Deuteron Momentum Distribution in KD2HPO4

The momentum distribution in KD2PO4(DKDP) has been measured using neutron Compton scattering above and below the weakly first order paraelectric-ferroelectric phase transition(T=229K). There is very litte difference between the two distributions, and no sign of the coherence over two locations for the proton observed in the paraelectric phase, as in KH2PO4(KDP). We conclude that the tunnel splitting must be much less than 20mev. The width of the distribution indicates that the effective potential for DKDP is significantly softer than that for KDP. As electronic structure calculations indicate that the stiffness of the potential increases with the size of the coherent region locally undergoing soft mode fluctuations, we conclude that there is a mass dependent quantum coherence length in both systems.Comment: 6 pages 5 figure

Causal Quantum Theory and the Collapse Locality Loophole

Causal quantum theory is an umbrella term for ordinary quantum theory modified by two hypotheses: state vector reduction is a well-defined process, and strict local causality applies. The first of these holds in some versions of Copenhagen quantum theory and need not necessarily imply practically testable deviations from ordinary quantum theory. The second implies that measurement events which are spacelike separated have no non-local correlations. To test this prediction, which sharply differs from standard quantum theory, requires a precise theory of state vector reduction. Formally speaking, any precise version of causal quantum theory defines a local hidden variable theory. However, causal quantum theory is most naturally seen as a variant of standard quantum theory. For that reason it seems a more serious rival to standard quantum theory than local hidden variable models relying on the locality or detector efficiency loopholes. Some plausible versions of causal quantum theory are not refuted by any Bell experiments to date, nor is it obvious that they are inconsistent with other experiments. They evade refutation via a neglected loophole in Bell experiments -- the {\it collapse locality loophole} -- which exists because of the possible time lag between a particle entering a measuring device and a collapse taking place. Fairly definitive tests of causal versus standard quantum theory could be made by observing entangled particles separated by $\approx 0.1$ light seconds.Comment: Discussion expanded; typos corrected; references adde

Secure quantum key distribution with an uncharacterized source

We prove the security of the Bennett-Brassard (BB84) quantum key distribution protocol for an arbitrary source whose averaged states are basis-independent, a condition that is automatically satisfied if the source is suitably designed. The proof is based on the observation that, to an adversary, the key extraction process is equivalent to a measurement in the sigma_x-basis performed on a pure sigma_z-basis eigenstate. The dependence of the achievable key length on the bit error rate is the same as that established by Shor and Preskill for a perfect source, indicating that the defects in the source are efficiently detected by the protocol.Comment: 4 pages, 1 figure, REVTeX, minor revision

Higher Security Thresholds for Quantum Key Distribution by Improved Analysis of Dark Counts

We discuss the potential of quantum key distribution (QKD) for long distance communication by proposing a new analysis of the errors caused by dark counts. We give sufficient conditions for a considerable improvement of the key generation rates and the security thresholds of well-known QKD protocols such as Bennett-Brassard 1984, Phoenix-Barnett-Chefles 2000, and the six-state protocol. This analysis is applicable to other QKD protocols like Bennett 1992. We examine two scenarios: a sender using a perfect single-photon source and a sender using a Poissonian source.Comment: 6 pages, 2 figures, v2: We obtained better results by using reverse reconciliation as suggested by Nicolas Gisi

Experimental quantum tossing of a single coin

The cryptographic protocol of coin tossing consists of two parties, Alice and Bob, that do not trust each other, but want to generate a random bit. If the parties use a classical communication channel and have unlimited computational resources, one of them can always cheat perfectly. Here we analyze in detail how the performance of a quantum coin tossing experiment should be compared to classical protocols, taking into account the inevitable experimental imperfections. We then report an all-optical fiber experiment in which a single coin is tossed whose randomness is higher than achievable by any classical protocol and present some easily realisable cheating strategies by Alice and Bob.Comment: 13 page

Secure two-party quantum evaluation of unitaries against specious adversaries

We describe how any two-party quantum computation, specified by a unitary which simultaneously acts on the registers of both parties, can be privately implemented against a quantum version of classical semi-honest adversaries that we call specious. Our construction requires two ideal functionalities to garantee privacy: a private SWAP between registers held by the two parties and a classical private AND-box equivalent to oblivious transfer. If the unitary to be evaluated is in the Clifford group then only one call to SWAP is required for privacy. On the other hand, any unitary not in the Clifford requires one call to an AND-box per R-gate in the circuit. Since SWAP is itself in the Clifford group, this functionality is universal for the private evaluation of any unitary in that group. SWAP can be built from a classical bit commitment scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows that unitaries in the Clifford group are to some extent the easy ones. We also show that SWAP cannot be implemented privately in the bare model

Semi-device-independent bounds on entanglement

Detection and quantification of entanglement in quantum resources are two key steps in the implementation of various quantum-information processing tasks. Here, we show that Bell-type inequalities are not only useful in verifying the presence of entanglement but can also be used to bound the entanglement of the underlying physical system. Our main tool consists of a family of Clauser-Horne-like Bell inequalities that cannot be violated maximally by any finite-dimensional maximally entangled state. Using these inequalities, we demonstrate the explicit construction of both lower and upper bounds on the concurrence for two-qubit states. The fact that these bounds arise from Bell-type inequalities also allows them to be obtained in a semi-device-independent manner, that is, with assumption of the dimension of the Hilbert space but without resorting to any knowledge of the actual measurements being performed on the individual subsystems.Comment: 8 pages, 2 figures (published version). Note 1: Title changed to distinguish our approach from the standard device-independent scenario where no assumption on the Hilbert space dimension is made. Note 2: This paper contains explicit examples of more nonlocality with less entanglement in the simplest CH-like scenario (see also arXiv:1011.5206 by Vidick and Wehner for related results

Is Quantum Bit Commitment Really Possible?

We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment.Comment: Major revisions to include a more extensive introduction and an example of bit commitment. Overlap with independent work by Mayers acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also noted. Accepted for publication in Phys. Rev. Let

Security of practical private randomness generation

Measurements on entangled quantum systems necessarily yield outcomes that are intrinsically unpredictable if they violate a Bell inequality. This property can be used to generate certified randomness in a device-independent way, i.e., without making detailed assumptions about the internal working of the quantum devices used to generate the random numbers. Furthermore these numbers are also private, i.e., they appear random not only to the user, but also to any adversary that might possess a perfect description of the devices. Since this process requires a small initial random seed, one usually speaks of device-independent randomness expansion. The purpose of this paper is twofold. First, we point out that in most real, practical situations, where the concept of device-independence is used as a protection against unintentional flaws or failures of the quantum apparatuses, it is sufficient to show that the generated string is random with respect to an adversary that holds only classical-side information, i.e., proving randomness against quantum-side information is not necessary. Furthermore, the initial random seed does not need to be private with respect to the adversary, provided that it is generated in a way that is independent from the measured systems. The devices, though, will generate cryptographically-secure randomness that cannot be predicted by the adversary and thus one can, given access to free public randomness, talk about private randomness generation. The theoretical tools to quantify the generated randomness according to these criteria were already introduced in [S. Pironio et al, Nature 464, 1021 (2010)], but the final results were improperly formulated. The second aim of this paper is to correct this inaccurate formulation and therefore lay out a precise theoretical framework for practical device-independent randomness expansion.Comment: 18 pages. v3: important changes: the present version focuses on security against classical side-information and a discussion about the significance of these results has been added. v4: minor changes. v5: small typos correcte

One-way quantum key distribution: Simple upper bound on the secret key rate

We present a simple method to obtain an upper bound on the achievable secret key rate in quantum key distribution (QKD) protocols that use only unidirectional classical communication during the public-discussion phase. This method is based on a necessary precondition for one-way secret key distillation; the legitimate users need to prove that there exists no quantum state having a symmetric extension that is compatible with the available measurements results. The main advantage of the obtained upper bound is that it can be formulated as a semidefinite program, which can be efficiently solved. We illustrate our results by analysing two well-known qubit-based QKD protocols: the four-state protocol and the six-state protocol. Recent results by Renner et al., Phys. Rev. A 72, 012332 (2005), also show that the given precondition is only necessary but not sufficient for unidirectional secret key distillation.Comment: 11 pages, 1 figur