# Quantum key distribution using sequential weak values

## Abstract

We propose a new secure key distribution method that utilizes the properties of the sequential weak values of a quantum observable to prevent eavesdropping. Unlike all previous protocols, the security of this QKD protocol does not rely on the no-cloning theorem or on the spatial nonlocality of entangled states. The robustness of the protocol to detector dark counts and optical losses is investigated and is found to compare favorably with BB84. While this new protocol has the drawback of a very low secure key generation rate, that the rate is non-zero is a significant result due to the lack of any obvious use of the usual resources of quantum information.

### Keywords

Sequential weak values QKD Quantum communication## 1 Introduction

The resurgence in exploration of foundational questions in quantum mechanics has been to a large extent encouraged by the emergence of the new field of quantum information. Quantum information promises new technologies founded on the unique characteristics of quantum systems such as entanglement and the impossibility of perfect state cloning. In order to fully understand the possibilities and limitations of this new field of technology, it has been necessary and productive to re-examine many of the original questions pertaining to the meaning of the mathematical formalism through which quantum mechanics is currently expressed. In fact, it was the persistent questioning of certain foundational concepts by a small, determined group of scientists that made the creation of quantum information science possible [1, 2, 3, 4, 5, 6, 7, 8]. Aharonov and colleagues have for some time [9, 10, 11, 12] explored the implications of the time-symmetric formulation of non-relativistic quantum mechanics (TSQM). Central to this investigation are the properties of individual quantum systems in the intermediate time between two successive projective measurements. Such pre- and post-selected properties, called weak values, are given operational meaning by the process of weak measurement of an observable in which the system observable is weakly coupled to a quantum mechanical measuring device (MD) whose pointer uncertainty is relatively large. A general theoretical framework that clarifies the uniqueness and existence of weak values was recently constructed by Dressel and Jordan [13]. The non-classicality of quantum mechanical systems is displayed clearly by the sometimes surprising properties of weak values. For example, it has been shown that violation of a generalized Leggett-Garg inequality [14] occurs if and only if there is an observable whose weak value lies outside its eigen-spectrum [15, 16, 17, 18]. Also, beautifully consistent resolutions of quantum ‘paradoxes’ can be expressed and resolved through weak values and TSQM, e.g. [19, 20, 21, 22].

In this article we apply the time symmetric formulation of quantum mechanics and the properties of weak values to the construction of a new secure quantum key distribution (QKD) protocol. A novel feature of this QKD protocol is that it will not rely either on the no-cloning theorem, or on the nonlocality properties of entangled states. The information about the key will be encoded in the correlations that exist between two quantum systems, one held by Alice and one held by Bob, that are used to weakly measure the path information of a photon in an interferometer at two successive times. These correlations are directly related to the sequential weak value of the observable. This protocol is similar in some respects to a quantum communication scheme presented in [23]; however, our protocol is distinct in using the properties of sequential weak measurements to encode the transmitted information.

The state of each of the photons used in the protocol will be identical throughout, and thus independent of the bit value. For this reason, the ability to clone a quantum state is irrelevant since we can assume Eve actually knows the state of each photon. In addition, all of the classical information transmitted between Alice and Bob will be completely characterised by a single probability distribution that is independent of the chosen bit value. Thus, the broadcast classical information yields no information about the bit value. After post-selection, the classical information can be used by Bob to reveal the correlations between his and Alice’s weak measurement results and recover the bit value chosen by Alice. Because causality demands that these correlations can only be observed after post-selection, an eavesdropper would have to perform her own post-selection on some of the photons to gain any access to the bit value. Post-selection requires that a strong measurement be performed on the photons. In the proposed protocol, the disturbance due to such a strong measurement is detectable by Bob, placing a strict bound on Eve’s access to information about the distributed key.

