# Classical access structures of ramp secret sharing based on quantum stabilizer codes

- 168 Downloads

## Abstract

In this paper, we consider to use the quantum stabilizer codes as secret sharing schemes for classical secrets. We give necessary and sufficient conditions for qualified and forbidden sets in terms of quantum stabilizers. Then, we give a Gilbert–Varshamov-type sufficient condition for existence of secret sharing schemes with given parameters, and by using that sufficient condition, we show that roughly 19% of participants can be made forbidden independently of the size of classical secret, in particular when an *n*-bit classical secret is shared among *n* participants having 1-qubit share each. We also consider how much information is obtained by an intermediate set and express that amount of information in terms of quantum stabilizers. All the results are stated in terms of linear spaces over finite fields associated with the quantum stabilizers.

## Keywords

Secret sharing Quantum error-correcting code Gilbert–Varshamov bound## Mathematics Subject Classification

94A62 81P70 94B65## 1 Introduction

Secret sharing is a scheme to share a secret among multiple participants so that only *qualified* sets of participants can reconstruct the secret, while *forbidden* sets have no information about the secret [36]. A piece of information received by a participant is called a *share*. A set of participants that is neither qualified nor forbidden is said to be *intermediate*. Both secret and shares are traditionally classical information. There exists a close connection between secret sharing and classical error-correcting codes [3, 7, 10, 11, 19, 23, 31].

After the importance of quantum information became well-recognized, secret sharing schemes with quantum shares were proposed [8, 15, 16, 17, 37]. A connection between quantum secret sharing and quantum error-correcting codes has been well known for many years [8, 13, 15, 21, 22, 35, 37], none of which has determined the access structure of secret sharing schemes with classical secrets and quantum shares constructed from quantum stabilizer codes. The well-known classes of quantum error-correcting codes are the CSS codes [6, 38], the stabilizer codes [4, 5, 14] that include the CSS codes as a special case, and their non-binary generalizations [2, 18, 29].

The access structure of a secret sharing scheme is the set of qualified sets, that of intermediate sets and that of forbidden sets. For practical use of secret sharing, one needs sufficient (and desirably necessary) conditions on qualified sets and forbidden sets. It is natural to investigate access structures of secret sharing schemes constructed from quantum error-correcting codes. For secret sharing schemes with quantum secret and quantum shares, necessary and sufficient conditions for qualified sets and forbidden sets were clarified for the CSS codes [26, 37] and the stabilizer codes [13, 25]. For classical secret and quantum shares, the access structure was clarified in [26, Section 4.1] with [33, Theorem 1] for the CSS codes but has not been clarified for secret sharing schemes based on quantum stabilizer codes, as far as this author knows.

Advantages of using quantum shares for sharing a classical secret are that we can have smaller size of shares [15, Section 4] and that we can realize access structures that cannot be realized by classical shares [24, 27]. For example, it is well known that the size of classical shares cannot be smaller than that of the classical secret in a perfect secret sharing scheme, where *perfect* means that there is no intermediate set, while *ramp* or *non-perfect* means that there exist intermediate sets [39]. On the other hand, the superdense coding can be a secret sharing scheme sharing 2 bits by 2 qubits sent to 2 participants [15, Section 4]. Any participant has no information about the secret, while the 2 participants can reconstruct the secret. We see a perfect threshold scheme sharing 2-bit classical secret by 1-qubit shares. This paper will generalize Gottesman’s secret sharing [15, Section 4] to the arbitrary number of participants and the arbitrary size of classical secrets.

In this paper, we give necessary and sufficient conditions for qualified and forbidden sets in terms of the underlying linear spaces over finite fields of quantum stabilizers in Sect. 3, after introducing necessary notations in Sect. 2. Section 3 also includes sufficient conditions in terms of a quantity similar to relative generalized Hamming weight [20] of classical linear codes related to the quantum stabilizers. We also consider how much information is obtained by an intermediate set and express that amount of information in terms of the underlying linear spaces of quantum stabilizers in Sect. 4. Then, we translate our theorems over prime finite fields by the symplectic inner product into arbitrary finite fields, the Euclidean, and the hermitian inner products in Sect. 5. Section 5 also includes an elementary construction by the Reed–Solomon codes as an example of Sect. 5.3. Finally, we give a Gilbert–Varshamov-type sufficient condition for existence of secret sharing schemes with given parameters, and by using that sufficient condition, we show that roughly 19% of participants can be made forbidden independently of the size of classical secret, which cannot be realized by classical shares, in Sect. 6. Concluding remarks are given in Sect. 7. The extended abstract [28] in the workshop had no mathematical proofs and only few examples due to space limitation, and there were confusing typographical errors in the main theorems [28, Theorems 18 and 19].

## 2 Notations

Let *p* be a prime number, \(\mathbf {F}_p\) the finite field with *p* elements, and \(\mathbf {C}_p\) the *p*-dimensional complex linear space. The quantum state space of *n* qudits is denoted by \(\mathbf {C}_p^{\otimes n}\) with its orthonormal basis \(\{|\mathbf {v}\rangle : \mathbf {v} \in \mathbf {F}_p^n \}\).

For \((\mathbf {a}|\mathbf {b})\in \mathbf {F}_p^{2n}\), define the \(p^n \times p^n\) complex unitary matrix \(X(\mathbf {a})Z(\mathbf {b})\) as defined in [18]. An \([[n,k]]_p\) quantum stabilizer codes *Q* encoding *k* qudits into *n* qudits can be defined as a simultaneous eigenspace of all \(X(\mathbf {a})Z(\mathbf {b})\) (\((\mathbf {a}|\mathbf {b}) \in C\)). Unlike [18], we do not require the eigenvalue of *Q* to be one.

It is well known in mathematics [1, Chapter 7] that there always exists \(C \subseteq C_{\mathrm {max}} \subseteq C^{\perp s}\) such that \(C_{\mathrm {max}} = C_{\mathrm {max}}^{\perp s}\). Note that \(C_{\mathrm {max}}\) is not unique and usually there are many possible choices of \(C_{\mathrm {max}}\). We have \(\dim C_{\mathrm {max}} = n\) and have an isomorphism \(f : \mathbf {F}_p^k \rightarrow C^{\perp s}/C_{\mathrm {max}}\) as linear spaces without inner products. Since \(C_{\mathrm {max}} = C_{\mathrm {max}}^{\perp s}\), \(C_{\mathrm {max}}\) defines an \([[n,0]]_p\) quantum stabilizer code \(Q_0\). Without loss of generality, we may assume \(Q_0 \subset Q\). Let \(|\varphi \rangle \in Q_0\) be a quantum state vector. Since \(C_{\mathrm {max}} = C_{\mathrm {max}}^{\perp s}\), for a coset \(V \in C^{\perp s}/C_{\mathrm {max}}\) and \((\mathbf {a}|\mathbf {b})\), \((\mathbf {a}'|\mathbf {b}') \in V\), \(X(\mathbf {a})Z(\mathbf {b})|\varphi \rangle \) and \(X(\mathbf {a}')Z(\mathbf {b}')|\varphi \rangle \) differ by a constant multiple in \(\mathbf {C}\) and physically express the same quantum state in *Q*. By an abuse of notation, for a coset \(V \in C^{\perp s}/C_{\mathrm {max}}\) we will write \(|V\varphi \rangle \) to mean \(X(\mathbf {a})Z(\mathbf {b})|\varphi \rangle \) (\((\mathbf {a}|\mathbf {b}) \in V\)).

