Cryptanalysis and improvement of three-particle deterministic secure and high bit-rate direct...

7
Quantum Inf Process (2014) 13:1345–1351 DOI 10.1007/s11128-014-0732-z Cryptanalysis and improvement of three-particle deterministic secure and high bit-rate direct quantum communication protocol Zhi-Hao Liu · Han-Wu Chen · Dong Wang · Wen-Qian Li Received: 8 October 2013 / Accepted: 10 January 2014 / Published online: 28 January 2014 © Springer Science+Business Media New York 2014 Abstract The three-particle deterministic secure and high bit-rate direct quantum communication protocol and its improved version are analyzed. It shows that an eaves- dropper can steal the sender’s secret message by the intercept-resend attack and the entanglement attack. The original version is even fragile under denial-of-service attack. As a result, some suggestions to revise them are given. Keywords Quantum secure direct communication · Deterministic secure quantum communication · Intercept-resend attack · Entanglement attack · Denial-of-service attack Z.-H. Liu · H.-W. Chen (B ) · W.-Q. Li School of Computer Science and Engineering, Southeast University, Nanjing 211189, China e-mail: [email protected] Z.-H. Liu e-mail: [email protected] Z.-H. Liu · H.-W. Chen · W.-Q. Li Key Laboratory of Computer Network and Information Integration (Southeast University), Ministry of Education, Nanjing 211189, China D. Wang Software College, Henan University, Kaifeng 475004, China D. Wang State Key Laboratory of Software Engineering, Wuhan University, Wuhan 430072, China W.-Q. Li Department of Information Technology, Nanjing Forest Police College, Nanjing 210046, China 123

Transcript of Cryptanalysis and improvement of three-particle deterministic secure and high bit-rate direct...

Quantum Inf Process (2014) 13:1345–1351DOI 10.1007/s11128-014-0732-z

Cryptanalysis and improvement of three-particledeterministic secure and high bit-rate direct quantumcommunication protocol

Zhi-Hao Liu · Han-Wu Chen · Dong Wang ·Wen-Qian Li

Received: 8 October 2013 / Accepted: 10 January 2014 / Published online: 28 January 2014© Springer Science+Business Media New York 2014

Abstract The three-particle deterministic secure and high bit-rate direct quantumcommunication protocol and its improved version are analyzed. It shows that an eaves-dropper can steal the sender’s secret message by the intercept-resend attack and theentanglement attack. The original version is even fragile under denial-of-service attack.As a result, some suggestions to revise them are given.

Keywords Quantum secure direct communication · Deterministic secure quantumcommunication · Intercept-resend attack · Entanglement attack · Denial-of-serviceattack

Z.-H. Liu · H.-W. Chen (B) · W.-Q. LiSchool of Computer Science and Engineering, Southeast University, Nanjing 211189, Chinae-mail: [email protected]

Z.-H. Liue-mail: [email protected]

Z.-H. Liu · H.-W. Chen · W.-Q. LiKey Laboratory of Computer Network and Information Integration (Southeast University),Ministry of Education, Nanjing 211189, China

D. WangSoftware College, Henan University, Kaifeng 475004, China

D. WangState Key Laboratory of Software Engineering, Wuhan University, Wuhan 430072, China

W.-Q. LiDepartment of Information Technology, Nanjing Forest Police College, Nanjing 210046, China

