Multipartite Entanglement Verification: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
 
(12 intermediate revisions by 2 users not shown)
Line 7: Line 7:
==Assumptions==
==Assumptions==
* '''Network:''' The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
* '''Network:''' The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
* '''Adversarial model:''': It suffices for one party to be honest. A dishonest party can be in control of the source.
* '''Adversarial model:''' It suffices for one party to be honest. A dishonest party can be in control of the source.


==Outline==
==Outline==
This protocol is based on the work in [https://www.nature.com/articles/ncomms13251 W. McCutcheon, A. Pappa et al.]. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
This protocol is based on the work in [https://www.nature.com/articles/ncomms13251 W. McCutcheon, A. Pappa et al.]. The goal is for a specific party called the [[Verifier]] to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:


* '''Sharing phase:''' The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
* '''Sharing phase:''' The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
* '''Verification phase:''' The verifier sends angles to each party that corresponds to measurement basis, using classical authenticated channels
* '''Verification phase:''' The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
* Each party, including the verifier, measures its qubits in the basis indicated by the received angle.  
* It then sends its outcome to the verifier.
* The Verifier checks the parity of the outcomes and broadcast if the shared state was a GHZ state.


==Notation==
==Notation==
* <math>n</math>: Number of parties
* <math>n</math>: Number of parties
* <math>v</math>: identifier of the Verifier
* <math>v</math>: Identifier of the Verifier
* <math>\{\pi_i\}_{i=1}^n</math>: protocol of each party, <math>\pi_V</math>: Protocol of the verifier, <math>\pi_S</math>: Protocol of the source
* <math>\{\pi_i\}_{i=1}^n</math>: Protocol of each party, <math>\pi_V</math>: Protocol of the verifier, <math>\pi_S</math>: Protocol of the source
* <math>SG_n</math>: n-qubit State Generation resource
* <math>SG_n</math>: n-qubit State Generation resource
* <math>\{\theta_i\}_{i=1}^n</math>: Angles sent from the Verifier to each party i (indication for the measurement to perform)
* <math>\{\theta_i\}_{i=1}^n</math>: Angles sent from the Verifier to each party i (indication for the measurement to perform)
* <math>\{y_i\}_{i=1}^n</math>: classical bits sent from each party i to the Verifier (outcome of the measurement)
* <math> \{|+_{\theta_{i}}\rangle,|-_{\theta_{i}}\rangle\} = \{\frac{1}{\sqrt{2}}(|0\rangle + e^{i\theta_{i}}|1\rangle), \frac{1}{\sqrt{2}}(|0\rangle - e^{i\theta_{i}}|1\rangle)\} </math>: Rotated measurement basis for the parties.
* <math>b</math>: outcome of the protocol
* <math>\{y_i\}_{i=1}^n</math>: Classical bits sent from each party i to the Verifier (outcome of the measurement)
* <math>b</math>: Outcome of the protocol


==Requirements==
==Requirements==
Line 49: Line 47:
     \tau=\min_{U}\mbox{TD}(|\phi_{0}^{n} \rangle\langle \phi_{0}^{n}|, U|\psi \rangle \langle \psi | U^{\dagger} )
     \tau=\min_{U}\mbox{TD}(|\phi_{0}^{n} \rangle\langle \phi_{0}^{n}|, U|\psi \rangle \langle \psi | U^{\dagger} )
</math>
</math>
and where TD is the trace distance and <math>U</math> is a quantum operation acting on <math>D</math> the subspace of dishonest parties involved in the protocol (ie a tensor product of an  unitary operator on <math>D</math> and the identity operator on the rest).
and where TD is the trace distance and <math>U</math> is a quantum operation acting on <math>D</math> the subspace of dishonest parties involved in the protocol (ie a tensor product of an  unitary operator on <math>D</math> and the identity operator on the rest). This means that the further the shared state is from the GHZ state, the less likely the verifier is going to accept it conditioned on any quantum operation that the dishonest party can locally perform to get closer to the GHZ state.


