16:15 on Thursday. Topic: Future prospects for the practical deployment of quantum cryptography
The exhibit runs for the duration of the conference and includes >10 companies and research groups showcasing their products and experimental prototypes. On display: 5 running QKD systems, random number generators, singlephoton detectors, laser sources, electronic instruments, and other stuff.
Lab tours of the Institute for Quantum Computing begin at 17:05 on Monday. See schedule for more details.
15:50 on Tuesday. About 70 posters. Posters also stay on display for the duration of the conference.
18:00–21:00  Reception (snacks) and registration 
8:30  Registration 
Session chair: Norbert Lütkenhaus  
9:30  Invited talk: The physics of cryptography Renato Renner AbstractVideo The security of quantum cryptography relies on physical principles. But what are these physical principles? And are they actually experimentally verifiable? In my talk, I will try to answer these questions. Furthermore, I will show how quantum cryptography provides novel insights into quantum physics.

10:20  Tutorial: What theorists should know when working with experimentalists (part 1) Marcos Curty AbstractSlidesVideo Experimental realisations of quantum key distribution (QKD) protocols can differ in many important aspects from their original theoretical proposal. In particular these proposals typically demand technologies that are beyond our present experimental capability. For example, in a quantum optical implementation, instead of being single photon pulses, the signals emitted by the source are usually weak coherent pulses. Or, they may be generated with spontaneous parametric downconversion sources. The quantum channel introduces errors and considerable attenuation that affect the signals even when an eavesdropper is not present. Also, the detectors employed by the receiver are inefficient and noisy and can typically not distinguish the number of photons in arrival signals. In this tutorial we review how to model the different elements that are present in most QKD experiments, and show how to calculate the basic quantities to evaluate their performance. 
11:05  Coffee break 
Session chair: HoiKwong Lo  
11:30  Tutorial: What theorists should know when working with experimentalists (part 2) Marcos Curty 
12:15  Performing private database queries in a realworld environment using a quantum protocol Philip Chan, Itzel LucioMartinez, Xiaofan Mo, Christoph Simon, and Wolfgang Tittel AbstractExtended abstractVideo Private query protocols [13] use uncertainty in quantum mechanics to offer functionality similar to 1outofN oblivious transfer (where a user, Ursula, retrieves a single element from a database provider, Dave, who learns nothing about which of the N elements was retrieved). The difference in functionality varies for each private query protocol, but in all cases is motivated by the fact that perfect 1outofN oblivious transfer has been shown to be impossible if the attacker possess an arbitrarily powerful quantum computer [4]. Nonetheless, quantum protocols can offer security against stronger adversaries than protocols relying only on classical information, and it remains an interesting question as to what level of security can be achieved using quantum information. We present a proofofprinciple demonstration of a novel private query protocol that is loss and faulttolerant, making it suitable for implementation in a realworld environment, and show that it offers excellent privacy against several quantum attacks [5]. This demonstration is performed over a deployed fibre link between the University of Calgary and SAIT Polytechnic using a slightly modified quantum key distribution (QKD) system [6]. [1] V. Giovannetti, S. Lloyd, and L. Maccone, Phys. Rev. Lett. 100, 230502 (2008). 
12:40  Lunch 
Session chair: Thomas Jennewein  
13:40  Invited talk: Satellitebased quantum communications Jane Nordholt AbstractVideo Experiments designed to perform quantum communications with a spacecraft are currently being developed in Canada, Europe, Japan, and China. We will review the main features required for quantum communications between a satellite and a ground station and describe our models of orbital experiments and their expected performance. This will include discussion of the results of groundbased quantum communications experiments across atmospheric paths conducted by our team over the past decade in order to validate the techniques required for a space experiment. We will also detail the complete system design developed at LANL for performing quantum communication from a spacecraft to Earth including command, control, communications, processing, and availability issues. Although never built, we will use the system design and modeling to illustrate the issues most critical to the success of such an experiment. We will also describe how we have expanded our atmospheric quantum communications demonstrations to include secure highspeed optical communications.

14:30  Freespace quantum network with trusted relay WeiYue Liu, HaiLin Yong, Zhu Cao, JiGang Ren, Xiongfeng Ma, ChengZhi Peng, and JianWei Pan AbstractExtended abstractSlidesVideo Groundsatellite quantum key distribution is aiming at global secure communication. In a future vision of a quantum network, a satellite is employed as a trusted relay and ground stations are employed as user nodes. By demonstrating a freespace quantum network whose channel losses are comparable to the atmosphere losses, we present a feasibility test for such a groundsatellite quantum network. To simulate a satellite, we implement a moving transmitter. Meanwhile, we test quantum links in two distant locations more than 2000 km apart, whose atmosphere conditions are distinct. Moreover, a delayed privacy amplification scheme is designed and employed to minimize the computation requirement in the “satellite” and reduce the classical communication between the nodes and the relay. Our experimental result suggests that the global quantum network is feasible with current technology.

