QCrypt 2013

3rd international conference on quantum cryptography. August 5–9, 2013 in Waterloo, Canada

Scientific program


  • Michael Ben-Or (Hebrew University of Jerusalem)
  • Marcos Curty (University of Vigo)
  • Krister Shalm (NIST)
  • Amnon Ta-Shma (Tel Aviv University)

Invited speakers

  • Scott Aaronson (MIT)
  • Lilian Childress (McGill University)
  • Anthony Leggett (UIUC)
  • Sae Woo Nam (NIST)
  • Jane Nordholt (LANL)
  • Fernando Pastawski (MPQ Garching)
  • Ben Reichardt (USC)
  • Renato Renner (ETH Zürich)
  • Kiyoshi Tamaki (NTT)

Public lecture

  • John Preskill (Caltech)

After-dinner talk

  • Marc Weber Tobias (Investigative Law Offices)

Industry panel discussion

16:15 on Thursday. Topic: Future prospects for the practical deployment of quantum cryptography

Industrial exhibit

The exhibit runs for the duration of the conference and includes >10 companies and research groups showcasing their products and experimental prototypes. On display: 5 running QKD systems, random number generators, single-photon detectors, laser sources, electronic instruments, and other stuff.

Lab tours

Lab tours of the Institute for Quantum Computing begin at 17:05 on Monday. See schedule for more details.

Poster session

15:50 on Tuesday. About 70 posters. Posters also stay on display for the duration of the conference.



Sunday, August 4

18:00–21:00 Reception (snacks) and registration


Monday, August 5

8:30 Registration
Session chair: Norbert Lütkenhaus
9:30 Invited talk: The physics of cryptography
Renato Renner

The security of quantum cryptography relies on physical principles. But what are these physical principles? And are they actually experimentally verifiable? In my talk, I will try to answer these questions. Furthermore, I will show how quantum cryptography provides novel insights into quantum physics.
10:20 Tutorial: What theorists should know when working with experimentalists (part 1)
Marcos Curty

Experimental realisations of quantum key distribution (QKD) protocols can differ in many important aspects from their original theoretical proposal. In particular these proposals typically demand technologies that are beyond our present experimental capability.

For example, in a quantum optical implementation, instead of being single photon pulses, the signals emitted by the source are usually weak coherent pulses. Or, they may be generated with spontaneous parametric down-conversion sources. The quantum channel introduces errors and considerable attenuation that affect the signals even when an eavesdropper is not present. Also, the detectors employed by the receiver are inefficient and noisy and can typically not distinguish the number of photons in arrival signals.

In this tutorial we review how to model the different elements that are present in most QKD experiments, and show how to calculate the basic quantities to evaluate their performance.

11:05 Coffee break
Session chair: Hoi-Kwong Lo
11:30 Tutorial: What theorists should know when working with experimentalists (part 2)
Marcos Curty
12:15 Performing private database queries in a real-world environment using a quantum protocol
Philip Chan, Itzel Lucio-Martinez, Xiaofan Mo, Christoph Simon, and Wolfgang Tittel
AbstractExtended abstractVideo

Private query protocols [1-3] use uncertainty in quantum mechanics to offer functionality similar to 1-out-of-N oblivious transfer (where a user, Ursula, retrieves a single element from a database provider, Dave, who learns nothing about which of the N elements was retrieved). The difference in functionality varies for each private query protocol, but in all cases is motivated by the fact that perfect 1-out-of-N oblivious transfer has been shown to be impossible if the attacker possess an arbitrarily powerful quantum computer [4]. Nonetheless, quantum protocols can offer security against stronger adversaries than protocols relying only on classical information, and it remains an interesting question as to what level of security can be achieved using quantum information. We present a proof-of-principle demonstration of a novel private query protocol that is loss- and fault-tolerant, making it suitable for implementation in a real-world environment, and show that it offers excellent privacy against several quantum attacks [5]. This demonstration is performed over a deployed fibre link between the University of Calgary and SAIT Polytechnic using a slightly modified quantum key distribution (QKD) system [6].

[1] V. Giovannetti, S. Lloyd, and L. Maccone, Phys. Rev. Lett. 100, 230502 (2008).
[2] M. Jakobi, et al., Phys. Rev. A 83, 022301, (2011).
[3] F. Gao, B. Liu, Q.-Y. Wen, and H. Chen, Opt. Express, Vol. 20, p. 17411-17420 (2012).
[4] H.-K. Lo, Phys. Rev. A 56, 1154 (1997).
[5] P. Chan, I. Lucio-Martinez, X.-F. Mo., C. Simon, and W. Tittel, arXiv:1303.0865 (2013).
[6] I. Lucio-Martinez, P. Chan, X.-F. Mo, S. Hosier, and W. Tittel, New J. Phys., 11, 095001 (2009).

