 Research
 Open access
 Published:
Quantum identity authentication based on the extension of quantum rotation
EPJ Quantum Technology volume 10, Article number: 11 (2023)
Abstract
In this work, we propose a bitoriented QIA protocol based on special properties of quantum rotation and the public key cryptographic framework. The proposed protocol exhibited good resistance to both forward search and measureresend attacks, whereby its security performance was directly related to the length of the authentication code. From our analysis, it was demonstrated that the protocol has good performance, in terms of quantum bit efficiency. In addition, the protocol is wellexpandable. The developed protocol is resourceefficient and can be also applied in quantum computing networks.
1 Introduction
Quantum rotation is considered a basic mathematical tool for representing binary quantum states. More specifically, an angular parameter is used to describe the vector state on the Bloch sphere [1, 2]. Since the objects discussed in this paper are not limited to binary qubit, it will be referred to as quantum rotation in this work.
Quantum rotation, with its unique properties, is regarded as the most fundamental concept of quantum computing, especially in variational quantum circuits [3] and quantum neural computing [4]. The dimension of quantum rotation refers to the dimension of the quantum state that is affected by quantum rotation. From a geometric point of view, the process by which quantum rotation produces its effect is similar to describing a plane rectangular coordinate system in polar coordinates. Combined with the Bloch ball, this can be easily spotted.
Although there are substantial applications in quantum computing and quantum physics, the implementation of quantum rotation in quantum cryptography is much rarer. An important application of quantum rotation can be found in quantum public key cryptography (QPKC). In 2008, Nikolopoulos designed a bitoriented deterministic QPKC protocol using quantum oneway functions constructed by quantum rotation [5] and proposed a series of improvements over the next few years [6–8]. In our previously reported work [9], the superposition of twodimensional quantum rotation and extended quantum rotation to threedimensions was demonstrated. These works provide an initial demonstration of the flexibility of quantum rotation in protocol design. The security of these protocols can be also greatly enhanced as the parameters can be set over a wide range. Hence, the protocol for using quantum rotation deserves undoubtedly further research. On the other hand, a large number of experimental works on the preparation and control of quantum states are based on quantum rotation [10, 11], which provides a realistic basis for the feasibility of the abovementioned protocols and future expansion.
The underlying principle of the quantum identity authentication (QIA) protocol is to verify the identity of the legitimate user to protect quantum communication networks from total breakdown [12]. In the QIA protocol, an authenticating party (Bob) uses quantum means to verify an authenticated party’s (Alice) knowledge of a preshared key (identification code) [13]. In view of this nature, the means to achieve QIA are numerous, while a general approach is to transform other quantum information protocols to be used for identity authentication. Since the first QIA protocol [14] was proposed in 1995, quantum key distribution (QKD) and quantum entanglement have been widely used to design QIA protocols. Although the QKDbased protocol [15–17] can be easier implemented in reality, the limitations of the QKD protocol itself prevent further security improvements [18, 19]. Quantum entanglement provides high security [20–22], multiparty authentication [23, 24], and semiquantum authentication [25, 26] for some QIA protocols. However, obviously, these protocols must use quantum memory. As a minor protocol, QIA should be used as little as possible to ensure that it does not burden the major protocol in quantum communication networks. Some other protocols [27–29] face a similar problem of using too many resources for additional purposes, which seem to deviate from the original intent of QIA.
By considering the fundamental role of quantum rotation in quantum circuits, quantum rotation can be used to design a QIA protocol with low resource consumption and high security. On the other hand, it is feasible to convert a QPKC protocol into a QIA protocol and retain the high security and scalability features of the QPKC protocol. Along these lines, in this work, our previous research was first extended by expanding quantum rotation to Ndimensions. On this foundation, a QIA protocol was designed, drawing on the basic ideas of the QPKC protocol, and the security and efficiency of our protocol were systematically analyzed.
The rest of this work is organized as follows. In Section II, the basic properties of quantum rotation were introduced and expanded on the dimensions. In Section III, a detailed description of the proposed QIA protocol was provided. Section IV analyzed the proposed protocol in terms of security and efficiency, and discussed outstanding issues and protocol expansions. Finally, in Section V, the main conclusions are presented.
2 Expansion of quantum rotation
In our previously reported work, quantum rotation was expanded to threedimensional situations [9]. The main focus was led on the unique property of the quantum rotation parameter, namely superposition, which is the basis for many subsequent application protocols. In this section, the dimensionality of quantum rotation will be further expanded.
2.1 Properties of twodimensional quantum rotation
A binary quantum state \(\vert \psi _{s}(\theta _{n})\rangle \) on the \(xoz\) Bloch plane can be expressed as follows:
where, \(n\in \mathbb{N}\), \(s\in \mathbb{Z}_{n}:=\{0,1,2,\dots,n1\vert n \in \mathbb{N}\}\), \(\theta _{n}=\frac{\pi}{2^{n1}}\). On a quantum circuit, a quantum rotation \(R(s\theta _{n})\) can regarded as a quantum gate with control parameter \(s\theta _{n}\). n and s are set to limit the control parameters to \([0,\frac{\pi}{2}]\) to avoid ambiguities caused by angles that differ by one phase. Geometrically, \(R(s\theta _{n})\) causes the quantum state to rotate \(s\theta _{n}\) around the yaxis start \(\vert 0\rangle \) on the \(xoz\) plane in Bloch ball.
