identically distributed (IID). For prepare-and-measure QKD, one recently developed approach for obtaining such proofs is the generalized entropy accumulation theorem (GEAT), but thus far it has only been applied to study a small selection of protocols. In this work, we present techniques for applying the GEAT in finite-size analysis of generic prepare-and-measure protocols, incorporating several methods to optimize the min-tradeoff function and minimize the second-order term in the GEAT. As a particular focus, we analyze decoy-state protocols and present a method for generically obtaining min-tradeoff functions for such protocols, even those where a closed-form expression for the asymptotic rate is not known. Furthermore, we highlight that the techniques we develop in the process should also yield improved bounds on the keyrates of decoy-state protocols even in the asymptotic limit. - Authentication in Secure Delegated Quantum Computation Based on Quantum Trusted Execution EnvironmentM. Prem Laxman Das (Society For Electronic Transactions and Security (SETS), Chennai); Natarajan Venkatachalam (Society For Electronic Transactions and Security (SETS), Chennai)[abstract]
**Abstract:**Quantum computers has a major influence on our modern computing platforms. New way of delegated quantum computation solutions continues to be introduced by researchers. The basic functionality of delegated quantum computation enables a classical client to delegates quantum computation related jobs to remote untrusted server with appropriate security measures. However, only very few techniques are addressed the security challenges and its feasibility to implement in practice. One of the solution is quantum trusted execution environment (Q-TEE), which ensures a secure and practical way to build a remote quantum computing server with classical client. In this work, we explore some new features of a quantum-TEE (QTEE), which can be seen as aiding secure computation on a quantum computer. It is reasonable to expect that a QTEE may be required to authenticate classical entities relating to a particular quantum computation. For example, a client, which has submitted a particular job, may require a proof that the quantum computation was indeed executed in that particular computer. Such a QTEE may be envisaged to be using a post-quantum signature scheme like DILITHIUM or Falcon. The quantum computing platform provider would use its secret key to sign various classical entities. The signature can be verified by using the provider's public key. We propose a design of a QTEE which uses Tokenized Signature Scheme (TSS). We also point out that such a QTEE has certain advantages over the naive DS-based ones. Ben-David and Sattath introduced the primitive called (public key) Tokenized Signature Scheme, which can be used in a situation where a owner wants to delegate the power to sign to a signer. The owner, after generating the signing and verification keys (using PPT called KeyGen) (similar to key generation in a DS), creates a certain number of quantum tokens (using QPT called TokenGen) and gives them to designated signers. The signers authenticate classical messages (using QPT called Sign) by generating a classical string called signature, on behalf of the owner and at her behest, using the owner-provided tokens. The verification (using PPT called Vrfy) can be run by anyone using the public key, the signature and the message. The authors also give a construction of TSS using subspace states. A quantum computation platform provider can generate its own key pair and generate tokens. The computers owned by the service provider may be equipped with a QTEE based on a candidate TSS scheme. The quantum tokens are loaded onto the QTEE, which are used for signing. We point out some advantages of such a construction. Firstly, the secret key of the owner is never revealed and all the computers controlled by the provider authenticate in the same manner. Secondly, the trust assumption on the QTEE may be relaxed. A secure TSS is expected to have the following unforgeability property. An adversarial signer can not sign n+1 messages if it has only n tokens. Thirdly, in a situation where the client pays for such authentication services, quantum tokens can be budgeted and monetized. A complete design of a QTEE, supporting various secure quantum computation related requirements, may be achived with a TSS at its core. A TSS supporting aggregation and aggregated-verification brings in added advantage. Meaningful analogues of remote attestation (RA) and direct anonymous attestation (DAA) in this setting may also be explored. The development of quantum- based TEE techniques enables service providers to implement proprietary quantum computing devices in practice. Also, it allows classical users to perform remote quantum computation at very high security levels. - Practical implementation of a simplified BB84 protocol resilient to source imperfectionsAna Blázquez Coído (Vigo Quantum Communication Center); Fadri Grünenfelder (Vigo Quantum Communication Center); Hugo Zbinden (Vigo Quantum Communication Center); Davide Rusca (Vigo Quantum Communication Center)[abstract]
**Abstract:**This research introduces a simplified variation of the time-based BB84 protocol, employing time-bin encoding and one decoy state. The proposed approach significantly simplifies the security analysis, enabling the identification of potential vulnerabilities by avoiding interference in the transmission of specific state combinations. This simplification reduces the reliance on finite key analysis and allows us to better characterize the source imperfections without much compromise on the secret key rate (SKR). - Feasibility of distributing composable keys with discrete-modulated continuous variable quantum cryptographyNitin Jain (Technical University of Denmark); Florian Kanitschar (Vienna Center for Quantum Science and Technology); Adnan A.E. Hajomer (Technical University of Denmark); Ulrik L. Andersen (Technical University of Denmark); Christoph Pacher (AIT Austrian Institute of Technology); Tobias Gehring (Technical University of Denmark)[abstract]
**Abstract:**Advances in the security analysis of continuous-variable quantum key distribution (CVQKD) protocols with true discrete modulation aim to unlock the same performance as that obtained from `traditional' protocols based on Gaussian modulation. We report a CVQKD experiment using 4 states that utilizes a composable security proof to generate a secret key fraction of $5.6 \times 10^{-3}$ bits/symbol over 10 km channel, while providing security