Publications

Quantum computing, one of the most exciting scientific journeys of our time, holds remarkable potential by promising to rapidly solve computational problems. However, the practical implementation of these algorithms poses an immense challenge, with a universal and error-tolerant quantum computer remaining an elusive goal. Currently, short-term quantum devices are emerging, but they face significant limitations, including high levels of noise and limited entanglement capacity. The practical effectiveness of these devices, particularly due to quantum noise, is a subject of debate. Motivated by this situation, this thesis explores the profound impact of noise on quantum learning algorithms in three key dimensions. Firstly, it focuses on the influence of noise on variational quantum algorithms, especially quantum kernel methods. Our results reveal significant disparities between unital and non-unital noise, challenging previous conclusions on these noisy algorithms. Next, it addresses learning quantum dynamics with noisy binary measurements of the Choi-Jamiolkowski state, using quantum statistical queries. The Goldreich-Levin algorithm can be implemented in this way, and we demonstrate the efficiency of learning in our model. Finally, the thesis contributes to quantum differential privacy, demonstrating how quantum noise can enhance statistical security. A new definition of neighboring quantum states captures the structure of quantum encodings, providing stricter privacy guarantees. In the local model, we establish an equivalence between quantum statistical queries and local quantum differential privacy, with applications to tasks like asymmetric hypothesis testing. The results are illustrated by the efficient learning of parity functions in this model, compared to a classically demanding task.

The ever-growing demands of modern telecommunication systems in terms of data rates as well as the impending threat of the increasing computing power of modern computers, make the secure transmission of data an essential requirement and thus a very active field of study. Quantum key distribution (QKD) allows for the exchange of cryptographic keys whose security level does not depend on the complexity of a mathematical algorithm but rather relies on exploiting the properties of quantum mechanics cite{scarani2009}. Depending on the protocol, the key bits will be encoded either on the superposition of modes of individual photons, such as polarization modes, as is the case for the discrete variable protocols (DV) or they will be encoded into the quadratures of a very low flux electromagnetic field as it happens in the continuous variable protocols (CV). While offering security levels unattainable by classical means, QKD protocols in their terrestrial implementation are severely limited in distance reaching only several hundred kilometers because of the exponential attenuation suffered by fiber-transmitted signals. Since the amplification methods of classical optical communications repeaters are not compatible with a signal that is quantum in nature, and because of the current lack of technological maturity regarding quantum repeaters, satellite relays present an interesting alternative for the establishment of secure intercontinental quantum links. A study by Dequal et al. upon which a part of the present study is based on, examines the possibility of performing a continuous variable key exchange between a satellite and a ground station by proposing a modeling of the propagation channel accounting for the effects of beam wandering, a fluctuating atmospheric transmission and a fixed loss due to single mode fiber coupling. It is as an in-depth continuation of this analysis that this simulation study was initially developed. Taking into account in particular the effects of propagation through the turbulent atmosphere on the spatial coherence of the optical signal, as well as expanding on the protocols taken into account. Adaptive optics (AO) are able to partially correct some of the aforementioned propagation effects. A typical AO system consists of a feedback loop containing elements capable of measuring and correcting wavefront aberrations in real time and we will focus our efforts in analyzing the effect of such a system in the performance of several protocols of quantum key distribution under different scenarios.

Properties of quantum mechanics have enabled the emergence of quantum cryptographic protocols achieving important goals which are proven to be impossible classically. Unfortunately, this usually comes at the cost of needing quantum power from every party in the protocol, while arguably a more realistic scenario would be a network of classical clients, classically interacting with a quantum server. In this paper, we focus on copy-protection, which is a quantum primitive that allows a program to be evaluated, but not copied, and has shown interest especially due to its links to other unclonable cryptographic primitives. Our main contribution is to show how to dequantize quantum copy-protection schemes constructed from hidden coset states, by giving a construction for classically-instructed remote state preparation for coset states, which preserves hardness properties of hidden coset states. We then apply this dequantizer to obtain semi-quantum cryptographic protocols for copy-protection and tokenized signatures with strong unforgeability. In the process, we present the first secure copy-protection scheme for point functions in the plain model and a new direct product hardness property of coset states which immediately implies a strongly unforgeable tokenized signature scheme.

Properties of quantum mechanics have enabled the emergence of quantum cryptographic protocols achieving important goals which are proven to be impossible classically. Unfortunately, this usually comes at the cost of needing quantum power from every party in the protocol, while arguably a more realistic scenario would be a network of classical clients, classically interacting with a quantum server. In this paper, we focus on copy-protection, which is a quantum primitive that allows a program to be evaluated, but not copied, and has shown interest especially due to its links to other unclonable cryptographic primitives. Our main contribution is to show how to dequantize quantum copy-protection schemes constructed from hidden coset states, by giving a construction for classically-instructed remote state preparation for coset states, which preserves hardness properties of hidden coset states. We then apply this dequantizer to obtain semi-quantum cryptographic protocols for copy-protection and tokenized signatures with strong unforgeability. In the process, we present the first secure copy-protection scheme for point functions in the plain model and a new direct product hardness property of coset states which immediately implies a strongly unforgeable tokenized signature scheme.

Quantum Key Distribution (QKD) is a prominent application in the field of quantum cryptography providing information-theoretic security for secret key exchange. The implementation of QKD systems on photonic integrated circuits (PICs) can reduce the size and cost of such systems and facilitate their deployment in practical infrastructures. To this end, continuous-variable (CV) QKD systems are particularly well-suited as they do not require single-photon detectors, whose integration is presently challenging. Here we present a CV-QKD receiver based on a silicon PIC capable of performing balanced detection. We characterize its performance in a laboratory QKD setup using a frequency multiplexed pilot scheme with specifically designed data processing allowing for high modulation and secret key rates. The obtained excess noise values are compatible with asymptotic secret key rates of 2.4 Mbit/s and 220 kbit/s at an emulated distance of 10 km and 23 km, respectively. These results demonstrate the potential of this technology towards fully integrated devices suitable for high-speed, metropolitan-distance secure communication.

Quantum transmission links are central elements in essentially all implementations of quantum information protocols. Emerging progress in quantum technologies involving such links needs to be accompanied by appropriate certification tools. In adversarial scenarios, a certification method can be vulnerable to attacks if too much trust is placed on the underlying system. Here, we propose a protocol in a device independent framework, which allows for the certification of practical quantum transmission links in scenarios where minimal assumptions are made about the functioning of the certification setup. In particular, we take unavoidable transmission losses into account by modeling the link as a completely-positive trace-decreasing map. We also, crucially, remove the assumption of independent and identically distributed samples, which is known to be incompatible with adversarial settings. Finally, in view of the use of the certified transmitted states for follow-up applications, our protocol moves beyond certification of the channel to allow us to estimate the quality of the transmitted state itself. To illustrate the practical relevance and the feasibility of our protocol with currently available technology we provide an experimental implementation based on a state-of-the-art polarization entangled photon pair source in a Sagnac configuration and analyze its robustness for realistic losses and errors.

We present a framework for the unification and standardization of quantum network protocols, making their realization easier and expanding their use cases to a broader range of communities interested in quantum technologies. Our framework is available as an open-source repository, the Quantum Protocol Zoo. We follow a modular approach by identifying two key components: Functionality, which connects real-world applications; and Protocol, which is a set of instructions between two or many parties, at least one of which has a quantum device. Based on the different stages of the quantum internet and use-case in the commercialization of quantum communication, our framework classifies quantum cryptographic functionalities and the various protocol designs implementing these functionalities. Towards this classification, we introduce a novel concept of resource visualization for quantum protocols, which includes two interfaces: one to identify the building blocks for implementing a given protocol and another to identify accessible protocols when certain physical resources or functionalities are available. Such classification provides a hierarchy of quantum protocols based on their use-case and resource allocation. We have identified various valuable tools to improve its representation with a range of techniques, from abstract cryptography to graphical visualizations of the resource hierarchy in quantum networks. We elucidate the structure of the zoo and its primary features in this article to a broader class of quantum information scientists, physicists, computer science theorists and end-users. Since its introduction in 2018, the quantum protocol zoo has been a cornerstone in serving the quantum networks community in its ability to establish the use cases of emerging quantum internet networks. In that spirit we also provide some of the applications of our framework from different perspectives.

We present a set of methods to generate less complex error channels by quantum circuit parallelisation. The resulting errors are simplified as a consequence of their symmetrisation and randomisation. Initially, the case of a single error channel is analysed; these results are then generalised to multiple error channels. Error simplification for each method is shown to be either constant, linear, or exponential in terms of system size. Finally, example applications are provided, along with experiments run on superconducting quantum hardware and numerical simulation. These applications are: (1) reducing the sample complexity of matrix-inversion measurement error mitigation by error symmetrisation, (2) improving the effectiveness of noise-estimation circuit error mitigation by error randomisation, and (3) improving the predictability of noisy circuit performance by error randomisation.

We present a scalable and modular error mitigation protocol for running $\mathsf{BQP}$ computations on a quantum computer with time-dependent noise. Utilising existing tools from quantum verification, our framework interleaves standard computation rounds alongside test rounds for error-detection and inherits a local-correctness guarantee which exponentially bounds (in the number of circuit runs) the probability that a returned classical output is correct. On top of the verification work, we introduce a post-selection technique we call basketing to address time-dependent noise behaviours and reduce overhead. The result is a first-of-its-kind error mitigation protocol which is exponentially effective and requires minimal noise assumptions, making it straightforwardly implementable on existing, NISQ devices and scalable to future, larger ones.

Universal blind quantum computing allows users with minimal quantum resources to delegate a quantum computation to a remote quantum server, while keeping intrinsically hidden input, algorithm, and outcome. State-of-art experimental demonstrations of such a protocol have only involved one client. However, an increasing number of multi-party algorithms, e.g. federated machine learning, require the collaboration of multiple clients to carry out a given joint computation. In this work, we propose and experimentally demonstrate a lightweight multi-client blind quantum computation protocol based on a novel linear quantum network configuration (Qline). Our protocol originality resides in three main strengths: scalability, since we eliminate the need for each client to have its own trusted source or measurement device, low-loss, by optimizing the orchestration of classical communication between each client and server through fast classical electronic control, and compatibility with distributed architectures while remaining intact even against correlated attacks of server nodes and malicious clients.

We show the security of multi-user key establishment on a single line of quantum communication. More precisely, we consider a quantum communication architecture where the qubit generation and measurement happen at the two ends of the line, whilst intermediate parties are limited to single-qubit unitary transforms. This network topology has been previously introduced to implement quantum-assisted secret-sharing protocols for classical data, as well as the key establishment, and secure computing. This architecture has numerous advantages. The intermediate nodes are only using simplified hardware, which makes them easier to implement. Moreover, key establishment between arbitrary pairs of parties in the network does not require key routing through intermediate nodes. This is in contrast with quantum key distribution (QKD) networks for which non-adjacent nodes need intermediate ones to route keys, thereby revealing these keys to intermediate parties and consuming previously established ones to secure the routing process. Our main result is to show the security of key establishment on quantum line networks. We show the security using the framework of abstract cryptography. This immediately makes the security composable, showing that the keys can be used for encryption or other tasks.

There has been a recent interest in proposing quantum protocols whose security relies on weaker computational assumptions than their classical counterparts. Importantly to our work, it has been recently shown that public-key encryption (PKE) from one-way functions (OWF) is possible if we consider quantum public keys. Notice that we do not expect classical PKE from OWF given the impossibility results of Impagliazzo and Rudich (STOC'89). However, the distribution of quantum public keys is a challenging task. Therefore, the main question that motivates our work is if quantum PKE from OWF is possible if we have classical public keys. Such protocols are impossible if ciphertexts are also classical, given the impossibility result of Austrin et al. (CRYPTO'22) of quantum enhanced key-agreement (KA) with classical communication. In this paper, we focus on black-box separation for PKE with classical public key and quantum ciphertext from OWF under the polynomial compatibility conjecture, first introduced in Austrin et al.. More precisely, we show the separation when the decryption algorithm of the PKE does not query the OWF. We prove our result by extending the techniques of Austrin et al. and we show an attack for KA in an extended classical communication model where the last message in the protocol can be a quantum state.

The quantum switch is a quantum process that creates a coherent control between different unitary operations, which is often described as a quantum process which transforms a pair of unitary operations ( U 1 , U 2 ) into a controlled unitary operation that coherently applies them in different orders as |0><0| \otimes U_1U_2 + |1><1| \otimes U_2U_1 . This description, however, does not directly define its action on non-unitary operations. The action of the quantum switch on non-unitary operations is then chosen to be a ``natural’’ extension of its action on unitary operations. In general, the action of a process on non-unitary operations is not uniquely determined by its action on unitary operations. It may be that there could be a set of inequivalent extensions of the quantum switch for non-unitary operations. We prove, however, that the natural extension is the only possibility for the quantum switch for the 2-slot case. In other words, contrary to the general case, the action of the quantum switch on non-unitary operations (as a linear and completely CP preserving supermap) is completely determined by its action on unitary operations. We also discuss the general problem of when the complete description of a quantum process is uniquely determined by its action on unitary operations and identify a set of single-slot processes which are completely defined by their action on unitary operations.

The quantum switch is a quantum process that creates a coherent control between different unitary operations, which is often described as a quantum process which transforms a pair of unitary operations ( U 1 , U 2 ) into a controlled unitary operation that coherently applies them in different orders as |0><0| \otimes U_1U_2 + |1><1| \otimes U_2U_1 . This description, however, does not directly define its action on non-unitary operations. The action of the quantum switch on non-unitary operations is then chosen to be a ``natural’’ extension of its action on unitary operations. In general, the action of a process on non-unitary operations is not uniquely determined by its action on unitary operations. It may be that there could be a set of inequivalent extensions of the quantum switch for non-unitary operations. We prove, however, that the natural extension is the only possibility for the quantum switch for the 2-slot case. In other words, contrary to the general case, the action of the quantum switch on non-unitary operations (as a linear and completely CP preserving supermap) is completely determined by its action on unitary operations. We also discuss the general problem of when the complete description of a quantum process is uniquely determined by its action on unitary operations and identify a set of single-slot processes which are completely defined by their action on unitary operations.

Contextuality is a feature of quantum correlations. It is crucial from a foundational perspective as a nonclassical phenomenon, and from an applied perspective as a resource for quantum advantage. It is commonly defined in terms of hidden variables, for which it forces a contradiction with the assumptions of parameter-independence and determinism. The former can be justified by the empirical property of non-signalling or non-disturbance, and the latter by the empirical property of measurement sharpness. However, in realistic experiments neither empirical property holds exactly, which leads to possible objections to contextuality as a form of nonclassicality, and potential vulnerabilities for supposed quantum advantages. We introduce measures to quantify both properties, and introduce quantified relaxations of the corresponding assumptions. We prove the continuity of a known measure of contextuality, the contextual fraction, which ensures its robustness to noise. We then bound the extent to which these relaxations can account for contextuality, via corrections terms to the contextual fraction (or to any noncontextuality inequality), culminating in a notion of genuine contextuality, which is robust to experimental imperfections. We then show that our result is general enough to apply or relate to a variety of established results and experimental setups.

We present and analyse an architecture for a European-scale quantum network using satellite links to connect Quantum Cities, which are metropolitan quantum networks with minimal hardware requirements for the end users. Using NetSquid, a quantum network simulation tool based on discrete events, we assess and benchmark the performance of such a network linking distant locations in Europe in terms of quantum key distribution rates, considering realistic parameters for currently available or near-term technology. Our results highlight the key parameters and the limits of current satellite quantum communication links and can be used to assist the design of future missions. We also discuss the possibility of using high-altitude balloons as an alternative to satellites.

We analyze the amount of classical communication required to reproduce the statistics of local projective measurements on a general pair of entangled qubits, |Ψ>=sqrt(p) |00>+sqrt(1−p) |11> (with 1/2≤p≤1). We construct a classical protocol that perfectly simulates local projective measurements on all entangled qubit pairs by communicating one classical trit. Additionally, when 2p(1−p)2p−1log(p1−p)+2(1−p)≤1, approximately 0.835≤p≤1, we present a classical protocol that requires only a single bit of communication. The latter model even allows a perfect classical simulation with an average communication cost that approaches zero in the limit where the degree of entanglement approaches zero (p→1). This proves that the communication cost for simulating weakly entangled qubit pairs is strictly smaller than for the maximally entangled one.

The goal of this thesis is to explore and qualify the use of N-body quantum dynamics to Tsolve hard industrial problems and machine learning tasks. As a collaboration between industrial and academic partners, this thesis explores the capabilities of a neutral atom device in tackling real-world problems. First, we look at combinatorial optimisation problems and showcase how neutral atoms can naturally encode a famous combinatorial optimisation problem called the Maximum Independent Set on Unit-Disk graphs. These problems appear in industrial challenges such as Smart-Charging of electric vehicles. The goal is to understand why and how we can expect a quantum approach to solve this problem more efficiently than classical method and our proposed algorithms are tested on real hardware using a dataset from EDF, the French Electrical company. We furthermore explore the use of 3D neutral atoms to tackle problems that are out of reach of classical approximation methods. Finally, we try to improve our intuition on the types of instances for which a quantum approach can(not) yield better results than classical methods. In the second part of this thesis, we explore the use of quantum dynamics in the field of machine learning. In addition of being a great chain of buzzwords, Quantum Machine Learning (QML) has been increasingly investigated in the past years. In this part, we propose and implement a quantum protocol for machine learning on datasets of graphs, and show promising results regarding the complexity of the associated feature space. Finally, we explore the expressivity of quantum machine learning models and showcase examples where classical methods can efficiently approximate quantum machine learning models.

We propose several algorithms for learning unitary operators from quantum statistical queries (QSQs) with respect to their Choi-Jamiolkowski state. Quantum statistical queries capture the capabilities of a learner with limited quantum resources, which receives as input only noisy estimates of expected values of measurements. Our methods hinge on a novel technique for estimating the Fourier mass of a unitary on a subset of Pauli strings with a single quantum statistical query, generalizing a previous result for uniform quantum examples. Exploiting this insight, we show that the quantum Goldreich-Levin algorithm can be implemented with quantum statistical queries, whereas the prior version of the algorithm involves oracle access to the unitary and its inverse. Moreover, we prove that Oplog nqjuntas and quantum Boolean functions with constant total influence are efficiently learnable in our model, and constant-depth circuits are learnable sample-efficiently with quantum statistical queries. On the other hand, all previous algorithms for these tasks require direct access to the Choi-Jamiolkowski state or oracle access to the unitary. In addition, our upper bounds imply that the actions of those classes of unitaries on locally scrambled ensembles can be efficiently learned. We also demonstrate that, despite these positive results, quantum statistical queries lead to an exponentially larger sample complexity for certain tasks, compared to separable measurements to the Choi-Jamiolkowski state. In particular, we show an exponential lower bound for learning a class of phase-oracle unitaries and a double exponential lower bound for testing the unitarity of channels, adapting to our setting previous arguments for quantum states. Finally, we propose a new definition of average-case surrogate models, showing a potential application of our results to hybrid quantum machine learning.

Quantum machine learning has become a promising area for real world applications of quantum computers, but near-term methods and their scalability are still important research topics. In this context, we analyze the trainability and controllability of specific Hamming weight preserving quantum circuits. These circuits use gates that preserve subspaces of the Hilbert space, spanned by basis states with fixed Hamming weight $k$. They are good candidates for mimicking neural networks, by both loading classical data and performing trainable layers. In this work, we first design and prove the feasibility of new heuristic data loaders, performing quantum amplitude encoding of $\binom{n}{k}$-dimensional vectors by training a n-qubit quantum circuit. Then, we analyze more generally the trainability of Hamming weight preserving circuits, and show that the variance of their gradients is bounded according to the size of the preserved subspace. This proves the conditions of existence of Barren Plateaus for these circuits, and highlights a setting where a recent conjecture on the link between controllability and trainability of variational quantum circuits does not apply.

Bell nonlocality refers to correlations between two distant, entangled particles that challenge classical notions of local causality. Beyond its foundational significance, nonlocality is crucial for device-independent technologies like quantum key distribution and randomness generation. Nonlocality quickly deteriorates in the presence of noise, and restoring nonlocal correlations requires additional resources. These often come in the form of many instances of the input state and joint measurements, incurring a significant resource overhead. Here, we experimentally demonstrate that single copies of Bell-local states, incapable of violating any standard Bell inequality, can give rise to nonlocality after being embedded into a quantum network of multiple parties. We subject the initial entangled state to a quantum channel that broadcasts part of the state to two independent receivers and certify the nonlocality in the resulting network by violating a tailored Bell-like inequality. We obtain these results without making any assumptions about the prepared states, the quantum channel, or the validity of quantum theory. Our findings have fundamental implications for nonlocality and enable the practical use of nonlocal correlations in real-world applications, even in scenarios dominated by noise.

MIP*=RE implies that C_{qa} (the closure of the set of tensor product correlations) and C_{qc} (the set of commuting correlations) can be separated by a hyperplane (i.e., a Bell-like inequality) and that there are correlations produced by commuting measurements (a finite number of them and with a finite number of outcomes) on an infinite-dimensional quantum system which cannot be approximated by sequences of finite-dimensional tensor product correlations. We point out that there are four logically possible universes after this result. Each possibility is interesting because it reveals either limitations in accepted physical theories or opportunities to test crucial aspects of nature. We list some open problems that may help us to design a road map to learn in which of these universes we are.

Memory is the fundamental form of temporal complexity: when present but uncontrollable, it manifests as non-Markovian noise; conversely, if controllable, memory can be a powerful resource for information processing. Memory effects arise from/are transmitted via interactions between a system and its environment; as such, they can be either classical or quantum in nature. From a practical standpoint, quantum processes with classical memory promise near-term applicability: they are more powerful than their memoryless counterpart, yet at the same time can be controlled over significant timeframes without being spoiled by decoherence. However, despite practical and foundational value, apart from simple two-time scenarios, the distinction between quantum and classical memory remains unexplored. We first analyse various physically-motivated candidates regarding a suitable definition for classical memory that lead to remarkably distinct phenomena in the multi-time setting. Subsequently, we systematically characterise the hierarchy of multi-time memory effects in quantum mechanics, many levels of which collapse in the two-time setting, thereby making our results genuinely multi-time phenomena.

