Abstracts
Kyung Soo Choi
Coherent control of entanglement with atomic ensembles
Quantum networks are composed of quantum nodes
which coherently interact by way of quantum channels.
They offer powerful capabilities for quantum computation,
communication, and metrology. A generic requirement
for these realizations is the capability to store and process
quantum states among multiple quantum nodes, and
to disseminate their resources throughout the network
by way of quantum channels. Here we describe a series
of recent experiments where single excitations in atomic
ensembles are collectively coupled to optical modes, and
provide efficient means for the coherent transfer of
entangled states between matter and light.
Joint work with Jeff Kimble.
Slides:
Matthias Christandl
The Uncertainty Principle in the Presence of Quantum Memory
Quantum mechanical uncertainty relations provide bounds on the minimum uncertainties about the outcomes of two alternative measurements applied to the same quantum state. In this paper, we prove an entropic uncertainty relation which, in contrast to known such relations, is valid in the context of quantum side information. It strengthens and extends the entropic uncertainty relation of Maassen and Uffink [Phys. Rev. Lett. 60, 1103 (1988)] and also implies an inequality recently conjectured by Boileau and Renes [Phys. Rev. Lett. 103, 020402 (2009)].The proof uses the formalism of smooth quantum entropies.
Slides:
Marcos Curty
Implementation of two-party protocols in the noisy-storage model with decoy states
We provide a guideline for the practical implementation of two-party
protocols in the noisy-storage model based on the use of decoy states. In
particular, we
present explicit security parameters for an experimental setup where the
honest parties use decoy states in combination with practical threshold
detectors showing finite detection efficiencies and noise in the form of
dark counts.
Moreover, we propose a simple method for passive preparation of decoy signals using phase-randomized weak coherent pulses. This method involves only linear optics together with a photo-detector. The resulting performance is comparable to the one delivered by an active decoy-state scheme with an infinite number of decoy settings.
Joint work with S. Wehner, C. Schaffner, H.-K. Lo, T. Moroder, N. Lütkenhaus, X. Ma and B. Qi.
Slides:
Nilanjana Datta
Capacities of arbitrary quantum channels
Capacities of quantum channels were originally evaluated under the assumption
that channels were memoryless, and that they were available for asymptotically
many uses. Here we lift these assumptions, since they are not necessarily valid
in real-world applications. We first consider quantum capacities
of channels for a finite number of uses -- the so-called {\em{one-shot capacities}}.
We then evaluate both the asymptotic quantum capacity, and an upper bound to the
strong converse rate, for an arbitrary sequence of channels (possibly with memory).
Finally, to overcome possible uncertainties in the precise knowledge of the channel,
we prove universal coding theorems.
Slides:
Christopher Erven
Recent Result
Slides:
Serge Fehr
Oblivious Transfer and Identification in the Bounded-Quantum-Storage Model
I will present quantum cryptographic schemes for two distinguished cryptographic tasks: oblivious transfer (OT) and password-based identification (ID). OT is of fundamental importance to modern theoretical cryptography; ID, on the other hand, is obviously of practical relevance. With our ID scheme it is possible to prove knowledge of a password (or PIN) without giving away any information on it. Specifically, our ID scheme guarantees that if you prove knowledge of your password to a legitimate verifier V then V will be convinced that you indeed know the correct password; however, if you prove knowledge of your password to a malicious adversarial verifier V' then V' remains completely ignorant of what your password is.
The execution of our quantum cryptographic schemes for OT and ID involves the generation, transmission and measurement of single qubit states (for instance in the form of polarized photons), as well as a suitable classical post-processing of the information obtained that way. The schemes are (or can be made) robust against imperfect devices, and as such can be implemented with current technology.
Both schemes can be rigorously proven secure in the bounded quantum storage model. In this model, it is assumed that the adversary, which tries to break the scheme, can only store quantum states of limited size. This assumption is motivated by the apparent technological hardness of reliably storing large quantum states. Beyond the limitation on his quantum storage capacity, the adversary is merely limited by the laws of quantum mechanics and may for instance have unbounded computing power and unbounded classical memory.
If time permits, I will give a brief outline of the security proof, which is based on a high-order entropic quantum uncertainly relation.
Slides:
Mark Godfrey
Compact and low cost quantum secret key growing for consumer transactions
We present a low cost free-space quantum cryptography system, complete with purpose-built software that can operate in daylight conditions. The system is designed to eventually work in applications where a consumer can regularly ‘top up’ a store of secrets for use in a variety of protocols.
