Rupert Ursin

Yoann Pelet, Ittoop Vergheese Puthoor, Natarajan Venkatachalam et al.

The ability to know and verifiably demonstrate the origins of messages can often be as important as encrypting the message itself. Here we present an experimental demonstration of an unconditionally secure digital signature (USS) protocol implemented for the first time, to the best of our knowledge, on a fully connected quantum network without trusted nodes. Our USS protocol is secure against forging, repudiation and messages are transferrable. We show the feasibility of unconditionally secure signatures using only bi-partite entangled states distributed throughout the network and experimentally evaluate the performance of the protocol in real world scenarios with varying message lengths.

Zixin Huang, Siddarth Koduru Joshi, Djeylan Aktas et al.

Anonymity in networked communication is vital for many privacy-preserving tasks. Secure key distribution alone is insufficient for high-security communications, often knowing who transmits a message to whom and when must also be kept hidden from an adversary. Here we experimentally demonstrate 5 information-theoretically secure anonymity protocols on an 8 user city-wide quantum network using polarisation-entangled photon pairs. At the heart of these protocols is anonymous broadcasting, which is a cryptographic primitive that allows one user to reveal one bit of information while keeping her identity anonymous. For a network of $n$ users, the protocols retain anonymity for the sender, given less than $n-2$ users are dishonest. This is one of the earliest implementations of genuine multi-user cryptographic protocols beyond standard QKD. Our anonymous protocols enhance the functionality of any fully-connected Quantum Key Distribution network without trusted nodes.

Christoph Pacher, Aysajan Abidin, Thomas Lorünser et al.

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols. In this paper, we prove that the set of messages that collide with any given message under this authentication code contains with high probability a message that has small Hamming distance to any other given message. Based on this fact we present extended MITM attacks against different versions of BB84 QKD protocols using the addressed authentication code; for three protocols we describe every single action taken by the adversary. For all protocols the adversary can obtain complete knowledge of the key, and for most protocols her success probability in doing so approaches unity. Since the attacks work against all authentication methods which allow to calculate colliding messages, the underlying building blocks of the presented attacks expose the potential pitfalls arising as a consequence of non-ITS authentication in QKD-postprocessing. We propose countermeasures, increasing the eavesdroppers demand for computational power, and also prove necessary and sufficient conditions for upgrading the discussed authentication code to the ITS level.