
Accepted Papers
List of Accepted Papers
- Comparing classical and quantum conditional disclosure of secretsU. Girish ; A. May ; L. Orshansky ; C. Waddell[abstract]Abstract: The conditional disclosure of secrets (CDS) setting is among the most basic primitives studied in information-theoretic cryptography. Motivated by a connection to non-local quantum computation and position-based cryptography, CDS with quantum resources has recently been considered. Here, we study the differences between quantum and classical CDS, with the aims of clarifying the power of quantum resources in information-theoretic cryptography. We establish the following results: \begin{itemize} \item We prove a $\Omega(\log \R_{0,A\rightarrow B}(f)+\log \R_{0,B\rightarrow A}(f))$ lower bound on quantum CDS where $\R_{0,A\rightarrow B}(f)$ is the classical one-way communication complexity with perfect correctness. \item We prove a lower bound on quantum CDS in terms of two round, public coin, two-prover interactive proofs. \item For perfectly correct CDS, we give a separation for a promise version of the not-equals function, showing a quantum upper bound of $O(\log n)$ and classical lower bound of $\Omega(n)$. \item We give a logarithmic upper bound for quantum CDS on forrelation, while the best known classical algorithm is linear. We interpret this as preliminary evidence that classical and quantum CDS are separated even with correctness and security error allowed. \end{itemize} We also give a separation for classical and quantum private simultaneous message passing for a partial function, improving on an earlier relational separation. Our results use novel combinations of techniques from non-local quantum computation and communication complexity.
- A rigorous and complete security proof of decoy-state BB84 quantum key distributionD. Tupkary ; S. Nahar ; A. Arqand ; E. Tan ; N. Lütkenhaus[abstract]Abstract: We present a rigorous and complete security proof of the decoy-state BB84 quantum key distribution (QKD) protocol. Our analysis aims to achieve a high standard of mathematical rigour and completeness, thereby providing the necessary foundation for certification and standardization efforts. Beyond establishing the security of a specific protocol, this work develops a general and modular framework that can be readily adapted to a broad class of QKD protocols, including both prepare-and-measure and entanglement-based variants. Our framework unifies all major ingredients required for the analysis of realistic QKD protocols, including the analysis of classical authentication and classical processing, source-replacement schemes, finite-size analysis, source maps, squashing maps, and decoy-state techniques. In doing so, this work consolidates a diverse range of techniques scattered across the QKD literature into a unified formalism, representing a general and rigorous treatment of QKD security. Finally, it outlines a clear path towards incorporating practical imperfections within the same framework, thereby laying the groundwork for addressing implementation security in future analysis.
- merged with #100:Uncloneable encryption from decouplingA. Bhattacharyya ; E. Culf[abstract]Abstract: We show for the first time that uncloneable encryption exists with no computational assumptions, with security inverse-polynomial in the security parameter. We use properties of a monogamy-of-entanglement game associated with the Haar measure encryption to guarantee that any state that succeeds with high probability cannot be close to maximally-entangled between the referee and either of the players, whence we can apply the decoupling principle to show that either player becomes completely uncorrelated, and therefore cannot win significantly better than random guessing.The uncloneable bit existsA. Bhattacharyya ; A. Broadbent ; E. Culf[abstract]Abstract: We establish quantum uncloneable encryption with unconditional security, preventing two non‑communicating adversaries from simultaneously decrypting a single ciphertext — even when both are given the key. Our construction achieves security that approaches the ideal limit at a rate that is exponentially small in the security parameter, without employing any assumptions. Our proof invokes quantum information principles in the fully quantum realm, in a novel setting of cryptography. A decoupling step certifies the statistical independence needed for randomness extraction, and monogamy of entanglement, formalised via strong subadditivity, rules out the sender being highly correlated with two non‑communicating adversaries at once. Consequently, no coordinated strategy beats random guessing of the encrypted bit, establishing unconditional uncloneability. This reveals the existence of an uncloneable bit in Nature and delineates a fundamental, physically enforced cryptographic primitive unavailable in classical settings.
- Hierarchical generation and design of tree-codes for resource-efficient loss-tolerant quantum communicationsT. Feri ; F. Cesa ; A. Bassi[abstract]Abstract: We develop protocols for generating loss-tolerant quantum tree-codes; these are designed to safeguard information against qubit losses, with wide applications in quantum communications. Contrary to previous proposals, our method enables top-to-bottom fast encoding and decoding, thereby reducing losses due to the lagging and photon-reordering at the repeater stations. At the hardware level, we show how to achieve this with a single quantum emitter equipped with a static feedback mechanism, which we leverage to engineer entangling gates between a fed-back qubit and multiple emitted qubits in parallel. In addition, analyzing typical patterns within the error-correction decoding graphs, we find optimizations of the structure of tree-codes, which enable improved performance by also reducing the code size; these are based on the introduction of asymmetries in the code, which mimic the intrinsic adaptiveness of the recovery procedure. We show numerically that these improvements together significantly enhance the loss-correction performance. Specifically, focusing on quantum repeater protocols, we show that our fast recovery scheme (decoding-encoding) allows for improved repeater rates with smaller photon numbers per code.
- On Removing Interaction from Quantum ProofsN. Spooner ; M. Tromanhauser[abstract]Abstract: An important challenge in quantum cryptography is the construction of publicly-verifiable NIZKs for QMA. Classically, one can construct NIZKs for NP in the random oracle model (and sometimes in the standard model) by compiling an honest-verifier ZK (HVZK) Σ-protocol for NP using the Fiat-Shamir transformation. Broadbent and Grilo introduced a quantum analog of a Σ-protocol (which they call a Ξ-protocol) in which the prover's first message is quantum, and show that HVZK Ξ-protocols exist for QMA. However, it is not clear how to compile such protocols into NIZKs in the (Q)ROM, because the Fiat-Shamir transformation seems to be incompatible with quantum messages. In this work we give formal evidence that this is indeed the case: we show that if generic "Fiat--Shamir-like" transformations for quantum protocols exist in the QROM (with small constant completeness error) then NP ⊆ BQP.
- Quantum Oracle Distribution Switching and its Applications to Fully Anonymous Ring SignaturesM. Beckmann ; C. Majenz[abstract]Abstract: Ring signatures are a powerful primitive that allows a member to sign on behalf of a group, without revealing their identity. Recently, ring signatures have received additional attention as an ingredient for post-quantum deniable authenticated key exchange, e.g., for a post-quantum version of the Signal protocol, employed by virtually all end-to-end-encrypted messenger services. While several ring signature constructions from post-quantum assumptions offer suitable security and efficiency for use in deniable key exchange, they are currently proven secure in the random oracle model (ROM) only, which is insufficient for post-quantum security. In this work, we provide four security reductions in the quantum-accessible random oracle model (QROM) for two generic ring signature constructions: two for the AOS framework and two for a construction paradigm based on ring trapdoors, whose generic backbone we formalize. The two security proofs for AOS ring signatures differ in their requirements on the underlying sigma protocol and their tightness. The two reductions for the ring-trapdoor-based ring signatures exhibit various differences in requirements and the security they provide. We employ the measure-and-reprogram technique, QROM straightline extraction tools based on the compressed oracle, history-free reductions and QROM reprogramming tools. To make use of Rényi divergence properties in the QROM, we study the behavior of quantum algorithms that interact with an oracle whose distribution is based on one of two different distributions over the set of outputs. We provide tight bounds for the statistical distance, show that the Rényi divergence can not be used to replace the entire oracle and provide a workaround.
- Quantification of the energy consumption of entanglement distributionK. Horodecki ; M. Winczewski ; L. Sikorski ; P. Mazurek ; M. Czechlewski ; R. Yehia[abstract]Abstract: Inspired by environmental sciences, we develop a framework to quantify the energy needed to generate quantum entanglement via noisy quantum channels, focusing on the hardware-independent, i.e. fundamental cost. Within this framework, we define a measure of the minimal fundamental energy consumption rate per distributed entanglement (expressed in Joule per ebit). We then derive a lower bound on the energy cost of distributing a maximally entangled state via a quantum channel, which yields a quantitative estimate of energy investment per entangled bit for future quantum networks. We thereby show that irreversibility in entanglement theory implies a non-zero energy cost in standard entanglement distribution protocols. We further establish an upper bound on the fundamental energy consumption rate of entanglement distribution by determining the minimal energy required to implement quantum operations via classical control. To this end, we formulate the axioms for an energy cost measure and introduce a Hamiltonian model for classically-controlled quantum operations. The fundamental cost is then defined as the infimum energy over all such Hamiltonian protocols, with or without specific hardware constraints. The study of the energy cost of a quantum operation is general enough to be naturally applicable to quantum computing and is of independent interest. Finally, we evaluate the energy demands of three entanglement distillation protocols for photonic polarization qubits, finding that, due to entanglement irreversibility, their required energy exceeds the fundamental lower bound by many orders of magnitude. The introduced paradigm can be applied to other quantum resources, with appropriate changes depending on their nature.
- Quantitative quantum soundness for all multipartite compiled nonlocal gamesX. Xu ; M. Baroni ; I. Klep ; D. Leichtle ; M. Renou ; I. Šupić ; L. Tendick[abstract]Abstract: Compiled nonlocal games transfer the power of Bell-type multi-prover tests into a single-device setting by replacing spatial separation with cryptography. Concretely, the KLVY compiler (STOC'23) maps any multi-prover game to an interactive single-prover protocol, using quantum homomorphic encryption. A crucial security property of such compilers is quantum soundness, which ensures that a dishonest quantum prover cannot exceed the original game's quantum value. For practical cryptographic implementations, this soundness must be quantitative, providing concrete bounds rather than merely asymptotic. While quantitative quantum soundness has been established for the KLVY compiler in the bipartite case, it has only been shown asymptotically for multipartite games. This is a significant gap, as multipartite nonlocality exhibits phenomena with no bipartite analogue, and the difficulty of enforcing space-like separation makes single-device compilation especially compelling. This work closes this gap by demonstrating the quantitative quantum soundness of the KLVY compiler for all multipartite nonlocal games that admit finite-dimensional optimal strategies and, more generally, by providing quantitative upper bounds for all multipartite nonlocal games. On the way, we introduce an NPA-like hierarchy for quantum instruments and prove its completeness, thereby characterizing correlations from operationally-non-signaling sequential strategies. This NPA-like hierarchy can be seen to complement previous multipartite generalizations of the S-G-HJW purification theorem, which takes a central role in quantum information, nonlocality, and contextuality. We further develop novel geometric arguments for the decomposition of sequential strategies into their signaling and non-signaling parts, which might be of independent interest.
- The Sponge is Quantum IndifferentiableS. Tokat ; G. Alagic ; J. Carolan ; C. Majenz[abstract]Abstract: The sponge is a cryptographic construction that turns a public permutation into a hash function. When instantiated with the Keccak permutation, the sponge forms the NIST SHA-3 standard. SHA-3 is a core component of most post-quantum public-key cryptography schemes slated for worldwide adoption. While one can consider many security properties for the sponge, the ultimate one is indifferentiability from a random oracle, or simply indifferentiability. The sponge was proved indifferentiable against classical adversaries by Bertoni et al. in 2008. Despite significant efforts in the years since, little is known about sponge security against quantum adversaries, even for simple properties like preimage or collision resistance beyond a single round. This is primarily due to the lack of a satisfactory quantum analog of the lazy sampling technique for permutations. In this work, we develop a specialized technique that overcomes this barrier in the case of the sponge. We prove that the sponge is in fact indifferentiable from a random oracle against quantum adversaries. Our result establishes that the domain extension technique behind SHA-3 is secure in the post-quantum setting. Our indifferentiability bound for the sponge is a loose O(poly(q)2−min(r,c)/4), but we also give bounds on preimage and collision resistance that are tighter.
- QKD Oracles for Authenticated Key ExchangeK. Hövelmanns ; D. Planken ; C. Schaffner ; S. Verschoor[abstract]Abstract: Authenticated Key Exchange (AKE) establishes shared (‘symmetric’) cryptographic keys which are essential for secure online communication. Alternatively, symmetric keys could be established via Quantum Key Distribution (QKD), which uses quantum communication. Although point-to-point QKD can offer information-theoretic security (ITS), this guarantee crucially hinges on proper implementation. In practice, QKD is expected to be combined with conventional cryptography – raising the question whether such ‘hybrid’ combinations actually preserve QKD’s main benefit, ITS. We perform an extensive review of existing AKE-QKD hybrids and their analysis. Our review shows that it is currently unclear both how to design such protocols and how to quantify their security. As our review shows, many proposed solutions do not preserve the ITS property of QKD, and finding a solution that does is less straightforward then expected. Moreover, we found that known designs do not even achieve computational security. In more detail, usage of the QKD keys needs to be coordinated across endpoints. This coordination currently requires that the keys are accompanied by a key ID. Although key IDs are introduced solely to ensure correct functionality, we show that they introduce subtle vulnerabilities – specifically, we identify dependent-key attacks on several existing protocols that arise from improper key-ID handling. To address these issues, we propose a security model for AKE-QKD hybrids that also catches dependent-key attacks. As our main conceptual contribution, we model QKD via an oracle that closely resembles the standard ETSI 014 interface. We demonstrate the usefulness of this oracle for cryptographic analyses by integrating it into a prominent security model for AKE, called CK+ model. Lastly, we present a new protocol that combines QKD with a triple-KEM handshake, and prove it secure in our integrated model. This is the first hybrid protocol that provably preserves the ITS of QKD.
- Rethinking quantum smooth entropies: Tight one-shot analysis of quantum privacy amplificationB. Regula ; M. Tomamichel[abstract]Abstract: We introduce an improved one-shot characterisation of randomness extraction against quantum side information (privacy amplification), strengthening known one-shot bounds and providing a unified derivation of the tightest known asymptotic constraints. Our main tool is a new class of smooth conditional entropies defined by lifting classical smooth divergences through measurements. A key role is played by the measured smooth Rényi relative entropy of order 2, which we show to admit an equivalent variational form: it can be understood as allowing for smoothing over not only states, but also non-positive Hermitian operators. Building on this, we establish a tightened leftover hash lemma, significantly improving over all known smooth min-entropy bounds on extractable randomness and recovering the sharpest classical achievability results. We extend these methods to decoupling, the coherent analogue of privacy amplification, obtaining a corresponding improved one-shot bound. Relaxing our smooth entropy bounds leads to one-shot achievability results in terms of measured Rényi divergences, which in the asymptotic i.i.d. limit recover the state-of-the-art error exponents of [Dupuis, IEEE T-IT 69, 7784 (2023)]. We show an approximate optimality of our results by giving a matching one-shot converse bound up to additive logarithmic terms. This yields an optimal second-order asymptotic expansion of privacy amplification under trace distance, establishing a significantly tighter one-shot achievability result than previously shown in [Shen et al., IEEE T-IT 70, 5077 (2024)] and proving its optimality for all hash functions.
- Unconditional Authentication in Quantum Key Distribution via Hybrid Entangled Physical Unclonable FunctionsN. LAURENT-PUIG ; M. Doosti ; A. Innocenzi ; E. Diamanti[abstract]Abstract: Quantum Key Distribution (QKD) enables Information-Theoretically Secure (ITS) key exchange, robust even against future quantum computing threats. However, a fundamental limitation of QKD is the requirement for an authenticated classical channel, which necessitates a pre-shared secret key. In this letter, we address this dependency by integrating a Hybrid Physical Unclonable Function (PUF) protocol. We demonstrate that this PUF-based method generates an ITS initial key under minimal explicit hardware assumptions. This approach establishes a fully ITS-authenticated QKD protocol that relies solely on hardware assumptions, effectively eliminating the need for manually pre-shared secrets. This represents a significant step toward practical realization of quantum network protocols using lightweight, readily available hardware assumptions, without weakening security guarantees.
- Security of the Fischlin Transform in the Quantum Random Oracle ModelJ. Sharma ; C. Majenz[abstract]Abstract: The Fischlin transform yields non-interactive zero-knowledge proofs with straight-line extractability in the classical random oracle model. This is done by forcing a prover to generate multiple accepting transcripts through a proof-of-work mechanism. Whether the Fischlin transform is straight-line extractable against quantum adversaries has remained open due to the difficulty of reasoning about the likelihood of query transcripts in the quantum-accessible random oracle model (QROM), even when using the compressed oracle methodology. In this work, we prove that the Fischlin transform remains straight-line extractable in the QROM, via an extractor based on the compressed oracle. This establishes the post-quantum security of the Fischlin transform, providing a post-quantum straight-line extractable NIZK alternative to Pass’ transform with smaller proof size. Our techniques include tail bounds for sums of independent random variables and for martingales as well as symmetrization, query amplitude and quantum union bound arguments.
- Composable Verification in the Circuit-Model via Magic-BlindnessS. Abdul Sater ; H. Ollivier[abstract]Abstract: As quantum computing machines move towards the utility regime, it is essential that users are able to verify their delegated quantum computations with security guarantees that are (i) robust to noise (ii) composable with other secure protocols and (iii) exponentially stronger as the number of resources dedicated to security increases. Previous works that achieve these guarantees are expressed in the Measurement-Based Quantum Computation (MBQC) model and benefit from a modular framework of verification protocols. This leaves architectures based on the circuit model---in particular those using the Magic State Injection (MSI)---with fewer options to verify their computations or with the need to compile their circuits in MBQC which leads to overheads. This paper introduces a family of noise robust, composable and efficient verification protocols for Clifford + MSI circuits that are secure against arbitrary malicious behavior. This family contains the verification protocol of Broadbent (2018, ToC), extends its security guarantees while also bridging the modularity gap between protocols for MBQC and those for the circuit model, and reducing quantum communication costs. As a result, it opens the prospect of rapid implementation tailored to near-term quantum devices. Our technique is based on a refined notion of blindness, called magic-blindness, which hides only the injected magic states---the sole source of non-Clifford computational power. This enables verification by randomly interleaving computation rounds with classically simulable, magic-free test rounds, leading to a trap-based framework for circuit verification. As a result, circuit-based quantum verification attains the same level of security and robustness previously known only in MBQC. It also reduces the quantum communication cost as transmitted qubits are required only at the locations of state injection.
- Towards Universal Quantum Tamper DetectionU. Kapshikar ; A. Broadbent ; D. Rochette[abstract]Abstract: Tamper-resilient cryptography studies how to protect data against adversaries who can physically manipulate codewords before they are decoded. The notion of tamper detection codes formalizes this goal, requiring that any unauthorized modification be detected with high probability. Classical results, starting from Jafargholi and Wichs (TCC 2015), established the existence of such codes against very large families of tampering functions—subject to structural restrictions ruling out identity and constant maps. Recent works of Boddu and Kapshikar (Quantum, 7) and Bergamaschi (Eurocrypt 2024) have extended these ideas to quantum adversaries, but only consider unitary tampering families. In this work, we give the first general treatment of quantum tamper detection against arbitrary quantum maps. We show that Haar-random encoding schemes achieve exponentially small soundness error against any adversarial family whose size, Kraus rank, and entanglement fidelity obey natural constraints, which are direct quantum analogues of the min-entropy and fixed-point restrictions in the classical setting. Our results unify and extend previous work, subsuming both the classical and unitary-only adversarial families. Beyond this, we demonstrate a fundamental separation between classical and quantum tamper detection. Classically, relaxed tamper detection (which allows either rejection or recovery of the original message) cannot protect even against the family of constant functions. This family is of size $2^n$. In contrast, we show that quantum encodings can handle this obstruction, and we conjecture and provide evidence that they may in fact provide relaxed tamper detection and non-malleable security against any family of quantum maps of size up to $2^{2^{\alpha n}}$ for any constant $\alpha <\frac{1}{2}$, leading to our conjecture on the existence of what we call \emph{universal} quantum tamper detection. Taken together, our results provide evidence that quantum tamper detection is strictly more powerful than its classical counterpart.
