 Research
 Open access
 Published:
Multiparty quantum key distribution protocol in quantum network
EPJ Quantum Technology volume 11, Article number: 63 (2024)
Abstract
This study proposes a measurement property of graph states and applies it to design a mediated multiparty quantum key distribution (MMQKD) protocol for a repeaterbased quantum network in a restricted quantum environment. The protocol enables remote classical users, who cannot directly transmit qubits, to securely distribute a secret key with the assistance of potentially dishonest quantum repeaters. Classical users only require two quantum capabilities, while quantum repeaters handle entanglement transmission through singlephoton measurements. The oneway transmission approach eliminates the need for additional defenses against quantum Trojan horse attacks, reducing maintenance costs compared to roundtrip or circular transmission methods. As a result, the MMQKD protocol is lightweight and easy to implement. The study also evaluates the security of the protocol and demonstrates its practicality through quantum network simulations.
1 Introduction
Protecting transmitted messages on the internet against attacks is an important issue in the information era. Encryption/decryption is a solution for achieving this goal. However, the message sender and receiver must share a secret key to encrypt and decrypt the messages in advance. Sharing a secret key between a sender and receiver is critical in cryptography. In current classical cryptography, the key distribution protocol can be implemented using mathematical problems (e.g., prime factorization and discrete logarithms). Although the existing classical key distribution protocols are widely applied in various application scenarios, these protocols may be compromised when quantum computation matures. Therefore, quantum cryptography, which uses the properties of quantum mechanics to protect information against attacks, has been proposed as a cybersecurity solution in the era of quantum computers.
In 1984, Bennet and Brassard [1] proposed the first quantum cryptography protocol, the quantum key distribution (QKD) protocol, using the nocloning theorem of nonorthogonal single photons. Since then, numerous studies have been conducted on quantum cryptography. The unconditional security of BB84 protocol was proven in [2–4], and various QKD protocols [5–15] with different properties and quantum states have been designed. In addition to key distribution, quantum cryptography has been adopted for other applications. For example, the quantum secret sharing protocol (QSS) [16–19] enables a dealer to distribute confidential information among agents. Quantum secure direct communication [20–22] assists the sender and receiver in transmitting secret messages directly without preparing a private key, and quantum private computation [23–26] helps many participants to achieve a specific computation on their secret messages without disclosing any information about any participant.
Although the abovementioned quantum cryptography protocols can implement their goals securely, all participants in the protocol must be equipped with complete quantum capabilities. In terms of the current quantum technology, the implementation of some quantum devices or capabilities (e.g., storing qubits for a long time and transmitting qubits over a long distance without disturbance) remains expensive and difficult to maintain. Therefore, whether participants can use limited quantum capabilities to securely and efficiently achieve a quantum cryptography protocol is a critical research issue for popularizing quantum cryptography in Internet applications. To address this issue, Boyer et al. [27] proposed a practical quantum environment, specifically, the semiquantum environment, having two types of users: quantum and classical users. According to the definition of the semiquantum environment, quantum users have complete quantum capabilities, whereas classical users have limited quantum capabilities. Boyer et al. [27, 28] proposed the semiquantum key distribution (SQKD) protocol for the semiquantum environment. Subsequently, numerous research teams have adopted various quantum states, properties, or strategies to design SQKD protocols [29–33] and other semiquantum cryptography protocols for various applications (e.g., semiquantum secret sharing [34–36], semiquantum private computation [37–39], semiquantum directly secure communication [40–42]). Regarding the quantum capabilities classical users possess, the semiquantum environments can be classified into two types, including: (1) measureresend environment and (2) randomization environment. In the measureresend environment, classical users can only generate Zbasis \(\left \{ \left \vert 0 \right \rangle ,\ \mid 1\rangle \right \}\) qubits, perform Zbasis \(\left \{ \left \vert 0 \right \rangle ,\ \mid 1\rangle \right \}\) measurement, and reflect received particles without interference. In the randomization environment, classical users are allowed to perform Zbasis \(\left \{ \left \vert 0 \right \rangle ,\ \mid 1\rangle \right \}\) measurement on particles, reflect the received particles without interference, and also permute qubits using delay fibers. Although the abovementioned SQKD protocols enable a quantum user to share secret keys with another classical user, how to distribute secret keys among classical users is another interesting issue. To address this issue, Krawec [43] proposed a mediated framework that allows classical users to execute the protocols with the assistance of a quantum third party (TP). Some mediated semiquantum key distribution (MSQKD) protocols [44–46] have been designed based on the mediated framework.
In some applications (e.g., broadcasting), a user must share a broadcasting key with the partners. To achieve this task, Zhang et al. [47] proposed the first multiparty semiquantum key distribution (MSQKD) protocol that allows a quantum user to distribute a secret key with n classical users in a series network environment (shown in Fig. 1). Zhou et al. [48] used the property of the fourparticle cluster state to propose an MSQKD protocol to improve the efficiency of the protocol proposed by Zhang et al. Tian et al. [49] considered the qubit efficiency and adopted the hyperentangled Bell state (including spatial and polarization degrees of freedom) to design an MSQKD protocol. Additionally, Ye et al. [50] proposed a mediated multiparty semiquantum key distribution (MMSQKD) protocol that utilizes Bell states and circular transmission, enabling classical users to distribute secret keys among themselves. They demonstrated that the noise tolerance of the proposed protocol approaches that of the BB84 protocol even in the worstcase scenario, where TP is untrusted.
However, the abovementioned MSQKD protocols present two challenges as follows:

(1)
Cost overhead: classical users must be equipped with additional quantum devices/capabilities to defend against quantum Trojan horse attacks owing to the circular qubit transmission.

(2)
Restricted applicability: the protocols can only operate in a specific network environment, that is, the series network. Thus, these protocols cannot be used in the general network environment where the distance between the neighboring classical users may exceed the effective transmission range.