against collective attacks. - Quantum secure direct communication with private dense coding using general preshared quantum stateJiawei Wu (National University of Singapore); Gui-Lu Long (Tsinghua University); Masahito Hayashi (The Chinese University of Hong Kong)[abstract]
**Abstract:**Dense coding is known as an attractive quantum information protocol. While the original study considers the noiseless setting, many subsequent studies extended this result to more general settings. However, all of them focused only on the communication speed in various noisy settings. While dense coding with the noiseless setting realizes twice communication speed, it also realizes quantum secure direct communication (QSDC) as follows.In dense coding, the sender, Alice, and the receiver, Bob, share perfect Bell states and Alice encodes her message by application of a unitary operation. Since Alice's local state is a completely mixed state, the eavesdropper, Eve, cannot obtain any information about the message even when Eve intercepts the transmitted quantum state. However, it is not easy to share a perfect Bell state. Hence, we need to consider secure communication under imperfect shared state. Specifically, we study secure direct communication by using a general preshared quantum state and a generalization of dense coding. In this scenario, Alice is allowed to apply a unitary operation on the preshared state to encode her message, and the set of allowed unitary operations forms a group. To decode the message, Bob is allowed to apply a measurement across his own system and the system he receives. In the worst scenario, we guarantee that Eve obtains no information for the message even when Eve access the joint system between the system that she intercepts and her original system of the preshared state. For a practical application, we construct a modular wiretap code by concatenating inverse universal hashing and an arbitrary error correcting code. Combining the wiretap code with error verification, we propose a concrete protocol for the private dense coding model and derive an upper bound of information leakage in the finite-length setting. We also discuss how to apply our scenario to the case with discrete Weyl-Heisenberg representation when the preshared state is unknown. In this case, Pauli encoding operation and Pauli channel are considered. Hence, our protocol can be applied many similar tasks. - Semi-Quantum Copy-Protection and MoreCéline Chevalier (CRED, DIENS); Paul Hermouet (CRED, DIENS, LIP6); Quoc Huy Vu (LIP6)[abstract]
**Abstract:**Properties of quantum mechanics have enabled the emergence of quantum cryptographic protocols achieving important goals which are proven to be impossible classically. Unfortunately, this usually comes at the cost of needing quantum power from every party in the protocol, while arguably a more realistic scenario would be a network of classical clients, classically interacting with a quantum server. In this paper, we focus on copy-protection, which is a quantum primitive that allows a program to be evaluated, but not copied, and has shown interest especially due to its links to other unclonable cryptographic primitives. Our main contribution is to show how to dequantize existing quantum copy-protection from hidden coset states, by giving a construction for classically-instructed remote state preparation for coset states. We also present the first secure copy-protection scheme for point-functions in the plain model, to which our dequantizer can be applied. - An efficient method for certifying quantum properties with non-i.i.d. spot-checking trialsYanbao Zhang (Oak Ridge National Lab); Akshay Seshadri (University of Colorado Boulder); Emanuel Knill (NIST-Boulder)[abstract]
**Abstract:**The reliability of quantum resources can be compromised in practice due to the complexity of their generation processes and/or the potential manipulations by untrusted parties during transmission. When performing an information task with an unreliable quantum resource, it is incorrect to treat the random variables associated with repeated experimental trials as independent and identically distributed (i.i.d.). To certify the performance of such a task, one can make a random decision in each trial, either to spot-check some property of the quantum resource or to utilize the resource for the task. The task considered can be quantum key distribution, quantum randomness expansion, verifiable quantum computation, or resource allocation in quantum networks. Unfortunately, existing methods for certifying quantum performance through spot-checking are not suitable for non-i.i.d. repeated trials without additional assumptions. Here we present a novel method to address this challenge. The method works efficiently with a finite number of non-i.i.d. trials. Furthermore, our method can be adapted to estimate quantum properties in situations where the quantum resource is spot-checked and destroyed by a measurement during each non-i.i.d. repeated trial. - FPGA-Based LED Source with Indistinguishable States for Decoy State QKDDaniel Sanchez Rosales (The Ohio State University); Roderick D. Cochran (The Ohio State University); Daniel J. Gauthier (The Ohio State University)[abstract]
**Abstract:**Quantum key distribution (QKD) systems provide a method for two users to exchange a provably secure key that can be used to establish an unconditionally secure communication channel. Here we present an FPGA-controlled prepare-and-measure BB84 polarization-based decoy state protocol using light-emitting diodes (LEDs). Our setup uses three separate LEDs driven by a field-programmable gate array (FPGA) that go through different optical paths that set the state of polarization. Each LED is connected to two GPIO pins via a different resistive path. By setting one pin to high impedance and driving the other with a nanosecond-scale electrical signal, we can choose between signal and decoy states. We can thus send 3 signal states, 3 decoy states, and 3 vacuum states. To prevent side-channel attacks multi-source QKD systems require that each state is indistinguishable from the others in the spatial, spectral, and temporal degrees-of-freedom on the photon. We do this by passing the 3 photonic wavepackets through the same single-mode fiber and 1-nm-bandwith spectral filter and use dynamic shifting of the FPGA phase-locked-loops to control the phase and the width of the electrical pulses that drive the LEDs, which allows us to control the optical pulses produced by the LEDs. Both spectral and temporal profiles are shown in Figure 1. We control