The transmitter and receiver modules are built using inexpensive off-the-shelf components and are both compact allowing the expansion of a shared secret key store over a short range between a handheld transmitter and a stationary receiver unit. This system would allow the consumer to ‘top-up’ their secret key store in a portable device such as a mobile phone at every visit to a secret generating portal which could be simply a bank ATM.
The current design is presented showing results of error rate and secret bit yield at varying background light levels. We also discuss the improvements and work-in-progress at Bristol where we are developing an FPGA solution to the transmitter and receiver units in order to make the system stand-alone. Finally, some recent results will be presented of the modifications that should allow composable expansion of the secret key store in an acceptable time frame, taking into account finite key corrections.
Joint work with A. Lynch, D. Lowndes, R. Nock, J. Duligall, J. Rarity, B. Munro and K. Harrison.
Slides:
Richard Hughes
Quantum communications: experimental implementation challenges and solutions
In the 19 years since the first laboratory demonstration of quantum
communications by Bennett, Brassard and collaborators, researchers have
extended the transmission range to well over 100km in both optical fiber and
in free-space, as well as to high background environments including
daylight. In my talk I will review the key challenges in experimental
implementation of quantum communications, with emphasis on: wavelength plan,
link acquisition, timing and synchronization, detectors, random number
generation, conventional bandwidth and computational requirements, and
security. I will illustrate these points with examples from experiments
performed by my team in both free-space and in optical fiber.
Masato Koashi
Complementarity approach to quantum key distribution and quantum correlations
Complementarity is one of the fundamental properties of quantum
mechanics, which prohibits the control of both of a pair of physical
quantities even if either one alone is accessible. This property is
useful in understanding the relation between quantum communication
and secret communication. It gives a simple explanation why basic
quantum key distribution protocols are secure against any
eavesdropping attack. The imperfection in the final secret key is
determined through the failure probabilities of a pair of
complementary tasks, which have a clear operational meaning. It also
serves as a powerful tool for proving the security under the use of
practical imperfect devices. Finally, it gives a comprehensive
understanding of how quantum correlations provide the ability of
secret communication, since one can prove that for every case in
which a secret key is obtained though quantum communication, there
exists an explanation in terms of complementarity. Comparison to
entanglement measures such as distillable entanglement and
entanglement cost gives us a further insight into the quantitative
relation among various facades of genuinely quantum correlations.
Slides:
Robert Koenig
A strong converse for classical channel coding using entangled inputs
A fully general strong converse for channel coding states that when
the rate of sending classical information exceeds the capacity of a
quantum channel, the probability of correctly decoding goes to zero
exponentially in the number of channel uses, even when we allow code
states which are entangled across several uses of the channel. Such a
statement was previously only known for classical channels and the
quantum identity channel. By relating the problem to the additivity of
minimum output entropies, we show that a strong converse holds for a
large class of channels, including all unital qubit channels, the
d-dimensional depolarizing channel and the Werner-Holevo channel. This
further justifies the interpretation of the classical capacity as a
sharp threshold for information-transmission.
This is joint work with Stephanie Wehner.
Slides:
Martin Kristensen
Realization of quantum transmitters and receivers in planar integrated optical circuits
One of the limitations for the practical application of quantum cryptography is that the transmitters and receivers are very bulky and expensive. We are working on the solution of these issues with the aim of making integrated optical circuits, which can handle all these tasks in a circuit smaller than a fingernail and thereby make quantum cryptography mobile and cheap.
Initially we are integrating the entire passive optical parts with the phase shifters for encoding and decoding on two chips (Alice and Bob). We use technologies, which enable later integration of the laser, the detector and the control electronics on the same two chips.
Our first realization is in commercially available silica-on-silicon technology. Here we have fabricated circuits with dimensions around 8mm times 80mm. Initial qbit experiments using these chips are presented. In the second realization we are using photonic crystal waveguides in SOI technology (the same technology as CMOS electronics is made in). Here we have realized more advanced circuits, which are just 1mm times 5mm with potential for further size reduction. Since the price for integrated circuits (apart from development costs) scale with the area of the chip we estimate fabrication costs of just 10$ per circuit in SOI technology.