## 2 Quantum measurement theory

### 2.1 Weak measurement and weak values

In this section we will briefly review the concepts of weak measurement and weak values. The weak value of a quantum mechanical observable was introduced by Aharonov et al. [10, 11, 12] over two decades ago. The weak value is experimentally obtained from the result of measurements performed upon a pre-selected and post-selected (PPS) ensemble of quantum systems when the interaction between the measurement apparatus and each system is sufficiently weak. Unlike the standard strong measurement of a quantum mechanical observable which disturbs the measured system and ‘collapses’ its state into an eigenstate of the observable, a weak measurement does not appreciably disturb the quantum system and yields the weak value as the measured value of the observable. This is possible because very little information about the observable is extracted in a single weak measurement. Experimentally determining the weak value requires performing weak measurements on each member of a large ensemble of identical PPS systems and averaging the resulting values.

The standard formulation of quantum mechanics describes a quantum system at a time \(t_{0}\) by a state that evolves in time from the past until \(t_{0}\). TSQM [12] also uses a second state which can be thought of as a state evolving backward in time from the future to \(t_{0}\). The weak values measured at time \(t_{0}\) are equally influenced by both of these states. Many experiments have verified the surprising and counter-intuitive aspects of weak values, e.g. [20, 21, 22, 24, 25]; in particular, they can lie far outside the associated observable’s eigenvalue spectrum and can be complex valued.

### 2.2 Sequential weak measurements

### 2.3 An example of sequential weak values

The pre-selected state is defined by injecting the photon into the lower port of the first MZI so that \(\left| \psi _\mathrm{in}\right\rangle =\left| 1\right\rangle \). This produces a state where the photon is localized completely in the upper state \(\left| 0\right\rangle \) along path \(C\) inside of the *second* MZI. This is because \(\widehat{B}\widehat{M}\widehat{B}\left| 1\right\rangle =-\left| 0\right\rangle \), where the beam-splitter operator is \(\widehat{B}=\frac{1}{\sqrt{2}}(\left| 0\right\rangle \left\langle 1\right| +\)\(\left| 1\right\rangle \left\langle 0\right| +i\mathbb {I)}\), the mirror operator is \(\widehat{M}=i\widehat{\mathbb {I}}\) , with \(\widehat{\mathbb {I}}\) the identity operator.

Even though the expectation value of path \(C\) is very small, the effect of performing a strong measurement of \(\left| 1\right\rangle \left\langle 1\right| _{2}\) has a dramatic effect on the post-selected weak values of \(\left| 1\right\rangle \left\langle 1\right| _{1}\) above [26]. Measurement of the occupation of path \(D\) for each photon will result in the weak values for both PPS ensembles to be equal to the expectation value of \(\left| 1\right\rangle \left\langle 1\right| _{1}\). Thus, \((\left| 1\right\rangle \left\langle 1\right| _{1} )_{w}^{D2}=(\left| 1\right\rangle \left\langle 1\right| _{2})_{w} ^{D1}=\frac{1}{2}\). This result will prove very useful in detecting the presence of an eavesdropper in the QKD protocol.

## 3 The QKD protocol

- 1.
Bob sequentially sends \(N\) single photons (photon \(i\) at time \(t_{i}\)) into the interferometer. Each photon is input into the same port so that each has \(\left| \psi _\mathrm{in}\right\rangle =\left| 1\right\rangle \).

- 2.
Bob performs a weak measurement (with coupling strength \(g_{B}\)) of \(\left| 1\right\rangle \left\langle 1\right| _{1}\) (occupation operator for path \(A\)) on each photon as it passes through MZI #1. Bob collects the individual pointer results into a list \(B\) ordered by time. We are imagining here that Bob’s MD is a separate quantum system (not, e.g. the photon’s polarization) prepared so that the pointer observable has a Gaussian distribution with unit uncertainty. However, Bob could use different MDs for each photon, or after collecting the pointer result, he could re-initialize a single MD between the photons arrival in the interferometer.

- 3.
Alice performs a weak measurement (with coupling strength \(g_{A}\)) of \(\left| 1\right\rangle \left\langle 1\right| _{2}\) (occupation operator for path \(D\)) on each photon leaving MZI#1 as it passes through MZI #2. Alice collects the individual pointer results into a time ordered list \(A\). Again, Alice’s measuring device is assumed to be a separate quantum system with Gaussian wavefunction and unit uncertainty.

