Unitary Reconstruction of Secret for Stabilizer Based Quantum Secret Sharing
Ryutaroh Matsumoto

TL;DR
This paper introduces a unitary method for reconstructing quantum secrets in stabilizer-based quantum secret sharing schemes, eliminating the need for adding missing shares during reconstruction.
Contribution
It presents a novel unitary reconstruction procedure that works without adding missing shares, improving efficiency over traditional erasure correction methods.
Findings
The proposed method successfully reconstructs quantum secrets without missing shares.
It simplifies the reconstruction process in stabilizer quantum secret sharing schemes.
The approach enhances the practicality of quantum secret sharing implementations.
Abstract
We propose a unitary procedure to reconstruct quantum secret for a quantum secret sharing scheme constructed from stabilizer quantum error-correcting codes. Erasure correcting procedures for stabilizer codes need to add missing shares for reconstruction of quantum secret while unitary reconstruction procedures for certain class of quantum secret sharing are known to work without adding missing shares. The proposed procedure also works without adding missing shares.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
11institutetext: Ryutaroh Matsumoto 22institutetext: Department of Information and Communication Engineering, Nagoya University, 464-8603 Japan
ORCID: 0000-0002-5085-8879
22email: [email protected]
To be published in Quantum Information Processing. The final publication is available at Springer via http://dx.doi.org/10.1007/s11128-017-1656-1
Unitary Reconstruction of Secret for Stabilizer Based Quantum Secret Sharing
Ryutaroh Matsumoto
(6 July 2017)
Abstract
We propose a unitary procedure to reconstruct quantum secret for a quantum secret sharing scheme constructed from stabilizer quantum error-correcting codes. Erasure correcting procedures for stabilizer codes need to add missing shares for reconstruction of quantum secret while unitary reconstruction procedures for certain class of quantum secret sharing are known to work without adding missing shares. The proposed procedure also works without adding missing shares.
Keywords:
quantum secret sharing quantum error correction stabilizer code
pacs:
03.67.Dd
MSC:
81P94 94A62
CR:
E.3
††journal: Quantum Information Processing
1 Introduction
Secret sharing (SS) shamir79 is a cryptographic scheme to encode a secret to multiple shares being distributed to participants, so that only qualified sets of participants can reconstruct the original secret from their shares. Traditionally both secret and shares were classical information (bits). Several authors cleve99 ; gottesman00 ; hillery99 ; smith00 extended the traditional SS to quantum one so that a quantum secret can be encoded to quantum shares.
There was a difference between early pionieering works cleve99 ; gottesman00 ; hillery99 ; smith00 of quantum SS. The first quantum SS hillery99 was based on the controlled teleportation PhysRevA.58.4394 ; PhysRevA.70.022329 , whose reconstruction of quantum secret involved classical communication among participants. On the other hand, the others works cleve99 ; gottesman00 ; smith00 related reconstruction to quantum error correction calderbank96 ; steane96 , and their reconstruction procedures were generally unitary operations on quantum shares. This paper studies reconstruction in the second category.
When we require unqualified sets of participants to have zero information of the secret, the size of each share must be larger than or equal to that of secret. By tolerating partial information leakage to unqualified sets, the size of shares can be smaller than that of secret. Such SS is called ramp SS blakley85 ; yamamoto86 . The quantum ramp SS was proposed by Ogawa et al. ogawa05 . If an unqualified set has absolutely no information about quantum secret (see ogawa05 for a formal definition), it is called a forbidden set.
When we have a quantum error-correcting code (QECC) of length , use it for quantum secret sharing and it can correct erasures in a set , …, , it was shown cleve99 ; gottesman00 that , …, is a qualified set and is a forbidden set. The above statement also holds for quantum ramp SS ogawa05 . In such a situation, a straightforward method for the set of participants to reconstruct quantum secret is as follows: Firstly, initialize quantum systems in to any quantum states and apply the erasure decoding procedure of QECC. This method is wasteful because decoding procedures usually involve measurement and they also need to attach extra quantum systems. For example, if and , adding 30 quantum systems and performing measurement on 100 systems are wasteful.
