Security proof of a three-state quantum key distribution protocol without rotational symmetry

Standard security proofs of quantum key distribution (QKD) protocols often rely on symmetry arguments. In this paper, we prove the security of a three-state protocol that does not possess rotational symmetry. The three-state QKD protocol we consider involves three qubit states, where the first two states, |0_z> and |1_z>, can contribute to key generation and the third state, |+>=(|0_z>+|1_z>)/\sqrt{2}, is for channel estimation. This protocol has been proposed and implemented experimentally in some frequency-based QKD systems where the three states can be prepared easily. Thus, by founding on the security of this three-state protocol, we prove that these QKD schemes are, in fact, unconditionally secure against any attacks allowed by quantum mechanics. The main task in our proof is to upper bound the phase error rate of the qubits given the bit error rates observed. Unconditional security can then be proved not only for the ideal case of a single-photon source and perfect detectors, but also for the realistic case of a phase-randomized weak coherent light source and imperfect threshold detectors. Our result on the phase error rate upper bound is independent of the loss in the channel. Also, we compare the three-state protocol with the BB84 protocol. For the single-photon source case, our result proves that the BB84 protocol strictly tolerates a higher quantum bit error rate than the three-state protocol; while for the coherent-source case, the BB84 protocol achieves a higher key generation rate and secure distance than the three-state protocol when a decoy-state method is used.Comment: 10 pages, 3 figures, 2 column

Security of quantum bit string commitment depends on the information measure

Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum world. However, when committing to a string of n bits at once, how far can we stretch the quantum limits? In this letter, we introduce a framework of quantum schemes where Alice commits a string of n bits to Bob, in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a+b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a=4 log n+O(1) and b=4, which is impossible classically. Our findings significantly extend known no-go results for quantum bit commitment.Comment: To appear in PRL. Short version of quant-ph/0504078, long version to appear separately. Improved security definition and result, one new lemma that may be of independent interest. v2: added funding reference, no other change

Large collective Lamb shift of two distant superconducting artificial atoms

Virtual photons can mediate interaction between atoms, resulting in an energy shift known as a collective Lamb shift. Observing the collective Lamb shift is challenging, since it can be obscured by radiative decay and direct atom-atom interactions. Here, we place two superconducting qubits in a transmission line terminated by a mirror, which suppresses decay. We measure a collective Lamb shift reaching 0.8% of the qubit transition frequency and exceeding the transition linewidth. We also show that the qubits can interact via the transmission line even if one of them does not decay into it.Comment: 7+5 pages, 4+2 figure

Is Quantum Bit Commitment Really Possible?

We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment.Comment: Major revisions to include a more extensive introduction and an example of bit commitment. Overlap with independent work by Mayers acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also noted. Accepted for publication in Phys. Rev. Let

Modular detergents tailor the purification and structural analysis of membrane proteins including G-protein coupled receptors

Detergents enable the purification of membrane proteins and are indispensable reagents instructural biology. Even though a large variety of detergents have been developed in the lastcentury, the challenge remains to identify guidelines that allowfine-tuning of detergents forindividual applications in membrane protein research. Addressing this challenge, here weintroduce the family of oligoglycerol detergents (OGDs). Native mass spectrometry (MS)reveals that the modular OGD architecture offers the ability to control protein purificationand to preserve interactions with native membrane lipids during purification. In addition to abroad range of bacterial membrane proteins, OGDs also enable the purification and analysisof a functional G-protein coupled receptor (GPCR). Moreover, given the modular design ofthese detergents, we anticipatefine-tuning of their properties for specific applications instructural biology. Seen from a broader perspective, this represents a significant advance forthe investigation of membrane proteins and their interactions with lipids

Probing the quantum vacuum with an artificial atom in front of a mirror

Quantum fluctuations of the vacuum are both a surprising and fundamental phenomenon of nature. Understood as virtual photons flitting in and out of existence, they still have a very real impact, \emph{e.g.}, in the Casimir effects and the lifetimes of atoms. Engineering vacuum fluctuations is therefore becoming increasingly important to emerging technologies. Here, we shape vacuum fluctuations using a "mirror", creating regions in space where they are suppressed. As we then effectively move an artificial atom in and out of these regions, measuring the atomic lifetime tells us the strength of the fluctuations. The weakest fluctuation strength we observe is 0.02 quanta, a factor of 50 below what would be expected without the mirror, demonstrating that we can hide the atom from the vacuum

Insecurity of Quantum Secure Computations

It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (Personal Identification Number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all ``one-sided'' two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any ``two-sided'' two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been greatly extended. Other technical points are also clarified. Version accepted for publication in Phys. Rev.

Implementation of two-party protocols in the noisy-storage model

The noisy-storage model allows the implementation of secure two-party protocols under the sole assumption that no large-scale reliable quantum storage is available to the cheating party. No quantum storage is thereby required for the honest parties. Examples of such protocols include bit commitment, oblivious transfer and secure identification. Here, we provide a guideline for the practical implementation of such protocols. In particular, we analyze security in a practical setting where the honest parties themselves are unable to perform perfect operations and need to deal with practical problems such as errors during transmission and detector inefficiencies. We provide explicit security parameters for two different experimental setups using weak coherent, and parametric down conversion sources. In addition, we analyze a modification of the protocols based on decoy states.Comment: 41 pages, 33 figures, this is a companion paper to arXiv:0906.1030 considering practical aspects, v2: published version, title changed in accordance with PRA guideline

Measurement-device-independent quantum key distribution

How to remove detector side channel attacks has been a notoriously hard problem in quantum cryptography. Here, we propose a simple solution to this problem---*measurement* device independent quantum key distribution. It not only removes all detector side channels, but also doubles the secure distance with conventional lasers. Our proposal can be implemented with standard optical components with low detection efficiency and highly lossy channels. In contrast to the previous solution of full device independent QKD, the realization of our idea does not require detectors of near unity detection efficiency in combination with a qubit amplifier (based on teleportation) or a quantum non-demolition measurement of the number of photons in a pulse. Furthermore, its key generation rate is many orders of magnitude higher than that based on full device independent QKD. The results show that long-distance quantum cryptography over say 200km will remain secure even with seriously flawed detectors.Comment: 7 pages, two-column format, 4 figures in tota

Possibility, Impossibility and Cheat-Sensitivity of Quantum Bit String Commitment

Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum worlds. But when committing to a string of n bits at once, how far can we stretch the quantum limits? In this paper, we introduce a framework for quantum schemes where Alice commits a string of n bits to Bob in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a+b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a=4log n+O(1) and b=4, which is impossible classically. We furthermore present a cheat-sensitive quantum bit string commitment protocol for which we give an explicit tradeoff between Bob's ability to gain information about the committed string, and the probability of him being detected cheating.Comment: 10 pages, RevTex, 2 figure. v2: title change, cheat-sensitivity adde