Hoi-Kwong Lo’s current research interest is quantum information processing, particularly, the theory and experiment of quantum cryptography, entanglement theory, and quantum random number generation. In entanglement theory, he and Popescu derived some standard theorems in entanglement manipulations. In the theory of quantum cryptography, he made three important contributions in the 1990s. First, he was among the first to demonstrate the impossibility of a whole class of quantum cryptographic protocols including quantum bit commitment, thus correcting an erroneous long-held belief in the field. Second, in a paper in "Science" he and H. F. Chau provided a proof of security of quantum key distribution (QKD), thus solving a long-standing problem. Third, Cleve, Gottesman and Lo invented quantum secret sharing.

Research on quantum cryptography laboratory focuses on:

- Study of implementation issues of standard protocols in quantum cryptography: Real-time high speed classical post-processing (i.e, advantage distillation, error correction and privacy amplification) of signals generated by quantum cryptography is a highly non-trivial subject. It involves a deep understanding of quantum coding theory and a detailed investigation of many implementation issues.
- Design and implementation of new quantum cryptographic protocols: Various new quantum cryptographic protocols have been proposed in the literature. It is interesting to implement them in experiments in order to gain a better appreciation of their strengths and weaknesses.
- Study of eavesdropping attacks and defense strategies: In theory, quantum key distribution allows perfect security in communication guaranteed by the laws of physics. However, in our opinion, quantum information will lead to a new arms race between the quantum code-makers and quantum code-breakers. This is because a determined code-breaker will invest heavily in quantum technology to locate any implementation loophole in real-life quantum cryptographic systems. In our test-bed, we will launch such an arms race.
- Study of the effects of imperfections in real-life quantum cryptographic system: It is important to model imperfections in real-life quantum cryptographic systems and understand how they might affect the security and efficiency of those systems.

**Experiment (see here for the real system pictures):**

Quantum cryptography is one of the most important and practical applications of quantum information. Commercial quantum key distribution (QKD) products are currently on the market. Various QKD networks have been demonstrated, such the Tokyo QKD network (see UQCC project). However, there are two major concerns on its widely application: efficiency and security in real life. Our experimental QKD studies are centered on these two issues and we have made significant progress during the last few years.

1. The source of truly randomness—high speed quantum random number generator

The security of most modern cryptographic systems (including QKD) is highly dependent on the strength of random numbers—the encryption/decryption key. We have developed a high speed quantum random number generator based on measuring the quantum phase noise of a single-mode laser operating at a low intensity level near the lasing threshold [1]. A delayed self-heterodyning system has been developed to measure the random phase fluctuation and high quality random numbers have been generated at a rate of 500 Mbit/s. By optimizing the system design and applying sophisticate randomness extractor algorithm, we expect that the random number generation rate can be further increased by one order.

2. A more efficient QKD protocol—decoy state QKD

Our research on decoy state quantum key distribution [2-3] has attracted a lot of scientific attention. We have performed the first experimental demonstration of the idea [4]. Decoy state QKD has now become a standard method in the field and is being used in commercial products. It has been highlighted in quite a few media news, such as Canadian Technology News, Science Daily, Globe And Mail, Physics News Update, News @ UofT, PhysOrg.com, Optical Engineering magazine, New Scientist, Toronto Star, etc.

3. Integrate QKD into telecom network—continuous variable QKD

Gaussian modulated coherent state (GMCS) QKD protocol has drawn a lot of attention for its potential high secure key rate, especially over relatively short distances. Our recent works [5] show that it is possible to perform GMCS QKD together with classical communication through the same fiber by employing C-band DWDM technology. This opens a door for conducting QKD through standard telecom network. We have implemented GMCS QKD with off-the-shelf telecom components [6]. Most recently, we have been working on high speed, shot-noise limited optical homodyne detector [7], which is one bottleneck to implement high speed GMCS-QKD.

4. Exploring security loopholes in real life QKD system—quantum hacking

While various mathematical models of QKD systems built upon certain assumptions have been proved to be unconditionally secure, the security of real life QKD system hasn't been fully studied. The challenges come from the fact that any practical QKD implementation unavoidably contains various imperfections which may not be covered by a security proof. Recently, by exploiting some serious implementation vulnerability, we have proposed and experimentally demonstrated two different attacks on a commercial quantum cryptographic system successfully [8-11]. These works highlight the importance of battle testing any implementation details of a QKD system. These works have been reported by many medias, including The Economist, Nature, Nature News, Physics world, Technology review, etc.

**Theory:**

1. Universal Squash Model For Optical Communications Using Linear Optics And Threshold Detectors [12]

Quantum communications often rely on single photons as information carriers in order to exploit their quantum mechanical properties. However, practical detectors are often threshold detectors that are incapable of resolving the number of photons received. This apparently subtle issue has surprisingly immense implication to many quantum communications protocols. In fact, it has been shown that this issue leads to many problems including fake violation of Bell's inequality, insecurity of quantum key distribution, and false entanglement verification. The source of these problems is the discrepancy between the theoretical consideration where single-photon signals are assumed and the actual experiments where multi-photon signals may be detected. We report a universal solution to bridge this gap between theory and experiments.

2. Optimal Entanglement Transformations Among N-qubit W-Class States [13-14]

We investigate the physically allowed probabilities for transforming one N -partite W-class state to another by means of local operations assisted with classical communication (LOCC). Recently,Kintas and Turgut have obtained an upper bound for the maximum probability of transforming two such states (J. Math. Phys. 51, 092202 (2010)). Here, we provide a simple sufficient and necessary condition for when this upper bound can be satisfied and thus when optimality of state transformation can be achieved. Our discussion involves obtaining lower bounds for the transformation of arbitrary W-class states and showing precisely when this bound saturates the bound of (J. Math. Phys. 51, 092202 (2010)). Finally, we consider the question of transforming symmetric W-class states and in general, the optimal one-shot procedure for converting two symmetric states requires a non-symmetric filter by all the parties.

