Skip to main content

ORIGINAL RESEARCH article

Front. Quantum Sci. Technol., 03 May 2023
Sec. Quantum Communication
This article is part of the Research Topic Insights in Quantum Communication: 2022 View all 4 articles

Measurement-device-independent multi-party quantum key agreement

Bing-Xin LiuBing-Xin Liu1Rui-Chen HuangRui-Chen Huang1Yu-Guang Yang,
Yu-Guang Yang1,2*Guang-Bao XuGuang-Bao Xu3
  • 1Faculty of Information Technology, Beijing University of Technology, Beijing, China
  • 2Beijing Key Laboratory of Trusted Computing, Beijing, China
  • 3College of Mathematics and Systems Science, Shandong University of Science and Technology, Qingdao, China

Quantum key agreement (QKA) is an important quantum cryptography primitive. In a QKA protocol, two or more untrusted parties can agree on an identical key in such a way that they equally influence the key and no subset can decide it alone. However, in practical QKA, the imperfections of the participant’s detectors can be exploited to compromise the security and fairness of QKA. To remove all the detector-side-channel loopholes, a measurement-device-independent multi-party QKA protocol is proposed. The protocol exploits the post-selected GHZ states to generate a secure agreement key between legitimate participants, while ensuring the fairness of key agreement. Our protocol provides a new clue for the design of practical QKA protocols.

1 Introduction

Securing group communication has received lots of attention in recent years. The approach of supporting secure group communication is to maintain a secret known only to all group members. The way of generating this secret is known as group key establishment. There are two ways to realize it. One is centralized key establishment, i.e., key distribution, where one party generates a group secret. It is appropriate for 2-party (e.g., client-server or peer-to-peer) communication as well as for large multicast groups. However, many collaborative group settings (e.g., remote board meetings, teleconferences, white-boards, shared instruments, secure and efficient data sharing, collaborative workspaces, cloud computing, and command-and-control systems) require distributed key establishment techniques, i.e., distributed group key agreement.

A key agreement protocol aims to generate a common conference key for multiple participants to ensure the security of their later group communications in such a way that all influence the outcome. Since it was introduced by Diffie-Hellman in their seminal paper (Diffie and Hellman, 1976), the key agreement protocol has become one of the fundamental cryptographic primitives. However, classical key agreement protocols are based on public key cryptography where the security is based on the assumption of computational complexity. With the proposal of quantum computer, the classical cryptosystem faces certain security threats, so quantum cryptography came into being.

The security of quantum cryptography depends on the basic principles of quantum mechanics. In recent years, quantum cryptography has developed rapidly, and has extended a series of branch fields, such as quantum key distribution (Bennett and Brassard, 1984; Gisin et al., 2002), quantum secure direct communication (QSDC) (Boström and Felbinger, 2002; Deng et al., 2003), quantum authentication (Dušek et al., 1999), quantum private comparison (Yang et al., 2009; Yang and Wen, 2009; Chen et al., 2010), quantum signature (Yang et al., 2016a; Yang et al., 2017a), quantum private query (Gao et al., 2012; Yang et al., 2014; Gao et al., 2015; Yang et al., 2016b; Yang et al., 2016c; Wei et al., 2016; Yang et al., 2017b; Yang et al., 2019a; Gao et al., 2019), and quantum key agreement (QKA), etc.

Generally speaking, a secure QKA should satisfy four conditions (C1) Correctness: At the end of the protocol, each participant will get the correct agreement key (C2) Fairness: All participants have equal influence on the agreement key, that is, any non-trivial subset of participants cannot determine the agreement key alone (C3) Security: No external eavesdropper can obtain the information about the agreement key without being detected (C4) Privacy: All participants’ sub keys must remain confidential, and only the participants themselves know their own sub-keys. Since Zhou et al. proposed the first QKA protocol (Zhou et al., 2004) in 2004, various novel two-party and multi-party QKA protocols have been proposed (Tsai and Hwang, 2009; Chong and Hwang, 2010; Liu et al., 2013a; Shi and Zhong, 2013; He and Ma, 2015; Sun et al., 2016; He and Ma, 2017; Mohajer and Eslami, 2017; Wang et al., 2017; Yang et al., 2019b; Li and Li, 2020; Naresh et al., 2020; Naresh and Reddi, 2020; Zhou et al., 2020; Zhu et al., 2021a; Zhu et al., 2021b; Huang et al., 2021; Lin et al., 2021; Yang et al., 2022).

