scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Side-channel-free quantum key distribution.

30 Mar 2012-Physical Review Letters (Phys Rev Lett)-Vol. 108, Iss: 13, pp 130502
TL;DR: All real channels are replaced with virtual channels in a QKD protocol, making the relevant detectors and settings inside private spaces inaccessible while simultaneously acting as a Hilbert space filter to eliminate side-channel attacks.
Abstract: Quantum key distribution (QKD) offers the promise of absolutely secure communications. However, proofs of absolute security often assume perfect implementation from theory to experiment. Thus, existing systems may be prone to insidious side-channel attacks that rely on flaws in experimental implementation. Here we replace all real channels with virtual channels in a QKD protocol, making the relevant detectors and settings inside private spaces inaccessible while simultaneously acting as a Hilbert space filter to eliminate side-channel attacks. By using a quantum memory we find that we are able to bound the secret-key rate below by the entanglement-distillation rate computed over the distributed states.

Summary (1 min read)

Jump to:  and [Summary]

Summary

  • The publisher or other rights holders may allow further reproduction and re-use of the full text version.
  • This is indicated by the licence information on the White Rose Research Online record for the item.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

This is a repository copy of Side-Channel-Free Quantum Key Distribution.
White Rose Research Online URL for this paper:
https://eprints.whiterose.ac.uk/75301/
Version: Published Version
Article:
Braunstein, Sam orcid.org/0000-0003-4790-136X and Pirandola, Stefano orcid.org/0000-
0001-6165-5615 (2012) Side-Channel-Free Quantum Key Distribution. Physical Review
Letters. 130502. ISSN 1079-7114
https://doi.org/10.1103/PhysRevLett.108.130502
eprints@whiterose.ac.uk
https://eprints.whiterose.ac.uk/
Reuse
Items deposited in White Rose Research Online are protected by copyright, with all rights reserved unless
indicated otherwise. They may be downloaded and/or printed for private study, or other acts as permitted by
national copyright laws. The publisher or other rights holders may allow further reproduction and re-use of
the full text version. This is indicated by the licence information on the White Rose Research Online record
for the item.
Takedown
If you consider content in White Rose Research Online to be in breach of UK law, please notify us by
emailing eprints@whiterose.ac.uk including the URL of the record and the reason for the withdrawal request.

