Content uploaded by Khaled Elleithy
Author content
All content in this area was uploaded by Khaled Elleithy on Oct 05, 2017
Content may be subject to copyright.
Quantum Mutual Authentication Scheme Based on
Bell State Measurement
Muneer Alshowkan, IEEE Student Member and Khaled Elleithy, IEEE Senior Member
Department of Computer Science and Engineering
University of Bridgeport
Bridgeport, CT 06604, USA
malshowk@my.bridgeport.edu, elleithy@bridgeport.edu
Abstract—Authentication is one of the security services that en-
sures sufficient security of the system by identification and verifi-
cation. Also, it assures the identity of the communicating party to
be that the claimed one. To build a quantum channel between two
unauthenticated to each other parties, first, a trusted authority is
needed to establish a mutual authentication with each party. Using
Bell measurement and entanglement swapping, we present a pro-
tocol that mutually authenticates the identity of the sender and the
receiver, then constructs a quantum channel based on Bell basis.
After, the sender and the receiver use the quantum channel to
communicate using entanglement-assisted quantum communica-
tion protocols. Additionally, the protocol renews the shared secret
key between the trusted authority and each user after each authen-
tication process. The protocol provides the necessary authentica-
tion and key distribution to create a quantum channel between the
sender and receiver.
Keywords— quantum; entanglement; authentication; bell meas-
urement; bell basis
I. I
NTRODUCTION
The field of quantum computing and information processing
uses the laws of quantum physics, including states superposition
and entanglement. Quantum cryptography is amongst the most
surprising application of quantum mechanics in quantum com-
puting and information processing. Unlike classical cryptog-
raphy, which depends on the computational complexity of solv-
ing difficult mathematical problems such as, the public-key
algorithm of the RSA. Quantum key distribution offers a method
of sharing a private key with unconditional security. By applying
the laws of quantum mechanics, messages and secret keys can
be hidden and securely shared over a quantum channel between
a sender and a receiver. For instance, one can use quantum key
distribution protocols to share secret keys or use quantum direct
communication to send messages. Bennett and Brassard were
the first to propose the quantum key distribution protocol BB84
in 1984 [1]. After, the field of quantum computing and infor-
mation processing became an active research area. Thus, many
protocols in quantum communication and information pro-
cessing have been proposed. For example, some of the quantum
protocols are quantum secret sharing [2-8], quantum secure di-
rect communication [9-14] and quantum identity authentication
[13, 15-20]. Quantum secret sharing is the transformation of
classical secret sharing to quantum information processing and,
it can be used classical and quantum messages. Quantum secure
direct communication protocol provides a secure method to send
a secret message without prior sharing of a secret key. Classical
cryptography has an extensive research on identity and message
authentication. In the field of quantum information processing,
quantum identity authentication is the natural generalization of
the classical authentication. For instance, the quantum authenti-
cation and key distribution protocol presented in [16]. Identity
authentication and simultaneous secret key distribution protocol
presented in [21]. In addition, two protocols were presented in
[13] for quantum user identification and secure direct communi-
cation. The protocols use the Greenberger-Horne-Zeilinger
states for authentication and then secure communication.
One of the most fundamental elements of quantum cryptog-
raphy is quantum entanglement. Quantum entanglement has no
classical counterpart, which is a nonlocal correlation between
two quantum subsystems. In 1991, Ekert [22] presented the first
entanglement-based quantum key distribution protocol to share
private secret keys. For example, if Alice and Bob have many
prior shared maximally entangled pairs, then for each pair they
perform measurement in any bases. After, on the classical chan-
nel they disclose the measurement basis used on each pair. The
results should be correlated if they used the same basis. Pairs
measured in different bases can be used to detect the presence of
Eve by Bell’s inequality. Entrapment swapping [23, 24] is a tech-
nique that makes two non-directly interacted systems entangled
with each other. Using entanglement swapping led to presenting
new quantum key distribution protocol [25-30].