12:40 Lunch
Session chair: Thomas Jennewein
13:40 Invited talk: Satellite-based quantum communications
Jane Nordholt

Experiments designed to perform quantum communications with a spacecraft are currently being developed in Canada, Europe, Japan, and China. We will review the main features required for quantum communications between a satellite and a ground station and describe our models of orbital experiments and their expected performance. This will include discussion of the results of ground-based quantum communications experiments across atmospheric paths conducted by our team over the past decade in order to validate the techniques required for a space experiment. We will also detail the complete system design developed at LANL for performing quantum communication from a spacecraft to Earth including command, control, communications, processing, and availability issues. Although never built, we will use the system design and modeling to illustrate the issues most critical to the success of such an experiment. We will also describe how we have expanded our atmospheric quantum communications demonstrations to include secure high-speed optical communications.
14:30 Free-space quantum network with trusted relay
Wei-Yue Liu, Hai-Lin Yong, Zhu Cao, Ji-Gang Ren, Xiongfeng Ma, Cheng-Zhi Peng, and Jian-Wei Pan
AbstractExtended abstractSlidesVideo

Ground-satellite quantum key distribution is aiming at global secure communication. In a future vision of a quantum network, a satellite is employed as a trusted relay and ground stations are employed as user nodes. By demonstrating a free-space quantum network whose channel losses are comparable to the atmosphere losses, we present a feasibility test for such a ground-satellite quantum network. To simulate a satellite, we implement a moving transmitter. Meanwhile, we test quantum links in two distant locations more than 2000 km apart, whose atmosphere conditions are distinct. Moreover, a delayed privacy amplification scheme is designed and employed to minimize the computation requirement in the “satellite” and reduce the classical communication between the nodes and the relay. Our experimental result suggests that the global quantum network is feasible with current technology.
14:55 A wideband balanced homodyne detector for high speed continuous variable quantum key distribution systems
Duan Huang, Jian Fang, Chao Wang, Guangqiang He, Peng Huang, Ronghuan Yang, and Guihua Zeng
AbstractExtended abstractSlidesVideo

We report a quantum-noise-limited balanced homodyne detector (BHD) that can be worked in the continuous-variable quantum key distribution (CVQKD) systems at a repetition rate of 100 MHz. A high level of common mode suppression (>54 dB) and extremely low electronic noise (<–70 dBm) is achieved. The reachable 3 dB bandwidth of BHD is 300 MHz and the level of shot noise is 14 dB higher than the electronic noise of BHD at an LO level of 6·108 photons per pulse.The secret key rate of a CVQKD system will reach 1 Mbps at 50 kilometers under collective attack with our high performance BHD, which increasing the secret key rate of advanced system for dozens of times.
15:20 Coffee break
Session chair: Hugo Zbinden
15:50 Experimental demonstration of the coexistence of continuous-variable quantum key distribution with an intense DWDM classical channel
Paul Jouguet, Sébastien Kunz-Jacques, Rupesh Kumar, Hao Qin, Renaud Gabet, Eleni Diamanti, and Romain Alléaume
AbstractExtended abstractSlidesVideo

We have demonstrated for the first time the coexistence of a fully functional QKD system with intense classical channels (power of up to 8.5 dBm) over metropolitan distances (25 km in our experiment). This coexistence has moreover been demonstrated with both the quantum and the classical channels in the C-band, wavelength-multiplexed on the DWDM ITU grid. This result has been obtained thanks to new developments with respect to the experimental setup reported on in [P. Jouguet et al., Nature Photon. (2013)]. They were backed up by experimental measurements of the noise induced on a homodyne detection by WDM classical channels. The demonstrated coexistence, with key rates of a few hundreds of bits/s illustrates an important feature of the Continuous-Variable QKD technology, namely its suitability for the deployment over existing telecommunications network even in conjunction with classical channels of several dBms.
16:15 .Best student paper prize, selected by the program committee
Realization of finite-size continuous-variable quantum key distribution based on Einstein-Podolsky-Rosen entanglement
Tobias Eberle, Vitus Händchen, Fabian Furrer, Torsten Franz, Jörg Duhme, Reinhard F. Werner, and Roman Schnabel
AbstractExtended abstractSlidesVideo

Continuous-variable quantum key distribution has made great progress during the last years. Recently, a security proof for a finite number of measurements with composable security against arbitrary attacks was published [1] which employs Einstein-Podolsky-Rosen (EPR) entangled states. Here, we present the first implementation of this protocol, demonstrating the feasibility of secure key generation. The implementation relies on continuous-wave quadrature-entangled states at the telecommunication wavelength of 1550 nm with unprecedented EPR entanglement and homodyne detection with a random choice of quadrature for each measurement. We further present the generation of a key which is secure under collective attacks with 108 measurements.

[1] F. Furrer, T. Franz, M. Berta, A. Leverrier, V. Scholz, M. Tomamichel, and R. Werner, Physical Review Letters 109, 100502 (2012).

