Conference PaperPDF Available

Quantum mutual authentication scheme based on Bell state measurement

Authors:

Abstract and Figures

Authentication is one of the security services that ensures sufficient security of the system by identification and verification. Also, it assures the identity of the communicating party to be that the claimed one. To build a quantum channel between two unauthenticated to each other parties, first, a trusted authority is needed to establish a mutual authentication with each party. Using Bell measurement and entanglement swapping, we present a protocol that mutually authenticates the identity of the sender and the receiver, then constructs a quantum channel based on Bell basis. After, the sender and the receiver use the quantum channel to communicate using entanglement-assisted quantum communication protocols. Additionally, the protocol renews the shared secret key between the trusted authority and each user after each authentication process. The protocol provides the necessary authentication and key distribution to create a quantum channel between the sender and receiver.
Content may be subject to copyright.
Quantum Mutual Authentication Scheme Based on
Bell State Measurement
Muneer Alshowkan, IEEE Student Member and Khaled Elleithy, IEEE Senior Member
Department of Computer Science and Engineering
University of Bridgeport
Bridgeport, CT 06604, USA
malshowk@my.bridgeport.edu, elleithy@bridgeport.edu
Abstract—Authentication is one of the security services that en-
sures sufficient security of the system by identification and verifi-
cation. Also, it assures the identity of the communicating party to
be that the claimed one. To build a quantum channel between two
unauthenticated to each other parties, first, a trusted authority is
needed to establish a mutual authentication with each party. Using
Bell measurement and entanglement swapping, we present a pro-
tocol that mutually authenticates the identity of the sender and the
receiver, then constructs a quantum channel based on Bell basis.
After, the sender and the receiver use the quantum channel to
communicate using entanglement-assisted quantum communica-
tion protocols. Additionally, the protocol renews the shared secret
key between the trusted authority and each user after each authen-
tication process. The protocol provides the necessary authentica-
tion and key distribution to create a quantum channel between the
sender and receiver.
Keywords— quantum; entanglement; authentication; bell meas-
urement; bell basis
I. I
NTRODUCTION
The field of quantum computing and information processing
uses the laws of quantum physics, including states superposition
and entanglement. Quantum cryptography is amongst the most
surprising application of quantum mechanics in quantum com-
puting and information processing. Unlike classical cryptog-
raphy, which depends on the computational complexity of solv-
ing difficult mathematical problems such as, the public-key
algorithm of the RSA. Quantum key distribution offers a method
of sharing a private key with unconditional security. By applying
the laws of quantum mechanics, messages and secret keys can
be hidden and securely shared over a quantum channel between
a sender and a receiver. For instance, one can use quantum key
distribution protocols to share secret keys or use quantum direct
communication to send messages. Bennett and Brassard were
the first to propose the quantum key distribution protocol BB84
in 1984 [1]. After, the field of quantum computing and infor-
mation processing became an active research area. Thus, many
protocols in quantum communication and information pro-
cessing have been proposed. For example, some of the quantum
protocols are quantum secret sharing [2-8], quantum secure di-
rect communication [9-14] and quantum identity authentication
[13, 15-20]. Quantum secret sharing is the transformation of
classical secret sharing to quantum information processing and,
it can be used classical and quantum messages. Quantum secure
direct communication protocol provides a secure method to send
a secret message without prior sharing of a secret key. Classical
cryptography has an extensive research on identity and message
authentication. In the field of quantum information processing,
quantum identity authentication is the natural generalization of
the classical authentication. For instance, the quantum authenti-
cation and key distribution protocol presented in [16]. Identity
authentication and simultaneous secret key distribution protocol
presented in [21]. In addition, two protocols were presented in
[13] for quantum user identification and secure direct communi-
cation. The protocols use the Greenberger-Horne-Zeilinger
states for authentication and then secure communication.
One of the most fundamental elements of quantum cryptog-
raphy is quantum entanglement. Quantum entanglement has no
classical counterpart, which is a nonlocal correlation between
two quantum subsystems. In 1991, Ekert [22] presented the first
entanglement-based quantum key distribution protocol to share
private secret keys. For example, if Alice and Bob have many
prior shared maximally entangled pairs, then for each pair they
perform measurement in any bases. After, on the classical chan-
nel they disclose the measurement basis used on each pair. The
results should be correlated if they used the same basis. Pairs
measured in different bases can be used to detect the presence of
Eve by Bell’s inequality. Entrapment swapping [23, 24] is a tech-
nique that makes two non-directly interacted systems entangled
with each other. Using entanglement swapping led to presenting
new quantum key distribution protocol [25-30].
In this paper, we assume that a sender (Alice) wishes to com-
municate with a receiver (Bob) but they are untrusted to each
other and do not have access to a quantum channel nor they share
entanglement. So, Alice contacts the trust authority Trent, who
can authenticate each user using a prior shared secret key be-
tween them. Trent will distribute many two-particle entangled
pairs with each party for authentication and communication. The
goal is to verify and authenticate the identity of each user then,
creates a quantum channel based on Bell basis. Trent renews the
secret key between him and the users after each authentication.
In the communication process, Alice and Bob use the entangle-
ment-based quantum channel to communicate using entangle-
ment-assisted communication protocol. The organization of the
paper is as follows: the related work in section II, the proposed
protocol in section III, the security analysis in section IV, and the
conclusion in section V.
II. R
ELATED WORK
In the literature, there are different quantum authentication
protocols [19, 31-33]. The protocols in [32, 33] are based on en-
tanglement swapping and Bell state measurement. In addition,
they have three participants in the protocols, a sender Alice, who
wishes to communicate with a remote receiver Bob and Trent
who is a trusted party. Trent will try to help and build an authen-
ticated quantum communication channel between Alice and
Bob. In the presented scheme registration, authentication and
communication are the three main components. Next, we review
the scheme presented in [33]. The protocol has three processes,
which are registration, authentication, and communication.
A. Registration:
Suppose that each of Alice and Bob shares  bits secret key
with the trusted authority Trent. Alice and Trent share the secret
key