Superposition is about the important nature of the control parameters and is the basis of the series protocol. For any \(\alpha \theta _{n}\) and \(\beta \theta _{n}\),
Superposition can be intuitively expressed as multiple control parameters of the quantum rotations can be superimposed. This is a property similar to homomorphic encryption. The detailed proof of superposition is shown in Ref [9]. Superposition in the twodimensional can be proved by using the quantum gate and the trigonometric function property.
The superposition of quantum rotation has two important corollaries as follows:
By combining the geometric meaning of quantum rotation, it can be concluded that the positive or negative of the parameter affects the direction rotation of the vector state on the Bloch sphere. Tables 1 presents the geometric significance of quantum rotation. Together with the two important corollaries that were abovementioned, it provides the basic tools for application protocols design.
The process of constructing quantum states by using twodimensional quantum rotation is similar to the transformation between a plane rectangular coordinate system, and a polar coordinate system. Referring to this relationship, the conversion factor between the spherical coordinate and the spatial rectangular coordinate systems can be introduced to construct threedimensional quantum rotation. by taking the three conversion factors \(\{\overline{x}_{1},\overline{x}_{2},\overline{x}_{3}\}\) as the coefficients in front of the threedimensional standard orthogonal basis in natural number order, the following expression for threedimensional quantum rotation can be obtained:
where, the subscript Ω of \(R(s_{1}\theta _{n},s_{2}\theta _{n})_{(\Omega )}\) represents the Hilbert space where \(\vert 0\rangle,\vert 1\rangle,\vert 2\rangle \) is located. The Equation (5) can be varied as follows:
The proof of superposition in the threedimensional requires the introduction of auxiliary quantum rotation. \(R(s_{2}\theta _{n})_{(\omega _{12})}\) denotes a quantum rotation that occurs in Hilbert plane \(\omega _{12}\) determined by \(\vert 1\rangle \) and \(\vert 2\rangle \). Geometrically, plane \(\omega _{12}\) is orthogonal to \(\vert 0\rangle \). Then, as a vector on plane \(\omega _{12}\), \(R(s_{2}\theta _{n})_{(\omega _{12})}\vert 1\rangle \) was also orthogonal to \(\vert 0\rangle \). For the sake of formal simplicity, \(R(s_{2}\theta _{n})_{(\omega _{12})}\vert 1\rangle \) was noted as \(\vert \xi \rangle \). It can be found that the rewritten equation fits the definition of a quantum rotation that occurs in Hilbert plane \(\omega _{0\xi}\) determined by \(\vert 0\rangle \) and \(\vert \xi \rangle \). Thus, it can be concluded that threedimensional quantum rotation also satisfies superposition.
From the point of view of quantum circuits, a threedimensional quantum rotation can be viewed as two times twodimensional quantum rotations in different Hilbert plane. This idea provides valuable insights for expanding quantum rotation to Ndimensional.
2.2 Ndimensional quantum rotation
In this section, the quantum rotation was extended to Ndimensions and the construction method was summarized.
The coordinate conversion factors of the Ndimensional Cartesian coordinate system and the hyperspherical coordinate system can be introduced to construct Ndimensional quantum rotation [30]. The conversion factor [31] between the two coordinate systems can be defined as follows:
where, \(\{\phi _{1},\phi _{2},\dots,\phi _{N1}\}\) represents the angle of rotation from the corresponding coordinate axis. Let \(r=1,\phi _{i}=\frac{s_{i}\theta _{n}}{2}\), the factors can be expressed as follows:
Obviously, \(\sum_{i=1}^{N}{(\overline{x}_{i})}^{2}=1\).
Taking \(\{\phi _{1},\phi _{2},\dots,\phi _{N1}\}\) as the coefficient before \(N1\) standard orthogonal bases in natural number order, then the following expression can be derived:
With reference to the situation in threedimensional, the superposition of Ndimensional quantum rotation can be proved.
Similar to Equation (6), Equation (9) can be transformed into the following form:
where \(\{\vert 0\rangle,\vert 1\rangle,\dots,\vert N2\rangle,\vert N1 \rangle \}\) is a set of standard orthogonal bases, and all quantum states are orthogonal to each other. Thus, the abovementioned equations can be converted step by step into a series of quantum rotations starting from \(\cos(\frac{s_{n1}\theta _{n1}}{2})\vert N2\rangle +\sin( \frac{s_{n1}\theta _{n1}}{2})\vert N1\rangle \).
Note that the quantum rotation results with \(s_{i}\) as \(\vert \xi _{s_{i}}\rangle \), namely
where \(\vert a\rangle \) orthogonal to \(\vert b\rangle \).
