Multiparty Quantum Secret Sharing of Secure Direct Communication Using Teleportation

Commun. Theor. Phys. (Beijing, China) 47 (2007) pp. 454–458 c International Academic Publishers Vol. 47, No. 3, March 15, 2007 Multiparty Quantum S...
Author: Mary Bradley
3 downloads 0 Views 175KB Size
Commun. Theor. Phys. (Beijing, China) 47 (2007) pp. 454–458 c International Academic Publishers

Vol. 47, No. 3, March 15, 2007

Multiparty Quantum Secret Sharing of Secure Direct Communication Using Teleportation∗ WANG Jian,† ZHANG Quan, and TANG Chao-Jing School of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073, China

(Received March 17, 2006; Revised June 6, 2006)

Abstract We present an (n, n) threshold quantum secret sharing scheme of secure direct communication using Greenberger–Horne–Zeilinger state and teleportation. After ensuring the security of the quantum channel, the sender encodes the secret message directly on a sequence of particle states and transmits it to the receivers by teleportation. The receivers can recover the secret message by combining their measurement results with the sender’s result. If a perfect quantum channel is used, our scheme is completely secure because the transmitting particle sequence does not carry the secret message. We also show our scheme is secure for noise quantum channel. PACS numbers: 03.67.Dd, 03.65.Ud

Key words: quantum secret sharing, quantum teleportation

1 Introduction Quantum key distribution (QKD) is one of the most promising applications of quantum information science. The aim of QKD is to allow two legitimate parties, Alice and Bob, to generate a secret key over a long distance, in the presence of an eavesdropper, Eve, who interferes with the signals. QKD has progressed rapidly since Benneett and Brassard designed the original QKD protocol.[1] Recently, a novel concept, quantum secure direct communication (QSDC), has been proposed and pursued.[2−6] Different from QKD, QSDC aims to transmit the secret message directly without first establishing a key to encrypt it. QSDC can be used in some special environments, which has been shown in Refs. [3] and [4]. Quantum secret sharing (QSS)[7−15] is another important application of quantum mechanics. The basic idea of secret sharing in the simplest case is that the sender, Alice, splits the secret message into two shares and distributes them to two receivers, Bob and Charlie, respectively, such that only if the two receivers collaborate can they reconstruct the secret message. In a more general setting, an (m, n) threshold scheme, the secret message is split into n shares, such that any m of those shares can be used to reconstruct it. QSS is the generalization of classical secret sharing and can share both classical and quantum message. QSS is likely to play a key role in protecting secret quantum information, e.g., in secure operations of distributed quantum computation, sharing difficult-to-construct ancillary states and joint sharing of quantum money, etc. Many researches have been carried out in both theoretical and experimental aspects after the pioneering QSS scheme proposed by Hillery, Buzˇek, and Berthiaume in 1999 (hereafter called HBB99).[7] HBB99 scheme is based ∗ The

on a three-particle Greenberger–Horne–Zeilinger (GHZ) state. Karlsson, Koashi and Imoto[8] proposed a QSS scheme using two-particle Bell states. Guo-Ping Guo and Guang-Can Guo[9] presented a QSS scheme where only product states are employed. Li Xiao et al.,[10] generalized the HBB99 scheme into arbitrary multiparties and improved the efficiency of the QSS scheme by two techniques from quantum key distribution. Z.J. Zhang et al.,[11] proposed an (n, n) threshold scheme of multiparty QSS of classical messages using only single photons. Deng et al.,[12] improved the security of multiparty QSS against Trojan horse attack with two single-photon measurements and four unitary operations. Zhang et al. put forward a multiparty QSS protocol by using swapping quantum entanglement of Bell states[13] and a multiparty QSS of key by using practical faint laser pulses.[14] Zhang[15] presented a multiparty QSS protocol of secure direct communication based on the two-step QSDC protocol.[4] In Ref. [15], Zhang proposed the concept of QSS of secure direct communication for the first time. Different from the QSS scheme, whose object is essentially to allow a sender to establish a shared key with the receivers, the significant characteristic of QSS of secure direct communication is that the sender can transmit the secret message to the receivers directly. Actually, the schemes in Refs. [11] ∼ [14] are also QSS of secure direct communication essentially. In this paper, we present a multiparty QSS scheme of secure direct communication using GHZ state and teleportation. In our scheme, the communication parties first perform eavesdropping check to detect whether there is eavesdropping in the transmission line. After ensuring the security of the quantum channel, the sender transmits the secret message directly to

project supported by National Natural Science Foundation of China under Grant No. 60472032 [email protected]

