Secure mutual authentication quantum key agreement scheme for two-party setting with key recycling

Abstract

Information-theoretically secure authentication is necessary to guarantee both the authenticity and integrity of the data transferred over the channel in quantum key agreement (QKA). Generally speaking, QKA uses quantum resources to negotiate a unique shared key for every communication; consequently, as the number of communications rises, so does the quantity of quantum key resources used. A secure mutual authentication QKA scheme for the two-party setting with key recycling is proposed, based on single-photon states and Bell states, to realize mutual authentication and minimize quantum key consumption. The proposed protocol generates symmetric keys and authenticates each other using quantum states. Multiple rounds of communication can be accomplished with different keys when combined with key recycling. Additionally, security analysis and efficiency comparison show that our scheme can achieve desirable results with existing quantum technologies.

Appendix

Suppose \(N = 4\), \(K_0 = 0010\), Alice and Bob use \(K_0\) to authenticate each other. The example of MAQKA protocol without considering decoy states, then {\(S_{A1}^1\), \(S_{A2}^1\)} and {\(S_{B1}^1\), \(S_{B2}^1\)} are expressed as follows (The code is available at https://github.com/CNanWang/Secure-MAQKA-for-Two-party, and the execution results have been uploaded as Result_1, Result_2, Result_3, and Result_4):

$$ Alice\left\{ \begin{gathered} S_{A1}^1 :\left\{ {P_{a1}^1 \left( 1 \right),P_{a2}^1 \left( 1 \right),P_{a3}^1 \left( 1 \right),P_{a4}^1 \left( 1 \right)} \right\} \hfill \\ S_{A2}^1 :\left\{ {P_{a1}^1 \left( 2 \right),P_{a2}^1 \left( 2 \right),P_{a3}^1 \left( 2 \right),P_{a4}^1 \left( 2 \right)} \right\} \hfill \\ \end{gathered} \right. \, Bob\left\{ \begin{gathered} S_{B1}^1 :\left\{ {P_{b1}^1 \left( 1 \right),P_{b2}^1 \left( 1 \right),P_{b3}^1 \left( 1 \right),P_{b4}^1 \left( 1 \right)} \right\} \hfill \\ S_{B2}^1 :\left\{ {P_{b1}^1 \left( 2 \right),P_{b2}^1 \left( 2 \right),P_{b3}^1 \left( 2 \right),P_{b4}^1 \left( 2 \right)} \right\} \hfill \\ \end{gathered} \right. $$

{\(K_A^1\), \(OS_A^1\), \(T_A^0\), \(T_A^1\), \(T_A^2\)} and {\(K_B^1\), \(OS_B^1\), \(T_B^0\), \(T_B^1\), \(T_B^2\)} are shown in Tables 

Table 4 The relationship among \(K_A^1\), \(OS_A^1\), \(T_A^0\), \(T_A^1\), and \(T_A^2\)

4 and

Table 5 The relationship among \(K_B^1\), \(OS_B^1\), \(T_B^0\), \(T_B^1\) and \(T_B^2\)

5, respectively. According to \(T_A^0\), \(T_A^1\), and \(T_A^2\), the detailed process of Alice getting \(K_1\) is as follows:

1. 1.

   \(\left\{ {T_A^0 \left[ 1 \right] =^{\prime} 00^{\prime} } \right\} = \left\{ {T_A^1 \left[ 1 \right] =^{\prime} 00^{\prime} } \right\}\) and \(\left\{ {T_A^1 \left[ 1 \right] = ^{\prime}00^{\prime}} \right\} \ne \left\{ {T_A^2 \left[ 1 \right] = ^{\prime}10^{\prime}} \right\}\):

   Alice performed Pauli-I operation on \(P_{a1}^1 \left( 2 \right)\), \(OS_A^1 \left[ 1 \right] = I \Leftrightarrow K_A^1 \left[ 1 \right] = 0\);

   Bob performed Pauli-Z operation on \(P_{a1}^1 \left( 2 \right)\), \(OS_B^1 \left[ 1 \right] = Z \Leftrightarrow K_B^1 \left[ 1 \right] = 1\);

2. 2.

   \(\left\{ {T_A^0 \left[ 2 \right] = ^{\prime}01^{\prime}} \right\} \ne \left\{ {T_A^1 \left[ 2 \right] = ^{\prime}11^{\prime}} \right\}\) and \(\left\{ {T_A^1 \left[ 2 \right] = ^{\prime}11^{\prime}} \right\} \ne \left\{ {T_A^2 \left[ 2 \right] = ^{\prime}01^{\prime}} \right\}\):

   Alice performed Pauli-Z operation on \(P_{a2}^1 \left( 2 \right)\), \(OS_A^1 \left[ 2 \right] = Z \Leftrightarrow K_A^1 \left[ 2 \right] = 1\);

   Bob performed Pauli-Z operation on \(P_{a2}^1 \left( 2 \right)\), \(OS_B^1 \left[ 2 \right] = Z \Leftrightarrow K_B^1 \left[ 2 \right] = 1\);

3. 3.

   \(\left\{ {T_A^0 \left[ 3 \right] = ^{\prime}11^{\prime}} \right\} = \left\{ {T_A^1 \left[ 3 \right] = ^{\prime}11^{\prime}} \right\}\) and \(\left\{ {T_A^1 \left[ 3 \right] = ^{\prime}11^{\prime}} \right\} = \left\{ {T_A^2 \left[ 3 \right] = ^{\prime}11^{\prime}} \right\}\):

   Alice performed Pauli-I operation on \(P_{a3}^1 \left( 2 \right)\), \(OS_A^1 \left[ 3 \right] = I \Leftrightarrow K_A^1 \left[ 3 \right] = 0\);

   Bob performed Pauli-I operation on \(P_{a3}^1 \left( 2 \right)\), \(OS_B^1 \left[ 3 \right] = I \Leftrightarrow K_B^1 \left[ 3 \right] = 0\);

4. 4.

