# Adrian Kent's articles on arXiv

Adrian Kent is a British theoretical physicist, Professor of Quantum Physics at the University of Cambridge, member of the Centre for Quantum Information and Foundations, and Distinguished Visiting Research Chair at the Perimeter Institute for. Adrian Kent is a British theoretical physicist, Professor of Quantum Physics at the University of Cambridge, member of the Centre for Quantum Information.

**Adrian Kent's articles on arXiv**

Professor Adrian Kent · Career. Professor of Quantum Physics, DAMTP, University of Cambridge. Fellow, Wolfson College, Cambridge · Research. Member of the Centre. Adrian Kent · Academic Affiliations · Research: Quantum foundations, quantum information theory and quantum cryptography · Other topics · Earlier research.

**adrian kent. Adrian Kent. Professor of Quantum Physics, Cambridge; Distinguished Visiting Research Chair, Perimeter. Verified email at gieldaprzemyslowa.pl - Homepage.**

Authors: Adrian Kent (Centre for Quantum Information and Foundations, DAMTP, University of Cambridge, and Perimeter Institute for Theoretical Physics). Adrian Kent: A no-summoning theorem in relativistic quantum theory. Quantum Inf. Process. 12(2): ();

04.11.2021

**dblp: Adrian Kent**

- Our people | Institute for Quantum Computing | University of Waterloo
- Adrian Walters | Faculty | Chicago-Kent College of Law
- Adrian Kent, Quanta and Qualia - PhilArchive
- Adrian Barker found guilty of murder in Kent in 2009, sentenced to life in prison
- Adrian Kent | Aeon
- Adrian Kent (Editor of Many Worlds?)
- Adrian Kent - The Mathematics Genealogy Project
- Adrian Kent, Professor of Quantum Physics, University of Cambridge
- Opening Soon
- Adrian Kent's articles on arXiv

## Opening Soon

.

## Adrian Kent | Aeon

Barker's friend and co-defendant Ronald G. Kelly, 23, also a UA student and also from Shaker Heights, was convicted of murder and felonious assault and sentenced to life in prison with the possibility of parole after 15 years. His first parole hearing is scheduled in , according to the Ohio Department of Rehabilitation and Corrections.

Glenn P. Jefferson Jr. He drove Barker and Kelly to Kent the night of the incident. Never charged in the assault or murder, he instead served one year in prison for lying to Kent police during their investigation. He ended up testifying against both Barker and Kelly. Defense attorneys tried to paint Jefferson as an alternate suspect to Barker -- the two have similar builds and were both dressed in white T-shirts the night of the incident -- and also attacked the Kent Police Department investigation.

However, approximately 20 eyewitnesses identified Barker and Kelly as the men who stomped and kicked Kernich after Barker knocked him unconscious with a single punch to the back of the head. Expose your work to one of the largest A. Self-supervised learning methods and applications in medical imaging analysis: A survey. Already have an account? Login here. Don't have an account? Signup here. Adrian Kent is this you?

Featured Co-authors. Unlike other approaches to defining measurement events, this prescription is explicitly Lorentz covariant.

It also respects standard quantum dynamics. The description of quantum reality augments the unitarily evolving quantum state but does not change its evolution. Effectively, in Everettian language, it gives a precise rule for picking out one quasiclassical world from the universal wave function.

## Adrian Kent - The Mathematics Genealogy Project

The latest Tweets from Adrian Kent (@Adrian_Kent). Prof of Quantum Physics, Cambridge. Visiting Research Chair, Perimeter Inst. Advisory board member.**adrian kent**
Adrian Kent profile picture. University of Cambridge. Distinguished Visiting Research Chair. Areas of research: Quantum Foundations · Quantum Information. Adrian Kent is Professor of Quantum Physics at the University of Cambridge and a Distinguished Visiting Research Chair at Perimeter Institute for. University of Cambridge Graphic. Professor of Quantum Physics. University of Cambridge. Oct - Present6 years 10 months. Cambridge, United Kingdom · Wolfson.

## Adrian Kent, Quanta and Qualia - PhilArchive

**Sign up for daily e-mails**

S-money [Proc. A , ] schemes define virtual to We propose definitions and implementations of "supermoney" - virtual tok Summoning is a task between two parties, Alice and Bob, with distributed Suppose some future technology enables the same consciously experienced Are you a researcher?

