Anonymous Conference Key Agreement using GHZ states: Difference between revisions
No edit summary |
(Created page for Anonymous QCKA) |
||
Line 5: | Line 5: | ||
<!--Tags: related pages or category --> | <!--Tags: related pages or category --> | ||
'''Tags:''' [[:Category: Multi Party Protocols|Multi Party Protocols]], [[:Category: Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]], [[:Category: Specific Task|Specific Task]] | |||
==Assumptions== | ==Assumptions== | ||
<!-- It describes the setting in which the protocol will be successful. --> | <!-- It describes the setting in which the protocol will be successful. --> | ||
We require the following for this protocol: | We require the following resources for this protocol: | ||
# A source of n-party GHZ states | # A source of n-party GHZ states | ||
# Private randomness sources | # Private randomness sources | ||
Line 25: | Line 26: | ||
==Notation== | ==Notation== | ||
<!-- Connects the non-mathematical outline with further sections. --> | <!-- Connects the non-mathematical outline with further sections. --> | ||
*<math>n</math>: Total number of nodes in the network | |||
*<math>m</math>: Number of receiving nodes | |||
*<math>L</math>: Number of GHZ states used | |||
*<math>D</math>: Security parameter; expected number of GHZ states used to establish one bit of key | |||
*<math>k</math>-partite GHZ state: <math>\frac{1}{\sqrt{2}}(|0\rangle^{\otimes k} + |1\rangle^{\otimes k})</math> | |||
<!-- ==Knowledge Graph== --> | <!-- ==Knowledge Graph== --> | ||
<!-- Add this part if the protocol is already in the graph --> | <!-- Add this part if the protocol is already in the graph --> | ||
Line 85: | Line 94: | ||
# V resets her bit such that <math>\sum_ib_i = 0 (</math>mod <math>2)</math>. She measures in the X or Y basis if her bit equals 0 or 1 respectively, thereby also resetting her <math>m_i = m_v</math> | # V resets her bit such that <math>\sum_ib_i = 0 (</math>mod <math>2)</math>. She measures in the X or Y basis if her bit equals 0 or 1 respectively, thereby also resetting her <math>m_i = m_v</math> | ||
# V accepts the state if and only if <math>\sum_im_i = \frac{1}{2}\sum_ib_i (</math>mod <math>2)</math> | # V accepts the state if and only if <math>\sum_im_i = \frac{1}{2}\sum_ib_i (</math>mod <math>2)</math> | ||
==Properties== | ==Properties== | ||
<!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | <!-- important information on the protocol: parameters (threshold values), security claim, success probability... --> | ||
* Protocol 1 has an asymptotic key rate of <math>\frac{L}{D}</math> | |||
* This protocol satisfies the following notions of anonymity: | |||
< | ** '''Sender Anonymity''': A protocol allows a sender to remain anonymous sending a message to <math>m</math> receivers, if an adversary who corrupts <math>t \leq n-2 </math> players, cannot guess the identity of the sender with probability higher than <math> \frac{1}{n-t}</math> | ||
** '''Receiver Anonymity''': A protocol allows a receiver to remain anonymous receiving a message, if an adversary who corrupts <math>t \leq n-2 </math> players, cannot guess the identity of the receiver with probability higher than <math> \frac{1}{n-t}</math> | |||
* Error correction and privacy amplification must be carried out anonymously and are not considered in the analysis of this protocol. | |||
==References== | ==References== | ||
* The protocols and their security analysis, along with an experimental implementation for <math>n = 4</math> can be found in [https://arxiv.org/abs/2007.07995 Hahn et al.(2020)] |
Revision as of 20:33, 11 January 2022
This example protocol achieves the functionality of quantum conference key agreement. This protocol allows multiple parties in a quantum network to establish a shared secret key anonymously.