14:55  A wideband balanced homodyne detector for high speed continuous variable quantum key distribution systems Duan Huang, Jian Fang, Chao Wang, Guangqiang He, Peng Huang, Ronghuan Yang, and Guihua Zeng AbstractExtended abstractSlidesVideo We report a quantumnoiselimited balanced homodyne detector (BHD) that can be worked in the continuousvariable quantum key distribution (CVQKD) systems at a repetition rate of 100 MHz. A high level of common mode suppression (>54 dB) and extremely low electronic noise (<–70 dBm) is achieved. The reachable 3 dB bandwidth of BHD is 300 MHz and the level of shot noise is 14 dB higher than the electronic noise of BHD at an LO level of 6·10^{8} photons per pulse.The secret key rate of a CVQKD system will reach 1 Mbps at 50 kilometers under collective attack with our high performance BHD, which increasing the secret key rate of advanced system for dozens of times.

15:20  Coffee break 
Session chair: Hugo Zbinden  
15:50  Experimental demonstration of the coexistence of continuousvariable quantum key distribution with an intense DWDM classical channel Paul Jouguet, Sébastien KunzJacques, Rupesh Kumar, Hao Qin, Renaud Gabet, Eleni Diamanti, and Romain Alléaume AbstractExtended abstractSlidesVideo We have demonstrated for the first time the coexistence of a fully functional QKD system with intense classical channels (power of up to 8.5 dBm) over metropolitan distances (25 km in our experiment). This coexistence has moreover been demonstrated with both the quantum and the classical channels in the Cband, wavelengthmultiplexed on the DWDM ITU grid. This result has been obtained thanks to new developments with respect to the experimental setup reported on in [P. Jouguet et al., Nature Photon. (2013)]. They were backed up by experimental measurements of the noise induced on a homodyne detection by WDM classical channels. The demonstrated coexistence, with key rates of a few hundreds of bits/s illustrates an important feature of the ContinuousVariable QKD technology, namely its suitability for the deployment over existing telecommunications network even in conjunction with classical channels of several dBms.

16:15  .Best student paper prize, selected by the program committee Realization of finitesize continuousvariable quantum key distribution based on EinsteinPodolskyRosen entanglement Tobias Eberle, Vitus Händchen, Fabian Furrer, Torsten Franz, Jörg Duhme, Reinhard F. Werner, and Roman Schnabel AbstractExtended abstractSlidesVideo Continuousvariable quantum key distribution has made great progress during the last years. Recently, a security proof for a finite number of measurements with composable security against arbitrary attacks was published [1] which employs EinsteinPodolskyRosen (EPR) entangled states. Here, we present the first implementation of this protocol, demonstrating the feasibility of secure key generation. The implementation relies on continuouswave quadratureentangled states at the telecommunication wavelength of 1550 nm with unprecedented EPR entanglement and homodyne detection with a random choice of quadrature for each measurement. We further present the generation of a key which is secure under collective attacks with 10^{8} measurements. [1] F. Furrer, T. Franz, M. Berta, A. Leverrier, V. Scholz, M. Tomamichel, and R. Werner, Physical Review Letters 109, 100502 (2012). 
16:40  Saturation attack on continuousvariable quantum key distribution system Hao Qin, Rupesh Kumar, and Romain Alléaume AbstractExtended abstractSlidesVideo Continuousvariable (CV) quantum key distribution (QKD) is proven secure against collective attacks and recent works have shown progress in proving security against arbitrary attacks. Nevertheless the validity of security proofs relies on assumptions that may be violated in practical setup, opening loophole that may be exploited to mount attacks. We have studied here the consequence of detection saturation in CV QKD, and proved that it can lead to an attack on the Gaussianmodulated coherent state protocol with homodyne detection. When Bob’s homodyne detection saturates, Bob’s quadrature measurement is not linear with the quadrature sent by Alice. Such nonlinearity violates assumptions in the security model. Saturation typically occurs when the input field quadrature overpasses a threshold that depends on parameters of detector’s electronics. We have experimentally confirmed this prediction by observing saturation of our homodyne detection for high local oscillator intensity. We have moreover constructed an attack that combines the interceptresend attack with the saturation of Bob’s detector. A full interceptresend attack can give Eve knowledge of both quadratures from Alice but will introduce two shot noise units of excess noise. The key idea in our attack is that saturation is induced by strongly displacing the mean value of the field quadratures. By resending these field quadratures with controlled displacement value, Eve can bias the evaluation of the excess noise to arbitrarily small values. Under such attack, Alice and Bob may be led to believe they have some positive ‘secure key’ and accept keys that are however totally insecure. Our saturation attack is achievable with current technology and impacts the security of a practical CV QKD system. We have however proposed a counter measure that consists in monitoring the mean value of the quadratures.