Expose your work to one of the largest A. Self-supervised learning methods and applications in medical imaging analysis: A survey. Already have an account? Login here. Don't have an account? Signup here. Presumably technology will ultimately make long range quantum channels of types 2 and 3 practical and reliable. However, at present, we do not have reliable practical teleportation, nor reliable long-term quantum state storage for teleportation with predistributed entanglement and the necessary quantum transmissions for type 3 channels become increasingly challenging as the channel length in the lab rest frame increases.

Ensuring that a quantum transmission channel of type 1 is physically secure is also challenging: it requires resources that scale at least linearly with length and may simply not be practical or possible over long distances in many scenarios. We propose the following technique to get around these obstacles. Define the space-time points such that P , and Q j are collinear and is on the boundary of the region she controls around P. In practice, we imagine will generally be much closer to P than to Q j.

She transmits the classical data i securely from or wherever it was generated to her lab at Q j and gives it to Bob only there. See Figure 1. Alice controls a laboratory including on its border the points P , and and disjoint laboratories including on their borders the points Q 1 and Q 2 respectively, where and are lightlike lines. Bob may control the rest of space-time.

There she randomizes it and returns the randomized state to Bob. The classical data describing how the state was randomized are transmitted along a secure classical channel and returned to Bob at Q i. Alice transmits dummy quantum and classical information and returns them to Bob at the corresponding points on the opposite wing. Precisely how and where the unitary U i is applied depends on the type of quantum channel Alice uses between P and.

Perhaps counterintuitively, the same security argument also holds for the classically extended versions of the scheme described here. The reasoning is simple. This procedure produces at each site Q j a quantum state. Compared to the situation where Alice has physically secure quantum transmission channels from P to the Q j case S1 , this procedure is more restricted for Alice and hence offers her less cheating strategies.

Therefore the bounds that apply in case S1 also apply for the present protocol and in particular the optimal probabilities of these states passing Bob's tests must satisfy.

In these classically extended schemes, Alice needs to be able to receive an unknown state, randomize it and transmit it a short distance securely at light speed along her chosen path, return it to Bob and transmit the classical randomization data at light speed securely over a long distance.

Short range secure transmission of a quantum state is, clearly, easier than long range transmission. Reliable long range secure transmission of classical data can be easily achieved, using pre-shared one-time pads or, if the range is within the limits of current technology, quantum key distribution. These schemes thus appear practically advantageous for Alice. Note, however, that for many cryptographic applications Bob must be able to verify that the points at which the state is returned are space-like separated.

For example, this is necessary in the bit commitment schemes of Ref. To be precise, Alice is required to choose a probability distribution over j , since she can commit to a superposition of bits. Any other cryptographic application that requires Alice to be prevented from deciding the value of j at a point in the future of P similarly requires the to be space-like separated: if they are not, she can sequentially send the quantum state between non-space-like separated and decide en route at which site she will return the state.

The need for space-like separated poses its own practical challenges, requiring more precise timings and shorter transfer delays, as the separations grow shorter.

He has more than one option, depending on the available technology and on how quickly where in spacetime he needs to verify the unveiled commitment. For example:. This requires Bob rather than Alice to have a long range quantum channel, an advantage in the scenarios we envisage in which Bob's technology is better.

A further advantage is that Bob's long range channel need not necessarily be secure. Alice would gain no cheating advantage, compared to the original version of the scheme with long-range quantum transmissions, by being able to tamper with this state en route — in the original scheme, she controls the state throughout the path from P to Q j. This requires Bob to have quantum state storage.

It also delays his verification of the state, which is a disadvantage in some contexts. For example, if the state is used as an authentication token, Bob cannot immediately verify Alice's authentication at Q j. However, it would be advantageous in a possible scenario in which reliable local quantum state storage turns out to be easier than reliable long range quantum transmission. These two options have one very clear advantage in the near-ideal case where Alice and Bob's errors and losses can be made small through error correction or advanced technology.

In this case the quantum information encoded in the unknown state remains essentially intact. Bob can thus make use of the token as he wishes. For example, he could return the token to Alice if, at the relevant point Q j , she decides she wishes not to use it, but to propagate it to another site in the causal future of Q j.

Alternatively, he could pass it on to a third party for storage or testing. In realistic implementations of protocols using any of the secure channels S 1— S 3, A and B 's channels and devices will introduce some errors, their channels will suffer losses and Bob's detectors will also cause losses as well as detection errors.

We now show that, in principle, provided the levels of losses and errors are not too great, they can be securely countered by redundant implementations of the protocol. The idea here is that, instead of providing A with one random qudit at P , B provides her with N independently chosen random qudits in short time sequence so they all arrive close in time to the spacetime point P.

