Multipartite quantum cryptography based on the violation of Svetlichny's inequality
Yang Xiang

TL;DR
This paper proposes a multipartite quantum key distribution scheme utilizing Svetlichny's inequality violation, ensuring security even against strong eavesdroppers, and analyzes the secret-key rate under non-maximal entanglement conditions.
Contribution
It introduces a secure multipartite quantum key distribution protocol based on Svetlichny's inequality and extends it to N-party scenarios with device-independent security guarantees.
Findings
Violation of Svetlichny's inequality tests for eavesdropping.
Secret-key rate approaches 1 as Werner state entanglement increases.
Protocol remains secure even if an eavesdropper controls two participants' outcomes.
Abstract
Multipartite cryptography is useful for some particular missions. In this paper, we present a quantum key distribution scheme in which three separated observers can securely share a set of keys by using a sequence of -particle GHZ states. We prove that the violation of Svetlichny's inequality can be utilized to test for eavesdropping, and even when the eavesdropper can completely control the outcomes of two participants' measurements, our scheme still ensures the security of the keys distribution. This scheme can be easily extended to the case of -party keys distribution, and the violation of -partite Svetlichny's inequality guarantees the security of the generalized scheme. Since the GHZ state has maximum entanglement, its perfect monogamy guarantee the device-independent security of our protocol. However quantum entanglement is a vulnerable resource which is often decayed…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Multipartite quantum cryptography based on the violation of Svetlichny’s inequality
Yang Xiang
[email protected] (corresponding author)
School of Physics and Electronics, Henan University, Kaifeng, Henan 475004, China
Abstract
Multipartite cryptography is useful for some particular missions. In this paper, we present a quantum key distribution scheme in which three separated observers can securely share a set of keys by using a sequence of -particle GHZ states. We prove that the violation of Svetlichny’s inequality can be utilized to test for eavesdropping, and even when the eavesdropper can completely control the outcomes of two participants’ measurements, our scheme still ensures the security of the keys distribution. This scheme can be easily extended to the case of -party keys distribution, and the violation of -partite Svetlichny’s inequality guarantees the security of the generalized scheme. Since the GHZ state has maximum entanglement, its perfect monogamy guarantee the device-independent security of our protocol. However quantum entanglement is a vulnerable resource which is often decayed during transmission, so we need here to derive the secret-key rate of our protocol under the condition of using quantum states with non-maximal entanglement. We then calculate the extractable secret-key rate of the three-party key distribution protocol for the Werner state in the device-independent scenario. We find that the value of the extractable secret-key rate monotonously approaches as the value of the visibility of the Werner state increases, and it reaches its maximum value when the Werner state becomes the GHZ state.
Multipartite cryptography, genuine multipartite quantum correlations, Svetlichny’s inequality, quantum key distribution, device-independent quantum key distribution
pacs:
03.65.Ud, 03.65.Ta, 03.67.-a
I Introduction
The simplest private keys are two identical or opposite strings of random bits, which are shared by sender and receiver and can be employed to secure communication between them. The security of communication is based entirely on the privacy of keys, while the latter is built on the secure distribution of it. Quantum cryptography or quantum key distribution (QKD) is a procedure which exploits quantum principles to secure the distribution of keys. In , Bennett and Brassard [1] presented the first protocol of QKD (BB). In , Ekert [2] proposed a scheme of QKD in which Bell’s inequality [3, 4, 5] had been used to test for eavesdropping. In the same year, Bennett, Brassard and Mermin [6] proposed a simpler but conceptually equivalent version of Ekert’s scheme, in which they use Einstein-Podolsky-Rosen correlations [7] both to construct key strings and to test for eavesdropping. Since then numerous QKD protocols have been presented [8, 9, 10, 11, 12, 13, 14, 15, 16, 17], quantum cryptography is one of the fastest growing areas in quantum information science[18, 19, 20, 21, 22, 23, 24] and many research results have been applied to commercial applications[25, 26, 27, 28].