- How to Delete Without a Trace: Certified Deniability in a Quantum WorldA. Cakan ; V. Goyal ; J. Raizes[abstract]Abstract: Is it possible to comprehensively destroy a piece of quantum information, so that nothing is left behind except the memory of that one had it at some point? For example, various works, most recently Morimae, Poremba, and Yamakawa (TQC '24), show how to construct a signature scheme with certified deletion where a user who deletes a signature on m cannot later produce a signature for m. However, in all of the existing schemes, even after deletion the user is still able keep irrefutable evidence that m was signed, and thus they do not fully capture the spirit of deletion. In this work, we initiate the study of certified deniability in order to obtain a more comprehensive notion of deletion. Certified deniability uses a simulation-based security definition, ensuring that any information the user has kept after deletion could have been learned without being given the deleteable object to begin with; meaning that deletion leaves no trace behind! We define and construct two non-interactive primitives that satisfy certified deniability in the quantum random oracle model: signatures and non-interactive zero-knowledge arguments (NIZKs). As a consequence, for example, it is not possible to delete a signature/NIZK and later provide convincing evidence that it used to exist. Notably, our results utilize uniquely quantum phenomena to bypass Pass's (CRYPTO '03) celebrated result showing that deniable NIZKs are impossible even in the random oracle model.
- Multi-Copy Security in Quantum Cryptography and MoreA. Cakan ; V. Goyal ; F. Kitagawa ; R. Nishimaki ; T. Yamakawa[abstract]Abstract: Unclonable cryptography leverages the quantum no-cloning principle to achieve strong security guarantees that are impossible to achieve in a classical world. Most existing works in this area only consider the basic single-copy security, and there been only a few works that achieve the more realistic notion of \emph{collusion-resistance} (where adversary receives multiple keys), which is the gold standard in cryptography. Further, existing works that do consider collusion-resistance have convoluted non-black-box solutions, and are highly tailored to their own applications, with little hope to generalize, and they often re-invent the tools from both single-key quantum cryptography as well as collusion-resistant classical cryptography. Moreover, the question of \emph{multi-copy security}, where the adversary receives multiple copies of the same state (rather than merely getting multiple independently sampled keys) is almost completely open. In this work, we develop a large toolset of black-box compilers and technical lemmata for dealing with collusion-resistance and multi-copy security in quantum cryptography. Using our toolset, we obtain a large number of new feasibility results with black-box constructions, with proofs that are significantly \emph{simpler} than the existing proofs in literature. In particular, we introduce a generic compiler that upgrades single-key secure quantum protection (copy-protection/LOCC leakage-resilience/secure leasing) schemes for decryption keys to collusion-resistant secure schemes. Then, we also introduce a generic compiler that upgrades collusion-resistant primitives to achieve multi-copy security, assuming only one-way functions. Using our toolset, we obtain a large number of new feasibility results. We obtain the first multi-copy secure constructions of public-key quantum money (termed quantum coins), single-decryptor encryption (SDE), unclonable encryption, and more. We obtain the first collusion-resistant secure key-leasing scheme with a fully classical lessor. Finally, we obtain the first LOCC leakage-resilient PKE scheme with multi-copy security, thus making progress towards achieving \emph{quantum key-fire} in the plain model. Finally, as part of our toolset, we also show various technical results, such as the collusion-resistant analogue of the \emph{one-way-to-hiding (O2H) lemma}, a quantum-state analogue of the small-range-distributions lemma, a \emph{quantum pigeonhole lemma} for entangled adversaries and the first deterministic signature scheme with quantum-query security. We also show that independent-challenge security implies identical-challenge security in collusion-resistant copy-protection search games, and thus we obtain the first schemes with such security.
- Compressed Permutation OraclesJ. Carolan[abstract]Abstract: The analysis of quantum algorithms which query random, invertible permutations has been a long-standing challenge in cryptography. Many techniques which apply to random oracles fail, or are not known to generalize to this setting. As a result, foundational cryptographic constructions involving permutations often lack quantum security proofs. With the aim of closing this gap, we develop and prove soundness of a compressed permutation oracle. Our construction shares many of the attractive features of Zhandry's original compressed function oracle: the purification is a small list of input-output pairs which meaningfully reflect an algorithm's knowledge of the oracle. We then apply this framework to show that the Feistel construction with seven rounds is a strong quantum PRP, resolving an open question of (Zhandry, 2012). We further re-prove essentially all known quantum query lower bounds in the random permutation model, notably the collision and preimage resistance of both Sponge and Davies-Meyer, hardness of double-sided zero search and sparse predicate search, and give new lower bounds for cycle finding and the one-more problem.
- Non Interactive MPC, (Quantumly) RevisitedP. Ananth ; D. Bhardwaj ; A. Gupte[abstract]Abstract: Classical non-interactive secure computation, despite being extensive studied, suffers from an inherent barrier: adversaries can learn the entire residual function via resetting attacks. We investigate whether quantum resources can circumvent this barrier and restrict adversarial leakage. Our results are as follows: 1. Definitions: We introduce new security definitions for the one-message MPC and 2PC settings that restrict the amount of adversarial leakage compared to prior classical definitions. 2. MPC: There exist information-theoretically secure one-message multi-party computation protocols in the oracle model in both the quantum pre-processing and classical pre-processing settings. 3. 2PC: There exist semi-honest secure one-message two-party computation for (randomized) pseudorandom functionalities in the plain model based on LWE and maliciously secure one-message two-party computation for (randomized) constrained functionalities in the CRS model based on iO. Prior work by [Gupte, Liu, Raizes, Roberts and, Vaikuntanathan STOC 2025] achieved semi-honest security based on iO. Our results demonstrate the power of quantum information to circumvent barriers in classical secure computation.
- Chip-based Long-distance Twin-field Quantum Key Distribution NetworksY. Zheng ; H. Wang ; X. Jia ; J. Huang ; H. Yuan ; L. Chang ; J. Wang[abstract]Abstract: We demonstrate a scalable integrated photonic network for twin-field quantum key distribution (TF-QKD). The architecture employs a star topology, utilizing a server-side Si3N4 optical microcomb and 20 monolithically integrated InP transmitter chips. Coherent comb lines are used to seed client lasers, enabling wavelength-division multiplexing and ensuring stable interference. Sequential pairwise TF-QKD is performed across ten channels among 20 users, with each channel surpassing the repeaterless secret-key-capacity bound at a distance of 370 km. This yields an overall networking capability of 3,700 km. Wafer-scale chip reproducibility confirms the platform’s practicability for building large-scale quantum communication networks. Furthermore, we demonstrate a design utilizing a broadly tunable on-chip laser, which is expected to cover the entire telecommunication C-band. This approach enables dozens of wavelength channels to operate in parallel, thereby scaling the network capacity up to hundred-user-level.
- Continuous-variable quantum communication over hybrid channelsA. Hajomer ; H. Nguyen ; U. Andersen ; T. Gehring ; E. Rossi ; M. Sabatini ; Y. Pi´etri ; M. Avesani ; F. Vedovato ; G. Vallone ; P. Villoresi ; I. Derkach ; V. Usenko[abstract]Abstract: Quantum communication is advancing toward large-scale quantum networks, with quantum key distribution (QKD) serving as a key driving technology. However, seamless interoperability between fiber-based and free-space links remains a major challenge for heterogeneous quantum networks. Here we report, to the best of our knowledge, the first continuous-variable QKD (CV-QKD) system distributing secret keys using both coherent and squeezed states over a hybrid channel composed of a 620m free-space link followed by 2km of optical fiber, corresponding to a total loss of 20 dB. Daylight operation is enabled by intrinsic mode filtering provided by a locally generated local oscillator, eliminating the need for complex spectral or spatial filtering. In addition, we introduce an optimized binning strategy that mitigates free-space transmittance fluctuations, resulting in an average of 45% increase in the secure key rate. These results demonstrate the feasibility of CV-QKD across hybrid optical channels and highlight its potential as a plug-and-play solution for heterogeneous quantum networks integrating fiber and free-space infrastructure.
- Post-quantum security of block cipher constructionsG. Alagic ; C. Bai ; C. Majenz ; K. Shi[abstract]Abstract: Block ciphers are versatile cryptographic ingredients that are used in a wide range of applications ranging from secure Internet communications to disk encryption. While post-quantum security of public-key cryptography has received significant attention, the case of symmetric-key cryptography (and block ciphers in particular) remains a largely unexplored topic. In this work, we set the foundations for a theory of post-quantum security for block ciphers and associated constructions. Leveraging our new techniques, we provide the first post-quantum security proofs for the key-length extension scheme FX, the tweakable block ciphers LRW and XEX, and most block cipher encryption and authentication modes. Our techniques can be used for security proofs in both the plain model and the quantum ideal cipher model. Our work takes significant initial steps in establishing a rigorous understanding of the post-quantum security of practical symmetric-key cryptography.
- Hybrid Quantum Cryptography from Communication Complexity: From Theory to Experimental benchmarkingF. Mazzoncini ; B. Bauer ; H. Defienne ; P. Brown ; S. Gigan ; R. Alléaume[abstract]Abstract: We present complementary theoretical and experimental contributions bridging quantum cryptography and communication complexity. In our theory paper, we introduce a hybrid key distribution protocol achieving everlasting security while transmitting multiple photons per channel use, potentially surpassing fundamental QKD rate limits. The security proof for this protocol is based on a reduction that leverages the quantum advantage in communication cost between classical and quantum one-way communication complexity problems. Building on this theoretical foundation, our experimental work investigates the feasibility of demonstrating such quantum advantages in communication complexity using a reconfigurable and scalable optical platform based on wavefront shaping techniques.
- Reference-beam attacks against OIL-based Twin-Field QKDS. Juárez ; A. Marcomini ; M. Petrov ; R. Woodward ; T. Dowling ; R. Stevenson ; M. Curty ; D. Rusca[abstract]Abstract: Twin-field quantum key distribution (TF-QKD) has become a leading protocol to bring quantum communications to the national scale. The protocol requires the establishment of a shared phase and frequency reference between distant parties, which is commonly achieved by using an external reference laser in an optical injection locking (OIL) architecture. In this work, we analyze the side channels in OIL-based TF-QKD that may arise from adversarial manipulation of the various degrees of freedom of this untrusted reference beam. We experimentally demonstrate two realistic attack scenarios: fast intensity modulation of the reference laser, and additional signals embedded in the reference light exploiting wavelengths undetectable by conventional monitoring techniques. These attacks can allow a potential eavesdropper to deterministically increase the mean photon number of the sources, or circumvent the decoy-state technique, respectively. To counter these vulnerabilities, we propose practical and highly effective countermeasures that reinforce the security of TF-QKD systems without significant additional complexity or performance degradation.
- Rigorous phase-error-estimation security framework for QKD with correlated sourcesG. Currás-Lorenzo ; M. Pereira ; K. Tamaki ; M. Curty[abstract]Abstract: Practical QKD modulators introduce correlations between consecutively emitted pulses due to bandwidth limitations, violating key assumptions underlying many security proof techniques. Here, we address this problem by introducing a simple yet powerful mathematical framework to directly extend phase-error-estimation-based security proofs for imperfect but uncorrelated sources to also incorporate encoding correlations. Our framework overcomes important limitations of previous approaches in terms of generality and rigor, significantly narrowing the gap between theoretical security guarantees and real-world QKD implementations.
- The uncloneable bit existsA. Bhattacharyya ; A. Broadbent ; E. Culf[abstract]Abstract: We establish quantum uncloneable encryption with unconditional security, preventing two non‑communicating adversaries from simultaneously decrypting a single ciphertext — even when both are given the key. Our construction achieves security that approaches the ideal limit at a rate that is exponentially small in the security parameter, without employing any assumptions. Our proof invokes quantum information principles in the fully quantum realm, in a novel setting of cryptography. A decoupling step certifies the statistical independence needed for randomness extraction, and monogamy of entanglement, formalised via strong subadditivity, rules out the sender being highly correlated with two non‑communicating adversaries at once. Consequently, no coordinated strategy beats random guessing of the encrypted bit, establishing unconditional uncloneability. This reveals the existence of an uncloneable bit in Nature and delineates a fundamental, physically enforced cryptographic primitive unavailable in classical settings.
- High-Performance Laser Written Heterodyne Receiver for Photonic Quantum Information ProcessingT. Bertapelle ; A. Peri ; G. Gualandi ; M. Sabatini ; G. Corrielli ; Y. Piétri ; D. Marangon ; G. Vallone ; P. Villoresi ; R. Osellame ; M. Avesani[abstract]Abstract: Continuous‑Variable Quantum Key Distribution (CV‑QKD) and Quantum Random Number Generation (CV‑QRNG) are crucial technologies relying on shot‑noise‑limited coherent detection to enable secure communication and high‑speed randomness generation. Integrated photonics plays a central role in advancing these technologies, offering compact, scalable, and efficient implementations. In this work, we introduce Femtosecond Laser Micromachining (FLM) on borosilicate glass as a novel platform for Photonic Integrated Circuits (PICs) tailored to coherent detection in quantum information processing. Using off‑chip detectors, we exploit the versatility of FLM to realize a PIC designed for CV‑QKD and CV‑QRNG. The device features fully tunable optical components, low insertion loss ($\leq$ 1.28 dB), polarization‑insensitive operation, and a Common‑Mode Rejection Ratio (CMRR) exceeding 73 dB. These capabilities enable the experimental demonstration of a Source‑device‑Independent CV‑QRNG with a secure rate of 42.74 Gbps and a QPSK‑based CV‑QKD system achieving a 3.2 Mbit/s secret key rate. Our results establish FLM as a promising integrated‑photonics platform for scalable, high‑performance quantum communication systems.
- Long-Distance Free-Space Twin-Field Quantum Key Distribution towards Satellite-based Quantum NetworkM. Wang[abstract]Abstract: Twin-field quantum key distribution (TF-QKD) offers inherent immunity to all measurement-device attacks and scales the secure key rate from a linear to a square-root dependence on channel loss. It is essential to implement TF-QKD in the future global-scale quantum communication network. Toward this goal, we investigate the feasibility of implementing single-photon interference and TF-QKD with moving satellites, carefully considering the influence of orbital-induced Doppler shift. We report an experimental demonstration of TF-QKD over a 14.2 km atmospheric channel, featuring physical emulation and active compensation of the Doppler shift. The achieved secure key rate surpasses the repeaterless capacity bound, marking a pivotal advance toward deploying satellite-based quantum networks.
- Reliable Entropy Estimation for device-independent QKD based on Layer-Cake Representations of DivergencesG. Koßmann ; R. Schwonnek[abstract]Abstract: See extended abstract.
- QKD with local self-testing: device-independent security and device-dependent performanceG. Koßmann ; M. Berta ; R. Schwonnek ; A. Bluhm[abstract]Abstract: See the extended abstract.
- Quantum-Secure Private Inference from Vacuum FluctuationsK. Sulimany ; S. Vadlamani ; R. Hamerly ; P. Iyengar ; D. Englund[abstract]Abstract: We show that the vacuum fluctuations of coherent light can serve as a cryptographic resource for private neural-network inference. A server encodes proprietary model weights into weak coherent states; a client computes the inference optically and returns a certificate state whose excess noise the server verifies. Weight-leakage bounds derived via the Holevo theorem hold against all IID attacks, including non-Gaussian ones. Data-leakage bounds derived via Cramér–Rao inequalities hold against individual attacks with arbitrary probes and collective attacks with Gaussian probes. On MNIST, the protocol achieves >95% accuracy with leakage below 0.1 bits per weight and per data element, an order of magnitude below the precision needed for functional inference. All components are standard CV-QKD hardware. Published in Physical Review X 15, 041056 (2025).
- Simplified quantum key distribution implementation secure against state preparation flawsA. Agulleiro ; F. Grünenfelder ; R. Houlmann ; A. Blázquez ; H. Zbinden ; D. Rusca[abstract]Abstract: We present a system implementing a three-state BB84 protocol with time-bin encoding, one decoy and a simplified measurement scheme that uses passive basis choice. Our implementation simplifies the state characterization with respect to previous iterations. We also adapt the loss-tolerant method to our protocol, thus dealing with the measured state preparation flaws. We compare the obtained phase error rate and secret key rate when including the state imperfections and when assuming perfect states. Our results highlight the importance of characterization and implementation security.
- Robust One-Sided Device-Independent Quantum Key Distribution via High-Dimensional SteeringM. Mothsara ; G. Murta ; M. Malik ; S. Goel ; B. Ghosh ; V. Srivastav ; W. McCutcheon[abstract]Abstract: Quantum key distribution (QKD) brings the promise of communication with information-theoretic security, but is limited in practice due to its susceptibility to noise, losses, and difficulty in accounting for device imperfections. To address these challenges, we propose a robust high-dimensional (HD) one-sided device-independent QKD (1sDI-QKD) protocol whose security is certified through the violation of steering inequalities. Motivated by recent demonstrations of steering in high-dimensional systems with enhanced robustness to noise and loss [PhysRevX.12.041023], we present a systematic security analysis of HD 1sDI-QKD protocols leveraging quantum steering to certify security. We analyze the achievable secret key rates for protocols with different measurement configurations and system dimensions, combined with the reverse reconciliation scheme, which leads to significant improvements in secret key rates. Our results demonstrate two key advantages: (i) the protocols offer enhanced robustness of the key rates against noise and loss in comparison to fully device-independent QKD, and (ii) the key rate performance shows favorable scaling with increasing dimensions. Finally, we characterize the noise-loss trade-off, highlighting the feasibility of HD 1sDI-QKD in practical scenarios. We further demonstrate progress towards a proof-of-concept experimental implementation of HD 1sDI-QKD by exploring multi-outcome projective measurements across all mutually unbiased bases up to dimension 11. We observe steering violations demonstrating advantages for QKD up to dimension 7 under the fair-sampling assumption. Finally, we discuss perspectives towards a loophole-free implementation of 1sDI-QKD.
- Proofs of Quantum MemoryM. Hhan ; T. Morimae ; Y. Okinaka ; T. Yamakawa[abstract]Abstract: With the rapid advances in quantum computer architectures and the emerging prospect of large-scale quantum memory, it is becoming essential to classically verify that remote devices genuinely allocate the promised quantum memory with a specified number of qubits and coherence time. In this paper, we introduce a new concept, proofs of quantum memory (PoQM). A PoQM is an interactive protocol between a classical probabilistic polynomial-time (PPT) verifier and a quantum polynomial-time (QPT) prover over a classical channel where the verifier can verify that the prover has possessed a quantum memory with a certain number of qubits during a specified period of time. PoQM generalize the well-studied notion of proofs of quantumness (PoQ) [Brakerski, Christiano, Mahadev, Vazirani, and Vidick, JACM 2021] where a classical verifier can verify that the prover is not classical. Our contributions are summarized as follows: - We introduce a formal definition of PoQM. We also introduce a variant of PoQM, which we call inefficient-verifier PoQM (IV-PoQM), where the verifier's final computation to make the decision is not necessarily efficient. Clearly, PoQM imply IV-PoQM. - We construct PoQM based on the hardness of LWE. Specifically, we give two constructions of PoQM. The first one is of two-round (i.e., four-message) and has negligible soundness error under the subexponential-hardness of LWE. The second one is of polynomial-round and has inverse-polynomial soundness error under the polynomial-hardness of LWE. - As a lowerbound of IV-PoQM (and therefore PoQM), we show that IV-PoQM imply one-way puzzles. Moreover, we show that a certain restricted version of PoQM implies quantum computation classical communication (QCCC) key exchange, which suggests the difficulty of black-box constructing PoQM from one-way functions. - We show that constant-round PoQ imply PoQM or single-round PoQ (with a quantum verifier). Single-round PoQ are ``trivial'' PoQ in the sense that the verifier asks the prover to solve a classical problem which is quantumly easy but classically hard. The result therefore demonstrates that PoQM capture ``genuinely-interactive'' PoQ. - We show that if constant-round IV-PoQ that are black-box constructed from quantumly-secure falsifiable assumptions exist then IV-PoQM exist. This result implies that IV-PoQM can be constructed from quantumly-secure constant-round statistically-hiding commitments (and therefore from quantumly-secure collision-resistant hash functions).
List of Accepted Posters
- Quantum resources for everlasting communication securityA Kodukhov ; D Kronberg ; V Pastushenko ; M Pflitsch ; V Vinokur[abstract]Abstract: Quantum cryptography provides everlasting secure communication - a property unattainable by classical or post-quantum cryptography. Traditionally, quantum cryptography proclaims everlasting security by relying on principles such as the no-cloning theorem, Bell inequalities, or the uncertainty principle, along with the standard assumption that legitimate users have no control over the communication channel. In this study, we demonstrate that other, nontraditional quantum effects and techniques boost quantum cryptography performance while maintaining everlasting security of communication. In particular, legitimate users can exploit the physical properties of optical fiber channels - specifically, that all losses are caused by Rayleigh scattering and are therefore homogeneously distributed. This quantum property can be combined with quantum tomography of the fiber channel, which reveals the spatial loss distribution and potential eavesdropping attempts. Finally, we present a detailed framework for constructing a security statement applicable to arbitrary cryptographic solutions and distinguish it from formal security theorems proven within idealized mathematical models of cryptographic setups.