the timing of the photonic wavepackets to a resolution of 78 ps. Additionally, we use the FPGA to generate true random states as required by the BB84 protocol. To quantify the indistinguishability of Alice’s various states, we use the mutual information to calculate the fraction of the final sifted key that an eavesdropper would know after making temporal and/or spectral measurements on every state that is sent. We are able to achieve 2.39e-05 and 4.31e-05 mutual information fraction leaked in the spectral and temporal waveforms, respectively. Furthermore we put our scheme into practice with a simple tabletop QKD setup where we are able to achieve 1.7% quantum bit-error rate (QBER) in the L/R bases and 2.1% QBER in the H/V bases. Additionally, our system's SWaP restrictions make it very desirable for highly mobile platforms such as drones. - Finite-size effects of decoy state methodsLars Kamin (University of Waterloo); Scott Johnstun (University of Waterloo); Norbert Lütkenhaus (University of Waterloo)[abstract]
**Abstract:**Decoy state methods improve the feasibility of quantum key distribution (QKD) by enabling the use of simple, robust sources, and techniques have been developed to allow for the use of decoy analysis in the regime where only a finite number of signals are sent. We present an iid security proof for finite-size key rates of prepare-and-measure protocols with probabilistic testing, including decoy state methods, within a composable security framework that allows for future extensions to device imperfections. Additionally, we improve the acceptance set over previous works through the use of entrywise constraints, allowing us to efficiently perform decoy state protocols. Moreover, we introduce a new figure of merit, the expected key rate, to capture the tradeoff between aborting too often and achieving high key rates, which allows for increased practicality of QKD implementations. - Qubit-based clock synchronization using a Bayesian approach Applied to Drone-Based QKD SystemsRoderick D. Cochran (The Ohio State University); Daniel J. Gauthier (The Ohio State University)[abstract]
**Abstract:**Quantum key distribution (QKD) provides a method for two users to exchange a provably secure key, which requires synchronizing the user’s clocks. Qubit-based synchronization protocols directly use the transmitted quantum states and thus avoid the need for additional classical synchronization hardware, but previous approaches sacrifice secure key either directly or indirectly. Here, we introduce a Bayesian probabilistic algorithm that incorporates all published information to efficiently find the clock offset without sacrificing any secure key [1]. Additionally, the output of the algorithm is a probability, which allows us to quantify our confidence in the synchronization. Our experimental system employs an efficient three-state BB84 prepare-and-measure protocol with decoy states. Our algorithm exploits the correlations between Alice’s published basis and mean photon number choices (which must already be published for the protocol) and Bob’s measurement outcomes to probabilistically determine the most likely clock offset. We perform cross-correlations using Fast Fourier Transforms to count the number of each type of event pairing for each potential offset (e.g., how many times Alice sent a decoy state in the horizontal/vertical polarization basis and Bob registered a click in the horizontal detector). Taking these along with a lookup table for the probabilities of the different event pairings, we determine the synchronization probability of the different potential offsets using Bayesian analysis. To demonstrate the robust nature of this algorithm, we tracked its performance using simulated data with varying parameters. We find that we can achieve a 95% synchronization confidence using a string length of only 4,140 communication bin widths, meaning we can tolerate clock drift approaching 1 part in 4,140 in this example when simulating this system with a dark count probability per communication bin width of 8⨉10-4 and a received mean photon number of 0.01. The relationship between the received mean photon number and the number of communication bin widths required to achieve a 95% synchronization confidence is shown in Fig. 1. We applied this algorithm to data collected from our drone-to-done QKD experiments, with a received mean photon number of 0.043, achieving quantum bit error rates of 0.0106, 0.0287, and 0.0361 for our 3 states. - Experimental anonymous quantum conference key agreementJonathan Webb (Heriot-Watt University); Joseph Ho (Heriot-Watt University); Federico Grasselli (Heinrich-Heine-Universitat Dusseldorf); Glaucia Murta (Heinrich-Heine-Universitat Dusseldorf); Alexander Pickston (Heriot-Watt University); Andres Ulibarrena (Heriot-Watt University); Alessandro Fedrizzi (Heriot-Watt University)[abstract]
**Abstract:**Here we report on the experimental results implementing robust anonymous quantum conference key agreement using GHZ states. Results confirm the advantage when allowing for the use of multipartite entanglement along with bipartite entanglement. - Analysis of a High-dimensional Restricted Quantum Key Distribution ProtocolHasan Iqbal (University of Connecticut); Walter Krawec (University of Connecticut)[abstract]
**Abstract:**Quantum key distribution offers unconditionally secure keys for communicating parties. Although using high-dimensional quantum systems in QKD protocols does offer considerable advantages, which has been extensively shown in different experiments, analytical security proofs for high-dimensional protocols are not abundant. This is partly because many QKD protocols lack certain ``symmetry'' in terms of the parties' capabilities and responsibilities, which complicates security proofs. In this work, we consider one such protocol and provide analytical security proof and compare our results against prior work showing an advantage of our method. We also develop a continuity bound for conditional quantum entropies which is pertinent to our analysis here and may have applications in other scenarios also. - Time-resolved Quantum Key Distribution using Semiconductor Quantum Dots with Oscillating Photonic StatesMatteo Pennacchietti (University of Waterloo, IQC); Brady Cunard (University of Waterloo, IQC); Mohd Zeeshan (National Research Council of Canada); Shlok Nahar (University of Waterloo, IQC); Sayan Gangopadhyay (University of Waterloo, IQC); Philip J. Poole (National Research Council of Canada); Dan Dalacu (National Research Council of Canada); Andreas Fognini (Single