In this paper, we assume that a sender (Alice) wishes to com-
municate with a receiver (Bob) but they are untrusted to each
other and do not have access to a quantum channel nor they share
entanglement. So, Alice contacts the trust authority Trent, who
can authenticate each user using a prior shared secret key be-
tween them. Trent will distribute many two-particle entangled
pairs with each party for authentication and communication. The
goal is to verify and authenticate the identity of each user then,
creates a quantum channel based on Bell basis. Trent renews the
secret key between him and the users after each authentication.
In the communication process, Alice and Bob use the entangle-
ment-based quantum channel to communicate using entangle-
ment-assisted communication protocol. The organization of the
paper is as follows: the related work in section II, the proposed
protocol in section III, the security analysis in section IV, and the
conclusion in section V.
II. R
ELATED WORK
In the literature, there are different quantum authentication
protocols [19, 31-33]. The protocols in [32, 33] are based on en-
tanglement swapping and Bell state measurement. In addition,
they have three participants in the protocols, a sender Alice, who
wishes to communicate with a remote receiver Bob and Trent
who is a trusted party. Trent will try to help and build an authen-
ticated quantum communication channel between Alice and
Bob. In the presented scheme registration, authentication and
communication are the three main components. Next, we review
the scheme presented in [33]. The protocol has three processes,
which are registration, authentication, and communication.
A. Registration:
Suppose that each of Alice and Bob shares bits secret key
with the trusted authority Trent. Alice and Trent share the secret
key
={
,
,…,
,}. Also, Bob and Trent share the
secret key
={
,
,…,
,} . The key distribution
method was the quantum key distribution protocol in [27] to
guarantee the unconditional security. Alice asks Trent to com-
municate with Bob. Then, Trent starts the authentication process
by using the prior shared secret keys
and
with Alice
and Bob respectively. For each secret key, Trent derives a set of
bases from the bases
={|0〉,|1〉} and
={|+〉,|−〉} for
Alice and Bob called secret bases
and
respectively.
Where, the bases
and
correspond to the secret key −ℎ
bit of “0” and “1” respectively. Trent authenticates the identity
of Alice and Bob by creating and sending a random secret se-
quence encoded by the secret bases. For Alice, Trent creates:
={
,
,…
}(1)
and for Bob, Trent creates:
={
,
,…
}(2)
If Alice and Bob are the legitimate users, then they can use their
shared secret key with Trent to derive the secret bases and de-
code the secret sequence. Therefore, Trent meets with each user
on the classical channel to verify the result. They continue the
protocol if both got the correct secret sequences or abandon the
channel if one of them got the wrong result.
B. Authentication:
After the authentication of Alice and Bob identities, Trent
starts building the quantum channel. Trent aims to create a quan-
tum channel consists of two-particle maximally entangled states
{|Ψ
±
〉,|Φ
±
〉}. So, Trent prepares maximally entangled pairs
shared between him and Alice:
|δ
()〉={|δ
(1)〉,|δ
(2)〉,…|δ
()〉} (3)
also, another pair shared between him and Bob:
|ζ
(
)〉={|ζ
(1)〉,|ζ
(2)〉,…|ζ
()〉} (4)
where |δ,ζ〉∈{|Ψ
±
〉,|Φ
±
〉} . After, Trent keeps his particles
which |δ
()〉 and|ζ
()〉. Then, he sends the particles |δ
()〉
and |ζ
()〉 to Alice and Bob respectively. Trent makes another
authentication by asking each party to perform Bell basis meas-
urement on random pairs. For instance, if the chosen random
state is then Bell measurement should be performed on
|δ
()〉|δ
(+1)〉 and |ζ
()〉|ζ
(+1)〉 for Alice and Bob
respectively. After that, each party meets Trent on the classical
channel to inform him of the chosen states and the measure-
ments result. Trent verifies that the results of each party confirm
the entanglement swapping of Bell states by performing Bell ba-
sis measurement on the chosen states. Trent continues the proto-
col if both parties obtained correct states.