={

,

,…,

,}. Also, Bob and Trent share the
secret key

={

,

,…,

,} . The key distribution
method was the quantum key distribution protocol in [27] to
guarantee the unconditional security. Alice asks Trent to com-
municate with Bob. Then, Trent starts the authentication process
by using the prior shared secret keys

and

with Alice
and Bob respectively. For each secret key, Trent derives a set of
bases from the bases
={|0,|1} and 
={|+,|} for
Alice and Bob called secret bases
and 
respectively.
Where, the bases
and
correspond to the secret key −
bit of “0” and “1” respectively. Trent authenticates the identity
of Alice and Bob by creating and sending a random secret se-
quence encoded by the secret bases. For Alice, Trent creates:


={

,

,…

}(1)
and for Bob, Trent creates:


={

,

,…

}(2)
If Alice and Bob are the legitimate users, then they can use their
shared secret key with Trent to derive the secret bases and de-
code the secret sequence. Therefore, Trent meets with each user
on the classical channel to verify the result. They continue the
protocol if both got the correct secret sequences or abandon the
channel if one of them got the wrong result.
B. Authentication:
After the authentication of Alice and Bob identities, Trent
starts building the quantum channel. Trent aims to create a quan-
tum channel consists of two-particle maximally entangled states
{|Ψ
±
,|Φ
±
}. So, Trent prepares  maximally entangled pairs
shared between him and Alice:

|δ

()〉={|δ

(1)〉,|δ

(2)〉,…|δ

()〉} (3)
also, another  pair shared between him and Bob:

|ζ

(
)〉={|ζ

(1)〉,|ζ

(2)〉,…|ζ

()〉} (4)
where |δ,ζ∈{|Ψ
±
,|Φ
±
〉} . After, Trent keeps his particles
which |δ
()〉 and|ζ
()〉. Then, he sends the particles |δ
()〉
and |ζ
()〉 to Alice and Bob respectively. Trent makes another
authentication by asking each party to perform Bell basis meas-
urement on random pairs. For instance, if the chosen random
state is then Bell measurement should be performed on
|δ
()〉|δ
(+1)〉 and |ζ
()〉|ζ
(+1)〉 for Alice and Bob
respectively. After that, each party meets Trent on the classical
channel to inform him of the chosen states and the measure-
ments result. Trent verifies that the results of each party confirm
the entanglement swapping of Bell states by performing Bell ba-
sis measurement on the chosen states. Trent continues the proto-
col if both parties obtained correct states.
C. Communication:
After successfully authenticated Alice and Bob, Trent is
ready to create the quantum channel. First, Trent discards the
used entanglement and asks Alice and Bob to discard them as
well. The total remaining states in Trent possession will be
{|δ
()〉,|ζ
()〉} where ==1,2,... Also, the remain-
ing states in the possession of Alice and Bob will be {|δ
()〉}
and {|ζ
()〉} respectively where ==1,2,..− . After,
Trent performs Bell basis measurement on the remaining states
shared between him each party where (=) . For instance,
Trent performs Bell basis measurement on {|δ
()〉|ζ
()〉}
which will cause entanglement swapping making the states of
Alice and Bob {|δ
()〉,|ζ
()〉} in one of Bell entangled states.
Finally, Alice and Bob use an entanglement-assisted communi-
cation protocol such as quantum teleportation for communica-
tion.
The protocol presented in [34] is a bidirectional quantum se-
cure direct communication with authentication. The communi-
cation channel between the sender Alice and the receiver Bob is
based on two-particle prior shared entanglement. Alice and Bob
encode their secret key and the secret message by Pauli opera-
tors
,
,
, and
. Also, they use the shared entanglement
for authentication and secret key generating with help of 2 and
2 bits of classical communication. Moreover, Alice and Bob
previously agree to encode the two bits 00,01,10,and 11with
Pauli operators
,
,
, and
respectively:
=|0〈0|+|1〈1| (5)
=|0〈1|+|1〈0| (6)
=|0〈0||1〈1| (7)
=|0〈1||1〉〈0|(8)
The protocol has eight steps. First, Alice prepares 2+
2
󰆒
+ entangled pairs chosen randomly from Bell states then,
shares them with Bob. Second, Bob randomly selects states
from his entangled states then randomly measures them in

