基于W态的跨中心量子网络身份认证方案

利用量子隐形传态原理和量子纠缠交换技术,提出了基于W态的跨中心量子网络身份认证方案,实现了分布式量子通信网络中对客户的身份认证.该方案分为注册阶段和身份认证阶段,认证系统包括主服务器和客户端服务器.客户所有的操作都在客户端服务器上进行,不直接与主服务器进行通信.身份认证全部由服务器根据量子力学原理进行,保证了认证方案的安全性.最后,对该方案进行了安全性分析.     

基于GHZ态的量子网络身份认证方案

利用量子力学中纠缠态的非定域关联性,提出了一种基于GHZ态的星型量子通信网络方案,该方案能有效地对用户身份进行认证,提高信息传输的安全性,实现任意站点间的量子通信.     

基于三粒子W态的身份认证

无认证中心的认证协议一般由通信双方相互认证.事先共享纠缠态或身份密钥,结构简单,但不适于扩展成通信网络.通过引入可信第三方认证中心,并利用三粒子W纠缠态的稳健性,提出了一个基于W态的身份认证协议,使得合法通信用户可以在认证中心的协助下进行安全身份认证,身份认证的同时即完成了纠缠粒子的分发.认证完成后,合法通信用户可安全共享EPR纠缠态并在第三方的控制下进行量子直传通信.针对窃听者常用攻击手段进行了安全性分析,结果表明在身份认证过程中可以有效的抵御伪装攻击,截取重发攻击与纠缠攻击等.基于第三方的通信结构具有可扩展性、实用性和受控性.     

基于GHZ态的身份认证与密钥分配方案

在量子密钥分配协议中存在这样一个基本假设,即攻击者不能同时获得量子信道和经典信道上的信息;为解决这一假设性难题,对量子的纠缠特性进行了研究,提出一种基于GHZ三重态的身份认证与密钥分配方案,该方案在建立一次量子信道后利用GHZ三粒子的关联性实现通信双方与仲裁第三方三者之间的身份认证,然后利用远程传态实现通信密钥分配以及新认证密钥的分配,确保通信方身份不可伪造与通信信息安全,最后结合常见的攻击方式论证了该方案的安全性。     

一种网络多用户量子认证和密钥分配理论方案

提出了一种网络多用户量子认证和密钥分配理论方案.类似于现代密码学中的网络认证体系结构提出了一种基于网络中用户与所属的可信服务器之间共享Einstein-Podolsky-Rosen(EPR)纠缠对进行身份认证和密钥分配的分布式客户机/服务器体系结构.基于该体系结构实现网络中任意用户之间的身份认证和密钥分配.可信服务器只提供用户的身份认证以及 交换粒子之间的纠缠使得两个想要秘密通信的用户的粒子纠缠起来.密钥的生成由发起请求 的用户自己完成.网络中的用户只需和所属的可信服务器共享EPR纠缠对通过经典信道和量子 信道与服务器通信.用户不需要互相共享EPR纠缠对，这使得网络中的EPR对的数量由O(n²)减小到O(n). 关键词： 量子认证 量子密钥分配 客户机/服务器 纠缠交换     

一种基于诱骗态的广域量子安全直接通信网络方案

提出了一种基于诱骗态的广域量子安全直接通信网络方案.在每一个局域网中设置一个服务器负责量子态的产生和测量,从而提高了通信距离;将诱骗态的思想引入量子安全直接通信,采用不同的强度发送光脉冲,能够克服光子数目分割攻击,从而提高通信的安全性;根据信道参量估计了不同通信距离的通过率,为信道编码提供了依据.对所提方案进行了安全性分析,结果表明此方案能够实现远距离量子安全直接通信.     

基于量子隐形传态的无线通信网络身份认证方案

提出了有中心的结构化量子通信网络概念,并在经典认证基础之上,结合量子隐形传态技术实现了无线通信网络的身份认证.此认证方案通过对无线局域网的认证进行探讨进而推广至整个无线通信网络中.在无线局域网中,在已获得SK与EPR对的前提下,STA与AP两端通过量子信道进行信息传输,然后AP对手中的量子态进行幺正变换后将得到的信息与原先的备份信息进行保真度计算,从而判定是否认证成功.     

基于网络的量子身份认证方案

根据通信网络规模的大小,提出了两个身份认证方案,一种是直接认证,一种是基于认证服务器的认证.方案的实施过程中采用一种动态方式,即合法通信者之间每次可动态获得一个新的认证密钥.所提方案易于实现,具有可证明安全性,安全性由量子不可克隆性和方案本身的动态特性保证.     