As a result, Equation (10) can be expressed as follows:
Obviously, \(\vert 0\rangle \) is orthogonal to \(\vert \xi _{s_{N1,N2,\ldots,3,2}}\rangle \). Ndimensional quantum rotation is equivalent to a quantum rotation, where the control parameter is also determined by \(\{s_{N1},s_{N2},\dots,s_{3},s_{2}\}\). In other words, the impact Ndimensional quantum rotation acting on \(\vert 0\rangle \) is equivalent to the impact of \(N1\) twodimensional quantum rotations acting on \(\vert 0\rangle \) successively in proper order. Therefore, the Ndimensional quantum rotation also satisfies the superposition.
This proof process can be seen as a method of dimensionality reduction. Highdimensional quantum rotation can play an important role in the design of quantum circuits and mixedvalue quantum computing. In addition, it is feasible to design quantum cryptography protocols with higher security and higher efficiency using quantum rotation.
3 Quantum identity authentication protocol based on quantum rotation
As was explained in the Introduction, a common way to construct QIA is to transform other protocols for authentication. Quantum public key cryptography (QPKC), as a class of protocols with more research, focuses on high security and efficiency in encryption and decryption [32]. These features of QPKC meet both the security needs of QIA and the resource savings that QIA should have as a minor protocol. By combining our research on quantum rotation and the main idea of QPKC, the QIA protocol was formally presented based on quantum rotation in this section.
The main difference between QPKC and QIA is that the former requires accurate ciphertext, while the latter only needs to verify that the ciphertext meets expectations. Following this idea, the QIA protocol was constructed to detect whether an encrypted quantum state meets expectations after a series of quantum rotations act on it.
The detailed steps of QIA are shown in the following.
Public parameter. Authenticating party Bob and authenticated party Alice share authentic nbit strings \(k_{\mathrm{ide}}\) as Bob’s identification code for authentication in the communication network. \(k_{\mathrm{ide}}\) was chosen independently from \(\mathbb{Z}_{n}\) and distributed as evenly as possible. Note ith position as \(k_{\mathrm{ide}}^{i}\). \(k_{\mathrm{ide}}\) and n are private, and onetoone correspondence is required between the users in the multiuser network.
Step 1. Bob initiates an authentication request for Alice. Bob prepares a string l that is n long, and notes ith position as \(l_{i} \in \{0,1\}\). Bob prepares \(k_{b}\) based on Alice’s \(k_{\mathrm{ide}}^{i}\), and note the ith position as \(k^{i}_{b}\) satisfied
Step 2. Bob prepares an authentication application \(k_{\mathrm{app}}\) with the corresponding check code \(k_{\mathrm{ver}}\). \(k_{\mathrm{app}}^{i}\) and \(k_{\mathrm{ver}}^{i}\) in ith satisfy the following conditions
The following quantum states were prepared from \(\vert 0\rangle ^{\bigotimes n}\) by using quantum rotation as follows:
Bob sends \(\vert \Psi{_{\mathrm{app}}}(\theta _{n})\rangle \) to Alice as an authentication request.
Step 3. Alice responded to the request. Alice receives the quantum state and acts \(R(k_{\mathrm{ide}}^{i}\theta _{n})\) on the ith position, obtain
and sends \(\vert \Psi{_{\mathrm{ide}}}(\theta _{n})\rangle \) back to Bob as a reply.
Step 4. Bob checks for a reply. Bob acts \(R(k_{\mathrm{ide}}^{i}\theta _{n})\) on the ith position gives \(\vert \Psi{_{\mathrm{ver}}}(\theta _{n})\rangle \) and measure bit by bit using \(\{\vert 0\rangle,\vert 1\rangle \}\). If Bob gets the corresponding measurement result \(\vert l_{i}\rangle \), the authentication results in success. In practical cases, this judging condition could be loosened to an acceptable error threshold according to the channel noise environment. Otherwise, authentication fails.
According to the superposition of quantum rotation, the correctness of the QIA protocol is presented as follows. The protocol is a bitbased deterministic protocol and qubits are discrete and independent. For this reason, jth position was selected for analysis. Following the protocol steps, the jth quantum \(\vert \Psi{_{\mathrm{ver}}}(\theta _{n})\rangle _{(j)}\) before Bob makes the measurement is as follows:
Obviously, the final output of the protocol is \(\vert l_{i} \rangle \), which can show Alice’s identity whether to meets expectations. Figure 1 and Table 2 depict the protocol process when the authentication credential \(n=4\), \(k_{\mathrm{ide}}=\{0,1,2,3\}\).
Special attention should be also paid to the fact that the authentication credentials \(k_{\mathrm{ide}}\) of the different users in a communication network cannot be multiplicative, such as \(\{1,1,2,2\}\) and \(\{2,2,4,4\}\). This has the potential to cause two users to exhibit exactly the same behavior during a authentication process. Obviously, this situation can be easily avoided when distributing \(k_{\mathrm{ide}}\) for users.
4 Analysis and discussion
In this section, the protocol and future development will be thoroughly analyzed.
4.1 Security analysis
The security of the proposed QIA protocol will be examined. The purpose of the external attacker, Eve, is to try to fake Alice’s identity and make Bob believe that she is Alice. Furthermore, Eve attempts to obtain Alice’s authentication code and disguise her identity for a long time. The resistance of the protocol to impersonation attacks, known plaintext attacks, measureresend attacks, and entanglediscriminate attacks will be also investigated.