A is supposed to send all of them to points correspondingly close in space-time to her chosen site Q j and return them to B there. B accepts the site as chosen provided that he receives and verifies a sufficient fraction of the qudits. This protocol is more robust than the original protocol because Bob will not abort even if a small fraction of the particles are lost or corrupted by noise. We show below that this protocol can tolerate losses of up to of the particles.

For definiteness we consider only the case where A tries to pass Bob's statistical tests at two distinct sites, Q 1 and Q 2. Recall first the situation when Alice is provided with a single qudit.

The probabilities of passing Bob's test at the two sites are. They obey A complication in analysing this situation is that Alice can act collectively on all N qudits, which in principle might increase her cheating probability compared to strategies involving only individual qudit operations. We now show this is not the case. We suppose that Bob tests all N pairs of returned qudits in succession at sites Q 1 and Q 2. Bob accepts at site Q i if.

Let be the probability that Bob accepts at site Q i. We show that the sum of the probabilities of acceptance at both sites is bounded by. We note that security against Bob is as before, since he does not have access to any information until Alice provides him with the reveal information.

The proof of eq. The first step essentially shows that collective operations do not help Alice. We prove the following. Then, conditional on these results, the fidelities p k 1 and p k 2 on the k -th pair of returned qudits must satisfy. The probabilities of Bob's test outcomes after step iiib are independent on whether the teleportation was carried out before or after the cloning operation and so must violate 5.

But this is a contradiction, since Alice now has a generally applicable protocol for violating the universal bound 5 for cloning a single unknown state. The second step uses large deviation results for martingales and in particular the Azuma-Hoeffding inequality 50 , 51 , 52 to prove eq.

This more technical step is given at the end of the paper. Note that security for redundant protocols always requires a total error and loss rate, for Alice's operations, of less than. This choice may depend on information that may have become available at both Q 1 and Q 2 , allowing her actions at the two sites to be coordinated.

For example, it could depend on some event that will happen either at Q 1 or Q 2 but not both and that Alice cannot predict in advance. See Ref. An independent discussion of another proposed security model can be found in Ref.

On the other hand, the above argument shows that for sufficiently large N a loss rate lower than suffices. Even the weaker of these bounds — total error and loss rate less than — appears practically challenging with current technology. Delays are another practical issue: realistically, A and B 's state exchanges and quantum operations will not be instantaneous and their channels will transmit quantum states at speeds slower than c.

As noted elsewhere 35 , such delays affect the details of B 's security guarantee — he is no longer guaranteed that A was effectively committed to a choice Q j or probability distribution of choices precisely at the point P , for example.

As with all technologically unrestricted quantum protocols 46 , 47 , Alice can create a quantum superposition of commitments — in this case at, or in the non-ideal case near, P. Nonetheless, her optimal probabilities for successful unveiling are constrained by Eq. However, so long as they are small compared with the spacelike separations of the Q j , B is still guaranteed that A was effectively committed to a choice or probability distribution of choices of site Q j in advance, at a point relatively close to P.

Note also that, for secure implementations of variations B 1 and B 2 to be possible, Alice needs to receive and return N states in times short compared to the short separations between P and the sites. Redundant implementations also allow security even where neither party has reliable long distance state transmission or state storage. Suppose again that the unknown state is replaced by N independent states, generated by Bob.

However, as it requires neither quantum state storage nor long range quantum transmission from either party, it may be implemented in practice sooner than B 1 or B 2, as it requires only states of small dimension d to be created and manipulated, with no more advanced quantum technology needed by either party. Note again, though, that for a secure implementation to be possible Alice needs to receive and return N states in times short compared to the short separations between P and the sites.

Also, the quantum information encoded in the states is effectively destroyed by Bob's measurements, so this variation of the protocol cannot generally be combined with applications in which some quantum states supplied by Bob are subsequently used for another purpose.

As noted above, a quite general potential concern in quantum cryptography is that an adversary may exploit physical degrees of freedom other than those prescribed by the protocol. For example, in the protocols considered here, Bob is supposed to provide a randomly chosen qudit, which might for instance be supposed to be encoded in photon polarizations. If Alice then sends the photons along physically insecure channels, she is in principle vulnerable, even if the polarization degree of freedom is appropriately randomized.

If Bob can carry out a nondestructive measurement of the other degree of freedom, he can identify the channel carrying the photons he supplied, without detection.