In addition to the fully studied two-party keys, there are private keys that involve multipartite communications. Analogous to bipartite private keys, multipartite private keys consist of strings of random bits that shared by multiple parties, but in this case these strings have collective correlations rather than pairwise correlations (Fig.1). Multipartite private keys can apply to some tasks that bipartite private keys cannot accomplish. For example, the situation in Fig.2, Alice has a file to pass to Bob and Carol, she requires that Bob and Carol can only open this file together, and neither of them can open the file alone. If these three people have shared tripartite private keys in advance, Alice can encrypt this file by using her keys and then send it to Bob and Carol. Since for the case of tripartite private keys, no one can infer the keys of either of the other two from the keys in their own hands, Bob and Carol definitely can’t decrypt the file alone. We can also design a lot of tasks in which multi-party keys are applicable but two-party keys are not competent.
In the secure distributions of two-party keys, one use the bipartite quantum correlations, while in the secure distributions of multi-party keys, as the illustration of Fig.1 we need to use the genuine multipartite quantum correlations (GMQC)[29, 30, 31, 32, 33, 34]. GMQC is a collective correlation which involve all subsystems, so it cannot be reduced to mixtures of states in which a smaller number of subsystems are entangled. There exist many inequivalent types of GMQC[35], and its structure is much richer than that of bipartite correlations[36, 37]. Svetlichny proposed the first method to detect GMQC, Svetlichny’s inequality (SI) [38, 39] is a Bell-like inequality, the violation of which can be used to confirm the existence of GMQC. GHZ states is a quantum state with GMQC[40, 41], by using it and proper measurement settings one can result in maximal violation of SI [39].
There has been a lot of theoretical and experimental works on multi-party key distribution. For example, in [42] the authors introduced an -party version of the BB protocol, and in [43] the same authors introduced a new multi-party QKD protocol that exploits -partite W state to establish a secret multi-party key among the users. In [44] and [45], some experimentally feasible schemes have been proposed which manifest the possibility for practical realization of multi-party key distribution over long-distance. In addition, there are already some multi-party QKD protocols whose security can be guaranteed by violations of different quantum nonlocality inequalities[46, 47, 48].
In this paper, we present a scheme for secure distributions of multipartite keys by using GHZ states (Fig.1), in this scheme the violation of SI can be used to test for eavesdropping. We first discuss tripartite keys. In this case after receiving their particles, Alice, Bob, and Carol can randomly choose measurements from their own sets of alternative measurement settings respectively. After all particles have been measured, Alice, Bob, and Carol announce their measurement choices publicly. In all measurement setting options, the outcomes of about of them can be used to construct tripartite keys, the outcomes of about of them can be used to calculate whether the SI inequality will be violated, and only the outcomes of about of them are useless. We then extend this scheme to the case of -party keys. In this case we find that the violation of N-partite SI still guarantees the security of the generalized scheme, and also only a quarter of the measurement options are useless. In particular, we prove that in an extreme case, where the eavesdropper can completely control -party’s measurement outcomes, the violation of SI still ensures the security of the keys distribution. Since GHZ states is a maximum entanglement state, whose perfect monogamy guarantee the device-independent security of our protocol. However quantum entanglement is a vulnerable resource which is often decayed during transmission, so we need here to derive the secret-key rate of our protocol under the condition of using quantum states with non-maximal entanglement. We then calculate the extractable secret-key rate of our three-party QKD protocol for the Werner state in the device-independent scenario. We find that the value of the extractable secret-key rate monotonously approaches as the value of the visibility of the Werner state increases, and it reaches its maximum value when the Werner state becomes the GHZ state.
II Three-party key distribution
Our scheme uses a series of 3-particle GHZ states. We can assume there exist a particle source which can generate a sequence of -particle in GHZ states and then these particles are sent to Alice, Bob, and Carol respectively. After receive his (her) particle, Alice, Bob, and Carol can perform spin measurements on their own particles along some directions, we use unit vectors , , and to stand for their directions of spin measurements. For simplicity, we require all , , and lie in the plane, and all vectors are characterized by their azimuthal angles: , , and . We also use these azimuthal angles to represent their spin measurements, for example Alice’s spin measurements are , and similarly () for Bob’s (Carol’s). Now we assume that for every particle she received Alice randomly choose a measurement from {}, Bob randomly choose a measurement from {}, and similarly Carol randomly choose a measurement from {}. It’s obvious that there are a total of measurement options for a -particle GHZ state, we will see that outcomes of four measurement options can be used to construct three-party private keys. From , , , and , we can get the following equations,
[TABLE]
From above equations, we find that for some certain measurement settings their measurement outcomes have definite collective correlations. So for these four measurement settings of , , , and , their outcomes can be used as tripartite keys.