† E-mail:

No. 3

Multiparty Quantum Secret Sharing of Secure Direct Communication Using Teleportation

the receivers and the receivers can only recover it by collaborating. Because the secret message is transmitted by teleportation, it is unnecessary for the transmitting particles to carry the secret message. Our scheme is completely secure if the quantum channel is secure. We also show the present scheme is secure even with a noise channel. This paper is organized as follows. In Sec. 2, we describe the process of the three-party QSS scheme. In Sec. 3, we discuss the security for the present scheme. In Sec. 4, we generalize the three-party QSS scheme to an (n, n) threshold QSS scheme. Finally, we give a summary in Sec. 5.

2 Three-Party QSS Scheme In the three-party QSS scheme, we suppose the sender, Alice, wants to transmit her secret message to two receivers, say Bob and Charlie, so that none of the receivers can recover the secret message on his own. The basic idea of the scheme is inspired by quantum teleportation.[16] Alice entangles her secret message state with a threeparticle GHZ state by using controlled-NOT (CNOT) operation and Hadamard transformation, which is similar to the method used in quantum teleportation. Different from quantum teleportation, the receivers measure their particles in a determinate measuring basis instead of performing unitary operation to recover the transmitting qubit with Alice’s classical message. The three-party QSS scheme is detailed as follows. Step 1 Alice prepares N three-particle GHZ states, each of which is in the state 1 (1) |ψi = √ (|000i + |111i)ABC . 2 We denote the ordered N GHZ states by {[P1 (A), P1 (B), P1 (C)], [P2 (A), P2 (B), P2 (C)], . . ., [PN (A), PN (B), PN (C)]}, where the subscript indicates the order of each state in the sequence, and A, B, C represent the three particles of each state. Alice takes one particle from each state to form an ordered partner particle sequence, [P1 (A), P2 (A),· · ·, PN (A)], called A sequence. The remaining partner particles compose B sequence, [P1 (B), P2 (B), . . ., PN (B)], and C sequence, [P1 (C), P2 (C), . . ., PN (C)]. Alice sends B sequence and C sequence to Bob and Charlie, respectively. Bob and Charlie inform Alice that they each have received N particles. Step 2 After hearing from Bob and Charlie, Alice selects randomly a sufficiently large subset from the N GHZ states for eavesdropping check. We call it checking sequence or D sequence. The remaining GHZ states form message encoding sequence, which we call E sequence. For each of her particles in D sequence, Alice chooses randomly a measuring √ basis from Z-basis, √{|0i, |1i} or Xbasis, {|+i = (1/ 2)(|0i+|1i), |−i = (1/ 2)(|0i−|1i)} to