(1) Impersonation attack. In this kind of attack, Eve tries to impersonate the legal user Alice and pass the authentication process. A general approach to impersonation is to measure the unknown quantum states on the channel and attempt to distinguish quantum states. The density matrix and the Heisenberg uncertainty principle were used to calculate the trace distance to distinguish the two quantum states on the channel to see if they can be distinguished.
For the simplicity of the calculation, the case when a single quantum state is transmitted over a quantum channel was considered. The control parameter of the quantum rotation that determines the state of the quantum state, assume as ξ, leads to the quantum state as \(\vert \psi (\xi )\rangle =R(\xi )\vert 0\rangle \). Then, its density matrix can be expressed as follows:
It was also assumed that the two quantum states on the channel are determined by the parameters \(\xi _{1}\) and \(\xi _{2}\), respectively. According to the theorems of quantum state discrimination [33], the minimum error of discriminating the two states above is given by the following equation:
Therefore, when the code have n bits, the probability of an adversary passing Alice’s test is at most
Compared to some QIA protocols [34] based on the mutually unbiased bases (MUBs), Eve’s probability of passing detection has an extremely fast rate of decline. As can be observed from Fig. 2, the probability of Eve’s impersonation being detected increases exponentially with the number of bits of the authentication code n.
When \(n=10\), the probability of Eve being found is greater than 99.9%. This is a very good performance, which comes from the incorporation of quantum rotation into the protocol design. Another comparative advantage of introducing quantum rotation, in terms of security, is that the performance of security protection for authentication code is greatly improved. When the authentication code is long enough, the key can be selected in a very wide space, namely \(\mathbb{Z}_{n}\), and the probability that Eve obtains the authentication credentials by random selection is \(\frac{1}{n^{n}}\), which is about 0.002% when \(n=6\). This security protection is also reflected in the defense against other attacks.
(2) Forward search attack. In the abovementioned attack, Eve wanted to disguise her identity to pass Bob’s test. In the next series of attacks, Eve will try to steal as much information as possible about the authentication code. A forward search attack is known to be a very effective way of attacking QPKC and derived protocols. Particularly, the basic idea of the attack is to use a twobit quantum gate, such symmetrytest circuit, to compare the state of the quantum state before and after encryption to infer the ciphertext [6]. For the proposed QIA protocol, Eva can compare the authentication request received by Alice and the authentication reply sent by Alice to infer the authentication code.
Previously reported works in the literature have shown that using parity encoding with Hamming weight [6] or using probabilistic encryption [7] can prevent forward search attacks. However, the former brings a reduction in protocol efficiency, and the latter is associated with probabilistic decryption errors. In our previously reported work [9], it has been shown that using threedimensional quantum rotation can have good resistance to forward search attack without adding any plugins. Similarly, our QIA protocol is resistant to such types of attacks. On the one hand, the ciphertext of our protocol, namely the authentication code, is the quantum rotation parameter rather than \(\{\vert 0\rangle,\vert 1\rangle \}\). Even if there exists a quantum circuit that can accurately compare whether two quantum states are different, it is not possible to infer the authentication code. On the other hand, there do exist some cases, such as \(k_{\mathrm{ide}}=0\) and \(k_{\mathrm{app}}=0\), forward search attacks are able to infer \(k_{\mathrm{ide}}\). Nevertheless, such cases obviously occur with very low probability and do not affect the overall security of our protocol. For Eve, since \(k_{\mathrm{app}}\) was independently selected by Alice, she was also unable to confirm \(k_{\mathrm{app}}=0\). In summary, the developed protocol has good resistance to forward search attacks. A large part of the security of the protocol comes from the random and decentralized selection of \(k_{\mathrm{app}}\) and \(l_{i}\). The selection process should be independent in each authentication.
(3) Measureresend attack. In this attack strategy, Eve will use carefully designed POVM to measure the quantum state on the quantum channel, and send new states to Bob depending upon the measurement result. Without loss of generality, it was assumed that Eve performs a measureresend attack on Alice’s reply to Bob. Regardless of how Eve designs the measurement base to obtain more information, the maximum amount of information Eve can extract from the quantum channel can be calculated by using Holevo bound [35].
The maximum amount of information that can be obtained from the quantum channel satisfies the following inequality
where, \(\rho =\sum_{x}p_{x}\rho _{x}\).
In the proposed protocol, both \(k_{\mathrm{ide}}\) and \(k_{\mathrm{app}}\) were selected at complete random on \(\mathbb{Z}_{n}\). Then the quantum state on the channel with a \(\frac{1}{n}\) probability is in
where, \(i\in \mathbb{Z}_{n}\). Then the density matrix of quantum states is
In summary, it can be obtained:
A simple calculation leads to the eigenvalues of ρ, which is a function of n. From this, relationship between Holevo bound for the quantum state on the channel and n can be derived as Fig. 3.
During the increase in n, the amount of information available to Eve decreased rapidly and fell below 0.000311 bit at n greater than 10. In the protocol setting, \(n\gg 1\) should be satisfied. Therefore, the protocol has good resistance to measureresend attacks.