We briefly introduce SI which will be used to test for eavesdropping. Tripartite SI can expressed as the following equation,
[TABLE]
Where all ’s represent average values of ’s, and are Alice’s outcomes for corresponding measurements and , and similarly and ( and ) for Bob’s (Carol’s). As mentioned above, we use unit vector , , and to stand for directions of spin measurements , , and respectively, and restrict them lie in the plane. As above we use their azimuthal angles , , and to represent these measurements , , and respectively. For -particle in GHZ state of , we choose the measurement protocol [39]
[TABLE]
then we can achieve the maximal value of Eq. (2), i.e. the maximal violation of SI [39]. So we find that in above all measurement options there are these eight measurement settings of , , , and , whose outcomes can be used to calculate the value of SI.
Therefore, our scheme is as follows:
. There is a particle source which can generate a sequence of -particle in GHZ states and then send these particles to Alice, Bob, and Carol respectively.
. After receiving their particles, for every particle Alice randomly choose to perform a measurement from {}, Bob randomly choose a measurement from {}, and similarly Carol randomly choose a measurement from {}. After all particles have been measured, Alice, Bob, and Carol announce their all measurement choices publicly.
. They reveal publicly the outcomes of the eight measurement settings of , , , and that involving calculation of the value of SI.They use the outcomes of the four measurement settings of , , , and as tripartite keys.
. If they find the violation of SI, they can ensure the security of the key distribution.
Below we prove that the violation of SI can be used to test for eavesdropping. We first consider a mild case in which the eavesdropper disturb the particles in their transmissions from the source to the legitimate users. And then we’ll consider an extreme situation. If the eavesdropper disturb (measure) the particles in their transmissions, their quantum states will collapse to the eigenstates of spin in some certain directions. We use unit vectors , , to denote the directions of the collapsed spin eigenstates of particles a, b, and c that have been sent to Alice, Bob, and Carol respectively. The normalized probability measure exactly reflects the eavesdropper’s measurement strategy, and it also determines the correlations of the measurement results of the legitimate users’, i.e. . Since all , , and lie in the plane, it’s obvious that all unit vectors , , should also lie in the plane in order to increase the possibility of violation of SI, i.e. the eavesdropper should measure particles along the directions in the plane. We find that the left-hand side of Eq. (2) can be expressed as
[TABLE]
We now calculate both terms on the right-hand side of the above inequality, and prove that the sum of them is less than . The first term
[TABLE]
Where () stand for the directions of spin measurements, they all lie in the plane and their azimuthal angles can be see in Eq. (3). The normalized probability measure . We calculate the integrand in Eq. (5),
[TABLE]
Where and represent the coordinate directions of the x-axis and the y-axis, and are the angles between the vector and and respectively. Substitute the result of Eq. (6) into Eq. (5), we get a upper bound of .
In a similar way we calculate .
[TABLE]
as in Eq. (5), () all lie in the plane and their azimuthal angles can be see in Eq. (3), they stand for the directions of spin measurements. The normalized probability measure . We also calculate the integrand in Eq. (7),
[TABLE]
As in Eq. (6), and are still the angles between the vector and and respectively. Substitute the result of Eq. (8) into Eq. (7), we get a upper bound of .
Based on the above calculation, we finally obtain
[TABLE]
We can see that there is no violation of SI in this case. So if the eavesdropper disturb the particles, the legitimate users always find that key distribution fails.