455

measure it and announces publicly the measuring basis for each of the sampling particles. If Alice performs Z-basis (X-basis) measurement, Bob and Charlie also perform Zbasis (X-basis) measurement on their corresponding particles in D sequence. After their measurements, Bob and Charlie publish their measurement results, respectively. Note that |ψi can also be expressed as 1 |ψi = [| + ++i + | + −−i + | − +−i + | − −+i]ABC . (2) 2 According to Eqs. (1) and (2), Alice can check the existence of eavesdropper by comparing their measurement results. If the channel is safe, their results must be completely correlated. When Alice performs Z-basis measurement on her particle, the results of Bob and Charlie should be |00i (|11i), if Alice’s result is |0i (|1i). On the contrary, the results of Bob and Charlie should be |++i or |−−i (|+−i or |−+i), if Alice performs X-basis measurement on her particle and gets the result |+i (|−i). Then if Alice confirms that there is no eavesdropping, they continue to execute the next step. Otherwise, they abort the communication. Step 3 After ensuring the security of the quantum channel, Alice encodes her secret message on E sequence. If the bit value of Alice’s secret message is “0”(“1”), she prepares a particle a in the state |+i (|−i) for the GHZ state in E sequence. We denote particle a as Pi (a) (i ∈ {1, 2, . . . , N }). If the state of Pi (a) is |+i, then the state of particles Pi (a), Pi (A), Pi (B), and Pi (C) is 1 1 |Φ0 iaABC = √ (|0i + |1i)a ⊗ √ (|000i + |111i)ABC , (3) 2 2 where the subscript a denotes particle Pi (a). If the state of Pi (a) is |−i, then the state of the four particles becomes 1 1 Φ1 iaABC = √ (|0i − |1i)a ⊗ √ (|000i + |111i)ABC . (4) 2 2 Step 4 Alice sends particles Pi (a) and Pi (A) through a CNOT gate (Here Pi (a) is the controller and Pi (A) is the target). Then |Φ0 iaABC becomes 1 |Φ00 iaABC = (|0000i + |1100i + |0111i + |1011i)aABC , (5) 2 and |Φ1 iaABC is changed to 1 |Φ01 iaABC = (|0000i − |1100i + |0111i − |1011i)aABC . (6) 2 Step 5 Alice performs Hadamard transformation, ! 1 1 1 H=√ , 1 −1 2 on particle Pi (a) and obtains 1 h 1 |Φ000 iaABC = √ |0+iaA ⊗ √ (|00i + |11i)BC 2 2 i 1 + |1−iaA ⊗ √ (|00i − |11i)BC 2

(7)

(8)

456

WANG Jian, ZHANG Quan, and TANG Chao-Jing

or |Φ001 iaABC

1 1 h = √ |0−iaA ⊗ √ (|00i − |11i)BC 2 2 i 1 + |1+iaA ⊗ √ (|00i + |11i)BC . 2

Note that 1 1 √ (|00i + |11i)BC = √ (| + +i + | − −i)BC , 2 2 1 1 √ (|00i − |11i)BC = √ (| + −i + | − +i)BC . 2 2 00 00 |Φ0 iaABC and |Φ1 iaABC can be written as 1 h 1 |Φ000 iaABC = √ |0+iaA ⊗ √ (| + +i + | − −i)BC 2 2 i 1 + |1−iaA ⊗ √ (| + −i + | − +i)BC , 2 and 1 1 h |Φ001 iaABC = √ |0−iaA ⊗ √ (| + −i + | − +i)BC 2 2 i 1 + |1+iaA ⊗ √ (| + +i + | + +i)BC . 2

(9)

(10)

at Step 2, the scheme is secure. At Step 2, Alice performs randomly Z-basis or X-basis measurement on the sampling particles for eavesdropping check. According to Stinespring dilation theorem, Eve’s attack can be realˆ on a large Hilbert space, ized by a unitary operation E HABC ⊗ HE . Then the state of Alice, Bob, Charlie, and Eve is X |Ωi = |εa,b,c i|a, b, ci , (14) a,b,c∈{0,1}

(11)

where |εi denotes Eve’s probe state. |a, b, ci is the state shared by Alice, Bob and Charlie. The condition on the state of Eve’s probe is X hεa,b,c | εa,b,c i = 1 . (15) a,b,c∈{0,1}

(12)

(13)

Step 6 Alice measures particle Pi (a) in Z-basis. Bob and Charlie measure particles Pi (B) and Pi (C) in Xbasis, respectively. Here although Bob and Charlie have each of their measurement results, they cannot recover Alice’s secret message even if they collaborate, because they have no information on Alice’s result. We can draw the above conclusion according to Eqs. (12) and (13). Alice then publishes her measurement results. Referring to Alice’s results, Bob and Charlie can collaborate to recover Alice’s secret message, as illustrated in Table 1. Table 1

Vol. 47

The recovery of Alice’s secret message.