*n*participants:

- 1.
\(f(\mathbf {m})\) is a coset of \(C^{\perp s}/C_{\mathrm {max}}\). Prepare the quantum codeword \(|f(\mathbf {m})\varphi \rangle \in Q\) that corresponds to the classical secret \(\mathbf {m}\).

- 2.
Distribute each qudit in the quantum codeword \(|f(\mathbf {m})\varphi \rangle \) to a participant.

*k*-qudit secret \(|\mathbf {m}\rangle \) with

*n*participants as follows. The reason why we also consider secret sharing schemes with quantum secrets is to contrast the difference between the classical and the quantum access structures of a secret sharing scheme constructed from the same quantum stabilizer in Remarks 7 and 10, while the main focus of the present paper is to share classical secrets.

- 1.
Encode a given quantum secret \(\sum _{\mathbf {m}\in \mathbf {F}_p^k} \alpha (\mathbf {m}) |\mathbf {m}\rangle \) into the quantum codeword \(\sum _{\mathbf {m}\in \mathbf {F}_p^k} \alpha (\mathbf {m}) |f(\mathbf {m})\varphi \rangle \in Q\), where \(\alpha (\mathbf {m}) \in \mathbf {C}\) are complex coefficients with \(\sum _{\mathbf {m}\in \mathbf {F}_p^k} |\alpha (\mathbf {m})|^2 = 1\).

- 2.
Distribute each qudit in the quantum codeword \(\sum _{\mathbf {m}\in \mathbf {F}_p^k} \alpha (\mathbf {m}) |f(\mathbf {m})\varphi \rangle \) to a participant.

### Definition 1

We say *A* to be *c*-qualified (classically qualified) if \(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m})\varphi \rangle \langle f(\mathbf {m})\varphi |))\) and \(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}')\varphi \rangle \langle f(\mathbf {m}')\varphi |))\) are orthogonal to each other for different \(\mathbf {m}\), \(\mathbf {m}' \in \mathbf {F}_p^k\). We say *A* to be *c*-forbidden (classically forbidden) if \(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m})\varphi \rangle \langle f(\mathbf {m})\varphi |)\) is the same density matrix regardless of classical secret \(\mathbf {m}\). By a classical access structure, we mean the set of *c*-qualified sets and the set of *c*-forbidden sets.

For a quantum secret, the quantum qualified (*q*-qualified) sets and the quantum forbidden (*q*-forbidden) sets are mathematically defined in [33]. By a quantum access structure, we mean the set of *q*-qualified sets and the set of *q*-forbidden sets.

### Remark 2

When classical shares on *A* are denoted by \(S_A\), the conventional definition of qualifiedness is \(I(\mathbf {m}; S_A) = H(\mathbf {m})\) and that of forbiddenness is \(I(\mathbf {m}; S_A) = 0\) [39], where \(H(\cdot )\) denotes the entropy and \(I(\cdot ; \cdot )\) denotes the mutual information [9]. Let \(\rho _A = \sum _{\mathbf {m}\in \mathbf {F}_p^k}p(\mathbf {m}) \mathrm {Tr}_{\overline{A}}(|f(\mathbf {m})\varphi \rangle \langle f(\mathbf {m})\varphi |)\), where \(p(\mathbf {m})\) is the probability distribution of classical secrets \(\mathbf {m}\). The quantum counterpart of mutual information for classical random variables is the Holevo information \(I(\mathbf {m}; \rho _A)\) [32, Section 12.1.1]. *A* is *c*-qualified if and only if \(I(\mathbf {m}; \rho _A) = H(\mathbf {m})\), and is *c*-forbidden if and only if \(I(\mathbf {m}; \rho _A)=0\). Therefore, Definition 1 is a natural generalization of the conventional definition in [39].

### Example 3

*C*be the zero-dimensional linear space consisting of only the zero vector. Then, \(C^{\perp s} = \mathbf {F}_2^4\). We choose \(C_{\mathrm {max}}\) as the space spanned by (1, 1|0, 0) and (0, 0|1, 1). For a classical secret \((m_1, m_2) \in \mathbf {F}_2^2\), define the map

*f*as \(f(m_1, m_2) = (m_1,0|m_2,0) + C_{\mathrm {max}} \in C^{\perp s}/ C_{\mathrm {max}}\). We can choose \([[2,0]]_2\) quantum code \(Q_0\) as the one-dimensional complex linear space spanned by the Bell state

*c*-qualified. When \(A=\{1\}\) or \(A=\{2\}\), we have

*c*-forbidden. We have determined the classical access structure completely, and we see that this scheme is perfect [39] in the sense that there is no intermediate set.

For completeness, we also note its quantum access structure. The set \(\{1,2\}\) is *q*-qualified and \(\emptyset \) is *q*-forbidden, of course. By [25, Eq. (3)], we see that \(\{1\}\) and \(\{2\}\) are intermediate, that is, neither qualified nor forbidden. This quantum access structure exemplifies the fact that *q*-qualifiedness implies *c*-qualifiedness, that *q*-forbiddenness implies *c*-forbiddenness and that their converses are generally false [33, Theorems 1 and 2]. It also exemplifies the fact that if quantum secret is larger than quantum shares, then the scheme cannot be perfect [8, 15].

## 3 Necessary and sufficient conditions on classically qualified and classically forbidden sets

Let \(A \subset \{1, \ldots , n\}\). Define \(\mathbf {F}_p^A = \{ (a_1, \ldots , a_n | b_1, \ldots , b_n) \in \mathbf {F}_p^{2n} : (a_i, b_i) = 0\) for \(i \notin A \}\). Let \(P_A\) be the projection map onto *A*, that is, \(P_A (a_1, \ldots , a_n | b_1, \ldots , b_n) = (a_i | b_i)_{i\in A}\).

### Theorem 4

*A*is

*c*-qualified if and only if

*A*is

*c*-forbidden if and only if

The proof is given after showing two examples below.

### Example 5

Consider the situation in Example 3. For \(A = \{1\}\) or \(A=\{2\}\), we see that \(C_{\mathrm {max}}\cap \mathbf {F}_2^A\) and \(C\cap \mathbf {F}_2^A\) are the zero linear space and that Eq. (2) holds. For \(A = \{1,2\}\), Eq. (1) is clearly true.