16:40 Saturation attack on continuous-variable quantum key distribution system
Hao Qin, Rupesh Kumar, and Romain Alléaume
AbstractExtended abstractSlidesVideo

Continuous-variable (CV) quantum key distribution (QKD) is proven secure against collective attacks and recent works have shown progress in proving security against arbitrary attacks. Nevertheless the validity of security proofs relies on assumptions that may be violated in practical setup, opening loophole that may be exploited to mount attacks. We have studied here the consequence of detection saturation in CV QKD, and proved that it can lead to an attack on the Gaussian-modulated coherent state protocol with homodyne detection. When Bob’s homodyne detection saturates, Bob’s quadrature measurement is not linear with the quadrature sent by Alice. Such non-linearity violates assumptions in the security model. Saturation typically occurs when the input field quadrature overpasses a threshold that depends on parameters of detector’s electronics. We have experimentally confirmed this prediction by observing saturation of our homodyne detection for high local oscillator intensity. We have moreover constructed an attack that combines the intercept-resend attack with the saturation of Bob’s detector. A full intercept-resend attack can give Eve knowledge of both quadratures from Alice but will introduce two shot noise units of excess noise. The key idea in our attack is that saturation is induced by strongly displacing the mean value of the field quadratures. By resending these field quadratures with controlled displacement value, Eve can bias the evaluation of the excess noise to arbitrarily small values. Under such attack, Alice and Bob may be led to believe they have some positive ‘secure key’ and accept keys that are however totally insecure. Our saturation attack is achievable with current technology and impacts the security of a practical CV QKD system. We have however proposed a counter measure that consists in monitoring the mean value of the quadratures.
17:05 Walk over to RAC building (meet at registration desk; one of organizers will guide the group; 15 min walk)
17:30–18:30 Tour of Institute for Quantum Computing’s labs
was attended by about 75 people, far exceeding organizer’s expectations :)
Venue: Research advancement centre (RAC), University of Waterloo
The tour included:

• Superconducting quantum devices lab (PI: Adrian Lupascu): superconducting systems and hybrid solid-state devices for quantum information processing, quantum optics and metrology.
• Quantum photonics lab (PI: Thomas Jennewein): devices suitable for communication and computing with photons, ultra-long quantum communication links using terrestrial and satellite-based systems.
• CoryLab (PI: David Cory): spin-based hybrid quantum sensors and other devices – from ultra-sensitive magnetometers to full-scale quantum information processors.


Tuesday, August 6

Session chair: Yi-Kai Liu
9:00 Invited talk: Research and development of the Tokyo QKD network project
Kiyoshi Tamaki

Tokyo QKD network is a QKD project funded by NICT (National Institute of Information and Communications Technology in Japan), and many private companies and institutions, such as NEC Corporation, Mitsubishi Electric Corporation, Toshiba Corporation, NTT, Hokkaido Univ, Nagoya Univ, Gakusyuin Univ, Tohoku Univ, and Tokyo institute of technology, are involved to come up with an actual user case of QKD. In this project, we are developing QKD systems and theories of QKD. In this talk, we would like to introduce the research and development of Tokyo QKD network.
In the first part of my talk, we will present the development of our QKD system. Stable distribution of the key is one of the most important requirements that a practical QKD system must have, and we will show how stably our QKD system can distribute the key under the harsh conditions such as losses and overhead fiber transmission.
Once we have achieved stable distribution, the next issue to be considered is practical security since practical QKD systems have deviations from the device requirements that the QKD theory poses. To fill such deviations, we will present some proposals to overcome the imperfections of the QKD devices. Finally, for future QKD network, it is important to have alternative choices of protocols, as which protocol is the best one depends on the physical environment, the potential users’ demands, etc. We will introduce our recent results of security proof of a QKD protocol.
9:50 Tutorial: Extractors against classical and quantum adversaries (part 1)
Amnon Ta-Shma

Randomness extractors are hash functions that map sources with biased and correlated bits to almost-uniform sources. Extractors have found many important applications in various areas of computer science, e.g., in theoretical computer science, hardness of approximation, error correcting codes, classical and quantum cryptography and many other areas.

In the first part of the talk I will define extractors (and some related objects) in the classical and quantum setting, discuss the currently best known parameters of explicit and non-explicit constructions and present some classical and quantum applications.

The second half of the talk will be devoted to the challenge of explicitly constructing close to optimal extractors. I will present in some detail Trevisan’s construction of efficient extractors and its generalization to the quantum setting by De, Portmann, Vidick and Renner. If time permits I will also discuss some other approaches for the problem in the classical and quantum setting.

10:35 Coffee break
Session chair: Anne Broadbent
11:00 Tutorial: Extractors against classical and quantum adversaries (part 2)
Amnon Ta-Shma
11:45 Building one-time memories from isolated qubits
Yi-Kai Liu
AbstractExtended abstractSlidesVideo

One-time memories (OTM’s) are a simple type of tamper-resistant cryptographic hardware, which can be used to implement many forms of secure computation, such as one-time programs. Here we investigate the possibility of building OTM’s using “isolated qubits” — qubits that can only be accessed using local operations and classical communication (LOCC). Isolated qubits can be implemented using current technologies, such as nitrogen vacancy centers in diamond.