Alice’s result

Bob’s result

Charlie’s result

secret message

|0i |0i |0i |0i |1i |1i |1i |1i

|+i |+i |−i |−i |+i |+i |−i |−i

|+i |−i |+i |−i |+i |−i |+i |−i

0 1 1 0 1 0 0 1

For example, the results of Bob and Charlie are both |+i. If Alice’s result is “0” (“1”), they can then conclude that the Alice’s secret message is “0” (“1”).

3 Security for Three-Party QSS Scheme So far we have presented the three-party QSS scheme. Now let us discuss the security for the present scheme. As long as the quantum channel is secure, our scheme is secure. That is to say, if an eavesdropper, Eve, cannot escape from the communication parties eavesdropping check

Eve can eavesdrop B and C sequences and the state of composite system will be 1 |Ωi = √ [|0i(α1 |00i|ε000 i + β1 |01i|ε001 i 2 + γ1 |10i|ε010 i + δ1 |11i|ε011 i) + |1i(δ2 |11i|ε100 i + γ2 |10i|ε101 i + β2 |01i|ε110 i + α2 |00i|ε111 i] .

(16)

Thus the error rate introduced by Eve is  = 1 − |α1 |2 = 1 − |δ2 |2 . Here the complex numbers α, β, γ, and δ must ˆE ˆ † = I. satisfy E We then take an example for intercept-resend attack. Suppose Bob is dishonest and he has managed to get hold of Charlie’s particle as well as his own. We call dishonest Bob, Bob*. In this attack, Bob* intercepts the particles in C sequences and measures particles Pi (B) and Pi (C) in Z-basis, Bell basis or X-basis. He then re-sends C sequence to Charlie after measurements. When Bob* performs Z-basis measurement, the state of the whole system collapses to |000i or |111i, each with probability 1/2. Suppose the state collapses to |000iABC and Bob* re-sends |0iC to Charlie. During the eavesdropping check, if Alice performs Z-basis measurement, Bob*’s attack will not introduce any error. However, if Alice performs X-basis measurement, the state collapses to | + ++i, |+ + −i, |+ − +i, | + −−i, |− + +i, | − +−i, | − −+i, and |− − −i, each with probability 1/8. According to Eq. (2), the error rate introduced by Bob* will reach 50%. Thus the total error rate is 25%. Similarly, in this attack, if Bob* performs X-basis measurement, the error rate introduced by him will also be 25%. We then consider that Bob* has measured Pi (B) and Pi (C) in Bell basis and resent Pi (C) to Charlie after measurement. Note that 1 |ψi = √ [|+i|φ+ i + |−i|φ− i]ABC 2 1 = [|+i(|00i + |11i) + |−i(|00i − |11i)]ABC 2

No. 3

Multiparty Quantum Secret Sharing of Secure Direct Communication Using Teleportation

1 [|+i(| + +i + | − −i) 2 + |−i(| + −i + | − +i)]ABC .

apparatus are inefficient. As described above, our scheme is also secure for noise quantum channel.

=

(17)

According to Eq. (17), if Alice performs X-basis measurement, Bob*’s attack will not be detected during the eavesdropping check. Unfortunately, if Alice measures particle Pi (A) in Z-basis, the error rate introduced by Bob* will reach 50%. Thus the random Z-basis or X-basis measurement ensures that eavesdropper’s attack will be detected during the eavesdropping check. The above analysis is based on ideal circumstances and does not consider noise in the transmission line and noise of apparatus. In a noise quantum channel, Eve intercepts some transmitting particles in B and C sequences at Step 1 and sends the others to the receiver using a better quantum channel in which the particle loss will not increase. During the eavesdropping check, Eve’s attack will not be detected in this situation. However, according to our scheme, Eve cannot obtain Alice’s secret message without Alice’s measurement result even if she captures some particles in B and C sequences. If the eavesdropping check is passed, Bob and Charlie tell Alice which particle they have received and which particle is lost in the transmitting line at Step 6 of the scheme. Alice then only publishes her measurement results of the corresponding particles which Bob and Charlie have received. For example, if Bob and Charlie have received particles P3 (B), P3 (C), P6 (B), P6 (C), · · · in E sequence, then Alice publishes her measurement results of particles P3 (a), P6 (a), · · ·. Because Alice only publishes her measurement results of the corresponding particles which the receivers have received, the scheme is also secure if the receivers’ detecting

