1. Introduction
2. Review on Ji and Ye's protocol
| 1. Suppose that Alice and Bob have the secret data X and Y respectively, and that the binary representations of X and Y are $\left({x}_{1},{x}_{2},\ldots ,{x}_{N}\right)$ and $\left({y}_{1},{y}_{2},\ldots ,{y}_{N}\right)$ respectively, where ${x}_{j},{y}_{j}$ ∈$\{0,1\}\forall j\in \{1,2,\ldots ,N\}$, hence $X\,={\sum }_{j=1}^{N}{x}_{j}{2}^{j-1}$, $Y={\sum }_{j=1}^{N}{y}_{j}{2}^{j-1}$. | |
| 2. Alice(Bob) divides the binary representation of X(Y) into $\lceil N/2\rceil $ groups: $ \begin{eqnarray}{G}_{A}^{1},{G}_{A}^{2},\ldots ,{G}_{A}^{\lceil \tfrac{N}{2}\rceil }({G}_{B}^{1},{G}_{B}^{2},\ldots ,{G}_{B}^{\lceil \tfrac{N}{2}\rceil }).\end{eqnarray}$ Each group ${G}_{A}^{i}({G}_{B}^{i})$ includes two bits, where $i=1,2,\ldots ,\lceil N/2\rceil $ throughout this protocol. If N mod 2 = 1, Alice (Bob) adds one 0 into the last group ${G}_{A}^{\lceil N/2\rceil }({G}_{B}^{\lceil N/2\rceil })$. | |
| 3. Alice and Bob generate the shared key sequences $\{{K}_{A}^{1},{K}_{A}^{2},\ldots ,{K}_{A}^{\lceil N/2\rceil }\}$ and $\{{K}_{B}^{1},{K}_{B}^{2},\ldots ,{K}_{B}^{\lceil N/2\rceil }\}$ through a QKD protocol, where ${K}_{A}^{i}$, ${K}_{B}^{i}\in \{00,01,10,11\}$. Similarly, Alice(Bob) and TP generate the shared key sequence $\{{K}_{{AC}}^{1},{K}_{{AC}}^{2},\ldots ,{K}_{{AC}}^{\lceil N/2\rceil }\}$ ($\{{K}_{{BC}}^{1},{K}_{{BC}}^{2},\ldots ,{K}_{{BC}}^{\lceil N/2\rceil }\}$), where ${K}_{{AC}}^{i},{K}_{{BC}}^{i}\in \{00,01,10,11\}$. | |
| 4. Alice, Bob and TP agree on the following coding rules: $\left|0\right\rangle \leftrightarrow 0,\left|1\right\rangle \leftrightarrow 1,\left|{\phi }^{+}\right\rangle \leftrightarrow 00,\left|{\phi }^{-}\right\rangle \leftrightarrow 11,\left|{\psi }^{+}\right\rangle \leftrightarrow 01$, and $\left|{\psi }^{-}\right\rangle \leftrightarrow 10$. |
| 1. TP prepares $\lceil N/2\rceil $ copies of the highly entangled six-qubit genuine state $\left|{\rm{\Upsilon }}\right\rangle $, and marks them by $ \begin{eqnarray}\begin{array}{l}\left|{\rm{\Upsilon }}({p}_{1}^{1},{p}_{1}^{2},{p}_{1}^{3},{p}_{1}^{4},{p}_{1}^{5},{p}_{1}^{6})\right\rangle ,\\ \left|{\rm{\Upsilon }}({p}_{2}^{1},{p}_{2}^{2},{p}_{2}^{3},{p}_{2}^{4},{p}_{2}^{5},{p}_{2}^{6})\right\rangle ,\ldots ,\\ \left|{\rm{\Upsilon }}({p}_{\lceil N/2\rceil }^{1},{p}_{\lceil N/2\rceil }^{2},{p}_{\lceil N/2\rceil }^{3},{p}_{\lceil N/2\rceil }^{4},{p}_{\lceil N/2\rceil }^{5},{p}_{\lceil N/2\rceil }^{6})\right\rangle ,\end{array}\end{eqnarray}$ in turn to generate an ordered sequence, where the subscripts $1,2,\ldots ,\lceil N/2\rceil $ denote the order of the highly entangled six-qubit genuine states in the sequence, and the superscripts 1, 2, 3, 4, 5, 6 denote six particles in one state. Then TP takes the first two particles out from $\left|{\rm{\Upsilon }}({p}_{i}^{1},{p}_{i}^{2},{p}_{i}^{3},{p}_{i}^{4},{p}_{i}^{5},{p}_{i}^{6})\right\rangle $ to construct the new sequence $ \begin{eqnarray}{p}_{1}^{1},{p}_{1}^{2},{p}_{2}^{1},{p}_{2}^{2},\ldots ,{p}_{\lceil N/2\rceil }^{1},{p}_{\lceil N/2\rceil }^{2},\end{eqnarray}$ and denotes it as SA. Similarly, he takes out the third and fourth particles to construct another new sequence $ \begin{eqnarray}{p}_{1}^{3},{p}_{1}^{4},{p}_{2}^{3},{p}_{2}^{4},\ldots ,{p}_{\lceil N/2\rceil }^{3},{p}_{\lceil N/2\rceil }^{4},\end{eqnarray}$ and denotes it as SB. The remaining particles construct another new sequence $ \begin{eqnarray}{p}_{1}^{5},{p}_{1}^{6},{p}_{2}^{5},{p}_{2}^{6},\ldots ,{p}_{\lceil N/2\rceil }^{5},{p}_{\lceil N/2\rceil }^{6},\end{eqnarray}$ denoted as SC. | |