To address the first issue, Tsai et al. [51–53] proposed a new semiquantum environment known as a restricted quantum environment, which also includes two categories of participants: classical and quantum. Classical participants have only two quantum capabilities, (1) measuring qubits in the Zbasis \(\left \{ \left \vert 0 \right \rangle ,\ \mid 1\rangle \right \}\), and (2) performing singlequbit operations. In contrast, quantum users are equipped with full quantum capabilities. Tsai and Yang [51] proposed a mediate quantum key distribution protocol in a restricted quantum environment. Because of the use of oneway qubit transmission, the protocol is free from quantum Trojan horse attacks. Therefore, classical users are not equipped with any defense devices against quantum Trojan horse attacks. However, this protocol allows only two classical users to distribute the secret keys and does not consider the multiparty key distribution situation and the general network application environment.
For the unresolved problem mentioned above, once classical users securely share entangled states, they can execute quantum communication protocols using these entangled states. Therefore, distributing multiparticle entanglement states among classical users within a quantum network is a crucial focus of this study. To address this issue, this paper introduces a measurement characteristic of quantum graph states [54] to distribute GHZlike states among classical users within a general repeaterbased quantum network. These entangled states are then used to design the first mediated multiparty quantum key distribution (MMQKD) protocol in a restricted quantum environment. In the MMQKD protocol, a classical user, Alice, can distribute secret keys among n remote classical users (Alice and these users cannot transmit the qubits to each other directly) in a general network environment (shown in Fig. 2) with the help of dishonest quantum repeaters in the quantum network. Unlike common repeaterbased quantum networks that utilize entanglement swapping [55–57] —which requires performing a Bell measurement or a combination of CNOT operation, Hadamard operation, and two singlephoton measurements to transmit entanglement—the repeaters in our approach transfer the entanglement use only a singlephoton measurement. In addition, the proposed MMQKD protocol is free from quantum Trojan horse attacks and reduces the transmission cost of qubits owing to oneway qubit transmission. Therefore, the proposed MMQKD method is lightweight and easy to implement. Finally, a security evaluation is conducted to demonstrate that the proposed MMQKD protocol is free from collective and quantum Trojan horse attacks, and then the experiments conducted with the quantum network simulator were carried out to illustrate the viability of the proposed MMQKD protocol.
The remainder of this paper is organized as follows: Sect. 2 reviews the current research on quantum graph state. Sect. 3 addresses the character of the graph state with a 1D+star type, which is used to propose our protocol. The processes of the proposed MMQKD protocol are described in Sect. 4. Security analyses and simulation results of the proposed protocol are described in Sect. 5. Finally, Sect. 6 outlines the concluding remarks and recommendations for further investigation.
2 Properties of graph state
This section first describes the general formula of the graph state. Then, the properties of the graph state, including the local complementation and measurement properties in the Z, Y, and Xbases, are described.
2.1 Graph state
A common quantum graph state can be expressed as \(G= \left ( V,\ E \right )\) (Eq. (1)), in which V (vertices) and E (edges) denote a set of qubits and entanglement relationships, respectively.
where \(\left \vert + \right \rangle = \frac{1}{\sqrt{2}} \left ( \left \vert 0 \right \rangle +\mid 1\rangle \right )\) and \(CZ^{\left \{ a,b \right \}}\) means executing a CZ operation (Eq. (2)) on the qubit pairs \(\left ( a,b \right )\).
It merits attention that the 2qubit 1D graph state, \(\left \vert D \right \rangle _{12} = \frac{1}{\sqrt{2}} \left ( \left \vert 0+ \right \rangle + \left \vert 1 \right \rangle \right )_{12}\), and the star graph state with n qubits \(\left \vert S \right \rangle _{12\dots n} = \frac{1}{\sqrt{2}} \left ( \left \vert 0+\cdots + \right \rangle + \left \vert 1\cdots  \right \rangle \right )_{12\dots n}\) (Fig. 3) can be transformed into Bell and GHZ states by using Local Operation and Classical Communication (LOCC). In other words, if the Hadamard operation H (Eq. (3)) is performed on the 2nd qubit (2nd to n^{th} qubits) of the 1D (star) graph state, the quantum system undergoes a transformation into the Bell (GHZ) state.
The other common properties of the graph states are introduced below.
2.2 Local complementation
A series of specific unitary operations can be implemented to achieve local complementation of a graph state. To perform local complementation (denoted as \(LC_{i} \left ( G \right )\)) on a graph state G with the ith qubit as the center vertex, we apply rotation operations \(R_{x} \left ( \frac{\pi}{2} \right )\) to the ith qubit and \(R_{z} \left ( \frac{\pi}{2} \right )\) to the qubits neighboring with the ith qubit. These rotation operations, defined by Eqs. (4) and (5) respectively, ensure the desired transformation.
2.3 Measurement in Zbasis
The measurement outcome of the ith qubit of a graph state in the Zbasis \(\left \{ \left \vert 0 \right \rangle ,\ \mid 1\rangle \right \}\) yields the following expression for the quantum system:
where \(U_{0}^{i} = I^{N_{i}}\), \(U_{1}^{i} = \sigma _{z}^{N_{i}}\), and \(\left \vert Gi \right \rangle \) denote the quantum system without the ith qubit and its associated entanglement relationships. \(I^{N_{i}}\) and \(\sigma _{z}^{N_{i}}\) mean performing the identity operation I and \(\sigma _{z}\) (Eq. (7)) on the neighboring qubits of the ith qubit.
From examining Eq. (6), it becomes clear that to measure the ith qubit of a graph state in the Zbasis, one must eliminate the ith qubit along with its entangled connections, and then carry out the necessary operation on its adjacent qubits, dependent on the outcome of the measurement. The measurement property of the Zbasis is also illustrated by a simple graph, as shown in Fig. 4. Specifically, if the 2nd qubit is measured in the Zbasis, its entanglements will be eliminated.
