Multipartite Entanglement Verification

This example protocol implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn't assume that the source of the state nor the parties (except one) are trusted.

It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)

Tags: Entanglement Verification, Multi Party Protocols, GHZ state

Assumptions

• Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
• Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.

Outline

This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:

• Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
• Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.

Notation

• ${\displaystyle n}$: Number of parties
• ${\displaystyle v}$: Identifier of the Verifier
• ${\displaystyle \{\pi _{i}\}_{i=1}^{n}}$: Protocol of each party, ${\displaystyle \pi _{V}}$: Protocol of the verifier, ${\displaystyle \pi _{S}}$: Protocol of the source
• ${\displaystyle SG_{n}}$: n-qubit State Generation resource
• ${\displaystyle \{\theta _{i}\}_{i=1}^{n}}$: Angles sent from the Verifier to each party i (indication for the measurement to perform)
• ${\displaystyle \{|+_{\theta _{i}}\rangle ,|-_{\theta _{i}}\rangle \}=\{{\frac {1}{\sqrt {2}}}(|0\rangle +e^{i\theta _{i}}|1\rangle ),{\frac {1}{\sqrt {2}}}(|0\rangle -e^{i\theta _{i}}|1\rangle )\}}$: Rotated measurement basis for the parties.
• ${\displaystyle \{y_{i}\}_{i=1}^{n}}$: Classical bits sent from each party i to the Verifier (outcome of the measurement)
• ${\displaystyle b}$: Outcome of the protocol

Requirements

• Network stage: quantum memory network.
• Authenticated classical channel between the parties
• Quantum channel between the source and the parties
• Ability to perform one-qubit rotation operations and one-qubit measurement at each node

Properties

• This protocol is correct meaning that if the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is ${\displaystyle b=0}$.
• The outcome of the protocol directly depends on the trace distance between the shared state ${\displaystyle |\psi \rangle }$ and the GHZ state. The output ${\displaystyle b}$ is such that

${\displaystyle b=\left\{{\begin{array}{ll}0&{\mbox{with probability }}1-{\frac {\tau ^{2}}{2}}\\1&{\mbox{with probability }}{\frac {\tau ^{2}}{2}}\end{array}}\right.}$ with ${\displaystyle \tau =\min _{U}{\mbox{TD}}(|\phi _{0}^{n}\rangle \langle \phi _{0}^{n}|,U|\psi \rangle \langle \psi |U^{\dagger })}$ and where TD is the trace distance and ${\displaystyle U}$ is a quantum operation acting on ${\displaystyle D}$ the subspace of dishonest parties involved in the protocol (ie a tensor product of an unitary operator on ${\displaystyle D}$ and the identity operator on the rest). This means that the further the shared state is from the GHZ state, the less likely the verifier is going to accept it conditioned on any quantum operation that the dishonest party can locally perform to get closer to the GHZ state.

• This protocol still works in the presence of photon losses.
• This protocol is secure for one round against any coalition of dishonest parties, including the source.
• This protocol is composably secure against a dishonest or noisy source

Pseudo Code

Protocol for the verifier ${\displaystyle \pi _{V}}$ :

Input: ${\displaystyle \{y_{i}\}_{i=1}^{n}}$, 1 qubit, v
Output: one Bit in ${\displaystyle \{0,1\}}$ and ${\displaystyle \{\theta _{i}\}_{i=1}^{n}}$
• Chose randomly angles ${\displaystyle \Theta =\{\theta _{i}\}_{i=1}^{n}}$ with ${\displaystyle \theta _{i}\in [0,\pi )}$ such that :${\displaystyle \sum _{j}\theta _{j}}$ is a multiple of ${\displaystyle \pi }$
• Upon the reception of the qubit, for ${\displaystyle i=1,...n,i\neq v}$ send ${\displaystyle \theta _{i}}$ it to party ${\displaystyle i}$ via a private classical channel resource, keep ${\displaystyle \theta _{v}}$.
• Measures the qubit in the ${\displaystyle \{|+_{\theta _{v}}\rangle ,|-_{\theta _{v}}\rangle \}}$ basis and get ${\displaystyle y_{v}}$
• Wait for the reception of all the other ${\displaystyle y_{i}}$.
• Upon the reception of all the ${\displaystyle y_{i}}$, broadcast 0 if and only if
${\displaystyle \oplus _{j}Y_{j}={\frac {1}{\pi }}\sum _{j}\theta _{j}\quad ({\bmod {2}})}$

And for each ${\displaystyle i=1,...n,i\neq v}$

Protocol for the ${\displaystyle i}$th party ${\displaystyle \pi _{i}}$ :

Input: 1 angle ${\displaystyle \theta _{i}}$, 1 qubit and v
Output: Bit ${\displaystyle y_{i}}$
• Wait for the reception of both classical and quantum inputs
• Measures the qubit in the ${\displaystyle \{|+_{\theta _{i}}\rangle ,|-_{\theta _{i}}\rangle \}}$ basis
• Send the outcome ${\displaystyle y_{i}}$ to the Verifier via the private classical channel resource .
• Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
• Further Information

This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties, Anna Pappa et al., in which the authors present an XY version of the protocol where ${\displaystyle \forall i,\theta _{i}\in \{0,1\}}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not. This is why in Experimental verification of multipartite entanglement in quantum networks, W. McCutcheon, A. Pappa et al., the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with ${\displaystyle n=4}$ parties and photonic GHZ states.

In Anonymity for practical quantum networks, Anupama Unnikrishnan et al., Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.

References

contributed by Raja Yehia