. After, Bob informs Alice of the chosen state and their
results through the classical channel. After that, Alice performs
the same measurement on the same state then compares them
with the results received from Bob. Third, using the remaining
entanglement Alice encodes a secret key. Fourth, Bob perform
measurement on the chosen state by Alice then announce the re-
sult through the classical channel. Fifth, Alice informs Bob of
the position of the secret key states so, Bob perform the neces-
sary decoding. Six, Alice encodes the secret message using the
secret key. Seven, Bob perform Bell measurement then confirms
with Alice the results through the classical channel. Eight, Alice
informs Bob of the state of the direct communication and the
updated authentication key. They use the direct communication
states to send secret messages using Bell basis measurement.
III. Q
UANTUM
M
UTUAL
A
UTHENTICATION
S
CHEME
B
ASED
ON
B
ELL
S
TATE
M
EASUREMENT
The previous protocols especially [32, 33] do not offer mu-
tual authentication and depend on the trusted authority to au-
thenticate the users. Without mutual authentication, the com-
municating parties have no confidence they are connected with
the trusted authority. Therefore, attacks such as replay and man-
in-the-middle are possible. In our proposed protocol, we secure
the registration process by mutual authentication. Also, renews
the secret key after each use by distributing a new secret key
after each successful authentication.
A. Mutual Authentication and Registration:
Consider a network of users
where  is the user identi-
fication number
∈={
,
,…,
} . Each user shares a
secret key


∈={

,

,…,


} of size 2 where


={

+

} with the trusted user Trent. We assume
that the key exchange occurred during the setup of each user in
the network. If Alice wishes to communicate with Bob, then she
contacts Trent who knows every user in the network. At the be-
ginning, Trent and Alice need to build mutual authentication by
identification and verification of each’s identity. They use the
shared secret key


={

+

} to derive the encoding
bases


={

+

} from the bases 

={|0,|1〉}
and the bases 
={|+〉,|−〉}. For each bit in the secret key,
they make the bits “0” and “1” correspond to bases 

and 
respectively. After, Trent and Alice each generate a random se-
quence

and

respectively of size, then encoded it by
the bases

. Next, Trent and Alice exchange the encoded se-
quences. So, the legitimate Trent and Alice must be able to de-
rive the decoding bases 

from the secret key

then de-
code the each other’s sequence. After, they meet on the classical
channel. Trent announces Alice’s

and Alice announces
Trent’s sequence

. Trent and Alice verify their sequences
then, they continue if they received the correct sequences so that
they are mutually authenticated. If one of them received the
wrong sequence then, they abandon the channel. After that,
Trent contacts Bob and performs the same authentication pro-
cess. Trent and Bob use the shared secret key


=
{

+

} to derive the encoding bases


={

+

} . Next, Each of Trent and Bob generates a random se-
quence

and

respectively of size then, encode it by
bases

. After, Trent and Bob exchange the encoded se-
quences then meet on the classical channel to verify their se-
quences. Trent and Bob verify the sequences

and

re-
spectively then, they continue if both received the correct
sequences or they abandon the channel. If no one abandoned the
channel then, Trent and Alice, as well as Trent and Bob, are mu-
tually authenticated. Further, Trent will provide Alice and Bob
with a secret key to create a secret sequence for authenticating
before communication. Trent encodes the second part of Bob’s
secret key

by

then sends it to Alice. Also, Trent en-
codes the second part of Alice’s secret key

using

then
sends to Bob.
B. Secret Key Distribution:
Trent builds the quantum channel after he created the mutual
authentication between him and each of Alice and Bob. For each
user, Trent prepares random Bell basis:
|
Υ
()〉