2.4 Measurement in Ybasis
If performing Ybasis \(\left \{ \left \vert +y \right \rangle = \frac{1}{\sqrt{2}} \left ( \left \vert 0 \right \rangle +i\mid 1\rangle \right ), \left \vert y \right \rangle = \frac{1}{\sqrt{2}} \left ( \left \vert 0 \right \rangle i\mid 1\rangle \right ) \right \} \) measurement on the ith qubit of a graph state, the quantum system can be represented as Eq. (8).
where \(U_{+y}^{i} = R_{z} \left ( \frac{\pi}{2} \right )^{N_{i}}\), \(U_{y}^{i} = R_{z} \left ( \frac{\pi}{2} \right )^{N_{i}}\), and \(LC_{i} \left ( G \right )\) denote the execution of the local complementation on the ith qubit, and \(\left \vert LC_{i} \left ( G \right ) i \right \rangle \) denotes \(LC_{i} \left ( G \right ) \) without the ith qubit and its associated entanglement relationships. \(R_{z} \left ( \frac{\pm \pi}{2} \right )^{N_{i}}\) means performing the rotation operation \(R_{z} \left ( \frac{\pm \pi}{2} \right )\) (Eq. (9)) on the qubits neighboring with the ith qubit.
Based on Eq. (8), it is evident that measuring the ith qubit in the Ybasis entails performing \(LC_{i} \left ( G \right )\). This involves canceling the ith qubit along with its associated entanglement. Subsequently, a rotation operation \(R_{z}\) is performed on the neighboring qubits of the ith qubit, with the degree of rotation determined by the measurement outcome The measurement property of the Ybasis is further explained by a simple graph, as depicted in Fig. 5. Specifically, measuring the 2nd qubit in the Ybasis is equivalent to applying \(LC_{2} \left ( G \right )\), followed by measuring the 2nd qubit in the Zbasis.
2.5 Measurement in Xbasis
When performing Xbasis \(\left \{ \left \vert + \right \rangle = \frac{1}{\sqrt{2}} \left ( \left \vert 0 \right \rangle + \left \vert 1 \right \rangle \right ), \left \vert  \right \rangle = \frac{1}{\sqrt{2}} \left ( \left \vert 0 \right \rangle  \left \vert 1 \right \rangle \right ) \right \}\) measurement on the ith qubit of a graph state, the operations required are more intricate compared to measurements in Z or Ybases. To represent the resulting quantum system, we must designate an arbitrary neighboring qubit of the ith qubit (referred to as the jth qubit) as the auxiliary qubit, as follows:
where \(U_{+}^{i} = R_{y} \left ( \frac{\pi}{2} \right )^{j} \sigma _{z}^{N_{i}  \left ( N_{j} \cup j \right )}\), \(U_{}^{i} = R_{y} \left ( \frac{\pi}{2} \right )^{j} \sigma _{z}^{N_{j}  \left ( N_{i} \cup i \right )}\), and \(N_{i}  \left ( N_{j} \cup j \right )\) (\(N_{j}  \left ( N_{i} \cup i \right )\)) denotes the difference set of \(N_{i}\) (\(N_{j}\)) and \(N_{j} \cup j\) (\(N_{i} \cup i\)). Here, \(R_{y} \left ( \frac{\pm \pi}{2} \right )^{j}\) means performing the rotation operation \(R_{y} \left ( \frac{\pm \pi}{2} \right )\) (Eq. (11)) on the assistant qubit, that is, the jth qubit; \(\sigma _{z}^{N_{i}  \left ( N_{j} \cup j \right )}\) and \(\sigma _{z}^{N_{j}  \left ( N_{i} \cup i \right )}\) indicate that \(\sigma _{z}\) is performed on the qubit in the sets \(N_{i}  \left ( N_{j} \cup j \right )\) and \(N_{j}  \left ( N_{i} \cup i \right )\), respectively.
By examining Eq. (10), we can conclude that performing Xbasis measurement on the ith qubit and designating the jth qubit as the auxiliary qubit is tantamount to conducting local complementation on the jth qubit, subsequently performing Ybasis measurement on the ith qubit, and ultimately performing local complementation on the jth qubit once more. The measurement property of the Xbasis is further represented by a simple graph, as depicted in Fig. 6. Specifically, measuring the 2nd qubit in Xbasis and selecting the 1st qubit as the assistant qubit is equivalent to applying \(LC_{1} \left ( G \right )\), then measuring 2nd qubit in Ybasis, and applying \(LC_{1} \left ( G \right )\) again.
3 Proposed measurement property of 1D+star graph state
This section expresses a 1D + Star graph state and proposes the measurement characteristic of this graph state. The 1D+Star graph state is composed of a 1D graph and a star graph state. Fig. 7 shows a 1D+star graph state with n qubits, in which the 1st to \(\left ( k1 \right )\)th qubits belong to the 1D graph state, and the kth to nth qubits belong to the star graph state. In this study, the graph state’s properties were used to extend an innovative character to a 1D+star graph state in the Xbasis measurement. If we perform Xbasis \(\left \{ \left \vert + \right \rangle ,\mid \rangle \right \}\) measurement on the 2nd to the kth qubits and always take the 1st qubit as the assistant qubit, the remaining quantum system will be a graph state with a star type after performing the corresponding operation \(U^{R}\). The remaining quantum state system is expressed as
where \(U^{R} = R_{y}^{1} \left ( \theta \right ) \otimes U_{v}^{N_{1}}\), \(R_{y}^{1} \left ( \theta \right )\) means performing \(R_{y} \left ( \theta \right )\) on the 1st qubit, and \(U_{v}^{N_{1}}\) means performing \(U_{v}\) on the neighbors of the 1st qubit (i.e., the (\(k+1\))th to nth qubits). Here, \(\theta = \sum _{i=2}^{k} \left ( \left ( 1 \right )^{MR_{i} \oplus _{j=2}^{i1} \overline{MR_{j}}} \frac{\pi}{2} \right )\), \(v = \oplus_{j=2}^{i1} \overline{MR_{j}}\), \(U_{0} = I\), and \(U_{1} = \sigma _{Z}\), where \(MR_{j}\) means the result of the jth qubit obtaining from measurement, and \(\overline{MR_{j}}\) denotes the complement number of \(MR_{j}\). In this study, the measurement results \(\mid +\rangle \) and \(\mid \rangle \) were encoded as the classical bits 0 and 1, respectively.
