Four mutually orthonormal Bell states are expressed as follows:

where | 0⟩ and | 1⟩ are two eigenstates of Pauli operator σ _z or horizontally and vertically polarized states of the photon, respectively.

Quantum entanglement swapping plays an important role in quantum communication. Using quantum entanglement swapping, we can establish two entangled quantum systems without direct interaction. Suppose that Alice prepares | Ψ ⁺ ⟩ _1A1B and | Ψ ⁺ ⟩ _2A2B, and sends Bob two qubits, 1B and 2B. Then, two distant users, Alice and Bob, share two entangled states, | Ψ ⁺ ⟩ _1A1B ⊗ | Ψ ⁺ ⟩ _2A2B, where Alice has qubits 1A and 2A, and Bob has 1B and 2B. This state can be rearranged as follows:

If Alice measures qubits 1A and 2A with the Bell basis, | Ψ ⁺ ⟩ _1A1B ⊗ | Ψ ⁺ ⟩ _2A2B in Eq. (2) collapses into| Φ ⁺ ⟩ _1A2A| Φ ⁺ ⟩ _1B2B, | Φ ⁻ ⟩ _1A2A| Φ ⁻ ⟩ _1B2B, | Ψ ⁺ ⟩ _1A2A| Ψ ⁺ ⟩ _1B2B, or | Ψ ⁻ ⟩ _1A2A| Ψ ⁻ ⟩ _1B2B by equal probability of 1/4. Due to the Bell measurement, the entanglements between qubits 1A and 1B, and between qubits 2A and 2B, are swapped to entanglements between qubits 1A and 2A, and between qubits 1B and 2B.^{[12, 21, 31]} Figure 3 illustrates the entanglement swapping of Bell states in three steps. The Bell measurement outcomes on four different initial combinations of Bell states are summarized in Table 1.

Fig. 3.

Figure Option ViewDownloadNew Window

Fig. 3. Schematic representation of the entanglement swapping of Bell states. (a) Alice prepares two entangled states. A dot (• ) represents each qubit and a line (− ) denotes entanglements. (b) Alice sends Bob one qubit in each entanglement pair. (c) Alice and Bob respectively perform Bell measurements on each of their own qubits. Consequently, the entanglements between Alice and Bob are swapped.[23]

Table 1.

Table 1.

Table 1. Measurement outcomes of the entanglement swapping on sixteen combinations of four Bell states. | Φ + ⟩ 2A2B | Φ − ⟩ 2A2B | Ψ + ⟩ 2A2B | Ψ − ⟩ 2A2B | Φ + ⟩ 1A1B ID + + ID + − Rev + + Rev + − | Φ − ⟩ 1A1B ID + − ID + + Rev + − Rev + + | Ψ + ⟩ 1A1B Rev + + Rev + − ID + + ID + − | Ψ − ⟩ 1A1B Rev + − Rev + + ID + − ID + +

Table 1. Measurement outcomes of the entanglement swapping on sixteen combinations of four Bell states.

The symbol ID + + denotes the set of four possible outcomes {(| Φ ⁺ ⟩ _1A2A, | Φ ⁺ ⟩ _1B2B), (| Φ ⁻ ⟩ _1A2A, | Φ ⁻ ⟩ _1B2B), (| Ψ ⁺ ⟩ _1A2A, | Ψ ⁺ ⟩ _1B2B), and (| Ψ ⁻ ⟩ _1A2A, | Ψ ⁻ ⟩ _1B2B)} with an equal probability of 1/4. Similarly, ID + − represents {(| Ψ ⁺ ⟩ _1A2A, | Ψ ⁻ ⟩ _1B2B) (| Φ ⁻ ⟩ _1A2A, | Φ ⁺ ⟩ _1B2B), (| Φ ⁺ ⟩ _1A2A, | Φ ⁻ ⟩ _1B2B), and (| Ψ ⁻ ⟩ _1A2A, | Ψ ⁺ ⟩ _1B2B)}, and Rev + + symbolizes {(| Φ ⁺ ⟩ _1A2A, | Ψ ⁺ ⟩ _1B2B), (| Φ ⁻ ⟩ _1A2A, | Ψ ⁻ ⟩ _1B2B), (| Ψ ⁺ ⟩ _1A2A, | Φ ⁺ ⟩ _1B2B), and (| Ψ ⁻ ⟩ _1A2A, | Φ ⁻ ⟩ _1B2B)}. Rev + − describes {(| Φ ⁺ ⟩ _1A2A, | Ψ ⁻ ⟩ _1B2B) (| Φ ⁻ ⟩ _1A2A, | Ψ ⁺ ⟩ _1B2B), (| Ψ ⁺ ⟩ _1A2A, | Φ ⁻ ⟩ _1B2B), and (| Ψ ⁻ ⟩ _1A2A, | Φ ⁺ ⟩ _1B2B)}.^{[23, 47]}