={|
Υ
(1)〉

,|
Υ
(2)〉

,…,|
Υ
(L)〉

}(9)
where |Υ{|Ψ
,|Ψ
,|Φ
,|Φ
〉} then shares them with
the user. Also, let and be the indexes of Alice and Bob states
respectively where ==++=. Trent shares the en-
tangled pairs |Υ()〉

with Alice by keeping the first particle of
|Υ()〉
and sending the second particle |Υ()〉
to Alice. Like-
wise, Trent shares the entangled pairs
|Υ()〉

with Bob by
keeping the first particles |Υ()〉
and sending the second parti-
cle |Υ()〉
to Bob. After, Alice randomly chooses (+)/2
inconsecutive states of her entanglement with Trent
|Υ()〉

then performs Bell measurement on the state |Υ()〉

|Υ(+1)〉

. For example, if the random state is |Φ
()〉

and the state +1 is |Φ
(+1)〉

where the particles 1 and 4
belong to Trent and the particles 2 and 3 belong to Alice. Then,
Bell measurement on |Φ

|Φ

will give one result of
{|Φ

|Φ

} , {|Φ

|Φ

} , {|Ψ

|Ψ

} , or
|Ψ

|Ψ

each occurs with a probability of1/4 . If Alice
finds the state |Ψ

then the state Trent holds should be
|Ψ

. All the possible outcomes of Bell measurement when
the state equals to Bell state |Φ

are:
Φ

⊗Φ


Φ


Φ


Ψ


Ψ

(10)
Φ

⊗Φ


Φ


Φ


Ψ


Ψ

(11)
Φ

⊗Ψ


Ψ


Ψ


Φ


Φ

(12)
Φ

⊗Ψ


Ψ


Ψ


Φ


Φ

(13)
If the state equals to |Φ

, then all the possible outcomes of
Bell measurement are:
Φ

⊗Φ


Φ


Φ


Ψ


Ψ

(14)
Φ

⊗Ψ


Ψ


Ψ


Φ


Φ

(15)
Φ

⊗Φ


Φ


Φ


Ψ


Ψ

(16)
Φ

⊗Ψ


Ψ


Ψ


Φ


Φ

(17)
If the state equals to |Ψ

, then all the possible outcomes of
Bell measurement are:
Ψ

⊗Ψ


Φ


Φ


Ψ


Ψ

(18)
Ψ

⊗Ψ


Φ


Φ


Ψ


Ψ

(19)
Ψ

⊗Φ


Ψ


Ψ


Φ


Φ

(20)
Ψ

⊗Φ


Ψ


Ψ


Φ


Φ

(21)
If the state equals to |Ψ

, then all the possible outcomes of
Bell measurement are:
Ψ

⊗Ψ


Φ


Φ


Ψ


Ψ

(22)
Ψ

⊗Ψ


Φ


Φ


Ψ


Ψ

(23)
Ψ

⊗Φ


Ψ


Ψ


Φ


Φ

(24)
Ψ

⊗Φ


Ψ


Ψ


Φ


Φ

(25)
For each measurement result, Alice will represent the states |Φ〉
and |Ψ by the bits "0" and "1" respectively. In the same man-
ner, she represents the phase of the states "+" and "−" by the
bits "0" and"1" respectively Fig. 1. For error detection, Alice
meets with Trent on the classical channel to inform him of the
/2 chosen pairs and the measurement result of each pair. Trent
verifies if the results Alice obtained satisfy Bell state measure-
ment for the chosen /2 pairs. If Trent finds the results do not
satisfy Bell measurement then, the channel is compromised and
they abandon the channel. However, if the results satisfy Bell
measurement for entanglement swapping then, Trent and Alice
represent the remaining /2 pairs in bits and consider them as
an initial secret key .
Fig. 1. The representation of the states using classical bits.
Let consider an attacker (Eve) listens to the classical channel
and gains some information about the initial secret key. Then
another level of security is needed to reduce Eve’s information.
Therefore, Trent and Alice apply privacy amplification to derive
a secret key with a low correlation to the initial key. We assume
that every user shares with Trent a family of universal hash func-
tion [35]  with a uniform distribution of hash functions
which, maps bits input to bits output . Also, if {
,
}∈
and  is randomly selected then, (
)=(
) with proba-
bility of 1/|| . Trent selects a hash function ∈ then in-
forms Alice through the classical channel which hash function
was selected. After, Trent and Alice feed the initial secret key
into the hash function to obtain the final secret key ()=

.
Similarly, Trent follows the same process of verification and key
distribution with Bob to obtain a new secret key

.
C. Communication:
Trent reorders the remaining entangled pairs between him
and Alice:
|
Υ
()〉