We construct OTM’s that are information-theoretically secure against one-pass LOCC adversaries using 2-outcome measurements. (Also, these OTM’s can be prepared and accessed by honest parties using only LOCC operations.) This result is somewhat surprising, as OTM’s cannot exist in a fully-quantum world or in a fully-classical world; yet they can be built from the combination of a quantum resource (single-qubit measurements) with a classical restriction (on communication between qubits).

Our construction resembles Wiesner’s original idea of quantum conjugate coding, implemented using random error-correcting codes; our proof of security uses entropy chaining to bound the supremum of a suitable empirical process. In addition, we conjecture that our random codes can be replaced by some class of efficiently-decodable codes, to get computationally-efficient OTM’s that are secure against computationally-bounded LOCC adversaries.

In addition, we construct data-hiding states, which allow an LOCC sender to encode an (n-O(1))-bit messsage into n qubits, such that at most half of the message can be extracted by a one-pass LOCC receiver, but the whole message can be extracted by a general quantum receiver.

12:10 Achieving the limits of the noisy-storage model using entanglement sampling
Frédéric Dupuis, Omar Fawzi, and Stephanie Wehner

The noisy-storage model (NSM) allows for the secure implementation of two-party cryptographic primitives under the assumption that the adversary cannot store quantum information perfectly. A special case is the bounded-quantum-storage model (BQSM) which assumes that the adversary’s quantum memory device is noise-free but limited in size. Ever since the inception of the BQSM [DFSS05] it has been a vexing open question to determine whether security is possible as long as the adversary can store strictly less than the number of qubits n transmitted during the protocol. In particular, it was hoped that security is possible as long as the adversary cannot store more than c·n qubits for any c<1. Here we not only provide a positive answer to this question, but show that security is even possible as long as his device is not larger than n–O(log2n) qubits. This is essentially optimal and finally settles the fundamental limits of the BQSM. Our result also significantly pushes the boundaries when security can be obtained in the NSM, and we provide the first proof that security of a BB84-based protocol can be linked to the quantum capacity of the adversary’s storage device. Our security proofs are based on a new uncertainty relation for measurements in BB84 bases that takes into account quantum side-information.

The key to our results is a powerful new tool called entanglement sampling, which can be understood as the fully quantum analogue of classical min-entropy sampling. Its reach extends beyond the applications to the NSM to the area of randomness extraction and quantum information theory. In particular, we show that entanglement sampling provides us with local quantum-to-classical randomness extractors, and yields bounds for fully quantum random access encodings.

[DFSS05] I. Damgård, S. Fehr, L. Salvail, and C. Schaffner. “Cryptography in the Bounded Quantum-Storage Model”. In: Proc. IEEE FOCS 2005, pp. 449–458, arXiv:quant-ph/0508222.

12:35 Lunch
Session chair: Wolfgang Tittel
13:40 Invited talk: Unforgeable tokens: what we can do with imperfect qubit memories
Fernando Pastawski

The beautiful concept of “quantum money” introduced by Wiesner more than four decades ago ensures that a dishonest holder of a quantum bank-note will invariably fail in any forging attempts; indeed, under assumptions of ideal measurements and decoherence-free memories such security is guaranteed by the no-cloning theorem. Stable quantum bits, capable both of storing quantum information for macroscopic time scales and of integration inside small portable devices, may provide the necessary means for implementing them.

I will report recent experimental progress on (13)C nuclear spin qubits in the vicinity of a nitrogen-vacancy (NV) color center within an isotopically purified diamond crystal. This solid-state qubit features high fidelity control, preserves its polarization for several minutes and boasts coherence lifetimes exceeding 1 second at room temperature.

Experimental progress motivates the development of secure “quantum money”-type primitives capable of tolerating realistic infidelities. I will go on to prove the rigorous security of Wiesner type schemes accommodating for noise and determining tight fidelity thresholds. These protocols require only the ability to prepare, store and measure single qubit memories, similar to those achieved using NV-centers, and could thus become a realistic possibility significantly earlier than quantum computing and many-body entanglement based protocols.

