## Flexible quantum private queries based on quantum key distribution |

Optics Express, Vol. 20, Issue 16, pp. 17411-17420 (2012)

http://dx.doi.org/10.1364/OE.20.017411

Acrobat PDF (1440 KB)

### Abstract

By adding a parameter *θ* in M. Jakobi et al’s protocol [Phys. Rev. A **83**, 022301 (2011)], we present a flexible quantum-key-distribution-based protocol for quantum private queries. We show that, by adjusting the value of *θ*, the average number of the key bits Alice obtains can be located on any fixed value the users wanted for any database size. And the parameter *k* is generally smaller (even *k* = 1 can be achieved) when *θ* < *π*/4, which implies lower complexity of both quantum and classical communications. Furthermore, the users can choose a smaller *θ* to get better database security, or a larger *θ* to obtain a lower probability with which Bob can correctly guess the address of Alice’s query.

© 2012 OSA

## 1. Introduction

1. P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in *35th Annual Symposium on the Foundations of Computer Science*, (Santa Fe, New Mexico, 1994), 124–134. [CrossRef]

4. N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys. **74**, 145–195 (2002). [CrossRef]

5. B. Chor, E. Goldreich, O. Kushilevitz, and M. Sudan, “Private Information Retrieval,” J. ACM **45**, 965–981 (1998). [CrossRef]

6. Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin, “Protecting data privacy in private information retrieval schemes,” J. Comput. Syst. Sci. **60**, 592–629 (2000). [CrossRef]

7. H. K. Lo, “Insecurity of quantum secure computations,” Phys. Rev. A **56**, 1154–1162 (1997). [CrossRef]

8. V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries,” Phys. Rev. Lett. **100**, 230502 (2008). [CrossRef] [PubMed]

9. V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries: securety analysis,” IEEE T. Inform. Theory **56**, 3465–3477 (2010). [CrossRef]

10. F. D. Martini, V. Giovannetti, S. Lloyd, L. Maccone, E. Nagali, L. Sansoni, and F. Sciarrino, “Experimental quantum private queries with linear optics,” Phys. Rev. A **80**, 010302 (2009). [CrossRef]

11. L. Olejnik, “Secure quantum private information retrieval using phase-encoded queries,” Phys. Rev. A **84**, 022313 (2011). [CrossRef]

12. M. Jakobi, C. Simon, N. Gisin, J.D. Bancal, C. Branciard, N. Walenta, and H. Zbinden, “Practical private database queries based on a quantum-key-distribution protocol,” Phys. Rev. A **83**, 022301 (2011). [CrossRef]

13. V. Scarani, A. Acín, G. Ribordy, and N. Gisin, “Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations,” Phys. Rev. Lett. **92**, 057901 (2004). [CrossRef] [PubMed]

12. M. Jakobi, C. Simon, N. Gisin, J.D. Bancal, C. Branciard, N. Walenta, and H. Zbinden, “Practical private database queries based on a quantum-key-distribution protocol,” Phys. Rev. A **83**, 022301 (2011). [CrossRef]

## 2. QPQ protocol based on QKD

*N*items in Bob’s database, and Alice has bought one of them and wants to obtain it secretly. The two users can execute the following protocol.