17:05  Walk over to RAC building (meet at registration desk; one of organizers will guide the group; 15 min walk) 
17:30–18:30  Tour of Institute for Quantum Computing’s labs was attended by about 75 people, far exceeding organizer’s expectations :) Venue: Research advancement centre (RAC), University of Waterloo The tour included: • Superconducting quantum devices lab (PI: Adrian Lupascu): superconducting systems and hybrid solidstate devices for quantum information processing, quantum optics and metrology. • Quantum photonics lab (PI: Thomas Jennewein): devices suitable for communication and computing with photons, ultralong quantum communication links using terrestrial and satellitebased systems. • CoryLab (PI: David Cory): spinbased hybrid quantum sensors and other devices – from ultrasensitive magnetometers to fullscale quantum information processors. 
Session chair: YiKai Liu  
9:00  Invited talk: Research and development of the Tokyo QKD network project Kiyoshi Tamaki AbstractSlidesVideo Tokyo QKD network is a QKD project funded by NICT (National Institute of Information and Communications Technology in Japan), and many private companies and institutions, such as NEC Corporation, Mitsubishi Electric Corporation, Toshiba Corporation, NTT, Hokkaido Univ, Nagoya Univ, Gakusyuin Univ, Tohoku Univ, and Tokyo institute of technology, are involved to come up with an actual user case of QKD. In this project, we are developing QKD systems and theories of QKD. In this talk, we would like to introduce the research and development of Tokyo QKD network.
In the first part of my talk, we will present the development of our QKD system. Stable distribution of the key is one of the most important requirements that a practical QKD system must have, and we will show how stably our QKD system can distribute the key under the harsh conditions such as losses and overhead fiber transmission. Once we have achieved stable distribution, the next issue to be considered is practical security since practical QKD systems have deviations from the device requirements that the QKD theory poses. To fill such deviations, we will present some proposals to overcome the imperfections of the QKD devices. Finally, for future QKD network, it is important to have alternative choices of protocols, as which protocol is the best one depends on the physical environment, the potential users’ demands, etc. We will introduce our recent results of security proof of a QKD protocol. 
9:50  Tutorial: Extractors against classical and quantum adversaries (part 1) Amnon TaShma AbstractSlidesVideo Randomness extractors are hash functions that map sources with biased and correlated bits to almostuniform sources. Extractors have found many important applications in various areas of computer science, e.g., in theoretical computer science, hardness of approximation, error correcting codes, classical and quantum cryptography and many other areas. In the first part of the talk I will define extractors (and some related objects) in the classical and quantum setting, discuss the currently best known parameters of explicit and nonexplicit constructions and present some classical and quantum applications. The second half of the talk will be devoted to the challenge of explicitly constructing close to optimal extractors. I will present in some detail Trevisan’s construction of efficient extractors and its generalization to the quantum setting by De, Portmann, Vidick and Renner. If time permits I will also discuss some other approaches for the problem in the classical and quantum setting. 
10:35  Coffee break 
Session chair: Anne Broadbent  
11:00  Tutorial: Extractors against classical and quantum adversaries (part 2) Amnon TaShma 
11:45  Building onetime memories from isolated qubits YiKai Liu AbstractExtended abstractSlidesVideo Onetime memories (OTM’s) are a simple type of tamperresistant cryptographic hardware, which can be used to implement many forms of secure computation, such as onetime programs. Here we investigate the possibility of building OTM’s using “isolated qubits” — qubits that can only be accessed using local operations and classical communication (LOCC). Isolated qubits can be implemented using current technologies, such as nitrogen vacancy centers in diamond. We construct OTM’s that are informationtheoretically secure against onepass LOCC adversaries using 2outcome measurements. (Also, these OTM’s can be prepared and accessed by honest parties using only LOCC operations.) This result is somewhat surprising, as OTM’s cannot exist in a fullyquantum world or in a fullyclassical world; yet they can be built from the combination of a quantum resource (singlequbit measurements) with a classical restriction (on communication between qubits). Our construction resembles Wiesner’s original idea of quantum conjugate coding, implemented using random errorcorrecting codes; our proof of security uses entropy chaining to bound the supremum of a suitable empirical process. In addition, we conjecture that our random codes can be replaced by some class of efficientlydecodable codes, to get computationallyefficient OTM’s that are secure against computationallybounded LOCC adversaries. In addition, we construct datahiding states, which allow an LOCC sender to encode an (nO(1))bit messsage into n qubits, such that at most half of the message can be extracted by a onepass LOCC receiver, but the whole message can be extracted by a general quantum receiver. 
