Device Independent Quantum Secret Sharing in Arbitrary Even Dimension
Sarbani Roy, Sourav Mukhopadhyay

TL;DR
This paper introduces a device independent quantum secret sharing scheme for arbitrary even dimensions, leveraging multipartite Bell inequalities and entanglement properties to ensure security and correctness.
Contribution
It generalizes quantum secret sharing to higher even dimensions using a novel multipartite Bell inequality and provides security proofs based on entanglement polygamy.
Findings
Scheme is $psilon_{cor}$-correct and $psilon^c$-complete.
Security relies on causal independence and entanglement properties.
Probability of winning the linear game tests device independence.
Abstract
We present a device independent quantum secret sharing scheme in arbitrary even dimension. We propose a -dimensional -partite linear game, utilizing a generic multipartite higher dimensional Bell inequality, a generalization of Mermin's inequality in the higher dimension. Probability to win this linear game defines the device independence test of the proposed scheme. The security is proved under causal independence of measurement devices and it is based on the polygamy property of entanglement. By defining -correctness and -completeness for a quantum secret sharing scheme, we have also shown that the proposed scheme is -correct and -complete.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Device Independent Quantum Secret Sharing in Arbitrary Even Dimension
Sarbani Roy
Sourav Mukhopadhyay
Department of Mathematics, Indian Institute of Technology Kharagpur, West Bengal 721302, India.
Abstract
We present a device independent quantum secret sharing scheme in arbitrary even dimension. We propose a -dimensional -partite linear game, utilizing a generic multipartite higher dimensional Bell inequality, a generalization of Mermin’s inequality in the higher dimension. Probability to win this linear game defines the device independence test of the proposed scheme. The security is proved under causal independence of measurement devices and it is based on the polygamy property of entanglement. By defining -correctness and -completeness for a quantum secret sharing scheme, we have also shown that the proposed scheme is -correct and -complete.
I Introduction
Quantum physics pledges the security of cryptographic protocols from an adversary having unbounded computational power. The journey of quantum cryptography was started in 1984, when Bennett and Brassard BB84 proposed a Quantum Key distribution (QKD) protocol to share a common secret key between two distant users in a quantum mechanical way. Although it has been proven that the BB84 QKD protocol BB84 is unconditionally secure mayers ; shor , but the practical implementation of QKD confronted side channel attacks in which classical information gets leaked bbbss ; blms ; gllskm . To avert these type of attacks Mayers and Yao mayersyao proposed the idea of device independence in which the security of a scheme is based on a statistical test performed on the inputs and outputs of two spatially separated measurement devices. Since then numerous proposals diqkd1 ; diqkd2 ; diqkd3 ; diqkd4 ; diqkd5 ; diqkd6 ; diqkd7 ; diqkd8 ; diqkd9 ; diqkd10 ; diqkd11 have been suggested for device independent QKD (DI-QKD). Although, recently researchers were became interested to explore device independent security outside QKD outqkd1 ; outqkd2 ; outqkd3 ; outqkd4 ; outqkd5 ; outqkd6 ; outqkd7 , but it is very little known till today. A statistical test based on the quantum violation of Bell inequality bell is performed for the security of DI-QKD. Nowadays, quantum cryptography is observant of more multipartite higher dimensional schemes. Such schemes can be proven secure under device independence paradigm by employing the higher dimensional multi-particle Bell inequality.
Quantum nonlocality is evident by measuring two entangled particles in two spatially separated regions. Bell bell showed that the quantum correlations obtained by measuring two spatially separated entangled particles, can not be reproduced by local realism. Allowing more flexibility in local measurements than original Bell inequality; Clauser, Horne, Shimony, and Holt chsh proposed an inequality (CHSH inequality) which is maximally violated when each particle of a two-dimensional bipartite maximally entangled state is measured by two mutually unbiased bases. Then it was a natural question to generalize Bell inequality for a multipartite and/or multidimensional system. Mermin mermin derived such a violation for arbitrarily many qubits and showed that the degree of violation increases exponentially with the number of involved particles. Ardehali arde , Roy and Singh rs , Belinskii and Klyshko bk pursued in this direction further. Generalization of Bell inequality for the bipartite multidimensional system has been investigated in bellmd1 ; bellmd2 ; bellmd3 ; bellmd4 ; bellmd5 . The long-awaited proof of the violation of Bell type correlations in a higher dimensional multipartite system was presented by Son et al. son . However, that was further generalized for more than two possible settings in the measurement device ms1 ; ms2 . The applications of multipartite arbitrary dimensional Bell inequality in quantum information science is still to explore.