123

1346 Z.-H. Liu et al.

1 Introduction

Quantum key distribution (QKD) allows two spatially separated users to establish anunconditionally secure key through quantum means. Origin of QKD in its oldest formwas attributed to Bennett and Brassard in 1984 [1]. Since then, much advancementhas been made. A detailed review of the various QKD protocols was given in Ref.[2]. Gradually, the idea of QKD was extended to quantum direct communication(QDC) where the legitimate users can communicate directly without sharing any priorkey. In general, QDC can be divided into two subclasses [3]: quantum secure directcommunication (QSDC) and deterministic secure quantum communication (DSQC).The primary difference between them is that only after the transmission of at leastone bit of additional classical information for each qubit can the receiver read out thesecret message encoded by the sender in DSQC, while any such exchange of classicalinformation is not required in QSDC. In 2002, Long and Liu [4] put forward theinitial QSDC idea in a QKD protocol. In the same year, Boström and Felbinger [5] putforward the so-called ping-pong protocol. In the next year, Deng et al. [6] put forwardthe famous “two-step” protocol. Since then, a lot of achievements focusing on QSDC[7–20] have been acquired. For DSQC, Beige et al. [21] proposed the novel conceptof secure direct communication without establishing any shared secret key aforehandin 2002, but it is unsecure in experimental realization [22]. Afterward, a number ofresearches about DSQC [23–33] have come to the fore.

Recently Jahanshahi et al. [34] put forward a three-particle QSDC protocol (we callit the JBZ protocol hereafter) based on the “ping-pong” protocol [5] to achieve securedirect communication without resorting to a separate control interval by defining asecurity control for each transmitted bit. It seems that the JBZ protocol has the advan-tage of higher security threshold and bit transfer rate than the “ping-pong” protocol.However, if delving deeply into the JBZ protocol, we can find it as well as its improvedversion is in fact unsecure under several attacks. That is, an eavesdropper can steal thesender’s secret message by the intercept-resend attack and the entanglement attack.The JBZ protocol is even fragile under denial-of-service attack.

The rest of this paper is organized as follows. In Sect. 2, we review the JBZ protocol,and some attack strategies are put forward in Sect. 3. Next, some suggestions to solvethe security issues are given in Sect. 4. Section 5 is the conclusion part.

2 The JBZ protocol

To distinctly present the attack strategies, let us describe the JBZ protocol in brieffirstly.

Step 1: Bob prepares a state of 1/√

2(∣∣ϕ+⟩

hm |0〉c + ∣∣ψ+⟩hm |1〉c

)in which

∣∣ϕ+⟩hm =

1/√

2 (|00〉hm + |11〉hm) and∣∣ψ+⟩

hm = 1/√

2 (|01〉hm + |10〉hm) are two ofthe four Bell states, and the subscripts h, m and c represent the home photon,the message photon and the control photon, respectively. Bob keeps the homequbit and sends the message photon with the control photon to Alice.

Step 2: After receiving the photons, Alice measures the control qubit and encodesinformation on the message qubit. She does nothing on the message photon

123

Cryptanalysis and improvement of the JBZ protocol 1347

if the information bit is “0” and applies iσy = |0〉 〈1| − |1〉 〈0| to encrypt bit“1.” After that, she returns the message photon to Bob. Note that, there is notany subroutine to check eavesdropping in this step.

Step 3: After receiving the encoded message photon, Bob measures the home qubitand the message qubit in Bell measurement and attempts to deduce Alice’ssecret bit and check eavesdropping at the same time according to the result ofAlice’s measurement on the control qubit. (1) If Alice gets the measurementresult |0〉c on the control qubit and encodes “0” on the message qubit, Bobshould receive

∣∣ϕ+⟩hm in the absence of eavesdropping, and he will receive∣∣ψ−⟩

hm = 1/√

2 (|01〉hm − |10〉hm) if Alice gets the result |0〉c and encodes“1”; (2) If Alice gets the measurement result |1〉c on the control qubit andencodes “0” on the message qubit, Bob should receive

∣∣ψ+⟩

hm in the absence

of eavesdropping, and he will receive∣∣ϕ−⟩

hm = 1/√

2 (|00〉hm − |11〉hm) ifAlice gets the result |1〉c and encodes “1.” In other words, if Bob measures thehome qubit and the message qubit to get any state except

∣∣ϕ+⟩hm or

∣∣ψ−⟩hm

when the control qubit is |0〉c, he concludes the presence of eavesdropping.The same conclusion holds for the case when the control photon is in the state|1〉c, and Bob obtains the state excluding

∣∣ψ+⟩hm or

∣∣ϕ−⟩hm .

