Perfect encryption of quantum states using the Quantum One-Time Pad (QOTP) requires 2 classical key bits per qubit. Almost-perfect encryption, with information-theoretic security, requires only slightly more than 1. We slightly improve lower bounds on the key length. We show that key length n+2 log 1 ε suffices to encrypt n qubits in such a way that the cipherstate's L1-distance from uniformity is upperbounded by ε. For a stricter security definition involving the ∞-norm, we prove sufficient

more »

... length n + log n + 2 log 1 ε + 1 + 1 n log 1 δ + log ln 2 1−ε , where δ is a small probability of failure. Our proof uses Pauli operators, whereas previous results on the ∞-norm needed Haar measure sampling. We show how to QOTP-encrypt classical plaintext in a nontrivial way: we encode a plaintext bit as the vector ±(1, 1, 1)/ √ 3 on the Bloch sphere. Applying the Pauli encryption operators results in eight possible cipherstates which are equally spread out on the Bloch sphere. This encoding, especially when combined with the half-keylength option of QOTP, has advantages over 4-state and 6-state encoding in applications such as Quantum Key Recycling and Unclonable Encryption. We propose a key recycling scheme that is more efficient and can tolerate more noise than a recent scheme by Fehr and Salvail. For 8-state QOTP encryption with pseudorandom keys we do a statistical analysis of the cipherstate eigenvalues. We present numerics up to 9 qubits.