Professional Documents
Culture Documents
Quantum Entanglement For Secret Sharing and Secret Splitting
Quantum Entanglement For Secret Sharing and Secret Splitting
I. INTRODUCTION
realized by a combination of m-particle entanglement and
entanglement swapping [13–15].
Quantum mechanics provides novel features to informa- However, it should be remembered, as it was indeed
tion processing, extending the capabilities beyond those pos- stressed in Ref. [9], that for practical purposes conventional
sible using classical physics only. The most prominent ex- quantum cryptography followed by classical secret sharing
amples to date have been quantum computation [1,2], can also be used to achieve secret sharing in a very simple
quantum teleportation [3–5], and quantum cryptography [6], manner. That is, the sender Trent sends one string R to Alice
with the latter being most mature experimentally. For cryp- and a second string S to Bob, and then Trent encodes the
tographic applications, there has been much concern about
secret message using a key K generated by the exclusive-OR
whether quantum methods can be used only for secret key (XOR), K=R % S. Only if Alice and Bob collaborate can they
exchange, or if it is useful also for other purposes, such as find out the message. However, the principal advantage of
authentication. However, recent proofs showing quantum bit the two-particle scheme is that for a given length of the se-
commitment not to be unconditionally secure [7,8] have been cret key, fewer bits are needed to be sent in order to assure
somewhat of a setback for an extension of quantum cryptog- the nonpresence of the eavesdropper.
raphy toward such applications. The paper is outlined as follows: First, in Sec. II, we
Recently, Hillery, Buzek, and Berthiaume [9] introduced review the preparation of two-particle maximally entangled
a protocol of quantum secret sharing, which is a quantum- states, the so-called Bell states. In Sec. III, we discuss secret
mechanical version of classical secret sharing schemes
sharing. In Sec. III A, we present the two-particle entangle-
[10,11]. The basic idea of secret sharing in the simplest case
is that a secret is shared between two persons, say Alice and ment secret sharing protocol. In Sec. III B, we discuss the
Bob, in such a way that it can only be reconstructed if both issue of eavesdropping. In Sec. IV, we discuss the extension
collaborate. In a more general setting, notably for secure key of the splitting scheme of Ref. [9]. In Sec. IV A we briefly
management, an m-out-of-n protocol [or (m,n)-threshold review their scheme for secret sharing, in Sec. IV B we
scheme] with 1“m“n spreads a secret to n participants in briefly discuss eavesdropping considerations, in Sec. IV C
a way that any m participants can reconstruct it. The we review their scheme for secret splitting, and in Sec. IV D
interest- we discuss a possible extension using entanglement swap-
ing aspect of exploring quantum mechanics for secret shar- ping. Finally, in Sec. V, we discuss the obtained results.
ing is that it allows for the unconditionally secure distribu-
tion of the information to the participants. The scheme II. TWO-PARTICLE ENTANGLEMENT AND BELL
presented in Ref. [9] is based on a three-particle entangled STATES
Greenberger-Horne-Zeilinger state [12]. The main purpose
of the present paper is to show that it is also possible to Let us begin with a brief review of two-particle polariza-
construct secret sharing protocol similar to that in Ref. [9] tion entanglement. The state generated from a type-II para-
using two-particle quantum entanglement. We also present a metric down-conversion crystal can be written as [16]
detailed discussion of how to detect eavesdropping, or how
to detect a dishonest party in the protocols. Specifically, we 1
(|z+) A|z—) B+eia|z—) A|z+) B ), (2.1)
discuss the importance of the order in which the participants |†)=
release the data to test for the presence of an eavesdropper. {2
Furthermore, we discuss how a first step toward a possible where a is a birefringent phase shift of the crystal, and
m-out-of-n protocol for secret sharing and splitting can be | z+ ) and | z— ) denote the spin eigenstates, or equivalently
the horizontal and vertical polarization eigenstates, and sub-
scripts A and B denote the two particles (for Alice and Bob).