={|
Υ
(1)〉

,|
Υ
(2)〉

,…,|
Υ
()〉

}(26)
and the remaining entangled pairs between him and Bob:
|
Υ
(
)〉

={|
Υ
(1)〉

,|
Υ
(2)〉

,…,|
Υ
()〉

}(27)
Then, Trent performs entanglements swapping to create entan-
glement state between Alice and Bob. Trent performs entangle-
ment swapping process using |Υ()〉

⊗|Υ()〉

. For exam-
ple if the entangled state between Trent and Alice is |Υ()〉

=
|Φ

and the entangled state between Trent and Bob is
|Υ()〉

=|Φ

then |Φ
()

⊗|Φ
()〉

is as fol-
lows:
=|0
|0
+|1
|1
2⊗|0
|0
+|1
|1
2(28)
=1
2|0
|0
(|0
|0
+|1
|1
)
+|1
|1
(|0
|0
+|1
|1
)(29)
Trent applies CNOT gate on using the forst as the control
and the second as the target:
=1
2|0
|0
(|0
|0
+|1
|1
)
+|1
|1
(|1
|0
+|0
|1
)(30)
Trent apples the Hadamard gate on the first :
=1
2
2(|0
+|1
)|0
(|0
|0
+|1
|1
)
+(|0
−|1
)|1
(|1
|0
+|0
|1
)(31)
Rearranging and combining :
=1
2
2|00
|0
|0
+|1
|1
|01
|0
|1
+|1
|0
|10
|0
|0
−|1
|1
|11
|0
|1
−|1
|0
(32)
Trent informs Alice and Bob about which state they share using
two classical bits. Therefore, Alice and Bob will have their and
 states respectively entangled in one of Bell states each occur-
ring with probability of 1/4.
(,
)

=1
2(|0
|1
−|1
|0
)(33)
(,
)

=1
2(|0
|1
+|1
|0
)(34)
(,
)

=1
2(|0
|0
−|1
|1
)(35)
(,
)

=1
2(|0
|0
+|1
|1
)(36)
Alice and Bob use their entangled pairs to communicate us-
ing quantum communication protocols such as teleportation,
Ekert 91, or remote state preparation. Alice and Bob make final
authentication to make sure that each party is the same party,
Trent authenticated in the first process. They use the secret
key

and

which, Trent distributed to Bob and Alice re-
spectively. Each party derives the encoding basis, then creates
and exchanges a secret sequence. After, Alice and Bob meet on
the classical channel to verify each other’s sequence. The legiti-
mate Alice and Bob should be able to decode and verify their
identity. If one of them cannot decode the sequence and verify
their identity, then they cannot trust each other and abandon the
channel. However, if they are the legitimate Alice and Bob then,
they will be able to decode the sequences and have mutual au-
thentication. So, Alice and Bob are authenticated to each other’s
and able to start the communication using the entanglement-as-
sisted quantum communication protocols.
IV. S
ECURITY
A
NALYSIS AND
D
ISCUSSION
Mutual authentication requires the communicating parties to
build confidence about the identity of each other’s by identifica-
tion and verification. For comparison, the quantum authentica-
tion protocol in [33] does not authenticate Trent to the communi-
cating parties Alice and Bob. The protocol assumes that Trent
and each party share a secret, which then used by Trent to derive
basis to encode a challenging sequence. Trent sends the encoded
sequence and asks each party to decode it after deriving the de-
coding basis from their shared secret key with him. They retrieve
the correct sequence then send the result to Trent to decide if
they are the legitimate users or not. However, an attacker (Eve)
can masquerades Trent without being detected by Alice and Bob
because Trent uses the quantum channel to send encoded se-
quence and Alice and Bob use the classical channel to verify
their identity. For example, Eve can intercept the communica-
tion between Alice and Trent then forge a verification process.
Eve generates random secret key
then derives encoding ba-
sis
. After, Eve creates the sequence

then, sends it to Al-
ice. Using the secret key

, Alice derives the basis

then
tries to decode the sequence

. Without identity verification
of the source of the sequence, Alice will send the result to Trent.
However, Eve can intercept the communication from reaching
Trent then continues with Bob because Trent is the only one per-
forms the authentication. Even if Alice requests acknowledge-
ment from Trent then, without authentication, Eve can perform
the replay attack. Therefore, Alice and Bob also need to authen-
ticate the identity of Trent at the initial communication. Alice
and Bob each creates a sequence using the shared secret key with
Trent then ask him to verify the sequence on the classical chan-
nel. Thus, Alice and Bob require Trent to verify himself and pass
the verification step to be as well authenticated. If the mutual
authentication succeeds then, Alice and Bob with high confi-
dence can continue communicating with Trent because they
have mutual authentication. If not, they abandon the channel. In
our protocol, consider Eve tries to perform the replay attack. Us-
ing the passive attack on the classical channel, Eve could capture
acknowledgements and use them later. However, the shared se-
cret key in our protocol changes after each authentication pro-
cess. Thus, each secret key is used once and the replay attack
cannot be effective.
Let us consider the intercept/send attack against the authen-
tication and key distribution process. If Eve intercepts the entan-
gled pairs sent from Trent to Alice then, creates entanglement
and share with Alice. So, Trent and Eve share |Υ()〉