After QKD, quantum secret sharing (QSS) is the most remarkable example of quantum advantages. QSS is an adaption of classical secret sharing scheme shamir in the quantum world. In a secret sharing scheme, there is a dealer who wants to share a secret among a number of participants in such a way that only a set of authorized participants can recover the secret. Hillery et al. Hillery first proposed a QSS scheme using three-particle and four particle GHZ states of qubits. After that a large number of schemes on QSS have been proposed such as circular QSSs zhou ; lin ; zhu , dynamic QSSs hsu ; wang , single particle QSSs tav ; kar , graph state QSSs markham ; keet ; sar , verifiable QSSs yang1 ; yang2 ; sl and QSSs based on error correcting codes cleve ; sk , phase shift operations qin ; du ; liu and quantum search algorithms hsu1 . Gogioso gig proposed device independent quantum secret sharing scheme using Mermin-type contextuality. Although, it was initially claimed that the scheme is provably secure against non-signaling attackers but later it confronted some errors in the proof of main result gig . Our proposal is independent and very different from that proposal.
In this current draft, we have presented a device independent quantum secret sharing scheme in arbitrary even dimension. To design device independence test of the proposed scheme we have introduced an -partite -dimensional linear game based on the Bell violation son . It has been shown that to share and recover the secret securely, it is sufficient to pass the testing phase of the proposed scheme which is directly related to the winning probability of the proposed game. Security depends on the polygamy property of entanglement, which states that an -partite GHZ state cannot be shared among more than parties cbc . By defining the notions of -correct and -complete QSS scheme, we have derived the correctness and completeness of the proposed scheme. Completeness and security is proved under causal independence assumption on measurement devices. As per our best knowledge, this is the first quantum cryptographic scheme that uses higher dimensional multipartite Bell inequality to prove security in the device independent paradigm.
II -partite -dimensional XOR game
-partite -dimensional Bell Inequality: In this section, we have proposed a linear game depending on the multipartite arbitrary dimensional Bell inequality proposed by Son et al. son with a slight modification. The detailed discussion can be found in Appendix A. Let us consider the scenario that, each of observers independently chooses one of two variables (denoted by and for the observer), each of which takes a value from a set generated by the th root of unity over complex field. The corresponding Bell function is given by:
[TABLE]
where C. C. stands for complex conjugate.
From the classical viewpoint, the symbol denotes the statistical average over many runs. The theory of local realism implies that,
[TABLE]
In case of quantum mechanical description, the statistical average is replaced by quantum average on a given state . The quantum expectation of takes the maximum value . One can clearly see that the constraint on imposed by local realism is violated by quantum mechanics for an even dimensional system. In particular, the maximum quantum violation is reached by a maximally entangled state and for the observable operators where , and is the eigen vector of generalized operator corresponding to the eigen value . In the case of two dimensions, the observable operators and will be reduced to Pauli and operators. Thus one can call the observable operators and as generalized and operator. Now, we can rewrite as:
[TABLE]
where is the bit of and is a function such that it takes the value for a , if the binary representation of contains odd no of 1’s and , if the no of 1’s in the binary representation of x is .
Proposal of the game: Let us consider an XOR game between spatially separated players , , , who are not allowed to communicate during the game. The players can communicate before the game starts and discuss their strategy (or send physical systems to each other). Now, for each (where , a question is asked to a player uniformly at random and independent to the questions , , , , , asked to the other players. gives an answer to a question . The players will win the game if
[TABLE]
where the function is the same function defined as above and is used to define the addition modulo . It is obvious that, they will never win the game when .
Quantum strategy to win the game: Before the game starts, players , , , share an -partite -dimensional GHZ state . Here, the suffixes clarify that () holds the particle of . For a question , measures his particle with the observable and gets the eigen value as a measurement result. Then outputs as an answer to the question .
Probability to win the game: We will calculate the probability to win the game using the approach of Murta et al. murta . As the question is chosen from uniformly at random, then Now,
[TABLE]
Let us consider the Abelian group . Now, we can apply the Fourier transform on and rewrite the success probability as
[TABLE]
where
[TABLE]
and ’s are the characters of the Abelian group associated with the game. In particular, . Quantum strategy to win the game is defined by the set of projective measurements , , being performed on a -partite entangled state . In this case, the generalized correlators are defined by where the operators are defined as
[TABLE]
Here we have used . Thus,
[TABLE]
Finally, by substituting in , we get
[TABLE]
The final equality follows from the fact that and the Bell function attains its maximum quantum value when a maximally entangled state is measured by generalized or operators uniformly at random. As for an even , the constraint on classical expectation value of is violated by quantum mechanics thus the probability to win the game by using above quantum strategy will be greater than any classical strategy.