Now we consider an extreme situation in that the eavesdropper has the ability to control the measurement results of two participants, we want to know whether the eavesdropper is thus capable of creating the illusion of successful key distribution, i.e. a violation of SI. Without loss of generality we assume that the eavesdropper can completely control the measurement results of Alice and Bob. We notice that these two functions and are not independent since they consist of the same four quantities, whenever one of the two functions reaches its maximum absolute value , the other one will be [math]. If we change one quantity of all ’s to its opposite number, the value of the function with maximum absolute value will become , and the value of the other function will become too. The discussion shows that in no case can the sum of the absolute values of these two functions exceed . So even if the eavesdropper can control the measurement results of two participants, the right-hand side of Eq. (4) cannot be greater than .
III -party key distribution
We will use a series of -particle GHZ state of in the distribution of -party key. We use to stand for the outcomes of the measurement operator of the i-th participant, where represents the measurement choices of the i-th participant. In -partite SI each person has two measurement options, so every takes the value [math] or . Note, however, that one participant in our protocol of the -party key distribution had four measurement options. As in the three-party case, we use unit vectors to represent the directions of spin measurements . For simplicity, we require all ’s lie in the plane, and all vectors are characterized by their azimuthal angles . We can use these azimuthal angles to represent these measurements .
-partite SI. We can express -partite SI as
[TABLE]
where is the -partite Svetlichny’s operator, stands for an -tuple , the sum is over all these tuples. The is the sign function of the corresponding term , it is given by , where is the number of times index appears in . For -particle GHZ state , by using the following measurement protocol [39] one can achieve the maximal violation of Eq. (10)
[TABLE]
The scheme of -party key distribution. There are participants in this scheme, in every trial these participants randomly choose a measurement from their own measurement option sets respectively, we use the azimuthal angles to express these measurement options and list them below
[TABLE]
The first participant have four measurement options and other participants have only two, there are a total of measurement options for a -particle GHZ state. For every trial, when all participants only measure along or direction and the number of the participants who measure along the direction is even, the following equation holds
[TABLE]
Where is pauli operator or , when the number of index appears in is a multiple of the right-hand side of Eq (13) takes . So we can use the outcomes of these measurement options as -party private keys, the number of these measurement options is . The number of the measurement options that involved the calculation of -partite SI (Eq. (11)) is , the outcomes of the remaining measurement options are useless.
Test for eavesdropping. As in three-party case, we first consider a mild case where the eavesdropper measures the particles in their transmissions. We notice that the -partite Svetlichny’s operator can be expressed as
[TABLE]
By using the result of three-party case and the mathematical induction, it is obvious that in this case, i.e. the SI cannot be violated.
Finally, we prove that even if the eavesdropper has the ability to control the measurement results of participants, the SI of Eq. (10) still cannot be violated. We first study the value of . We assume , is the remainder of divided by , so
[TABLE]
[TABLE]
We now study the relation between the values of and , they are not independent since they consist of the same quantities of . From Eq. (15) we know, if we want to takes its maximum value of , we must let the quantities of corresponding to take the value , and let the quantities of corresponding to take the value . We assume that in , the numbers of quantities of corresponding to are , , , respectively. So if takes its maximum value of , from Eq. (16) we find the value of is
[TABLE]
If we change one quantity of all ’s to its opposite number, the value of becomes and the value of becomes . We can repeat this process until equals [math] and equals . Given all of that, we finally conclude
[TABLE]
So even if the eavesdropper can control the measurement results of participants, he still unable to create a violation of SI. It also means that the eavesdropper is unable to deceive the legitimate users into believing that the key has been successfully distributed.
IV Secret key rate
Different from the usual QKD, device-independent quantum key distribution (DIQKD) protocols aim at establishing the security of key distribution based on the most fundamental assumptions. In DIQKD, legitimate users can not only completely ignore the internal working of the quantum measurement apparatuses used in the protocol, but also do not have to have any information about the particles in their hands. In addition to other fundamental assumptions, the security proof of a DIQKD protocol can be based entirely on the correctness of quantum theory and observable data. The aim of DIQKD is to design protocols secure against more powerful eavesdroppers than that in usual QKD, so from the perspective of DIQKD many usual QKD protocols are not secure. For example, if Alice and Bob actually share four-dimensional particles and the eavesdropper Eve can tamper their quantum measurement apparatuses so that their actual measurements not correspond to their expected ones, the BB [1] protocol is not secure [49].
