All posts by Sanaz Sigaroudi

Story of the month: Secure Digital Communications


Since the rise of the internet people around the world found themselves with the opportunity to communicate with anyone at any time. Any message is transformed into a binary string and sent through different means of telecommunication (satellite, fibre, etc…) over the internet network. However, this powerful technology comes at a price. Whoever would tamper the communication link would find himself able to read whatever message is passing through it and if confidential or sensitive information is needed to be transfer this would imply an impossibility to use such a link. For this reason, each message sent in the network must be encoded so that only the transmitter and receiver of the information will be able to read it.

How to encode a message is the topic of interest of Cryptography, the art of hiding a message, that has been around for millennia. Nowadays, the most common encoding schemes are the so called public key schemes, where a public key is broadcasted by a service provider and anyone with it could encode a message, however the only one able to read it is the possessor of the private key. Meaning that the communication can be left secure if the private key is kept secret. These protocols, however, rely on the assumption that the computational power of a possible eavesdropper is limited. In fact, in principle, from the public key it would be possible to retrieve the private one, the task is however computationally challenging, and it is usually set such as no current technology could crack it in a reasonable time. This means that the security of public key encryption schemes does not rely only on the privacy of the private key but also on the limitation of the technology of a possible adversary.

Figure 1 Simple example of a one-time pad encryption scheme
Figure 1 Simple example of a one-time pad encryption scheme

Cryptography however helps us once again. There exist in fact a protocol which requires only the privacy of a private key in order to be information theoretically secure. This protocol is known as the One Time Pad (see Figure 1) and works as follows. Two honest parties are in posses of a secret key k (a binary string of dimension n). One of the two can then encode a message m (of dimension n) just be applying an xor operation between the two strings and sending the resulting cypher-text c = k + m (modulo 2) through the channel. If k is private it will be known only by the two honest users and look completely random to any other listener of the communication. This fact is translated also for c, meaning that the cyphertext just look like a random string to anyone oblivious to the original key. This protocol seems to solve all the problem of the previous public key encryption scheme. However, there are two major constraints that must be respected for it to work.

  • The key must be randomly generated and used only once (from this the name One Time Pad).
  • The key must be in possession of the two honest parties.

Since each key can be used only once (a repeated key uses will breach some information to a carful adversary) new keys must be generated at each communication rounds. Randomness moreover must be ensured so that no one could foresee which key is produced. However, classical physics is deterministic meaning that knowing the initial conditions of a system would result into knowing the results of the whole process. Meaning, that we need another theory in order to guarantee the randomness of the generated key.

On the other hand, the key in the onetime pad should have the same length as the message and should be private once generated. This means that the two honest parties must exchange the key beforehand and keep it secret. But how can they share it if they are far from each other? Should they meet and exchange it before? If this was the case, they would as well exchange the message itself! Unfortunately, classical information theory does not help in this regard. We need a new physics in order to do it as in the previous case.



Luckily, both issues stated before are solve using quantum mechanics. In fact, in this theory there are some very useful properties that help a lot the establishment of a secure and remote communication.

First, in quantum mechanics the result of some measurement (when the state prepared, and the measurement are not compatible) are intrinsically probabilistic. Meaning that no observer that abides to the laws of physics can foresee the results of these experiment, even if all initial conditions are known. By tailoring an experiment to work in this way we can generate genuine randomness that no third malicious party can have any information on.

Figure 2 Quantum state cannot be copied while transmitted in between the two honest parties.
Figure 2 Quantum state cannot be copied while transmitted in between the two honest parties.

Second, certain sets of quantum states cannot be copied (see Figure 2). This property can be used for the broadcast of the key between two remote parties. In fact, as for the case before, any observer that is limited by physics cannot gain any information on the transmitted key. In fact, intuitively, since it cannot copy the state it has to measure it while the state it’s transmitted. This will cause the state to be altered and with a certain probability to produce a mistake at the receiver side. By measuring the amount of error occurred during transmission the two honest parties Alice and Bob can estimate how much information was stolen by the adversary, and by using a procedure called privacy amplification they can reduce this information to zero.

In the next sections we are going to investigate the recent developments in these two subjects that are known as Quantum Random Number Generation and Quantum Key Distribution, respectively.



Figure 3 Simple QRNG implementing a single photon source, a beam splitter and two single photon detectors.
Figure 3 Simple QRNG implementing a single photon source, a beam splitter and two single photon detectors.

A simple example that can be given for quantum random number generator is the following: Let us imagine producing a simple photon (the most elementary part of the light) and send through a 50/50 beam splitter (see Figure 3). This element divides the incoming light in equal parts in the two outputs of the element. If a photon it is sent and two single photon detectors are used in order to collect the light at the outputs of the beam splitter, with a probability of 50% one or the other detector will click. This event is completely random and cannot be foreseen by anyone.

