Accepted Papers

Abstract: Entanglement is an intriguing quantum phenomenon with crucial implications for both fundamental physics and technological applications, e.g., quantum key distribution (QKD). In this paper, we show that multipartite private states from which secret keys are directly accessible to trusted partners are genuinely multipartite entangled states. With application to secure Quantum Internet, we consider the most general setup of multipartite quantum process (channel) in a network setting: multiplex quantum channel with involved parties having one of the three possible roles-- that of only sender or receiver, or both sender and receiver. We derive divergence-based measures for entangling abilities of multipartite quantum channels. We describe an LOCC-assisted secret key agreement (SKA) protocol for generation or distillation of key (private random bits) among multiple trusted allies connected through a quantum multiplex channel secure against a quantum eavesdropper, of which measurement-device-independent QKD and SKA protocols over quantum network laced with key repeaters are particular instances. We are able to provide upper bounds on the non-asymptotic private capacities, maximum rate at which secret key can be distilled via finite uses of channels, and lower bounds on asymptotic capacities. These bounds are expressed in terms of the divergence-based entanglement measures of the channels. Some of these measures lead to strong converse bounds on the private capacities. Our upper bounds on the private capacities also are upper bound on the multipartite quantum capacities where goal is to distill Greenberger{Horne{Zeilinger (GHZ) state. Also, we are able to derive upper bound on the secret key bits that can be distilled via LOCC among trusted allies sharing finite copies of multipartite quantum states.

Abstract: Quantum key distribution (QKD) provides a way to share unconditional secure key between two remote parties, but the deviation between theory and practice will break the security of generated key. In this article, we evaluate the security of QKD with weak basis-choice flaw, in which the random bit used by Alice and Bob to determine their bases are weakly controlled by Eve. In fact, a tight and analytical bound is obtained to estimate the phase error for both single photon source and weak coherent source, then the key rate can be rapidly improved. And the key rate of QKD with biased bases is also considered, in which Alice and Bob distill key from two bases independently. Furthermore, by evaluating the security of QKD under wavelength attack, the performance of a commercial beam splitter is measured, and then the key rate is estimated, which is just slightly reduced with our method.

Abstract: Let $f: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$ be a Boolean function with period $\vec s$. It is well-known that Simon's algorithm finds $\vec s$ in time polynomial in $n$ on quantum devices that are capable of performing error-correction. However, today's quantum devices are inherently noisy, too limited for error correction, and Simon's algorithm is not error-tolerant. We show that even noisy quantum period finding computations lead to speedups in comparison to purely classical computations. More precisely, we implemented Simon's quantum period finding circuit on the $15$-qubit quantum device IBM Q 16 Melbourne. Our experiments show that with a certain probability $\tau(n)$ we measure erroneous vectors that are not orthogonal to $\vec s$. We propose new, simple, but very effective smoothing techniques to classically mitigate physical noise effects such as e.g. IBM Q's bias towards the $0$-qubit. After smoothing, our noisy quantum device provides us a statistical distribution that we can easily transform into an LPN instance with parameters $n$ and $\tau(n)$. Hence, in the noisy case we may not hope to find periods in time polynomial in $n$. However, we still obtain quantum advantage even for large errors $\tau(n)$ close to $\frac 1 2$. Thus, period finding does not necessarily require full quantum error correction capability. keywords: Noise-tolerant Simon period finding, IBM Q 16, LPN algorithms, quantum advantage

Abstract: Quantum networks will allow to implement communication tasks beyond the reach of their classical counterparts. A pressing and necessary issue for the design of quantum network protocols is the quantification of the rates at which these tasks can be performed. Here, we propose a simple recipe that yields efficiently computable lower and upper bounds on the maximum achievable rates. For this we make use of the max-flow min-cut theorem and its generalization to multi-commodity flows to obtain linear programs. We exemplify our recipe deriving the linear programs for bipartite settings, settings where multiple pairs of users obtain entanglement in parallel as well as multipartite settings, covering almost all known situations. We also make use of a generalization of the concept of paths between user pairs in a network to Steiner trees spanning a group of users wishing to establish Greenberger-Horne-Zeilinger states.

Abstract: The use of quantum systems allows for new insights which promise to revolutionize information processing. Quantum cryptography, especially key distribution, has become one of the most prominent applications of quantum technology. However, this task still requires users to be capable of performing quantum operations, such as state preparation or measurements in multiple bases. A natural question, therefore, is can users' technological requirements be reduced? In this work, we experimentally demonstrate a novel quantum key distribution protocol where users are fully classical and quantum operations are only performed by an untrusted third party acting as a server. We derive an information theoretic proof of security for our protocol along with an experimental demonstration.

Abstract: Randomness is a fundamental feature of quantum mechanics, which is an invaluable resource for both classical and quantum technologies. Practical quantum random number generators (QRNG) usually need to trust their devices, but their security can be jeopardized in case of imperfections or malicious external actions. In this work, we present a robust implementation of a Semi-Device-Independent QRNG that guarantees both security and fast generation rates. The system works in a prepare and measure scenario where measurement and source are untrusted, but a bound on the energy of the prepared states is assumed. Our implementation exploits heterodyne detection, which offers increased generation rate and improved long-term stability compared to alternative measurement strategies. In particular, due to the tomographic properties of heterodyne measurement, we can compensate for fast phase fluctuations via post-processing, avoiding complex active phase stabilization systems. As a result, our scheme combines high security and speed with a simple setup featuring only commercial-off-the-shelf components, making it an attractive solution in many practical scenarios.

Abstract: Discrete-modulated continuous-variable quantum key distribution protocols are favorable due to the experimental simplicity and inherited properties of continuous-variable protocols. We provide a tight numerical key rate analysis of discrete-modulated continuous-variable quantum key distribution protocols in the asymptotic limit against collective attacks. As a specific example, we analyze the key rate of the quadrature phase-shift keying (QPSK) scheme in both the paranoid and realistic scenarios. When the detector noises are trusted, the QPSK scheme is expected to reach around 100 km with currently feasible experimental parameters. For both scenarios, we also investigate the performance of post-selection of data for the reverse reconciliation scheme and show that post-selection can provide improvements in the key rate as well as reducing the amount of data for post-processing.

Abstract: Randomness is one of the key ingredients to information processing in practice, especially for computation and cryptography. A vast number of applications critically rely on abundant, high-quality random numbers that are generated securely. In this work we introduce a variant of randomness extraction framework, named \emph{incoherent randomness extraction} (IRE), in the context of quantum coherence theory where free incoherent operations are employed. This cryptographic framework unveils a new perspective to the study of quantum coherence distillation (QCD) by an \emph{exact} one-shot connection, that is, the maximum number of secure random bits extractable from a single instance of \emph{unstructured} quantum state is precisely equal to the maximum number of coherent bits that can be distilled from the same state. This exact relation not only sharpens our understanding on the operational equivalence between randomness and coherence, but also enables us to derive tight second order expansions (estimation of the number of extractable random bits/distillable coherent bits to the order~$o(\sqrt{n})$ where $n$ is the number of the prepared source states) of both tasks in the independent and identically distributed setting. Remarkably, the incoherent operation classes that can empower coherence distillation for generic states all lead to the same second order expansions, indicating their operational equivalence for QCD as well as IRE in both asymptotic and large block length regimes. As a by-product, we showcase a proof of the strong converse property for IRE from its second order expansion, excluding a possible tradeoff between the insecurity threshold and the rate of extractable randomness of a protocol. This also contributes to an alternative strong converse proof for QCD due to their exact one-shot correspondence.

Abstract: Nonlocal games with synchronous correlations are a natural generalization of functions between two finite sets. In this work we examine analogues of Bell's inequalities for such correlations, and derive a synchronous device-independent quantum key distribution protocol. This protocol has the advantage of symmetry between the two users and self-testing while generating shared secret key without requiring a preshared secret. We show that, unlike general correlations and the CHSH inequality, there can be no quantum Bell violation among synchronous correlations with two measurement settings. However we exhibit explicit analogues of Bell's inequalities for synchronous correlations with three measurement settings and two outputs, provide an analogue of Tsirl'son's bound in this setting, and prove existence and rigidity of quantum correlations that saturate this bound. We conclude by posing a security assumption that bypasses the locality, or causality, loophole and examine the protocol's robustness against measurement error and depolarization noise.

Abstract: We present two different QRNG devices which allow to maximize the entropy extraction of a system and so the generation rate. The two devices use single-photon avalanche diode along (SPAD) with FPGA device. The first device, Randy, uses only one SPAD and with a post-processing based on the Peres algorithm [Y. Peres, Ann. Statist. 20, 590 (1992)], has a generation rate of 1.8 Mbit/s. The second device, LinoSPAD, which is a CMOS SPAD array based device and integrate also a time-to-digital converter (TDC) on its FPGA, has a final generation rate of 310 Mbit/s thanks to a improved post-processing procedure which also includes the Zhou-Bruck algorithm [H. Zhou and J. Bruck, arXiv:1209.0726 (2012)].

Abstract: We present a computer-verified formalization of the post-quantum security proof of the Fujisaki-Okamoto transform (as analyzed by Hövelmanns, Kiltz, Schäge, and Unruh, PKC 2020). The formalization is done in quantum relational Hoare logic and checked in the qrhl-tool (Unruh, POPL 2019).

Abstract: We implement 5 GHz clocked polarization-based simplified BB84 protocol. Secret keys can be distributed over 151.5 km of standard telecom fiber at a rate of 54.5 kbps. The high clock frequency might give rise to correlations between the pulses. We characterize the correlations in decoy intensity, polarization and in the phase between the pulses and discuss their impact on the security of the protocol.