4 Multiparty QSS Scheme In this section, we generalize the three-party QSS scheme to an n-party (n > 3) QSS one. Suppose Alice wants to send her secret message to n − 1 receivers. She prepares N n-particle GHZ states, each of which is in state n n  Y 1 Y |Ψi = √ |0iai + |1iai , (18) 2 i=1 i=1 where a1 denotes Alice’s particle and ai denotes the (i−1)th receiver’s particle (i = 2, 3, · · · , n). The following steps of the multiparty scheme is similar to those of the threeparty scheme. After transmitting the particles to each receiver, Alice selects randomly a sufficiently large subset from the N GHZ states for eavesdropping check. She performs randomly Z-basis or X-basis measurement on each of the sampling particles a1 and then lets the receivers measure each of their corresponding particles in checking sequence in the same measuring basis as hers. After measurements, the receivers publish their measurement results. According to the receivers’ results, Alice can detect the existence of eavesdropper because the communication parties’ results are correlated. If the error rate exceeds the threshold they preset, Alice will abort the scheme. Otherwise, they will continue to the next step. For each of the remaining GHZ states, Alice prepares a particle a in the state |+i or |−i according to the bit value of her secret message. She then performs a CNOT operation on her own particles a and a1 , where a is the controller and a1 is the target. The state of the system becomes

h n n n n  Y Y Y Y 1 √ |00iaa1 ⊗ |0iai + |11iaa1 ⊗ |0iai + |01iaa1 ⊗ |1iai + |10iaa1 ⊗ |1iai ) , 2 i=2 i=2 i=2 i=2 or

n

457

n

n

(19)

n

 Y Y Y Y 1  √ |00iaa1 ⊗ |0iai − |11iaa1 ⊗ |0iai + |01iaa1 ⊗ |1iai − |10iaa1 ⊗ |1iai . 2 i=2 i=2 i=2 i=2 Alice performs Hadamard transformation on particle a and obtains n n n n   Y Y 1 h 1 Y 1 Y √ |0+iaa1 ⊗ √ |0iai + |1iai + |1−iaa1 ⊗ √ |0iai − |1iai , 2 2 i=2 2 i=2 i=2 i=2 or n n n n   Y Y 1 h 1 Y 1 Y √ |0−iaa1 ⊗ √ |0iai − |1iai + |1+iaa1 ⊗ √ |0iai + |1iai . 2 2 i=2 2 i=2 i=2 i=2

(20)

(21)

(22)

Note that n n n−1 n−1  1 hn−1  n−1  Y Y Y Y Y 1 Y |Γ0 i = √ |0iai + |1iai = |0iai + |1iai ⊗ |+ian + |0iai − |1iai ⊗ |−ian , 2 i=2 2 i=2 i=2 i=2 i=2 i=2

(23)

n n n−1 n−1  1 hn−1  n−1  Y Y Y Y Y 1 Y |Γ1 i = √ |0iai − |1iai = |0iai − |1iai ⊗ |+ian + |0iai + |1iai ⊗ |−ian . 2 i=2 2 i=2 i=2 i=2 i=2 i=2

(24)

and

458

WANG Jian, ZHANG Quan, and TANG Chao-Jing

Vol. 47

We can rewrite |Γ0 i and |Γ1 i in X-basis by iterating Eqs. (23) and (24) and then obtain |Γ0 i =

1



n hY

2(n−3) 2

|+iai +

n−3 Y

i=2

 i |+iai ⊗ | − −ian−1 an + · · · .

