Secure quantum secret sharing without signal disturbance monitoring

Jie Gu; Jie Gu; Yuan-Mei Xie; Yuan-Mei Xie; Wen-Bo Liu; Yao Fu; Hua-Lei Yin; Hua-Lei Yin; Zeng-Bing Chen; Zeng-Bing Chen

doi:10.1364/OE.440365

1. Introduction

Quantum internet holds numerous advantages over the classical internet in distributing, sharing and processing information [1,2]. Quantum internet consists of quantum networks for quantum computing and quantum communication, with quantum computing offering high calculation speeds [3,4] and quantum communication providing robust security [5–8]. In the realm of quantum communication, besides quantum key distribution which has been well developed on the way to practical applications recently [9–14], quantum secret sharing (QSS) is another cryptographic primitive used for multiparty quantum communication in quantum internet.

Secret sharing aims to split a secret message of one user, called dealer, into several parts and distribute them to other users, called players, with one player receiving one part [15,16]. In secret sharing, it is supposed to guarantee that any unauthorized subset of players cannot reconstruct the message. Only a few players cooperate together can they recover the original secret message. Therefore, classical secret sharing plays a fundamental role in modern information society with applications such as secure multiparty computation, blockchain, cloud storage and computing. Compared with classical secret sharing, QSS will further provide unconditional security based on laws of quantum mechanics [17]. The first QSS protocol was proposed in 1999 where three participants share classical information using the three-particle Greenberger-Horne-Zeilinger (GHZ) state [18]. Then, a simplified QSS protocol with two-particle entangled states [19] was proposed. In the past few decades, QSS has been widely researched in theory [20–26].

Despite that QSS has achieved significant advances, only a little bit of proof-of-principle experimental demonstrations have been conducted including GHZ state [27,28], single-photon state [29], graph state [30,31] and bound entanglement state [32].There are reasons in many aspects. First, the entangled state, especially multipartite entangled state, is still hard to be generated, manipulated and distributed with high-brightness, high-fidelity and long-distance [33]. Although one can utilize the post-selected entanglement state [22] to circumvent the above issues, it still needs valuable multiphoton interference, which only results in low secure key rate. Second, it is not a trivial task to extract secure key with perfect privacy [22,24]. Besides, QSS is a multiparty protocol that has at least three users and one cannot assume all participants are honest, which is the biggest problem to design a secure protocol. For example, the original three-user QSS protocol based on GHZ state is not secure if one of the player is dishonest [34]. In recent years, the scheme with sequential transmission of single qudit [23,29,35] have tried to remove the GHZ state requirement. However, it is shown that security of single-qudit schemes have drawbacks and remains to further debate [36,37]. More seriously, single-qudit schemes are vulnerable to Trojan horse attacks [38].

Twin-field quantum key distribution [39] and its variants [40–47] can extract the secret key that surpasses the Pirandola-Laurenza-Ottaviani-Banchi (PLOB) bound [48] by introducing an intermediate station to perform single-photon-type interference. Recently, using twin field theory [39], one differential-phase-shift QSS has been proposed to provide security against individual attacks [49], followed by analysis of finite-key effects and the asymmetric regime [50]. Here, we present an unconditionally secure three-user QSS protocol without signal disturbance monitoring for outside and inside attackers. Our new QSS scheme is the first realistic extended application with the encoding technique that spreads quantum information coherently over hundreds of laser pulses [7]. The natures of high noise tolerance and irrelevance to signal disturbance still remain in this QSS protocol, which allows to generate secure key even the bit error rate is up close to $50\%$ for outside adversaries. Our protocol only requires weak coherent sources and single photon detectors. Numerical simulations show that it can be theoretically implemented over 600 km using recently developed techniques in practical quantum key distribution [51–58].

2. Protocol description

The schematic of QSS that how to overcome the PLOB bound is shown in Fig. 1. Our QSS protocol has a readiness for building a star network, where two symmetric remote players, Alice and Bob are connected to the central dealer, Charlie. Charlie implements an interference measurement on the two laser pulses sent by Alice and Bob, which will reveal that the corresponding phases are equal or different between Alice and Bob and thus forms the bit value correlation as for QSS. The raw key rate scales with the square-root $O(\sqrt {\eta })$ of the total channel transmittance (between Alice and Bob) due to the single-photon-type interference of Charlie. The photon detected by Charlie can be considered from twin fields coming from both Alice and Bob, respectively. In order to resist attacks of a dishonest player or the outside eavesdropper, Charlie introduces two random numbers $r\in \{1,\ldots ,L-1\}$ and $b\in \{0,1\}$ to post-selected the effective bit as raw key. No one can access the random numbers $r,~b$ in advance, which indicates that the leaked information is ignorable.

Fig. 1. Practical implementation of QSS. Alice and Bob utilize the continuous-wave laser to prepare the phase stabilized continuous light. They employ intensity modulator (IM) to generate the periodic laser pulse. For each pulse train, Alice and Bob exploit the phase modulator (PM) to apply phase shift $\{0,\pi \}$ on each pulse according to the random bit strings $\{s_{j_{A}}\}$ and $\{s_{i_{B}}\}$, respectively. The attenuator (Att) is used to implement weak pulse with single photon level modulation. Charlie exploits a variable delay (VD) to change the arrived time of Alice’s pulse train with earlier or later $(-1)^{b}r$ period. He then superposes the two pulse trains using a beam splitter (BS) and compares the phase difference.

Download Full Size | PDF

To be precise, our QSS protocol is inspired by the recently developed round-robin differential phase-shift quantum key distribution [7] and twin-field quantum key distribution [39]. Here, we name this protocol as round-robin (RR) QSS, which proceeds as follows:

(i) For each train, Alice and Bob independently and randomly generate bit strings $\{s_{j_{A}}\}$ and $\{s_{i_{B}}\}$ with $j_{A},i_{B}\in \{1,2,\ldots ,L\}$ and $s_{j_{A}},s_{i_{B}}\in \{0,1\}$. They both send a train of $L$ laser pulses to Charlie simultaneously, with each pulse randomly added a phase shift $0$ or $\pi$ according to their random bits. The corresponding quantum states of Alice and Bob can be represented as

(1)$$\begin{aligned} |{\Psi_{A}}\rangle & =\bigotimes_{j_{A}=1}^{L}|{e^{is_{j_{A}}\pi}\sqrt{\mu/L}}\rangle_{j_{A}}, \end{aligned}$$

and

(2)$$\begin{aligned} |{\Psi_{B}}\rangle & =\bigotimes_{i_{B}=1}^{L}|{e^{is_{i_{B}}\pi}\sqrt{\mu/L}}\rangle_{i_{B}}, \end{aligned}$$

where $| {e^{is_{j_{A}}\pi }\sqrt {\mu /L}}\rangle_{j_{A}}$ designates the $j_{A}$th laser pulse of Alice and $\mu$ is the total intensity of $L$ optical pulses.