Abstract: Losses in the physical transmission medium fundamentally limit the distance that quantum key distribution schemes can cover. By means of quantum repeaters, the reach of these schemes can be extended and chains of quantum repeaters could in principle cover arbitrarily long distances. Here, we first provide an efficient algorithm for completely characterizing the behaviour of a large class of repeater chain protocols. The algorithm determines the fidelity and generation time (waiting time) of the first generated entangled pair between the end nodes of a quantum repeater chain. It has polynomial runtime in the size of the support of the waiting time probability distribution. This runtime improves upon the exponential runtime of existing algorithms and allows us to analyze repeater chains of thousands of segments for some parameter regimes. Second, we use the algorithm for optimizing the achievable secret key rate. For this, we consider a family of repeater schemes generalizing the BDCZ scheme. In particular, the schemes incorporate a cut-off condition that enables to mitigate the effects of decoherence. We find that the use of the optimal cut-off extends the parameter regime for which secret key can be generated and moreover significantly increases the secret-key rate for a large range of parameters. Our algorithms thus serve as useful tools for the design and realization of long-distance quantum key distribution networks.

Abstract: We investigate estimation of fluctuating channels and its effect on security of continuous-variable quantum key distribution. We propose a novel estimation scheme which is based on the clusterization of the estimated transmittance data. We show that uncertainty about whether the transmittance is fixed or not results in a lower key rate. However, if the total number of measurements is large, one can obtain using our method a key rate similar to the non-fluctuating channel even for highly fluctuating channels. We also verify our theoretical assumptions using experimental data from an atmospheric quantum channel. Our method is therefore promising for secure quantum communication over strongly fluctuating turbulent atmospheric channels.

Abstract: Extending the functionality and overcoming the performance limitation under which QKD can operate requires either quantum repeaters or new security models. Investigating the latter option, we introduce the Quantum Computational Hybrid (QCH) security model, where we assume that computationally secure encryption may only be broken after a time much longer than the coherence time of available quantum memories. We propose an explicit d-dimensional key distribution protocol, that we call MUB-Quantum Computational Timelock (MUB-QCT) where one bit is encoded on a qudit state chosen among d + 1 mutually unbiased bases (MUBs). Short-term-secure encryption is used to share the basis information with legitimate users while keeping it unknown from Eve until after her quantum memory decoheres. This allows to reduce Eve’s optimal attack to an immediate measurement followed by post-measurement decoding. We demonstrate that MUB-QCT enables everlasting secure key distribution with input states containing up to O(\sqrt{d})photons. This leads to a series of important improvements when compared to QKD: on the functional side, the ability to operate securely between one sender and many receivers, whose implementation can moreover be untrusted ; significant performance increase, characterized by a O(\sqrt{d}) multiplication of key rates and an extension by 25km x log(d) of the attainable distance over fiber. Implementable with a large number of modes with current or near-term multimode photonics technologies, the MUB-QCT construction has the potential to provide a radical shift to the performance and practicality of quantum key distribution.

Abstract: Quantum memories are a fundamental of any global-scale quantum Internet, since these units are necessary for guaranteeing an optimal performance in a high-performance quantum networking scenario. The main problem of quantum memories is the low retrieval efficiency of the systems from the registers of the quantum memory. Here, we define a novel quantum memory called high-retrieval-efficiency (HRE) quantum memory for the quantum Internet. An HRE quantum memory unit integrates local unitary operations on its hardware level for the optimization of the readout procedure and utilizes the advanced techniques of quantum machine learning. The local unitaries of an HRE quantum memory achieve the optimization of the readout procedure in an unsupervised manner without the use of any labeled data or training sequences. The HRE quantum memory is a particularly convenient unit for the construction of a powerful, global-scale quantum Internet.

Abstract: Position verification is a cryptographic primitive aiming at securely certifying the location of a party in space. Informationally-secure PV was shown to be impossible through the existence of universal attacks both in the classical setting [Chandran et al., 2009] and in the quantum setting [Buhrman et al., 2014; Beigi and König,2011]. However, while classical attacks require the same amount of resources than the protocol, known universal quantum attacks make use of an exponential amount of entanglement through a technique known as Instantaneous Nonlocal Quantum Computation. In this paper, we characterize attacks to a "BB84-like" protocol already proposed in previous work [Kent et al., 2011], based on single photons polarized at an angle θ. We consider adversaries sharing maximally entangled pairs of qudits and find low-dimensional INQC attacks. We find exact attacks against some rational angles, including some sitting outside of the Clifford hierarchy (e.g. π/6), and show no θ allows to tolerate errors higher than ~0.5% against adversaries holding two ebits per protocol's qubit.

Abstract: We describe a protocol for generating random numbers based on the existence of quantum violations of a free version of Clauser-Horne-Shimony-Holt inequality for qutrit, namely CHSH-3. Our method uses semidefinite programming relaxations to compute such violations. In a standard setting the CHSH-3 inequality involves two separated qutrits and compatible measurement, that is, commuting with each other, yielding the known quantum bound of $1+\sqrt{11/3} \approx 2.9149$ . In our framework, $d$-dimensional quantum systems (qudits) where $d$ is not fixed {\it a priori}, and measurement operators possibly not compatible, are allowed. This loss of constraints yields a higher value of $4$ for the maximum expectation of CHSH-3, attained for $d=3 $ and non-commutative measurements for one party. Based on such upper bound on the violation of free CHSH-3, which appear to be a non-algebraic bound, we develop a random number generator with only one party. Our protocol generates a maximal entropy and its security is based, through self testing arguments, on the attainability of the maximal violation of the free CHSH-3 for quantum systems.

Abstract: Classical remote state preparation (RSPCC) is a primitive that allows an honest client to prepare a quantum state remotely with the help of an (untrustworthy) server using only a classical communication channel. With this primitive quantum protocols (such as secure delegation of quantum computations) become accessible to classical clients, by removing the need for a quantum channel. Since this cryptographic primitive’s main role is to be a building block within larger protocols, it is of utmost importance to examine its security under composition. In this work we present three results related to the composability of RSPCC protocols: 1. As our first main result, we show that no classical remote state preparation protocol RSPCC can be composable in the Abstract Cryptography framework [MR11], even when the distinguisher is computationally bounded. In other words, remote state preparation cannot be constructed with only a classical channel. 2. We further show that any classical-client delegated quantum computing protocol that uses the universal blind quantum computation (UBQC) protocol [BFK09] and a RSPCC protocol as a subroutine cannot be composable. 3. Upon relaxing the security requirement, we show that replacing the quantum channel of the UBQC protocol by the particular RSPCC protocol of [CCKW19] is secure in the game-based security framework.

Abstract: Reliable and efficient functioning of a quantum network depends on identifying and mitigating security risks originating from within and outside the network. We aim to construct a comprehensive framework for developing and assessing secure quantum networks. We articulate issues for making quantum networks secure in general, summarise the state of the art and identify priority directions for further investigation. Our analysis builds on the secure communication protocols developed for classical layered network architectures such as the open-systems interconnection (OSI) model and the transmission control protocol/internet protocol (TCP/IP) model. Our work will lead to the development of a hardware-independent framework for securing general quantum networks that allows developers to identify mandatory security mechanisms and incorporate additional security requirements of the clients during design of the networks.

Abstract: We propose a novel architecture of quantum-error-correction-based quantum repeaters that combines the techniques used in discrete and continuous variable quantum information. Specifically, we propose to encode the transmitted qubits in a concatenated code consisting of two levels. On the first level we use a continuous variable GKP code which encodes the qubit in a single bosonic mode. On the second level we use a small discrete variable code, encoding a logical qubit in as few as seven physical qubits. Such an architecture introduces two major novelties which allow us to make efficient use of resources. Firstly, our architecture makes use of two types of quantum repeaters: the simpler GKP repeaters that need to only be able to store and correct errors on a single GKP qubit and more powerful but more costly multi-qubit repeaters that additionally can correct errors on the higher level. We find that the combination of using the two types of repeaters enables us to achieve performance needed in practical scenarios with a significantly reduced cost with respect to an architecture based solely on multiqubit repeaters. Secondly the use of continuous variable GKP code on the lower level has the advantage of providing us with the information about the success probability of the specific GKP correction round. This analog information, unique to bosonic codes, provides significant boost in performance when used to correct second level errors in the multi-qubit repeaters.

Abstract: We develop a protocol that allows a pair of users to sift a secret key starting from shared variable-length Greenberger-Horne-Zeilinger (GHZ) states. It is an extension of the BBM’92 protocol which relies on measurements in the matching basis for entanglement witness. We then design an entanglement generation scheme over a quantum network that equips the quantum key generation protocol to achieve key rates that are independent of the distance between the two users. The key new insight in our protocol is to allow a repeater node to use n-qubit GHZ projective measurements that can fuse n successful entangled links, i.e., two-qubit entangled Bell pairs shared across network edges, incident at that node, into an n-qubit GHZ state shared by the far nodes of those edges. If we allow even 3-fusions at the nodes, we find by developing a connection to a modified version of the site-bond percolation problem that despite lossy (hence probabilistic) link-level entanglement generation, and probabilistic success of the fusion measurements at nodes, one can generate entanglement between end two parties at a rate that stays constant as the distance between them increases. This is not possible to attain with any (non-error-corrected) quantum networking protocol using Bell measurements alone.