C. Communication:
After successfully authenticated Alice and Bob, Trent is
ready to create the quantum channel. First, Trent discards the
used entanglement and asks Alice and Bob to discard them as
well. The total remaining states in Trent possession will be
{|δ
()〉,|ζ
()〉} where ==1,2,..−. Also, the remain-
ing states in the possession of Alice and Bob will be {|δ
()〉}
and {|ζ
()〉} respectively where ==1,2,..− . After,
Trent performs Bell basis measurement on the remaining states
shared between him each party where (=) . For instance,
Trent performs Bell basis measurement on {|δ
()〉⊗|ζ
()〉}
which will cause entanglement swapping making the states of
Alice and Bob {|δ
()〉,|ζ
()〉} in one of Bell entangled states.
Finally, Alice and Bob use an entanglement-assisted communi-
cation protocol such as quantum teleportation for communica-
tion.
The protocol presented in [34] is a bidirectional quantum se-
cure direct communication with authentication. The communi-
cation channel between the sender Alice and the receiver Bob is
based on two-particle prior shared entanglement. Alice and Bob
encode their secret key and the secret message by Pauli opera-
tors
,
,
, and
. Also, they use the shared entanglement
for authentication and secret key generating with help of 2 and
2 bits of classical communication. Moreover, Alice and Bob
previously agree to encode the two bits 00,01,10,and 11with
Pauli operators
,
,
, and
respectively:
=|0〉〈0|+|1〉〈1| (5)
=|0〉〈1|+|1〉〈0| (6)
=|0〉〈0|−|1〉〈1| (7)
=|0〉〈1|−|1〉〈0|(8)
The protocol has eight steps. First, Alice prepares 2+
2
+ entangled pairs chosen randomly from Bell states then,
shares them with Bob. Second, Bob randomly selects states
from his entangled states then randomly measures them in
. After, Bob informs Alice of the chosen state and their
results through the classical channel. After that, Alice performs
the same measurement on the same state then compares them
with the results received from Bob. Third, using the remaining
entanglement Alice encodes a secret key. Fourth, Bob perform
measurement on the chosen state by Alice then announce the re-
sult through the classical channel. Fifth, Alice informs Bob of
the position of the secret key states so, Bob perform the neces-
sary decoding. Six, Alice encodes the secret message using the
secret key. Seven, Bob perform Bell measurement then confirms
with Alice the results through the classical channel. Eight, Alice
informs Bob of the state of the direct communication and the
updated authentication key. They use the direct communication
states to send secret messages using Bell basis measurement.
III. Q
UANTUM
M
UTUAL
A
UTHENTICATION
S
CHEME
B
ASED
ON
B
ELL
S
TATE
M
EASUREMENT
The previous protocols especially [32, 33] do not offer mu-
tual authentication and depend on the trusted authority to au-
thenticate the users. Without mutual authentication, the com-
municating parties have no confidence they are connected with
the trusted authority. Therefore, attacks such as replay and man-
in-the-middle are possible. In our proposed protocol, we secure
the registration process by mutual authentication. Also, renews
the secret key after each use by distributing a new secret key
after each successful authentication.