   \(\left\{ {T_A^0 \left[ 4 \right] = ^{\prime}11^{\prime}} \right\} \ne \left\{ {T_A^1 \left[ 4 \right] = ^{\prime}01^{\prime}} \right\}\) and \(\left\{ {T_A^1 \left[ 4 \right] = ^{\prime}01^{\prime}} \right\} \ne \left\{ {T_A^2 \left[ 4 \right] = ^{\prime}11^{\prime}} \right\}\):

   Alice performed Pauli-Z operation on \(P_{a4}^1 \left( 2 \right)\), \(OS_A^1 \left[ 4 \right] = Z \Leftrightarrow K_A^1 \left[ 4 \right] = 1\);

   Bob performed Pauli-Z operation on \(P_{a4}^1 \left( 2 \right)\), \(OS_B^1 \left[ 4 \right] = Z \Leftrightarrow K_B^1 \left[ 4 \right] = 1\);

Therefore, Alice gets \(K_B^1 = 1101\) and computes \(K_1 = K_0 \oplus K_A^1 \oplus K_B^1 = 1010\).

According to \(T_B^0\), \(T_B^1\), and \(T_B^2\), the detailed process of Bob getting \(K_1\) is as follows:

1. 1.

   \(\left\{ {T_B^0 \left[ 1 \right] = ^{\prime}10^{\prime}} \right\} \ne \left\{ {T_B^1 \left[ 1 \right] = ^{\prime}00^{\prime}} \right\}\) and \(\left\{ {T_B^1 \left[ 1 \right] = ^{\prime}00^{\prime}} \right\} = \left\{ {T_B^2 \left[ 1 \right] = ^{\prime}00^{\prime}} \right\}\):

   Bob performed Pauli-Z operation on \(P_{b1}^1 \left( 2 \right)\), \(OS_B^1 \left[ 1 \right] = Z \Leftrightarrow K_B^1 \left[ 1 \right] = 1\);

   Alice performed Pauli-I operation on \(P_{b1}^1 \left( 2 \right)\), \(OS_A^1 \left[ 1 \right] = I \Leftrightarrow K_A^1 \left[ 1 \right] = 0\);

2. 2.

   \(\left\{ {T_B^0 \left[ 2 \right] = ^{\prime}11^{\prime}} \right\} \ne \left\{ {T_B^1 \left[ 2 \right] = ^{\prime}01^{\prime}} \right\}\) and \(\left\{ {T_B^1 \left[ 2 \right] = ^{\prime}01^{\prime}} \right\} \ne \left\{ {T_B^2 \left[ 2 \right] = ^{\prime}11^{\prime}} \right\}\):

   Bob performed Pauli-Z operation on \(P_{b1}^1 \left( 2 \right)\), \(OS_B^1 \left[ 2 \right] = Z \Leftrightarrow K_B^1 \left[ 2 \right] = 1\);

   Alice performed Pauli-Z operation on \(P_{b1}^1 \left( 2 \right)\), \(OS_A^1 \left[ 2 \right] = Z \Leftrightarrow K_A^1 \left[ 2 \right] = 1\);

3. 3.

   \(\left\{ {T_B^0 \left[ 3 \right] = ^{\prime}01^{\prime}} \right\} = \left\{ {T_B^1 \left[ 3 \right] = ^{\prime}01^{\prime}} \right\}\) and \(\left\{ {T_B^1 \left[ 3 \right] = ^{\prime}01^{\prime}} \right\} = \left\{ {T_B^2 \left[ 3 \right] = ^{\prime}01^{\prime}} \right\}\):

   Bob performed Pauli-I operation on \(P_{b3}^1 \left( 2 \right)\), \(OS_B^1 \left[ 3 \right] = I \Leftrightarrow K_B^1 \left[ 3 \right] = 0\);

   Alice performed Pauli-I operation on \(P_{b3}^1 \left( 2 \right)\), \(OS_A^1 \left[ 3 \right] = I \Leftrightarrow K_A^1 \left[ 3 \right] = 0\);

4. 4.

   \(\left\{ {T_B^0 \left[ 4 \right] = ^{\prime}00^{\prime}} \right\} \ne \left\{ {T_B^1 \left[ 4 \right] = ^{\prime}10^{\prime}} \right\}\) and \(\left\{ {T_B^1 \left[ 4 \right] = ^{\prime}10^{\prime}} \right\} \ne \left\{ {T_B^2 \left[ 4 \right] = ^{\prime}00^{\prime}} \right\}\):

   Bob performed Pauli-Z operation on \(P_{b4}^1 \left( 2 \right)\), \(OS_B^1 \left[ 4 \right] = Z \Leftrightarrow K_B^1 \left[ 4 \right] = 1\);

   Alice performed Pauli-Z operation on \(P_{b4}^1 \left( 2 \right)\), \(OS_A^1 \left[ 4 \right] = Z \Leftrightarrow K_A^1 \left[ 4 \right] = 1\);

Therefore, Bob gets \(K_A^1 = 0101\) and computes \(K_1 = K_0 \oplus K_A^1 \oplus K_B^1 = 1010\).