It is worth noting that when \(n=2\), the protocol uses on the channel only \(\{\vert 0\rangle,\vert 1\rangle,\vert +\rangle,\vert \rangle \}\). At this point, the protocol degenerates to a BB84like protocol. From the perspective of protocol design, the developed QIA protocol can be seen as a generalization of the BB84based QIA protocol. From the perspective of the quantum gates used, H used in the BB84 protocol equals to \(R(\frac{\pi}{2})\). Quantum rotation, and a set of universal quantum gates were used in our protocol, which greatly extends the flexibility of the protocol when encrypting and decrypting.
Additionally, a special feature of this protocol is that, as a quantum bitoriented protocol, each bit of quantum state is phase independent (this is supported by the analysis of the impersonation attack). However, its security will change as the number of quantum bits increases. This stems from the association of the quantum rotation parameter with the authentication code in the protocol design. Combined with the analysis of the impersonation attack, as the number of bits is increased, spoofing becomes more difficult, and stealing useful information from the channel becomes more difficult, which increases the security of the protocol in general. When n is large enough, the probability of success of Eve’s measureresend attack will be lower than the probability of directly guessing the authentication code.
(4) Entanglediscriminate attack. In this attack, Eve entangles the quantum state on the channel with her own probe register. After, Bob has executed the authentication protocol, the probe is measured and potentially useful information is obtained. On this basis, Eve can draw information on the state of the quantum in the quantum channel [36].
A brief demonstration of the flow of Eva’s attack using \({\overline{CNOT}}\) is presented here. Eve uses \({\overline{CNOT}}\) to establish entanglement between \(\vert \psi \rangle =\cos(\theta )\vert 0\rangle +\sin(\theta )\vert 1 \rangle \) on the channel and preserved quantum state \(\vert \chi \rangle \). The state of the quantum system after establishing entanglement is as follows:
where, \(\overline{X}=\vert 1\rangle \langle 0\vert +\vert 0\rangle \langle 1 \vert \). Afterwards, Eve measures the probe register based on her knowledge of \(\vert \chi \rangle \) and infers θ based on the probability of the measurement result. Eve can infer the quantum state structure step by step by repeating this attack many times.
This attack is very effective against QIA protocols where the authentication code does not change, especially BB84like protocols that use MUBs. In addition to that, this attack also works for QKD and quantum secret sharing. Moreover, the entanglediscriminate attack can also be combined with a forward search attack based on symmetrytest quantum circuits [6] to produce a higher attack effect.
However, such types of attacks are of little use to our QIA protocols. In this attack scenario, the first difficulty Eve faces come from the final stage of the protocol: Bob will apply \(k_{\mathrm{ver}}\) before measuring. \(k_{\mathrm{ver}}\) can have an unintended impact on the established entanglement. Thus, the possible structure of the channel quantum states directly from the measurements can difficult to be inferred.
In the most ideal case, Eve can get \(k_{\mathrm{app}}+k_{\mathrm{ide}}\) in an authentication. Eve can fall back on the second best attempt to use \(k_{\mathrm{app}}+k_{\mathrm{ide}}\) to cheat Bob. Then, Eve will face a second difficulty. \(k_{\mathrm{app}}\) and \(l_{i}\) used by Bob in each authentication process are randomly assigned and both are selected independently. The random process makes \(k_{\mathrm{app}}+k_{\mathrm{ide}}\) change in each communication, and the number of possible changes is linearly related to n. It is difficult for Eve to cheat Bob in the next authentication. This result approximates the influence of key updating, namely, making it difficult for an attacker to accumulate an advantage in each attack. In a practical scenario, a keyupdate threshold can be set for the developed protocol to further strengthen the security of the authentication code. Compared to protocols that actually use a keyupdate policy, the proposed protocol is more convenient. Because the authentication code of Alice in the protocol is practically unchanged, no additional quantum operations are required, and Alice can secure the protocol by simply executing an identical circuit. In reality, Eve needs to trade off the amount of information available and the induced error rate resulting from different entanglement strategies and detection state discrimination techniques. Eve may causes a disturbance to the channel in the establishment of entanglement, which can be detected in the final measurement detection in combination with \(l_{i}\).
4.2 Efficiency analysis
Afterwards, the efficiency performance of our protocol will be analyzed and some existing protocols will be compared. Quantum bit efficiency [37] is considered one of the most commonly used criteria to analyze the efficiency of quantum protocols. The quantum bit efficiency is given by the following expression:
where \(b_{s}\) represents the number of useful quantum bits and classical bits, \(q_{t}\) denotes the total number of quantum bits, \(b_{t}\) stands for the total number of quantum bits.