(ii) Charlie will let the received two laser pulse trains interfere after he implements a random operation on Alice’s laser pulses. The random operation is that Charlie changes the arrival time of Alice’s pulse train related to that of Bob’s with

(3)$$\begin{aligned} j_{A}-i_{B}=({-}1)^{b}r, \end{aligned}$$

which means that the $j_{A}=i_{B}+(-1)^{b}r$th laser pulse of Alice and $i_{B}$th laser pulse of Bob will interfere.

(iii) Let one and only one photon click from interference measurements and no other click in the whole pulse train denote an effective detection event. Charlie records his raw key bit $X_{C}$ as 0 and 1 for the phase difference with 0 and $\pi$ given by an effective detected event.

(iv) Charlie announces $j_{A}$ and $i_{B}$ to Alice and Bob through the authenticated classical channel when the effective detection event is acquired from the superposed $j_{A}$ and $i_{B}$ pulses.

(v) Alice and Bob record $X_{A}=s_{j_{A}}$ and $X_{B}=s_{i_{B}}$ as their raw key bits.

(vi) All users (Alice, Bob and Charlie) exploit the error correction, error verification and privacy amplification of multiparty scheme to obtain the secure key.

3. Security analysis

In order to provide an intuitive understanding of the proposed RRQSS protocol, we demonstrate its security by considering two equivalent cases shown in Fig. 2, which is the generalization of the security proof method of round-robin differential phase-shift quantum key distribution [7]. Here, we assume that the interference measurement and location measurement can discriminate the detection signal exactly coming from a single photon. Another assumption we have to make is that the devices used by players and the dealer are perfect and leak no more information to eavesdroppers. These assumptions are similar to those in the round-robin differential phase-shift quantum key distribution [7] and the first assumption can be solved by using the detector-decoy method [8]. Charlie announces a successful detection when one and only one photon is clicked in both Fig. 2(a) and Fig. 2(b).

Fig. 2. Charlie’s alternative choices of measurements. Alice and Bob send the quantum signals to Charlie via insecure quantum channel. The raw key bit held by Alice (Bob) is $X_{A}=s_{j_{A}}$ ($X_{B}=s_{i_{B}}$), where $j_{A}$ ($i_{B}$) is published by Charlie. The dishonest player, Alice or Bob, and the outside Eve try to obtain the raw key $X_{A}\oplus X_{B}$ in both figures. (a) Charlie exploits the interference measurement with random numbers $\{r,b\}$ to acquire raw key bit $X_{C}$ that is equal to $X_{A}\oplus X_{B}$ in the ideal case. (b) Charlie uses the random numbers $\{r,b\}$ to generate $j_{A}$ ($i_{B}$) with the relationship $j_{A}-i_{B}=(-1)^{b}r$ after he utilizes the location measurement to obtain $i_{B}$ ($j_{A}$). All attacks by the adversary should have the same results in both figures since the announced values $\{j_{A},i_{B}\}$ are identical in figures (a) and (b).

Download Full Size | PDF

The setup of Fig. 1 is a practical implementation of scheme in Fig. 2(a) with efficiency 1/2. In the ideal case, the raw key of Charlie in Fig. 2(a) is $X_{C}=X_{A}\oplus X_{B}$, where $X_{A}=s_{j_{A}}$ and $X_{B}=s_{i_{B}}$ are the bit values of Alice and Bob, respectively. It means that Alice and Bob should collaborate to access the information of Charlie. It has been proven that the classical bits of information that can be transmitted by sending the coherent fingerprint state of Eqs. (1) and (2) satisfies $O(\mu \log _{2}L)$ [59,60]. It is much less than the encoding bit information of Alice or Bob for each pulse train with large $L$. At least one of $i_{B}$ and $j_{A}$ cannot be confirmed due to $j_{A}-i_{B}=(-1)^{b}r$ with random numbers $\{r,b\}$ before Charlie implements measurement, which means anyone can have only a little knowledge of the raw key $X_{C}$ of Charlie or bit values $X_{A}\oplus X_{B}$, including the dishonest player or the outside eavesdropper Eve. In order to access how much the adversary knows about the bit values $X_{A}\oplus X_{B}$, we imagine that Charlie exploits the alternative choice with the location measurement in Fig. 2(b). Charlie directly acquires $i_{B}$ or $j_{A}$ using the location measurement ($i_{B}$ or $j_{A}$). Then, he exploits random numbers $\{r,b\}$ to generate the other index satisfying $j_{A}-i_{B}=(-1)^{b}r$. To be more specific, Charlie’s interference measurement is characterized by a set of projection measurement operators

(4)$$\begin{aligned} \hat{E}_{k,s}^{r,b}=\hat{P}\left(\frac{|{k}\rangle_{B}+({-}1)^{s}|{k+({-}1)^{b}r}\rangle_{A}}{\sqrt{2}}\right), \end{aligned}$$

where $\hat {P}(| {\varphi }\rangle)=| {\varphi }\rangle\langle {\varphi }|$, $k\in \{1,\ldots ,d\}$, $k+(-1)^{b}r\in \{1,\ldots ,d\}$ and $s\in \{0,1\}$. State $| {k}\rangle$ denotes the photon in the $k$th pulse. For single-photon input state $\hat {\rho }$, the probability of output $\{k,s\}$ is given by $\textrm {Tr}(\hat {\rho }\hat {E}_{k,s}^{r,b})/2$, since there exists a filter with efficiency $1/2$ [7]. We remark that the state $\hat {\rho }$ is the joint quantum state between Alice and Bob. Charlie publishes indices $\{k_{B}, [k_{B}+(-1)^{b}r]_{A}\}$ and acquires $X_{C}=s$ from this output. Therefore, the probability of announcing $\{j_{A},i_{B}\}$ ($j_{A}=i_{B}+(-1)^{b}r$) is written as

