This article is an orphan, as no other articles link to it . Please introduce links to this page from related articles ; try the Find link tool for suggestions. (January 2022) |
Quantum secret sharing (QSS) is a quantum cryptographic scheme for secure communication that extends beyond simple quantum key distribution. It modifies the classical secret sharing (CSS) scheme by using quantum information and the no-cloning theorem to attain the ultimate security for communications.
The method of secret sharing consists of a sender who wishes to share a secret with a number of receiver parties in such a way that the secret is fully revealed only if a large enough portion of the receivers work together. However, if not enough receivers work together to reveal the secret, the secret remains completely unknown.
The classical scheme was independently proposed by Adi Shamir [1] and George Blakley [2] in 1979. In 1998, Mark Hillery, Vladimír Bužek, and André Berthiaume extended the theory to make use of quantum states for establishing a secure key that could be used to transmit the secret via classical data. [3] In the years following, more work was done to extend the theory to transmitting quantum information as the secret, rather than just using quantum states for establishing the cryptographic key. [4] [5]
QSS has been proposed for being used in quantum money [6] as well as for joint checking accounts, quantum networking, and distributed quantum computing, among other applications.
This example follows the original scheme laid out by Hillery et al. in 1998 which makes use of Greenberger–Horne–Zeilinger (GHZ) states. A similar scheme was developed shortly thereafter which used two-particle entangled states instead of three-particle states. [7] In both cases, the protocol is essentially an extension of quantum key distribution to two receivers instead of just one.
Following the typical language, let the sender be denoted as Alice and two receivers as Bob and Charlie. Alice's objective is to send each receiver a "share" of her secret key (really just a quantum state) in such a way that:
Alice initiates the protocol by sharing with each of Bob and Charlie one particle from a GHZ triplet in the (standard) Z-basis, holding onto the third particle herself:
where and are orthogonal modes in an arbitrary Hilbert space.
After each participant measures their particle in the X- or Y-basis (chosen at random), they share (via a classical, public channel) which basis they used to make the measurement, but not the result itself. Upon combining their measurement results, Bob and Charlie can deduce what Alice measured 50% of the time. Repeating this process many times, and using a small fraction to verify that no malicious actors are present, the three participants can establish a joint key for communicating securely. Consider the following for a clear example of how this will work.
Let us define the x and y eigenstates in the following, standard way:
The GHZ state can then be rewritten as
where (a, b, c) denote the particles for (Alice, Bob, Charlie) and Alice's and Bob's states have been written in the X-basis. Using this form, it is evident that their exists a correlation between Alice's and Bob's measurements and Charlie's single-particle state:
if Alice and Bob have correlated results then Charlie has the state and if Alice and Bob have anticorrelated results then Charlie has the state .
It is clear from the table summarizing these correlations that by knowing the measurement bases of Alice and Bob, Charlie can use his own measurement result to deduce whether Alice and Bob had the same or opposite results. Note however that to make this deduction, Charlie must choose the correct measurement basis for measuring his own particle. Since he chooses between two noncommuting bases at random, only half of the time will he be able to extract useful information. The other half of the time the results must be discarded. Additionally, from the table one can see that Charlie has no way of determining who measured what, only if the results of Alice and Bob were correlated or anticorrelated. Thus the only way for Charlie to figure out Alice's measurement is by working together with Bob and sharing their results. In doing so, they can extract Alice's results for every measurement and use this information to create a cryptographic key that only they know.
The simple case described above can be extended similarly to that done in CSS by Shamir and Blakley via a thresholding scheme. In the ((k,n)) threshold scheme (double parentheses denoting a quantum scheme), Alice splits her secret key (quantum state) into n shares such that any k≤n shares are required to extract the full information but k-1 or less shares cannot extract any information about Alice's key.
The number of users needed to extract the secret is bounded by n/2<k≤n. Consider for n≥2k, if a ((k,n)) threshold scheme is applied to two disjoint sets of k in n, then two independent copies of Alice's secret can be reconstructed. This of course would violate the no-cloning theorem and is why n must be less than 2k.