Quantum B.V.); Klaus Jöns (Institute for Photonic Quantum Systems (PhoQS), Center for Optoelectronics and Photonics Paderborn (CeOPP) and Department of Physics, Paderborn University); Val Zwiller (Department of Applied Physics, Royal Institute of Technology); Thomas Jennewein (University of Waterloo, IQC); Norbert Lütkenhaus (University of Waterloo, IQC); Michael E. Reimer (University of Waterloo, IQC)[abstract]
**Abstract:**Quantum dot-based entangled photon sources are promising candidates for quantum key distribution (QKD), as they can in principle emit deterministically, with high brightness and low multiphoton contribution. However, quantum dots (QD) often inherently possess a fine structure splitting (FSS). Since the entangled photonic state in the presence of non-zero FSS is oscillating, one must settle for a lower efficiency source through temporal post-selection or a lower measured entanglement fidelity. In both cases, the overall key rate is reduced. Our QKD analysis shows that this trade-off can be overcome by constructing a time-resolved QKD protocol where all photon pairs emitted by a QD with non-zero FSS can be used in secret key generation. This protocol works only when the detection system's temporal resolution is much smaller than the FSS period. By implementing our protocol, higher key rates can be achieved as compared to previous QKD experiments with QD entangled photon pair sources. Additionally, unlike previous security analyses that assume perfect qubit states, we rigorously bound the effect of any multi-photon components of the optical state on the key rate, which is more applicable to practical implementations. - Postselection technique for optical prepare-and-measure QKD protocolsDevashish Tupkary (Institute for Quantum Computing); Shlok Nahar (Institute for Quantum Computing); Yuming Zhao (Institute for Quantum Computing); Norbert Lutkenhaus (Institute for Quantum Computing); Ernest Tan (Institute for Quantum Computing)[abstract]
**Abstract:**The postselection technique is a widely used tool to lift the security of Quantum Key Distribution (QKD) protocols against IID collective attacks to coherent attacks. While various other approaches for proving security against coherent attacks exist, they have limitations that make them less suitable for typical optical prepare-and-measure protocols. We identify and address some limitations of the postselection technique as applied to optical prepare-and-measure QKD protocols. We extend this analysis to decoy-state protocols, which are essential for long-distance QKD. Finally, we also improve the practical applicability of the postselection technique. Thus, we argue that the postselection technique, with the relevant modifications, is the only lift to coherent attacks that can be broadly applied to optical implementations of generic prepare-and-measure QKD protocols. - Using Cascade in Quantum Key DistributionDevashish Tupkary (Institute for Quantum Computing); Norbert Lutkenhaus (Institute for Quantum Computing)[abstract]
**Abstract:**We point out a critical flaw in the analysis of Quantum Key Distribution (QKD) protocols that employ the two-way error correction protocol Cascade. Specifically, this flaw stems from an incom-plete consideration of all two-way communication that occurs during the Cascade protocol. We present a straightforward and elegant alternative approach that addresses this flaw and produces valid key rates. We exemplify our new approach by comparing its key rates with those generated using older, incorrect approaches, for Qubit BB84 and Decoy-State BB84 protocols. We show that in many practically relevant situations, our rectified approach produces the same key rate as older, incorrect approaches. However, in other scenarios, our approach produces valid key rates that are lower, highlighting the importance of properly accounting for all two-way communication during Cascade. - Impact of multiphoton states in entangled photon distributionJin-Woo Kim (School of Electrical Engineering, KAIST, Daejeon 34141); Junsang Oh (School of Electrical Engineering, KAIST, Daejeon 34141); Heonoh Kim (School of Electrical Engineering, KAIST, Daejeon 34141); June-Koo Kevin Rhee (School of Electrical Engineering, KAIST, Daejeon 34141)[abstract]
**Abstract:**Quantum information technologies that utilize entangled photon pairs assume a single- photon source. While this assumption poses no significant issues when the channel loss is low, high loss can have a detrimental impact on the system's performance. To overcome high loss, the most intuitive solution is to increase the gain of entangled photon pairs by sending a large quantity of them. However, high-gain sources tend to degrade the quantum quality of entangled photon pair sources. We derived the density matrix of the quantum state in the distribution of polarization-entangled photon pairs under the non- symmetric channel losses with threshold detectors. We analyzed the variation of the CHSH inequality parameter S and the effective photon state transfer probability 𝑁𝑚 by changing the non-linear gain γ. The increase and subsequent decrease in Nm with increasing γ can be interpreted as follows: when γ is small, the state is not properly transmitted due to high loss, but as γ increases, the error probability, such as double-click events, increases due to the influence of multi-photon events, leading to a decrease in Nm. This result indicates the need to optimize the brightness of the light source for practical implementation in quantum information technologies. This study is expected to contribute to the analysis of discrete variable quantum key distribution(DVQKD) systems like BBM92, E91, and long- distance quantum imaging systems in the future. - Simple Active Polarization Stabilizer for Practical Fiber-based Quantum Key DistributionKyongchun Lim (ETRI); Byung-Seok Choi (ETRI); Ju Hee Baek (ETRI); Minchul Kim (ETRI); Joong-Seon Choe (ETRI); Kap-Joong Kim (ETRI); Dong Churl Kim (ETRI); Chun Ju Youn (ETRI)[abstract]
**Abstract:**In recent times, field trials of quantum key distribution (QKD) have been conducted using the existing optical fiber infrastructure. However, one significant challenge faced during these trials is ensuring the stability of QKD operation. The instability of QKD operation is caused by the two factors: random fluctuations in polarization of photon over time and time drift of the photon as it traverses the deployed optical fiber. These issues are unavoidable due to the inability to accurately estimate and control factors such as temperature, vibration, and stress in the deployed