Quantum nonlocality is a necessary condition to the security of DIQKD. The first quantitative relation between secret-key rate and the violation of CHSH inequality was derived by Acín et al [50, 49], this initial result was only considered under the collective attacks condition, and it was later extended to the most powerful coherent attacks condition [51]. After that, many secret-key rates were obtained along with different proposed DIQKD protocols whose securities are guaranteed by violations of different quantum nonlocality inequalities [46, 47, 48], and many moderate improvements were achieved by considering actual noisy processing [52, 53, 54] and imperfect detection efficiency [55, 56]. Since quantum nonlocality is a vulnerable resource and the entanglement of quantum states is often decayed during transmission, we need here to derive the secret-key rate of our proposed protocol under the condition of using quantum states with non-maximal entanglement. Next we will calculate the secret-key rate in the three-party scenario, we consider eavesdropper applying the convex combination (CC) attack [57, 58, 59], and the non-maximal entanglement state we consider is the Werner state [60].
We now give a brief introduction to CC attack. Since we assume the source of particles is under the control of the eavesdropper Eve and three legitimate users announce their measurement choices for every round, Eve has the ability to mimic the legitimate users’ correlation as the following equation
[TABLE]
Where , we call it the local weight. These , , and denote the measurement choices of Alice, Bob, and Carol respectively, and , , are their outcomes. We call is the legitimate users’ observed correlation, is local correlation (in our case of three-party key distribution we require it to be Svetlichny local, i.e., it cannot result in the violation of SI), is a judiciously chosen nonlocal quantum correlation. From Eq. (19) we see that in order to mimic legitimate users’ correlation Eve distributes local deterministic correlations with probability , and she distributes nonlocal quantum correlation with probability . Since in those cases of distribution of local deterministic correlations Eve can have complete information of outcomes of legitimate users’ measurements, she certainly wants to maximize . This is CC attack.
We assume that the targeted state is affected by white noise during transmission, and it is transformed into the three-qubit Werner state
[TABLE]
we call the visibility, only when the measurement protocol Eq.(3) can result in the violation of SI, we denote . We denote the correlation which is given rise to by the Werner state as . So if the Werner state give rise to the legitimate users’ observed correlation in Eq.(19), it is intuitive that in order to maximize , Eve should use nonlocal correlation and local correlation . It’s easy to find the maximum ,
[TABLE]
we can obtain by comparing Eq.(20) and Eq.(21).
Finally we calculate the secret-key rate of our protocol for the Werner state. In our three-party key distribution protocol, the raw keys are extracted from the following measurement settings
[TABLE]
We assume that the probability that the legitimate users choose to make each measurement is equal, and it’s obvious that the secret-key rate calculated from each measurement setting is the same, so we will only calculate the secret-key rate of the first measurement setting \big{(}\hat{A}_{2},\hat{B}_{0},\hat{C}_{0}\big{)}. We use the Devetak-Winter formula [61] to calculate the lower bound of the secret-key rate
[TABLE]
Where denote measurement result of Eve, and both are the conditional Shannon entropy, quantifies the correlation between Alice and Eve, and quantifies the correlation between Alice and Bob and Carol. Since three-party key strings have collective correlations rather than pairwise correlations in the two-party case, Eq.(23) is slightly different from its standard form for the two-party case. If the three legitimate users actually share the Werner state Eq.(20) which will give rise to correlation , from Eq.(21) we can get . Since is the correlation generated by the maximum entanglement quantum state , the perfect monogamy force that Eve has no information about in this case. We assume that Eve has the power to get complete information about Alice’s outcome in the case of distribution of local correlation . So for every measurement result of Eve, we have conditional probability (), and
[TABLE]
where is the binary entropy. Then we calculate . From the fourth equation of Eq.(1) and Eq.(20), we can obtain () for every outcomes and , and then
[TABLE]
Substituting these results into Eq.(23), we obtain
[TABLE]
Only when the lower bound of the secret-key rate is greater than zero. We depict the extractable secret-key rate in Fig.3, and it manifests that as the value of visibility increases the value of monotonously approaches and when .