This simple device could in principle solve the problem of random generation of itself. However, in practice all the elements presented before could have some imperfections. Deterministic and reliable single photon sources are difficult to realize and not very performant (with respect to the bits generation rate need for secure communication). Often these sources are replaced with lasers that produced what is known as coherent states. Moreover, single photon detectors, even the best, do not have a unitary efficiency and are influenced by noise. All these imperfections must be considered, to estimate how many bits produced are due to quantum mechanical phenomena. This have the consequence of needing a precise characterization of the experiment.

Figure 4 Scheme of a semi-device independent device, where the grey box on the left represents the partially trusted source and the black box on the right represents the untrusted measurement.
Figure 4 Scheme of a semi-device independent device, where the grey box on the left represents the partially trusted source and the black box on the right represents the untrusted measurement.

In the recent years a new approach has been developed. The idea is to have a quantum random number generator that is easy to implement, with good performance and that needs a minimum amount of characterization of the devices involved in the experiment. The idea comes originally from the work of J.B. Brask, A. Martin et al. Phys. Rev. Applied 7, 054018 (2017). This work implements a prepare and measure system where we would like to leave the measurement box completely untrusted (see Figure 4). The only assumption that would be made is on the input state, more precisely on the overlap of the two input states prepared . By bounding this quantity, we make the states not deterministically distinguishable, meaning that no physical measurement could distinguish between them with 100% precision. Either, we must allow for some errors, or we must allow the measurement device to give an inconclusive event from time to time. These spurious events must be random, in fact, if the were not they could be avoided leading to a better distinguishability and finally to a perfect discrimination of the two state which is a contradiction to the theory, meaning that errors and inconclusive events are intrinsically random. The discrimination efficiency can be measured by the input/output probabilities  and this can be used to infer the amount of secure and quantum genuine bits that are produced by the experiment.

On this basis many recent experiments have been developed in the past few years, for example: D. Rusca, Phys. Rev. A 100, 062338 (2019) where the implementation of a Kennedy detector allowed for an implementation where the main assumption was just the average energy of the prepared states. On the same line in the work of D. Rusca, Appl. Phys. Lett. 116, 264004 (2020) the same protocol was implemented in a Homodyne detection scheme were the rate of 145.5 MHz genuinely quantum random bits was achieved.



Now that we have shown a mean to produce genuinely random sequence of bits, we remain with the problem of how to distribute them to two remote trusted parties. This problem is the subject of studies of quantum key distribution (QKD). QKD has its origin with the first and most popular quantum cryptographic protocol of C. H. Bennet and G. Brassard of 1984, known as BB84. Since then many protocols have been developed and investigated. Moreover, a broad field of studies has been sprout trying to prove the security of all these protocols against all possible hacking attacks of third malicious parties.

Nevertheless, the BB84 remains one of the most used and studied protocols even today, given its simplicity of implementation and the good performance that it can achieve in transmitting secure secret strings of bits. For this reason, it is interesting to revise how it works and to see what kind of changes and improvements have been done on it during the years.

The protocol BB84 is what is known as a prepare and measure scheme. One of the two parties (Alice) prepares the sequence of random bits, it encodes it in some quantum states and sends it to the receiving party (Bob) that measures them. In BB84 Alice can chose between two non-compatible bases in the Hilbert space of dimension two, usually these bases are the Z basis (eigenstates  and ) and the X basis (eigenstates  and  ) which eigenstates are a superposition of the previous basis. Intuitively this means that if a state of one basis is prepared and the measurement of the other basis it performs the result will be with 50% probability a mistake. The simplicity of the abstract protocol is undermined by the fact that it needs to exploit a Hilbert space of dimension two. If light is used to transmit the information, which is a very reasonable choice when tele-communications are considered, this is equivalent to prepare a single photon. Unfortunately, reliable deterministic single photon sources are not yet available. For this reason, currently most of experimental QKD implementations rely on the use of coherent states, easily produced by a laser source.

Coherent state BB84 have been one of the most interesting topics of interest for QKD in the past decades, and today it is one of the most preferred choice in commercial implementations. In order to achieve long distance security, however, another modulation must be added to the general scheme: the decoy-state method. In fact, by modulating the intensity of the coherent states prepared, it is possible to infer the fraction of secure single photon states exchanged by Alice and Bob and use once again the security proof for the original BB84.

Figure 5 Simple setup for the QKD protocol with 3 states prepared by Alice, 3 state detected by Bob and 2 decoy state intensities.
Figure 5 Simple setup for the QKD protocol with 3 states prepared by Alice, 3 state detected by Bob and 2 decoy state intensities.