- 4.
For each photon, Bob records the detector at which it arrives and places the information into a time-ordered list \(F\). Bob also records which photons are not detected by either detector. Using \(F\), Bob collects the subset of \(B\) associated with photons that arrived at detector \(D_{1}\) and puts these elements in a time-ordered list \(B_{1}\). Similarly for the subset associated with detector \(D_{2}\), Bob creates a list \(B_{2}\).

- 5.Bob calculates the means \(\mu _{1}\) and \(\mu _{2}\) of lists \(B_{1}\) and \(B_{2}\). These will yield the valuesand$$\begin{aligned} \mu _{1}=g_{B}\mathrm{Re }\left[ (\left| 1\right\rangle \left\langle 1\right| _{1})_{w}^{D1}\right] =g_{B}\cdot 1=g_{B}\end{aligned}$$where \(g_{B}\) is the coupling constant for Bob’s weak measurement if Eve does not strongly measure any of the photons. However, if Eve were to perform a projective measurement on all of the photons along path \(D\) then Bob would instead obtain the results \(\mu _{1}=\)\(\mu _{2}=g_{B}\cdot \frac{1}{2}\). This is because Eve’s measurement will break the correlation between Bob’s weak measurement results and the photons’ post-selection results. For the reason that Eve must perform an ideal measurement on the photons to eavesdrop, see step #8 of the protocol below and the next section.$$\begin{aligned} \mu _{2}=g_{B}\mathrm{Re }\left[ (\left| 1\right\rangle \left\langle 1\right| _{1})_{w}^{D2}\right] =g_{B}\cdot 0=0, \end{aligned}$$
- 6.
If Bob finds that \(\mu _{1}\) and \(\mu _{2}\) are too far from their expected values of \(g_{B}\) and \(0\), he tells Alice that the channel is not secure and they begin the protocol over again starting with completely new raw key; otherwise, Alice and Bob continue with step #7.

- 7.
Using the classical channel Bob broadcasts to Alice which photons were not detected by either detectors. Alice then removes the corresponding pointer values from her list \(A\).

- 8.
Alice sets the value of the bit to send to Bob based on the value of bit \(s_{i}\) in her random string \(S\). To set a ‘0’, she sends her list \(A\) as it is to Bob over the open classical channel. To set a value of ‘1’ Alice cyclicly permutes the members of the list \(A\) by a non-zero number of elements (this could be any nontrivial permutation, a cyclic permutation has been chosen for simplicity). Note that the mean value (and all other statistical properties) of \(A\) is invariant under this permutation. Therefore, Eve has no way, even in principle, to infer the bit value that Alice chose from this classical message alone. To distinguish the two lists Eve needs to correlate Alice’s weak measurement pointer results with some other information available to her. The only way for Eve to do this is to measure the photons occupation along the path to Alice for some of the photons. We will examine this in more detail in the next section.

- 9.
Bob assumes that the list Alice sent is still ordered in the same manner as his lists \(B\) and \(F\) (i.e. he assumes the list has not been permuted). Using the post-selection information in \(F\), Bob collects the subset of \(A\) associated with photons that arrived at detector \(D_{1}\) and puts them in a time ordered list \(A_{1}\). Similarly, for the subset associated with detector \(D_{2}\) Bob creates the list \(A_{2}\). Note that both \(A_{1}\)and \(A_{2}\) have the mean value \(\alpha =g_{A}g_{B}^{2}\).

- 10.
Bob multiplies the elements of the lists \(A_{1}\) and \(B_{1}\) to get list \(R_{1}\) and multiplies the elements of \(A_{2}\) and \(B_{2}\) to get list \(R_{2}\).