In practice, deviations in the actual behavior of a physical device from its ideal behavior can lead to significant practical safety issues. Quantum hackers can exploit these device flaws, especially detector defects, to perform time-shift attacks, bright light blinding attacks, and other attacks on detectors (Qi et al., 2007; Makarov, 2009; Lydersen et al., 2010; Xu et al., 2020). To address this security issue, measurement-device-independent QKD (MDI-QKD) was proposed, which removes all detector-side channel loopholes (Lo et al., 2012). The advantage of MDI-QKD is that it is only necessary to assume that legitimate participants have a trusted state preparation device. Thus, the measurement device can be considered as a black box, which naturally removes all detector-side channels. Various MDI-QKD experimental systems have been successfully demonstrated (Liu et al., 2013b; Ferreira da Silva et al., 2013; Rubenok et al., 2013; Woodward et al., 2021) and extended to the communication network (Tang et al., 2016). Various new MDI-QKD protocols, such as twin-field QKD (Lin and Lütkenhaus, 2018; Lucamarini et al., 2018; Ma et al., 2018; Wang et al., 2018) and mode-pairing QKD (Zeng et al., 2022), have also been proposed. Recently, the MDI-QKD proposed by Fan et al. achieves networking of QKD by combining cost and the user needs, enabling the network to meet high key rates or achieve high security levels (Fan-Yuan et al., 2021). Next, they proposed the MDI-QKD protocol, which is robust to environmental disturbances and highly adaptive to multi-user access (Fan-Yuan et al., 2022). Wang et al. proposed the long-distance TF-QKD protocol, which can achieve long-distance key distribution of more than 830 km. This is a great breakthrough and in ensuring similar distances, compared to previous key distribution, the security key rate of this protocol is two orders of magnitude greater (Wang et al., 2022).

However, there is little work related to MDI-QKA. Recently, Cai et al. proposed a three-party MDI-QKA protocol (Cai et al., 2022). In this protocol, the participant Charlie needs to implement Z-basis or X-basis measurement on his Greenberger-Horne-Zeinger (GHZ) particle c, where the Z-basis measurement result is just the agreement key. However, if an external eavesdropper manipulates Charlie’s measurement device, Charlie’s measurement device may leak Charlie’s Z-basis measurement result, i.e., the agreement key to the external eavesdropper, thus threatening the security of the MDI-QKA protocol.

To eliminate all detector-side channel loopholes in QKA, a new multi-party MDI-QKA protocol is proposed. The protocol utilizes post-selected GHZ states to generate secure agreement keys among the multiple participants while ensuring fairness in key agreement. The protocol only needs to assume that the participants’ state preparation devices are trusted, and thus the security is better than that of Cai et al.

The rest of this paper is organized as follows: In Section 2, a three-party MDI-QKA protocol is first proposed. In Section 3, the protocol is analyzed in terms of correctness, fairness, and security. In Section 4, the generalization of the three-party MDI-QKA protocol to n-party is proposed. The last section gives the discussion and conclusion.

2 The three-party MDI-QKA protocol

Suppose that the three participants Alice, Bob and Charlie want to jointly negotiate a key K. David is the untrusted relay for implementing GHZ state measurements. The process of the three-party MDI-QKA protocol is described as follows.

(1) Alice, Bob and Charlie independently prepare a single-photon sequence SA, SB, and SC, respectively. Every single photon in the sequence is randomly in state {0,1,+,} and sent to the relay David via the quantum channel, where ±=12(0±1).

(2) David performs three-particle GHZ state measurements on photons received at the same positions in the three sequences and publishes the results of his measurements. The three-particle GHZ state can be described as

|Φ0+=12000+111,
|Φ0=12000111,
|Φ1+=12001+100,
|Φ1=12001100,
|Φ2+=12010+101,
|Φ2=12010101,
|Φ3+=12100+011,
|Φ3=12100011.(1)

In fact, David’s GHZ state analyzer (Pan and Zeilinger, 1998) constructed using linear optics can identify only two of the eight GHZ states, namely, Φ0+ and Φ0. Therefore, the output of the GHZ state analyzer is Φ0+,Φ0 or failure.

(3) Alice, Bob and Charlie randomly select the photon subset corresponding to successful GHZ state measurement by David as the decoy photons, notify the other two parties of the location of the photon subset and ask them to announce their decoy photon states, respectively. They discard the positions with different tripartite preparation bases. When the bases are the same, they check whether the correlation between the tripartite decoy photon states and David’s GHZ state measurements satisfies formulas (2)-(17). If the error rate is higher than the preset value, they will terminate the protocol, otherwise continue to the next step.

|000=12Φ0++Φ0,(2)
|001=12Φ1++Φ1,(3)
|0|10=12Φ2++Φ2,(4)
|011=12Φ3+Φ3,(5)
|100=12Φ3++Φ3,(6)
|1|01=12Φ2+Φ2,(7)
|110=12Φ1+Φ1,(8)
|111=12Φ0+Φ0,(9)
++|+=12Φ0++Φ1++Φ2++Φ3+,(10)
++|=12Φ0Φ1+Φ2Φ3,(11)
+|+=12Φ0+Φ1Φ2Φ3,(12)
+|=12Φ0+Φ1+Φ2++Φ3+,(13)
+|+=12Φ0+Φ1+Φ2+Φ3,(14)
+|=12Φ0+Φ1++Φ2+Φ3+,(15)
|+=12Φ0++Φ1+Φ2+Φ3+,(16)
|=12Φ0Φ1Φ2Φ3.(17)

(4) After all participants complete the eavesdropping detection, they publish the base information of their remaining single photon states corresponding to the successful GHZ state measurements by David. Finally, the three participants choose the states in Z basis to generate the raw key K.

(5) Alice, Bob and Charlie generate the final key K by performing error correction and privacy amplification on the raw key K.

3 Analysis of correctness, fairness and security

3.1 Correctness

Theorem 1. Suppose Alice, Bob and Charlie are honest and they can negotiate a key K together.

