**Quantum Key Recycling with eight-state encoding (The Quantum One Time Pad is more interesting than we thought)**

*B. Skoric and M. de Vries*

**Abstract: **Perfect encryption of quantum states using the Quantum One-Time Pad (QOTP) requires 2 classical key bits per qubit.
Almost-perfect encryption, with information-theoretic security, requires only slightly more than 1. We slightly improve lower bounds on the key length. We show that key length $n+2\log\frac1\varepsilon$ suffices to encrypt $n$ qubits in such a way that the cipherstate's $L_1$-distance from uniformity is upperbounded by $\varepsilon$. For a stricter security definition involving the $\infty$-norm, we prove sufficient key length $n+\log n +2\log\frac1\varepsilon+1+\frac1n\log\frac1\delta+\log\frac{\ln 2}{1-\varepsilon}$, where $\delta$ is a small probability of failure. Our proof uses Pauli operators, whereas previous results on the $\infty$-norm needed Haar measure sampling.

We show how to QOTP-encrypt classical plaintext in a nontrivial way: we encode a plaintext bit as the vector $\pm(1,1,1)/\sqrt3$ on the Bloch sphere. Applying the Pauli encryption operators results in eight possible cipherstates which are equally spread out on the Bloch sphere. This encoding, especially when combined with the half-keylength option of QOTP, has advantages over 4-state and 6-state encoding in applications such as Quantum Key Recycling and Unclonable Encryption. We propose a key recycling scheme that is more efficient and can tolerate more noise than a recent scheme by Fehr and Salvail.

For 8-state QOTP encryption with pseudorandom keys we do a statistical analysis of the cipherstate eigenvalues. We present numerics up to 9 qubits.

**Category / Keywords: **quantum cryptography

**Date: **received 28 Nov 2016, last revised 28 Dec 2016

**Contact author: **b skoric at tue nl

**Available format(s): **PDF | BibTeX Citation

**Note: **Improved the Key Recycling scheme.
Extended the results on key length.

**Version: **20161229:064733 (All versions of this report)

**Short URL: **ia.cr/2016/1122

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]