| 2. TP prepares two sets of decoy photons in which each decoy photon is chosen randomly from the single-particle states $\left|0\right\rangle ,\left|1\right\rangle ,\left|+\right\rangle ,\left|-\right\rangle $, where $\left|\pm \right\rangle $ = $1/\sqrt{2}\left(\left|0\right\rangle \pm \left|1\right\rangle \right)$. Then he inserts randomly the two sets of decoy photons into SA and SB, respectively, and records the insertion positions. Finally, he denotes the two new generated sequences as ${S}_{A}^{* }$ and ${S}_{B}^{* }$, and sends them to Alice and Bob, respectively. | |
| 3. After receiving ${S}_{A}^{* }$ and ${S}_{B}^{* }$, TP and Alice(Bob) use the decoy photons in ${S}_{A}^{* }$ and ${S}_{B}^{* }$ to judge whether eavesdroppers exist in quantum channels. The error rate exceeding the predetermined threshold will lead to the termination and restart of the protocol, otherwise the protocol proceeds to the next step. | |
| 4. Alice(Bob) measures the two particles marked by ${p}_{i}^{1},{p}_{i}^{2}$ (${p}_{i}^{3},{p}_{i}^{4}$) in ${S}_{A}({S}_{B})$ with Z basis ($\{\left|0\right\rangle ,\left|1\right\rangle \}$), and denotes the binary numbers corresponding to the measurement results as ${M}_{A}^{i}({M}_{B}^{i})$. Then, Alice(Bob) calculates ${G}_{A}^{i}\,\oplus {M}_{A}^{i}\oplus {K}_{{AC}}^{i}\oplus {K}_{A}^{i}$ (${G}_{B}^{i}\oplus {M}_{B}^{i}\oplus {K}_{{BC}}^{i}\oplus {K}_{B}^{i}$), and marks the calculation results by ${R}_{A}^{i}({R}_{B}^{i})$. Finally, Alice(Bob) announces ${R}_{A}^{i}({R}_{B}^{i})$ to TP. | |
| 5. After receiving ${R}_{A}^{i}({R}_{B}^{i})$, TP performs Bell measurements on the particles marked by ${p}_{i}^{5},{p}_{i}^{6}$ in SC, and marks the binary numbers corresponding to the measurement results by MCi. Then, he calculates ${R}_{A}^{i}\oplus {R}_{B}^{i}\oplus {K}_{{AC}}^{i}\,\oplus {K}_{{BC}}^{i}\oplus {M}_{C}^{i}$, and marks the calculation results by Ri. Finally, he announces Ri to Alice and Bob. | |
| 6. After receiving Ri, Alice and Bob calculate ${R}_{i}\oplus {K}_{A}^{i}\,\oplus {K}_{B}^{i}$, respectively, and mark the calculation results by ${R}_{i}^{{\prime} }$. If ${R}_{i}^{{\prime} }=00$ (i.e. each classical bits in ${R}_{i}^{{\prime} }$ is 0), they conclude that their data X and Y are the same. Otherwise, they conclude that X and Y are different and stop the comparison. |
3. Information leakage problem
3.1. Information leakage under Wu et al's active attack
| 1. In the second step of Ji and Ye's protocol, when TP sends the particle sequence ${S}_{A}^{* }$ to Alice, Bob intercepts all the particles in the sequence, and then he pretends to be Alice and tells TP that he has received all the particles. | |
| 2. Bob continues to pretends to be Alice and completes eavesdropping checking with TP. Then he performs single-particle measurements on the particles marked by ${p}_{i}^{1},{p}_{i}^{2}$ in SA, and denotes the binary numbers corresponding to the measurement results as MABi. Finally, TP denotes the particle sequence after measurements as SA1. | |
