Background technology
Quantum cryptography is one of most important application for quantum information process, quantum-key distribution (Quantum Key Distribution can be divided into, QKD) [1-5], quantum secret sharing (Quantum SecretSharing, QSS) [6-10], Quantum Secure Direct Communication (Quantum Secure DirectCommunication, QSDC) [11-19] etc.As everyone knows, certification is a kind of effective means guaranteeing the integrality of transmitted information, can be preferentially absorbed into classical password and quantum cryptography.According to the use of certification, quantum cryptographic protocols can be divided into two classes, namely not with authentication function with band authentication function.Such as, the quantum cryptographic protocols of document [1-19] always supposes to there is the classical channel of certification so that they do not have authentication function.Do not suppose the classical channel of certification with them unlike the quantum cryptographic protocols of, document [20-29], need first to complete verification process.Institute's protocols having of document [20-28] needs to carry out open debate at classical channel, and this requires that recipient must be online.More complicated, each agreement of document [20-22] needs a trusted third party being called authenticator.Fortunately, in 2011, Tsai etc. [29] utilize rotation process to propose a unidirectional quantum authentication secure communication protocols neither needing open debate not need again trusted third party.In this agreement, her message is sent to recipient by the mode that sender transmits with a step quantum.This agreement does not need recipient online.But when a listener-in Eve launches a offensive an amendment message quantum bit, she can escape with the probability of 1/2 and detect.By the inspiration of the agreement [29] of Tsai etc., Hwang etc. [30] propose one first and are called the completely new concept that quantum authentication is encrypted, and it is in fact the step certification Quantum Secure Direct Communication being applicable to recipient under line.The huge bright spot of quantum authentication encryption is the following aspects [30]:
(1) it only needs a step quantum transmission;
(2) it provides Privacy Protection and authentication;
(3) it makes message authentication be accurate to 1 bit level, namely to by 1 D-bit modification of message that transmits by the detection probability of initiation one 100%;
(4) it does not need a trusted third party;
(5) it does not need a classical channel.
Under what these bright spots made throughput subchannel carry out be applicable to line, many application of recipient become possibility, such as quantum E-mail [30].
Based on above analysis, the present invention proposes the quantum authentication cryptographic protocol based on two photon entanglement states that is applicable to quantum Email.With the protocol class of document [30] seemingly, two correspondent Alice and Bob share two in advance for determining private key prepared by two photon entanglement states.The two photon entanglement state sequences encoding her classical bit are sent to recipient Bob in the mode of a step Quantum Teleportation by sender Alice.After receiving the quantum state sequence of coding, Bob utilize two photon combined measurements decode Alice classical bit and under the help of one-way Hash function the integrality of the secret of certification Alice.Agreement of the present invention only uses a step Quantum Teleportation, and neither needs an open debate also not need a believable third party.Therefore, agreement of the present invention be applicable to quantum E-mail etc. only require recipient be in line under situation.Agreement of the present invention makes message authentication be accurate to 1 bit level under the help of one-way Hash function.And the information theory efficiency of agreement of the present invention is up to 100%.
List of references
[1]Bennett C H,Brassard G.Quantum cryptography:public-key distribution andcoin tossing.In:Proceedings of the IEEE International Conference onComputers,Systems and Signal Processing.Bangalore:IEEE Press,1984,175-179.
[2]Ekert A K.Quantum cryptography based on Bell′s theorem.Phys Rev Lett,1991,67(6):661-663.
[3]Bennett C H,Brassard G,Mermin N D.Quantum cryptography without Belltheorem.Phys Rev Lett,1992,68:557-559.
[4]Cabello A.Quantum key distribution in the Holevo limit.Phys Rev Lett,2000,85:5635.
[5]Deng F G,Long G L.Controlled order rearrangement encryption for quantumkey distribution.Phys Rev A,2003,68:042315.
[6]Hillery M,Buzek V,Berthiaume A.Quantum secret sharing.Phys Rev A,1999,59:1829-1834.
[7]Karlsson A,Koashi M,Imoto N.Quantum entanglement for secret sharing andsecret splitting.Phys Rev A,1999,59:162-168.
