[0002] 由Yao[1]首次提出以及Goldreic等[2]进行扩展的安全多方计算,是经典密码学一个重要的子领域。自然而然地,量子力学的物理原理能否被应用到安全多方计算,成为一个重要且有趣的问题。至今,许多研究者已经就量子情形下的安全多方计算开展研究[3-6]。Lo[3]认为,在两方情形下,一个相等性函数不能被安全地衡量。因此,某些额外的假设,如一个第三方(Third party,TP),应当被考虑。Ben-Or等[4]研究了如下问题:为了使分布式量子计算成为可能,多少个参与者必须保持忠诚?Chau[5]提出一种方案用量子技术来改进经典多方计算的速度。Smith[6]指出,只要不忠诚参与者的人数少于n/6,任何多方量子计算可以是安全的。
[0003] 安全多方求和,可被用于为其他多方计算构建复杂安全方法,是安全多方计算的一个基本问题。它可被描述如下[7]:n个参与者,P1,P2,...,Pn,想计算一个求和函数f(x1,x2,...,xn),其中xi是来自Pi的秘密数值。这个函数的结果可被公开或私下告诉某个特殊的参与者。安全多方求和的任务是保证参与者输入的隐私性以及计算的正确性。在2002年,Heinrich[8]研究将量子求和应用到积分。在2003年,Heinrich[9]研究最差平均情形下可重复的量子布尔函数。在2006年,Hillery[10]利用两粒子N级纠缠态提出一个多方量子求和方法,能在确保参与者的匿名性的前提下完成投票流程中N个参与者的求和。在2007年,Du等[11]利用非正交态提出一个新颖的安全量子模n+1(n≥2)求和方法,能秘密地将一个数加到一个未知数。这里,n代表所有参与者的人数。在2010年,Chen等[7]提出一个基于多粒子GHZ纠缠态的量子模2求和方法。在2014年,Zhang等[12]构建一个基于单光子极化和空模两个自由度的高容量量子模2求和方法。在2015年,Zhang等[13]利用六量子比特真正最大纠缠态提出一个三方量子模2求和方法。在2016年,Shi等[14]认为文献[7,11]的方法存在两个缺点:一方面,这两个方法的模太小,导致更广泛的应用受到限制;另一方面,由于它们的比特对比特的计算和通信方式,这两个方法不具备足够高的通信效率。然后,他们利用量子傅里叶变换和控制非操作提出一个量子模N求和方法,以整数加整数的方式而非比特加比特的方式计算求和。这里,N=2m,m是一个基态的量子比特的数量。在这个方法中,安全多方求和的计算通过量子傅里叶变换被安全地转换成相应相位信息的计算,而后相位信息通过量子傅里叶逆变换被提取出来。在2017年,Shi和Zhang[15]提出一类特殊两方隐私求和问题的一种通用量子解决方法。同年,Zhang等[16]利用单光子提出一个不需可信TP的多方量子模2求和方法。
[0004] 另一方面,自从Bennett和Brassard[17]在1984年提出量子密码学,由于它可以通过量子力学的物理原理在理论上达到无条件安全性,量子密码学也已经吸引许多注意力。在过去三十多年,量子密码学被广泛地研究以致于许多分支已经被建立起来,如量子密钥分配(Quantum key distribution,QKD)[17-21]、量子安全直接通信(Quantum secure direct communication,QSDC)[22-24]、量子秘密共享(Quantum secret sharing,QSS)[25-27]、量子密钥协商(Quantum key agreement,QKA)[28-56]等。在QKD和QKA之间存在一个显著的区别。在一个QKD方法中,所有参与者依赖于一个负责将事先预定的密钥分发给其他参与者的可信权威。在一个QKA方法中,所有参与者对量子信道中共享密钥的产生与分发有着相同的贡献,任何非最小子集的参与者不能单独决定共享密钥。近年,QKA已经成为量子密码学的一个热门研究课题。这样,许多QKA方法[28-56]被设计出来。
[0005] 基于以上分析,本发明通过将量子求和吸收进QKA提出一个新的概念,即量子求和协商(Quantum summation agreement,QSA),并构建了一个新颖的基于量子傅里叶变换的安全多方QSA方法。本发明的方法能抵抗外在攻击和参与者攻击。特别地,非最小子集的参与者不能成功单独决定共享的求和计算结果。另外,本发明的方法计算模d和,并且都以整数加整数的方式而非比特加比特的方式计算求和。
[0006] 参考文献
[0007] [1]Yao,A.C.:Protocols for secure computations.In:Proceedings of 23rd IEEE Symposium on Foundations of Computer Science(FOCS’82),Washington,DC,USA,1982,pp.160
[0008] [2]Goldreich,O.,Micali,S.,Wigderson,A.:How to play ANY mental game.In:Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC’87),1987,pp.218
[0009] [3]Lo,H.K.:Insecurity of quantum secure computations.Phys Rev A,1997,56(2):1154-1162
[0010] [4]Ben-Or,M.,Crepeau,C.,Gottesman,D.,Hassidim,A.,Smith,A.:Secure multiparty quantum computation with(only)a strict honest majority.In:47th Annual IEEE Symposium on Foundations of Computer Science.FOCS’06,2006,pp.249-260.IEEE,New York
[0011] [5]Chau,H.F.:Quantum-classical complexity-security tradeoff in secure multiparty computations.Phys Rev A,2000,61:032308
[0012] [6]Smith,A.:Multi-party quantum computation.2010,arXiv:quant-ph/0111030
[0013] [7]Chen,X.B.,Xu,G.,Yang,Y.X.,Wen,Q.Y.:An efficient protocol for the secure multi-party quantum summation.Int J Theor Phys,2010,49(11):2793-2804[0014] [8]Heinrich,S.:Quantum summation with an application to integration.J Complex,2002,18:1-50