A GHZ-like state consisting of

is expressed as follows:^{[26, 32]}

where | x+ ⟩ and | x− ⟩ are two eigenstates of σ _x, and | 0⟩ and | 1⟩ are eigenstates of σ _z. Another GHZ-like state consisting of

is represented as follows:

where | y+ ⟩ and | y− ⟩ are two eigenstates of σ _y. Various GHZ-like states can be generated, as shown in Table 2.

Table 2.

Table 2.

Table 2. Various GHZ-like states: and are eigenstates of Pauli operator σ x, and are eigenstates of Pauli operator σ y.

Table 2. Various GHZ-like states: and are eigenstates of Pauli operator σ x, and are eigenstates of Pauli operator σ y.

By utilizing GHZ-like states in quantum information transmission or quantum communication, we can add a controller that controls or regulates the communication between two users. In practice, GHZ-like states have been used in controlled quantum teleportation protocols, ^{[35– 37]} quantum secret sharing protocols, ^{[38– 41]} controlled direct communication, ^{[42, 43]} and remote state preparation.^[44] We can understand how TC (or TTP) is authorized as a controller in controlled quantum teleportation or controlled secure direct communication by rearranging the GHZ-like state in three different forms as follows:

If TC measures the first qubit in Eq. (5) in a σ _z basis, then the second and third-qubits will have a 50% chance of being in an entangled state, | Ψ ⁺ ⟩ ₂₃ or | Φ ⁺ ⟩ ₂₃. Therefore, the entangled state of two users who share the second and third qubits is determined by the measurement result of the controller who owns the first qubit.

Let us consider a composite system consisting of two GHZ-like states and an entanglement swapping on it. After performing a von Neumann measurement on one qubit of each GHZ-like state, we execute the entanglement swapping operation on the two Bell states as follows.

(I) A composite system of two GHZ-like states | ξ ⟩ ₁₂₃ and | ξ ⟩ ₄₅₆ are constructed as follows:

(II) If the third and sixth qubits of state | ξ ⟩ ₁₂₃ ⊗ | ξ ⟩ ₄₅₆ are measured in a σ _z basis, it will be collapsed to one of | Ψ ⁺ ⟩ ₁₂| Ψ ⁺ ⟩ ₄₅, | Ψ ⁺ ⟩ ₁₂| Φ ⁺ ⟩ ₄₅, | Φ ⁺ ⟩ ₁₂| Ψ ⁺ ⟩ ₄₅, or | Φ ⁺ ⟩ ₁₂| Φ ⁺ ⟩ ₄₅ by a 25% probability, as shown in Table 3.

(III) We perform the entanglement swapping operation on the two entangled states in Table 3 as previously mentioned; the result is the same as that in Table 2.

Table 3.

Table 3.