Abstract: Entanglement distribution between very distant parties allows several interesting quantum-enabled protocols to be performed, in the fields of quantum communication, metrology and distributed computation. However, achieving this task over global distances (thousands of km) is very daunting, due to the exponential losses of light in optical fibres. The concept of a quantum repeater has been introduced to counter this problem. Such a device allows, using quantum memories and protocols based on entanglement swapping or quantum error correction, to connect several elementary links and enlarge the achievable distance. An alternative solution is represented by satellite-relayed free-space channels, that have already been proven to be feasible with current technology. Using a double downlink from a single satellite, however, the maximum distance between the ground stations is limited to {1500-2000} km, due to the additional losses encountered at low elevation angles. Through quantum repeaters, few of these satellite links can be chained together to reach global distances. In this work we propose and study a scheme in which entanglement sources and quantum repeaters are placed on board of satellites, orbiting around the Earth in the string of pearls configuration. This allows to connect two users on the ground via free-space optical links outside the atmosphere, achieving far superior distance-to-loss ratio with respect to the standard fibre-based implementation. In this way, a small number of intermediate nodes is enough to achieve entanglement distribution over global distances at a reasonable rate. The performance of this repeater chain is assessed in terms of the secret key rate achievable by the BB-84 cryptographic protocol, taking into account the most important sources of noise. We perform a comparison with other repeater chain architectures and show that our scheme is superior in almost every situation, achieving higher key rates, reliability and flexibility. These results have been obtained assuming reasonably conservative values of the parameters of the setup, such as the size of the optical elements and the efficiency of the quantum memories. The feasibility of the implementation in the mid-term future is analysed, based on recent developments in space-borne technology. We finally discuss some exemplary orbital configurations to connect several pairs of cities around the world with very small satellite constellations and estimate the cost of such an infrastructure. The integration of satellite-based links with ground repeater networks can be envisaged to represent the backbone of the future Quantum Internet. C. Liorni, H. Kampermann, D. Bruß, arXiv:2005.10146, 2020

Abstract: Space-based quantum key distribution (QKD) overcomes the limits of distance between terrestrial users caused by losses in optical fibre. Thus, it is the most promising method to establish a global scale QKD network. While the first QKD platform in the space - “the Micius satellite” – was a ground-breaking proof of principle demonstration, it is not a commercially favourable solution. We present our Cube-Sat payload design which has a more economically viable key-rate. The whole system is consisting of two parts, a 2U transmitter payload in Cube Satellite and an Optical Ground Station (OGS) working as receiver. The system is designed for polarisation based BB84/Decoy-State protocol with 100Mhz key transmission rate. In order to avoid the light pollution near the metropolitan centres and provide flexibility, we present our progress towards a mobile OGS which will be able to act as a receiver for the quantum signal.

Abstract: Satellite-based quantum communication is a promising approach for realizing globalscale quantum networks. However, due to atmospheric turbulence, achieving a highly efficient and stable spatial single-mode receiver, which is very important for daylight free-space quantum key distribution and more complex quantum information tasks involving quantum interference, is difficult. Here, we develop a spatial single-mode receiver with an adaptive optics (AO) system based on a modal version of the stochastic parallel gradient descent algorithm (M-SPGD) and conduct a field test of its performance over an 8 km urban terrestrial free-space channel. Our experimental results demonstrate the AO technology based on M-SPGD has a great boosting for single-mode receiver and is useful for large-scale quantum communication.

Abstract: All phase-encoded BB84 implementations have signal states with unbalanced amplitudes in practice. Thus, the original security analyses a priori do not apply to them. Previous security proofs use signal tagging of multi-photon pulses to recover the behaviour of regular BB84. This is overly conservative, as for unbalanced signals, the photon-number splitting attack does not leak full information to Eve. In this work, we exploit the flag-state squashing model to preserve some parts of the multi-photon generated private information in our analysis. Using a numerical proof technique, we obtain significantly higher key rates compared with previously published results in the low-loss regime. It turns out that the usual scenario of untrusted dark counts runs into conceptual difficulties in some parameter regime. Thus, we discuss the trusted dark count scenario in this paper as well. We also report a gain in key rates when part of the total loss is known to be induced by a trusted device. We highlight that all these key rate improvements can be achieved without modification of the experimental setup.

Abstract: We present a simple idealistic quantum entanglement based protocol for quantum random number generation allowing a trusted third party to publicly perform arbitrarily complex tests of randomness without any violation of the secrecy of the generated bit sequences. The protocol diminishes also an average time of the randomness testing (thus enabling arbitrary shortening of this time with increasing number of entangled qubits).

Abstract: Classical bits can be copied, but quantum bits, in general, cannot. As a result, there is interest in creating uncounterfeitable quantum money, in which a set of qubits can be spent as money but cannot be duplicated. To function as money, there must be a way to verify that a given state is a valid banknote and not a counterfeit. Many recent efforts have tried to allow public key verification, where any untrusted user, even a would-be counterfeiter, can verify the banknotes. However, despite many attempts, a secure construction of public-key quantum money has remained elusive. Here we introduce franchised quantum money, a new notion that is weaker than public key quantum money but brings us closer to realizing it. Franchised quantum money allows any untrusted user to verify banknotes using a unique secret key. Furthermore, we give a construction of franchised quantum money and prove security assuming the quantum hardness of the short-integer solution problem (SIS). This is the first construction of quantum money that allows an untrusted user to verify the banknotes, and which has a proof of security based on widespread assumptions. It is therefore an important step toward public key quantum money. Under franchised quantum money, untrusted users receive unique secret verification keys. With their key, a user can verify banknotes without the mint involved, but they cannot create counterfeit money that would fool another user. This is different from public key quantum money because the verification key may actually enable counterfeiting, but the only person that the counterfeiter can fool is themselves. Here is how franchised quantum money might be useful: consider a group of large corporations, mutually distrustful, that nevertheless want to make transactions with each other. Further, a trusted third party, the mint, will administer the money system. While the mint cannot make verification public-key, it can franchise the ability to verify banknotes to the group of untrusted corporations. The mint gives each corporation a unique secret verification key that allows them to verify banknotes from another corporation. Now what if one corporation decides to start using its key to copy money? Since each corporation gets a different key, any banknotes that the corporation produces will fail to verify when a different key is used. Therefore the dishonest corporation will not be able to fool anyone but themselves. Public key quantum money has eluded sophisticated attempts to construct it directly, so franchised quantum money is useful as a stepping stone. Although franchised quantum money is not public-key, it still enables verification without the mint involved, which is the main feature of interest for public key quantum money. Further, we give a construction of franchised quantum money with a proof of security based on widely-held assumptions about the SIS problem. Franchised quantum money offers greater security than existing constructions of quantum money, and brings us closer to public-key verification.

Abstract: Quantum communication in general helps deter potential eavesdropping in the course of transmission of bits to enable secure communication between two or more parties. In this paper, we propose a novel quasi-quantum secure direct communication scheme using non-maximally entangled states. The proposed scheme is simple to implement using existing techniques and significantly reduces the number of leaked bits. As a result long sequences or the whole sequence of data can be communicated at once before error checking for a potential eavesdropper. Also a cipher can be used in the protocol for retrieving the bits that are lost due to security. The qubit efficiency of the proposed protocol is found to be 40 %.

Abstract: Zhandry recently defined a new cryptographic object called quantum lightning, which has a number of useful applications, including a strong form of quantum money. Further, Zhandry proposed a construction of quantum lightning based on superpositions of low-rank matrices. The scheme is unusual, so it is difficult to analyze whether the scheme is secure and difficult to base the scheme’s security on any widespread computational assumptions. Instead, Zhandry proposed a new hardness assumption that, if true, could be used to prove security. While the new hardness assumption is plausible, it has not been rigorously analyzed. In this work, we analyze the hardness assumption to determine how, if at all, it can be justified. We show that Zhandry’s hardness assumption is in fact false, so the proof of security for Zhandry’s scheme does not hold. While the scheme itself has not been proven insecure, our analysis suggests an approach to developing attacks that might prove the scheme insecure.

Abstract: Heralded single photons with a wavelength of 780 nm were generated from 30-mm long PPKTP crystals. The spectral correlation was eliminated under narrow band-pass filtering, and Hong-Ou-Mandel interference between two heralded single-photon sources was demonstrated.

Abstract: The security of measurement device-independent quantum key distribution (MDI QKD) relies on a thorough characterization of one's optical source output, especially any noise in the state preparation process. Here, we provide an extension of the loss-tolerant protocol [Phys. Rev. A 90, 052314 (2014)], a leading proof technique for analyzing the security of QKD, to MDI QKD protocols that employ mixed signal states. We first reframe the core of the proof technique, noting its generalization to treat d-dimensional signal encodings. Concentrating on the qubit signal state case, we find that the mixed states can be interpreted as providing Alice and Bob with a virtual shield system they can employ to reduce Eve's knowledge of the secret key. We then introduce a simple semidefinite programming method for optimizing the virtual twisting operations they can perform on the shield system to yield a higher key rate, along with an example calculation of fundamentally achievable key rates in the case of random polarization modulation error.

Abstract: Device-independent quantum key distribution provides security even when the equipment used to communicate over the quantum channel is largely uncharacterized. An experimental demonstration of device-independent quantum key distribution is however challenging. A central obstacle in photonic implementations is that the global detection efficiency, i.e., the probability that the signals sent over the quantum channel are successfully received, must be above a certain threshold. We here propose a method to significantly relax this threshold, while maintaining provable device-independent security. This is achieved with a protocol that adds artificial noise, which cannot be known or controlled by an adversary, to the initial measurement data (the raw key). Focusing on a realistic photonic setup using a source based on spontaneous parametric down conversion, we give explicit bounds on the minimal required global detection efficiency.

