A proposal for founding mistrustful quantum cryptography on coin tossing

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multi-party computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signalling constraints into account. The best that can be hoped for, in general, are quantum protocols computationally secure against quantum attack. I describe here a method for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin tossing protocol. No security proof is attempted, but I sketch reasons why these protocols might resist quantum computational attack.Comment: Title altered in deference to Physical Review's fear of question marks. Published version; references update

Beating the PNS attack in practical quantum cryptography

In practical quantum key distribution, weak coherent state is often used and the channel transmittance can be very small therefore the protocol could be totally insecure under the photon-number-splitting attack. We propose an efficient method to verify the upper bound of the fraction of counts caused by multi-photon pluses transmitted from Alice to Bob, given whatever type of Eve's action. The protocol simply uses two coherent states for the signal pulses and vacuum for decoy pulse. Our verified upper bound is sufficiently tight for QKD with very lossy channel, in both asymptotic case and non-asymptotic case. The coherent states with mean photon number from 0.2 to 0.5 can be used in practical quantum cryptography. We show that so far our protocol is the $only$ decoy-state protocol that really works for currently existing set-ups.Comment: So far this is the unique decoy-state protocol which really works efficiently in practice. Prior art results are commented in both main context and the Appendi

Entanglement of 2xK quantum systems

We derive an analytical expression for the lower bound of the concurrence of mixed quantum states of composite 2xK systems. In contrast to other, implicitly defined entanglement measures, the numerical evaluation of our bound is straightforward. We explicitly evaluate its tightness for general mixed states of 2x3 systems, and identify a large class of states where our expression gives the exact value of the concurrence.Comment: 7 pages, 1 figure, to be published in Europhysics Lette

Coin Tossing is Strictly Weaker Than Bit Commitment

We define cryptographic assumptions applicable to two mistrustful parties who each control two or more separate secure sites between which special relativity guarantees a time lapse in communication. We show that, under these assumptions, unconditionally secure coin tossing can be carried out by exchanges of classical information. We show also, following Mayers, Lo and Chau, that unconditionally secure bit commitment cannot be carried out by finitely many exchanges of classical or quantum information. Finally we show that, under standard cryptographic assumptions, coin tossing is strictly weaker than bit commitment. That is, no secure classical or quantum bit commitment protocol can be built from a finite number of invocations of a secure coin tossing black box together with finitely many additional information exchanges.Comment: Final version; to appear in Phys. Rev. Let

Template-based Gravitational-Wave Echoes Search Using Bayesian Model Selection

The ringdown of the gravitational-wave signal from a merger of two black holes has been suggested as a probe of the structure of the remnant compact object, which may be more exotic than a black hole. It has been pointed out that there will be a train of echoes in the late-time ringdown stage for different types of exotic compact objects. In this paper, we present a template-based search methodology using Bayesian statistics to search for echoes of gravitational waves. Evidence for the presence or absence of echoes in gravitational-wave events can be established by performing Bayesian model selection. The Occam factor in Bayesian model selection will automatically penalize the more complicated model that echoes are present in gravitational-wave strain data because of its higher degree of freedom to fit the data. We find that the search methodology was able to identify gravitational-wave echoes with Abedi et al.'s echoes waveform model about 82.3% of the time in simulated Gaussian noise in the Advanced LIGO and Virgo network and about 61.1% of the time in real noise in the first observing run of Advanced LIGO with $\geq 5\sigma$ significance. Analyses using this method are performed on the data of Advanced LIGO's first observing run, and we find no statistical significant evidence for the detection of gravitational-wave echoes. In particular, we find $<1\sigma$ combined evidence of the three events in Advanced LIGO's first observing run. The analysis technique developed in this paper is independent of the waveform model used, and can be used with different parametrized echoes waveform models to provide more realistic evidence of the existence of echoes from exotic compact objects.Comment: 16 pages, 6 figure

Unconditionally Secure Bit Commitment

We describe a new classical bit commitment protocol based on cryptographic constraints imposed by special relativity. The protocol is unconditionally secure against classical or quantum attacks. It evades the no-go results of Mayers, Lo and Chau by requiring from Alice a sequence of communications, including a post-revelation verification, each of which is guaranteed to be independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev. Let

On the communication cost of entanglement transformations

We study the amount of communication needed for two parties to transform some given joint pure state into another one, either exactly or with some fidelity. Specifically, we present a method to lower bound this communication cost even when the amount of entanglement does not increase. Moreover, the bound applies even if the initial state is supplemented with unlimited entanglement in the form of EPR pairs, and the communication is allowed to be quantum mechanical. We then apply the method to the determination of the communication cost of asymptotic entanglement concentration and dilution. While concentration is known to require no communication whatsoever, the best known protocol for dilution, discovered by Lo and Popescu [Phys. Rev. Lett. 83(7):1459--1462, 1999], requires a number of bits to be exchanged which is of the order of the square root of the number of EPR pairs. Here we prove a matching lower bound of the same asymptotic order, demonstrating the optimality of the Lo-Popescu protocol up to a constant factor and establishing the existence of a fundamental asymmetry between the concentration and dilution tasks. We also discuss states for which the minimal communication cost is proportional to their entanglement, such as the states recently introduced in the context of ``embezzling entanglement'' [W. van Dam and P. Hayden, quant-ph/0201041].Comment: 9 pages, 1 figure. Added a reference and some further explanations. In v3 some arguments are given in more detai