12:10  Achieving the limits of the noisystorage model using entanglement sampling Frédéric Dupuis, Omar Fawzi, and Stephanie Wehner AbstractSlidesVideo The noisystorage model (NSM) allows for the secure implementation of twoparty cryptographic primitives under the assumption that the adversary cannot store quantum information perfectly. A special case is the boundedquantumstorage model (BQSM) which assumes that the adversary’s quantum memory device is noisefree but limited in size. Ever since the inception of the BQSM [DFSS05] it has been a vexing open question to determine whether security is possible as long as the adversary can store strictly less than the number of qubits n transmitted during the protocol. In particular, it was hoped that security is possible as long as the adversary cannot store more than c·n qubits for any c<1. Here we not only provide a positive answer to this question, but show that security is even possible as long as his device is not larger than n–O(log^{2}n) qubits. This is essentially optimal and finally settles the fundamental limits of the BQSM. Our result also significantly pushes the boundaries when security can be obtained in the NSM, and we provide the first proof that security of a BB84based protocol can be linked to the quantum capacity of the adversary’s storage device. Our security proofs are based on a new uncertainty relation for measurements in BB84 bases that takes into account quantum sideinformation. The key to our results is a powerful new tool called entanglement sampling, which can be understood as the fully quantum analogue of classical minentropy sampling. Its reach extends beyond the applications to the NSM to the area of randomness extraction and quantum information theory. In particular, we show that entanglement sampling provides us with local quantumtoclassical randomness extractors, and yields bounds for fully quantum random access encodings. [DFSS05] I. Damgård, S. Fehr, L. Salvail, and C. Schaffner. “Cryptography in the Bounded QuantumStorage Model”. In: Proc. IEEE FOCS 2005, pp. 449–458, arXiv:quantph/0508222. 
12:35  Lunch 
Session chair: Wolfgang Tittel  
13:40  Invited talk: Unforgeable tokens: what we can do with imperfect qubit memories Fernando Pastawski AbstractVideo The beautiful concept of “quantum money” introduced by Wiesner more than four decades ago ensures that a dishonest holder of a quantum banknote will invariably fail in any forging attempts; indeed, under assumptions of ideal measurements and decoherencefree memories such security is guaranteed by the nocloning theorem. Stable quantum bits, capable both of storing quantum information for macroscopic time scales and of integration inside small portable devices, may provide the necessary means for implementing them. I will report recent experimental progress on (13)C nuclear spin qubits in the vicinity of a nitrogenvacancy (NV) color center within an isotopically purified diamond crystal. This solidstate qubit features high fidelity control, preserves its polarization for several minutes and boasts coherence lifetimes exceeding 1 second at room temperature. Experimental progress motivates the development of secure “quantum money”type primitives capable of tolerating realistic infidelities. I will go on to prove the rigorous security of Wiesner type schemes accommodating for noise and determining tight fidelity thresholds. These protocols require only the ability to prepare, store and measure single qubit memories, similar to those achieved using NVcenters, and could thus become a realistic possibility significantly earlier than quantum computing and manybody entanglement based protocols. 
14:30  An experimental implementation of oblivious transfer in the noisy storage model Chris Erven, Stephanie Wehner, Nick Gigov, Raymond Laflamme, and Gregor Weihs AbstractVideo We present the first experimental implementation of 1–2 random oblivious transfer (ROT) in the noisy storage model based on a modified entangled quantum key distribution (QKD) system. We successfully demonstrate the protocol by performing measurements on polarizationentangled photon pairs, followed by all of the necessary classical postprocessing including oneway error correction. While informationtheoretic security of ROT is impossible assuming only the laws of quantum mechanics, security can be restored using the minimal assumptions of the noisy storage model. The noisy storage model relies on the realistic assumption that the quantum memories of any adversaries must necessarily be noisy.