| 3. Similar to the second step of Ji and Ye's protocol, Bob prepares a set of decoy photons, and then inserts them randomly into SA1. The new generated sequence is denoted as ${S}_{A}^{1* }$. Finally, Bob pretends to be TP and sends ${S}_{A}^{1* }$ to Alice. | |
| 4. After confirming that Alice has received ${S}_{A}^{1* }$, Bob continues to pretends to be TP and completes eavesdropping checking with Alice. If there is no eavesdropping, according to the protocol procedures, Alice measures each particle in SA1 with Z basis, and denotes the binary numbers corresponding to the measurement results as MAi (obviously, MAi is the same as MABi, i.e. ${M}_{A}^{i}={M}_{{AB}}^{i}$). Then she calculates ${G}_{A}^{i}\oplus {M}_{A}^{i}\oplus {K}_{{AC}}^{i}\,\oplus {K}_{A}^{i}$, and marks the calculation results by RAi. Finally, Alice announces RAi to TP. Similarly, Bob announces RBi to TP after completing measurements and calculations in accordance with the protocol procedures. | |
| 5. According to the protocol procedures, TP completes measurements, calculations, and publishes Ri to Alice and Bob. After receiving Ri, Bob can calculate $ \begin{eqnarray}\,\begin{array}{l}{R}_{i}\oplus {K}_{{BC}}^{i}\oplus {M}_{C}^{i}\oplus {R}_{B}^{i}\oplus {K}_{A}^{i}\oplus {M}_{{AB}}^{i}\\ \,=\,({R}_{A}^{i}\oplus {R}_{B}^{i}\oplus {K}_{{AC}}^{i}\oplus {K}_{{BC}}^{i}\oplus {M}_{C}^{i})\oplus {K}_{{BC}}^{i}\\ \,\oplus \ {M}_{C}^{i}\oplus {R}_{B}^{i}\oplus {K}_{A}^{i}\oplus {M}_{{AB}}^{i}\\ \,=\,{R}_{A}^{i}\oplus {K}_{{AC}}^{i}\oplus {K}_{A}^{i}\oplus {M}_{{AB}}^{i}\\ \,=\,({G}_{A}^{i}\oplus {M}_{A}^{i}\oplus {K}_{{AC}}^{i}\oplus {K}_{A}^{i})\oplus {K}_{{AC}}^{i}\oplus {K}_{A}^{i}\oplus {M}_{{AB}}^{i}={G}_{A}^{i}.\end{array}\,\end{eqnarray}$ Note here that ${M}_{A}^{i}={M}_{{AB}}^{i}$, and Bob can deduce MCi from equation ( |
3.2. Information leakage under the proposed passive attack
4. New solution to the information leakage problem
4.1. The proposed solution
| 1. After receiving ${R}_{A}^{i}({R}_{B}^{i})$, TP performs Bell measurements on the particles marked by ${p}_{i}^{5},{p}_{i}^{6}$, and marks the binary numbers corresponding to the measurement results by MCi. Subsequently, TP calculates ${R}_{A}^{i}\,\oplus {R}_{B}^{i}\oplus {K}_{{AC}}^{i}\,\oplus {K}_{{BC}}^{i}\oplus {M}_{C}^{i}$, and marks the calculation results by ${a}_{i}^{1}{a}_{i}^{2}$ (note that each calculation result is a binary number which contains two bits, i.e. ${a}_{i}^{1}{a}_{i}^{2}\in \{00,01,10,11\}$). Then, TP calculates $ \begin{eqnarray}\sum _{i=1}^{\lceil N/2\rceil }\sum _{j=1}^{2}{a}_{i}^{j}.\end{eqnarray}$ Marking the calculation result by S, TP announces S to Alice and Bob. | |
| 2. After receiving S, Alice and Bob calculate ${K}_{A}^{i}\oplus {K}_{B}^{i}$, respectively, and mark the calculation results by ${b}_{i}^{1}{b}_{i}^{2}$. Then, they calculate $ \begin{eqnarray}\sum _{i=1}^{\lceil N/2\rceil }\sum _{j=1}^{2}{b}_{i}^{j},\end{eqnarray}$ and marks the calculation result by ${S}^{{\prime} }$. Finally, they calculate $S-{S}^{{\prime} }$. If $S-{S}^{{\prime} }=0$, they can conclude that their data X and Y are the same. Otherwise, they conclude that X and Y are different. |
4.2. Comparison
Table 1. Comparison with Wu et al's solutions. |
| Wu et al's | Wu et al's | Our | |
|---|---|---|---|
| solution 1 | solution 2 | solution | |
| | |||
| additional keys | √ | √ | × |
| hash functions | √ | × | × |
| unitary operations | × | √ | × |