Continuous Variable Quantum Secret Sharing with Security Enhancement in Practical Quantum Communications

Abstract

Quantum communications can be conveniently implemented by two participants, but quantum secret key sharing (QSS) through multi-participant communication seems difficult in practice. In this paper, we propose a multi-participant QSS scheme with the local local oscillator (LLO) in continuous variable (CV) quantum communications. It allows an honest participant called a dealer to share a secret key with the others, making it possible to establish a secret key if and only if all participants gather together. The LLO scheme, which eliminates the need for the local oscillator (LO) to be propagated in insecure channels, can be used to avoid the potential LO attack in the traditional CVQSS scheme. Numerical simulation shows that the performance of the LLO-based CVQSS can be improved in terms of the maximal transmission distance even if it is performed with the partially trusted noise.

1. Introduction

Continuous variable quantum communications, which has the advantage of compatibility and convenience in signal preparations [1,2], has been proposed for secure communications with two participants. With the popularization of networks, however, the demand for multi-participant quantum communication increases. In order to establish a multi-participant approach to network, we consider implementations of quantum secret sharing (QSS) [3,4,5], where the secret message or information is divided into many pieces and sent to all users who participate in sharing information. The legal users can recover the initial message only if they cooperate together.

The traditional QSS was the discrete variable (DV) QSS [3,4,5] since it uses the single-photon for the signal single-photon source and single-photon detector for detection. Whereas, for CVQSS, it employs continuous light for the signal source and uses either a homodyne detector or heterodyne detector for detection. There is an advantage since it can be carried out by using the existing optical communication technology, resulting in good compatibility and usability [6]. After CVQSS was suggested in feasible implementations [7,8], lots of schemes on CVQSS have been proposed, which involve the detection of eavesdroppers, the modulation of coherent states, and so on [9,10]. However, there are few studies on security enhancement that are related to the key distribution in quantum communications.

Motivated by structure characteristics of the CV quantum communication systems [11], the propagation of local oscillator (LO) between the sender and the receiver is a necessary factor for security assurance [12,13]. Taking into account the performance improvement [14,15], we consider the local local oscillator (LLO)-based CVQSS. Different from the previous CVQSS that involves the LO used to avoid the practical security problems of coherent detection [12], the proposed CVQSS can be implemented with the LLO-based detection scheme, aiming at security enhancement. Consequently, it provides an advantage because the LLO can be used to eliminate the potential dangers through insecure channels, such as the wavelength attack, the LO fluctuation attack, and the LO polarization attack [16,17]. However, when the LLO scheme is implemented in CVQSS for a large number of users, the performance of the system becomes worse. Fortunately, we can make the part of phase noise regarded as reliable to improve the performance, where the trusted part of phase noise is overestimated [18]. As the dealer needs to establish quantum communication links with all legal users, we can achieve security enhancement while making use of the partially trusted noises.

This paper is organized as follows. In Section 2, we suggest an approach to the implementation of the LLO-based CVQSS. In Section 3, we demonstrate the security analysis of the CVQSS system. Moreover, we perform numerical simulations to prove its feasibility in practical implementation, which includes the number of users, the maximal transmission distance and the secure key rate. Finally, the conclusion is drawn in Section 4.

2. The LLO-Based CVQSS

In the QSS scheme, each legal user $U_i$ can send the discretely modulated coherent states (DMCS), denoted by $u_i\in \{(x_i,p_i):\left|x_i+i{p}_i\right.〉\}$ for $i\in Z_n=\{1,2,\dots ,n\}$, to the dealer, and then recover the secret in cooperation by using the highly asymmetric beam splitter (HABS). The QSS scheme can be designed as follows.

Step 1. The user who is the farthest from the dealer can be arranged as the first user $U_1$, as shown in Figure 1. For all legal users $U=\{U_i:i\in Z_n\}$, the user who is nearest to $U_i$ but has not been selected as $U_{i+1}$ for $i\in Z_n$. In this way, we define the order of n participants.

Step 2. $U_1$ prepares $u_1$ with phase reference, where both the signal and the phase reference are synchronously generated by using the same laser [11]. Then, $U_1$ sends them to $U_2$. Subsequently, $U_2$ prepares $u_2$ with phase reference and couples them to the same mode as $U_1$ has. Finally, $U_n$ sends the final mode to the dealer.

Because the displacement of each user is $(x_i,p_i)$, the resulting signal which is received by the dealer can be expressed as $(x_d,p_d)$ with

$$x_d=\sum _{i=1}^n\sqrt{T_i}{x}_i,p_d=\sum _{i=1}^n\sqrt{T_i}{p}_i,$$

(1)

where $T_i$ is the i-th channel transmittance established between $U_i$ and the dealer.

Step 3. Repeat the above steps to ensure all participants hold sufficient raw data. In order to estimate $T_i$, the dealer requests all participants to announce the corresponding data in a random subset of raw data. After that, they discard the disclosed data.