Furthermore, the operation \(R_{y} \left ( \theta \right )\) was analyzed in this study. The global phase is the only difference between \(R_{y} \left ( \theta \right )\) and \(R_{y} \left ( \theta +2x\pi \right )\), where \(x\in Z\). Because the measurement results are not influenced by the global phase, \(R_{y} \left ( \theta \right )\) is equivalent to \(R_{y} \left ( \theta +2x\pi \right )\). Based on the above reasoning, Eqs. (13) and (14) were used to express θ and \(R_{y} \left ( \theta \right )\), respectively.
where \(x\in Z\) and \(r\in \left \{ 0, \frac{1}{2} \pi , \pi , \frac{3}{2} \pi \ \right \}\).
where \(t= \frac{2r}{\pi} \), \(R_{0} =I= \left [ \begin{array}{c@{\quad}c} 1 & 0\\ 0 & 1 \end{array} \right ]\), \(R_{1} = H\sigma _{z} = \frac{1}{\sqrt{2}} \left [ \begin{array}{c@{\quad}c} 1 & 1\\ 1 & 1 \end{array} \right ]\), \(R_{2} = i\sigma _{y} = \left [ \begin{array}{c@{\quad}c} 0 & 1\\ 1 & 0 \end{array} \right ]\), and \(R_{3} = \sigma _{z} H= \frac{1}{\sqrt{2}} \left [ \begin{array}{c@{\quad}c} 1 & 1\\ 1 & 1 \end{array} \right ]\). From Eqs. (12) and (14), it is obvious that the accomplishment of \(U^{R}\) needs only the two Pauli operations (i.e., \(\sigma _{z}\) and \(i\sigma _{y}\)) and H operation. Notice that \(i\sigma _{y}\) can be expressed using H and \(\sigma _{z}\), i.e., \(i\sigma _{y} = \sigma _{z} H \sigma _{z} H\). Thus, only two operations (H and \(\sigma _{z}\).) are needed to transform a 1D+star graph state into a star graph state after performing the Xbasis measurement.
We illustrate the proposed property using a 5qubit 1D+star graph state as an example, as depicted in Fig. 8 and Eq. (15). Initially, we perform the Xbasis \(\left \{ \left \vert + \right \rangle ,\mid \rangle \right \}\) measurement on the 2nd qubit, with the 1st qubit selected as the auxiliary qubit. This measurement operation is equivalent to executing local complementation on the 1st qubit (\(LC_{1}\)), followed by performing the Ybasis \(\left \{ \left \vert +i \right \rangle , \left \vert i \right \rangle \right \}\) measurement on the 2nd qubit (\(M_{z}^{2}\)), and ultimately conducting local complementation on the 1st qubit again. Because Ybasis measurement is also equivalent to executing the local complementation on the qubit and then measuring the qubit in Zbasis \(\left \{ \left \vert 0 \right \rangle ,\mid 1\rangle \right \}\), the foregoing processes can be expressed as \(LC_{1} \ \longrightarrow LC_{2} \longrightarrow M_{z}^{2} \longrightarrow LC_{1}\) (also shown in Phase 1 of Fig. 8). After performing the Xbasis \(\left \{ \left \vert + \right \rangle ,\mid \rangle \right \} \) measurement on the 2nd qubit, the original qubit state undergoes a reduction to a 1D+star graph state with 4 qubits. Subsequently, we measure the 3rd qubit in the Xbasis \(\left \{ \left \vert + \right \rangle ,\mid \rangle \right \}\). In other words, the operation sequence \(LC_{1} \ \longrightarrow LC_{3} \longrightarrow M_{z}^{3} \longrightarrow LC_{1}\) is applied to the 4qubit quantum state, as illustrated in Phase 2 of Fig. 8. Following this operation, the state of the remaining quantum system is transformed into a 3qubit graph state with a star type after the remaining qubits are executed by the inverse operation \(U^{Rec} = R_{y}^{1} \left ( \theta \right ) \otimes U_{v}^{N_{1}}\). The operations corresponding to the proposed properties and Eq. (16) are listed in Table 1. Assume the measurement results of the 2nd and 3rd qubits are \(\mid +\rangle \); the corresponding operations for the 1st, 4th, and 5th qubits are \(i\sigma _{y}\), \(\sigma _{Z}\), and \(\sigma _{Z}\), respectively. After executing these operations, the resulting quantum system will be a star graph state \(\mid S\rangle _{145} = \frac{1}{\sqrt{2}} \left ( \left \vert 0++ \right \rangle + \left \vert 1 \right \rangle \right )_{145}\). Because the star graph state can be transformed to the GHZ state by LOCC, it can be transferred to a GHZlike state (i.e., \(\mid \Psi \rangle = \frac{1}{\sqrt{2}} \left ( \left \vert +++ \right \rangle + \left \vert  \right \rangle \right ) = \frac{1}{2} \left ( \left \vert 000 \right \rangle + \left \vert 011 \right \rangle + \left \vert 101 \right \rangle + \left \vert 110 \right \rangle \right )\)) after performing the H operation on the 1st qubit.
4 Proposed MMQKD protocol
This section first describes the execution environment and then introduces the MMQKD protocol within this quantum environment.
4.1 Description of execution environment
Assume that a classical user Alice wants to distribute a secret key to n remote classical users Bob_{1}–Bob_{n}. Classical users cannot transmit qubits directly owing to the limitation on the transmission distance; therefore, they require the help of a repeaterbased quantum network to achieve key distribution. Here, a grid repeaterbased quantum network is used for the application environment, as shown in Fig. 9. In the application environment, the classical users (i.e., Alice, Bob_{1}, Bob_{2}, …, Bob_{n}) have limited quantum capabilities, namely, (1) Zbasis measurement and (2) singlequbit operations. A quantum repeater in a quantum network is a quantum user with all quantum capabilities. Moreover, quantum repeaters perform only singlephoton measurements rather than the entanglement swapping to transfer the entanglement in the proposed protocol. In order to align a realistic scenario, quantum repeaters are assumed to be dishonest, meaning they are malicious entities capable of carrying out various attacks. This includes collusion with other dishonest repeaters to pilfer information regarding the participants’ secret keys.
