1. Introduction
Quantum Secret Sharing (QSS) is a combination of classical secret sharing and quantum theory, which allows secret information (classical information or quantum encoded information) to be distributed, transmitted, and restored through quantum operations. Imagining Alice wants to hand over a secret plan to Bob and Charlie in the distance, but she is not completely trusting Bob and Charlie. Secret sharing protocols play an important role in the above scenarios, and the security of QSS is based on the fundamentals of quantum mechanics, which makes QSS safer than traditional secret sharing. The earliest QSS scheme was proposed by Hillery et al in 1999[1], they used the Greenberger-Horne-Zeilinger (GHZ) entangled state to complete secret sharing. With the development of quantum information, numerous quantum protocols and algorithms have been presented with entanglement and without entanglement[2-9], and the QSS protocols are no exception[10-13].
In reality, there is a situation where an illegal imposter pretends to impersonate Alice to issue a fake command, directing Bob and Charlie to complete an illegal task. However, in the various schemes mentioned above, it is presupposed that “Alice is legal, at least one of Bob and Charlie is credible”, only the segmentation of the message is discussed regardless of the identity authentication. Recently, Qin et al[14] proposed a QSS scheme using phase shift operation, they pointed out that identity authentication should be applied to avoid man-in-the-middle attacks in QSS scheme. This shows that identity authentication is needed in QSS schemes to prevent internal and external attacks. In fact, as early as 2008, Yang et al[15] had proposed a multi-party quantum identity authentication protocols to share secret information, the protocol do not use entangled states, but it can not ensure the safety of particle transmission, Zhang and Ji[16] pointed out that the protocol was vulnerable to participant attacks, resulting in the disclosure of secret information. Researchers began to use entangled states to ensure the security of QSS scheme with credible authentication, Yang et al [17] proposed a (t,n) QSS scheme with identity authentication based on GHZ states in 2012, Abulkasim H.[18] proposed a authenticated QSS scheme based on Bell states in 2016.
Quantum walk is the quantum correspondence of classic walk, first proposed by Aharonov etal in 1993[19]. Quantum walks show meaningful applications in many ways[20,21], and applications in communication protocols are beginning to emerge [22-24]. In the past two years, Wang et al[22] and Shang et al[23] proposed the successful application of different models of quantum walk in teleportation. It pointed out that the necessary entangled states do not need to be prepared in advance, but they can spontaneously produce during walking. Since quantum walk has been proven to be possible in many different physical systems[25-27], and many quantum signature schemes based on quantum walk have been proposed[28,29].
Therefore, this paper proposes the first QSS scheme based on quantum walk by applying the teleportation based on quantum walk to QSS for secret information transmission. The proposed scheme has the following advantages:
1.The credible authenticated protocol complete identity authentication between parties based on hash functions and quantum operations, avoiding participant attacks.
2.The entangled state does not need to be prepared in advance, the entangled state necessary for teleportation is generated by the single particles in the quantum walk process.
3.The one-dimensional two-step quantum walks circuit used in the paper is achievable, so the proposed QSS scheme may be achievable.
The rest of this manuscript is outlined as follows. Section 2 introduces the preliminaries. Section 3 introduces the proposed scheme. Section 4 analyzes the security of the proposed scheme. Section 5 gives the efficiency of the proposed scheme and the comprehensive comparisons between the proposed scheme and other existing schemes. Finally, section 6 concludes the work.
2. Preliminaries
2.1 Coding mechanism and multi-photon deception signal detecting device
The preparations required for identity authentication of our QSS scheme is similar to that of Ref[30], that is the participant and the secret distributor shares the participant’s identity sequence and a one-way Hash function with an output length of N, which is kept secret to any third party. Take participant Bob as an example, Bob’s N-bit authentication key shared with Alice can be calculated as hBob(SID-Bob), where hBob() is the Hash function negotiated jointly by Bob and Alice, SID-Bob is Bob’s identity sequence, we do not have to limit the length of each participant’s SID to be equal.
Our QSS scheme uses the Pauli operations and Hadamard operation to encode classical information onto quantum states.
I = |0〉0| + |1〉〈 1| (1)
σx = |0〉〈 1|+|1〉〈 0| (2)
σ2 = |0〉〈 0|-|1〉〈 1| (3)
H = \(\frac{1}{\sqrt{2}}(|0\rangle\langle 0|-| 1\rangle\langle 1|+| 0\rangle\langle 1|+| 1\rangle\langle 0|)\) (4)
In addition, in order to detect multi-photon deception signal attack, prevent operations on photons by secret distributor from baeing stolen, we use photon beam splitter(PBS) to detect multi-particle deception signal attack, the implementation is shown in Fig. 1.
Fig. 1. Multi-photon deception signal detecting by using PBS
The secret distributor Alice splits each of the signal used for detection by using PBS and measures it with the single photon detector. If the initial signal before splitting contains only one photon, only one detector will detect photon; if it is a multi-photon signal, it is likely that more than one detector will detect photon. This is the principle of multi-particle deception signal attack detection by using PBS.
2.2 One-dimensional quantum walk model on the line
The definition of a coin-based quantum walk model on the line was proposed by Ambainis et al[31] in 2001.
It takes place in a compound Hilbert space consists of two main quantum spaces, position space and coin space, expressed as
H=Hp⊗Hc (5)
where Hp represents the position span {n,n∈ Z}, and Hc represents the coin direction of the walk {|0 , |1}, each step of the quantum walk can be described as
W(l) =E(l)⋅(I⊗C) (6)
where E(l) = S⊗|0〉〈0 +S? ⊗|1 〉〈 1| , S is called the shift operator and denoted as S= ∑n |n+ 1〉〈n | , and C is the coin operator acting on coin space. The walker moves from |n〉 to | n +1〉 if the tossed coin is |0〉 and steps backwards to |n −1〉 if the tossed coin is |1〉.
In the past two years, Wang et al[22] and Shang et al[23] have successfully applied quantum walk to the communication protocol of particle teleportation. In detail, the conditional shift operator can introduce entanglement between position space and coin space, this entanglement resource can be used as quantum channel for teleportation. In order to teleport secret information, we use one-dimensional quantum walk model on the line.
