Dense-Coding Attack on Three-Party Quantum Key Distribution Protocols

Cryptanalysis is an important branch in the study of cryptography, including both the classical cryptography and the quantum one. In this paper we analyze the security of two three-party quantum key distribution protocols (QKDPs) proposed recently, and point out that they are susceptible to a simple and effective attack, i.e. the dense-coding attack. It is shown that the eavesdropper Eve can totally obtain the session key by sending entangled qubits as the fake signal to Alice and performing collective measurements after Alice's encoding. The attack process is just like a dense-coding communication between Eve and Alice, where a special measurement basis is employed. Furthermore, this attack does not introduce any errors to the transmitted information and consequently will not be discovered by Alice and Bob. The attack strategy is described in detail and a proof for its correctness is given. At last, the root of this insecurity and a possible way to improve these protocols are discussed.Comment: 6 pages, 3 figure

Quantum Anonymous Transmissions

We consider the problem of hiding sender and receiver of classical and quantum bits (qubits), even if all physical transmissions can be monitored. We present a quantum protocol for sending and receiving classical bits anonymously, which is completely traceless: it successfully prevents later reconstruction of the sender. We show that this is not possible classically. It appears that entangled quantum states are uniquely suited for traceless anonymous transmissions. We then extend this protocol to send and receive qubits anonymously. In the process we introduce a new primitive called anonymous entanglement, which may be useful in other contexts as well.Comment: 18 pages, LaTeX. Substantially updated version. To appear at ASIACRYPT '0

Bounds on entanglement distillation and secret key agreement for quantum broadcast channels

The squashed entanglement of a quantum channel is an additive function of quantum channels, which finds application as an upper bound on the rate at which secret key and entanglement can be generated when using a quantum channel a large number of times in addition to unlimited classical communication. This quantity has led to an upper bound of $\log((1+\eta)/(1-\eta))$ on the capacity of a pure-loss bosonic channel for such a task, where $\eta$ is the average fraction of photons that make it from the input to the output of the channel. The purpose of the present paper is to extend these results beyond the single-sender single-receiver setting to the more general case of a single sender and multiple receivers (a quantum broadcast channel). We employ multipartite generalizations of the squashed entanglement to constrain the rates at which secret key and entanglement can be generated between any subset of the users of such a channel, along the way developing several new properties of these measures. We apply our results to the case of a pure-loss broadcast channel with one sender and two receivers.Comment: 35 pages, 1 figure, accepted for publication in IEEE Transactions on Information Theor

Multi-party Quantum Computation

We investigate definitions of and protocols for multi-party quantum computing in the scenario where the secret data are quantum systems. We work in the quantum information-theoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of verifiable quantum secret sharing, we give a protocol which tolerates any t < n/4 cheating parties (out of n). This is shown to be optimal. We use this new tool to establish that any multi-party quantum computation can be securely performed as long as the number of dishonest players is less than n/6.Comment: Masters Thesis. Based on Joint work with Claude Crepeau and Daniel Gottesman. Full version is in preparatio

The GHZ state in secret sharing and entanglement simulation

In this note, we study some properties of the GHZ state. First, we present a quantum secret sharing scheme in which the participants require only classical channels in order to reconstruct the secret; our protocol is significantly more efficient than the trivial usage of teleportation. Second, we show that the classical simulation of an n-party GHZ state requires at least n log n - 2n bits of communication. Finally, we present a problem simpler than the complete simulation of the multi-party GHZ state, that could lead to a no-go theorem for GHZ state simulation.Comment: 5 page

Approximate Quantum Error-Correcting Codes and Secret Sharing Schemes

It is a standard result in the theory of quantum error-correcting codes that no code of length n can fix more than n/4 arbitrary errors, regardless of the dimension of the coding and encoded Hilbert spaces. However, this bound only applies to codes which recover the message exactly. Naively, one might expect that correcting errors to very high fidelity would only allow small violations of this bound. This intuition is incorrect: in this paper we describe quantum error-correcting codes capable of correcting up to (n-1)/2 arbitrary errors with fidelity exponentially close to 1, at the price of increasing the size of the registers (i.e., the coding alphabet). This demonstrates a sharp distinction between exact and approximate quantum error correction. The codes have the property that any $t$ components reveal no information about the message, and so they can also be viewed as error-tolerant secret sharing schemes. The construction has several interesting implications for cryptography and quantum information theory. First, it suggests that secret sharing is a better classical analogue to quantum error correction than is classical error correction. Second, it highlights an error in a purported proof that verifiable quantum secret sharing (VQSS) is impossible when the number of cheaters t is n/4. More generally, the construction illustrates a difference between exact and approximate requirements in quantum cryptography and (yet again) the delicacy of security proofs and impossibility results in the quantum model.Comment: 14 pages, no figure

Entanglement Verification in Quantum Networks with Tampered Nodes

In this paper, we consider the problem of entanglement verification across the quantum memories of any two nodes of a quantum network. Its solution can be a means for detecting (albeit not preventing) the presence of intruders that have taken full control of a node, either to make a denial-of-service attack or to reprogram the node. Looking for strategies that only require local operations and classical communication (LOCC), we propose two entanglement verification protocols characterized by increasing robustness and efficiency.Comment: 14 pages, 7 figure