*Permanent address: Department of Electronics, Royal Institute of Using appropriate birefringent phase shifts and polariza-
Technology, Electrum 229, S 164 40 Kista, Sweden. Electronic tion conversion, one may easily convert the above state into
address: andkar@ele.kth.se any of the four Bell states [16]
1 1
|$±)= (| z+ ) A | z+ ) B ± | z— ) A | z— ) B ) (2.2) | 0— ) ÷ (| $— ) — | †+ ) )
{2 {2
1
and = (| z+ ) A |x—) B — | z | x+ ) B)
{2
—)A
1 (| z+ ) A | z— ) B ± | z— ) A | z+ ) B ). (2.3) |z—) | z+ ) ).
|†±)= = 1 (|x+) (2.7)
—|x—)
{2 {2 A B A B
we may rewrite the Bell states in this basis as III. ONE- TO TWO-PARTY SECRET SHARING
|QSS) ^ |SO)=( a|z1+, ... ,zm+) Now this procedure would require both the particle to disen-
tangle (from the executive) and the subordinate to be input to
+b | z1—, . . . ,zm— ) ) ^ | z+ ) SO .
the quantum gate network, so, in this case, one may simply
(4.4) relabel the particles instead. Let us therefore present a more
useful scenario. In this case, each subordinate is in posses-
Generally, the entanglement swapping between two particles
sion of a two-particle maximally entangled state |SO2)
from two maximally entangled states requires a Bell-state
=( | za+,zb+ ) SO + | za—,zb— ) SO )/ { 2. From this state one
measurement, as implementable with a quantum-controlled-
particle is left at a ‘‘swapping center,’’ and the second par-
NOT gate Cˆ not , a Hadamard transformation Hˆ a , and a ticle is kept by the subordinate. With n-m subordinates hav-
two- ing left one entangled particle, there are altogether n persons
particle measurement [14]. The operation of the quantum- that may help in retrieving the qubit. Now, to make the
controlled-NOT gate is that it takes a two qubit input and swapping, the executive goes to the swapping center and
flips the second qubit ( | z+ ) → | z— ) and | z— ) | z+ ) ) only if
makes a joint Bell measurement on his particle and the one
the first qubit is | z— ) . The (one bit) Hadamard gate trans-
particle left by the subordinate at the swapping center. The
forms the input as | z+ ) →( | z+ ) + | z— ) )/ { 2 and | z— )
state following the controlled-NOT and Hadamard gates can
be written
Hˆ a Cˆ not| QSS) ^ | SO2 ) =¯ ( a | z1+, . . . ,zm+ ) ^ | za+,zb+ ) SO+b | z1—, . . . ,zm+ ) ^ | za+,zb— ) SO)/2
+( a | z1+, . . . ,zm— ) ^ | za+,zb+ ) SO —b | z1—, . . . ,zm— ) ^ | za+,zb— ) SO )/2
+( a | z1+, . . . ,zm+ ) ^ | za—,zb— ) SO +b | z1—, . . . ,zm+ ) ^ | za—,zb+ ) SO )/2
+( a | z1+, . . . ,zm— ) ^ | za—,zb— ) SO —b | z1—, . . . ,zm— ) ^ | za—,zb+ ) SO )/2. (4.7)
Now, for instance, the measurement result (z m +,z a +), di- flip or sign change he may reconstruct the initial m-particle
rectly projects the remaining state into the desired state.
However, generally, the subordinate must be told the result
of the measurement (a two-bit message), and by a simple bit
entangled state. Effectively this procedure ‘‘teleports’’ the
entanglement to the subordinate. It should be kept in mind
that strictly speaking this protocol is not a (m,n)-threshold
protocol. This is because of the asymmetry between the ex-
ecutives and the subordinates, not allowing m subordinates
by themselves to share the split state. However, the protocol A very interesting question remains concerning quantum se-
still gives some added flexibility as a possible way to transfer cret sharing and splitting: What would be the protocol for
a split qubit between various parties. secret splitting for quantum registers? We believe this would
be of even more interest for quantum computation and com-
V. DISCUSSIONS munication than if it is only single quantum bits that are
We have shown a simple two-particle quantum- split. One of the most interesting questions in this respect is
entanglement-based protocol for quantum secret sharing, the amount of entanglement needed to construct a secure
which is implementable by parametric down-conversion and protocol.
interferometric Bell state analysis. The interest in using
entanglement-based protocols is initially more of a ‘‘proof-
of-principle’’ nature, as in some cases even simpler nonen- ACKNOWLEDGMENTS
tanglement quantum cryptographic protocols may be used. A.K. would like to thank NTT Basic Research Laborato-
We have also shown the extension of a quantum secret split- ries for generous support, and for having provided an excel-
ting scheme based on multiparticle entangled states toward a lent working atmosphere during his stay in Japan. This work
m-out-of-n protocol, where a qubit split to m participants can was also supported by the Swedish Natural Science Research
be shifted to other participants using entanglement swapping. Council (NFR).