Editing Multipartite Entanglement Verification

This [https://www.nature.com/articles/ncomms13251 example protocol] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn't assume that the source of the state nor the parties (except one) are trusted.

It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission) 

'''Tags:''' [[:Category: Entanglement Verification|Entanglement Verification]], [[:Category: Multi Party Protocols|Multi Party Protocols]] [[Category: Multi Party Protocols]], GHZ state

==Assumptions==
* '''Network:''' The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
* '''Adversarial model:''': It suffices for one party to be honest. A dishonest party can be in control of the source.

==Outline==
This protocol is based on the work in [https://www.nature.com/articles/ncomms13251 W. McCutcheon, A. Pappa et al.]. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:

* '''Sharing phase:''' The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
* '''Verification phase:''' The verifier sends angles to each party that corresponds to measurement basis, using classical authenticated channels
* Each party, including the verifier, measures its qubits in the basis indicated by the received angle. 
* It then sends its outcome to the verifier.
* The Verifier checks the parity of the outcomes and broadcast if the shared state was a GHZ state.

==Notation==
* <math>n</math>: Number of parties
* <math>v</math>: identifier of the Verifier
* <math>\{\pi_i\}_{i=1}^n</math>: protocol of each party, <math>\pi_V</math>: Protocol of the verifier, <math>\pi_S</math>: Protocol of the source
* <math>SG_n</math>: n-qubit State Generation resource
* <math>\{\theta_i\}_{i=1}^n</math>: Angles sent from the Verifier to each party i (indication for the measurement to perform)
* <math> \{|+_{\theta_{i}}\rangle,|-_{\theta_{i}}\rangle\} = \{\frac{1}{\sqrt{2}}(|0\rangle + e^{i\theta_{i}}|1\rangle), \frac{1}{\sqrt{2}}(|0\rangle - e^{i\theta_{i}}|1\rangle)\} </math>: Rotated measurement basis for the parties.
* <math>\{y_i\}_{i=1}^n</math>: classical bits sent from each party i to the Verifier (outcome of the measurement)
* <math>b</math>: outcome of the protocol

==Requirements==
* Network stage: quantum memory network.
* Authenticated  classical channel between the parties
* Quantum channel between the source and the parties
* Ability to perform one-qubit rotation operations and  one-qubit measurement at each node

==Properties==
* This protocol is correct meaning that if the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is <math>b=0</math>.
* The outcome of the protocol directly depends on the trace distance between the shared state <math>|\psi\rangle</math> and the GHZ state. The output <math>b</math> is such that 
<math>
    b = \left\{
    \begin{array}{ll}
        0 & \mbox{with probability } 1 - \frac{\tau^{2}}{2} \\
        1 & \mbox{with probability } \frac{\tau^{2}}{2}
         
    \end{array}
    \right.
</math>
with 
<math>
    \tau=\min_{U}\mbox{TD}(|\phi_{0}^{n} \rangle\langle \phi_{0}^{n}|, U|\psi \rangle \langle \psi | U^{\dagger} )
</math>
and where TD is the trace distance and <math>U</math> is a quantum operation acting on <math>D</math> the subspace of dishonest parties involved in the protocol (ie a tensor product of an  unitary operator on <math>D</math> and the identity operator on the rest).

* This protocol still works in the presence of photon losses.
* This protocol is composably secure meaning that it can be used as a subroutine in a bigger protocol. A direct application of this protocol is to perform it sequentially many times with a source sending state at each round and to randomly use the shared state at some point if the protocol has output 0 at each round. We then are sure up to a certain threshold that the shared state is a GHZ state.

==Pseudo Code==
'''Protocol for the verifier <math>\pi_{V}</math> : '''

:'''Input''':  <math>\{y_{i}\}_{i=1}^{n}</math>, 1 qubit, v 

:'''Output''':  one Bit in <math>\{0,1\}</math> and <math>\{\theta_i\}_{i=1}^{n}</math>
:* Chose randomly angles <math>\Theta=\{\theta_{i}\}_{i=1}^{n}</math> with <math>\theta_{i}\in[0,\pi)</math> such that :<math>\sum_{j} \theta_{j}</math> is a multiple of <math>\pi</math>
:* Upon the reception of the qubit, for <math>i=1,...n, i \neq v</math> send  <math>\theta_{i}</math> it to party <math>i</math> via a private classical channel resource, keep <math>\theta_{v}</math>.
:* Measures the qubit in the <math>\{|+_{\theta_{v}}\rangle,|-_{\theta_{v}}\rangle\}</math> basis and get <math>y_{v}</math>
:* Wait for the reception of all the other <math>y_{i}</math>.
:* Upon the reception of all the <math>y_{i}</math>, broadcast 0 if and only if 
:<math>
    \oplus_{j} Y_{j}=\frac{1}{\pi} \sum_{j} \theta_{j} \quad(\bmod 2)
</math>

And for each <math>i=1,...n, i \neq v</math>

'''Protocol for the <math>i</math>th party <math>\pi_{i}</math> : '''

:'''Input:'''  1 angle <math>\theta_{i}</math>, 1 qubit and v

:'''Output:''' Bit <math>y_{i}</math>
:* Wait for the reception of both classical and quantum inputs
:* Measures the qubit in the <math>\{|+_{\theta_{i}}\rangle,|-_{\theta_{i}}\rangle\}</math>  basis 
:* Send the outcome <math>y_{i}</math> to the Verifier via the private classical channel resource .

<li style="display: inline-block;"> [[File:ConcreteResourceThetaMEV.jpg|frame|400px|Abstract Cryptography figure for the MEV protocol. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used.]]</li>

==Further Information==
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties, ''Anna Pappa et al.'', in which the authors present a version of the protocol where <math>\forall i, \theta_i \in\{0,1\}</math> called the XY protocol. It appeared that this XY version is no longer secure when a certain photon loss rate is tolerated. This is why in Experimental verification of multipartite entanglement in quantum networks, ''W. McCutcheon, A. Pappa et al.'', the authors present the current version of the protocol and they experimentally perform the verification protocol with <math>n=4</math> parties and photonic GHZ states.

In Anonymity for practical quantum networks, ''Anupama Unnikrishnan et al.'', Authors use this verification protocol as a subroutine allowing to be certain to have a GHZ state shared among the parties when they perform an anonymous transmission protocol.

== References == 
* [https://arxiv.org/abs/1112.5064 Multipartite Entanglement Verification Resistant against Dishonest Parties, Anna Pappa et al., 2012]
* [https://www.nature.com/articles/ncomms13251 Experimental verification of multipartite entanglement in quantum networks, W. McCutcheon, A. Pappa et al., 2016]
* [https://arxiv.org/abs/1811.04729 Anonymity for practical quantum networks, Anupama Unnikrishnan et al., 2018]


<div style='text-align: right;'>''contributed by Raja Yehia''</div>