### 2.1. The protocol

- Bob prepares a long sequence of photons which are randomly in one of the states {|0〉, |1〉, |0′〉, |1′〉}, and sends them to Alice. Here and |0〉 and |1〉 represent bit 0, while |0′〉 and |1′〉 code for bit 1. The parameter
*θ*∈ (0,*π*/2) can be selected continuously according to particular situations, which will be demonstrated below. - Alice randomly measures each received photon in the basis
*B*= {|0〉, |1〉} or the basis*B*′ = {|0′〉, |1′〉}. Obviously this measurement does not allow her to infer the value of the bit sent by Bob. - Alice announces in which instances she has successfully detected the qubit. The bits carried by the lost photons are disregarded. Note that Alice cannot cheat by lying in this step (e.g. announcing a photon lost when she gets an unwanted measurement result). This is because till now Alice has no information about the sent bits and she cannot obtain any benefit by such a lie. Therefore, this protocol is completely loss tolerant, which is similar to that in J-protocol.
- For each qubit that Alice has successfully measured, Bob announces one bit 0 or 1, where 0 represents this qubit is originally in the state |0〉 or |0′〉, while 1 implies the qubit is |1〉 or |1′〉.
- Alice interprets her measurement results in step 2. According to her measurement result and Bob’s declaration, Alice can obtain the sent bit with a certain probability. This process is similar to that in B92 QKD protocol [14]. For example, if Bob’s declaration is 0 and Alice’s measurement result is |1〉 (|1′〉), she knows the qubit must be in the state |0′〉 (|0〉) before the measurement and then the sent bit is 1 (0). As a result, with Bob’s declaration in step 4, Alice’s measurements will yield
14. C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett.

**68**, 3121–3124 (1992). [CrossRef] [PubMed]*p*= (sin^{2}*θ*)/2 of conclusive results and 1 −*p*of inconclusive ones. Both conclusive and inconclusive results are stored. by this way Alice and Bob now share a raw key*K*which is known completely to Bob and partly to Alice (she knows^{r}*p*= (sin^{2}*θ*)/2 of the whole). - Two users execute postprocessing to the key so that Alice’s known bits in the key are reduced to 1 bit or a little more. Without loss of generality, suppose the length of the raw key shared between Alice and Bob is
*kN*. Here the natural number*k*is a parameter and we will discuss its value later. Alice and Bob cut the raw key into*k*substrings of length*N*, and add these*k*strings bitwise, obtaining the final key*K*with length*N*. This process is the same as that in J-protocol (please see Fig.1 in Ref. [12]). Till now, Bob knows the whole key**83**, 022301 (2011). [CrossRef]*K*and Alice generally knows only several bits in it. But if Alice is left with no known bit after this step, the protocol has to be restarted. As we will show later, if suitable parameters are selected this event happens only with small probability. - Bob encrypts his database and Alice obtains the item she wanted with one of her known bits in
*K*. In particular, suppose Alice knows the*j*th bit*K*and wants the_{j}*i*th item (bit) of the database*X*. She declares the number_{i}*s*=*j*−*i*. Then Bob shifts*K*by*s*and using the obtained key*K*′ to encrypt his database in the manner of one-time pad. Thus*X*is encrypted by_{i}*K*and consequently can be correctly obtained by Alice when she gets the encrypted database._{j}

### 2.2. The features of our protocol

*θ*=

*π*/4 our protocol becomes J-protocol, where the carrier states are

13. V. Scarani, A. Acín, G. Ribordy, and N. Gisin, “Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations,” Phys. Rev. Lett. **92**, 057901 (2004). [CrossRef] [PubMed]

*π*/4 is the optimal value of

*θ*(using a

*θ*other than

*π*/4 seems needless because it brings no benefits in theory but reduces the QKD efficiency). On the contrary, in our protocol we might expect that Alice gets less bits in the raw key. Therefore, common projective measurements are enough and, as we will show, a smaller

*θ*generally displays some better features than

*π*/4. Strictly speaking, our protocol is based on the variant of SARG04 protocol. Therefore, the features of J-protocol are still hold in ours. Furthermore, because

*θ*can be selected continuously in (0,

*π*/2) our protocol is more flexible and even exhibits advantages in communication complexity and security. In the following, by making the comparison to J-protocol, we discuss the features of our protocol.