A. Mutual Authentication and Registration:
Consider a network of users
where is the user identi-
fication number
∈={
,
,…,
} . Each user shares a
secret key
∈={
,
,…,
} of size 2 where
={
+
} with the trusted user Trent. We assume
that the key exchange occurred during the setup of each user in
the network. If Alice wishes to communicate with Bob, then she
contacts Trent who knows every user in the network. At the be-
ginning, Trent and Alice need to build mutual authentication by
identification and verification of each’s identity. They use the
shared secret key
={
+
} to derive the encoding
bases
={
+
} from the bases
={|0〉,|1〉}
and the bases
={|+〉,|−〉}. For each bit in the secret key,
they make the bits “0” and “1” correspond to bases
and
respectively. After, Trent and Alice each generate a random se-
quence
and
respectively of size, then encoded it by
the bases
. Next, Trent and Alice exchange the encoded se-
quences. So, the legitimate Trent and Alice must be able to de-
rive the decoding bases
from the secret key
then de-
code the each other’s sequence. After, they meet on the classical
channel. Trent announces Alice’s
and Alice announces
Trent’s sequence
. Trent and Alice verify their sequences
then, they continue if they received the correct sequences so that
they are mutually authenticated. If one of them received the
wrong sequence then, they abandon the channel. After that,
Trent contacts Bob and performs the same authentication pro-
cess. Trent and Bob use the shared secret key
=
{
+
} to derive the encoding bases
={
+
} . Next, Each of Trent and Bob generates a random se-
quence
and
respectively of size then, encode it by
bases
. After, Trent and Bob exchange the encoded se-
quences then meet on the classical channel to verify their se-
quences. Trent and Bob verify the sequences
and
re-
spectively then, they continue if both received the correct
sequences or they abandon the channel. If no one abandoned the
channel then, Trent and Alice, as well as Trent and Bob, are mu-
tually authenticated. Further, Trent will provide Alice and Bob
with a secret key to create a secret sequence for authenticating
before communication. Trent encodes the second part of Bob’s
secret key
by
then sends it to Alice. Also, Trent en-
codes the second part of Alice’s secret key
using
then
sends to Bob.
B. Secret Key Distribution:
Trent builds the quantum channel after he created the mutual
authentication between him and each of Alice and Bob. For each
user, Trent prepares random Bell basis:
|
Υ
()〉
={|
Υ
(1)〉
,|
Υ
(2)〉
,…,|
Υ
(L)〉
}(9)
where |Υ〉∈{|Ψ
〉,|Ψ
〉,|Φ
〉,|Φ
〉} then shares them with
the user. Also, let and be the indexes of Alice and Bob states
respectively where ==++=. Trent shares the en-
tangled pairs |Υ()〉
with Alice by keeping the first particle of
|Υ()〉
and sending the second particle |Υ()〉
to Alice. Like-
wise, Trent shares the entangled pairs
|Υ()〉
with Bob by
keeping the first particles |Υ()〉
and sending the second parti-
cle |Υ()〉
to Bob. After, Alice randomly chooses (+)/2
inconsecutive states of her entanglement with Trent
|Υ()〉
then performs Bell measurement on the state |Υ()〉
⊗
|Υ(+1)〉
. For example, if the random state is |Φ
()〉
and the state +1 is |Φ
(+1)〉
where the particles 1 and 4
belong to Trent and the particles 2 and 3 belong to Alice. Then,
Bell measurement on |Φ
〉
⊗|Φ
〉
will give one result of
{|Φ
〉
|Φ
〉
} , {|Φ
〉
|Φ
〉
} , {|Ψ
〉
|Ψ
〉
} , or
|Ψ
〉
|Ψ
〉
each occurs with a probability of1/4 . If Alice
finds the state |Ψ
〉
then the state Trent holds should be
|Ψ
〉
. All the possible outcomes of Bell measurement when
the state equals to Bell state |Φ
〉
are:
Φ
⊗Φ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(10)
Φ
⊗Φ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(11)
Φ
⊗Ψ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(12)
Φ
⊗Ψ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(13)
If the state equals to |Φ
〉