As long as a ((k,n)) threshold scheme exists, a ((k,n-1)) threshold scheme can be constructed by simply discarding one share. This method can be repeated until k=n.
The following outlines a simple ((2,3)) threshold scheme, [4] and more complicated schemes can be imagined by increasing the number of shares Alice splits her original state into:
Consider Alice beginning with the single qutrit state
and then mapping it to three qutrits
and sharing one qutrit with each of the 3 receivers. It is evident that a single share does not give any information about Alice's original state, since each share is in the maximally mixed state. However, two shares could be used to reconstruct Alice's original state. Assume the first two shares are given. Add the first share to the second (modulo three) and then add the new value of the second share to the first. The resulting state is
where the first qutrit is exactly Alice's original state. Via this method, the sender's original state can be reconstructed at one of the receivers' particles, but it is crucial that no measurements be made during this reconstruction process or any superposition within the quantum state will collapse.
The security of QSS relies upon the no-cloning theorem to protect against possible eavesdroppers as well as dishonest users. This section adopts the two-particle entanglement protocol very briefly mentioned above. [7]
QSS promises security against eavesdropping in the exact same way as quantum key distribution. Consider an eavesdropper, Eve, who is assumed to be capable of perfectly discriminating and creating the quantum states used in the QSS protocol. Eve's objective is to intercept one of the receivers' (say Bob's) shares, measure it, then recreate the state and send it on to whomever the share was initially intended for. The issue with this method is that Eve needs to randomly choose a basis to measure in, and half of the time she will choose the wrong basis. When she chooses the correct basis, she will get the correct measurement result with certainty and can recreate the state she measured and send it off to Bob without her presence being detected. However, when she chooses the wrong basis, she will end up sending one of the two states from the incorrect basis. Bob will measure the state she sent him and half of the time this will be the correct detection, but only because the state from the wrong basis is an equal superposition of the two states in the correct basis. Thus, half of the time that Eve measures in the wrong basis and therefore sends the incorrect state, Bob will measure the wrong state. This intervention on Eve's part leads to causing an error in the protocol on an extra 25% of trials. Therefore, with enough measurements, it will be nearly impossible to miss the protocol errors occurring with a 75% probability instead of the 50% probability predicted by the theory, thus signaling that there is an eavesdropper within the communication channel.
More complex eavesdropping strategies can be performed using ancilla states, but the eavesdropper will still be detectable in a similar manner.
Now, consider the case where one of the participants of the protocol (say Bob) is acting as a malicious user by trying to obtain the secret without the other participants being aware. Analyzing the possibilities, one learns that choosing the proper order in which Bob and Charlie release their measurement bases and results when testing for eavesdropping can promise the detection of any cheating that may be occurring. The proper order turns out to be:
This ordering prevents Receiver 2 from knowing which basis to share for tricking the other participants because Receiver 2 does not yet know what basis Receiver 1 is going to announce was used. Similarly, since Receiver 1 must release their results first, they cannot control if the measurements should be correlated or anticorrelated for the valid combination of bases used. In this way, acting dishonestly will introduce errors in the eavesdropper testing phase whether the dishonest participant is Receiver 1 or Receiver 2. Thus, the ordering of releasing the data must be carefully chosen so as to prevent any dishonest user from acquiring the secret without being noticed by the other participants.
This section follows from the first experimental demonstration of QSS in 2001 which was made possible via advances in techniques of quantum optics. [8]
The original idea for QSS using GHZ states was more challenging to implement because of the difficulties in producing three-particle correlations via either down-conversion processes with nonlinearities or three-photon positronium annihilation, both of which are rare events. [9] Instead, the original experiment was performed via the two-particle scheme using a standard spontaneous parametric down-conversion (SPDC) process with the third correlated photon being the pump photon.
