Anonymous Transmission: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
No edit summary
 
(22 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Functionality Description==
==Functionality Description==
Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender it implies that her identity remains unknown to all the other parties, whereas for the receiver it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver -- it does not aim at guaranteeing the reliability of the transmitted message.</br></br>
Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender it implies that her identity remains unknown to all the other nodes, whereas for the receiver it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver -- it does not aim at guaranteeing the reliability of the transmitted message.</br></br>


'''Tags:'''  [[:Category: Multi Party Protocols|Multi Party]],  [[:Category: Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]],  [[:Category: Specific Task|Specific Task]]
'''Tags:'''  [[:Category: Multi Party Protocols|Multi Party]],  [[:Category: Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]],  [[:Category: Specific Task|Specific Task]]
Line 7: Line 7:
==Protocols==
==Protocols==


#[[GHZ State based]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]  
#[[GHZ-based Quantum Anonymous Transmission|Based on the GHZ state]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]  
#[[W State based]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]
#[[W-based Quantum Anonymous Transmission|Based on the W state]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]
#[[Entanglement Relay]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]
#[[Entanglement Relay Quantum Anonymous Transmission|Entanglement Relay]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]
#[[Verifiable Quantum Anonymous Transmission]]: [[:Category: Quantum Memory Network Stage|Quantum Memory Network Stage]]  
  [[Category: Quantum Memory Network Stage]]
  [[Category: Quantum Memory Network Stage]]
* GHZ-based protocol is deterministic, whereas W-based protocol is probabilistic, but the W-based protocol tolerates more noise.
* GHZ-based protocol is deterministic, whereas W-based protocol is probabilistic, but the W-based protocol tolerates more noise.
* Entanglement relay protocol does not require a preshared multipartite state, but it creates a 4-partite GHZ state during the protocol.
* Verifiable GHZ-based protocol allows an imperfect or untrusted GHZ state, and involves a verification stage.
* Entanglement relay protocol does not require a pre-shared multipartite state, but it creates a 4-partite GHZ state during the protocol.


==Properties==
==Properties==
Security of a anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender <math>S</math> or receiver <math>R</math> given all the classical and quantum information they have available at the end of the protocol.
Security of an anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender <math>S</math> or receiver <math>R</math> given all the classical and quantum information they have available at the end of the protocol.
*'''Guessing probability''' Let <math>\mathcal{A}</math> be a subset of adversaries among <math>N</math> nodes. Let <math>C</math> be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
*'''Guessing probability''' Let <math>\mathcal{A}</math> be a subset of adversaries among <math>n</math> nodes. Let <math>C</math> be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
<math> P_{\text{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [N]} P[S=i|S\notin \mathcal{A}] \text{Tr}[M^i \cdot \rho_{C|S=i} ],</math></br>
<math> P_{\text{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [n]} P[S=i|S\notin \mathcal{A}] \text{Tr}[M^i \cdot \rho_{C|S=i} ],</math></br>
where the maximization is taken over the set of POVMs <math>{\{M^i\}}</math> for the adversaries and <math>\rho_{C|S=i}</math> is the state of the adversaries at the end of the protocol, given that node <math>i</math> is the sender  
where the maximisation is taken over the set of POVMs <math>{\{M^i\}}</math> for the adversaries and <math>\rho_{C|S=i}</math> is the state of the adversaries at the end of the protocol, given that node <math>i</math> is the sender  
*'''Sender-security''' We say that an anonymous transmission protocol is ''sender-secure'' if, given that the sender is honest, the probability of the adversary guessing the sender is </br>
*'''Sender-security''' We say that an anonymous transmission protocol is ''sender-secure'' if, given that the sender is honest, the probability of the adversary guessing the sender is </br>
<math>P_{\text{guess}}[S|C,S\notin \mathcal{A}] \leq \max_{i\in[N]} P[S=i|S\notin \mathcal{A}].</math></br>
<math>P_{\text{guess}}[S|C,S\notin \mathcal{A}] \leq \max_{i\in[n]} P[S=i|S\notin \mathcal{A}].</math></br>
*'''Receiver-security''' We say that an anonymous transmission protocol is ''receiver-secure'' if, given that the receiver is honest, the probability of the adversary guessing the receiver is:</br>  
*'''Receiver-security''' We say that an anonymous transmission protocol is ''receiver-secure'' if, given that the receiver is honest, the probability of the adversary guessing the receiver is:</br>  
<math>P_{\text{guess}}[R|C,R\notin \mathcal{A}] \leq \max_{i\in[N]} P[R=i|R\notin \mathcal{A}]</math>
<math>P_{\text{guess}}[R|C,R\notin \mathcal{A}] \leq \max_{i\in[n]} P[R=i|R\notin \mathcal{A}]</math>.</br>
 
The above definitions are general and hold for any adversarial scenario, in particular for an [[active adversary]].


==Further Information==
==Further Information==
The security definition presented here, are proven to be sufficient to guarantee universal composability for standard QKD in (2). For device-independent quantum key distribution, attacks presented in (1) show that security can be compromised if the same devices are used to implement another instance of the protocol.
* The definitions above guarantee information-theoretic security of the protocol when the resource states are both trusted [[Quantum Anonymous Transmission#References|[4], [1], [2] ]] and not trusted [[Quantum Anonymous Transmission#References|[3], [5] ]].
#[https://arxiv.org/abs/1409.3525 PR (2014)] discusses security of various QKD schemes composed in other cryptographic protocols.
 
#[https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.110.010503 BCK (2013)] Analyses device independent QKD
==Use-cases==
* [[Aggregation of sensitive data]]
* [[Toward regulation for security and privacy]]
 
==Knowledge Graph==
{{graph}}


==References==
#[https://journals.aps.org/pra/abstract/10.1103/PhysRevA.98.052320 Lipinska et al (2018)]
#[https://europepmc.org/abstract/med/27247078 Yang et al (2016)]
#[https://arxiv.org/abs/quant-ph/0307049 Elliot et al (2007)]
#[https://link.springer.com/chapter/10.1007/11593447_12 Christandl et al (2005)]
#[https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.122.240501 Unnikrishnan et al (2018)]


<div style='text-align: right;'>''*contributed by Victoria Lipinska''</div>
<div style='text-align: right;'>''contributed by Victoria Lipinska''</div>

Latest revision as of 17:52, 21 December 2020

Functionality Description[edit]

Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender it implies that her identity remains unknown to all the other nodes, whereas for the receiver it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver -- it does not aim at guaranteeing the reliability of the transmitted message.

Tags: Multi Party, Quantum Enhanced Classical Functionality, Specific Task

Protocols[edit]

  1. Based on the GHZ state: Quantum Memory Network Stage
  2. Based on the W state: Quantum Memory Network Stage
  3. Entanglement Relay: Quantum Memory Network Stage
  4. Verifiable Quantum Anonymous Transmission: Quantum Memory Network Stage
  • GHZ-based protocol is deterministic, whereas W-based protocol is probabilistic, but the W-based protocol tolerates more noise.
  • Verifiable GHZ-based protocol allows an imperfect or untrusted GHZ state, and involves a verification stage.
  • Entanglement relay protocol does not require a pre-shared multipartite state, but it creates a 4-partite GHZ state during the protocol.

Properties[edit]

Security of an anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender or receiver given all the classical and quantum information they have available at the end of the protocol.

  • Guessing probability Let be a subset of adversaries among nodes. Let be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by


where the maximisation is taken over the set of POVMs for the adversaries and is the state of the adversaries at the end of the protocol, given that node is the sender

  • Sender-security We say that an anonymous transmission protocol is sender-secure if, given that the sender is honest, the probability of the adversary guessing the sender is


  • Receiver-security We say that an anonymous transmission protocol is receiver-secure if, given that the receiver is honest, the probability of the adversary guessing the receiver is:

.

The above definitions are general and hold for any adversarial scenario, in particular for an active adversary.

Further Information[edit]

  • The definitions above guarantee information-theoretic security of the protocol when the resource states are both trusted [4], [1], [2] and not trusted [3], [5] .

Use-cases[edit]

Knowledge Graph[edit]

References[edit]

  1. Lipinska et al (2018)
  2. Yang et al (2016)
  3. Elliot et al (2007)
  4. Christandl et al (2005)
  5. Unnikrishnan et al (2018)
contributed by Victoria Lipinska