Abstract: In this paper we consider the Liouville equation that describes the quantum non-unitary dynamics of quantum states in optical fiber.We consider particular case of thermalization aiming to applications related to various quantum information protocols; however the model can be generalized in various ways taking into account more features (external pump, nonlinear interactions, continuous spectra, free space propagation, etc.). In order to obtain the appropriate evolution models for states in the channel we use the SU(1,1) algebra formalism in the Liouville representation. Developed model is applied in cases of two different initial states as an example. The first is single- and multi-frequency-mode (e.g. wavelength-division-multiplexed) weak coherent states in quantum notation as rather simple but useful example. This particular example is of interest since weak coherent states are commonly used tool in various fields of optics, e.g. optical communication, quantum key distribution, etc. Results for coherent states are well agreed with classical theories however in order to highlight quantum features of developed theory we also consider the case of non-classical light, in particular Fock states. Considered implementation of model takes into account dichroism, retardance, thermalization, dispersion, decoherence in polarization domain. We derive expressions of evolved states, mean photon number and estimate the Stokes parameters as well as degree of polarization. Considered examples explicitly demonstrates all the features and effects of developed approach. Described approach allows to connect the information properties of quantum channels with its physical ones. In order to illustrate this statement we consider BB84 quantum key distribution protocol and investigate behavior of quantum bit error rate affected by considered physical phenomena in optical fiber.

Abstract: In this paper we present for the first time two possible techniques for deterministic two-step complete Bell state analyzer of optical (polarization) qubits using semi-demolition or entangled non-demolition measurements. Main difference to a prior studies in the field is that we do not use hyperentanglement or representation of the Bell states as concatenated Greenber–Horne–Zeilinger (C-GHZ) state to provide the discrimination. We demonstrate two different approaches for complete Bell state measurement based on different types of filtration. In entangled non-demolition measurement we allocate two pairs of the states from each other as the filtration process. The approach can be based on the utilization of cubic (Kerr) nonlinearity and auxiliary mode. In semi-demolition measurement two states are unambiguously discriminated and hence destroyed; however two other states passes the filter without modification. The measurement destroys the single photon subspace in every mode and preserves the superposition of zero and two photons. It can be realized with discrete photodetection based on microresonator with atoms. Such filtration can be considered as quadratic nonlinearity just as any measurement. The most significant about this approach is that we do not transform the initial states using any type of filtration based on different nonlinearities.

Abstract: Twin-field (TF) quantum key distribution (QKD) can overcome fundamental secret-key-rate bounds on point-to-point QKD links, allowing us to reach longer distances than ever before. Since its introduction, several practical TF-QKD variants have been proposed, and some of them have already been implemented experimentally. All of them assume that the users can emit weak coherent pulses with a continuous random phase, either to generate the key, or to prove its security. In practice, this assumption is often not satisfied, which could open up security loopholes in their implementations. Here, we propose and prove the security of a TF-QKD variant that relies exclusively on discrete phase randomisation, which is easier to achieve in practice. Remarkably, our results show that it can also provide higher secret-key rates than other variants.

Abstract: Here in this poster we present two new MET-LDPC codes designed for rates 0.02 and 0.01 with even higher efficiency: β = 99.2% and β = 98.7% , respectively. We will present simulation results to demonstrate their performance. The presented codes can be used by different reconciliation strategies to increase the distance of CV-QKD.

Abstract: Since 2004 AIT has developed a software suite for QKD post processing and key routing in trusted repeater networks. This software provides a set of building blocks to integrate sifting, error estimation, error correction, confirmation, privacy amplification and information-theoretically secure message authentication. Accompanying the QKD post-processing is the Quantum Point-to-Point Protocol (Q3P) node which enforces information-theoretically secure network peer-to-peer communication for classical applications. We already reported on the support for different DV and CV-QKD protocols, and high-performance error correction using GPUs for terrestrial QKD. Here we will discuss the following new capabilities of the software * a low dependency footprint for future use on satellites, * hibernation of QKD post-processing pipelines and switching between them for key establishment with different ground terminals and satellites, * CoAP interfaces to cover demands of the control and management plane in today’s network environment, and * the port to ARM/FPGA SoC boards. The CoAP interfaces allow rapid scripting of QKD modules or AIT QKD based applications with Python or even Bash. Utilities and tools, as well as a boilerplate setup for QKD module coding projects, also support the creation of new QKD post-processing modules or QKD based user applications. The AIT QKD software is bundled with management tools, partly GUI oriented. The software is available under different license options and AIT welcomes suggestions from academic groups or industry to co-operate.

Abstract: Quantum random number generators (QRNG) are a well-studied quantum resource for information and communication technologies. Offering the randomness derived from quantum mechanical principles, QRNGs will replace current technologies of pseudo random number generation. However, prices and form factors must come down, if this technology is to feed mobile or IoT devices in the future. We present a step in this direction by realizing a QRNG in the polymer-based photonic integration platform PolyBoard.

Abstract: Emerging quantum technologies, such as quantum key distribution, increase the demand for reliable tools that enable single-photon generation, manipulation and sensing on an increasingly large scale. In the framework of integrated photonics, these needs can be fulfilled by patterning highly stable photonic devices on monolithic silicon chips in CMOS compatible processes. In this work we show how advanced single-photon detection capabilities are achieved on a silicon chip, realizing a 4x4 array of waveguide-integrated superconducting nanowire single-photon detectors (SNSPDs). Our detectors are fabricated from highly uniform superconducting NbTiN thin films in a U-shape geometry atop of silicon nitride strip waveguides [1]. The nanophotonic circuitry is interfaced with scalable 3D polymeric out-of-plane fiber-to-chip couplers [2] featuring high broadband transmission in the telecom regime. In order to address each detector individually via a separate fiber-optic channel, we precisely align a 16-channel 2D fiber array to the 4x4 coupler matrix. We evaluate the performance of our waveguide-integrated SNSPD array in a cost-efficient closed-cycle cryostat at 3.5 K. We find dark count rates below 10 Hz combined with a superior system detection efficiency of up to 50 % at 30 MHz count rate for telecom-wavelength photons. In addition, we achieve 120 ps timing jitter with a simple two-stage room-temperature amplification approach. Our detector arrays pave the way for parallelized multi-channel single-photon detection and will therewith enable ultra-fast quantum key distribution. Furthermore, our approach allows for integrating sophisticated nanophotonic devices with waveguide-coupled single-photon detectors providing additional variability and functionality.

Abstract: The OPENQKD project is currently the largest QKD-focused initiative in Europe comprising of 38 partners. The project brings together a multidisciplinary team of the leading European telecommunication equipment manufacturers, end-users and critical infrastructure providers, network operators, QKD equipment providers, digital security professionals and scientists from 13 countries to reinforce Europe’s position at the forefront of quantum communication capabilities globally. We present here the first deployment results from selected testbeds, list the demonstration sites and associated use cases. We will also provide an overview of the QKD devices built for the project and a timetable for the future deployments.

Abstract: In this work, we provide a complete, unconditional, asymptotic security analysis of DMCVQKD with four or more states. We do not need the photon-number cut-off assumption required in previous proofs. We derive inequalities that relate the result of a suitably chosen finite-dimensional optimization to the key rate. We solve the optimization numerically and utilize uniform continuity bounds to derive tight key rate lower bounds. We find that the key rates are comparable to previous conditional security proofs with the cut-off assumption, and to those achieved by Gaussian-modulated CVQKD.

Abstract: A numerical approach for the calculation of QKD key rates allows a uniform framework to be applied to general QKD protocols. Based on our group's previous work, we would like to build a universal software platform that is fully modularized and user-friendly, where one can easily swap in and out different QKD protocol descriptions, channel simulation models or experimental data, backend numerical solvers, and parameter optimization algorithms. Our goal is to build an open-source platform that can be both useful for theorists testing new protocols as well as experimentalists looking for optimal parameters or analyzing their experimental data.

Abstract: To realize highly secure communication required for sensitive personal information, quantum key distribution (QKD) was applied to a video conference system for clinical use in a field trial. We demonstrated that the system provides a QKD secured environment for discussion and for sharing screens of patient cases among medical experts. The results indicated that our QKD system’s secure key rate is sufficient for a video conference in real time. This demonstrated that QKD is applicable to video conference systems for practical use.

Abstract: Continuous variable quantum key distribution (CV-QKD) uses shot-noise limited detection for measuring the quadratures of the signal sent by Alice over the quanutm channel. Typically, the signal transmission rate is limited by the bandwidth of the detection. One of the drawbacks of CV-QKD systems is low secure key generation rate at longer transmission distances. High bandwidth detectors—which allow higher signal transmission rates—cannot improve the key generation rate as these increase the electronic noise variance. Electronic noise variance in CV-QKD systems is considered as a trusted noise source and so theoretically, it does not have a great impact on the final key rate. However, from the practical point of view, there is impact on the performance of error correction codes—such as low density parity codes (LDPC). Increased electronic noise decreases the signalto-noise ratio (SNR). Constructing LDPC at lower SNR is a bottleneck for achieving long distance CV-QKD. Multi-mode signals can improve the SNR of CV-QKD system to a significant extent. In this work, we consider a multi-mode signal based CV-QKD system where signal modes are jointly measured in order to reduce the impact of electronic noise on the SNR.

Abstract: It is shown that imperfect joints of linear birefringent fibers in a fiber interferometer may result in an uncontrolled visibility drift under varying environmental conditions even with a standard phase matching device. As an example, a double Mach –Zehnder interferometer is considered, which is employed in schemes of quantum key distribution. Results of numerical simulation demonstrate the standard deviation of QBER, which is comparable to an average QBER.