- Different from BB84-based QPQ, our protocol can stand against the quantum memory attack by Alice. If Alice stores a received photon and measures it after Bob’s declaration in step 4, she cannot obtain this bit because she still has to discriminate nonorthogonal states.
- Our protocol is loss tolerant. As discussed above, Alice has no need to tell a lie on whether one photon is lost (especially saying that a photon she has received disappeared) because before Bob’s declaration she cannot get any information about the corresponding bit. Note that after Bob’s declaration Alice’s measurement is just like that in B92 protocol [14]. We can also directly use B92 protocol to perform QPQ (i.e. the carrier qubit is randomly in two states, |0〉 or |0′〉), where Bob’s declaration is not necessary anymore. But in this condition Alice will obtain some information about the sent bit after her measurement. To elicit more bits in the raw key, for example, Alice lies that the photon on which she gets a inconclusive result is lost. So, the B92-based QPQ is not so robust against channel-loss attack.
**68**, 3121–3124 (1992). [CrossRef] [PubMed] - Our protocol is practical and can be easily generalized to huge-database condition. This is because Alice and Bob just execute a simple QKD protocol and no high-dimension oracle operation [8, 11
8. V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries,” Phys. Rev. Lett.

**100**, 230502 (2008). [CrossRef] [PubMed]] is needed.11. L. Olejnik, “Secure quantum private information retrieval using phase-encoded queries,” Phys. Rev. A

**84**, 022313 (2011). [CrossRef]

*n*̄ =

*Np*(

^{k}*p*= (sin

^{2}

*θ*)/2) bits of the final key

*K*, where the number

*n*follows approximately a Poisson distribution. Here we only consider the bits which are obtained from the

*conclusive results by honest measurements*. The situation where Alice uses a delayed-choice unambiguous measurement will be discussed in Sec.III, where Alice will get almost perfect information about every raw bit for

*θ*approaching

*π*/2. And the probability that she does not know any bits at all and that the protocol must be restarted is

*P*

_{0}= (1 −

*p*)

^{k}*. Now let us see what will happens when*

^{N}*θ*<

*π*/4. Without loss of generality, suppose

*p*= (sin

^{2}

*θ*)/2 = 0.15. In this condition we can ensure both

*n*̄ ≪

*N*and small

*P*

_{0}, which implies a successful execution of QPQ [12

**83**, 022301 (2011). [CrossRef]

*k*(see Table 1). It can be seen that fewer substrings (i.e. a smaller

*k*) are needed than that in J-protocol, which means the number of transmitted qubits are greatly reduced. For example, when

*N*=50000 only 5 substrings are needed, while in J-protocol

*k*is 7 to achieve similar

*n*̄ and

*P*

_{0}. Thus at least 2

*N*= 105 qubits (not including the lost ones in the channel) are saved in our protocol. In fact, in our protocol

*k*= 1 is even feasible for not so large database size

*N*(see Tables 2 and 3). This is obviously a significant improvement with the comparison to J-protocol. Note that the condition

*k*= 1 will not compromise the cheat-sensitive character of the QPQ protocol, which we will discuss in the next section.

*n*̄ can be located on any fixed value the users wanted for any database size

*N*. Let us recall the results in J-protocol first (see Table I in Ref. [12

**83**, 022301 (2011). [CrossRef]

*N*= 50000 we have almost no choice but letting

*k*= 7 and

*n*̄ = 3.05 in J-protocol. This is because

*n*̄ will be 12.21 if

*k*= 6 and 0.76 (

*P*

_{0}= 0.466) if

*k*= 8, which are not so suitable for the aim of QPQ. The similar result exists for other

*N*. But in our protocol the condition will be changed. By selecting different values of

*θ*we can set

*n*̄ equals an expected value for any

*N*. Tables 2 and 3 are the results with

*k*= 1 when the wanted

*n*̄ is 3 and 5, respectively.

*k*= 1, which means the optimal communication complexity in our protocol,

*θ*will be very small for large

*N*. This might make its realization technically difficult. Therefore,

*k*> 1 is needed when

*N*is large. In this condition we can also locate

*n*̄ on an expected value for any

*N*by selecting suitable

*θ*and

*k*. For example, even though

*θ*> 0.2 is required we can also achieve

*n*̄ = 3 for any

*N*by simply adjusting

*k*(see Table 4).

*n*̄ = 3, is a general illustration about the flexibility of our protocol. It is shown that, we can achieve

*n*̄ = 3 by simply selecting a relatively small

*θ*, as long as it is feasible in the realization, and a suitable

*k*for any

*N*.

