Daniel Gottesman

Demonstrating the viability of universal quantum computation using teleportation and single-qubit operations

We present a method to create a variety of interesting gates by teleporting quantum bits through special entangled states. This allows, for instance, the construction of a quantum computer based on just single qubit operations, Bell measurements, and GHZ states. We also present straightforward constructions of a wide variety of fault-tolerant quantum gates.Algorithms such as quantum factoring and quantum search illustrate the great theoretical promise of quantum computers; but the practical implementation of such devices will require careful consideration of the minimum resource requirements, together with the development of procedures to overcome inevitable residual imperfections in physical systems. Many designs have been proposed, but none allow a large quantum computer to be built in the near future. Moreover, the known protocols for constructing reliable quantum computers from unreliable components can be complicated, often requiring many operations to produce a desired transformation. Here we show how a single technique—a generalization of quantum teleportation—reduces resource requirements for quantum computers and unifies known protocols for fault-tolerant quantum computation. We show that single quantum bit (qubit) operations, Bell-basis measurements and certain entangled quantum states such as Greenberger–Horne–Zeilinger (GHZ) states—all of which are within the reach of current technology—are sufficient to construct a universal quantum computer. We also present systematic constructions for an infinite class of reliable quantum gates that make the design of fault-tolerant quantum computers much more straightforward and methodical.

How to Share a Quantum Secret

We investigate the concept of quantum secret sharing. In a (k,thinspn) threshold scheme, a secret quantum state is divided into n shares such that any k of those shares can be used to reconstruct the secret, but any set of k{minus}1 or fewer shares contains absolutely no information about the secret. We show that the only constraint on the existence of threshold schemes comes from the quantum {open_quotes}no-cloning theorem,{close_quotes} which requires that n{lt}2k , and we give efficient constructions of all threshold schemes. We also show that, for k{le}n{lt}2k{minus}1 , then any (k,thinspn) threshold scheme {ital must} distribute information that is globally in a mixed state. {copyright} {ital 1999} {ital The American Physical Society }

Class of quantum error-correcting codes saturating the quantum Hamming bound.

I develop methods for analyzing quantum error-correcting codes, and use these methods to construct an infinite class of codes saturating the quantum Hamming bound. These codes encode {ital k}={ital n}{minus}{ital j}{minus}2 quantum bits (qubits) in {ital n}=2{sup {ital j}} qubits and correct {ital t}=1 error. {copyright} {ital 1996 The American Physical Society.}

Theory of fault-tolerant quantum computation

In order to use quantum error-correcting codes to improve the performance of a quantum computer, it is necessary to be able to perform operations fault-tolerantly on encoded states. I present a theory of fault-tolerant operations on stabilizer codes based on symmetries of the code stabilizer. This allows a straightforward determination of which operations can be performed fault-tolerantly on a given code. I demonstrate that fault-tolerant universal computation is possible for any stabilizer code. I discuss a number of examples in more detail, including the five-quantum-bit code.

Encoding a qubit in an oscillator

Quantum error-correcting codes are constructed that embed a finite-dimensional code space in the infinite-dimensional Hilbert space of a system described by continuous quantum variables. These codes exploit the noncommutative geometry of phase space to protect against errors that shift the values of the canonical variables q and p. In the setting of quantum optics, fault-tolerant universal quantum computation can be executed on the protected code subspace using linear optical operations, squeezing, homodyne detection, and photon counting; however, nonlinear mode coupling is required for the preparation of the encoded states. Finite-dimensional versions of these codes can be constructed that protect encoded quantum information against shifts in the amplitude or phase of a d-state system. Continuous-variable codes can be invoked to establish lower bounds on the quantum capacity of Gaussian quantum channels.

Authentication of quantum messages

Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical secret key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a secret, classical random key, we provide a non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m+s qubits, where the error probability decreases exponentially in the security parameter s. The scheme requires a secret key of size 2m+O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically. This reasoning has two important consequences: It allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. Moreover, we use it to show that digitally signing quantum states is impossible.

Proof of security of quantum key distribution with two-way classical communications

Shor and Preskill (see Phys. Rev. Lett., vol.85, p.441, 2000) have provided a simple proof of security of the standard quantum key distribution scheme by Bennett and Brassard (1984) by demonstrating a connection between key distribution and entanglement purification protocols (EPPs) with one-way communications. Here, we provide proofs of security of standard quantum key distribution schemes, Bennett and Brassard and the six-state scheme, against the most general attack, by using the techniques of two-way entanglement purification. We demonstrate clearly the advantage of classical post-processing with two-way classical communications over classical post-processing with only one-way classical communications in quantum key distribution (QKD). This is done by the explicit construction of a new protocol for (the error correction/detection and privacy amplification of) Bennett and Brassard that can tolerate a bit error rate of up to 18.9%, which is higher than what any Bennett and Brassard scheme with only one-way classical communications can possibly tolerate. Moreover, we demonstrate the advantage of the six-state scheme over Bennett and Brassard by showing that the six-state scheme can strictly tolerate a higher bit error rate than Bennett and Brassard. In particular, our six-state protocol can tolerate a bit error rate of 26.4%, which is higher than the upper bound of 25% bit error rate for any secure Bennett and Brassard protocol. Consequently, our protocols may allow higher key generation rate and remain secure over longer distances than previous protocols. Our investigation suggests that two-way entanglement purification is a useful tool in the study of advantage distillation, error correction, and privacy amplification protocols.

Secure Quantum Key Distribution using Squeezed States

We prove the security of a quantum key distribution scheme based on transmission of squeezed quantum states of a harmonic oscillator. Our proof employs quantum error-correcting codes that encode a finite-dimensional quantum system in the infinite-dimensional Hilbert space of an oscillator, and protect against errors that shift the canonical variables p and q. If the noise in the quantum channel is weak, squeezing signal states by 2.51 dB (a squeeze factor er=1.34) is sufficient in principle to ensure the security of a protocol that is suitably enhanced by classical error correction and privacy amplification. Secure key distribution can be achieved over distances comparable to the attenuation length of the quantum channel.

Security of quantum key distribution with imperfect devices

This paper prove the security of the Bennett-Brassard (BB84) quantum key distribution protocol in the case where the source and detector are under the limited control of an adversary. This proof applies when both the source and the detector have small basis-dependent flaws, as is typical in practical implementations of the protocol. The estimation of the key generation rate in some special cases: sources that emit weak coherent states, detectors with basis-dependent efficiency, and misaligned sources and detectors.

Fault-tolerant quantum computation with local gates

Abstract The performance of fault-tolerant quantum computation with concatenated codes using local gates in small numbers of spatial dimensions is discussed. It is shown that a threshold result still exists in three, two, or one spatial dimensions when next-to-nearest-neighbour gates are available, and explicit constructions are presented. In two or three dimensions, it is also shown how nearest-neighbour gates can give a threshold result. In all cases, it is simply demonstrated that a threshold exists, and no attempt to optimize the error correction circuit or to determine the exact value of the threshold is made. The additional overhead due to the fault-tolerance in both space and time is polylogarithmic in the error rate per logical gate.