14:55  High bit rate quantum key distribution with quantified security Marco Lucamarini, Ketaki Patel, James F. Dynes, Bernd Fröhlich, Andrew W. Sharpe, Zhiliang L. Yuan, Richard V. Penty, and Andrew J. Shields AbstractNo permission to videotape Informationtheoretical security of quantum key distribution (QKD) has been convincingly proven in recent years and remarkable experiments have shown the potential of QKD for real world application. However, the existing gap between theoretical assumptions and practical implementation represents a severe hindrance to any further advancement. One prominent example is the precise quantification of the security level of a real QKD system, which cannot be infinite if the data sample being processed is finite. Here, we provide a direct connection between the conceptual understanding of this problem and its technological realisation. We develop a finitesize security proof and apply it to a gigahertz clocked QKD system set to provide the highest security level reported to date. The obtained secure key rates are orders of magnitude larger than in all previous comparable solutions.

15:20  Coffee break 
15:50  Poster session. Posters also stay on display for the duration of the conference. 
19:00–20:00  Public lecture: Quantum computing and the entanglement frontier John Preskill AbstractVideo The quantum laws governing atoms and other tiny objects seem to defy common sense, and information encoded in quantum systems has weird properties that baffle our feeble human minds. John Preskill will explain why he loves quantum entanglement, the elusive feature making quantum information fundamentally different from information in the macroscopic world. By exploiting quantum entanglement, quantum computers should be able to solve otherwise intractable problems, with farreaching applications to cryptology, materials science, and medicine. Preskill is less weird than a quantum computer, and easier to understand. John Preskill is the Richard P. Feynman Professor of Theoretical Physics at Caltech. 
Session chair: John Watrous  
9:00  Invited talk: Classical command of quantum systems Ben Reichardt AbstractSlidesVideo Quantum computation and cryptography both involve scenarios in which a user interacts with an imperfectly modelled or distrusted system. It is therefore of fundamental and practical interest to devise tests that reveal whether the system is behaving as instructed. In 1969, Clauser, Horne, Shimony and Holt proposed an experimental test that can be passed by a quantummechanical system but not by a system restricted to classical physics. Here we extend this test to enable the characterization of a large quantum system. We describe a scheme that can be used to determine the initial state and to classically command the system to evolve according to desired dynamics. The bipartite system is treated as two black boxes, with no assumptions about their inner workings except that they obey quantum physics. The scheme works even if the system is explicitly designed to undermine it; any misbehaviour is detected. Among its applications, our scheme makes it possible to test whether a claimed quantum computer is truly quantum. It also advances toward a goal of quantum cryptography: namely, the use of untrusted devices to establish a shared random key, with security based on the validity of quantum physics.

9:50  Tutorial: Secure multiparty quantum computation (part 1) Michael BenOr SlidesVideo 
10:35  Coffee break 
Session chair: Marco Piani  
11:00  Tutorial: Secure multiparty quantum computation (part 2) Michael BenOr 
11:45  Onesided device independence of BB84 via monogamyofentanglement game Marco Tomamichel, Serge Fehr, Jedrzej Kaniewski, and Stephanie Wehner AbstractSlidesVideo We consider a game in which two players collaborate to prepare a quantum system and are then asked to independently guess the outcome of a measurement in a random basis on that system. Intuitively, by the monogamy of entanglement, the probability that both players simultaneously succeed in guessing the outcome correctly is bounded. We are interested in the question of how the success probability scales when this guessing game is repeated in parallel. We show a perfect parallel repetition theorem for this game, that is, we show that any strategy that maximizes the probability to win every round individually is also optimal for the parallel repetition of the game. In particular, our result implies that the optimal guessing probability can be achieved without the use of entanglement. We explore several applications of this result. First, we show that it implies security for standard BB84 quantum key distribution when one party uses fully untrusted measurement devices. Second, we show that our result can be used to prove security of a oneround positionverification scheme. Finally, our techniques can be used to generalize a wellknown uncertainty relation for the guessing probability to quantum side information. 
12:10  Limits of privacy amplification against nonsignalling memory attacks Rotem ArnonFriedman and Amnon TaShma AbstractExtended abstractSlidesVideo The task of privacy amplification, in which Alice holds some partially secret information with respect to an adversary Eve and wishes to distill it until it is completely secret, is known to be solvable almost optimally in both the classical and quantum worlds. Unfortunately, when considering an adversary who is limited only by nonsignalling constraints such a statement cannot be made in general. We consider systems which violate the chained Bell inequality and prove that under the natural assumptions of a timeordered nonsignalling system, which allow past subsystems to signal future subsystems (using the device’s memory for example), superpolynomial privacy amplification by any hashing is impossible. This is of great relevance when considering practical device independent key distribution protocols which assume a superquantum adversary.