- Authentication in Security Proofs for Quantum Key DistributionD Tupkary ; S Nahar ; E Tan[abstract]Abstract: Quantum Key Distribution (QKD) protocols rely on authenticated classical communication. Typical QKD security proofs are carried out in an idealized setting where authentication is assumed to behave honestly: it never aborts, and all classical messages are delivered faithfully with their original timing preserved. Authenticated channels that can be constructed in practice have different properties. Most critically, such channels may abort asymmetrically, such that only the receiving party may detect an authentication failure while the sending party remains unaware. Furthermore, an adversary may delay, reorder, or block classical messages. This discrepancy renders the standard QKD security definition and existing QKD security proofs invalid in the practical authentication setting. In this work we resolve this issue. Our main result is a reduction theorem showing that, under mild and easily satisfied protocol conditions, any QKD protocol proven secure under the honest authentication setting remains secure under a practical authentication setting. This result allows all existing QKD proofs to be retroactively lifted to the practical authentication setting with a minor protocol tweak.
- Transmitter-device-independent quantum key distributionQ ZENG ; A Mishra ; H WANG ; Z Yuan[abstract]Abstract: Transmitter-device-dependence is a longstanding but often implicit problem in quantum key distribution (QKD), as compared to measurement-device-dependence. Quantum steering conceptually designates the sender and receiver in entanglement certification, offering an intuitive solution to transmitter-sided dependence. The well-known one-sided device-independent (1sDI) protocols exploit quantum steering as a resource to relax the security conditions of device-independent (DI) framework, yet provokes underlying signaling loophole. Here we formalize transmitter-device-independence based on the faithful quantum steering and propose a transmitter-device-independent (TDI) QKD protocol that closes the signaling loophole, thereby defending against common transmitter-side attacks. In a proof-of-principle experiment we validate our proposal obtaining a key-rate in the asymptotic limit of 1~kbps at a fiber transmission of 27~km. By implementing TDI security while maintaining strong loss tolerance, our approach bridges the gap between security and practicality for real-world QKD deployments.
- Effective discrete-modulated CVQKD under general attacksM Navarro ; A Acín ; C Pascual[abstract]Abstract: Continuous variable quantum key distribution via discrete modulations (DM CVQKD) ensures information-theoretic security using standard telecom technologies, providing affordable and scalable quantum communications with simplified classical postprocessing. However, existing security proofs against general attacks often rely on restrictive assumptions, such as a bounded dimension for coherent states, or require impractically large block sizes. In this work, we develop a finite-size security analysis that removes these limitations while incorporating realistic experimental features. Our approach combines the dimension reduction technique, a security proof based on the marginal-constrained entropy accumulation, and a trusted detector model accounting for the receiver imperfections. We report positive key rates in the finite-size regime for relevant block sizes of the order of 10^8. These results contribute to narrowing the gap between theoretical security proofs and practical implementations of DM CVQKD systems.
- Quantum repeaters with error detection and sequential entanglement swappingJ Rey Domínguez ; M Razavi[abstract]Abstract: Quantum repeaters are enabling technologies for long-distance quantum communications. Despite the significant progress in the field, we still not only face implementation challenges but also need theoretical solutions that better meet all the desired design criteria. Preliminary solutions for quantum repeaters often do not scale well, while the most advanced solutions are so demanding that their implementation may take a long time and require substantial changes to current telecom infrastructure. In this paper, we propose a compromise solution that is not only scalable in the mid-to-long term but also adapts well to the realities of the backbone networks in the current Internet infrastructure. The key ideas behind our solution are twofold. First, we use a hop-by-hop approach to entanglement swapping, allowing our solution to benefit from the same features as packet-switched networks. Second, we employ simple error detection, rather than more complicated error correction, techniques to make our solution sufficiently scalable in the face of errors. This is achieved without requiring overly demanding specifications for the physical devices needed in the network. We test this idea in a quantum key distribution (QKD) setting over a repeater chain and demonstrate how trust-free continental QKD can be achieved through several stages of development.
- A complexity theory for non-local quantum computationA Bluhm ; S H\"{o}fer ; A May ; M Stasiuk ; P Lunel ; H Yuen[abstract]Abstract: Non-local quantum computation (NLQC) replaces a local interaction between two systems with a single round of communication and shared entanglement. Despite many partial results, it is known that a characterization of entanglement cost in at least certain NLQC tasks would imply significant breakthroughs in complexity theory. Here, we avoid these obstructions and take an indirect approach to understanding resource requirements in NLQC, which mimics the approach used by complexity theorists: we study the relative hardness of different NLQC tasks by identifying resource efficient reductions between them. Most significantly, we prove that $f$-measure and $f$-route, the two best studied NLQC tasks, are in fact equivalent under $O(1)$ overhead reductions. This result simplifies many existing proofs in the literature and extends several new properties to $f$-measure. For instance, we obtain sub-exponential upper bounds on $f$-measure for all functions, and efficient protocols for functions in the complexity class $\mathsf{Mod}_k\mathsf{L}$. Beyond this, we study a number of other examples of NLQC tasks and their relationships.
- Why modelling randomness requires going beyond standard quantum information theoryR Wolf ; R Renner[abstract]Abstract: Standard quantum information theory (QIT) quantifies correlations and independence using joint quantum states of physical systems. However, this formalism becomes insufficient when modelling randomness, since this requires talking about correlations between spacetime regions, which generally do not admit a well-defined quantum state description. Here, we show why modelling randomness therefore requires going beyond the standard QIT framework. We introduce a formalism that explicitly incorporates spacetime structure by representing global information in a "panorama" Hilbert space and associating spacetime regions with representations obtained through extraction maps. This allows correlations and independence to be defined even when the corresponding spacetime regions cannot be jointly described by a quantum state. Our approach provides a conceptual and mathematical basis for analysing randomness generation and other cryptographic tasks whose security fundamentally depends on spacetime structure.
- Finite-size quantum key distribution rates from Rényi entropies using conic optimizationM Navarro ; A Lorente ; P Parellada ; C Pascual-García ; M Araújo[abstract]Abstract: Finite-size general security proofs for quantum key distribution based on Rényi entropies have recently been introduced. These approaches are more flexible and provide tighter bounds on the secret key rate than traditional formulations based on the von Neumann entropy. However, deploying them requires minimizing the conditional Rényi entropy, a difficult optimization problem that has hitherto been tackled using ad-hoc techniques based on the Frank-Wolfe algorithm, which are unstable and can only handle particular cases. In this work, we introduce a method based on non-symmetric conic optimization for solving this problem. Our technique is fast, reliable, and completely general. We illustrate its performance on several protocols, whose results represent an improvement over the state of the art.
- Deterministic randomness extraction for quantum random number generation with partial trustP Pueyo ; T Martos ; G Senno[abstract]Abstract: It is a well-known fact in classical information theory that no deterministic procedure can extract close-to-ideal randomness from an arbitrary entropy source. On the other hand, if additional knowledge about the source is available—e.g., that it is a sequence of independent Bernoulli trials—then deterministic extractors do exist. For quantum entropy sources, where in addition to classical random variables we consider quantum side information, the use of extra knowledge about their structure was pioneered in a recent publication [C. Foreman and L. Masanes, Quantum 9, 1654 (2025)]. In that work, the authors provide deterministic extractors for device-independent randomness generation with memoryless devices achieving a sufficiently high CHSH score. In this work, we port their construction to the prepare-and-measure scenario. Specifically, we prove that the considered functions are also extractors for memoryless devices in settings with partial trust, either in the state preparation or in the measurement, as well as in a semi-device-independent setting under an overlap assumption on the prepared quantum states. Within this last setting, we simulate the resulting randomness generation protocol on a novel and experimentally relevant family of behaviors, observing positive key rates already for 7x10^3 rounds.
- Exact Non-Identity Check and Gate-Teleportation-Based Indistinguishability Obfuscation at Low T-DepthJ Nevin[abstract]Abstract: In 2021, Broadbent and Kazmi developed a gate-teleportation-based protocol for computational indistinguishability obfuscation of quantum circuits. This protocol is efficient for Clifford+T circuits with logarithmically many T-gates, where the limiting factor in the efficiency of the protocol is the difficulty, on input a quantum circuit C, of the classical task of producing a description of the unitary obtained by conjugating a Pauli P (corresponding to a Bell-measurement outcome) by C, where this description only depends on the input-output functionality of the conjugate of P by C. The task above, in turn, is at least as hard as the problem of determining whether two n-qubit quantum circuits are perfectly equivalent up to global phase (Exact Non-Identity Check, ENIC), which is known to be NQP-complete (Tanaka, 2010). Motivated by this, we consider in this work what happens when we pass from low T-count to low T-depth. We show that, for Clifford+T-circuits of T-depth O(log(n)), deciding ENIC remains NP-hard. In particular, we show this by relating certain decision problems on Pauli coefficients of Clifford+T unitaries to well-known hardness results for codeword weights in binary linear codes. This effectively rules out the possibility, for Clifford+T-circuits of logarithmic T-depth, of either efficient ENIC or efficient gate-teleportation-based computational indistinguishability obfuscation, unless P = NP.
- Twin-field quantum key distribution with dual-band integrated photonic chipsJ Lin ; H Yuan ; L Zhou ; Z Yuan ; W Shi[abstract]Abstract: Twin-field quantum key distribution (TF-QKD) promises long-distance quantum networks, but practical deployment demands compact and phase-stable hardware--requirements well matched by thin-film lithium niobate (TFLN) electro-optic photonics. Here, we propose and demonstrate a coherent dual-band TFLN chip to enable system miniaturization and an open-channel architecture. EO-comb generation and quantum signal encoding are monolithically integrated on a single chip. Coherent on-chip comb lines serve as channel references for fast and robust phase stabilization. Using this integrated platform, we demonstrate TF-QKD over a 508 km fiber link, achieving a quantum bit error rate below 0.5% and a secure key rate that surpasses the linear rate limit by a factor of 2.67. These results establish integrated TFLN photonics as a scalable and robust solution for practical, long-distance quantum communication.
- Randomness from causally independent processesM Sandfuchs ; C Ferradini ; R Renner[abstract]Abstract: We consider a pair of causally independent processes, modelled as the tensor product of two channels, acting on a possibly correlated input to produce random outputs X and Y. We show that, assuming the processes produce a sufficient amount of randomness, one can extract uniform randomness from X and Y. This generalizes prior results, which assumed that X and Y are (conditionally) independent. Note that in contrast to the independence of quantum states, the independence of channels can be enforced through spacelike separation. As a consequence, our results allow for the generation of randomness under more practical and physically justifiable assumptions than previously possible. We illustrate this with the example of device-independent randomness amplification, where we can remove the constraint that the adversary only has access to classical side information about the source.
- Towards a Versatile Continuous-Variable Quantum Key Distribution Transceiver for Reconfigurable NetworksT Liege ; T Bertapelle ; A Rosio ; G Vallone ; E Diamanti ; P Villoresi ; M Avesani ; Y Piétri[abstract]Abstract: Key exchange over an untrusted communication channel is a crucial step in modern cryptographic protocols, yet current approaches rely on computational assumptions to ensure their security. However, these assumptions may be undermined by an adversary possessing quantum computational capabilities. Quantum Key Distribution (QKD), both in its Discrete Variable (DV) and Continuous Variable (CV) format, is a way to counter this threat. By exploiting the principles of quantum mechanics, QKD enables the development of unconditionally secure protocols, providing a lasting solution that can withstand adversaries regardless of their computational resources. Between DV and CV, the latter is particularly appealing if speed and compatibility with the current fiber telecom infrastructure are considered. In fact, CV-QKD systems can benefit from coherent receivers and widely accessible fiber-based commercial telecom components. Despite this, several practical tasks must be addressed to enable such systems targeting field-deployed real-world scenarios. Among these are the integration of a Quantum Random Number Generator, real-time estimation of key system parameters necessary to compute the Secret Key Rate and network reconfigurability. This study presents a CV-QKD architecture integrating a coherent receiver at the transmitter, enabling secure quantum randomness generation and in-line estimation of key parameters for secret-key-rate computation, advancing the deployment over existing telecom networks.
- Quantum-Switch-Verified Zero-Knowledge and One-Way State Generators in the Bounded Quantum Storage ModelM Mordarski[abstract]Abstract: Classical zero-knowledge proofs for \NP-complete problems rest on computational hardness that quantum algorithms threaten, while information-theoretic zero-knowledge for \NP\ is believed impossible in the unconstrained model. An information-theoretically secure, three-message zero-knowledge interactive proof for Hamiltonian Cycle (\HC) in a \emph{symmetric} bounded quantum storage model (\BQSM) is presented here: soundness rests on a commitment that binds even an \emph{unbounded} prover, while zero-knowledge rests only on the verifier's bounded coherent memory, so security is \emph{everlasting}. The construction divides the three geometric requirements of a Hamiltonian cycle – spanning $2$-regularity, even degree, and connectivity -- among the tools best suited to each: a \BQSM\ commitment to a blinded adjacency matrix carries isomorphism and binding, a classical depth-first search carries connectivity, a classical count carries the degree, and a coherently controlled \emph{quantum switch} certifies the even-degree (parity) property by routing it onto a single, deterministic control-qubit outcome. The geometric core is an exact algebraic identity: the global transversal $A=\bigotimes_v X_v$ and the edge operator $B=\prod_{e\in\sigma}\mathrm{CZ}_e$ satisfy $X^{\bm a}\ket{H}=(-1)^{f_H(\bm a)}Z^{\Adj(H)\bm a}\ket{H}$, so the switch acts as a non-destructive meter for membership of a bit-vector in the $\F_2$-kernel of the adjacency matrix, of which ``every degree even'' is the all-ones case. The same identity assigns the control outcome a second meaning -- the length parity (bipartiteness) of the certified cycle -- so one control qubit reports two independent invariants at once. On an accepting run, the switch returns the verified cycle state $\ket{\pi(C)}$ \emph{intact} while contributing \emph{exactly zero} to the zero-knowledge trace distance; perfect zero-knowledge is local to this subroutine, while the full protocol is statistically zero-knowledge with the only negligible leakage coming from the commitment. Complete proofs of completeness, soundness against unbounded provers, and statistical zero-knowledge are given, the underlying primitive is formalised as a bounded-storage one-way state generator ($\BQSM$-$\OWSG$), and the simulator advantage is bounded as a graceful function of a control-address leakage rate. For Hamiltonian Cycle, the switch is realisable as a textbook Hadamard test -- no indefinite causal order is needed -- and the system register need not be transmitted, lowering the honest prover's coherent memory to $O(1)$. The indefinite causal order earns its keep in a companion regime: for two Pauli operations, the switch reads their symplectic inner product onto one control bit non-destructively, with a single use of each, a task no fixed-order circuit matches. Multidisciplinary applications close the paper -- certified $\F_2$-linear-algebra queries on graph states, non-destructive verification for analogue quantum simulators, structure-certified randomness, and proof tokens via Fiat--Shamir.
- Experimental Quantum Electronic VotingN LAURENT-PUIG ; M BARONI ; F CENTRONE ; E DIAMANTI[abstract]Abstract: Quantum information protocols offer significant advantages in properties such as security, anonymity, and privacy for communication and computing tasks. An application where guaranteeing the highest possible security and privacy is critical for democratic societies is electronic voting. As computational power continues to evolve, classical voting schemes may become increasingly vulnerable to information leakage. In this work, we present the experimental demonstration of an information-theoretically secure and efficient electronic voting protocol that, crucially, does not rely on election authorities, leveraging the unique properties of quantum states. Our experiment is based on a high-performance source of Greenberger–Horne–Zeilinger (GHZ) states and realizes a proof-of-principle implementation of the protocol in two scenarios: a configuration with four voters and two candidates employing privacy enhancement techniques and an election scenario supporting up to eight voters and sixteen candidates. The latter is particularly well-suited for secure board-level elections within organizations or small-scale governmental contexts.
- Detecting Blinding Attacks Using Waveguide-Integrated Superconducting Nanowire Single-Photon DetectorsC Graham-Scott ; R Jaha ; K Zaitsev ; P Acheva ; R Terhaar ; W Pernice ; V Makarov ; C Schuck[abstract]Abstract: Quantum key distribution (QKD) promises information-theoretic security, yet practical implementations remain vulnerable to device-level attacks such as detector blinding. In such attacks, an eavesdropper can apply optical pulses of increased optical power to manipulate single-photon detectors, gaining control over the receiver’s electrical output and compromising the key. While superconducting nanowire single-photon detectors (SNSPDs) offer high efficiency, low dark counts, and excellent timing, they are not immune to these attacks. Existing countermeasures either require additional hardware or complex protocols, often reducing performance. A key challenge is therefore to design intrinsically secure detectors that provide direct detection of blinding attempts without adding system complexity or relying on statistical analysis. In this work, we demonstrate that waveguide-integrated SNSPDs (WI-SNSPDs) with engineered series inductances act as an intrinsic countermeasure. By varying the series inductance of an SNSPD between ≈38 nH and 442 nH, we show that detectors with low kinetic inductance (<172 nH) enter a latched resistive state immediately when exposed to optical pulses of elevated optical power, preventing blinding entirely. This approach embeds hardware-level security directly into the detector design and leverages the flexibility of waveguide integration for low-inductance configurations. Beyond attack prevention, such designs can be integrated into scalable photonic circuits, combining high-performance quantum detection with robust security features for practical QKD systems.
- Interactive proofs with efficient quantum prover for oracle problemsS Ducharme[abstract]Abstract: There are many known oracle problems that provably separate BPP and BQP. There are also many kinds of interactive proof systems that have been developed over the last twenty years to make quantum computations done by a BQP machine verifiable by a BPP machine. Sadly, none of these techniques trivially relativize to oracle problems. This leads us to the following question: do these oracle problems also admit an interactive proof between a BQP prover and a BPP verifier, or is the existence of such interactive proof provably impossible? We show that Simon's problem and the Forrelation problem, two of the very few known oracle problems for which the previous question was still unanswered, do admit interactive proofs, under the assumption that the verifier has small and limited quantum capabilities. To do so, we introduce the first ever known interactive proofs with a BQP prover for these problems, as well as their corresponding proofs of security (completeness and soundness).
- Security of Passive-Measurement Decoy-State BB84 ProtocolS Kawakami ; A Taniguchi ; Y Tonomura ; K Takasugi ; K Azuma[abstract]Abstract: The Bennett-Brassard 1984 (BB84) protocol is one of the simplest protocols for implementing quantum key distribution (QKD). In the protocol, the sender and the receiver iteratively choose one of two complementary measurement bases. Regarding the basis choice by the receiver, a passive setup has been adopted in a number of its implementations, including satellite QKD and time-bin encoding. However, conventional theoretical techniques to prove the security of the BB84 protocol are not applicable if the receiver chooses their measurement basis passively, rather than actively, with a biased probability, followed by measurement with threshold detectors. Here we present a fully analytical security proof against coherent attacks for such a decoy-state BB84 protocol with the receiver’s passive basis choice and measurement with threshold detectors. Numerical simulations under practical situations show that the difference in secure key rate between the active and passive implementations of the protocol is negligible except for long communication distances.