14:30 An experimental implementation of oblivious transfer in the noisy storage model
Chris Erven, Stephanie Wehner, Nick Gigov, Raymond Laflamme, and Gregor Weihs

We present the first experimental implementation of 1–2 random oblivious transfer (ROT) in the noisy storage model based on a modified entangled quantum key distribution (QKD) system. We successfully demonstrate the protocol by performing measurements on polarization-entangled photon pairs, followed by all of the necessary classical post-processing including one-way error correction. While information-theoretic security of ROT is impossible assuming only the laws of quantum mechanics, security can be restored using the minimal assumptions of the noisy storage model. The noisy storage model relies on the realistic assumption that the quantum memories of any adversaries must necessarily be noisy.
14:55 High bit rate quantum key distribution with quantified security
Marco Lucamarini, Ketaki Patel, James F. Dynes, Bernd Fröhlich, Andrew W. Sharpe, Zhiliang L. Yuan, Richard V. Penty, and Andrew J. Shields
AbstractNo permission to videotape

Information-theoretical security of quantum key distribution (QKD) has been convincingly proven in recent years and remarkable experiments have shown the potential of QKD for real world application. However, the existing gap between theoretical assumptions and practical implementation represents a severe hindrance to any further advancement. One prominent example is the precise quantification of the security level of a real QKD system, which cannot be infinite if the data sample being processed is finite. Here, we provide a direct connection between the conceptual understanding of this problem and its technological realisation. We develop a finite-size security proof and apply it to a gigahertz clocked QKD system set to provide the highest security level reported to date. The obtained secure key rates are orders of magnitude larger than in all previous comparable solutions.
15:20 Coffee break
15:50 Poster session. Posters also stay on display for the duration of the conference.
19:00–20:00 Public lecture: Quantum computing and the entanglement frontier
John Preskill

The quantum laws governing atoms and other tiny objects seem to defy common sense, and information encoded in quantum systems has weird properties that baffle our feeble human minds. John Preskill will explain why he loves quantum entanglement, the elusive feature making quantum information fundamentally different from information in the macroscopic world. By exploiting quantum entanglement, quantum computers should be able to solve otherwise intractable problems, with far-reaching applications to cryptology, materials science, and medicine. Preskill is less weird than a quantum computer, and easier to understand.

John Preskill is the Richard P. Feynman Professor of Theoretical Physics at Caltech.


Wednesday, August 7

Session chair: John Watrous
9:00 Invited talk: Classical command of quantum systems
Ben Reichardt

Quantum computation and cryptography both involve scenarios in which a user interacts with an imperfectly modelled or distrusted system. It is therefore of fundamental and practical interest to devise tests that reveal whether the system is behaving as instructed. In 1969, Clauser, Horne, Shimony and Holt proposed an experimental test that can be passed by a quantum-mechanical system but not by a system restricted to classical physics. Here we extend this test to enable the characterization of a large quantum system. We describe a scheme that can be used to determine the initial state and to classically command the system to evolve according to desired dynamics. The bipartite system is treated as two black boxes, with no assumptions about their inner workings except that they obey quantum physics. The scheme works even if the system is explicitly designed to undermine it; any misbehaviour is detected. Among its applications, our scheme makes it possible to test whether a claimed quantum computer is truly quantum. It also advances toward a goal of quantum cryptography: namely, the use of untrusted devices to establish a shared random key, with security based on the validity of quantum physics.
9:50 Tutorial: Secure multiparty quantum computation (part 1)
Michael Ben-Or
10:35 Coffee break
Session chair: Marco Piani
11:00 Tutorial: Secure multiparty quantum computation (part 2)
Michael Ben-Or
11:45 One-sided device independence of BB84 via monogamy-of-entanglement game
Marco Tomamichel, Serge Fehr, Jedrzej Kaniewski, and Stephanie Wehner

We consider a game in which two players collaborate to prepare a quantum system and are then asked to independently guess the outcome of a measurement in a random basis on that system. Intuitively, by the monogamy of entanglement, the probability that both players simultaneously succeed in guessing the outcome correctly is bounded.

We are interested in the question of how the success probability scales when this guessing game is repeated in parallel. We show a perfect parallel repetition theorem for this game, that is, we show that any strategy that maximizes the probability to win every round individually is also optimal for the parallel repetition of the game. In particular, our result implies that the optimal guessing probability can be achieved without the use of entanglement.

We explore several applications of this result. First, we show that it implies security for standard BB84 quantum key distribution when one party uses fully untrusted measurement devices. Second, we show that our result can be used to prove security of a one-round position-verification scheme. Finally, our techniques can be used to generalize a well-known uncertainty relation for the guessing probability to quantum side information.

12:10 Limits of privacy amplification against non-signalling memory attacks
Rotem Arnon-Friedman and Amnon Ta-Shma
AbstractExtended abstractSlidesVideo

The task of privacy amplification, in which Alice holds some partially secret information with respect to an adversary Eve and wishes to distill it until it is completely secret, is known to be solvable almost optimally in both the classical and quantum worlds. Unfortunately, when considering an adversary who is limited only by non-signalling constraints such a statement cannot be made in general. We consider systems which violate the chained Bell inequality and prove that under the natural assumptions of a time-ordered non-signalling system, which allow past subsystems to signal future subsystems (using the device’s memory for example), super-polynomial privacy amplification by any hashing is impossible. This is of great relevance when considering practical device independent key distribution protocols which assume a super-quantum adversary.
12:35 Conference photo
Group picture of conference participants
12:50 Excursion (with packed lunch)
Buses leave from the main conference venue Quantum-nano center (QNC) at 12:50
Options for activities are:

Visit charming village of Elora with shopping and art galleries
Tubing in Elora Gorge didn’t happen because the river was in high flow
Swimming in Elora Quarry
18:20 Conference dinner
Venue: Festival room, South campus hall (SCH), University of Waterloo
Session chair: Nicolas Gisin
20:20 After-dinner talk: Insecurity engineering
Marc Weber Tobias
Venue: Festival room, South campus hall (SCH), University of Waterloo

Traditional mechanical locks have no intelligence and limitations on the security they can offer. Within the past five years, new security technology that integrates electronic credentials with mechanical cylinders have become common in many facilities and in some cases have completely replaced mechanical keys. While these credentials may increase certain aspects of security and user options for access control, they have done little to add to the overall security of most locks, whether electro-mechanical or completely electronic-based.
Marc Weber Tobias is an investigative attorney, physical security expert, and Team Leader for a group of physical and cyber security professionals, whose task is to defeat electronic-based locks and to develop covert methods to circumvent their security, including cryptographic credentials, in seconds, without any trace. In this presentation, Marc will discuss why cryptography and the credentials it is designed to protect are largely irrelevant when considering the security of locks and access control systems. Marc will present several video segments that demonstrate a number of techniques that his team at Security Labs has developed in bypassing certain locks in order that participants can understand basic design issues and potential vulnerabilities so they can better protect their facilities and environments.
21:20–22:20 Open session: announces and other thoughts (max 3 min each)
Venue: Festival room, South campus hall (SCH), University of Waterloo
Session not videotaped


Thursday, August 8

Session chair: Jane Nordholt
9:00 Invited talk: Private-key quantum money
Scott Aaronson

Recent progress on public-key quantum money – i.e., quantum money that anyone can verify, not only the bank – gives us new tools with which to address the older problem of private-key quantum money. In this talk, I’ll discuss some new results in that direction, which include the first fully-rigorous security proof for Wiesner’s original private-key quantum money scheme (and the related BBBW scheme), and some “optimality” results for those schemes.
9:50 Tutorial: Single-photon detectors (part 1)
Krister Shalm

Single-photon detectors play a critical role in practical implementations of quantum cryptographic schemes. Recent work on attacking QKD systems have exploited vulnerabilities in these single-photon detectors. Understanding how these detectors work is, therefore, an important part of analyzing the security of a cryptographic scheme.The goal of the tutorial is to provide a high-level introduction to how detectors work. I will cover the physics behind some of the most commonly used detectors, and will also discuss a number of concepts like jitter, efficiency, after-pulsing, and dead time that are experimentally important.

10:35 Coffee break
Session chair: Christian Schaffner
11:00 Tutorial: Single-photon detectors (part 2)
Krister Shalm
11:45 Specious adversaries and quantum private information retrieval
Ämin Baumeler and Anne Broadbent
AbstractExtended abstractSlidesVideo

Our contribution is twofold. On the one hand, we show that information-theoretic single-server Quantum Private Information Retrieval requires a linear amount of communication to be secure against specious adversaries, which are the quantum analog of honest-but-curious adversaries. On the other hand, we stress the importance of adequate comparison between classical and quantum adversaries—unfair comparisons might lead to an unjustified advantage for the quantum case.
12:10 Reference frame agreement in quantum networks
Tanvirul Islam, Loïck Magnin, Brandon Sorg and Stephanie Wehner
AbstractExtended abstractSlidesVideo

In this work we design a multiparty protocol between m players to agree on a common direction without a prior reference frame shared between the players. Our protocol is tolerant to t < m/3 dishonest players with unbounded capabilities (the Byzantine problem). This is the first protocol to exchange non-fungible information in the Byzantine setting.
12:35 Lunch
Session chair: Thomas Chapuran
13:40 Invited talk: Spins and photons: toward quantum networks in diamond
Lilian Childress

Long-lived electronic and nuclear spin states have made nitrogen-vacancy (NV) defects in diamond a leading candidate for solid-state quantum information processing. Moreover, the coherent optical properties of NV defects open opportunities for long-distance transmission of quantum states. In particular, resonant optical excitation and emission enable single shot spin detection as well as observation of two-photon quantum interference, making it possible to observe long-distance entanglement between solid-state spin qubits. This talk will consider the motivation and requirements for optically-networked quantum devices, and explore challenges and opportunities for realizing them in diamond.
14:30 Network-centric quantum communications with application to critical infrastructure protection
Richard J. Hughes, Jane E. Nordholt, Kevin P. McCabe, Raymond T. Newell, Charles G. Peterson, and Rolando D. Somma
AbstractExtended abstractVideo