Suppose Alice wants to transmit an unkown qubit state |ϕ〉 = α |0〉+β |1〉 to Bob, where |α|2+|β|2 =1, in order to complete the teleportation, Alice prepares particles Ap, A1 and B, Ap contains the state of the position space, A1 contains the state of the unknown qubit which can also be denoted as Coin1, particle B can be denoted as Coin2. The initial states of particle Ap and B are both | 0〉 . After two steps of the walk we can finish the teleportation task. The first step of the walk can be described as
W(1) = E(1) ·(Ap \(\otimes\) C1 \(\otimes\)B ) (7)
where E(1) = S\(\otimes\)|0 〉1〈0 | \(\otimes\) B + S? \(\otimes\) |1〉1〈1|\(\otimes\) B, C1 is the coin operation acting on Coin1-A1, in our scheme we choose I operation as C1.
And the second step of the walk can be described as
W(2) = E(2) ·(Ap\(\otimes\) A1\(\otimes\) H) (8)
E(2) = S\(\otimes\) A1 \(\otimes\) |0 〉2 〈0 | +S ? \(\otimes\)A1 \(\otimes\)|1 〉2 〈1|, H means the Hadamard operation acting on Coin2-B.
After the two-step quantum walks, Alice sends the particle B to Bob. Alice measures particle A1 with basis X(X=|+〉, |−〉}), the measurement results |+〉 and |−〉are marked as 1 and -1 respectively, record the collection of measurement results as λ1. After that, Alice measures Ap with basis |Q〉 ={ |-2' 〉, |-1〉 , |0 〉, |1〉 , |2' 〉} − − , where |2'〉 = \(1 / \sqrt{2}\)(|-2〉+ |2〉) and |-2'〉 = \(1 / \sqrt{2}\)(|-2〉-|2〉), |-2'〉 and |0〉 and |2'〉 are marked as -1 and 0 and 1 respectively, record the collection of measurement results as λ2.
Alice informs Bob of λ1 and λ2, Bob performs the corresponding Pauli operations on particle B to get the unknown qubit state of A1 according to Table 1.
Table 1. The relationship between measurement result and Pauli operation
3. Quantum secret sharing scheme with credible authentication based on quantum walk
In our QSS scheme, Alice is the secret distributor, Bob and Charlie are the participants. The protocol involves four phases: the particle preparation phase, the identity authentication phase, the secret information encoding phase, the secret information distribution phase and the secret information recovery phase. Fig. 2 depicts the steps of the proposed scheme, which can be described in detail as follows.
Fig. 2. General process of the proposed scheme
3.1 Particle preparation phase
1. Bob and Charlie prepare N-bit single photons randomly at one of { |0〉 , |1〉 , |+〉 , |−〉 }, the two qubit sequences formed are denoted as SB and SC respectively.
2. Bob performs the following operations on each photon in the SB according to its own authentication key hBob(SID-Bob): if the ith value of hBob(SID-Bob) is 0, he does an I operation on the ith photon of the qubit sequence SB; if the ith value of hBob(SID-Bob) is 1, he does a H operation on the ith photon of the qubit sequence SB. Similarly, Charlie also performs the above operations on each photon of SC according to his own authentication key hCharlie(SID-Charlie). Record the SB and SC after operation as SB’ and SC'.
3. After completing the above operation, Bob and Charlie send SB’ and SC’ to Alice.
3.2 Identity authentication phase
1. When Alice receives SB’ and SC’, she performs the same operations as the step 2 of the particle preparation phase on the photons in SB’ and SC’ according to the authentication keys hBob(SID-Bob) and hCharlie(SID-Charlie) she owns. After operation, SB’ and SC’ revert to SB and SC.
2. Alice selects enough photons from SB and SC as sample particles to detect multi-particle spoofing signal attacks. Assuming the number of samples particles in both qubit sequences is N-t, Alice let the samples particles pass through the device shown in Fig 1(the split ratio of PBS is 50:50). The measurement bases of the photon detector is randomly selected from the Z base and the X base. In detecting the result, if the rate of multiple photons is lower than the Pre-determined threshold, Alice announces that the communication is invalid, Alice starts to authenticate Bob and Charlie. Otherwise, Alice informing Bob and Charlie to restart the scheme.
3. Alice announces the location of the sample particles and all measurement results, Bob and Charlie announced which locations do not match the initial states when they were prepared. If the error rate is lower than the predetermined threshold, Bob and Charlie are authenticated by Alice and the quantum channels are considered safe, they proceed to the next phase. Otherwise, Alice decides whether to conduct a new round of secret sharing.
3.3 Secret information encoding phase
1. Alice holds the remaining t particles of the unknown qubit information sequence SB. It can be described as
\(\left|S_{\mathrm{B}}\right\rangle=\left\{\left|S_{\mathrm{B} 1}\right\rangle,\left|S_{\mathrm{B} 1}\right\rangle, \ldots,\left|S_{\mathrm{B} i}\right\rangle, \ldots,\left|S_{\mathrm{B} t}\right\rangle\right\}\) (9)
where \(\left|S_{\mathrm{B} i}\right\rangle\) (i = 1, 2, · · ·, n) represents a single qubit, recorded as
\(\left|S_{\mathrm{B} i}\right\rangle=\alpha_{i}|0\rangle+\beta_{i}|1\rangle\) (10)
where αi and βi are complex numbers and satisfy \(\left|\alpha_{i}\right|^{2}+\left|\beta_{i}\right|^{2}=1\).
Alice prepares another two particle sequences Ap and Bp of length t, the initial states of Ap and Bp are both \(|0\rangle\) . Considering a two-coin-based quantum walk model on the line, Alice uses particles Ap, SB and Bp to build a quantum walk circuit. In the circuit, Alice takes the particles Ap as the displacement space,the particles SB as the Coin1 space, the particles Bp as the Coin2 space. Take particles Api, SBi(Coin1) and Bpi(Coin 2) as an example, the general initial state \(|\Phi\rangle^{(0)}\) of the walk system is
\(\begin{array}{l} |\Phi\rangle^{(0)}=A_{\mathrm{p} i} \otimes S_{\mathrm{B} i} \otimes B_{\mathrm{p} i} \\ \quad=|0\rangle_{\mathrm{p}} \otimes(\alpha|0\rangle+\beta|1\rangle)_{1} \otimes|0\rangle_{2} \end{array}\) (11)
Note that all the particle states in our system are written in the order of Ap, SB and Bp particles.