One may note that for ; , which does not match the CHSH-value as the function does not generalize CHSH function chsh , it actually generalizes the Mermin’s function mermin in arbitrary dimension. Thus, the winning probability of the game introduced in this study fails to generalize the same of CHSH game. It remains an open question to generalize the exact CHSH inequality chsh for a -dimensional -partite system with two possible measurement settings.
III The Protocol
In this section, we will use the game introduced in the previous section to propose a device independent quantum secret sharing scheme (DI-QSS). In this scheme, a dealer Alice wants to share a classical secret among participants , , , in such a way that only all of the Bobs together can recover the secret. In particular, Alice’s secret , where is even. Before describing the proposed scheme, we first enumerate a minimal set assumptions determining the security of the scheme.
Assumptions:
Alice and Bobs’ laboratories are perfectly isolated from outside (in particular from Eve) such that any unintended information cannot go outside the labs. 2. 2.
Each party holds a trusted random number generator. 3. 3.
Each of Alice and , , , has a measurement device in their laboratory with two inputs. Each input has outputs. The measurement devices are causally independent. Otherwise, the measurement devices are arbitrary and therefore could be prepared by an eavesdropper.
The proposed scheme can be divided into two phases. Where the first phase guarantees the device independence, the second phase shares and reconstructs the secret.
For every round :
- •
A dealer Alice and participants , , shares an -partite -dimensional GHZ state
[TABLE]
where is an even positive integer.
- •
Alice picks a random bit with and publicly communicates the choice of with Bobs.
- •
For , Alice randomly picks and for each , picks uniformly at random. They input , , , to the respective measurement devices and record the outputs as , , , respectively. Then Alice and Bobs announce their input and output pairs. They define a random variable by,
[TABLE] 2. 2.
Testing: Alice and Bobs calculate . They abort the scheme if , where is the noise tolerance. Otherwise, they proceed to the next steps to share and reconstruct the secret. 3. 3.
Sharing the secret: For each such that , each of Alice and Bobs measures their particle with generalized -operator i.e., inputs [math] to their measurement devices and stores their output as , , , respectively. Suppose Alice’s secret corresponding to the round is , then she calculates and announces . 4. 4.
Secret recovery: Bobs calculate and gets the secret . 5. 5.
Error correction: Alice picks a hash function from a family of two-universal hash functions uniformly at random. She computes a dit-string of length by applying on the string of secrets and sends to Bobs together with the choice of the hash function . Bobs verify the hash value calculated from their recovered secret with the hash value sent by Alice. If it matches, they consider the recovered secret as the dealer’s secret. Otherwise, they discard the secret.
Scheme 1. Proposed Device Independent Quantum Secret Sharing Scheme (DIQSS)
IV Correctness, completeness and security analysis
Correctness: After passing the testing phase of the proposed scheme, each of Alice and Bobs holds a particle of an -partite -dimensional GHZ state corresponding to the round with . After measuring their own particle along with generalized -operator they get a measurement results as and (for ) with a nonzero probability if This condition contributes to recover shared secret perfectly. So, we can state the following theorem:
Theorem 1**.**
In the absence of effective eavesdropping the dealer’s secret can be perfectly reconstructed by the participants for an honest implementation of secret distribution and recovery phase of the proposed scheme.
Definition 1**.**
A quantum secret sharing scheme is called ′correct′, if, for any strategy of the adversary, , where is the dealer’s secret and is the secret recovered by the participants. It is called -correct, if it is -indistinguishable from a correct protocol.
Theorem 2**.**
The proposed scheme is -correct for a choice of the length of hash value such that .
Completeness: A QSS scheme is called complete if the probability to abort the scheme is very small in case of an honest implementation of the scheme. By the term ′honest implementation′, we mean that none of the parties deviate from the scheme and there is no eavesdropping.
Definition 2**.**
A quantum secret sharing scheme is called -complete if there exists an honest implementation of the scheme such that the probability of aborting the scheme is less than .
In the next result, we show that the condition of being the proposed scheme -complete depends on the noise tolerance , the total number of rounds and the fraction () of rounds chosen for the testing phase.