### Example 6

In this example, we show that a different choice of \(C_{\mathrm {max}}\) gives a different access structure. Let *C* be as Example 5 and \(C_{\mathrm {max}}\) be the linear space generated by (0, 0|1, 0) and (0, 0|0, 1). A classical secret \((m_1, m_2)\) is now encoded to \(|m_1 m_2\rangle \). For \(A = \{1\}\) or \(A=\{2\}\), both (1) and (2) are false and both \(A = \{1\}\) and \(A=\{2\}\) are intermediate sets. This example shows that the choice of \(C_{\mathrm {max}}\) is important.

### Proof

(Theorem 4) Assume Eq. (1). Then, there exists a basis \(\{(\mathbf {a}_1|\mathbf {b}_1) + C, \ldots , (\mathbf {a}_k|\mathbf {b}_k) + C \}\) of \(C_{\mathrm {max}}/C\) such that \((\mathbf {a}_i|\mathbf {b}_i) \in \mathbf {F}_p^A\). Since \(C_{\mathrm {max}}^{\perp s} = C_{\mathrm {max}}\), any two vectors in a coset \(V \in C^\perp / C_{\mathrm {max}}\) have the same value of the symplectic inner product against a fixed \((\mathbf {a}_i|\mathbf {b}_i)\), which will be denoted by \(\langle (\mathbf {a}_i|\mathbf {b}_i), V \rangle _s\). Suppose that we have two different cosets \(V_1\), \(V_2 \in C^\perp / C_{\mathrm {max}}\), and that \(\langle (\mathbf {a}_i|\mathbf {b}_i), V_1 \rangle _s = \langle (\mathbf {a}_i|\mathbf {b}_i), V_2 \rangle _s\) for all *i*. Since \(C_{\mathrm {max}}^{\perp s} = C_{\mathrm {max}}\), it means that \(V_1 - V_2 = C_{\mathrm {max}}\) is zero in \(C^\perp / C_{\mathrm {max}}\), a contradiction. We have seen that any two different cosets have different symplectic inner product values against some \((\mathbf {a}_i|\mathbf {b}_i)\). For each *i*, the *n* participants can collectively perform quantum projective measurement corresponding to the eigenspaces of \(X(\mathbf {a}_i)Z(\mathbf {b}_i)\) and can determine the symplectic inner product^{1} \(\langle (\mathbf {a}_i|\mathbf {b}_i), f(\mathbf {m})\rangle _s\) as [18, Lemma 5] when the classical secret is \(\mathbf {m}\). Since \((\mathbf {a}_i|\mathbf {b}_i)\) has nonzero components only at *A*, the above measurement can be done only by *A*, which means *A* can reconstruct \(\mathbf {m}\).

Assume that Eq. (1) is false. Since the orthogonal space of *C* in \(\mathbf {F}_p^A\) is isomorphic to \(P_A(C^{\perp s})\), which can be seen as the almost same argument as the duality between shortened linear codes and punctured linear codes [34], we see that \(\dim P_A(C^{\perp s}) / P_A(C_{\mathrm {max}}) < \dim C^{\perp s} / C_{\mathrm {max}}\). This means that there exists two different classical secrets \(\mathbf {m}_1\) and \(\mathbf {m}_2\) such that \(P_A(f(\mathbf {m}_1)) = P_A(f(\mathbf {m}_2))\). This means that the encoding procedures of \(\mathbf {m}_1\) and \(\mathbf {m}_2\) are exactly same on *A* and produce the same density matrix on *A*, which shows that *A* is not *c*-qualified.

Assume Eq. (2). Then, we have \(\dim P_A(C^{\perp s}) / P_A(C_{\mathrm {max}})=0\). This means that for all classical secrets \(\mathbf {m}\), \(P_A(f(\mathbf {m}))\) and their encoding procedures on *A* are same, which produces the same density matrix on *A* regardless of \(\mathbf {m}\). This shows that *A* is *c*-forbidden.

*A*. These observations show that

*A*is not

*c*-forbidden.

\(\square \)

### Remark 7

*A*being

*q*-qualified is [25, Eq. (3)]

Next, we give sufficient conditions in terms of the coset distance [11] or the first relative generalized Hamming weight [20]. To do so, we have to slightly modify them. For \((\mathbf {a}|\mathbf {b}) = (a_1, \ldots , a_n | b_1, \ldots , b_n) \in \mathbf {F}_p^n\), define its symplectic weight \(\mathrm {swt}(\mathbf {a}|\mathbf {b}) = | \{ i : (a_i\), \(b_i) \ne (0,0) \} |\). For \(V_2 \subset V_1 \subset \mathbf {F}_p^{2n}\), we define their coset distance as \(d_s(V_1, V_2) = \min \{ \mathrm {swt}(\mathbf {a}|\mathbf {b}) : (\mathbf {a}|\mathbf {b}) \in V_1 {\setminus } V_2 \}\).

### Theorem 8

If \(|A| \le d_s(C_{\mathrm {max}}, C)-1\), then *A* is *c*-forbidden. If \(|A| \ge n - d_s(C^{\perp s}, C_{\mathrm {max}}) + 1\), then *A* is *c*-qualified.

### Example 9

Consider the situation in Example 5. We have \(d_s(C^\perp , C_{\mathrm {max}}) =1\), which implies that 2 shares form a *c*-qualified set. We also have \(d_s(C_{\mathrm {max}}, C) = 2\), which implies that 1 share forms a *c*-forbidden set.

### Proof

(Theorem 8) If \(|A| \le d_s(C_{\mathrm {max}}, C)-1\), then there is no \((\mathbf {a}|\mathbf {b}) \in C_{\mathrm {max}}\cap \mathbf {F}_p^A {\setminus } C\cap \mathbf {F}_p^A\) and Eq. (2) holds.

Assume that \(|A| \ge n - d_s(C^{\perp s}, C_{\mathrm {max}}) + 1\), or equivalently, \(|\overline{A}| \le d_s(C^{\perp s}, C_{\mathrm {max}}) -1\). We have \(C^{\perp s}\cap \mathbf {F}_p^{\overline{A}} = C_{\mathrm {max}}\cap \mathbf {F}_p^{\overline{A}}\). We also have \(\mathbf {F}_p^{\overline{A}} = \ker (P_A)\), which means \(\dim P_A(C^{\perp s})- \dim P_A(C_{\mathrm {max}}) = \dim C^{\perp s}- \dim C_{\mathrm {max}} = k\). Since \(\dim C_{\mathrm {max}}\cap \mathbf {F}_p^{A} - \dim C\cap \mathbf {F}_p^{A} = \dim P_A(C^{\perp s})- \dim P_A(C_{\mathrm {max}}) = k\), we see that Eq. (1) holds with *A*. \(\square \)

### Remark 10

By Remark 7 and a similar argument to the last proof, we see that if \(|A| \le d_s(C^{\perp s}, C)-1\), then *A* is *q*-forbidden and that if \(|A| \ge n- d_s(C^{\perp s}, C)+1\), then *A* is *q*-qualified. Note that these observations can also be deduced from quantum erasure decoding and [15, Corollary 2] and are not novel.