Causal nonseparability is the property underlying quantum processes incompatible with a definite causal order. So far it has remained a central open question as to whether any process with a clear physical realisation can violate a causal inequality, so that its causal nonseparability can be certified in a device-independent way, as originally conceived. Here we present a method solely based on the observed correlations, which certifies the causal nonseparability of all the processes that can induce a causally nonseparable distributed measurement in a scenario with trusted quantum input states, as defined in [Dourdent et al., Phys. Rev. Lett. 129, 090402 (2022)]. This notably includes the celebrated quantum switch. This device-independent certification is achieved by introducing a network of untrusted operations, allowing one to self-test the quantum inputs on which the effective distributed measurement induced by the process is performed.

Masking constitutes a provably-secure approach against side-channel attacks. However, recombination effects(e.g., transitions) severely reduce the proven security. Concerning the software domain, CPU microarchitectures encompass techniques improving the execution performances. Several studies show that such techniques induce recombination effects. Furthermore, these techniques implicitly induce some form of parallelism, and the potential associated threat has never been investigated. In addition, the practical security of masking relies on the chosen masking scheme. Few works analysed the security of software protected by different masking schemes, and none considered the parallelism threat. Thus, literature lacks of a more comprehensive investigation on the practical security of software implementations relying on various masking schemes in presence of micro-architecture-induced recombination effects and parallelism. This work performs a first step to fill this gap. Specifically, we evaluate the practical security offered by first-order Boolean, arithmetic-sum and inner-product masking against transitions and parallelism in software. We firstly assess the presence of transition and parallel-based leakages in software. Secondly, we evaluate the security of the encodings of the selected masking schemes with respect to each leakage source via micro-benchmarks. Thirdly, we assess the practical security of different AES-128 software implementations, one for each selected masking scheme. We carry out the investigation on the STM32F215 and STM32F303 micro-controllers. We show that (1) CPU’s parallel features allow successful attacks against masked implementations resistant to transition-based leakages; (2) implementation choices (e.g., finite field multiplication) impact on the practical security of masked software implementations in presence of recombination effects.

Quantum Internetworking is a recent field that promises numerous interesting applications, many of which require the distribution of entanglement between arbitrary pairs of users. This work deals with the problem of scheduling in an arbitrary entanglement swapping quantum network - often called first generation quantum network - in its general topology, multicommodity, loss-aware formulation. We introduce a linear algebraic framework that exploits quantum memory through the creation of intermediate entangled links. The framework is then employed to mathematically derive a natural class of quadratic scheduling policies for quantum networks by applying Lyapunov Drift Minimization, a standard technique in classical network science. Moreover, an additional class of Max-Weight inspired policies is proposed and benchmarked, reducing significantly the computation cost, at the price of a slight performance degradation. The policies are compared in terms of information availability, localization and overall network performance through an ad-hoc simulator that admits user-provided network topologies and scheduling policies in order to showcase the potential application of the provided tools to quantum network design.

Differential privacy is a widely used notion of security that enables the processing of sensitive information. In short, differentially private algorithms map “neighbouring” inputs to close output distributions. Prior work proposed several quantum extensions of differential privacy, each of them built on substantially different notions of neighbouring quantum states. In this paper, we propose a novel and general definition of neighbouring quantum states. We demonstrate that this definition captures the underlying structure of quantum encodings and can be used to provide exponentially tighter privacy guarantees for quantum measurements. Our approach combines the addition of classical and quantum noise and is motivated by the noisy nature of near-term quantum devices. Moreover, we also investigate an alternative setting where we are provided with multiple copies of the input state. In this case, differential privacy can be ensured with little loss in accuracy combining concentration of measure and noise-adding mechanisms. En route, we prove the advanced joint convexity of the quantum hockey-stick divergence and we demonstrate how this result can be applied to quantum differential privacy. Finally, we complement our theoretical findings with an empirical estimation of the certified adversarial robustness ensured by differentially private measurements.

We report on the experimental demonstration of a source that generates spectrally multimode squeezed states of light over the infrared C-Band. This is achieved using a single-pass Spontaneous Parametric Down Conversion (SPDC) process in a periodically-poled KTP waveguide that is pumped with the second harmonic of a femtosecond laser. Our measurements show significant squeezing in more than 21 frequency modes, with a maximum squeezing value over 2.5 dB. Moreover, we demonstrate multiparty entanglement across 8 individual frequency bands by measuring the covariance matrix of their quadratures. Finally, we use reconfigurable mode-selective homodyne detection to mold the output into cluster states of various shapes. This result paves the way for the implementation of continuous variable quantum information protocols at telecommunication wavelengths, with applications in multiparty, entanglement-based quantum communication and computation.

We present the first hybrid matter-photon implementation of verifiable blind quantum computing. We use a trapped-ion quantum server and a client-side photonic detection system connected by a fibre-optic quantum network link. The availability of memory qubits and deterministic quantum logic enables interactive protocols without post-selection - a requirement for any scalable blind quantum cloud server which previous realisations could not provide. Our apparatus supports guaranteed privacy with <0.001 leaked bits per qubit and shows a clear path to fully verified quantum computing in the cloud.

The field of indefinite causal order (ICO) has seen a recent surge in interest. Much of this research has focused on the quantum SWITCH, wherein multiple parties act in a superposition of different orders in a manner transcending the quantum circuit model. This results in a new resource for quantum protocols, and is exciting for its relation to issues in foundational physics. The quantum SWITCH is also an example of a higher-order quantum operation, in that it not only transforms quantum states, but also other quantum operations. To date, no higher-order quantum operation has been completely experimentally characterized. Indeed, past work on the quantum SWITCH has confirmed its ICO by measuring causal witnesses or demonstrating resource advantages, but the complete process matrix has only been described theoretically. Here, we perform higher-order quantum process tomography. However, doing so requires exponentially many measurements with a scaling worse than standard process tomography. We overcome this challenge by creating a new passively-stable fiber-based quantum SWITCH using active optical elements to deterministically generate and manipulate time-bin encoded qubits. Moreover, our new architecture for the quantum SWITCH can be readily scaled to multiple parties. By reconstructing the process matrix, we estimate its fidelity and tailor different causal witnesses directly for our experiment. To achieve this, we measure a set of tomographically complete settings, that also spans the input operation space. Our tomography protocol allows for the characterization and debugging of higher-order quantum operations with and without an ICO, while our experimental time-bin techniques could enable the creation of a new realm of higher-order quantum operations with an ICO.

Many fundamental and key objects in quantum mechanics are linear mappings between particular affine/linear spaces. This structure includes basic quantum elements such as states, measurements, channels, instruments, non-signalling channels and channels with memory, and also higher-order operations such as superchannels, quantum combs, n-time processes, testers, and process matrices which may not respect a definite causal order. Deducing and characterising their structural properties in terms of linear and semidefinite constraints is not only of foundational relevance, but plays an important role in enabling the numerical optimization over sets of quantum objects and allowing simpler connections between different concepts and objects. Here, we provide a general framework to deduce these properties in a direct and easy to use way. Additionally, while primarily guided by practical quantum mechanical considerations, we extend our analysis to mappings between \textit{general} linear/affine spaces and derive their properties, opening the possibility for analysing sets which are not explicitly forbidden by quantum theory, but are still not much explored. Together, these results yield versatile and readily applicable tools for all tasks that require the characterization of linear transformations, in quantum mechanics and beyond. As an application of our methods, we discuss the emergence of indefinite causality in higher-order quantum transformation.

Secure multi-party computation (SMPC) protocols allow several parties that distrust each other to collectively compute a function on their inputs. In this paper, we introduce a protocol that lifts classical SMPC to quantum SMPC in a composably and statistically secure way, even for a single honest party. Unlike previous quantum SMPC protocols, our proposal only requires very limited quantum resources from all but one party; it suffices that the weak parties, i.e. the clients, are able to prepare single-qubit states in the X-Y plane. The novel quantum SMPC protocol is constructed in a naturally modular way, and relies on a new technique for quantum verification that is of independent interest. This verification technique requires the remote preparation of states only in a single plane of the Bloch sphere. In the course of proving the security of the new verification protocol, we also uncover a fundamental invariance that is inherent to measurement-based quantum computing.

The quantum SWITCH is an example of a process with an indefinite causal structure, and has attracted attention for its ability to outperform causally ordered computations within the quantum circuit model. To date, realisations of the quantum SWITCH have relied on optical interferometers susceptible to minute path length fluctuations, complicating their design, limiting their performance and posing an obstacle to extending the quantum SWITCH to multiple parties. In this Letter we overcome these limitations by demonstrating an intrinsically stable quantum SWITCH utilizing a common-path geometry facilitated by a novel reciprocal and universal $\mathrm{SU}(2)$ polarization gadget. We certify our design by successfully performing a channel discrimination task with near unity success probability.

It is an important question to find constructions of quantum cryptographic protocols which rely on weaker computational assumptions than classical protocols. Recently, it has been shown that oblivious transfer and multi-party computation can be constructed from one-way functions, whereas this is impossible in the classical setting in a black-box way. In this work, we study the question of building quantum public-key encryption schemes from one-way functions and even weaker assumptions. Firstly, we revisit the definition of IND-CPA security to this setting. Then, we propose three schemes for quantum public-key encryption from one-way functions, pseudorandom function-like states with proof of deletion and pseudorandom function-like states, respectively.

An InP-based photonic integrated circuit (PIC) transmitter for pulsed Gaussian-modulated coherent-state (GMCS) CV-QKD protocol is presented and characterized. Results show potential asymptotic secret key rates of 0.4 Mbps at 11 km, and up to 2.3 Mbps in back-to-back configuration.

We demonstrate the gain brought by adaptive optics for space-ground QKD links. Refined modeling of turbulence, adaptive optics and QKD, including finite-size effects, shows improvement by several orders of magnitude of the secret key rate.

We report on the characterization of a SiGe PIC-based receiver along with its usage in a Gaussian-modulated coherent state CV-QKD setup. Excess noise measurements lead to secret key rate estimations of 280 kbit/s at 6.9 km.

Quantum threshold theorems impose hard limits on the hardware capabilities to process quantum information. We derive tight and fundamental upper bounds to loss-tolerance thresholds in different linear-optical quantum information processing settings through an adversarial framework, taking into account the intrinsically probabilistic nature of linear optical Bell measurements. For logical Bell state measurements - ubiquitous operations in photonic quantum information - we demonstrate analytically that linear optics can achieve the fundamental loss threshold imposed by the no-cloning theorem even though, following the work of Lee et al., (Phys. Rev. A 100, 052303 (2019)), the constraint was widely assumed to be stricter. We spotlight the assumptions of the latter publication and find their bound holds for a logical Bell measurement built from adaptive physical linear-optical Bell measurements. We also give an explicit even stricter bound for non-adaptive Bell measurements.

Standard Bell inequalities hold when distant parties are not allowed to communicate. Barrett et al. found correlations from Pauli measurements on certain network graphs refute a local hidden variable (LHV) description even allowing some communication along the graph. This has recently found applications in proving separation between classical and quantum computing, in terms of shallow circuits, and distributed computing. The correlations presented by Barrett et al. can be understood as coming from an extension of three party GHZ state correlations which can be embedded on a graph state. In this work, we propose systematic extensions of any graph state, which we dub inflated graph states such that they exhibit correlations which refute any communication assisted LHV model. We further show the smallest possible such example, with a 7-qubit linear graph state, as well as specially crafted smaller examples with 5 and 4 qubits. The latter is the smallest possible violation using binary inputs and outputs.

The security of modern communication networks can be enhanced thanks to the laws of quantum mechanics. In this thesis, we develop a source of photon-pairs, emitted via spontaneous parametric down-conversion, which we use to demonstrate new quantum-cryptographic primitives. Pairs are used as heralded single-photons or as close-to-maximally entangled pairs. We also provide a novel design in order to adapt this source to multipartite entanglement generation. We provide the first experimental implementation of quantum weak coin flipping protocol. It allows two distant players to decide of a random winner. We demonstrate a refined and loss-tolerent version of a recently proposed theoretical protocol, using heralded single-photons mixed with vacuum to produce entanglement. It displays cheat-sensitivity, allowed by quantum interference and a fast optical switch. We also provide a new protocol for certifying the transmission of an unmeasured qubit through a lossy and untrusted channel. The security is based on new fundamental results of lossy quantum channels. We device-independently test the channel’s quality, using self-testing of Bell or steering inequalities thanks to photon-pairs entangled in polarization to probe the channel. We show it allows the certification of quantum communication for a large amount of losses induced by the channel.

Many applications of quantum computing in the near term rely on variational quantum circuits (VQCs). They have been showcased as a promising model for reaching a quantum advantage in machine learning with current noisy intermediate scale quantum computers (NISQ). It is often believed that the power of VQCs relies on their exponentially large feature space, and extensive works have explored the expressiveness and trainability of VQCs in that regard. In our work, we propose a classical sampling method that may closely approximate a VQC with Hamiltonian encoding, given only the description of its architecture. It uses the seminal proposal of Random Fourier Features (RFF) and the fact that VQCs can be seen as large Fourier series. We provide general theoretical bounds for classically approximating models built from exponentially large quantum feature space by sampling a few frequencies to build an equivalent low dimensional kernel, and we show experimentally that this approximation is efficient for several encoding strategies. Precisely, we show that the number of required samples grows favorably with the size of the quantum spectrum. This tool therefore questions the hope for quantum advantage from VQCs in many cases, but conversely helps to narrow the conditions for their potential success. We expect VQCs with various and complex encoding Hamiltonians, or with large input dimension, to become more robust to classical approximations.

Physical unclonable functions(PUFs) provide a unique fingerprint to a physical entity by exploiting the inherent physical randomness. Gao et al. discussed the vulnerability of most current-day PUFs to sophisticated machine learning-based attacks. We address this problem by integrating classical PUFs and existing quantum communication technology. Specifically, this paper proposes a generic design of provably secure PUFs, called hybrid locked PUFs(HLPUFs), providing a practical solution for securing classical PUFs. An HLPUF uses a classical PUF(CPUF), and encodes the output into non-orthogonal quantum states to hide the outcomes of the underlying CPUF from any adversary. Here we introduce a quantum lock to protect the HLPUFs from any general adversaries. The indistinguishability property of the non-orthogonal quantum states, together with the quantum lockdown technique prevents the adversary from accessing the outcome of the CPUFs. Moreover, we show that by exploiting non-classical properties of quantum states, the HLPUF allows the server to reuse the challenge-response pairs for further client authentication. This result provides an efficient solution for running PUF-based client authentication for an extended period while maintaining a small-sized challenge-response pairs database on the server side. Later, we support our theoretical contributions by instantiating the HLPUFs design using accessible real-world CPUFs. We use the optimal classical machine-learning attacks to forge both the CPUFs and HLPUFs, and we certify the security gap in our numerical simulation for construction which is ready for implementation.

With the recent availability of cloud quantum computing services, the question of verifying quantum computations delegated by a client to a quantum server is becoming of practical interest. While Verifiable Blind Quantum Computing (VBQC) has emerged as one of the key approaches to address this challenge, current protocols still need to be optimised before they are truly practical. To this end, we establish a fundamental correspondence between error-detection and verification and provide sufficient conditions to both achieve security in the Abstract Cryptography framework and optimise resource overheads of all known VBQC-based protocols. As a direct application, we demonstrate how to systematise the search for new efficient and robust verification protocols for $\mathsf{BQP}$ computations. While we have chosen Measurement-Based Quantum Computing (MBQC) as the working model for the presentation of our results, one could expand the domain of applicability of our framework via direct known translation between the circuit model and MBQC.

In the macroscopic world, time is intrinsically asymmetric, flowing in a specific direction, from past to future. However, the same is not necessarily true for quantum systems, as some quantum processes produce valid quantum evolutions under time reversal. Supposing that such processes can be probed in both time directions, we can also consider quantum processes probed in a coherent superposition of forwards and backwards time directions. This yields a broader class of quantum processes than the ones considered so far in the literature, including those with indefinite causal order. In this work, we demonstrate for the first time an operation belonging to this new class: the quantum time flip. Using a photonic realisation of this operation, we apply it to a game formulated as a discrimination task between two sets of operators. This game not only serves as a witness of an indefinite time direction, but also allows for a computational advantage over strategies using a fixed time direction, and even those with an indefinite causal order.

As in modern communication networks, the security of quantum networks will rely on complex cryptographic tasks that are based on a handful of fundamental primitives. Weak coin flipping (WCF) is a significant such primitive which allows two mistrustful parties to agree on a random bit while they favor opposite outcomes. Remarkably, perfect information-theoretic security can be achieved in principle for quantum WCF. Here, we overcome conceptual and practical issues that have prevented the experimental demonstration of this primitive to date, and demonstrate how quantum resources can provide cheat sensitivity, whereby each party can detect a cheating opponent, and an honest party is never sanctioned. Such a property is not known to be classically achievable with information-theoretic security. Our experiment implements a refined, loss-tolerant version of a recently proposed theoretical protocol and exploits heralded single photons generated by spontaneous parametric down conversion, a carefully optimized linear optical interferometer including beam splitters with variable reflectivities and a fast optical switch for the verification step. High values of our protocol benchmarks are maintained for attenuation corresponding to several kilometers of telecom optical fiber.

Differential privacy provides a theoretical framework for processing a dataset about n users, in a way that the output reveals a minimal information about any single user. Such notion of privacy is usually ensured by noise-adding mechanisms and amplified by several processes, including subsampling, shuffling, iteration, mixing and diffusion. In this work, we provide privacy amplification bounds for quantum and quantum-inspired algorithms. In particular, we show for the first time, that algorithms running on quantum encoding of a classical dataset or the outcomes of quantum-inspired classical sampling, amplify differential privacy. Moreover, we prove that a quantum version of differential privacy is amplified by the composition of quantum channels, provided that they satisfy some mixing conditions.

We present the architecture and analyze the applications of a metropolitan-scale quantum network that requires only limited hardware resources for end users. Using NetSquid, a quantum network simulation tool based on discrete events, we assess the performance of several quantum network protocols involving two or more users in various configurations in terms of topology, hardware and trust choices. Our analysis takes losses and errors into account and considers realistic parameters corresponding to present or near-term technology. Our results show that practical quantum-enhanced network functionalities are within reach today and can prepare the ground for further applications when more advanced technology becomes available.

We introduce a secure hardware device named a QEnclave that can secure the remote execution of quantum operations while only using classical controls. This device extends to quantum computing from the classical concept of a secure enclave that isolates a computation from its environment to provide privacy and tamper-resistance. Remarkably, our QEnclave only performs single qubit rotations but can nevertheless be used to secure an arbitrary quantum computation even if the qubit source is controlled by an adversary. More precisely, by attaching a QEnclave to a quantum computer, a remote client controlling the QEnclave can securely delegate its computation to the server solely using classical communication. We investigate the security of our QEnclave by modeling it as an ideal functionality named remote state rotation (RSR). We show that this resource, similar to the previously introduced functionality of remote state preparation, allows blind delegated quantum computing with perfect security. Our proof under the Abstract Cryptography framework shows the construction of remote state preparation from remote state rotation while preserving security. An immediate consequence is the weakening of the requirements for blind delegated computation. While previous delegated protocols relied on a client that can either generate or measure quantum states, we show that this same functionality can be achieved with a client that only transforms quantum states without generating or measuring them.

The subset cover problem for $k \geq 1$ hash functions, which can be seen as an extension of the collision problem, was introduced in 2002 by Reyzin and Reyzin to analyse the security of their hash-function based signature scheme HORS. The security of many hash-based signature schemes relies on this problem or a variant of this problem (e.g. HORS, SPHINCS, SPHINCS+, \dots). Recently, Yuan, Tibouchi and Abe (2022) introduced a variant to the subset cover problem, called restricted subset cover, and proposed a quantum algorithm for this problem. In this work, we prove that any quantum algorithm needs to make $\Omega\left(k^{-\frac{2^{k-1}}{2^k-1}}\cdot N^{\frac{2^{k-1}-1}{2^k-1}}\right)$ queries to the underlying hash functions to solve the restricted subset cover problem, which essentially matches the query complexity of the algorithm proposed by Yuan, Tibouchi and Abe. We also analyze the security of the general $(r,k)$-subset cover problem, which is the underlying problem that implies the unforgeability of HORS under a $r$-chosen message attack (for $r \geq 1$). We prove that a generic quantum algorithm needs to make $\Omega\left(N^{k/5}\right)$ queries to the underlying hash functions to find a $(1,k)$-subset cover. We also propose a quantum algorithm that finds a $(r,k)$-subset cover making $O\left(N^{k/(2+2r)}\right)$ queries to the $k$ hash functions.

This thesis is written in the context of quantum Internet development. We try here to contribute to the community by discussing some security concerns and by providing detailed models and simulation studies of quantum internet architectures and protocols. We explore different aspects of quantum networks on the path to the Quantum Internet. After introducing basic quantum information notions, we define the Quantum Internet and highlight the main goals and challenges. Then, we list a few bipartite and multipartite applications. After that, we study the composable security of a multipartite entanglement verification protocol, that is used as a building block by many other protocols. In the following chapter, we perform simulations of different quantum repeater protocols allowing connection between two distant nodes. These repeaters use a defect in the crystalline structure of the diamond, that we model. Finally, the last two chapters are dedicated to building and simulating an international quantum network architecture that minimizes the necessary hardware for the end users. We first study a metropolitan network, called the Quantum City, that we simulate in a Parisian context. We highlight the main parameters and today’s performances. Then, we study the feasibility of connecting different quantum cities separated by hundred of kilometers using satellites.

The traditional definition of quantum zero-knowledge stipulates that the knowledge gained by any quantum polynomial-time verifier in an interactive protocol can be simulated by a quantum polynomial-time algorithm. One drawback of this definition is that it allows the simulator to consume significantly more computational resources than the verifier. We argue that this drawback renders the existing notion of quantum zero-knowledge not viable for certain settings, especially when dealing with near-term quantum devices. In this work, we initiate a fine-grained notion of post-quantum zero-knowledge that is more compatible with near-term quantum devices. We introduce the notion of $(s,f)$ space-bounded quantum zero-knowledge. In this new notion, we require that an $s$-qubit malicious verifier can be simulated by a quantum polynomial-time algorithm that uses at most $f(s)$-qubits, for some function $f(\cdot)$, and no restriction on the amount of the classical memory consumed by either the verifier or the simulator. We explore this notion and establish both positive and negative results: - For verifiers with logarithmic quantum space $s$ and (arbitrary) polynomial classical space, we show that $(s,f)$-space-bounded QZK, for $f(s)=2s$, can be achieved based on the existence of post-quantum one-way functions. Moreover, our protocol runs in constant rounds. - For verifiers with super-logarithmic quantum space $s$, assuming the existence of post-quantum secure one-way functions, we show that $(s,f)$-space-bounded QZK protocols, with fully black-box simulation (classical analogue of black-box simulation) can only be achieved for languages in BQP.

It is well known that the effect of quantum nonlocality, as witnessed by violation of a Bell inequality, can be observed even when relaxing the assumption of measurement independence, i.e. allowing for the source to be partially correlated with the choices of measurement settings. But what is the minimal amount of measurement independence needed for observing quantum nonlocality? Here we explore this question and consider models with strong measurement-dependent locality, where measurement choices can be perfectly determined in almost all rounds of the Bell test. Yet, we show that quantum nonlocality can still be observed in this scenario, which we conjecture is minimal within the framework we use. We also discuss potential applications in randomness amplification.

Future quantum internet aims to enable quantum communication between arbitrary pairs of distant nodes through the sharing of end-to-end entanglement, a universal resource for many quantum applications. As in classical networks, quantum networks also have to resolve problems related to routing and satisfaction of service at a sufficient rate. We deal here with the problem of scheduling when multiple commodities must be served through a quantum network based on first generation quantum repeaters, or quantum switches. To this end, we introduce a novel discrete-time algebraic model for arbitrary network topology, including transmission and memory losses, and adapted to dynamic scheduling decisions. Our algebraic model allows the scheduler to use the storage of temporary intermediate links to optimize the performance, depending on the information availability, ranging from full global information for a centralized scheduler to partial local information for a distributed one. As an illustrative example, we compare a simple greedy scheduling policy with several Max-Weight inspired scheduling policies and illustrate the resulting achievable rate regions for two competing pairs of clients through a network.

While the standard formulation of quantum theory assumes a fixed background causal structure, one can relax this assumption within the so-called process matrix framework. Remarkably, some processes, termed causally nonseparable, are incompatible with a definite causal order. We explore a form of certification of causal nonseparability in a semi-device-independent scenario where the involved parties receive trusted quantum inputs, but whose operations are otherwise uncharacterised. Defining the notion of causally nonseparable distributed measurements, we show that certain causally nonseparable processes which cannot violate any causal inequality, such as the canonical example of the quantum switch, can generate noncausal correlations in such a scenario. Moreover, by further imposing some natural structure to the untrusted operations, we show that all bipartite causally nonseparable process matrices can be certified with trusted quantum inputs.

The problem of private learning has been extensively studied in classical computer science. Notably, a striking equivalence between local differentially private learning and statistical query learning has been shown. In addition, the statistical query model has been recently extended to quantum computation. In this work, we give a formal definition of quantum local differential privacy and we extend the aforementioned result to quantum computation.

Networks of quantum sensors are a central application of burgeoning quantum networks. A key question for the use of such networks will be their security, particularly against malicious participants of the network. We introduce a protocol to securely evaluate linear functions of parameters over a network of quantum sensors, ensuring that all parties only have access to the function value, and no access to the individual parameters. This has application to secure networks of clocks and opens the door to more general applications of secure multiparty computing to networks of quantum sensors.

Future quantum internet aims to enable quantum communication between arbitrary pairs of distant nodes through the sharing of end-to-end entanglement, a universal resource for many quantum applications. As in classical networks, quantum networks also have to resolve problems related to routing and satisfaction of service at a sufficient rate. We deal here with the problem of scheduling when multiple commodities must be served through a quantum network based on first generation quantum repeaters, or quantum switches. To this end, we introduce a novel discrete-time algebraic model for arbitrary network topology, including transmission and memory losses, and adapted to dynamic scheduling decisions. Our algebraic model allows the scheduler to use the storage of temporary intermediate links to optimize the performance, depending on the information availability, ranging from full global information for a centralized scheduler to partial local information for a distributed one. As an illustrative example, we compare a simple greedy scheduling policy with several Max-Weight inspired scheduling policies and illustrate the resulting achievable rate regions for two competing pairs of clients through a network.

This paper, for the first time, addresses the questions related to the connections between quantum pseudorandomness and quantum hardware assumptions, specifically quantum physical unclonable functions (qPUFs). Our results show that efficient pseudorandom quantum states (PRS) are sufficient to construct the challenge set for universally unforgeable qPUFs, improving the previous existing constructions based on the Haar-random states. We also show that both the qPUFs and the quantum pseudorandom unitaries (PRUs) can be constructed from each other, providing new ways to obtain PRS from the hardware assumptions. Moreover, we provide a sufficient condition (in terms of the diamond norm) that a set of unitaries should have to be a PRU in order to construct a universally unforgeable qPUF, giving yet another novel insight into the properties of the PRUs. Later, as an application of our results, we show that the efficiency of an existing qPUF-based client–server identification protocol can be improved without losing the security requirements of the protocol.

We introduce a family of ZX-calculi which axiomatise the stabiliser fragment of quantum theory in odd prime dimensions. These calculi recover many of the nice features of the qubit ZX-calculus which were lost in previous proposals for higher-dimensional systems. We then prove that these calculi are complete, i.e. provide a set of rewrite rules which can be used to prove any equality of stabiliser quantum operations. Adding a discard construction, we obtain a calculus complete for mixed state stabiliser quantum mechanics in odd prime dimensions, and this furthermore gives a complete axiomatisation for the related diagrammatic language for affine co-isotropic relations.

Quantum theory allows for nonlocality without entanglement. Notably, there exist bipartite quantum measurements consisting of only product eigenstates, yet they cannot be implemented via local quantum operations and classical communication. In the present work, we show that a measurement exhibiting nonlocality without entanglement can be certified in a device-independent manner. Specifically, we consider a simple quantum network and construct a self-testing procedure. This result also demonstrates that genuine network quantum nonlocality can be obtained using only non-entangled measurements. From a more general perspective, our work establishes a connection between the effect of nonlocality without entanglement and the area of Bell nonlocality.

Quantum computers promise surprising powers of computation by exploiting the stunning physical properties of infinitesimally small particles. I focused on designing and proving the security of protocols that allow a purely classical client to use the computational resources of a quantum server, so that the performed computation is never revealed to the server. To this end, I develop a modular tool to generate on a remote server a quantum state that only the client is able to describe, and I show how multi-qubits quantum states can be generated more efficiently. I also prove that there is no such protocol that is secure in a generally composable model of security, including when our module is used in the UBQC protocol. In addition to delegated computation, this tool also proves to be useful for performing a task that might seem impossible to achieve at first sight: proving advanced properties on a quantum state in a non-interactive and non-destructive way, including when this state is generated collaboratively by several participants. This can be seen as a quantum analogue of the classical Non-Interactive Zero-Knowledge proofs. This property is particularly useful to filter the participants of a protocol without revealing their identity, and may have applications in other domains, for example to transmit a quantum state over a network while hiding the source and destination of the message. Finally, I discuss my ongoing independent work on One-Time Programs, mixing quantum cryptography, error correcting codes and information theory.

The thesis is divided into two parts: The first part is in the field of Quantum Cryptography. In this part we develop a theoretical study of a Quantum Key Distribution (QKD) protocol in the scenario of a satellite-ground station link. We consider the addition of quantum channel fluctuations and the possibility of success of the protocol in the framework of continuous variables in an implementation with state-of-the-art technologies. We show the feasibility of CVQKD in the satellite context. In the second part, we build, from scratch, a source of continuous-variable graph-like quantum states of light using nonlinear waveguides. These states are essential for the implementation of communication and quantum computing protocol as they can be seen to be quantum networks. We perform a theoretical study for multimode quantum states of light after the interaction in a non-linear waveguide that help us to design the experiment. Finally we present the experimental results that demonstrate the first results on the quantum source of continuous variable multimode quantum states of light, measuring up to 11 squeezed thermal light states.

Quantum key distribution offers the possibility of cryptography whose security is demonstrated by the laws of quantum physics. The first commercial systems of this technology are now available. This thesis focuses on continuous variable protocols, whose practical implementation is close to modern digital transmission techniques over optical fibers. By exploiting these techniques, we realize an experimental system for high speed continuous variable quantum key distribution.

Quantum key distribution offers the possibility of cryptography whose security is demonstrated by the laws of quantum physics. The first commercial systems of this technology are now available. This thesis focuses on continuous variable protocols, whose practical implementation is close to modern digital transmission techniques over optical fibers. By exploiting these techniques, we realize an experimental system for high speed continuous variable quantum key distribution.

Quantum Information Networks (QIN) currently represent a major goal in the field quantum communication technologies. Such QINs will allow connecting quantum devices (computers, sensors, communication stations, etc) over long distances, thus improving significantly their intrinsic processing, sensing, and security capabilities. The core mechanism of a QIN is quantum state teleportation, demonstrated more than two decades ago, that consumes quantum entanglement which can be seen in this context as a new kind of network resource. This paper is the result of the collaboration under the auspices of the French Space agency (CNES) of academic research and a Space telecom industry actor that has defined and now executes a long term roadmap towards operational QINs. Here, we address the key elements of this roadmap and describe the stage we have reached in its execution. First, we identify and quantitatively describe use cases per activity sector as a reference for the requirements on the QINs, including key performance targets. Second, we define a high-level architecture of a generic QIN so as to introduce structuring elements such as resource, layers, governance, etc. We then focus on the architecture on the Space part to identify its main design drivers and critical elements. A survey of the state-of-the-art of these critical elements, as well as issues related to standardisation is then presented. Based on these elements, we explain our 3-stage roadmap. Finally, we detail the already concluded first step of this roadmap, that is the design of a Space-to-ground entanglement distribution demonstrator, which relies on detailed simulations so as to allocate efficiently the performance requirements on each subsystems. We invite relevant entities to join our roadmap to progress together towards the ambitious goal of operational QINs in the next decade.

Measurement-based quantum computation (MBQC) is an alternative model for quantum computation, which makes careful use of the properties of the measurement of entangled quantum systems to perform transformations on an input. It differs fundamentally from the standard quantum circuit model in that measurement-based computations are naturally irreversible. This is an unavoidable consequence of the quantum description of measurements, but begets an obvious question: when does an MBQC implement an effectively reversible computation? The measurement calculus is a framework for reasoning about MBQC with the remarkable feature that every computation can be related in a canonical way to a graph. This allows one to use graph-theoretical tools to reason about MBQC problems, such as the reversibility question, and the resulting study of MBQC has had a large range of applications. However, the vast majority of the work on MBQC has focused on architectures using the simplest possible quantum system: the qubit. It remains an open question how much of this work can be lifted to other quantum systems. In this thesis, we begin to tackle this question, by introducing analogues of the measurement calculus for higher- and infinite-dimensional quantum systems. More specifically, we consider the case of qudits when the local dimension is an odd prime, and of continuous-variable systems familiar from the quantum physics of free particles. In each case, a calculus is introduced and given a suitable interpretation in terms of quantum operations. We then relate the resulting models to the standard circuit models, using graph-theoretical tools called “flow” conditions.

Authentication of quantum sources is a crucial task in building reliable and efficient protocols for quantum-information processing. Steady progress vis-à-vis verification of quantum devices in the scenario with fully characterized measurement devices has been observed in recent years. When it comes to the scenario with uncharacterized measurements, the so-called black-box scenario, practical verification methods are still rather scarce. Development of self-testing methods is an important step forward, but these results so far have been used for reliable verification only by considering the asymptotic behavior of large, identically and independently distributed (IID) samples of a quantum resource. Such strong assumptions deprive the verification procedure of its truly device-independent character. In this paper, we develop a systematic approach to device-independent verification of quantum states free of IID assumptions in the finite copy regime. Remarkably, we show that device-independent verification can be performed with optimal sample efficiency. Finally, for the case of independent copies, we develop a device-independent protocol for quantum state certification: a protocol in which a fragment of the resource copies is measured to warrant the rest of the copies to be close to some target state.

Abstract Integrated photonics will play a key role in quantum systems as they grow from few-qubit prototypes to tens of thousands of qubits. The underlying optical quantum technologies can only be realized through the integration of these components onto quantum photonic integrated circuits (QPICs) with accompanying electronics. In the last decade, remarkable advances in quantum photonic integration have enabled table-top experiments to be scaled down to prototype chips with improvements in efficiency, robustness, and key performance metrics. These advances have enabled integrated quantum photonic technologies combining up to 650 optical and electrical components onto a single chip that are capable of programmable quantum information processing, chip-to-chip networking, hybrid quantum system integration, and high-speed communications. In this roadmap article, we highlight the status, current and future challenges, and emerging technologies in several key research areas in integrated quantum photonics, including photonic platforms, quantum and classical light sources, quantum frequency conversion, integrated detectors, and applications in computing, communications, and sensing. With advances in materials, photonic design architectures, fabrication and integration processes, packaging, and testing and benchmarking, in the next decade we can expect a transition from single- and few-function prototypes to large-scale integration of multi-functional and reconfigurable devices that will have a transformative impact on quantum information science and engineering.

Quantum computers will provide considerable speedups with respect to their classical counterparts. However, the identification of the innately quantum features that enable these speedups is challenging. In the continuous-variable setting - a promising paradigm for the realisation of universal, scalable, and fault-tolerant quantum computing - contextuality and Wigner negativity have been perceived as two such distinct resources. Here we show that they are in fact equivalent for the standard models of continuous-variable quantum computing. While our results provide a unifying picture of continuous-variable resources for quantum speedup, they also pave the way towards practical demonstrations of continuous-variable contextuality, and shed light on the significance of negative probabilities in phase-space descriptions of quantum mechanics.

A quantum metrology scheme can be decomposed into three quantum tasks: state preparation, parameter encoding and measurements. Consequently, it is imperative to have access to the technologies which can execute the aforementioned tasks to fully implement a quantum metrology scheme. In the absence of one or more of these technologies, one can proceed by delegating the tasks to a third party. However, doing so has security ramifications: the third party can bias the result or leak information. In this article, we outline different scenarios where one or more tasks are delegated to an untrusted (and possibly malicious) third party. In each scenario, we outline cryptographic protocols which can be used to circumvent malicious activity. Further, we link the effectiveness of the quantum metrology scheme to the soundness of the cryptographic protocols.

Information-theoretic lower bounds are often encountered in several branches of computer science, including learning theory and cryptography. In the quantum setting, Holevo’s and Nayak’s bounds give an estimate of the amount of classical information that can be stored in a quantum state. Previous works have shown how to combine information-theoretic tools with a counting argument to lower bound the sample complexity of distribution-free quantum probably approximately correct (PAC) learning. In our work, we establish the notion of Probably Approximately Correct Source Coding and we show two novel applications in quantum learning theory and delegated quantum computation with a purely classical client. In particular, we provide a lower bound of the sample complexity of a quantum learner for arbitrary functions under the Zipf distribution, and we improve the security guarantees of a classically-driven delegation protocol for measurement-based quantum computation (MBQC).

Quantum metrology is an auspicious discipline of quantum information which is currently witnessing a surge of experimental breakthroughs and theoretical developments. The main goal of quantum metrology is to estimate unknown parameters as accurately as possible. By using quantum resources as probes, it is possible to attain a measurement precision that would be otherwise impossible using the best classical strategies. For example, with respect to the task of phase estimation, the maximum precision (the Heisenberg limit) is a quadratic gain in precision with respect to the best classical strategies. Of course, quantum metrology is not the sole quantum technology currently undergoing advances. The theme of this thesis is exploring how quantum metrology can be enhanced with other quantum techniques when appropriate, namely: graph states, error correction and cryptography. Graph states are an incredibly useful and versatile resource in quantum information. We aid in determining the full extent of the applicability of graph states by quantifying their practicality for the quantum metrology task of phase estimation. In particular, the utility of a graph state can be characterised in terms of the shape of the corresponding graph. From this, we devise a method to transform any graph state into a larger graph state (named a bundled graph state) which approximately saturates the Heisenberg limit. Additionally, we show that graph states are a robust resource against the effects of noise, namely dephasing and a small number of erasures, and that the quantum Cramér-Rao bound can be saturated with a simple measurement strategy. Noise is one of the biggest obstacles for quantum metrology that limits its achievable precision and sensitivity. It has been showed that if the environmental noise is distinguishable from the dynamics of the quantum metrology task, then frequent applications of error correction can be used to combat the effects of noise. In practise however, the required frequency of error correction to maintain Heisenberg-like precision is unobtainable for current quantum technologies. We explore the limitations of error correction enhanced quantum metrology by taking into consideration technological constraints and impediments, from which, we establish the regime in which the Heisenberg limit can be maintained in the presence of noise. Fully implementing a quantum metrology problem is technologically demanding: entangled quantum states must be generated and measured with high fidelity. One solution, in the instance where one lacks all of the necessary quantum hardware, is to delegate a task to a third party. In doing so, several security issues naturally arise because of the possibility of interference of a malicious adversary. We address these issues by developing the notion of a cryptographic framework for quantum metrology. We show that the precision of the quantum metrology problem can be directly related to the soundness of an employed cryptographic protocol. Additionally, we develop cryptographic protocols for a variety of cryptographically motivated settings, namely: quantum metrology over an unsecured quantum channel and quantum metrology with a task delegated to an untrusted party. Quantum sensing networks have been gaining interest in the quantum metrology community over the past few years. They are a natural choice for spatially distributed problems and multiparameter problems. The three proposed techniques, graph states, error correction and cryptography, are a natural fit to be immersed in quantum sensing network. Graph states are an well-known candidate for the description of a quantum network, error correction can be used to mitigate the effects of a noisy quantum channel, and the cryptographic framework of quantum metrology can be used to add a sense of security. Combining these works formally is a future perspective.

In the last decade a lot of research activity focused on the use of quantum entanglement as a resource for remote target detection, i.e. on the design of a quantum radar. The literature on this subject uses tools of quantum optics and quantum information theory, and therefore often results obscure to radar scientists. This review has been written with purpose of removing this obscurity. As such, it contains a review of the main advances in the quantum radar literature together accompanied by a thorough introduction of the quantum optics background necessary for its understanding.

The field of quantum networks is currently a major area of investigation in quantum technologies. One of the simplest acts of quantum communication, the distribution of a single bipartite entangled state, has been highly studied as it is a simple problem to characterize, simulate and implement. It is also useful for a prominent quantum network application: the secured distribution of a cryptographic key. However, the use of quantum networks goes far beyond. We need to study the simultaneous distribution of multipartite states over quantum networks. In this manuscript, we report on several works of progress in the domain. We first study the recycling of previously distributed resources in the asymptotic regime by the use of entanglement combing and quantum state merging. Then, we characterize the distribution of quantum states using the tensor network formalism. We also characterize a broad class of classical distribution protocols by the same formalism and use this similarity to compare the distribution of classical correlations over classical networks to a the distribution of quantum state over quantum networks. We also build protocols to distribute specific classes of states over quantum networks such as graph states and GHZ states by using the graph state formalism and a bit of graph theory. Finally, we implement the previous protocols in a more realistic setting and participate in the elaboration of multipartite features for a quantum network simulator: QuISP. We also aimed to popularize the notions of quantum information to a broad audience. We report on the creation of a video game based on quantum optics, adding to the existing popularization ludography.

The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tight and conceptually simple proofs where provable security in the standard model is elusive or costly. While being the adequate replacement of the ROM in the post-quantum security setting, the quantum-accessible random oracle model (QROM) has thus far failed to provide these advantages in many settings. In this work, we focus on adaptive reprogrammability, a feature of the ROM enabling tight and simple proofs in many settings. We show that the straightforward quantum-accessible generalization of adaptive reprogramming is feasible by proving a bound on the adversarial advantage in distinguishing whether a random oracle has been reprogrammed or not. We show that our bound is tight by providing a matching attack. We go on to demonstrate that our technique recovers the mentioned advantages of the ROM in three QROM applications: 1) We give a tighter proof of security of the message compression routine as used by XMSS. 2) We show that the standard ROM proof of chosen-message security for Fiat-Shamir signatures can be lifted to the QROM, straightforwardly, achieving a tighter reduction than previously known. 3) We give the first QROM proof of security against fault injection and nonce attacks for the hedged Fiat-Shamir transform.

We study continuous-variable graph states as quantum communication networks. We explore graphs with regular and complex network shapes distributed among different agents and we report for their cost as a global measure of squeezing and number of squeezed modes that are necessary to build the network. We show that the trend of the squeezing cost presents a non-trivial scaling with the size of the network strictly dependent on its topology. We devise a routing protocol based on local quadrature measurements for reshaping the network in order to perform teleportation protocol between two arbitrary nodes of the networks. The \textit{Routing} protocol, which is based on wire-shortening over parallel paths among the nodes, improves the final entanglement between the two nodes in a considerable amount of cases, and it is particularly efficient in running-time for complex sparse networks.

We study here the conditions to perform the distribution of a pure state on a quantum network using quantum operations which can succeed with a non-zero probability, the Stochastic Local Operation and Classical Communication (SLOCC) operations. In their pioneering 2010 work, Kobayashi et al. showed how to convert any classical network coding protocol into a quantum network coding protocol. However, they left open whether the existence of a quantum network coding protocol implied the existence of a classical one. Motivated by this question, we characterize the set of distribution tasks achievable with non zero probability for both classical and quantum networks. We develop a formalism which encompasses both types of distribution protocols by reducing the solving of a distribution task to the factorization of a tensor with complex coefficients or real positive ones. Using this formalism, we examine the equivalences and differences between both types of distribution protocols exhibiting several elementary and fundamental relations between them as well as concrete examples of both convergence and divergence. We answer by the negative to the issue previously left open: some tasks are achievable in the quantum setting, but not in the classical one. We believe this formalism to be a useful tool for studying the extent of quantum network ability to perform multipartite distribution tasks.

Recently, there has been an emergence of useful applications for noisy intermediate-scale quantum (NISQ) devices notably, though not exclusively, in the fields of quantum machine learning and variational quantum algorithms. In such applications, circuits of various depths and composed of different sets of gates are run on NISQ devices. Therefore, it is crucial to find practical ways to capture the general performance of circuits on these devices. Motivated by this pressing need, we modified the standard Clifford randomized benchmarking (RB) and interleaved RB schemes targeting them to hardware limitations. Firstly we remove the requirement for, and assumptions on, the inverse operator, in Clifford RB by incorporating a tehchnique from quantum verification. This introduces another figure of merit by which to assess the quality of the NISQ hardware, namely the acceptance probability of quantum verification. Many quantum algorithms, that provide an advantage over classical algorithms, demand the use of Clifford as well as non-Clifford gates. Therefore, as our second contribution we develop a technique for characterising a variety of non-Clifford gates, by combining tools from gate synthesis with interleaved RB. Both of our techniques are most relevant when used in conjunction with RB schemes that benchmark generators (or native gates) of the Clifford group, and in low error regimes.

Due to the special no-cloning principle, quantum states appear to be very useful in cryptography. But this very same property also has drawbacks: when receiving a quantum state, it is nearly impossible for the receiver to efficiently check non-trivial properties on that state without destroying it. In this work, we initiate the study of Non-Destructive Zero-Knowledge Proofs on Quantum States. Our method binds a quantum state to a classical encryption of that quantum state. That way, the receiver can obtain guarantees on the quantum state by asking to the sender to prove properties directly on the classical encryption. This method is therefore non-destructive, and it is possible to verify a very large class of properties. For instance, we can force the sender to send different categories of states depending on whether they know a classical password or not. Moreover, we can also provide guarantees to the sender: for example, we can ensure that the receiver will never learn whether the sender knows the password or not. We also extend this method to the multi-party setting. We show how it can prove useful to distribute a GHZ state between different parties, in such a way that only parties knowing a secret can be part of this GHZ. Moreover, the identity of the parties that are part of the GHZ remains hidden to any malicious party. A direct application would be to allow a server to create a secret sharing of a qubit between unknown parties, authorized for example by a third party Certification Authority. Finally, we provide simpler “blind” versions of the protocols that could prove useful in Anonymous Transmission or Quantum Onion Routing, and we explicit a cryptographic function required in our protocols based on the Learning With Errors hardness problem.

Correcting errors due to noise in quantum circuits run on current and near-term quantum hardware is essential for any convincing demonstration of quantum advantage. Indeed, in many cases it has been shown that noise renders quantum circuits efficiently classically simulable, thereby destroying any quantum advantage potentially offered by an ideal (noiseless) implementation of these circuits. Although the technique of quantum error correction (QEC) allows to correct these errors very accurately, QEC usually requires a large overhead of physical qubits which is not reachable with currently available quantum hardware. This has been the motivation behind the field of quantum error mitigation, which aims at developing techniques to correct an important part of the errors in quantum circuits, while also being compatible with current and near-term quantum hardware. In this work, we present a technique for quantum error mitigation which is based on a technique from quantum verification, the so-called accreditation protocol, together with post-selection. Our technique allows for correcting the expectation value of an observable $O$, which is the output of multiple runs of noisy quantum circuits, where the noise in these circuits is at the level of preparations, gates, and measurements. We discuss the sample complexity of our procedure and provide rigorous guarantees of errors being mitigated under some realistic assumptions on the noise. Our technique also allows for time dependant behaviours, as we allow for the output states to be different between different runs of the accreditation protocol. We validate our findings by running our technique on currently available quantum hardware.

Quantum physical unclonable functions, or QPUFs, are rapidly emerging as theoretical hardware solutions to provide secure cryptographic functionalities such as key-exchange, message authentication, entity identification among others. Recent works have shown that in order to provide provable security of these solutions against any quantum polynomial time adversary, QPUFs are required to be a unitary sampled uniformly randomly from the Haar measure. This however is known to require an exponential amount of resources. In this work, we propose an efficient construction of these devices using unitary t-designs, called QPUF_t. Along the way, we modify the existing security definitions of QPUFs to include efficient constructions and showcase that QPUF_t still retains the provable security guarantees against a bounded quantum polynomial adversary with t-query access to the device. This also provides the first use case of unitary t-design construction for arbitrary t, as opposed to previous applications of t-designs where usually a few (relatively low) values of t are known to be useful for performing some task. We study the noise-resilience of QPUF_t against specific types of noise, unitary noise, and show that some resilience can be achieved particularly when the error rates affecting individual qubits become smaller as the system size increases. To make the noise-resilience more realistic and meaningful, we conclude that some notion of error mitigation or correction should be introduced.

In this paper, we continue the line of work initiated by Boneh and Zhandry at CRYPTO 2013 and EUROCRYPT 2013 in which they formally define the notion of unforgeability against quantum adversaries specifically, for classical message authentication codes and classical digital signatures schemes. We develop a general and parameterised quantum game-based security model unifying unforgeability for both classical and quantum constructions allowing us for the first time to present a complete quantum cryptanalysis framework for unforgeability. In particular, we prove how our definitions subsume previous ones while considering more fine-grained adversarial models, capturing the full spectrum of superposition attacks. The subtlety here resides in the characterisation of a forgery. We show that the strongest level of unforgeability, namely existential unforgeability, can only be achieved if only orthogonal to previously queried messages are considered to be forgeries. In particular, we present a non-trivial attack if any overlap between the forged message and previously queried ones is allowed. We further show that deterministic constructions can only achieve the weaker notion of unforgeability, that is selective unforgeability, against such restricted adversaries, but that selective unforgeability breaks if general quantum adversaries (capable of general superposition attacks) are considered. On the other hand, we show that PRF is sufficient for constructing a selective unforgeable classical primitive against full quantum adversaries. Moreover, we show similar positive results relying on Pseudorandom Unitaries (PRU) for quantum primitives. These results demonstrate the generality of our framework that could be applicable to other primitives beyond the cases analysed in this paper.

Graph states are a large class of multipartite entangled quantum states that form the basis of schemes for quantum computation, communication, error correction, metrology, and more. In this work, we consider verification of graph states generated by an untrusted source and shared between a network of possibly dishonest parties. This has implications in certifying the application of graph states for various distributed tasks. We first provide a general protocol and analysis for the verification of any graph state in such a network, and then adapt it to reduce the resources required for specific examples such as cluster states, complete and cycle graph states. In each case, we demonstrate how parties in the network can efficiently test and assess the closeness of their shared state to the desired graph state, even in the presence of any number of dishonest parties.

Approximate combinatorial optimisation has emerged as one of the most promising application areas for quantum computers, particularly those in the near term. In this work, we focus on the quantum approximate optimisation algorithm (QAOA) for solving the Max-Cut problem. Specifically, we address two problems in the QAOA, how to select initial parameters, and how to subsequently train the parameters to find an optimal solution. For the former, we propose graph neural networks (GNNs) as an initialisation routine for the QAOA parameters, adding to the literature on warm-starting techniques. We show the GNN approach generalises across not only graph instances, but also to increasing graph sizes, a feature not available to other warm-starting techniques. For training the QAOA, we test several optimisers for the MaxCut problem. These include quantum aware/agnostic optimisers proposed in literature and we also incorporate machine learning techniques such as reinforcement and meta-learning. With the incorporation of these initialisation and optimisation toolkits, we demonstrate how the QAOA can be trained as an end-to-end differentiable pipeline.

Future quantum communication infrastructures will rely on both terrestrial and space-based links integrating high-performance optical systems engineered for this purpose. In space-based downlinks in particular, the loss budget and the variations in the signal propagation due to atmospheric turbulence effects impose a careful optimization of the coupling of light in single-mode fibers required for interfacing with the receiving stations and the ground networks. In this work, we perform a comprehensive study of the role of adaptive optics (AO) in this optimization, focusing on realistic baseline configurations of prepare-and-measure quantum key distribution (QKD), with both discrete and continuous-variable encoding, and including finite-size effects. Our analysis uses existing experimental turbulence datasets at both day and night time to model the coupled signal statistics following a wavefront distortion correction with AO, and allows us to estimate the secret key rate for a range of critical parameters, such as turbulence strength, satellite altitude and ground telescope diameter. The results we derive illustrate the interest of adopting advanced AO techniques in several practical configurations.

The demonstration of quantum speedup, also known as quantum computational supremacy, that is the ability of quantum computers to outperform dramatically their classical counterparts, is an important milestone in the field of quantum computing. While quantum speedup experiments are gradually escaping the regime of classical simulation, they still lack efficient verification protocols and rely on partial validation. To that end, we derive an efficient protocol for verifying with single-mode Gaussian measurements the output states of a large class of continuous variable quantum circuits demonstrating quantum speedup, including Boson Sampling experiments, with and without i.i.d. assumption, thus enabling a convincing demonstration of quantum speedup with photonic computing. Beyond the quantum speedup milestone, our results also enable the efficient and reliable certification of a large class of intractable continuous variable multi-mode quantum states.

We introduce a secure hardware device named a QEnclave that can secure the remote execution of quantum operations while only using classical controls. This device extends to quantum computing the classical concept of a secure enclave which isolates a computation from its environment to provide privacy and tamper-resistance. Remarkably, our QEnclave only performs single-qubit rotations, but can nevertheless be used to secure an arbitrary quantum computation even if the qubit source is controlled by an adversary. More precisely, attaching a QEnclave to a quantum computer, a remote client controlling the QEnclave can securely delegate its computation to the server solely using classical communication. We investigate the security of our QEnclave by modeling it as an ideal functionality named Remote State Rotation. We show that this resource, similar to previously introduced functionality of remote state preparation, allows blind delegated quantum computing with perfect security. Our proof relies on standard tools from delegated quantum computing. Working in the Abstract Cryptography framework, we show a construction of remote state preparation from remote state rotation preserving the security. An immediate consequence is the weakening of the requirements for blind delegated computation. While previous delegated protocols were relying on a client that can either generate or measure quantum states, we show that this same functionality can be achieved with a client that only transforms quantum states without generating or measuring them.

Physical unclonable functions provide a unique ‘fingerprint’ to a physical entity by exploiting the inherent physical randomness. With the help of quantum information theory, this paper proposes solutions to protect PUFs against machine learning-based attacks. Here, based on the querying capability, we first divide the adversaries into two classes, namely adaptive and weak adversaries. We also modify an existing security notion, universal unforgeability, to capture the power of those two classes of adversaries. We then introduce the notion of a hybrid PUF, using a classical PUF and quantum conjugate coding. This construction encodes the output of a classical PUF in non-orthogonal quantum states. We show that the indistinguishability of those states can significantly enhance the security of the classical PUFs against weak adversaries. Moreover, we show that learning the underlying classical PUF from the outputs of our HPUF construction is at least as hard as learning the classical PUF from its random noisy outputs. To prevent the adversaries from querying the PUFs adaptively, we borrow ideas from a classical lockdown technique and apply them to our hybrid PUF. We show that the hybrid PUFs, together with the lockdown technique, termed as hybrid locked PUF, can provide a secure client authentication protocol against adaptive adversaries and are implementable with the current day quantum communication technology. Moreover, we show that HLPUF allows the server to reuse the challenges for further client authentication, providing an efficient solution for running a PUF-based client authentication protocol for a longer period while maintaining a small-sized challenge-response pairs database on the server-side. Finally, we explore the lockdown technique with quantum PUF and show that the direct adaptation of the classical lockdown technique will not work with the fully quantum PUFs.

The use of quantum information in technology promises to supersede the so-called classical devices used nowadays. Understanding what features are inherently non-classical is crucial for reaching better-than-classical performance. This thesis focuses on two nonclassical behaviours: quantum contextuality and Wigner negativity. The former is a notion superseding nonlocality that can be exhibited by quantum systems. To date, it has mostly been studied in discrete-variable scenarios. In those scenarios, contextuality has been shown to be necessary and sufficient for advantages in some cases. On the other hand, negativity of the Wigner function is another unsettling non-classical feature of quantum states that originates from phase-space formulation in continuous-variable quantum optics. Continuous-variable scenarios offer promising candidates for implementing quantum computations. Wigner negativity is known to be a necessary resource for quantum speedup with continuous variables. However contextuality has been little understood and studied in continuous-variable scenarios. We first set out a robust framework for properly treating contextuality in continuous variables. We also quantify contextuality in such scenarios by using tools from infinite-dimensional optimisation theory. Building upon this, we show that Wigner negativity is equivalent to contextuality in continuous variables with respect to Pauli measurements thus establishing a continuous-variable analogue of a celebrated result by Howard et al. We then introduce experimentally-friendly witnesses for Wigner negativity of single mode and multimode quantum states, based on fidelities with Fock states, using again tools from infinite-dimensional optimisation theory. We further extend the range of previously known discrete-variable results linking contextuality and advantage into a new territory of information retrieval.

Quantum physics has revolutionised our way of conceiving nature and is now bringing about a new technological revolution. The use of quantum information in technology promises to supersede the so-called classical devices used nowadays. Understanding what features are inherently non-classical is crucial for reaching better-than-classical performance. This thesis focuses on two nonclassical behaviours: quantum contextuality and Wigner negativity. To date, contextuality has mostly been studied in discrete-variable scenarios, where observables take values in discrete and usually finite sets. In those scenarios, contextuality has been shown to be necessary and sufficient for advantages in some cases. On the other hand, negativity of the Wigner function is another unsettling non-classical feature of quantum states that originates from phase-space formulation in quantum optics. Wigner negativity is known to be a necessary resource for quantum speedup. We set out a robust framework for properly treating contextuality in continuous variables. We quantify contextuality in such scenarios by using tools from infinite-dimensional optimisation theory. Building upon this, we show that Wigner negativity is equivalent to contextuality in continuous variables with respect to Pauli measurements. We then introduce experimentally-friendly witnesses for Wigner negativity of multimode quantum states, based on fidelities with Fock states which again uses infinite-dimensional linear programming techniques. We further extend the range of previously known discrete-variable results linking contextuality and advantage into a new territory of discrete variable information retrieval.

The development of large-scale quantum networks promises to bring a multitude of technological applications as well as shed light on foundational topics, such as quantum nonlocality. It is particularly interesting to consider scenarios where sources within the network are statistically independent, which leads to so-called network nonlocality, even when parties perform fixed measurements. Here we promote certain parties to be trusted and introduce the notion of network steering and network local hidden state (NLHS) models within this paradigm of independent sources. In one direction, we show how results from Bell nonlocality and quantum steering can be used to demonstrate network steering. We further show that it is a genuinely novel effect, by exhibiting unsteerable states that nevertheless demonstrate network steering, based upon entanglement swapping, yielding a form of activation. On the other hand, we provide no-go results for network steering in a large class of scenarios, by explicitly constructing NLHS models.

MiniQCrypt is a world where quantum-secure one-way functions exist, and quantum communication is possible. We construct an oblivious transfer (OT) protocol in MiniQCrypt that achieves simulation-security in the plain model against malicious quantum polynomial-time adversaries, building on the foundational work of Bennett, Brassard, Cr'epeau and Skubiszewska (CRYPTO 1991). Combining the OT protocol with prior works, we obtain secure two-party and multi-party computation protocols also in MiniQCrypt. This is in contrast to the classical world, where it is widely believed that one-way functions alone do not give us OT. In the common random string model, we achieve a constant-round universally composable (UC) OT protocol.

In measurement-based quantum computing (MBQC), computation is carried out by a sequence of measurements and corrections on an entangled state. Flow, and related concepts, are powerful techniques for characterising the dependence of the corrections on previous measurement outcomes. We introduce flow-based methods for MBQC with qudit graph states, which we call Zd-flow, when the local dimension is an odd prime. Our main results are proofs that Zd-flow is a necessary and sufficient condition for a strong form of outcome determinism. Along the way, we find a suitable generalisation of the concept of measurement planes to this setting and characterise the allowed measurements in a qudit MBQC. We also provide a polynomial-time algorithm for finding an optimal Zd-flow whenever one exists.

We designed a CV-QKD system with off-the-shelf components and established the feasibility of distributing 67.6 and 66.8 Mb/s secret key rates on average over a 9.5 km SMF link, using respectively probabilistically shaped 64 and 256 QAM, and relying on a novel analytical security proof.

While the standard formulation of quantum theory assumes a fixed background causal structure, one can relax this assumption within the so-called process matrix framework. Remarkably, some processes, termed causally nonseparable, are incompatible with a definite causal order. We explore a form of certification of causal nonseparability in a semi-device-independent scenario where the involved parties receive trusted quantum inputs, but whose operations are otherwise uncharacterised. Defining the notion of causally nonseparable distributed measurements, we show that certain causally nonseparable processes which cannot violate any causal inequality, such as the canonical example of the quantum switch, can generate noncausal correlations in such a scenario. Moreover, by further imposing some natural structure to the untrusted operations, we show that all bipartite causally nonseparable process matrices can be certified with trusted quantum inputs.

Abstract Quantum communication networks enable applications ranging from highly secure communication to clock synchronization and distributed quantum computing. Miniaturized, flexible, and cost-efficient resources will be key elements for ensuring the scalability of such networks as they progress towards large-scale deployed infrastructures. Here, we bring these elements together by combining an on-chip, telecom-wavelength, broadband entangled photon source with industry-grade flexible-grid wavelength division multiplexing techniques, to demonstrate reconfigurable entanglement distribution between up to 8 users in a resource-optimized quantum network topology. As a benchmark application we use quantum key distribution, and show low error and high secret key generation rates across several frequency channels, over both symmetric and asymmetric metropolitan-distance optical fibered links and including finite-size effects. By adapting the bandwidth allocation to specific network constraints, we also illustrate the flexible networking capability of our configuration. Together with the potential of our semiconductor source for distributing secret keys over a 60 nm bandwidth with commercial multiplexing technology, these results offer a promising route to the deployment of scalable quantum network architectures.

Quantum cryptography builds upon decades of advances both in classical cryptography and networks. However, contrary to its classical counterparts, it is still in its infancy applicability-wise, even in the scenario where powerful quantum computers are readily available, and more theoretical work is required before it can provide concrete benefits. The first goal is to formalise in rigorous quantum security frameworks the properties of various techniques that have been transposed, often without proper justification, from the classical world.Then, the recent developments in quantum technologies suggest a mostly cloud-based future availability of quantum devices. Therefore, quantum computation and communication cost of protocol participants must be lowered before being useful.Finally, in most situations, additional steps need to be taken to tailor protocols to the specifications of devices. This allows for optimisations both in terms of quantum memory and operation requirements.This thesis contributes to these three aspects by: (i) giving the first general security definition of the Quantum Cut-and-Choose, a technique for proving the correctness of a quantum message; (ii) presenting a more realistic framework of security against superposition attacks, where classical protocols run on inherently quantum devices; (iii) constructing an efficient delegated multi-party quantum computation protocol, allowing clients to delegate securely to a quantum server a private computation; (iv) building a method for verifying the honesty of a quantum server performing computations on behalf of a client with no operation or memory overhead compared to the unprotected computation.

We consider Gaussian quantum circuits supplemented with non-Gaussian input states and derive sufficient conditions for efficient classical strong simulation of these circuits. In particular, we generalise the stellar representation of continuous-variable quantum states to the multimode setting and relate the stellar rank of the input non-Gaussian states, a recently introduced measure of non- Gaussianity, to the cost of evaluating classically the output probability densities of these circuits. Our results have consequences for the strong simulability of a large class of near-term continuous-variable quantum circuits.

We study supervised learning algorithms in which a quantum device is used to perform a computational subroutine - either for prediction via probability estimation, or to compute a kernel via estimation of quantum states overlap. We design implementations of these quantum subroutines using Boson Sampling architectures in linear optics, supplemented by adaptive measurements. We then challenge these quantum algorithms by deriving classical simulation algorithms for the tasks of output probability estimation and overlap estimation. We obtain different classical simulability regimes for these two computational tasks in terms of the number of adaptive measurements and input photons. In both cases, our results set explicit limits to the range of parameters for which a quantum advantage can be envisaged with adaptive linear optics compared to classical machine learning algorithms: we show that the number of input photons and the number of adaptive measurements cannot be simultaneously small compared to the number of modes. Interestingly, our analysis leaves open the possibility of a near-term quantum advantage with a single adaptive measurement.

Recently, the European Commission supported by many European countries has announced large investments towards the commercialization of quantum technology (QT) to address and mitigate some of the biggest challenges facing today’s digital erae.g. secure communication and computing power. For more than two decades the QT community has been working on the development of QTs, which promise landmark breakthroughs leading to commercialization in various areas. The ambitious goals of the QT community and expectations of EU authorities cannot be met solely by individual initiatives of single countries, and therefore, require a combined European effort of large and unprecedented dimensions comparable only to the Galileo or Copernicus programs. Strong international competition calls for a coordinated European effort towards the development of QT in and for space, including research and development of technology in the areas of communication and sensing. Here, we aim at summarizing the state of the art in the development of quantum technologies which have an impact in the field of space applications. Our goal is to outline a complete framework for the design, development, implementation, and exploitation of quantum technology in space.

We propose a method to experimentally demonstrate contextuality with a family of tests for qudits. The experiment we propose uses a qudit encoded in the path of a single photon and its temporal degrees of freedom. We consider the impact of noise on the effectiveness of these tests, taking the approach of ontologically faithful non-contextuality. In this approach, imperfections in the experimental set up must be taken into account in any faithful ontological (classical) model, which limits how much the statistics can deviate within different contexts. In this way we bound the precision of the experimental setup under which ontologically faithful non-contextual models can be refuted. We further consider the noise tolerance through different types of decoherence models on different types of encodings of qudits. We quantify the effect of the decoherence on the required precision for the experimental setup in order to demonstrate contextuality in this broader sense.

This work analyzes correlations arising from quantum systems subject to sequential projective measurements to certify that the system in question has a quantum dimension greater than some d. We refine previous known methods and show that dimension greater than two can be certified in scenarios which are considerably simpler than the ones presented before and, for the first time in this sequential projective scenario, we certify quantum systems with dimension strictly greater than three. We also perform a systematic numerical analysis in terms of robustness and conclude that performing random projective measurements on random pure qutrit states allows a robust certification of quantum dimensions with very high probability.

Negativity of the Wigner function is arguably one of the most striking non-classical features of quantum states. Beyond its fundamental relevance, it is also a necessary resource for quantum speedup with continuous variables. As quantum technologies emerge, the need to identify and characterize the resources which provide an advantage over existing classical technologies becomes more pressing. Here we derive witnesses for Wigner negativity of quantum states, based on fidelities with Fock states, which can be reliably measured using standard detection setups. They possess a threshold expected value indicating whether the measured state exhibits the desired property or not. We phrase the problem of finding the threshold values for our witnesses as an infinite-dimensional linear optimisation. By relaxing and restricting the corresponding linear programs, we derive two hierarchies of semidefinite programs, which provide numerical sequences of increasingly tighter upper and lower bounds for the threshold values. We further show that both sequences converge to the threshold value. Moreover, our witnesses form a complete family - each Wigner negative state is detected by at least one witness - thus providing a reliable method for experimentally witnessing Wigner negativity of quantum states from few measurements. From a foundational perspective, our work provides insights on the set of positive Wigner functions which still lacks a proper characterisation.

We demonstrate, for the first time to our knowledge, continuous-variable quantum key distribution using probabilistically-shaped 1024-QAM and true local oscillator, achieving 38.3Mb/s secret key rate over 9.5km, averaged over the transmission time of 100 blocks.

We derive a theoretical framework for the experimental certification of non-Gaussian features of quantum states using double homodyne detection. We rank experimental non-Gaussian states according to the recently defined stellar hierarchy and we propose practical Wigner negativity witnesses. We simulate various use-cases ranging from fidelity estimation to witnessing Wigner negativity. Moreover, we extend results on the robustness of the stellar hierarchy of non-Gaussian states. Our results illustrate the usefulness of double homodyne detection as a practical measurement scheme for retrieving information about continuous-variable quantum states, and show that certification of high-order non-Gaussian features can be carried out experimentally with current technology.

We present a composably secure protocol allowing $n$ parties to test an entanglement generation resource controlled by a possibly dishonest party. The test consists only in local quantum operations and authenticated classical communication once a state is shared among them and provides composable security, namely it can be used as a secure subroutine by $n$ honest parties within larger communication protocols to test if a source is sharing quantum states that are at least $\epsilon$-close to the GHZ state. This claim comes on top of previous results on multipartite entanglement verification where the security was studied in the usual game-based model. Here, we improve the protocol to make it more suitable for practical use in a quantum network and we study its security in the Abstract Cryptography framework to highlight composability issues and avoid hidden assumptions. This framework is a top-to-bottom theory that makes explicit any piece of information that each component (party or resource) gets at every time-step of the protocol. Moreover any security proof, which amounts to showing indistinguishability between an ideal resource having the desired security properties (up to local simulation) and the concrete resource representing the protocol, is composable for free in this setting. This allows us to readily compose our basic protocol in order to create a composably secure multi-round protocol enabling honest parties to obtain a state close to a GHZ state or an abort signal, even in the presence of a noisy or malicious source. Our protocol can typically be used as a subroutine in a Quantum Internet, to securely share a GHZ state among the network before performing a communication or computation protocol.

In measurement-based quantum computing (MBQC), computation is carried out by a sequence of measurements and corrections on an entangled state. Flow, and related concepts, are powerful techniques for characterising the dependence of the corrections on previous measurement results. We introduce flow-based methods for quantum computation with continuous variables graph states, which we call CV-flow. These are inspired by, but not equivalent to, the notions of causal flow and g-flow for qubit MBQC. We also show that an MBQC with CV-flow approximates a unitary arbitrarily well in the infinite-squeezing limit, addressing issues of convergence which are unavoidable in the infinite-dimensional setting. In developing our proofs, we provide a method for converting a CV-MBQC computation into a circuit form, analogous to the circuit extraction method of Miyazaki et al, and an efficient algorithm for finding CV-flow when it exists based on the qubit version by Mhalla and Perdrix. Our results and techniques naturally extend to the cases of MBQC for quantum computation with qudits of prime local dimension.

Noise is the greatest obstacle in quantum metrology that limits it achievable precision and sensitivity. There are many techniques to mitigate the effect of noise, but this can never be done completely. One commonly proposed technique is to repeatedly apply quantum error correction. Unfortunately, the required repetition frequency needed to recover the Heisenberg limit is unachievable with the existing quantum technologies. In this article we explore the discrete application of quantum error correction with current technological limitations in mind. We establish that quantum error correction can be beneficial and highlight the factors which need to be improved so one can reliably reach the Heisenberg limit level precision.

Configurable and scalable continuous variable quantum networks for measurement-based quantum information protocols or multipartite quantum communication schemes can be obtained via parametric down conversion (PDC) in non-linear waveguides. In this work, we exploit symmetric group velocity matching (SGVM) to engineer the properties of the squeezed modes of the PDC. We identify type II PDC in a single waveguide as the best suited process, since multiple modes with non-negligible amount of squeezing can be obtained. We explore, for the first time, the waveguide dimensions, usually only set to ensure single-mode guiding, as an additional design parameter ensuring indistinguishability of the signal and idler fields. We investigate here potassium titanyl phosphate (KTP), which offers SGVM at telecommunications wavelengths, but our approach can be applied to any non-linear material and pump wavelength. This work paves the way towards the engineering of future large-scale quantum networks in the continuous variable regime.

Multi-Party Quantum Computation (MPQC) has attracted a lot of attention as a potential killer-app for quantum networks through it’s ability to preserve privacy and integrity of the highly valuable computations they would enable. Contributing to the latest challenges in this field, we present a composable protocol achieving blindness and verifiability even in the case of a single honest client. The security of our protocol is reduced, in an information-theoretically secure way, to that of a classical composable Secure Multi-Party Computation (SMPC) used to coordinate the various parties. Our scheme thus provides a statistically secure upgrade of such classical scheme to a quantum one with the same level of security. In addition, (i) the clients can delegate their computation to a powerful fully fault-tolerant server and only need to perform single qubit operations to unlock the full potential of multi-party quantum computation; (ii) the amount of quantum communication with the server is reduced to sending quantum states at the beginning of the computation and receiving the output states at the end, which is optimal and removes the need for interactive quantum communication; and (iii) it has a low constant multiplicative qubit overhead compared to the single-client delegated protocol it is built upon. The main technical ingredient of our paper is the bootstraping of the MPQC construction by Double Blind Quantum Computation, a new composable resource for blind multiparty quantum computation, that demonstrates the surprising fact that the full protocol does not require verifiability of all components to achieve security.

This thesis is concerned with the study and analysis of two quantum cryptographic protocols: quantum key distribution (QKD) and unforgeable quantum money in the continuous-variable (CV) framework. The main advantage of CV protocols is that their implementation only requires standard telecom components. QKD allows two distant parties, Alice and Bob, to establish a secure key, even in the presence of an eavesdropper, Eve. The remarkable property of QKD is that its security can be established in the information-theoretic setting, without appealing to any computational assumptions. Proving the security of CV-QKD protocols is challenging since the protocols are described in an infinite-dimensional Fock space. One of the open questions in CV-QKD was establishing security for two-way QKD protocols against general attacks. We exploit the invariance of Unitary group U(n) of the protocol to establish composable security against general attacks. We answer another pressing question in the field of CV-QKD with a discrete modulation by establishing the asymptotic security of such protocols against collective attacks. We provide a general technique to derive a lower bound on the secret key rate by formulating the problem as a semidefinite program. Quantum money exploits the no-cloning property of quantum mechanics to generate unforgeable tokens, banknotes, and credit cards. We propose a CV private-key quantum money scheme with classical verification. The motivation behind this protocol is to facilitate the process of practical implementation. Previous classical verification money schemes use single-photon detectors for verification, while our protocols use coherent detection.

In recent years, many computational tasks have been proposed as candidates for showing a quantum computational advantage, that is an advantage in the time needed to perform the task using a quantum instead of a classical machine. Nevertheless, practical demonstrations of such an advantage remain particularly challenging because of the difficulty in bringing together all necessary theoretical and experimental ingredients. Here, we show an experimental demonstration of a quantum computational advantage in a prover-verifier interactive setting, where the computational task consists in the verification of an NP-complete problem by a verifier who only gets limited information about the proof sent by an untrusted prover in the form of a series of unentangled quantum states. We provide a simple linear optical implementation that can perform this verification task efficiently (within a few seconds), while we also provide strong evidence that, fixing the size of the proof, a classical computer would take much longer time (assuming only that it takes exponential time to solve an NP-complete problem). While our computational advantage concerns a specific task in a scenario of mostly theoretical interest, it brings us a step closer to potential useful applications, such as server-client quantum computing.

The implementation of a quantum internet requires the distribution of entanglement over long distances, which is facilitated by entanglement swapping using photonic Bell state measurements (BSMs). Yet, two-photon Bell state measurement schemes have in general a success probability of at best 50%. Here, we propose to overcome this limitation by logically encoding photonic qubits onto photonic tree graph states, an error-correcting code that can be deterministically generated with few matter qubits. We show that we can perform a near-deterministic logical BSM even in the presence of photon losses through two measurement schemes that either use static linear optics or require feed-forward. In addition, we show that these two schemes are also resistant to errors.

The application and analysis of the Cut-and-Choose technique in protocols secure against quantum adversaries is not a straightforward transposition of the classical case, among other reasons due to the difficulty to use rewinding in the quantum realm. We introduce a Quantum Computation Cut-and-Choose (QC-CC) technique which is a generalisation of the classical Cut-and-Choose in order to build quantum protocols secure against quantum covert adversaries. Such adversaries can deviate arbitrarily provided that their deviation is not detected. As an application of the QC-CC we give a protocol for securely performing two-party quantum computation with classical input/output. As basis we use secure delegated quantum computing (Broadbent et al 2009), and in particular the garbled quantum computation of (Kashefi et al 2016) that is secure against only a weak specious adversaries, defined in (Dupuis et al 2010). A unique property of these protocols is the separation between classical and quantum communications and the asymmetry between client and server, which enables us to sidestep the quantum rewinding issues. This opens the prospect of using the QC-CC to other quantum protocols with this separation. In our proof of security we adapt and use (at different parts) two quantum rewinding techniques, namely Watrous’ oblivious q-rewinding (Watrous 2009) and Unruh’s special q-rewinding (Unruh 2012). Our protocol achieves the same functionality as in previous works (e.g. Dupuis et al 2012), however using the QC-CC technique on the protocol from (Kashefi et al 2016) leads to the following key improvements: (i) only one-way offline quantum communication is necessary , (ii) only one party (server) needs to have involved quantum technological abilities, (iii) only minimal extra cryptographic primitives are required, namely one oblivious transfer for each input bit and quantum-safe commitments.

In this note, we analyze joint probability distributions that come from the outcomes of quantum measurements performed on sets of quantum states. First, we identify the properties of these distributions that need to be fulfilled to recover a classical behavior. Secondly, we connect the existence of a joint distribution with the “on-state” permutability (commutativity of more than two operators) of measurement operators. By “on-state” we mean properties of operators that can hold only on a subset of states in the Hilbert space. Then, we disprove a conjecture proposed by Carstens, Ebrahimi, Tabia, and Unruh (eprint 2018), which states that partial on-state permutation imply full on-state permutation. We disprove such a conjecture with a counterexample where pairwise “on-state” commutativity does not imply on-state permutability, unlike in the case where the definition is valid for all states in the Hilbert space. Finally, we explore the new concept of on-state commutativity by showing a simple proof that if two projections almost on-state commute, then there is a commuting pair of operators that are on-state close to the originals. This result was originally proven by Hasting (Communications in Mathematical Physics, 2019) for general operators.

Despite the interest in the complexity class MA, the randomized analog of NP, just a few natural MA-complete problems are known. The first problem was found by (Bravyi and Terhal, SIAM Journal of Computing 2009); it was then followed by (Crosson, Bacon and Brown, PRE 2010) and (Bravyi, Quantum Information and Computation 2015). Surprisingly, two of these problems are defined using terminology from quantum computation, while the third is inspired by quantum computation and keeps a physical terminology. This prevents classical complexity theorists from studying these problems, delaying potential progress, e.g., on the NP vs. MA question. Here, we define two new combinatorial problems and prove their MA-completeness. The first problem, ACAC, gets as input a succinctly described graph, with some marked vertices. The problem is to decide whether there is a connected component with only unmarked vertices, or the graph is far from having this property. The second problem, SetCSP, generalizes standard constraint satisfaction problem (CSP) into constraints involving sets of strings. Technically, our proof that SetCSP is MA-complete is based on an observation by (Aharonov and Grilo, FOCS 2019), in which it was noted that a restricted case of Bravyi and Terhal’s problem (namely, the uniform case) is already MA-complete; a simple trick allows to state this restricted case using combinatorial language. The fact that the first, more natural, problem of ACAC is MA-hard follows quite naturally from this proof, while the containment of ACAC in MA is based on the theory of random walks. We notice that the main result of Aharonov and Grilo carries over to the SetCSP problem in a straightforward way, implying that finding a gap-amplification procedure for SetCSP (as in Dinur’s PCP proof) is equivalent to MA=NP. This provides an alternative new path towards the major problem of derandomizing MA.

Cryptanalysis on standard quantum cryptographic systems generally involves finding optimal adversarial attack strategies on the underlying protocols. The core principle of modelling quantum attacks in many cases reduces to the adversary’s ability to clone unknown quantum states which facilitates the extraction of some meaningful secret information. Explicit optimal attack strategies typically require high computational resources due to large circuit depths or, in many cases, are unknown. In this work, we propose variational quantum cloning (VQC), a quantum machine learning based cryptanalysis algorithm which allows an adversary to obtain optimal (approximate) cloning strategies with short depth quantum circuits, trained using hybrid classical-quantum techniques. The algorithm contains operationally meaningful cost functions with theoretical guarantees, quantum circuit structure learning and gradient descent based optimisation. Our approach enables the end-to-end discovery of hardware efficient quantum circuits to clone specific families of quantum states, which in turn leads to an improvement in cloning fidelites when implemented on quantum hardware: the Rigetti Aspen chip. Finally, we connect these results to quantum cryptographic primitives, in particular quantum coin flipping. We derive attacks on two protocols as examples, based on quantum cloning and facilitated by VQC. As a result, our algorithm can improve near term attacks on these protocols, using approximate quantum cloning as a resource.

Secure two-party computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output of the computation. In this work, we take the first steps towards understanding the setting in which the two parties want to evaluate a joint quantum functionality while using only a classical channel between them. Our first result indicates that it is in general impossible to realize a two-party quantum functionality against malicious adversaries with black-box simulation, relying only on classical channels. The negative result stems from reducing the existence of a black-box simulator to an extractor for classical proof of quantum knowledge, which in turn leads to violation of the quantum no-cloning. Next, we introduce the notion of oblivious quantum function evaluation (OQFE). An OQFE is a two-party quantum cryptographic primitive with one fully classical party (Alice) whose input is (a classical description of a) quantum unitary, $U$, and a quantum party (Bob) whose input is a quantum state, $\psi$. In particular, Alice receives a classical output corresponding to the measurement of $U(\psi)$ while Bob receives no output. In OQFE, Bob remains oblivious to Alice’s input, while Alice learns nothing about $\psi$ more than what can be learned from the output. We present two constructions, one secure against semi-honest parties and the other against malicious parties. Due to the no-go result mentioned above, we consider what is arguably the best possible notion obtainable in our model concerning malicious adversaries: one-sided simulation security. Our protocol relies on the assumption of injective homomorphic trapdoor OWFs, which in turn rely on the LWE problem. As a result, we put forward a first, simple and modular, construction of one-sided quantum two-party computation and quantum oblivious transfer over classical networks.

In order to qualify quantum algorithms for industrial NP-Hard problems, comparing them to available polynomial approximate classical algorithms and not only to exact ones – exponential by nature – , is necessary. This is a great challenge as, in many cases, bounds on the reachable approximation ratios exist according to some highly-trusted conjectures of Complexity Theory. An interesting setup for such qualification is thus to focus on particular instances of these problems known to be “less difficult” than the worst-case ones and for which the above bounds can be outperformed: quantum algorithms should perform at least as well as the conventional approximate ones on these instances, up to very large sizes. We present a case study of such a protocol for two industrial problems drawn from the strongly developing field of smart-charging of electric vehicles. Tailored implementations of the Quantum Approximate Optimization Algorithm (QAOA) have been developed for both problems, and tested numerically with classical resources either by emulation of Pasqal’s Rydberg atom based quantum device or using Atos Quantum Learning Machine. In both cases, quantum algorithms exhibit the same approximation ratios than conventional approximation algorithms, or improve them. These are very encouraging results, although still for instances of limited size as allowed by studies on classical computing resources. The next step will be to confirm them on larger instances, on actual devices, and for more complex versions of the problems addressed.

Recently, major progress has been made towards the realisation of the quantum internet to enable a broad range of applications that would be out of reach for classical internet. Most of these applications such as delegated quantum computation require running a secure identification protocol between a low-resource and a high-resource party to provide secure communication. Physical Unclonable Functions (PUFs) have been shown as resource-efficient hardware solutions for providing secure identification schemes in both classical and quantum settings. In this work, we propose two identification protocols based on quantum PUFs (qPUFs) as defined by Arapinis et al. In the first protocol, the low-resource party wishes to prove its identity to the high-resource party and in the second protocol, it is vice versa. Unlike existing identification protocols based on Quantum Read-out PUFs which rely on the security against a specific family of attacks, our protocols provide provable exponential security against any Quantum Polynomial-Time (QPT) adversary with resource-efficient parties. We provide a comprehensive comparison between the two proposed protocols in terms of resources such as quantum memory and computing ability required in both parties as well as the communication overhead between them. A stand-out feature of our second protocol is secure identification of a high-resource party by running a purely classical verification algorithm. This is achieved by delegating quantum operations to the high-resource party and utilising the resulting classical outcomes for identification.

Generative Modelling has become a promising use case for near term quantum computers. In particular, due to the fundamentally probabilistic nature of quantum mechanics, quantum computers naturally model and learn probability distributions, perhaps more efficiently than can be achieved classically. The Born machine is an example of such a model, easily implemented on near term quantum computers. However, in its original form, the Born machine only naturally represents discrete distributions. Since probability distributions of a continuous nature are commonplace in the world, it is essential to have a model which can efficiently represent them. Some proposals have been made in the literature to supplement the discrete Born machine with extra features to more easily learn continuous distributions, however, all invariably increase the resources required to some extent. In this work, we present the continuous variable Born machine, built on the alternative architecture of continuous variable quantum computing, which is much more suitable for modelling such distributions in a resource-minimal way. We provide numerical results indicating the models ability to learn both quantum and classical continuous distributions, including in the presence of noise.

Establishing secure communication links at a global scale is a major potential application of quantum information science but also extremely challenging for the underlying technology. While milestone experiments using satellite-to-ground links and exploiting singe-photon encoding for implementing quantum key distribution have shown recently that this goal is achievable, it is still necessary to further investigate practical solutions compatible with classical optical communication systems. Here we examine the feasibility of establishing secret keys in a satellite-to-ground downlink configuration using continuous-variable encoding, which can be implemented using standard telecommunication components certified for space environment and able to operate at high symbol rates. Considering a realistic channel model and state-of-the-art technology, and exploiting an orbit subdivision technique for mitigating fluctuations in the transmission efficiency, we find positive secret key rates for a low-Earth-orbit scenario, while finite-size effects can be a limiting factor for higher orbits. Our analysis determines regions of values for important experimental parameters where secret key exchange is possible and can be used as a guideline for experimental efforts in this direction.

Research on quantum technology spans multiple disciplines: physics, computer science, engineering, and mathematics. The objective of this manuscript is to provide an accessible introduction to this emerging field for economists that is centered around quantum computing and quantum money. We proceed in three steps. First, we discuss basic concepts in quantum computing and quantum communication, assuming knowledge of linear algebra and statistics, but not of computer science or physics. This covers fundamental topics, such as qubits, superposition, entanglement, quantum circuits, oracles, and the no-cloning theorem. Second, we provide an overview of quantum money, an early invention of the quantum communication literature that has recently been partially implemented in an experimental setting. One form of quantum money offers the privacy and anonymity of physical cash, the option to transact without the involvement of a third party, and the efficiency and convenience of a debit card payment. Such features cannot be achieved in combination with any other form of money. Finally, we review all existing quantum speedups that have been identified for algorithms used to solve and estimate economic models. This includes function approximation, linear systems analysis, Monte Carlo simulation, matrix inversion, principal component analysis, linear regression, interpolation, numerical differentiation, and true random number generation. We also discuss the difficulty of achieving quantum speedups and comment on common misconceptions about what is achievable with quantum computing.

Finding a concrete use case for quantum computers in the near term is still an open question, with machine learning typically touted as one of the first fields which will be impacted by quantum technologies. In this work, we investigate and compare the capabilities of quantum versus classical models for the task of generative modelling in machine learning. We use a real world financial dataset consisting of correlated currency pairs and compare two models in their ability to learn the resulting distribution - a restricted Boltzmann machine, and a quantum circuit Born machine. We provide extensive numerical results indicating that the simulated Born machine always at least matches the performance of the Boltzmann machine in this task, and demonstrates superior performance as the model scales. We perform experiments on both simulated and physical quantum chips using the Rigetti forest platform, and also are able to partially train the largest instance to date of a quantum circuit Born machine on quantum hardware. Finally, by studying the entanglement capacity of the training Born machines, we find that entanglement typically plays a role in the problem instances which demonstrate an advantage over the Boltzmann machine.

Secure delegated quantum computing allows a computationally weak client to outsource an arbitrary quantum computation to an untrusted quantum server in a privacy-preserving manner. One of the promising candidates to achieve classical delegation of quantum computation is classical-client remote state preparation ($RSP_{CC}$), where a client remotely prepares a quantum state using a classical channel. However, the privacy loss incurred by employing $RSP_{CC}$ as a sub-module is unclear. In this work, we investigate this question using the Constructive Cryptography framework by Maurer and Renner (ICS'11). We first identify the goal of $RSP_{CC}$ as the construction of ideal RSP resources from classical channels and then reveal the security limitations of using $RSP_{CC}$. First, we uncover a fundamental relationship between constructing ideal RSP resources (from classical channels) and the task of cloning quantum states. Any classically constructed ideal RSP resource must leak to the server the full classical description (possibly in an encoded form) of the generated quantum state, even if we target computational security only. As a consequence, we find that the realization of common RSP resources, without weakening their guarantees drastically, is impossible due to the no-cloning theorem. Second, the above result does not rule out that a specific $RSP_{CC}$ protocol can replace the quantum channel at least in some contexts, such as the Universal Blind Quantum Computing (UBQC) protocol of Broadbent et al. (FOCS ‘09). However, we show that the resulting UBQC protocol cannot maintain its proven composable security as soon as $RSP_{CC}$ is used as a subroutine. Third, we show that replacing the quantum channel of the above UBQC protocol by the $RSP_{CC}$ protocol QFactory of Cojocaru et al. (Asiacrypt ‘19), preserves the weaker, game-based, security of UBQC.

We propose a learning model called the quantum statistical learning QSQ model, which extends the SQ learning model introduced by Kearns to the quantum setting. Our model can be also seen as a restriction of the quantum PAC learning model: here, the learner does not have direct access to quantum examples, but can only obtain estimates of measurement statistics on them. Theoretically, this model provides a simple yet expressive setting to explore the power of quantum examples in machine learning. From a practical perspective, since simpler operations are required, learning algorithms in the QSQ model are more feasible for implementation on near-term quantum devices. We prove a number of results about the QSQ learning model. We first show that parity functions, (log n)-juntas and polynomial-sized DNF formulas are efficiently learnable in the QSQ model, in contrast to the classical setting where these problems are provably hard. This implies that many of the advantages of quantum PAC learning can be realized even in the more restricted quantum SQ learning model. It is well-known that weak statistical query dimension, denoted by WSQDIM(C), characterizes the complexity of learning a concept class C in the classical SQ model. We show that log(WSQDIM(C)) is a lower bound on the complexity of QSQ learning, and furthermore it is tight for certain concept classes C. Additionally, we show that this quantity provides strong lower bounds for the small-bias quantum communication model under product distributions. Finally, we introduce the notion of private quantum PAC learning, in which a quantum PAC learner is required to be differentially private. We show that learnability in the QSQ model implies learnability in the quantum private PAC model. Additionally, we show that in the private PAC learning setting, the classical and quantum sample complexities are equal, up to constant factors.

We establish the first general connection between the design of quantum algorithms and circuit lower bounds. Specifically, let $\mathfrak{C}$ be a class of polynomial-size concepts, and suppose that $\mathfrak{C}$ can be PAC-learned with membership queries under the uniform distribution with error $1/2 - \gamma$ by a time $T$ quantum algorithm. We prove that if $\gamma^2 \cdot T \ll 2^n/n$, then $\mathsf{BQE} \nsubseteq \mathfrak{C}$, where $\mathsf{BQE} = \mathsf{BQTIME}[2^{O(n)}]$ is an exponential-time analogue of $\mathsf{BQP}$. This result is optimal in both $\gamma$ and $T$, since it is not hard to learn any class $\mathfrak{C}$ of functions in (classical) time $T = 2^n$ (with no error), or in quantum time $T = \mathsf{poly}(n)$ with error at most $1/2 - \Omega(2^{-n/2})$ via Fourier sampling. In other words, even a marginal improvement on these generic learning algorithms would lead to major consequences in complexity theory. Our proof builds on several works in learning theory, pseudorandomness, and computational complexity, and crucially, on a connection between non-trivial classical learning algorithms and circuit lower bounds established by Oliveira and Santhanam (CCC 2017). Extending their approach to quantum learning algorithms turns out to create significant challenges. To achieve that, we show among other results how pseudorandom generators imply learning-to-lower-bound connections in a generic fashion, construct the first conditional pseudorandom generator secure against uniform quantum computations, and extend the local list-decoding algorithm of Impagliazzo, Jaiswal, Kabanets and Wigderson (SICOMP 2010) to quantum circuits via a delicate analysis. We believe that these contributions are of independent interest and might find other applications.

It is of folkloric belief that the security of classical cryptographic protocols is automatically broken if the Adversary is allowed to perform superposition queries and the honest players forced to perform actions coherently on quantum states. Another widely held intuition is that enforcing measurements on the exchanged messages is enough to protect protocols from these attacks. However, the reality is much more complex. Security models dealing with superposition attacks only consider unconditional security. Conversely, security models considering computational security assume that all supposedly classical messages are measured, which forbids by construction the analysis of superposition attacks. Boneh and Zhandry have started to study the quantum computational security for classical primitives in their seminal work at Crypto'13, but only in the single-party setting. To the best of our knowledge, an equivalent model in the multiparty setting is still missing. In this work, we propose the first computational security model considering superposition attacks for multiparty protocols. We show that our new security model is satisfiable by proving the security of the well-known One-Time-Pad protocol and give an attack on a variant of the equally reputable Yao Protocol for Secure Two-Party Computations. The post-mortem of this attack reveals the precise points of failure, yielding highly counter-intuitive results: Adding extra classical communication, which is harmless for classical security, can make the protocol become subject to superposition attacks. We use this newly imparted knowledge to construct the first concrete protocol for Secure Two-Party Computation that is resistant to superposition attacks. Our results show that there is no straightforward answer to provide for either the vulnerabilities of classical protocols to superposition attacks or the adapted countermeasures.

Random access codes have provided many examples of quantum advantage in communication, but concern only one kind of information retrieval task. We introduce a related task - the Torpedo Game - and show that it admits greater quantum advantage than the comparable random access code. Perfect quantum strategies involving prepare-and-measure protocols with experimentally accessible three-level systems emerge via analysis in terms of the discrete Wigner function. The example is leveraged to an operational advantage in a pacifist version of the strategy game Battleship. We pinpoint a characteristic of quantum systems that enables quantum advantage in any bounded-memory information retrieval task. While preparation contextuality has previously been linked to advantages in random access coding we focus here on a different characteristic called sequential contextuality. It is shown not only to be necessary and sufficient for quantum advantage, but also to quantify the degree of advantage. Our perfect qutrit strategy for the Torpedo Game entails the strongest type of inconsistency with non-contextual hidden variables, revealing logical paradoxes with respect to those assumptions.

Recent experimental achievements motivate an ever-growing interest from companies starting to feel the limitations of classical computing. Yet, in light of ongoing privacy scandals, the future availability of quantum computing through remotely accessible servers pose peculiar challenges: Clients with quantum-limited capabilities want their data and algorithms to remain hidden, while being able to verify that their computations are performed correctly. Research in blind and verifiable delegation of quantum computing attempts to address this question. However, available techniques suffer not only from high overheads but also from over-sensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. Hence, while malicious quantum computers are rendered harmless by blind and verifiable protocols, inherent noise severely limits their usability. We address this problem with an efficient, robust, blind, verifiable scheme to delegate deterministic quantum computations with classical inputs and outputs. We show that: 1) a malicious Server can cheat at most with an exponentially small success probability; 2) in case of sufficiently small noise, the protocol succeeds with a probability exponentially close to 1; 3) the overhead is barely a polynomial number of repetitions of the initial computation interleaved with test runs requiring the same physical resources in terms of memory and gates; 4) the amount of tolerable noise, measured by the probability of failing a test run, can be as high as 25% for some computations and will be generally bounded by 12.5% when using a planar graph resource state. The key points are that security can be provided without universal computation graphs and that, in our setting, full fault-tolerance is not needed to amplify the confidence level exponentially close to 1.

We provide several advances to the understanding of the class of Quantum Merlin-Arthur proof systems (QMA), the quantum analogue of NP. First, we answer a longstanding open question by showing that the Consistency of Local Density Matrices problem is QMA-complete under Karp reductions. We also show for the first time a commit-and-open computational zero-knowledge proof system for all of QMA as a quantum analogue of a “sigma” protocol. We then define a Proof of Quantum Knowledge, which guarantees that a prover is effectively in possession of a quantum witness in an interactive proof, and show that our zero-knowledge proof system satisfies this definition. Finally, we show that our proof system can be used to establish that QMA has a quantum non-interactive zero-knowledge proof system in the secret parameters setting. Our main technique consists in developing locally simulatable proofs for all of QMA: this is an encoding of a QMA witness such that it can be efficiently verified by probing only five qubits and, furthermore, the reduced density matrix of any five-qubit subsystem can be computed in polynomial time and is independent of the witness. This construction follows the techniques of Grilo, Slofstra, and Yuen [FOCS 2019].

In a recent breakthrough, Mahadev constructed an interactive protocol that enables a purely classical party to delegate any quantum computation to an untrusted quantum prover. In this work, we show that this same task can in fact be performed non-interactively and in zero-knowledge. Our protocols result from a sequence of significant improvements to the original four-message protocol of Mahadev. We begin by making the first message instance-independent and moving it to an offline setup phase. We then establish a parallel repetition theorem for the resulting three-message protocol, with an asymptotically optimal rate. This, in turn, enables an application of the Fiat-Shamir heuristic, eliminating the second message and giving a non-interactive protocol. Finally, we employ classical non-interactive zero-knowledge (NIZK) arguments and classical fully homomorphic encryption (FHE) to give a zero-knowledge variant of this construction. This yields the first purely classical NIZK argument system for QMA, a quantum analogue of NP. We establish the security of our protocols under standard assumptions in quantum-secure cryptography. Specifically, our protocols are secure in the Quantum Random Oracle Model, under the assumption that Learning with Errors is quantumly hard. The NIZK construction also requires circuit-private FHE.

StoqMA characterizes the computational hardness of stoquastic local Hamiltonians, which is a family of Hamiltonians that does not suffer from the sign problem. Although error reduction is commonplace for many complexity classes, such as BPP, BQP, MA, QMA, etc.,this property remains open for StoqMA since Bravyi, Bessen and Terhal defined this class in 2006. In this note, we show that error reduction forStoqMA will imply that StoqMA = MA.

Authenticated teleportation aims to certify the transmission of a quantum state through teleportation, even in the presence of an adversary. This scenario can be pictured in terms of an untrusted source distributing a Bell state between two parties who wish to verify it using some simple tests. We propose a protocol that achieves this goal in a practical way, and analyse its performance and security when the parties have noisy measurement devices. Further, we model a realistic experimental scenario where the state is subject to noise and dephasing. We finally apply our analysis to the verification of graph states with noisy measurement devices.

Recent works revealed that transmission of light beams carrying orbital-angular-momentum (OAM) through turbulence causes the optical vortex defining these beams to split into multiple vortices with unit topological charge. Here, we consider the numerical propagation of orbital-angular-momentum (OAM) modes through a horizontal atmospheric channel. By analysing the beam’s phase front after transmission through turbulence, we confirm the occurence of vortex splitting, but we also witness the emergence of vortex-antivortex pairs. Moreover, by performing performing a decomposition of the transmitted wave into OAM modes, we show that while adaptive optics cannot cancel vortex splitting, it still is pretty efficient in diminishing the turbulence-induced crosstalk between different OAM modes.

A defining feature in the field of quantum computing is the potential of a quantum device to outperform its classical counterpart for a specific computational task. By now, several proposals exist showing that certain sampling problems can be done efficiently quantumly, but are not possible efficiently classically, assuming strongly held conjectures in complexity theory. A feature dubbed quantum speedup. However, the effect of noise on these proposals is not well understood in general, and in certain cases it is known that simple noise can destroy the quantum speedup. Here we develop a fault-tolerant version of one family of these sampling problems, which we show can be implemented using quantum circuits of constant depth. We present two constructions, each taking $poly(n)$ physical qubits, some of which are prepared in noisy magic states. The first of our constructions is a constant depth quantum circuit composed of single and two-qubit nearest neighbour Clifford gates in four dimensions. This circuit has one layer of interaction with a classical computer before final measurements. Our second construction is a constant depth quantum circuit with single and two-qubit nearest neighbour Clifford gates in three dimensions, but with two layers of interaction with a classical computer before the final measurements. For each of these constructions, we show that there is no classical algorithm which can sample according to its output distribution in $poly(n)$ time, assuming two standard complexity theoretic conjectures hold. The noise model we assume is the so-called local stochastic quantum noise. Along the way, we introduce various new concepts such as constant depth magic state distillation (MSD), and constant depth output routing, which arise naturally in measurement based quantum computation (MBQC), but have no constant-depth analogue in the circuit model.

Weak coin flipping is among the fundamental cryptographic primitives which ensure the security of modern communication networks. It allows two mistrustful parties to remotely agree on a random bit when they favor opposite outcomes. Unlike other two-party computations, one can achieve information-theoretic security using quantum mechanics only: both parties are prevented from biasing the flip with probability higher than $1/2+\epsilon$, where $\epsilon$ is arbitrarily low. Classically, the dishonest party can always cheat with probability $1$ unless computational assumptions are used. Despite its importance, no physical implementation has been proposed for quantum weak coin flipping. Here, we present a practical protocol that requires a single photon and linear optics only. We show that it is fair and balanced even when threshold single-photon detectors are used, and reaches a bias as low as $\epsilon=1/\sqrt{2}-1/2\approx 0.207$. We further show that the protocol may display quantum advantage over a few hundred meters with state-of-the-art technology.

The theory of the asymptotic manipulation of pure bipartite quantum systems can be considered completely understood: the rates at which bipartite entangled states can be asymptotically transformed into each other are fully determined by a single number each, the respective entanglement entropy. In the multipartite setting, similar questions of the optimally achievable rates of transforming one pure state into another are notoriously open. This seems particularly unfortunate in the light of the revived interest in such questions due to the perspective of experimentally realizing multipartite quantum networks. In this Letter, we report substantial progress by deriving simple upper and lower bounds on the rates that can be achieved in asymptotic multipartite entanglement transformations. These bounds are based on ideas of entanglement combing and state merging. We identify cases where the bounds coincide and hence provide the exact rates. As an example, we bound rates at which resource states for the cryptographic scheme of quantum secret sharing can be distilled from arbitrary pure tripartite quantum states. This result provides further scope for quantum internet applications, supplying tools to study the implementation of multipartite protocols over quantum networks.

Instantaneous nonlocal quantum computation (INQC) evades apparent quantum and relativistic constraints and allows to attack generic quantum position verification (QPV) protocols (aiming at securely certifying the location of a distant prover) at an exponential entanglement cost. We consider adversaries sharing maximally entangled pairs of qudits and find low-dimensional INQC attacks against the simple practical family of QPV protocols based on single photons polarized at an angle $\theta$. We find exact attacks against some rational angles, including some sitting outside of the Clifford hierarchy (e.g. $\pi/6$), and show no $\theta$ allows to tolerate errors higher than $\simeq 5\cdot 10^{-3}$ against adversaries holding two ebits per protocol’s qubit.

Quantum physics has led to a revolution in our conception of the nature of our world and is now bringing about a technological revolution. The use of quantum information promises indeed applications that outperform those of today’s so-called classical devices. Continuous variable quantum information theory refers to the study of quantum information encoded in continuous degrees of freedom of quantum systems. This theory extends the mathematical study of quantum information to quantum states in Hilbert spaces of infinite dimension. It offers different perspectives compared to discrete variable quantum information theory and is particularly suitable for the description of quantum states of light. Quantum optics is thus a natural experimental platform for developing quantum applications in continuous variable. This thesis focuses on three main questions: where does a quantum advantage, that is, the ability of quantum machines to outperform classical machines, come from? How to ensure the proper functioning of a quantum machine? What advantages can be gained in practice from the use of quantum information? These three questions are at the heart of the development of future quantum technologies and we provide several answers within the frameworks of continuous variable quantum information and linear quantum optics. Quantum advantage in continuous variable comes in particular from the use of so-called non-Gaussian quantum states. We introduce the stellar formalism to characterize these states. We then study the transition from classically simulable models to models universal for quantum computing. We show that quantum computational supremacy, the dramatic speedup of quantum computers over their classical counterparts, may be realised with non-Gaussian states and Gaussian measurements. Quantum certification denotes the methods seeking to verify the correct functioning of a quantum machine. We consider certification of quantum states in continuous variable, introducing several protocols according to the assumptions made on the tested state. We develop efficient methods for the verification of a large class of multimode quantum states, including the output states of the Boson Sampling model, enabling the experimental verification of quantum supremacy with photonic quantum computing. We give several new examples of practical applications of quantum information in linear quantum optics. Generalising the swap test, we highlight a connection between the ability to distinguish two quantum states and the ability to perform universal programmable quantum measurements, for which we give various implementations in linear optics, based on the use of single photons or coherent states. Finally, we obtain, thanks to linear optics, the first implementation of a quantum protocol for weak coin flipping, a building block for many cryptographic applications.

Quantum physics has led to a revolution in our conception of the nature of our world and is now bringing about a technological revolution. The use of quantum information promises indeed applications that outperform those of today’s so-called classical devices. Continuous variable quantum information theory refers to the study of quantum information encoded in continuous degrees of freedom of quantum systems. This theory extends the mathematical study of quantum information to quantum states in Hilbert spaces of infinite dimension. It offers different perspectives compared to discrete variable quantum information theory and is particularly suitable for the description of quantum states of light. Quantum optics is thus a natural experimental platform for developing quantum applications in continuous variable. This thesis focuses on three main questions: where does a quantum advantage, that is, the ability of quantum machines to outperform classical machines, come from? How to ensure the proper functioning of a quantum machine? What advantages can be gained in practice from the use of quantum information? These three questions are at the heart of the development of future quantum technologies and we provide several answers within the frameworks of continuous variable quantum information and linear quantum optics.

The search for an application of near-term quantum devices is widespread. Quantum machine learning is touted as a potential utilisation of such devices, particularly those out of reach of the simulation capabilities of classical computers. In this work, we study such an application in generative modelling, focussing on a class of quantum circuits known as Born machines. Specifically, we define a subset of this class based on Ising Hamiltonians and show that the circuits encountered during gradient-based training cannot be efficiently sampled from classically up to multiplicative error in the worst case. Our gradient-based training methods use cost functions known as the Sinkhorn divergence and the Stein discrepancy, which have not previously been used in the gradientbased training of quantum circuits, and we also introduce quantum kernels to generative modelling. We show that these methods outperform the previous standard method, which used maximum mean discrepancy (MMD) as a cost function, and achieve this with minimal overhead. Finally, we discuss the ability of the model to learn hard distributions and provide formal definitions for ‘quantum learning supremacy’. We also exemplify the work of this paper by using generative modelling to perform quantum circuit compilation.

Concomitant with the rapid development of quantum technologies, challenging demands arise concerning the certification and characterization of devices. The promises of the field can only be achieved if stringent levels of precision of components can be reached and their functioning guaranteed. This Expert Recommendation provides a brief overview of the known characterization methods of certification, benchmarking, and tomographic recovery of quantum states and processes, as well as their applications in quantum computing, simulation, and communication.

By using highly entangled states, quantum metrology guarantees precision impossible with classical measurements. Unfortunately such states can be very susceptible to noise, and it is a great challenge of the field to maintain quantum advantage in realistic conditions. In this study we investigate the practicality of graph states for quantum metrology. Graph states are a natural resource for much of quantum information, and here we characterize their quantum Fisher information (QFI) for an arbitrary graph state. We then construct families of graph states which approximately achieves the Heisenberg limit, we call these states bundled graph states. We demonstrate that bundled graph states maintain a quantum advantage after being subjected to iid dephasing or finite erasures. This shows that these graph states are good resources for robust quantum metrology. We also quantify the number of n qubit stabilizer states that are useful as a resource for quantum metrology.

The so-called stellar formalism allows to represent the non-Gaussian properties of single-mode quantum states by the distribution of the zeros of their Husimi Q-function in phase-space. We use this representation in order to derive an infinite hierarchy of single-mode states based on the number of zeros of the Husimi Q-function, the stellar hierarchy. We give an operational characterisation of the states in this hierarchy with the minimal number of single-photon additions needed to engineer them, and derive equivalence classes under Gaussian unitary operations. We study in detail the topological properties of this hierarchy with respect to the trace norm, and discuss implications for non-Gaussian state engineering, and continuous variable quantum computing.

We present a simple protocol for certifying graph states in quantum networks using stabiliser measurements. The certification statements can easily be applied to different protocols using graph states. We see for example how it can be used to for measurement based verified quantum compu- tation, certified sampling of random unitaries and quantum metrology and sharing quantum secrets over untrusted channels.

Quantum key distribution (QKD) is one of the first quantum technologies that were able to provide commercially meaningful solutions to the problem of distributing cryptographic keys between trusted parties, guaranteeing long term security. It is now progressing towards technical maturity, by proposing multiple implementation alternatives. In this thesis, we study Continuous-Variables QKD (CV-QKD), which shares many common elements with classical coherent communication systems, and is a good candidate to facilitate the access to QKD for more users.The use of digital signal processing (DSP) techniques typical in classical communications has been only partially exploited in previous CV-QKD implementations. We experimentally implement standard telecommunication techniques like pulse shaping, adaptive filtering and mode recovery in order to improve the quantum secret key rate and optimize the occupied bandwidth.The potential of integration of the components in a photonic integrated circuit (PIC) is another important aspect of CV-QKD. We have tested a silicon photonics PIC integrating a 180º hybrid detector with two germanium photodiodes, showing that measured parameters are compatible with the generation of secret key.One of the most limiting factors of QKD is the performance under lossy channels, which is common in optical fibre for distances in the order of hundred kilometers. The range can be significantly extended using free space communications, and in particular satellites, where the losses at longer distances can be lower than those in fibre. We consider a model for a downlink satellite channel and predict the achievable secret key rates at different altitudes for CV-QKD, resulting in a potentially feasible technology for satellite communications, extending the range to intercontinental distances.

Physical Unclonable Functions (PUFs) are physical devices with unique behavior that are hard to clone. A variety of PUF schemes have been considered in theoretical studies as well as practical implementations of several security primitives such as identification and key generation. Recently, the inherent unclonability of quantum states has been exploited for defining (a partial) quantum analogue to classical PUFs (against limited adversaries). There are also a few proposals for quantum implementations of classical optical PUFs. However, none of these attempts provides a comprehensive study of Quantum Physical Unclonable Functions (QPUFs) with quantum cryptographic tools as we present in this paper. We formally define QPUFs, encapsulating all requirements of classical PUFs as well as introducing new ones inherent to the quantum setting such as testability. We develop a quantum game-based security framework for our analysis and define a new class of quantum attacks, called General Quantum Emulation Attack. This class of attacks exploits previously captured valid challenge-response pairs to emulate the action of an unknown quantum transformation on new input. We devise a concrete attack based on an existing quntum emulation algorithm and use it to show that a family of quantum cryptographic primitives that rely on unknown unitary transformations do not provide existential unforgeability while they provide selective unforgeability. Then, we express our results in the case of QPUF as an unknown unitary transformation.

The functionality of classically-instructed remotely prepared random secret qubits was introduced in (Cojocaru et al 2018) as a way to enable classical parties to participate in secure quantum computation and communications protocols. The idea is that a classical party (client) instructs a quantum party (server) to generate a qubit to the server’s side that is random, unknown to the server but known to the client. Such task is only possible under computational assumptions. In this contribution we define a simpler (basic) primitive consisting of only BB84 states, and give a protocol that realizes this primitive and that is secure against the strongest possible adversary (an arbitrarily deviating malicious server). The specific functions used, were constructed based on known trapdoor one-way functions, resulting to the security of our basic primitive being reduced to the hardness of the Learning With Errors problem. We then give a number of extensions, building on this basic module: extension to larger set of states (that includes non-Clifford states); proper consideration of the abort case; and verifiablity on the module level. The latter is based on “blind self-testing”, a notion we introduced, proved in a limited setting and conjectured its validity for the most general case.

Quantum metrology is a promising practical use case for quantum technologies, where physical quantities can be measured with unprecedented precision. In lieu of quantum error correction procedures, near term quantum devices are expected to be noisy, and we have to make do with noisy probe states. With carefully chosen symmetric probe states inspired by the quantum error correction capabilities of certain symmetric codes, we prove that quantum metrology can exhibit an advantage over classical metrology, even after the probe states are corrupted by a constant number of erasure and dephasing errors. These probe states prove useful for robust metrology not only in the NISQ regime, but also in the asymptotic setting where they achieve Heisenberg scaling. This brings us closer towards making robust quantum metrology a technological reality.

Multipartite entangled states are great resources for quantum networks. In this work we study the distribution, or routing, of entangled states over fixed, but arbitrary, physical networks. Our simplified model represents each use of a quantum channel as the sharing of a Bell pair; local operations and classical communications are considered to be free. We introduce two protocols to distribute respectively Greenberger-Horne-Zeilinger (GHZ) states and arbitrary graph states over arbitrary quantum networks. The GHZ states distribution protocol takes a single step and is optimal in terms of the number of Bell pairs used; the graph state distribution protocol uses at most twice as many Bell pairs and steps than the optimal routing protocol for the worst case scenario.

This thesis is focused on the generation and understanding of particular kinds of quantum randomness. Randomness is useful for many tasks in physics and information processing, from randomized benchmarking , to black hole physics , as well demonstrating a so-called quantum speedup , and many other applications. On the one hand we explore how to generate a particular form of random evolution known as a t-design. On the other we show how this can also give instances for quantum speedup - where classical computers cannot simulate the randomness efficiently. We also show that this is still possible in noisy realistic settings. More specifically, this thesis is centered around three main topics. The first of these being the generation of epsilon-approximate unitary t-designs. In this direction, we first show that non-adaptive, fixed measurements on a graph state composed of poly(n,t,log(1/epsilon)) qubits, and with a regular structure (that of a brickwork state) effectively give rise to a random unitary ensemble which is a epsilon-approximate t-design. This work is presented in Chapter 3. Before this work, it was known that non-adaptive fixed XY measurements on a graph state give rise to unitary t-designs , however the graph states used there were of complicated structure and were therefore not natural candidates for measurement based quantum computing (MBQC), and the circuits to make them were complicated. The novelty in our work is showing that t-designs can be generated by fixed, non-adaptive measurements on graph states whose underlying graphs are regular 2D lattices. These graph states are universal resources for MBQC. Therefore, our result allows the natural integration of unitary t-designs, which provide a notion of quantum pseudorandomness which is very useful in quantum algorithms, into quantum algorithms running in MBQC. Moreover, in the circuit picture this construction for t-designs may be viewed as a constant depth quantum circuit, albeit with a polynomial number of ancillas. We then provide new constructions of epsilon-approximate unitary t-designs both in the circuit model and in MBQC which are based on a relaxation of technical requirements in previous constructions. These constructions are found in Chapters 4 and 5.

In this work we reduce the requirements for generating $t$-designs, an important tool for randomisation with applications across quantum information and physics. We show that random quantum circuits with support over families of $relaxed$ finite sets of unitaries which are approximately universal in $U(4)$ (we call such sets $seeds$), converge towards approximate unitary $t$-designs efficiently in $poly(n,t)$ depth, where $n$ is the number of inputs of the random quantum circuit, and $t$ is the order of the design. We show this convergence for seeds which are relaxed in the sense that every unitary matrix in the seed need not have an inverse in the seed, nor be composed entirely of algebraic entries in general, two requirements which have restricited previous constructions. We suspect the result found here is not optimal, and can be improved. Particularly because the number of gates in the relaxed seeds introduced here grows with $n$ and $t$. We conjecture that constant sized seeds such as those in (Brand~ao, Harrow, and Horodecki, Commun. Math. Phys. 2016) are sufficient.

As research on building scalable quantum computers advances, it is important to be able to certify their correctness. Due to the exponential hardness of classically simulating quantum computation, straight-forward verification via this means fails. However, we can classically simulate small scale quantum computations and hence we are able to test that devices behave as expected in this domain. This constitutes the first step towards obtaining confidence in the anticipated quantum-advantage when we extend to scales that can no longer be simulated. Real devices have restrictions due to their architecture and limitations due to physical imperfections and noise. In this paper we extend the usual ideal simulations by considering those effects. We provide a general methodology and framework for constructing simulations which emulate the physical system. These simulations should provide a benchmark for realistic devices and guide experimental research in the quest for quantum-advantage. To illustrate our methodology we give examples that involve networked architectures and the noise-model of the device developed by the Networked Quantum Information Technologies Hub (NQIT). For our simulations we use, with suitable modification, the classical simulator of Bravyi and Gosset while the specific problems considered belong to the Instantaneous Quantum Polynomial-time class. This class is believed to be hard for classical computational devices, and is regarded as a promising candidate for the first demonstration of quantum-advantage. We first consider a subclass of IQP, defined by Bermejo-Vega et al, involving two-dimensional dynamical quantum simulators, and then general instances of IQP, restricted to the architecture of NQIT.

We prove a conjecture due to Wanless about the permanent of Hadamard matrices in the particular case of Sylvester-Hadamard matrices. Namely we show that for all n greater or equal to 2, the dyadic valuation of the permanent of the Sylvester-Hadamard matrix of order n is equal to the dyadic valuation of n!. As a consequence, the permanent of the Sylvester-Hadamard matrix of order n doesn’t vanish for n greater or equal to 2.

We introduce a protocol for authenticated teleportation, which can be proven secure even when the receiver does not trust their measurement devices, and is experimentally accessible. We use the technique of self-testing from the device-independent approach to quantum information, where we can characterise quantum states and measurements from the exhibited classical correlations alone. First, we derive self-testing bounds for the Bell state and Pauli $\sigma_X, \sigma_Z$ measurements, that are robust enough to be implemented in the lab. Then, we use these to determine a lower bound on the fidelity of an untested entangled state to be used for teleportation. Finally, we apply our results to propose an experimentally feasible protocol for one-sided device-independent authenticated teleportation. This can be interpreted as a first practical authentication of a quantum channel, with additional one-sided device-independence.

In August 2015 the cryptographic world was shaken by a sudden and surprising announcement by the US National Security Agency NSA concerning plans to transition to post-quantum algorithms. Since this announcement post-quantum cryptography has become a topic of primary interest for several standardization bodies. The transition from the currently deployed public-key algorithms to post-quantum algorithms has been found to be challenging in many aspects. In particular the problem of evaluating the quantum-bit security of such post-quantum cryptosystems remains vastly open. Of course this question is of primarily concern in the process of standardizing the post-quantum cryptosystems. In this paper we consider the quantum security of the problem of solving a system of {\it $m$ Boolean multivariate quadratic equations in $n$ variables} (\MQb); a central problem in post-quantum cryptography. When $n=m$, under a natural algebraic assumption, we present a Las-Vegas quantum algorithm solving \MQb{} that requires the evaluation of, on average, $O(2^{0.462n})$ quantum gates. To our knowledge this is the fastest algorithm for solving \MQb{}.

We consider a protocol for sharing quantum states using continuous variable systems. Specifically we introduce an encoding procedure where bosonic modes in arbitrary secret states are mixed with several ancillary squeezed modes through a passive interferometer. We derive simple conditions on the interferometer for this encoding to define a secret sharing protocol and we prove that they are satisfied by almost any interferometer. This implies that, if the interferometer is chosen uniformly at random, the probability that it may not be used to implement a quantum secret sharing protocol is zero. Furthermore, we show that the decoding operation can be obtained and implemented efficiently with a Gaussian unitary using a number of single-mode squeezers that is at most twice the number of modes of the secret, regardless of the number of players. We benchmark the quality of the reconstructed state by computing the fidelity with the secret state as a function of the input squeezing.

Blind delegation protocols allow a client to delegate a computation to a server so that the server learns nothing about the input to the computation apart from its size. For the specific case of quantum computation we know that blind delegation protocols can achieve information-theoretic security. In this paper we prove, provided certain complexity-theoretic conjectures are true, that the power of information-theoretically secure blind delegation protocols for quantum computation (ITS-BQC protocols) is in a number of ways constrained. In the first part of our paper we provide some indication that ITS-BQC protocols for delegating $\sf BQP$ computations in which the client and the server interact only classically are unlikely to exist. We first show that having such a protocol with $O(n^d)$ bits of classical communication implies that $\mathsf{BQP} \subset \mathsf{MA/O(n^d)}$. We conjecture that this containment is unlikely by providing an oracle relative to which $\mathsf{BQP} \not\subset \mathsf{MA/O(n^d)}$. We then show that if an ITS-BQC protocol exists with polynomial classical communication and which allows the client to delegate quantum sampling problems, then there exist non-uniform circuits of size $2^{n - \mathsf{\Omega}(n/log(n))}$, making polynomially-sized queries to an $\sf NP^{NP}$ oracle, for computing the permanent of an $n \times n$ matrix. The second part of our paper concerns ITS-BQC protocols in which the client and the server engage in one round of quantum communication and then exchange polynomially many classical messages. First, we provide a complexity-theoretic upper bound on the types of functions that could be delegated in such a protocol, namely $\mathsf{QCMA/qpoly \cap coQCMA/qpoly}$. Then, we show that having such a protocol for delegating $\mathsf{NP}$-hard functions implies $\mathsf{coNP^{NP^{NP}}} \subseteq \mathsf{NP^{NP^{PromiseQMA}}}$.

The search for an application of near-term quantum devices is widespread. Quantum Machine Learning is touted as a potential utilisation of such devices, particularly those which are out of the reach of the simulation capabilities of classical computers. In this work, we propose a generative Quantum Machine Learning Model, called the Ising Born Machine (IBM), which we show cannot, in the worst case, and up to suitable notions of error, be simulated efficiently by a classical device. We also show this holds for all the circuit families encountered during training. In particular, we explore quantum circuit learning using non-universal circuits derived from Ising Model Hamiltonians, which are implementable on near term quantum devices. We propose two novel training methods for the IBM by utilising the Stein Discrepancy and the Sinkhorn Divergence cost functions. We show numerically, both using a simulator within Rigetti’s Forest platform and on the Aspen-1 16Q chip, that the cost functions we suggest outperform the more commonly used Maximum Mean Discrepancy (MMD) for differentiable training. We also propose an improvement to the MMD by proposing a novel utilisation of quantum kernels which we demonstrate provides improvements over its classical counterpart. We discuss the potential of these methods to learn hard' quantum distributions, a feat which would demonstrate the advantage of quantum over classical computers, and provide the first formal definitions for what we call Quantum Learning Supremacy’. Finally, we propose a novel view on the area of quantum circuit compilation by using the IBM to `mimic’ target quantum circuits using classical output data only.

We establish a lower bound on the asymptotic secret key rate of continuous-variable quantum key distribution with a discrete modulation of coherent states. The bound is valid against collective attacks and is obtained by formulating the problem as a semidefinite program. We illustrate our general approach with the quadrature-phase-shift-keying modulation scheme and show that distances over 100 km are achievable for realistic values of noise. We also discuss the application to more complex quadrature-amplitude-modulation schemes. This result opens the way to establishing the full security of continuous-variable protocols with a discrete modulation, and thereby to the large-scale deployment of these protocols for quantum key distribution.

Contextuality is a non-classical behaviour that can be exhibited by quantum systems. It is increasingly studied for its relationship to quantum-over-classical advantages in informatic tasks. To date, it has largely been studied in discrete variable scenarios, where observables take values in discrete and usually finite sets. Practically, on the other hand, continuous-variable scenarios offer some of the most promising candidates for implementing quantum computations and informatic protocols. Here we set out a framework for treating contextuality in continuous-variable scenarios. It is shown that the Fine–Abramsky–Brandenburger theorem extends to this setting, an important consequence of which is that nonlocality can be viewed as a special case of contextuality, as in the discrete case. The contextual fraction, a quantifiable measure of contextuality that bears a precise relationship to Bell inequality violations and quantum advantages, can also be defined in this setting. It is shown to be a non-increasing monotone with respect to classical operations that include binning to discretise data. Finally, we consider how the contextual fraction can be formulated as an infinite linear program, and calculated with increasing accuracy using semi-definite programming approximations.

Quantum communication networks have the potential to revolutionize information and communication technologies. Here we are interested in a fundamental property and formidable challenge for any communication network, that of guaranteeing the anonymity of a sender and a receiver when a message is transmitted through the network, even in the presence of malicious parties. We provide the first practical protocol for anonymous communication in realistic quantum networks.

At its core a $t$-design is a method for sampling from a set of unitaries in a way which mimics sampling randomly from the Haar measure on the unitary group, with applications across quantum information processing and physics. We construct new families of quantum circuits on $n$-qubits giving rise to $\varepsilon$-approximate unitary $t$-designs efficiently in $O(n^3t^2)$ depth. These quantum circuits are based on a relaxation of technical requirements in previous constructions. In particular, the construction of circuits which give efficient approximate $t$-designs by Brandao, Harrow, and Horodecki (F.G.S.L Brandao, A.W Harrow, and M. Horodecki, Commun. Math. Phys. (2016).) required choosing gates from ensembles which contained inverses for all elements, and that the entries of the unitaries are algebraic. We reduce these requirements, to sets that contain elements without inverses in the set, and non-algebraic entries, which we dub partially invertible universal sets. We then adapt this circuit construction to the framework of measurement based quantum computation(MBQC) and give new explicit examples of $n$-qubit graph states with fixed assignments of measurements (graph gadgets) giving rise to unitary $t$-designs based on partially invertible universal sets, in a natural way. We further show that these graph gadgets demonstrate a quantum speedup, up to standard complexity theoretic conjectures. We provide numerical and analytical evidence that almost any assignment of fixed measurement angles on an $n$-qubit cluster state give efficient $t$-designs and demonstrate a quantum speedup.

The no-cloning property of quantum mechanics allows unforgeability of quantum banknotes and credit cards. Quantum credit card protocols involve a bank, a client and a payment terminal, and their practical implementation typically relies on encoding information on weak coherent states of light. Here, we provide a security proof in this practical setting for semi-device-independent quantum money with classical verification, involving an honest bank, a dishonest client and a potentially untrusted terminal. Our analysis uses semidefinite programming in the coherent state framework and aims at simultaneously optimizing over the noise and losses introduced by a dishonest party. We discuss secure regimes of operation in both fixed and randomized phase settings, taking into account experimental imperfections. Finally, we study the evolution of protocol security in the presence of a decohering optical quantum memory and identify secure credit card lifetimes for a specific configuration.

Continuous-Variable (CV) devices are a promising platform for demonstrating large-scale quantum information protocols. In this framework, we define a general quantum computational model based on a CV hardware. It consists of vacuum input states, a finite set of gates - including non-Gaussian elements - and homodyne detection. We show that this model incorporates encodings sufficient for probabilistic fault-tolerant universal quantum computing. Furthermore, we show that this model can be adapted to yield sampling problems that cannot be simulated efficiently with a classical computer, unless the polynomial hierarchy collapses. This allows us to provide a simple paradigm for short-term experiments to probe quantum advantage relying on Gaussian states, homodyne detection and some form of non-Gaussian evolution. We finally address the recently introduced model of Instantaneous Quantum Computing in CV, and prove that the hardness statement is robust with respect to some experimentally relevant simplifications in the definition of that model.

We present a scheme for a universal device which can be programed by quantum states to approximate a chosen projective measurement to a given precision. Our scheme can be viewed as an extension of the swap test to the instance where one state is supplied many times. As such, it has many potential applications given the variety of quantum information tasks which make use of the swap test. In particular, we show that our scheme is optimal for state discrimination under the one-sided error requirement, and optimally approximates any projective measurement. Furthermore, we propose a practical implementation of our scheme with passive linear optics, which involves a simple interferometer composed only of balanced beam splitters.

With experimental quantum computing technologies now in their infancy, the search for efficient means of testing the correctness of these quantum computations is becoming more pressing. An approach to the verification of quantum computation within the framework of interactive proofs has been fruitful for addressing this problem. Specifically, an untrusted agent (prover) alleging to perform quantum computations can have his claims verified by another agent (verifier) who only has access to classical computation and a small quantum device for preparing or measuring single qubits. However, when this quantum device is prone to errors, verification becomes challenging and often existing protocols address this by adding extra assumptions, such as requiring the noise in the device to be uncorrelated with the noise on the prover’s devices. In this paper, we present a simple protocol for verifying quantum computations, in the presence of noisy devices, with no extra assumptions. This protocol is based on post hoc techniques for verification, which allow for the prover to know the desired quantum computation and its input. We also perform a simulation of the protocol, for a one-qubit computation, and find the error thresholds when using the qubit repetition code as well as the Steane code.

Demonstrating quantum superiority for some computational task will be a milestone for quantum technologies and would show that computational advantages are possible not only with a universal quantum computer but with simpler physical devices. Linear optics is such a simpler but powerful platform where classically-hard information processing tasks, such as Boson Sampling, can be in principle implemented. In this work, we study a fundamentally different type of computational task to achieve quantum superiority using linear optics, namely the task of verifying NP-complete problems. We focus on a protocol by Aaronson et al. (2008) that uses quantum proofs for verification. We show that the proof states can be implemented in terms of a single photon in an equal superposition over many optical modes. Similarly, the tests can be performed using linear-optical transformations consisting of a few operations: a global permutation of all modes, simple interferometers acting on at most four modes, and measurement using single-photon detectors. We also show that the protocol can tolerate experimental imperfections.

We define the functionality of delegated pseudo-secret random qubit generator (PSRQG), where a classical client can instruct the preparation of a sequence of random qubits at some distant party. Their classical description is (computationally) unknown to any other party (including the distant party preparing them) but known to the client. We emphasize the unique feature that no quantum communication is required to implement PSRQG. This enables classical clients to perform a class of quantum communication protocols with only a public classical channel with a quantum server. A key such example is the delegated universal blind quantum computing. Using our functionality one could achieve a purely classical-client computational secure verifiable delegated universal quantum computing (also referred to as verifiable blind quantum computation). We give a concrete protocol (QFactory) implementing PSRQG, using the Learning-With-Errors problem to construct a trapdoor one-way function with certain desired properties (quantum-safe, two-regular, collision-resistant). We then prove the security in the Quantum-Honest-But-Curious setting and briefly discuss the extension to the malicious case.

Recent advances at Google, IBM, as well as a number of research groups indicate that quantum computers will soon be reality. Motivated by the ever more realistic threat quantum computers pose to existing classical cryptographic protocols, researchers have developed several schemes to resist “quantum attacks”. In particular, for electronic voting, several e-voting schemes relying on properties of quantum mechanics have been proposed. However, each of these proposals comes with a different and often not well-articulated corruption model, has different objectives, and is accompanied by security claims which are never formalized and are at best justified only against specific attacks. In this paper, we systematize and evaluate the security of suggested e-voting protocols based on quantum technology. We examine the claims of these works concerning privacy, correctness and verifiability, and if they are correctly attributed to the proposed protocols. In all non-trivial cases, we identified specific quantum attacks that violate these properties. We argue that the cause of these failures lies in the absence of formal security models and in a more general lack of reference to the existing cryptographic literature.

The intrinsic non-locality of correlations in Quantum Mechanics allow us to certify the behaviour of a quantum mechanism in a device independent way. In particular, we present a new protocol that allows an unbounded amount of randomness to be certified as being legitimately the consequence of a measurement on a quantum state. By using a sequence of non-projective measurements on single state, we show a more robust method to certify unbounded randomness than the protocol of [5], by moving to a one-sided device independent scenario. This protocol also does not assume any specific behaviour of the adversary trying to fool the participants in the protocol, which is an advantage over previous steering based protocols. We present numerical results which confirm the optimal functioning of this protocol in the ideal case. Furthermore, we also study an experimental scenario to determine the feasibility of the protocol in a realistic implementation. The effect of depolarizing noise is examined, by studying a potential state produced by a networked system of ion traps.

Models of quantum systems on curved space-times lack sufficient experimental verification. Some speculative theories suggest that quantum properties, such as entanglement, may exhibit entirely different behavior to purely classical systems. By measuring this effect or lack thereof, we can test the hypotheses behind several such models. For instance, as predicted by Ralph and coworkers [T C Ralph, G J Milburn, and T Downes, Phys. Rev. A, 79(2):22121, 2009, T C Ralph and J Pienaar, New Journal of Physics, 16(8):85008, 2014], a bipartite entangled system could decohere if each particle traversed through a different gravitational field gradient. We propose to study this effect in a ground to space uplink scenario. We extend the above theoretical predictions of Ralph and coworkers and discuss the scientific consequences of detecting/failing to detect the predicted gravitational decoherence. We present a detailed mission design of the European Space Agency’s (ESA) Space QUEST (Space - Quantum Entanglement Space Test) mission, and study the feasibility of the mission schema.

We experimentally show how multiband dispersion properties of inhibited-coupling hollow-core fibers allow to control the spectral correlations of photon pairs generated through four-wave-mixing in a fiber filled with non-linear gas.

Quantum computing is emerging at a meteoric pace from a pure academic field to a fully industrial framework. Rapid advances are happening both in the physical realisations of quantum chips, and in their potential software applications. In contrast, we are not seeing that rapid growth in the design and verification methodologies for scaled-up quantum machines. In this work we describe the field of verification of quantum computers. We discuss the underlying concepts of this field, its theoretical and practical challenges, and state-of-the-art approaches to addressing those challenges. The goal of this paper is to help facilitate early efforts to adapt and create verification methodologies for quantum computers and systems. Without such early efforts, a debilitating gap may form between the state-of-the-art of low level physical technologies for quantum computers, and our ability to build medium, large, and very large scale integrated quantum circuits (M/L/VLSIQ).

Steering, a quantum property stronger than entanglement but weaker than non-locality in the quantum correlation hierarchy, is a key resource for one-sided device-independent quantum key distribution applications, in which only one of the communicating parties is trusted. A fine-grained steering inequality was introduced in [PRA 90 050305(R) (2014)], enabling for the first time the detection of steering in all steerable two-qubit Werner states using only two measurement settings. Here we numerically and experimentally investigate this inequality for generalized Werner states and successfully detect steerability in a wide range of two-photon polarization-entangled Bell local states generated by a parametric down-conversion source.

In this work, we demonstrate a way to perform classical multiparty computing among parties with limited computational resources. Our method harnesses quantum resources to increase the computational power of the individual parties. We show how a set of clients restricted to linear classical processing are able to jointly compute a nonlinear multivariable function that lies beyond their individual capabilities. The clients are only allowed to perform classical xor gates and single-qubit gates on quantum states. We also examine the type of security that can be achieved in this limited setting. Finally, we provide a proof-of-concept implementation using photonic qubits that allows four clients to compute a specific example of a multiparty function, the pairwise AND.

Blind quantum computing (BQC) allows a client to have a server carry out a quantum computation for them such that the client’s input, output, and computation remain private. A desirable property for any BQC protocol is verification, whereby the client can verify with high probability whether the server has followed the instructions of the protocol or if there has been some deviation resulting in a corrupted output state. A verifiable BQC protocol can be viewed as an interactive proof system leading to consequences for complexity theory. We previously proposed [A. Broadbent, J. Fitzsimons, and E. Kashefi, in Proceedings of the 50th Annual Symposium on Foundations of Computer Science, Atlanta, 2009 (IEEE, Piscataway, 2009), p. 517] a universal and unconditionally secure BQC scheme where the client only needs to be able to prepare single qubits in separable states randomly chosen from a finite set and send them to the server, who has the balance of the required quantum computational resources. In this paper we extend that protocol with additional functionality allowing blind computational basis measurements, which we use to construct another verifiable BQC protocol based on a different class of resource states. We rigorously prove that the probability of failing to detect an incorrect output is exponentially small in a security parameter, while resource overhead remains polynomial in this parameter. This resource state allows entangling gates to be performed between arbitrary pairs of logical qubits with only constant overhead. This is a significant improvement on the original scheme, which required that all computations to be performed must first be put into a nearest-neighbor form, incurring linear overhead in the number of qubits. Such an improvement has important consequences for efficiency and fault-tolerance thresholds.

The universal blind quantum computation protocol (UBQC) enables an almost classical client to delegate a quantum computation to an untrusted quantum server (in the form of a garbled quantum circuit) while the security for the client is unconditional. In this contribution, we explore the possibility of extending the verifiable UBQC, to achieve further functionalities following the analogous research for classical circuits (Yao 1986). First, exploring the asymmetric nature of UBQC (the client preparing only single qubits, while the server runs the entire quantum computation), we present a “Yao”-type protocol for secure two-party quantum computation. Similar to the classical setting, our quantum Yao protocol is secure against a specious (quantum honest-but-curious) garbler, but in our case, against a (fully) malicious evaluator. Unlike the previous work on quantum two-party computation of Dupuis et al., 2010, we do not require any online-quantum communication between the garbler and the evaluator and, thus, no extra cryptographic primitive. This feature will allow us to construct a simple universal one-time compiler for any quantum computation using one-time memory, in a similar way to the classical work of Goldwasser et al., 2008, while more efficiently than the previous work of Broadbent et al., 2013.

Recent developments have brought the possibility of achieving scalable quantum networks and quantum devices closer. From the computational point of view these emerging technologies become relevant when they are no longer classically simulatable. Hence a pressing challenge is the construction of practical methods to verify the correctness of the outcome produced by universal or non-universal quantum devices. A promising approach that has been extensively explored is the scheme of verification via encryption through blind quantum computation. We present here a new construction that simplifies the required resources for any such verifiable protocol. We obtain an overhead that is linear in the size of the input (computation), while the security parameter remains independent of the size of the computation and can be made exponentially small (with a small extra cost). Furthermore our construction is generic and could be applied to any universal or non-universal scheme with a given underlying graph.

The relationship between correlations and entanglement has played a major role in understanding quantum theory since the work of Einstein et al (1935 Phys. Rev. 47 777–80). Tsirelson proved that Bell states, shared among two parties, when measured suitably, achieve the maximum non-local correlations allowed by quantum mechanics (Cirel’son 1980 Lett. Math. Phys. 4 93–100). Conversely, Reichardt et al showed that observing the maximal correlation value over a sequence of repeated measurements, implies that the underlying quantum state is close to a tensor product of maximally entangled states and, moreover, that it is measured according to an ideal strategy (Reichardt et al 2013 Nature 496 456–60). However, this strong rigidity result comes at a high price, requiring a large number of entangled pairs to be tested. In this paper, we present a significant improvement in terms of the overhead by instead considering quantum steering where the device of the one side is trusted. We first demonstrate a robust one-sided device-independent version of self-testing, which characterises the shared state and measurement operators of two parties up to a certain bound. We show that this bound is optimal up to constant factors and we generalise the results for the most general attacks. This leads us to a rigidity theorem for maximal steering correlations. As a key application we give a one-sided device-independent protocol for verifiable delegated quantum computation, and compare it to other existing protocols, to highlight the cost of trust assumptions. Finally, we show that under reasonable assumptions, the states shared in order to run a certain type of verification protocol must be unitarily equivalent to perfect Bell states.

Secure communication is emerging as a significant challenge for our hyper-connected data-dependent society. The answer may lie in a clever combination of quantum and classical cryptographic techniques.

We have theoretically investigated the possibility of using any of several continuous-variable Bell-type inequalities - for which the dichotomic measurements are achieved with coarse-grained quadrature (homodyne) measurements - in a multi-party configuration where each participant is given a section, in the frequency domain, of the output of an optical parametric oscillator which has been synchronously-pumped with a frequency comb. Such light sources are undergoing intense study due to their novel properties, including the potential for production of light entangled in many hundreds of physical modes - a critical component for many proposals in optical or hybrid-optical quantum computation proposals. The situation we study notably uses only highly-efficient optical homodyne detection, meaning that in such systems the fair-sampling loophole would be relatively easy to avoid.

With the development of delegated quantum computation, clients will want to ensure confidentiality of their data and algorithms, and the integrity of their computations. While protocols for blind and verifiable quantum computation exist, they suffer from high overheads and from over-sensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. We introduce the first blind and verifiable protocol for delegating BQP computations to a powerful server with repetition as the only overhead. It is composable and statistically secure with exponentially-low bounds and can tolerate a constant amount of global noise.

We introduce a simple single-system game inspired by the Clauser-Horne-Shimony-Holt (CHSH) game. For qubit systems subjected to unitary gates and projective measurements, we prove that any strategy in our game can be mapped to a strategy in the CHSH game, which implies that Tsirelson’s bound also holds in our setting. More generally, we show that the optimal success probability depends on the reversible or irreversible character of the gates, the quantum or classical nature of the system, and the system dimension. We analyze the bounds obtained in light of Landauer’s principle, showing the entropic costs of the erasure associated with the game. This demonstrates a connection between the reversibility in fundamental operations embodied by Landauer’s principle and Tsirelson’s bound that arises from the restricted physics of a unitarily evolving single-qubit system.

The transversely confined propagating modes of an optical fiber mediate virtually infinite range energy exchanges among atoms placed within their field, which adds to the inherent free space dipole-dipole coupling. Typically, the single atom free space decay rate largely surpasses the emission rate into the guided fiber modes. However, scaling up the atom number as well as the system size amounts to entering a collective emission regime, where fiber-induced superradiant spontaneous emission dominates over free space decay. We numerically study this super-and subradiant decay of highly excited atomic states for one or several transverse fiber modes as present in hollow core fibers. As particular excitation scenarios we compare the decay of a totally inverted state to the case of π/2 pulses applied transversely or along the fiber axis as in standard Ramsey or Rabi interferometry. While a mean field approach fails to correctly describe the initiation of superradiance, a second-order approximation accounting for pairwise atom-atom quantum correlations generally proves sufficient to reliably describe superradiance of ensembles from two to a few hundred particles. In contrast, a full account of subradiance requires the inclusion of all higher order quantum correlations. Considering multiple guided modes introduces a natural effective cutoff for the interaction range emerging from the dephasing of different fiber contributions.

Electronic voting is a very useful but challenging internet-based protocol that despite many theoretical approaches and various implementations with different degrees of success, remains a contentious topic due to issues in reliability and security. Here we present a quantum protocol that exploits an untrusted source of multipartite entanglement to carry out an election without relying on election authorities, simultaneous broadcasting, or computational assumptions, and whose result is publicly verifiable. The level of security depends directly on the fidelity of the shared multipartite entangled quantum state, and the protocol can be readily implemented for a few voters with state-of-the-art photonic technology.

We introduce a notion of contextuality for transformations in sequential contexts, distinct from the Bell-Kochen-Specker and Spekkens notions of contextuality. Within a transformation-based model for quantum computation we show that strong sequential-transformation contextuality is necessary and sufficient for deterministic computation of non-linear functions if classical components are restricted to mod2-linearity and matching constraints apply to any underlying ontology. For probabilistic computation, sequential-transformation contextuality is necessary and sufficient for advantage in this task and the degree of advantage quantifiably relates to the degree of contextuality.

In the framework of Impagliazzo’s five worlds, a distinction is often made between two worlds, one where public-key encryption exists (Cryptomania), and one in which only one-way functions exist (MiniCrypt). However, the boundaries between these worlds can change when quantum information is taken into account. Recent work has shown that quantum variants of oblivious transfer and multi-party computation, both primitives that are classically in Cryptomania, can be constructed from one-way functions, placing them in the realm of quantum MiniCrypt (the so-called MiniQCrypt). This naturally raises the following question: Is it possible to construct a quantum variant of public-key encryption, which is at the heart of Cryptomania, from one-way functions or potentially weaker assumptions? In this work, we initiate the formal study of the notion of quantum public-key encryption (qPKE), i.e., public-key encryption where keys are allowed to be quantum states. We propose new definitions of security and several constructions of qPKE based on the existence of one-way functions (OWF), or even weaker assumptions, such as pseudorandom function-like states (PRFS) and pseudorandom function-like states with proof of destruction (PRFSPD). Finally, to give a tight characterization of this primitive, we show that computational assumptions are necessary to build quantum public-key encryption. That is, we give a self-contained proof that no quantum public-key encryption scheme can provide information-theoretic security.

We consider a device which can be programed using coherent states of light to approximate a given projective measurement on an input coherent state. We provide and discuss three practical implementations of this programmable projective measurement device with linear optics, involving only balanced beam splitters and single photon threshold detectors. The three schemes optimally approximate any projective measurement onto a program coherent state. We further extend these to the case where there are no assumptions on the input state. In this setting, we show that our scheme enables an efficient verification of an unbounded untrusted source with only local coherent states, balanced beam splitters, and threshold detectors. Exploiting the link between programmable measurements and generalized swap test, we show as a direct application that our schemes provide an asymptotically quadratic improvement in existing quantum fingerprinting protocol to approximate the Euclidean distance between two unit vectors.

Mistrustful cryptography includes important tasks like bit commitment, oblivious transfer, coin flipping, secure computations, position authentication, digital signatures and secure unforgeable tokens. Practical quantum implementations presently use photonic setups. In many such implementations, Alice sends photon pulses encoding quantum states and Bob chooses measurements on these states. In practice, Bob generally uses single-photon threshold detectors, which cannot distinguish the number of photons in detected pulses. Also, losses and other imperfections require Bob to report the detected pulses. Thus, malicious Alice can send and track multiphoton pulses and thereby gain information about Bob’s measurement choices, violating the protocols’ security. Here, we provide a theoretical framework for analyzing such multiphoton attacks, and present known and new attacks. We illustrate the power of these attacks with an experiment, and study their application to earlier experimental demonstrations of mistrustful quantum cryptography. We analyze countermeasures based on selective reporting and prove them inadequate. We also discuss side-channel attacks where Alice controls further degrees of freedom or sends other physical systems.

Spectro-temporal modes of light can be exploited for the generation of high-dimensional Gaussian quantum states. Such states are at the basis of continuous variable quantum information protocols where they have to support mode-selective non-Gaussian operations. We develop a general framework for single-photon addition on multimode states of light via parametric down conversion (PDC) processes. We identify the analytical conditions for single-mode and mode-selective photon addition. We show that spectral mode selectivity can be achieved in the type-II collinear down conversion, while single-mode condition are retrieved for noncollinear type-I and type-II processes. Numerical results are shown for photon addition in PDC process at near-infrared and telecommunications wavelengths.

The network structure offers in principle the possibility for novel forms of quantum nonlocal correlations, that are proper to networks and cannot be traced back to standard quantum Bell nonlocality. Here we define a notion of genuine network quantum nonlocality. Our approach is operational and views standard quantum nonlocality as a resource for producing correlations in networks. We show several examples of correlations that are genuine network nonlocal, considering the so-called bilocality network of entanglement swapping. In particular, we present an example of quantum self-testing which relies on the network structure; the considered correlations are non-bilocal, but are local according to the usual definition of Bell locality.

Photonic quantum technologies represent a promising platform for applications ranging from long-distance secure communications to the simulation of complex phenomena. Among the different material platforms, direct bandgap semiconductors offer a wide range of functionalities opening promising perspectives for the implementation of future quantum technologies. In this paper, we review our progress on the generation and manipulation of quantum states of light in nonlinear AlGaAs chips and their use in quantum networks.

Multi-plane light conversion allows to perform arbitrary transformations on a finite set of spatial modes with no theoretical restriction to the quality of the transformation. Even though the number of shaped modes is in general small, the number of modes transmitted by a multi-plane light converter (MPLC) is extremely large. In this work, we aim to characterize the transmission properties of a multi-plane light converter inside and, for the first time, outside the design-modes subspace. By numerically reconstructing the transmission matrix of such systems, we individuate new ways to evaluate their efficiency in performing the design transformation. Moreover, we develop an analytical random matrix model that suggests that in the regime of a large number of shaped modes an MPLC behaves like a random scattering medium with limited number of controlled channels.

Wiesner’s unforgeable quantum money scheme is widely celebrated as the first quantum information application. Based on the no-cloning property of quantum mechanics, this scheme allows for the creation of credit cards used in authenticated transactions offering security guarantees impossible to achieve by classical means. However, despite its central role in quantum cryptography, its experimental implementation has remained elusive because of the lack of quantum memories and of practical verification techniques. Here, we experimentally implement a quantum money protocol relying on classical verification that rigorously satises the security condition for unforgeability. Our system exploits polarization encoding of weak coherent states of light and operates under conditions that ensure compatibility with state-of-the-art quantum memories. We derive working regimes for our system using a security analysis taking into account all practical imperfections. Our results constitute a major step towards a real-world realization of this milestone protocol.

Demonstrating a quantum advantage with currently available experimental systems is of utmost importance in quantum information science. While this remains elusive for quantum computation, the field of communication complexity offers the possibility to already explore and showcase this advantage for useful tasks. Here, we define such a task, the Sampling Matching problem, which is inspired by the Hidden Matching problem and features an exponential gap between quantum and classical protocols in the one-way communication model. Our problem allows by its conception a photonic implementation based on encoding in the phase of coherent states of light, the use of a fixed size linear optic circuit, and single-photon detection. This enables us to demonstrate in a proof-of-principle experiment an advantage in the transmitted information resource over the best known classical protocol, something impossible to reach for the original Hidden Matching problem. Our demonstration has implications in quantum verification and cryptographic settings.

As in modern communication networks, the security of quantum networks will rely on complex cryptographic tasks that are based on a handful of fundamental primitives. Weak coin flipping (WCF) is a significant such primitive which allows two mistrustful parties to agree on a random bit while they favor opposite outcomes. Remarkably, perfect information-theoretic security can be achieved in principle for quantum WCF. Here, we overcome conceptual and practical issues that have prevented the experimental demonstration of this primitive to date, and demonstrate how quantum resources can provide cheat sensitivity, whereby each party can detect a cheating opponent, and an honest party is never sanctioned. Such a property is not known to be classically achievable with information-theoretic security. Our experiment implements a refined, loss-tolerant version of a recently proposed theoretical protocol and exploits heralded single photons generated by spontaneous parametric down conversion, a carefully optimized linear optical interferometer including beam splitters with variable reflectivities and a fast optical switch for the verification step. High values of our protocol benchmarks are maintained for attenuation corresponding to several kilometers of telecom optical fiber.

We investigate the impact of Hilbert-space truncation upon the entanglement of an initially maximally entangled m × m bipartite quantum state, after propagation under an entanglement-preserving n × n (n ≥ m) unitary. Truncation-physically enforced, e.g., by a detector’s finite cross section-projects the state onto an s × s-dimensional subspace (3 ≤ s ≤ n). For a random local unitary evolution, we obtain a simple analytical formula that expresses the truncation-induced entanglement loss as a function of n, m and s.

It has recently been shown that by broadcasting the subsystems of a bipartite quantum state, one can activate Bell nonlocality and significantly improve noise tolerance bounds for device-independent entanglement certification. In this work we strengthen these results and explore new aspects of this phenomenon. First, we prove new results related to the activation of Bell nonlocality. We construct Bell inequalities tailored to the broadcast scenario, and show how broadcasting can lead to even stronger notions of Bell nonlocality activation. In particular, we exploit these ideas to show that bipartite states admitting a local hidden-variable model for general measurements can lead to genuine tripartite nonlocal correlations. We then study device-independent entanglement certification in the broadcast scenario, and show through semidefinite programming techniques that device-independent entanglement certification is possible for the two-qubit Werner state in essentially the entire range of entanglement. Finally, we extend the concept of EPR steering to the broadcast scenario, and present novel examples of activation of the two-qubit isotropic state. Our results pave the way for broadcast-based device-independent and semi-device-independent protocols.

We consider a cryptographically motivated framework for quantum metrology in the presence of a malicious adversary. We begin by devising an estimation strategy for a (potentially) altered resource (due to a malicious adversary) and quantify the amount of bias and the loss in precision as a function of the introduced uncertainty in the resource. By incorporating an appropriate cryptographic protocol, the uncertainty in the resource can be bounded with respect to the soundness of the cryptographic protocol. Thus the effectiveness of the quantum metrology problem can be directly related to the effectiveness of the cryptography protocol. As an example, we consider a quantum metrology problem in which resources are exchanged through an unsecured quantum channel. We then construct two protocols for this task which offer a trade-off between difficulty of implementation and efficiency.

We present a general framework encompassing a number of continuous-variable quantum key distribution protocols, including standard one-way protocols, measurement-device-independent protocols, as well as some two-way protocols, or any other continuous-variable protocol involving only a Gaussian modulation of coherent states and heterodyne detection. The main interest of this framework is that the corresponding protocols are all covariant with respect to the action of the unitary group U(n), implying that their security can be established thanks to a Gaussian de Finetti reduction. In particular, we give a composable security proof of two-way continuous-variable quantum key distribution against general attacks. We also prove that no active symmetrization procedure is required for these protocols, which would otherwise make them prohibitively costly to implement.

We consider general prepare-and-measure scenarios in which Alice can transmit qubit states to Bob, who can perform general measurements in the form of positive operator-valued measures (POVMs). We show that the statistics obtained in any such quantum protocol can be simulated by the purely classical means of shared randomness and two bits of communication. Furthermore, we prove that two bits of communication is the minimal cost of a perfect classical simulation. In addition, we apply our methods to Bell scenarios, which extends the well-known Toner and Bacon protocol. In particular, two bits of communication are enough to simulate all quantum correlations associated to arbitrary local POVMs applied to any entangled two-qubit state.

The generation of certifiable randomness is one of the most promising applications of quantum technologies. Furthermore, the intrinsic non-locality of quantum correlations allow us to certify randomness in a device-independent way, i.e. one need not make assumptions about the devices used. Due to the work of Curchod et. al., a single entangled two-qubit pure state can be used to produce arbitrary amounts of certified randomness. However, the obtaining of this randomness is experimentally challenging as it requires a large number of measurements, both projective and general. Motivated by these difficulties in the device-independent setting, we instead consider the scenario of one-sided device independence where certain devices are trusted, and others not; a scenario motivated by asymmetric experimental set-ups such as ion-photon networks. We show how certain aspects of previous work can be adapted to this scenario and provide theoretical bounds on the amount of randomness which can be certified. Furthermore, we give a protocol for unbounded randomness certification in this scenario, and provide numerical results demonstrating the protocol in the ideal case. Finally, we numerically test the possibility of implementing this scheme on near-term quantum technologies, by considering the performance of the protocol on several physical platforms.

We first introduce heterodyne quantum state tomography, a reliable method for continuous variable quantum state certification which directly yields the elements of the density matrix of the state considered and analytical confidence intervals, using heterodyne detection. This method neither needs mathematical reconstruction of the data, nor discrete binning of the sample space, and uses a single Gaussian measurement setting. Beyond quantum state tomography and without its identical copies assumption, we also derive a general protocol for verifying continuous variable pure quantum states with Gaussian measurements against fully malicious adversaries. In particular, we make use of a De Finetti reduction for infinite-dimensional systems. As an application, we consider verified universal continuous variable quantum computing, with a computational power restricted to Gaussian operations and an untrusted non-Gaussian states source. These results are obtained using a new analytical estimator for the expected value of any operator acting on a continuous variable quantum state with bounded support over Fock basis, computed with samples from heterodyne detection of the state.

Quantum network protocols offer new functionalities such as enhanced security to communication and computational systems. Despite the rapid progress in quantum hardware, it has not yet reached a level of maturity that enables execution of many quantum protocols in practical settings. To develop quantum protocols in real world, it is necessary to examine their performance considering the imperfections in their practical implementation using simulation platforms. In this paper, we consider several quantum protocols that enable promising functionalities and services in near-future quantum networks. The protocols are chosen from both areas of quantum communication and quantum computation as follows: quantum money, W-state based anonymous transmission, verifiable blind quantum computation, and quantum digital signature. We use NetSquid simulation platform to evaluate the effect of various sources of noise on the performance of these protocols, considering different figures of merit. We find that to enable quantum money protocol, the decoherence time constant of the quantum memory must be at least three times the storage time of qubits. Furthermore, our simulation results for the w-state based anonymous transmission protocol show that to achieve an average fidelity above 0.8 in this protocol, the storage time of sender’s and receiver’s particles in the quantum memory must be less than half of the decoherence time constant of the quantum memory. We have also investigated the effect of gate imperfections on the performance of verifiable blind quantum computation. We find that with our chosen parameters, if the depolarizing probability of quantum gates is equal to or greater than 0.05, the security of the protocol cannot be guaranteed. Lastly, our simulation results for quantum digital signature protocol show that channel loss has a significant effect on the probability of repudiation.

We demonstrate theoretically and experimentally a high level of control of the four-wave mixing process in an inert gas–filled inhibited-coupling guiding hollow-core photonic crystal fiber. The specific multiple-branch dispersion profile in such fibers allows both correlated and separable bi-photon states to be produced. By controlling the choice of gas and its pressure and the fiber length, we experimentally generate various joint spectral intensity profiles in a stimulated regime that is transferable to the spontaneous regime. The generated profiles may cover both spectrally separable and correlated bi-photon states and feature frequency tuning over tens of THz, demonstrating a large dynamic control that will be very useful when implemented in the spontaneous regime as a photon pair source.