We notice that the threshold visibility for the positive secret-key rate of DIQKD protocols is greater than the threshold visibility for the violation of SI, and we have two comments on this result. First, in our protocol we assume that Eve has the power to get complete information about Alice’s outcomes in the case of distribution of local correlation , so if, in fact Eve does not have such a powerful ability we will get a less threshold visibility for the positive secret-key rate, which should be closer to . Second, even if there exists such a powerful Eve, we can still get a secure DIQKD protocol as long as .
V Conclusion
Multipartite private keys have collective correlations rather than pairwise correlations, so no participant can infer the keys of others from the keys in his own hands. Because of this property, there are a lot of tasks in which multipartite keys are applicable but two-partite keys are not competent. In this paper, we present a QKD scheme in which participants can securely share a set of multipartite keys by using a sequence of multi-particle GHZ states. We prove that the violation of SI can be utilized to test for eavesdropping, and even when the eavesdropper can completely control the outcomes of many participants’ measurements, our scheme still ensures the device-independent security of the keys distribution. In the ideal case, the perfect monogamy of the GHZ state guarantee the device-independent security of our protocol, however quantum entanglement is a vulnerable resource which is often decayed during transmission. So we need to derive the secret-key rate of our protocol under the condition of using quantum states with non-maximal entanglement. We then calculate the extractable secret-key rate of our three-party key distribution protocol for the Werner state in the device-independent scenario. We find that the value of the extractable secret-key rate monotonously approaches as the value of the visibility of the Werner state increases, and it reaches its maximum value when the Werner state becomes the GHZ state.
In the two-party case, if each party has only two inputs and two outputs, there is only one non-trivial quantum nonlocality inequality (CHSH inequality) which can be used to guarantee the security of two-party QKD. Unlike that in the two-party case, there exist many kinds of quantum multipartite correlations. For example, in the case of three-party, there exist extremal no-signaling correlations which belong to inequivalent classes in the case of that each party has two inputs and two outputs [62]. So for the multi-party QKD, there exist many different quantum nonlocality inequalities that all can be used to guarantee the security. There are already some multi-party QKD protocols whose security are guaranteed by violations of different quantum nonlocality inequalities [46, 47, 48]. In my view, since violations of different quantum nonlocality inequalities display different kinds of quantum multipartite correlations, each inequality has its own advantages as the security guarantee of QKD.
Acknowledgments
The author is grateful to the anonymous referees for their valuable comments and suggestions to improve the quality of the paper. This work is supported by the National Natural Science Foundation of China under Grant No. 11005031.
Data Availability Statement
This manuscript has no associated data or the data will not be deposited. [Author’s comments: All relevant data are in the paper itself.]
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1Bennett and Brassard [1984] C. H. Bennett and G. Brassard, in Proc. IEEE Int. Conf. on Computers, Systems and Signal Processing, Bangalore, India (1984) pp. 175–179.
- 2Ekert [1991] A. K. Ekert, Phys. Rev. Lett. 67 , 661 (1991) . · doi ↗
- 3Bell [1964] J. S. Bell, Physics Physique Fizika 1 , 195 (1964).
- 4Bell and Mermin [1988] J. Bell and N. D. Mermin, Physics Today 41 , 89 (1988).
- 5Clauser et al. [1969] J. F. Clauser, M. A. Horne, A. Shimony, and R. A. Holt, Phys. Rev. Lett. 23 , 880 (1969) . · doi ↗
- 6Bennett et al. [1992 a] C. H. Bennett, G. Brassard, and N. D. Mermin, Physical review letters 68 , 557 (1992 a).
- 7Einstein et al. [1935] A. Einstein, B. Podolsky, and N. Rosen, Phys. Rev. 47 , 777 (1935) . · doi ↗
- 8Bennett et al. [1992 b] C. H. Bennett, G. Brassard, and N. D. Mermin, Phys. Rev. Lett. 68 , 557 (1992 b) . · doi ↗