After the first step of the quantum walk evolutionary operator W1, the initial quantum state of the system based on the conditional phase shift rule evolves to
\(|\Phi\rangle^{(1)}=(\alpha|100\rangle+\beta|-110\rangle)_{\mathrm{pl} 2}\) (12)
After the second step of the quantum walk evolutionary operator W2, the final state \(|\Phi\rangle^{(2)}\) of the system is also based on the phase shift rule
\(|\Phi\rangle^{(2)}=(\alpha|200\rangle+\alpha|001\rangle+\beta|010\rangle+\beta|-211\rangle)_{\mathrm{p} 12}\) (13)
After completing the above operation, particles Ap, SB and Bp are entangled.
2. Alice encodes the secrets(length: t-bit) she wants to share as Pauli operations: 0↔I, 1↔σ x , applying on each particle SBi, record the particles encoded by the secret information as MB. Introduce the two-step quantum walks of Ap, SB and Bp particles and this Pauli operation on SB particles in detail.
\(\begin{aligned} |\Phi\rangle^{(1)} &=E^{(1)} \cdot\left(A_{\mathrm{p}} \otimes C_{1} \otimes S_{\mathrm{B}}\right) \\ &=\left(|1\rangle_{\mathrm{p}}\langle 0|\otimes| 0\rangle_{1}\langle 0|+|-1\rangle_{\mathrm{p}}\langle 0|\otimes| 1\rangle_{1}\langle 1|\right) \otimes|0\rangle_{2} \cdot\left(|0\rangle_{\mathrm{p}} \otimes(\alpha|0\rangle+\beta|1\rangle)_{1}\right) \\ &=(\alpha|100\rangle+\beta|-110\rangle)_{\mathrm{p} 12} \end{aligned}\) (14)
It can be found that after W(1), the position space particle Ap and the coin space particle SB have been entangled, their composite state changes from \((\alpha|0\rangle+\beta|1\rangle)_{1} \otimes|0\rangle_{\mathrm{p}}\) to \((\alpha|10\rangle+\beta|-11\rangle)_{\mathrm{pl}}\).
\(\begin{aligned} |\Phi\rangle^{(2)}=& E^{(2)} \cdot\left(I_{\mathrm{p} 1} \otimes H \otimes B_{\mathrm{p}}\right) \\ =& E^{(2)} \cdot\left[(\alpha|10\rangle+\beta|-11\rangle)_{\mathrm{p} 1} \otimes(|0\rangle+|1\rangle / \sqrt{2})_{2}\right] \\ =&\left(S \otimes|0\rangle_{2}\left\langle 0\left|+S^{\dagger} \otimes\right| 1\right\rangle_{2}\langle 1|\right) \\ & \cdot(\alpha|100\rangle+\beta|-110\rangle+\alpha|101\rangle+\beta|-111\rangle)_{\mathrm{p} 12} / \sqrt{ } \\ =&\left(|2\rangle_{\mathrm{p}}\langle 1|\otimes| 0\rangle_{2}\langle 0|+| 0\rangle_{\mathrm{p}}\langle 1|\otimes| 1\rangle_{2}\langle 1|\right) \\ & \cdot(\alpha|100\rangle+\beta|-110\rangle+\alpha|101\rangle+\beta|-111\rangle)_{\mathrm{p} 12} / \mathrm{V} \\ =&(\alpha|200\rangle+\alpha|001\rangle+\beta|010\rangle+\beta|-211\rangle)_{\mathrm{p} 12} / \sqrt{2} \end{aligned}\) (15)
After W(2), the coin space particles SB and Bp are also entangled. If Alice does Pauli operation I on SBi, the general state do not change, if Alice does Pauli operation σ x on SBi, the general state evolves to \((\alpha|210\rangle+\alpha|011\rangle+\beta|000\rangle+\beta|-201\rangle)_{\mathrm{p} 12} / \sqrt{2}\).
3. For another unknown qubit information sequence SC, the same as steps 1-4 in this phase, Alice prepares additional particles Ap as the displacement space and the particles Cp as the Coin2, takes the particles SC as the Coin1, uses particles Ap, SC and Cp to build another quantum walk circuit. After two-step quantum walks, Alice applies the same Pauli operations sequence to encode particles SC, gets the secret encoded particles MC.
3.4 Secret information distribution phase
1. After completing the above operation, Alice sends particle sequence Bp to Charlie, particle sequence Cp to Bob.
2. Bob and Charlie apprize Alice after receiving Cp and Bp. Charlie uses particle Bp to complete the teleportation with Alice’s particle MB. Alice measures MB with basis X, the measurement results λ1 is recorded as: |+〉 ↔1, | − 〉↔-1. Then, Alice measures Ap with basis Q, the measurement results λ2 is recorded as: |−2'〉 ↔-1, |0 ↔0, |2' 〉↔1. Alice announces λ1 and λ2 to Charlie.
3. According to λ1 and λ2, Charlie does the revise Pauli operation on particle string Bp depending on Table1 to recover the target state. After this, Charlie completes the teleportation of unknown qubit state from Alice, the states of Bp convert to the states of MB. Explain in detail the particle state recovery process as follows. If Alice does Pauli operation I on SBi and measures particle SBi, particle Api and Bpi will collapse to the corresponding state.