Theorem 3**.**
The proposed scheme is -complete for
Security: The security of the proposed QSS scheme is based on a property of quantum entanglement called polygamy which states that all maximally entangled states are (classically and quantically) uncorrelated with any other system cbc . First, one can use the correlations obtained in the testing phase of the proposed scheme to guarantee that the shared entangled state is of the form . Then based on the polygamy property of entanglement, it concludes that these correlations must be independent of any information that the eavesdropper Eve can obtain. This ensures the security of all measurement devices (held by Alice and Bobs). As the statistical state is performed with a set of entangled particles and the remaining particles are used to distribute and recover the secret, then the security is highly dependent on the following theorem.
Theorem 4**.**
For large , Alice and Bobs can proceed for the share distribution and reconstruction phases securely, if the testing phase of the proposed scheme is successful.
The above discussions conclude that qualifying the testing phase is sufficient for the security of the proposed scheme. We refer Appendix B for the detailed proof of above theorems.
V Discussion and Conclusion
We have presented a device independent quantum secret sharing scheme in the arbitrary even dimension. An -partite -dimensional XOR game has been proposed utilizing the violation of generic -partite -dimensional Bell inequality. One obvious generalization is to enhance the scheme to any (even or odd) dimension. As we have described earlier that the proposed game does not generalize the CHSH game. So, it remains an open question that, how to propose a multipartite CHSH game in arbitrary dimension by using a variant of multipartite higher dimensional Bell inequality with two possible measurement settings. Device independence test is based on the winning probability of the proposed linear game. We have shown that this testing phase is enough to ensure that, the entangled particles are in the desired form and measurement devices are also independent from any eavesdropper. The security of the scheme is based on the polygamy property of entanglement which states that an -partite maximally entangled state cannot be distributed among more than parties. Introducing the definition of -correctness and -completeness for quantum secret sharing scheme, we have shown that the proposed secret sharing scheme is -correct and -complete. But, for the sake of security and completeness, we have assumed that the measurement devices are causally independent. This scheme can be improved by relaxing the causal independence assumption and propose a fully device independent quantum secret sharing scheme. Finally, we also remark that the proposed scheme can be easily adopted for the other variants of multipartite higher dimensional Bell inequality.
VI ACKNOWLEDGEMENT
One of the author (SR) acknowledges the support from the institute in the form of institute research fellowship (Grant no: IIT/Acad/PGSR/F.II/2/15/MA/90J03) of Indian Institute of Technology Kharagpur.
VII Appendix A: Bell Inequalities for Multipartite Arbitrary Even Dimensional System
Son et al. son have proposed generic Bell inequalities for multipartite arbitrary dimensional system. As in the case of a two-dimensional bipartite system, quantum mechanics outperforms the constraint on the correlations between subsequent measurements on the particles given by any local realistic theory for a multipartite arbitrary even dimensional system. Let us consider the scenario that, each of observers independently chooses one of two variables (denoted by and for the observer), each of which takes a value from a set generated by the th root of unity over complex field. The generic Bell function presented in son is:
[TABLE]
where C. C. stands for complex conjugate.
From the classical viewpoint, the symbol denotes the statistical average over many runs. The theory of local realism implies that,
[TABLE]
In case of quantum mechanical description, the statistical average is replaced by quantum average on a given state . The quantum expectation of takes the maximum value i.e. . One can clearly see that the constraint on imposed by local realism, formally known as generic Bell inequality, is violated by quantum mechanics for an even dimensional system. In particular, the maximum quantum violation is reached by a maximally entangled state and for the observable operators , where , , and is the eigen vector of generalized operator corresponding to the eigen value . Here and are the quantum observable operators analogous to the classical variable and .
For our purpose, we will use a slight different form of the above Bell function (4), as:
[TABLE]
One can easily verify that the classical and quantum bounds for are same as of . Note that, to reach the maximum violation of , it is important to use an observable , with an eigen vector , corresponding to the eigen value . By choosing and , one can rewrite the Bell function (5) as:
[TABLE]
where is the bit of , is a function such that it takes the value for half of the elements in the domain and .
VIII Appendix B: Proof of the theorems
Theorem 5**.**
In the absence of effective eavesdropping the dealer’s secret can be perfectly reconstructed by the participants for an honest implementation of secret distribution and recovery phase of the proposed scheme.
Proof.