. Also,
Eve and Alice share |Υ()〉

. Alice chooses random pairs then,
performs Bell measurement to obtain an outcome with a proba-
bility of 1/4 for each measurement as in Bell measurement out-
comes (10-25). Similarly, Eve measures random pairs from the
shared entanglement with Trent to obtain an outcome for each
measurement with a probability of 1/4. When Alice meets Trent
on the classical channel to inform him of the chosen pairs and
their measurement results, Alice will not be able to provide the
correct measurement because there is no correlation between
their pairs. Therefore, each measurement result of Alice and
Trent will have success probability of 1/16. As a result, Trent
and Alice with high probability can detect the presence of Eve
on the channel.
V. C
ONCLUSION
We presented a quantum mutual authentication protocol
based on Bell state measurement and entanglement swapping. A
trusted authority authenticates untrusted to each other users then
creates an entanglement-based quantum communication chan-
nel. Using the prior shared secret key with each user, the trusted
authority mutually authenticates each user then builds the quan-
tum channel. In addition, the protocol renews the secret key
shared with the trusted authority after each authentication pro-
cess. The protocol successfully creates Bell states between par-
ties who their particles did not interact with each other’s before.
Then, they use their Bell states to communicate by quantum en-
tanglement communication protocols.
VI. R
EFERENCES
[1] C. H. Bennett and G. Brassard, "Quantum cryptography: Public key
distribution and coin tossing," in Proceedings of IEEE International
Conference on Computers, Systems and Signal Processing, 1984, p. 8.
[2] A. Karlsson, M. Koashi, and N. Imoto, "Quantum entanglement for secret
sharing and secret splitting," Physical Review A, vol. 59, p. 162, 1999.
[3] L. Xiao, G. L. Long, F.-G. Deng, and J.-W. Pan, "Efficient multiparty
quantum-secret-sharing schemes," Physical Review A, vol. 69, p. 052307,
2004.
[4] Z.-j. Zhang, Y. Li, and Z.-x. Man, "Multiparty quantum secret sharing,"
Physical Review A, vol. 71, p. 044301, 2005.
[5] M. Hillery, V. Bužek, and A. Berthiaume, "Quantum secret sharing,"
Physical Review A, vol. 59, p. 1829, 1999.
[6] Z.-j. Zhang, G. Gao, X. Wang, L.-f. Han, and S.-h. Shi, "Multiparty
quantum secret sharing based on the improved Boström–Felbinger
protocol," Optics communications, vol. 269, pp. 418-422, 2007.
[7] P. Zhou, X.-H. Li, Y.-J. Liang, F.-G. Deng, and H.-Y. Zhou, "Multiparty
quantum secret sharing with pure entangled states and decoy photons,"
Physica A: Statistical Mechanics and its Applications, vol. 381, pp. 164-
169, 2007.
[8] Y. Sun, Q.-y. Wen, F. Gao, X.-b. Chen, and F.-c. Zhu, "Multiparty
quantum secret sharing based on Bell measurement," Optics
Communications, vol. 282, pp. 3647-3651, 2009.
[9] C. Qing-Yu and L. Bai-Wen, "Deterministic secure communication
without using entanglement," Chinese Physics Letters, vol. 21, p. 601,
2004.
[10] K. Boström and T. Felbinger, "Deterministic secure direct communication
using entanglement," Physical Review Letters, vol. 89, p. 187902, 2002.
[11] F.-G. Deng and G. L. Long, "Secure direct communication with a
quantum one-time pad," Physical Review A, vol. 69, p. 052319, 2004.
[12] A. Beige, B. G. Englert, C. Kurtsiefer, and H. Weinfurter, "Secure
communication with a publicly known key," Acta Physica Polonica A,
vol. 101, pp. 357-368, 2002.
[13] H. Lee, J. Lim, and H. Yang, "Quantum direct communication with
authentication," Physical Review A, vol. 73, p. 042305, 2006.
[14] Q.-Y. Cai and B.-W. Li, "Improving the capacity of the Boström-
Felbinger protocol," Physical Review A, vol. 69, p. 054301, 2004.
[15] T. Mihara, "Quantum identification schemes with entanglements,"
Physical review A, vol. 65, p. 052326, 2002.
[16] M. Dušek, O. Haderka, M. Hendrych, and R. Myška, "Quantum
identification system," Physical Review A, vol. 60, p. 149, 1999.
[17] Z. Zhang, G. Zeng, N. Zhou, and J. Xiong, "Quantum identity
authentication based on ping-pong technique for photons," Physics
Letters A, vol. 356, pp. 199-205, 2006.
[18] X. Zhang, "One-way quantum identity authentication based on public
key," Chinese Science Bulletin, vol. 54, pp. 2018-2021, 2009.
[19] Y. Yang, Q. Wen, and X. Zhang, "Multiparty simultaneous quantum
identity authentication with secret sharing," Science in China Series G:
Physics, Mechanics and Astronomy, vol. 51, pp. 321-327, 2008.
[20] C.-H. Yu, G.-D. Guo, and S. Lin, "Quantum secure direct communication
with authentication using two nonorthogonal states," International
Journal of Theoretical Physics, vol. 52, pp. 1937-1945, 2013.
[21] G. Zeng and W. Zhang, "Identity verification in quantum key