The experimental setup works as follows:
Using where X and Y are either 'S' for short path or 'L' for long path and i and j are one of 'A', 'B', or 'C' to label a participant's interferometer, this notation describes the arbitrary path taken for any combination of two participants. Notice that and where j is either 'B' or 'C' are indistinguishable processes as the time difference between the two processes are exactly the same. The same is true for and Describing these indistinguishable processes mathematically,
which can be thought of as a "pseudo-GHZ state" where the difference from a true GHZ state is that the three photons do not exist simultaneously. Nonetheless, the triple "coincidences" can be described by exactly the same probability function as for the true GHZ state,
implying that QSS will work just the same for this 2-particle source.
By setting the phases and to either 0 or in much the same way as two-photon Bell tests, it can be shown that this setup violates a Bell-type inequality for three particles,
where is the expectation value for a coincidence measurement with phase shifter settings . For this experiment, the Bell-type inequality was violated, with , suggesting that this setup exhibits quantum nonlocality.
This seminal experiment showed that the quantum correlations from this setup are indeed described by the probability function The simplicity of the SPDC source allowed for coincidences at much higher rates than traditional three-photon entanglement sources, making QSS more practical. This was the first experiment to prove the feasibility of a QSS protocol.
Quantum teleportation is a technique for transferring quantum information from a sender at one location to a receiver some distance away. While teleportation is commonly portrayed in science fiction as a means to transfer physical objects from one location to the next, quantum teleportation only transfers quantum information. The sender does not have to know the particular quantum state being transferred. Moreover, the location of the recipient can be unknown, but classical information needs to be sent from sender to receiver to complete the teleportation. Because classical information needs to be sent, teleportation can not occur faster than the speed of light.
Second quantization, also referred to as occupation number representation, is a formalism used to describe and analyze quantum many-body systems. In quantum field theory, it is known as canonical quantization, in which the fields are thought of as field operators, in a manner similar to how the physical quantities are thought of as operators in first quantization. The key ideas of this method were introduced in 1927 by Paul Dirac, and were developed, most notably, by Vladimir Fock and Pascual Jordan later.
In quantum mechanics, a probability amplitude is a complex number used in describing the behaviour of systems. The modulus squared of this quantity represents a probability density.
In thermodynamics, the Onsager reciprocal relations express the equality of certain ratios between flows and forces in thermodynamic systems out of equilibrium, but where a notion of local equilibrium exists.
In physics, the S-matrix or scattering matrix relates the initial state and the final state of a physical system undergoing a scattering process. It is used in quantum mechanics, scattering theory and quantum field theory (QFT).
The Bell states or EPR pairs are specific quantum states of two qubits that represent the simplest examples of quantum entanglement; conceptually, they fall under the study of quantum information science. The Bell states are a form of entangled and normalized basis vectors. This normalization implies that the overall probability of the particle being in one of the mentioned states is 1: . Entanglement is a basis-independent result of superposition. Due to this superposition, measurement of the qubit will collapse it into one of its basis states with a given probability. Because of the entanglement, measurement of one qubit will collapse the other qubit to one of two possible values, where the value depends on which Bell state the two qubits are in. Bell states can be generalized to certain quantum states of multi-qubit systems, such as the GHZ state for 3 or more subsystems.
In quantum field theory, the LSZ reduction formula is a method to calculate S-matrix elements from the time-ordered correlation functions of a quantum field theory. It is a step of the path that starts from the Lagrangian of some quantum field theory and leads to prediction of measurable quantities. It is named after the three German physicists Harry Lehmann, Kurt Symanzik and Wolfhart Zimmermann.
In quantum mechanics, a two-state system is a quantum system that can exist in any quantum superposition of two independent quantum states. The Hilbert space describing such a system is two-dimensional. Therefore, a complete basis spanning the space will consist of two independent states. Any two-state system can also be seen as a qubit.
In electromagnetism, the electromagnetic tensor or electromagnetic field tensor is a mathematical object that describes the electromagnetic field in spacetime. The field tensor was first used after the four-dimensional tensor formulation of special relativity was introduced by Hermann Minkowski. The tensor allows related physical laws to be written very concisely.