## 4 Amount of information possessed by an intermediate set

Let \(A \subset \{1, \ldots , n\}\) with \(A \ne \emptyset \) and \(A \ne \{1, \ldots , n\}\). In this section, we study the amount of information possessed by *A*.

### Lemma 11

\(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_1)\varphi \rangle \langle f(\mathbf {m_1})\varphi |) = \mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_2)\varphi \rangle \langle f(\mathbf {m_2})\varphi |)\) if and only if \(f(\mathbf {m}_1)\) and \(f(\mathbf {m}_2)\) give the same symplectic inner product for all vectors in \(C_{\mathrm {max}} \cap \mathbf {F}_p^A\), and

\(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_1)\varphi \rangle \langle f(\mathbf {m_1})\varphi |))\) and \(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_2)\varphi \rangle \langle f(\mathbf {m_2})\varphi |))\) are orthogonal to each other if and only if \(f(\mathbf {m}_1)\) and \(f(\mathbf {m}_2)\) give different symplectic inner products for some vector \((\mathbf {a}|\mathbf {b})\) in \(C_{\mathrm {max}} \cap \mathbf {F}_p^A\).

### Proof

Assume that \(f(\mathbf {m}_1)\) and \(f(\mathbf {m}_2)\) give the same symplectic inner product for all vectors in \(C_{\mathrm {max}} \cap \mathbf {F}_p^A\). Then, we have \(\{ P_A(\mathbf {a}|\mathbf {b}) : (\mathbf {a}|\mathbf {b}) \in f(\mathbf {m}_1) \} = \{ P_A(\mathbf {a}|\mathbf {b}) : (\mathbf {a}|\mathbf {b}) \in f(\mathbf {m}_2) \}\), and the encoding procedure on *A* is the same for \(\mathbf {m}_1\) and \(\mathbf {m}_2\), which shows \(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_1)\varphi \rangle \langle f(\mathbf {m_1})\varphi |) = \mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_2)\varphi \rangle \langle f(\mathbf {m_2})\varphi |)\).

Assume that \(f(\mathbf {m}_1)\) and \(f(\mathbf {m}_2)\) give different symplectic inner products for some vector \((\mathbf {a}|\mathbf {b})\) in \(C_{\mathrm {max}} \cap \mathbf {F}_p^A\). Then, the quantum measurement corresponding to \(X(\mathbf {a})Z(\mathbf {b})\) can be performed only by the participants in *A* and by [18, Lemma 5] the outcomes for \(|f(\mathbf {m}_1) \varphi \rangle \) and \(|f(\mathbf {m}_2) \varphi \rangle \) are different with probability 1. This means that \(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_1)\varphi \rangle \langle f(\mathbf {m_1})\varphi |))\) and \(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_2)\varphi \rangle \langle f(\mathbf {m_2})\varphi |))\) are orthogonal to each other. \(\square \)

### Proposition 12

If \(\dim C_{\mathrm {max}}\cap \mathbf {F}_p^A/C \cap \mathbf {F}_p^A =\ell \), then the number of density matrices in \(\varLambda = \{ \mathrm {Tr}_{\overline{A}}(|f(\mathbf {m})\varphi \rangle \langle f(\mathbf {m})\varphi |) : \mathbf {m} \in \mathbf {F}_p^k \}\) is \(p^\ell \).

For a fixed density matrix \(\rho \in \varLambda \), the number of classical secrets \(\mathbf {m}\) such that \(\rho = \mathrm {Tr}_{\overline{A}}(|f(\mathbf {m})\varphi \rangle \langle f(\mathbf {m})\varphi |)\) is exactly \(p^{k-\ell }\).

### Proof

If \(P_A(\mathbf {u}_1|\mathbf {v}_1) + P_A(C_{\mathrm {max}}) \ne P_A(\mathbf {u}_2|\mathbf {v}_2) + P_A(C_{\mathrm {max}})\) for \((\mathbf {u}_i|\mathbf {v}_i) \in f(\mathbf {m}_i)\) with classical secrets \(\mathbf {m}_i\) (\(i=1\), 2), then by Lemma 11\(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_1)\varphi \rangle \langle f(\mathbf {m_1})\varphi |))\) and \(\mathrm {col}(\mathrm {Tr}_{\overline{A}}(|f(\mathbf {m}_2)\varphi \rangle \langle f(\mathbf {m}_2)\varphi |))\) are orthogonal. By the assumption, we have \(\dim C_{\mathrm {max}}\cap \mathbf {F}_p^A/C \cap \mathbf {F}_p^A = \dim P_A(C^{\perp s})/ P_A(C_{\mathrm {max}}) = \ell \). There are \(p^\ell \) elements in \(P_A(C^{\perp s})/ P_A(C_{\mathrm {max}})\), which shows the first claim.

The composite \(\mathbf {F}_p\)-linear map “\(\bmod \, P_A(C_{\mathrm {max}})\)” \(\circ P_A \circ f\) from \(\mathbf {F}_p^k\) to \(P_A(C^{\perp s})/ P_A(C_{\mathrm {max}})\) is surjective. Thus, the dimension of its kernel is \(k-\ell \), which shows the second claim. \(\square \)

### Definition 13

*A*of participants is defined as

### Remark 14

When the probability distribution of classical secrets \(\mathbf {m}\) is uniform, the quantity in Definition 13 is equal to the Holevo information [32, Section 12.1.1] counted in \(\log _2\). To see this, firstly, the set \(\varLambda \) in Proposition 12 consists of non-overlapping projection matrices and each matrix commutes with every other matrices in \(\varLambda \). So the Holevo information is just equal to the classical mutual information [9] between random variable *X*, corresponding to classical secrets in \(\mathbf {F}_p^k\), and random variable *Y*, corresponding to matrices in \(\varLambda \), where *Y* is given as a surjective function of *X*. By Proposition 12, *Y* has the uniform probability distribution. Therefore, \(I(X;Y) = H(Y)= \log _2 | \varLambda |=\) Eq. (5).

We say that a secret sharing scheme is \(r_i\)-reconstructible if \(|A| \ge r_i \) implies *A* has \(i \log _2 p\) or more bits of information [12]. We say that a secret sharing scheme is \(t_i\)-private if \(|A| \le t_i \) implies *A* has less than \(i \log _2 p\) bits of information [12]. In order to express \(r_i\) and \(t_i\) in terms of combinatorial properties of *C*, we introduce a slightly modified version of the relative generalized Hamming weight [20].

### Definition 15

*i*th relative generalized symplectic weight

Note that \(d_s^1=d_s\). The following theorem generalizes Theorem 8.