Table 3. If the third and sixth qubits of the composite system | ξ ⟩ 123 ⊗ | ξ ⟩ 456 are measured in a σ z basis, then | ξ ⟩ 123⊗ | ξ ⟩ 456 will be collapsed into | Ψ + ⟩ 12| Ψ + ⟩ 45, | Ψ + ⟩ 12| Φ + ⟩ 45, | Φ + ⟩ 12| Ψ + ⟩ 45, or | Φ + ⟩ 12| Φ + ⟩ 45 by a 25% probability. Measurement outcome | 0⟩ 6 | 1⟩ 6 | 0⟩ 3 | Ψ + ⟩ 12 | Ψ + ⟩ 45 | Ψ + ⟩ 12 | Φ + ⟩ 45 | 1⟩ 3 | Φ + ⟩ 12 | Ψ + ⟩ 45 | Φ + ⟩ 12 | Φ + ⟩ 45

Table 3. If the third and sixth qubits of the composite system | ξ ⟩ 123 ⊗ | ξ ⟩ 456 are measured in a σ z basis, then | ξ ⟩ 123⊗ | ξ ⟩ 456 will be collapsed into | Ψ + ⟩ 12| Ψ + ⟩ 45, | Ψ + ⟩ 12| Φ + ⟩ 45, | Φ + ⟩ 12| Ψ + ⟩ 45, or | Φ + ⟩ 12| Φ + ⟩ 45 by a 25% probability.

In addition to the above operation on the state in Eq. (5), various entanglement swapping operations on the 16 GHZ-like states in Table 2 are also possible.

P1 Alice and Bob share a secret key sequence, K_AB = (k₁, k₂, … , k_N), using QKD protocols, ^{[6, 48]} which securely distribute the keys.^{[49, 50]} The sequence, K_AB = (k₁, k₂, … , k_N), is a classical bit sequence with the size of 2N; the elements are defined as k_i ∈ {00, 01, 10, 11}. Key k_i corresponds to Pauli operators, as follows:

In our protocol, k_i is the secret information for the mutual entity authentication of Alice and Bob.

P2 The controller, Charlie, prepares the sequence(| ξ ⟩ ₁, | ξ ⟩ 2, … , | ξ ⟩ _NE) consisting of N GHZ-like states follows Refs. [51]– [58] for entity authentication, which is shown as

Charlie retains the third qubit, sends Alice the first qubit and Bob the second qubit, and then announces that he has transmitted the qubits to them. After transmission, the state is given as follows:

The subscript i in Eq. (10) designates the order in the sequence of the GHZ-like state, A, B, or C, showing the owner of the qubit. Transmitting N GHZ-like states to Alice and Bob, Charlie randomly inserts N_C decoy qubits

to detect the eavesdropping.^{[45, 46]} Alice and Bob, who received the qubits from Charlie, notify each communication member through the public channel of their safe receipt.

S1 Confirming that Alice and Bob have safely received the qubit sequence, Charlie reveals the location of the decoy qubits.

S2 Alice and Bob execute the σ _x basis {| x+ ⟩ , | x− ⟩ } measurement only on the decoy qubits received from Charlie and report the result. Charlie compares the initial states of the decoy qubits and the result outcomes from Alice and Bob; he then checks the eavesdropping.^{[45, 46]}

E1 Charlie randomly chooses only one communication member, Alice or Bob, to apply the Pauli operator on the (2i − 1)-th or 2i-th state of Eq. (10). If Charlie chooses Alice, then Alice applies the Pauli operator corresponding to the classical bit, k_i, to the (2i − 1)-th state, such as in Eq. (7). If Charlie chooses Bob, then Bob applies the Pauli operator corresponding to the classical bit, k_i, to the 2i-th state of Eq. (10). When classical bit k_i, which Alice and Bob share beforehand, is 10, the corresponding Pauli operator is iσ _y(= U₁₀). If Charlie chooses Alice, then Alice applies U₁₀ to the (2i − 1)-th state | ξ ⟩ _{(2i − 1)ABC} and Bob does not operate anything, as follows:

Through the public channel, Alice (or Bob) notifies Charlie that she (or he) has applied the Pauli operator.