3 Attack strategies

It seems that the control mode is employed along with the transmission of secretmessage in the JBZ protocol. However, we find it is fragile under several attacks. Nowwe describe these attack strategies in detail.

Intercept-resend attack: The Eavesdropper (Eve) prepares an ancilla e staying in|+〉 = 1/

√2 (|0〉e + |1〉e). When Bob sends out the message qubit and the control

qubit, Eve captures the message qubit, replaces it with the ancilla e and then sendsthe ancilla to Alice. As a result, Alice receives the ancilla and the control qubit infact, but she does not know since there is not any subroutine to check eavesdropping.Alice measures the control qubit and encodes information on the ancilla with identicaloperation I or iσy according to her secret bit. Then she sends the ancilla e back toBob. Before the ancilla e reaches Bob, Eve captures it and makes X -basis {|+〉 , |−〉}measurement to read out Alice’s secret message: If she gets |+〉, she knows Alice’ssecret message is “0”; otherwise, she knows the ancilla e is encoded by iσy , that is,Alice’s message is “1.” After that, Eve encrypts the true message photon m accordingto Alice’s secret bit and resends it to Bob. As is in the original protocol, Bob measuresthe home qubit and the message qubit in Bell measurement and deduces Alice’s secretbit according to the result of Alice’s measurement on the control qubit. It is easily foundthat Eve does not bring any error by her intercept-resend attack, but she successfullysteals Alice’s message. Even though there is a security control for each transmittedbit at the time Bob deduces Alice’s secret message, they cannot find Eve’s malignantactivity since Eve does not introduce any error. Note that, Eve can prepare the ancillastaying in other states besides |+〉, such as

∣∣ϕ+⟩, as long as she can distinct the actions

on the ancilla between the identical operation I and iσy .

123

1348 Z.-H. Liu et al.

Entanglement attack: Eve prepares an ancilla e staying in |0〉e. When Bob sendsout the message qubit and the control qubit, Eve entangles the message qubit and theancilla e by using CNOT operation with the ancilla being the target, where CNOToperation can be described as

C N OT = |00〉 〈00| + |01〉 〈01| + |11〉 〈10| + |10〉 〈11| . (1)

Hence, the quantum state of the whole system including the ancilla is

C N OTme • 1√2

(∣∣ϕ+⟩hm |0〉c + ∣∣ψ+⟩

hm |1〉c) |0〉e

= 1√2

(|000〉hme + |111〉hme)|0〉c + 1√

2

(|011〉hme + |100〉hme)|0〉c. (2)

After receiving the message qubit and the control qubit, Alice measures the controlqubit and encodes information on the message qubit with identical operator I or iσy

according to her secret bit. Then Alice sends the message qubit back to Bob. Beforeit reaches Bob, Eve performs the CNOT operation again on the message qubit and theancilla. Now, the quantum state of the whole system including the ancilla is

C N OTme • (iσy

)sm • C N OTme • 1√

2

(∣∣ϕ+⟩hm |0〉c + ∣∣ψ+⟩

hm |1〉c) |0〉e

= (iσy

)sm (σx )

se

(∣∣ϕ+⟩hm |0〉c + ∣∣ψ+⟩

hm |1〉c) |0〉e

= (iσy

)sm

(∣∣ϕ+⟩hm |0〉c + ∣∣ψ+⟩

hm |1〉c) |s〉e, (3)

where s denotes the encoded secret bit by Alice. According to the above equation, it iseasily found that the secret bit s is encoded into Eve’s ancilla but no error is introduced,so Eve makes measurement on the ancilla to read out Alice’s secret message: If theresult is |0〉e, Alice’s secret bit is “0”; otherwise, the secret bit is “1.” As is in theoriginal protocol, after receiving the message photon, Bob measures the home qubitand the message qubit in Bell measurement, and Alice announces the measurementresult of the control qubit. As a result, Bob deduces Alice’s secret bit.