### Theorem 16

### Example 17

Consider the situation of Example 9. We have \(d_s^1(C_{\mathrm {max}}, C) = d_s^2(C_{\mathrm {max}}, C) =2\), and \(d_s^1(C^{\perp s}, C_{\mathrm {max}}) = d_s^2(C^{\perp s},C_{\mathrm {max}}) =1\). Unlike the relative generalized Hamming weight, we do not have the strict monotonicity in *i* of \(d_s^i\).

### Proof

(Theorem 16) Assume that \(|A| \le t_i\). By definition of \(d_s^i\), \(\dim C_{\mathrm {max}}\cap \mathbf {F}_p^A/C \cap \mathbf {F}_p^A \le i-1\), which shows the first claim.

Assume that \(|A| \ge r_i\). Then, \(|\overline{A}| \le d_s^i(C^{\perp s}, C_{\mathrm {max}}) - 1\), which implies \(\dim C^{\perp s} \cap \mathbf {F}_p^{\overline{A}} /C_{\mathrm {max}}\cap \mathbf {F}_p^{\overline{A}} \le i-1\). The last inequality implies \(\dim C_{\mathrm {max}}\cap \mathbf {F}_p^A/C \cap \mathbf {F}_p^A \ge k-i+1\). which shows the second claim. \(\square \)

## 5 Translations to arbitrary finite fields and to the ordinary Hamming weight

### 5.1 Translation to arbitrary finite fields

*M*be a \(\mu \times \mu \) invertible matrix over \(\mathbf {F}_p\) whose (

*i*,

*j*) element is \(\mathrm {Tr}_{q/p}(\gamma _i \gamma _j)\), where \(\mathrm {Tr}_{q/p}\) is the trace map from \(\mathbf {F}_q\) to \(\mathbf {F}_p\). Let \(\phi \) be an \(\mathbf {F}_p\)-linear isomorphism sending \((a_{1,1}, \ldots , a_{1,\mu }\), \(a_{2,1}, \ldots , a_{n,\mu }| b_{1,1}, \ldots , b_{1,\mu }\), \(b_{2,1}, \ldots , b_{n,\mu }) \in \mathbf {F}_p^{2\mu n}\) to

Ashikhmin and Knill proved the following.

### Proposition 18

[2] Let \(C \subset \mathbf {F}_q^{2n}\). Then, \(\dim _{\mathbf {F}_p} \phi ^{-1}(C) = \mu \dim _{\mathbf {F}_q} C\), and \(\phi ^{-1}(C)^{\perp s} = \phi ^{-1}(C^{\perp s})\), where \(\dim _{\mathbf {F}_q}\) is the dimension of a linear space considered over \(\mathbf {F}_q\).

Let \(C \subset C_{\mathrm {max}} = C_{\mathrm {max}}^{\perp s} \subset C^{\perp s} \subset \mathbf {F}_q^{2n}\) with \(\dim _{\mathbf {F}_q} C = n-k\). Then, we have \(\phi ^{-1}(C) \subset \phi ^{-1}(C_{\mathrm {max}}) = \phi ^{-1}(C_{\mathrm {max}})^{\perp s} \subset \phi ^{-1}(C)^{\perp s} \subset \mathbf {F}_p^{2\mu n}\) and we can construct a secret sharing scheme by \(\phi ^{-1}(C) \subset \phi ^{-1}(C_{\mathrm {max}})\). It encodes \(k\mu \log _2 p = k \log _2 q\) bits of classical secrets \(\mathbf {m} \in \mathbf {F}_q^k\) into \(\mu n\) qudits in \(\mathbf {C}_p\), which can also be seen as *n* qudits in \(\mathbf {C}_q\), where \(\mathbf {C}_q\) is the *q*-dimensional complex linear space. Let \(A \subset \{1, \ldots , n\}\). By abuse of notation, by \(\mathbf {F}_p^A\) we mean \(\{ (a_{1,1}, \ldots , a_{1,\mu }\), \(a_{2,1}, \ldots , a_{n,\mu }| b_{1,1}, \ldots , b_{1,\mu }\), \(b_{2,1}, \ldots , b_{n,\mu }) \in \mathbf {F}_p^{2\mu n} : a_{i,j} = b_{i,j} = 0\) for \(i\notin A\) and \(j=1, \ldots , \mu \}\).

*A*. We have

*A*is qualified if and only if \(\dim _{\mathbf {F}_q} C_{\mathrm {max}} \cap \mathbf {F}_q^A /C \cap \mathbf {F}_q^A = \dim _{\mathbf {F}_q} C_{\mathrm {max}} /C \), and*A*is forbidden if and only if \(\dim _{\mathbf {F}_q} C_{\mathrm {max}} \cap \mathbf {F}_q^A /C \cap \mathbf {F}_q^A = 0 \).

*A*has \((\log _2 q \times \dim _{\mathbf {F}_q} C_{\mathrm {max}} \cap \mathbf {F}_q^A /C \cap \mathbf {F}_q^A)\)-bits of information about the secret \(\mathbf {m} \in \mathbf {F}_q^k\), also generalizes the proof argument of Theorem 16, and implies that Theorem 16 also holds for \(\mathbf {F}_q\). In the sequel, we consider a qudit in \(\mathbf {C}_q\) as each share and \(\dim \) means the dimension over \(\mathbf {F}_q\).

### 5.2 Translation to the Hamming distance and the hermitian inner product

Many of results in the symplectic construction of quantum error-correcting codes over \(\mathbf {F}_q\) are translated to \(\mathbf {F}_{q^2}\)-linear codes with the hermitian inner product [2, 18, 29]. For \(\mathbf {x} \in \mathbf {F}_{q^2}^n\) define \(\mathbf {x}^q\) as the component-wise *q*th power of \(\mathbf {x}\). For two vectors \(\mathbf {x}\), \(\mathbf {y} \in \mathbf {F}_{q^2}\), define the hermitian inner product as \(\langle \mathbf {x}\), \(\mathbf {y}\rangle _h = \langle \mathbf {x}^q\), \(\mathbf {y}\rangle _E\). For \(D \subset \mathbf {F}_{q^2}^n\), \(D^{\perp h}\) denotes the orthogonal space of *D* with respect to the hermitian inner product.

Only in Sects. 5.2, 5.3 and 5.4, for \(A \subset \{1\),..., \(n\}\), define \(\mathbf {F}_q^A = \{ (a_1, \ldots , a_n) \in \mathbf {F}_q^n : a_i = 0\) for \(i \notin A \}\), and define \(P_A\) to be the projection map onto *A*, that is, \(P_A (a_1, \ldots , a_n) = (a_i)_{i\in A}\).