Proof. It can be shown that if Alice, Bob and Charlie perform the above agreement honestly, they can negotiate the raw key K together. This is because when David successfully implements GHZ state measurement and the three preparation bases are Z bases, it can be seen from formulas (2)-(9) that the particle states prepared by Alice, Bob and Charlie can only have two combinations, namely, 000 and 111 with equal probability. Thus, each party can infer from its single photon state that the other two parties have the same state as his preparation. For example, if Alice prepared the single photon state 0, she can infer that Bob and Charlie also prepared the single photon state as 0. So, “0” can be used as the agreement key. Therefore, Alice, Bob and Charlie can jointly negotiate a key K. On this basis, Alice, Bob and Charlie generate an agreement key K after implementing error correction and privacy amplification on K.

3.2 Fairness

Theorem 2. No subset of participants can determine the agreement key K alone.

Proof. It follows from Theorem 1 that if the subset of participants wants to determine the key K alone, they must first determine the raw key K. However, this is not possible. Suppose Alice and Bob want to independently determine the generation key K. Since the raw key K is generated when the composite states of Alice, Bob and Charlie are 000 or 111, and each single photon state of Charlie is randomly selected from {0,1,+,}, Alice and Bob cannot clearly distinguish these four non-orthogonal states, that is, they cannot identify the single photon state of Charlie according to the Heisenberg uncertainty principle. If Alice and Bob try to intercept Charlie’s single photon sequence and send the forged single photon sequence to David, it will be detected with non-zero probability in step 3) when Charlie performs the security detection. The most common attack strategy is for Alice and Bob to prepare an auxiliary particle ϵ and entangle it with Charlie’s single photon, and then the state evolution of the composite system consisting of Alice and Bob’s auxiliary particle and Charlie’s single photon is

0ϵ0ϵ00+1ϵ01,
1ϵ0ϵ10+1ϵ11,
+ϵ12+ϵ00+ϵ10+ϵ01+ϵ11)+ϵ00+ϵ10ϵ01ϵ11,
ϵ12+ϵ00ϵ10+ϵ01ϵ11)+ϵ00ϵ10ϵ01+ϵ11,(18)

where ϵ00ϵ00+ϵ01ϵ01=1,ϵ10ϵ10+ϵ11ϵ11=1,ϵ00ϵ10+ϵ01ϵ11=0. Therefore, the probability that Alice and Bob implement this attack without disturbing Charlie’s state is

Pnd0=ϵ00|ϵ00,
Pnd1=ϵ11|ϵ11,
Pnd+=121+ϵ00ϵ11+ϵ10ϵ01,
Pnd=121+ϵ00ϵ11+ϵ10ϵ01.(19)

For simplicity and without loss of generality, assume that Charlie chooses the decoy state + for security detection and Alice and Bob prepare states ++. Without eavesdropping, according to formula (10), if David implements the GHZ state measurement successfully, only Φ0+ will be obtained, and Φ0 is impossible. However, under the entangle-ancilla attack, the state of the composite system of all single photons and auxiliary particles evolves into

+++ϵ12+++ϵ00+ϵ10+ϵ01+ϵ11)+ϵ00+ϵ10ϵ01ϵ11.(20)

Therefore, the probability of being detected under Alice and Bob’s entangle-ancilla attack, i.e., David’s probability of getting Φ0 is

Pd+++=116ϵ00+|ϵ10ϵ01ϵ112,(21)

where X2=X+X. In order not to be detected, we should let Pd+++=0 and Pnd0=Pnd1=Pnd+=Pnd=1. We can deduce that ϵ01=ϵ10=0. This means that Alice and Bob’s auxiliary particle and Alice, Bob and Charlie’s single photons must be in the tensor product state. So, Alice and Bob cannot obtain the information on Charlie’s single photon state.

Finally, we consider another possible attack strategy, that is, when Charlie chooses a subset of photons as decoy photons, Alice and Bob deliberately declare their bases differently. In this case, Charlie could not successfully implement security detection. However, if Alice and Bob adopt such strategy for all the decoy photons, Charlie will find the occurrence of abnormal behaviors. For a decoy photon, the probability that Alice’s base and Bob’s base are different is 1/2. If the number of decoy photons is m, the probability of Alice and Bob’s base inconsistency is 12m for all m decoy photons. When m is large, the probability of such occurrence is negligible. Charlie will detect the occurrence of this abnormal behavior.

3.3 Security

The proposed MDI-QKA protocol uses the post-selected GHZ state to generate the negotiation key when the three-photon state of Alice, Bob and Charlie is 000 or 111. To obtain the negotiation key, the external eavesdropper Eve must attack when the three parties send their single-photon states to David. However, because these single-photon states are randomly in one of {0,1,+,}, Eve cannot directly intercept and measure these single-photon states without being detected. The most common attack strategy is for Eve to prepare an auxiliary particle ϵ and entangle it with a single photon of a participant such as Alice. Eve can use a similar approach to eavesdrop the single photon states of Bob and Charlie. For simplicity and without loss of generality, assume that Alice, Bob, and Charlie each choose the decoy state + for security detection. Without eavesdropping, according to formula (10), if David’s implementation of the GHZ state measurement is successful, only Φ0+ will be obtained while Φ0 is impossible. Under Eve’s entangle-ancilla attack, the state of the composite system consisting of Alice, Bob and Charlie’s single photons and Eve’s auxiliary particles will evolve into