However, none of the participants conspires with any malicious repeater. In addition, this study assumed that each classical user is connected with at least one quantum repeater through a oneway quantum channel (from the repeater to the classical user), and authenticated classical channels exist between the classical users, and the messages transmitted through the authenticated channels can be eavesdropped but cannot be modified.
This study focused on the design of a quantum cryptography protocol and did not consider network routing issues. Therefore, this study assumed that quantum repeaters can determine an optimal routing path and establish the 1D+star graph state among Alice and other protocol participants, where the repeaters can use the routing algorithm of the quantum network [58, 59] to determine the optimal path and then use the intuitive relay method, graph state distribution [60, 61], or other methods to establish the 1D+star graph state. A small grid network with nine quantum repeaters and three protocol participants (Fig. 10) was used as an example to prove the feasibility of establishing 1D+star graph states. In this example, a classical user Alice wants to distribute a secret key to two classical users Bob_{1} and Bob_{2}. Assume that {R_{3}, R_{6}, R_{9}, R_{8}, R_{7}} is chosen as the routing path, and the quantum repeaters in this routing path assist the three participants in establishing the 1D+star graph states used to achieve the goal of key distribution.
R_{3} generates a graph state with 3 qubits \(\mid G\rangle _{A12}\). It keeps the first two qubits (labeled as A and 1) and sends the final qubit (labeled as 2) to R_{6}. R_{6} generates a qubit in \(\mid +\rangle \) (labeled as 3) and then performs a controlZ operation on Nos. 2 and 3 qubits, where No. 2 is the control bit and the other is the target bit. Then, R_{6} sends qubit No. 3 to R_{9}. Finally, R_{7}, R_{8}, and R_{9} use similar methods to establish the graph state (shown in Fig. 11(a)). Subsequently, R_{7} and R_{8} measure qubits 5 and 4 in Ybasis. The entanglement relations of the remaining qubits are shown in Fig. 11(b) and (c), respectively. R_{3}, R_{7}, and R_{9} send qubit Nos. A, B_{1}, and B_{2} to Alice, Bob_{1}, and Bob_{2}, respectively (Fig. 11(d)). Thus, a 1D+star graph state is established among the repeaters and protocol participants.
4.2 Proposed protocol
Let’s imagine a scenario where a classical user named Alice needs to share a secret key among several classical users, named Bob_{1}, Bob_{2} through to Bob_{n}, utilizing quantum repeaters within a quantum network. The suggested method unfolds as follows:
 Step 1.:

An optimal routing path is determined for the key distribution task. We assume that k quantum repeaters exist along the routing path. These quantum repeaters use a graph state distribution or other methods to establish the 1D+star graph state among the protocol participants and quantum repeaters. After distributing the graph state, a repeater \(R_{j}\) measures the qubit in hand in Xbasis \(\left \{ \left \vert + \right \rangle ,\mid \rangle \right \}\) and announces the measurement result \(MR_{j}\) to the protocol participants, where \(j\in \left \{ 1,2,\dots ,k \right \}\).
 Step 2.:

When receiving the qubits, Alice and the other participants perform the corresponding operations to transfer the quantum state to the GHZlike state based on the measurement results announced by the quantum repeaters; thus, Alice and the other participants perform \(H\boldsymbol{\cdot} R_{y} \left ( \theta \right )\) and \(U_{v}\) on their qubits, respectively (the details have been explained in Sect. 22). After performing these operations, the quantum system shared between Alice and the other participants becomes a GHZlike state (Eq. (17)). Alice and each participant then choose the Share or Check mode randomly. The operations of these two modes are listed in Table 2. Alice and the other participants Bob_{1}, Bob_{2}, …, Bob_{n} store the measurement results \(mr_{A}^{i}\), \(mr_{B_{1}}^{i}\), \(mr_{B_{2}}^{i}\), …, \(mr_{B_{n}}^{i}\), respectively. Here, the measurement results \(\mid 0\rangle \) (\(\mid 1\rangle \)) is encoded as the classical bits 0 (1).
$$\begin{aligned} \left \vert \Psi \right \rangle _{\mathrm{A}, B_{1},\dots , B_{n}} = \frac{1}{\sqrt{2}} \left ( \left \vert ++\cdots + \right \rangle + \left \vert \cdots  \right \rangle \right )_{\mathrm{A}, B_{1},\dots , B_{n}} \end{aligned}$$(17)
Steps 1 and 2 are iteratively performed multiple times until Alice and the participants accumulate enough measurement outcomes to successfully detect any potential eavesdropping and to distribute the key effectively.
 Step 3.:

Alice and the other participants disclose their chosen modes from Step 2 over an authenticated classical channel. During each iteration, if Alice and the participants pick the Share mode (or Check mode), they utilize their measurement outcomes as raw key bits (check bits), denoted as \(rk_{A}^{i}, rk_{B_{1}}^{i},\dots , rk_{B_{n}}^{i}(cb_{A}^{i}, cb_{B_{1}}^{i},\dots , cb_{B_{n}}^{i})\); otherwise, they discard the measurement results.
 Step 4.:

To determine if an attack has been initiated by malicious outsiders or repeaters, Alice selects l bits at random from the raw key bits, employing all the check bits as discussion bits for disclosure. She then announces the locations of these discussion bits and requests all participants to reveal their bits at these specified positions through an authenticated classical channel. If a discussion bit belongs to the raw key bits, Alice verifies whether the bit announced by all participants are the same as her bit (i.e., \(rk_{A}^{i} = rk_{B_{1}}^{i} =\cdots = rk_{B_{n}}^{i}\)); otherwise, she verifies whether \(\oplus_{j=1}^{n} cb_{B_{j}}^{i} \oplus cb_{A}^{i} =0\), where \(\oplus_{j=1}^{n} cb_{B_{j}}^{i}\) means \(cb_{B_{1}}^{i} \oplus cb_{B_{2}}^{i} \oplus \dots \oplus cb_{B_{n}}^{i}\). From the public discussion, Alice calculates the error rate. Should the error rate exceed the preestablished noise threshold ε (set by default to the quantum channel’s inherent noise rate), the participants involved in the protocol will terminate the current session and initiate the protocol anew. If the error rate remains below this threshold, they proceed with the subsequent stages of the suggested protocol.