### Theorem 19

Let \(D \subset \mathbf {F}_{q^2}^n\) be an \(\mathbf {F}_{q^2}\)-linear space. We assume \(\dim D = k'\) and there exists \(D_{\mathrm {max}}\) such that \(D \subset D_{\mathrm {max}} \subset D^{\perp h}\) and \(D_{\mathrm {max}} = D_{\mathrm {max}}^{\perp h}\), which implies \(\dim D_{\mathrm {max}}=n/2\). Then, *D* defines a secret sharing scheme based on the quantum stabilizer defined by *D* encoding \(n-2k'\) symbols in \(\mathbf {F}_q\). A set \(A \subset \{1, \ldots , n\}\) is *c*-qualified if and only if \(\dim D_{\mathrm {max}} / D = \dim D_{\mathrm {max}}\cap \mathbf {F}_{q^2}^A / D\cap \mathbf {F}_{q^2}^A\). A set \(A \subset \{1, \ldots , n\}\) is *c*-forbidden if and only if \(0 = \dim D_{\mathrm {max}}\cap \mathbf {F}_{q^2}^A / D\cap \mathbf {F}_{q^2}^A\). If \(|A| \ge n-d_H(D^{\perp h}, D_{\mathrm {max}})+1\), then *A* is *c*-qualified, and if \(|A| \le d_H(D_{\mathrm {max}}, D)-1\), then *A* is *c*-forbidden, where \(d_H\) is the coset distance [11], or equivalently, the first relative generalized Hamming weight [20].

### Proof

The proof is almost same as [18]. \(\square \)

### Example 20

Consider the situation in Example 9. Then, \(D=\{0\}\) and \(D_{\mathrm {max}}\) is the one-dimensional \(\mathbf {F}_4\)-linear space spanned by (1, 1).

### 5.3 Translation to the Hamming distance and the Euclidean inner product

Let \(C_2 \subset C_1 \subset \mathbf {F}_q^n\). A method to construct symplectic-self-orthogonal \(C \subset \mathbf {F}_q^{2n}\) is to use \(\{ (\mathbf {a}|\mathbf {b}) : \mathbf {a} \in C_2\), \(\mathbf {b} \in C_1^{\perp E}\}\) as *C* [5, 18], where “\(\perp E\)” denotes the Euclidean dual. We have \(C^{\perp s} = \{ (\mathbf {a}|\mathbf {b}) : \mathbf {a} \in C_1\), \(\mathbf {b} \in C_2^{\perp E}\}\).

### Example 21

Example 6 can also be described by \(C_2 = \{0\}\), \(C_1 = \mathbf {F}_2^2\), and \(C'_{\mathrm {max}}=\{ (\mathbf {a}|\mathbf {b}) : \mathbf {a} \in C_2\), \(\mathbf {b} \in C_2^{\perp E}\}\).

### Remark 22

A suitable choice of \(C_{\mathrm {max}}\) is unclear as of this writing. A valid choice is \(C'_{\mathrm {max}}=\{ (\mathbf {a}|\mathbf {b}) : \mathbf {a} \in C_2\), \(\mathbf {b} \in C_2^{\perp E}\}\), which gives the standard encoding [6, 38] of the CSS codes. But this choice gives no advantage over the purely classical secret sharing constructed from linear codes \(C_2 \subset C_1\) [3, 7, 19, 23]. Because the necessary and sufficient condition for *c*-qualified *A* is \(\dim P_A(C_1)/P_A(C_2) = \dim C_1/C_2\) and the necessary and sufficient condition for *c*-forbidden *A* is \(\dim P_A(C_1)/P_A(C_2) = 0\) by combining [26, Section 4.1] and [33, Theorem 1], which are exactly same [12] as those of the purely classical secret sharing constructed from \(C_2 \subset C_1\).

### Theorem 23

Let \(E \subset \mathbf {F}_{q}^n\) be the \(\mathbf {F}_{q}\)-linear space. We assume \(\dim E = k'\), and there exists \(E_{\mathrm {max}}\) such that \(E \subset E_{\mathrm {max}} \subset E^{\perp E}\) and \(E_{\mathrm {max}} = E_{\mathrm {max}}^{\perp E}\), which implies \(\dim E_{\mathrm {max}}=n/2\). Then, *E* defines a secret sharing scheme based on the quantum stabilizer defined by *E* encoding \(n-2k'\) symbols in \(\mathbf {F}_q\). A set \(A \subset \{1, \ldots , n\}\) is *c*-qualified if and only if \(\dim E_{\mathrm {max}} / E = \dim E_{\mathrm {max}}\cap \mathbf {F}_{q}^A / E\cap \mathbf {F}_{q}^A\). A set \(A \subset \{1, \ldots , n\}\) is *c*-forbidden if and only if \(0 = \dim E_{\mathrm {max}}\cap \mathbf {F}_{q}^A / E\cap \mathbf {F}_{q}^A\). If \(|A| \ge n-d_H(E^{\perp E}, E_{\mathrm {max}})+1\), then *A* is *c*-qualified, and if \(|A| \le d_H(E_{\mathrm {max}}, E)-1\), then *A* is *c*-forbidden.

### Proof

The proof is almost same as [18]. \(\square \)

### Example 24

Example 3 is restored by choosing \(E=\{0\}\), \(E^{\perp E} = \mathbf {F}_2^2\), and \(E_{\mathrm {max}}\) as the \(\mathbf {F}_2\)-linear space spanned by (1, 1). Thus, we see that Theorem 23, in contrast to Remark 22, can provide a secret sharing scheme with an advantage over purely classical secret sharing.

### 5.4 Construction by the Reed–Solomon codes

*k*are positive even integers. Fix

*n*distinct elements \(\alpha _1, \ldots , \alpha _n \in \mathbf {F}_q\). Define

*j*th generalized Hamming weight \(d_H^j(V)\) is defined by [34]

*A*is forbidden if \(|A| \le n/2\) and

*A*is qualified if \(|A| \ge (n+k)/2\), by Theorem 8 or also by Theorem 23.

## 6 Gilbert–Varshamov-type existential condition

In this section, we give a sufficient condition for existence of \(C \subset C_{\mathrm {max}} = C_{\mathrm {max}}^{\perp s}\subset C^{\perp s} \subset \mathbf {F}_q^{2n}\), with given parameters.

### Theorem 25

*n*,

*k*, \(\delta _t\), \(\delta _r\) satisfy

### Proof

*A*(

*k*) be the set of pairs of linear spaces (

*V*,

*W*) such that \(\dim V = n-k\) and \(V \subset W = W^{\perp s} \subset V^{\perp s} \subset \mathbf {F}_q^{2n}\). For \(\mathbf {e} \in \mathbf {F}_q^{2n}\), define \(B_V(k,\mathbf {e}) = \{ (V, W) \in A(k) : \mathbf {e} \in V^{\perp s}{\setminus } W \}\) and \(B_W(k, \mathbf {e}) = \{ (V, W) \in A(k) : \mathbf {e} \in W {\setminus } V \}\). It is known in mathematics [1, Chapter 7]

for nonzero \(\mathbf {e}_1\), \(\mathbf {e}_2 \in \mathbf {F}_q^{2n}\), there exists \(M \in \mathrm {Sp}(q,n)\) such that \(M \mathbf {e}_1 = \mathbf {e}_2\), and

for \((V_1, W_1), (V_2, W_2) \in A(k)\), there exists \(M \in \mathrm {Sp}(q,n)\) such that \(MV_1 = V_2\) and \(MW_1 = W_2\).