E2 Charlie executes the σ _z basis measurement on the (2i − 1)-th and 2i-th qubit of his own qubit sequence. He notifies Alice and Bob only about the fact that he performed this action. After Charlie’ s measurement, the GHZ-like states of Eq. (11) collapse into | Φ ⁻ ⟩ _{(2i− 1)AB}| Φ ⁻ ⟩ _(2i)AB, | Φ ⁻ ⟩ _{(2i− 1)AB}| Ψ ⁺ ⟩ _(2i)AB, | Ψ ⁻ ⟩ _{(2i− 1)AB}| Φ ⁻ ⟩ _(2i)AB, or | Ψ ⁻ ⟩ _{(2i− 1)AB} | Ψ ⁺ ⟩ _(2i)AB by a 25% probability, and Alice and Bob share one of the pairs of entangled states. For example, when the measurement outcomes are | 0⟩ _{(2i− 1)c} and | 1⟩ _(2i)c, Alice and Bob share | Φ ⁻ ⟩ _{(2i− 1)AB} ⊗ | Ψ ⁺ ⟩ _(2i)AB. The shared entangled state | Φ ⁻ ⟩ _{(2i− 1)AB} ⊗ | Ψ ⁺ ⟩ _(2i)AB can be rearranged as follows:

It is a superposed state of entangled states

E3 By the Bell measurement performed by Alice and Bob, the entangled states between Alice and Bob | Φ ⁻ ⟩ _{(2i− 1)AB} ⊗ | Ψ ⁺ ⟩ _(2i)AB are collapsed into a product state of Alice’ s entangled state and Bob’ s entangled state, which is one of

or | Ψ ⁻ ⟩ _{(2i− 1)A(2i)A}| Φ ⁺ ⟩ _{(2i− 1)B(2i)B}. After this entanglement swapping, Alice and Bob announce their measurement outcomes, a_{2i− 1}a_2i and b_{2i− 1}b_2i (a_j& b_j ∈ {0, 1}, j = 2i − 1 or 2i), as follows:

Charlie reveals the measurement outcome of classical bit c_{2i− 1}c_2i acquired in phase E2, where c_{2i− 1}c_2i ∈ {00, 01, 10, 11}. Both Alice and Bob confirm whether their classical bits, a_{2i− 1}a_2i and b_{2i− 1}b_2i, correctly correspond to the revealed classical bit, c_{2i− 1}c_2i, as shown in Table 4.

Table 4.

Table 4.

Table 4. ki is a secret key shared between Alice and Bob. a2i − 1a2i, b2i − 1b2i, and c2i − 1c2i are measurement results produced by Alice, Bob, and Charlie, respectively. For example, if ki is 10, c2i − 1c2i is 01, and a2i − 1a2i is 11, then b2i − 1b2i should be 00. ki: 00 ki: 01 ki: 10 ki: 11 00 Rev+ − 00 11 00 ID+ − 00 01 00 ID+ + 00 00 00 Rev+ + 00 10 01 10 01 00 01 01 01 11 10 01 10 11 10 10 10 00 11 00 11 10 11 11 11 01 01 ID+ + 00 00 01 Rev+ + 00 10 01 Rev+ − 00 11 01 ID+ − 00 01 01 01 01 11 01 10 01 10 10 10 10 00 10 01 10 01 11 11 11 01 11 00 11 00 10 ID+ − 00 01 10 Rev+ − 00 11 10 Rev+ + 00 10 10 ID+ + 00 00 01 00 01 10 01 11 01 01 10 11 10 01 10 00 10 10 11 10 11 00 11 01 11 11 11 Rev+ + 00 10 11 ID+ + 00 00 11 ID+ − 00 01 11 Rev+ − 00 11 01 11 01 01 01 00 01 10 10 00 10 10 10 11 10 01 11 11 11 11 11 10 11 00

Table 4. ki is a secret key shared between Alice and Bob. a2i − 1a2i, b2i − 1b2i, and c2i − 1c2i are measurement results produced by Alice, Bob, and Charlie, respectively. For example, if ki is 10, c2i − 1c2i is 01, and a2i − 1a2i is 11, then b2i − 1b2i should be 00.