Abstract: At present, the performance of quantum digital signatures (QDSs) is limited by key generation protocols (e.g., BB84 or measurement-device-independent protocols), which are fundamentally limited in terms of channel capacity. Fortunately, the recently proposed twin-field quantum key distribution can overcome this limit. Here, we for the first time propose a twin-field QDS (TF-QDS) protocol and give a corresponding security analysis. It can not only possess the highest security among all existing QDS protocols, but also exhibit outstanding performance in terms of both signature rates and secure transmission distances. Therefore, our work represents another step towards practical implementation of QDSs.

Abstract: The random number generators (RNGs) are an indispensable tool in cryptography. Of various types of RNG method, those using radiations from nuclear decays (radioactive RNG) has a relatively long history but their security has never been discussed rigorously in the literature. In this paper and in reference [T. Tsurumaru, T. Sasaki, and I. Tsutsui, arXiv:1912.09124 [quant-ph]], we propose a new method of the radioactive RNG that admits a simple and rigorous proof of security. The security proof is made possible here by exploiting the parity (space inversion) symmetry arising in the device, which has previously been unfocused but is generically available for a nuclide which decays by parity-conserving interactions.

Abstract: Quantum money allows a bank to mint quantum money states that can later be verified and cannot be forged. Usually, this requires a quantum communication infrastructure to transfer quantum states between the user and the bank. This work combines the notion of classical verification -- introduced by Gavinsky (CCC 2012) -- with the notion of user-generated money -- introduced here -- to introduce Semi-Quantum Money, the first quantum money scheme to require only classical communication with the (entirely classical) bank. This work features constructions for both a public memory-dependent semi-quantum money scheme, based on the works of Zhandry and Coladangelo, and for a private memoryless semi-quantum money scheme, based on the notion of Noisy Trapdoor Claw Free Functions (NTCF) introduced by Brakerski et al. (FOCS 2018). In terms of technique, our main contribution is a strong parallel repetition theorem for NTCF.

Abstract: The detection-efficiency mismatch is a common problem in practical quantum key distribution (QKD) systems. The security of quantum key distribution in this case is proved only under the assumption that either the output of the sender side or the input to the receiver side are single-photon signals, which impose a restriction over the class of possible eavesdropping strategies. Here we present a security proof without such a restriction and, thus, solve this important problem and prove the security of quantum key distribution with detection-efficiency mismatch against general attacks. In particular, we propose an adaptation of the decoy state method to the case of detection-efficiency mismatch.

Abstract: We study quantum period finding algorithms such as Simon and Shor (and its variants Ekerå-Håstad and Mosca-Ekert). For a periodic function $f$ these algorithms produce -- via some quantum embedding of $f$ -- a quantum superposition $\sum_x \ket{x}\ket{f(x)}$, which requires a certain amount of output qubits that represent $\ket{f(x)}$. We show that one can lower this amount to a single output qubit by hashing $f$ down to a single bit in an oracle setting. Namely, we replace the embedding of $f$ in quantum period finding circuits by oracle access to several embeddings of hashed versions of $f$. We show that on expectation this modification only doubles the required amount of quantum measurements, while significantly reducing the total number of qubits. For example, for Simon's period finding algorithm in some $n$-bit function $f: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$ our hashing technique reduces the required output qubits from $n$ down to $1$, and therefore the total amount of qubits from $2n$ to $n+1$. We also show that Simon's algorithm admits real world applications with only $n+1$ qubits by giving a concrete realization of a hashed version of the cryptographic Even-Mansour construction. Our oracle-based hashed version of the Ekerå-Håstad algorithm for factoring $n$-bit RSA reduces the required qubits from $(\frac 3 2 + o(1))n$ down to $(\frac 1 2 + o(1))n$. In principle our hashing approach also works for the Mosca-Ekert algorithm, but requires strong properties of the hash function family. A hashed version of Mosca-Ekert with as few as $\mathcal{O}(\log n)$ qubits would imply classical polynomial time factoring. keywords: Quantum period finding, Simon, Even-Mansour, Shor, Ekerå -Håstad, Mosca-Ekert, minimizing qubits

Abstract: One-way functions are fundamental tools for cryptography. Until now, quantum one-way functions have several input-output categories such as `classical-to-classical', `classical-to-quantum' and `quantum-to-classical', which are used for post-quantum cryptography or quantum cryptography. However, there are still no intrinsic `quantum-to-quantum' quantum one-way functions. In this paper, we propose the full quantum one-way function to design full quantum cryptographic schemes. By concatenating the `quantum-classical' one-way function and the rotation operation of a single qubit, the full quantum one-way function has the input and output of quantum states. We prove its one-way property from `easy computation' and `computationally difficult to invert'. Then we apply the full quantum one-way function to quantum identity authentication. Security analysis shows that the proposed quantum identity authentication scheme based on the full quantum one-way function is secure even under active attacks.

Abstract: Quantum cryptography has developed some fundamental primitives on encryption of quantum data, such as quantum one-time pad and quantum IND (indistinguishability)-security. Compared with other terms in quantum cryptography, quantum obfuscation attracts less attention and is still in its infancy due to its difficulty in implementation and application. In this paper, we define a quantum point function and construct its obfuscation, then demonstrate the validity of applying quantum point obfuscation to quantum symmetric encryption scheme. We rigorously prove that IND-secure quantum symmetric encryption can be realized by quantum point obfuscators. Furthermore, with the properties of combinability or auxiliary inputs, a quantum point obfuscator can implement IND-CPA (indistinguishability under chosen plaintext attack)-secure quantum symmetric encryption or leakage-resilient quantum symmetric encryption, respectively. This work presents new usage of a quantum obfuscator and will complement the theory of quantum obfuscation.

Abstract: The signal of the photon must be phase modulated by Phase Modulation(PM), which plays a very important role in a continuous-variable quantum key distribution system. However, there may exits a drift of voltage in actual system. In this paper, we study the influence of the imperfect PM on the system performance of the CVQKD system. The result shows that the imperfect PM can threat the security of CVQKD system and choosing a reasonable noise module can be passively improved the security of system. We also propose a way to contain modulation noise in practical CVQKD systems.

Abstract: High-dimensional entanglement promises to increase the information capacity of photons and isnow routinely generated exploiting spatio-temporal degrees of freedom of single photons. A curiousfeature of these systems is the possibility to certify entanglement despite strong noise in the data.We show that it is also possible to exploit this noisy entanglement by introducing a protocol thatuses mutliple subspaces of the high-dimensional system simultaneously. Our protocol can be used toincrease key rates in realistic conditions. To that end, we conduct two simulations of our protocol fornoise models that apply to the two most commonly used sources of high-dimensional entanglement:time-bins and spatial modes.

Abstract: Quantum private information retrieval (QPIR) is a protocol that a user retrieves one of f files from non- communicating n servers by downloading quantum systems without revealing the identity of the target file. As variants of the QPIR with stronger security requirements, the symmetric QPIR is a protocol that the files except for the target file are not leaked to the user, and the t-private QPIR is a protocol that the identity of the target file is kept secret even if at most t servers may collude to reveal the identity. The QPIR capacity is the maximum ratio of the one file size to the size of downloaded quantum systems, and we prove that the symmetric t-private QPIR capacity is min{1, 2(n − t)/n} for any 1 ≤ t < n. We construct a capacity-achieving QPIR protocol by the stabilizer formalism and prove the optimality of our protocol. The proposed capacity is greater than the classical counterpart.

Abstract: MACsec (Media Access Control Security) is an IEEE 802.1AE standard for secure communication on Ethernet links. MACsec ensures the confidentiality, integrity and origin authenticity of Ethernet frames. The secrecy of MACsec stems from a root key that is either configured as a pre-shared key or derived from a mutual authentication protocol. However, both methods are not ideal because such root key may be disclosed by human mistakes or broken by quantum attacks. In this paper, we investigate QKD (quantum key distribution) as an alternative source of trust for MACsec. QKD can be used as either a root key provider or a session key generator. We develop a new key exchange protocol based on QKD for Ethernet networks. We verified by experiment that QKD could be well integrated into MACsec without performance degradation.

Abstract: In a quantum money scheme, a bank can issue money that users cannot counterfeit. Similar to bills of paper money, most quantum money schemes assign a unique serial number to each money state, thus potentially compromising the privacy of the users of quantum money. However in a quantum coins scheme, just like the traditional currency coin scheme, all the money states are exact copies of each other, providing a better level of privacy for the users. A quantum money scheme can be private, i.e., only the bank can verify the money states, or public, meaning anyone can verify. In this work, we propose a way to lift any private quantum coin scheme -- which is known to exist based on the existence of one-way functions, due to Ji, Liu, and Song (CRYPTO'18) -- to a scheme that closely resembles a public quantum coin scheme. Verification of a new coin is done by comparing it to the coins the user already possesses, by using a projector on to the symmetric subspace. No public coin scheme was known prior to this work. It is also the first construction that is very close to a public quantum money scheme and is provably secure based on standard assumptions. The lifting technique when instantiated with the private quantum coins scheme, due to Mosca and Stebila 2010, gives rise to the first construction that is very close to an inefficient unconditionally secure public quantum money scheme.

