# Publications

### 2023

##### Verifiable blind quantum computing with trapped ions and single photons

arXiv 2305.02936, 2023

We present the first hybrid matter-photon implementation of verifiable blind quantum computing. We use a trapped-ion quantum server and a client-side photonic detection system connected by a fibre-optic quantum network link. The availability of memory qubits and deterministic quantum logic enables interactive protocols without post-selection - a requirement for any scalable blind quantum cloud server which previous realisations could not provide. Our apparatus supports guaranteed privacy with < 0.001 leaked bits per qubit and shows a clear path to fully verified quantum computing in the cloud.

### 2022

##### Lattice-Based Quantum Advantage from Rotated Measurements

arXiv 2210.10143, 2022

Trapdoor claw-free functions (TCFs) are immensely valuable in cryptographic interactions between a classical client and a quantum server. Typically, a protocol has the quantum server prepare a superposition of two-bit strings of a claw and then measure it using Pauli-X or Z measurements. In this paper, we demonstrate a new technique that uses the entire range of qubit measurements from the XY-plane. We show the advantage of this approach in two applications. First, building on (Brakerski et al. 2018, Kalai et al. 2022), we show an optimized two-round proof of quantumness whose security can be expressed directly in terms of the hardness of the LWE (learning with errors) problem. Second, we construct a one-round protocol for blind remote preparation of an arbitrary state on the XY-plane up to a Pauli-Z correction.##### Optimizing quantum dots for quantum cryptography and blind quantum computing

Proceedings Volume PC12243, Photonics for Quantum 2022; PC1224311, 2022

Quantum cryptography can provide security guarantees against adversaries with unlimited computational power, which motivates research towards a quantum internet. However, widely used Poisson-distributed sources limit the maximal security level and communication rate of such quantum networks. This can be overcome by quantum dot single-photon sources. We show that quantum dots provide additional security benefits based on the tunability of number state coherence. We identify the optimal quantum dot setting for the main quantum-cryptographic primitives and benchmark their performance. Our work is extended by results on network-based blind quantum computing with classical clients, which will make secure quantum computing more accessible.

### 2021

##### The quantum internet: The second quantum revolution

Cambridge University Press, 2021

Following the emergence of quantum computing, the subsequent quantum revolution will be that of interconnecting individual quantum computers at the global level. In the same way that classical computers only realised their full potential with the emergence of the internet, a fully-realised quantum internet is the next stage of evolution for quantum computation. This cutting-edge book examines in detail how the quantum internet would evolve in practise, focusing not only on the technology itself, but also the implications it will have economically and politically, with numerous non-technical sections throughout the text providing broader context to the discussion. The book begins with a description of classical networks before introducing the key concepts behind quantum networks, such as quantum internet protocols, quantum cryptography, and cloud quantum computing. Written in an engaging style and accessible to graduate students in physics, engineering, computer science and mathematics.

### 2020

##### Secure Two-Party Quantum Computation Over Classical Channels

arXiv 2010.07925, 2020

Secure two-party computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output. In this work, we consider the setting where the two parties (a classical Alice and a quantum Bob) can communicate only via a classical channel. Our first result shows that it is in general impossible to realize a two-party quantum functionality with black-box simulation in the case of malicious quantum adversaries. In particular, we show that the existence of a secure quantum computing protocol that relies only on classical channels would contradict the quantum no-cloning argument. We circumvent this impossibility following three different approaches. The first is by considering a weaker security notion called one-sided simulation security. This notion protects the input of one party (the quantum Bob) in the standard simulation-based sense and protects the privacy of the other party's input (the classical Alice). We show how to realize a protocol that satisfies this notion relying on the learning with errors assumption. The second way to circumvent the impossibility result, while at the same time providing standard simulation-based security also against a malicious Bob, is by assuming that the quantum input has an efficient classical representation. Finally, we focus our attention on the class of zero-knowledge functionalities and provide a compiler that takes as input a classical proof of quantum knowledge (PoQK) protocol for a QMA relation R and outputs a zero-knowledge PoQK for R that can be verified by classical parties. The direct implication of our result is that Mahadev's protocol for classical verification of quantum computations (FOCS'18) can be turned into a zero-knowledge proof of quantum knowledge with classical verifiers. To the best of our knowledge, we are the first to instantiate such a primitive.##### Security Limitations of Classical-Client Delegated Quantum Computing

ASIACRYPT 2020 In: Moriai S., Wang H. (eds) Advances in Cryptology - ASIACRYPT 2020. Lecture Notes in Computer Science, vol 12492. Springer, Cham