+++ϵϵϵ12+ϵ00+ϵ10+ϵ01+ϵ11)+ϵ00+ϵ10ϵ01ϵ1112+ϵ00+ϵ10+ϵ01+ϵ11)+ϵ00+ϵ10ϵ01ϵ1112+ϵ00+ϵ10+ϵ01+ϵ11)+ϵ00+ϵ10ϵ01ϵ11=18+ϵ00+ϵ10+ϵ01+ϵ11+ϵ00+ϵ10ϵ01ϵ11×+ϵ00+ϵ10+ϵ01+ϵ11+ϵ00+ϵ10ϵ01ϵ11×+ϵ00+ϵ10+ϵ01+ϵ11+ϵ00+ϵ10ϵ01ϵ11=18+A+B(+A+B)=18[+++AAA++ABB++BAB++BBA+++AAB+++ABA+++BAA+BBB],(22)

where A=ϵ00+ϵ10+ϵ01+ϵ11, B=ϵ00+ϵ10ϵ01ϵ11.

Then the probability that Eve is detected, that is, David’s probability of getting Φ0 is

Pd+++=1256AAB2+ABA2+BAA2+BBB2.(23)

In order not to be detected, we let Pd+++=0 and Pnd0=Pnd1=Pnd+=Pnd=1. We can deduce ϵ01=ϵ10=0. This means that Eve’s auxiliary particle and Alice, Bob and Charlie’s single photons must be in the tensor product state. So, Eve cannot obtain any information on the key by measuring the auxiliary particle.

Consider another scenario where the untrusted relay David tries to obtain the raw key K. When David gets the measurement result Φ0+ or Φ0, the states of Alice, Bob and Charlie are in 000 and 111 with equal probability according to formulas (2) and (9). Therefore, David cannot obtain any information on the raw key K.

4 Generalization to the n-party

The above three-party protocol can be easily extended to the n-party one. Suppose that the n participants Alice1, Alice2, … , Alicen (n > 3) want to jointly negotiate a key K. David is the untrusted relay for implementing GHZ state measurements. The process of the n-party MDI-QKA protocol is described as follows.

(1) Alice1, Alice2, … , Alicen independently prepare a single-photon sequence SA1,SA2, …, SAn, respectively. Every single photon in the sequence is randomly in state {0,1,+,} and sent to the relay David via the quantum channel.

(2) David performs n-particle GHZ state measurements on the received photons at the same positions in the n sequences and publishes the results of his measurements.

(3) Alice1, Alice2, … , Alicen randomly select the photon subset successfully measured by David as the decoy photons, notify the other n-1 parties of the location of the photon subset and ask them to announce their decoy photon states. They discard the positions with different preparation bases of the n parties. When the bases are the same, they check whether the correlation between the n parties’ decoy photon states and David’s GHZ state measurements is satisfied. If the error rate is higher than the preset value, they will terminate the protocol, otherwise continue to the next step.

(4) After all participants complete the eavesdropping detection, they publish the base information of their remaining single photon states corresponding to the GHZ state measurements successfully performed by David. Finally, the n participants choose the states in Z basis to generate the raw key K.

(5) Alice1, Alice2, … , Alicen generate the final key K by performing error correction and privacy amplification on the raw key K.

5 Discussion and conclusion

Since both Cai et al.‘s protocol (Cai et al., 2022) and the proposed one are based on GHZ-states, we will clarify the difference between them and why the proposed one is more “secure”. In Cai et al. protocol, the participant Charlie needs to implement Z-basis or X-basis measurement on his Greenberger-Horne-Zeinger (GHZ) particle c, where the Z-basis measurement result is just the agreement key. However, if an external eavesdropper manipulates Charlie’s measurement device, Charlie’s measurement device may leak his Z-basis measurement result, i.e., the agreement key to the external eavesdropper, thus threatening the security of the MDI-QKA protocol.

In contrast, the proposed protocol exploits the post-selected GHZ states to generate a secure agreement key between legitimate participants. In our protocol, the measurement device is treated as a black box. David takes charge of performing GHZ state measurement and publishing the GHZ state measurement result. The participants prepare a single photon sequence separately, and every single photon is randomly in state {0,1,+,}. When David successfully implements GHZ state measurement and all the participants choose the Z bases on the instances, the states combinations prepared by the participants are only 000 and 111 with equal probability. The agreement key is just the subkeys of the participants. So, even if the eavesdropper obtains the GHZ state measurement result, as long as he does not conspire with the participant, he will not be able to obtain the agreement key. Therefore, the proposed protocol is more secure than that of Cai et al.

One main difference between MDI-QKD and MDI-QKA is that in MDI-QKD, all the participants except the untrusted third party are honest while in MDI-QKA, not all the participants are honest. As we know, fairness is one of the conditions required for an MDI-QKA protocol. Fairness in QKA means that all participants have equal influence on the agreement key, that is, any non-trivial subset of participants cannot determine the agreement key alone. In contrast, fairness is not required for MDI-QKD. Only the security against outsider eavesdroppers is taken into account in an MDI-QKD protocol.