- 11.Bob calculates the covariance,of the pointer values \(A_{1}\) and \(B_{1}\), and \(\left\langle A_{2} ,B_{2}\right\rangle ^{c}\), for \(A_{2}\) and \(B_{2}\). If Bob finds that$$\begin{aligned} \left\langle A_{1},B_{1}\right\rangle ^{c}=\left\langle R_{1}\right\rangle -\left\langle A_{1}\right\rangle \left\langle B_{1}\right\rangle , \end{aligned}$$$$\begin{aligned} \left\langle A_{1},B_{1}\right\rangle ^{c}=+g_{A}g_{B},\text { and} \end{aligned}$$then Bob infers that the bit Alice sent is a ‘1’. If, however, \(\left\langle A_{1},B_{1}\right\rangle ^{c}=\left\langle A_{2},B_{2}\right\rangle ^{c}=0\), then Bob infers that bit Alice sent is a ‘0’.$$\begin{aligned} \left\langle A_{2},B_{2}\right\rangle ^{c}=-g_{A}g_{B}, \end{aligned}$$

After performing these steps for all bits in the list \(S\), Alice and Bob perform error correction on the bit string Bob possesses. Finally, privacy amplification is performed on the resulting shared bit string. This process will return a shorter string \(K\), the distilled secure key, that is unknown to Eve provided that Bob has more information about the string \(S\) than Eve [33].

## 4 Security of the protocol

*not*detecting a photon, and the average \(\alpha _{1}\) conditioned on detecting a photon. If \(\alpha _{0}=0\), and \(\alpha _{1}=g_{A}\), then Alice did not permute her list, while if \(\alpha _{0}=\alpha _{1}=g_{A}g_{B}^{2}\), Eve knows that Alice did permute it.

## 5 Security of the protocol using imperfect detectors

The security analysis in the previous section assumed an ideal physical implementation. In particular, we assumed that the interference of each photon as it passes through both MZIs is perfect and that both detectors only click when there is a photon present. The result of imperfect interference will be that Bob’s observed post-selected weak values will be somewhat closer to the expectation value and, therefore, make it harder to detect Eve. Also, Bob’s bit error rate will increase since the correlations between his MD and Alice’s will be reduced. We will not address the relationship between interferometer stability and security in this article. However, we will incorporate the effect of detector dark counts, optical fiber loss, optical component loss, and detector inefficiency into the security analysis. In security proofs of communication protocols it is conventional to ascribe to any potential eavesdropper complete control over the efficiency and dark count of the system’s photon detectors, as well as the ability to alter the actual photon loss rate of the total system. Here we will allow Eve the ability to alter the optical losses of the apparatus, selectively allow photons to arrive at the detectors, and have complete control over detector dark counts.

Before turning to the impact of dark counts, we note that the assumptions of perfectly efficient photon detectors and no optical losses were not actually needed in the previous discussion of security. This is because in step 7 of the protocol Alice removes the pointer values corresponding photons that are not detected. This removes the advantage Eve would have if she had access to these pointer values and could selectively withhold the associated photons from Bob. We can simply re-interpret \(N\) in the equations above as the total number of photons arriving at the detectors.

### 5.1 Attack utilizing pre-/post-selection by Eve and Alice’s weak measurement results

The situation is changed if the detectors also have dark counts since we are allowing the possibility that Eve can deterministicallly control the dark counts. In this case, a click at one of the detectors does not necessarily tell Bob the correct post-selection information about the associated weak measurement pointer value. Because of this, the difference between Bob’s post-selected weak value of \(\left| 1\right\rangle \left\langle 1\right| _{1}\) and its expectation value will be reduced by a factor proportional to the fraction of detector signals that are due to dark counts. This is because the spurious detector events are not correlated with the weak measurement pointer values of Bob’s MD. Because we are assuming Eve has the ability to control the dark counts of the detectors, her best strategy is to turn off the detector dark currents, and knowing the usual dark count rate, choose an equal fraction of photons on which to non-destructively perform projective measurements of \(\left| 1\right\rangle \left\langle 1\right| _{2}\). Bob would not observe any change in his weak value of \(\left| 1\right\rangle \left\langle 1\right| _{1}\), and so he would have no way of detecting the presence of Eve by the method in step 6 of the protocol. Eve would then have partial access to Alice’s chosen bit value by checking the consistency of the average of Alice’s weak measurement pointer results associated with the photons that Eve projectively measured, i.e. subject to post-selection by Eve’s measurement results.