- Entanglement distillation based on Hamiltonian dynamicsZ Xu ; G Liu[abstract]Abstract: Efficient entanglement distillation is a central task in quantum information science and future quantum networks. At the core of distillation protocols are the quantum error correction and detection schemes which enhance the fidelity of entangled pairs. Conventional protocols focus on digital systems, which typically require complicated compiled circuits, high-fidelity multi-qubit operations and delicate pulse-level control that impose high demands on near-term hardware. Crucially, the leading physical platforms for quantum networks, trapped ions and neutral atoms, are governed by native many-body Hamiltonians inherently suited for analog, continuous-time evolution. Adopting these natural dynamics is simpler than engineering digital logic via delicate pulse-level control. Motivated by this experimental reality, we seek to leverage the intrinsic analog capabilities for efficient entanglement distillation. In this work, we introduce the Hamiltonian entanglement distillation protocol, which exploits the intrinsic information scrambling generated by random time evolution under native Hamiltonians. We establish a quantitative connection between output fidelity and Out-of-Time-Order Correlators, showing that efficient scrambling directly implies good distillation performance. Since generic Hamiltonians are naturally efficient scramblers, the capability for distillation is ubiquitous: almost all Hamiltonians in the Hilbert space suffice for high-fidelity distillation. Numerical simulations of representative Rydberg-atom and trapped-ion systems further confirm that robust performance could be achieved using only short-range interactions and evolution times feasible in current experiments. By avoiding the complexity of digital circuit control, our approach substantially relaxes experimental requirements, providing a scalable route to entanglement engineering on current analog quantum platforms.
- Finite-Key Security of Passive-Measurement Decoy-State BB84 ProtocolA Mizutani ; S Kawakami ; G Kato[abstract]Abstract: The decoy-state Bennett–Brassard 1984 (BB84) quantum key distribution (QKD) protocol is widely regarded as the de facto standard for practical implementations. On the receiver side, passive basis choice is attractive because it significantly reduces the need for random number generators and eliminates the need for optical modulators. Despite these advantages, a finite-key analytical security proof for the decoy-state BB84 protocol, where the basis is chosen passively with a biased probability, has been lacking. In this work, we present a simple analytical finite-key security proof for this setting, yielding a closed-form secret-key rate formula that can be directly evaluated using experimentally accessible parameters. Numerical simulations show that the key rates of passive- and active-measurement implementations are nearly identical, indicating that passive measurement does not compromise key-generation efficiency in practical QKD systems.
- Security Proof of a Novel Authentication Scheme for Quantum Key DistributionC De Lazzari ; F Stocco ; E Signorini ; G Fregona ; F Chirici ; D Giani ; T Occhipinti ; G Morgari ; A Zavatta ; D Bacco[abstract]Abstract: Quantum Key Distribution (QKD) protocols require Information‑Theoretically Secure (ITS) authentication of the classical channel to preserve the unconditional security of the distilled key. Standard ITS schemes are based on one-time keys: once a key is used to authenticate a message, it must be discarded. Since QKD requires mutual authentication, two independent one-time keys are typically consumed per round, imposing a non-trivial overhead on the net security key rate. In this work, we present the \emph{authentication-with-response} scheme, a novel ITS authentication scheme based on $\varepsilon$-Almost Strongly Universal\textsubscript{2} ($\varepsilon$-ASU\textsubscript{2}) functions, whose IT security can be established in the Universal Composability (UC) framework. The scheme achieves mutual authentication consuming a single one-time key per QKD round, halving key consumption compared to the state-of-the-art.
- Clock synchronization in time-bin quantum key distribution derived from a model of detection statistics under clock driftL Millet ; B Korzh ; R Thew ; G Boso[abstract]Abstract: Clock synchronization between the transmitter (Alice) and receiver (Bob) is essential for practical quantum key distribution (QKD) systems. In time-bin protocols, a frequency mismatch between the local clocks of Alice and Bob leads to a timing drift that broadens photon detection-time histograms, increasing the quantum bit error rate (QBER) if left uncompensated. In many practical systems this issue is mitigated by distributing a reference timing signal over a dedicated channel. However, this approach complicates the deployment of QKD in existing telecommunication networks, motivating synchronization methods that operate directly on photon detections from the quantum channel. Here, we present a lightweight synchronization algorithm for time-bin BB84 systems based on an analytical model of detection-time statistics under clock drift. The model describes how a constant frequency mismatch modifies start–stop histograms over a finite acquisition time, enabling direct estimation of the clock drift directly from detection events. This leads to a simple algorithm requiring only two consecutive histograms per update and compatible with standard hardware. We experimentally validate the method on commercial QKD systems. Laboratory tests over 100 km of fiber and under variable quantum channel attenuation demonstrate rapid convergence and low QBER, comparable to that obtained using a shared reference clock. We further demonstrate stable operation over 24 hours on a 16 km section of the Geneva Quantum Network.
- Toward multi-purpose quantum communication networks: from theory to protocol implementationL Hanouz ; M Kaplan ; J Tournebize ; C Liao ; A Marin[abstract]Abstract: Most quantum communication networks around the world are used for a single task: quantum key distribution. In order to initiate the transition to multi-purpose quantum communication networks, we demonstrate the implementation of two different tasks on the same quantum key distribution hardware. Specifically, we focus on quantum oblivious transfer and quantum tokens. Our main contribution is to establish a methodology that greatly simplifies the expertise required to achieve the deployment, assess its performance, and evaluate its feasibility at a large scale. The implementation that we present is full-stack. It is based on a development framework that allows running user-defined applications both with simulated or real quantum communication backend. The hardware used for the implementation is VeriQloud's Qline. The simulation backend reproduces exactly the inputs and outputs of the real hardware, but also its losses and errors. It can therefore be used to validate the implementation before running it on the real hardware. The sources of the software that we use are fully open, making our research reproducible. The security of the implementations on real hardware are discussed with respect to security bounds previously known in the literature. We also discuss the engineering choices that we made in order to make the implementations feasible. By establishing a methodology to evaluate the performance and security of quantum communication protocols, we take a significant step towards industrializing and deploying large-scale, multi-purpose quantum communication networks.
- Proactive Secret Sharing without ErasuresA Cojocaru ; A Kiayias ; Y Shen ; P Wallden[abstract]Abstract: Proactive secret-sharing (PSS) offers security for shared secrets in a setting of a {\em mobile} adversary which, over time, may corrupt the whole shareholder set. This remarkable property is achieved by having parties proactively and in a coordinated manner refresh their shares on a regular basis, while it assumes that the adversary never manages to corrupt more than a threshold number of parties between two consecutive share refresh operations. A common assumption for achieving PSS is the ability of parties to securely erase their private state once they have performed the refresh operation. Motivated by the difficulty in the real world to ensure secure erasure, we investigate whether it is possible to achieve PSS without erasures. As in the classic model of computation it can be easily shown that PSS without erasures is impossible, we hence ask whether it is possible to achieve PSS via quantum computation, while still requiring only classical communication. We answer the question in the affirmative by utilizing one-shot signatures and post-quantum classical witness encryption. In the process of developing our result, we define and construct threshold one-shot decryption and make connections to quantum money with classical communication both of which may be of independent interest. Finally, we show how, by combining post-quantum secure witness functional encryption with our PSS, it is possible for the secret to be used without explicitly being reconstructed, something that paves the way towards proactively secure threshold cryptography without erasures.
- From the Promise of Quantum Security to Operational Network Security RealityH Koerfgen ; M Pardo[abstract]Abstract: Quantum Key Distribution (QKD) networks form a multi-layer cyber-physical infrastructure in which quantum-optical systems interact with classical devices, creating security dependencies that are not captured by protocol-level analyses. We present a structured approach for systematic security engineering of QKD networks that introduces stakeholder-centered risk views linked to established cybersecurity methods. Applied to a metropolitan QKD network, the framework connects quantum security assumptions with threat analysis, and supports practical security assessments for network operators.
- Noise‑Robust O‑Band Quantum Key Distribution at 1295.56 nm for Coexistence in WDM NetworksJ Núñez-Bon ; A Boaron ; D Stucki ; B Korzh ; R Thew ; G Boso[abstract]Abstract: Integrating Quantum Key Distribution (QKD) into optical metropolitan networks is a crucial step toward bringing quantum technologies into existing telecommunication fiber infrastructures. However, current state-of-the-art solutions still face major challenges, including their sensitivity to classical noise, especially spontaneous Raman scattering, limited transmission distances, and performance degradation under heterogeneous network conditions. In this work, we present a new QKD system operating in the O-band at 1295.56 nm, where the effect of the main noise sources is significantly reduced. Combined with narrow spectral filtering at the receiver, without the need for active temperature control, the system shows strong robustness across a wide range of dense wavelength division multiplexing scenarios, making it a practical option for real-world deployment. We validate its performance through extensive testing and demonstrate stable key generation while coexisting with different classical traffic conditions, with total launch powers of up to 17 dBm. These results represent an important step forward for the integration of QKD into existing fiber networks, supporting the path toward secure quantum communications at scale.
- High-speed squeezed states quantum key distribution with CMOS-compatible photonic and electronic integrated chipsH Nguyen ; S Bastiaens ; A Sidhique ; S Cammarata ; U Andersen ; A Hajomer ; X Yin ; T Gehring[abstract]Abstract: Continuous-variable quantum key distribution (CV-QKD) has attracted enormous attention in recent years due to its capability to achieve high secret key rates and ease of integration with existing telecom infrastructure. While squeezed-state CV-QKD offers significant advantages over coherent-state protocols, its practicality has remained limited by the bandwidth of traditional squeezers and bulk optical components. In this work, we demonstrate a high-speed squeezed-state CV-QKD system that employs a silicon-photonics integrated transmitter and a photonic–electronic integrated receiver based on a CMOS transimpedance amplifier, together with a broadband single-pass squeezed-light source. Operating at 500 MBaud, our system achieves a finite-size secret key rate of 2.3 Mbit/s over a 10 km fibre channel. This result demonstrates a clear path toward high-speed, scalable, and practical squeezed-state CV-QKD implementations.
- Implementation and Validation of a Quantum-Secure Metropolitan Network in Real-World ScenarioC De Lazzari ; N Biagi ; D Giani ; M Russo ; F Chirici ; F Stocco ; S Francesconi ; G Ferranti ; A Soureal ; A Sanguineti ; B Montrucchio ; C Laurenzi ; O Testa ; G Morgari ; A Manzalini ; T Occhipinti ; A Zavatta ; D Bacco[abstract]Abstract: The advent of cryptographically relevant quantum computers poses an existential threat to classical public-key infrastructure. Quantum Key Distribution (QKD) addresses this challenge by providing information-theoretic security for key establishment, independently of any computational hardness assumption. In this work, the deployment and experimental validation of a metropolitan-scale quantum-secure network between data centers in Milan is reported. The network operates over installed fiber infrastructure and implements a layered architecture integrating QKD hardware, standards-compliant Key Management (KM), and centralized Software-Defined Networking (SDN) orchestration. Dynamic path reconfiguration via active optical switching and trusted-node routing allow automated fail-over solutions. Application-layer validation across diverse protocols and workloads confirms the seamless interoperability of all system components. These results establish the technical and operational readiness of metropolitan QKD networks for production deployment, and offer a replicable blueprint for building quantum-secure communication infrastructure at metropolitan scale.
- Mind the gap: Settings of Measurement-Based Delegated Quantum ComputingF Wiesner ; J Eisert ; A Pappa[abstract]Abstract: Delegated quantum computing (DQC) allows clients with low quantum capabilities to outsource computations to a server hosting a quantum computer. This process is often envisioned within the measurement-based quantum computing framework, as it naturally facilitates blindness of inputs and computation. Hence, the overall process of setting up and conducting the computation encompasses a sequence of three stages: preparing the qubits, entangling the qubits to obtain the resource state, and measuring the qubits to run the computation. There are two primary approaches to distributing these stages between the client and the server that impose different constraints on cryptographic techniques and experimental implementations. In the prepare-and-send setting, the client prepares the qubits and sends them to the server, whereas in the receive-and-measure setting, the client receives the qubits from the server and measures them. Although these settings have been extensively studied independently, their interrelation and whether setting-dependent theoretical constraints are inevitable remain unclear. By implementing the key components of most DQC protocols in the respective missing setting, we provide a method to build prospective protocols in both settings simultaneously and to translate existing protocols from one setting into the other. Our results suggest an equivalence that aligns with a heuristic translation between the two settings, replacing measurements with preparations and vise versa. We further investigate this intuition by introducing an equivalence definition that requires an equivalence of secure constructions, i.e., if one protocol implements an ideal resource, an equivalent protocol implements this ideal resource with the same security. Hence, our definition of equivalence is meaningful for composable security and allows for formalizing the suspected equivalence between settings: Every protocol in one setting should have an equivalent counterpart in the other setting. We find that despite the strong indication, the settings are, in fact, inequivalent. In order to derive this inequivalence, we introduce an axiomatic formulation of composable cryptography and prove theoretical results of independent interest.
- Practical quantum oblivious transfer from complementary Bell-state correlationsP Blanco ; L Vidarte ; R Camphausen ; R Faleiro ; E Cruzeiro ; M Goulão ; V Pruneri[abstract]Abstract: We present a novel entanglement-based protocol for chosen-input 1-out-of-2 Quantum Oblivious Transfer (QOT) together with a practical experimental implementation. The protocol relies on the non-commuting encoding properties of Bell states, and it requires minimal interaction between parties, with quantum communication in only one direction. Under the assumptions of the Noisy Quantum Storage Model, the protocol provides epsilon-secure OT that can serve as a primitive for two-party computation schemes such as Yao's garbled circuits. For standard security parameters, our proof-of-principle experiment achieves OT-key generation rates of 0.225 bits per second.
- Measurement-Device-Independent Bit Commitment with Realistic Photon SourcesJ van Mil ; T Bramas ; K Senthoor ; J Ribeiro ; S Wehner[abstract]Abstract: Bit commitment is a fundamental primitive of secure two-party computation. While unconditional quantum security remains impossible without additional assumptions, the noisy-storage model offers a path forward by assuming limited adversarial quantum memory. Existing protocols in the noisy-storage model have addressed realistic photon sources. However, Measurement-Device-Independence (MDI), a powerful technique developed primarily for Quantum Key Distribution to eliminate vulnerabilities from untrusted measurement devices, has not yet been applied to bit commitment. In this work, we introduce MDI protocols for Randomised String Commitment (RSC) in the noisy-storage model and analyse their security with both ideal single-photon sources and practical photon sources. Our first protocol handles multiphoton emissions from weak coherent pulse sources using decoy-state techniques. We demonstrate that positive secure committed string rates are achievable in the asymptotic limit despite source imperfections. Our second protocol takes a fundamentally different approach, drawing inspiration from Twin-Field Quantum Key Distribution: both parties send phase-modulated coherent pulses to a central station performing single-photon interference. Showing that this protocol achieves positive committed string rates is part of ongoing work. Our work brings MDI bit commitment closer to experimental realisation and opens a new design direction by leveraging the toolbox developed for twin-field protocols.
- Optimal Untelegraphable Encryption and Implications for Uncloneable EncryptionE Culf ; A Broadbent ; D Rochette[abstract]Abstract: We investigate the notion of untelegraphable encryption (UTE), a quantum encryption primitive that is a special case of uncloneable encryption (UE), where the adversary’s capabilities are restricted to producing purely classical information rather than arbitrary quantum states. We present an unconditionally secure construction of UTE that achieves untelegraphable-indistinguishability security, together with natural multi-ciphertext and bounded collusion-resistant extensions, without requiring any additional assumptions. We also extend this to the unbounded case, assuming pseudo-random unitaries, yielding everlasting security. Furthermore, we derive results on UE using approaches from UTE in the following ways: first, we provide new lower bounds on UTE, which give new lower bounds on UE; second, we prove an asymptotic equivalence between UTE and UE in the regime where the number of adversaries in UE grows. These results suggest that UTE may provide a new path toward achieving a central open problem in the area: indistinguishability security for UE in the plain model.
- New Quantum Internet Applications via Verifiable One-Time ProgramsL Stambler[abstract]Abstract: We introduce Verifiable One-Time Programs (VOTPs) and use them to construct single-round Open Secure Computation (OSC), a novel primitive enabling applications like (1) single-round sealed-bid auctions, (2) single-round and honest-majority atomic proposes---a building block of consensus protocols, (3) fair-exchange, and (4) single-round differentially private statistical aggregation without pre-registration. The underlying quantum requirement is minimal: only single-qubit states are needed alongside a hardware assumption on the receiver's quantum resources. However, our construction relies on advanced classical primitives (multi-key FHE, NIZKs), making classical computational overhead the primary barrier to practice. Our work therefore provides a new framework for quantum-assisted cryptography that may be implementable with near-term quantum technology.
- Intermodal quantum key distribution over an 18 km free-space channel with adaptive optics for single-mode fiber injectionE Rossi ; I Amarantidou ; M Padovan ; A Vanzo ; F Vedovato ; S Bonora ; F Santagiustina ; G Vallone ; M Avesani ; M Nardi ; M Taffarello ; P Villoresi[abstract]Abstract: Intermodal quantum key distribution (QKD) provides a fundamental interface for scalable quantum networks. Nevertheless, long-distance implementations are typically compromised by turbulence-induced aberrations, which decrease coupling efficiency into single-mode fiber. Here, we report a real-time intermodal QKD field trial over an 18 km free-space link, connecting a remote terminal to an urban optical ground station. By utilizing an adaptive optics system for high-order aberration correction, we achieved efficient single-mode fiber coupling and a secure key rate of 200 bit/s using room-temperature detectors. Furthermore, we validate a turbulence-based coupling model that provides practical design guidelines for future interoperable quantum architectures.
- Wavelength-Division Multiplexing of Independent CV- and DV-QKD Systems over Shared Fiber and Daylight Free-Space LinksM Sabatini ; E Rossi ; M Bolaños ; F Vedovato ; T Liege ; E Diamanti ; G Vallone ; P Villoresi ; Y Piétri ; M Avesani[abstract]Abstract: We report, to the best of our knowledge, the first experimental demonstration of wavelength-division multiplexing between independent continuous-variable (CV) and discrete-variable (DV) quantum key distribution (QKD) systems operating simultaneously on the same optical link. We validate coexistence over a fiber and a daylight free-space channel, benchmarking the Secret Key Rate (SKR) versus channel attenuation while both systems operate simultaneously. We observe the expected CV-DV complementarity, with CV-QKD providing higher SKR at low loss and DV-QKD becoming advantageous in the high-loss regime. In free-space daylight, both systems sustain Mbit/s key rates under atmospheric fluctuations. In all scenarios analyzed, simultaneous operation introduces negligible multiplexing-induced penalty. These results provide a validation of hybrid CV-DV architectures for heterogeneous quantum communication infrastructures, where high-throughput metropolitan users and long-reach links can be simultaneously served on the same physical channel.
- A Note on Publicly Verifiable Quantum Money with Low Quantum Computational ResourcesL Stambler ; F Genovese[abstract]Abstract: In this work we present a publicly verifiable quantum money protocol which assumes close to no quantum computational capabilities. We rely on one-time memories which in turn can be built from quantum conjugate coding and hardware-based assumptions. Specifically, our scheme allows for a limited number of verifications and also allows for quantum tokens for digital signatures. Double spending is prevented by the no-cloning principle of conjugate coding states. An implementation of the concepts presented in this work can be found at https://github.com/neverlocal/otm_billz.
- End-to-End Key Protection in Multi-Hop QKD Networks: Minimizing Trust in Intermediate NodesC Pereti ; C De Lazzari ; D Bacco ; A Zavatta[abstract]Abstract: Trusted-node architectures enable practical metropolitan and wide-area Quantum Key Distribution (QKD) deployments by allowing intermediate relays, typically implemented as Key Management Entities (KMEs), to process and forward key material across chains of QKD links. This design enables scalability but rests on a strong assumption: each relay must be trusted not to access, store, or misuse secret key material. In large multi-hop networks, this creates a growing perimeter of trust whose security depends on the physical and operational integrity of every intermediate node. Although link-level QKD provides information-theoretic security, end-to-end confidentiality ultimately relies on this perimeter, making the protection of secret keys contingent on securing all relay nodes along the path. We propose a simple, implementation-friendly mechanism that reduces the trust required from intermediate relays without modifying the optical layer. The core idea is to mask the raw random sequence used for quantum encoding with a short pre-shared endpoint key before any photon is transmitted. Only the endpoints perform the corresponding logical unmasking after sifting and privacy amplification. Intermediate nodes can still execute standard link-level QKD operations (measurement, sifting, error correction, privacy amplification), yet remain cryptographically unable to reconstruct the final end-to-end key. The approach is fully compatible with existing QKD infrastructures and KME-based architectures and requires only software-level modifications. In summary, our method addresses the long-standing tension between link-level quantum secu- rity and end-to-end trust in multi-hop networks: it preserves the operational role of intermediate relays while preventing them from learning the secret they help deliver.