[8]Xiao L,Long G L,Deng F G,Pan J W.Efficient multiparty quantum-secret-sharing schemes.Phys Rev A,2004,69:052307.
[9]Hao L,Li J L,Long G L.Eavesdropping in a quantum secret sharing protocolbased on Grover algorithm and its solution.Sci China Ser G-Phys Mech Astron,2010,53(3):491-495.
[10]Hao L,Wang C,Long G L.Quantum secret sharing protocol with four stateGrover algorithm and its proof-of-principle experimental demonstration.OptCommun,2011,284:3639-3642.
[11]Long G L,Liu X S.Theoretically effiicient high-capacity quantum-key-distribution scheme.Phys Rev A,2002,65:032302.
[12]Bostrom K,Felbinger T.Deterministic secure direct communication usingentanglement.Phys Rev Lett,2002,89:187902.
[13]Deng F G,Long G L,Liu X S.Two-step quantum direct communicationprotocol using the Einstein-Podolsky-Rosen pair block.Phys Rev A,2003,68:042317.
[14]Deng F G,Long G L.Secure direct communication with a quantum one-timepad.Phys Rev A,2004,69:052319.
[15]Wang C,Deng F G,Li Y S,Liu X S,Long G L.Quantum secure directcommunication with high-dimension quantum superdense coding.Phys Rev A,2005,71:044305.
[16]Wang C,Deng F G,Long G L.Multi-step quantum secure directcommunication using multi-particle Green-Horne-Zeilinger state.Opt Commun,2005,253(1-3):15-20.
[17]Chen X B,Wen Q Y,Guo F Z,Sun Y,Xu G,Zhu F C.Controlled quantumsecure direct communication with W state.Int J Quant Inform,2008,6(4):899-906.
[18]Gu B,Huang Y G,Fang X,Zhang C Y.A two-step quantum secure directcommunication protocol with hyperentanglement.Chin Phys B,2011,20(10):100309.
[19]Liu D,Chen J L,Jiang W.High-capacity quantum secure directcommunication with single photons in both polarization and spatial-modedegrees of freedom.Int J Theor Phys,2012,51:2923-2929.
[20]Lee H,Lim J,Yang H.Quantum direct communication with authentication.Phys Rev A,2006,73:042305.
[21]Zhang Z J,Liu J,Wang D,Shi S H.Comment on“Quantum directcommunication with authentication”.Phys Rev A,2007,75:026301.
[22]Yen C A,Horng S J,Goan H S,Kao T W,Chou Y H.Quantum directcommunication with mutual authentication.Quantum Inf Comput,2009,9:376-394.
[23]Liu W J,Chen H W,Li Z Q,Liu Z H.Effi cient quantum secure directcommunication with authentication.Chin Phys Lett,2008,25:2354-2357.
[24]Wang M J,Pan W.Quantum secure direct communication based onauthentication.Chin Phys Lett,2008,25:3860-3863.
[25]Yang J,Wang C A,Zhang R.Quantum secure direct communication withauthentication expansion using single photons.Commun Theor Phys,2010,54:829-834.
[26]Yang Y G,Jia X,Xia J,Shi L,Zhang H.Comment on“Quantum secure directcommunication with authentication expansion using single photons”.Int JTheor Phys,2012,51:3681-3687.
[27]Liu D,Pei C X,Quan D X,Zhao N.A new quantum secure directcommunication scheme with authentication.Chin Phys Lett,2010,27:050306.
[28]Gao F,Qin S J,Guo F Z,Wen Q Y.Cryptanalysis of quantum secure directcommunication and authentication scheme via Bell states.Chin Phys Lett,2011,28:020303.
[29]Tsai C W,Wei T S,Hwang T.One-way quantum authenticated securecommunication using rotation operation.Commun Theor Phys,2011,56:1023-1026.
[30]Hwang T,Luo Y P,Yang C W,Lin T H.Quantum authencryption:one-stepauthenticated quantum secure direct communications for off-line communicants.Quantum InfProcess,2014,13:925-933.
[31]Yin X R,Ma W P,Liu W Y,Shen D S.Efficient bidirectional quantum securecommunication with two-photon entanglement.Quantum Inf Process,2013,12:3093-3102.
[32]Shannon C E.Communication theory of secrecy system.Bell System Tech J,1949,28:656-715.