Abstract: Private information retrieval (PIR) is a database query protocol that provides user privacy, in that the user can learn a particular entry of the database of his interest but his query would be hidden from the data centre. Symmetric private information retrieval (SPIR) takes PIR further by additionally offering database privacy, where the user cannot learn any additional entries of the database. Unconditionally secure SPIR solutions with multiple databases are known classically, but are unrealistic because they require long shared secret keys between the parties for secure communication and shared randomness in the protocol. Here, we propose using quantum key distribution (QKD) instead for a practical implementation, which can realise both the secure communication and shared randomness requirements. We prove that QKD maintains the security of the SPIR protocol and that it is also secure against any external eavesdropper. We also show how such a classical-quantum system could be implemented practically, using the example of a two-database SPIR protocol with keys generated by measurement device-independent QKD. Through key rate calculations, we show that such an implementation is feasible at the metropolitan level with current QKD technology.

Abstract: Solid-state quantum light sources emitting triggered single photons or entangled photon pairs have the potential to boost the performance of quantum key distribution (QKD) systems. Proof-of-principle experiments affirmed these prospects, but further efforts are necessary to push this field beyond its current status. In this work, we report on tools for the performance optimization of QKD systems using single-photon sources (SPSs). For this purpose, we developed a basic QKD testbed comprising a triggered solid-state single-photon source and a receiver module designed for four-state polarization coding via the BB84 protocol. Exploiting temporal filtering of the signal acceptance time window in a two-dimensional parameter space we analyze the sifted key fraction and the quantum bit error ratio (QBER) expected in in full implementations of QKD. Furthermore, we demonstrate real-time security monitoring by analyzing the QBER and the photon statistics, in terms of g(2)(\tau), inside the quantum channel in real-time during the key distribution process. This is achieved by correlating the photon flux recorded at the four ports of our receiver. Our findings can be directly applied and extended for advanced schemes of quantum communication representing an important contribution towards the development of QKD-secured communication networks based on quantum light sources.

Abstract: In the age of measurement-device-independent quantum key distribution (MDI QKD) and twin- field QKD (TF QKD), the source units of these QKD schemes may become a new ``Achilles' heel" of the whole system. An adversary, Eve, can conduct various attacks on the sources by injecting lasers, whose power is limited by the laser-induced damage threshold of the quantum channel. Such an amount of power may modify the characteristics of components in a source. In this work, we study possible components to protect the source from the light-injected attacks, i.e., Trojan-horse attack, the laser-seeding attack, and the laser-damage attack. Experimental testing shows that fiber-optics isolators and circulators are good passive countermeasures because they sacrifice themselves' isolation under a high-power laser to protect other components behind them. Moreover, we find that illuminated by the high-power laser, integrated photonics QKD chips only lose the transmission of the coupler before any other change happens for the other components in the chips.

Abstract: We reverse-engineer, test and analyse hardware and firmware of the commercial quantum-optical random number generator Quantis from ID Quantique. We show that > 99% of its output data originates in physically random processes: random timing of photon absorption in a semiconductor material, and random growth of avalanche owing to impact ionisation. We have also found minor non-random contributions from imperfections in detector electronics and an internal processing algorithm. Our work shows that the design quality of a commercial quantum-optical randomness source can be verified without cooperation of the manufacturer and without access to the engineering documentation.

Abstract: We present a composably secure protocol allowing n parties to test an entanglement generation resource controlled by a possibly dishonest party. The test consists only in local quantum operations and authenticated classical communication once a state is shared among them and provides composable security, namely it can be used as a secure subroutine by n honest parties within larger communication protocols to test if a source is sharing quantum states that are at least Ɛ-close to the GHZ state. This claim comes on top of previous results on multipartite entanglement verification where the security was studied in the usual game-based model. Here, we improve the protocol to make it more suitable for practical use in a quantum network and we study its security in the Abstract Cryptography framework to highlight composability issues and avoid hidden assumptions. This framework is a top-to-bottom theory that makes explicit any piece of information that each component (party or resource) gets at every time-step of the protocol. Moreover any security proof, which amounts to showing indistinguishability between an ideal resource having the desired security properties (up to local simulation) and the concrete resource representing the protocol, is composable for free in this setting. This allows us to readily compose our basic protocol in order to create a composably secure multi-round protocol enabling honest parties to obtain a state close to a GHZ state or an abort signal, even in the presence of a noisy or malicious source. Our protocol can typically be used as a subroutine in a Quantum Internet, to securely share a GHZ state among the network before performing a communication or computation protocol.

Abstract: Characterising the input-output photon-number distribution of an unknown optical quantum channel is an important task especially in the case of quantum cryptography. In practice, this would require true photon number sources and photon-number-resolving detectors, but these technologies are still work-in-progress. In this work, we propose an efficient technique called double-decoy method which can provide relevant partial information of the input-output photon-number distribution, including the fraction of events in which the unknown quantum channel accepts and outputs a single photon. These detections correspond to events in which the transmitted single photon survives a basis-independent filter just before the measurement. We apply the double-decoy method to quantum key distribution (QKD) and show that it can substantially reduce the background noise and systematic error at the privacy amplification level, thereby improving the current secret key rate and achievable distance for standard QKD protocols. We also believe that several applications beyond cryptography will benefit from this technique.

Abstract: To reduce the frame error rate of polar-based information reconciliation (IR) scheme with high reconciliation efficiency, we propose the Shannon-limit approached (SLA) IR scheme, in which the block checked decoder of polar code is proposed to determine the error sub-blocks in the forward reconciliation and the errors are corrected in the acknowledgment reconciliation. And the experimental results show that the SLA IR scheme reduces the $\varepsilon$-correctness to $10^{-8}$ and improves the efficiency to better than 1.091 with the IR block size of 128Mb. Otherwise, the SLA IR scheme reaches the efficiency of 1.055 with the quantum bit error rate (QBER) of 0.02, when the block length reaches to 1Gb, which is hundred times larger than the state-of-art implemented polar codes-based IR schemes and further reduce the finite length effect.

Abstract: When wavelength multiplexing a large number of quantum communication channels and time-phase coding is used, it’s desired in terms of cost and complexity to minimize the number of interferometers. Here, we demonstrate that a visibility sufficiently high to enable QKD operation can be maintained with only a single interferometer at the receiver and without the need for additional high frequency phase modulation.

Abstract: We have come a long way since the first implementation of a quantum key distribution (QKD) system and various attacks have been demonstrated, such as the Trojan Horse Attack (THA). In this attack, the eavesdropper Eve gains information by analysing the back-reflections of light she shines into the QKD system. Almost all attacks have been demonstrated on devices based on fibre components. However, the first chip-scale QKD devices are being developed now, utilising the small size of integrated optics, the stability of the optical system and the ease at which it can be mass-produced, showing great commercial potential. Here we discuss a THA on chip-scale QKD. First, points of reflection in a QKD transmitter chip were found via a reflectometry. Based on this we give an experimental set-up to implement a THA which would give Eve access to 50% of the key. Full experimental results of this attack are expected in the next two to three months.

Abstract: Quantum state elimination measurements tell us what states a quantum system does not have. This is different from state discrimination, where one tries to determine what the state of a quantum system is, rather than what it is not. Apart from being of fundamental interest, quantum state elimination may find uses in quantum communication and quantum cryptography. We consider unambiguous elimination of a pair of quantum states, and present a possible optical realisation of the scheme.

Abstract: Recently, major progress has been made towards the realisation of the quantum internet to enable a broad range of applications that would be out of reach for classical internet. Most of these applications such as delegated quantum computation require running a secure identification protocol between a low-resource and a high-resource party to provide secure communication. Physical Unclonable Functions (PUFs) have been shown as resource-efficient hardware solutions for providing secure identification schemes in both classical and quantum settings. In this work, we propose two identification protocols based on quantum PUFs (qPUFs) as defined recently by Arapinis et al. In the first protocol, the low-resource party wishes to prove its identity to the high-resource party and in the second protocol, it is vice versa. Unlike existing identification protocols based on Quantum Read-out of PUFs which rely on the security against a specific family of attacks, our protocols provide provable exponential security against any Quantum Polynomial-Time adversary with only polynomial resource parties. We provide a comprehensive comparison between the two proposed protocols in terms of resources such as quantum memory and computing ability required in both parties as well as the communication overhead between them. A stand-out feature of our second protocol is secure identification of a high-resource party by running a purely classical verification algorithm. This is achieved by delegating quantum operations to the high-resource party and utilising the resulting classical outcomes for identification. An interesting application idea that emerges from our second protocol is certification or benchmarking of general quantum computation schemes based on purely running a classical test on the resulting measurement outcomes.

Abstract: In this research, we study different approaches to construct Key Generation and Distribution Schemes using Quantum Key Distribution systems. Three schemes are proposed and analyzed. The main question to answer is what happens if a part of the newly shared key is used for authentication while sharing other keys? We consider several attacks, their complexity and probability. It is shown that a hybrid approach, when authentication keys are derived from a mixture of pre-shared keys and key from QKD protocol, is more advantageous.

Abstract: Our ability to trust that a random number is truly random is essential for fields as diverse as cryptography and fundamental tests of quantum mechanics. Device-independent quantum random number generators (QRNGs) provide a means of completely trusted randomness, but are highly impractical due to their strict technological requirements, such as loophole-free quantum nonlocality. By making fixed assumptions on specific parts of the device, semi-device-independent QRNGs lower these requirements drastically. However, this {has usually been} done at the cost of limiting their flexibility and security to a specific physical implementation and level of trust. Here we propose and experimentally test a new framework for semi-device-independent randomness certification that employs a flexible set of assumptions, allowing it to be applied in a range of physical scenarios involving both quantum and classical entropy sources. At the heart of our method lies a source of trusted vacuum in the form of a signal shutter, which enables the honesty of partially trusted measurement devices to be tested and provides lower bounds on the guessing probability of their measurement outcomes. We experimentally verify our protocol with a photonic setup and generate secure random bits under three different source assumptions with varying degrees of security and resulting data rates. Our work demonstrates a simple and practical way for achieving semi-device-independent randomness generation with user-defined flexibility in terms of levels of trust and physical implementations.

