Two-party quantum private comparison protocol using eight-qubit entangled state
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Two-party quantum private comparison protocol using
eight-qubit entangled state
Zhaoxu Ji† , Xiangmin Ji, Peiru Fan, Huanguo Zhang
Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber
Science and Engineering, Wuhan University, Wuhan 430072 China
†
jizhaoxu@whu.edu.cn
arXiv:2101.02054v1 [quant-ph] 5 Jan 2021
Abstract
Quantum private comparison (QPC) aims to solve “Tiercé problem” based on the laws of quantum
mechanics, where the “Tiercé problem” is to determine whether the secret data of two participants are
equal without disclosing the data. In this paper, we study, for the fist time, the utility of the eight-qubit
entangled state for QPC. We propose a new QPC protocol, which enables two participants to compare the
equality of their private data. In the proposed protocol, only single-particle measurements are employed
except necessary technologies such as preparing quantum states. We show that the security towards both
the outsider attack and the insider attack can be guaranteed.
PACS numbers: 03.67.Dd; 03.67.Hk ; 03.65.Ud
Keywords: quantum cryptography, quantum private comparison, eight-qubit entangled state
1 Introduction
In recent decades, quantum cryptography has been extensively developed because its security does not
rely on computational complexity but simply on the principles of quantum mechanics, and it is likely to
develop into an important force for the next generation of technologies in cryptography [1, 2].
Secure multi-party quantum computation (SMQC) [3], as an important branch of quantum cryptogra-
phy, is the counterpart of the classical SMC [4] in the realm of quantum mechanics. SMQC can provide the
unconditional security because some physical principles of quantum mechanics (e.g., quantum noncloning
theorem and Heisenbergs uncertainty principle) are adopted. Since the pioneering work of quantum cryp-
tography was proposed by Bennett and Brassard [5] in 1984, various SMQC protocols have been proposed,
such as quantum secret sharing [6], quantum anonymous voting and surveying [7] and quantum private
comparison (QPC) [8–25].
In recent years, QPC, which allows two distrustful parties to judge whether their private inputs are
equal or not without disclosing their own inputs to each other, has been a hot topic in QSMC. In 2009,
Yang et al.[11] proposed the first QPC protocol based on decoy photons and two-photon entangled Einstein-
Podolsky-Rosen (EPR) pairs. Later, Chen et al.[12] proposed a new QPC protocol based on triplet entangled
Greenberger-Horne-Zeilinger (GHZ) states in 2010. Since then, more and more multi-particle entangled
states, such as GHZ states [13], χ-type states [14], cluster states [15], W states [16, 17] and other multi-
particle entangled states [18–20], have been exploited for designing QPC protocols.
Recently, we investigated the utility of the maximally entangled seven-qubit state for QPC [26]. The
QPC protocol presented in Ref. [26] uses the entanglement correlation of the maximally entangled seven-
qubit state to complete the secret comparison and protect the privacy of the data. In this paper, we continue
to study the usefulness of multi-particle entangled states in QPC. We investigate for the first time the issue
of how the eight-qubit entangled state be of use in realizing private comparison of two distrustful parties’
secrets, and propose a new QPC protocol. A main feature in our proposed protocol is the assumption of a
semi-honest third party who may misbehave on his own but will not conspire with either of the two parties
[8, 20, 21]. The rest of this paper is structured as follows. In Sec.2, we first introduce the main quantum
resources used in our protocol, then we present our protocol in detail. Subsequently, we devote Sec.3 to
analyze the security of our protocol, including the outsider attack and insider attack. We end up this paper
1with some useful discussions and conclusions in Sec.4.
2 The proposed protocol
Let us first introduce the main quantum resources used in our protocol. The eight-qubit entangled state
[27] has the form
1
|Υi1234567 = |00000000i + |00010001i + |001000010i + |00110011i
4
+ |01000100i + |01010101i + |01100110i + |01110111i
(1)
+ |10001000i + |10011001i + |10101010i + |10111011i
+ |11001100i + |11011101i + |11101110i + |11111111i
12345678
Let us then assume that there are two participants, Alice and Bob, and that Alice has a secret X, Bob has
a secret Y, the binary representations of X and Y are (x1 , x2 , ..., xn ) and (y1 , y2 , ..., yn), respectively, where
xi , yi ∈ {0, 1}, X = ni=1 xi 2i , Y = ni=1 yi 2i , i = 1, 2, ..., n and 2n ≤ max{x, y} < 2n+1 . They want to judge
P P
whether X and Y are equal with a assistance of the semi-honest third party named TP who may misbehave
on his own but will not conspire with either of the two parties.