 Step 5.:

The remaining raw keys, i.e., \(RK_{A} = \left \{ rk_{A}^{1}, rk_{A}^{2},\dots , rk_{A}^{m} \right \}\), \(RK_{B_{1}} = \big \{ rk_{B_{1}}^{1}, rk_{B_{1}}^{2},\dots , rk_{B_{1}}^{m} \big \}\), …, and \(RK_{B_{n}} = \left \{ rk_{B_{n}}^{1}, rk_{B_{n}}^{2},\dots , rk_{B_{n}}^{m} \right \}\), are used to share the secret key by Alice and the other participants. Alice uses the error rate obtained from the previous step to perform postprocessing procedures [62] (including error correction and privacy amplification) along with the other participants to obtain the final secret key.
5 Security analysis, simulation, and comparison
In this section, security analyses are presented to prove that the proposed MMQKD protocol is robust under a collective attack situation and immune to quantum Trojan horse attacks. The findings from simulations are analyzed to demonstrate that the proposed protocol is practical and effective for a quantum network incorporating n quantum repeaters. Finally, a comparison is provided to demonstrate that the proposed protocol is more practical than existing MSQKD protocols designed only for a series quantum network.
5.1 Security analysis
This subsection details the security assessments conducted to establish the robustness of the proposed MMQKD protocol against various attack strategies in quantum communications. These strategies include individual, collective, and coherent attacks. Among these, an individual attack has the greatest limitations on the attacker, rendering it the least powerful. In contrast, a coherent attack offers an attacker more freedom, making it potentially more dangerous. However, no research has highlighted the increased benefits that an attacker gains from using a coherent attack as opposed to a collective attack. This study delves into the collective and quantum Trojan horse attacks and validates the robustness of the proposed protocol against these threats through security analyses.
5.1.1 Collective attack
Within the framework of quantum networks utilizing repeaters, these repeaters hold a crucial advantage over potential internal or external adversaries because they control essential operations such as quantum state creation and transmission. This study showcases the robustness of the proposed protocol against this attack from repeaters, where “robustness” is defined according to the framework established by Boyer et al. [27, 28]. This definition implies that legitimate participants can detect all forms of attacks via a security verification process with a probability greater than zero of identifying such attacks. In addition, because the neighboring repeaters of Alice and the other participants have the greatest advantage in attacking the proposed protocol (e.g., R_{3} and R_{9} in Fig. 8), this study assumes that these repeaters will conspire with each other to steal the secret keys.
Theorem 1
Suppose a scenario where malicious repeaters launch a collective attack on the qubits sent to Alice and the other participants. To execute this attack, these nefarious repeaters deviate from the prescribed steps of the proposed protocol, specifically, bypassing the established procedures for generating the 1D+star graph states. In their attack strategy, these malicious repeaters distribute the GHZlike states (as described in Eq. (17)) through the application of a unitary operation denoted as \(U_{e}\) to embed a probe \(\mid E\rangle \) within the GHZlike state. Then, repeaters can potentially extract secret key information by measuring the ancillary qubits. It is important to recognize that \(U_{e}\) must comply with the fundamental principles of quantum mechanics. However, in the scenario of a collective attack, no unitary operation that allows malicious repeaters to covertly acquire knowledge about the secret keys exists. This means that participants always have a chance to be aware of any attempts by malicious repeaters to compromise security.
Proof
An attack operation, \(U_{e}\), is applied by the malicious repeater to insert the probe \(\mid \left . E \right \rangle \) into the GHZlike state. The malicious repeater keeps the probe in its memory, and it sends the 1st qubit of the GHZlike state to Alice and the other qubits to the other participants to allow the protocol participant to execute the proposed MMQKD protocol. Based on the principles of quantum mechanics, once the unitary operation \(U_{e}\) is applied, the state of the quantum system transforms according to the equation that follows:
where \(j_{\left ( 2 \right )}\) denotes the binary format of j, \(\sum _{j=0}^{2^{n} 1} \left \vert a_{j} \right \vert ^{2} =1\). For all j belonging to the set \(\{0,1,\dots , 2^{n} 1 \}\), \(\left . \mid e_{j} \right \rangle \) can be differentiated by the malicious repeater, as the states \(\left . \mid e_{x} \right \rangle \) and \(\left . \mid e_{y} \right \rangle \) are orthogonal to each other when \(x\neq y\). To successfully pass through the discussion phase in Step 4 of the proposed MMQKD protocol, the malicious repeater is required to modify \(U_{e}\). This adjustment ensures that the quantum state, as depicted in Eq. (18), aligns with the dual measurement characteristics inherent to the GHZlike state:(1) the outcome of executing XOR operations on all measurement results should be 0 when the designated discussion bit is chosen from the verification bits, and (2) all participants have identical measurement results when the discussion bit is selected from the raw key bits.
Therefore, for the 1st measurement property, the malicious repeater adjusts \(U_{e}\) to ensure that the following equation holds:
where \(wt \left ( j \right )\) denotes the Hamming weight of j.
Next, considering the 2nd measurement property, because the protocol participants perform H operations on their qubits, the state shown in Eq. (18) can be modified as follows:
where \(k_{\left ( 2 \right )}\) denotes the binary format of k and & denotes the bitwise AND operation. To pass the public discussion on the 2nd measurement property, the malicious repeater must set \(\sum _{j=0}^{2^{n1}} \left ( 1 \right )^{wt \left ( j \& k_{\left ( 2 \right )} \right )} a_{j} \left \vert e_{j} \right \rangle = \overrightarrow{0}\) if \(0< k< 2^{n1} \). Therefore, the states expressed in Eq. (20) are transformed into the following equation.