- Optimal key rates for quantum key distribution with partial source characterizationM Pereira ; G Currás-Lorenzo ; M Araújo[abstract]Abstract: Numerical security proofs based on conic optimization are known to deliver optimal secret-key rates, but so far they have mostly assumed that the emitted states are fully characterized. In practice, this assumption is unrealistic, since real devices inevitably suffer from imperfections and side channels that are extremely difficult to model in detail. Here, we extend conic-optimization methods to scenarios where only partial information about the emitted states is known, covering both prepare-and-measure and measurement-device-independent protocols. We demonstrate that our method outperforms state-of-the-art analytical and numerical approaches under realistic source imperfections, especially for protocols that use non-qubit encodings. These results advance numerical-based proofs towards a standard, implementation-ready framework for evaluating quantum key distribution protocols in the presence of source imperfections.
- Simple Semi-Device-Independent Randomness Generation Based on Photon-Number ConstraintsT Bertapelle ; M Sabatini ; A Peri ; Y Piétri ; M Bolanos ; G Vallone ; P Villoresi ; M Avesani ; C Carceller ; A Tavakoli[abstract]Abstract: Quantum Random Number Generators (QRNGs) are essential components for modern cryptography, as they are a practical source of true randomness, without which the security of such protocols cannot be guaranteed. Among the proposed schemes, Semi-Device-Independent QRNGs (SDI-QRNGs) based on photon-number constraints offer an appealing balance of security, speed, and experimental simplicity, but demonstrations have so far focused mainly on binary encoding and conditional min‑entropy certification. In this work, we report the first experimental implementation of a Continuous‑Variable SDI‑QRNG in a prepare‑and‑measure configuration building on the SDP‑based (Semi-Definite Programming) framework of Ref.~\cite{carceller2025}. This approach allows us to directly lower‑bound the conditional Shannon entropy, employ more complex modulation formats, and apply entropy‑accumulation techniques beyond the i.i.d. assumption. The experiment combines a low-loss integrated photonic heterodyne receiver with a simple transmitter built from commercial components, generating coherent‑state Quadrature-Phase-Shift-Keying (QPSK) modulation, to preserve experimental practicality while enabling high‑speed operation.
- Eavesdropper-Blind Remote State Preparation and Applications to Quantum Public-Key EncryptionK Bacho ; A Cojocaru ; T Morimae[abstract]Abstract: Remote state preparation (RSP) is a central primitive in quantum cryptography, enabling classical parties to remotely construct quantum states using only classical communication. As a result, RSP serves as a key building block in numerous protocols involving classical clients and quantum servers, allowing classical parties to leverage the advantages offered by powerful quantum computers. All known constructions of RSP rely on strong cryptographic assumptions, typically variants of trapdoor claw-free functions (TCFs). In this work, we initiate the study of a weaker form of remote state preparation, which we call eavesdropper-blind remote state preparation (EB-RSP). Informally, EB-RSP requires blindness only against external observers who see the transcript of the honest protocol, rather than against the quantum server itself. Despite this relaxed adversarial model, the resulting notion remains sufficient for useful cryptographic applications. In particular, we show that two-message EB-RSP already suffices to construct quantum public-key encryption with classical public keys and quantum ciphertexts. We then construct two-message EB-RSP protocols from specific one-way group actions, yielding a first step toward RSP-type primitives based on assumptions that do not rely on trapdoors. Finally, we observe that existing RSP constructions are likely naturally adaptable to the two-message EB-RSP notion; we demonstrate this explicitly for a concrete TCF-based RSP construction.
- Advantage Distillation with Repetition Codes in Decoy-State Quantum Key DistributionJ Treplin ; P Kleinpaß ; D Orsucci[abstract]Abstract: Advantage Distillation (AD) is a classical post-processing technique that enhances Quantum Key Distribution (QKD) protocols by increasing the maximum acceptable Quantum Bit Error Rate (QBER) and thus extending the distance at which QKD links can be securely established. AD operates by post-selecting blocks of bits and extracting fewer high-fidelity bits, exhibiting a reduced QBER and thus lowering the amount of information that has to be disclosed during the information reconciliation step. In this work we present the first comprehensive finite key-size analysis of decoy-state BB84 enhanced via AD post-processing. We demonstrate that through the use of AD the maximum acceptable QBER increases from around 9.5% to around 17.3% for realistic key sizes. This result shows that substantial performance enhancements can be achieved in scenarios which are constrained by the maximum tolerable QBER via improvements of the post-processing method alone.
- Proof-based framework for AI reasoning in quantum information: Machine-verifiable BB84 protocol and future proof guaranteesM Shahar ; B Firester ; D Englund ; K Sulimany[abstract]Abstract: We formalize the security proof chain of the BB84 quantum key distribution protocol in Lean 4, an interactive theorem prover. The development covers IID security, collective attacks, the quantum de Finetti theorem, and the reduction from general attacks to collective attacks. Every deduction is verified by the Lean proof kernel, ensuring that all assumptions and preconditions are explicit and mechanically checked. The project also introduces a reusable quantum information theory library supporting entropy inequalities, quantum channels, and representation-theoretic tools required for QKD security proofs. The resulting development establishes a Lean framework for machine-verified quantum cryptographic security proofs.
- Noise-Robustness for Delegated Quantum Computation in the Circuit ModelJ Nevin ; A Broadbent[abstract]Abstract: Cloud-based quantum computing, coupled with the rapid progress in quantum algorithms, brings to the forefront the question of verifiability in delegated quantum computations. In the current landscape of noisy quantum devices, this question must be addressed alongside noise tolerance. In this work, we revisit the circuit-based framework for verifiable quantum computation introduced by Broadbent [Theory of Computing, 2018], and extend it to the setting of server-side noise. Our contribution is an improved upper bound on the noise-tolerance threshold, achieved through a protocol that interleaves computation and test rounds in an indistinguishable manner. This structure enables a concise security proof against arbitrary deviations by the server, while ensuring robustness to realistic noise.
- Statistically-Secure Bit Commitment and Coin Flipping Protocols Based on Quantum Hardware AssumptionsR Dunnill ; M Doosti[abstract]Abstract: Bit commitment is impossible to achieve with unconditional security, even in quantum cryptography. We show that statistically secure bit commitment, satisfying both hiding and binding, can be constructed from hybrid locked physical unclonable functions (HLPUFs), a hardware primitive that combines classical hardware tokens, and quantum communication. Our protocol uses these hardware assumptions in a novel and non-trivial way to achieve the first mistrustful two-party cryptographic protocol based on hybrid hardware modules. We prove statistical hiding and binding under natural assumptions on the HLPUF and on the fake-challenge generation procedure used in the protocol. The construction also yields a hardware-based coin-flipping protocol. Our results suggest a new paradigm for secure two-party cryptography in quantum networks, combining rigorous security guarantees with a concrete route toward practical implementation.
- An SDP formulation for the device-dependent guessing probabilityR D'Avino ; A Mugnai ; M Navascues ; A Acín ; G Senno[abstract]Abstract: In a previous work [Senno et al., Phys. Rev. Lett. 131, 130202 (2023)], we provided a framework to quantify the amount of intrinsic randomness produced by characterized but untrusted prepare-and-measure (P\&M) setups. While the cases of pure state preparations or extremal measurements were shown to be defined by semidefinite programs (SDPs), up until now we were missing computational methods for the general scenario of mixed states and nonextremal measurements. In this work, we present a hierarchy of SDP relaxations to lower bound the device-dependent conditional min-entropy. Benchmarking against known special cases, we find that the first level of the hierarchy already attains the optimal value. We then provide two applications. First, for setups affected by global depolarizing noise, we compute a matching lower bound to the analytical attack derived in [Curran et al., arXiv:2506.22294 (2025)], thus showing its optimality. Finally, we show that restricting the correlations between the P\&M boxes to be classical strictly decreases an adversary's predictive power, already in the most elementary setup of a qubit binary measurement.
- Quantum waste management: Utilizing residual states in quantum information processingK Horodecki ; C Srivastava ; L Sikorski ; S Das[abstract]Abstract: We propose a framework for quantum residual management, in which states discarded after a resource distillation process are repurposed as inputs for subsequent quantum information tasks. This approach extends conventional quantum resource theories by incorporating secondary resource extraction from residual states, thereby enhancing overall resource utility. As a concrete example, we investigate the distillation of private randomness from the residual states remaining after quantum key distribution (QKD). More specifically, we quantitatively show that after performing a well-known coherent Devetak-Winter protocol, one can locally extract private randomness from its residual. We further consider the Gottesman-Lo QKD protocol and provide the achievable rate of private randomness from the discarded states that are left after its performance. We also provide a formal framework that highlights a general principle for improving quantum resource utilization across sequential information processing tasks.
- Decoy-state optical quantum information processing with coherent statesW Wang ; H Chau[abstract]Abstract: Photons play an important role in quantum information processing as they are easy to manipulate locally and transfer over a long distance. Photonic qubits are widely used in tasks such as linear optical quantum computing (LOQC), quantum sensing/metrology, and quantum communication. However, to date, efficient high-speed single photon sources are still difficult to make. Here we propose that we can use "classical" phase-randomized coherent states, combined with post-processing, to perform various quantum information processing tasks. Specifically, we divide the tasks into two scenarios: ones with a circuit of a known Hilbert space dimension, describable by a unitary matrix, such as LOQC and metrology, as well as ones with an unknown channel, such as quantum communication. We propose methods that can hugely improve the numerical precision and applicable dimensions in both scenarios, including a machine learning method for the former and a linear interpolation method for the latter, opening up a wide variety of applications that can be implemented with easily attainable coherent light sources and threshold detectors, such as linear optical quantum computing, quantum metrology, or state preparation for quantum communications.
- On the cryptographic potential of single-qubit rotationsA Grilo ; L Hanouz ; A Marin[abstract]Abstract: In the domain of quantum communication, cryptographic protocols often require users to have access to trusted qubit sources or detectors. Recently, it was shown that on an architecture called the Qline, several protocols can equivalently be performed by parties capable only of single-qubit rotations. In this work, we introduce two composably secure constructions that together show how in most quantum cryptographic protocols, parties traditionally required to perform trusted qubit preparation or measurement can delegate these tasks to an untrusted provider and instead rely on a trusted single-qubit rotation device. Our first construction implements single-qubit measurement and is universally applicable across any context. In contrast, our second construction, which addresses qubit preparation, relies on specific assumptions regarding the underlying protocol. We show, however, that these assumptions are inherently satisfied by the vast majority of common quantum cryptographic protocols. A notable consequence of our results is the formal validation of the Qline as a versatile architecture capable of supporting a wide range of single-qubit protocols.
- Experimental Implementation and Noise Characterization of Unidimensional Continuous-Variable Quantum Key DistributionR Nandan ; J Ramakrishnan ; S Prabhakar ; R Singh[abstract]Abstract: Continuous-variable quantum key distribution (CVQKD) enables practical quantum communication using standard telecommunication technologies. Unidimensional CVQKD (UD-CVQKD) reduces experimental complexity by encoding information in a single quadrature of optical fields, unlike conventional two-quadrature implementations. In this work, we experimentally demonstrate a free-space Gaussian modulated UD-CVQKD system using polarized coherent states. The security performance is analyzed under both trusted and untrusted detector noise models. Positive key rates are obtained for both models, achieving up to 0.79 bits/pulse (trusted detector) and 0.68 bits/pulse (untrusted detector) under optimal conditions. The dependence of system parameters on Alice’s modulation variance is also experimentally investigated, showing a decrease in key rate with increasing modulation variance.
- Experimental realizations of advanced continuous-variable quantum networkR Zhang ; H Nguyen ; A Oruganti ; A Hajomer ; I Derkach ; U Andersen ; V Usenko ; T Gehring[abstract]Abstract: In recent years, continuous-variable (CV) quantum communication has become a nascent but promising alternative to secure multiple end-users sharing the same telecommunication backbone. Continuous-variable quantum key distribution (CV-QKD) with reverse reconciliation enables natural scalability from point-to-point communication to quantum access networks with passive quantum broadcasting channels. Here, we report two experimental demonstrations on a $1:4$ quantum communication network with protocols advancing from two fronts, either moving beyond the asymptotic limit or the Gaussian assumption of the modulation. We demonstrate for the first time a network of four active users simultaneously achieving high secret key rates with finite-size security against collective attacks. A comprehensive security analysis was performed to cover different scenarios on how each end user prefers to trust others. In addition, with the same optical configuration, we implement an initial CV quantum network accounting for four users (two active) with discrete modulation with the conservative untrusted broadcast protocol. The results establish the viability of CV quantum network for practical security with imperfect devices when broadly deployed to connect end users to existing infrastructures.
- Surpassing the limits of weak coherent pulses in decoy state quantum key distribution: theoretical bounds for practical single-photon sourcesR Gonzalez Pousa ; J Jeffers ; D Oi[abstract]Abstract: High brightness, low-$g^{(2)}$ single-photon sources (SPSs) are an alternative to commonly employed weak coherent pulse (WCP) sources for discrete variable quantum key distribution (QKD) and offering potential key-rate and finite-block scaling advantages. However, the loss tolerance of SPS-based QKD is compromised by photon number splitting (PNS) attacks against non-negligible multiphoton emissions. Decoy state (DS) techniques mitigate against PNS attacks, with WCP-DS QKD over several hundred km in fibre being demonstrated. DS QKD protocols for different source photon number statistics have been proposed, such as for binomial and thermal distributions. Here, we investigate the use of generalised DS techniques assuming we do not have access to the exact photon number statistics of the SPS. Thus, we bound the source distribution using the mean photon number and the second-order correlation function, which provides us with enough partial knowledge to compute our decoy SPS protocols assuming a photon number cut-off. Hence, we provide finite-key security bounds for an SPS-based Efficient BB84 for several decoy protocols with optimised parameters, and derive required SPS characteristics, such as a mean photon number greater than 0.2, to achieve a key rate enhancement over DS WCPs and match their loss tolerance.
- Efficient Quantum Fully Homomorphic EncryptionF Liu ; Z Gong ; M Xu ; Z Zheng[abstract]Abstract: Quantum fully homomorphic encryption (QFHE) enables arbitrary quantum computations on encrypted data, but existing constructions require prohibitive quantum resources—specifically, O($\lambda^{2}$) EPR pairs per $\mathsf{T}$-gate evaluation using the Barrington based approach of Dulek-Schaffner-Speelman (CRYPTO 2016). This paper introduces a unified framework achieving exponential improvement over the generic Barrington-based approach in terms of program length (from $O(\lambda^2)$ to $O(\lambda \log ^2\lambda)$). The central innovation of this paper is a novel modular arithmetic program(MA-Program) tailored to the algebraic structure of LWE decryption. We demonstrate that LWE decryption computes $⟨sk,ct⟩$ mod $q$—a modular inner product that is \textbf{NOT} a symmetric function. Consequently, prior symmetric-function optimizations (Sinha's $O(n)$-state-count branching programs) do not apply. Our MA-Program tracks partial sums modulus $q$ with state space $\mathbb{Z}_q$ requiring $O(\log q)$ bits, yielding programs of state count $O(\lambda)$ with binary encoding $O(\log \lambda)$ and length $O(\lambda \log \lambda)$. This reduces the quantum gadget size from $O(\lambda^{2})$ to $O(\lambda \log^2 \lambda)$ EPR pairs. To achieve a \textbf{fully classical client}, we transfer all quantum resource requirements (EPR pair preparation, Bell measurements, adaptive error correction) to the server via the MA‑Program gadget framework, requiring clients only to perform classical LWE key generation, Pauli key encryption/decryption under classical FHE, and no quantum operations; a layered key structure where gadget information is encrypted under fresh public keys further eliminates circular security assumptions. For \textbf{parallel computation}, we adopt the MBQC framework with flow functions, which supports up to $O(\log\lambda)$ parallel measurements per layer (matching the binary encoding width of our MA‑Program), and separates offline resource preparation (batch EPR pair generation) from online adaptive measurement, enabling parallel processing of measurement tasks while maintaining deterministic evaluation.
- Spatial sectioning-multiplexing-based high-rate, quantum networkA Kumar Nai ; G K. Samanta[abstract]Abstract: Please find the attached PDF. Overleaf version pasted below: Quantum communication networks have emerged as essential for connecting multiple users worldwide and for ensuring secure information exchange through entanglement-assisted quantum key distribution (QKD). The majority of untrusted node quantum networks have been demonstrated in fiber through wavelength-division-multiplexing (WDM) \cite{wengerowsky18} of entangled photon sources at 1550 nm, using commercially available WDM devices for classical communication, or space-division-multiplexing using multicore fiber. Here, we demonstrate a quantum network architecture (Fig. 1(a)) optimized for free-space communication using just one entanglement source, a vital necessity for long-distance quantum networks via satellite-based links. Harnessing the intrinsic spatial and temporal correlations and quantum randomness of the spontaneous parametric down-conversion process, we implement spatial division of the annular emission ring of the entangled photon source at 810 nm, and multiplex using beamsplitters to establish a proof-of-concept fully connected twelve-channel quantum network \cite{nai2025free} for seamless QKD among six users in the laboratory. The network achieves average coincidence rates exceeding $3 \times 10^{4}$ s$^{-1}$ between all user pairs (Fig. 1(b)) and a total sifted key rate of 407 kbps, even with Si-APD detectors. This fully passive, modular scheme provides a scalable, resource-efficient approach with unprecedented key rates and robust multi-user connectivity, suitable for deployment in terrestrial and satellite-based quantum communication infrastructures. \begin{figure}[ht] \centering \includegraphics[width=0.8\linewidth]{QCrypt.jpg} \caption{(a) Representation of the network topology with the free space channels and users. (b) Coincidence rate (c) Entangled state fidelity for each link connecting two users, and (d) Scalability in the twelve-channel network.} \label{Figure 1} \end{figure} \vspace{-1em} Experimentally, we generated the SPDC ring by pumping a 20-mm-long, type-0 periodically poled potassium titanyl phosphate (PPKTP) crystal kept in an oven inside a Sagnac interferometer. We then sectioned the SPDC ring into six diametrically opposite sections: S1-S6, shown in Fig. 1(a), to form three identical entangled photon sources. While each of these sources can support independent QKD between two parties, we have multiplexed the three sources by recombining two sections of the ring that are not diametrically opposite. Further, we shared through free-space channels to six users. Each user receives photons from two different sources and is connected to four other users via corresponding correlated photons from those sources, thereby forming a quantum network. In general, for N users, we can establish N(N-2)/2 links among users using N/2 sources. The entangled-state fidelity for all 12 links is in the range of 91-95\% shown in Fig. 1(c). Figure 1(d) demonstrates the network's scalability to accommodate more users. Additional results, both before and after multiplexing the sources to establish the quantum network, will be presented.
- Information-Theoretic Solutions for Seedless QRNG Bootstrapping and Hybrid PQC-QKD Key CombinationJ Vieira Giestinhas ; T Spiller[abstract]Abstract: From Seedless QRNGs to Hybrid Key Combining This poster addresses two hurdles in practical quantum networks: the "randomness loop" in QRNGs and the limitations of XOR-based key combining. Leveraging universal hash functions and the Quantum Leftover Hash Lemma, a bootstrapping method using two independent, seedless entropy sources is proposed. Furthermore, standard XOR combiners is replaced with strong seeded extractors. This ensures that even if one key is compromised, the output retains quantifiable min-entropy. By modeling Post-Quantum Cryptography (PQC) keys with HILL entropy, our framework extends Information-Theoretic Security to hybrid PQC-QKD (Quantum Key Distribution) systems, providing a rigorous, future-proof defense against quantum adversaries.