Summary of the invention
The object of the invention is to design a kind of quantum authentication cryptographic protocol based on two photon entanglement states being applicable to quantum Email, by quantum communications protocol application in only requiring the situation under recipient is in line.
Be applicable to the quantum authentication cryptographic protocol based on two photon entanglement states of quantum Email, comprise following five processes altogether:
S1) prepare.Alice and Bob shares two in advance for determining private key K prepared by two photon entanglement states
band K
s.Here, K
blength be N bit, K
slength be 2N bit.Alice is according to K
band K
sproduce one by N number of two photon entanglement state { (A
1, B
1), (A
2, B
2) ..., (A
t, B
t) ..., (A
n, B
n) the quantum state sequence L that forms.Namely: if
Otherwise,
Here,
k
bt bit,
k
s2t-1 and 2t bit, wherein t ∈ 1,2 ..., N}.
S2) coding of Alice.2N the classical bit of Alice
{ (i
1, j
1) (i
2, j
2) ... (i
t, j
t) ... (i
n, j
n) be expressed as M=m
a|| h (m
a), wherein m
aher secret, h (m
a) be m
acryptographic Hash.Here, " || " represents " connection " operation and i
t, j
t∈ 0,1}, wherein t ∈ 1,2 ..., N}.In order to the dibit (i in her M of encoding
t, j
t), Alice is to t two photon entanglement state (A
t, B
t) in B
tapply operation at the tenth of the twelve Earthly Branches
wherein t ∈ 1,2 ..., N}.Like this, L is converted into L ', wherein
S3) transmission of Alice.L ' is sent to Bob by a quantum channel by Alice.
S4) decoding of Bob.According to
bob is from MB
1=| φ
±>, | ψ
±>} and MB
2=| Φ
±>, | Ψ
±>} selects t two photon entanglement states in correct measurement base measurement L '
due to Bob from
with
can know that Alice prepares (A
t, B
t) initial state, he easily can derive (i from his measurement result
t, j
t).The classical bit decoded in Bob hand is represented as M '=m '
a|| h ' (m
a).
S5) certification of Bob.In order to detect the existence of a listener-in Eve, Bob calculates m '
acryptographic Hash thus obtain h (m '
a).Then, he by h (m '
a) and h ' (m
a) contrast.If they are the same, Bob accepts m '
afor send over from Alice not through the real m of any amendment
a; Otherwise they abandon communicating and start anew.
The present invention proposes a kind of quantum authentication cryptographic protocol based on two photon entanglement states being applicable to quantum Email.Two correspondent Alice and Bob share two in advance for determining private key prepared by two photon entanglement states.The two photon entanglement state sequences encoding her classical bit are sent to recipient Bob in the mode of a step Quantum Teleportation by sender Alice.After receiving the quantum state sequence of coding, Bob utilize two photon combined measurements decode Alice classical bit and under the help of one-way Hash function the integrality of the secret of certification Alice.Agreement of the present invention only uses a step Quantum Teleportation, and neither needs an open debate also not need a believable third party.Therefore, agreement of the present invention be applicable to quantum E-mail etc. only require recipient be in line under situation.Agreement of the present invention makes message authentication be accurate to 1 bit level under the help of one-way Hash function.And the information theory efficiency of agreement of the present invention is up to 100%.
Embodiment
Below in conjunction with embodiment, technical scheme of the present invention is described further.
1, the transformational relation between two photon entanglement states
As everyone knows, four Bell state can be described to
Wherein
obviously, MB
1=| φ
±>, | ψ
±>} is that a group of above-mentioned four Bell state measures base.On the other hand, four operations at the tenth of the twelve Earthly Branches can be described to
I=|0><0|+|1><1|,σ
x=|0><1|+|1><0|,iσ
y=|0><1|-|1><0|,σ
z=|0><0|-|1><1|。
(5)
One in operation at four tenth of the twelve Earthly Branches be applied in second photon after, these four Bell state freely being changed to each other, as table 1 is concluded.