In the proposed protocol, the length of the authentication code is n. The length of the classical \(l_{i}\) used for listening detection is n, namely \(b_{t}=n\). Besides, the total number of quantum bits used is \(q_{t}=n\), and the protocol finally authenticates the \(q_{t}=n\) bit authentication code. Therefore, the lower bound of quantum bit efficiency for our protocol is calculated as follows:
Although quantum bit efficiency is a more general evaluation criterion, this criterion is inaccurate for the introduced protocol. The vast majority of quantum communication protocols use quantum bits \(\{\vert 0\rangle,\vert 1\rangle \}\) and classical bits \(\{0,1\}\). Nonetheless, in the proposed protocol, the object being authenticated is \(k_{\mathrm{ide}}\in \mathbb{Z}_{n}\), carrying more information than the classical bits. For example, the binary of an integer 10, \(1010_{(2)}\), requires 4 bits of classical bits for storage, and integer 100 requires 7 classical bits. Thus, fewer classical bits are used here to authenticate content that requires a large number of classical bits for storage. Equation (27) gives the quantum bit efficiency of the protocol when \(n=2\), namely \(k_{\mathrm{ide}}\in \{0,1\}\). As n is increased, the number of useful classical bits \(N(n)\) also is increased and \(\min N(n)=n\). In summary, the quantum bit efficiency can be expressed as follows:
The precise evaluation of the efficiency of the developed protocols is still a matter of discussion.
A simple comparison with similar QIA protocols in structure and steps from the aspects of realization method, length of identification code, and quantum bit efficiency is presented in Table 3.
Table 3 shows some of the QIA protocols with similar structure and steps, namely, the certified party reproducing information about the certification code to the quantum state for authentication request reply in a round of communication.
By comparison, it can be found that the protocols that achieve twoway authentication basically use quantum entanglement and have good performance in terms of quantum bit efficiency. However, it is clear that protocols that use quantum entanglement, especially manybody entanglement and other special quantum resources, have difficulties in the physical implementation. As was stated in the Introduction, this is contrary to QIA’s positioning as a minor protocol. Most of the QKDbased protocols achieve high quantum bit efficiency, while QKD protocols using MUBs are vulnerable to various types of attacks, such as entanglediscriminate attacks. The proposed protocol strikes a good balance between security and efficiency. More specifically, only quantum rotation is used as a fundamental component of quantum computing and can be directly embedded in security protocols related to quantum computing, such as quantum federation learning [51] or other cloudbased quantum machine learning. In addition, during multiple runs of the proposed protocol, Alice does not need to change its own quantum circuitry frequently to ensure the protocol security, which can reduce the technical requirements of Alice with only limited quantum capabilities in realistic scenarios. These advantages suggest that the developed protocol can be better applied in future quantum big data scenarios.
4.3 Discussion
In this section, some unresolved issues in our QIA protocol will be discussed, and further expansions will be provided. In real scenarios, imperfections in the quantum channel and detection primitives can have a direct impact on the authentication accuracy and security of a QIA protocol. As a bitoriented QIA protocol, dark counts and channel loss can cause authentication failures or give Eva the opportunity to hide in the noise for attacks. The analysis of security in this work assumes an ideal environment. Hence, the attacker Eva’s strategy of faking Alice’s identity with the help of noise will be discussed, while Bob’s countermeasures will be covered in future work. Several works in the literature [45, 46] have conducted noise analysis for QKDbased QIA and have shown good performance. In further work, we will use quantum simulation tools for analysis of the protocol. Moreover, as was explained in the efficiency analysis, the precise evaluation of the efficiency is an unresolved issue for our protocol. This problem can be extended to evaluate the efficiency of multivalued or even mixedvalued quantum circuits.
For the future expansion of the protocol, it should be noted that some protocols that do not use entanglement [46, 47] are able to achieve keyupdates using quantum gates. The proposed QIA protocol is also capable of working with multiple quantum gates to enable key updates. It can be also simply modified to add more quantum bits and one quantum communication for achieving twoway authentication while avoiding the use of entanglement. In addition, it can be combined with entanglement to extend a more secure multiparty authentication protocol [52].
Fundamental concepts from quantum computing are also applied to the design of quantum cryptography protocols. This shows that quantum circuits and computational tasks in quantum computing, such as universal quantum circuits or blind quantum computing, can be introduced into the design of quantum protocols. Quantum homomorphic encryption (QHE) is a kind of protocol that combines quantum computing with quantum cryptography. The homomorphic nature of quantum rotation and their properties as quantum universal gates seem to be used to design a QHE protocol, which is one of our future research.
In terms of structure, the proposed QIA protocol has similarities with Nikolopoulos’s QPKC protocol [5], namely quantum rotation works as a special quantum oneway function. The corresponding quantum rotations can be easily constructed using classical parameters, while it is very difficult to reduce the classical parameters from unknown quantum rotations. This is the source of the ability to be below multiple attacks. Based on this idea, using the expansion of quantum rotation in dimensionality, highdimensional QIA protocols can be designed to further increase security. According to the relationship between the highdimensional quantum rotation and twodimensional quantum rotation, a highdimensional QIA protocol is equivalent to multiple twodimensional QIA protocols working together, which can further improve security.
In summary, in addition to its good performance, in terms of security and efficiency, our protocol has good expandability.
5 Conclusion
In this work, the geometric properties of quantum rotations were first summarized based on previous work and were expanded on the dimensionality. These property works provide the basis for protocols based on quantum rotation. By combining the QPKC framework with the superposition of quantum rotation, a bitoriented QIA protocol was proposed. After performing security analysis using the theorems of quantum state discrimination and Holevo bound, it was demonstrated that the proposed protocol has high security and good resistance to multiple attacks. This enhanced security comes from treating quantum rotation as a oneway function. Moreover, as a bitoriented protocol, each bit of quantum state in the protocol is independent. However, the security of each bit is directly related to the length of the authentication code, which is a special feature of the developed protocol. Authentication code length is regarded as a key factor affecting protocol security. In terms of efficiency, the proposed protocol has good performance and demonstrates advantages in comparison with other protocols. In addition to that, the introduced protocols are wellexpandable. The proposed protocol is based on quantum rotation and no additional quantum resources are used, which can be well applied to quantum computing networks and other protocols based on quantum rotation.