- Signature-Based Backdoors in Variational Quantum ModelsE Kedem ; R Sweke ; P Petruccione[abstract]Abstract: Variational Quantum Models represent a promising tool in the emerging field of quantum machine learning, and can potentially be used for a large variety of sectors and purposes. However, for the foreseeable future, only a select number of entities and organizations have access to machines that can run them. Therefore, training and inference of such models need to be delegated, outsourced, or externally influenced by those organizations, which may have ulterior motives than those of the original model owner. As such, understanding this vulnerability, particularly in adversarial settings, is of utmost importance. This raises a natural cryptographic question: can hidden malicious functionality be embedded into such models in a way that remains attacker-controlled yet difficult to recognize from the expected circuit structure? In classical machine learning, recent work has shown the existence of undetectable backdoors using cryptographically structured triggers. We investigate the corresponding question for parameterized quantum classifiers. Our approach is based on digital-signature verification. The core idea is to embed a verifier-like mechanism into a parameterized quantum classifier so that a signed input activates a hidden malicious behavior, while unsigned inputs continue through the ordinary classification pathway. Signature-based triggers are appealing because they are rare, secret-controlled, and non-replicable, making them structurally different from standard backdoor triggers. This digital-signature-based mechanism realizes a black-box, undetectable backdoor. We then study the setting of gray-box undetectability, namely how the verifier-like mechanism can be disguised within a given model family to avoid detection under partial circuit inspection. We consider three construction families. The first is a hard verifier, which most closely follows exact GPV-style verification logic and retains explicit arithmetic structure. The second is a soft verifier, which replaces exact acceptance by a smoother approximate mechanism. The third is a trainable verifier, which learns trigger behavior without enforcing the full arithmetic structure of exact verification. These three constructions span a spectrum from cryptographic faithfulness to implementation flexibility. Our main message is that these constructions expose a central trade-off. The more faithfully one implements exact cryptographic verification inside a quantum classifier, the larger and more structurally visible the resulting circuit becomes. This effect is already apparent at the level of raw verifier overhead, such as excessive gate and ancilla requirements, even before additional camouflage is introduced to blend the verifier into an expected ansatz. Softer and trainable constructions offer greater flexibility and may integrate more naturally into variational circuit structure, but they move away from exact cryptographic semantics. Our contribution is therefore to identify a gray-box threat setting relevant to VQMs, present three concrete verifier-based construction paradigms, and compare them through the combined lens of trigger functionality, concealment strategy, and circuit resource overhead. The results suggest that signature-based backdoors are a meaningful and underexplored cryptographic threat model for quantum learning systems, while also highlighting the substantial gap between cryptographic elegance and practical embedding cost.
- First Horizontal Free-Space QKD Link Between a Space-Qualified Entangled Photon-Pair System and ADQOGSG De Santis ; J Chin ; K Kravtsov ; A Villar ; S Amairi-Pyka ; E Diamanti ; A Ling ; J Grieve[abstract]Abstract: Future quantum networks depend entirely on the ability to distribute quantum resources \cite{kimble2008quantum, wehner2018quantum}. Although terrestrial optical fibers provide the foundation for such networks, fundamental attenuation limits their utility over intercontinental distances, making satellite-based links essential for global connectivity. A critical prerequisite for this infrastructure is the reliable distribution of entanglement, which enables information-theoretic secure communication via Quantum Key Distribution (QKD) and facilitates advanced protocols, such as entanglement routing via quantum repeaters. Historically, entanglement-based QKD has relied on bespoke, ad hoc experimental configurations tailored for proof-of-concept laboratory demonstrations \cite{rozenman2026free}. However, realizing an operational space-based quantum network necessitates transitioning from these specialized setups to robust, space-qualified hardware \cite{vergoossen2020spooqy}. Bridging the gap between terrestrial prototypes and orbital deployments requires the rigorous characterization of flight-representative payloads and automated optical ground stations under representative field conditions. Such a validation is vital to ensure the scalable distribution of quantum resources necessary for a global quantum internet. We deployed a horizontal free-space QKD experiment spanning a 1.8 km link in a semi-urban desert environment, effectively mimicking the architecture planned for future space-to-ground networks. The transmitter node integrated the space-qualified engineering model of the quantum light source and receiver designed for the upcoming SpeQtre satellite mission, functioning as a highly stable source of polarization-entangled photon pairs. At the receiver node, the experiment utilized the Abu Dhabi Quantum Optical Ground Station (ADQOGS) \cite{amairi2024versatile}, an automated facility engineered for free-space optical and quantum communications. The ADQOGS employs an 80 cm Ritchey–Chrétien telescope equipped with a precision acquisition and tracking system, single-photon detectors, and stringent spatial and spectral filtering stages optimized for background noise suppression. Together, this combination of a flight-ready transmitter and a highly specialized ground station creates a rigorous, real-world testbed for evaluating the performance of operational quantum hardware outside the laboratory. We report nighttime operations under stable atmospheric conditions. The integrated system demonstrated sustained operational stability, yielding a sifted coincidence rate of approximately 24,000 photon pairs per second. We recorded a mean quantum bit error rate (QBER) of 4.78\% and extracted a finite-size secure key rate of 7565 bps, validating the efficacy of the entanglement-based link. Furthermore, extrapolating these metrics to a realistic Low Earth Orbit (LEO) scenario indicates that the hardware can successfully overcome the substantial diffraction and atmospheric losses expected during a LEO satellite downlink. Ultimately, the successful field integration of a flight-representative payload with an automated ground station verifies the operational readiness of the hardware. These results mark a decisive step toward the execution of the SpeQtre mission and provide critical empirical foundations for the deployment of large-scale, satellite-based quantum communication networks.
- Demonstration of a blinding attack on a CV-QKD receiverD Pereira ; V Pezelj ; H Hübel ; F Prawits[abstract]Abstract: Continuous-variable quantum key distribution (CV-QKD) provides a theoretical unconditionally secure solution to distribute symmetric keys among users in a communication network. However, the practical devices used to implement these systems are intrinsically imperfect, and, as a result, open the door to eavesdropper attacks. We present a novel implementation of a coherent detector blinding attack, in which the eavesdropper hinders the capability of the receiver to properly estimate the channel parameters, hiding the impact of their intercept-resend attack. Our results show that excess noise in excess of 2.5 SNU can be reliably hidden by the eavesdropper, thus demonstrating the feasibility of the attack.
- Topologically noise robust network steering without inputsD Baheti[abstract]Abstract: Quantum networks with independent sources allow observing quantum nonlocality or steering with just a single measurement per node of the network, or without any inputs. Inspired by the recently introduced notion of swap-steering, we consider here the triangle network scenario without inputs, where one of the parties is trusted to perform a well-calibrated measurement. In this scenario, we first propose a linear witness to detect triangle network swap-steering. Then, by using the correlations that achieve the maximum value of this inequality, and assuming that all the sources are the same, we can self-test the state generated by the sources and the measurements of the untrusted party. We then extend this framework to ring networks with an arbitrary number of nodes with one of them being trusted. Interestingly, this is the first example of a topologically robust, that is, one can observe steerability without assuming the network structure of the network, as well as noise-robust quantum advantage in a network. Additionally, by allowing the trusted party to perform tomography of their subsystems, we demonstrate that every bipartite entangled state will result in swap-steerable correlations in the ring network. For this purpose, we construct linear witnesses to detect ring network swap-steering corresponding to every bipartite entangled state.
- Reduced State Embedding for High-dimensional Quantum CryptographyA Kam ; K Sulimany ; S Tsesses ; U Pereg[abstract]Abstract: We introduce encoding strategy of k-symbol embeddings within a d-dimensional Hilbert space, validate using d=25 experimental data and determine optimum at k=5. These findings pave the way for error-correction and modulation for quantum cryptography.
- Practical Countermeasure Against Attacks on Detection Efficiency Mismatch in Quantum Key DistributionB Taylor[abstract]Abstract: We demonstrate a practical countermeasure against a well-known class of attacks on quantum key distribution (QKD) systems that exploit detection efficiency mismatch, where the receiver’s detectors do not exhibit identical responses to incoming photons across all degrees of freedom. This class of quantum hacking strategies is broad and significantly includes the time-shift attack, which targets an arrival-time-dependent side channel at the receiver. The four-state countermeasure, previously only proven to be secure in theory, is implemented here on a GHz-clocked prototype QKD system and evaluated for its security and performance. We show that its presence enables almost complete recovery of the system’s ideal secret key rate. Our results provide strong justification for adopting this countermeasure as a standard component in future scalable and practical QKD systems.
- 60-km Continuous-Variable Quantum Key Distribution using an Integrated Silicon Photonic ReceiverX Xu ; L Fan ; Y Pan ; D Li ; H Wang ; Y Li ; W Huang ; S Yu ; L Zhang ; B Xu ; Y Zhang[abstract]Abstract: We demonstrate a continuous-variable quantum key distribution system with an integrated silicon photonic receiver, achieving a 1.89 Mbps asymptotic secret key rate over 60 km, enabling metropolitan-area chip-based quantum secure communications.
- Equivocation-resistant multiparty digital signature for quantum networksF Grasselli ; G Russo ; C Liorni ; G De Falco ; M Proietti[abstract]Abstract: Digital signatures are a critical cryptographic primitive requiring quantum-safe solutions. One possibility are quantum digital signatures (QDS), which offer information-theoretic (IT) security without a trusted authority. However, even the most promising QDS proposals are largely limited to the tripartite scenario (one sender, two receivers) and are vulnerable to equivocation-based attacks that hinder transferability and non-repudiation. To overcome such limitations, we introduce an equivocation-resistant signature (ERS) protocol based on preshared keys and universal hashing that achieves IT security and scales to an arbitrary number of receivers. We benchmark the ERS protocol against state-of-the-art QDS schemes demonstrating orders-of-magnitude reductions in preshared key consumption and signature size. Our findings position our ERS protocol as a strong candidate for implementing IT-secure digital signatures in today’s quantum communication infrastructures.
- A Simulator for Evaluating Key Relay Path Computation Models in Large-Scale Quantum Key Distribution Netoworks.Y Tenda ; R Takahashi ; M Fujiwara ; T Kaji ; K Tsuda ; S Murai ; S Kimura[abstract]Abstract: In quantum key distribution (QKD) networks, key resources are limited, and efficient key relay is essential for stable multi-site operation. However, evaluating how effective the key relay paths are requires large-scale and iterative verification using real networks, which entails substantial costs and practical constraints. This paper reports on a simulator that was developed to evaluate the performance and effectiveness of key relay path computation models in large-scale QKD networks. The simulator takes as input the results of key relay path selection obtained from various routing models and simulates fluctuations in the amount of key across the entire QKD network. Using this simulator, we confirmed that it is possible to systematically verify whether the key relay paths are suitable for efficient and stable operation of QKD networks under various network scales and operational conditions. The results provide a useful foundation for the design and evaluation of future QKD networks.
- A Security Interface for Polarization MDI-QKD over Turbulent Free-Space LinksH PENG ; S Koudia ; S Chatzinotas[abstract]Abstract: Atmospheric turbulence poses a significant challenge to free-space measurement-device-independent quantum key distribution (FSO MDI-QKD) by inducing polarization distortions and stochastic propagation losses, which together degrade the secret key rate (SKR). In this paper, we propose a composite channel framework that unifies phase perturbations, beam spreading, beam drift, receiver-aperture truncation, scintillation-induced fading, and atmospheric attenuation into a compact set of closed-form interface parameters: an effective depolarization parameter, an effective decoherence parameter, and an effective end-to-end detection probability. By modeling turbulence-induced polarization changes as random polarization rotations with axis statistics captured by a directional distribution, we obtain a Pauli-diagonal effective depolarizing–dephasing description and derive an analytic SKR evaluation that can be directly embedded into standard MDI-QKD security analysis. We incorporate representative clear, overcast, and hazy profiles through weather-dependent attenuation and turbulence conditions, and the resulting parameterization enables computationally efficient SKR evaluation and link-parameter sweeps. Numerical case studies on a ground-to-satellite free-space link illustrate the SKR trends under the proposed framework, supporting physical-layer design and performance assessment for satellite-based MDI-QKD networks.
- Distributed-Control Key Relay and Routing Table Management in a Hierarchical Large-Scale QKD NetworkK Tsuda ; R Takahashi ; M Koezuka ; Y Tanizawa ; M Honda ; M Fujiwara[abstract]Abstract: We considered research and development aimed at improving the operability and scalability of large-scale QKD net-works (QKDNs) by introducing hierarchical control architecture. This paper focus on a distributed-control QKDN within such a hierarchical large scale QKDN and presents the design and implementation of a QKDN controller (QKDN-C) that selects appropriate key relay routes in response to control instructions from an orchestrator (QKDN-O). In particular, it describes a method for distributed key relay and routing table management, in which the routing tables of individual key managers (KMs) are dynamically updated on instructions from the QKDN-O. It also shows that, in a hierarchically structured QKDN, coordinated operation between the QKDN-O and distributed QKDNs enable key re-laying to be realized over optimal routes.
- Communication-Optimal Blind Quantum ComputationE Davies[abstract]Abstract: A user, Alice, wants to get server Bob to implement a quantum computation for her. However, she wants to leave him blind to what she’s doing. What are the minimal communication resources Alice must use in order to achieve information-theoretic security? In this paper, we consider a single step of the protocol, where Alice conveys to Bob whether or not he should implement a specific gate. We use an entropy-bounding technique to quantify the minimum number of qubits that Alice must send so that Bob cannot learn anything about the gate being implemented. We provide a protocol that saturates this bound. In this optimal protocol, the states that Alice sends may be entangled. For Clifford gates, we prove that it is sufficient for Alice to send separable states.
- Variable Optical Attenuator induced Crosstalk in Photonic Integrated Circuit based Quantum Key Distribution TransmitterK Lim ; B Choi ; J Baek ; J Choe ; C Youn[abstract]Abstract: Photonic integrated circuits (PICs) provide a compact and scalable platform for practical quantum key distribution (QKD), enabling the integration of multiple optical functions required for quantum state preparation [1, 2]. While PIC can provide compact structure integrating a variety of optical components in small space, the compact structure can cause that final output state can be sensitive to unintended optical coupling between the densely integrated optical components. In this work, we investigate inter-channel crosstalk induced by the VOA array in the PIC-based QKD transmitter which is recently reported in [3] as a free-space reference-frame-independent QKD transmitter including six laser diodes, six variable optical attenuators (VOAs), and a polarization beam combiner into a C Form-factor Pluggable 2 (CFP2) module. Each VOA is implemented using a 2 × 2 Mach–Zehnder interferometer (MZI), although only one input port and one output port are connected to the functional optical path between the laser-diode array and the polarization beam combiner. The remaining ports are redundant from the viewpoint of QKD transmitter operation, but they are inherently present because of the MZI structure. When a VOA is driven to provide high attenuation, only a small fraction of the optical signal is delivered to the intended output port, while the remaining optical power is routed toward the unused output port. We observe that this residual light can couple into adjacent VOA channels as stray light, even in the absence of a designed waveguide connection. Consequently, although the transmitter is intended to activate only a single path in a given time slot, unintended neighboring paths may also activate adjacent path, resulting in a mixture of polarization components at the transmitter output. The aforementioned effect directly distorts the generated polarization states. As the VOA driving current is varied to control the attenuation and mean photon number, the measured Stokes parameters deviate from the target polarization states, and the deviation becomes more pronounced at higher attenuation. Therefore, the usable attenuation range of the VOA in a QKD transmitter is not determined solely by its standalone attenuation performance, but is instead limited by the resulting polarization-state distortion. This finding reveals that VOA-induced inter-channel crosstalk is a critical design constraint for densely integrated PIC-based QKD transmitters. Our results suggest that future designs should suppress stray-light coupling from redundant MZI ports increasing physical and optical isolation between adjacent VOAs, or redesigning the attenuation structure to avoid unused high-power output paths. These considerations are essential for simultaneously achieving high attenuation of VOA and high fidelity of generated polarization state in PIC-based QKD systems.
- Reconfigurable QKD transmitter for phase, time-bin, and polarization encodingS Eul ; A Vornhagen ; J Struck ; Ö Bayraktar ; J Schmidt ; M Tippmann ; C Marquardt[abstract]Abstract: We present an overview of a reconfigurable QKD transmitter capable of phase, time-bin, and polarization encoding. We highlight how the same driving electronics and electro-optic components enable seamless switching between operation modes, supporting rapid and stable modulation up to the GHz range. Practical implementation strategies are discussed, including photonic integrated circuit designs that ensure compactness, stability, and scalability. Potential applications in long-distance quantum communication—such as satellite-based QKD—are discussed, and preliminary experimental results from key platform components are presented.
- Joint Optimization of Source and Detection System in Entanglement Based BB84 ProtocolI Maiti ; M Lasota[abstract]Abstract: Various imperfections in realistic setup components limit the performance of quantum key distribution (QKD) protocols in terms of both the maximum secure transmission distance and the achievable key generation rate. Temporal filtering is an effective way to improve the performance of QKD protocols. The receiver optimizes detection windows to reduce dark counts and channel noise. However, windows cannot be arbitrarily short due to detector timing limitations and the finite temporal bandwidth of signals. Fiber dispersion further broadens pulses, so detection windows and source parameters must be jointly optimized to maximize the secure key rate. In this work, we study the entanglement-based BB84 protocol, where information is encoded in the polarization of photon pairs generated via spontaneous parametric down-conversion (SPDC) with a pulsed pumping laser. We perform the joint optimization of source parameters and detection system used by Alice and Bob in order to improve the performance of the protocol in a realistic set-up. We take into account several key parameters of the source, including the crystal’s phase-matching function width, pump pulse duration, and number of the photon pairs emitted per one use of the source. For the detection system, we optimize the detection windows taking into account several characteristics of the setup, such as, timing jitter, dead time and dark count rate. Finally, we include transmission losses in the quantum channel. Our work is an important step towards refining practical parameter values for realistic QKD systems across wide range of experimental conditions
- Exploring new dimensions in polarization-dependent efficiency mismatch evaluation in superconducting nanowire single-photon detectorsN Jain ; F Grünenfelder ; U Andersen ; T Gehring[abstract]Abstract: A quantum key distribution (QKD) implementation can be vulnerable to detector-control attacks by Eve if the receiver exhibits detection efficiency mismatch. It is well known that superconducting nanowire single photon detectors (SNSPDs) exhibit polarization-dependent efficiency. Since no two SNSPDs can be identical, a QKD receiver employing a pair of SNSPDs will necessarily exhibit some mismatch. A previous work has shown how to experimentally measure and exploit such a polarization-dependent efficiency mismatch by varying a single ‘polarization angle’ of the photons impinging on the SNSPDs. We show that varying the photon polarization along two independent dimensions (azimuth and elliptical angles) enables a more accurate and systematic evaluation of this vulnerability. Experimentally, it offers the complete efficiency mismatch landscape (from Eve's perspective) and eases setup alignment. We also develop a new theoretical model that shows a good match with the experimental results.
- Power Stabilization for Chip-Based QKD Transmitters Using Homodyne DetectionJ Oh ; K Kim ; J Choe ; J Baek ; C Youn ; B Choi[abstract]Abstract: Stable optical output power is essential in chip-based QKD transmitters because fluctuations in the emitted mean photon number directly affect security analysis and the secret key rate. Conventional monitoring at the laser diode output cannot directly reflect downstream drift from intensity modulators, variable optical attenuators, thermo-optic elements, and driving circuits. Here, we propose a homodyne detection-based optical output power stabilization method using the complementary port signal of a final Mach-Zehnder-based variable optical attenuator. As a preliminary step toward a chip-based near-output monitor, we demonstrate its feasibility with a bulk-optics proof-of-concept experiment.
- Side-channel-secure quantum key distribution with practical conditionsJ Cong[abstract]Abstract: Quantum Key Distribution (QKD) leverages the principles of quantum mechanics to provide theoretically unconditional security for cryptographic key sharing. However, practical implementations remain vulnerable due to potential security loopholes at both the source and detection sides of QKD systems. The side-channel-secure (SCS) protocol addresses these challenges by encoding bits in vacuum and non-vacuum states and introducing a third-party measurement node, thereby repelling attacks targeting the detection side as well as external lab attacks on the source side. In this work, we consider the state-dependent correlated errors and Trojan-horse attack while preserving the SCS protocol's key advantage——specifically, requiring only upper bounds on intensity characterization without needing a full description of quantum states in infinite dimensions. Numerical results demonstrate that when the reflected light intensity from Trojan-horse attacks falls below $10^{-6}$, Eve can scarcely extract additional key information from the reflections. This work makes the SCS protocol more practical.
- Overcoming the Phase Diffusion Limit in a Semiconductor Laser-based QRNGA Brzosko ; Y Lo ; P Smith ; T Paraiso ; S Juarez ; J Dynes ; R Woodward ; M Stevenson ; A Shields[abstract]Abstract: We report a novel technique of extracting randomness from the phase of optical pulses coming from a gain-switched Distributed Feedback (DFB) laser cavity beyond the phase diffusion limit, with a demonstration at 10 GHz.