* This protocol still works in the presence of photon losses.
* This protocol still works in the presence of photon losses.
* This protocol is composably secure meaning that it can be used as a subroutine in a bigger protocol. A direct application of this protocol is to perform it sequentially many times with a source sending state at each round and to randomly use the shared state at some point if the protocol has output 0 at each round. We then are sure up to a certain threshold that the shared state is a GHZ state.
 
* This protocol is secure for one round against any coalition of dishonest parties, including the source.
 
* This protocol is composably secure against a dishonest or noisy source


==Pseudo Code==
==Pseudo Code==
'''Protocol for the verifier <math>\pi_{V}</math> : '''
'''Protocol for the verifier <math>\pi_{V}</math> : '''


'''Input''':  <math>\{y_{i}\}_{i=1}^{n}</math>, 1 qubit, v  
:'''Input''':  <math>\{y_{i}\}_{i=1}^{n}</math>, 1 qubit, v  


'''Output''':  one Bit in <math>\{0,1\}</math> and <math>\{\theta_i\}_{i=1}^{n}</math>
:'''Output''':  one Bit in <math>\{0,1\}</math> and <math>\{\theta_i\}_{i=1}^{n}</math>
* Chose randomly angles <math>\Theta=\{\theta_{i}\}_{i=1}^{n}</math> with <math>\theta_{i}\in[0,\pi)</math> such that <math>\sum_{j} \theta_{j}</math> is a multiple of <math>\pi</math>
:* Chose randomly angles <math>\Theta=\{\theta_{i}\}_{i=1}^{n}</math> with <math>\theta_{i}\in[0,\pi)</math> such that :<math>\sum_{j} \theta_{j}</math> is a multiple of <math>\pi</math>
* Upon the reception of the qubit, for <math>i=1,...n, i \neq v</math> send  <math>\theta_{i}</math> it to party <math>i</math> via a private classical channel resource, keep <math>\theta_{v}</math>.
:* Upon the reception of the qubit, for <math>i=1,...n, i \neq v</math> send  <math>\theta_{i}</math> it to party <math>i</math> via a private classical channel resource, keep <math>\theta_{v}</math>.
* Measures the qubit in the <math>\{|+_{\theta_{v}}\rangle,|-_{\theta_{v}}\rangle\}</math> basis and get <math>y_{v}</math>
:* Measures the qubit in the <math>\{|+_{\theta_{v}}\rangle,|-_{\theta_{v}}\rangle\}</math> basis and get <math>y_{v}</math>
* Wait for the reception of all the other <math>y_{i}</math>.
:* Wait for the reception of all the other <math>y_{i}</math>.
* Upon the reception of all the <math>y_{i}</math>, broadcast 0 if and only if  
:* Upon the reception of all the <math>y_{i}</math>, broadcast 0 if and only if  
<math>
:<math>
     \oplus_{j} Y_{j}=\frac{1}{\pi} \sum_{j} \theta_{j} \quad(\bmod 2)
     \oplus_{j} Y_{j}=\frac{1}{\pi} \sum_{j} \theta_{j} \quad(\bmod 2)
</math>
</math>
Line 71: Line 72:
And for each <math>i=1,...n, i \neq v</math>
And for each <math>i=1,...n, i \neq v</math>


'''Protocol for the <math>i</math>th party <math>\pi_{i}^\theta</math> : '''
'''Protocol for the <math>i</math>th party <math>\pi_{i}</math> : '''


'''Input:'''  1 angle <math>\theta_{i}</math>, 1 qubit and v
:'''Input:'''  1 angle <math>\theta_{i}</math>, 1 qubit and v


'''Output:''' Bit <math>y_{i}</math>
:'''Output:''' Bit <math>y_{i}</math>
* Wait for the reception of both classical and quantum inputs
:* Wait for the reception of both classical and quantum inputs
* Measures in the Measures the qubit in the <math>\{|+_{\theta_{i}}\rangle,|-_{\theta_{i}}\rangle\}</math>  basis  
:* Measures the qubit in the <math>\{|+_{\theta_{i}}\rangle,|-_{\theta_{i}}\rangle\}</math>  basis  
* Send the outcome <math>y_{i}</math> to the Verifier via the private classical channel resource .
:* Send the outcome <math>y_{i}</math> to the Verifier via the private classical channel resource .


<li style="display: inline-block;"> [[File:ConcreteResourceThetaMEV.jpg|frame|300px|1(a)Figure for the MEV protocol]]</li>
<li style="display: inline-block;"> [[File:ConcreteResourceAC2.jpg|frame|400px|Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.]]</li>


==Further Information==
==Further Information==
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties, ''Anna Pappa et al.'', in which the authors present a version of the protocol where <math>\forall i, \theta_i \in\{0,1\}</math> called the XY protocol. It appeared that this XY version is no longer secure when a certain photon loss rate is tolerated. This is why in Experimental verification of multipartite entanglement in quantum networks, ''W. McCutcheon, A. Pappa et al.'', the authors present the current version of the protocol and they experimentally perform the verification protocol with <math>n=4</math> parties and photonic GHZ states.
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties, ''Anna Pappa et al.'', in which the authors present an ''XY version'' of the protocol where <math>\forall i, \theta_i \in\{0,1\}</math>. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not. This is why in Experimental verification of multipartite entanglement in quantum networks, ''W. McCutcheon, A. Pappa et al.'', the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with <math>n=4</math> parties and photonic GHZ states.


In Anonymity for practical quantum networks, ''Anupama Unnikrishnan et al.'', Authors use this verification protocol as a subroutine allowing to be certain to have a GHZ state shared among the parties when they perform an anonymous transmission protocol.
In Anonymity for practical quantum networks, ''Anupama Unnikrishnan et al.'', Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.


== References ==  
== References ==  

Latest revision as of 14:44, 3 March 2020

This example protocol implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn't assume that the source of the state nor the parties (except one) are trusted.

It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)

Tags: Entanglement Verification, Multi Party Protocols, GHZ state

Assumptions[edit]

  • Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
  • Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.

Outline[edit]

This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:

  • Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
  • Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.

Notation[edit]

  • : Number of parties
  • : Identifier of the Verifier
  • : Protocol of each party, : Protocol of the verifier, : Protocol of the source
  • : n-qubit State Generation resource
  • : Angles sent from the Verifier to each party i (indication for the measurement to perform)
  • : Rotated measurement basis for the parties.
  • : Classical bits sent from each party i to the Verifier (outcome of the measurement)
  • : Outcome of the protocol

Requirements[edit]

  • Network stage: quantum memory network.
  • Authenticated classical channel between the parties
  • Quantum channel between the source and the parties
  • Ability to perform one-qubit rotation operations and one-qubit measurement at each node

Properties[edit]

  • This protocol is correct meaning that if the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is .
  • The outcome of the protocol directly depends on the trace distance between the shared state and the GHZ state. The output is such that

with and where TD is the trace distance and is a quantum operation acting on the subspace of dishonest parties involved in the protocol (ie a tensor product of an unitary operator on and the identity operator on the rest). This means that the further the shared state is from the GHZ state, the less likely the verifier is going to accept it conditioned on any quantum operation that the dishonest party can locally perform to get closer to the GHZ state.

  • This protocol still works in the presence of photon losses.
  • This protocol is secure for one round against any coalition of dishonest parties, including the source.
  • This protocol is composably secure against a dishonest or noisy source

Pseudo Code[edit]

Protocol for the verifier  :

Input: , 1 qubit, v
Output: one Bit in and
  • Chose randomly angles with such that : is a multiple of
  • Upon the reception of the qubit, for send it to party via a private classical channel resource, keep .
  • Measures the qubit in the basis and get
  • Wait for the reception of all the other .
  • Upon the reception of all the , broadcast 0 if and only if

And for each

Protocol for the th party  :

Input: 1 angle , 1 qubit and v
Output: Bit
  • Wait for the reception of both classical and quantum inputs
  • Measures the qubit in the basis
  • Send the outcome to the Verifier via the private classical channel resource .
  • Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
  • Further Information[edit]

    This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties, Anna Pappa et al., in which the authors present an XY version of the protocol where . It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not. This is why in Experimental verification of multipartite entanglement in quantum networks, W. McCutcheon, A. Pappa et al., the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with parties and photonic GHZ states.

    In Anonymity for practical quantum networks, Anupama Unnikrishnan et al., Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.

    References[edit]


    contributed by Raja Yehia