distribution," Physical Review A, vol. 61, p. 022303, 2000.
[22] A. K. Ekert, "Quantum cryptography based on Bell's theorem," Phys Rev
Lett, vol. 67, pp. 661-663, Aug 5 1991.
[23] M. Zukowski, A. Zeilinger, M. Horne, and A. Ekert, "" Event-ready-
detectors" Bell experiment via entanglement swapping," Physical Review
Letters, vol. 71, pp. 4287-4290, 1993.
[24] L. Hardy and D. D. Song, "Entanglement-swapping chains for general
pure states," Physical Review A, vol. 62, p. 052315, 2000.
[25] S. Bose, V. Vedral, and P. L. Knight, "Multiparticle generalization of
entanglement swapping," Physical Review A, vol. 57, p. 822, 1998.
[26] A. Cabello, "Quantum key distribution in the Holevo limit," Phys Rev
Lett, vol. 85, pp. 5635-8, Dec 25 2000.
[27] D. Song, "Secure key distribution by swapping quantum entanglement,"
Physical Review A, vol. 69, p. 034301, 2004.
[28] C. Li, H.-S. Song, L. Zhou, and C.-F. Wu, "A random quantum key
distribution achieved by using Bell states," Journal of Optics B: Quantum
and Semiclassical Optics, vol. 5, p. 155, 2003.
[29] G. Gao, "Quantum key distribution by swapping the entanglement of χ-
type state," Physica Scripta, vol. 81, p. 065005, 2010.
[30] N. Zhou, L. Wang, L. Gong, X. Zuo, and Y. Liu, "Quantum deterministic
key distribution protocols based on teleportation and entanglement
swapping," Optics Communications, vol. 284, pp. 4836-4842, 2011.
[31] Y. Yu-Guang and W. Qiao-Yan, "Economical multiparty simultaneous
quantum identity authentication based on Greenberger–Horne–Zeilinger
states," Chinese Physics B, vol. 18, 2009.
[32] N. Penghao, C. Yuan, and L. Chong, "Quantum Authentication Scheme
Based on Entanglement Swapping," International Journal of Theoretical
Physics, pp. 1-11, 2015.
[33] M. Naseri, "Revisiting Quantum Authentication Scheme Based on
Entanglement Swapping," International Journal of Theoretical Physics,
pp. 1-8, 2015.
[34] D. Shen, W. Ma, X. Yin, and X. Li, "Quantum dialogue with
authentication based on Bell states," International Journal of Theoretical
Physics, vol. 52, pp. 1825-1835, 2013.
[35] J. L. Carter and M. N. Wegman, "Universal classes of hash functions," in
Proceedings of the ninth annual ACM symposium on Theory of
computing, 1977, pp. 106-112.
... Entanglement swapping has been successfully used as a method for quantum authentication [99], [100], [101], [71], [102]. Some of these protocols allow even authentication of multiple parties [103], [104], [70]. Communication over a network with more than two parties is necessary is realistic scenario. ...
Conference Paper
Quantum computers are considered a blessing to the dynamic technological world that promises to solve complex problems much faster than their known classical counterparts. Such computational power imposes critical threats on modern cryptography where it has been proven that asymmetric key cryptosystem will be rendered useless in a quantum world. However, we can utilize such a powerful mechanism for improving computer security by implementing such technology to solve complex data security problems such as authentication, secrets management, and others. Mainly, Quantum Authentication (QA) is an emerging concept in computer security that creates robust authentication for organizations, systems, and individuals. To delve deeper into the concept, for this research, we have further investigated QA through a detailed systematic literature review done on a corpus of N=859 papers. We briefly discuss the major protocols used by various papers to achieve QA, and also note the distribution of papers using those protocols. We analyzed the technological limitations mentioned by previous researchers and highlighted the lack of human-centered solutions for such modern inventions. We emphasize the importance of research in the user aspect of QA to make the users aware of its potential advantages and disadvantages as we move to the quantum age.
Article
Full-text available
The crucial issue of quantum communication protocol is its security. In this paper, the security of the Quantum Authentication Scheme Based on Entanglement Swapping proposed by Penghao et al. (Int J Theor Phys., doi:10. 1007/ s10773-015-2662-7) is reanalyzed. It is shown that the original does not complete the task of quantum authentication and communication securely. Furthermore a simple improvement on the protocol is proposed.
Article
Full-text available
A quantum secure direct communication protocol with authentication using only two nonorthogonal states is presented. In the protocol, a one-way hash function is utilized for two-way authentication and two one-particle unitary operations are used for encoding. Moreover, it has been shown that this protocol is secure against some common attacks.