带身份认证的量子安全直接通信方案

针对传统量子安全直接通信方案中需提前假设通信双方合法性的问题,提出一种带身份认证的基于GHZ态(一种涉及至少三个子系统或粒子纠缠的量子态)的量子安全直接通信方案.该方案将GHZ态粒子分成三部分,并分三次发送,每一次都加入窃听检测粒子检测信道是否安全,并在第二次发送的时候加入身份认证,用以验证接收方的身份,在第三次发送完粒子之后,接收方将所有检测粒子抽取出来,之后对GHZ态粒子做联合测量,并通过原先给定的编码规则恢复原始信息.本方案设计简单、高效,无需复杂的幺正变换即可实现通信.安全性分析证明,该方案能抵御常见的内部攻击和外部攻击,并且有较高的传输效率、量子比特利用率和编码容量,最大的优势在于发送方发送信息的时候不需要假设接收方的合法性,有较高的实际应用价值.     

零知识证明的量子身份认证协议

零知识证明的量子身份认证是由一个绝对公正的第三方CA主持的协议.协议的实现是基于远程态制备,量子辅助克隆的量子操控手段.在认证过程中,只有CA知道量子身份证的信息,认证参与方Alice和Bob在不知道量子身份证的信息的基础上可完成认证工作.提出了如何提高认证成功概率的方法.协议由量子力学原理保证,有绝对的安全性. 关键词： 量子身份认证 零知识证明 远程态制备 量子态辅助克隆     

Blind quantum computation with identity authentication

Blind quantum computation (BQC) allows a client with relatively few quantum resources or poor quantum technologies to delegate his computational problem to a quantum server such that the client's input, output, and algorithm are kept private. However, all existing BQC protocols focus on correctness verification of quantum computation but neglect authentication of participants' identity which probably leads to man-in-the-middle attacks or denial-of-service attacks. In this work, we use quantum identification to overcome such two kinds of attack for BQC, which will be called QI-BQC. We propose two QI-BQC protocols based on a typical single-server BQC protocol and a double-server BQC protocol. The two protocols can ensure both data integrity and mutual identification between participants with the help of a third trusted party (TTP). In addition, an unjammable public channel between a client and a server which is indispensable in previous BQC protocols is unnecessary, although it is required between TTP and each participant at some instant. Furthermore, the method to achieve identity verification in the presented protocols is general and it can be applied to other similar BQC protocols.     

Universal quantum circuit evaluation on encrypted data using probabilistic quantum homomorphic encryption scheme

Homomorphic encryption has giant advantages in the protection of privacy information. In this paper, we present a new kind of probabilistic quantum homomorphic encryption scheme for the universal quantum circuit evaluation. Firstly,the pre-shared non-maximally entangled states are utilized as auxiliary resources, which lower the requirements of the quantum channel, to correct the errors in non-Clifford gate evaluation. By using the set synthesized by Clifford gates and T gates, it is feasible to perform the arbitrary quantum computation on the encrypted data. Secondly, our scheme is different from the previous scheme described by the quantum homomorphic encryption algorithm. From the perspective of application, a two-party probabilistic quantum homomorphic encryption scheme is proposed. It is clear what the computation and operation that the client and the server need to perform respectively, as well as the permission to access the data. Finally, the security of probabilistic quantum homomorphic encryption scheme is analyzed in detail. It demonstrates that the scheme has favorable security in three aspects, including privacy data, evaluated data and encryption and decryption keys.     

Blind Quantum Signature with Blind Quantum Computation

Blind quantum computation allows a client without quantum abilities to interact with a quantum server to perform a unconditional secure computing protocol, while protecting client’s privacy. Motivated by confidentiality of blind quantum computation, a blind quantum signature scheme is designed with laconic structure. Different from the traditional signature schemes, the signing and verifying operations are performed through measurement-based quantum computation. Inputs of blind quantum computation are securely controlled with multi-qubit entangled states. The unique signature of the transmitted message is generated by the signer without leaking information in imperfect channels. Whereas, the receiver can verify the validity of the signature using the quantum matching algorithm. The security is guaranteed by entanglement of quantum system for blind quantum computation. It provides a potential practical application for e-commerce in the cloud computing and first-generation quantum computation.     

Expandable quantum key distribution networks based on secret bits comparison

A scheme of quantum network based on multiuser differential phase shift quantum key distribution system (DPS-QKD) is proposed. In this quantum network, arbitrary two users can achieve secret bits sharing by point-to-multipoint quantum key distribution and secret bits comparison. A protocol of secret bits sharing between arbitrary two users is presented. This network can implement secret bits distribution over 200 km with higher key generation rate by today's technologies. In theory, the capacity of user numbers in this network is unlimited. Hence, our proposed quantum network can serve for a metropolitan QKD network. A wide area QKD network can be constructed with this metropolitan QKD network.     

CADF-CSE: Chaotic map-based authenticated data access/sharing framework for IoT-enabled cloud storage environment

Data is an essential asset of an organization or individual in this information age. Secure and resource-efficient data communication has become paramount in the IoT-enabled cloud storage environment. The users must communicate with the cloud storage servers to access, store, and share the data utilizing the public communication channel, which is exposed to various security threats. Moreover, various security frameworks have been presented to render secure data access, storage, and sharing functionalities for the cloud storage environment. Most of them are complicated and incapacitated of resisting various security attacks. Thus, it is imperative to design a secure and resource-efficient data access, storage, and sharing framework for the cloud storage environment. This paper presents a chaotic map-based authenticated data access/sharing framework for the IoT-enabled cloud storage environment (CADF-CSE). CADF-CSE is designed using the chaotic map, authenticated encryption scheme (AEGIS), and one-way hash function (Esch256). The proposed CADF-CSE comprises three significant phases user access control, data storage, and data sharing. The user access control phase enables the user and cloud server to attain mutual authentication followed by the secret session key establishment. Using the established SK during the access control phase user and cloud server exchange information securely across the public Internet. The data storage phase facilitates the data owner to store the data on a cloud server in encrypted form, where encryption is performed with a secret key derived from the user’s biometric. The data-sharing phase enables users to access the data from the cloud server after acquiring mutual permission from the cloud server and the data owner. In addition, an explication of the CADF-CSE through formal and informal analysis shows its resilience to various security attacks. Finally, the performance comparison explicates that CADF-CSE renders better security features while requiring lower computational and communication costs than the related security frameworks.     

Quantum state sharing of an arbitrary two-qubit state with two-photon entanglements and Bell-state measurements

Two schemes for sharing an arbitrary two-qubit state based on entanglement swapping are proposed with Bell-state measurements and local unitary operations. One is based on the quantum channel with four Einstein-Podolsky-Rosen (EPR) pairs shared in advance. The other is based on a circular topological structure, i.e., each user shares an EPR pair with his neighboring one. The advantage of the former is that the construction of the quantum channel between the agents is controlled by the sender Alice, which will improve the security of the scheme. The circular scheme reduces the quantum resource largely when the number of the agents is large. Both of those schemes have the property of high efficiency as almost all the instances can be used to split the quantum information. They are more convenient in application than the other schemes existing as they require only two-qubit entanglements and two-qubit joint measurements for sharing an arbitrary two-qubit state.     

连续变量量子密钥分发系统中调制器驱动设计

相位调制器与振幅调制器是连续变量量子密钥分发中不可缺少的光调制器件.本文以量子安全通信系统的硬件为平台,设计了LiNbO3相位调制器的驱动电路,性能测试电路,同时给出了振幅调制器的性能监控电路.从理论与实验上对方案的可行性与可靠性进行了验证.     

Analysis and improvement of verifiable blind quantum computation

In blind quantum computation (BQC), a client with weak quantum computation capabilities is allowed to delegate its quantum computation tasks to a server with powerful quantum computation capabilities, and the inputs, algorithms and outputs of the quantum computation are confidential to the server. Verifiability refers to the ability of the client to verify with a certain probability whether the server has executed the protocol correctly and can be realized by introducing trap qubits into the computation graph state to detect server deception. The existing verifiable universal BQC protocols are analyzed and compared in detail. The XTH protocol (proposed by Xu Q S, Tan X Q, Huang R in 2020), a recent improvement protocol of verifiable universal BQC, uses a sandglass-like graph state to further decrease resource expenditure and enhance verification capability. However, the XTH protocol has two shortcomings: limitations in the coloring scheme and a high probability of accepting an incorrect computation result. In this paper, we present an improved version of the XTH protocol, which revises the limitations of the original coloring scheme and further improves the verification ability. The analysis demonstrates that the resource expenditure is the same as for the XTH protocol, while the probability of accepting the wrong computation result is reduced from the original minimum (0.866)^d* to (0.819)^d*, where d^* is the number of repeated executions of the protocol.     

Multiparty quantum secret sharing with Bell states and Bell measurements

We present a multiparty quantum secret sharing scheme and analyze its security. In this scheme, the sender Alice takes EPR pairs in Bell states as quantum resources. In order to obtain the shared key, all participants only need to perform Bell measurements, not to perform any local unitary operation. The total efficiency in this scheme approaches 100% as the classical information exchanged is not necessary except for the eavesdropping checks.