Abstract: Quantum key distribution (QKD) contrasts with classical cryptographic methods because it provides information-theoretical security on the distilled key. In some security demanding contexts, the perfect confidentiality that can be obtained with QKD combined with One-Time-Pad, may be insufficient. This will be in particular the case if the mere existence of communication can divulge crucial information. Performing QKD covertly solves this by insuring low probability of detection for the QKD signal states. We study here for the first time Covert continuous variable (CV) QKD. We establish, in the general case of a thermal noise channel, that the covertness conditions impose drastic limits to the performance of such protocols. We then propose an original solution to overcome this limitation by performing a computationally-secure coherent block encoding, analogous to spread spectrum, to the signal pulses of a Gaussian modulated coherent state CV-QKD protocol. The resulting protocol provides covertness, under computational assumptions while preserving the information-theoretical security on the final QKD key. We show that our method enables QKD over realistic WDM environments such as a 30 km optical backbone populated by 25 standard channels.

Abstract: We consider a device-independent scenario where N parties test the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality. By exploiting the inequality’s symmetries, we drastically simplify the general form of the quantum state that can be considered, without loss of generality. We then derive an upper bound on the maximal violation of the MABK inequality attained by an arbitrary N-qubit state, as a function of the state’s parameters. The two results enable us to derive analytical bounds on the von Neumann entropy of the parties’ outcomes, conditioned on the eavesdropper’s information. These quantities are crucial for the security of many cryptographic protocols and better bounds lead to more robust protocols. In particular, we bound the conditional entropy of a single party’s outcome and the joint conditional entropy of two parties’ outcomes, as a function of the MABK violation observed by three parties. We extend the former bound to N parties and prove its tightness, while we observe that the latter significantly improves previous results.

Abstract: With the emergence of quantum communication, it is of folkloric belief that allowing an Adversary to perform superposition queries to otherwise classical cryptographic protocols and forcing the honest players to perform actions coherently on quantum states automatically breaks the schemes' security. Another intuition is that enforcing measurements on the exchanged messages is enough to protect protocols from these attacks. However, the reality is much more complex. The security models dealing with superposition attacks only consider unconditional security. The first seminal papers date back to 1997 and prove the impossibility of unconditionally-secure bit-commitment schemes. Follow-up works heavily rely on this assumption of unconditional security to prove strong impossibility results and their proof techniques cannot be applied to the computational setting. They essentially indicate that ideal primitives should in fact measure the input state. On the opposite, security models considering computational security assume that all supposedly classical messages are measured, which forbids by construction the analysis of superposition attacks. To fill in the gap between those models, Boneh and Zhandry have started to study the quantum computational security for classical primitives in their seminal work at Crypto'13, but only in the single-party setting. To the best of our knowledge, an equivalent model in the multiparty setting is still missing. In this work, we propose the first computational security model considering superposition attacks for multiparty protocols. We show that our new security model is satisfiable by proving the security of the well-known One-Time-Pad protocol and show an attack on a variant of the equally reputable Yao Protocol for Secure Two-Party Computations. The post-mortem of this attack reveals the precise points of failure, yielding highly counter-intuitive results: The attack vector consists of a (classically) seemingly inoffensive message and a measurement performed by the honest player. This example shows that adding extra classical communication, which is harmless for classical security, can make the protocol become subject to superposition attacks. Our results show that intuitions can be misleading when reasoning about cryptographic protocols in a quantum world, and that there is no evident answer to provide for either the vulnerabilities of classical protocols to superposition attacks or the adapted countermeasures.

Abstract: Bitcoin and its underlying blockchain protocol have received recently significant attention in the context of building distributed systems as well as from the perspective of the foundations of the consensus problem. At the same time, the rapid development of quantum technologies brings the possibility of quantum computing devices from a theoretical concept to an emerging technology. Motivated by this, in this work we revisit the formal security of the core of the Bitcoin protocol, called the Bitcoin backbone, in the presence of an adversary that has access to a scalable quantum computer. We prove that the protocol’s essential properties stand in the post-quantum setting assuming a general quantum adversary with suitably bounded number of queries in the Quantum Random Oracle (QRO) model. In order to achieve this, we investigate and bound the quantum complexity of a Chain-of-Proofs-of-Work search problem which is at the core of the blockchain protocol. Our results imply that security can be shown by bounding the quantum queries so that each quantum query is worth O(p^{−1/2}) classical ones and that the wait time for safe settlement is expanded by a multiplicative factor of O(p^{−1/6}), where p is the probability of success of a single classical query to the protocol’s underlying hash function.

Abstract: We initiate a systematic study to provide upper bounds on device-independent key, secure against a non-signaling adversary (NSDI), distilled by a wide class of operations, currently used in both quantum and non-signaling device-independent protocols. These operations consist of a direct measurements on the devices followed by Local Operations and Public Communication (MDLOPC). We formulate a security condition for the considered class of protocols, that is based on the newly introduced non-signaling norm. This norm takes supremum over certain operations, that can be used to discriminate devices. It is shown that the security condition based on this norm, is equivalent to two security conditions present in the literature. We employ the idea of ``squashing" on the secrecy monotones, which provide upper bounds on the key rate in secret key agreement (SKA) scenario, and show that squashed secrecy monotones are the upper bounds on NSDI key. As an important instance, an upper bound on NSDI key rate called ``squashed non-locality", has been constructed. It exhibits several important properties, including convexity, monotonicity, and additivity on tensor products. Using this bound, we identify numerically a domain of two binary inputs and two binary outputs non-local devices for which the squashed non-locality is zero. Therefore one can not distill key from them via MDLOPC operations. These are mixtures of Popescu-Rohrlich (PR) and anti-PR box with the weight of PR less than 80%. This example confirms the intuition that non-locality need not imply secrecy in the non-signaling scenario. The approach is general, describing how to construct other tighter yet possibly less computable upper bounds. Our technique for obtaining upper bounds is based on the non-signaling analog of quantum purification: the complete extension. This extension provides the ultimate eavesdropping power with the minimal consumption of eavesdropper's memory and, as we prove, yields equivalent security conditions as previously known in the literature.

Abstract: By making reasonable assumptions on realistic systems, we propose and implement the first ultra-high-speed CHSH experiment working at 40GHz demonstrating a gigabit quantum certified random number throughput. Moreover, our scheme is suitable for optical chip design since it only requires standard optical components and balanced detectors. Furthermore, our scheme paves the way for the promising research direction to utilise noisy detectors for quantum system construction, which might be helpful for certain noise-sensitive applications, e.g. quantum sensing and quantum computing.

Abstract: We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations.

Abstract: we propose a synchronization method that do not need additional modulation devices and can synchronize under phase shifts. It can be used in passive preparation CVQKD schemes that are inconvenient to add synchronization frames into key strings by modulation devices.

Abstract: Large-scale and flexible deployment of quantum networks is possible with reliable free-space quantum key distribution. However, signal fading occurs in free-space channels and causes various adverse effects. Under this circumstance, phase compensation becomes a challenging task for quantum key distribution using continuous variables. Here we investigate the feasibility of implementing phase compensation via simply computing the correlation between transmitted and received data. Demonstration and performance analysis are conducted with real transmittance of a 150-m free-space fading channel; results indicate the applicability of this compensation scheme to free-space quantum communication systems.

Abstract: The finite-key security of the standard three-intensity decoy-state quantum key distribution QKD) protocol in the presence of information leakage has been analyzed (Wang et al. in New J Phys 20:083027, 2018). On the other hand, the 1-decoy state QKD protocol has been proved to be able to achieve higher secret key rate than the three-intensity decoy-state QKD protocol in the finite-key regime by using only two different intensity settings (Davide et al. in Appl Phys Lett 112:171104, 2018). In this work, we analyze the finite-key security of the 1-decoy state QKD protocol with a leaky intensity modulator, which is used to generate the decoy state. In particular, we simulate the secret key rate under three practical cases of Trojan-horse attacks. Our simulation results demonstrate that the 1-decoy state QKD protocol can be secure over long distances within a reasonable time frame given that the intensity modulator is sufficiently isolated. By comparing the simulation results to those presented in Wang et al. (2018), we find that, as expected, the 1-decoy state QKD protocol is more robust against information leakage from the intensity modulator for all achievable distances.

Abstract: We developed a system for real-time transmission of genome sequence data using quantum cryptography and have succeeded in the quantum cryptography transmission of genome sequence data with data volumes exceeding several hundred gigabytes. This demonstrated that quantum cryptography can transmit large amounts of data and has practical applications in the fields of genomic research and genomic medicine.

Abstract: Free-space quantum key distribution (QKD) is a promising solution for secure communication between two remote parties through free space. Due to the possibility of free space communication, in general, the application candidates of free space QKD are focused on secure communication between moving terminals. Such applications have characteristics such as moving position, outside operation, and limited internal space and power consumption. First, the moving position of a terminal needs active compensation of a shared reference between transmitter and receiver because general QKD protocols requires a shared reference frame, i.e., polarization reference in a QKD protocol using polarization encoding. This can be solved by using reference frame independent (RFI) QKD. Second, the outside operation brings intensive noise issue caused by the sun light which significantly degrades the performance of free-space QKD. The change of operating wavelength of QKD to 1550-nm and single mode fiber coupling can significantly alleviate the noise issue. Finally, the limitation of internal space requires to chip scale implementation. The use of 1550-nm wavelength provides comparability of integrated (silicon) photonic chips which is already studied in the fiber based QKD. In this paper, we provide a 1550-nm free-space RFI QKD system which incorporates the aforementioned solutions while the previous free-space RFI QKD is realized with visible wavelength. We also shows that our system achieves about 0.8% quantum bit error rate (QBER) without additional blocking out external light to the receiver through single mode fiber coupling. This low QBER indicates the possibility of daylight free-space QKD.