To pass the public discussion on the 1st and 2nd measurement properties, the malicious repeater must let \(U_{e}\) conform to Eqs. (19) and (21), respectively. From the base property of the bitwise AND operation, we can infer that \(wt \left ( j_{\left ( 2 \right )} \& 0_{\left ( 2 \right )} \right ) =0\) and \(wt \left ( j_{\left ( 2 \right )} \& 2^{n1}_{\left ( 2 \right )} \right ) =wt \left ( j_{\left ( 2 \right )} \right )\). Then, \(wt \left ( j_{\left ( 2 \right )} \right )\) must be even depending on the setting of Eq. (19). Therefore, the states in Eq. (21) can be expressed as follows:
If we remove the effect of \(H^{\otimes n}\) in Eq. (22), the following equation is obtained.
Therefore, to pass the participants’ public discussions, a malicious repeater must adjust \(U_{e}\) to conform to Eq. (23). It is evident that Eq. (23) represents the product state of the GHZlike and ancillary qubits. Consequently, a malicious repeater cannot infer the secret key bit of any participant. If the malicious repeater attempts to extract the information about the secret keys, Alice and the other participants have a probability, above zero, of identifying the attacker’s actions. Therefore, the proposed MMQKD protocol has robustness under collective attacks. □
5.1.2 Collusion attack
To demonstrate that the proposed MMQKD protocol is robust against various attacks, this study examines a worstcase scenario: a collusion attack, discussed in this section. In this attack scenario, we assume that all quantum repeaters are malicious and collaborate to steal information about the participants’ secret keys. Since all the repeaters are acting maliciously, we can treat them as a single attacker, referred to as Eve, who assists the protocol participants in distributing a GHZlike state. Eve does not follow the processes of the proposed protocol to distribute GHZlike states. Instead, she attempts to obtain the participants’ measurement results by distributing alternative quantum states. To achieve this, she can distribute two types of states: (1) GHZlike states with probes and (2) product states.
If Eve distributes GHZlike states embedded with probes to all participants and attempts to measure these probes to extract the participants’ measurement results, her attack will inevitably be detected. This is because her strategy is the same as the collective attack, which participants can detect. When Eve tries to steal the participants’ measurement results by using the product state, she needs to generate specific product states which can pass the check of Step 4 in the proposed MMQKD protocol. For the check of Share mode, she can generate \(\mid +\rangle ^{\otimes n+1}\) or \(\mid \rangle ^{\otimes n+1}\). Alternatively, for the Check mode, she can generate \(\otimes_{i=1}^{n+1} \mid v_{i} \rangle \) in Zbasis, where \(\oplus_{i=1}^{n+1} v_{i} =0\) and \(v_{i} \in \left \{ 0,1 \right \}\).
Since the participants randomly chose between Share and Check modes, Eve cannot determine which mode was selected in any session. If she distributes \(\otimes_{i=1}^{n+1} \left \vert v_{i} \right \rangle \) to the participants, and all of them choose the Sharing mode during a session, her attack behavior can go undetected with a probability of \(\left ( \frac{3}{4} \right )^{n}\). That is because each participant’s measurement result must match Alice’s, and the probability of Bob_{i}’s measurement result matching Alice’s is \(\frac{3}{4}\), where \(i= \left \{ 1,2,\dots ,n \right \}\). Therefore, the probability that Eve’s attack remains undetected in a single check session is \(\left ( \frac{3}{4} \right )^{n}\). Since the participants use l raw key bits for checking, the overall probability that Eve’s attack goes undetected over the entire check session of is \(\left ( \frac{3}{4} \right )^{ln}\). On the other hand, she distributes either \(\mid +\rangle ^{\otimes n+1}\) or \(\mid \rangle ^{\otimes n+1}\) to the participants, and all of them choose the Check mode during a session. If the XOR result of all Bob_{i}’s measurement results (i.e., \(\oplus_{j=1}^{n} cb_{B_{j}}^{i}\)) is equal to Alice’s measurement result (i.e., \(cb_{A}^{i}\)), the participants will not detect Eve’s attack behavior. Because the probability that the measurement result of each Bob_{i} and Alice being 0 or 1 is \(\frac{1}{2}\), the probability of \(\oplus_{j=1}^{n} cb_{B_{j}}^{i} = cb_{A}^{i}\) is \(\frac{1}{2}\). Assume there are k check bits consumed by each participant, the overall probability that Eve’s attack goes undetected over the entire check session of is \(\left ( \frac{1}{2} \right )^{k}\).
Because the participants choose Sharing or Check mode with the payability of \(\frac{1}{2}\), the final probability of detecting Eve’s attack is \(1  \frac{1}{2} \left ( \left ( \frac{3}{4} \right )^{ln} + \left ( \frac{1}{2} \right )^{k} \right )\). To clearly illustrate the analysis results of the collusion attack, Fig. 12 presents the detection rates under various values of l and k with three participants fixed (i.e., \(n=3\)). According to the detection rate analysis, there is an approximate 100% probability that the participants can detect Eve’s attack when l and k are greater than a certain value (e.g. \(l\geq 5\) and \(k\geq 10\) or \(l\geq 6\) and \(k\geq 8\)). This demonstrates that the proposed MMQKD protocol remains robust against collusion attacks.
5.1.3 Trojan horse attack
Quantum Trojan horse assaults, as referenced in [63, 64], represent a category of attacks contingent upon specific implementations, whereby an attacker employs strategies like using undetectable or deferred photons to stealthily acquire confidential information from participants unnoticed. Because the attacker can only extract the information regarding participant operations when retrieving Trojan horse photons, these attacks are most effective during twoway or circular quantum transmissions. In contrast, oneway quantum communication, in which the qubits are not returned, prevents attackers from retrieving the secret information because they cannot reclaim the attack qubits.
While protocols that utilize twoway or circular quantum communication methods can address these attacks by incorporating extra quantum devices or strategies, like the use of the specific technique addressed by Boyer et al. [65], the proposed MMQKD protocol inherently counters quantum Trojan horse attacks through its adoption of oneway communication. This oneway method not only circumvents the complexities associated with such attacks but also facilitates a reduced transmission distance for qubits compared to those required in twoway or circular communication schemes. Consequently, this leads to lower qubit transmission costs relative to the expenses associated with protocols that depend on circular quantum communication.