Network-centric quantum communications (NQC) is a new, scalable instantiation of quantum cryptography providing key management with forward security for lightweight encryption, authentication and digital signatures in optical networks. Results from a multi-node experimental test-bed utilizing integrated photonics quantum communications components, known as QKarDs, include: quantum identification; verifiable quantum secret sharing; multi-party authenticated key establishment; and single-fiber quantum-secured communications that can be applied as a security retrofit/upgrade to existing optical fiber installations. A demonstration that NQC meets the challenging simultaneous latency and security requirements of electric grid control communications, which cannot be met with conventional cryptography, is described.
14:55 A high-speed multi-protocol quantum key distribution transmitter based on a dual-drive modulator
Boris Korzh, Nino Walenta, Raphael Houlmann, and Hugo Zbinden
AbstractExtended abstractSlidesVideo

We propose a novel source based on a dual-drive modulator that is adaptable and allows Alice to choose the appropriate quantum key distribution (QKD) protocol for a given quantum channel. Based on preliminary experimental results it is revealed that the proposed transmitter is suitable for implementation of the BB84, coherent one way (COW) and differential phase shift (DPS) protocols where a quantum bit error rate of 0.8% and 1.9% was found for the time and phase bases respectively.
15:20 Experimental demonstration of polarization encoding measurement-device-independent quantum key distribution
Zhiyuan Tang, Zhongfa Liao, Feihu Xu, Bing Qi, Li Qian, and Hoi-Kwong Lo
AbstractExtended abstractSlidesVideo

Measurement-device-independent quantum key distribution (MDI-QKD) closes all potential security loopholes due to detector imperfections without compromising the performance of a standard QKD system. Here we report the first demonstration of polarization encoding MDI-QKD over 10 km optical fibers. Decoy state techniques are employed to estimate gain and error rate of single photon signals. Intensities and probability distribution of signal and decoy states are optimized. Active phase randomization is implemented to protect against attacks on the imperfect sources. A 1600-bit secure key is generated in the experiment. Our work shows that polarization encoding MDI-QKD is a practical solution to confidential communication.
15:45 Coffee break
16:15–17:45 Industry panel discussion
Topic: Future prospects for the practical deployment of quantum cryptography
Discussion not videotaped


Friday, August 9

Session chair: Richard Hughes
9:00 Invited talk: High performance single photon detectors using superconductors
Sae Woo Nam
AbstractNo permission to publish video

There is increasing interest in using superconducting optical photon detectors in a variety of applications. These applications require detectors that have extremely low dark count rates, high count rates, and high quantum efficiency. I will describe our work on two types of superconducting detectors, the Superconducting Nanowire Single Photon Detector (SNSPD or nSSPD) and superconducting Transition-Edge Sensor (TES). An SNSPD is an ultra-thin, ultra-narrow (nm scale) superconducting meander that is current biased just below its critical current density. When one or more photon is absorbed, a hot spot is formed that causes the superconductor to develop a resistance and consequently a voltage pulse. At NIST and JPL, we have been developing nanowire detectors using an amorphous alloy of tungsten-silicide. For applications requiring photon number resolution, we have been using superconducting transistion-edge sensors (TES). By exploiting the sharp superconducting-to-normal resistive transition of tungsten at 100 mK, TES detectors give an output signal that is proportional to the cumulative energy in an absorption event. This proportional pulse-height enables the determination of the energy absorbed by the TES and the direct conversion of sensor pulse-height into photon number. I will discuss our progress towards developing both types of detectors with quantum efficiencies approaching 100%.
9:50 Security analysis and experimental implementation of a relativistic bit commitment
Tommaso Lunghi, Jedrzej Kaniewski, Felix Bussieres, Raphael Houlmann, Marco Tomamichel, Adrian Kent, Nicolas Gisin, Stephanie Wehner, Hugo Zbinden

The existing relativistic bit commitment protocols (and the corresponding security proofs) assume that Alice and Bob have access to perfect devices and noiseless communication channels. Hence, they cannot be directly applied to model an experimental set-up.
In this work we extend one of the existing protocols (“Relativistic bit commitment by transmitting measurement outcomes” proposed by Adrian Kent) so it can be implemented using comercially available equipment with realistic parameters. We present a new, simpler security proof of the original protocol which can also be applied to the fault-tolerant variant. We obtain criteria on the quality of the devices used by Alice and Bob that allow for a protocol that is both robust and secure.Our results apply directly to an experiment that is being conducted between Geneva and Singapore. Hence, they form an important link between theoretical quantum cryptography and its practical implementation.
10:15 Relativistic quantum cryptography: experimental realization
Igor V. Radchenko, Konstantin S. Kravtsov, Sergei P. Kulik, and Sergei N. Molotkov