optical fiber. To address this instability, various solutions based on active or passive optics have been proposed. In this paper, we present an active optics-based simple polarization stabilizer utilizing an optical polarizer, an active polarization controller, and a single photon detector. For the fast operation, we utilize only 2 out of the 4 axes of the polarization controller for the stabilizer. The experimental results verify the stability of the stabilizer. - Reliable lower bounds for practical variants of Coherent One-Way protocolsShihong Pan (Institute for Quantum Computing, University of Waterloo); Shlok Ashok Nahar (Institute for Quantum Computing, University of Waterloo); John Burniston (Institute for Quantum Computing, University of Waterloo); Norbert Lütkenhaus (Institute for Quantum Computing, University of Waterloo)[abstract]
**Abstract:**The coherent one-way (COW) protocol is a promising commercial solution to practical quantum key distribution (QKD) due to its simple optical implementation. However, the non-IID structure of COW due to its inter-signal coherence makes standard security analysis inapplicable. Recently, it has been shown that a modified COW setup allows standard IID analysis, but at the cost of imposing extra limitations and increasing the number of pulses required for each bit. Here we propose a variant that possesses the IID structure and completely retains the optical setup of COW, but with a different data processing scheme that ignores inter-signal information. We obtain key rate lower bound close to analysis for the previously proposed IID variant, and achieves a higher number of key bits transmitted per second. - Continuous Fiber Polarization Sablization with Single-Photon-Level Lightyicheng shi (National Institute of Standards and Technology)[abstract]
**Abstract:**We report a method for continuously stabilizing the polarization change of photons when propagating across fibers. This technique operates at single-photon-level intensity and therefore imposes minimal noise onto the quantum channel, allowing for un-interrupted operation of a quantum network. - Separating SNARGs from Falsifiable Assumptions in the Quantum SettingChuhan Lu (Portland State University); Nikhil Pappu (Portland State University)[abstract]
**Abstract:**Succinct Non-interactive Arguments (SNARGs) are cryptographic protocols that enable a prover to demonstrate the validity of an $\NP$ statement to a verifier using a single message of size poly-logarithmic in the size of the $\NP$ statement and witness. Currently, SNARGs are only known to exist based on non-standard cryptographic assumptions, and were shown to be inherently challenging to obtain from standard assumptions by the work of \cite{STOC:GenWic11}. The work proved that standard (black-box) proof techniques are insufficient to prove the security of a SNARG based on any standard (falsifiable) cryptographic assumption. We extend the result of \cite{STOC:GenWic11} to the quantum setting, where parties can perform quantum computations and communicate using quantum information. The result of \cite{STOC:GenWic11} uses the meta-reduction paradigm, which is a general technique for obtaining cryptographic impossibility results. To obtain our result, we extend the above paradigm to the quantum setting, which we believe to be of independent interest. - Quantum Randomness from Untrusted Light Using a Single PhotodiodeRunjia Zhang (Center for Macroscopic Quantum States (bigQ), Department of Physics, Technical University of Denmark); Bradley Longstaff (Center for Macroscopic Quantum States (bigQ), Department of Physics, Technical University of Denmark); Kieran Wilkinson (Center for Macroscopic Quantum States (bigQ), Department of Physics, Technical University of Denmark); Jonatan Bohr Brask (Center for Macroscopic Quantum States (bigQ), Department of Physics, Technical University of Denmark); Tobias Gehring (Center for Macroscopic Quantum States (bigQ), Department of Physics, Technical University of Denmark)[abstract]
**Abstract:**Measurements in quantum physics are inherently random. Moreover, it is possible to certify quantum randomness from systems that are only partially characterized by the user. Here, we propose a simple quantum random number generator (QRNG) that requires only a single photodiode and one laser. We trust only the quantum efficiency of the photodiode and the characterization of the detector, leaving the laser in control of the eavesdropper. Such a QRNG is source-device-independent and its optical setup is among the simplest setups achieving source-device independence. - Demonstration of free-space discrete-modulated continuous-variable QKD using real error correction codes and finite-size effectsKevin Jaksch (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Thomas Dirmeier (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Yannick Weiser (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Stefan Richter (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Ömer Bayraktar (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Bastian Hacker (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Conrad Rößler (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Imran Khan (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Stefan Petscharning (AIT Austrian Institute of Technology, Center for Digital Safety&Security, Vienna, Austria); Thomas Grafenauer (AIT Austrian Institute of Technology, Center for Digital Safety&Security, Vienna, Austria); Bernhard Ömer (AIT Austrian Institute of Technology, Center for Digital Safety&Security, Vienna, Austria); Christoph Pacher (AIT Austrian Institute of Technology, Center for Digital Safety&Security, Vienna, Austria); Florian Kanitschar (AIT Austrian Institute of Technology, Center for Digital Safety&Security, Vienna, Austria + Vienna Center for Quantum Science and Technology (VCQ), Atominstitut, Technische Universität Wien, Austria + Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Canada); Twesh Upadhyaya (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Canada); Jie Lin (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Canada); Norbert Lütkenhaus (Institute for Quantum Computing and Department of Physics and Astronomy, University of Waterloo, Canada); Gerd Leuchs (Max Planck Institute for the Science of Light, Erlangen, Germany + Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany); Christoph Marquardt (Friedrich-Alexander-Universität Erlangen-Nürnberg, Germany + Max Planck Institute for the Science of Light, Erlangen, Germany)[abstract]
**Abstract:**Besides discrete-variable