\(\begin{array}{l} (a|200\rangle+a|001\rangle+b|01 0\rangle+b|-21 1\rangle)_{\mathrm{p} 12} \\ =\left(|+\rangle_{1}(a|20\rangle+a|01\rangle+b|00\rangle+b|-21\rangle)_{\mathrm{p} 2}+\right. \\ \left.|-\rangle_{1}(a|20\rangle+a|01\rangle-b|00\rangle-b|-21\rangle)_{\mathrm{p} 2}\right) / \sqrt{2} \end{array}\) (16)
When SBi’s measurement result is |+〉 , it can be seen that the entangled state of Api and Bpi is \((a|20\rangle+a|01\rangle+b|00\rangle+b|-21\rangle)_{p 2}\), then Alice measures Api, causing Bpi collapses into the state of SBi, the final general state after collapse is
\(\left|2^{\prime}\right\rangle_{\mathrm{p}}(a|0\rangle+b|1\rangle)_{2} / 2+\left|-2^{\prime}\right\rangle_{\mathrm{p}}(a|0\rangle-b|1\rangle)_{2} / 2+|0\rangle_{\mathrm{p}}(a|1\rangle+b|0\rangle)_{2} / \sqrt{2}\) (17)
When SBi’s measurement result is |−〉 , it can be seen that the entangled state of Api and Bpi is \((a|20\rangle+a|01\rangle+b|00\rangle+b|-21\rangle)_{p 2}\) , then Alice measures Api, causing Bpi collapses into the state of SBi, the final general state after collapse is
\(\left|2^{\prime}\right\rangle_{\mathrm{p}}(a|0\rangle-b|1\rangle)_{2} / 2+\left|-2^{\prime}\right\rangle_{\mathrm{p}}(a|0\rangle+b|1\rangle)_{2} / 2+|0\rangle_{\mathrm{p}}(a|1\rangle-b|0\rangle)_{2} / \sqrt{2}\) (18)
Based on λ1, λ2 and Table 1, Bob performs corresponding Pauli operations on Particle Bpi, gets the transformed result \(\alpha_{i}|0\rangle+\beta_{i}|1\rangle\).
Another situation can be similarly verified: if Alice does Pauli operation σ x on SBi and measures particle SBi, Api in order, the final general state after collapse is
\(\left|2^{\prime}\right\rangle_{p}(a|1\rangle+b|0\rangle)_{2} / 2+\left|-2^{\prime}\right\rangle_{p}(a|1\rangle-b|0\rangle)_{2} / 2+|0\rangle_{p}(a|0\rangle+b|1\rangle)_{2} / \sqrt{2}\) (19)
or
\(\left|2^{\prime}\right\rangle_{p}(a|1\rangle-b|0\rangle)_{2} / 2+\left|-2^{\prime}\right\rangle_{p}(a|1\rangle+b|0\rangle)_{2} / 2+|0\rangle_{p}(a|0\rangle-b|1\rangle)_{2} / \sqrt{2}\) (20)
Charlie performs corresponding Pauli operations on Particle Bpi, gets the transformed result \(\alpha_{i}|1\rangle+\beta_{i}|0\rangle\).
4. Similar to the steps of the teleportation of Alice with Charlie, Alice can teleport the states of MC to Bob. Denoting this time’s basis X and basis Q’s measurement results as γ1 and γ2 respectively, the states of Cp in Bob’s hands convert to the states of MC according to γ1 and γ2 announced by Alice.
3.5 Secret information recovery phase
1. Bob and Charlie collaborate. The two show the initial states of the single particles prepared in the particle preparation phase, select the corresponding basis to measure each particle, and Alice was reversely authenticated by the measurement results according to Table 2.
Table 2. The correspondence between the initial state of single photons and the particles encoded by secret information
If the error rate is lower than the pre-agreed threshold, Alice is considered legal and can start rebuilding the secret. Otherwise, Alice is considered illegal.
2. Record the measurement result of MB(MC) as RB(RC), combined with the particles SB and SC which Bob and Charlie prepared in the particle preparation phase, Bob and Charlie can get the same Alice's Pauli operation sequence. Bob and Charlie map Pauli operations to t-bit secrets: I↔0, σ x ↔1, Alice's secret reconstruction is complete.
4. Security analysis
4.1 Discussion on dishonest participant Bob*
Assuming that the dishonest participant Bob* attempts to take intercept-resend attack or entanglement attack to obtain information carried by Charlie’s particles.
• Intercept–resend attack by Bob*
For the intercept-resend attack, suppose Bob* intercepts the particles Sc’ that Charlie sent to Alice and resends the same particles to Alice. Bob* attempts to determine the particle states of Sc, so that when the states of Cp in Bob* ’s hands convert to the states of MC, he could recover the secret alone.
First, it is impossible for Bob* to obtain authentication key information about Charlie, so he could not restore Sc’ to Sc without the authentication key hCharlie(SID-Charlie) and he could not bypass the authentication.
Second, Bob* was unable to get the entire particle states of the Sc’ either, since the state of each particle in sequence Sc’ is randomly at one of \(\begin{equation} \{|0\rangle,|1\rangle,|+\rangle,|-\rangle\} \end{equation}\). Suppose the probability of Bob* correctly measuring the state of each particle is 50%, the probability PB of correctly measuring the entire particle states of Sc’ can be quantitatively assessed according to statistics.
\(\begin{equation} P_{B}=\left(\begin{array}{c} N \\ k \end{array}\right)\left(\frac{1}{2}\right)^{k}\left(\frac{1}{2}\right)^{N-k} \end{equation}\) (21)
where k represents the total number of particle states correctly measured. N represents the length of the Sc’. The probability PB satisfies the binomial distribution and the binomial coefficient.
\(\begin{equation} \left(\begin{array}{l} N \\ k \end{array}\right)=\frac{N !}{k !(N-k) !} \end{equation}\) (22)
PB in dependence on k for the respective N = 256, N = 512 and N = 1024 in Fig. 3 shows that there exists a maximal value of PB for different N, and it diminishes with the increase of N. Therefore, Bob* was unable to get the entire particle states of the Sc’ and combines the initial particle states of Sc presented by Charlie in the secret recovery phase to infer the authentication key hCharlie(SID-Charlie).
