# Anonymous Transmission

## Functionality Description

Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender it implies that her identity remains unknown to all the other nodes, whereas for the receiver it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver -- it does not aim at guaranteeing the reliability of the transmitted message.

## Protocols

• GHZ-based protocol is deterministic, whereas W-based protocol is probabilistic, but the W-based protocol tolerates more noise.
• Verifiable GHZ-based protocol allows an imperfect or untrusted GHZ state, and involves a verification stage.
• Entanglement relay protocol does not require a pre-shared multipartite state, but it creates a 4-partite GHZ state during the protocol.

## Properties

Security of an anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender ${\displaystyle S}$ or receiver ${\displaystyle R}$ given all the classical and quantum information they have available at the end of the protocol.

• Guessing probability Let ${\displaystyle {\mathcal {A}}}$ be a subset of adversaries among ${\displaystyle n}$ nodes. Let ${\displaystyle C}$ be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by

${\displaystyle P_{\text{guess}}[S|C,S\notin {\mathcal {A}}]=\max _{\{M^{i}\}}\sum _{i\in [n]}P[S=i|S\notin {\mathcal {A}}]{\text{Tr}}[M^{i}\cdot \rho _{C|S=i}],}$
where the maximisation is taken over the set of POVMs ${\displaystyle {\{M^{i}\}}}$ for the adversaries and ${\displaystyle \rho _{C|S=i}}$ is the state of the adversaries at the end of the protocol, given that node ${\displaystyle i}$ is the sender

• Sender-security We say that an anonymous transmission protocol is sender-secure if, given that the sender is honest, the probability of the adversary guessing the sender is

${\displaystyle P_{\text{guess}}[S|C,S\notin {\mathcal {A}}]\leq \max _{i\in [n]}P[S=i|S\notin {\mathcal {A}}].}$

• Receiver-security We say that an anonymous transmission protocol is receiver-secure if, given that the receiver is honest, the probability of the adversary guessing the receiver is:

${\displaystyle P_{\text{guess}}[R|C,R\notin {\mathcal {A}}]\leq \max _{i\in [n]}P[R=i|R\notin {\mathcal {A}}]}$.

The above definitions are general and hold for any adversarial scenario, in particular for an active adversary.

## Further Information

• The definitions above guarantee information-theoretic security of the protocol when the resource states are both trusted [4], [1], [2] and not trusted [3], [5] .

## References

contributed by Victoria Lipinska