Secure delegated quantum computing allows a computationally weak client to outsource an arbitrary quantum computation to an untrusted quantum server in a privacy-preserving manner. One of the promising candidates to achieve classical delegation of quantum computation is classical-client remote state preparation (RSPCC), where a client remotely prepares a quantum state using a classical channel. However, the privacy loss incurred by employing RSPCC as a sub-module is unclear. In this work, we investigate this question using the Constructive Cryptography framework by Maurer and Renner (ICS'11). We first identify the goal of RSPCC as the construction of ideal RSP resources from classical channels and then reveal the security limitations of using RSPCC. First, we uncover a fundamental relationship between constructing ideal RSP resources (from classical channels) and the task of cloning quantum states. Any classically constructed ideal RSP resource must leak to the server the full classical description (possibly in an encoded form) of the generated quantum state, even if we target computational security only. As a consequence, we find that the realization of common RSP resources, without weakening their guarantees drastically, is impossible due to the no-cloning theorem. Second, the above result does not rule out that a specific RSPCC protocol can replace the quantum channel at least in some contexts, such as the Universal Blind Quantum Computing (UBQC) protocol of Broadbent et al. (FOCS '09). However, we show that the resulting UBQC protocol cannot maintain its proven composable security as soon as RSPCC is used as a subroutine. Third, we show that replacing the quantum channel of the above UBQC protocol by the RSPCC protocol QFactory of Cojocaru et al. (Asiacrypt '19), preserves the weaker, game-based, security of UBQC.##### A note on blind contact tracing at scale with applications to the COVID-19 pandemic

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security, August 2020, Article No.: 92, Pages 1--6.

The current COVID-19 pandemic highlights the utility of contact tracing, when combined with case isolation and social distancing, as an important tool for mitigating the spread of a disease [1]. Contact tracing provides a mechanism of identifying individuals with a high likelihood of previous exposure to a contagious disease, allowing additional precautions to be put in place to prevent continued transmission. Here we consider a cryptographic approach to contact tracing based on secure two-party computation (2PC). We begin by considering the problem of comparing a set of location histories held by two parties to determine whether they have come within some threshold distance while at the same time maintaining the privacy of the location histories. We propose a solution to this problem using pre-shared keys, adapted from an equality testing protocol due to Ishai et al [2]. We discuss how this protocol can be used to maintain privacy within practical contact tracing scenarios, including both app-based approaches and approaches which leverage location history held by telecoms and internet service providers. We examine the efficiency of this approach and show that existing infrastructure is sufficient to support anonymised contact tracing at a national level.

### 2019

##### Resource-efficient verification of quantum computing using Serfling's bound

npj Quantum Information volume 5, Article number: 27, 2019

Verifying quantum states is central to certifying the correct operation of various quantum information processing tasks. In particular, in measurement-based quantum computing, checking whether correct graph states are generated is essential for reliable quantum computing. Several verification protocols for graph states have been proposed, but none of these are particularly resource efficient: multiple copies are required to extract a single state that is guaranteed to be close to the ideal one. The best protocol currently known requires O(n^15) copies of the state, where n is the size of the graph state. In this paper, we construct a significantly more resource-efficient verification protocol for graph states that only requires O(n^5 log n) copies. The key idea is to employ Serfling's bound, which is a probability inequality in classical statistics. Utilizing Serfling’s bound also enables us to generalize our protocol for qudit and continuous-variable graph states. Constructing a resource-efficient verification protocol for them is non- trivial. For example, the previous verification protocols for qubit graph states that use the quantum de Finetti theorem cannot be generalized to qudit and continuous-variable graph states without tremendously increasing the resource overhead. This is because the overhead caused by the quantum de Finetti theorem depends on the local dimension. On the other hand, in our protocol, the resource overhead is independent of the local dimension, and therefore generalizing to qudit or continuous-variable graph states does not increase the overhead. The flexibility of Serfling's bound also makes our protocol robust: our protocol accepts slightly noisy but still useful graph states.

### 2018

##### Capacity estimation and verification of quantum channels with arbitrarily correlated errors

Nature Communications volume 9, Article number: 27, 2018

The central figure of merit for quantum memories and quantum communication devices is their capacity to store and transmit quantum information. Here, we present a protocol that estimates a lower bound on a channel’s quantum capacity, even when there are arbitrarily correlated errors. One application of these protocols is to test the performance of quantum repeaters for transmitting quantum information. Our protocol is easy to implement and comes in two versions. The first estimates the one-shot quantum capacity by preparing and measuring in two different bases, where all involved qubits are used as test qubits. The second verifies on-the-fly that a channel’s one-shot quantum capacity exceeds a minimal tolerated value while storing or communicating data. We discuss the performance using simple examples, such as the dephasing channel for which our method is asymptotically optimal. Finally, we apply our method to a superconducting qubit in experiment.