To overcome this waste, unitary reconstruction methods were proposed for previous proposals of quantum SS cleve99 ; matsumoto14qss ; ogawa05 ; matsumoto14strong . On the other hand, while quantum SS constructed from the stabilizer QECC had been already studied marin13 ; markham08 ; sarvepalli12 , no unitary reconstruction procedure has been proposed for stabilizer based quantum SS. Stabilizer based quantum SS is important because it can realize access structures that cannot be realized by quantum SS based on CSS codes calderbank96 ; steane96 . For example, only the binary stabilizer QECC can realize quantum SS distributing 1 qubit of secret to 5 participants receiving 1-qubit shares and allowing only 3 or more participants to reconstruct secret. In addition, when sharing classical secret, it was recently shown that stabilizer QECC can realize an access structure that cannot be realized by classical information processing matsumoto17impossible .
In this paper, we propose a unitary reconstruction method that can be executed by a qualified set of participants without adding extra quantum systems. In Section 2, we introduce notations of stabilizer QECC and prove some properties of stabilizer QECC used later in the proposed reconstruction procedure. Section 3 describes the proposed procedure. Section 4 gives an explicit computational example of the proposed procedure applied to the well-known binary stabilizer QECC. In the Appendix, we discuss the security of quantum SS based on stabilizer QECCs.
2 Preliminaries
2.1 Notations for Stabilizer Codes
Let be a prime power, and we consider the -dimensional complex linear space . A quantum system whose state is expressed by is called a qudit in this paper. Each share is assumed to be a qudit, and quantum secret consists of one or more qudits. If quantum secret has two or more qudits, the quantum SS becomes a ramp scheme. We fix a -ary stabilizer QECC encoding qudits to qudits. The materials in this subsection is not new at all, and can be found in, for example, ashikhmin00 ; grassl11 . Its stabilizer can be expressed as an -dimensional -linear subspace of , where is the finite field with elements.
For two vectors , , …, , and , , …, , , we define its symplectic inner product as
[TABLE]
Let , , . Then we have and .
2.2 Qualified Sets and Related Properties
To use any reconstruction procedure, the set of participants must be qualified to reconstruct the secret. In this subsection, we clarify a necessary and sufficient condition for qualified sets and related properties that are later used for the proposed reconstruction procedure.
For a set , …, of participants to be qualified, the erasures in must be decodable, where an erasure means a quantum error with known location. In other words, when the errors are only in , the stabilizer QECC defined by the stabilizer must be able to correct the error.
Let , …, be a basis of . A quantum error can also be identified with a vector , , …, , (see, for example, ashikhmin00 ; grassl11 ). Measurement in the standard decoding procedure gives the symplectic inner products , for , …, . Let , , …, , , , and , , …, , , , . Observe that and .
Under the assumption , for , we can correct all errors if and only if the implication
[TABLE]
holds. The condition (2) implies (with the assumption that errors belong to )
[TABLE]
On the other hand, the assumption implies
[TABLE]
Therefore the condition (2) is equivalent to
[TABLE]
We will study the linear spaces consisting of qudits in or of quantum codewords. Let , , be stabilizer QECCs defined by , , and , respectively. When we consider qudits in (resp. ) of codewords in , their quantum states are density matrices whose row spaces are contained in (resp. ).
In order to evaluate their dimensions, firstly we have to evaluate and , where denotes the dimension of the linear space . We have
[TABLE]
The linear space consists of vectors in whose -th component and -th component are zero if , which implies . Eq. (4) holds because
[TABLE]
For , , …, , , let , that is, the projection to the index set . Then we have and , which implies
[TABLE]
Suppose that Eq. (5) does not hold, then we have by Eq. (6) and the equality . Since ( in is considered in ), we have . The last inequality implies because . The inequality contradicts with Eq. (3). So we see that Eq. (5) is true when is a qualified set.
In light of Eqs. (4) and (5), let . Then encodes qudits to qudits.
We consider . By Eq. (3) we have
[TABLE]
which means that encodes qudits to qudits. Readers might wonder if is always true. The equality usually holds as we will see in Section 4 with an example. But is sometimes false in general cases, for example, consider an unpractical stabilizer QECC whose codewords are always set to in , which gives .
3 Proposed Unitary Reconstruction
For ease of presentation, without loss of generality we may assume , …, and , …, , by reordering indices. Let
[TABLE]
be an orthonormal basis (ONB) of , let the quantum codeword corresponding to . Let
[TABLE]
be an ONB of . Then
[TABLE]
have the same nonzero length for all and , where is the identity matrix on qudits in . Because otherwise the Holevo information between classical information and the qudits in would have strictly positive value which contradicts by ogawa05 to our assumption that is a qualified set
Define a state vector by
[TABLE]
Then is of length one and orthogonal to each other for different , . Therefore
[TABLE]
is an ONB of .
