Unconditionally secure key distillation from multi-photons

In this paper, we prove that the unconditionally secure key can be surprisingly extracted from {\it multi}-photon emission part in the photon polarization-based QKD. One example is shown by explicitly proving that one can indeed generate an unconditionally secure key from Alice's two-photon emission part in ``Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulses implementations'' proposed by V. Scarani {\it et al.,} in Phys. Rev. Lett. {\bf 92}, 057901 (2004), which is called SARG04. This protocol uses the same four states as in BB84 and differs only in the classical post-processing protocol. It is, thus, interesting to see how the classical post-processing of quantum key distribution might qualitatively change its security. We also show that one can generate an unconditionally secure key from the single to the four-photon part in a generalized SARG04 that uses six states. Finally, we also compare the bit error rate threshold of these protocols with the one in BB84 and the original six-state protocol assuming a depolarizing channel.Comment: The title has changed again. We considerably improved our presentation, and furthermore we proposed & analyzed a security of a modified SARG04 protocol, which uses six state

FGGE/SMMR-30 tape specification and shipping letter description

The Nimbus-7 FGGE/SMMR-30 tape which contains sea ice concentration data in 30 km resolution which are extracted and reformatted from Nimbus-7 SMMR PARM-30 tapes in accordance with the FGGE level II International Exchange Format Specification is outlined. There are three types of files on a FGGE/SMMR-30 tape. The first file on the tape is a test file. The second file on the tape is a tape header file. The remaining one or more files are data files. All files are terminated with a single end of file (EOP) tape mark. The last file is terminated with two EOF tape marks. All files are made up of one or more physical records. Each physical record contains 2960 bytes. Each data file contains all available values for a 6 hour synoptic time period

FGGE/ERBZ tape specification and shipping letter description

The FGGE/ERBZ tape contains 5 parameters which are extracted and reformatted from the Nimbus-7 ERB Zonal Means Tape. There are three types of files on a FGGE/ERBZ tape: a tape header file, and data files. Physical characteristics, gross format, and file specifications are given. A sample tape check/document printout (shipping letter) is included

On the performance of two protocols: SARG04 and BB84

We compare the performance of BB84 and SARG04, the later of which was proposed by V. Scarani et al., in Phys. Rev. Lett. 92, 057901 (2004). Specifically, in this paper, we investigate SARG04 with two-way classical communications and SARG04 with decoy states. In the first part of the paper, we show that SARG04 with two-way communications can tolerate a higher bit error rate (19.4% for a one-photon source and 6.56% for a two-photon source) than SARG04 with one-way communications (10.95% for a one-photon source and 2.71% for a two-photon source). Also, the upper bounds on the bit error rate for SARG04 with two-way communications are computed in a closed form by considering an individual attack based on a general measurement. In the second part of the paper, we propose employing the idea of decoy states in SARG04 to obtain unconditional security even when realistic devices are used. We compare the performance of SARG04 with decoy states and BB84 with decoy states. We find that the optimal mean-photon number for SARG04 is higher than that of BB84 when the bit error rate is small. Also, we observe that SARG04 does not achieve a longer secure distance and a higher key generation rate than BB84, assuming a typical experimental parameter set.Comment: 48 pages, 10 figures, 1 column, changed Figs. 7 and

A proposal for founding mistrustful quantum cryptography on coin tossing

A significant branch of classical cryptography deals with the problems which arise when mistrustful parties need to generate, process or exchange information. As Kilian showed a while ago, mistrustful classical cryptography can be founded on a single protocol, oblivious transfer, from which general secure multi-party computations can be built. The scope of mistrustful quantum cryptography is limited by no-go theorems, which rule out, inter alia, unconditionally secure quantum protocols for oblivious transfer or general secure two-party computations. These theorems apply even to protocols which take relativistic signalling constraints into account. The best that can be hoped for, in general, are quantum protocols computationally secure against quantum attack. I describe here a method for building a classically certified bit commitment, and hence every other mistrustful cryptographic task, from a secure coin tossing protocol. No security proof is attempted, but I sketch reasons why these protocols might resist quantum computational attack.Comment: Title altered in deference to Physical Review's fear of question marks. Published version; references update

Security of quantum key distribution protocols using two-way classical communication or weak coherent pulses

We apply the techniques introduced in [Kraus et. al., Phys. Rev. Lett. 95, 080501, 2005] to prove security of quantum key distribution (QKD) schemes using two-way classical post-processing as well as QKD schemes based on weak coherent pulses instead of single-photon pulses. As a result, we obtain improved bounds on the secret-key rate of these schemes

Secure two-party quantum evaluation of unitaries against specious adversaries

We describe how any two-party quantum computation, specified by a unitary which simultaneously acts on the registers of both parties, can be privately implemented against a quantum version of classical semi-honest adversaries that we call specious. Our construction requires two ideal functionalities to garantee privacy: a private SWAP between registers held by the two parties and a classical private AND-box equivalent to oblivious transfer. If the unitary to be evaluated is in the Clifford group then only one call to SWAP is required for privacy. On the other hand, any unitary not in the Clifford requires one call to an AND-box per R-gate in the circuit. Since SWAP is itself in the Clifford group, this functionality is universal for the private evaluation of any unitary in that group. SWAP can be built from a classical bit commitment scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows that unitaries in the Clifford group are to some extent the easy ones. We also show that SWAP cannot be implemented privately in the bare model

Space propulsion systems. Present performance limits and application and development trends

Typical spaceflight programs and their propulsion requirements as a comparison for possible propulsion systems are summarized. Chemical propulsion systems, solar, nuclear, or even laser propelled rockets with electrical or direct thermal fuel acceleration, nonrockets with air breathing devices and solar cells are considered. The chemical launch vehicles have similar technical characteristics and transportation costs. A possible improvement of payload by using air breathing lower stages is discussed. The electrical energy supply installations which give performance limits of electrical propulsion and the electrostatic ion propulsion systems are described. The development possibilities of thermal, magnetic, and electrostatic rocket engines and the state of development of the nuclear thermal rocket and propulsion concepts are addressed

Coin Tossing is Strictly Weaker Than Bit Commitment

We define cryptographic assumptions applicable to two mistrustful parties who each control two or more separate secure sites between which special relativity guarantees a time lapse in communication. We show that, under these assumptions, unconditionally secure coin tossing can be carried out by exchanges of classical information. We show also, following Mayers, Lo and Chau, that unconditionally secure bit commitment cannot be carried out by finitely many exchanges of classical or quantum information. Finally we show that, under standard cryptographic assumptions, coin tossing is strictly weaker than bit commitment. That is, no secure classical or quantum bit commitment protocol can be built from a finite number of invocations of a secure coin tossing black box together with finitely many additional information exchanges.Comment: Final version; to appear in Phys. Rev. Let