It is easily found that Eve does not bring any error by her entanglement attack, butshe successfully wiretaps Alice’s message. Even though there is a security control foreach transmitted bit at the time Bob deduces Alice’s secret message, they cannot findEve’s malicious activity. This is because Eve encodes Alice’s secret message into theancilla, but there is not any error introduced.

In the JBZ’s improved version, the authors let Bob change randomly the initial statebetween 12 possible states in order to improve the security. But things go contrary totheir wishes, that is, the intercept-resend attack and the entanglement attack are stillfeasible.

Denial-of-service (DoS) attack: Eve’s purpose is not to gain any useful informationbut only to make the transmitted information unreliable in this attack. By DoS attack,Eve is able to change message bits sent from the sender. Although the authors haveconsidered this attack in the improved version, however, in the initial protocol, there

123

Cryptanalysis and improvement of the JBZ protocol 1349

is not any consideration about it, so the initial protocol is weak under DoS attack. Forexample, when Alice sends back the message photon to Bob, Eve performs iσy on itto make Alice’s secret bit flipped without detection.

4 Solution to the security issues

The reason why Eve can successfully steal Alice’s secret bit by the intercept-resendattack and the entanglement attack is that there is not any eavesdropping detectionwhen the message qubit is sent from Bob to Alice. On the contrary, if Eve onlyattacks the message qubit turned back from Alice, Eve cannot get anything becausethe message qubit on which whatever encoding operation Alice has made is in themaximally mixed state. So this gives us a thinking to guard against the intercept-resend attack and the entanglement attack: To avoid these two attacks, a subroutineshould be added to check whether the message qubit is securely transmitted whenit is forwarded from Bob to Alice. Indeed, as Li et al. [35] claimed, for each roundof transmission, an eavesdropping checking is necessary for secure communicationno matter what is transmitted with a quantum channel. As a result, to ensure thesecurity of the transmission of the message qubits, some of them should be consumedfor eavesdropping checking like the control qubits, which means the bit transfer ratedecreases because of the consumption of some message qubits. Note that, becauseEve’s attacks do not affect the control qubit, only to check the security of the controlqubit is not enough to ensure the security of the message qubit.

To prevent the DoS attack in the JBZ protocol, some measures should be taken. Thatis, Alice encodes random information on some message qubits randomly selected, andwhen Bob receives them, Alice tells Bob which operations she has applied as well asthe measurement results of the corresponding control photons, which is the same aswhat has been described in the JBZ’s improved version.

To be specific, we can improve the JBZ protocol to a secure one as follows.

Step 1: Bob prepares a state of 1/√

2(∣∣ϕ+⟩

hm |0〉c + ∣∣ψ+⟩hm |1〉c

)in which the sub-

scripts h, m and c represent the home photon, the message photon and thecontrol photon, respectively. Bob keeps the home qubit and sends the messagephoton with the control photon to Alice.

Step 2: With probability p, Alice encodes information on the message qubit and mea-sures the control qubit with Z -basis. To prevent the DoS attack, sometimesAlice may encode random information. After that, she returns the messagephoton to Bob.

Step 2’: With probability 1 − p, Alice and Bob check whether the message qubit andthe control qubit are securely distributed. For example, one possible way isthat they measure the photons h, m and c with conjugated bases Z -basis orX -basis at random and thus check the security by comparing the results. Ifso, the protocol returns to Step 1; otherwise, the protocol terminates.

Step 3: After Bob receives the encoded message photon, he measures the home qubitand the message qubit in Bell measurement to deduce Alice’s secret bitaccording to the result of Alice’s measurement on the control qubit. This isthe same as that in the JBZ protocol. If the message qubit is the one Alice

123

1350 Z.-H. Liu et al.

has chosen to check DoS attack, Alice tells Bob which operation she hasapplied as well as the measurement result of the control photon, and thenthey estimate the security.