QKD, where single photon detection is used, continuous-variable (CV) protocols are using homodyne detection and are thus promising to be compatible with existing classical coherent communication technology. Originally, the research on CV QKD protocols mostly focused on Gaussian modulation (see review [1]), where one assumes that Alice can continuously displace coherent states according to a 2D Gaussian distribution. This modulation allows the security proofs to take advance of Gaussian optimality conditions, but experimental implementations can only reach this pattern up to some finite discretization. Another approach is to directly use a discrete-modulated (DM) CV QKD protocol. Here, Alice is required to prepare a finite number of displaced coherent states, aiming for a higher experimental simplicity, with the drawback of higher theoretical complexity. Recently, new security proofs such as [2] and corresponding experiments [3,4] could show the feasibility of systems using quadrature amplitude modulation (QAM) with 64 and 256 displaced states. However, the security proof was limited to the asymptotic regime and since the experiments did not use implemented error correction codes, one could only estimate the achievable key rates, but could not generate the secret key itself. In this poster, we demonstrate experiments with a protocol with a smaller constellation size of four coherent states that share the same amplitude but are shifted by 90° in phase (QPSK modulation). We exploit a recently published security proof providing tight secret key rates for collective attacks even in the finite size regime [5]. Furthermore, we show that the QPSK data is compatible with our implemented low density parity check (LDPC) codes for binary symmetric channels. This allows us to perform the full QKD protocol from experimental quantum state exchange to classical post processing and to generate a secret key shared between Alice and Bob. For this purpose, we use a laboratory system based on polarization encoding in the Stokes parameters which is equivalent to a QPSK pattern in phase space. This scheme is designed to cope with the challenges of a turbulent atmospheric channel. While the fluctuating nature of such a channel can be targeted by sub-binning the transmission channels [6], the atmosphere is in general non-birefringent, allowing for atmospheric quantum communications [7]. [1] F. Laudenbach et al., Adv. Quantum Technol. 1, 1800011 (2018) [2] A. Denys et al., Quantum 5, 540 (2021) [3] F. Roumestan et al., arXiv:2207.11702 (2022) [4] Y. Pan et al., Optics Letters 47, 3307-3310 (2022) [5] F. Kanitschar et al., arXiv:2301.08686v1 (2023) [6] V. Usenko et al., New J. Phys. 14, 093048 (2012) [7] B. Heim et al., New J. Phys. 16, 113018 (2014) - Experimental investigation of residual phase impact on CV-QKDHou-Man Chin (Technical University of Denmark); Ulrik L. Andersen (Technical University of Denmark); Tobias Gehring (Technical University of Denmark)[abstract]
**Abstract:**This work experimentally investigates the impact of residual phase noise on CVQKD systems using phase profiles obtained through simulated Wiener phase processes and experimental measurements, and compares the experimental measurements to the theoretical calculation. - Characterising higher-order phase correlations in gain-switched laser sources with application to decoy-state QKDAlessandro Marcomini (Vigo Quantum Communication Center); Guillermo Currás-Lorenzo (Vigo Quantum Communication Center); Davide Rusca (Vigo Quantum Communication Center); Marcos Curty (Vigo Quantum Communication Center)[abstract]
**Abstract:**Decoy-state quantum key distribution (QKD) represents nowadays the best countermeasure to attacks exploiting multi-photon emissions in realistic sources. A fundamental requirement is the uniform and independent distribution of phases of the transmitted pulses. However, this can not be true for lasers working under high-speed gain-switching conditions, as residual photons in the cavity can induce phase correlations across consecutive pulses. A security proof robust against such imperfections has been recently proposed, which requires knowledge of a parameter that quantifies how close the conditional distribution of each phase is to a uniform distribution. In this work we propose an experimental method to characterise this parameter in realistic setup conditions and we extend the application to the case of arbitrary length of correlations, aiming to enable experimental verification of the implementation security. - New concepts and construction of quantum random number generatorsWitold Jacak (Department of Quantum Technology, Wroclaw University of Science and Technology, Poland); Piotr Jóźwiak (Faculty of Computer Science, Wroclaw University of Science and Technology, Poland)[abstract]
**Abstract:**Two new concepts of quantum random number generators (QRNG) are presented. The first one is related with the application of quantum entanglement to producing several mutually coupled in a random manner bit sequences, which can be used in cryptographic applications and verified in a parallel manner allowing for entropy measurement in real time in public domain using arbitrary large resources for patterns detection, but without compromising the secrecy of coupled by quantum entanglement dual random binary sequences. This is a new concept for verification of fidelity of random bit sequences in a fully non-destructive way, allowing for various applications of generated random bits for which secrecy is important (e.g. in cryptograhic applications). The idea is the development of former our proposal [1]. The second concept is reletad to our progress in prototyping of miniaturized QRNG utilizing the quantum transitions allong the Fermi golden rule as the entropy source, developed for application to quantum cryptography (QKD) systems based on continuous variables. The prototype exploiting, as the source of the entropy, the photoelectric process in a photodiode coupled to a small LED is miniaturized to size of 2 cm [2] and produces the random sequence with a rate of 1 Mb/s. We present current developments of the concept towards its further miniaturization to sizes suitable for using this QRNG device in portable computers, mobile phones and miniaturized terminals for QKD using non-entangled photons. 