A theoretically simple way for Alice to counter this was first noted by Lo and Chau 48 in considering an analogous security problem in quantum key distribution. Alice can prepare her own maximally entangled pairs of qudits, in separate secure but closely adjacent labs in the neighbourhood of P.

She teleports the relevant information encoded in each purported qudit supplied by Bob from the first lab to the second and uses the resulting teleported states in the remainder of the protocol. Since she prepared the relevant qudits herself, she can ensure that they carry no information other than that prescribed by the protocol.

To employ this strategy, Alice clearly must be able to teleport states at least over short distances. She may thus simply use the version of the protocol described above, in which teleportation is used as a short secure channel.

If so, of course, she needs only teleport any given qudit supplied by Bob once from P to. This already guarantees the qudit carries no extra information and so there is no need for a separate initial teleportation in the neighbourhood of P. Another possible way of dealing with this issue could be to design device independent protocols for the tasks discussed here. Device-independent protocols have been proposed for QKD 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 , 26 , 27 , 28 , 29 , quantum randomness expansion 30 , 31 , 32 and bit commitment and coin tossing 33 , among other tasks.

Many of these protocols have been shown to be vulnerable to attacks when devices are reused 49 , although possible defences have also been identified The ultimate scope of device-independent quantum cryptography remains an intriguing open question. It therefore would be interesting to explore whether device- independent protocols can be adapted to the relativistic cryptographic setting considered here.

Each of the strategies discussed here has theoretical and practical advantages in some plausible potential future scenario. The teleportation-based strategies are particularly simple and elegant; strategies involving transmitting randomised states require no pre-distributed entanglement or joint operations on states; strategies involving physically secure quantum channels require no operations on quantum states.

We have also discussed schemes involving multiple states transmitted over classically extended quantum channels. These need only states of small dimension to be created and manipulated and need only short range secure quantum communication. While even these schemes still pose experimental challenges, they seem to us interesting candidates for practically implementing the unconditionally secure bit commitment protocol of Ref.

Note that, in the case of bit commitment, there are also other relativistic protocols available 9 , 34 , which rely on different principles. Which of these is most suited to practical implementation will depend on the precise application, as well as on the evolution of technology. Each has advantages that may be compelling in some scenarios. In particular, the protocol of Ref. It also has an efficiency advantage in networks where multiple lightlike transmission directions are possible: log N bits can be committed by transmitting an unknown qudit in a direction chosen from N possibilities.

In summary, we hope the schemes outlined here will encourage further theoretical and experimental investigation of the extent to which relativistic quantum cryptographic tasks can be securely and reliably implemented with current or forseeable technology. From a broader theoretical perspective, our discussion also illustrates an intriguing application of teleportation to cryptography, somewhat different from those previously considered.

It was realised from the outset that teleportation has the beautiful cryptographic features that it enables A to communicate quantum information to B securely and to do so even when A does not know B 's location. We see here another cryptographic feature of teleportation, relying on the fact that A can securely teleport a state, known to B but not to A , to a location, known to A but not to B. When light speed delays are negligible, this is not very significant, since A can teleport between any sites effectively instantaneously.

In relativistic cryptography, though, it means that A can be constrained — she must choose one destination from a spacelike separated set — and yet conceal information her choice of destination from B. Our protocols also illustrate that, in quantum relativistic cryptography, the principle underlying teleportation — that classical and quantum communications can advantageously be separated and recombined at different locations — has much wider applications.

We complete here the proof of eq. Suppose that Bob makes his measurements on the states in succession in some order. Denote by Di k the random variable which equals 1 respectively 0 if Bob's test at site i on returned qudit k succeeds respectively fails.

Alice passes Bob's test at site i if where the security parameter. To establish security with respect to a dishonest Alice, we need to bound.

Denote by. From this it follows that Z k is a supermartingale The martingale increments are bounded in absolute value by. Hence we can apply the Azuma-Hoeffding inequality 50 , 51 , 52 to get for any. We now use this result to bound. We have. Bennett, C. Quantum cryptography: public-key distribution and coin tossing. Wiesner, S. Conjugate coding. Sigact News 15, 78—88 Ekert, A.

Quantum cryptography based on Bell's theorem. Cleve, R. How to share a quantum secret. Brassard, G. Anonymous quantum communication. Berlin: Springer. Ben-Or, M. Secure multiparty quantum computation with only a strict honest majority. Kent, A. Coin tossing is strictly weaker than bit commitment.

