Cryptanalysis of a multiparty quantum key agreement protocol based on commutative encryption

Recently, Sun et al. (Quantum Inf Process 15(5):2101–2111, 2016) proposed an efficient multiparty quantum key agreement protocol based on commutative encryption. The aim of this protocol is to negotiate a secret shared key among multiple parties with high qubit efficiency as well as security against inside and outside attackers. The shared key is the exclusive-OR of all participants’ secret keys. This is achieved by applying the rotation operation on encrypted photons. For retrieving the final secret key, only measurement on single states is needed. Sun et al. claimed that assuming no mutual trust between participants, the scheme is secure against participant’s attack. In this paper, we show that this is not true. In particular, we demonstrate how a malicious participant in Sun et al.’s protocol can introduce “a” final fake key to target parties of his choice. We further propose an improvement to guard against this attack.     

Improvements on “multiparty quantum key agreement with single particles”

Recently, Liu et al. (Quantum Inf Process 12: 1797–1805, 2013) proposed a secure multiparty quantum key agreement (MQKA) protocol with single particles. Their protocol allows N parties to negotiate a secret session key in such away that (1) outside eavesdroppers cannot gain the session key without introducing any errors; (2) the session key cannot be determined by any non-trivial subset of the participants. However, the particle efficiency of their protocol is only $\frac{1}{(k+1)N(N-1)}$ . In this paper, we show that the efficiency of the MQKA protocol can be improved to $\frac{1}{N(k+1)}$ by introducing two additional unitary operations. Since, in some scenarios, the secret keys are confidential, neither party is willing to divulge any of the contents to the other. Therefore, in our protocol, no participant can learn anything more than its prescribed output, i.e., the secret keys of the participants can be kept secret during the protocol instead of being exposed to others, thus, the privacy of the protocol is also improved. Furthermore, we explicitly show the scheme is secure.     

Comment on “Efficient and feasible quantum private comparison of equality against the collective amplitude damping noise”

Recently, Chen et al. [Quant Inf Proc doi: 10.1007/s11128-012-0505-5] presented a very promising quantum private comparison protocol for two participants to compare the equality of their wealth secretly—no one, except the participants, can reveal the comparison result. This paper points out that a malicious participant can reveal portion of the other participant’s secret information. Furthermore, an improvement is also proposed.     

On the security of AUTH, a provably secure authentication protocol based on the subspace LPN problem

At the 2011 Eurocrypt, Kiltz et al., in their best paper price awarded paper, proposed an ultra-lightweight authentication protocol, called $AUTH$ . While the new protocol is supported by a delicate security proof based on the conjectured hardness of the learning parity with noise problem, this security proof does not include man-in-the-middle attacks. In this paper, we show that $AUTH$ is weak against MIM adversaries by introducing a very efficient key recovery MIM attack that has only linear complexity with respect to the length of the secret key.     

Asynchronous Byzantine Agreement with optimal resilience

We present an efficient, optimally-resilient Asynchronous Byzantine Agreement (ABA) protocol involving $n = 3t+1$ parties over a completely asynchronous network, tolerating a computationally unbounded Byzantine adversary, capable of corrupting at most $t$ out of the $n$ parties. In comparison with the best known optimally-resilient ABA protocols of Canetti and Rabin (STOC 1993) and Abraham et al. (PODC 2008), our protocol is significantly more efficient in terms of the communication complexity. Our ABA protocol is built on a new statistical asynchronous verifiable secret sharing (AVSS) protocol with optimal resilience. Our AVSS protocol significantly improves the communication complexity of the only known statistical and optimally-resilient AVSS protocol of Canetti et al. Our AVSS protocol is further built on an asynchronous primitive called asynchronous weak commitment (AWC), while the AVSS of Canetti et al. is built on the primitive called asynchronous weak secret sharing (AWSS). We observe that AWC has weaker requirements than AWSS and hence it can be designed more efficiently than AWSS. The common coin primitive is one of the most important building blocks for the construction of an ABA protocol. In this paper, we extend the existing common coin protocol to make it compatible with our new AVSS protocol that shares multiple secrets simultaneously. As a byproduct, our new common coin protocol is more communication efficient than all the existing common coin protocols.     