By using the above notations we can express
[TABLE]
We can define a unitary operation from to , sending to , because both , and , are ONBs with the same number of quantum state vectors in them.
Suppose that quantum secret is
[TABLE]
where are complex coefficients. Then the whole quantum state of all shares is, by Eq. (12),
[TABLE]
Applying on the qualified set yields
[TABLE]
Equation (13) means that the quantum secret is reconstructed in the rightmost qudits, and that it is unentangled from the rest of qudits.
4 Explicit Computational Example of
the Binary Stabilizer QECC
Since our presentation of the proposed procedure is slightly abstract, in this section we will see an explicit computational example with the binary stabilizer QECC. According to gottesmanthesis , the binary stabilizer QECC encodes to
[TABLE]
and to
[TABLE]
According to (gottesmanthesis, , Table 3.2), the corresponding stabilizer is generated by
[TABLE]
Since it can correct any two erasures, we can set , , and , . Since are zero linear spaces, we can see that Eq. (3) holds and . We can choose of Eq. (8) as , , , and . Then of Eq. (10) become the following states:
[TABLE]
The unitary reconstruction works as follows:
[TABLE]
If the quantum secret is , then the quantum state of all shares is . Application of to the 3rd, the 4th and the 5th qubits of gives
[TABLE]
which means that the 3rd, the 4th and the 5th participants successfully reconstructed the quantum secret into the 5th qubit. Also observe that after the reconstruction the 5th qubit is completely unentangled from the rest of qubits. Since the proposed procedure only interacts with the 3rd to the 5th qubits, even if there are errors in the 1st and the 2nd qubits, after reconstruction we obtain at the 5th qubit.
Appendix A Security Analysis
For the completeness of this paper, in this appendix we discuss the security of quantum SS based on stabilizer QECCs. For the security analysis of quantum secret sharing based on quantum error correction, such as cleve99 ; gottesman00 , we need to clarify (a) which share sets are qualified (being able to reconstruct secret perfectly) and (b) which share sets are forbidden (having no information about secret). The characterization of qualified sets in the proposed scheme is given by Eq. (3). Observe also that from a given basis , …, of , we can easily verify by standard linear algebra whether or not Eq. (3) holds for an arbitrarily given share set . The characterization of forbidden sets also immediately follows from the fact that a share set is forbidden if and only if the rest of shares is qualified, as shown in cleve99 ; gottesman00 ; ogawa05 .
Acknowledgements.
The author would like to thank reviewers’ comments that improved this paper significantly. This research is partly supported by the JSPS Grant No. 26289116.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1(1) Ashikhmin, A., Knill, E.: Nonbinary quantum stabilizer codes. IEEE Trans. Inform. Theory 47 (7), 3065–3072 (2001)
- 2(2) Blakley, G.R., Meadows, C.: Security of ramp schemes. In: Advances in Cryptology–CRYPTO’84, Lecture Notes in Computer Science , vol. 196, pp. 242–269. Springer-Verlag (1985). DOI 10.1007/3-540-39568-7_20
- 3(3) Calderbank, A.R., Shor, P.W.: Good quantum error-correcting codes exist. Phys. Rev. A 54 (2), 1098–1105 (1996)
- 4(4) Cleve, R., Gottesman, D., Lo, H.K.: How to share a quantum secret. Phys. Rev. Lett. 83 (3), 648–651 (1999). DOI 10.1103/Phys Rev Lett.83.648
- 5(5) Gottesman, D.: Stabilizer codes and quantum error correction. Ph.D. thesis, California Institute of Technology (1997)
- 6(6) Gottesman, D.: Theory of quantum secret sharing. Phys. Rev. A 61 (4), 042311 (2000). DOI 10.1103/Phys Rev A.61.042311
- 7(7) Grassl, M.: Variations on encoding circuits for stabilizer quantum codes. In: Y.M. Chee, et al. (eds.) IWCC 2011, Lecture Notes in Computer Science , vol. 6639, pp. 142–158. Springer (2011)
- 8(8) Hillery, M., Bužek, V., Berthiaume, A.: Quantum secret sharing. Phys. Rev. A 59 , 1829–1834 (1999). DOI 10.1103/Phys Rev A.59.1829