• Entanglement attack by Bob*
For the entanglement attack, suppose Bob* intercepts the particles Sc’ that Charlie sent to Alice during transmission and uses unitary operation E to entangle the new particles e with Sc’ to form a bigger Hilbert space, where \(\begin{equation} S c_{i}^{\prime}=\{|0\rangle,|1\rangle,|+\rangle,|-\rangle\} \end{equation}.\)
\(\begin{equation} E \otimes|0 e\rangle=a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle \end{equation}\) (23)
\(\begin{equation} E \otimes|1 e\rangle=b^{\prime}\left|0 e_{10}\right\rangle+a^{\prime}\left|1 e_{11}\right\rangle \end{equation}\) (24)
\(\begin{equation} \begin{aligned} E \otimes|+e\rangle=& \frac{1}{\sqrt{2}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle+b^{\prime}\left|0 e_{10}\right\rangle+a^{\prime}\left|1 e_{11}\right\rangle\right) \\ =& \frac{1}{2}\left[|+\rangle\left(a\left|e_{00}\right\rangle+b\left|e_{01}\right\rangle+b^{\prime}\left|e_{10}\right\rangle+a^{\prime}\left|e_{11}\right\rangle\right)\right.\\ &\left.+|-\rangle\left(a\left|e_{00}\right\rangle-b\left|e_{01}\right\rangle+b^{\prime}\left|e_{10}\right\rangle-a^{\prime}\left|e_{11}\right\rangle\right)\right] \end{aligned} \end{equation}\) (25)
\(\begin{equation} \begin{aligned} E \otimes|-e\rangle=& \frac{1}{\sqrt{2}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle-b^{\prime}\left|0 e_{10}\right\rangle-a^{\prime}\left|1 e_{11}\right\rangle\right) \\ =& \frac{1}{2}\left[|+\rangle\left(a\left|e_{00}\right\rangle+b\left|e_{01}\right\rangle-b^{\prime}\left|e_{10}\right\rangle-a^{\prime}\left|e_{11}\right\rangle\right)\right.\\ &\left.+|-\rangle\left(a\left|e_{00}\right\rangle-b\left|e_{01}\right\rangle-b^{\prime}\left|e_{10}\right\rangle+a^{\prime}\left|e_{11}\right\rangle\right)\right] \end{aligned} \end{equation}\) (26)
The unitary operation matrix E is expressed as
\(\begin{equation} E=\left(\begin{array}{ll} a & b^{\prime} \\ b & a^{\prime} \end{array}\right) \end{equation}\) (27)
where ei,j decided by operator E satisfy the normalization condition
\(\begin{equation} \sum_{i, j \in\{0,1\}}\left\langle e_{i j} \mid e_{i j}\right\rangle=1 \end{equation}\) (28)
Since EE* =1, a, b, a’, b’ satisfy the following relationship
\(\begin{equation} |a|^{2}+|b|^{2}=1,\left|a^{\prime}\right|^{2}+\left|b^{\prime}\right|^{2}=1, a b^{*}=\left(a^{\prime}\right)^{*} b^{\prime} \end{equation}\) (29)
We can get the result
\(\begin{equation} |a|^{2}=\left|a^{\prime}\right|^{2},|b|^{2}=\left|b^{\prime}\right|^{2} \end{equation}\) (30)
If particle e is in an entangled state, Bob* ’s entanglement attack will inevitably introduce an error rate Perror
\(\begin{equation} P_{\text {error }}=|b|^{2}=1-|a|^{2}=\left|b^{\prime}\right|^{2}=1-\left|a^{\prime}\right|^{2} \end{equation}\) (31)
If Bob* tries to achieve the eavesdropping without being detected, the transmitted qubits and Bob* ’s auxiliary particles are in a tensor-product state. However, in direct state there is no correlation between the auxiliary particle e and the whole system, Bob* could not get any useful information, thus proving that the entanglement attack is futile.
Therefore, it is concluded that the dishonest participant Bob* can not get any valid information by intercept-resend attack or entanglement attack without introducing errors.
4.2 Discussion on eavesdropper Eve
Suppose the eavesdropper Eve wants to acquire the Bob and Charlie’s authentication key by intercept-resend attack or entanglement attack and bypassing eavesdropping detection. Before, we have analyzed that the internal dishonest participant Bob* can not get any valid information by intercept-resend attack or entanglement attack to get the authentication key hCharlie(SID-Charlie). Obviously, Bob* has a greater attack advantage than the external eavesdropper Eve, but Bob* ’s two attacks are futile. It can be considered that Eve’s intercept-resend attack or entanglement attack to SB’/SC’ is also futile. So, we only discuss Eve’s intercept-retransmit attack and entanglement attack on particles Bp/Cp.
• Intercept-resend attack by Eve
Suppose Eve intercepts the particles Bp, which is entangled with particles Ap and MB in quantum walk system, and gets Alice’s measurement results λ1, λ2 to recover the target states. Since he knows nothing about the states of particle SB, it is unable for him to obtain correct measurement results and resend correct particles to Charlie, he will bring the error rate of 50% for each particle in step1 of the secret information recovery phase.
The detected probability PD can be quantitatively assessed according to statistics.
\(\begin{equation} P_{D}=1-\left(\frac{t !}{k !(t-k) !}\right)\left(\frac{1}{2}\right)^{k}\left(\frac{1}{2}\right)^{t-k} \end{equation}\) (32)
where k represents the total number of correct measurement results, t represents the length of the Bp.
PD in dependence on k for the respective t = 256, t = 512 and t = 1024 in Fig. 4 shows that there exists a minimum value of PE for different N, and it increases as N increases.
• Entanglement attack by Eve
For the entanglement attack, suppose Eve uses unitary operation E to entangle the new particles e with paticle Bp in \(\begin{equation} |\Phi\rangle^{(2)} \end{equation}\), the unitary operation matrix E and the ei,j decided by operator E are conform to Formula(23-30), and we will not repeat them here. where \(\begin{equation} |\Phi\rangle^{(2)}=(\alpha|200\rangle+\alpha|001\rangle+\beta|010\rangle+\beta|-211\rangle)_{\mathrm{p} 12} \end{equation}\).
