Cryptanalysis of a multi-party quantum key agreement protocol with single particles

Recently, Sun et al. (Quantum Inf Process 12:3411–3420, 2013) presented an efficient multi-party quantum key agreement (QKA) protocol by employing single particles and unitary operations. The aim of this protocol is to fairly and securely negotiate a secret session key among \(N\) parties with a high qubit efficiency. In addition, the authors claimed that no participant can learn anything more than his/her prescribed output in this protocol, i.e., the sub-secret keys of the participants can be kept secret during the protocol. However, here we point out that the sub-secret of a participant in Sun et al.’s protocol can be eavesdropped by the two participants next to him/her. Moreover, a certain number of dishonest participants can fully determine the final shared key in this protocol. Finally, we discuss the factors that should be considered when designing a really fair and secure QKA protocol.     

Comment on “Proactive quantum secret sharing”

In the paper, Qin and Dai (Quantum Inf Process 14:4237–4244, 2015) proposed a proactive quantum secret sharing scheme. We study the security of the proposed scheme and find that it is not secure. In the distribution phase of the proposed scheme, two dishonest participants may collaborate to eavesdrop the secret of the dealer without introducing any error.     

Improvements on “multiparty quantum key agreement with single particles”

Recently, Liu et al. (Quantum Inf Process 12: 1797–1805, 2013) proposed a secure multiparty quantum key agreement (MQKA) protocol with single particles. Their protocol allows N parties to negotiate a secret session key in such away that (1) outside eavesdroppers cannot gain the session key without introducing any errors; (2) the session key cannot be determined by any non-trivial subset of the participants. However, the particle efficiency of their protocol is only $\frac{1}{(k+1)N(N-1)}$ . In this paper, we show that the efficiency of the MQKA protocol can be improved to $\frac{1}{N(k+1)}$ by introducing two additional unitary operations. Since, in some scenarios, the secret keys are confidential, neither party is willing to divulge any of the contents to the other. Therefore, in our protocol, no participant can learn anything more than its prescribed output, i.e., the secret keys of the participants can be kept secret during the protocol instead of being exposed to others, thus, the privacy of the protocol is also improved. Furthermore, we explicitly show the scheme is secure.     

Cryptanalysis of a multiparty quantum key agreement protocol based on commutative encryption

Recently, Sun et al. (Quantum Inf Process 15(5):2101–2111, 2016) proposed an efficient multiparty quantum key agreement protocol based on commutative encryption. The aim of this protocol is to negotiate a secret shared key among multiple parties with high qubit efficiency as well as security against inside and outside attackers. The shared key is the exclusive-OR of all participants’ secret keys. This is achieved by applying the rotation operation on encrypted photons. For retrieving the final secret key, only measurement on single states is needed. Sun et al. claimed that assuming no mutual trust between participants, the scheme is secure against participant’s attack. In this paper, we show that this is not true. In particular, we demonstrate how a malicious participant in Sun et al.’s protocol can introduce “a” final fake key to target parties of his choice. We further propose an improvement to guard against this attack.     

Multi-party quantum key agreement protocol secure against collusion attacks

The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting \(N-1\) coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants’ cooperation. Here, \(t < N\). We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.     

Cross-group secret sharing scheme for secure usage of cloud storage over different providers and regions

With the spread of the Internet, more and more data are being stored in the cloud. Here the technique of secret sharing can be naturally applied in order to provide both security and availability of the stored data, hereby reducing the risks of data leakage and data loss. The privacy property of secret sharing ensures protection against unauthorized access, while protection against data loss may be attained by distributing shares to the servers located in different regions. However, there is still a problem: If we naively employ the secret sharing technique without regarding to whom the cloud servers belong, a dishonest provider can obtain the secret data by collecting enough shares from its servers. In this scenario, there is a need to distribute shares over cloud services operated by different providers. In this paper, we propose a simple secret sharing technique, a cross-group secret sharing (CGSS), which is suitable for storing the data on cloud storage distributed over different groups—that is, different providers and regions. By combining an \(\ell \)-out-of-m threshold secret sharing scheme with a k-out-of-n threshold secret sharing scheme using a symmetric-key encryption scheme, we construct the CGSS scheme that forces k shares to be collected from \(\ell \) groups. Compared with the previous works, our scheme attains the functionality with reasonable computation. We also formalize the problem of allocating shares over different providers and regions as an optimization problem and show the design principles, which one must follow, when applying our proposal in practical settings. An experiment on real IaaS systems shows effectiveness of our proposed scheme, CGSS.     