, then all the possible outcomes of
Bell measurement are:
Φ
⊗Φ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(14)
Φ
⊗Ψ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(15)
Φ
⊗Φ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(16)
Φ
⊗Ψ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(17)
If the state equals to |Ψ
〉
, then all the possible outcomes of
Bell measurement are:
Ψ
⊗Ψ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(18)
Ψ
⊗Ψ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(19)
Ψ
⊗Φ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(20)
Ψ
⊗Φ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(21)
If the state equals to |Ψ
〉
, then all the possible outcomes of
Bell measurement are:
Ψ
⊗Ψ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(22)
Ψ
⊗Ψ
=Φ
Φ
,Φ
Φ
,Ψ
Ψ
,Ψ
Ψ
(23)
Ψ
⊗Φ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(24)
Ψ
⊗Φ
=Φ
Ψ
,Φ
Ψ
,Ψ
Φ
,Ψ
Φ
(25)
For each measurement result, Alice will represent the states |Φ〉
and |Ψ〉 by the bits "0" and "1" respectively. In the same man-
ner, she represents the phase of the states "+" and "−" by the
bits "0" and"1" respectively Fig. 1. For error detection, Alice
meets with Trent on the classical channel to inform him of the
/2 chosen pairs and the measurement result of each pair. Trent
verifies if the results Alice obtained satisfy Bell state measure-
ment for the chosen /2 pairs. If Trent finds the results do not
satisfy Bell measurement then, the channel is compromised and
they abandon the channel. However, if the results satisfy Bell
measurement for entanglement swapping then, Trent and Alice
represent the remaining /2 pairs in bits and consider them as
an initial secret key .
Fig. 1. The representation of the states using classical bits.
Let consider an attacker (Eve) listens to the classical channel
and gains some information about the initial secret key. Then
another level of security is needed to reduce Eve’s information.
Therefore, Trent and Alice apply privacy amplification to derive
a secret key with a low correlation to the initial key. We assume
that every user shares with Trent a family of universal hash func-
tion [35] with a uniform distribution of hash functions
which, maps bits input to bits output . Also, if {
,
}∈
and is randomly selected then, (
)=(
) with proba-
bility of 1/|| . Trent selects a hash function ∈ then in-
forms Alice through the classical channel which hash function
was selected. After, Trent and Alice feed the initial secret key
into the hash function to obtain the final secret key ()=
.
Similarly, Trent follows the same process of verification and key
distribution with Bob to obtain a new secret key
.
C. Communication:
Trent reorders the remaining entangled pairs between him
and Alice:
|
Υ
()〉
={|
Υ
(1)〉
,|
Υ
(2)〉
,…,|
Υ
()〉
}(26)
and the remaining entangled pairs between him and Bob:
|
Υ
(
)〉
={|
Υ
(1)〉
,|
Υ
(2)〉
,…,|
Υ
()〉
}(27)
Then, Trent performs entanglements swapping to create entan-
glement state between Alice and Bob. Trent performs entangle-
ment swapping process using |Υ()〉
⊗|Υ()〉
. For exam-
ple if the entangled state between Trent and Alice is |Υ()〉
=
|Φ
〉
and the entangled state between Trent and Bob is
|Υ()〉
=|Φ
〉
then |Φ
()〉
⊗|Φ
()〉
is as fol-
lows:
=|0
|0
+|1
|1
√
2⊗|0
|0
+|1
|1
√
2(28)
=1
2|0
|0
(|0
|0
+|1
|1
)
+|1
|1
(|0
|0
+|1
|1
)(29)
Trent applies CNOT gate on using the forst as the control
and the second as the target:
=1
2|0
|0
(|0
|0
+|1
|1
)
+|1
|1
(|1
|0
+|0
|1
)(30)
Trent apples the Hadamard gate on the first :
=1
2
√
2(|0
+|1
)|0
(|0
|0
+|1
|1
)
+(|0
−|1
)|1
(|1
|0
+|0
|1
)(31)
Rearranging and combining :
=1
2
√
2|00
|0
|0
+|1
|1
|01
|0
|1
+|1
|0
|10
|0
|0
−|1
|1
|11
|0
|1
−|1
|0
(32)
Trent informs Alice and Bob about which state they share using
two classical bits. Therefore, Alice and Bob will have their and
states respectively entangled in one of Bell states each occur-
ring with probability of 1/4.