Flexible protocol for quantum private query based on B92 protocol

Jakobi et al. for the first time proposed a novel and practical quantum private query (QPQ) protocol based on SARG04 (Scarani et al. in Phys Rev Lett 92:057901, 2004) quantum key distribution protocol (Jakobi et al. in Phys Rev A 83:022301, 2011). Gao et al. generalized Jakobi et al’s protocol and proposed a flexible QPQ protocol (Gao et al. in Opt Exp 20(16):17411–17420, 2012). When $\theta <\pi /4$ , Gao et al’s protocol exhibits better database security than Jakobi et al’s protocol, but has a higher probability with which Bob can correctly guess the address of Alice’s query. In this paper, we propose a flexible B92-based QPQ protocol. Although SARG04 protocol is a modification of B92 protocol and can be seen as a generalization of B92 protocol, our protocol shows different advantages from Gao et al’s protocol. It can simultaneously obtain better database security and a lower probability with which Bob can correctly guess the address of Alice’s query when $\theta <\pi /4$ . By introducing entanglement, the proposed QPQ protocol is robust against channel-loss attack, which also implies lower classical communication complexity. Similar to Gao et al’s protocol, it is flexible, practical, and robust against quantum memory attack.     

Protocols of quantum key agreement solely using Bell states and Bell measurement

Two protocols of quantum key agreement (QKA) that solely use Bell state and Bell measurement are proposed. The first protocol of QKA proposed here is designed for two-party QKA, whereas the second protocol is designed for multi-party QKA. The proposed protocols are also generalized to implement QKA using a set of multi-partite entangled states (e.g., 4-qubit cluster state and \(\Omega \) state). Security of these protocols arises from the monogamy of entanglement. This is in contrast to the existing protocols of QKA where security arises from the use of non-orthogonal state (non-commutativity principle). Further, it is shown that all the quantum systems that are useful for implementation of quantum dialogue and most of the protocols of secure direct quantum communication can be modified to implement protocols of QKA.     

Multi-party quantum key agreement protocol secure against collusion attacks

The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting \(N-1\) coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants’ cooperation. Here, \(t < N\). We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.     

Comment on “Dynamic quantum secret sharing”

Hsu et al. (Quantum Inf Process 12:331–344,2013) proposed a dynamic quantum secret sharing (DQSS) protocol using the entanglement swapping of Bell states for an agent to easily join (or leave) the system. In 2013, Wang and Li (Quantum Inf Process 12(5):1991–1997, 2013) proposed a collusion attack on Hsu et al.’s DQSS protocol. Nevertheless, this study points out a new security issue on Hsu et al.’s DQSS protocol regarding to the honesty of a revoked agent. Without considering this issue, the DQSS protocol could be failed to provide secret sharing function.     

Multi-party quantum private comparison protocol base on $$$$-imensional entangle states

In this paper, a novel quantum private comparison protocol with \(l\)-party and \(d\)-dimensional entangled states is proposed. In the protocol, \(l\) participants can sort their secret inputs in size, with the help of a semi-honest third party. However, if every participant wants to know the relation of size among the \(l\) secret inputs, these two-participant protocols have to be executed repeatedly \(\frac{l(l-1)}{2}\) times. Consequently, the proposed protocol needs to be executed one time. Without performing unitary operation on particles, it only need to prepare the initial entanglement states and only need to measure single particles. It is shown that the participants will not leak their private information by security analysis.     