All practical implementations of QKD protocols have to rely on real optical signal sources, which are never truly single-photon. Thus, there is always a pre-defined level of optical loss in the channel, beyond which the system cannot guarantee confidentiality of generated keys, because of a non-zero probability of successful eavesdropping. Having this limit is affordable for fiber-optical links, where losses are roughly constant, but what if your channel has completely unpredictable losses as in the case of a free-space optical link? We present and experimentally demonstrate a QKD protocol, which is free from this limitation. The approach used is called relativistic quantum cryptography because it directly relies on principles of relativistic causality.
10:40 Coffee break
Session chair: Gilles Brassard
11:10 Invited talk: The structure of a world (which may be) described by quantum mechanics
Anthony Leggett

It is possible to probe the counterintuitive features of quantum mechanics (QM) experimentally in (at least) two different directions, corresponding to the two classic “paradoxes” named respectively for EPR and Schrödinger’s cat. I shall ask the question: What can we infer about the structure of the physical world (a) strictly on the basis of the experiments carried out to date, or (b) on the assumption that the predictions obtained from the formalism of QM (augmented by the standard measurement axiom) will be borne out for the indefinite future and with vanishingly small error bars? In particular, what conclusions can we draw in each case concerning the validity or not of the principles of Einstein locality, induction (“arrow of time”) and macroscopic counterfactual definiteness?
12:00 Universal uncertainty relations
Gilad Gour, Shmuel Friedman, and Vlad Gheorghiu
AbstractExtended abstractSlidesVideo

Uncertainty relations are a distinctive characteristic of quantum theory that imposes intrinsic limitations on the precision with which physical properties can be simultaneously determined. The modern work on uncertainty relations employs entropic measures to quantify the lack of knowledge associated with measuring non-commuting observables. However, I will show here that there is no fundamental reason for using entropies as quantifiers; in fact, any functional relation that characterizes the uncertainty of the measurement outcomes can be used to define an uncertainty relation. Starting from a simple assumption that any measure of uncertainty is non-decreasing under mere relabeling of the measurement outcomes, I will show that Schur-concave functions are the most general uncertainty quantifiers. I will then introduce a novel fine-grained uncertainty relation written in terms of a majorization relation, which generates an infinite family of distinct scalar uncertainty relations via the application of arbitrary measures of uncertainty. This infinite family of uncertainty relations includes all the known entropic uncertainty relations, but is not limited to them. In this sense, the relation is universally valid and captures the essence of the uncertainty principle in quantum theory.
12:25 Continuous variable entropic uncertainty relations in the presence of quantum memory
Mario Berta, Matthias Christandl, Fabian Furrer, Volkher Schultz, and Marco Tomamichel
AbstractExtended abstractSlidesVideo

We generalize entropic uncertainty relations in the presence of quantum memory [Nat. Phys. 6, 659 (2010); Phys. Rev. Lett. 106, 110506 (2011)] in two directions. First, we consider measurements with a continuum of outcomes, and, second, we allow for infinite-dimensional quantum memory. To achieve this, we introduce conditional differential entropies for classical-quantum states on von Neumann algebras, and show approximation properties for these entropies. As an example, we evaluate the uncertainty relations for position-momentum measurements, which has applications in continuous variable quantum cryptography and quantum information theory.
12:50 Lunch
Session chair: Michele Mosca
13:50 Quantum one-time programs
Anne Broadbent, Gus Gutoski, and Douglas Stebila
AbstractExtended abstractSlidesVideo

A one-time program is a hypothetical device by which a user may evaluate a circuit on exactly one input of his choice, then the device self-destructs. One-time programs cannot be achieved by software alone, as any software can be copied and re-run. However, it is known that every circuit can be compiled into a one-time program using a very basic hypothetical hardware device called a one-time memory. At first glance it may seem that quantum information, which cannot be copied, might also allow for one-time programs. But it is not hard to see that this intuition is false: one-time programs for classical or quantum circuits based solely on quantum information do not exist, even with computational assumptions. This observation begs the question, “what assumptions are required to achieve one-time programs for quantum circuits?” Our main result is that any quantum circuit can be compiled into a one-time program assuming only the same basic one-time memory devices used for classical circuits. Moreover, these quantum one-time programs achieve statistical universal composability (UC-security) against any malicious user. Our construction employs methods for computation on authenticated quantum data, and we present a new quantum authentication scheme called the trap scheme for this purpose. As a corollary, we establish UC-security of a recent protocol for delegated quantum computation.
14:15 Hot topic: Application of detection-loophole-free tests of quantum nonlocality
Bradley G. Christensen, Kevin T. McCusker, Joseph B. Altepeter, Brice Calkins, Thomas Gerrits, Adriana E. Lita, Aaron Miller, Lynden K. Shalm, Yanbao Zhang, Sae Woo Nam, Nicolas Brunner, Charles Ci Wen Lim, Nicolas Gisin, and Paul G. Kwiat
Extended abstractVideo
14:40–14:50 Concluding remarks


Saturday, August 10

8:00–16:15 Trip to Niagara Falls
Group picture from excursion to Niagara Falls