Joint work with Min Zhang, Jacob Selchau, Nathaniel Groothoff, Asger C. Krüger, Klaus Mølmer and Ivan Damgaard
Slides:
Christian Kurtsiefer
Implementation of an attack scheme on a practical QKD system
We report on an experimental implementation of an attack of a practical quantum key distribution system, based on a vulnerability of single photon detectors. An intercept/resend-like attack has been carried out which revealed 100\% of the raw key generated between the legitimate communication partners. No increase of the error ratio was observed, which is usually considered a reliable witness for any eavesdropping attempt. We also present an experiment which shows that this attack is not revealed by key distribution protocols probing for eavesdroppers by testing a Bell inequality, and discuss implications for practical quantum key distribution.
Slides:
Norbert Lütkenhaus
Linking optical devices to security proofs
Security proofs are typically modelled having qubits or low-dimensional systems in mind, while implementation actually refer to optical light modes, which are infinite dimensional Hilbert spaces. In this talk I will outline the connection between modelling of physical devices and the corresponding security proof. This connection is facilitated readily using the concepts of 'tagging' for the source side, and squashing models for the detection side.
Slides:
Joe Renes
Dissecting Quantum Information
One approach to constructing quantum information processing
protocols has been to break them down into easier to understand
classical pieces. For instance, the focus in quantum error correction
is often on correcting amplitude and phase errors; Devetak's proof of
the quantum noiseless channel coding theorem via error correction and
privacy amplification is another example. Here I show that quantum
information can be dissected into classical pieces in several
different ways, and the pieces reassembled to a quantum whole again.
This is best expressed as three different sufficient conditions for
approximate quantum error correction, which may pave the way to new
constructions of such codes. The decompositions each rely strongly on
complementarity, including both complementary observables and
complementary channels, and are closely related to each other by the
uncertainty principle. Along the way we also find some other
interesting results, such as a simplified proof of the HSW theorem for
classical communication over quantum channels, and the duality of that
task to privacy amplification.
Slides:
Renato Renner
Min-entropy sampling
Let X_1, ..., X_n be a sequence of n classical random variables and consider a sample of r positions selected at random. Then, except with (exponentially in r) small probability, the min-entropy of the sample is not smaller than, roughly, a fraction r/n of the total min-entropy of all positions X_1, ..., X_n, which is optimal. Here, we show that this statement, originally proven by Vadhan for the purely classical case, is still true if the min-entropy is measured relative to a quantum system. Because min-entropy quantifies the amount of randomness that can be extracted from a given random variable, our result can be used to prove the soundness of locally computable extractors in a context where side information might be quantum-mechanical. In particular, it implies that key agreement in the bounded-storage model (using a standard sample-and-hash protocol) is fully secure against quantum adversaries.
Joint work with Robert Koenig, arXiv:0712.4291.
Louis Salvail
Cryptography Against Bounded Coherent Measuring Adversaries
We show how to devise protocols secure against adversaries
unable to measure more than k qubits coherently. We provide
a bit commitment scheme secure in that model. More precisely,
the commitment is statistically concealing while binding against
any adversary unable to measure more than k qubits coherently.
Slides:
Christian Schaffner
Cryptographic primitives and the Noisy-Storage Model
We give an overview of cryptographic primitives important for
two-party cryptography and define the noisy-storage model.
Slides:
Christian Schaffner
Simple Protocols for Oblivious Transfer and Secure Identification
in the Noisy-Storage Model
We present simple protocols for oblivious transfer and password-based
identification which are secure against general attacks in the
noisy-quantum-storage model as defined in [KWW09]. We argue that a
technical tool from [KWW09] suffices to prove security of the known
protocols. Whereas the more involved protocol for oblivious transfer
from [KWW09] requires less noise in storage to achieve security, our
"canonical" protocols have the advantage of being simpler to implement
and the security error is easier control. Therefore, our protocols
yield higher OT-rates for many realistic noise parameters.Furthermore, the first proof of security of a direct protocol for password-based identification against general noisy-quantum-storage attacks is given.
Slides:
Graeme Smith
Degradability and the quantum channel capacity
The quantum capacity of a communication channel establishes the
ultimate limits on error correction and information
transmission in noisy settings. Degradable channels are essentially
the only channels whose quantum capacity we know.
I will discuss the quantum channel capacity of degradable channels,
and mention some degradable channels that may
be useful for modeling realistic noisy storage.
Slides:
Wolfgang Tittel
Integrated quantum memory for quantum communication
uantum memory constitutes a key element for quantum repeaters, which promise overcoming the distance barrier of quantum communication. Impressive experimental and theoretical progress has been reported over the past few years and gives hope that a workable quantum memory can eventually be built.