Secure multiparty quantum secret sharing with the collective eavesdropping-check character

Combining the block transmission in Long and Liu (Phys Rev A 65:032302, 2002) and the double operations in Lin et al. (Opt Commun 282:4455, 2009), we propose a secure multiparty quantum secret sharing protocol with the collective eavesdropping-check character. In this protocol, only the boss needs to prepare Bell states and perform Bell state measurements, and all agents only perform local operations, which makes this protocol more feasible with the current technique. Incidentally, we show that the other half of secret messages in Lin et al. protocol (Opt Commun 282:4455, 2009) may also be eavesdropped.     

pth Moment Exponential Stability of Stochastic Recurrent Neural Networks with Markovian Switching

This paper investigates the problem of the pth moment exponential stability for a class of stochastic recurrent neural networks with Markovian jump parameters. With the help of Lyapunov function, stochastic analysis technique, generalized Halanay inequality and Hardy inequality, some novel sufficient conditions on the pth moment exponential stability of the considered system are derived. The results obtained in this paper are completely new and complement and improve some of the previously known results (Liao and Mao, Stoch Anal Appl, 14:165–185, 1996; Wan and Sun, Phys Lett A, 343:306–318, 2005; Hu et al., Chao Solitions Fractals, 27:1006–1010, 2006; Sun and Cao, Nonlinear Anal Real, 8:1171–1185, 2007; Huang et al., Inf Sci, 178:2194–2203, 2008; Wang et al., Phys Lett A, 356:346–352, 2006; Peng and Liu, Neural Comput Appl, 20:543–547, 2011). Moreover, a numerical example is also provided to demonstrate the effectiveness and applicability of the theoretical results.     

A new spatial IP assignment method for IP-based wireless sensor networks

Wireless sensor networks (WSNs), one of the commercial wireless mesh networks (WMNs), are envisioned to provide an effective solution for sensor-based AmI (Ambient Intelligence) systems and applications. To enable the communications between AmI sensor networks and the most popular TCP/IP networks seamlessly, the best solution model is to run TCP/IP directly on WSNs (Mulligan et al. 2009; Hui and Culler 2008; Han and Mam 2007; Kim et al. 2007; Xiaohua et al. 2004; Dunkels et al. 2004; Dunkels et al. 2004; Dunkels 2001; Dunkels et al. 2004). In this case, an IP assignment method is required to assign each sensor node a unique IP address. SIPA (Dunkels et al. 2004) is the best known IP assignment method that uses spatial relations and locations of sensor nodes to assign their IP addresses. It has been applied in Contiki (Dunkels et al. 2004), a famous WSN operating system, to support the 6LowPAN protocol. In Chang et al. (2009), we proposed the SLIPA (Scan-Line IP Assignment) algorithm to improve the assignment success rate (ASR) obtained by SIPA. SLIPA can achieve a good ASR when sensor nodes are uniformly distributed. However, if sensor nodes are deployed by other distributions, the improvements would be limited. This paper proposes a new spatial IP assignment method, called SLIPA-Q (SLIPA with equal-quantity partition), to improve SLIPA. Experiments show that, by testing the proposed method 1,000 times with 1,000 randomly deployed sensor nodes, the average ASR obtained by SLIPA-Q is over two times of that obtained by SLIPA. Under the same 88% ASR, the average numbers of sensor nodes those can be successfully assigned by SLIPA-Q, SLIPA, and SIPA are 950, 850, and 135, respectively. Comparing to previous spatial IP assignment methods, SLIPA-Q can achieve dramatic improvements in ASR for assigning IP addresses to a large set of sensor nodes.     

Double C-NOT attack and counterattack on ‘Three-step semi-quantum secure direct communication protocol’

Recently, Zou and Qiu (Sci China Phys Mech Astron 57:1696–1702, 2014) proposed a three-step semi-quantum secure direct communication protocol allowing a classical participant who does not have a quantum register to securely send his/her secret message to a quantum participant. However, this study points out that an eavesdropper can use the double C-NOT attack to obtain the secret message. To solve this problem, a modification is proposed.     

