# Uncloneable Encryption

This example protocol achieves the task of Unclonable Encryption in which the sender sends classical message encoded using quantum states to the receiver. An eavesdropper can neither decrypt the message without the key nor can he copy the encrypted message for later decoding without getting caught.

## Contents

## Assumptions[edit]

- Classical authenticated channels are available between sender and receiver.

## Outline[edit]

The protocol requires a pre-shared set of four keys that are partially consumed in the protocol and that can be regenerated by using the protocol itself.

### Encoding phase:[edit]

The message is divided into parts (registers). A polynomial of degree equal to the number of parts is defined with the value of the registers as its coefficients. The constant term is chosen such that the first key value is a root of the polynomial. The string formed by coefficients of the polynomial is then XORed with the second key value. This classical pre-processing step is reminiscent to Shamir Secret Sharing scheme.

Both codes are then used in conjunction with the obtained string to pick a string to encode the pre-processed string such that the first one offers error protection against noise in the channel and the second one for privacy amplification.

The obtained classical string is then encoded in the computational or Hadamard basis according to the corresponding bit in the fourth key value and sent to the receiver.

### Decoding phase:[edit]

Upon receiving the qubits, they are measured in the computational or Hadamard basis according to the corresponding bit in the fourth key value.

Calculate the parity checks of the first classical code. If they are not equal to the third shared key value, there are errors in the state, which can be corrected using the standard decoding map. Evaluate the parity checks of , producing another string.

The string obtained is XORed with the second key value and used as coefficients of a polynomial. The polynomial is then evaluated at the first key value and if it gives zero, the message is accepted. It is rejected otherwise.

## Notation[edit]

- : Bit length of the message.
- : Number of registers of size the message is divided into.
- : Bit length of each register the message is divided into.
- : Random key of length .
- : Value of the register for
- : Random key of length .
- : Random key for selecting the coset from .
- : Classical linear code for correcting bit flip errors.
- : Classical linear code for performing privacy amplification.
- : XORed product of and s.
- : Random string from the coset selected from .
- : Bit length of .
- : Random key of length .

## Requirements[edit]

**Network stage**: Prepare and measure.

- A classical linear code for correcting bit-flip errors.
- A classical linear code for performing privacy amplification.
- Basic state preparation and measurement devices.
- A classical and a quantum channel between the sender and the receiver.

## Properties[edit]

- It uses up more than twice as much key as a classical one-time pad but the key can be partially reused upon successful transmission. The scheme can also be used to regenerate the keys itself.
- The protocol can be used for QKD with some slight modifications.

## Protocol Description[edit]

Pre-shared key is established.

### Encoding:[edit]

- Divide the -bit message into groups of bits.
- Define a polynomial of degree whose first coefficients are the registers of the -bit message.
- The constant term, , is chosen such that .
- XOR the string with , producing a new classical string of length bits.
- Consider the particular coset of the classical error-correcting code given by the syndrome .
- Pick the string at random so that its coset of in the coset of corresponds to
- Transmit qubits after operations based on b such that:
- When the bit of is , transmit the bit of in the computational basis.
- When the bit of is , transmit the bit of in the Hadamard basis.

### Decoding:[edit]

- Upon receiving the qubits, measure in the computational basis if the bit of is , else in the Hadamard basis the bit of is , to get .
- Calculate the parity checks of the classical code . If they are not equal to the string , there are errors in the state, which can be corrected using the standard decoding map.
- Evaluate the parity checks of , producing a -bit string .
- XOR with , producing a new string .
- Consider the as the coefficients of a polynomial . Accept only if .

**contributed by Natansh Mathur*