Step 4. All users U achieve the key K according to the calculation $K={\oplus }_{i=1}^n{K}_i$, where $K_i$ is the devision of $u_i$.

Assuming that $U_i$ is honest, the dealer chooses a random subset of remaining raw data while asking all users U except $U_i$ to announce their raw data, respectively. Following the resulting data, the measurements will be updated as

$$x_{r_i}=x_d-\sum _{j\ne i}^n\sqrt{T_j}{x}_j,p_{r_i}=p_d-\sum _{j\ne i}^n\sqrt{T_j}{p}_j,$$

(2)

for $i,j\in Z_n$. When establishing the link $T_i$ between the dealer and $U_i$, we can achieve the secret key rate $R_i$. Subsequently, a lower bound of the final secret key rate R of CVQSS can be expressed as $R=min\left\{R_i:i\in Z_n\right\}$ [19].

When considering the characteristics of R for the LLO-based CVQSS, we take into account the effect of the phase noise given by [20]

$${\xi }_{\mathrm{phase}}=2V_A\left(1-e^{-\frac{V_{\mathrm{est}}}{2}}\right),$$

(3)

where $V_A$ denotes the modulation variance, $V_{\mathrm{est}}$ is the variance of the phase noise given by $V_{\mathrm{est}}=var\left({\theta }_S-{\widehat{\theta }}_S\right)$ with the real phase rotation value ${\theta }_S$ and the estimated value ${\widehat{\theta }}_S$. The analysis and extrapolation of $V_{\mathrm{est}}$ are detailed in Appendix A, where the relations of the trusted phase noise, the total channel added noise, the total detection added noise and the total added noise has been derived in details.

3. Performance Analysis

3.1. Derivation of the Secret Key Rate

We have achieved the secret key rate R of the LLO-based QSS system for U. The secret key rate can be obtained from the longest transmission distance when each user $U_i$ has an equal amount of noise ${\xi }_{\mathrm{tot}}$, including the phase noise ${\xi }_0^{\mathrm{phase}}$ and ${\xi }_{\mathrm{rest}}$ [19]. Without loss of generality, Alice is the farthest user $U_1$ and Bob is the dealer. The rest of $n-1$ users are assumed to be dishonestly located with an equal interval. Then, the secret key rate R can be calculated as [21]

$$R=\beta I_{AB}-{\chi }_{BE},$$

(4)

where $\beta$ denotes the traditional reconciliation efficiency, $I_{AB}$ is Alice and Bob’s mutual information, and ${\chi }_{BE}$ is Eve and Bob’s Holevo bound.

Assuming that the transmittance of HABS approaches one, the channel transmittance of the i-th participant $U_i$ is calculated as

$$T_i={10}^{\frac{-\delta l_i}{10}},$$

(5)

where $l_i$ denotes the transmission distance between $U_i$ and the dealer, and $\delta$ is the attenuation coefficient of the fiber link. The excess noise of $U_i$, referring to the channel input, can be calculated by [6]

$$\begin{array}{cc}\hfill {\xi }_i& =\frac{T_i}{T_1}({\xi }_{\mathrm{rest}}+{\xi }_0^{\mathrm{phase}})\hfill \\ \hfill & =\frac{T_i}{T_1}({\xi }_{\mathrm{rest}}+{\xi }_{\mathrm{error}}-\frac{{\xi }_{\mathrm{error}}^T}{T_1}),\hfill \end{array}$$

(6)

where ${\xi }_{\mathrm{rest}}={\xi }_0+{\xi }_{\mathrm{AM}}+{\xi }_{\mathrm{LE}}+{\xi }_{\mathrm{ADC}}$ [19]. Combined with the results in Appendix A, the channel-added noise, the total channel-added noise, the total detection-added noise and the total added noise can be derived as

$$\begin{array}{cc}\hfill {\chi }_{\mathrm{line}}^T& =\frac{1}{T}-1+\sum _{i=1}^n{\xi }_i,\hfill \\ \hfill {\chi }_{\mathrm{het}}^T& =\frac{2-\mu +2v_{\mathrm{el}}}{\mu }\left(1+\frac{V_A}{E_R^2}\right),\hfill \\ \hfill {\chi }_{\mathrm{tot}}& ={\chi }_{\mathrm{line}}^T+\frac{{\chi }_{\mathrm{het}}^T}{T}.\hfill \end{array}$$

(7)

Consequently, Alice and Bob’s mutual information $I_{AB}$ can be derived as

$$I_{AB}={log}_2\frac{V+{\chi }_{\mathrm{tot}}}{1+{\chi }_{\mathrm{tot}}},$$

(8)

where $V=1+V_A$. The Holevo bound ${\chi }_{BE}$ is given by

$${\chi }_{BE}=S\left({\rho }_E\right)-\int d{x}_B,p_{B}P\left(x_B,p_B\right)S\left({\rho }_E^{x_B,p_B}\right),$$