Priority visual secret sharing of random grids for threshold access structures

Conventional (k, n)-threshold visual secret sharing of random grids (VSSRG) schemes generate n shares having the same average light transmission from a secret image to be shared, and any information related to the secret image cannot be identified externally from a single share held by one participant. In addition, the secret image can be recovered only by collecting k shares individually held by participants, and every share has the same capability of recovering the secret image. In fact, participants’ priority levels vary in certain conditions, and therefore their shares’ capabilities to recover the secret image are different. The priority-based (k, n)-threshold VSSRG scheme proposed in this study enables the assignment of different priority weights to each share to create different priority levels. During decryption, the stacking of shares with different priority levels recovers the secret image at different levels. Moreover, shares individually held by each participant have the same average light transmission, and consequently the shares’ priority levels cannot be identified externally.     

Multi-party quantum private comparison protocol with n-level entangled states

In this paper, two multi-party quantum private comparison (MQPC) protocols are proposed in distributed mode and traveling mode, respectively. Compared with the first MQPC protocol, which pays attention to compare between arbitrary two participants, our protocols focus on the comparison of equality for \(n\) participants with a more reasonable assumption of the third party. Through executing our protocols once, it is easy to get if \(n\) participants’ secrets are same or not. In addition, our protocols are proved to be secure against the attacks from both outside attackers and dishonest participants.     

Multi-party quantum private comparison protocol base on $$$$-imensional entangle states

In this paper, a novel quantum private comparison protocol with \(l\)-party and \(d\)-dimensional entangled states is proposed. In the protocol, \(l\) participants can sort their secret inputs in size, with the help of a semi-honest third party. However, if every participant wants to know the relation of size among the \(l\) secret inputs, these two-participant protocols have to be executed repeatedly \(\frac{l(l-1)}{2}\) times. Consequently, the proposed protocol needs to be executed one time. Without performing unitary operation on particles, it only need to prepare the initial entanglement states and only need to measure single particles. It is shown that the participants will not leak their private information by security analysis.     

Enhancement on ��quantum blind signature based on two-state vector formalism��

Recently, Su et?al. (Opt Comm 283:4408?C4410, 2010) proposed a quantum blind signature based on the two-state vector formalism. Their protocol is rather practical because the signer and the blind signature requester only have to perform measurement operations to complete the quantum blind signature. This study points out that a dishonest signer in their scheme can reveal the blind signature requester??s secret key and message without being detected by using Trojan horse attacks or the fake photon attack. A modified scheme is then proposed to avoid these attacks.     

Quantum secret sharing using orthogonal multiqudit entangled states

In this work, we investigate the distinguishability of orthogonal multiqudit entangled states under restricted local operations and classical communication. According to these properties, we propose a quantum secret sharing scheme to realize three types of access structures, i.e., the (n, n)-threshold, the restricted (3, n)-threshold and restricted (4, n)-threshold schemes (called LOCC-QSS scheme). All cooperating players in the restricted threshold schemes are from two disjoint groups. In the proposed protocol, the participants use the computational basis measurement and classical communication to distinguish between those orthogonal states and reconstruct the original secret. Furthermore, we also analyze the security of our scheme in four primary quantum attacks and give a simple encoding method in order to better prevent the participant conspiracy attack.     