Prerequisites: Alice (Bob) divides her (his) binary representation of X(Y) into ⌈N/2⌉ groups:
⌈L⌉ ⌈L⌉
G1A , G2A , ..., G A2 (G1B , G2B , ..., G B2 ), (2)
where GiA (GiB ) includes two binary bits in X(Y) ∀i = 1, ..., ⌈L/2⌉. If L mod 2 = 1, Alice (Bob) adds one 0
into the last group G⌈L/2⌉
A (G⌈L/2⌉
B ). Alice, Bob and TP agree that |0i encodes classical bit “0” and |1i encodes
classical bit “1”.
The detailed steps of the protocol are organized as follows:
(1) TP prepares ⌈N/2⌉ eight-qubit entangled states, denoted as S T ,
h ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉i
S T : P1c1 P1c2 P1a1 P1a2 P1b1 P1b2 P1c3 P1c4 , P2c1 P2c2 P2a1 P2a2 P2b1 P2b2 P2c3 P2c4 , . . . , Pc12 Pc22 Pa12 Pa22 Pb12 Pb22 Pc32 Pc42 (3)
where the subscripts c1 , c2 , a1 , a2 , b1 , b2 , c3 , c4 represent eight particles in one state while the superscripts
1, 2,..., ⌈N/2⌉ indicate the orders of these states in the sequence. Then TP takes particles (a1 , a2 ) out from
each state in S T to form an ordered particle sequence, and denote it as S A ,
h ⌈ L ⌉ ⌈ L ⌉i
S A : P1a1 P1a2 , P2a1 P2a2 , . . . , Pa12 Pa22 (4)
Similarly, he takes particles (b1 , b2 ) to form another sequence, and denote it as S B ,
h ⌈ L ⌉ ⌈ L ⌉i
S B : P1b1 P1b2 , P2b1 P2b2 , . . . , Pb12 Pb22 (5)
The remaining particles in S T form an ordered particle sequence denoted as S C ,
h ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉ ⌈ L ⌉i
S C : P1c1 P1c2 P1c3 P1c4 , P2c1 P2c2 P2c3 P2c4 , . . . , Pc12 Pc22 Pc32 Pc42 (6)
TP prepares two √sets of decoy photons DA and DB each randomly in one of the four states {|0i , |1i , |+i , |−i},
where |±i = 1/ 2 (|0i ± |1i). Here, {|0i , |1i} and {|+i , |−i} can be measured in the Z basis and X basis,
respectively. Then TP randomly inserts DA and DB into S A and S B , respectively. The new sequences are
named as S ∗A and S ∗B , respectively. After that, TP sends S ∗A to Alice and S ∗B to Bob.
(2) After confirming that two parties have received S ∗A and S ∗B , TP and Alice (Bob) check the security of
the transmission. Concretely, TP announces the positions and bases of the decoy photons in S ∗A (S ∗B ) to Al-
ice (Bob), respectively. According to the announced information, Alice (Bob) performs the corresponding
measurement and returns the measurement results to TP. Then TP verifies these measurement results and
checks whether eavesdroppers exist in the quantum channel. If the detected error rate exceeds a predeter-
mined threshold, they will abort this communication and restart the protocol. Otherwise, they proceed to
next step.
2(3) Alice (Bob) discards all the decoy photons in S ∗A (S ∗B ) and recovers S A (S B ), then she (he) mea-
sures two particles Pia1 Pia2 (Pib1 Pib2 ) in S A (S B ) with Z basis and obtains the results MAi (MBi ), where i =
1, 2, ..., ⌈N/2⌉. Then Alice (Bob) computes RiA = GiA ⊕ MAi (RiB = GiB ⊕ MBi ). Subsequently, Alice and Bob
cooperate together to compute RiAB = RiA ⊕ RiB . Finally they publicly announce RiAB to TP. (⊕ is the module
2 operation throughout this paper.)
(4) After receiving RiAB (i = 1, 2, ..., ⌈N/2⌉), TP performs single-particle measurements on each of his
particles Pic1 Pic2 , and denotes the measurement outcomes as MCi 1 . Then, TP performs single-particle mea-
surements on Pic3 Pic4 , and denotes the measurement outcomes as MCi 2 . Finally, TP computes Ri = RiAB ⊕
MCi ⊕ MCi 2 , if Ri = 00 ∀ i = 1, 2, ..., ⌈N/2⌉, TP can conclude that X = Y, otherwise X , Y. Finally, TP
publicly announces the comparison result to Alice and Bob.
3 Security Analysis
In this section, we show that both the outside attack and the insider attack are invalid to our protocol,
respectively. We first show that an outside eavesdropper’s attacks will be detected by the eavesdropping
check steps. Then we show that one party cannot obtain the other’s secrets except for the case that their
secrets are identical, and TP who announces the comparison result cannot learn two parties’ secrets as well.
3.1 Outsider Attack
In our protocol, we use the decoy photon technology to perform the eavesdropping check, which has
been proved that it can resist the well-known attacks, including the intercept-resend attack, measurement-
resend attack, entanglement-measurement attack and denial-of-service attack [28–30].