3. Insecurity of position-based quantum cryptography protocols against entanglement attacks [15]

Recently, position-based quantum cryptography has been claimed to be unconditionally secure.On the contrary, here we show that the existing proposals for position-based quantum cryptography are, in fact, insecure if entanglement is shared among two adversaries. Specifically, we demonstrate how the adversaries can incorporate ideas of quantum teleportation and quantum secret sharing to compromise the security with certainty. The common flaw to all current protocols is that the Pauli operators always map a codeword to a codeword (up to an irrelevant overall phase). We propose a modified scheme lacking this property in which the same cheating strategy used to undermine the previous protocols can succeed with a rate of at most 85%.We prove the modified protocol is secure when the shared quantum resource between the adversaries is a two- or three-level system.

4. Random multiparty entanglement distillation [16]

We describe a protocol for distilling maximally entangled bipartite states between random pairs of parties from those sharing a tripartite W state, and show that the total distillation rate [the total number of Einstein-Podolsky-Rosen (EPR) pairs distilled per W, irrespective of who shares them] may be done at a higher rate than EPR distillation between specified pairs of parties. Specifically, the optimal rate for distillation to specified parties has been previously shown to be 0.92 EPR pairs per W, while our protocol can asymptotically distill 1 EPR pair per W between random pairs of parties, which we conjecture to be optimal. We thus demonstrate a tradeoff between overall distillation rate and final distribution of EPR pairs.We further show that there exist states with fixed lowerbounded , but arbitrarily small distillable entanglement for specified parties.

Reference:

[1] Bing Qi, Yue-Meng Chi, Hoi-Kwong Lo, Li Qian, “High-speed quantum random number generation by measuring phase noise of a single-mode laser" Optics Letters 35, 312-314 (2010)

[2] Hoi-Kwong Lo, Xiongfeng Ma and Kai Chen, “Decoy State Quantum Key Distribution", Phys. Rev. Lett. 94, 230504 (2005)

[3] Xiongfeng Ma, Bing Qi, Yi Zhao, Hoi-Kwong Lo, “Practical decoy state for quantum key distribution,"Physical Review A 72, 012326 (2005)

[4] Yi Zhao, Bing Qi, Xiongfeng Ma, Hoi-Kwong Lo, Li Qian, “Experimental Quantum Key Distribution with Decoy States," Physical Review Letters 96, 070502 (2006)

[5] Bing Qi, Wen Zhu, Li Qian, Hoi-Kwong Lo, “Feasibility of quantum key distribution through dense wavelength division multiplexing network", New Journal of Physics 12, 103042 (2010)

[6] Bing Qi, Lei-Lei Huang, Li Qian, Hoi-Kwong Lo, “Experimental study on Gaussian-modulated coherent states quantum key distribution over standard telecom fiber", Physical Review A 76 052323 (2007)

[7] Yue-Meng Chi, Bing Qi, Wen Zhu, Li Qian, Hoi-Kwong Lo, Sun-Hyun Youn, A. I. Lvovsky, Liang Tian, "A balanced homodyne detector for high-rate Gaussian-modulated coherent-state quantum key distribution" New Journal of Physics, 13 013003 (2011)

[8] Bing Qi, Chi-Hang Fred Fung, Hoi-Kwong Lo, Xiongfeng Ma, “Time-shift attack in practical quantum cryptosystems,"Quantum Information and Computation, 7(1): 73-82 (2007)

[9] Yi Zhao, Chi-Hang Fred Fung, Bing Qi, Christine Chen, Hoi-Kwong Lo, “Experimental demonstration of time-shift attack against practical quantum key distribution systems", Physical Review A 78 042333 (2008).

[10] Chi-Hang Fred Fung, Bing Qi, Kiyoshi Tamaki, and Hoi-Kwong Lo, “Phase-Remapping Attack in Practical Quantum Key Distribution Systems", Physical Review A 75 032314 (2007)

[11] Feihu Xu, Bing Qi, Hoi-Kwong Lo, “Experimental demonstration of phase-remapping attack in a practical quantum key distribution system", New Journal of Physics 12, 113026 (2010)

[12] Chi-Hang Fred Fung, H. F. Chau, Hoi-Kwong Lo, Universal Squash Model For Optical Communications Using Linear Optics And Threshold Detectors, arXiv:1011.2982

[13] Bounds on probability of transformations between multipartite pure states, W. Cui, W. Helwig, and H.-K. Lo, Phys. Rev. A 81, 012111 (2010).

[14] Optimal entanglement transformations among N-qubit W-class states, W. Cui, E. Chitambar, and H.-K. Lo, Phys. Rev. A 82, 062314 (2010)

[15] Insecurity of position-based quantum cryptography protocols against entanglement attacks, H. K. Lau and H.-K. Lo, Phys. Rev. A 83, 012322 (2011).

[16] Random bipartite entanglement from W and W-like states, B. Fortescue and H.-K. Lo, Phys. Rev. Lett. 98, 260501 (2007)

**This research is financially supported by Canadian Institute for Photonic Innovation (ICIP),NSERC,the Canada Research Chairs (CRC) Program, Canada Foundation for Innovation (CFI), Ontario Innovation Trust (OIT), Premier's Research Excellence Award (PREA),The Canadian Institute for Advanced Research,Mathematics of Information Technology and Complex Systems(MITACS) and Quantum works**