On identification secret sharing schemes

Let be a set of participants sharing a secret from a set of secrets. A secret sharing scheme is a protocol such that any qualified subset of can determine the secret by pooling their shares, the messages which they receive, without error, whereas non-qualified subsets of cannot obtain any knowledge about the secret when they pool what they receive. In (optimal) schemes, the sizes of shared secrets depend on the sizes of shares given to the participants. Namely the former grow up exponentially as the latter increase exponentially. In this paper, instead of determining the secret, we require the qualified subsets of participants to identify the secret. This change would certainly make no difference from determining secret if no error for identification were allowed. So here we relax the requirement to identification such that an error may occur with a vanishing probability as the sizes of the secrets grow up. Under relaxed condition this changing allows us to share a set of secrets with double exponential size as the sizes of shares received by the participants exponentially grow. Thus much longer secret can be shared. On the other hand, by the continuity of Shannon entropy we have that the relaxation makes no difference for (ordinary) secret sharing schemes. We obtain the characterizations of relations of sizes of secrets and sizes of the shares for identification secret sharing schemes without and with public message. Our idea originates from Ahlswede–Dueck’s awarded work in 1989, where the identification codes via channels were introduced.     

Visual Cryptography for General Access Structures

A visual cryptography scheme for a set ofnparticipants is a method of encoding a secret imageSIintonshadow images called shares, where each participant in receives one share. Certain qualified subsets of participants can “visually” recover the secret image, but other, forbidden, sets of participants have no information (in an information-theoretic sense) onSI. A “visual” recovery for a setX⊆ consists of xeroxing the shares given to the participants inXonto transparencies, and then stacking them. The participants in a qualified setXwill be able to see the secret image without any knowledge of cryptography and without performing any cryptographic computation. In this paper we propose two techniques for constructing visual cryptography schemes for general access structures. We analyze the structure of visual cryptography schemes and we prove bounds on the size of the shares distributed to the participants in the scheme. We provide a novel technique for realizingkout ofnthreshold visual cryptography schemes. Our construction forkout ofnvisual cryptography schemes is better with respect to pixel expansion than the one proposed by M. Naor and A. Shamir (Visual cryptography,in“Advances in Cryptology—Eurocrypt '94” CA. De Santis, Ed.), Lecture Notes in Computer Science, Vol. 950, pp. 1–12, Springer-Verlag, Berlin, 1995) and for the case of 2 out ofnis the best possible. Finally, we consider graph-based access structures, i.e., access structures in which any qualified set of participants contains at least an edge of a given graph whose vertices represent the participants of the scheme.     

Verifiable threshold quantum secret sharing with sequential communication

A (t, n) threshold quantum secret sharing (QSS) is proposed based on a single d-level quantum system. It enables the (t, n) threshold structure based on Shamir’s secret sharing and simply requires sequential communication in d-level quantum system to recover secret. Besides, the scheme provides a verification mechanism which employs an additional qudit to detect cheats and eavesdropping during secret reconstruction and allows a participant to use the share repeatedly. Analyses show that the proposed scheme is resistant to typical attacks. Moreover, the scheme is scalable in participant number and easier to realize compared to related schemes. More generally, our scheme also presents a generic method to construct new (t, n) threshold QSS schemes based on d-level quantum system from other classical threshold secret sharing.     

Security of a semi-quantum protocol where reflections contribute to the secret key

In this paper, we provide a proof of unconditional security for a semi-quantum key distribution protocol introduced in a previous work. This particular protocol demonstrated the possibility of using X basis states to contribute to the raw key of the two users (as opposed to using only direct measurement results) even though a semi-quantum participant cannot directly manipulate such states. In this work, we provide a complete proof of security by deriving a lower bound of the protocol’s key rate in the asymptotic scenario. Using this bound, we are able to find an error threshold value such that for all error rates less than this threshold, it is guaranteed that A and B may distill a secure secret key; for error rates larger than this threshold, A and B should abort. We demonstrate that this error threshold compares favorably to several fully quantum protocols. We also comment on some interesting observations about the behavior of this protocol under certain noise scenarios.     