The state of the composite system becomes
\(\begin{equation} \begin{aligned} |\Phi\rangle_{\text {Eve }} &=\alpha|20\rangle_{\mathrm{pl}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle\right)_{2 E}+\alpha|00\rangle_{\mathrm{pl}}\left(b^{\prime}\left|0 e_{10}\right\rangle+a^{\prime}\left|1 e_{11}\right\rangle\right)_{2 E} \\ &+\beta|01\rangle_{\mathrm{pl}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle\right)_{2 E}+\beta|-21\rangle_{\mathrm{pl}}\left(b^{\prime}\left|0 e_{10}\right\rangle+a^{\prime}\left|1 e_{11}\right\rangle\right)_{2 E} \\ &=\alpha|0\rangle_{1}\left[\left(a\left|20 e_{00}\right\rangle+b\left|21 e_{01}\right\rangle\right)_{\mathrm{p} 2 E}+\left(b^{\prime}\left|00 e_{10}\right\rangle+a^{\prime}\left|01 e_{11}\right\rangle\right)_{\mathrm{p} 2 E}\right] \\ &+\beta|1\rangle_{1}\left[\left(a\left|00 e_{00}\right\rangle+b\left|01 e_{01}\right\rangle\right)_{\mathrm{p} 2 E}+\left(b^{\prime}\left|-20 e_{10}\right\rangle+a^{\prime}\left|-21 e_{11}\right\rangle\right)_{\mathrm{p} 2 E}\right] \end{aligned} \end{equation}\) (33)
When Alice measures particle SB, the composite state of particles Ap, Bp, e converts to \(\begin{equation} \left(a\left|20 e_{00}\right\rangle+b\left|21 e_{01}\right\rangle\right)_{\mathrm{p} 2 E}+\left(b^{\prime}\left|00 e_{10}\right\rangle+a^{\prime}\left|01 e_{11}\right\rangle\right)_{\mathrm{p} 2 E} \end{equation}\) if the measurement result is | 0〉1 , and converts to \(\begin{equation} \left(a\left|00 e_{00}\right\rangle+b\left|01 e_{01}\right\rangle\right)_{\mathrm{p} 2 E}+\left(b^{\prime}\left|-20 e_{10}\right\rangle+a^{\prime}\left|-21 e_{11}\right\rangle\right)_{\mathrm{p} 2 E} \end{equation}\) if the result is 1 |1〉 . We continue the analysis with the measurement result of 1 | 0〉 , Alice measures particle Ap based on this, the state of the composite particles becomes
\(\begin{equation} \begin{array}{l} \left(a\left|20 e_{00}\right\rangle+b\left|21 e_{01}\right\rangle\right)_{\mathrm{p} 2 E}+\left(b^{\prime}\left|00 e_{10}\right\rangle+a^{\prime}\left|01 e_{11}\right\rangle\right)_{\mathrm{p} 2 E} \\ =|2\rangle_{\mathrm{p}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle\right)_{2 E}+|0\rangle_{\mathrm{p}}\left(b^{\prime}\left|0 e_{10}\right\rangle+a^{\prime}\left|1 e_{11}\right\rangle\right)_{2 E} \\ =\frac{1}{\sqrt{2}}\left[\left|2^{\prime}\right\rangle_{\mathrm{p}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle\right)_{2 E}+\left|-2^{\prime}\right\rangle_{\mathrm{p}}\left(a\left|0 e_{00}\right\rangle+b\left|1 e_{01}\right\rangle\right)_{2 E}\right] \\ \quad+|0\rangle_{\mathrm{p}}\left(b^{\prime}\left|0 e_{10}\right\rangle+a^{\prime}\left|1 e_{11}\right\rangle\right)_{2 E} \end{array} \end{equation}\) (34)
It can be indicated that if particle e is in an entangled state, Eve’s will introduce an error rate Perror
\(\begin{equation} P_{\text {error }}=|b|^{2}=1-|a|^{2}=\left|b^{\prime}\right|^{2}=1-\left|a^{\prime}\right|^{2} \end{equation}\) (35)
If Eve doesn't want to introduce an error rate, the qubits in quantum walk system and the qubits e must be in a tensor-product state. However, in direct state there is no correlation between them, Eve could not get any useful information, thus the entanglement attack is futile.
Therefore, the eavesdropper Eve can not get any valid information by intercept-retransmit attack and entanglement attack on particles Bp/Cp without introducing errors.
4.3 Discussion on the security of Alice certification
Suppose an illegal imposter tries to impersonate Alice.
The scheme firstly lets Bob and Charlie prepare random photons, perform Pauli operations on photons according to their authentication key, then send to Alice. Alice authenticates the received particles and builds quantum walk circuits. Previously, we have analyzed that any third party cannot obtain the authentication keys through intercept-resend attack or entanglement attack. Therefore, the imposter cannot obtain Bob and Charlie's legal authentication keys.
In addition, when Bob and Charlie collaborate to authenticate Alice, because each single photon of MB/MC is randomly in the one of \(\begin{equation} \{|0\rangle,|1\rangle,|+\rangle,|-\rangle\} \end{equation}\), Bob and Charlie select the measurement basis according to the initial particle state their prepared to measure MBi/MCi, the measurement results has two possibilities: the measurement result is the same as the initial particle state, if Alice performs an I operation on SBi/ SCi, and be opposite if Alice performs a σx operation on SBi/ SCi. Therefore, based on the known information and in comparison with Table 2, it can be found whether Alice actually owns the authentication keys of Bob and Charlie, and can determine whether Alice is legal.
5. Efficiency analysis and comparisons
According to Cabello[32], information-theoretical efficiency can be defined as η=qe/(qt+bt), where qu is the final effective number of qubits, qt represents the total number of qubits transmitted through the quantum channel, and bt is the classical bits for decoding of the qubits. (The quantum resources and the classical resources which are used for identity authentication and security checks are not counted.) The information-theoretical efficiency of the proposed protocol is 2n/(4t+2t)=33.33% which is the same as the efficiency performance computed in most protocols like Ref[41,42]. However, the proposed protocol is more secure with respect to the feature of identity authentication.
Evaluate the protocol from the quantum resources used, whether it has identity authentication and whether it can against participant attack, the comparison results of between the proposed protocol and some other QSS protocols are listed in Table 3.
Table 3. Comparisons between the proposed QSS protocol and previous QSS protocols
The comparison results shows this scheme is distinguished with the function of identity authentication and secure against participant attack. In addition, the initial phase of the particle preparation only requires single photons, the necessary entangled states do not need to be prepared in advance, they can be spontaneously entangled after the first step of quantum walk. (Comparing with difficult entangled state preparation, this is a big improvement.)
6. Conclusion
This paper proposes a quantum secret sharing scheme with credible authentication based on quantum walk. Different from the existing QSS protocols, the proposed scheme is to prepare single photons by Bob and Charlie respectively, and then send it to Alice. Alice authenticates Bob and Charlie, and then encodes the secret onto the quantum states by constructing a quantum walk circuit and performing Pauli operation. Secrets are distributed to Bob and Charlie through quantum teleportation. Eventually, they complete identity authentication for Alice, and collaborate to measure and recover the secret. The scheme realizes the authentication of both parties in the process of secret sharing, and it can effectively prevent an attacker from impersonating Alice to issue fake commands.