[0015] [9]Heinrich,S.,Kwas,M.,Wozniakowski,H.:Quantum Boolean summation with repetitions in the worst-average setting.2003,arXiv:quant-ph/0311036[0016] [10]Hillery,M.,Ziman,M.,Buzek,V.,Bielikova,M.:Towards quantum-based privacy and voting.Phys Lett A,2006,349:75
[0017] [11]Du,J.Z.,Chen,X.B.,Wen,Q.Y.,Zhu,F.C.:Secure multiparty quantum summation.Acta Phys Sin,2007,56(11):6214-6219
[0018] [12]Zhang,C.,Sun,Z.W.,Huang,Y.,Long,D.Y.:High-capacity quantum summation with single photons in both polarization and spatial-mode degrees of freedom.Int J Theor Phys,2014,53(3):933-941
[0019] [13]Zhang,C.,Sun,Z.W.,Huang,X.:Three-party quantum summation without a trusted third party.Int J Quantum Inf,2015,13(2):1550011
[0020] [14]Shi,R.h.,Mu,Y.,Zhong,H.,Cui,J.,Zhang,S.:Secure multiparty quantum computation for summation and multiplication.Sci Rep,2016,6:19655[0021] [15]Shi,R.H.,Zhang,S.:Quantum solution to a class of two-party private summation problems.Quantum Inf Process,2017,16:225
[0022] [16]Zhang,C.,Situ,H.Z.,Huang,Q.,Yang,P.:Multi-party quantum summation without a trusted third party based on single particles.Int J Quantum Inf,2017,15(2):1750010
[0023] [17]Bennett,C.H.,Brassard,G.:Quantum cryptography:public-key distribution and coin tossing.In:Proceedings of the IEEE International Conference on Computers,Systems and Signal Processing.Bangalore:IEEE Press,1984,175-179
[0024] [18]Ekert,A.K.:Quantum cryptography based on Bell’s theorem.Phys Rev Lett,1991,67(6):661-663
[0025] [19]Bennett,C.H.:Quantum cryptography using any two nonorthogonal states.Phys Rev Lett,1992,68(21),3121
[0026] [20]Cabello,A.:Quantum key distribution in the Holevo limit.Phys Rev Lett,2000,85:5635
[0027] [21]Shih,H.C.,Lee,K.C.,Hwang,T.:New efficient three-party quantum key distribution protocols.IEEE J Sel Top Quantum Electron,2009,15(6),1602-1606[0028] [22]Long,G.L.,Liu,X.S.:Theoretically efficient high-capacity quantum-key-distribution scheme.Phys Rev A,2002,65:032302
[0029] [23]Deng,F.G.,Long,G.L.,Liu,X.S.:Two-step quantum direct communication protocol using the Einstein-Podolsky-Rosen pair block.Phys Rev A,2003,68:042317
[0030] [24]Deng,F.G.,Long,G.L.:Secure direct communication with a quantum one-time pad.Phys Rev A,2004,69:052319
[0031] [25]Hillery,M.,Buzek,V.,Berthiaume,A.:Quantum secret sharing.Phys Rev A,1999,59:1829-1834
[0032] [26]Karlsson,A.,Koashi,M.,Imoto,N.:Quantum entanglement for secret sharing and secret splitting.Phys Rev A,1999,59:162-168
[0033] [27]Xiao,L.,Long,G.L.,Deng,F.G.,Pan,J.W.:Efficient multiparty quantum-secret-sharing schemes.Phys Rev A,2004,69:052307
[0034] [28]Zhou,N.,Zeng,G.,Xiong,J.:Quantum key agreement protocol.Electron Lett,2004,40:1149
[0035] [29]Chong,S.K.,Tsai,C.W.,Hwang,T.:Improvement on quantum key agreement protocol with maximally entangled states.Int J Theor Phys,2011,50:1793-1802