Unconditionally secure bit commitment. Secure classical bit commitment using fixed capacity communication channels. Cryptology 18, — Colbeck, R. Variable bias coin tossing.

A 73, Tagging Systems. US patent US Malaney, R. Location-dependent communications using quantum entanglement. A 81, Chandran, N. Position-based quantum cryptography. Quantum tagging: authenticating location via quantum information and relativistic signalling constraints. A 84, Buhrman, H. Position-based cryptography: impossibility and constructions.

Quantum tagging for tags containing secret classical data. Beigi, S.

## Adrian Barker found guilty of murder in Kent in 2009, sentenced to life in prison

Adrian Kent's 38 research works with citations and reads, including: Lorentzian Quantum Reality: Postulates and Toy Models. View the profiles of professionals named "Adrian Kent" on LinkedIn. There are 40+ professionals named "Adrian Kent", who use LinkedIn to exchange. **adrian kent**
Adrian Kent. IQC Affiliate, IQC Afffiliate, Perimeter Institute for Theoretical Physics. Adrian Kent. Email: [email protected] Adrian Kent. IQC Affiliate, IQC Afffiliate, Perimeter Institute for Theoretical Physics. Adrian Kent. [email protected] Group(s). Affiliates. onlyfans.comkitinstra
quant-ph; hep-th; gr-qc. Author Identifier: gieldaprzemyslowa.pl Advisor: Peter Goddard. present. Cambridge U., DAMTP. PHD, Cambridge U., DAMTP. by Adrian Beard, Pete Bunten, et al. | by Michael Kent and Adrian Langdon | 31 May out of 5 stars 2.

## Adrian Walters | Faculty | Chicago-Kent College of Law

See what Adrian Kent (adriankent) has discovered on Pinterest, the world's biggest collection of ideas. What would it mean to apply quantum theory, without restriction and without involving any notion of measurement and state reduction, to the whole universe? **adrian kent**
Adrian Kent Class of Perfect Game Player Profile. Adrian Kent. GRAD. | OF. | Vineland, NJ. UNCOMMITTED. NO PG GRADE. ABOUT PG GRADES. A service of the NDSU Department of Mathematics, in association with the American Mathematical Society. Adrian Patrick Antony Kent. MathSciNet. Ph.D. University.

## Adrian Kent (Editor of Many Worlds?)

Adrian Kent is the author of Eden Awakening ( avg rating, 0 ratings, 0 reviews) and Many Worlds? ( avg rating, 16 ratings, 2 reviews, published ). Adrian Kent is Professor of Quantum Physics in the Department of Applied Mathematics and Theoretical Physics, University of Cambridge and a Distinguished. **adrian kent**
Adrien Kent Art. Opening Soon. We'll be right back. Be the first to know when we launch. Promotions, new products and sales. Directly to your inbox. Email. Adrian Kent Statcast, Visuals & Advanced Metrics | gieldaprzemyslowa.pl

## adrian kent. Adrian Kent, Professor of Quantum Physics, University of Cambridge

Dean Adrian Kent. Member in Good Standing. Eligible to Practice Law in Florida. Dean Adrian Kent. Bar Number: Mail Address: Trenam Law PO Box Adrian Kent. Publications. Year. Venue. Title. JOFC. Secure Classical Bit Commitment Using Fixed Capacity Communication Channels. Adrian Kent. **adrian kent**
Adrian Kent is on Facebook. Join Facebook to connect with Adrian Kent and others you may know. Facebook gives people the power to share and makes the. Explore books by Adrian Kent with our selection at gieldaprzemyslowa.pl Click and Collect from your local Waterstones or get FREE UK delivery on orders over. liza del sierra onlyfans free
98 Followers, Following, 20 Posts - See Instagram photos and videos from Adrian Kent (@gieldaprzemyslowa.pl).

## Our people | Institute for Quantum Computing | University of Waterloo

Adrian Kent is a British theoretical physicist, Professor of Quantum Physics at the University of Cambridge, member of the Centre for Quantum Information and Foundations, and Distinguished Visiting Research Chair at the Perimeter Institute for. **Navigation menu**

Sign in. Get my own profile Cited by View all All Since Citations h-index 45 30 iindex 83 Public access. View all. David Wallace University of Pittsburgh Verified email at pitt. Nicolas Gisin University of Geneva Verified email at unige. Lee Smolin Perimeter Institute Verified email at perimeterinstitute. Brendon L. Jennewein University of Waterloo Verified email at iqc. Verified email at damtp. Articles Cited by Public access Co-authors. Title Sort Sort by citations Sort by year Sort by title.