In addition, the protocol transmits information securely through quantum teleportation, but does not need to prepare entangled states in initial, it spontaneously generates entangled states between Alice and Bob in the circuit of one-dimensional two-step quantum walks on the line. This quantum circuit causes Alice to collapse the transmission information in the quantum state of Bob(Charlie) after measuring her own quantum state, then Bob(Charlie) performs the corresponding Pauli operation to recover the information, thereby completing the teleportation. Due to the function of identity authentication and the use of quantum walk, the protocol greatly enhances the security of the QSS protocol. At present, Xue et al[43] have successfully confirmed that quantum walk can be applied to quantum communication and can perform quantum walks of more than 20 steps in a one-dimensional space. Due to the limitation of equipment, this paper cannot provide such physical verification for the time being, but the quantum resources that the protocol relies on are satisfyable under the current technology, so it is feasible to implement the QSS protocol proposed in this paper based on the current technology.
Acknowledgments
This work is supported by the National Natural Science Foundation of China (No.61572086, No.61402058), the Key Research and Development Project of Sichuan Province (No. 20ZDYF2324, No. 2019ZYD027, No. 2018TJPT0012), the Innovation Team of Quantum Security Communication of Sichuan Province (No.17TD0009), the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province (No. 2016120080102643), the Application Foundation Project of Sichuan Province(No.2017JY0168), the Science and Technology Support Project of Sichuan Province (No.2018GZ0204, No.2016FZ0112).
References
- M. Hillery, V. Buzek, A. Berthiaume, "Quantum secret sharing," Physical Review A, vol. 59, no. 3, pp. 1829-1834, March 1999. https://doi.org/10.1103/physreva.59.1829
- W. Liu, P. Gao, W. Yu, et al, "Quantum Relief algorithm," Quantum Information Processing, vol. 17, no. 10, pp. 280, October, 2018. https://doi.org/10.1007/s11128-018-2048-x
- Y. Chang, S. Zhang, L. Yan, et al, "A Quantum Authorization Management Protocol Based on EPR-Pairs," Computers, Materials & Continua, vol. 59, no. 3, pp. 1005-1014, 2019. https://doi.org/10.32604/cmc.2019.06297
- W. Liu, P. Gao, Z. Liu, et al, "A Quantum-Based Database Query Scheme for Privacy Preservation in Cloud Environment," Security and Communication Networks, vol. 2019, pp.1-14, 2019.
- Z. Qu, S. Wu, M. Wang, et al, "Effect of quantum noise on deterministic remote state preparation of an arbitrary two-particle state via various quantum entangled channels," Quantum Information Processing, vol. 16, no.12, pp. 306, December, 2017. https://doi.org/10.1007/s11128-017-1759-8
- Z. Qu, Z. Li, G. Xu, et al, "Quantum Image Steganography Protocol Based on Quantum Image Expansion and Grover Search Algorithm," IEEE Access, vol. 7, pp. 50849-50857, January, 2019. https://doi.org/10.1109/access.2019.2909906
- Z. Qu, Z. Wen, X. Wang, "Matrix Coding-Based Quantum Image Steganography Algorithm", IEEE Access, vol. 7, pp. 35684-35698, January, 2019. https://doi.org/10.1109/access.2019.2894295
- L. Yan, Y. Chang, S. Zhang, et al, "Measure-Resend Semi-Quantum Private Compari-son Scheme Using GHZ Class States," Computers, Materials & Continua, vol. 61, no. 2, pp. 877-887, 2019. https://doi.org/10.32604/cmc.2019.06222
- S. Zhang, Y. Chang, L. Yan, et al, "Quantum Communication Networks and Trust Management: A Survey," Computers, Materials & Continua, vol. 61, no.3, pp.1145-1174, January, 2019. https://doi.org/10.32604/cmc.2019.05668
- W. Liu, Y. Xu, M. Zhang, et al, "A Novel Quantum Visual Secret Sharing Scheme," IEEE Access, vol. 7, pp. 114374-114384, 2019. https://doi.org/10.1109/access.2019.2931073
- X. Chen, X. Niu, X. Zhou, et al, "Multi-party quantum secret sharing with the single-particle quantum state to encode the information," Quantum Information Processing, vol. 12, no. 1, pp. 365-380, March, 2013. https://doi.org/10.1007/s11128-012-0379-6
- H. Wang, Y. Huang, X. Fang, et al, "High-Capacity Three-Party Quantum Secret Sharing with Single Photons in Both the Polarization and the Spatial-Mode Degrees of Freedom," International Journal of Theoretical Physics, vol. 52, no. 4, pp.1043-1051, April, 2013. https://doi.org/10.1007/s10773-012-1418-x
- S. Hao, B. Yu, "Multiparty Quantum Secret Information Sharing in Enterprise Management Based on Single Qubit with Random Rotation Angle," International Journal of Theoretical Physics, vol. 51, no. 6, pp. 1674-1679, June, 2012. https://doi.org/10.1007/s10773-011-1044-z
- H. Qin, X. Zhu, Y. Dai, "(t, n) Threshold quantum secret sharing using the phase shift operation," Quantum Information Processing, vol. 14, no. 8, pp. 2997-3004, August, 2015. https://doi.org/10.1007/s11128-015-1037-6
- Y. Yang, Q.Wen, X. Zhang, "Multiparty simultaneous quantum identity authentication with secret sharing," Science in China Series G: Physics, Mechanics and Astronomy, vol. 51, no. 3, pp. 321-327, January, 2008. https://doi.org/10.1007/s11433-008-0034-5
- X. Zhang, D. Ji, "Analysis of a kind of quantum cryptographic schemes based on secret sharing," Science in China Series G: Physics, Mechanics and Astronomy, vol. 52, no. 9, pp. 1313-1316, September, 2009. https://doi.org/10.1007/s11433-009-0154-6
- Y. Yang, H. Wang, X. Jia, H. Zhang, "A Quantum Protocol for (t,n)-Threshold Identity Authentication Based on Greenberger-Horne-Zeilinger States," International Journal of Theoretical Physics, vol. 52, no. 2, pp. 524-530, 2013. https://doi.org/10.1007/s10773-012-1356-7
- H. Abulkasim, S. Hamad, K. Bahnasy, et al, "Authenticated quantum secret sharing with quantum dialogue based on Bell states," Physica Scripta, vol. 91, no. 8, pp. 085101, July, 2016. https://doi.org/10.1088/0031-8949/91/8/085101
- Y. Aharonov, L. Davidovich, N. Zagury, "Quantum random walks," Physical Review A, vol. 48, no. 2, pp. 1687-1690, 1993. https://doi.org/10.1103/physreva.48.1687
- J. Kempe, "Quantum random walks - an introductory overview," Contemporary Physics, vol. 44, no. 4, pp. 307-327, January, 2003. https://doi.org/10.1080/00107151031000110776
- S.E. Venegas-Andraca, "Quantum walks: a comprehensive review," Quantum Information Processing, vol. 11, no. 5, pp. 1015-1106, January, 2012. https://doi.org/10.1007/s11128-012-0432-5
- Y.Wang, Y. Shang, P. Xue, "Generalized teleportation by quantum walks," Quantum Information Processing, vol. 16, no. 221, September, 2017.