[0036] [30]Chong,S.K.,Hwang,T.:Quantum key agreement protocol based on BB84.Opt Commun,2010,283:1192-1195
[0037] [31]Liu,B.,Gao,F.,Huang,W.,et al.:Multiparty quantum key agreement with single particles.Quantum Inf Process,2013,12(4):1797-1805
[0038] [32]Yin,X.R.,Wen,W.P.,Shen,D.S.,et al.:Three-party quantum key agreement with Bell states.Acta Phys Sin,2013,62(17):170304
[0039] [33]Shi,R.H.,Zhong,H.:Multi-party quantum key agreement with Bell states and Bell measurements.Quantum Inf Process,2013,12(2):921-932[0040] [34]Yin,X.R.,Wen,W.P.,Liu,W.Y.:Three-party quantum key agreement with two-photon entanglement.Int J Theor Phys,2013,52(11),3915-3921
[0041] [35]Sun,Z.W.,Zhang,C.,Wang,B.H.,et al.:Improvements on“multiparty quantum key agreement with single particles”.Quantum Inf Process,2013,12(11):3411-3420
[0042] [36]Huang,W.,Wen,Q.Y.,Liu,B.,et al.:Quantum key agreement with EPR pairs and single-particle measurements.Quantum Inf Process,2014,13(3):649-663[0043] [37]Huang,W.,Su,Q.,Wu,X.,et al.:Quantum key agreement against collective decoherence.Int J Theor Phys,2014,53:2891-2901
[0044] [38]Shen,D.S.,Ma,W.P.,Wang,L.L.:Two-party quantum key agreement with four-qubit cluster states.Quantum Inf Process,2014,13(10):2313-2324[0045] [39]Xu,G.B.,Wen,Q.Y.,Gao,F.,Qin,S.J.:Novel multiparty quantum key agreement protocol with GHZ states.Quantum Inf Process,2014,13(12):2587-2594[0046] [40]Shukla,C.,Alam,N.,Pathak,A.:Protocols of quantum key agreement solely using Bell states and Bell measurement.Quantum Inf Process,2014,13(11):2391-2405
[0047] [41]Huang,W.,Wen,Q.Y.,Liu,B.,et al.:Cryptanalysis of a multi-party quantum key agreement protocol with single particles.Quantum Inf Process,2014,13(7):1651-1657
[0048] [42]He,Y.F.,Ma,W.P.:Quantum key agreement protocols with four-qubit cluster states.Quantum Inf Process,2015,14(9):3483-3498
[0049] [43]Zhu,Z.C.,Hu,A.Q.,Fu,A.M.:Improving the security of protocols of quantum key agreement solely using Bell states and Bell measurement.Quantum Inf Process,2015,14(11):4245-4254
[0050] [44]Sun,Z.W.,Yu,J.P.,Wang,P.:Efficient multi-party quantum key agreement by cluster states.Quantum Inf Process,2016,15(1):373-384[0051] [45]Sun,Z.W.,Zhang,C.,Wang,P.,Yu,J.P.,Zhang,Y.,Long,D.Y.:Multi-party quantum key agreement by an entangled six-qubit state.Int J Theor Phys,2016,55(3):1920-1929
[0052] [46]Zhu,Z.C.,Hu,A.Q.,Fu,A.M.:Participant attack on three-party quantum key agreement with two-photon entanglement.Int J Theor Phys,2016,55:55-61
[0053] [47]He,Y.F.,Ma,W.P.:Two-party quantum key agreement against collective noise.Quantum Inf Process,2016,15:5023-5035
[0054] [48]Liu,B.,Xiao,D.,Jia,H.Y.,Liu,R.Z.:Collusive attacks to“circle-type”multi-party quantum key agreement protocols.Quantum Inf Process,2016,15:2113-2124
[0055] [49]Sun,Z.W.,Huang,J.W.,Wang,P.:Efficient multiparty quantum key agreement protocol based on commutative encryption.Quantum Inf Process,2016,15:2101-2111