(9)

where $(x_B,p_B)$ is Bob’s results with the probability density $P(x_B,p_B)$, ${\rho }_E^{x_B,p_B}$ denotes the eavesdropper’s state based on Bob’s measurements, and S represents the von Neumann entropy. Followed by the derivation in Appendix A, we assume that the loss and noise of Bob’s detector are all trusted, and then we obtain

$${\chi }_{BE}=\sum _{j=1}^{2}G\left(\frac{{\lambda }_j-1}{2}\right)-\sum _{j=3}^{5}G\left(\frac{{\lambda }_j-1}{2}\right),$$

(10)

where $G\left(x\right)=(x+1){log}_2(x+1)-x{log}_{2}x$, and $\{{\lambda }_k:k\in \{1,2,3,4\}\}$ can be described as

$${\lambda }_{1,2}^2=\frac{1}{2}\left[A\pm \sqrt{A^2-4B}\right],{\lambda }_{3,4}^2=\frac{1}{2}\left[C\pm \sqrt{C^2-4D}\right],$$

(11)

involving the parameters $A,B,C$ and D given by

$$A=V^2+T^2{\left(V+{\chi }_{\mathrm{line}}^T\right)}^2-2T{\kappa }_4^2,B=T^2{\left(V^2+V{\chi }_{\mathrm{line}}^T-{\kappa }_4^2\right)}^2,$$

(12)

$$\begin{array}{c}\hfill C=\frac{1}{T^2{\left(V+{\chi }_{\mathrm{tot}}\right)}^2}\left\{A{\left({\chi }_{\mathrm{het}}^T\right)}^2+B+1\right.+2{\chi }_{\mathrm{het}}^T\left.\left[V\sqrt{B}+T\left(V+{\chi }_{\mathrm{line}}\right)+2T{\kappa }_4^2\right]\right\},\end{array}$$

(13)

$$D={\left(V+\sqrt{B}{\chi }_{\mathrm{het}}/T\left(V+{\chi }_{\mathrm{tot}}\right)\right)}^2,{\lambda }_5=1.$$

(14)

We note that the derivation of the parameter ${\kappa }_4$ can be found in Appendix B.

3.2. Numerical Simulations

For security analysis with numerical simulations, we make use of parameters, including attenuation coefficient 0.2 dB/km, detection efficiency 0.6, electronics noise 0.05, reconciliation efficiency 0.98, and so on, which can usually be used as performance evaluation of the traditional CV quantum communication system [21,22,23,24].

In Figure 2, we demonstrate the performance of the LLO-based CVQSS system in terms of the secret key rate R and the maximal transmission distance for $n\in \{2,5,10,15\}$ when taking into account effects of the conventional phase noise and the partially trusted phase noise. For the given phase noise, the maximal transmission distance of the LLO-based QSS is achieved with more than 50 km for two legal users, whereas the performance declines with an increased number of legal users. When the number of users is selected more than 15, the maximal transmission distance approaches 10 km. While deriving the secure key rate for each sub-system, the effect of noise and influence brought by other $n-1$ untrusted users become disastrous when the number of users U is increased.

Meanwhile, for the given number of legal users U, the maximal transmission distance can be lengthened when taking into account the partially trusted noise. The reason is that the tolerance of the traditional phase noise is lower than that of the partially trusted noise. Taking $n=2$ as an example, the maximal transmission distance is slightly less than 40 km. However, it reaches more than 50 km for the trusted noise, which means it delivers a performance improvement. With the traditional phase noise, the implementation of the LLO-based CVQSS will result in limits in terms of the secret key rate and the maximal transmission distance. A slight excess noise will become a great impact on the performance because the system is sensitive to the excess noise, as shown in Figure 3. This improvement is more pronounced with the large number of users U. It seems that the proposed scheme is very sensitive to the number of users U. Therefore, three factors, which include the secret key rate, the maximal transmission distance and the number of legal users, should be determined to illustrate the security of the LLO-based CVQSS. For example, while designing a scheme with long-distance transmission and high-rate secret keys, the number of legal users U has to be sacrificed.

4. Conclusions

We have proposed an approach to the LLO-based CVQSS with security enhancement, which can be further improved by making the partial phase noise be trusted. We prove the security of the CVQSS system while considering effects of the external eavesdroppers and dishonest users. Numerical simulations demonstrate the performance of the LLO-based CVQSS system when taking into account the effect of the number of legal users. When we take the suitable numbers of legal participants, the performance of the LLO-based CVQSS can be furthermore improved in terms of the secret key rate, which is compared with the traditional one. Moreover, we find that the performance of the system can be improved by making full use of the partially trusted phase noise. It leaves an optimization space for multi-participant secret sharing in practical networks.