12:35  Conference photo 
12:50  Excursion (with packed lunch) Buses leave from the main conference venue Quantumnano center (QNC) at 12:50 Options for activities are: • Visit charming village of Elora with shopping and art galleries • • Swimming in Elora Quarry 
18:20  Conference dinner Venue: Festival room, South campus hall (SCH), University of Waterloo 
Session chair: Nicolas Gisin  
20:20  Afterdinner talk: Insecurity engineering Marc Weber Tobias Venue: Festival room, South campus hall (SCH), University of Waterloo AbstractVideo Traditional mechanical locks have no intelligence and limitations on the security they can offer. Within the past five years, new security technology that integrates electronic credentials with mechanical cylinders have become common in many facilities and in some cases have completely replaced mechanical keys. While these credentials may increase certain aspects of security and user options for access control, they have done little to add to the overall security of most locks, whether electromechanical or completely electronicbased.
Marc Weber Tobias is an investigative attorney, physical security expert, and Team Leader for a group of physical and cyber security professionals, whose task is to defeat electronicbased locks and to develop covert methods to circumvent their security, including cryptographic credentials, in seconds, without any trace. In this presentation, Marc will discuss why cryptography and the credentials it is designed to protect are largely irrelevant when considering the security of locks and access control systems. Marc will present several video segments that demonstrate a number of techniques that his team at Security Labs has developed in bypassing certain locks in order that participants can understand basic design issues and potential vulnerabilities so they can better protect their facilities and environments. 
21:20–22:20  Open session: announces and other thoughts (max 3 min each) Venue: Festival room, South campus hall (SCH), University of Waterloo Session not videotaped 
Session chair: Jane Nordholt  
9:00  Invited talk: Privatekey quantum money Scott Aaronson AbstractSlidesVideo Recent progress on publickey quantum money – i.e., quantum money that anyone can verify, not only the bank – gives us new tools with which to address the older problem of privatekey quantum money. In this talk, I’ll discuss some new results in that direction, which include the first fullyrigorous security proof for Wiesner’s original privatekey quantum money scheme (and the related BBBW scheme), and some “optimality” results for those schemes.

9:50  Tutorial: Singlephoton detectors (part 1) Krister Shalm AbstractSlidesVideo Singlephoton detectors play a critical role in practical implementations of quantum cryptographic schemes. Recent work on attacking QKD systems have exploited vulnerabilities in these singlephoton detectors. Understanding how these detectors work is, therefore, an important part of analyzing the security of a cryptographic scheme.The goal of the tutorial is to provide a highlevel introduction to how detectors work. I will cover the physics behind some of the most commonly used detectors, and will also discuss a number of concepts like jitter, efficiency, afterpulsing, and dead time that are experimentally important. 
10:35  Coffee break 
Session chair: Christian Schaffner  
11:00  Tutorial: Singlephoton detectors (part 2) Krister Shalm 
11:45  Specious adversaries and quantum private information retrieval Ämin Baumeler and Anne Broadbent AbstractExtended abstractSlidesVideo Our contribution is twofold. On the one hand, we show that informationtheoretic singleserver Quantum Private Information Retrieval requires a linear amount of communication to be secure against specious adversaries, which are the quantum analog of honestbutcurious adversaries. On the other hand, we stress the importance of adequate comparison between classical and quantum adversaries—unfair comparisons might lead to an unjustified advantage for the quantum case.

12:10  Reference frame agreement in quantum networks Tanvirul Islam, Loïck Magnin, Brandon Sorg and Stephanie Wehner AbstractExtended abstractSlidesVideo In this work we design a multiparty protocol between m players to agree on a common direction without a prior reference frame shared between the players. Our protocol is tolerant to t < m/3 dishonest players with unbounded capabilities (the Byzantine problem). This is the first protocol to exchange nonfungible information in the Byzantine setting.

12:35  Lunch 
Session chair: Thomas Chapuran  
13:40  Invited talk: Spins and photons: toward quantum networks in diamond Lilian Childress AbstractVideo Longlived electronic and nuclear spin states have made nitrogenvacancy (NV) defects in diamond a leading candidate for solidstate quantum information processing. Moreover, the coherent optical properties of NV defects open opportunities for longdistance transmission of quantum states. In particular, resonant optical excitation and emission enable single shot spin detection as well as observation of twophoton quantum interference, making it possible to observe longdistance entanglement between solidstate spin qubits. This talk will consider the motivation and requirements for opticallynetworked quantum devices, and explore challenges and opportunities for realizing them in diamond.

14:30  Networkcentric quantum communications with application to critical infrastructure protection Richard J. Hughes, Jane E. Nordholt, Kevin P. McCabe, Raymond T. Newell, Charles G. Peterson, and Rolando D. Somma AbstractExtended abstractVideo Networkcentric quantum communications (NQC) is a new, scalable instantiation of quantum cryptography providing key management with forward security for lightweight encryption, authentication and digital signatures in optical networks. Results from a multinode experimental testbed utilizing integrated photonics quantum communications components, known as QKarDs, include: quantum identification; verifiable quantum secret sharing; multiparty authenticated key establishment; and singlefiber quantumsecured communications that can be applied as a security retrofit/upgrade to existing optical fiber installations. A demonstration that NQC meets the challenging simultaneous latency and security requirements of electric grid control communications, which cannot be met with conventional cryptography, is described.

14:55  A highspeed multiprotocol quantum key distribution transmitter based on a dualdrive modulator Boris Korzh, Nino Walenta, Raphael Houlmann, and Hugo Zbinden AbstractExtended abstractSlidesVideo We propose a novel source based on a dualdrive modulator that is adaptable and allows Alice to choose the appropriate quantum key distribution (QKD) protocol for a given quantum channel. Based on preliminary experimental results it is revealed that the proposed transmitter is suitable for implementation of the BB84, coherent one way (COW) and differential phase shift (DPS) protocols where a quantum bit error rate of 0.8% and 1.9% was found for the time and phase bases respectively.

15:20  Experimental demonstration of polarization encoding measurementdeviceindependent quantum key distribution Zhiyuan Tang, Zhongfa Liao, Feihu Xu, Bing Qi, Li Qian, and HoiKwong Lo AbstractExtended abstractSlidesVideo Measurementdeviceindependent quantum key distribution (MDIQKD) closes all potential security loopholes due to detector imperfections without compromising the performance of a standard QKD system. Here we report the first demonstration of polarization encoding MDIQKD over 10 km optical fibers. Decoy state techniques are employed to estimate gain and error rate of single photon signals. Intensities and probability distribution of signal and decoy states are optimized. Active phase randomization is implemented to protect against attacks on the imperfect sources. A 1600bit secure key is generated in the experiment. Our work shows that polarization encoding MDIQKD is a practical solution to confidential communication.

15:45  Coffee break 
16:15–17:45  Industry panel discussion Topic: Future prospects for the practical deployment of quantum cryptography Discussion not videotaped 
Session chair: Richard Hughes  
9:00  Invited talk: High performance single photon detectors using superconductors Sae Woo Nam AbstractNo permission to publish video There is increasing interest in using superconducting optical photon detectors in a variety of applications. These applications require detectors that have extremely low dark count rates, high count rates, and high quantum efficiency. I will describe our work on two types of superconducting detectors, the Superconducting Nanowire Single Photon Detector (SNSPD or nSSPD) and superconducting TransitionEdge Sensor (TES). An SNSPD is an ultrathin, ultranarrow (nm scale) superconducting meander that is current biased just below its critical current density. When one or more photon is absorbed, a hot spot is formed that causes the superconductor to develop a resistance and consequently a voltage pulse. At NIST and JPL, we have been developing nanowire detectors using an amorphous alloy of tungstensilicide. For applications requiring photon number resolution, we have been using superconducting transistionedge sensors (TES). By exploiting the sharp superconductingtonormal resistive transition of tungsten at 100 mK, TES detectors give an output signal that is proportional to the cumulative energy in an absorption event. This proportional pulseheight enables the determination of the energy absorbed by the TES and the direct conversion of sensor pulseheight into photon number. I will discuss our progress towards developing both types of detectors with quantum efficiencies approaching 100%.

9:50  Security analysis and experimental implementation of a relativistic bit commitment Tommaso Lunghi, Jedrzej Kaniewski, Felix Bussieres, Raphael Houlmann, Marco Tomamichel, Adrian Kent, Nicolas Gisin, Stephanie Wehner, Hugo Zbinden AbstractSlidesVideo The existing relativistic bit commitment protocols (and the corresponding security proofs) assume that Alice and Bob have access to perfect devices and noiseless communication channels. Hence, they cannot be directly applied to model an experimental setup.
In this work we extend one of the existing protocols (“Relativistic bit commitment by transmitting measurement outcomes” proposed by Adrian Kent) so it can be implemented using comercially available equipment with realistic parameters. We present a new, simpler security proof of the original protocol which can also be applied to the faulttolerant variant. We obtain criteria on the quality of the devices used by Alice and Bob that allow for a protocol that is both robust and secure.Our results apply directly to an experiment that is being conducted between Geneva and Singapore. Hence, they form an important link between theoretical quantum cryptography and its practical implementation. 
10:15  Relativistic quantum cryptography: experimental realization Igor V. Radchenko, Konstantin S. Kravtsov, Sergei P. Kulik, and Sergei N. Molotkov AbstractVideo All practical implementations of QKD protocols have to rely on real optical signal sources, which are never truly singlephoton. Thus, there is always a predefined level of optical loss in the channel, beyond which the system cannot guarantee confidentiality of generated keys, because of a nonzero probability of successful eavesdropping. Having this limit is affordable for fiberoptical links, where losses are roughly constant, but what if your channel has completely unpredictable losses as in the case of a freespace optical link? We present and experimentally demonstrate a QKD protocol, which is free from this limitation. The approach used is called relativistic quantum cryptography because it directly relies on principles of relativistic causality.

10:40  Coffee break 
Session chair: Gilles Brassard  
11:10  Invited talk: The structure of a world (which may be) described by quantum mechanics Anthony Leggett AbstractSlidesVideo It is possible to probe the counterintuitive features of quantum mechanics (QM) experimentally in (at least) two different directions, corresponding to the two classic “paradoxes” named respectively for EPR and Schrödinger’s cat. I shall ask the question: What can we infer about the structure of the physical world (a) strictly on the basis of the experiments carried out to date, or (b) on the assumption that the predictions obtained from the formalism of QM (augmented by the standard measurement axiom) will be borne out for the indefinite future and with vanishingly small error bars? In particular, what conclusions can we draw in each case concerning the validity or not of the principles of Einstein locality, induction (“arrow of time”) and macroscopic counterfactual definiteness?

12:00  Universal uncertainty relations Gilad Gour, Shmuel Friedman, and Vlad Gheorghiu AbstractExtended abstractSlidesVideo Uncertainty relations are a distinctive characteristic of quantum theory that imposes intrinsic limitations on the precision with which physical properties can be simultaneously determined. The modern work on uncertainty relations employs entropic measures to quantify the lack of knowledge associated with measuring noncommuting observables. However, I will show here that there is no fundamental reason for using entropies as quantifiers; in fact, any functional relation that characterizes the uncertainty of the measurement outcomes can be used to define an uncertainty relation. Starting from a simple assumption that any measure of uncertainty is nondecreasing under mere relabeling of the measurement outcomes, I will show that Schurconcave functions are the most general uncertainty quantifiers. I will then introduce a novel finegrained uncertainty relation written in terms of a majorization relation, which generates an infinite family of distinct scalar uncertainty relations via the application of arbitrary measures of uncertainty. This infinite family of uncertainty relations includes all the known entropic uncertainty relations, but is not limited to them. In this sense, the relation is universally valid and captures the essence of the uncertainty principle in quantum theory.

12:25  Continuous variable entropic uncertainty relations in the presence of quantum memory Mario Berta, Matthias Christandl, Fabian Furrer, Volkher Schultz, and Marco Tomamichel AbstractExtended abstractSlidesVideo We generalize entropic uncertainty relations in the presence of quantum memory [Nat. Phys. 6, 659 (2010); Phys. Rev. Lett. 106, 110506 (2011)] in two directions. First, we consider measurements with a continuum of outcomes, and, second, we allow for infinitedimensional quantum memory. To achieve this, we introduce conditional differential entropies for classicalquantum states on von Neumann algebras, and show approximation properties for these entropies. As an example, we evaluate the uncertainty relations for positionmomentum measurements, which has applications in continuous variable quantum cryptography and quantum information theory.

12:50  Lunch 
Session chair: Michele Mosca  
13:50  Quantum onetime programs Anne Broadbent, Gus Gutoski, and Douglas Stebila AbstractExtended abstractSlidesVideo A onetime program is a hypothetical device by which a user may evaluate a circuit on exactly one input of his choice, then the device selfdestructs. Onetime programs cannot be achieved by software alone, as any software can be copied and rerun. However, it is known that every circuit can be compiled into a onetime program using a very basic hypothetical hardware device called a onetime memory. At first glance it may seem that quantum information, which cannot be copied, might also allow for onetime programs. But it is not hard to see that this intuition is false: onetime programs for classical or quantum circuits based solely on quantum information do not exist, even with computational assumptions. This observation begs the question, “what assumptions are required to achieve onetime programs for quantum circuits?” Our main result is that any quantum circuit can be compiled into a onetime program assuming only the same basic onetime memory devices used for classical circuits. Moreover, these quantum onetime programs achieve statistical universal composability (UCsecurity) against any malicious user. Our construction employs methods for computation on authenticated quantum data, and we present a new quantum authentication scheme called the trap scheme for this purpose. As a corollary, we establish UCsecurity of a recent protocol for delegated quantum computation.

14:15  Hot topic: Application of detectionloopholefree tests of quantum nonlocality Bradley G. Christensen, Kevin T. McCusker, Joseph B. Altepeter, Brice Calkins, Thomas Gerrits, Adriana E. Lita, Aaron Miller, Lynden K. Shalm, Yanbao Zhang, Sae Woo Nam, Nicolas Brunner, Charles Ci Wen Lim, Nicolas Gisin, and Paul G. Kwiat Extended abstractVideo 
14:40–14:50  Concluding remarks 
8:00–16:15  Trip to Niagara Falls 