Comment on “efficient and feasible quantum private comparison of equality against the collective amplitude damping noise”

In this paper, protocols of quantum private comparison of equality (QPCE) are investigated. We study the security of previous QPCE protocols with a semi-honest third party (TP) from the viewpoint of secure multiparty computation and show that QPCE protocol (Chen et al. Quantum Inf Process 2012) has an obvious security flaw. A vicious inside attacker impersonating TP or the compromised TP colluding with a dishonest inside player can steal other player’s secret successfully. An improved efficient and feasible QPCE protocol is proposed. In our improved scheme, only the two players can deduce the results of comparisons based on their shared key, and others will learn no information of the comparison results, even the length of secrets. The cost of communication is also be optimized. Our scheme can resist various kinds of attacks from both the outside eavesdroppers and the inside players, even the TP.     

Security of a single-state semi-quantum key distribution protocol

Semi-quantum key distribution protocols are allowed to set up a secure secret key between two users. Compared with their full quantum counterparts, one of the two users is restricted to perform some “classical” or “semi-quantum” operations, which potentially makes them easily realizable by using less quantum resource. However, the semi-quantum key distribution protocols mainly rely on a two-way quantum channel. The eavesdropper has two opportunities to intercept the quantum states transmitted in the quantum communication stage. It may allow the eavesdropper to get more information and make the security analysis more complicated. In the past ten years, many semi-quantum key distribution protocols have been proposed and proved to be robust. However, there are few works concerning their unconditional security. It is doubted that how secure the semi-quantum ones are and how much noise they can tolerate to establish a secure secret key. In this paper, we prove the unconditional security of a single-state semi-quantum key distribution protocol proposed by Zou et al. (Phys Rev A 79:052312, 2009). We present a complete proof from information theory aspect by deriving a lower bound of the protocol’s key rate in the asymptotic scenario. Using this bound, we figure out an error threshold value such that for all error rates that are less than this threshold value, the secure secret key can be established between the legitimate users definitely. Otherwise, the users should abort the protocol. We make an illustration of the protocol under the circumstance that the reverse quantum channel is a depolarizing one with parameter q. Additionally, we compare the error threshold value with some full quantum protocols and several existing semi-quantum ones whose unconditional security proofs have been provided recently.     

Restricted (<Emphasis Type="Italic">k</Emphasis>, <Emphasis Type="Italic">n</Emphasis>)-threshold quantum secret sharing scheme based on local distinguishability of orthogonal multiqudit entangled states

In this work, we study a restricted (k, n)-threshold access structure. According to this structure, we construct a group of orthogonal multipartite entangled states in d-dimensional system and investigate the distinguishability of these entangled states under restricted local operations and classical communication. Based on these properties, we propose a restricted (k, n)-threshold quantum secret sharing scheme (called LOCC-QSS scheme). The k cooperating players in the restricted threshold scheme come from all disjoint groups. In the proposed protocol, the participants distinguish these orthogonal states by the computational basis measurement and classical communication to reconstruct the original secret. Furthermore, we also analyze the security of our scheme in three primary quantum attacks and give a simple encoding method in order to better prevent the participant conspiracy attack.     

Practical parallel key-insulated encryption with multiple helper keys

Parallel key-insulated encryption (PKIE) usually allows two independent helper keys to be alternately used in temporary secret key update operations. At least half of temporary secret keys would be exposed and at least half of ciphertexts could be decrypted if one of the helper keys is exposed. In this paper, we propose a new PKIE scheme with $m$ helper keys, where $m\in Z,m>2$. If one of the helper keys is exposed, only $1/m$ temporary secret keys would be exposed and $1/m$ ciphertexts could be decrypted, so the new PKIE scheme can greatly decrease loss due to key-exposure. The scheme is provably secure without random oracles based on a bilinear group of composite order. Most important, the scheme is practical and much more efficient than the extended ones from the previous PKIE schemes.