Availability of data and materials
All data generated or analysed during this study are available and included in this published article.
Abbreviations
 QIA:

Quantum Identity Authentication
 QKD:

Quantum Key Distribution
 QPKC:

Quantum Public Key Cryptography
 MUBs:

Mutually Unbiased Bases
References
Nielsen MA, Chuang I. Quantum computation and quantum information. American Association of Physics Teachers; 2002.
Ambruş VE, Winstanley E. Rotating quantum states. Phys Lett B. 2014;734:296–301.
Cerezo M, Arrasmith A, Babbush R, Benjamin SC, Endo S, Fujii K, McClean JR, Mitarai K, Yuan X, Cincio L et al.. Variational quantum algorithms. Nat Rev Phys. 2021;3(9):625–44.
Schuld M, Sinayskiy I, Petruccione F. The quest for a quantum neural network. Quantum Inf Process. 2014;13:2567–86.
Nikolopoulos GM. Applications of singlequbit rotations in quantum publickey cryptography. Phys Rev A. 2008;77(3):032348.
Nikolopoulos GM, Ioannou LM. Deterministic quantumpublickey encryption: forward search attack and randomization. Phys Rev A. 2009;79(4):042327.
Seyfarth U, Nikolopoulos G, Alber G. Symmetries and security of a quantumpublickey encryption based on singlequbit rotations. Phys Rev A. 2012;85(2):022342.
Shang T, Tang Y, Chen R, Liu J. Full quantum oneway function for quantum cryptography. Quantum Eng. 2020;2(1):32.
Wang Y, Chen G, Jian L, Zhou Y, Liu S. Ternary quantum publickey cryptography based on qubit rotation. Quantum Inf Process. 2022;21(6):197.
Kis Z, Renzoni F. Qubit rotation by stimulated Raman adiabatic passage. Phys Rev A. 2002;65(3):032318.
NadjPerge S, Frolov S, Bakkers E, Kouwenhoven LP. Spin–orbit qubit in a semiconductor nanowire. Nature. 2010;468(7327):1084–7.
Pirandola S, Andersen UL, Banchi L, Berta M, Bunandar D, Colbeck R, Englund D, Gehring T, Lupo C, Ottaviani C et al.. Advances in quantum cryptography. Adv Opt Photonics. 2020;12(4):1012–236.
Dutta A, Pathak A. A short review on quantum identity authentication protocols: how would Bob know that he is talking with Alice? Quantum Inf Process. 2022;21(11):369.
Crépeau C, Salvail L. Quantum oblivious mutual identification. In: Advances in cryptology—EUROCRYPT’95: international conference on the theory and application of cryptographic techniques Saintmalo, France, May 21–25. Proceedings 14. vol. 1995. France: Springer; 1995. p. 133–46.
Sobota M, Kapczyński A, Banasik A. Application of quantum cryptography protocols in authentication process. In: Proceedings of the 6th IEEE international conference on intelligent data acquisition and advanced computing systems. vol. 2. New York: IEEE Press; 2011. p. 799–802.
Chen Z, Zhou K, Liao Q. Quantum identity authentication scheme of vehicular adhoc networks. Int J Theor Phys. 2019;58:40–57.
Huang Y, Xu G, Song X. An improved efficient identitybased quantum signature scheme. Quantum Inf Process. 2023;22(1):1–11.
Zawadzki P. Quantum identity authentication without entanglement. Quantum Inf Process. 2019;18(1):7.
GonzálezGuillén CE, González Vasco MI, Johnson F, Pérez del Pozo ÁL. An attack on Zawadzki’s quantum authentication scheme. Entropy. 2021;23(4):389.
Curty M, Santos DJ. Quantum authentication of classical messages. Phys Rev A. 2001;64(6):062309.
Abulkasim H, Hamad S, Khalifa A, El Bahnasy K. Quantum secret sharing with identity authentication based on bell states. Int J Quantum Inf. 2017;15(04):1750023.
He YF, Pang Y, Di M. Mutual authentication quantum key agreement protocol based on bell states. Quantum Inf Process. 2022;21(8):290.
Chang Y, Xu C, Zhang S, Yan L. Controlled quantum secure direct communication and authentication protocol based on fiveparticle cluster state and quantum onetime pad. Chin Sci Bull. 2014;59:2541–6.
Ma H, Huang P, Bao W, Zeng G. Continuousvariable quantum identity authentication based on quantum teleportation. Quantum Inf Process. 2016;15:2605–20.
Wen XJ, Zhao XQ, Gong LH, Zhou NR. A semiquantum authentication protocol for message and identity. Laser Phys Lett. 2019;16(7):075206.