Supplementary Material for:
Side-channel free quantum key distribution
by Samuel L. Braunstein and Stefano Pirandola
IN DEFENSE OF PRIVATE SPACES
In quantum cryptography unconditional security
proofs are derived under the assumption that Alice’s and
Bob’s apparata (private spaces) are completely inacces-
sible by an eave sd rop per who, therefore, can only at-
tack the signal systems w hi ch are transmitted through
the quantum communication channel connecting the two
parties. Under this assumption, secret-key rates and se-
curity thresholds are derived in both discrete and contin-
uous variable quantum key distribution .
One potential loophole in the security proofs is related
to how a theoretical protocol is actually implemented ex-
perimentall y. Any redundant information encoded in ex-
tra degree of freedom or extra Hilbert space dimensions
outside the theoretical prescription can allow for so-called
side-channel attacks. By their nature, such attacks may
be of cl as si cal or q uantum degrees of freedom and are in-
sidious because even quantifying their threat appears to
involve understanding what have been called unknown
unknowns about the vulnerability of the experimental
set-up.
Progress has been made on eliminating side channel at-
tacks in the quantum communication channels betwee n
private spaces, but this leaves open potential attacks on
the private spaces through their quantum communica-
tion ports. Let us therefore take a step back and consider
private spaces in more details: What goes on in Alice’s
and Bob’s private spaces involves a significant amount of
classical information processing; at the very least the key
itself will be generated and stored as classical informa-
tion. Now with virtually any technology we have today
classical information is stored, proce ss ed and transmitted
in a highly redundant fashion ( many electrons are used
to charge a capacitor to represent a bit value, or many
electrons must pass through the base junction of a tran-
sistor to effect a l ogi cal switching operation, tapping on
a keyboard produces sound waves and elect r omagn et i c
signals in addition to the ‘legitimate’ electrical signals in
the wires, etc). In principle any of this redundant infor-
mation may leak out of the private space through a “par-
asite” channel. An eavesdropper might therefore ignore
the quantum communication channel and directly attack
Alice’s and Bob’s apparata by exploiting the pre se nc e of
parasite channels: this is also a “side-channel attack”.
The implicit assumption in quantum cryptography is
that we could always improve technology in such a way
that Alice’s and Bob’s private spaces are not affected by
the presence of parasite channels, so that the legitimate
participants do indeed have access to absolutely private
spaces. (For instance, Alice and Bob could simulate the
classical information processing on a quantum computer.
A hacked operating system on such a machine could be
tested for by randomly running su b rou t i ne s that confirm
that coherenc e is preserved and that no information is
copied out to where it can be stored or t ran sm it t e d by a
trojan program see also Ref. [1].)
However, even i f you rely on a perfect isolation tech-
nology, there rem ains a potent ial chink in this armor,
which is th e quantum communication port used either to
transmit a q u antum state out of your private space or to
accept a quantum state for detection into it.
If you open a communication port f or quantum states
to enter or leave you must expl i ci t l y deal with side chan-
nels which can be pr ob in g these links to your private
space. Eve can potentially send trojan systems through
Alice’s and Bob’s communic at i on ports and detect their
reflection to infer both state preparation and measure-
ment settings. As an example, in the standard BB84
protocol, Eve can irradiate Alice’s apparatus by using
optical modes at slightly different frequencies. Then,
from reflection, Eve can infer the polarization chosen in
each round of the protocol. Thanks to this information,
Eve can measure each signal system in t he correct basis.
Another example regards the so-called plug-and-play sys-
tems, where trojan systems can be reflected together with
signal systems, as discussed in Ref. [2].
Our paper shows how to overcome the problem of the
open quantum communication ports, therefore making
feasible the notion of ab sol u t el y private spaces. Note
that this problem is not addressed by current device-
independent q uantum cryptography, where such attacks
on the private space ports are simply considered illegiti-
mate as t he y violate the strong private space assumption.
The key point of our scheme is that detectors are n o
longer “in line” wi t h the quantum communication port
of the private space. For this reason, it is not possible
for an external party to probe the port and obtain detec-
tor settings or readouts from the pro c ess i ng of parasite
systems. In order to explain this key feature i n detail,
we analyze the problem of the quantum communication
ports by comparing standard protocols wit h our scheme.
In Fig. 1, we depict a general prepare-and-measur e pro-
tocol, where Alice’s variable X i s encoded in a quantum
state ρ(X) by modulation. Bob’s variable Y is the out-
put of a quantum measurement. Here, Eve can attack
the quantum communication ports by using two trojan
systems e and f. By me ans of e, Eve can retrieve in-
formation about the state preparation X ρ(X). By
means of f, she can retrieve information about the mea-

2
surement apparatus of Bob and, therefore, abou t Y .
Alice Bob
Eve
Private SpacePrivate Space
ρ
e f
s
(X)
(Y)
FIG. 1: Port attack in a prepare and measure protocol.
In Fi g. 2, we depict a general entanglement-based pro-
tocol, where an untrusted party (Eve) distributes entan-
glement between two parties. This is done by distributing
an entangled state ρ = ρ
AB
, where system A is sent to
Alice and system B is sent to Bob. Alice and Bob can
perform entanglement distillation and measure the out-
put distilled systems to derive two correlated classical
variables, X and Y , respectively. In this scenario, Eve
can decide not to attack the source ρ but directly the two
quantum communication ports of Alice and Bob. Eve can
probe these por t s by using two trojan systems e and f,
which can retrieve information about Alice’s and Bob’s
distilling and detecting apparata. As a resul t , Eve can
infer information about X and Y .
Alice
Bob
Eve
Private SpacePrivate Space
ρ
e
f
A
B
(X) (Y)
FIG. 2: Port attack in an entanglement -b a s ed p ro t ocol.
In Fig. 3, we depict our protocol where an untrusted
party (Eve) represents an entanglement swapper betwee n
Alice and Bob. This is generally don e by measuring two
public systems, A
and B
, received from Alice and Bob,
processing the outcome of the measurement, and clas-
sically communicating the processed data back to Alice
and Bob. As a result the two private systems, A and
B, become correlated, so that Alice and Bob can extract
two cor r el at ed classical variables, X and Y , by applying
suitable measurements. In part i cu l ar, if Alice and Bob
can access quantum memories, then they can extract a
secret key at a rate which is at least equal to the coh er -
ent information between A and B. Eve can atte mp t a
side-channel attack against the two ports by sending two
trojan systems e and f. In this case, however, the appa-
rata which detect the two private systems A and B are
inaccessible to Eve. By exploiting reflections from the
ports, Eve can only retrieve information regarding the
reduced states ρ
A
and ρ
B
of the two public systems A
and B
. However, these reduced states contain no useful
information about the private system A or B or Alice’s
or Bob s detector settings or outputs.
Alice Bob
ρ
ρ
A
A B’
B
T
Private SpacePrivate Space
E
L
Eve
(Y)
(X)
e f
FIG. 3: Port attack in our scheme.
To understand better how the full isolation of the pri-
vate systems might be achieved, we may consider the
procedure dep ic t ed in Fig. 4. It is explained for Alice’s
private space, but steps are identical f or Bob.
ρ
FIG. 4: Possible procedure for the full isol a ti o n of the private
systems.
In the first s te p (a), Alice’s port is closed and she pre-
pares an entangled state ρ = ρ
AA
where system A is
directed towards a quantum memory (QM), while sys-
tem A
is direc t ed towards a delay line (DL). In step (b),
once syst em A is stored in the memory and while system
A
is trapped in the delay line, a shutter is used to fully
separate the delay line from the rest of Alice’s appara-
tus. Note that a virtual channel between A and A
has
been created. In ste p (c), Alice’s quantum communica-
tion port is opened and system A
is transmitted to Eve.
During this stage, trojan systems may enter the port but

3
no detector is in lin e with the port. In step (d ) , the port
is closed with the private system A kept in the mem-
ory. The previous steps (a)-(d) are repeated many times,
so that Alice collects many private systems in her quan-
tum memory. We therefore reach step (e) of the figure.
Finally, once Alice has received all the classical commu-
nications, she applies a collective quantum measurement
on her quantum memory to retrieve the classical variable
X. This measurement can include or be anticipated by
an entanglement d is t il l at i on.
NOTATION AND BASIC FORMULAS
In part of the derivation we adopt the enlarged Hilbert
space (EHS) representation, where stochastic classical
variables are emb ed d ed in quantum systems. Consider a
stochastic variable X = {x, p(x)} which is encoded into
an en se mble of states of some quantum system A, i.e.,
E
A
= {p(x), ρ
A
(x)}. (1)
This ensemble may be equivalently represented by the
classical-quantum (CQ) state
ρ
XA
=
X
x
p(x) |xi hx|
X
ρ
A
(x), (2)
where the stochastic variable X is embedd ed into the
dummy quantum system X, by using an orthonormal
basis {|xi} in the Hilbert space H
X
of X. We denote
by ρ
A
(x) the state of a system A which is conditioned
by the value x of a stochastic variable X. The notation
ρ
A|X
refers to the conditional stat e ρ
A
(x) where x is not
specified. Clearly, we have
ρ
A
=
X
x
p(x)ρ
A
(x). (3)
Given a quantum sys t em A in a state ρ
A
, its von Neu-
mann entropy S(ρ
A
) is also denoted by H(A). Given a
quantum system X, embedding the stochastic variable
X, its quantum entropy H(X) is just the Shannon en-
tropy H(X). Give n two quantum systems, A and B, we
denote by I(A : B) their quantum mutual information.
This is defined by
I(A : B) = H(B) H(B|A), (4)
where
H(B|A) = H(AB) H(A), (5)
is the condi ti on al quantum entropy. Note that H(B|A)
can be negative and it is related to the coherent informa-
tion by the relation
I(AiB) = H(B|A). (6)
For A = X, the quantum mutual information I(A : X) ,
which is computed over the CQ-st at e of Eq. (2), corre-
sponds to the Holevo i nf orm at ion I(A : X), computed
over the ensemble of Eq. (1). For A = X and B = Y,
embedding two st ochastic variables X and Y , I(X : Y)
is just the classical mutual information I(X : Y ). For
three quantum systems A, B, and C, we can consider
the conditional quantum mutual information
I(A : B|C) = H(AC)+H(BC)H(ABC)H(C), (7)
which is 0 as a consequence of the strong subadditivity
of the von Neumann entropy. For a classically correlated
system C = X, we have a probabilisti c average over mu-
tual informations, i.e.,
I(A : B|X) = I(A : B|X)
X
x
p(x) I(A : B|X = x).
(8)
List of other useful elements:
Given a tripartite quantum system ABC, we can
use the “chain rule”
I(A : BC) = I(A : B) + I(A : C|B). (9)
Invariance of the Holevo informat i on under addi-
tion of classical channels, i.e., for a classical chan-
nel
p(y|x) : X Y, (10)
we have
I(A : X) = I(A : XY ). (11)
Given a Markov chain X Y Z, the class i-
cal mutual information decreases under condition-
ing [3], i.e.,
I(X : Y |Z) I(X : Y ). (12)
Notice that , for three general stoch ast i c variables,
we have I(X : Y |Z) R I(X : Y ), so that the so-
called “interaction information”
I(X : Y : Z) I(X : Y |Z) I(X : Y ), (13)
can be positive, negat i ve or zero.
Data processing inequality. For a Markov chain
X Y Z, we have
H(X) I(X : Y ) I(X : Z). (14)

4
Alice BobEve
A
E
B
Private SpacePrivate Space
L’ L’
E
~
X
FIG. 5: Purification. Conditional state Φ
ABE
˜
E|L
projected
onto Φ
BE
˜
E|XL
.
PROOF OF THE THEOREM
Let us purify the mixed state ρ
ABE|L
into the pure
state Φ
ABE
˜
E|L
= |Φi hΦ|
ABE
˜
E|L
by introducing an an-
cillary system
˜
E which is assumed to be in Eve’s hands
(so t h at Eve’s global system consists of E
˜
E). This sce-
nario is depicted in Fig. 5.
Thus, for the total state ρ
ABE|L
, we have
ρ
ABE
(l
) = Tr
˜
E
ABE
˜
E
(l
)] . (15)
For the conditional state ρ
BE|XL
, generated by the mea-
surement, we can write
ρ
BE
(x, l
) =
1
p(x|l
)
Tr
A
h
ˆ
A(x)ρ
ABE
(l
)
ˆ
A(x)
i
=
1
p(x|l
)
Tr
A
˜
E
h
ˆ
A(x
ABE
˜
E
(l
)
ˆ
A(x)
i
= Tr
˜
E
BE
˜
E
(x, l
)] , (16)
where
Φ
BE
˜
E
(x, l
)
1
p(x|l
)
Tr
A
h
ˆ
A(x
ABE
˜
E
(l
)
ˆ
A(x)
i
,
(17)
represents the conditional state Φ
BE
˜
E|XL
which is gener-
ated by the measurement in the purified scenario. Clearly
if we discard X, we get the reduced state
Φ
BE
˜
E|L
D
Φ
BE
˜
E|XL
E
X
= Tr
A
h
Φ
ABE
˜
E|L
i
. (18)
Because of Eq. (16), the con di t i onal state Φ
BE
˜
E|XL
can
be used to compute R
via
R
I(X : B|L
)
ρ
I(X : E|L
)
ρ
= I(X : B|L
)
Φ
I(X : E|L
)
Φ
, (19)
where ρ = ρ
BE|XL
and Φ = Φ
BE
˜
E|XL
(the computation
is exactly the same up to a trace over
˜
E). In the EHS
representation, the conditional state Φ
BE
˜
E|XL
becomes
Ψ
XL
BE
˜
E
=
X
x,l
p(x, l
) |xi hx|
X
|l
i hl
|
L
Φ
BE
˜
E
(x, l
).
(20)
Thus, we can also set
R
= I(X : B|L
)
Ψ
I(X : E|L
)
Ψ
, (21)
where Ψ = Ψ
XL
BE
˜
E
. From the chain rule we have
I(X : E
˜
E|L
)
Ψ
= I(X : E|L
)
Ψ
+ I(X :
˜
E|EL
)
Ψ
= I(X : E|L
)
Ψ
+ γ, (22)
where γ I(X :
˜
E|EL
)
Ψ
0 is the information con-
tribution due to the p ur i fic at ion [4]. In other words, the
(conditional) Holevo information can only inc r ease with
the purification, i.e.,
I(X : E
˜
E|L
) = I(X : E|L
) + γ I(X : E|L
). (23)
As a consequence, we have R
= R
′′
+ γ, where
R
′′
I(X : B|L
)
Φ
I(X : E
˜
E|L
)
Φ
. (24)
In t er ms of conditional entropies, we have
R
′′
= H(B|L
)
Φ
H(B|XL
)
Φ
[H(E
˜
E|L
)
Φ
H(E
˜
E|XL
)
Φ
]. (25)
Here H(E
˜
E|L
) is computed over Φ = Φ
BE
˜
E|XL
dis-
carding X and B, i.e ., over the reduced state
Φ
EE|L
= Tr
AB
h
Φ
ABE
˜
E|L
i
. (26)
Now since Φ
ABE
˜
E|L
is pure, we have H(E
˜
E|L
) =
H(AB|L
), where H(AB|L
) can be computed over
ρ
AB|L
= Tr
E
˜
E
ABE
˜
E|L
]. Clearly, also H(B|L
)
Φ
can
be computed over ρ
AB|L
. As a consequence we can rec-
ognize in Eq. (25) the conditional coherent informat i on
I(AiB|L
) = H(B|L
) H(AB|L
),
associated with Alice and Bob s condition al state ρ
AB|L
.
Thus, we can set
R
′′
= I(AiB|L
) + [H(E
˜
E|XL
)
Φ
H(B|XL
)
Φ
]. (27)
Here, we can assume that Alice’ s measurement is a rank
one POVM. As a result, Φ = Φ
BE
˜
E|XL
is also a pure
state, and we can set H(E
˜
E|XL
)
Φ
= H( B|XL
)
Φ
, so
that R
′′
= I(AiB|L
). Finally, we can write
R
= R
′′
+ γ +
= I(AiB|L
) + γ +
I(AiB|L
) + , (28)
where we have used γ 0 from its defini t ion .
[1] S. Barz et al., Science 335, 303 (2012).
[2] N. Gisin et al., Rev. Mod. Phys. 74, 145-195 (2002)
[3] T. M. Cover and J. A. Thomas, (John Wiley and Sons,
Hoboken, New Jersey, 2006) p. 35.
[4] Note that t h e EHS representation has been mainly intro-
duced to give the correct interpretation to Eq. (), where
a quantum system E conditions a classical variable X
thanks to the embedding in a quantum syste m X.
Citations
More filters
Journal ArticleDOI
TL;DR: This review focuses on continuous-variable quantum information processes that rely on any combination of Gaussian states, Gaussian operations, and Gaussian measurements, including quantum communication, quantum cryptography, quantum computation, quantum teleportation, and quantum state and channel discrimination.
Abstract: The science of quantum information has arisen over the last two decades centered on the manipulation of individual quanta of information, known as quantum bits or qubits. Quantum computers, quantum cryptography, and quantum teleportation are among the most celebrated ideas that have emerged from this new field. It was realized later on that using continuous-variable quantum information carriers, instead of qubits, constitutes an extremely powerful alternative approach to quantum information processing. This review focuses on continuous-variable quantum information processes that rely on any combination of Gaussian states, Gaussian operations, and Gaussian measurements. Interestingly, such a restriction to the Gaussian realm comes with various benefits, since on the theoretical side, simple analytical tools are available and, on the experimental side, optical components effecting Gaussian processes are readily available in the laboratory. Yet, Gaussian quantum information processing opens the way to a wide variety of tasks and applications, including quantum communication, quantum cryptography, quantum computation, quantum teleportation, and quantum state and channel discrimination. This review reports on the state of the art in this field, ranging from the basic theoretical tools and landmark experimental realizations to the most recent successful developments.

2,781 citations

Journal ArticleDOI
19 Oct 2018-Science
TL;DR: What it will take to achieve this so-called quantum internet is reviewed and different stages of development that each correspond to increasingly powerful applications are defined, including a full-blown quantum internet with functional quantum computers as nodes connected through quantum communication channels.
Abstract: The internet-a vast network that enables simultaneous long-range classical communication-has had a revolutionary impact on our world. The vision of a quantum internet is to fundamentally enhance internet technology by enabling quantum communication between any two points on Earth. Such a quantum internet may operate in parallel to the internet that we have today and connect quantum processors in order to achieve capabilities that are provably impossible by using only classical means. Here, we propose stages of development toward a full-blown quantum internet and highlight experimental and theoretical progress needed to attain them.

1,397 citations

01 May 2012
TL;DR: In this article, a review of the state of the art in continuous-variable quantum information processing can be found, ranging from the basic theoretical tools and landmark experimental realizations to the most recent successful developments.
Abstract: The science of quantum information has arisen over the last two decades centered on the manipulation of individual quanta of information, known as quantum bits or qubits. Quantum computers, quantum cryptography and quantum teleportation are among the most celebrated ideas that have emerged from this new field. It was realized later on that using continuous-variable quantum information carriers, instead of qubits, constitutes an extremely powerful alternative approach to quantum information processing. This review focuses on continuous-variable quantum information processes that rely on any combination of Gaussian states, Gaussian operations, and Gaussian measurements. Interestingly, such a restriction to the Gaussian realm comes with various benefits, since on the theoretical side, simple analytical tools are available and, on the experimental side, optical components effecting Gaussian processes are readily available in the laboratory. Yet, Gaussian quantum information processing opens the way to a wide variety of tasks and applications, including quantum communication, quantum cryptography, quantum computation, quantum teleportation, and quantum state and channel discrimination. This review reports on the state of the art in this field, ranging from the basic theoretical tools and landmark experimental realizations to the most recent successful developments.

1,374 citations

Journal ArticleDOI
TL;DR: The fundamental rate-loss tradeoff affecting any protocol of quantum key distribution is determined, which sets the limits of point-to-point quantum communications and provides precise and general benchmarks for quantum repeaters.
Abstract: Quantum communications promises reliable transmission of quantum information, efficient distribution of entanglement and generation of completely secure keys. For all these tasks, we need to determine the optimal point-to-point rates that are achievable by two remote parties at the ends of a quantum channel, without restrictions on their local operations and classical communication, which can be unlimited and two-way. These two-way assisted capacities represent the ultimate rates that are reachable without quantum repeaters. Here, by constructing an upper bound based on the relative entropy of entanglement and devising a dimension-independent technique dubbed ‘teleportation stretching’, we establish these capacities for many fundamental channels, namely bosonic lossy channels, quantum-limited amplifiers, dephasing and erasure channels in arbitrary dimension. In particular, we exactly determine the fundamental rate-loss tradeoff affecting any protocol of quantum key distribution. Our findings set the limits of point-to-point quantum communications and provide precise and general benchmarks for quantum repeaters.

1,116 citations


Cites methods from "Side-channel-free quantum key distr..."

  • ...Finally consider DV-MDI-QKD....

    [...]

  • ...Under these assumptions, we consider the ideal BB84 protocol with single photon sources [50], the BB84 with weak coherent pulses and decoy states [51, 52], and DV-MDI-QKD [53, 54]....

    [...]

Journal ArticleDOI
TL;DR: This review begins by reviewing protocols of quantum key distribution based on discrete variable systems, and considers aspects of device independence, satellite challenges, and high rate protocols based on continuous variable systems.
Abstract: Quantum cryptography is arguably the fastest growing area in quantum information science. Novel theoretical protocols are designed on a regular basis, security proofs are constantly improving, and experiments are gradually moving from proof-of-principle lab demonstrations to in-field implementations and technological prototypes. In this paper, we provide both a general introduction and a state-of-the-art description of the recent advances in the field, both theoretical and experimental. We start by reviewing protocols of quantum key distribution based on discrete variable systems. Next we consider aspects of device independence, satellite challenges, and protocols based on continuous-variable systems. We will then discuss the ultimate limits of point-to-point private communications and how quantum repeaters and networks may overcome these restrictions. Finally, we will discuss some aspects of quantum cryptography beyond standard quantum key distribution, including quantum random number generators and quantum digital signatures.

769 citations


Cites background or methods from "Side-channel-free quantum key distr..."

  • ...[176] not only provides a security proof for DV MDI-QKD schemes but also sets the basis for an extension to CV systems, later realized in Ref....

    [...]

  • ...implemented with weak coherent pulses and decoy states achieving the ideal rate of η/(2e); (DV-MDI) Ideal implementation of a passive MDI-QKD node [176, 177]....

    [...]

  • ...Here we review the main ideas of measurement device independent (MDI) QKD [176, 177]....

    [...]

  • ...[176], each honest user prepares a bipartite quantum state and sends one subsystem to the relay....

    [...]

  • ...As we know, MDI-QKD [176, 177] has been introduced to overcome a crucial vulnerability of QKD systems, i....

    [...]

Frequently Asked Questions (13)
Q1. What are the contributions in this paper?

This is indicated by the licence information on the White Rose Research Online record for the item. 

The implicit assumption in quantum cryptography is that the authors could always improve technology in such a way that Alice’s and Bob’s private spaces are not affected by the presence of parasite channels, so that the legitimate participants do indeed have access to absolutely privatespaces. 

In particular, if Alice and Bob can access quantum memories, then they can extract a secret key at a rate which is at least equal to the coherent information between A and B. 

Eve can potentially send trojan systems through Alice’s and Bob’s communication ports and detect their reflection to infer both state preparation and measurement settings. 

By their nature, such attacks may be of classical or quantum degrees of freedom and are insidious because even quantifying their threat appears to involve understanding what have been called unknown unknowns about the vulnerability of the experimental set-up. 

once Alice has received all the classical communications, she applies a collective quantum measurement on her quantum memory to retrieve the classical variable X. 

Eve can probe these ports by using two trojan systems e and f , which can retrieve information about Alice’s and Bob’s distilling and detecting apparata. 

Their paper shows how to overcome the problem of the open quantum communication ports, therefore making feasible the notion of absolutely private spaces. 

By exploiting reflections from the ports, Eve can only retrieve information regarding the reduced states ρA′ and ρB′ of the two public systems A ′ and B′. 

Let us purify the mixed state ρABE|L′ into the pure state ΦABEẼ|L′ = |Φ〉 〈Φ|ABEẼ|L′ by introducing an ancillary system Ẽ which is assumed to be in Eve’s hands (so that Eve’s global system consists of EẼ). 

(6)For A = X, the quantum mutual information I(A : X), which is computed over the CQ-state of Eq. (2), corresponds to the Holevo information I(A : X), computed over the ensemble of Eq. (1). 

(18)Because of Eq. (16), the conditional state ΦBEẼ|XL′ can be used to compute R′ viaR′ ≡ I(X : B|L′)ρ − I(X : E|L ′)ρ= I(X : B|L′)Φ − I(X : E|L ′)Φ, (19)where ρ = ρBE|XL′ and Φ = ΦBEẼ|XL′ (the computation is exactly the same up to a trace over Ẽ). 

(8) List of other useful elements:• Given a tripartite quantum system ABC, the authors can use the “chain rule”I(A : BC) = I(A : B) + I(A : C|B). (9)•