5 Conclusion

To sum up, we analyze the security of the three-particle deterministic secure and highbit-rate direct quantum communication protocol. It is found that this protocol and itsimproved version are weak under the intercept-resend attack and the entanglementattack. In addition, it is weak under the denial-of-service attack. Therefore, somesuggestions to repair this protocol and its improved version are proposed.

Acknowledgments This work is supported by China National Nature Science Foundation (Grant Nos.61070240, 61170321 and 61103235), Research Fund for the Doctoral Program of Higher Education (GrantNo. 20110092110024) and Open Research Fund from State Key Laboratory of Software Engineering(SKLSE) (Grant No. SKLSE2012-09-41).

References

1. Bennett, C.H., Brassard, G.: (1984) Quantum cryptography: public key distribution and coin tossing.In: Proceedings of the IEEE International Conference on Computers, Systems & Signal Processing.Bangalore, India, pp. 175–179

2. Gisin, N., Ribordy, G.G., Tittel, W., et al.: Quantum cryptography. Rev. Mod. Phys. 74(1), 145–195(2002)

3. Long, G.L., Deng, F.G., Wang, C., et al.: Quantum secure direct communication and deterministicsecure quantum communication. Front. Phys. China 2(3), 251–272 (2007)

4. Long, G.L., Liu, X.S.: Theoretically efficient high-capacity quantum-key-distribution scheme. Phys.Rev. A 65(3), 032302 (2002)

5. Boström, K., Felbinger, T.: Deterministic secure direct communication using entanglement. Phys. Rev.Lett. 89(18), 187902 (2002)

6. Deng, F.G., Long, G.L., Liu, X.S.: Two-step quantum direct communication protocol using the Einstein-Podolsky-Rosen pair block. Phys. Rev. A 68(4), 042317 (2003)

7. Deng, F.G., Long, G.L.: Secure direct communication with a quantum one-time pad. Phys. Rev. A69(5), 052319 (2004)

8. Lucamarini, M., Mancini, S.: Secure deterministic communication without entanglement. Phys. Rev.Lett. 94(14), 140501 (2005)

9. Wang, C., Deng, F.G., Li, Y.S., et al.: Quantum secure direct communication with high-dimensionquantum superdense coding. Phys. Rev. A 71(4), 044305 (2005)

10. Wang, C., Deng, F.G., Long, G.L.: Multi-step quantum secure direct communication using multi-particle Green-Horne-Zeilinger state. Opt. Commun. 253(1–3), 15–20 (2005)

11. Lin, S., Wen, Q.Y., Gao, F., et al.: Quantum secure direct communication with χ -type entangled states.Phys. Rev. A 78(6), 064304 (2008)

12. Chamoli, A., Bhandari, C.M.: Secure direct communication based on ping-pong protocol. Quantum.Inf. Process. 8(4), 347–356 (2009)

13. Liu, Z.H., Chen, H.W., Liu, W.J., et al.: Analyzing and revising a two-way protocol for quantumcryptography with a nonmaximally entangled qubit pair. Int. J. Quantum. Inf. 9(5), 1329–1339 (2011)

14. Tsai, C.W., Hsieh, C.R., Hwang, T.: Dense coding using cluster states and its application on determin-istic secure quantum communication. Eur. Phys. J. D 61(3), 779–783 (2011)

15. Wang, T.J., Li, T., Du, F.F., et al.: High-capacity quantum secure direct communication based onquantum hyperdense coding with hyperentanglement. Chin. Phys. Lett. 28(4), 040305 (2011)

16. Yang, Y.G., Chai, H.P., Teng, Y.W., et al.: Improving the security of controlled quantum secure directcommunication by using four particle cluster states against an attack with fake entangled particles. Int.J. Theor. Phys. 50(2), 395–400 (2011)