Abstract: We consider passive eavesdropping in continuous-variable quantum key distribution (CV-QKD) over atmospheric turbulence channels. We study the effect of turbulence in creating independent channels from Alice to Bob and Eve, and examine the performance of transmitted local oscillator (TLO) and local local oscillator (LLO) based CV-QKD system.

Abstract: Free-space quantum key distribution (QKD) has received an increasing attention for its inherent secure communication between two remote systems. Most of the free-space QKD systems require integration of various signals such as quantum and beam tracking channels with different wavelengths into the same optical path for beam tracking. The beam tracking system, consisting of fast steering mirrors and position detectors, maintains optical beam path by adjusting the misalignments induced by moving terminals, vibrations and atmospheric turbulence in the free-space QKD system. Most QKD systems use dichroic mirrors for combining and separating quantum and beam tracking channels through free-space alignment. However, integration of such channels in free-space could require a large volume space, much alignment effort for mode overlap and can be easily affected by mechanical shock. In this paper, we report the effect of using a fiber-based wavelength division multiplexing (WDM) filter for integrating the quantum and beam tracking channels in free-space QKD systems. A custom-made WDM filter was used in the transmitter part of the free-space BB84 QKD system, combining a 785 nm signal for quantum channel and a 1550 nm signal for beam tracking channel. HI780 fiber was selected for common output port of the device to maintain the orthogonality of polarization states and beam quality of the quantum channel. Although 1550 nm signal can suffer from the insertion and bending loss caused by smaller core size of the HI780 fiber, we could reduce the loss as low as 1.4 dB by designing the fiber with length within about 15 cm, well straightened. We could also obtain good beam quality and mode overlap of the quantum and beam tracking channels by using the common output port of the WDM filter.

Abstract: Quantum Key Distribution (QKD) over a free-space channel is challenging due to inefficient coupling of received signals to the detection system. A narrow detector cross-section, such as with fibre coupling to a telescope, reduces the field of view (FOV) and thus increases the loss due to atmospheric turbulence. A larger detector cross-section increases the FOV; however, the corresponding increase in background noise also increases the QBER associated with a Discrete Variable (DV) QKD system. On the contrary, Continuous Variable (CV) QKD systems are highly tolerant to background noise, but their performance is still limited by the channel loss. The FOV of the receiver is defined as the area expressed in solid angle from which the detector can accepts signal. A simple geometrical analysis reveals FOV as $\Theta = 2\tan^{-1}(d/2F)$, where $d$ is the detector diameter and $F$ is the effective focal length of the receiver telescope. With a large-area detector, one can design the signal collection optics, such that the FOV of the telescope with a given aperture can be larger. In this work, we present a larger FOV receiver system for CVQKD which reduces the channel loss due to beam wandering and atmospheric turbulence. We will describe the performance of the receiver system in terms of shot-noise sensitivity, loss reduction and enhancement in secure key rate, compared to a typical fibre-coupled receiver system.

Abstract: The transition of Quantum Technologies (QT) being no longer pure basic research but touching applied fields with emerging products is companied by requests for standardization and certification. The call of the markets requesting products based on QT will require alignment of QT products to match not only the need for standards but also the proof to fulfil certification procedures. We will isolate and identify the most promising candidates for this endeavour and by listing challenges, obstacles and dependencies we will propose a strategy and envision a standardization roadmap

Abstract: Twin-Field quantum key distribution (TF-QKD) can beat the linear bound of repeaterless QKD systems. After the proposal of the original protocol, multiple papers have extended the protocol to prove its security. However, these works are limited to the case where the two channels have equal amount of loss (i.e. are symmetric). In a practical network setting, it is very likely that the channels are asymmetric due to e.g. geographical locations. In this work we extend a version of the TF-QKD protocol to the scenario with asymmetric channels. We show that by simply adjusting the two signal states of the two users (and not necessarily the decoy states) they can effectively compensate for channel asymmetry and consistently obtain higher key rate than either using no compensation or using the strategy of deliberately adding fibre to the shorter channel. We perform simulation with realistic parameters and finite data size, and show that our method works well and has a clear advantage over prior art methods in the presence of channel asymmetry.

Abstract: We propose a high efficiency reconciliation method for continuous-variable quantum key distribution over free-space channel based on rate compatible codes, which achieves stable reconciliation efficiency of more than 95% under the fluctuation of the SNR (as low as -16 dB).

Abstract: Quantum key distribution (QKD) is designed to establish symmetric keys among two legitimate parties. Continuous variable (CV) QKD that uses the coherent states and homodyne detection can only apply the cost-effective telecommunication components[1]. The field test of CV-QKD has reached over 50 km[2], and under the laboratory conditions, experimental demonstration of over 200km has been reported [3], thus, has revealed great potentials in practical implementations. The access network that allows multitude end-users to connect to the nodal network is a necessary in the modern network infrastructure since it is suitable for general home-to-home scenarios. Quantum access network was first proposed [4] and demonstrated in field tests [5] for discrete variable QKD. Here, we report an upstream access network based on CV-QKD. In our experimental demonstrations, two transmitters Alice are deployed as optical network units that simultaneously send signals to the network, the receiver Bob is acted as the optical line terminal. The optical distribution network is located between the optical network units and the optical line terminal to couple the signals. The signals generated from each optical network unit are required to pass through a variable delay line to calibrate the arriving time at the optical distribution network before being transmitted. The signals are then simultaneously sent to the optical distribution network through fibers of 5.3 km and 12.3 km respectively. When the signals approach to the optical distribution network, dynamic polarization control modules are firstly applied in each path to pre-compensate the polarization. The signals are then coupled through a beamsplitter and forwarded to the optical line terminal. With a system repetition frequency of 2.5 MHz, we obtain the averaged secret key rates of 55 kbps and 22 kbps for Alice No. 1 and Alice No. 2 respectively. The total secret key rates has reached 77 kbps which suggests a higher network capacity. The excess noise is relatively stable, yet there are small fluctuations in the secret key rates. To one step further reduce the loss, the wavelength division multiplexing devices can be used at the optical distribution network. This is especially beneficial when the quantum signal has to co-propagate with classical data channels in the same fiber [6,7]. The upstream access network implementations can be easily extended to a higher repetition frequency system or to support more users. The demonstration experiments provide the possibility of building practical large-scale CV-QKD networks. This work is supported by the Key Program of National Natural Science Foundation of China under Grants No. 61531003, and the Fund of CETC under Grant No. 6141B08231115. References 1. C.Weedbrook, S. Pirandola, R. Garc´ıa-Patr´on, N. J. Cerf, T. C. Ralph, J. H. Shapiro and S. Lloyd, Gaussian quantum information, Rev. Mod. Phys. 84, 621 (2012). 2. Y. Zhang, Z. Li, Z. Chen, C. Weedbrook, Y. Zhao, X. Wang, Y. Huang, C. Xu, X. Zhang, Z. Wang, M. Li, X. Zhang, Z. Zheng, B. Chu, X. Gao, N. Meng,W. Cai, X.Wang, G.Wang, S. Yu and H. Guo, Continuous- variable QKD over 50 km commercial fiber, Quantum Sci. Technol. 4, 035006 (2019). 3. Y. Zhang, Z. Chen, S. Pirandola, X. Wang, C. Zhou, B. Chu, Y. Zhao, B. Xu, S. Yu and H. Guo, Long- distance continuous-variable quantum key distribution over 202.81 km fiber, arXiv:2001.02555 (2020). (Accepted by Phys. Rev. Lett.) 4. B. Fr¨ohlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan and A. J. Shields, A quantum access network, Nature 501, 69-72 (2013). 5. B. K. Park, M. K. Woo, Y. S. Kim, Y. W. Cho, S. Moon and S. W. Han, User-independent optical path length compensation scheme with sub-nanosecond timing resolution for a 1* N quantum key distribution network system, Photon. Res. 8, 296 (2020). 6. T. A. Eriksson, T. Hirano, B. J. Puttnam, G. Rademacher, R. S. Lu´ıs, M. Fujiwara, R. Namiki, Y. Awaji, M. Takeoka, N. Wada and M. Sasaki, Wavelength division multiplexing of continuous variable quantum key distribution and 18.3 Tbit/s data channels, Commun. Phys. 2, 9 (2019). 7. B. Chu, Y. Zhang, Y. Zhao, Y. Xu, X. Chen, X. Wang and S. Yu, Crosstalk-induced impact of coexisting DWDM network on continuous-variable QKD, 16th International Conference on the Design of Reliable Communication Networks DRCN, Milano, Italy, pp. 1-5 (2020).

Abstract: We report the polarization-multiplexed CV-QKD with four-state modulation capable of full use of two orthogonal polarization channels and experimentally investigate it. We design a polarization and phase compensation scheme by introducing a pair of rather than one single regularly spaced reference data timemultiplexed with weaker signal data. The polarization mixing and relative phase can be estimated simultaneously by using the transmitted reference data and the corresponding detection data to calculate a overall rotation matrix, and compensated by rotating Bob's received data. The results show that combined with our efficient polarization and phase compensation scheme this low-complexity scheme can further improve the secret key rate and prompt CV-QKD to be network-compatible and on-chip integrated.