(5)$$\begin{aligned} p(\{j_{A},i_{B}\})=[p(j_{A})+p(i_{B})]/2, \end{aligned}$$

where $p(k)=\langle k|\hat {\rho }|k\rangle$ is the probability of detecting a photon in the $k$th pulse. And Charlie’s location measurement is characterized by a set of projection measurement operators

(6)$$\begin{aligned} \hat{E'}_{k}=\frac{1}{2}[\hat{P}(|{k}\rangle_{B})+\hat{P}(|{k}\rangle_{A})] \end{aligned}$$

where $k\in \{1,\ldots ,d\}$. Thereby, the probability of announcing $\{j_{A},i_{B}\}$ ($j_{A}=i_{B}+(-1)^{b}r$) can be given by

(7)$$\begin{aligned} p'(\{j_{A},i_{B}\})=[p(j_{A})+p(i_{B})]/2. \end{aligned}$$

Obviously, $p(\{j_{A},i_{B}\})=p'(\{j_{A},i_{B}\})$, it means that the published indices $\{j_{A},i_{B}\}$ are identical for two figures in Fig. 2. And the knowledge of bit value $X_{A}\oplus X_{B}$ in actual and virtual protocols are equivalent for anyone except for Charlie, which indicates the generation procedure of $\{j_{A},i_{B}\}$ is equivalent to the interference measurement in Fig. 2(a). Therefore, the adversary have the same knowledge of $X_{A}\oplus X_{B}$ in Fig. 2(a) and Fig. 2(b) since she or he cannot distinguish the choices of measurement by Charlie.

In the RRQSS protocol, at most one player is dishonest. We first demonstrate that the protocol is secure for outside Eve and provide the detailed secret key rate. Then we will verify the security against one dishonest player, Alice or Bob and the corresponding key rate.

3.1 Outside Eve

First, we consider the case where Alice, Bob and Charlie are all honest and collaborate to generate the secret key with $X_{C}=X_{A}\oplus X_{B}$. The outside Eve is an eavesdropper, who tries to attack the knowledge of $X_{A}\oplus X_{B}$. Obviously, this RRQSS protocol is similar with the round-robin differential phase-shift quantum key distribution [7] if we consider Alice and Bob as a single user. In order to calculate the secret key rate, we employ the source-replacement scheme [7]. We assume that Alice prepares an entangled state between $L$ virtual qubit and $L$ optical pulses instead of a train of coherent state,

(8)$$\begin{aligned}2^{{-}L/2}\bigotimes_{j_{A}=1}^{L}\sum_{s_{j_{A}}=0,1}|{s_{j_{A}}}\rangle_{A}|{e^{is_{j_{A}}\pi}\sqrt{\mu/L}}\rangle_{j_{A}}, \end{aligned}$$

where $| {s_{j_{A}}}\rangle_{A}$ is the eigenstate of the $Z$ basis in the $j_{A}$th virtual qubit of Alice. Similarly, Bob generates an entangled state between $L$ virtual qubit and $L$ optical pulses,

(9)$$\begin{aligned}2^{{-}L/2}\bigotimes_{i_{B}=1}^{L}\sum_{s_{i_{B}}=0,1}|{s_{i_{B}}}\rangle_{B}|{e^{is_{i_{B}}\pi}\sqrt{\mu/L}}\rangle_{i_{B}}, \end{aligned}$$

where $|{s_{i_{B}}}\rangle_{B}$ is the eigenstate of the $Z$ basis in the $i_{B}$th virtual qubit of Bob. Note that the source-replacement scheme does not change security. Since the $L$ optical pulses sent by Alice or Bob are identical to those in the actual scheme if Alice and Bob measure the virtual qubit in the $Z$ basis before sending optical pulses.

The secret key rate per pulse of the RRQSS in the case of the outside Eve is given by

(10)$$\begin{aligned}R=\frac{Q}{L}[1-h(e_\textrm{p})-fh(e_\textrm{b})], \end{aligned}$$

where $Q$ is the gain of transmitting $L$ pulse pair trains, $e_\textrm {b}$ and $e_\textrm {p}$ are the bit and phase error rates of this protocol related to error correction and privacy amplification, respectively. A bit error is defined as $X_{A}\oplus X_{B}\neq X_{C}$. Specifically, the average gain $Q$ and bit error rate $e_\textrm {b}$ of each train can be written as

(11)$$\begin{aligned} Q=\frac{1}{2}[1-(1-Lp_{d})e^{{-}2\mu \sqrt{\eta}}], \end{aligned}$$

and

(12)$$\begin{aligned} e_\textrm{b}=\frac{e_{d}(1-e^{{-}2\mu \sqrt{\eta}})+Lp_{d}e^{{-}2\mu \sqrt{\eta}}/2}{1-(1-Lp_{d})e^{{-}2\mu \sqrt{\eta}}}, \end{aligned}$$

where $\sqrt {\eta }=\eta _{d}\times 10^{-\alpha D/20}$ is the efficiency between Alice (Bob) and Charlie. $D$ is the total distance among Alice, Bob and Charlie.

Let $\nu$ be the total photon number in a train of optical pulses with total intensity $\mu$. Then, the probability of finding more than $\nu _\textrm {th}$ photons in a train of optical pulses can be written as

(13)$$\begin{aligned} \textrm{Pr}(\nu>\nu_\textrm{th})=e_\textrm{src}:=1-\sum_{\nu=0}^{\nu_\textrm{th}}\frac{e^{-\mu}\mu^{\nu}}{\nu!}, \end{aligned}$$

where $\nu _\textrm {th}$ is an integer constant chosen in this protocol.

Considering a fictitious situation in Fig. 2(b), Alice and Bob respectively deliver these virtual qubits to Charlie with a secure manner. Charlie simply applies a controlled-NOT operation to the $i_{B}$th and $j_{A}$th virtual qubits, with the $i_{B}$th ($j_{A}$th) virtual qubit as the control and the $j_{A}$th ($i_{B}$th) virtual qubit as the target given $i_{B}$ ($j_{A}$), $b$ and $r$. The bit value $X_{A}\oplus X_{B}=s_{i_{B}}\oplus s_{j_{A}}$ becomes the outcome of $Z$-basis measurement on the $j_{A}$th ($i_{B}$th) target virtual qubit. Let $| {\pm }\rangle$ be the eigenstates of $X$-basis. Note that the controlled-NOT operation will not affect the $X$-basis eigenstate of the target virtual qubit [7]. If the target virtual qubit is fixed to state $| {+}\rangle$, there is no knowledge of the measurement outcome on the $Z$-basis acquired by Eve. The phase error rate is defined as the probability of finding the target virtual qubit in state $| {-}\rangle$ [61]. From the Eqs. (8) and (9), one can find out that the virtual qubit will be state $| {+}\rangle$ ($| {-}\rangle$) for even (odd) number photons in each optical pulse. Therefore, the probability of a phase error is bounded by $\nu _\textrm {th}/(L-1)$ when the number of photons in this train is no more than $\nu _\textrm {th}$. Note that the target virtual qubit is randomly selected from $L-1$ virtual qubits. The phase error rate of the RR-QSS protocol for the outside Eve can be given by

(14)$$\begin{aligned} e_\textrm{p}=\frac{2e_\textrm{src}}{Q}+\left(1-\frac{2e_\textrm{src}}{Q}\right)\frac{\nu_\textrm{th}}{L-1}. \end{aligned}$$

The first term of Eq. (14) corresponds to the fraction of a sifted key that the number of contained photons in a train pulses (both for honest Alice and honest Bob) are larger than $\nu _\textrm {th}$ and should be regarded as a phase error in the worst-case scenario.

3.2 Inside Alice or Bob

Then, we consider the case where Alice, Bob and Charlie collaborate to generate the secret key with $X_{C}=X_{A}\oplus X_{B}$ with one player, Alice or Bob dishonest. The inside eavesdropper tries to attack the knowledge of $X_{A}\oplus X_{B}$ with the help of the outside Eve.

Here, we first consider Bob to be the adversary. The bit value $X_{B}$ is all known by Bob, which means that he only needs to obtain the information of $X_{A}$. According to the above security analysis, there are two cases in Fig. 2(b) where the location measurement generates $i_{B}$ or $j_{A}$. For the $i_{B}$ click case, the bit value $X_{A}\oplus X_{B}$ is acquired by directly measuring the target qubit of honest Alice with $Z$ basis. The corresponding phase error rate is $e_{\textrm {p}_{i_{B}}}=\frac {e_\textrm {src}}{Q_{B}}+\left (1-\frac {e_\textrm {src}}{Q_{B}}\right )\frac {\nu _\textrm {th}}{L-1}$. Here, $Q_{B}$ is probability of $i_{B}$ generated in location measurement and $e_\textrm {src}$ is calculated using the honest Alice’s optical pulses. For the $j_{A}$ click case, one cannot directly measure the phase error on target qubit of dishonest Bob since the intensity and photon number distribution sent by Bob are uncertain. Considering the worst case, Bob will acquire all information about the $j_{A}$ click case.

Now we consider Alice to be the adversary. For the $j_{A}$ click case, the phase error rate is $e_{\textrm {p}_{j_{A}}}=\frac {e_\textrm {src}}{Q_{A}}+\left (1-\frac {e_\textrm {src}}{Q_{A}}\right )\frac {\nu _\textrm {th}}{L-1}$. Here, $Q_{A}$ is probability of $j_{A}$ generated in location measurement and $e_\textrm {src}$ is calculated by using the honest Bob’s optical pulses characteristic. Obviously, we have $Q=Q_{A}+Q_{B}$. For the $i_{B}$ click case, Alice will obtain all information.

For cases of the inside adversary, no one can know in advance whether the adversary is Alice or Bob. Therefore, the secret key rate per pulse of the RRQSS in the case of the inside adversary can be written as

(15)$$\begin{aligned} R=\frac{1}{L}\{\hat{Q}[1-h(\hat{e}_\textrm{p})]-Qfh(e_\textrm{b})\}, \end{aligned}$$

where we have $\hat {Q}=\min \{Q_{A},Q_{B}\}$ and phase error rate

(16)$$\begin{aligned} \hat{e}_{p}=\frac{e_\textrm{src}}{\hat{Q}}+\left(1-\frac{e_\textrm{src}}{\hat{Q}}\right)\frac{\nu_\textrm{th}}{L-1}. \end{aligned}$$

4. Performance

Here, we display the secret key rate per pulse $R$ of our protocol, assuming that Charlie holds a quantum random number generator to generate $r$ and $b$ in Eq. (3). Without loss of generality, we have the gains $Q_{A}=Q_{B}=Q/2$ due to the symmetric positions of Alice and Bob. Our protocol only needs two continuous-wave laser to prepare phase-stabilized continuous light with total intensity $\mu /L$ and phase $0$ or $\pi$, which is available to current techniques. At Charlie’s site, single-photon detectors are assumed with the same efficiency $\eta _d$ and the dark count $p_d$. We introduce $\alpha$ as the attenuation coefficient of the ultra low-loss fiber and $f$ as the error correction inefficiency. For simplicity, we assume a misalignment error rate $e_d$ to generalize the whole systematic error rate in our protocol. Specific value of parameters is listed in Table 1. Additionally, to illustrate that the key rate of our protocol scales with the square-root of the total channel transmittance, the PLOB bound between Alice and Bob is also considered for comparison ($R_\textrm {PLOB}= -\log _{2}(1-\eta )$ and $\eta =\eta _d \times 10^{-\alpha D/10}$). We also consider the key rate of single-qubit QSS [29], which is another practical QSS protocol with several experimental implementations. For simulation, we assume that the weak coherent light source and the asymptotic condition of infinite decoy states are applied in single-qubit QSS.

Table 1. Simulation parameters [57]. $\eta _{d}$ and $p_{d}$ are the detector efficiency and dark count rate. $e_{d}$ is the misalignment rate. $\alpha$ is the attenuation coefficient of the ultralow-loss fiber. $f$ is the error correction inefficiency.

View Table

Moreover, we can take a little further step to consider the expected behavior of finite-sized key rate in our protocol using the same idea in round-robin differential phase-shift quantum key distribution [7]. Let $N$ be the number of rounds and first we define the tail distribution for finding more than $a$ successful events in a binomial distribution as $\langle{f}|(a;~n,p) = \sum _{k>a}p^k(1-p)^{n-k}n!/[k!(n-k)!]$. Then the probability of choosing $Nr_1$ from $N$ sifted bits to include all the tagged portion will be $1-\epsilon _1$, where $\epsilon _1 = \langle {f}|(Nr_1;~N_\textrm {round},e_{src})$ and $N_\textrm {round}$ denotes the number of rounds of transmitting $L$ pulses. Here we assume there is no phase error in the chosen $Nr_1$ bits. When considering phase errors in the remaining $N'$ bits ($N' = N(1-r_1)$), it should be less than $N'r_2$ for a probability $1-\epsilon _2$ and $\epsilon _2 = \langle {f}|(N'r_2;~N',\nu _{th}/(L-1))$. With $\epsilon _1$ and $\epsilon _2$, we can characterize the imperfection in the final key given the bits of information leakage to the eavesdropper. Given $s>0$, we let $\epsilon _1=\epsilon _2=2^{-s}$ by choosing proper $r_1$ and $r_2$. Then, we have $h(\hat {e}_p)=r_1 + (1-r_1)h(r_2)+s/N$ with $s$ commonly ranging from 70 to 160. With a crude Gaussian approximation of $\textrm {ln}[\langle {f}|(a;n,p)] \cong -(a-np)^2/[2np(1-p)]$, we have that $r_1 \cong p_1 + \sqrt {(2 \textrm {ln2})p_1(s/N)}$ and $r_2 \cong p_2 + \sqrt {(2 \textrm {ln2})p_2(1-p_2)(s/N)}$ where $p_1 = e_src/\hat {Q}$ and $p_2 = \nu _{th}/(L-1)$. For $N \gg s$, substituting numerics gives $h(\hat {e}_p) \cong h^{asy}(\hat {e}_p)(1+1.98\sqrt {s/N})$ and $h^{asy}(\hat {e}_p)= p_1 + (1-p_1)h(p_2)$.

With the above assumptions, the performance of our QSS protocol is presented in Figs. 3, 4 and 5 by numerically optimizing the secret key rate over the free parameters $\mu$, $\nu _\textrm {th}$ and $L$. As depicted in Fig. 3, besides the key rate of our QSS protocol under inside and outside eavesdropping, we also plot the PLOB bound and the key rate in single-qubit QSS [29] where the misalignment rate $e_d=2\%$. Evidently, our QSS protocol has better performance over single-qubit QSS and can break the PLOB bound for $D$ larger than $\sim$ 300 km with the final transmission distance approaching over 600 km. In addition, considering impact on the final key rate caused by the misalignment error rate $e_d$, we present the key rate of our QSS protocol with different misalignment rate in Fig. 4. Although the misalignment rate $e_d$ is more than $6\%$, the final key rate can also surpass the linear PLOB bound, which shows the high tolerance of errors in our protocol. With $e_d$ smaller than $4\%$, the theoretical transmission distance will approach over 600 km, which is suitable to intercity multiparty quantum communication. Figure 5 shows that there is little influence the finite-size analysis has on the final key rate of our protocol. When $N=10^4$, the transmission distance will also approach over 600 km.

Fig. 3. Final key rate (per pulse) in logarithmic scales as a function of the total distance among three users with $e_{d} = 2\%$. The performance of our protocol and single-qubit QSS is measured in terms of the key rate per pulse $R$. With parameters in Table 1, the key rates of our protocol against outside and inside eavesdropping are optimized with $\mu$, $\nu _{th}$ and $L$ and the key rate in [29] is optimized with $\mu$, together with the assumption of weak coherent light source and asymptotic condition of infinite decoy states.

Download Full Size | PDF

Fig. 4. Key rate (per pulse) in logarithmic scales as a function of the total distance among three-user with different misalignment rates. The key rate of our QSS protocol can also surpass the PLOB bound even when the misalignment rate is more than $e_{d}=6\%$.

Download Full Size | PDF

Fig. 5. Infinite-size key rate (per pulse) versus finite-size key rate (per pulse) under inside eavesdropping. We fix that $s=100$ and plot the finite-size key rate with $N=10^3$ (dash-dot line) and $N=10^4$ (dashed line).

Download Full Size | PDF

5. Conclusion

In summary, we present a practical QSS protocol containing three users with unconditional security. Inspired by the twin-field quantum key distribution, the key rate scales as $O(\sqrt {\eta })$ rather than $O(\eta )$, breaking the PLOB bound introduced by capacity of quantum channels [48,62]. Moreover, we propose the security analysis to demonstrate the unconditional security of our protocol under both outside and inside eavesdropping. The key point here is to consider eavesdropping of the inside participant Alice or Bob, which is quite different from the original round-robin quantum key distribution. Namely, the security is irrelevant to the channel we use. In addition, although constricted by the inside eavesdropper, our protocol still shows a long theoretical transmission distance of over 600 km under small misalignment error rate, which reveals the potential for long distance multiparty communication with high efficiency. According to the recent work [63], RRQSS can also be applied in the experimental and practical implementations using the orbital angular momentum degree of freedom. Note that our QSS protocol shares classical bits rather than quantum states [64].

Furthermore, the apparatus settings in our scheme can be directly deployed to realize the third-man quantum cryptography (TQC) [65] where Charlie plays the role of a controller to determine whether to announce his measurement results. If Charlie announces his measurement results, Alice’s bits and Bob’s bits will build up their own perfect correlations. Then based on the correlations, Alice and Bob will create the secret key and Charlie has no knowledge of the keys which Alice and Bob have created. Namely, in the TQC, Alice and Bob will fail to generate the secret key without the help of the controller, Charlie [27]. The secret key rate of our TQC protocol can be given by the Eq. 10. In our TQC scheme, we have to consider Charlie is an honest participant but he has no knowledge of secret key. Therefore, the practical security of the TQC here is between twin-field [39] and trusted relay [66] quantum key distribution.

Our RRQSS protocol is a first step to extend the application of round-robin method from quantum key distribution [7]. Its security analysis guarantees that our QSS protocol is also independent of any intervention by eavesdroppers and has high tolerance of noise. Future work is necessary to narrow the gap of secret key rate between inside and outside eavesdropping in Fig. 3. Combined with long transmission distance and simple apparatus requirements, we believe our protocol is suitable for secure multiparty communication in the future quantum networks.

Funding

National Natural Science Foundation of China (61801420); Key-Area Research and Development Program of Guangdong Province (2020B0303040001); Fundamental Research Funds for the Central Universities (020414380182).

Disclosures

The authors declare no conflicts of interest.

Data availability

Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

References

1. H. J. Kimble, “The quantum internet,” Nature 453(7198), 1023–1030 (2008). [CrossRef]

2. S. Wehner, D. Elkouss, and R. Hanson, “Quantum internet: A vision for the road ahead,” Science 362(6412), eaam9288 (2018). [CrossRef]

3. T. D. Ladd, F. Jelezko, R. Laflamme, Y. Nakamura, C. Monroe, and J. L. O’Brien, “Quantum computers,” Nature 464(7285), 45–53 (2010). [CrossRef]

4. F. Arute, K. Arya, R. Babbush, D. Bacon, J. C. Bardin, R. Barends, R. Biswas, S. Boixo, F. G. Brandao, D. A. Buell, B. Burkett, Y. Chen, Z. Chen, B. Chiaro, R. Collins, W. Courtney, A. Dunsworth, E. Farhi, B. Foxen, A. Fowler, C. Gidney, M. Giustina, R. Graff, K. Guerin, S. Habegger, M. P. Harrigan, M. J. Hartmann, A. Ho, M. Hoffmann, T. Huang, T. S. Humble, S. V. Isakov, E. Jeffrey, Z. Jiang, D. Kafri, K. Kechedzhi, J. Kelly, P. V. Klimov, S. Knysh, A. Korotkov, F. Kostritsa, D. Landhuis, M. Lindmark, E. Lucero, D. Lyakh, S. Mandrá, J. R. McClean, M. McEwen, A. Megrant, X. Mi, K. Michielsen, M. Mohseni, J. Mutus, O. Naaman, M. Neeley, C. Neill, M. Y. Niu, E. Ostby, A. Petukhov, J. C. Platt, C. Quintana, E. G. Rieffel, P. Roushan, N. C. Rubin, D. Sank, K. J. Satzinger, V. Smelyanskiy, K. J. Sung, M. D. Trevithick, A. Vainsencher, B. Villalonga, T. White, Z. J. Yao, P. Yeh, A. Zalcman, H. Neven, and J. M. Martinis, “Quantum supremacy using a programmable superconducting processor,” Nature 574(7779), 505–510 (2019). [CrossRef]

5. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” Proc. Conf. Comp. Syst. Sig. Proc. pp. 175–179 (IEEE, New York, 1984).

6. A. K. Ekert, “Quantum cryptography based on bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef]

7. T. Sasaki, Y. Yamamoto, and M. Koashi, “Practical quantum key distribution protocol without monitoring signal disturbance,” Nature 509(7501), 475–478 (2014). [CrossRef]

8. H.-L. Yin, Y. Fu, Y. Mao, and Z.-B. Chen, “Detector-decoy quantum key distribution without monitoring signal disturbance,” Phys. Rev. A 93(2), 022330 (2016). [CrossRef]

9. H.-L. Yin, T.-Y. Chen, Z.-W. Yu, H. Liu, L.-X. You, Y.-H. Zhou, S.-J. Chen, Y. Mao, M.-Q. Huang, W.-J. Zhang, H. Chen, M. J. Li, D. Nolan, F. Zhou, X. Jiang, Z. Wang, Q. Zhang, X.-B. Wang, and J.-W. Pan, “Measurement-device-independent quantum key distribution over a 404 km optical fiber,” Phys. Rev. Lett. 117(19), 190501 (2016). [CrossRef]

10. A. Boaron, G. Boso, D. Rusca, C. Vulliez, C. Autebert, M. Caloz, M. Perrenoud, G. Gras, F. Bussières, M.-J. Li, D. Nolan, A. Martin, and H. Zbinden, “Secure quantum key distribution over 421 km of optical fiber,” Phys. Rev. Lett. 121(19), 190502 (2018). [CrossRef]

11. B. Fröhlich, J. F. Dynes, M. Lucamarini, A. W. Sharpe, Z. Yuan, and A. J. Shields, “A quantum access network,” Nature 501(7465), 69–72 (2013). [CrossRef]

12. S.-K. Liao, W.-Q. Cai, J. Handsteiner, B. Liu, J. Yin, L. Zhang, D. Rauch, M. Fink, J.-G. Ren, W.-Y. Liu, Y. Li, Q. Shen, Y. Cao, F.-Z. Li, J.-F. Wang, Y.-M. Huang, L. Deng, T. Xi, L. Ma, T. Hu, L. Li, N.-L. Liu, F. Koidl, P. Wang, Y.-A. Chen, X.-B. Wang, M. Steindorfer, G. Kirchner, C.-Y. Lu, R. Shu, R. Ursin, T. Scheidl, C.-Z. Peng, J.-Y. Wang, A. Zeilinger, and J.-W. Pan, “Satellite-relayed intercontinental quantum network,” Phys. Rev. Lett. 120(3), 030501 (2018). [CrossRef]

13. Z.-L. Yuan, A. Plews, R. Takahashi, K. Doi, W. Tam, A. Sharpe, A. Dixon, E. Lavelle, J. Dynes, A. Murakami, M. Kujiraoka, M. Lucamarini, Y. Tanizawa, H. Sato, and A. J. Shields, “10-mb/s quantum key distribution,” J. Lightwave Technol. 36(16), 3427–3433 (2018). [CrossRef]

14. Y. Zhang, Z. Chen, S. Pirandola, X. Wang, C. Zhou, B. Chu, Y. Zhao, B. Xu, S. Yu, and H. Guo, “Long-distance continuous-variable quantum key distribution over 202.81 km of fiber,” Phys. Rev. Lett. 125(1), 010502 (2020). [CrossRef]

15. A. Shamir, “How to share a secret,” Commun. ACM 22(11), 612–613 (1979). [CrossRef]

16. G. R. Blakley, “Safeguarding cryptographic keys,” Proc. Natl Comp. Conf. 48, 313–318 (1979). [CrossRef]

17. S. Pirandola, U. L. Andersen, L. Banchi, M. Berta, D. Bunandar, R. Colbeck, D. Englund, T. Gehring, C. Lupo, C. Ottaviani, J. L. Pereira, M. Razavi, J. S. Shaari, M. Tomamichel, V. C. Usenko, G. Vallone, P. Villoresi, and P. Wallden, “Advances in quantum cryptography,” Adv. Opt. Photonics 12(4), 1012–1236 (2020). [CrossRef]

18. M. Hillery, V. Bužek, and A. Berthiaume, “Quantum secret sharing,” Phys. Rev. A 59(3), 1829–1834 (1999). [CrossRef]

19. A. Karlsson, M. Koashi, and N. Imoto, “Quantum entanglement for secret sharing and secret splitting,” Phys. Rev. A 59(1), 162–168 (1999). [CrossRef]

20. K. Chen and H.-K. Lo, “Multi-partite quantum cryptographic protocols with noisy ghz states,” Quantum Inf. Comput. 7, 689–715 (2007). [CrossRef]

21. D. Markham and B. C. Sanders, “Graph states for quantum secret sharing,” Phys. Rev. A 78(4), 042309 (2008). [CrossRef]

22. Y. Fu, H.-L. Yin, T.-Y. Chen, and Z.-B. Chen, “Long-distance measurement-device-independent multiparty quantum communication,” Phys. Rev. Lett. 114(9), 090501 (2015). [CrossRef]

23. A. Tavakoli, I. Herbauts, M. Żukowski, and M. Bourennane, “Secret sharing with a single d-level quantum system,” Phys. Rev. A 92(3), 030302 (2015). [CrossRef]

24. I. Kogias, Y. Xiang, Q. He, and G. Adesso, “Unconditional security of entanglement-based continuous-variable quantum secret sharing,” Phys. Rev. A 95(1), 012315 (2017). [CrossRef]

25. W. P. Grice and B. Qi, “Quantum secret sharing using weak coherent states,” Phys. Rev. A 100(2), 022339 (2019). [CrossRef]

26. X. Wu, Y. Wang, and D. Huang, “Passive continuous-variable quantum secret sharing using a thermal source,” Phys. Rev. A 101(2), 022301 (2020). [CrossRef]

27. Y.-A. Chen, A.-N. Zhang, Z. Zhao, X.-Q. Zhou, C.-Y. Lu, C.-Z. Peng, T. Yang, and J.-W. Pan, “Experimental quantum secret sharing and third-man quantum cryptography,” Phys. Rev. Lett. 95(20), 200502 (2005). [CrossRef]

28. S. Gaertner, C. Kurtsiefer, M. Bourennane, and H. Weinfurter, “Experimental demonstration of four-party quantum secret sharing,” Phys. Rev. Lett. 98(2), 020503 (2007). [CrossRef]

29. C. Schmid, P. Trojek, M. Bourennane, C. Kurtsiefer, M. Żukowski, and H. Weinfurter, “Experimental single qubit quantum secret sharing,” Phys. Rev. Lett. 95(23), 230505 (2005). [CrossRef]

30. B. Bell, D. Markham, D. Herrera-Martí, A. Marin, W. Wadsworth, J. Rarity, and M. Tame, “Experimental demonstration of graph-state quantum secret sharing,” Nat. Commun. 5(1), 5480 (2014). [CrossRef]

31. Y. Cai, J. Roslund, G. Ferrini, F. Arzani, X. Xu, C. Fabre, and N. Treps, “Multimode entanglement in reconfigurable graph states using optical frequency combs,” Nat. Commun. 8(1), 15645 (2017). [CrossRef]

32. Y. Zhou, J. Yu, Z. Yan, X. Jia, J. Zhang, C. Xie, and K. Peng, “Quantum secret sharing among four players using multipartite bound entanglement of an optical field,” Phys. Rev. Lett. 121(15), 150502 (2018). [CrossRef]

33. J.-W. Pan, Z.-B. Chen, C.-Y. Lu, H. Weinfurter, A. Zeilinger, and M. Żukowski, “Multiphoton entanglement and interferometry,” Rev. Mod. Phys. 84(2), 777–838 (2012). [CrossRef]

34. S.-J. Qin, F. Gao, Q.-Y. Wen, and F.-C. Zhu, “Cryptanalysis of the hillery-bužek-berthiaume quantum secret-sharing protocol,” Phys. Rev. A 76(6), 062324 (2007). [CrossRef]

35. K.-J. Wei, X.-Q. Yang, C.-H. Zhu, and Z.-Q. Yin, “Quantum secret sharing without monitoring signal disturbance,” Quantum Inf. Process. 17(9), 230 (2018). [CrossRef]

36. G. P. He, “Comment on "experimental single qubit quantum secret sharing",” Phys. Rev. Lett. 98(2), 028901 (2007). [CrossRef]

37. C. Schmid, P. Trojek, M. Bourennane, C. Kurtsiefer, M. Żukowski, and H. Weinfurter, “Reply to comment on "experimental single qubit quantum secret sharing",” Phys. Rev. Lett. 98(2), 028902 (2007). [CrossRef]

38. F.-H. Xu, X.-F. Ma, Q. Zhang, H.-K. Lo, and J.-W. Pan, “Secure quantum key distribution with realistic devices,” Rev. Mod. Phys. 92(2), 025002 (2020). [CrossRef]

39. M. Lucamarini, Z. L. Yuan, J. F. Dynes, and A. J. Shields, “Overcoming the rate–distance limit of quantum key distribution without quantum repeaters,” Nature 557(7705), 400–403 (2018). [CrossRef]

40. X.-B. Wang, Z.-W. Yu, and X.-L. Hu, “Twin-field quantum key distribution with large misalignment error,” Phys. Rev. A 98(6), 062323 (2018). [CrossRef]

41. X. Ma, P. Zeng, and H. Zhou, “Phase-matching quantum key distribution,” Phys. Rev. X 8(3), 031043 (2018). [CrossRef]

42. H.-L. Yin and Y. Fu, “Measurement-device-independent twin-field quantum key distribution,” Sci. Rep. 9(1), 3045 (2019). [CrossRef]

43. J. Lin and N. Lütkenhaus, “Simple security analysis of phase-matching measurement-device-independent quantum key distribution,” Phys. Rev. A 98(4), 042332 (2018). [CrossRef]

44. C. Cui, Z.-Q. Yin, R. Wang, W. Chen, S. Wang, G.-C. Guo, and Z.-F. Han, “Twin-field quantum key distribution without phase postselection,” Phys. Rev. Appl. 11(3), 034053 (2019). [CrossRef]

45. M. Curty, K. Azuma, and H.-K. Lo, “Simple security proof of twin-field type quantum key distribution protocol,” npj Quantum Inf. 5(1), 64 (2019). [CrossRef]

46. H.-L. Yin and Z.-B. Chen, “Coherent-state-based twin-field quantum key distribution,” Sci. Rep. 9(1), 14918 (2019). [CrossRef]

47. K. Maeda, T. Sasaki, and M. Koashi, “Repeaterless quantum key distribution with efficient finite-key analysis overcoming the rate-distance limit,” Nat. Commun. 10(1), 3140 (2019). [CrossRef]

48. S. Pirandola, R. Laurenza, C. Ottaviani, and L. Banchi, “Fundamental limits of repeaterless quantum communications,” Nat. Commun. 8(1), 15043 (2017). [CrossRef]

49. J. Gu, X.-Y. Cao, H.-L. Yin, and Z.-B. Chen, “Differential phase shift quantum secret sharing using a twin field,” Opt. Express 29(6), 9165–9173 (2021). [CrossRef]

50. Z.-Y. Jia, J. Gu, B.-H. Li, H.-L. Yin, and Z.-B. Chen, “Differential phase shift quantum secret sharing using a twin field with asymmetric source intensities,” Entropy 23(6), 716 (2021). [CrossRef]

51. H. Takesue, T. Sasaki, K. Tamaki, and M. Koashi, “Experimental quantum key distribution without monitoring signal disturbance,” Nat. Photonics 9(12), 827–831 (2015). [CrossRef]

52. S. Wang, Z.-Q. Yin, W. Chen, D.-Y. He, X.-T. Song, H.-W. Li, L.-J. Zhang, Z. Zhou, G.-C. Guo, and Z.-F. Han, “Experimental demonstration of a quantum key distribution without signal disturbance monitoring,” Nat. Photonics 9(12), 832–836 (2015). [CrossRef]

53. Z.-Q. Yin, S. Wang, W. Chen, Y.-G. Han, R. Wang, G.-C. Guo, and Z.-F. Han, “Improved security bound for the round-robin-differential-phase-shift quantum key distribution,” Nat. Commun. 9(1), 457 (2018). [CrossRef]

54. M. Minder, M. Pittaluga, G. Roberts, M. Lucamarini, J. Dynes, Z. Yuan, and A. Shields, “Experimental quantum key distribution beyond the repeaterless secret key capacity,” Nat. Photonics 13(5), 334–338 (2019). [CrossRef]

55. X. Zhong, J. Hu, M. Curty, L. Qian, and H.-K. Lo, “Proof-of-principle experimental demonstration of twin-field type quantum key distribution,” Phys. Rev. Lett. 123(10), 100506 (2019). [CrossRef]

56. S. Wang, D.-Y. He, Z.-Q. Yin, F.-Y. Lu, C.-H. Cui, W. Chen, Z. Zhou, G.-C. Guo, and Z.-F. Han, “Beating the fundamental rate-distance limit in a proof-of-principle quantum key distribution system,” Phys. Rev. X 9(2), 021046 (2019). [CrossRef]

57. J.-P. Chen, C. Zhang, Y. Liu, C. Jiang, W. Zhang, X.-L. Hu, J.-Y. Guan, Z.-W. Yu, H. Xu, J. Lin, M.-J. Li, H. Chen, H. Li, L. You, Z. Wang, X.-B. Wang, Q. Zhang, and J.-W. Pan, “Sending-or-not-sending with independent lasers: Secure twin-field quantum key distribution over 509 km,” Phys. Rev. Lett. 124(7), 070501 (2020). [CrossRef]

58. X.-T. Fang, P. Zeng, H. Liu, M. Zou, W.-J. Wu, Y.-L. Tang, Y.-J. Sheng, Y. Xiang, W. Zhang, H. Li, Z. Wang, L. You, M.-J. Li, H. Chen, Y.-A. Chen, Q. Zhang, C.-Z. Peng, X. Ma, T.-Y. Chen, and J.-W. Pan, “Implementation of quantum key distribution surpassing the linear rate-transmittance bound,” Nat. Photonics 14(7), 422–425 (2020). [CrossRef]

59. J. M. Arrazola and N. Lütkenhaus, “Quantum fingerprinting with coherent states and a constant mean number of photons,” Phys. Rev. A 89(6), 062305 (2014). [CrossRef]

60. J.-Y. Guan, F. Xu, H.-L. Yin, Y. Li, W.-J. Zhang, S.-J. Chen, X.-Y. Yang, L. Li, L.-X. You, T.-Y. Chen, Z. Wang, Q. Zhang, and J.-W. Pan, “Observation of quantum fingerprinting beating the classical limit,” Phys. Rev. Lett. 116(24), 240502 (2016). [CrossRef]

61. M. Koashi, “Simple security proof of quantum key distribution based on complementarity,” New J. Phys. 11(4), 045018 (2009). [CrossRef]

62. M. Takeoka, S. Guha, and M. M. Wilde, “Fundamental rate-loss tradeoff for optical quantum key distribution,” Nat. Commun. 5(1), 5235 (2014). [CrossRef]

63. F. Bouchard, A. Sit, K. Heshami, R. Fickler, and E. Karimi, “Round-robin differential-phase-shift quantum key distribution with twisted photons,” Phys. Rev. A 98(1), 010301 (2018). [CrossRef]

64. R. Cleve, D. Gottesman, and H.-K. Lo, “How to share a quantum secret,” Phys. Rev. Lett. 83(3), 648–651 (1999). [CrossRef]

65. M. Żukowski, A. Zeilinger, M. Horne, and H. Weinfurter, “Quest for ghz states,” Acta Phys. Pol. A 93(1), 187–195 (1998). [CrossRef]

66. Y.-A. Chen, Q. Zhang, T.-Y. Chen, W.-Q. Cai, S.-K. Liao, J. Zhang, K. Chen, J. Yin, J.-G. Ren, Z. Chen, S.-L. Han, Q. Yu, K. Liang, F. Zhou, X. Yuan, M.-S. Zhao, T.-Y. Wang, X. Jiang, L. Zhang, W.-Y. Liu, Y. Li, Q. Shen, Y. Cao, C.-Y. Lu, R. Shu, J.-Y. Wang, L. Li, N.-L. Liu, F. Xu, X.-B. Wang, C.-Z. Peng, and J.-W. Pan, “An integrated space-to-ground quantum communication network over 4, 600 kilometres,” Nature 589(7841), 214–219 (2021). [CrossRef]

$η_{d}$	$p_{d}$	$e_{d}$	$α$	$f$
$56 %$	$10^{- 8}$	$2 %$	$0.167$	$1.1$

Secure quantum secret sharing without signal disturbance monitoring

Abstract

1. Introduction

2. Protocol description

3. Security analysis

3.1 Outside Eve

3.2 Inside Alice or Bob

4. Performance

5. Conclusion

Funding

Disclosures

Data availability

References

Data availability

Cited By

Figures (5)

Tables (1)

Equations (16)

Optics Express