## 3. Security analysis

*θ*=

*π*/4, the analysis in Ref. [12

**83**, 022301 (2011). [CrossRef]

*θ*≠

*π*/4 in our protocol.

### 3.1. Database security

*K*. To this aim Alice can store the qubits received from Bob and take more effective measurements on them after Bob’s declaration in step 4.

^{r}16. U. Herzog and J. A. Bergou, “Optimum unambiguous discrimination of two mixed quantum states,” Phys. Rev. A **71**, 050301 (2005). [CrossRef]

*F*(

*ρ*

_{0},

*ρ*

_{1}), where

*F*(

*ρ*

_{0},

*ρ*

_{1}) is the fidelity between the two states to be discriminated. So in our protocol this probability is

*p*= 1 − 〈0|0′〉 = 1 − cos

^{USD}*θ*. It can be seen that, the advantage Alice obtains by USD measurement is negligible compared with the legal projective one, where the probability is

*p*= (sin

^{2}

*θ*)/2, especially when

*θ*is small (see Fig. 3). For example, when

*θ*= 0.284,

*N*= 50000 and

*k*= 3 (see Table 4), Alice can get

*n*̄

*= 50000 × (1 − cos0.284)*

^{USD}^{3}= 3.21 bits of the key by USD measurement, which is just a little more than the value by projective one, i.e.

*n*̄ = 50000×[(sin0.284)

^{2}/2]

^{3}= 3.02. Note that this implies an improvement compared to J-protocol, where

*n*̄

*= 9.3 in the same situation, i.e. pursuing*

^{USD}*n*̄ = 3.

**83**, 022301 (2011). [CrossRef]

*k*qubits which contribute to an element of the final key. By this means she wants to obtain the bit value of the final key directly without distinguishing the individual bit values of the raw key. In this condition two kinds of measurements can be used by Alice. One is Helstrom’s minimal error-probability measurement, i.e., the measurement that distinguishes two quantum states with the highest information gain [17, 18]. To distinguish two equally likely quantum states

*ρ*

_{0}and

*ρ*

_{1}, the probability to guess the state correctly is bounded by

*D*(

*ρ*

_{0},

*ρ*

_{1}) is the trace distance between

*ρ*

_{0}and

*ρ*

_{1}. In our protocol, therefore, Alice can correctly guess a final key bit with the probability at most

*θ*small this probability is close to 1/2 (a random guess). The other measurement Alice can use is USD measurement. In this condition the success probability of unambiguously discriminating the two

*k*-qubit mixed states corresponding to odd and even parity can be obtained, which declines rapidly with

*k*(see Fig. 4). In Fig. 4 the probabilities that Alice can get the final key bits by joint USD are depicted for different values of

*θ*, where we can see that when

*θ*is small Alice’s advantage by joint USD is distinctly decreased.

*θ*<

*π*/4 is chosen in our protocol it exhibits an obvious improvement compared to J-protocol in terms of the database security.

### 3.2. User privacy

**100**, 230502 (2008). [CrossRef] [PubMed]

**84**, 022313 (2011). [CrossRef]

**83**, 022301 (2011). [CrossRef]

**83**, 022301 (2011). [CrossRef]

*θ*. Similar to the analysis in Ref. [12

**83**, 022301 (2011). [CrossRef]

*p*= cos

_{c}^{2}(

*θ*/2). If Bob expects that Alice gets inconclusive result on one qubit, he just sends |0″〉 (|1″〉) and announcing 0 (1) in step 4. By this method the probability with which Alice gets conclusive result equals

*p*= 1 −

_{i}*p*= sin

_{c}^{2}(

*θ*/2). Figure 5 demonstrates the relation between

*p*and

_{c}*θ*. It can be seen that a smaller

*θ*implies a higher probability with which Bob can predict Alice’s conclusive bits. As analyzed above, we are inclined to use a small

*θ*∈ (0,

*π*/4) to achieve its advantages in communication complexity and security degree of the database. In this condition Bob generally can obtain the address of Alice’s query with relatively higher probability. But this does not decrease Alice’s privacy in the sense that it is still cheat sensitive. This is because Bob will inevitably lose the knowledge about the value of the key bit when he tries to obtain its conclusiveness, which is the same as that in J-protocol. For example, in the above attack, Bob will completely not know the value of the corresponding key bit though he can optimally estimate the address of Alice’s query. Consequently it is impossible for Bob to give Alice a right answer with certainty. This is assured by the no-signaling principle.