The most common decoy state BB84 uses four encoding states (using two orthogonal modes of light, e.g. polarization, time, phase) and three possible intensities for the decoy state modulation, where one is simply the vacuum. This means that in order to implement this protocol a total of nine different states must be prepared. In the past years however, it was discovered that it is not necessary to send all four encoding states of BB84 and only three are enough (see K. Tamaky Phys. Rev. A 90, 052314 (2014)). Moreover, in 2018 it was shown that a less popular decoy state method that uses only two intensity in the finite key regime was performing better than its more popular and complex counterpart (see D. Rusca Appl. Phys. Lett. 112, 171104 (2018)). Another recent simplification on this protocol was to allow Bob to discriminate unambiguously only three state out of the total four prepared usually (see D. Rusca Phys. Rev. A 98, 052336 (2018)). All these simplification of the original decoy-state BB84 allowed for the development of a recent time bin encoded QKD experiment (see Figure 5) that proved the secure transmission of a secret key over the distance of 421 km of ultra-low-loss fibre (see A. Boaron Phys. Rev. Lett. 121, 190502 (2018)).



In this brief document we tried to show how useful the properties of quantum mechanics are when used for secure communications. On one side the probabilistic nature of this theory allows for almost perfect random number generators which results no one could foresee. On the other side, quantum mechanics allows for private and secure key distribution for remotely position trusted parties, were any adversary abiding to the laws of physics cannot steal any information.

Thanks for  your interest,

Davide Rusco



QCALL ESR Conference 2019

Held in Mondello, Sicily, on September 16-19, 2019 – Funded and organised by the QCALL network.

The Early-Stage Researchers Conference (ESRC) is a four-day conference on quantum communications, aimed at Master and PhD students as well as early post-doctoral researchers.

The conference will feature five well-known invited speakers, introducing each of the main topics of the conference, and possibly an industry session will be organised. There will also be time for around 30 talks by other participants as well as a poster session. The topics covered by the conference will be:

  • Entanglement-based Quantum Communications
  • Security of QKD
  • Satellite QKD
  • MDI-QKD and TF-QKD
  • Component technology (Chip-based QKD, detectors, QRNG, etc.)
Invited speakers

Industrial speakers

Alongside the conference, a film festival with clips submitted by high-school students will also take place during the event.

The conference will be held in Mondello, Sicily, close to Palermo and only a 20-minute drive from the Punta Raisi International Airport. The town offers lots of beautiful sceneries and a nice seaside, which in September is still warm enough to enjoy. The venue will be the renowned Addaura Hotel.

You can find here more information about how to get to Mondello and the conference application process and fees.

  • The deadline for submission is the 16th of June 2019. Deadline was extended to the 30th of June
    Please note: Poster applications sent after the deadline may be considered within reasonable limits. Please contact the organisers.
  • A decision will be notified at the email you provide on or before the 17th of July 2019.
  • Deadline for registration is the 31st of July 2019.

All deadlines are 23:59 UTC.

The conference program can be found here.

For any enquirers, please contact the organising committee at:

Organising committee
Technical Committee


A public evening introducing Quantum Computer in Paris

The International Conference on Quantum Computing (ICoCQ) took place at Ecole Normale Supérieure, Paris, from the 26th to the 30th of November 2018.

A public evening during the conference, open to the general public was organized on the 27th of November at the Sorbonne University auditorium. About 350 people, including people from all age group, participated in the evening.

In this evening ESR Nilesh Vyas also participated and helped with the organization of the evening. The purpose was to introduce the general public with the idea of the quantum computer, its functionality, how it performs computation and its basic hardware. The evening started with a talk on Quantum computer, given by Professor  Klaus Molmer followed by a roundtable discussion and addressing the questions from the general public.


ESRs at VenetoNight 2018 – La notte dei ricercatori European Researchers’ night in Padova

ESRs at the “VenetoNight 2018 – La notte dei ricercatori” (The night of the researchers)

The European researchers’ night is held every year in many different cities across Europe, aiming to bring researchers closer to the general public. Through interesting and attractive experiments and demonstrations, researchers from many different fields try to increase public awareness of the positive impact of scientific research in the people’s everyday life and, at the same time, encourage pupils to embark on research careers.

research night 1

This year, 4 QCALL ESRs from Padova (Mujtaba Zahidy and Hamid Tebyanian) and Düsseldorf (Federico Grasselli and Carlo Liorni) participated to the event held in Padova on the 28th of September, alongside other researchers from the Department of Information Engineering (DEI). Every year, this event attracts a considerable crowd, of every age and every level of scientific background.

research night 2

The ESRs presented to the public, with simple and clear concepts, the main topics of quantum communication and quantum information, together with details about the EU flagship on quantum technologies and the QCALL project. Two simple experiments came along. The first about light interference, used as starting point to explain concepts in quantum physics like the superposition principle. The second consisted in a simple quantum random number generator, accompanied by an interactive interface and explanations about the usefulness of random numbers in our everyday life. The response from the public was exceptionally good and people kept asking questions and discussing until late in the night.

research night 3research night 4

You can check at this link…/actions/european-researchers-night_en where is the closest European Researchers’ Night to your place. Whatever your background is, interesting discussions and demonstrations are waiting for you!