In the example of phase E3, because the key, k_i, which Alice and Bob share, is 10, and Charlie’ s measurement result c_{2i− 1}c_2i is 01, the pair of measurement outcomes of Alice and Bob, (a_{2i− 1}a_2i, b_{2i− 1}b_2i), must be one of the following four pairs: {(00, 11), (01, 10), (10, 01), (11, 00)}. If the calculated results a_{2i− 1}a_2i and b_{2i− 1}b_2i in phase E3 are consistent with Table 4, then the entities Alice and Bob are successfully authenticated. Otherwise, the entity authentication fails.

In explaining a double CNOT attack or entanglement attack, we suppose that, as a matter of convenience according to previous papers, the person who internally attacks Alice or Bob is Eve. The internal attacker, Eve, prepares ancilla states | 0⟩ _{(2i − 1)E} ⊗ | 0⟩ _(2i)E. The GHZ-like states | ξ ⟩ _{(2i − 1)ABC} ⊗ | ε ⟩ (2i)ABC and ancilla states | 0⟩ _{(2i − 1)E} ⊗ | 0⟩ _(2i)E form a composite system, | Ω ⟩ _{(2i − 1)ABCE} ⊗ | X⟩ _(2i)ABCE, as follows:

Eve applies the CNOT operation C_AE and C_BE, where Alice’ s and Bob’ s states are control qubits, and Eve’ s state is a target qubit on the composite system | Ω ⟩ _{(2i − 1)ABCE} ⊗ | X⟩ _(2i)ABCE of Eq. (16) as follows:

When Eve’ s measurement outcome of ancilla states and Charlie’ s measurement outcome in Eq. (15) are e_{2i− 1}e_2i and c_{2i− 1}c_2i, respectively, e_{2i− 1}e_2i is identical to (c_{2i− 1} ⊕ 1)(c_2i), as shown in Table 5.

Table 5.

Table 5.

Table 5. Charlie’ s measurement outcome c2i − 1c2i and Eve’ s measurement outcome e2i − 1e2i. c2i− 1c2i e2i− 1e2i = (c2i− 1 ⊕ 1)(c2i) 00 10 01 11 10 00 11 01

Table 5. Charlie’ s measurement outcome c2i − 1c2i and Eve’ s measurement outcome e2i − 1e2i.

As a result, the internal attacker, Eve, can execute entity authentication without Charlie’ s assistance. Therefore, for the security of the protocol, in the preparation phase, Charlie sends Alice and Bob both N GHZ-like state(s) and N_C decoy qubits of

in random order.^{[45, 46]} After distributing N entangled states and N_C decoy qubits and completing the security check phase, the probability of detecting eavesdropping D is given as follows:

where d is the probability of detecting eavesdropping by checking one decoy qubit. If Charlie increases the number of decoy qubits N_C for the security of the communication channel, then the probability D of detecting Eve’ s intervention would be close to unity regardless of the value of d.

The external attacker, Eve, can either intercept two pairs of qubits, which are transmitted to Alice and Bob, and send two pairs of another GHZ-like state prepared as in Fig. 5(a), or intercept one pair of qubits, which are transmitted to Alice or Bob, and send a Bell state prepared as in Fig. 5(b). Likewise, with the intervention of Eve, the communication members can find, just by comparing the measurement outcome before entity authentication phase, whether there is an external attacker, Eve, since there is no correlation in the measurement outcome of the qubit which Alice, Bob, and Charlie, respectively, own. The probability of detecting Eve’ s existence is 1 − (1/4)ⁿ, where n is the number of GHZ-like states.

Fig. 5.

	Figure Option ViewDownloadNew Window
	Fig. 5. Schematic representation of an intercept and resend attack.

If n is big enough, then the probability of detecting Eve’ s existence approaches to unity.^{[12, 23, 44]} Furthermore, we use the decoy qubits to prevent both internal and external attack. The entangled state’ s correlation check method and the decoy qubit insert method guarantee the security of the communication channel.