Yang et al. (2022), a detector-device-independent (DDI) QKA (DDI-QKA) protocol was proposed based on single-photon Bell-state measurement. Only the time-bin and path encoding are needed. Complete Bell-state measurement can be achieved based on the time-bin and path. It is implemented with linear optical elements only and thus it is feasible with current technology. In this paper, a multi-party MDI-QKA protocol is proposed. The protocol exploits the post-selected GHZ states to generate a secure agreement key between legitimate participants, while ensuring the fairness of key agreement. Only GHZ state measurements and the single photon state are required, making the operation simple.

In this paper, we propose a new MDI-QKA protocol that removes all detector-side channels. We discuss the efficiency of generating secret keys for this protocol. Regardless of eavesdropping detection, the raw key of the protocol is generated when the participants select the Z-basis, while the single photon for each individual is randomly selected from the set {0,1,+,} and the probability of selecting the Z-basis is 12. For the three-party protocol, the probability that the participants all pick Z-basis is 123=12.5%. When extended to n-party users, the probability will be 12n. It is obvious to see that the raw key rate generated decreases significantly when the number of participants increases, which is lower than the existing QKA protocols (Tsai and Hwang, 2009; Chong and Hwang, 2010; Liu et al., 2013a; Shi and Zhong, 2013; He and Ma, 2015; Sun et al., 2016; He and Ma, 2017; Mohajer and Eslami, 2017; Wang et al., 2017; Yang et al., 2019b; Li and Li, 2020; Naresh et al., 2020; Naresh and Reddi, 2020; Zhou et al., 2020; Zhu et al., 2021a; Zhu et al., 2021b; Huang et al., 2021; Lin et al., 2021; Yang et al., 2022). Similar to the protocol of Cai et al., the actual efficiency of the protocol will be lower if channel loss and compression are considered. Therefore, the future work will focus on how to improve the efficiency of the MDI-QKA protocol to enhance its practicality. Since the implementation of the protocol is inevitably affected by noise, the threshold value for the error rate should be provided before implementing it. However, in this paper, no exact threshold value is given, which is also the case for many multiparty quantum cryptography protocols and becomes an open problem. Combined with quantum state discrimination, we will study this problem in the future.

Data availability statement

The original contributions presented in the study are included in the article/Supplementary Material, further inquiries can be directed to the corresponding author.

Author contributions

B-XL: Conceptualization, Methodology, Writing—Original draft preparation. R-CH: Security analysis. Y-GY: Supervision, Writing—Reviewing and Editing. G-BX: Writing—Reviewing and Editing.

Funding

This work is supported by the National Natural Science Foundation of China (Grant Nos. 62071015, 62171264).

Conflict of interest

The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Publisher’s note

All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.

References

Bennett, C. H., and Brassard, G. (1984). “Quantum cryptography: Public key distribution and coin tossing,” in Proceed IEEE int conf comput, syst signal process (New York: IEEE), 175–179.

Google Scholar

Boström, K., and Felbinger, T. (2002). Deterministic secure direct communication using entanglement. Phys. Rev. Lett. 89, 187902. doi:10.1103/physrevlett.89.187902

PubMed Abstract | CrossRef Full Text | Google Scholar

Cai, X. Q., Liu, Z. F., Wei, C. Y., and Wang, T. Y. (2022). Long distance measurement-device-independent three-party quantum key agreement. Phys. A 607, 128226. doi:10.1016/j.physa.2022.128226

CrossRef Full Text | Google Scholar

Chen, X. B., Xu, G., Niu, X. X., Wen, Q. Y., and Yang, Y. X. (2010). An efficient protocol for the private comparison of equal information based on the triplet entangled state and single particle measurement. Opt. Commun. 283 (7), 1561–1565. doi:10.1016/j.optcom.2009.11.085

CrossRef Full Text | Google Scholar

Chong, S. K., and Hwang, T. (2010). Quantum key agreement protocol based on BB84. Opt. Commun. 283, 1192–1195. doi:10.1016/j.optcom.2009.11.007

CrossRef Full Text | Google Scholar

Deng, F. G., Long, G. L., and Liu, X. S. (2003). Two-step quantum direct communication protocol using the EinsteinPodolsky-Rosen pair block. Phys. Rev. A 68, 042317. doi:10.1103/physreva.68.042317

CrossRef Full Text | Google Scholar

Diffie, W., and Hellman, M. E. (1976). New directions in cryptography. IEEE Trans. Inf. Theory IT-22 (6), 644–654. doi:10.1109/tit.1976.1055638

CrossRef Full Text | Google Scholar

Dušek, M., Haderka, O., Hendrych, M., and Myska, R. (1999). Quantum identification system. Phys. Rev. A 60, 149–156. doi:10.1103/physreva.60.149

CrossRef Full Text | Google Scholar

Fan-Yuan, G. J., Lu, F. Y., Wang, S., Yin, Z. Q., He, D. Y., Chen, W., et al. (2022). Robust and adaptable quantum key distribution network without trusted nodes. Optica 9 (7), 812–823. doi:10.1364/optica.458937