- Security Analysis of Free-Space BB84 QKD with an Imperfect Single-Photon Source via Experimentally Reconstructed Photon-Number StatisticsK Hong ; M Hwang ; J Yang ; Y Jeong ; S Lee[abstract]Abstract: We present an experimentally grounded security-analysis framework for decoy-state BB84 quantum key distribution (QKD) using an imperfect GaN-based single-photon source (SPS). A single GaN emitter is identified by confocal mapping and characterized using a Hanbury Brown–Twiss interferometer, yielding g(2)(0) = 0.29 ± 0.10. The multi-photon character of the source is further confirmed by measuring the n-fold coincidence counts (N0–N4). Rather than assuming a Poissonian or thermal photon-number model, the truncated photon-number distribution {P0, P1, P2} is analytically inferred from the measured g(2)(0) and mean photon number, and propagated through the encoding-path transmittance to obtain the effective signal and decoy photon-number distributions. These are incorporated directly into a two-decoy-state BB84 security analysis to estimate single-photon yields and error rates. In a laboratory free-space QKD experiment, the system achieves a signal-state sifted key rate of 6.90 ± 0.14 kbps and a quantum bit error rate (QBER) of 3.82 ± 0.24%, confirming positive asymptotic key-rate performance and providing a practical route for connecting solid-state SPS characterization with QKD security modeling.
- 1.3 km Free-Space Entanglement-Based QKD with Robust Sagnac-Based Polarization Entangled Photon SourceT Kim ; H Kang ; G Gu ; J Kim ; H Kim ; Y Kim[abstract]Abstract: Quantum key distribution (QKD) is a promising technology for secure communication, particularly for satellite-based global networks, but its implementation is limited by atmospheric turbulence. In this study, we develop a 1.3 km campus-scale free-space optical link as a testbed for entanglement-based QKD and implement a Sagnac-based polarization-entangled photon source using a type-II PPKTP crystal. The photon-pair generation rate is characterized as a function of pump power, showing slopes of 244.8 kHz/mW with a 10 nm bandpass filter, achieving up to 1 MHz pair rate. The coincidence-to-accidental ratio (CAR) is also measured, revealing a trade-off between pair rate and multi-pair-induced degradation. These results establish a robust platform for future entanglement distribution over atmospheric channels and provide a foundation for satellite-based QKD systems.
- Robust Distribution of Polarization Entanglement via Passive Polarization StabilizationJ Kim ; M Kim ; J Park ; J Oh ; K Lim ; B Choi ; C Youn[abstract]Abstract: We propose and experimentally demonstrate a passive polarization stabilization method for robust entanglement distribution using a cross-aligned pair of polarization-maintaining fibers (PMFs). Unlike standard single-mode fiber links, the proposed configuration inherently mitigates polarization and phase fluctuations without active feedback control. Using polarization-entangled photon pairs generated from a Sagnac interferometer, we compare SMF-based transmission and the proposed PMF configuration under stable and mechanically perturbed conditions. While the SMF-based system shows severe degradation under vibration and fiber bending, with the average visibility dropping to 0.444, the proposed PMF configuration maintains a high average visibility of 0.867 with minimal fluctuation. These results demonstrate that the proposed approach enables reliable entanglement distribution under field conditions without complex active compensation, providing a practical route toward scalable quantum communication systems.
- Effect of Optical Phased Array Sidelobes on QKD Performance Using a Simplified Loss ModelM Kim ; K Lim ; J Oh ; J Kim ; C Youn ; H Kim[abstract]Abstract: Optical phased arrays (OPAs) are beam-steering devices that control the direction of light by adjusting the relative phase of multiple emitters and have been widely studied in free-space optical communications and LiDAR. Recently, their potential has also been explored in quantum applications such as free-space quantum key distribution (QKD). However, the far-field pattern of OPAs inherently includes not only a main lobe in the desired direction but also sidelobes, whose impact on QKD performance has not yet been investigated. In this work, we study the effect of sidelobes on QKD performance from a system-level perspective. We relate the sidelobe suppression ratio (SSR) of an OPA transmitter to QKD performance based on a decoy-state BB84 model. We focus on how power leakage into sidelobes reduces the signal intensity in the main beam and lowers the secure key rate. To capture this effect, we adopt a simplified model in which sidelobe power is treated as a loss from the main beam. Under a linear optical assumption, this loss can be treated in the same way as channel attenuation in standard QKD analysis. This work connects OPA beam characteristics, including sidelobe effects, to QKD system performance.
- From abelian to dihedral HSP: a research agenda for PQC cryptanalysisG Belli ; M Amoretti[abstract]Abstract: The transition from the abelian Hidden Subgroup Problem to cryptographically relevant non-abelian settings should be understood as a stratified problem. A four-layer resource-aware methodology is proposed, in which algebraic structures, quantum state preparation, basis transformations, and measurement/post-processing are treated as subsequent stages of an implementation pipeline.
- Effect of Non-Ideal Beacon Beam Profiles on Performance of Fine Beam Tracking System in Free-Space Quantum Key DistributionH Kwak ; J Won ; M Kim ; B Choi ; C Youn ; J Heo[abstract]Abstract: Recent advances in quantum computing pose a potential threat to conventional public-key crypto systems such as RSA(Rivest-Shamir-Adleman), motivating the development of quantum key distribution systems. In free-space quantum key distribution, fiber-coupling efficiency is a critical factor because optical loss directly affects the secret key rate and ultimately limits the achievable transmission distance. Therefore, minimizing coupling loss through stable beam tracking is essential, particularly in free-space QKD platforms involving satellites, drones, and mobile terminals[1,2]. In fine beam-tracking systems, beacon signals for the fast-steering mirror control loop can be detected using either quadrant detectors or CMOS cameras. Quadrant detectors offer fast response times and are suitable for real-time feedback control, but their tracking performance can be strongly affected by the spatial profile, size, and symmetry of the incident beam[3]. In contrast, CMOS cameras provide direct beam-profile information and are less sensitive to beam-shape distortion, but they generally suffer from slower response times. In this work, we investigate a fine-tracking configuration in which a beacon laser is transmitted through a central aperture in an off-axis parabolic mirror. As a result, the reflected beam has a centrally obscured, non-ideal Gaussian profile, which may degrade the tracking accuracy of a quadrant-detector-based system. We compare the performance of quadrant-detector- and CMOS-camera-based feedback schemes for fast steering mirror control under non-ideal beam-detection conditions. Furthermore, we analyze the influence of beam size and beam-profile distortion on tracking performance and discuss optimization strategies for stable fiber coupling in free-space QKD systems.
- Real-time CV-QKD with a chip-scale transmitterI Servello ; M Hauer ; M Baier ; E Sollner ; P Gleissner ; S Randel ; U Eismann ; E Eichhammer ; I Khan[abstract]Abstract: Continuous-variable quantum key distribution (CV-QKD) enables secure communication over standard telecom infrastructure, yet its scaling is stalled by bulky, discrete optical hardware. We address this bottleneck by demonstrating a real-time CV-QKD system driven by a chip-scale hybrid transmitter built from commercial telecom components. By integrating a micro-optic external-cavity laser with a monolithic photonic integrated IQ modulator, we provide high performance, enabling secret-key generation over 102 km of optical fiber, while reducing the size of the optics by 95%. Moreover, real-time operation overcomes the offline post-processing bottlenecks of experimental setups. This work bridges laboratory demonstrations and field-deployable technology, with a scalable architecture for cost-effective quantum networks.
- Implementation-Level Feasibility Analysis of Entanglement Purification for Time-Bin Quantum NetworksH Kim ; N Fitri ; H Kim ; J Rhee[abstract]Abstract: Distributed entanglement is the foundational resource of quantum networks, enabling quantum key distribution, teleportation, and entanglement swapping between distant nodes. However, as transmission distance increases, channel loss and environmental noise inevitably degrade entanglement quality. Entanglement purification protocols (EPPs) are therefore an essential ingredient of practical quantum repeaters. A central challenge in implementing EPPs for long-distance quantum communication is the choice of photonic encoding. Time-bin encoding is well suited to optical-fiber transmission and has demonstrated robust operation at telecommunication wavelengths. Recent experiments have further distributed fully controllable time-bin entangled states over 100-km single-mode fibers with high two-photon visibility and state fidelity. However, the early-late temporal separation that makes time-bin encoding robust for fiber transmission also complicates local entangling operations: logic operations between time-bin qubits generally require coherent manipulation of early and late temporal modes, making their implementation with static linear optics alone highly nontrivial. In this work, we develop an implementation-level feasibility analysis of entanglement purification for time-bin entangled photons. We evaluate candidate purification architectures using time-bin specific implementation criteria, including early-late temporal-mode interference, active switching or temporal demultiplexing, interferometric phase stability, ancillary resource requirements, and post-selection or feed-forward control. This operation-level comparison identifies the main bottleneck that distinguishes time-bin purification from polarization-based linear-optical schemes: the difficulty of implementing temporal-mode parity checks or CNOT-like operations with passive optical elements alone. We examine candidate implementations of time-bin-compatible EPPs, including temporal-to-spatial or temporal-to-polarization mode conversion followed by linear-optical parity checking, active-switch-assisted temporal-mode operations, and nondestructive-measurement-assisted or memory-compatible node-level approaches. We further discuss how key realization issues, such as optical loss, interferometric visibility, detector efficiency, and conversion overhead, affect the feasibility of each approach in terms of fidelity improvement, success probability, and resource requirements. This analysis provides an implementation-oriented perspective on the experimental trade-offs between conversion-assisted linear-optical purification and resource-intensive deterministic or near-deterministic approaches for long-distance fiber quantum communication.
- 1-Mbps Twin-Field Quantum Key Distribution over 200 km Using Independent Dissipative Kerr SolitonsH Dong ; T Zhang[abstract]Abstract: Twin-field quantum key distribution (TF-QKD) dramatically enhances the secure key rate (SKR) over inter-city distances through its square-root scaling. Further improvements in aggregate SKR can be achieved by wavelength-division multiplexing (WDM) of parallel QKD channels. However, direct implementation in TF-QKD poses significant challenges, as each wavelength channel requires an independent ultra-stable seed laser, narrow-linewidth transmitters, and optical phase locked loops (OPLLs), which are not easily scalable. Here, we circumvent these limitations by employing two independent, integrated dissipative Kerr soliton (DKS) microcombs at Alice and Bob as multi-wavelength sources. High-visibility single-photon interference across all wavelength channels is achieved by stabilizing the frequencies of every comb line—requiring only the stabilization of the pump wavelength and repetition rates of the two microcombs. Based on this architecture, we perform a full TF-QKD experiment using the sending-or-not-sending protocol, achieving a total SKR of 1.57 Mbps over 201.1 km of fiber using 16 DWDM channels. This result represents more than an order-of-magnitude enhancement compared with single-wavelength TF-QKD at the same distance. Given that a single DKS comb can support over 100 coherent lines across the C-band, this approach offers a scalable pathway toward high-rate quantum key distribution over inter-city distances.
- Feasibility of Multi-GHz Satellite-to-Ground Secure Quantum CommunicationO Crampton ; T Roger ; C Perumangatt ; R Singh ; R Woodward ; D Marangon ; R Donaldson ; R Stevenson ; A Shields[abstract]Abstract: We investigate the feasibility of satellite-to-ground quantum key distribution (QKD) at multi-GHz clock rates, where secure key generation time is constrained, due to LEO satellite overpasses (≈ 300 s). Higher repetition rates present an immediate route to increased secure key rate (SKR), though performance is limited by detector jitter, coupling losses, and atmospheric turbulence, depending on the receiver architecture. We combine finite-key modelling, detailed detector timing characterization, adaptive optics (AO) modelling, and real-time free-space QKD experiments at 1 GHz to evaluate practical receiver configurations based on multi-mode fiber-coupled avalanche photodiodes (MMF-APDs) and single-mode fiber-coupled superconducting nano-wire single-photon detectors (SMF-SNSPDs), at projected rates > 1 GHz. The results indicate clear operating regimes: MMF-APDs maximize secure key rates below ∼ 1 GHz, predominantly due to their low coupling loss. However, low-jitter SMF-SNSPDs are required to obtain positive key rates at > 1GHz clock rates (estimated optimal operating point near ∼ 7.55 GHz), though AO correction is required for effective single-mode coupling under turbulence. The experimental and projected results provide realistic design targets for future high-rate satellite QKD systems, while highlighting the technological requirements needed to achieve end-to-end operation beyond the GHz regime.
- Hardening Measures for Trusted-Node QKD NetworksJ Berl ; M Wenning ; T Fehenberger[abstract]Abstract: QKD networks rely on trusted nodes to overcome the limited reach of present-day QKD devices, weakening end-to-end security. We propose four complementary hardening measures, including secret sharing, PQC hybridization, path verification, and confidential computing, to reduce trust assumptions and enable more secure deployments in meshed QKD networks.
- Secure Superdense CodingC Deckers ; G Wit ; A Trushechkin ; H Kampermann ; D Bruß[abstract]Abstract: Superdense coding exploits shared entanglement to encode two classical bits into a single qubit. This concept can be incorporated into quantum secure direct communication, where message transmission and eavesdropping detection are combined into a single protocol without prior key generation. Building on the results of Wu, Long, and Hayashi [Phys. Rev. Appl. 17, 064011, (2022)], we analyze the security of scenarios in which an eavesdropper may hold the purification of the shared entangled state. We extend the previous result by incorporating statistical errors into the estimation of the distributed entangled state and, thus, make a further step in the security analysis of superdense coding.
- Study of a simulation framework for satellite-to-ground QKD links and optical-conversion assisted fiber network extensionJ Park ; H Kim ; J Rhee[abstract]Abstract: While long-distance fiber QKD suffers from transmission loss, satellite-to-ground quantum key distribution (Sat-QKD) can extend key distribution through free-space links. However, to make such keys usable in terrestrial QKD networks, a satellite link must be connected to ground fiber infrastructure through wavelength and encoding interfaces. This work studies a simulation framework for Sat-QKD as a key-supply layer for fiber-based QKD networks. The framework focuses on downlink decoy-state BB84 and combines LEO pass geometry, candidate OGS atmospheric data, receiver/detector models, QBER estimation, and finite-key analysis. After satellite-to-OGS free-space collection, an OGS-side optical-conversion interface is modeled before ground fiber extension. The simulator compares direct backhaul, 850-to-1550 nm quantum frequency conversion (QFC), polarization to time-bin degree-of-freedom (DOF) conversion, and the combined QFC + DOF path. The results show that the preferred wavelength depends on the link section: 850 nm provides higher annual finite-key volume in the satellite free-space link, while 1550 nm is favorable for the fiber-extension layer. QFC connects the free-space-favorable 850 nm link to the fiber-favorable 1550 nm layer, and DOF conversion introduces conversion loss but suppresses polarization-drift-induced QBER. The framework is intended as an engineering-level tool for comparing candidate OGS sites and optical-conversion paths for satellite–fiber QKD network extension.
- Private quantum network sensing via loss-tolerant GHZ state distributionY Ueda ; M Ishihara ; W Roga ; M Takeoka[abstract]Abstract: Quantum network sensing has a potential to enhance the estimation precision of multiple distributed parameters. In this context, several papers recently considered privacy of local parameters of such sensing. However, it is known that some kinds of noises such as bit-flip noise affect the privacy. In this work, we propose a private quantum network sensing scheme using an efficient photon-number GHZ state distribution protocol for the linear combination of local parameters in a lossy network. We show that our protocol using the photon-number GHZ states satisfies the privacy condition in the noisy distribution environment.
- Relaxing required detection efficiency of the Holz-inequality-based device-independent conference key agreement via noisy preprocessingN Koyama ; M Ishihara ; M Takeoka[abstract]Abstract: Device-independent conference key agreement (DI-CKA) enables secure multipartite communication without relying on the internal structure or reliability of the devices used. However, realizing DI-CKA protocols is extremely challenging because observing loophole-free Bell violations demands exceptionally high detection efficiency. In this study, we incorporate noisy preprocessing—a technique that deliberately introduces noise into raw key bits to reduce an eavesdropper's information—into a DI-CKA protocol based on the Holz inequality to relax the required detection efficiency. We evaluate the performance of the protocol by calculating a lower bound on the key rate using a numerical optimization method, alongside an analytical upper bound derived from a specific eavesdropping attack. Our results demonstrate that the introduction of noisy preprocessing successfully relaxes the required detection efficiency even in the Holz-type DI-CKA. Furthermore, we find that the analytical upper bounds coincide with the numerical lower bounds with very high precision, demonstrating the tightness of the evaluated key rates.
- On the Practical Construction of Zero-knowledge Proof of QuantumnessY Ma[abstract]Abstract: Proofs of quantumness (PoQ) allows a classical verifier to certify that a remote prover possesses genuine quantum computational power. While existing PoQ protocols primarily address security against malicious provers, recent work by Phan et al. introduced zero-knowledge proofs of quantumness (ZKPoQ) to additionally protect honest provers from malicious verifiers seeking to extract information beyond the mere fact of quantum capability. In this work, we advance the ZKPoQ framework with two concrete contributions aimed at practical deployment. First, we instantiate two interactive ZKPoQ protocols---based on factoring and on learning with errors (LWE), respectively---each incorporating an extractable zero-knowledge gadget that the verifier must provide on its witness before the PoQ protocol proceeds. Notably, our constructions eliminate the dependency on a common reference string (CRS) required in prior work, thereby reducing architectural assumptions and simplifying real-world adoption. Second, we apply the Fiat--Shamir heuristic to transform both interactive protocols into non-interactive variants, improving communication efficiency. We formally prove that our schemes satisfy quantum completeness, classical soundness, and computational zero-knowledge under the ZKPoQ framework. Finally, we propose concrete parameter settings for practical deployment, provide a detailed analysis of communication costs across both interactive and non-interactive variants, and present a comparative summary of their efficiency trade-offs.
- Analysis of Key Rate and Modulation Variance in a Continuous-Variable QKD System with Experimental Optical Power Verifications Yoon ; S Bae ; J Heo[abstract]Abstract: Continuous-variable quantum key distribution (CV QKD) is a promising approach for implementing quantum secured communication using coherent detection and standard optical communication components. In this work, we investigate the relationship between the secret key rate and modulation variance in a CV-QKD system through numerical simulation. The simulation is performed by considering system parameters relevant to our experimental setup, allowing us to estimate the expected key rate behavior as a function of modulation variance. In addition, we experimentally verify the corresponding optical power levels generated by the modulation process, providing a practical connection between the theoretical modulation variance and measurable optical power in the actual system.
- Machine Learning–Enhanced Robust Quantum Communication in Turbulent Free-Space Channels Using Fully and Partially Coherent LightY. Ismail[abstract]Abstract: The realisation of scalable quantum communication networks hinges on overcoming the detrimental effects of atmospheric turbulence in free-space quantum channels. Turbulence-induced decoherence, photon loss, and reduced entanglement fidelity remain critical obstacles to high-rate, secure quantum key distribution (QKD) and long-distance quantum networking. In this work, we present a unified framework that integrates machine learning techniques and light engineering by partial spatial coherence to enhance the robustness and performance of free-space quantum communication systems. We first demonstrate how supervised machine learning models can be employed to characterise and predict the state of a turbulent quantum channel in real time. Using experimentally reconstructed density matrices of entangled photon states, we train regression models to estimate the Strehl ratio, a key indicator of atmospheric turbulence strength, with high precision. Ensemble methods, particularly random forest regressors, achieve prediction errors below 4%, enabling accurate monitoring of channel conditions and providing a pathway toward adaptive quantum communication protocols [1]. Complementing this data-driven approach, we investigate the role of structured partially coherent light in mitigating turbulence effects. Through theoretical and experimental studies of spontaneous parametric down-conversion, we show that Gaussian Schell-model (GSM) beams enable phase conjugation of optical fields, effectively reversing wavefront distortions. The coherence properties of the generated idler beam are directly controlled by those of the pump field, allowing tailored resilience against atmospheric perturbations. We analyse the propagation of entangled photon pairs generated using partially spatially coherent pump beams through turbulent free-space links. Our results reveal that biphoton states produced with reduced spatial coherence exhibit enhanced robustness against turbulence compared to those generated by fully coherent pumps. Specifically, coincidence detection rates degrade more slowly with increasing turbulence strength, indicating improved preservation of quantum correlations and entanglement. This robustness arises from reduced spatial correlations in the pump, which translate into decreased susceptibility to scattering-induced decoherence [2]. By combining predictive machine learning with physically engineered light fields, this work establishes a hybrid strategy for resilient quantum communication. Machine learning enables real-time channel estimation and adaptive control, while partially coherent light provides intrinsic resistance to environmental noise. Together, these approaches offer a promising route toward reliable, free-space quantum links.