- Y. Shang, Y. Wang, M. Li, et al, "Quantum communication protocols by quantum walks with two coins," Europhysics Letters, vol. 124, no. 6, pp. 60009, February, 2019. https://doi.org/10.1209/0295-5075/124/60009
- X. Chen, Y. Wang, G. Xu, et al, "Quantum Network Communication With a Novel Discrete-Time Quantum Walk," IEEE Access, vol. 7, pp. 13634-13642, January, 2019. https://doi.org/10.1109/access.2018.2890719
- X. Zou, Y. Dong, G. Guo, "Optical implementation of one-dimensional quantum random walks using orbital angular momentum of a single photon," New Journal of Physics, vol. 8, no. 81, May, 2006.
- Z. Bian, J. Li, X. Zhan, et al, "Experimental implementation of a quantum walk on a circle with single photons," Physical Review A, vol. 95, no. 5, pp. 052338, May, 2017. https://doi.org/10.1103/physreva.95.052338
- H. Tang, X. Lin, Z. Feng, et al, "Experimental two-dimensional quantum walk on a photonic chip," Science Advances, vol. 4, no. 5, pp.3174, December, 2018.
- Y. Feng, R. Shi, J. Shi, et al, "Arbitrated quantum signature scheme with quantum walk-based teleportation," Quantum Information Processing, vol. 18, no. 5, pp. 15, April, 2019. https://doi.org/10.1007/s11128-018-2111-7
- J. Shi, H. Chen, F. Zhou, et al, "Quantum Blind Signature Scheme with Cluster States Based on Quantum Walk Cryptosystem," International Journal of Theoretical Physics, vol. 58, no. 4, pp. 1337-1349, February, 2019. https://doi.org/10.1007/s10773-019-04026-6
- H. Lee, H. Yang, J. Lim, "Quantum Direct Communication with Authentication," Physical Review A, vol. 73, no. 4, pp. 543-543, April 2006.
- A. Ambainis, E. Bachy, A. Nayakz, et al, "One-dimensional quantum walks," in Proc. of the thirty-third annual ACM symposium on Theory of computing STOC01, pp. 37-49, 2001.
- A. Cabello, "Quantum Key Distribution in the Holevo Limit," Physical Review Letters, vol. 85, pp. 5635, January, 2000. https://doi.org/10.1103/PhysRevLett.85.5635
- Y. Du, W. Bao, "Multiparty quantum secret sharing scheme based on the phase shift operations," Optics Communications, vol. 308, no. 1, pp. 159-163, November, 2013. https://doi.org/10.1016/j.optcom.2013.06.014
- Z. Zhu, A. Hu, A. Fu, "Cryptanalysis of a new circular quantum secret sharing protocol for remote agents," Quantum Information Processing, vol. 12, no. 2, pp. 1173-1183, February, 2013. https://doi.org/10.1007/s11128-012-0461-0
- R. Shi, L. Huang, W. Yang, et al, "Multiparty quantum secret sharing with Bell states and Bell measurements," Optics Communications, vol. 283, no. 11, pp. 2476-2480, June, 2010. https://doi.org/10.1016/j.optcom.2010.02.015
- G. Gan, "Multiparty Quantum Secret Sharing Using Two-Photon Three-Dimensional Bell States," Communications in Theoretical Physics, vol. 52, no. 3, pp. 421-424, September, 2009. https://doi.org/10.1088/0253-6102/52/3/08
- M. Dusek, O. Haderka, M. Hendrych, et al, "Quantum identification system," Physical Review A, vol. 60, pp. 149, January, 1999. https://doi.org/10.1103/PhysRevA.60.149
- Q. Cai, "Eavesdropping on the two-way quantum communication protocols with invisible photons," Physics Letters A, vol. 351, no. 1-2, pp. 23-25, February, 2006. https://doi.org/10.1016/j.physleta.2005.10.050
- J. Lin, T. Hwang, "New circular quantum secret sharing for remote agents," Quantum Information Processing, vol. 12, no. 1, pp. 685-697, April, 2013. https://doi.org/10.1007/s11128-012-0413-8
- F. Liu, Q. Su, Q. Wen, "Eavesdropping on Multiparty Quantum Secret Sharing Scheme Based on the Phase Shift Operations," International Journal of Theoretical Physics, vol. 53, no. 5, pp. 1730-1737, April, 2014. https://doi.org/10.1007/s10773-013-1971-y
- T. Hwang, C. Hwang, C. Li, "Multiparty quantum secret sharing based on GHZ states," Physica Scripta, vol. 83, no. 4, pp. 045004, March, 2011. https://doi.org/10.1088/0031-8949/83/04/045004
- X. Liu, R. Pan, "Cryptanalysis of quantum secret sharing based on GHZ states," Physica Scripta, vol. 84, no. 4, pp. 045015, September, 2011. https://doi.org/10.1088/0031-8949/84/04/045015
- P. Xue, R. Zhang, H. Qin, et al, "Experimental quantum-walk revival with a time-dependent coin," Physical Review Letters, vol. 114, no. 14, pp. 140502, April, 2015. https://doi.org/10.1103/physrevlett.114.140502