*θ*so that

*k*= 1 in our protocol, which means the optimal communication complexity. Recalling the process in step 6, we know that it is easier for Bob to guess the conclusiveness of one bit in Alice’s final key when

*k*is smaller. But this fact does not hurt the security of this protocol when

*k*= 1 because Bob will lose the value of the bit when he tries to get its conclusiveness. Of course, a large

*θ*(e.g.

*θ*>

*π*/4) can also be selected to achieve a small

*p*if we pursue a low probability with which Bob can correctly guess the address of Alice’s query (see Fig. 5). This exhibits the flexibility of our protocol again.

_{c}## 4. Conclusion

**83**, 022301 (2011). [CrossRef]

*θ*, seems minor in contrast to J-protocol, the effect of this modification is significant. On the one hand, it retains all the features of J-protocol. For example, it is loss tolerant, practical and robust against quantum memory attack. On the other hand, our protocol is very flexible and controllable due to introducing the parameter

*θ*, which can be selected as a continuous value. When a small

*θ*(

*θ*<

*π*/4) is used the aim of QPQ can be achieved with a smaller

*k*(even

*k*= 1) than that in J-protocol, which implies lower complexity of both quantum and classical communications. In our protocol, by adjusting the value of

*θ*, the average number of the key bits Alice obtains can be located on any fixed value the users wanted for any database size

*N*. In addition, when

*θ*<

*π*/4 our protocol exhibits better database security, which is ensured by the impossibility of perfectly distinguishing nonorthogonal quantum states. At the same time, user privacy is ensured by the no-signaling principle and, in some special conditions,

*θ*>

*π*/4 can be also selected to obtain a low probability with which Bob can correctly guess the address of Alice’s query.

## Acknowledgments

## References and links

1. | P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in |

2. | L. K. Grover, “A fast quantum mechanical algorithm for database search,” in |

3. | C.H. Bennett and G. Brassard, “Quantum cryptography: public-key distribution and coin tossing,” in |

4. | N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys. |

5. | B. Chor, E. Goldreich, O. Kushilevitz, and M. Sudan, “Private Information Retrieval,” J. ACM |

6. | Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin, “Protecting data privacy in private information retrieval schemes,” J. Comput. Syst. Sci. |

7. | H. K. Lo, “Insecurity of quantum secure computations,” Phys. Rev. A |

8. | V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries,” Phys. Rev. Lett. |

9. | V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries: securety analysis,” IEEE T. Inform. Theory |

10. | F. D. Martini, V. Giovannetti, S. Lloyd, L. Maccone, E. Nagali, L. Sansoni, and F. Sciarrino, “Experimental quantum private queries with linear optics,” Phys. Rev. A |

11. | L. Olejnik, “Secure quantum private information retrieval using phase-encoded queries,” Phys. Rev. A |

12. | M. Jakobi, C. Simon, N. Gisin, J.D. Bancal, C. Branciard, N. Walenta, and H. Zbinden, “Practical private database queries based on a quantum-key-distribution protocol,” Phys. Rev. A |

13. | V. Scarani, A. Acín, G. Ribordy, and N. Gisin, “Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations,” Phys. Rev. Lett. |

14. | C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett. |

15. | P. Raynal, “Unambiguous State Discrimination of two density matrices in Quantum Information Theory,” e-print arXiv:quant-ph/0611133. |

16. | U. Herzog and J. A. Bergou, “Optimum unambiguous discrimination of two mixed quantum states,” Phys. Rev. A |

17. | C. A. Fuchs, “Distinguishability and Accessible Information in Quantum Theory,” e-print arXiv:quant-ph/9601020. |