### 2017

##### Flow ambiguity: A path towards classically driven blind quantum computation

PHYSICAL REVIEW X 7, 031004, 2017

Blind quantum computation protocols allow a user to delegate a computation to a remote quantum computer in such a way that the privacy of their computation is preserved, even from the device implementing the computation. To date, such protocols are only known for settings involving at least two quantum devices: either a user with some quantum capabilities and a remote quantum server or two or more entangled but noncommunicating servers. In this work, we take the first step towards the construction of a blind quantum computing protocol with a completely classical client and single quantum server. Specifically, we show how a classical client can exploit the ambiguity in the flow of information in measurement-based quantum computing to construct a protocol for hiding critical aspects of a computation delegated to a remote quantum computer. This ambiguity arises due to the fact that, for a fixed graph, there exist multiple choices of the input and output vertex sets that result in deterministic measurement patterns consistent with the same fixed total ordering of vertices. This allows a classical user, computing only measurement angles, to drive a measurement-based computation performed on a remote device while hiding critical aspects of the computation.##### Universality of quantum computation with cluster states and (X, Y)-plane measurements

Scientific Reports volume 7, Article number: 42861, 2017.

Measurement-based quantum computing (MBQC) is a model of quantum computation where quantum information is coherently processed by means of projective measurements on highly entangled states. Following the introduction of MBQC, cluster states have been studied extensively both from the theoretical and experimental point of view. Indeed, the study of MBQC was catalysed by the realisation that cluster states are universal for MBQC with (X, Y)-plane and Z measurements. Here we examine the question of whether the requirement for Z measurements can be dropped while maintaining universality. We answer this question in the affirmative by showing that universality is possible in this scenario.

### 2016

##### A universal test for gravitational decoherence

Nature Communications volume 7, Article number: 13022, 2016

Quantum mechanics and the theory of gravity are presently not compatible. A particular question is whether gravity causes decoherence. Several models for gravitational decoherence have been proposed, not all of which can be described quantum mechanically. Since quantum mechanics may need to be modified, one may question the use of quantum mechanics as a calculational tool to draw conclusions from the data of experiments concerning gravity. Here we propose a general method to estimate gravitational decoherence in an experiment that allows us to draw conclusions in any physical theory where the no-signalling principle holds, even if quantum mechanics needs to be modified. As an example, we propose a concrete experiment using optomechanics. Our work raises the interesting question whether other properties of nature could similarly be established from experimental observations alone—that is, without already having a rather well-formed theory of nature to make sense of experimental data.

### 2013

##### Optimal blind quantum computation

Phys. Rev. Lett. 111, 230502, 2013.

Blind quantum computation allows a client with limited quantum capabilities to interact with a remote quantum computer to perform an arbitrary quantum computation, while keeping the description of that computation hidden from the remote quantum computer. While a number of protocols have been proposed in recent years, little is currently understood about the resources necessary to accomplish the task. Here we present general techniques for upper and lower bounding the quantum communication necessary to perform blind quantum computation, and use these techniques to establish a concrete bounds for common choices of the client's quantum capabilities. Our results show that the UBQC protocol of Broadbent, Fitzsimons and Kashefi [1], comes within a factor of 8/3 of optimal when the client is restricted to preparing single qubits. However, we describe a generalization of this protocol which requires exponentially less quantum communication when the client has a more sophisticated device.

### 2011

##### Non-Standard Probabilistic Teleportation through Conventionally Non-Teleporting Channels

arXiv 1108.0080, 2011

A non-standard teleportation scheme is proposed, wherein probabilistic teleportation is achieved in conventionally non-teleporting channels. We make use of entanglement monogamy to incorporate an unknown state in a multipartite entangled channel, such that the receiver partially gets disentan- gled from the network. Subsequently, the sender performs local measurement based teleportation protocol in an appropriate measurement basis, which results with the receiver in the possession of an unknown state, connected by local unitary transformation with the state to be teleported. This procedure succeeds in a number of cases, like that of W and other non-maximally entangled four qubit states, where the conventional measurement based approach has failed. It is also found that in certain four particle channels, the present procedure does not succeed, although the conventional one works well.