|Ψ
(,
)
=1
√
2(|0
|1
−|1
|0
)(33)
|Ψ
(,
)
=1
√
2(|0
|1
+|1
|0
)(34)
|Φ
(,
)
=1
√
2(|0
|0
−|1
|1
)(35)
|Φ
(,
)
=1
√
2(|0
|0
+|1
|1
)(36)
Alice and Bob use their entangled pairs to communicate us-
ing quantum communication protocols such as teleportation,
Ekert 91, or remote state preparation. Alice and Bob make final
authentication to make sure that each party is the same party,
Trent authenticated in the first process. They use the secret
key
and
which, Trent distributed to Bob and Alice re-
spectively. Each party derives the encoding basis, then creates
and exchanges a secret sequence. After, Alice and Bob meet on
the classical channel to verify each other’s sequence. The legiti-
mate Alice and Bob should be able to decode and verify their
identity. If one of them cannot decode the sequence and verify
their identity, then they cannot trust each other and abandon the
channel. However, if they are the legitimate Alice and Bob then,
they will be able to decode the sequences and have mutual au-
thentication. So, Alice and Bob are authenticated to each other’s
and able to start the communication using the entanglement-as-
sisted quantum communication protocols.
IV. S
ECURITY
A
NALYSIS AND
D
ISCUSSION
Mutual authentication requires the communicating parties to
build confidence about the identity of each other’s by identifica-
tion and verification. For comparison, the quantum authentica-
tion protocol in [33] does not authenticate Trent to the communi-
cating parties Alice and Bob. The protocol assumes that Trent
and each party share a secret, which then used by Trent to derive
basis to encode a challenging sequence. Trent sends the encoded
sequence and asks each party to decode it after deriving the de-
coding basis from their shared secret key with him. They retrieve
the correct sequence then send the result to Trent to decide if
they are the legitimate users or not. However, an attacker (Eve)
can masquerades Trent without being detected by Alice and Bob
because Trent uses the quantum channel to send encoded se-
quence and Alice and Bob use the classical channel to verify
their identity. For example, Eve can intercept the communica-
tion between Alice and Trent then forge a verification process.
Eve generates random secret key
then derives encoding ba-
sis
. After, Eve creates the sequence
then, sends it to Al-
ice. Using the secret key
, Alice derives the basis
then
tries to decode the sequence
. Without identity verification
of the source of the sequence, Alice will send the result to Trent.
However, Eve can intercept the communication from reaching
Trent then continues with Bob because Trent is the only one per-
forms the authentication. Even if Alice requests acknowledge-
ment from Trent then, without authentication, Eve can perform
the replay attack. Therefore, Alice and Bob also need to authen-
ticate the identity of Trent at the initial communication. Alice
and Bob each creates a sequence using the shared secret key with
Trent then ask him to verify the sequence on the classical chan-
nel. Thus, Alice and Bob require Trent to verify himself and pass
the verification step to be as well authenticated. If the mutual
authentication succeeds then, Alice and Bob with high confi-
dence can continue communicating with Trent because they
have mutual authentication. If not, they abandon the channel. In
our protocol, consider Eve tries to perform the replay attack. Us-
ing the passive attack on the classical channel, Eve could capture
acknowledgements and use them later. However, the shared se-
cret key in our protocol changes after each authentication pro-
cess. Thus, each secret key is used once and the replay attack
cannot be effective.
Let us consider the intercept/send attack against the authen-
tication and key distribution process. If Eve intercepts the entan-
gled pairs sent from Trent to Alice then, creates entanglement
and share with Alice. So, Trent and Eve share |Υ()〉
. Also,
Eve and Alice share |Υ()〉
. Alice chooses random pairs then,
performs Bell measurement to obtain an outcome with a proba-
bility of 1/4 for each measurement as in Bell measurement out-
comes (10-25). Similarly, Eve measures random pairs from the
shared entanglement with Trent to obtain an outcome for each
measurement with a probability of 1/4. When Alice meets Trent
on the classical channel to inform him of the chosen pairs and
their measurement results, Alice will not be able to provide the
correct measurement because there is no correlation between
their pairs. Therefore, each measurement result of Alice and
Trent will have success probability of 1/16. As a result, Trent
and Alice with high probability can detect the presence of Eve
on the channel.
V. C
ONCLUSION
We presented a quantum mutual authentication protocol
based on Bell state measurement and entanglement swapping. A
trusted authority authenticates untrusted to each other users then
creates an entanglement-based quantum communication chan-
nel. Using the prior shared secret key with each user, the trusted
authority mutually authenticates each user then builds the quan-
tum channel. In addition, the protocol renews the secret key
shared with the trusted authority after each authentication pro-
cess. The protocol successfully creates Bell states between par-
ties who their particles did not interact with each other’s before.
Then, they use their Bell states to communicate by quantum en-
tanglement communication protocols.
VI. R
EFERENCES
[1] C. H. Bennett and G. Brassard, "Quantum cryptography: Public key
distribution and coin tossing," in Proceedings of IEEE International
Conference on Computers, Systems and Signal Processing, 1984, p. 8.
[2] A. Karlsson, M. Koashi, and N. Imoto, "Quantum entanglement for secret
sharing and secret splitting," Physical Review A, vol. 59, p. 162, 1999.
[3] L. Xiao, G. L. Long, F.-G. Deng, and J.-W. Pan, "Efficient multiparty
quantum-secret-sharing schemes," Physical Review A, vol. 69, p. 052307,
2004.
[4] Z.-j. Zhang, Y. Li, and Z.-x. Man, "Multiparty quantum secret sharing,"
Physical Review A, vol. 71, p. 044301, 2005.
[5] M. Hillery, V. Bužek, and A. Berthiaume, "Quantum secret sharing,"
Physical Review A, vol. 59, p. 1829, 1999.
[6] Z.-j. Zhang, G. Gao, X. Wang, L.-f. Han, and S.-h. Shi, "Multiparty
quantum secret sharing based on the improved Boström–Felbinger
protocol," Optics communications, vol. 269, pp. 418-422, 2007.
[7] P. Zhou, X.-H. Li, Y.-J. Liang, F.-G. Deng, and H.-Y. Zhou, "Multiparty
quantum secret sharing with pure entangled states and decoy photons,"
Physica A: Statistical Mechanics and its Applications, vol. 381, pp. 164-
169, 2007.
[8] Y. Sun, Q.-y. Wen, F. Gao, X.-b. Chen, and F.-c. Zhu, "Multiparty
quantum secret sharing based on Bell measurement," Optics
Communications, vol. 282, pp. 3647-3651, 2009.
[9] C. Qing-Yu and L. Bai-Wen, "Deterministic secure communication
without using entanglement," Chinese Physics Letters, vol. 21, p. 601,
2004.
[10] K. Boström and T. Felbinger, "Deterministic secure direct communication
using entanglement," Physical Review Letters, vol. 89, p. 187902, 2002.
[11] F.-G. Deng and G. L. Long, "Secure direct communication with a
quantum one-time pad," Physical Review A, vol. 69, p. 052319, 2004.
[12] A. Beige, B. G. Englert, C. Kurtsiefer, and H. Weinfurter, "Secure
communication with a publicly known key," Acta Physica Polonica A,
vol. 101, pp. 357-368, 2002.
[13] H. Lee, J. Lim, and H. Yang, "Quantum direct communication with
authentication," Physical Review A, vol. 73, p. 042305, 2006.
[14] Q.-Y. Cai and B.-W. Li, "Improving the capacity of the Boström-
Felbinger protocol," Physical Review A, vol. 69, p. 054301, 2004.