3.2 Insider Attack
Two cases of insider attacks should be considered. The first is that one party try to steal the data of
another, the second is that TP tries to steal one or two participants’ data.
Case 1: One Participant’s Attack. The participant’s attack includes ttwo cases, that is, Alice and Bob
wants to obtain the secret from each other. Throughout this protocol, there is no any qubit transmitted
between Alice and Bob. If Alice(Bob) tries to intercept the transmitted particles from TP to Bob(Alice) in
step 1, she(he) will be caught as an outside eavesdropper, which has been analyzed in above section.
In step 3, Alice and Bob get particles (a1 , a2 ) and particles (b1 , b2 ), respectively. However, the par-
ticles (a1 , a2 ) in Alice’s hand and the particles (b1 , b2 ) in Bob’s hand are all in the maximally mix state
1/4(|00i h00| + |01i h01| + |10i h10| + |11i h11|). That is, Alice and Bob cannot get any useful information
from each other based on their respective measurement outcomes.
In Step 4, Alice and Bob cooperate together to compute RiAB = RiA ⊕ RiB where RiA = GiA ⊕ MAi and
RB = GiB ⊕ MBi . Alice cannot obtain any information about GiB because GiB is encrypted by MBi which is
i
unknown for her (note here that TP is not allowed to conspire with any participants). The same conclusion
can be easily deduced as viewed from Bob. Therefore, two participants cannot obtain any useful information
from each other as well.
Case 2: TP’s Attack. Throughout this protocol, the only information about two participants’ data that TP
received are GiA ⊕ GiB . That is, in Step 4, after receiving RiAB , TP computes Ri = RiAB ⊕ MCi = (GiA ⊕ MAi ) ⊕
(GiB ⊕ MBi ) ⊕ MCi = (GiA ⊕ GiB ) ⊕ (MAi ⊕ MBi ⊕ MCi ) = GiA ⊕ GiB , obviously he cannot obtain any information
about two parties’ secrets except the comparison result even if he prepares an ordered fake quantum states
instead of the eight-qubit entangled state in step 1.
4 Conclusion
We have proposed a new QPC protocol using the eight-qubit entangled state. TP cannot steal any
information about two participants’ data. One participant cannot learn any information about another’s data
except the case that their data are identical. The security toward outsider attack can also be guaranteed.
3Compared with the previous QPC protocols, our protocol has the following advantages: (1) Neither unitary
operation nor entanglement swapping is adopted in our protocol, both of which require expensive quantum
devices. Only single-particle measurements are used instead of entanglement measurements which is more
difficult to achieve with the existing technology. (2) Our protocol uses the decoy photons to check the
channel security, which is more feasible and secure than that of using entangled states. (3) All particles in
our protocol undergo a one-way trip which greatly reduces the opportunity of the particles being intercepted
compared with some two-way protocols, thus improves the efficiency and security of communication. (4)
Our protocol takes advantage of the entanglement correlation property of the eight-qubit entangled state to
ensure the privacy of two parties’ data, and adopt the cooperative computation method in step 4 to prevent
TP from obtaining two parties’ secrets, thus QKD keys are not needed when the participants are in the same
place.
References
[1] Zhang, H.G., Han, W. B., Lai, X.J., Lin, D.D., Ma, J.F., Li, J.H. (2015). Survey on cyberspace security.
Science China Information Sciences, 2015, 58(11): 1-43.
[2] Zhang H-G, Ji Z-X, Wang H-Z and Wu W-Q. Survey on quantum information security. China Com-
mun. 2019, 16, 1–36
[3] Crépeau, C., Gottesman, D., & Smith, A. (2002, May). Secure multi-party quantum computation.
In Proceedings of the thiry-fourth annual ACM symposium on Theory of computing (pp. 643-652).
ACM.
[4] Yao, A. C. (1982, November). Protocols for secure computations. In Foundations of Computer Sci-
ence, 1982. SFCS’08. 23rd Annual Symposium on (pp. 160-164). IEEE.
[5] Bennett, C. H. (1984). Quantum cryptography: Public key distribution and coin tossing. In Proceed-
ings of International Conference on Computers, Systems & Signal Processing, Bangalore, India, 1984.
[6] Hillery, M., Bužek, V., & Berthiaume, A. (1999). Quantum secret sharing. Physical Review A, 59(3),
1829.
[7] Vaccaro, J. A., Spring, J., & Chefles, A. (2007). Quantum protocols for anonymous voting and sur-
veying. Physical Review A, 75(1), 012333.
[8] Yang, Y. G., Xia, J., Jia, X., & Zhang, H. (2013). Comment on quantum private comparison protocols
with a semi-honest third party. Quantum Information Processing 12(2), 877-885.