Tags: Multi Party Protocols, Quantum Enhanced Classical Functionality, Specific Task
Assumptions
We require the following resources for this protocol:
- A source of n-party GHZ states
- Private randomness sources
- A randomness source that is not associated with any party
- A classical broadcasting channel
- Pairwise private communication channels
Outline
- First, the sender notifies each receiver in the network anonymously
- The entanglement source generates and distributes sufficient GHZ states to all nodes in the network
- The GHZ states are distilled to establish multipartite entanglement shared only by the participating parties (the sender and receivers)
- Each GHZ state is randomly chosen to be used for either Verification or Key Generation. For Key Generation rounds, a single bit of the key is established using one GHZ state by measuring in the Z-basis
- If the sender is content with the Verification results, they can anonymously validate the protocol and conclude that the key has been established successfully.
Notation
- : Total number of nodes in the network
- : Number of receiving nodes
- : Number of GHZ states used
- : Security parameter; expected number of GHZ states used to establish one bit of key
- -partite GHZ state:
Protocol Description
Protocol 1: Anonymous Verifiable Conference Key Agreement
Input: Parameters and
Requirements: A source of n-party GHZ states; private randomness sources; a randomness source that is not associated with any party; a classical broadcasting channel; pairwise private communication channels
Goal: Anonymoous generation of key between sender and receivers
- The sender notifies the receivers by running the Notification protocol
- The source generates and shares GHZ states
- The parties run the Anonymous Multipartite Entanglement protocol on the GHZ states
- For each -partite GHZ state, the parties do the following:
- They ask a source of randomness to broadcast a bit such that Pr
- Verification round: If b = 0, the sender runs Verification as verifier on the state corresponding to that round, while only considering the announcements of the receivers. The remaining parties announce random values.
- KeyGen round: If b = 1, the sender and receivers measure in the Z-basis.
- If the sender is content with the checks of the Verification protocol, they can anonymously validate the protocol
Protocol 2: Notification
Input: Sender's choice of receivers
Goal: The receivers get notified
Requirements: Private pairwise classical communication channels and randomness sources
For agent :
- All agents do the following:
- When agent is the sender: If is not a receiver, the sender chooses random bits such that . Otherwise, if is a receiver, the sender chooses random bits such that . The sender sends bit to agent
- When agent is not the sender: The agent chooses random bits such that and sends bit to agent
- All agents receive , and compute and send it to agent
- Agent takes the received to compute . If , they are thereby notified to be a designated receiver.
Protocol 3: Anonymous Multiparty Entanglement
Input: -partite GHZ state
Output: -partite GHZ state shared between the sender and receivers
Requirements: A broadcast channel; private randomness sources
- Sender and receivers draw a random bit each. Everyone else measures their qubits in the X-basis, yielding a measurement outcome bit
- All parties broadcast their bits in a random order, or if possible, simultaneously.
- The sender applies a Z gate to their qubit if the parity of the non-participating parties' bits is odd.
Protocol 4: Verification
Input: A verifier V; a shared state between parties
Goal: Verification or rejection of the shared state as the GHZ state by V
Requirements: Private randomness sources; a classical broadcasting channel
- Everyone but V draws a random bit and measures in the X or Y basis if their bit equals 0 or 1 respectively, obtaining a measurement outcome . V chooses both bits at random
- Everyone (including V) broadcasts
- V resets her bit such that mod . She measures in the X or Y basis if her bit equals 0 or 1 respectively, thereby also resetting her
- V accepts the state if and only if mod
Properties
- Protocol 1 has an asymptotic key rate of
- This protocol satisfies the following notions of anonymity:
- Sender Anonymity: A protocol allows a sender to remain anonymous sending a message to receivers, if an adversary who corrupts players, cannot guess the identity of the sender with probability higher than
- Receiver Anonymity: A protocol allows a receiver to remain anonymous receiving a message, if an adversary who corrupts players, cannot guess the identity of the receiver with probability higher than
- Error correction and privacy amplification must be carried out anonymously and are not considered in the analysis of this protocol.
References
- The protocols and their security analysis, along with an experimental implementation for can be found in Hahn et al.(2020)