Anonymous Transmission: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 15: Line 15:


==Properties==
==Properties==
Security of a anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender <math>S</math> or receiver <math>R</math> given all the classical and quantum information they have available at the end of the protocol.
Security of an anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender <math>S</math> or receiver <math>R</math> given all the classical and quantum information they have available at the end of the protocol.
*'''Guessing probability''' Let <math>\mathcal{A}</math> be a subset of adversaries among <math>n</math> nodes. Let <math>C</math> be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
*'''Guessing probability''' Let <math>\mathcal{A}</math> be a subset of adversaries among <math>n</math> nodes. Let <math>C</math> be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by
<math> P_{\text{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [n]} P[S=i|S\notin \mathcal{A}] \text{Tr}[M^i \cdot \rho_{C|S=i} ],</math></br>
<math> P_{\text{guess}}[S|C, S\notin \mathcal{A}] = \max_{\{M^i\}} \sum_{i \in [n]} P[S=i|S\notin \mathcal{A}] \text{Tr}[M^i \cdot \rho_{C|S=i} ],</math></br>

Revision as of 13:50, 24 April 2019

Functionality Description

Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender it implies that her identity remains unknown to all the other nodes, whereas for the receiver it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver -- it does not aim at guaranteeing the reliability of the transmitted message.

Tags: Multi Party, Quantum Enhanced Classical Functionality, Specific Task

Protocols

  1. GHZ State based: Quantum Memory Network Stage
  2. W State based: Quantum Memory Network Stage
  3. Entanglement Relay: Quantum Memory Network Stage
  • GHZ-based protocol is deterministic, whereas W-based protocol is probabilistic, but the W-based protocol tolerates more noise.
  • Entanglement relay protocol does not require a preshared multipartite state, but it creates a 4-partite GHZ state during the protocol.

Properties

Security of an anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender or receiver given all the classical and quantum information they have available at the end of the protocol.

  • Guessing probability Let be a subset of adversaries among nodes. Let be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by


where the maximization is taken over the set of POVMs for the adversaries and is the state of the adversaries at the end of the protocol, given that node is the sender

  • Sender-security We say that an anonymous transmission protocol is sender-secure if, given that the sender is honest, the probability of the adversary guessing the sender is


  • Receiver-security We say that an anonymous transmission protocol is receiver-secure if, given that the receiver is honest, the probability of the adversary guessing the receiver is:

.

The above definitions are general and hold for any adversarial scenario, in particular for an active adversary.

Further Information

  • The definitions above guarantee information-theoretic security of the protocol when the resource states are both trusted [4], [1], [2] and untrusted [3] .

References

  1. Lipinska et al (2018)
  2. Yang et al (2016)
  3. Elliot et al (2007)
  4. Christandl et al (2005)
contributed by Victoria Lipinska