Anonymous Transmission
Functionality Description
Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender it implies that her identity remains unknown to all the other parties, whereas for the receiver it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver -- it does not aim at guaranteeing the reliability of the transmitted message.
Tags: Multi Party, Quantum Enhanced Classical Functionality, Specific Task
Protocols
- GHZ State based: Quantum Memory Network Stage
- W State based: Quantum Memory Network Stage
- Entanglement Relay: Quantum Memory Network Stage
- GHZ-based protocol is deterministic, whereas W-based protocol is probabilistic, but the W-based protocol tolerates more noise.
- Entanglement relay protocol does not require a preshared multipartite state, but it creates a 4-partite GHZ state during the protocol.
Properties
Security of a anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender or receiver given all the classical and quantum information they have available at the end of the protocol.
Guessing probability
Let be a subset of adversaries among $N$ nodes. Let $C$ be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P_{\tn{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [N]} P[S=i|S\notin \mathcal{A}] \Tr[M^i \cdot \rho_{C|S=i} ],}
where the maximization is taken over the set of POVMs for the adversaries and $\rho_{C|S=i}$ is the state of the adversaries at the end of the protocol, given that node is the sender
- Sender-security We say that an anonymous transmission protocol is \textit{sender-secure} if, given that the sender is honest, the probability of the adversary guessing the sender is
Failed to parse (unknown function "\tn"): {\displaystyle P_{\tn{guess}}[S|C,S\notin \mathcal{A}] \leq \max_{i\in[N]} P[S=i|S\notin \mathcal{A}].}
- Receiver-security We say that an anonymous transmission protocol is \textit{receiver-secure} if, given that the receiver is honest, the probability of the adversary guessing the receiver is:
Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P_{\tn{guess}}[R|C,R\notin \mathcal{A}] \leq \max_{i\in[N]} P[R=i|R\notin \mathcal{A}]}
Further Information
The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in (2). For device-independent quantum key distribution, attacks presented in (1) show that security can be compromised if the same devices are used to implement another instance of the protocol.
- PR (2014) discusses security of various QKD schemes composed in other cryptographic protocols.
- BCK (2013) Analyses device independent QKD