Transformational relation (quantum state at row place represents initial state, the quantum state representation transformation result at row place) between any two Bell state of table 1
Define another four two photon entanglement states for [31]
Obviously, MB
2=| Φ
±>, | Ψ
±>} is that a group of above-mentioned four two photon entanglement states measures base.Can directly obtain, MB
1and MB
2non-orthogonal.Similarly, one in operation at four tenth of the twelve Earthly Branches be applied in second photon after, these four two photon entanglement states can freely changed to each other, as table 2 is concluded [31].
Transformational relation (quantum state at row place represents initial state, the quantum state representation transformation result at row place) between any two two photon entanglement states that table 2 formula (6,7) defines
2, quantum authentication cryptographic protocol
Suppose that Alice has and be expressed as M=m
a|| h (m
a) 2N classical bit { (i
1, j
1) (i
2, j
2) ... (i
t, j
t) ... (i
n, j
n), wherein m
aher secret, h (m
a) be m
acryptographic Hash.Here, " || " represents " connection " operation and i
t, j
t∈ 0,1}, wherein t ∈ 1,2 ..., N}.And they decide through consultation that each tenth of the twelve Earthly Branches, operation represented a classical dibit as follows in advance:
I→U
00,σ
x→U
01,iσ
y→U
10,σ
z→U
11, (8)
A classical dibit is designated as under wherein each.The two photon entanglement states that utilize that the present invention proposes are made up of following five processes as the quantum authentication cryptographic protocol of quantum resource.With the protocol class of document [30] seemingly, in this agreement, Alice and Bob is supposed to share two in advance for determining private key K prepared by two photon entanglement states
band K
s.Here, K
blength be N bit, K
slength be 2N bit.
S1) prepare.Alice is according to K
band K
sproduce one by N number of two photon entanglement state { (A
1, B
1), (A
2, B
2) ..., (A
t, B
t) ..., (A
n, B
n) the quantum state sequence L that forms.Namely: if
Otherwise,
Here,
k
bt bit,
k
s2t-1 and 2t bit, wherein t ∈ 1,2 ..., N}.
S2) coding of Alice.In order to the dibit (i in her M of encoding
t, j
t), Alice is to t two photon entanglement state (A
t, B
t) in B
tapply operation at the tenth of the twelve Earthly Branches
wherein t ∈ 1,2 ..., N}.Like this, L is converted into L ', wherein
S3) transmission of Alice.L ' is sent to Bob by a quantum channel by Alice.
S4) decoding of Bob.According to
bob is from MB
1and MB
2select t two photon entanglement states in correct measurement base measurement L '
due to Bob from
with
can know that Alice prepares (A
t, B
t) initial state, according to table 1 and table 2, he easily can derive (i from his measurement result
t, j
t).The classical bit decoded in Bob hand is represented as M '=m '
a|| h ' (m
a).
S5) certification of Bob.In order to detect the existence of a listener-in Eve, Bob calculates m '
acryptographic Hash thus obtain h (m '
a).Then, he by h (m '
a) and h ' (m
a) contrast.If they are the same, Bob accepts m '
afor send over from Alice not through the real m of any amendment
a; Otherwise they abandon communicating and start anew.
In agreement of the present invention, the two photon entanglement state sequences encoding her classical bit are sent to Bob in the mode without the need to being transmitted by a step quantum when open debate or a trusted third party by Alice.Receive that Alice sends over by encoded sequence after, Bob can authenticate the integrality of her secret.This just need not require that Bob is online.In other words, agreement of the present invention can be applicable to recipient be in line under situation.Can reach a conclusion, agreement of the present invention can be regarded as being applicable to the step certification Quantum Secure Direct Communication agreement without the need to trusted third party of recipient under a line.
Be necessary it is emphasised that, if there is no eavesdrop behavior, K
band K
scan be reused.But, under following two kinds of situations, new K
band K
sshould be shared by Alice and Bob in advance: (1) Alice thinks again to send identical secret; (2) eavesdropping behaviors are detected.[30]
3, safety analysis
(1) fail safe of anti-information leakage
Eve wishes that the L ' sended over by intercepting and capturing and measure Alice extracts some useful informations about M.But she is K for want of
band K
sshe does not know the initial state of L prepared by Alice, so can not get any useful information.Without loss of generality, with her measurement result be | φ
+> is example.If she guesses that corresponding initial state is | φ
+> (| ψ
+>, | ψ
->, | φ
->), two classical bits will be 00 (01,10,11).That is, according to the information theory [32] of Shannon, for Eve, this measurement result is corresponding
bit information.Therefore, be leaked out without any information.