After passing the device independence test, for every with , Alice and Bobs share an -partite -dimensional GHZ state and each of them measures their own particle along with generalized -operator. For simplicity, we will write in place of . Now the operator of Alice and all Bobs together can be expressed as
[TABLE]
And,
[TABLE]
Thus the condition to get a measurement result from the observable and from (for ) by measuring the entangled state with a nonzero probability is i.e.,
[TABLE]
For a secret , Alice declares After Alice’s declaration Bobs calculate
[TABLE]
Thus, in the absence of effective eavesdropping the dealer’s secret can be perfectly reconstructed by the participants by an honest implementation of secret distribution and recovery phase of the proposed scheme. ∎
Theorem 6**.**
The proposed scheme is -correct for a choice of the length of hash value such that .
Proof.
In the error correction phase of the scheme, Alice picks a hash function from a family of two-universal hash functions uniformly at random. Then, by the definition of two-universal hash function, two hash values and will coincide for two different values of and , with a probability atmost , i.e.,
[TABLE]
Thus the probability that the scheme does not abort at the error correction phase for is atmost for a choice of such that . Hence the proposed scheme is -correct. ∎
Theorem 7**.**
The proposed scheme is -complete for
Proof.
The proposed scheme can be aborted either in testing phase or in error correction phase. The probability to abort in the testing phase is given by
[TABLE]
Devices are causally independent i.e., each use of device is independent of previous use, thus the random variables () are independently and identically distributed. The expectation value of is . Thus by using Hoeffding bound Hoeffding , we calculate . As follows Bernoulli distribution with , then . Hence
[TABLE]
For the case of aborting in error correction phase, we have assumed that the scheme has passed the testing phase. Which implies that the particles are entangled in the specified form and measurement devices are also free from eavesdropping. In the previous theorem, we have shown that in the absence of any active eavesdropper the shared and the recovered secret is same except the interference of noise and from the property of the hash function, it is clear that if , then Thus in case of honest implementation of the scheme, the probability to abort in error correction phase () is bounded above by the noise tolerance i.e., .
Thus the total probability of aborting the protocol is
[TABLE]
Hence the proposed protocol is -complete for ∎
Theorem 8**.**
For large , Alice and Bobs can proceed for the share distribution and reconstruction phases securely if the testing phase of the proposed scheme is successful.
Proof.
In the proposed scheme, there is a one to one correspondence between the entangled states and the random bit string in such a way that, the entangled state will be associated with the testing phase for . For such that , we have defined a random variable by: , if they win the -partite -dimensional XOR game and [math] otherwise. Now, define . Then By applying Hoeffding bound Hoeffding , we get that
[TABLE]
where is a negligibly small positive value. Thus we can express in term of , i.e.,
[TABLE]
If possible, let us define for as above and Now from the corollary of Serfling lemma Serfling ; lim we can reduce that , where is a small quantity and
[TABLE]
As , then and will be very close to zero for large . Thus we can conclude that if a randomly chosen subset of the entangled states pass the testing phase of the proposed scheme, then the remaining entangled states are in the desired form. ∎
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1(1) C. H. Bennett, G. Brassard, Quantum cryptography: Public key distribution and coin tossing, In Proceedings of IEEE International Conference on Computers, Systems and Signal Processing 175 , 8 (1984).
- 2(2) D. Mayers, Unconditional security in quantum cryptography, J. ACM 48 , 351 (2001).
- 3(3) P. W. Shor and J. Preskill, Simple Proof of Security of the BB 84 Quantum Key Distribution Protocol, Phys. Rev. Lett. 85 , 441 (2000).
- 4(4) C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin, Experimental quantum cryptography, J. Cryptol. 5 , 3 (1992).
- 5(5) G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders, Limitations on Practical Quantum Cryptography, Phys. Rev. Lett. 85 , 1330 (2000)
- 6(6) I. Gerhardt, Q. Liu, A. Lamas-Linares, J. Skaar, C. Kurtsiefer, and V. Makarov, Full-field implementation of a perfect eavesdropper on a quantum cryptography system, Nat. Commun. 2 , 349 (2011).
- 7(7) D. Mayers and A. Yao, Quantum Cryptography with Imperfect Apparatus, in Proceedings of the 39th Annual Symposium on Foundations of Computer Science, Palo Alto, (IEEE, Washington, DC, 1998), p. 503, 1998.
- 8(8) A. Acín, N. Gisin, and L. Masanes, From Bell’s Theorem to Secure Quantum Key Distribution, Phys. Rev. Lett. 97 , 120405 (2006).