Communications in Mathematical Physics 1 , , Journal of Physics A: Mathematical and Theoretical 44 9 , , Journal of Statistical Physics 82 5 , , International Journal of Modern Physics, , Classical and Quantum Gravity 29 22 , , Many Worlds? Everett, Quantum Theory and Reality , Articles 1—20 Show more. Help Privacy Terms.

Perhaps counterintuitively, the same security argument also holds for the classically extended versions of the scheme described here. The reasoning is simple. This procedure produces at each site Q j a quantum state.

Compared to the situation where Alice has physically secure quantum transmission channels from P to the Q j case S1 , this procedure is more restricted for Alice and hence offers her less cheating strategies. Therefore the bounds that apply in case S1 also apply for the present protocol and in particular the optimal probabilities of these states passing Bob's tests must satisfy.

In these classically extended schemes, Alice needs to be able to receive an unknown state, randomize it and transmit it a short distance securely at light speed along her chosen path, return it to Bob and transmit the classical randomization data at light speed securely over a long distance. Short range secure transmission of a quantum state is, clearly, easier than long range transmission.

Reliable long range secure transmission of classical data can be easily achieved, using pre-shared one-time pads or, if the range is within the limits of current technology, quantum key distribution. These schemes thus appear practically advantageous for Alice.

Note, however, that for many cryptographic applications Bob must be able to verify that the points at which the state is returned are space-like separated. For example, this is necessary in the bit commitment schemes of Ref. To be precise, Alice is required to choose a probability distribution over j , since she can commit to a superposition of bits.

Any other cryptographic application that requires Alice to be prevented from deciding the value of j at a point in the future of P similarly requires the to be space-like separated: if they are not, she can sequentially send the quantum state between non-space-like separated and decide en route at which site she will return the state.

The need for space-like separated poses its own practical challenges, requiring more precise timings and shorter transfer delays, as the separations grow shorter.

He has more than one option, depending on the available technology and on how quickly where in spacetime he needs to verify the unveiled commitment. For example:. This requires Bob rather than Alice to have a long range quantum channel, an advantage in the scenarios we envisage in which Bob's technology is better.

A further advantage is that Bob's long range channel need not necessarily be secure. Alice would gain no cheating advantage, compared to the original version of the scheme with long-range quantum transmissions, by being able to tamper with this state en route — in the original scheme, she controls the state throughout the path from P to Q j.

This requires Bob to have quantum state storage. It also delays his verification of the state, which is a disadvantage in some contexts. For example, if the state is used as an authentication token, Bob cannot immediately verify Alice's authentication at Q j. However, it would be advantageous in a possible scenario in which reliable local quantum state storage turns out to be easier than reliable long range quantum transmission.

These two options have one very clear advantage in the near-ideal case where Alice and Bob's errors and losses can be made small through error correction or advanced technology. In this case the quantum information encoded in the unknown state remains essentially intact. Bob can thus make use of the token as he wishes. For example, he could return the token to Alice if, at the relevant point Q j , she decides she wishes not to use it, but to propagate it to another site in the causal future of Q j.

Alternatively, he could pass it on to a third party for storage or testing. In realistic implementations of protocols using any of the secure channels S 1— S 3, A and B 's channels and devices will introduce some errors, their channels will suffer losses and Bob's detectors will also cause losses as well as detection errors.

We now show that, in principle, provided the levels of losses and errors are not too great, they can be securely countered by redundant implementations of the protocol. The idea here is that, instead of providing A with one random qudit at P , B provides her with N independently chosen random qudits in short time sequence so they all arrive close in time to the spacetime point P.

A is supposed to send all of them to points correspondingly close in space-time to her chosen site Q j and return them to B there. B accepts the site as chosen provided that he receives and verifies a sufficient fraction of the qudits.

This protocol is more robust than the original protocol because Bob will not abort even if a small fraction of the particles are lost or corrupted by noise. We show below that this protocol can tolerate losses of up to of the particles.

For definiteness we consider only the case where A tries to pass Bob's statistical tests at two distinct sites, Q 1 and Q 2. Recall first the situation when Alice is provided with a single qudit. The probabilities of passing Bob's test at the two sites are. They obey A complication in analysing this situation is that Alice can act collectively on all N qudits, which in principle might increase her cheating probability compared to strategies involving only individual qudit operations.

We now show this is not the case. We suppose that Bob tests all N pairs of returned qudits in succession at sites Q 1 and Q 2. Bob accepts at site Q i if. Let be the probability that Bob accepts at site Q i.