### 5.2 Attack utilizing the classical correlation between Eve and Alice’s measurement results

In this class of attack Eve performs measurements on the state of each photon as it passes to/from Alice and uses this data to measure the degree of correlation between her and Alice’s pointer results. When Alice has permuted her pointer results any existing correlation between their results will be destroyed. Therefore, Eve might hope that she can tell whether the broadcast pointer results were permuted or not, and thereby gain information about the key bit value. We analyze this attack in the case of a general measurement strength, and then examine its effectiveness in the weak and strong measurement limits.

## 6 Performance comparison with BB84

For comparison, using the same optical losses and detector parameters, but assuming a perfect single photon source, the BB84 requirement of \(s<0.5\) for security against an intercept-resend attack implies \(l\lesssim 236\) km. In the case of a general attack, using the same device parameters, BB84 (with a one-way implementation) is only secure for \(l\lesssim 200\) km. Note that many practical implementations of BB84 also use an optical round trip between Alice and Bob [38] because of the noise cancellation such a configuration provides. For these implementations, the maximum distances between Alice and Bob are obviously \(118\) km (intercept-resend) and \(100\) km (general attack).

## 7 Discussion

The field of quantum information science (QIS) is a direct outgrowth of the efforts to better understand the foundations of quantum mechanics. Two of the most important cornerstones of QIS is the inability to perfectly copy a single, unknown quantum state, and the experimental invalidation of local realistic hidden variables through the violation of Bell’s inequality. The possibility of a secret key distribution method with security based on the laws of physics is one of the early technological outcomes of QIS. Currently, methods of quantum key distribution are based on either a variant of BB84 or the entangled photon E91 protocol [39]. Thus, the security of QKD methods is based on either the no-cloning theorem, or on the violation of Bell’s inequality. Recently, the new tool of weak measurements of post-selected ensembles of quantum systems has allowed the re-examination of some quantum ‘paradoxes’ that have arisen in quantum foundations research. The properties of the resulting weak values obtained by these weak measurements exhibit characteristics that highlight the non-classicality of quantum systems. In this article, we have applied some of the properties of weak values to the problem of secure key distribution. In particular, we have used the time symmetry of weak values to both encode the key bit values as well as limit Eve’s information about the key. The security of the protocol does not rely on the no-cloning theorem since the quantum state of the photons utilized is unchanged throughout. And the security is not derived from violation of Bell’s inequality since the photons used are not entangled. Instead, security is provided by the sensitivity of the post-selected weak values to both the pre-selected state of the photons and the time reversed evolution of the post-selected state. Encoding of the key bit values is made possible by the correlation induced between the states of the measuring devices used in two consecutive weak measurements under post-selection. These correlations are due to the fact that, in general, the sequential weak value of the product of two observables is not equal to the product of the individual weak values. This is a signature of the temporally non-local character of weak values and in particular of sequential weak values.

The impact of realistic optical losses and detector noise on the security of the SWV QKD protocol was analyzed. It was shown that the new protocol’s security compares favorably with that of BB84. In the case of two-way BB84 implementations, the SWV protocol is shown to be secure over longer distances when identical optical losses and detector noise are present. It should also be noted that the SWV protocol does not rely, as BB84 does, on the estimation of the quantum bit error rate to place bounds on Eve’s information. Instead, Eve’s information is bounded by the observed change in Bob’s weak measurement results. A formal proof of the security of the proposed SWV based QKD protocol is the focus of ongoing research. The robustness of the security of SWV QKD to interferometer instability and the use of imperfect single photon sources, such as weak coherent pulses, will be explored in a future article.

## Notes

### Acknowledgments

This work was supported by a grant from the Naval Surface Warfare Center Dahlgren Division’s In-house Laboratory Independent Research Program and the Naval Innovative Science and Engineering program. The author would like to thank Lev Vaidman for valuable discussion, in particular for the suggestion of the correlation attack analyzed in this article, and Dan Parks for comments and suggestions that improved the article.