CrossRef Full Text | Google Scholar

Fan-Yuan, G. J., Lu, F. Y., Wang, S., Yin, Z. Q., He, D. Y., Zhou, Z., et al. (2021). Measurement-device-independent quantum key distribution for nonstandalone networks. Photonics Res. 9 (10), 1881–1891. doi:10.1364/prj.428309

CrossRef Full Text | Google Scholar

Ferreira da Silva, T., Vitoreti, D., Xavier, G. B., do Amaral, G. C., Temporão, G. P., and von der Weid, J. P. (2013). Proof-of-principle demonstration of measurement-device-independent quantum key distribution using polarization qubits. Phys. Rev. A 88, 052303. doi:10.1103/physreva.88.052303

CrossRef Full Text | Google Scholar

Gao, F., Liu, B., Huang, W., and Wen, Q. Y. (2015). Postprocessing of the oblivious key in quantum private query. Ieee. J. Sel. Top. Quant. 21, 98–108. doi:10.1109/jstqe.2014.2358192

CrossRef Full Text | Google Scholar

Gao, F., Liu, B., Wen, Q.-Y., and Chen, H. (2012). Flexible quantum private queries based on quantum key distribution. Opt. Exp. 20, 17411–17420. doi:10.1364/oe.20.017411

PubMed Abstract | CrossRef Full Text | Google Scholar

Gao, F., Qin, S. J., Huang, W., and Wen, Q. Y. (2019). Quantum private query: A new kind of practical quantum cryptographic protocols. Sci. China-Phys. Mech. Astron. 62, 070301.

CrossRef Full Text | Google Scholar

Gisin, N., Ribordy, G., Tittel, W., and Zbinden, H. (2002). Quantum cryptography. Rev. Mod. Phys. 74, 145–195. doi:10.1103/revmodphys.74.145

CrossRef Full Text | Google Scholar

He, Y. F., and Ma, W. P. (2015). Quantum key agreement protocols with four-qubit cluster states. Quantum Inf. Process 14, 3483–3498. doi:10.1007/s11128-015-1060-7

CrossRef Full Text | Google Scholar

He, Y. F., and Ma, W. P. (2017). Two-party quantum key agreement with five-particle entangled states. Int. J. Quantum Inf. 15 (03), 1750018. doi:10.1142/s0219749917500186

CrossRef Full Text | Google Scholar

Huang, X., Zhang, S. B., Chang, Y., Qiu, C., Liu, D. M., and Hou, M. (2021). Quantum key agreement protocol based on quantum search algorithm. Int. J. Theor. Phys. 60, 838–847. doi:10.1007/s10773-020-04703-x

CrossRef Full Text | Google Scholar

Li, L., and Li, Z. (2020). A verifiable multiparty quantum key agreement based on bivariate polynomial. Inf. Sci. 521, 343–349. doi:10.1016/j.ins.2020.02.057

CrossRef Full Text | Google Scholar

Lin, J., and Lütkenhaus, N. (2018). Simple security analysis of phase-matching measurement-device-independent quantum key distribution. Phys. Rev. A 98, 042332. doi:10.1103/physreva.98.042332

CrossRef Full Text | Google Scholar

Lin, S., Zhang, X., Guo, G. D., Wang, L. L., and Liu, X. F. (2021). Multiparty quantum key agreement. Phys. Rev. A 104, 042421. doi:10.1103/physreva.104.042421

CrossRef Full Text | Google Scholar

Liu, B., Gao, F., Huang, W., and Wen, Q. Y. (2013). Multiparty quantum key agreement with single particles. Quantum Inf. Process 12, 1797–1805. doi:10.1007/s11128-012-0492-6

CrossRef Full Text | Google Scholar

Liu, Y., Chen, T. Y., Wang, L. J., Liang, H., Shentu, G. L., Wang, J., et al. (2013). Experimental measurement-device-independent quantum key distribution. Phys. Rev. Lett. 111, 130502. doi:10.1103/physrevlett.111.130502

PubMed Abstract | CrossRef Full Text | Google Scholar

Lo, H. K., Curty, M., and Qi, B. (2012). Measurement-device-independent quantum key distribution. Phys. Rev. Lett. 108, 130503. doi:10.1103/physrevlett.108.130503

PubMed Abstract | CrossRef Full Text | Google Scholar

Lucamarini, M., Yuan, Z., Dynes, J., and Shields, A. (2018). Overcoming the rate–distance limit of quantum key distribution without quantum repeaters. Nature 557, 400–403. doi:10.1038/s41586-018-0066-6

PubMed Abstract | CrossRef Full Text | Google Scholar

Lydersen, L., Wiechers, C., Wittmann, C., Elser, D., Skaar, J., and Makarov, V. (2010). Hacking commercial quantum cryptography systems by tailored bright illumination. Nat. Phot. 4 (10), 686–689. doi:10.1038/nphoton.2010.214

CrossRef Full Text | Google Scholar

Ma, X., Zeng, P., and Zhou, H. (2018). Phase-matching quantum key distribution. Phys. Rev. X 8, 031043. doi:10.1103/physrevx.8.031043

CrossRef Full Text | Google Scholar

Makarov, V. (2009). Controlling passively quenched single photon detectors by bright light. New J. Phys. 11, 065003. doi:10.1088/1367-2630/11/6/065003