The topological basis realization and the corresponding Heisenberg model of spin-1 chain

In this paper, it is shown that the Heisenberg model of spin-1 chain can be constructed from the Birman–Wenzl algebra generator while we have got that the Heisenberg model of spin- $\frac{1}{2}$ chain can be constructed from the Temperley–Lieb algebra generator in our previous work (Sun et al. in EPL 94:50001, 2011). Here, we investigate the topological space, we find that the number of topological basis states raise from the previous two to three, and they are also the three eigenstates of a closed four-qubit Heisenberg model of spin-1 chain. Specifically, all the topological basis states are also the spin single states and one of them is the energy single state of the system. It is worth noting that all conclusions we get in this paper are consistent with our previous work (Sun et al. in EPL 94:50001, 2011). These just indicate that the topological basis states have particular properties in the system.     

Quantum secret sharing with continuous variable graph state

In this paper, we study several physically feasible quantum secret sharing (QSS) schemes using continuous variable graph state (CVGS). Their implementation protocols are given, and the estimation error formulae are derived. Then, we present a variety of results on the theory of QSS with CVGS. Any $(k,n)$ threshold protocol of the three specific schemes satisfying $\frac{n}{2}<k\le n$ , where $n$ denotes the total number of players and $k$ denotes the minimum number of players who can collaboratively access the secret, can be implemented by certain weighted CVGS. The quantum secret is absolutely confidential to any player group with number less than threshold. Besides, the effect of finite squeezing to these results is properly considered. In the end, the duality between two specific schemes is investigated.     

The loophole of the improved secure quantum sealed-bid auction with post-confirmation and solution

In the literature He et?al. (Quantum Inf Process, 2011) performed the cryptanalysis about the protocol of secure quantum auction with post-confirmation, and proposed the melioration algorithm in order to defeat the collusion among some malicious bidders in Zhao et?al.??s protocol (Zhao et?al. in Opt Commun 283:3194, 2010). But unfortunately, this protocol can??t defeat the collusion among some malicious bidders either. In this paper, we will analyze the security of He et?al.??s protocol and point out the potential loophole. Furthermore, we propose an improved protocol which can defeat the collusion among malicious bidders effectively.     

On space complexity of self-stabilizing leader election in mediated population protocol

Chatzigiannakis et al. (Lect Notes Comput Sci 5734:56–76, 2009) extended the Population Protocol (PP) of Angluin et al. (2004) and introduced the Mediated Population Protocol (MPP) by introducing an extra memory on every agent-to-agent communication link (i.e., edge), in order to model more powerful networks of mobile agents with limited resources. For a general distributed system of autonomous agents, Leader Election (LE) plays a key role in their efficient coordination. A Self-Stabilizing (SS) protocol has ideal properties required for distributed systems of huge numbers of not highly reliable agents typically modeled by PP or MPP; it does not require any initialization and tolerates a finite number of transient failures. Cai et al. (2009) showed that for a system of $n$ agents, any PP for SS-LE requires at least $n$ agent-states, and gave a PP with $n$ agent-states for SS-LE. In this paper, we show, for a system of $n$ agents, any MPP for SS-LE with 2 edge-states (i.e., 1 bit memory) on every edge requires at least $(1/2) \lg {n}$ agent-states, and give an MPP for SS-LE with $(2/3)n$ agent-states and 2 edge-states on every edge. Furthermore, we show that a constant number of edge-states on every edge do not help in designing an MPP for SS-LE with a constant number of agent-states, and that there is no MPP for SS-LE with 2 agent-states, regardless of the number of edge-states; the edge-state is not a complete alternative of the agent-state, although it can help in reducing the number of agent-states, when solving SS-LE.     

Cryptanalysis of enhancement on “quantum blind signature based on two-state vector formalism”

Recently, Yang et al. (Quantum Inf Process 12(1):109, 2013) proposed an enhanced quantum blind signature based on two-taste vector formalism. The protocol can prevent signatory Bob from deriving Alice’s message with invisible photon eavesdropping attack or fake photon attack. In this paper, we show that the enhanced protocol also has a loophole that Alice can utilize an entanglement swapping attack to obtain Bob’s secret key and forge Bob’s valid signature at will later. Then, we reanalyze two existing protocols and try to find some further methods to fix them.