18. | C. W. Helstrom, |

**OCIS Codes**

(270.0270) Quantum optics : Quantum optics

(270.5568) Quantum optics : Quantum cryptography

**ToC Category:**

Quantum Optics

**History**

Original Manuscript: June 13, 2012

Revised Manuscript: July 9, 2012

Manuscript Accepted: July 10, 2012

Published: July 16, 2012

**Citation**

Fei Gao, Bin Liu, Qiao-Yan Wen, and Hui Chen, "Flexible quantum private queries based on quantum key distribution," Opt. Express **20**, 17411-17420 (2012)

http://www.opticsinfobase.org/oe/abstract.cfm?URI=oe-20-16-17411

Sort: Year | Journal | Reset

### References

- P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in 35th Annual Symposium on the Foundations of Computer Science, (Santa Fe, New Mexico, 1994), 124–134. [CrossRef]
- L. K. Grover, “A fast quantum mechanical algorithm for database search,” in 28th Annual ACM Symposium on Theory of Computing, (New York, 1996), 212–219.
- C.H. Bennett and G. Brassard, “Quantum cryptography: public-key distribution and coin tossing,” in IEEE Int. Conf. on Computers, Systems, and Signal Processing, (Bangalore, 1984), 175–179.
- N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys.74, 145–195 (2002). [CrossRef]
- B. Chor, E. Goldreich, O. Kushilevitz, and M. Sudan, “Private Information Retrieval,” J. ACM45, 965–981 (1998). [CrossRef]
- Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin, “Protecting data privacy in private information retrieval schemes,” J. Comput. Syst. Sci.60, 592–629 (2000). [CrossRef]
- H. K. Lo, “Insecurity of quantum secure computations,” Phys. Rev. A56, 1154–1162 (1997). [CrossRef]
- V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries,” Phys. Rev. Lett.100, 230502 (2008). [CrossRef] [PubMed]
- V. Giovannetti, S. Lloyd, and L. Maccone, “Quantum Private Queries: securety analysis,” IEEE T. Inform. Theory56, 3465–3477 (2010). [CrossRef]
- F. D. Martini, V. Giovannetti, S. Lloyd, L. Maccone, E. Nagali, L. Sansoni, and F. Sciarrino, “Experimental quantum private queries with linear optics,” Phys. Rev. A80, 010302 (2009). [CrossRef]
- L. Olejnik, “Secure quantum private information retrieval using phase-encoded queries,” Phys. Rev. A84, 022313 (2011). [CrossRef]
- M. Jakobi, C. Simon, N. Gisin, J.D. Bancal, C. Branciard, N. Walenta, and H. Zbinden, “Practical private database queries based on a quantum-key-distribution protocol,” Phys. Rev. A83, 022301 (2011). [CrossRef]
- V. Scarani, A. Acín, G. Ribordy, and N. Gisin, “Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations,” Phys. Rev. Lett.92, 057901 (2004). [CrossRef] [PubMed]
- C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Phys. Rev. Lett.68, 3121–3124 (1992). [CrossRef] [PubMed]
- P. Raynal, “Unambiguous State Discrimination of two density matrices in Quantum Information Theory,” e-print arXiv:quant-ph/0611133.
- U. Herzog and J. A. Bergou, “Optimum unambiguous discrimination of two mixed quantum states,” Phys. Rev. A71, 050301 (2005). [CrossRef]
- C. A. Fuchs, “Distinguishability and Accessible Information in Quantum Theory,” e-print arXiv:quant-ph/9601020.
- C. W. Helstrom, Quantum Detection and Estimation Theory (Academic Press, New York, 1976).

## Cited By |
Alert me when this paper is cited |

OSA is able to provide readers links to articles that cite this paper by participating in CrossRef's Cited-By Linking service. CrossRef includes content from more than 3000 publishers and societies. In addition to listing OSA journal articles that cite this paper, citing articles from other participating publishers will also be listed.

« Previous Article | Next Article »

OSA is a member of CrossRef.