CrossRef Full Text | Google Scholar

Mohajer, R., and Eslami, Z. (2017). Cryptanalysis of a multiparty quantum key agreement protocol based on commutative encryption. Quantum Inf. Process 16 (8), 197. doi:10.1007/s11128-017-1647-2

CrossRef Full Text | Google Scholar

Naresh, V. S., Nasralla, M. M., Reddi, S., and García-Magariño, I. (2020). Quantum Diffie-Hellman extended to dynamic quantum group key agreement for e-Healthcare multi-agent systems in smart cities. Sensors 20 (14), 3940. doi:10.3390/s20143940

PubMed Abstract | CrossRef Full Text | Google Scholar

Naresh, V. S., and Reddi, S. (2020). Multiparty quantum key agreement with strong fairness property. Comput. Syst. Sci. Eng. 35 (6), 457–465. doi:10.32604/csse.2020.35.457

CrossRef Full Text | Google Scholar

Pan, J., and Zeilinger, A. (1998). Greenberger-Horne-Zeilinger-state analyzer. Phys. Rev. A 57, 2208–2211. doi:10.1103/physreva.57.2208

CrossRef Full Text | Google Scholar

Qi, B., Fung, C. H. F., Lo, H. K., and Ma, X. (2007). Time-shift attack in practical quantum cryptosystems. Quantum Inf. Comput. 7, 73–82. doi:10.26421/qic7.1-2-3

CrossRef Full Text | Google Scholar

Rubenok, A., Slater, J. A., Chan, P., Lucio-Martinez, I., and Tittel, W. (2013). Real-world two-photon interference and proof-of-principle quantum key distribution immune to detector attacks. Phys. Rev. Lett. 111, 130501. doi:10.1103/physrevlett.111.130501

PubMed Abstract | CrossRef Full Text | Google Scholar

Shi, R. H., and Zhong, H. (2013). Multi-party quantum key agreement with Bell states and Bell measurements. Quantum Inf. Process 12, 921–932. doi:10.1007/s11128-012-0443-2

CrossRef Full Text | Google Scholar

Sun, Z., Huang, J., and Wang, P. (2016). Efficient multiparty quantum key agreement protocol based on commutative encryption. Quantum Inf. Process 15 (5), 2101–2111. doi:10.1007/s11128-016-1253-8

CrossRef Full Text | Google Scholar

Tang, Y. L., Yin, H. L., Zhao, Q., Liu, H., Sun, X. X., Huang, M. Q., et al. (2016). Measurement-device-independent quantum key distribution over untrustful metropolitan network. Phys. Rev. X 6, 011024. doi:10.1103/physrevx.6.011024

CrossRef Full Text | Google Scholar

Tsai, C., and Hwang, T. (2009). On quantum key agreement protocol. C-S-I-E, NCKU, Taiwan: Technical Report.

Google Scholar

Wang, P., Sun, Z., and Sun, X. (2017). Multi-party quantum key agreement protocol secure against collusion attacks. Quantum Inf. Process 16, 170. doi:10.1007/s11128-017-1621-z

CrossRef Full Text | Google Scholar

Wang, S., Yin, Z. Q., He, D. Y., Chen, W., Wang, R. Q., Ye, P., et al. (2022). Twin-field quantum key distribution over 830-km fibre. Nat. Photonics 16 (2), 154–161. doi:10.1038/s41566-021-00928-2

CrossRef Full Text | Google Scholar

Wang, X. B., Yu, Z. W., and Hu, X. L. (2018). Twin-field quantum key distribution with large misalignment error. Phys. Rev. A 98, 062323. doi:10.1103/physreva.98.062323

CrossRef Full Text | Google Scholar

Wei, C. Y., Wang, T. Y., and Gao, F. (2016). Practical quantum private query with better performance in resisting joint-measurement attack. Phys. Rev. A 93, 042318. doi:10.1103/physreva.93.042318

CrossRef Full Text | Google Scholar

Woodward, R. I., Lo, Y. S., Pittaluga, M., Minder, M., Paraïso, T. K., Lucamarini, M., et al. (2021). Gigahertz measurement-device-independent quantum key distribution using directly modulated lasers. npj Quantum Inf. 7, 58. doi:10.1038/s41534-021-00394-2

CrossRef Full Text | Google Scholar

Xu, F., Ma, X., Zhang, Q., Lo, H. K., and Pan, J. W. (2020). Secure quantum key distribution with realistic devices. Rev. Mod. Phys. 92, 025002. doi:10.1103/revmodphys.92.025002

CrossRef Full Text | Google Scholar

Yang, Y. G., Li, B. R., Kang, S. Y., Chen, X. B., Zhou, Y. H., and Shi, W. M. (2019). New quantum key agreement protocols based on cluster states. Quantum Inf. Process 18, 77. doi:10.1007/s11128-019-2200-2

CrossRef Full Text | Google Scholar

Yang, Y. G., Lv, X. L., Gao, S., Zhou, Y. H., and Shi, W. M. (2022). Detector-device-independent quantum key agreement based on single-photon Bell state measurement. Int. J. Theor. Phys. 61 (2), 50. doi:10.1007/s10773-022-05052-7