123

Cryptanalysis and improvement of the JBZ protocol 1351

17. Li, J., Jin, H.F., Jing, B.: Improved eavesdropping detection strategy based on four-particle cluster statein quantum direct communication protocol. Chin. Sci. Bull. 57(34), 4434–4441 (2012)

18. Song, S.Y., Wang, C.: Recent development in quantum communication. Chin. Sci. Bull. 57(36), 4694–4700 (2012)

19. Liu, Z.H., Chen, H.W., Liu, W.J., et al.: Quantum secure direct communication with optimal quantumsuperdense coding by using general four-qubit states. Quantum. Inf. Process. 12(1), 587–599 (2013)

20. Shukla, C., Banerjee, A., Pathak, A.: Improved protocols of secure quantum communication using Wstates. Int. J. Theor. Phys. 52(6), 1914–1924 (2013)

21. Beige, A., Englert, B.G., Kurtsiefer, C., et al.: Secure communication with a publicly known key. ActaPhys. Pol. A 101(3), 357–368 (2002)

22. Li, C.Y., Li, X.H., Deng, F.G., et al.: Efficient quantum secure communication with a publicly knownkey. Chin. Phys. B 17(7), 2352–2355 (2008)

23. Yan, F.L., Zhang, X.Q.: A scheme for secure direct communication using EPR pairs and teleportation.Eur. Phys. J. B 41(1), 75–78 (2004)

24. Man, Z.X., Zhang, Z.J., Li, Y.: Deterministic secure direct communication by using swapping quantumentanglement and local unitary operations. Chin. Phys. Lett. 22(1), 18–21 (2005)

25. Li, X.H., Deng, F.G., Li, C.Y., et al.: Deterministic secure quantum communication without maximallyentangled states. J. Korean Phys. Soc. 49(4), 1354–1359 (2006)

26. Liu, W.J., Chen, H.W., Ma, T.H., et al.: An efficient deterministic secure quantum communicationscheme based on cluster states and identity authentication. Chin. Phys. B 18(10), 4105–4109 (2009)

27. Xiu, X.M., Dong, H.K., Dong, L., et al.: Deterministic secure quantum communication using four-particle genuine entangled state and entanglement swapping. Opt. Commun. 282(12), 2457–2459(2009)

28. Yuan, H., Song, J., Hu, X.Y., et al.: An efficient deterministic secure quantum communication schemewith cluster state. Int. J. Quantum. Inf. 7(3), 689–696 (2009)

29. Zhan, Y.B., Zhang, L.L., Zhang, Q.Y.: Quantum secure direct communication by entangled qutrits andentanglement swapping. Opt. Commun. 282(23), 4633–4636 (2009)

30. Qin, S.J., Gao, F., Wen, Q.Y., et al.: Improving the quantum secure direct communication by entangledqutrits and entanglement swapping against intercept-and-resend attack. Opt. Commun. 283(7), 1566–1568 (2010)

31. Liu, Z.H., Chen, H.W., Liu, W.J., et al.: Deterministic secure quantum communication without unitaryoperation based on high-dimensional entanglement swapping. Sci. China-Inf. Sci 55(2), 360–367(2012)

32. Tsai, C.W., Hwang, T.: Deterministic quantum communication using the symmetric W state. Sci.China-Phys. Mech. Astron. 56(10), 1903–1908 (2013)

33. Zhang, Q.N., Li, C.C., Li, Y.H., et al.: Quantum secure direct communication based on four-qubitcluster states. Int. J. Theor. Phys. 52(1), 22–27 (2013)

34. Jahanshahi, S., Bahrampour, A., Zandi, M.H.: Three-particle deterministic secure and high bit-ratedirect quantum communication protocol. Quantum. Inf. Process. 12(7), 2441–2451 (2013)

35. Li, X.H., Deng, F.G., Zhou, H.Y.: Improving the security of secure direct communication based on thesecret transmitting order of particles. Phys. Rev. A 74(5), 054302 (2006)

123