We will present our latest results of storage of light in a Ti:Tm:LiNbO3 waveguide cooled to 3 Kelvin using a photon echo quantum memory protocol. In particular, we will preset storage of sub ns pulses, simultaneous storage of more than hundred modes, and commend on progress towards storage of entangled photons.
Joint work with E. Saglamyurek, N. Sinclair, M. George, R. Ricken and C. La Mela.
Slides:
Thomas Vidick
Trevisan's extractor in the presence of quantum side information
Randomness extraction involves the processing of purely classical
information and is therefore usually studied in the framework of
classical probability theory. However, such a classical treatment is
generally too restrictive for applications, where side information
about the values taken by classical random variables may be
represented by the state of a quantum system. This is particularly
relevant in the context of cryptography, where an adversary may make
use of quantum devices.
We show that the well known construction paradigm for extractors proposed by Trevisan is sound in the presence of quantum side information. This gives the first extractor to achieve an output length depending linearly on the source's min-entropy, conditioned on the adversary's quantum side information, together with a poly-logarithmic seed length. It is also possible to make the extractor locally computable, so that every bit of the output is a function of only a polylogarithmic number of bits from the source, which is crucial for some cryptographic applications.
Joint work with Anindya De, Christopher Portmann, and Renato Renner
Slides:
Harald Weinfurter
On the security or real world QKD systems
The security of quantum key distribution (QKD) originates in the very fundamental laws of quantum physics. Yet, the security of real world QKD systems heavily depends on their actual implementation. Eavesdroppers can utilize technical imperfections to gain information on the generated keys. If they are not taken into account in current security proofs such an attack will remain unnoticed by the legitimate parties.
Here, we examine an imperfection, which almost all systems display, namely the fact that common single photon detectors are rendered inactive for a period of time (called dead time) after a detection event. We describe and show experimentally a very simple but highly effective method to exploit the dead time to gain (asymptotically) full information about the generated keys without being detected by state of the art QKD protocols. Yet, we find an evenly simple and effective countermeasure to inhibit this and similar attacks.
Joint work with H. Weier, H. Krauss, M. Rau, M. Fuerst, and S. Nauerth
Andreas Winter
Quantum Reverse Shannon Theorem
A complete asymptotic theory of channels should tell us
the optimal rate at which any one given channel can simulate any
other target channel. Shannon's, and other similar, coding theorems
describe the answer when the target channel is a noiseless one.
The reverse problem, with the _initial_ channel being noiseless is
in itself conceptually interesting, as the optimal rate of simulation
of the noisy channel automatically gives an upper bound on the
channel capacity. In case the two are the same, one has two very
different characterisations of the same number, and a fully reversible
theory of channels results: the mutual simulation rate of two channels
is just the ratio of their capacities.
The most recent instance of reversibility is the Quantum Reverse
Shannon Theorem, which shows that in the presence of unlimited
entanglement (of the right kind) every quantum channel is asymptotically
equivalent to a number of noiseless classical bits, which is given by
the entanglement-assisted capacity. I will describe the main elements
and consequences of the result.
[Based on arXiv:0912.5537, arXiv:0912.3805]
Jürg Wullschleger
Lower bounds for quantum oblivious transfer reductions
Using quantum communication, it is possible to implement oblivious
transfer (OT) using black-box commitments, something that is
impossible in the classical setting. We give two lower bounds for such
reductions: Any protocol that implements one-out-of-two OT over
bit-strings of length $\ell$ with an error of at most 2^{-k} needs
at least $\Omega(k)$ commitments, and has to commit to at least
$\Omega(\ell)$ bits in total. By slightly modifying the protocol put
forward by Bennett, Brassard, Crepeau and Skubiszewska (CRYPTO
'91) and adapting the security proof recently given by Damg{\aa}rd,
Fehr, Lunemann, Salvail and Schaffner (CRYPTO '09), we are able to
show that there exists a protocol based on string commitments that
reaches both our lower bounds simultaneously.
Recently, Salvail, Schaffner and Sotakova (ASIACRYPT '09) showed that in the zero-error case, quantum reductions of OT to trusted randomness (U,V) distributed according to a distribution P(u,v) cannot beat the bound $\ell \leq H(U | V)$, which is the same bound as in the classical setting. We present a statistical protocol that beats this bound and hence any classical protocol by an arbitrarily large factor. We then show that the weaker lower bound $\ell \leq 2 H(U V)$ also holds for quantum reductions in the statistical setting. A similar lower bounds also holds in the so-called noisy quantum storage model.
Slides: