We consider testing the ability of quantum network nodes to execute multi-round quantum protocols. Specifically, we examine protocols in which the nodes are capable of performing quantum gates, storing qubits and exchanging said qubits over the network a certain number of times. We propose a simple ping-pong test, which provides a certificate for the capability of the nodes to run certain multi-round protocols. We first show that in the noise-free regime the only way the nodes can pass the test is if they do indeed possess the desired capabilities. We then proceed to consider the case where operations are noisy, and provide an initial analysis showing how our test can be used to estimate parameters that allow us to draw conclusions about the actual performance of such protocols on the tested nodes. Finally, we investigate the tightness of this analysis using example cases in a numerical simulation.@en

Quantum key distribution allows for the generation of a secret key between distant parties connected by a quantum channel such as optical fibre or free space. Unfortunately, the rate of generation of a secret key by direct transmission is fundamentally limited by the distance. This limit can be overcome by the implementation of so-called quantum repeaters. Here, we assess the performance of a specific but very natural setup called a single sequential repeater for quantum key distribution. We offer a fine-grained assessment of the repeater by introducing a series of benchmarks. The benchmarks, which should be surpassed to claim a working repeater, are based on finite-energy considerations, thermal noise and the losses in the setup. In order to boost the performance of the studied repeaters we introduce two methods. The first one corresponds to the concept of a cut-off, which reduces the effect of decoherence during the storage of a quantum state by introducing a maximum storage time. Secondly, we supplement the standard classical post-processing with an advantage distillation procedure. Using these methods, we find realistic parameters for which it is possible to achieve rates greater than each of the benchmarks, guiding the way towards implementing quantum repeaters.@en

Most of themainstream cryptographic protocols that are used today rely on the assumption that the adversary has limited computational power, and that a given set of mathematical problems is hard to solve (on average), i.e. that there is no polynomial time algorithm that solves these problems. While these assumptions are reasonable for now they might not be as relevant for long termsecurity. Indeed, all the communication that happens today can be recorded by an adversary who can later – when the technology allows it – break security. There are good reasons to think that technological progress may lead to break the assumptions made today. For example the rapidly increasing computational power of our computer already allows one to break anything that has been encrypted using DES in the 70s and 80s in few days using regular desktop type devices. There is also the constant improvement of the efficiency of the known algorithms that solve a class of problems. Note that, even though the discovery of a polynomial algorithm for a problem we believe to be hard is still possible, much weaker improvements on current algorithms that solve these hard problems, can already be a threat for security. @en

In the implementation of device-independent (DI) quantum key distribution (QKD) we are interested in maximizing the key rate, i.e. the number of key bits that can be obtained per signal, for a fixed security parameter. In the finite size regime, we furthermore also care about the minimum number of signals required before key can be obtained at all. Here, we perform a fully finite size analysis of device independent protocols using the CHSH inequality both for collective and coherent attacks. For coherent attacks, we sharpen the results recently derived in Arnon-Friedman et al (2018 Nat. Commun. 9 459), to reduce the minimum number of signals before key can be obtained. In the regime of collective attacks, where the devices are restricted to have no memory, we employ two different techniques that exploit this restriction to further reduce the number of signals. We then discuss experimental platforms in which DIQKD may be implemented. We analyse Bell violations and expected QBER achieved in previous Bell tests with distant setups and situate these parameters in the security analysis. Moreover, focusing on one of the experimental platforms, namely nitrogen-vacancy based systems, we describe experimental improvements that can lead to a DI QKD implementation in the near future.@en

In the implementation of device-independent (DI) quantum key distribution (QKD) we are interested in maximizing the key rate, i.e. the number of key bits that can be obtained per signal, for a fixed security parameter. In the finite size regime, we furthermore also care about the minimum number of signals required before key can be obtained at all. Here, we perform a fully finite size analysis of device independent protocols using the CHSH inequality both for collective and coherent attacks. For coherent attacks, we sharpen the results recently derived in Arnon-Friedman et al (2018 Nat. Commun. 9 459), to reduce the minimum number of signals before key can be obtained. In the regime of collective attacks, where the devices are restricted to have no memory, we employ two different techniques that exploit this restriction to further reduce the number of signals. We then discuss experimental platforms in which DIQKD may be implemented. We analyse Bell violations and expected QBER achieved in previous Bell tests with distant setups and situate these parameters in the security analysis. Moreover, focusing on one of the experimental platforms, namely nitrogen-vacancy based systems, we describe experimental improvements that can lead to a DI QKD implementation in the near future.@en

We present a security analysis of conference key agreement (CKA) in the most adversarial model of device independence (DI). Our protocol can be implemented by any experimental setup that is capable of performing Bell tests [specifically, the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality], and security can in principle be obtained for any violation of the MABK inequality that detects genuine multipartite entanglement among the N parties involved in the protocol. As our main tool, we derive a direct physical connection between the N-partite MABK inequality and the Clauser-Horne-Shimony-Holt (CHSH) inequality, showing that certain violations of the MABK inequality correspond to a violation of the CHSH inequality between one of the parties and the other N-1. We compare the asymptotic key rate for device-independent conference key agreement (DICKA) to the case where the parties use N-1 device-independent quantum key distribution protocols in order to generate a common key. We show that for some regime of noise the DICKA protocol leads to better rates.@en

We consider the asymptotic key rates achieved in the simplest quantum key distribution protocols, namely, the BB84 and the six-state protocols when nonuniform noise is present in the system. We first observe that higher qubit error rates do not necessarily imply lower key rates. Second, we consider protocols with advantage distillation and show that it can be advantageous to use the basis with higher quantum bit error rate for the key generation. We then discuss the relation between advantage distillation and entanglement distillation protocols. We show that applying advantage distillation to a string of bits formed by the outcomes of measurements in the basis with a higher quantum bit error rate is closely connected to the two-to-one entanglement distillation protocol of Deutsch-Ekert-Jozsa-Macchiavello-Popescu-Sanpera [Phys. Rev. Lett. 77, 2818 (1996)PRLTAO0031-900710.1103/PhysRevLett.77.2818]. Finally, we discuss the implications of these results for implementations of quantum key distribution.@en

We consider the task of sharing a secret quantum state in a quantum network in a verifiable way. We propose a protocol that achieves this task, while reducing the number of required qubits, as compared to the existing protocols. To achieve this, we combine classical encryption of the quantum secret with an existing verifiable quantum secret sharing scheme based on Calderbank-Shor-Steane quantum error correcting codes. In this way we obtain a verifiable hybrid secret sharing scheme for sharing qubits, which combines the benefits of quantum and classical schemes. Our scheme does not reveal any information to any group of less than half of the n nodes participating in the protocol. Moreover, for sharing a one-qubit state each node needs a quantum memory to store n single-qubit shares, and requires a workspace of at most 3n qubits in total to verify the quantum secret. Importantly, in our scheme an individual share is encoded in a single qubit, as opposed to previous schemes requiring ω(logn) qubits per share. Furthermore, we define a ramp verifiable hybrid scheme. We give explicit examples of various verifiable hybrid schemes based on existing quantum error correcting codes.@en

We consider the task of secure multiparty distributed quantum computation on a quantum network. We propose a protocol based on quantum error correction which reduces the number of necessary qubits. That is, each of the n nodes in our protocol requires an operational workspace of n2+4n qubits, as opposed to the previously shown ω(n3+n2s2)logn qubits, where s is a security parameter. Additionally, we reduce the communication complexity by a factor of O(n3log(n)) qubits per node compared to existing protocols. To achieve universal computation, we develop a distributed procedure for verifying magic states, which allows us to apply distributed gate teleportation and which may be of independent interest. We showcase our protocol in a small example for a seven-node network. @en

Generating entanglement in a distributed scenario is a fundamental task for implementing the quantum network of the future. We here report a protocol that uses only linear optics for generating Greenberger-Horne-Zeilinger states with high fidelities in a nearby node configuration. Moreover, we analytically show that the scheme is optimal for certain initial states in providing the highest success probability for sequential protocols. Finally, we give some estimates for the generation rate in a real scenario.@en

Quantum communication has demonstrated its usefulness for quantum cryptography far beyond quantum key distribution. One domain is two-party cryptography, whose goal is to allow two parties who may not trust each other to solve joint tasks. Another interesting application is position-based cryptography whose goal is to use the geographical location of an entity as its only identifying credential. Unfortunately, security of these protocols is not possible against an all powerful adversary. However, if we impose some realistic physical constraints on the adversary, there exist protocols for which security can be proven, but these so far relied on the knowledge of the quantum operations performed during the protocols. In this work we improve the device-independent security proofs of Kaniewski and Wehner [New J. Phys. 18, 055004 (2016)NJOPFM1367-263010.1088/1367-2630/18/5/055004] for two-party cryptography (with memoryless devices) and we add a security proof for device-independent position verification (also memoryless devices) under different physical constraints on the adversary. We assess the quality of the devices by observing a Bell violation, and, as for Kaniewski and Wehner [New J. Phys. 18, 055004 (2016)NJOPFM1367-263010.1088/1367-2630/18/5/055004], security can be attained for any violation of the Clauser-Holt-Shimony-Horne inequality.@en

Quantum communication has demonstrated its usefulness for quantum cryptography far beyond quantum key distribution. One domain is two-party cryptography, whose goal is to allow two parties who may not trust each other to solve joint tasks. Another interesting application is position-based cryptography whose goal is to use the geographical location of an entity as its only identifying credential. Unfortunately, security of these protocols is not possible against an all powerful adversary. However, if we impose some realistic physical constraints on the adversary, there exist protocols for which security can be proven, but these so far relied on the knowledge of the quantum operations performed during the protocols. In this work we improve the device-independent security proofs of Kaniewski and Wehner [New J. Phys. 18, 055004 (2016)NJOPFM1367-263010.1088/1367-2630/18/5/055004] for two-party cryptography (with memoryless devices) and we add a security proof for device-independent position verification (also memoryless devices) under different physical constraints on the adversary. We assess the quality of the devices by observing a Bell violation, and, as for Kaniewski and Wehner [New J. Phys. 18, 055004 (2016)NJOPFM1367-263010.1088/1367-2630/18/5/055004], security can be attained for any violation of the Clauser-Holt-Shimony-Horne inequality.@en

In this Reply we correct a mistake that we made in the correctness proofs of our protocol. Specifically, the Bell inequality we used ensures security but does not allow us to produce a key. In this Reply we explain and correct this mistake by adjusting the Bell inequality we used in the proof. Incidentally, this correction leads to slightly better asymptotic key rates. Importantly, none of the conclusions of the article are affected.@en