(2) anti-fail safe of playing the part of attack
In this attack, Eve plays the part of Alice and the M of her vacation is sent to Bob.Without loss of generality, suppose she attempt sending to the dibit of Bob to be 00,
with
unclear
with
eve have to first to prepare one false be at random eight states | φ
±>, | ψ
±>, | Φ
±>, | Ψ
±the two photon entanglement states of one of >} | ε >, then sends to Bob by it.If she produces | ε > is in | φ
+>, she successfully can send to Bob by 00; If she produce | ε > be in three states | φ
->, | ψ
±one of >}, she arrives by Bob with the Probability Detection of 100%; If she produce | ε > be in four states | Φ
±>, | Ψ
±one of >}, she is detected with certain probability.In a word, if N is enough large, this attack of Eve can be detected definitely.
(3) fail safe of anti-D-bit modification attack
In this attack, Eve intercepts and captures the L ' that sends over from Alice and applies three operation at the tenth of the twelve Earthly Branches { σ at random to any one L ' two photon entanglement state
x, i σ
y, σ
zin one.Then, the L ' revised is sent to Bob by her.Fortunately, due to h (m '
a) no longer with h ' (m
a) equal, this attack of Eve is arrived by Bob with the Probability Detection of 100%.Its reason is the character of one-way Hash function, and namely 1 bit-errors of input can cause the huge change of output [30].
Embodiment:
1, quantum authentication cryptographic protocol applicating example
With first two photon entanglement state (A
1, B
1) explain proposed agreement further as a concrete example.Suppose
(i
1, j
1)=01.Correspondingly, (A
1, B
1) be in by Alice preparation | ψ
+>.Like this, σ is operated at the tenth of the twelve Earthly Branches of Alice
xafter, (A
1, B
1) state be changed to | φ
+>.Then, after receiving it from Alice, according to
bob selects MB
1measure it.Like this, according to table 1, he can read (i
1, j
1)=01 because he from
with
know (A prepared by Alice
1, B
1) initial state be | ψ
+>.After decoding M ', Bob by contrast h (m '
a) and h ' (m
a) can certification m '
aintegrality.
2, discuss
(1) information theory efficiency
The information theory efficiency [4] of Cabello definition is η=b
s/ (q
t+ b
t), wherein b
s, q
tand b
tthe classical bit number expecting to exchange between the secret bit number received, the quantum bit number used and two participants respectively.In agreement of the present invention, (A
t, B
t) be used to transmit (i from Alice to Bob
t, j
t) and without the need to any declaration undertaken by classical channel.Like this, b
s=2, q
t=2 and b
t=0.Therefore, the information theory efficiency of agreement of the present invention is
(2) contrast of quantum authentication cryptographic protocol and before
Here detailed contrast is carried out to first quantum authentication cryptographic protocol of agreement of the present invention and document [30].Comparing result is summarized in table 3.Conclusion as can be drawn from Table 3, agreement of the present invention surpasses the agreement of document [30] in channel capacity, but is measured as cost with quantum resource and quantum.
Comparing result between the agreement of table 3 agreement of the present invention and document [30]
3, sum up
The present invention proposes the quantum authentication cryptographic protocol based on two photon entanglement states that is applicable to quantum Email.Agreement implementation process of the present invention is: two correspondent Alice and Bob share two in advance for determining private key prepared by two photon entanglement states.The two photon entanglement state sequences encoding her classical bit are sent to recipient Bob in the mode of a step Quantum Teleportation by sender Alice.After receiving the quantum state sequence of coding, Bob utilize two photon combined measurements decode Alice classical bit and under the help of one-way Hash function the integrality of the secret of certification Alice.The bright spot of agreement of the present invention is:
(1) it only uses a step Quantum Teleportation, and neither needs an open debate also not need a believable third party.Therefore, it be applicable to quantum E-mail etc. only require recipient be in line under situation;
(2) it makes message authentication be accurate to 1 bit level under the help of one-way Hash function;
(3) its information theory efficiency is up to 100%.