*V*,

*W*) such that \(\mathbf {0} \ne \mathbf {e} \in W {\setminus } V\) is

*V*,

*W*) with the desired properties. The number of \(\mathbf {e}\) such that \(1 \le \mathrm {swt}(\mathbf {e}) \le \delta -1\) is given by

*V*,

*W*) required in Theorem 25. \(\square \)

We will derive an asymptotic form of Theorem 25.

### Theorem 26

*R*, \(\epsilon _t\) and \(\epsilon _r\) be nonnegative real numbers \(\le 1\). Define \(h_q(x) = -x \log _q x - (1-x)\log _q (1-x)\). For sufficiently large

*n*, if

### Proof

Proof can be done by almost the same argument as [30, Section III.C]. \(\square \)

Theorem 26 has a striking implication that we can construct a secret sharing scheme with roughly 19% of participants being forbidden independently of the size (i.e., *R* in Theorem 26) of classical secrets for \(q=2\) and large *n*, as \(h_2(0.19) + 0.19 \log _2 3 \simeq 1\). Such properties cannot be realized by classical shares.

## 7 Conclusion

In this paper, we considered construction of secret sharing schemes for classical secrets by quantum stabilizer codes and clarified their access structures, that is, qualified and forbidden sets, in terms of underlying quantum stabilizers. We expressed our findings in terms of linear spaces over finite fields associated with the quantum stabilizers and gave sufficient conditions for qualified and forbidden sets in terms of combinatorial parameters of the linear spaces over finite fields. It allowed us to use classical coding theoretic techniques, such as the Gilbert–Varshamov-type argument, and we obtained a sufficient condition for existence of a secret sharing scheme with given parameters. By using that sufficient condition, we demonstrated that there exist infinitely many quantum stabilizers with which associated access structures cannot be realized by any purely classical information processing. We have not thoroughly considered code construction, which is a future research agenda.

## Footnotes

- 1.
If we assume a non-prime finite field \(\mathbf {F}_q\) as our base field, then the quantum measurement outcome just determines [18, Lemma 5] \(\mathrm {Tr}_{q/p}(\langle (\mathbf {a}_i|\mathbf {b}_i), f(\mathbf {m})\rangle _s)\) in place of \(\langle (\mathbf {a}_i|\mathbf {b}_i), f(\mathbf {m})\rangle _s\), where \(\mathrm {Tr}_{q/p}\) is the trace map from \(\mathbf {F}_q\) to its prime subfield \(\mathbf {F}_p\). Assuming a non-prime field \(\mathbf {F}_q\) significantly complicates the proofs of Theorem 4 and Lemma 11. So we assume a prime finite field until Sect. 5.

## Notes

### Acknowledgements

The research problem was formulated in a discussion with Diego Ruano during the author’s stay at the University of Valladolid, Spain. Without the discussion with him, this paper would not exist. The author also thanks an anonymous reviewer for pointing out a related paper [13].