CrossRef Full Text | Google Scholar

Yang, Y.-G., Guo, X.-P., Xu, G., Chen, X.-B., Li, J., Zhou, Y.-H., et al. (2019). Reducing the communication complexity of quantum private database queries by subtle classical post-processing with relaxed quantum ability. Comput. Secur. 81, 15–24. doi:10.1016/j.cose.2018.08.012

CrossRef Full Text | Google Scholar

Yang, Y.-G., Lei, H., Liu, Z.-C., Zhou, Y.-H., and Shi, W.-M. (2016). Arbitrated quantum signature scheme based on cluster states. Quantum Inf. process. 15 (6), 2487–2497. doi:10.1007/s11128-016-1293-0

CrossRef Full Text | Google Scholar

Yang, Y.-G., Liu, Z.-C., Chen, X.-B., Zhou, Y.-H., and Shi, W.-M. (2017). Robust QKD-based private database queries based on alternative sequences of single-qubit measurements. Sci. Chin. Phys. Mech. Astron. 60 (12), 120311. doi:10.1007/s11433-017-9085-0

CrossRef Full Text | Google Scholar

Yang, Y.-G., Liu, Z.-C., Li, J., Chen, X.-B., Zuo, H.-J., Zhou, Y.-H., et al. (2016). Quantum private query with perfect user privacy against a joint-measurement attack. Phys. Lett. A 380 (48), 4033–4038. doi:10.1016/j.physleta.2016.10.017

CrossRef Full Text | Google Scholar

Yang, Y.-G., Liu, Z.-C., Li, J., Chen, X.-B., Zuo, H.-J., Zhou, Y.-H., et al. (2017). Theoretically extensible quantum digital signature with starlike cluster states. Quantum Inf. process. 16 (1), 12–15. doi:10.1007/s11128-016-1458-x

CrossRef Full Text | Google Scholar

Yang, Y.-G., Liu, Z. C., Chen, X. B., Cao, W. F., Zhou, Y. H., and Shi, W. M. (2016). Novel classical post-processing for quantum key distribution-based quantum private query. Quantum Inf. process. 15, 3833–3840. doi:10.1007/s11128-016-1367-z

CrossRef Full Text | Google Scholar

Yang, Y.-G., Sun, S.-J., Xu, P., and Tian, J. (2014). Flexible protocol for quantum private query based on B92 protocol. Quantum Inf. process. 13, 805–813. doi:10.1007/s11128-013-0692-8

CrossRef Full Text | Google Scholar

Yang, Y. G., Cao, W. F., and Wen, Q. Y. (2009). Secure quantum private comparison. Phys. Scr. 80 (6), 065002. doi:10.1088/0031-8949/80/06/065002

CrossRef Full Text | Google Scholar

Yang, Y. G., and Wen, Q. Y. (2009). An efficient two-party quantum private comparison protocol with decoy photons and two-photon entanglement. J. Phys. A Math. Theor. 42 (5), 055305. doi:10.1088/1751-8113/42/5/055305

CrossRef Full Text | Google Scholar

Zeng, P., Zhou, H. Y., Wu, W. J., and Ma, X. F. (2022). Mode-pairing quantum key distribution. Nat. Commun. 13, 3903. doi:10.1038/s41467-022-31534-7

PubMed Abstract | CrossRef Full Text | Google Scholar

Zhou, N. R., Zhu, K. N., and Wang, Y. Q. (2020). Three-party semi-quantum key agreement protocol. Int. J. Theor. Phys. 59, 663–676. doi:10.1007/s10773-019-04288-0

CrossRef Full Text | Google Scholar

Zhou, N., Zeng, G., and Xiong, J. (2004). Quantum key agreement protocol. Electron Lett. 40, 1149. doi:10.1049/el:20045183

CrossRef Full Text | Google Scholar

Zhu, H. F., Liu, T. H., and Wang, C. N. (2021). A one-round quantum mutual authenticated key agreement protocol with semi-honest server using three-particle entangled states. Int. J. Theor. Phys. 60, 929–943. doi:10.1007/s10773-021-04716-0

CrossRef Full Text | Google Scholar

Zhu, H. F., Wang, C. N., and Li, Z. X. (2021). Semi-honest three-party mutual authentication quantum key agreement protocol based on GHZ-like state. Int. J. Theor. Phys. 60, 293–303. doi:10.1007/s10773-020-04692-x

CrossRef Full Text | Google Scholar

Keywords: quantum key agreement, measurement-device-independent, detector-side-channel, fairness, multiparty

Citation: Liu B-X, Huang R-C, Yang Y-G and Xu G-B (2023) Measurement-device-independent multi-party quantum key agreement. Front. Quantum Sci. Technol. 2:1182637. doi: 10.3389/frqst.2023.1182637

Received: 09 March 2023; Accepted: 13 April 2023;
Published: 03 May 2023.

Edited by:

Bao-Sen Shi, University of Science and Technology of China, China

Reviewed by:

Shuang Wang, University of Science and Technology of China, China
Chuan Wang, Beijing Normal University, China

Copyright © 2023 Liu, Huang, Yang and Xu. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) and the copyright owner(s) are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

*Correspondence: Yu-Guang Yang, eWFuZ3lhbmc3MzU3QGJqdXQuZWR1LmNu

Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.