We show that the sum of the probabilities of acceptance at both sites is bounded by. We note that security against Bob is as before, since he does not have access to any information until Alice provides him with the reveal information. The proof of eq. The first step essentially shows that collective operations do not help Alice. We prove the following. Then, conditional on these results, the fidelities p k 1 and p k 2 on the k -th pair of returned qudits must satisfy.

The probabilities of Bob's test outcomes after step iiib are independent on whether the teleportation was carried out before or after the cloning operation and so must violate 5.

But this is a contradiction, since Alice now has a generally applicable protocol for violating the universal bound 5 for cloning a single unknown state. The second step uses large deviation results for martingales and in particular the Azuma-Hoeffding inequality 50 , 51 , 52 to prove eq.

This more technical step is given at the end of the paper. Note that security for redundant protocols always requires a total error and loss rate, for Alice's operations, of less than. This choice may depend on information that may have become available at both Q 1 and Q 2 , allowing her actions at the two sites to be coordinated.

For example, it could depend on some event that will happen either at Q 1 or Q 2 but not both and that Alice cannot predict in advance. See Ref. An independent discussion of another proposed security model can be found in Ref.

On the other hand, the above argument shows that for sufficiently large N a loss rate lower than suffices. Even the weaker of these bounds — total error and loss rate less than — appears practically challenging with current technology. Delays are another practical issue: realistically, A and B 's state exchanges and quantum operations will not be instantaneous and their channels will transmit quantum states at speeds slower than c.

As noted elsewhere 35 , such delays affect the details of B 's security guarantee — he is no longer guaranteed that A was effectively committed to a choice Q j or probability distribution of choices precisely at the point P , for example. As with all technologically unrestricted quantum protocols 46 , 47 , Alice can create a quantum superposition of commitments — in this case at, or in the non-ideal case near, P.

Nonetheless, her optimal probabilities for successful unveiling are constrained by Eq. However, so long as they are small compared with the spacelike separations of the Q j , B is still guaranteed that A was effectively committed to a choice or probability distribution of choices of site Q j in advance, at a point relatively close to P.

Note also that, for secure implementations of variations B 1 and B 2 to be possible, Alice needs to receive and return N states in times short compared to the short separations between P and the sites.

Redundant implementations also allow security even where neither party has reliable long distance state transmission or state storage. Suppose again that the unknown state is replaced by N independent states, generated by Bob.

However, as it requires neither quantum state storage nor long range quantum transmission from either party, it may be implemented in practice sooner than B 1 or B 2, as it requires only states of small dimension d to be created and manipulated, with no more advanced quantum technology needed by either party.

Note again, though, that for a secure implementation to be possible Alice needs to receive and return N states in times short compared to the short separations between P and the sites. Also, the quantum information encoded in the states is effectively destroyed by Bob's measurements, so this variation of the protocol cannot generally be combined with applications in which some quantum states supplied by Bob are subsequently used for another purpose.

As noted above, a quite general potential concern in quantum cryptography is that an adversary may exploit physical degrees of freedom other than those prescribed by the protocol. For example, in the protocols considered here, Bob is supposed to provide a randomly chosen qudit, which might for instance be supposed to be encoded in photon polarizations. If Alice then sends the photons along physically insecure channels, she is in principle vulnerable, even if the polarization degree of freedom is appropriately randomized.

If Bob can carry out a nondestructive measurement of the other degree of freedom, he can identify the channel carrying the photons he supplied, without detection.

A theoretically simple way for Alice to counter this was first noted by Lo and Chau 48 in considering an analogous security problem in quantum key distribution. Alice can prepare her own maximally entangled pairs of qudits, in separate secure but closely adjacent labs in the neighbourhood of P. She teleports the relevant information encoded in each purported qudit supplied by Bob from the first lab to the second and uses the resulting teleported states in the remainder of the protocol.

Since she prepared the relevant qudits herself, she can ensure that they carry no information other than that prescribed by the protocol. To employ this strategy, Alice clearly must be able to teleport states at least over short distances. She may thus simply use the version of the protocol described above, in which teleportation is used as a short secure channel.

If so, of course, she needs only teleport any given qudit supplied by Bob once from P to. This already guarantees the qudit carries no extra information and so there is no need for a separate initial teleportation in the neighbourhood of P.