## References

- 1.Aschbacher, M.: Finite Group Theory, Cambridge Studies in Advanced Mathematics, vol. 10, 2nd edn. Cambridge University Press, Cambridge (2000). https://doi.org/10.1017/CBO9781139175319 CrossRefGoogle Scholar
- 2.Ashikhmin, A., Knill, E.: Nonbinary quantum stabilizer codes. IEEE Trans. Inf. Theory
**47**(7), 3065–3072 (2001). https://doi.org/10.1109/18.959288 MathSciNetCrossRefzbMATHGoogle Scholar - 3.Bains, T.: Generalized Hamming weights and their applications to secret sharing schemes. Master’s thesis, University of Amsterdam (2008). https://esc.fnwi.uva.nl/thesis/apart/math/thesis.php?start=391 (supervised by R. Cramer, G. van der Geer, and R. de Haan)
- 4.Calderbank, A.R., Rains, E.M., Shor, P.W., Sloane, N.J.A.: Quantum error correction and orthogonal geometry. Phys. Rev. Lett.
**78**(3), 405–408 (1997). https://doi.org/10.1103/PhysRevLett.78.405 ADSMathSciNetCrossRefzbMATHGoogle Scholar - 5.Calderbank, A.R., Rains, E.M., Shor, P.W., Sloane, N.J.A.: Quantum error correction via codes over GF(4). IEEE Trans. Inf. Theory
**44**(4), 1369–1387 (1998). https://doi.org/10.1109/18.681315 MathSciNetCrossRefzbMATHGoogle Scholar - 6.Calderbank, A.R., Shor, P.W.: Good quantum error-correcting codes exist. Phys. Rev. A
**54**(2), 1098–1105 (1996). https://doi.org/10.1103/PhysRevA.54.1098 ADSCrossRefGoogle Scholar - 7.Chen, H., Cramer, R., Goldwasser, S., de Haan, R., Vaikuntanathan, V.: Secure computation from random error correccting codes. In: Advances in Cryptology—EUROCRYPT 2007, Lecture Notes in Computer Science, vol. 4515, pp. 291–310. Springer (2007). https://doi.org/10.1007/978-3-540-72540-4_17 CrossRefGoogle Scholar
- 8.Cleve, R., Gottesman, D., Lo, H.K.: How to share a quantum secret. Phys. Rev. Lett.
**83**(3), 648–651 (1999). https://doi.org/10.1103/PhysRevLett.83.648 ADSCrossRefGoogle Scholar - 9.Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley Interscience, New York (2006). https://doi.org/10.1002/047174882X CrossRefzbMATHGoogle Scholar
- 10.dela Cruz, R., Meyer, A., Solé, P.: Extension of Massey scheme for secret sharing. In: Proceedings of ITW 2010. Dublin, Ireland (2010). https://doi.org/10.1109/CIG.2010.5592719
- 11.Duursma, I.M., Park, S.: Coset bounds for algebraic geometric codes. Finite Fields Appl.
**16**(1), 36–55 (2010). https://doi.org/10.1016/j.ffa.2009.11.006 MathSciNetCrossRefzbMATHGoogle Scholar - 12.Geil, O., Martin, S., Matsumoto, R., Ruano, D., Luo, Y.: Relative generalized Hamming weights of one-point algebraic geometric codes. IEEE Trans. Inf. Theory
**60**(10), 5938–5949 (2014). https://doi.org/10.1109/TIT.2014.2345375 MathSciNetCrossRefzbMATHGoogle Scholar - 13.Gheorghiu, V.: Generalized semiquantum secret-sharing schemes. Phys. Rev. A
**85**(5), 052309 (2012). https://doi.org/10.1103/PhysRevA.85.052309 ADSCrossRefGoogle Scholar - 14.Gottesman, D.: Class of quantum error-correcting codes saturating the quantum Hamming bound. Phys. Rev. A
**54**(3), 1862–1868 (1996). https://doi.org/10.1103/PhysRevA.54.1862 ADSMathSciNetCrossRefGoogle Scholar - 15.Gottesman, D.: Theory of quantum secret sharing. Phys. Rev. A
**61**(4), 042311 (2000). https://doi.org/10.1103/PhysRevA.61.042311 ADSMathSciNetCrossRefGoogle Scholar - 16.Hillery, M., Bužek, V., Berthiaume, A.: Quantum secret sharing. Phys. Rev. A
**59**, 1829–1834 (1999). https://doi.org/10.1103/PhysRevA.59.1829 ADSMathSciNetCrossRefzbMATHGoogle Scholar - 17.Karlsson, A., Koashi, M., Imoto, N.: Quantum entanglement for secret sharing and secret splitting. Phys. Rev. A
**59**, 162–168 (1999). https://doi.org/10.1103/PhysRevA.59.162 ADSCrossRefGoogle Scholar - 18.Ketkar, A., Klappenecker, A., Kumar, S., Sarvepalli, P.K.: Nonbainary stabilizer codes over finite fields. IEEE Trans. Inf. Theory
**52**(11), 4892–4924 (2006). https://doi.org/10.1109/TIT.2006.883612 CrossRefzbMATHGoogle Scholar - 19.Kurihara, J., Uyematsu, T., Matsumoto, R.: Secret sharing schemes based on linear codes can be precisely characterized by the relative generalized Hamming weight. IEICE Trans. Fundam.
**E95–A**(11), 2067–2075 (2012). https://doi.org/10.1587/transfun.E95.A.2067 CrossRefGoogle Scholar - 20.Luo, Y., Mitrpant, C., Han Vinck, A.J., Chen, K.: Some new characters on the wire-tap channel of type II. IEEE Trans. Inf. Theory
**51**(3), 1222–1229 (2005). https://doi.org/10.1109/TIT.2004.842763 MathSciNetCrossRefzbMATHGoogle Scholar - 21.Marin, A., Markham, D.: Equivalence between sharing quantum and classical secrets and error correction. Phys. Rev. A
**88**(4), 042332 (2013). https://doi.org/10.1103/PhysRevA.88.042332 ADSCrossRefGoogle Scholar - 22.Markham, D., Sanders, B.C.: Graph states for quantum secret sharing. Phys. Rev. A
**78**(4), 042309 (2008). https://doi.org/10.1103/PhysRevA.78.042309 ADSMathSciNetCrossRefzbMATHGoogle Scholar - 23.Martínez-Peñas, U.: On the similarities between generalized rank and Hamming weights and their applications to network coding. IEEE Trans. Inf. Theory
**62**(7), 4081–4095 (2016). https://doi.org/10.1109/TIT.2016.2570238 MathSciNetCrossRefzbMATHGoogle Scholar - 24.Matsumoto, R.: Quantum stabilizer codes can realize access structures impossible by classical secret sharing. IEICE Trans. Fundam.
**E100–A**(12), 2738–2739 (2017). https://doi.org/10.1587/transfun.E100.A.2738 CrossRefGoogle Scholar - 25.Matsumoto, R.: Unitary reconstruction of secret for stabilizer based quantum secret sharing. Quant. Inf. Process.
**16**(8), 202 (2017). https://doi.org/10.1007/s11128-017-1656-1 ADSMathSciNetCrossRefzbMATHGoogle Scholar - 26.Matsumoto, R.: Coding theoretic construction of quantum ramp secret sharing. IEICE Trans. Fundam.
**E101–A**(8), 1215–1222 (2018). https://doi.org/10.1587/transfun.E101.A.1215 CrossRefGoogle Scholar - 27.Matsumoto, R.: Exploring quantum supremacy in access structures of secret sharing by coding theory. In: Proceedings of 2018 ISITA, pp. 331–333. Singapore (2018). https://doi.org/10.23919/ISITA.2018.8664271
- 28.Matsumoto, R.: Classical access structures of ramp secret sharing based on quantum stabilizer codes. In: Proceedings of WCC 2019, paper no. 2. Saint-Jacut-de-la-Mer, France (2019). https://www.lebesgue.fr/sites/default/files/proceedings_WCC/WCC_2019_paper_2.pdf
- 29.Matsumoto, R., Uyematsu, T.: Constructing quantum error-correcting codes for \(p^m\)-state systems from classical error-correcting codes. IEICE Trans. Fundam.
**E83–A**(10), 1878–1883 (2000)Google Scholar - 30.Matsumoto, R., Uyematsu, T.: Lower bound for the quantum capacity of a discrete memoryless quantum channel. J. Math. Phys.
**43**(9), 4391–4403 (2002). https://doi.org/10.1063/1.1497999 ADSMathSciNetCrossRefzbMATHGoogle Scholar - 31.McEliece, R.J., Sarwate, D.V.: On sharing secrets and Reed-Solomon codes. Commun. ACM
**24**(9), 583–584 (1981). https://doi.org/10.1145/358746.358762 MathSciNetCrossRefGoogle Scholar - 32.Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000). https://doi.org/10.1017/CBO9780511976667 CrossRefzbMATHGoogle Scholar
- 33.Ogawa, T., Sasaki, A., Iwamoto, M., Yamamoto, H.: Quantum secret sharing schemes and reversibility of quantum operations. Phys. Rev. A
**72**(3), 032318 (2005). https://doi.org/10.1103/PhysRevA.72.032318 ADSCrossRefGoogle Scholar - 34.Pless, V.S., Huffman, W.C., Brualdi, R.A.: An introduction to algebraic codes. In: Pless, V.S., Huffman, W.C. (eds.) Handbook of Coding Theory, pp. 3–139. Elsevier, Amsterdam (1998)Google Scholar
- 35.Sarvepalli, P.K.: Nonthreshold quantum secret-sharing schemes in the graph-state formalism. Phys. Rev. A
**86**(4), 042303 (2012). https://doi.org/10.1103/PhysRevA.86.042303 ADSCrossRefGoogle Scholar - 36.Shamir, A.: How to share a secret. Commun. ACM
**22**(11), 612–613 (1979). https://doi.org/10.1145/359168.359176 MathSciNetCrossRefzbMATHGoogle Scholar - 37.Smith, A.D.: Quantum secret sharing for general access structures (2000). arXiv:quant-ph/0001087
- 38.Steane, A.M.: Multiple particle interference and quantum error correction. Proc. R. Soc. Lond. Ser. A
**452**(1954), 2551–2577 (1996). https://doi.org/10.1098/rspa.1996.0136 ADSMathSciNetCrossRefzbMATHGoogle Scholar - 39.Stinson, D.R.: Cryptography Theory and Practice, 3rd edn. Chapman & Hall, London (2006). https://doi.org/10.1201/9781420057133 CrossRefzbMATHGoogle Scholar

## Copyright information

**Open Access**This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.