- Field Deployment of a Time-Shared Full-Mesh Entangled QKD NetworkY Kurochkin ; V Rodimin ; A Ponasenko ; A Pereszlenyi ; V Revici ; R Piera ; T Mehri ; K Sloyan ; J Singh ; J Grieve[abstract]Abstract: Deployable networks and regulatory feedback are creating new challenges for quantum communication research. One of the most important challenges highlighted in QKD position papers is the trusted-node concept. At city scale, this problem is already practical issue: 5–50 users may need to share secret keys in an any-to-any topology. In a conventional trusted-node architecture, the telecom operator responsible for the quantum network becomes a trusted organization for all users and all sensitive data. Three approaches can be considered to overcome this limitation: (i) equip every user with both a transmitter and a receiver and use an N × N optical switch [3]; (ii) distribute entanglement between selected user pairs; (iii) use MDI-QKD or TF-QKD with a 2 × N optical switch. In this work, we demonstrate a field deployment of time-shared entanglement distribution between users selected on demand. We consider this approach highly practical because it keeps network management simple and allows the same receiver implementation to be used for every user. Our deployment is located in the Abu Dhabi Global Market (ADGM) free zone in Abu Dhabi. It opens an opportunity for finance-sector clients to test end-user solutions on a quantum-safe network, both by using AES encryptors fed by quantum-generated keys and by applying ETSI GS QKD 014 to request keys at the application layer.
- Security Proof Techniques for QKD and Applications to Critical InfrastructuresM Kristen ; J Mottok[abstract]Abstract: This poster is based on a Systematic Literature Review on QKD Security Proofs. Quantum Key Distribution (QKD) requires rigorous, system-specific security proofs to enable certification for deployment in critical infrastructures. This poster presents a preliminary overview of security proof techniques for QKD, and discusses their role in hybrid cryptographic protocols combining classical, post-quantum, and quantum methods. With the goal of establishing the use of QKD in industry and infrastructure, we further outline challenges for practical integration and certification, as recommendations by national agencies like for example the German BSI emphasize that QKD must be combined with post-quantum cryp- tography in hybrid approaches. This work provides (i) a concise overview of hybrid cryptographic approaches involving QKD and (ii) a preliminary struc- tured review of modern QKD security proof techniques.
- Modular SD-KMS and LP Multipath Routing for Enhanced Resilience in a Field-Deployed QKD NetworkK Tsimvrakidis ; A Selentis ; A Papageorgopoulos ; I Papastamatiou ; K Christodoulopoulos ; G Kanellos[abstract]Abstract: We introduce a dynamic Software-Defined Key Management System (SD-KMS) framework designed as a modular orchestration platform to overcome the limitations of static routing in Quantum Key Distribution (QKD) networks. The central Controller manages routing via three distinct mechanisms: an active polling interface for external solvers, a passive injection API for enforcing custom commands, and an embedded Dijkstra fallback engine to guarantee baseline service. Paired with this open architecture, we implemented a novel batch-based Linear Programming (LP) routing engine. This algorithm utilizes a "just-enough" proactive routing strategy that computes multi-path routes in polynomial time. By periodically processing demand batches, it optimizes end-to-end services to stay above safety thresholds, guaranteeing QoS by immediate key provisioning for dynamic application demands while allowing physical link pools to seamlessly absorb inherent QKD generation fluctuations. The capabilities of the SD-KMS and the LP engine were experimentally validated on a field-deployed, 5-node, multi-vendor QKD ring network. Functioning as a unified overlay across heterogeneous QKD systems, the framework successfully navigated a dynamic evolution scenario featuring key generation fluctuations, varying demands, and an intentional link failure. During periods of heavy key demands, the LP engine effectively performed load balancing by dynamically routing a portion of relay flows to secondary paths, preventing pool starvation and outperforming standard single-path solutions. When an active link was deliberately disrupted, the engine instantly redirected all traffic to the remaining functional path to ensure uninterrupted service continuity. Finally, upon link restoration, the system automatically engaged multipath routing across both available paths, maximizing the total key provisioning rate to optimize the volume of served request.
- Authentication and Trust in Satellite QKD NetworksJ Bas ; A Compte ; J Sliwa ; K Wrona[abstract]Abstract: Quantum Key Distribution (QKD) provides information-theoretic security for key establishment, but its security guarantees rely on the authentication of the classical communication channel. Although this requirement is well understood at the protocol level, its implications for large-scale and operational QKD networks, particularly satellite-based QKD (SatQKD), remain insufficiently explored. In this work, we analyse authentication mechanisms and trust assumptions in satellite QKD networks from a system-level perspective. We compare symmetric-key authentication and post-quantum digital signatures and examine how they affect both resource consumption and security guarantees. A structured analysis of trust boundaries in SatQKD architectures is provided, comparing trusted-node relay configurations with end-to-end approaches. We show that practical deployments introduce implicit trust assumptions that are not captured in idealised QKD security models. Our results highlight that authentication and trust are key design parameters in operational and dual-use QKD systems.
- Continuous Variable Quantum Key Distribution Monolithically Integrated onto Indium PhosphideS Nicoll ; D Hutama ; T Paul ; G Flizikowski4 ; K Dolgaleva ; J Lundeen ; A Atieh[abstract]Abstract: The security and bandwidth capabilities of the existing telecommunication infrastructure are of increasing concern. Quantum Key Distribution (QKD) is a method used to disseminate and secure information through secret keys. Continuous Variable Quantum Key Distribution (CV-QKD) is an advantageous subvariant that can be monolithically integrated into Indium Phosphide (InP) photonic chips. Rigorous testing is essential for CV-QKD chips to achieve commercial viability. The developed transmitter and receiver chips have demonstrated preliminary key generation, producing a raw key transmitted using conventional telecommunications infrastructure, with post-processing and protocol-level analysis to follow.
- Discrete-phase-randomized mode-pairing quantum key distribution in finite-key settingsZ Liu ; M Razavi ; A Lawey[abstract]Abstract: We present a unified analytical framework for mode‑pairing quantum key distribution (MP QKD) that incorporates both discrete phase randomisation and finite‑size statistical fluctuations. By mapping MP QKD to an equivalent two‑mode measurement-device-independent QKD, we derive closed‑form bounds for key‑rate estimation without numerical optimisation. Using Chernoff bounds, we evaluate realistic system performance and show how the interplay between phase‑slice number and block size impacts whether the protocol can surpass the PLOB bound. The results highlight the practicality of our approach for real‑time evaluation and implementation of DPR MP QKD in a finite-key setting.
- GHz-Rate Phase-Randomized Decoy state Time-Bin QKD Source Based on a SLED PlatformS Kumar ; A Marcomini ; L Millet ; T Taher ; R Houlmann ; D Cabrerizo ; G Boso ; M Curty ; R Thew ; B Korzh[abstract]Abstract: Phase randomization is essential for the security of practical quantum key distribution (QKD) systems. Commonly, implementations rely on laser sources (either actively phase-randomized, or gain-switched). However, at high repetition rates these show correlations, which can ultimate compromise security and performance. We present a 1.25 GHz fully phase-randomized QKD source based on a super luminescent diode (SLED) operating in the C-band as a compact and cost-effective alternative. The source generates ∼ 100 ps optical pulses with 400 ps time-bin separation, compatible with high-speed time-bin encoding. Interferometric measurements demonstrate > 99% visibility between adjacent time bins, confirming strong first-order coherence within a qubit, while the spontaneous-emission-driven nature of the SLED ensures intrinsic pulse to pulse phase randomization. The broadband architecture further enables operation across multiple ITU channels, supporting wavelength-multiplexed QKD from a single emitter. This work establishes a scalable SLED-based platform for high-speed time-bin QKD systems.
- Discovering QKD Eavesdropping Strategies under Asymmetric and Time-Varying NoiseM Mordarski ; D Budina ; B Gras ; A Shehata ; R Bondesan[abstract]Abstract: Discovering QKD eavesdropping strategies under asymmetric and time-varying noise entails joint optimisation over discrete attack structure and continuous parameters under a strict evaluation budget. A minimal two-loop search framework, EvoluCMAES, is employed, in which the topology-mutation operator is the only domain-specific component. In BB84, compact eavesdropping circuits of 4--6 gates are consistently identified from an arbitrary-depth search space, approaching the analytical Pauli-channel cloning-machine bound under bit-flip noise. When reformulated as a sequential decision problem, the resulting policy class with feasibility masking and matched hyperparameters recovers the greedy-Oracle strategy for both BB84 and E91/DIQKD. Under soft feasibility, a regime is observed in which a small increase in detection probability yields a statistically significant improvement over the greedy oracle, indicating that budget-limited search exposes nontrivial attack strategies in the presence of noise asymmetry and temporal variation.
- Encrypted Federated Learning of Quantum Neural Networks via Continuous-Rotation Homomorphic EncryptionM Mordarski ; N Mani ; A Patel ; W Knottenbelt ; R Bondesan[abstract]Abstract: Federated learning (FL) trains a shared model across many data holders without pooling raw data, but the parameter exchange itself is vulnerable to gradient-inversion attacks. Among privacy-preserving remedies, fully homomorphic encryption (FHE) is the strongest cryptographic option that lets an honest-but-curious server aggregate updates without ever seeing them in the clear. Extending FHE to quantum machine learning, where the model parameters are continuous rotation angles of a variational quantum circuit, has so far required either thousands of interactive client--server rounds per training step or compiling every rotation into long sequences of a discrete gate alphabet, an overhead that destroys any quantum-side advantage. The central technical observation of this work is that single-qubit rotation composition under the quaternion representation of $\mathrm{SU}(2)$ reduces to a degree-2 polynomial on $\mathbb{R}^4$, which the CKKS scheme evaluates within a single multiplicative depth without bootstrapping. The consequence is a practical construction that enables non-interactive encrypted federated training of hybrid quantum--classical neural networks: information-theoretic security at the quantum-state level is composed with RLWE-based computational security for the classical aggregation. A small-scale feasibility study ($\leq\!3$ clients, $\leq\!5$ FL rounds) on the California Housing regression benchmark shows that the encrypted model matches or slightly improves over the plaintext quantum baseline in every run ($\mathrm{MSE}=0.612$ versus $0.727$) and approaches the classical CKKS-FedAvg baseline ($0.591$), an effect that is consistent with, and which we hypothesise is driven by, mild stochastic regularisation from CKKS approximation noise. Homomorphic FedAvg matches plaintext FedAvg to within $4{\times}10^{-8}$ rad of rotation-angle error in our runs. A protocol-accounting cost model predicts a $10\times$--$30\times$ reduction in per-rotation compute relative to the discrete-gate baseline as target precision tightens, and round-trip state fidelity of $0.992$ is measured on the 156-qubit \texttt{ibm\_fez} processor. The accompanying open-source release is, to the best of our knowledge, the first publicly available implementation of continuous-rotation quantum homomorphic encryption, and is intended to lower the barrier to further work on privacy-preserving quantum machine learning.
- On Quantum Certified Deletion and Everlasting SecurityP Lamontagne[abstract]Abstract: Quantum certified deletion [BI20] has been a hot topic of quantum cryptography in recent years. Many constructions propose to add to cryptographic schemes a procedure by which one party can prove to other(s) that it has deleted a crucial piece of information. Certified deletion (CD) is almost always presented as the end-goal on its own, yet we know little about whether CD is useful in enabling other cryptographic tasks. In this note we ask the following question. What is the cryptographic power of certified deletion?
- Towards a Digital Twin for the Quantum EncrYption and Science SatelliteH Morin ; A Maierean ; B Higgins ; I DSouza ; V Muthu ; T Jennewein[abstract]Abstract: We present a novel Monte Carlo based QKD simulator, developed to be the digital twin of the Quantum EncrYption and Science Satellite (QEYSSat). The simulator will be used to validate mission objectives, and generated predictions will be updated against real experimental data. Stochastic processes such as afterpulsing and recharge time are incorporated.
- Synchronization of ultrafast time-bin quantum communication over fibre using a multiplexed optical pulse trainT Lee ; A Sit ; F Bouchard ; P Bustard ; D England ; B Sussman ; J Lundeen[abstract]Abstract: Although time-bin encoding is a promising approach to fibre-based quantum key distribution (QKD), it may be vulnerable to timing measurement ambiguities caused by temperature-dependent fluctuations in the refractive index fluctuations of deployed fibres. We propose the use of wavelength-division multiplexing to co-propagate O-band time-bin states with a synchronized C-band optical pulse train. By measuring the stability of the delay between the O-band and C-band fields, we assess the feasibility of using this method to ensure timing stability in time-bin QKD.
- Multipartite Bell inequalities with interferometric multiportsI Ahmed ; S Ghoreishi ; G Scala[abstract]Abstract: We propose a characteristic–function approach to Bell inequalities implemented with interferometric multiport measurements. By encoding d-valued outcomes as roots of unity, Bell functionals become linear combinations of Fourier correlators. This unified scheme reproduces CHSH, CGLMP, and MABK inequalities, and systematically generates new ones in higher-dimensional and multi setting scenarios. Optimizing over entangled states and multiport phase shifts provides explicit quantum strategies. Our framework thus offers a compact, experimentally natural route to Bell tests beyond the standard families.
- On the viability of Transatlantic Quantum Entanglement Distribution using Combined Satellite and Stratospheric Relay NodesK Mohammadi ; P Godin ; K Kuntz ; T Jennewein[abstract]Abstract: We investigate feasible link architectures for transatlantic quantum entanglement distribution across a ground separation of approximately 6,500 km by comparing free-space scenarios involving satellites and High-Altitude Platforms (HAPs). By taking into account the optical link budget, radiation environment, orbital accessibility, and overall system complexity, including aperture requirements and payload constraints across both the space and ground segments, we identify a hybrid architecture consisting of a Low-Earth Orbit (LEO) satellite at 1,200 km altitude supported by two HAPs positioned above the quantum ground stations as a promising configuration. Our analysis shows that this architecture outperforms a conventional single-satellite scenario at higher orbital altitudes (~15,000 km). In addition to achieving improved performance, the satellite–HAP architecture offers practical advantages by reducing payload and launch complexity, while improving link availability through the maneuverability of HAPs under varying weather conditions. Overall, this hybrid configuration yields on the order of 5 X 10^6 secure key bits per year using 30 cm aperture ground receivers, nearly two orders of magnitude higher than achievable with a single MEO satellite and 1 m aperture ground receivers. These results demonstrate major benefits of hybrid satellite–HAP architectures by reducing system complexity while enabling scalable and more accessible quantum communication networks.
- Capacity and SKR Trade-off in Coexisting Classical and CV-QKD Metro-Reach LinksC Ozkan ; L Zischler ; K Gumus ; J Frazão ; C Antonelli ; C Okonkwo[abstract]Abstract: We analyse the secret-key rate (SKR) of continuous-variable quantum key distribution (CV-QKD) when the quantum channel shares a fibre with classical DWDM traffic. Using a physical model of an 88-channel, 50 GHz-spaced C-band link that captures four-wave mixing, spontaneous Raman scattering, Rayleigh backscatter, and out-of-band effects with full frequency dependence, we compute the asymptotic SKR under Gaussian collective attacks across guardband size, quantum-channel position, classical launch power, link distance, and propagation direction. We report three results. First, placing the quantum channel at the band edge with a 150 GHz guardband yields a 108% SKR gain at 3.4% classical capacity loss, half the cost of symmetric centre-band protection. Second, counter-propagation without any guardband produces the same SKR as guardbanded co-propagation at the same operating point. Third, a power threshold near -2 dBm/ch separates two operating regimes: below threshold the link is Raman-limited and the SKR is essentially insensitive to the guardband, while above threshold four-wave mixing dominates and the SKR depends sharply on guardband size and band-edge proximity. These rules apply across the operating regimes typical of installed DWDM metropolitan fibre.
- Device-Independent Conference Key Agreement with Two Measurement BasesR Adhikary ; K Chen ; S Bera ; Y Liang[abstract]Abstract: Conference key agreement allows multiple parties to establish a shared secret key. Device-independent protocols are especially attractive because their security can be certified from observed correlations, without trusting the internal behavior of the devices. We propose a tripartite device-independent conference key agreement protocol using only two measurement bases on a shared GHZ state. Under suitable structural conditions, the maximal violation of a chosen Bell inequality self-tests the target GHZ strategy with Pauli measurements, ensuring ideal security. We also prove robust self-testing, showing that near-maximal violation guarantees nontrivial fidelity with the ideal strategy under realistic noise.
- Stronger Bounds in the Parallel Quantum Random Oracle ModelJ Blocki ; B Holman[abstract]Abstract: The random oracle model is a common setting for proving security of cryptographic primitives by replacing the underlying hash function with a uniformly random function. For some primitives, including memory-hard functions, proofs of sequential work, and proofs of space, security must be proved against highly parallel attackers, which motivates the parallel random oracle model. Existing quantum analogues of this model were introduced to study these primitives against quantum attackers, but they impose extra restrictions on the adversary’s parallel query sizes: one model fixes the same query size in every round, while another fixes the entire schedule of query sizes before the oracle is sampled. These restrictions have an unintended consequence, as there are problems for which a classical adaptive PROM algorithm uses asymptotically fewer queries than any quantum algorithm in the restricted PQROM models. We therefore introduce the adaptive PQROM, where the adversary may choose the next parallel query size after the previous oracle interaction, as the canonical quantum analogue of the classical PROM. We then extend compressed-oracle techniques to this setting and prove query bounds for natural problems including inversion, collision finding, k-sum, and proofs of sequential work.
- Device-Independent Quantum Key Distribution in the Minimal Bell ScenarioK Chen ; J Singh ; S Bera ; G Tabia ; Y Liang[abstract]Abstract: Device-independent quantum key distribution allows two distant parties to certify a secret key directly from the correlations observed in an experiment, without relying on a detailed model of the devices. In this work, we study this task in the minimal Bell scenario, where each party has only two measurement choices and two possible outcomes. We show that secure key generation can be certified in this simplest setting by using tailored Bell inequalities together with simple constraints on the observed probabilities. In particular, we identify a family of quantum correlations that enables perfect key generation in a spot-checking protocol. The security follows from a self-testing property: the observed data certify the relevant quantum state and measurements, and hence certify that the adversary has no information about the generated key. Our results show that maximal device-independent key generation is possible in the minimal Bell scenario, even for arbitrarily small Bell non-locality. This highlights the importance of using the full structure of the observed correlations, rather than only a single Bell-inequality value, for certifying device-independent quantum key distribution.
- Optical Quantum Random Number Generator Based on the Photodetection Process over a Multipixel DetectorD Amenta ; M Larotonda[abstract]Abstract: Various tasks related to classical and quantum cryptography, as well as information security, rely extensively on genuine random numbers and random bits that are irreproducible, unbiased, and unpredictable. Consequently, generating these numbers is considered a critical task; the numerical sequences from which they are extracted cannot be generated deterministically using algorithms, as they could eventually be replicated. The non-deterministic nature of quantum systems appears as a natural source of entropy for this application. In this regard, a Quantum Random Number Generator (QRNG) emerges as a native solution to the problem of unpredictable random number generation. Under this premise, the objective of this work is to develop a randomness source based on the quantum characteristics of the photodetection process, along with its corresponding extractor. We present the development progress of a portable and modular device capable of generating arbitrary streams of uniform random bits based on the quantum fluctuations of photons emitted by a light-emitting diode (LED) and detected by a CMOS camera. We designed and implemented an optoelectronic system featuring active intensity control via a feedback loop. Raw image data is processed to acquire intensity values, and image capture parameters have been optimized to achieve a homogeneous illumination profile. For randomness generation, a noise model of the photodetection process was established, and a Toeplitz-hashing extractor was implemented based on a measured bound of the min-entropy.