Article
A secure quantum identification system combining a classical identification procedure and quantum key distribution is proposed. Each identification sequence is always used just once and sequences are "refueled" from a shared provably secret key transferred through the quantum channel. Two identification protocols are devised. The first protocol can be applied when legitimate users have an unjammable public channel at their disposal. The deception probability is derived for the case of a noisy quantum channel. The second protocol employs unconditionally secure authentication of information sent over the public channel, and thus can be applied even in the case when an adversary is allowed to modify public communications. An experimental realization of a quantum identification system is described.
Article
Based on the entanglement swapping, a quantum authentication scheme with a trusted- party is proposed in this paper. With this scheme, two users can perform mutual identity authentication to confirm each other’s validity. In addition, the scheme is proved to be secure under circumstances where a malicious attacker is capable of monitoring the classical and quantum channels and has the power to forge all information on the public channel.
Article
We show how a quantum secret sharing protocol, similar to that of Hillery, Buzek, and Berthiaume (Los Alamos e-print archive quant-ph/9806063), can be implemented using two-particle quantum entanglement, as available experimentally today. We also discuss in some detail how both two- and three-particle protocols must be carefully designed in order to detect eavesdropping or a dishonest participant. We also discuss the extension of a multiparticle entanglement secret sharing and splitting scheme toward a protocol so that m of n persons with m<=n can retrieve the secret.
Article
We propose an authenticated quantum dialogue protocol, which is based on a shared private quantum entangled channel. In this protocol, the EPR pairs are randomly prepared in one of the four Bell states for communication. By performing four Pauli operations on the shared EPR pairs to encode their shared authentication key and secret message, two legitimate users can implement mutual identity authentication and quantum dialogue without the help from the third party authenticator. Furthermore, due to the EPR pairs which are used for secure communication are utilized to implement authentication and the whole authentication process is included in the direct secure communication process, it does not require additional particles to realize authentication in this protocol. The updated authentication key provides the counterparts with a new authentication key for the next authentication and direct communication. Compared with other secure communication with authentication protocols, this one is more secure and efficient owing to the combination of authentication and direct communication. Security analysis shows that it is secure against the eavesdropping attack, the impersonation attack and the man-in-the-middle (MITM) attack.
Article
We reply to the preceding comment which focused on whether there exists a quantum privacy amplification technique for purifying the unknown single-photon states transmitted. In this Reply, we will show that quantum privacy amplification is principally possible, and a specific scheme for direct communication protocol based on single photons has been constructed and will be published elsewhere. Then the secure direct quantum communication is secure against the attack strategy in the preceding comment by using quantum privacy amplification directly.
Article
The distribution of the deterministic key has great significance in quantum communication. By exploiting quantum teleportation and entanglement swapping, two quantum deterministic key distribution (QDKD) protocols are presented to hand over the previously deterministic key to the intended receiver, which is different from the existed quantum key distribution (QKD) protocols only yielding a random key. Meanwhile, the proposed QDKD protocol based on teleportation can also distribute the random key. Furthermore, the security of QDKD protocols is analyzed in detail from information theory. It shows that our proposed QDKD protocols can securely and effectively hand over the pre-deterministic key to the specific target. The QDKD protocols are the necessary supplement to the QKD protocols generating random key and of great significance in the field of key management.
Article
We propose a new scheme for quantum key distribution based on entanglement swapping. By this protocol, Alice can securely share a random quantum key with Bob, without transporting any particle.