[0056] [50]Huang,W.,Su,Q.,Xu,B.J.,Liu,B.,Fan,F.,Jia,H.Y.,Yang,Y.H.:Improved multiparty quantum key agreement in travelling mode.Sci China-Phys Mech Astron,2016,59:120311
[0057] [51]Mohajer,R.,Eslami,Z.:Cryptanalysis of a multiparty quantum key agreement protocol based on commutative encryption.Quantum Inf Process,2017,16:197
[0058] [52]Cao,H.,Ma,W.P.:Multiparty quantum key agreement based on quantum search algorithm.Sci Rep,2017,7:45046
[0059] [53]Wang,P.,Sun,Z.W.,Sun,X.Q.:Multi-party quantum key agreement protocol secure against collusion attacks.Quantum Inf Process,2017,16:170[0060] [54]Cai,B.B.,Guo,G.D.,Lin,S.:Multi-party quantum key agreement without entanglement.Int J Theor Phys,2017,56:1039-1051
[0061] [55]Wang,L.L.,Ma,W.P.:Quantum key agreement protocols with single photon in both polarization and spatial-mode degrees of freedom.Quantum Inf Process,2017,16:130
[0062] [56]He,Y.F.,Ma,W.P.:Two quantum key agreement protocols immune to collective noise.Int J Theor Phys,DOI 10.1007/s10773-016-3165-x
[0063] [57]Li,C.Y.,Zhou,H.Y.,Wang,Y.,Deng,F.G.:Secure quantum key distribution network with Bell states and local unitary operations.Chin Phys Lett,2005,22(5):1049
[0064] [58]Li,C.Y.,Li,X.H.,Deng,F.G.,Zhou,P.,Liang,Y.J.,Zhou,H.Y.:Efficient quantum cryptography network without entanglement and quantum memory.Chin Phys Lett,2006,23(11):2896
[0065] [59]Shor P.W.,Preskill,J.:Simple proof of security of the BB84 quantum key distribution protocol.Phys Rev Lett,2000,85(2):441
[0066] [60]Chen,Y.,Man,Z.X.,Xia,Y.J.:Quantum bidirectional secure direct communication via entanglement swapping.Chin Phys Lett,2007,24(1):19[0067] [61]Ye,T.Y.,Jiang,L.Z.:Improvement of controlled bidirectional quantum direct communication using a GHZ state.Chin Phys Lett,2013,30(4):040305
[0068] [62]Gao,F.,Qin,S.J.,Wen,Q.Y.,Zhu,F.C.:A simple participant attack on the Bradler-Dusek protocol.Quantum Inf Comput,2007,7:329
[0069] [63]Gao,F.,Wen,Q.Y.,Zhu,F.C.:Comment on:“quantum exam”[Phys Lett A 350(2006)174].Phys Lett A,2007,360(6):748-750
[0070] [64]Guo,F.Z.,Qin,S.J.,Gao,F.,Lin,S.,Wen,Q.Y.,Zhu,F.C.:Participant attack on a kind of MQSS schemes based on entanglement swapping.The European Physical Journal D,2010,56(3):445-448
[0071] [65]Qin,S.J.,Gao,F.,Wen,Q.Y.,Zhu,F.C.:Cryptanalysis of the Hillery-Buzek-Berthiaume quantum secret-sharing protocol.Phys Rev A,2007,76(6):062324[0072] [66]Cai,Q.Y.:Eavesdropping on the two-way quantum communication protocols with invisible photons.Phys Lett A,2006,351(1-2):23-25
[0073] [67]Gisin,N.,Ribordy,G.,Tittel,W.,Zbinden,H.:Quantum cryptography.Rev Mod Phys,2002,74(1):145-195
[0074] [68]Deng,F.G.,Zhou,P.,Li,X.H.,Li,C.Y.,Zhou,H.Y.:Robustness of two-way quantum communication protocols against Trojan horse attack.2005,arXiv:quant-ph/0508168
[0075] [69]Li,X.H.,Deng,F.G.,Zhou,H.Y.:Improving the security of secure direct communication based on the secret transmitting order of particles.Phys Rev A,2006,74:054302