GHZ-based Quantum Anonymous Transmission: Difference between revisions

Line 39: Line 39:


==Properties==
==Properties==
The protocol-
See [[Quantum Anonymous Transmission]] for the precise security definition. [[GHZ State based Quantum Anonymous Transmission#Pseudocode|Pseudocode]] implements secure anonymous transmission, i.e. it hides the identities of the sender and the receiver from other nodes in the network. That is, the maximum probability that adversaries guess the identity of <math>S</math> or <math>R</math> given all the classical and quantum information they have available at the end of the protocol is no larger than the uncertainty the adversaries have about the identities of <math>S</math> and <math>R</math> before the protocol begins. More formally, the anonymous transmission protocol with the GHZ state, [[GHZ State based Quantum Anonymous Transmission#Pseudocode|Pseudocode]], is sender- and receiver-secure:
* solves the problem in <math>O(1)</math> expected number of rounds, in particular independent of <math>n</math> and <math>t</math>, whereas classically a lower bound of <math>\Omega(\sqrt{n / \log(n)})</math> is known [[Quantum Byzantine Agreement#References|(3), (6)]];
<math>P_{\tn{guess}}[S|C,S\notin \mathcal{A}] \leq \max_{i\in[N]} P[S=i|S\notin \mathcal{A}] = \frac{1}{n-t},</math></br>
* tolerates <math>t \leq n/3</math> (synchronous) or <math>t \leq n/4</math> (asynchronous) Byzantine failures;
<math>P_{\tn{guess}}[R|C,S\notin \mathcal{A}] \leq \max_{i\in[N]} P[R=i|S\notin \mathcal{A}] = \frac{1}{n-t},</math>
* reaches ''agreement'' (each player outputs the same bit) under the ''validity'' condition (the agreement value was proposed by at least one player) and is guaranteed to ''terminate eventually'' (infinite executions occur almost never - i.e. have probability measure zero).
where <math>\mathcal{A}</math> is the subset of <math>t</math> adversaries among <math>N</math> nodes and <math>C</math> is the register that contains all classical and quantum side information accessible to the adversaries. Note that this implies that the protocol is also traceless, since even if the adversary hijacks any <math>t\leq N-2</math> players and gains access to all of their classical and quantum information after the end of the protocol, she cannot learn the identities of <math>S</math> and <math>R</math>. For a formal argument see .


==Pseudo Code==
==Pseudo Code==
Write, autoreview, editor, reviewer
3,129

edits