[15] T. Mihara, "Quantum identification schemes with entanglements,"
Physical review A, vol. 65, p. 052326, 2002.
[16] M. Dušek, O. Haderka, M. Hendrych, and R. Myška, "Quantum
identification system," Physical Review A, vol. 60, p. 149, 1999.
[17] Z. Zhang, G. Zeng, N. Zhou, and J. Xiong, "Quantum identity
authentication based on ping-pong technique for photons," Physics
Letters A, vol. 356, pp. 199-205, 2006.
[18] X. Zhang, "One-way quantum identity authentication based on public
key," Chinese Science Bulletin, vol. 54, pp. 2018-2021, 2009.
[19] Y. Yang, Q. Wen, and X. Zhang, "Multiparty simultaneous quantum
identity authentication with secret sharing," Science in China Series G:
Physics, Mechanics and Astronomy, vol. 51, pp. 321-327, 2008.
[20] C.-H. Yu, G.-D. Guo, and S. Lin, "Quantum secure direct communication
with authentication using two nonorthogonal states," International
Journal of Theoretical Physics, vol. 52, pp. 1937-1945, 2013.
[21] G. Zeng and W. Zhang, "Identity verification in quantum key
distribution," Physical Review A, vol. 61, p. 022303, 2000.
[22] A. K. Ekert, "Quantum cryptography based on Bell's theorem," Phys Rev
Lett, vol. 67, pp. 661-663, Aug 5 1991.
[23] M. Zukowski, A. Zeilinger, M. Horne, and A. Ekert, "" Event-ready-
detectors" Bell experiment via entanglement swapping," Physical Review
Letters, vol. 71, pp. 4287-4290, 1993.
[24] L. Hardy and D. D. Song, "Entanglement-swapping chains for general
pure states," Physical Review A, vol. 62, p. 052315, 2000.
[25] S. Bose, V. Vedral, and P. L. Knight, "Multiparticle generalization of
entanglement swapping," Physical Review A, vol. 57, p. 822, 1998.
[26] A. Cabello, "Quantum key distribution in the Holevo limit," Phys Rev
Lett, vol. 85, pp. 5635-8, Dec 25 2000.
[27] D. Song, "Secure key distribution by swapping quantum entanglement,"
Physical Review A, vol. 69, p. 034301, 2004.
[28] C. Li, H.-S. Song, L. Zhou, and C.-F. Wu, "A random quantum key
distribution achieved by using Bell states," Journal of Optics B: Quantum
and Semiclassical Optics, vol. 5, p. 155, 2003.
[29] G. Gao, "Quantum key distribution by swapping the entanglement of χ-
type state," Physica Scripta, vol. 81, p. 065005, 2010.
[30] N. Zhou, L. Wang, L. Gong, X. Zuo, and Y. Liu, "Quantum deterministic
key distribution protocols based on teleportation and entanglement
swapping," Optics Communications, vol. 284, pp. 4836-4842, 2011.
[31] Y. Yu-Guang and W. Qiao-Yan, "Economical multiparty simultaneous
quantum identity authentication based on Greenberger–Horne–Zeilinger
states," Chinese Physics B, vol. 18, 2009.
[32] N. Penghao, C. Yuan, and L. Chong, "Quantum Authentication Scheme
Based on Entanglement Swapping," International Journal of Theoretical
Physics, pp. 1-11, 2015.
[33] M. Naseri, "Revisiting Quantum Authentication Scheme Based on
Entanglement Swapping," International Journal of Theoretical Physics,
pp. 1-8, 2015.
[34] D. Shen, W. Ma, X. Yin, and X. Li, "Quantum dialogue with
authentication based on Bell states," International Journal of Theoretical
Physics, vol. 52, pp. 1825-1835, 2013.
[35] J. L. Carter and M. N. Wegman, "Universal classes of hash functions," in
Proceedings of the ninth annual ACM symposium on Theory of
computing, 1977, pp. 106-112.