1. Janusz E. Jacak, Witold A. Jacak, Wojciech A. Donderowicz, Lucjan Jacak, Quantum random number generators with entanglement for public randomness testing, Scientific Reports, (2020) 10:164, https://doi.org/10.1038/s41598-019-56706-2 2. Marcin M. Jacak, Piotr Jóźwiak, Jakub Niemczuk, Janusz E. Jacak, Quantum generators of random numbers, Scientific Reports, (2021) 11:16108, https://doi.org/10.1038/s41598-021-95388-7 - CHSH inequality violation in experimental entanglement based QRNG validationWitold Jacak (Department of Quantum Technology, Wroclaw University of Science and Technology, Poland); Piotr Jóźwiak (Faculty of Computer Science, Wroclaw University of Science and Technology, Poland); Janusz Jacak (Department of Quantum Technology, Wroclaw University of Science and Technology, Poland); Wojciech Donderowicz (CompSecur sp. z o.o. / SeQre, Poland)[abstract]
**Abstract:**Validation of the randomness of a quantum random number generator (QRNG) can be performed via robust statistical testing, which generally reduces to the problem of finding long range patterns in the generated random bit sequence. This problem is computationally exhaustive and poses one of important challenges for industrial implementation of self-testing integrated QRNG devices. Furthermore, classical statistical testing cannot in principle confirm the quantum non-determinism (from which the QRNG device can deviate due to its implementation imperfections). Instead, classical testing can confirm that up to certain parameters threshold, deterministic patterns were not detected. The device independent QRNG schemes are based on quantum entanglement, which is a non-classical resource that can be verified in terms of quantum measurements non-classical correlations statistically violating Bell type (e.g. CHSH) inequalities for classical limits on such correlations. This reults in a fundamental (independent from a technical implementation) confirmation that the process used to generate randomness based on entangled quantum states is indeed non-deterministic. In this paper we describe a series of recent experimental developments focused on generating quantum entanglement based randomness in a quntum optics device-independent approach, with validation of the randomness through experimentally verified violation of the CHSH inequality [1]. The experimental setup for entanglement based QRNG involves generation of entanglement in photon polarizations in the SPDC type II process with a single-photon detectors (SPAD) for quantum measurements of entangled photons. Statistical processing of the measurements outcomes shows violation of the classical limits on the correlations, violating the CHSH inequality and hence proving that the QRNG generated randomness is based on a quantum, non-deterministic process. The further direction for this research is towards miniaturization of the robust quantum optics setups to be more adequate for integrated entanglement QRNG devices. This work is part of the NCBR research and development project (contract no. POIR.01.01.01-00-0173/15) aimed at advancing QRNG setups with technical achievements reported in the SeQre.net platform [2]. 1. J.F. Clauser, M.A. Horne, A. Shimony, R.A. Holt, Proposed experiment to test local hidden-variable theories, Phys. Rev. Lett., 23 (15): 880–4, doi: https://doi.org/10.1103%2FPhysRevLett.23.880, (1969) 2. SeQre.net, Quantum Cryptography R&D Platform managed by the Department of Quantum Technology at WUST and CompSecur / SeQre, https://seqre.net/qrng - The Quantum Chernoff Divergence in Advantage Distillation for QKD and DIQKDMikka Stasiuk (Institute for Quantum Computing); Norbert Lutkenhaus (Institute for Quantum Computing); Ernest Y.-Z. Tan (Institute for Quantum Computing)[abstract]
**Abstract:**Quantum key distribution (QKD) aims to extract secret keys from correlations between quantum systems. Most QKD research focuses on "device-dependent" protocols whose security is conditioned on their quantum devices operating within specified tolerances. These assumptions on device operation render device-dependent protocols vulnerable to attacks that exploit the differences in real devices and their models in security proofs, and hence threaten the security of such protocols. Alternatively, Device-independent (DI) QKD seeks to achieve security with minimal assumptions on quantum devices by relying on quantum correlations that violate Bell inequalities, overcoming this short-coming of device-dependent QKD. Our work is motivated by the following two observations. First, DIQKD is more secure but has worse noise and loss tolerances than device-dependent QKD. This point has motivated investigations into new techniques to improve these tolerance thresholds such as random key generation, random post-selection, noisy pre-processing and advantage distillation, the last of which we investigate, and which describes a two-way communication procedure in the error correction step of the protocol. Second, the precise circumstances in which DIQKD is possible are unclear, since not all correlations that violate Bell inequalities can be used to distill a secret key in DIQKD. Under the independent and identically distributed (IID) collective attacks framework, previous work sought to resolve both problems by implementing DIQKD with an advantage distillation protocol called the repetition-code protocol. The authors derived both a sufficient and a conjectured necessary condition for security based on the fidelity between some states in the protocol. However, the significance of their results was limited by a gap between the two security conditions, which prevented the calculation of tight noise tolerance bounds and suggested that the fidelity is not the right quantity to consider to characterize exactly when key distillation in DIQKD is possible. Furthermore, in our work we replace the fidelity in the security proofs with the quantum Chernoff divergence, a measure of distinguishability in symmetric hypothesis testing, and achieve equivalent sufficient and necessary conditions for security for the repetition-code DIQKD protocol under the i.i.d collective attacks framework. Consequently, our work strongly indicates that quantum Chernoff divergence is the relevant quantity to describe the security of the repetition-code DIQKD protocol. With our new security condition, we show that the noise tolerance thresholds of the repetition-code DIQKD protocol outperform even one-way DIQKD protocols implemented with noisy pre-processing and random key measurements. - Robust Global Quantum NetworksJan-Michael Mol (German Aerospace Center (DLR)); Kaisa Laiho (German Aerospace Center (DLR)); Davide Orsucci (German Aerospace Center (DLR)); Philipp Kleinpass (German Aerospace Center (DLR)); Florian Moll (German Aerospace Center (DLR)); Jaspar Meister (German Aerospace Center (DLR)); Waldemar