Cite this problem as **Problem 31**.

**Problem**

We call a set of quantum states geometrically uniform if there is a unitary operator that transforms

into for all , with indices read mod . Suppose now that copies of those geometrically uniform states are given, i.e., . If we have a quantum memory, and can do collective measurements on the systems, the square-root collective measurement will be the optimal strategy and provide the minimum error [1]. Otherwise, we must rely on measurements performed on individual copies. Does there always exist a suitably designed individual measurement strategy that asymptotically reaches the minimum error of the collective measurement?

**Background**

This problem is relevant particularly to eavesdropping strategies in quantum cryptography [2][3][4][5][6][7]. In those cryptographic scenarios, Eve obtains N copies of quantum states, which are geometrically uniform as defined above, and distinguishing them would tell her what the secret value of two legitimate parties is. In [5] and [6], the security condition is obtained under the assumption that Eve can store quantum states for a while and apply collective measurements, i.e., she has the so-called quantum memory. Once an individual measurement strategy that achieves the optimal collective measurement is provided, Eve does not need the quantum memory any more. Apart from the cryptographic model, this problem is in general interesting as one instance of whether quantum memory is essentially required or not.

**Partial Results**

One partial solution is provided in [7], where an individual measurement strategy that asymptotically saturates the minimum error of collective measurement is shown for the case of d=2. It is interpreted, namely Bayesian updating, that measurement result of the jth copy tells what the (j+1)th measurement has to be. An experimental implementation of a slightly modified scheme, adapted to noisy quantum states, is described in [8].

**References**

[1] Y. C. Eldar and G. D. Forney Jr, On quantum detection and the square-root measurement, IEEE Trans. Inform. Theory **47**, 858 (2001) and [1] quant-ph/0005132 (2000).

[2] N. Gisin and S. Wolf, Quantum cryptography on noisy channels: quantum versus classical key-agreement protocols, Phys. Rev. Lett. **83**, 4200 (1999) and [2] quant-ph/9902048 (1999).

[3] A. Acín, Ll. Masanes, and N. Gisin, Equivalence between two-qubit entanglement and secure key distribution, Phys. Rev. Lett. **91**, 167901 (2003) and [3] quant-ph/0303053 (2003).

[4] D. Bruss, M. Christandl, A. Ekert, B.-G. Englert, D. Kaszlikowski, and C. Macchiavello, Tomographic quantum cryptography: equivalence of quantum and classical key distillation, Phys. Rev. Lett. **91**, 097901 (2003) and http://xxx.lanl.gov/abs/quant-ph/0303184] quant-ph/0303184 (2003).

[5] A. Acín, J. Bae, E. Bagan, M. Baig, Ll. Masanes, and R. Muñoz-Tapia, Secrecy content of two-qubit states, Phys. Rev. A **73**, 012327 (2006) and [4] quant-ph/0411092 (2004).

[6] B.-G. Englert, D. Kaszlikowski, L. C. Kwek, and J. Y. Lim, Coherent eavesdropping attacks in tomographic quantum cryptography: nonequivalence of quantum and classical key distillation, Phys. Rev. A **72**, 042315 (2005) and [5] quant-ph/0312172 (2003).

[7] A. Acín, E. Bagan, M. Baig, Ll. Masanes, and R. Muñoz-Tapia, Multiple copy 2-state discrimination with individual measurements, Phys. Rev. A **71**, 032338 (2005) and [6] quant-ph/0410097 (2004).

[8] S. D. Bartlett, B. M. Booth, A. C. Doherty, B. L. Higgins, G. J. Pryde, and H. M. Wiseman, Mixed state discrimination using optimal control, Phys. Rev. Lett. **103**, 220503 (2009) and [7] quant-ph/0909.1572 (2009).