[9] Liu, X. T., Zhang, B., Wang, J., Tang, C. J., & Zhao, J. J. (2014). Differential phase shift quantum
private comparison. Quantum information processing, 13(1), 71-84.
[10] Tseng, H. Y., Lin, J., & Hwang, T. (2012). New quantum private comparison protocol using EPR
pairs. Quantum Information Processing, 11(2), 373-384.
[11] Yang, Y. G., & Wen, Q. Y. (2009). An efficient two-party quantum private comparison protocol with
decoy photons and two-photon entanglement. Journal of Physics A: Mathematical and Theoretical,
42(5), 055305.
[12] Chen, X. B., Xu, G., Niu, X. X., Wen, Q. Y., & Yang, Y. X. (2010). An efficient protocol for the private
comparison of equal information based on the triplet entangled state and singleparticle measurement.
Optics communications, 283(7), 1561-1565
[13] Liu, W., & Wang, Y. B. (2012). Quantum private comparison based on GHZ entangled states. Interna-
tional Journal of Theoretical Physics, 51(11), 3596-3604.
[14] Liu, W., Wang, Y. B., Jiang, Z. T., & Cao, Y. Z. (2012). A protocol for the quantum private comparison
of equality with χ-type state. International Journal of Theoretical Physics, 51(1), 69-77.
[15] Sun, Z. W., & Long, D. Y. (2013). Quantum private comparison protocol based on cluster states.
International Journal of Theoretical Physics, 52(1), 212-218.
[16] Zhang, W. W., Li, D., & Li, Y. B. (2014). Quantum private comparison protocol with W States.
International Journal of Theoretical Physics, 53(5), 1723-1729.
[17] Li, J., Zhou, H. F., Jia, L., & Zhang, T. T. (2014). An efficient protocol for the private comparison
of equal information based on four-particle entangled W state and Bell entangled states swapping.
International Journal of Theoretical Physics, 53(7), 2167-2176.
[18] Ji, Z. X., & Ye, T. Y. (2016). Quantum private comparison of equal information based on highly
entangled six-qubit genuine state. Communications in Theoretical Physics, 65(6), 711.
[19] Ye, T. Y., & Ji, Z. X. (2017). Two-party quantum private comparison with five-qubit entangled states.
International Journal of Theoretical Physics, 56(5), 1517-1529.
4[20] Ji, Z. X., & Ye, T. Y. (2017). Multi-party quantum private comparison based on the entanglement
swapping of d-level cat states and d-level Bell states. Quantum Information Processing, 16(7), 177.
[21] Wang, Q. L., Sun, H. X., & Huang, W. (2014). Multi-party quantum private comparison protocol with
n-level entangled states. Quantum information processing, 13(11), 2375-2389.
[22] Wang, F., Luo, M., Li, H., Qu, Z., & Wang, X. (2016). Quantum private comparison based on quantum
dense coding. Science China Information Sciences, 59(11), 112501.
[23] Huang, W., Wen, Q., Liu, B., Gao, F., & Sun, Y. (2013). Robust and efficient quantum private com-
parison of equality with collective detection over collective-noise channels. Science China Physics,
Mechanics and Astronomy, 56(9), 1670-1678.
[24] Tan, X., & Zhang, X. (2016). Quantum private comparison protocol with cloud quantum computing.
Concurrency and Computation: Practice and Experience, 28(10), 3006-3020.
[25] Ji, S., Wang, F., Liu, W. J., & Yuan, X. M. (2015). Twice-Hadamard-CNOT attack on Li et al.’s fault-
tolerant quantum private comparison and the improved scheme. Frontiers of Physics, 10(2), 192-197.
[26] Ji, Z. X. , Zhang, H. G. , & Fan, P. R. . (2019). Two-party quantum private comparison protocol with
maximally entangled seven-qubit state. Modern Physics Letters A, 34(28), 1950229.
[27] Sadeghi Zadeh, M. S. , Houshmand, M. , & Aghababa, H. . (2017). Bidirectional teleportation of a
two-qubit state by using eight-qubit entangled state as a quantum channel. International Journal of
Theoretical Physics, 56(7), 2101-2112.
[28] Ji Z-X, Fan P-R, Zhang H-G and Wang H-Z 2020 Several two-party protocols for quantum private
comparison using entanglement and dense coding Opt. Commun. 495 124911.
[29] Ji, Z. X., Fan, P. R., & Zhang, H. G. (2020) Security proof of qudit-system-based quantum cryptogra-
phy against entanglement-measurement attack using decoy photons. arXiv: 2012.14275.
[30] Ji, Z. X., Fan, P. R., Zhang, H. G. & Wang, H. Z. Greenberger-Horne-Zeilinger-based quantum private
comparison protocol with bit-flipping. 2021, Phys. Scr., 96, 015103.
5You can also read