### References

- 1.Einstein, A., Podolsky, B., Rosen, N.: Can quantum-mechanical description of physical reality be considered complete? Phys. Rev.
**47**, 777 (1935)CrossRefMATHGoogle Scholar - 2.Bohm, D., Aharonov, Y.: Discussion of experimental proof for the paradox of Einstein, Rosen, and Podolsky. Phys. Rev.
**108**, 1070 (1957)MathSciNetCrossRefGoogle Scholar - 3.Aharonov, Y., Bergmann, P., Lebowitz, J.: Time symmetry in the quantum process of measurement. Phys. Rev.
**134**, B1410 (1964)MathSciNetCrossRefGoogle Scholar - 4.Bell, J.: On the Einstein Podolsky Rosen Paradox. Physics
**1**, 195 (1964)Google Scholar - 5.Clauser, J., Horne, M., Shimony, A., Holt, R.: Proposed experiment to test local hidden-variable theories. Phys. Rev. Lett.
**23**, 880 (1969)CrossRefGoogle Scholar - 6.Freedman, S., Clauser, J.: Experimental test of local hidden-variable theories. Phys. Rev. Lett.
**28**, 938 (1972)CrossRefGoogle Scholar - 7.Wheeler, J.: The ‘Past’ and the Delayed-Choice Double-Slit Experiment. In: Marlow, A. (ed) Mathematical Foundations of Quantum Theory, pp. 9–48. Academic Press, New York (1978)Google Scholar
- 8.Aspect, A., Grangier, P., Roger, G.: Experimental tests of realistic local theories via Bell’s theorem. Phys. Rev. Lett.
**47**, 460 (1981)CrossRefGoogle Scholar - 9.Albert, D., Aharonov, Y., D’Amato, S.: Curious new statistical prediction of quantum mechanics. Phys. Rev. Lett.
**54**, 5 (1985)MathSciNetCrossRefGoogle Scholar - 10.Aharonov, Y., Albert, D., Vaidman, L.: How the result of a measurement of a component of spin of a spin-1/2 particle can turn out to be 100. Phys. Rev. Lett.
**60**, 1351 (1988)CrossRefGoogle Scholar - 11.Aharonov, Y., Vaidman, L.: Properties of a quantum system during the time interval between two measurements. Phys. Rev. A
**41**, 11 (1990)MathSciNetCrossRefGoogle Scholar - 12.Aharonov, Y., Rohrlich, D.: Quantum Paradoxes. Wiley-VCH, New York (2005)Google Scholar
- 13.Dressel, J., Jordan, A.: Contextual-value approach to the generalized measurement of observables. Phys. Rev. A
**85**, 022123 (2012)CrossRefGoogle Scholar - 14.Leggett, A., Garg, A.: Quantum mechanics versus macroscopic realism: is the flux there when nobody looks? Phys. Rev. Lett.
**54**, 857 (1985)MathSciNetCrossRefGoogle Scholar - 15.Williams, N., Jordan, A.: Weak values and the Leggett–Garg Inequality in solid-state qubits. Phys. Rev. Lett.
**100**, 02684 (2008)Google Scholar - 16.Palacios-Laloy, A., Mallet, F., Nguyen, F., Bertet, P., Vion, D., Esteve, D., Korotkov, A.: Experimental violation of a Bell’s inequality in time with weak measurement. Nat. Phys.
**6**, 442 (2010)CrossRefGoogle Scholar - 17.Goggin, M., Aleida, M., Barbieri, M., Lanyon, B., O’Brien, J., White, A., Pryde, G.: Violation of the Leggett–Garg inequality with weak measurements of photons. In: Proceedings of the National Academy of Sciences (USA), vol. 108, p. 1256 (2011)Google Scholar
- 18.Dressel, J., Broadbent, C., Howell, J., Jordan, A.: Experimental violation of two-party Legget–Garg inequalties with semiweak measurements. Phys. Rev. Lett.