Xu YP, Gao DZ, Liang XQ, Xu GB. Semiquantum voting protocol. Int J Theor Phys. 2022;61(3):78.
Li W, Shi R, Guo Y. Blind quantum signature with blind quantum computation. Int J Theor Phys. 2017;56:1108–15.
Gao W, Yang L, Zhang D, Liu X. Quantum identitybased encryption from the learning with errors problem. Cryptography. 2022;6(1):9.
Lou X, Wang S, Ren S, Zan H, Xu X. Quantum identity authentication scheme based on quantum walks on graphs with ibm quantum cloud platform. Int J Theor Phys. 2022;61(2):40.
Nasir RN, Shaari JS, Mancini S. Mutually unbiased unitary bases of operators on ddimensional Hilbert space. Int J Quantum Inf. 2020;18(01):1941026.
Knirk DL. Approach to the description of atoms using hyperspherical coordinates. J Chem Phys. 1974;60(1):66–80.
Tsai CW, Yang CW, Lin J, Chang YC, Chang RS. Quantum key distribution networks: challenges and future research issues in security. Appl Sci. 2021;11(9):3767.
Barnett SM, Croke S. Quantum state discrimination. Adv Opt Photonics. 2009;1(2):238–78.
Liu B, Gao Z, Xiao D, Huang W, Liu X, Xu B. Quantum identity authentication in the orthogonalstateencoding qkd system. Quantum Inf Process. 2019;18:1–16.
Holevo AS. Bounds for the quantity of information transmitted by a quantum communication channel. Probl Pereda Inf. 1973;9(3):3–11.
Brandt HE. Quantumcryptographic entangling probe. Phys Rev A. 2005;71(4):042312.
Cabello A. Quantum key distribution in the Holevo limit. Phys Rev Lett. 2000;85(26):5635.
Lin CY, Yang CW, Hwang T. Authenticated quantum dialogue based on bell states. Int J Theor Phys. 2015;54:780–6.
Zhang Z, Zeng G, Zhou N, Xiong J. Quantum identity authentication based on pingpong technique for photons. Phys Lett A. 2006;356(3):199–205.
Zhang S, Chen ZK, Shi RH, Liang FY. A novel quantum identity authentication based on bell states. Int J Theor Phys. 2020;59:236–49.
Jiang S, Zhou RG, Hu W. Semiquantum mutual identity authentication using bell states. Int J Theor Phys. 2021;60:3353–62.
Shen DS, Ma WP, Wang LL. Twoparty quantum key agreement with fourqubit cluster states. Quantum Inf Process. 2014;13:2313–24.
Zha X, Yuan C, Zhang Y. Generalized criterion for a maximally multiqubit entangled state. Laser Phys Lett. 2013;10(4):045201.
Hong C, Heo J, Jang JG, Kwon D. Quantum identity authentication with single photon. Quantum Inf Process. 2017;16:1–20.
Liu B, Gao Z, Xiao D, Huang W, Zhang Z, Xu B. Quantum identity authentication in the counterfactual quantum key distribution protocol. Entropy. 2019;21(5):518.
Yuan H, Liu YM, Pan GZ, Zhang G, Zhou J, Zhang ZJ. Quantum identity authentication based on pingpong technique without entanglements. Quantum Inf Process. 2014;13:2535–49.
Zhu H, Wang L, Zhang Y. An efficient quantum identity authentication key agreement protocol without entanglement. Quantum Inf Process. 2020;19:1–14.
Yang YG, Huang RC, Zhou YH, Shi WM, Xu GB, Li D. Multiparty blind quantum computation protocol with deterministic mutual identity authentication. Phys A, Stat Mech Appl. 2023;609:128396.
Qu Z, Liu X, Wu S. Quantum identity authentication protocol based on threephoton quantum error avoidance code in edge computing. Trans Emerg Telecommun Technol. 2022;33(6):3945.
Zhang X. Oneway quantum identity authentication based on public key. Chin Sci Bull. 2009;54(12):2018–21.
Yun WJ, Kim JP, Jung S, Park J, Bennis M, Kim J. Slimmable quantum federated learning. ArXiv preprint. arXiv:2207.10221 (2022).
Dutta A, Pathak A. Controlled secure direct quantum communication inspired scheme for quantum identity authentication. Quantum Inf Process. 2022;22(1):13.
Acknowledgements
We acknowledge the financial supports from the Natural Science Foundation of Fujian Province, China (Grant No. 2020J01812).
Funding
Not applicable. The study has no funding.
Author information
Authors and Affiliations
Contributions
Geng Chen and Yuqi Wang wrote the main manuscript text. All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Ethics approval and consent to participate
Not applicable. There are no relevant problems in our research.
Consent for publication
We agree to publish our paper by Springer Nature.
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Liya Jian, Yi Zhou and Shiming Liu contributed equally to this work.
Appendix: Symbol definition table
Appendix: Symbol definition table
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Chen, G., Wang, Y., Jian, L. et al. Quantum identity authentication based on the extension of quantum rotation. EPJ Quantum Technol. 10, 11 (2023). https://doi.org/10.1140/epjqt/s40507023001705
Received:
Accepted:
Published:
DOI: https://doi.org/10.1140/epjqt/s40507023001705