Herr (German Aerospace Center (DLR)); Christian Schubert (German Aerospace Center (DLR)); Jens Kruse (German Aerospace Center (DLR)); Carsten Klempt (German Aerospace Center (DLR)); Lisa Wörner (German Aerospace Center (DLR))[abstract]
**Abstract:**Recent years have seen tremendous progress in increasing distances for distribution of quantum states and quantum entanglement, most notably in quantum key distribution. Even though these advances point towards breaching 1000 km and more in the near future, true global connectivity for secure intercontinental quantum links will likely require the operation of trusted networks based on quantum repeaters. To overcome associated losses in even the best optical fibers on ground, operating repeater nodes in space to utilize low-loss inter-satellite links may prove to be the only viable strategy. Successfully deployed QKD experiments and quantum technology in space, brings this idea closer to realization. Nevertheless, conceptual designs [9, 10] and component development are still in their infancy and it will require extraordinary engineering achievements to materialize robust space-based quantum networks. Here, we present recent efforts at the German Aerospace Center (DLR) to investigate the realization of robust global quantum networks. We are developing a holistic approach which bundles expertise on the necessary components for space-based quantum repeaters, i.e. photon sources, quantum memories, optical links, laser terminals, and orbital simulations. From this, we derive a common set of requirements to push concrete technological implementation. The long-term goal of this project is to develop space-hardened components for successful operation of intercontinental space-based quantum networks. - Quantum key distribution with multiple photon number distributionsRoberto G. Pousa (The University of Strathclyde); Daniel Oi (The University of Strathclyde); John Jeffers (The University of Strathclyde)[abstract]
**Abstract:**High brightness, low-g2 single-photon sources (SPSs) are an alternative to commonly employed weak coherent pulse (WCP) sources for discrete variable quantum key distribution (QKD) and offer potential key-rate and finite-block scaling advantages. However, the loss tolerance of SPS-based QKD is compromised by photon number splitting (PNS) attacks against non-negligible multiphoton emissions. Decoy state (DS) techniques mitigate against PNS attacks, with WCP-DS QKD over several hundred km in fibre being demonstrated. Here, we adapt the DS method to any practical SPS that can easily generate multiple photon number distributions (PND) by attenuating its original photon emissions. Hence, we provide finite-key security bounds for a Multi-PND (adapted 2-Decoy) protocol using Efficient BB84 with optimised parameters. We use a particular true quantum dot source to compare its key rate generation with a Single-PND (adapted Non-Decoy) protocol for several finite block sizes. As expected, the Multi-PND gives higher key rates than the Single-PND, except for considerably small blocks. Moreover, the Multi-PND protocol goes beyond 200 km of tolerable fibre distance for high acquisition times. In this work, we set a generalised method to employ the DS techniques with any realistic SPS and further research may be done implementing distinct SPS characteristics. - Unprovable Security of statistical NIZK in the Quantum SettingChuhan Lu (Portland State University); Nikhil Pappu (Portland State University)[abstract]
**Abstract:**It is well-known in classical cryptography that standard (black-box) proof techniques are insufficient to establish the security of statistical NIZK arguments for NP based on any standard (falsifiable) cryptographic assumption. In this work, we extend this impossibility result to a quantum scenario where quantum computations and communications are incorporated into the protocol. The classical result is demonstrated using the meta-reduction paradigm, which is a typical technique employed to generate cryptographic impossibility results. In our work, we extend this technique to the quantum setting to prove our results. - Time-bin Entanglement SwappingSamantha I. Davis (California Institute of Technology & Alliance for Quantum Technologies (AQT)); Rahaf Youssef (California Institute of Technology & Alliance for Quantum Technologies (AQT)); Raju Valivarthi (California Institute of Technology & Alliance for Quantum Technologies (AQT)); Lautaro Narváez (California Institute of Technology & Alliance for Quantum Technologies (AQT)); Neil Sinclair (California Institute of Technology, Alliance for Quantum Technologies (AQT), and John A. Paulson School of Engineering and Applied Sciences, Harvard University); Cristián Peña (California Institute of Technology, Alliance for Quantum Technologies (AQT), and Fermi National Accelerator Laboratory); Si Xie (California Institute of Technology, Alliance for Quantum Technologies (AQT), and Fermi National Accelerator Laboratory); Boris Korzh (Jet Propulsion Laboratory); Matthew Shaw (Jet Propulsion Laboratory); Panagiotis Spentzouris (Fermi National Accelerator Laboratory); Maria Spiropulu (California Institute of Technology & Alliance for Quantum Technologies (AQT))[abstract]
**Abstract:**Quantum entanglement is a preliminary requirement for many protocols in quantum computing, communication, and sensing. Entanglement is typically achieved by having two particles created from the same source [1]. However, creating quantum networks and internet requires distributing and manipulating quantum states between remote nodes through protocols such as quantum entanglement. Here we report high-fidelity entanglement swapping using time-bin qubits, with the aim of distributing entanglement between national laboratories in the United States. References: [1] Zhang, W., Xu, D., amp; Chen, L. (2023). Polarization entanglement from parametric down-conversion with an LED pump. Physical Review Applied, 19(5). https://doi.org/10.1103/physrevapplied.19.0540 - Generation of Time-bin GHZ StatesSamantha I. Davis (California Institute of Technology); Chang Li (University of Chicago); Rahaf Youssef (California Institute of Technology); Neil Sinclair (Harvard University, California Institute of Technology); Raju Valvarthi (California Institute of Technology); Maria Spiropulu (California Institute of Technology)[abstract]
**Abstract:**We detail our experiments towards generating GHZ states encoded into time-bin qubits using a 2x2 optical switch. We present a theoretical model founded on phase-space techniques to corroborate our experimental findings.