**106**, 040402 (2011)CrossRefGoogle Scholar - 19.Hardy, L.: Quantum mechanics, local realistic theories, and Lorentz-invariant realistic theories. Phys. Rev. Lett.
**68**, 2981 (1992)MathSciNetCrossRefMATHGoogle Scholar - 20.Aharonov, Y., Botero, A., Popescu, S., Tollaksen, J.: Revisiting Hardy’s Paradox: counterfactual statements, real measurements, entanglement, and weak values. Phys. Lett. A
**301**, 130 (2002)MathSciNetCrossRefMATHGoogle Scholar - 21.Lundeen, J., Steinberg, A.: Experimental joint weak measurement on a photon pair as a probe of Hardy’s Paradox. Phys. Rev. Lett.
**102**, 020404 (2009)CrossRefGoogle Scholar - 22.Yokota, K., Yamamoto, T., Koashi, M., Imoto, N.: Direct observation of Hardy’s paradox by joint weak measurements with an entangled photon pair. New J. Phys.
**11**, 033011 (2009)CrossRefGoogle Scholar - 23.Botero, A., Reznik, B.: Quantum communication protocol employing weak measurements. Phys. Rev. A
**61**, 050301 (2000)CrossRefGoogle Scholar - 24.Starling, D., Dixon, P.B., Jordan, A., Howell, J.: Precision frequency measurements with interferometric weak values. Phys. Rev. A
**82**, 062822 (2010)Google Scholar - 25.Brunner, N., Simon, C.: Measuring small longitudinal phase shifts: weak measurements or standard interferometry? Phys. Rev. Lett.
**105**, 010405 (2010)CrossRefGoogle Scholar - 26.Tollaksen, J.: Pre- and post-selection, weak values, and contextuality. J. Phys. A
**40**, 9033 (2007)MathSciNetCrossRefMATHGoogle Scholar - 27.Aharonov, Y., Botero, A.: Quantum averages of weak values. Phys. Rev. A
**72**, 052111 (2005)CrossRefGoogle Scholar - 28.This expression for the effect of the weak measurement interaction on the MD is true for the case of a real-valued MD. For the more general case see [29].Google Scholar
- 29.Mitchison, R.: Complex weak values in quantum measurement. Phys. Rev. A
**76**, 044103 (2007)CrossRefGoogle Scholar - 30.Mitchison, G., Jozsa, R., Popescu, S.: Sequential weak measurement. Phys. Rev. A
**76**, 062105 (2007)CrossRefGoogle Scholar - 31.Mitchison, G.: Weak measurement takes a simple form for cumulants. Phys. Rev. A
**77**, 052102 (2008)CrossRefGoogle Scholar - 32.Tollaksen, J., Aharonov, Y., Casher, A., Kaufherr, T., Nussinov, S.: Quantum interference experiments, modular variables, and weak measurements. New J. Phys.
**12**, 013023 (2010)CrossRefGoogle Scholar - 33.Bennett, C., Brassard, G., Crepeau, C., Maurer, U.: Generalized privacy amplification. IEEE Trans. Inf. Theory
**41**, 1915 (1995)MathSciNetCrossRefMATHGoogle Scholar - 34.Bhatttacharyya, G., Johnson, R.: Statistical Concepts and Methods. Wiley, New York (1977)Google Scholar
- 35.Brassard, G., Lütkenhaus, N., Mor, T., Sanders, B.: Limitations on practical quantum cryptography. Phys. Rev. Lett.
**85**, 1330 (2000)CrossRefGoogle Scholar - 36.Bennett, C., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, 175 (1984)Google Scholar
- 37.Shor, P., Preskill, J.: Simple proof of security of the BB84 quantum key distribution protocol. Phys. Rev. Lett.
**85**, 441 (2000)CrossRefGoogle Scholar - 38.Stucki, D., Legré, M., Clausen, B., Felber, N., Gisin, N., Hensen, L., Junrod, P., Litzistorf, G., Monbaron, P.: Long-term performance of the SwissQuantum quantum key distribution network in a field environment. New J. Phys.
**13**, 123001 (2011)CrossRefGoogle Scholar - 39.Ekert, A.: Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett.
**67**, 667 (1991)MathSciNetCrossRefGoogle Scholar