(25)

i=2

The right-hand side of Eq. (25) is the sum of 2(n−2) terms. Each term is the permutation and combination of |+i and |−i and the number of |−i in each term is even. We can also obtain |Γ1 i =

1



2(n−3) 2

hn−1 Y

 n−3  i Y |+iai ⊗ |−ian + |+iai ⊗ | − +ian−1 an + · · · .

i=2

(26)

i=2

The right-hand side of Eq. (26) is also the sum of 2(n−2) terms. Each term is the permutation and combination of |+i and |−i, but the number of |−i in each term is odd. For example, 1 1 √ (|000i + |111i) = (| + ++i + | + −−i + | − −+i + | − +−i) , (27) 2 2 1 1 √ (|000i − |111i)BC = (|+ + −i + |+ − +i + |− + +i + |− − −i) . (28) 2 2 Alice then measures particle a in Z-basis and the receivers measure particles a2 , . . . , an in X-basis, respectively. After doing these, Alice publishes her measurement results. Referring to Alice’s results, the receivers can collaborate to recover Alice’s secret message. The security analysis of the multiparty QSS scheme is similar to that of the three-party case, as described in Sec. 3.

5 Summary In this paper, we have proposed an (n, n) threshold QSS scheme of secure direct communication using GHZ state and teleportation. Alice first checks eavesdropping in the transmission line by using random Z-basis or Xbasis measurement. After ensuring the security of the quantum channel, Alice encodes her secret message on each of the GHZ states and sends it to the receivers directly using teleportation. According to Alice’s measurement results, the receivers can collaborate to acquire Al-

References [1] C.H. Bennett and G. Brassard, In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, IEEE, New York (1984) pp. 175-179. [2] A. Beige, B.G. Englert, Ch. Kurtsiefer, and H. Weinfurter, Acta Phys. Pol. A 101 (2002) 357. [3] K. Bostr¨ oem and T. Felbinger, Phys. Rev. Lett. 89 (2002) 187902. [4] F.G. Deng, G.L. Long, and X.S. Liu, Phys. Rev. A 68 (2003) 042317. [5] J. Wang, Q. Zhang, and C.J. Tang, Phys. Lett. A 358 (2006) 256. [6] J. Wang, Q. Zhang, and C.J. Tang, Opt. Commun. 266 (2006) 732. [7] M. Hillery, V. Buzˇek, and A. Berthiaume, Phys. Rev. A 59 (1999) 1829.

ice’s secret message. By this token, the present scheme is similar to QSDC protocol, different from the QSS scheme whose task is essentially to allow a sender to establish a shared key with the receivers. Our scheme is completely secure if perfect quamtum channel is used. We also point out that our scheme is secure with noise quantum channel. To realize a multiparty QSS scheme, only a single photon state is used in Ref. [11] and only the use and identification of Bell states are needed in Refs. [15] and [13]. With current technology, these schemes are feasible in reality. However, it should be pointed out that, in our scheme, it needs multi-particle GHZ states.

Acknowledgments We would like to express our thanks to the anonymous referee for his/her constructive remarks and suggestions for improving this paper.

[8] A. Karlsson, M. Koashi, and N. Imoto, Phys. Rev. A 59 (1999) 162. [9] G.P. Guo and G.C. Guo, Phys. Lett. A 310 (2003) 247. [10] Li Xiao, G.L. Long, F.G. Deng, and J.W. Pan, Phys. Rev. A 69 (2004) 052307. [11] Z.J. Zhang, Y. Li, and Z.X. Man, Phys. Rev. A 71 (2005) 044301. [12] F.G. Deng, X.H. Li, H.Y. Zhou, and Z.J. Zhang, Phys. Rev. A 71 (2005) 044302. [13] Z.J. Zhang and Z.X. Man, Phys. Rev. A 72 (2005) 022303. [14] Z.J. Zhang and Z.X. Man, Chin. Phys. Lett. 22 (2005) 1588. [15] Z.J. Zhang, Phys. Lett. A 342 (2005) 60. [16] C.H. Bennett, G. Brassard, C. Cr´epeau, et al., Phys. Rev. Lett. 70 (1993) 1895.

Suggest Documents