Another possible way of dealing with this issue could be to design device independent protocols for the tasks discussed here. Device-independent protocols have been proposed for QKD 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 , 26 , 27 , 28 , 29 , quantum randomness expansion 30 , 31 , 32 and bit commitment and coin tossing 33 , among other tasks. Many of these protocols have been shown to be vulnerable to attacks when devices are reused 49 , although possible defences have also been identified The ultimate scope of device-independent quantum cryptography remains an intriguing open question.

It therefore would be interesting to explore whether device- independent protocols can be adapted to the relativistic cryptographic setting considered here. Each of the strategies discussed here has theoretical and practical advantages in some plausible potential future scenario. The teleportation-based strategies are particularly simple and elegant; strategies involving transmitting randomised states require no pre-distributed entanglement or joint operations on states; strategies involving physically secure quantum channels require no operations on quantum states.

We have also discussed schemes involving multiple states transmitted over classically extended quantum channels. These need only states of small dimension to be created and manipulated and need only short range secure quantum communication. While even these schemes still pose experimental challenges, they seem to us interesting candidates for practically implementing the unconditionally secure bit commitment protocol of Ref.

Note that, in the case of bit commitment, there are also other relativistic protocols available 9 , 34 , which rely on different principles. Which of these is most suited to practical implementation will depend on the precise application, as well as on the evolution of technology. Each has advantages that may be compelling in some scenarios. In particular, the protocol of Ref.

It also has an efficiency advantage in networks where multiple lightlike transmission directions are possible: log N bits can be committed by transmitting an unknown qudit in a direction chosen from N possibilities. In summary, we hope the schemes outlined here will encourage further theoretical and experimental investigation of the extent to which relativistic quantum cryptographic tasks can be securely and reliably implemented with current or forseeable technology.

From a broader theoretical perspective, our discussion also illustrates an intriguing application of teleportation to cryptography, somewhat different from those previously considered. It was realised from the outset that teleportation has the beautiful cryptographic features that it enables A to communicate quantum information to B securely and to do so even when A does not know B 's location. We see here another cryptographic feature of teleportation, relying on the fact that A can securely teleport a state, known to B but not to A , to a location, known to A but not to B.

When light speed delays are negligible, this is not very significant, since A can teleport between any sites effectively instantaneously. In relativistic cryptography, though, it means that A can be constrained — she must choose one destination from a spacelike separated set — and yet conceal information her choice of destination from B. Our protocols also illustrate that, in quantum relativistic cryptography, the principle underlying teleportation — that classical and quantum communications can advantageously be separated and recombined at different locations — has much wider applications.

We complete here the proof of eq. Suppose that Bob makes his measurements on the states in succession in some order. Denote by Di k the random variable which equals 1 respectively 0 if Bob's test at site i on returned qudit k succeeds respectively fails. Alice passes Bob's test at site i if where the security parameter. To establish security with respect to a dishonest Alice, we need to bound.

Denote by. From this it follows that Z k is a supermartingale The martingale increments are bounded in absolute value by. Hence we can apply the Azuma-Hoeffding inequality 50 , 51 , 52 to get for any. We now use this result to bound. We have. Bennett, C. Quantum cryptography: public-key distribution and coin tossing.

Wiesner, S. Conjugate coding. Sigact News 15, 78—88 Ekert, A. Quantum cryptography based on Bell's theorem. Cleve, R. How to share a quantum secret. Brassard, G. Anonymous quantum communication.

Berlin: Springer. Ben-Or, M. Secure multiparty quantum computation with only a strict honest majority. Kent, A. Coin tossing is strictly weaker than bit commitment. Unconditionally secure bit commitment. Secure classical bit commitment using fixed capacity communication channels. Cryptology 18, — Colbeck, R. Variable bias coin tossing. A 73, Tagging Systems. US patent US Malaney, R. Location-dependent communications using quantum entanglement. A 81, Chandran, N. Position-based quantum cryptography.

Quantum tagging: authenticating location via quantum information and relativistic signalling constraints. A 84, Buhrman, H. Position-based cryptography: impossibility and constructions. Quantum tagging for tags containing secret classical data. Beigi, S. Simultaneous instantaneous non-local quantum computation with applications to position-based cryptography.

New J. Barrett, J. No signalling and quantum key distribution. Maximally non-local and monogamous quantum correlations.

From Bells theorem to secure quantum key distribution. Efficient quantum key distribution secure against no-signalling eavesdroppers. Acin, A. Device-independent security of quantum cryptography against collective attacks. Pironio, S. Device-independent quantum key distribution secure against collective attacks. McKague, M. Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices. Masanes, L.