In quantum mechanics, the Hellmann–Feynman theorem relates the derivative of the total energy with respect to a parameter, to the expectation value of the derivative of the Hamiltonian with respect to that same parameter. According to the theorem, once the spatial distribution of the electrons has been determined by solving the Schrödinger equation, all the forces in the system can be calculated using classical electrostatics.
In quantum information theory, superdense coding is a quantum communication protocol to communicate a number of classical bits of information by only transmitting a smaller number of qubits, under the assumption of sender and receiver pre-sharing an entangled resource. In its simplest form, the protocol involves two parties, often referred to as Alice and Bob in this context, which share a pair of maximally entangled qubits, and allows Alice to transmit two bits to Bob by sending only one qubit. This protocol was first proposed by Bennett and Wiesner in 1970 and experimentally actualized in 1996 by Mattle, Weinfurter, Kwiat and Zeilinger using entangled photon pairs. Superdense coding can be thought of as the opposite of quantum teleportation, in which one transfers one qubit from Alice to Bob by communicating two classical bits, as long as Alice and Bob have a pre-shared Bell pair.
In physics, in the area of quantum information theory, a Greenberger–Horne–Zeilinger state is a certain type of entangled quantum state that involves at least three subsystems. It was first studied by Daniel Greenberger, Michael Horne and Anton Zeilinger in 1989. Extremely non-classical properties of the state have been observed.
A quasiprobability distribution is a mathematical object similar to a probability distribution but which relaxes some of Kolmogorov's axioms of probability theory. Quasiprobabilities share several of general features with ordinary probabilities, such as, crucially, the ability to yield expectation values with respect to the weights of the distribution. They can however violate the σ-additivity axiom: integrating them over does not necessarily yield probabilities of mutually exclusive states. Indeed, quasiprobability distributions also counterintuitively have regions of negative probability density, contradicting the first axiom. Quasiprobability distributions arise naturally in the study of quantum mechanics when treated in phase space formulation, commonly used in quantum optics, time-frequency analysis, and elsewhere.
The time-evolving block decimation (TEBD) algorithm is a numerical scheme used to simulate one-dimensional quantum many-body systems, characterized by at most nearest-neighbour interactions. It is dubbed Time-evolving Block Decimation because it dynamically identifies the relevant low-dimensional Hilbert subspaces of an exponentially larger original Hilbert space. The algorithm, based on the Matrix Product States formalism, is highly efficient when the amount of entanglement in the system is limited, a requirement fulfilled by a large class of quantum many-body systems in one dimension.
The Wigner D-matrix is a unitary matrix in an irreducible representation of the groups SU(2) and SO(3). The complex conjugate of the D-matrix is an eigenfunction of the Hamiltonian of spherical and symmetric rigid rotors. The matrix was introduced in 1927 by Eugene Wigner. D stands for Darstellung, which means "representation" in German.
In many-body theory, the term Green's function is sometimes used interchangeably with correlation function, but refers specifically to correlators of field operators or creation and annihilation operators.
There are various mathematical descriptions of the electromagnetic field that are used in the study of electromagnetism, one of the four fundamental interactions of nature. In this article, several approaches are discussed, although the equations are in terms of electric and magnetic fields, potentials, and charges with currents, generally speaking.
In mathematics, the structure constants or structure coefficients of an algebra over a field are used to explicitly specify the product of two basis vectors in the algebra as a linear combination. Given the structure constants, the resulting product is bilinear and can be uniquely extended to all vectors in the vector space, thus uniquely determining the product for the algebra.
Entanglement distillation is the transformation of N copies of an arbitrary entangled state into some number of approximately pure Bell pairs, using only local operations and classical communication.
In accelerator physics, the Courant–Snyder parameters are a set of quantities used to describe the distribution of positions and velocities of the particles in a beam. When the positions along a single dimension and velocities along that dimension of every particle in a beam are plotted on a phase space diagram, an ellipse enclosing the particles can be given by the equation: