Abstract
Conference key agreement (CKA) is a cryptographic effort of multiple parties to establish a shared secret key. In future quantum networks, generating secret keys in an anonymous way is of tremendous importance for parties that want to keep their shared key secret and at the same time protect their own identity. We provide a definition of anonymity for general protocols and present a CKA protocol that is provably anonymous under realistic adversarial scenarios. We base our protocol on shared Greenberger-Horne-Zeilinger states, which have been proposed as more efficient resources for CKA protocols, compared to bipartite entangled resources. The existence of secure and anonymous protocols based on multipartite entangled states provides a new insight on their potential as resources and paves the way for further applications.
- Received 9 October 2020
- Accepted 24 November 2020
DOI:https://doi.org/10.1103/PRXQuantum.1.020325
Published by the American Physical Society under the terms of the Creative Commons Attribution 4.0 International license. Further distribution of this work must maintain attribution to the author(s) and the published article's title, journal citation, and DOI.
Published by the American Physical Society
Physics Subject Headings (PhySH)
Popular Summary
In this paper, we introduce a protocol to generate a secret encryption key shared between one sender and multiple receivers of the sender’s choosing; this is known as conference key agreement (CKA). The participants—sender and designated receivers—are connected via a larger network, yet their roles in the protocol are not revealed to anyone but the sender, giving us a notion of anonymity and thus anonymous CKA or ACKA.
To realize ACKA, we make use of multipartite entangled quantum resources known as GHZ states distributed between all parties in the network. These GHZ states contain intrinsic nonclassical correlations, which we can exploit to generate a shared key between only the participants. We start with a classical “notification” protocol that enables the sender to notify several receivers of its intention to establish a secret key with them. We then explain how to generate anonymous entanglement between only the participants from the shared GHZ states, how the sender can anonymously verify this process, and how an anonymous secret key is finally created.
All of the above subprotocols are combined into a single ACKA protocol where the participant roles are protected against an adversary who may corrupt one receiver or multiple nonparticipating parties in the network; the security of the key is preserved except for the trivial case where a participant is corrupted. We prove the anonymity of the participants on an information-theoretic level.