5.2 Comparison and simulation
To illustrate the practical superiority of the proposed MMQKD protocol over the existing MSQKD [47–50] protocol in a general quantum network environment, this study compared the types of quantum resources, quantum capability of the protocol participants, quantum communication methods, limitation on transmission distance, additional devices/mechanisms for Trojan horse attacks, and application network of these protocols. A comparison of the results is shown in Table 3.
Although the proposed protocol adopts a graph state for the design, the main cost of generating and distributing the graph state is borne by the quantum repeaters with sufficient quantum capabilities and resources. In addition, with the assistance of quantum repeaters, the proposed protocol can overcome the limitations of quantum communication distance and allow the participants to achieve the goal of key distribution in a general quantum network. Notably, Zhang et al.’s protocol [47] is more practical in terms of implementation compared to protocols using entanglement states (i.e., ours and other MSQKD protocols), as it only requires single photons in two complementary bases. Therefore, designing an MSQKD protocol that uses single photons within a general network environment remains an unresolved challenge. In terms of quantum capabilities, the proposed protocol is more lightweight than existing protocols since classical users only need two quantum capabilities instead of the three required in other protocols. While other MSQKD protocols with circular communication can incorporate additional devices or mechanisms to resist quantum Trojan horse attacks, the proposed protocol is inherently immune to such attacks. Additionally, although our protocol does not impose any limitations on transmission distance, it does require an additional quantum network routing algorithm. Compared to other MSQKD protocols designed for series network environments, this algorithm adds an extra cost. However, this cost is necessary for applications in a general quantum network environment.
To analyze the performance of our protocol and existing MSQKD protocols, this study calculates the qubit efficiency η using the following equation. The calculation results are summarized in Table 3.
where n is the number of participants and m is the length of the secret key. Since the number of repeaters is not fixed in practical scenarios, we use a variable r to denote the number of quantum repeaters in the comparison. Based on the results of this metric, the qubit efficiency of our protocol is less efficient than that of existing MSQKD protocols in network environments with a large number of repeaters. However, our protocol can be applied in general quantum networks, whereas the existing MSQKD protocols cannot. Although directly comparing qubit efficiency may be unfair due to the differing quantum topologies between our protocol and the existing MSQKD protocols, these results nonetheless offer valuable insights into the performance differences between the two quantum network topologies.
In addition to comparing with existing MSQKD protocols, this study further examines the differences between using the 1D+star graph state measurement properties and using entanglement swapping to achieve entanglement distribution. Simple examples (as shown in Fig. 13) are provided to analyze the cost of entanglement distribution between the two methods, where a repeater R_{j} aims to distribute an entanglement state to another repeater R_{i}. This study assumes that the repeaters can generate qubits in the initial state \(\mid 0\rangle \) and use controlled gates (i.e., CNOT and CZ) to generate the entangled states. When the repeaters adopt the 1D+star graph state measurement properties, R_{j} generates a qubit (labeled as i), performs an H operation on this qubit, applies a CZ operation between qubits j and i, and then sends qubit i to R_{i} (as shown in Figs. 13a and 13b) Finally, R_{j} measures the qubit j in Xbasis which requires one H operation followed by one Zbasis measurement to achieve the entanglement distribution (as shown in Fig. 13c). Alternatively, if the repeaters use the entanglement swapping to distribute entanglement states, R_{j} will generate a Bell state (labeled as i and i+1), send the qubit i to R_{i}, and then perform a Bell measurement between qubits \(i+1\) and j (as shown in Figs. 13d and 13e) to complete the entanglement distribution (as shown in Fig. 13f). Generating a Bell state requires generation of 2 qubits, one H operation, and one CNOT operation, and performing Bell measurement requires one CNOT operation, one H operation and two Zbasis measurement. The costs of entanglement distribution are summarized in Table 4. From the cost comparisons, we can see that our proposed method reduces the number of qubits generated, eliminates the need for one controlled gate, and requires one less Zbasis measurement. Importantly, compared to singlephoton gates, implementing controlled gates is more resourceintensive. Therefore, using the measurement properties of the 1D+star graph state to distribute entangled states is more efficient than entanglement swapping in the context of our protocol.
The proposed protocol was implemented via simulation software to verify the proposed characteristics of the graph states with the 1D+star type and analyze the realizability of the proposed MMQKD protocol. To design a protocol tailored to quantum communication, this study used NetSquid [66], a dedicated simulation tool for quantum networks. This choice was made due to NetSquid’s specific applicability to quantum networking scenarios.
During the simulation trials, the proposed MMQKD protocol was executed under two distinct scenarios: (1) a quantum network with a fixed number of participants and varying numbers of repeaters, and (2) a quantum network with a varying number of participants but a fixed number of repeaters. Additionally, two types of noise—depolarizing and dephasing—were analyzed in both experimental scenarios to assess their effects on the success rate of establishing graph states.
In the first scenario, the study assumes the presence of three participants (Alice, Bob_{1}, and Bob_{2}) who aim to distribute secret keys. Due to limited computer resources available for the experiment, a quantum network environment with a maximum of 20 repeaters was simulated. Thus, environments with 1 to 20 repeaters were explored. In each scenario, repeaters helped participants establish 1024 graph states, and the average of these results was used to calculate success rates. The results for depolarizing and dephasing noise environments are presented in Fig. 14 and summarized in Tables 5 and 6, respectively. The simulations reveal that a 100% success rate in establishing graph states is possible with the help of various numbers of repeaters in an ideal quantum channel (with a 0% noise rate), demonstrating the feasibility of designing the proposed MMQKD protocol for a quantum network with any number of repeaters. In depolarizing noise environments (Fig. 14a), an increase in noise rate leads to a decrease in success rate, especially when more repeaters are used, showing a more pronounced decline. It is worth noting that in dephasing noise environments (Fig. 14b), an unexpected phenomenon occurs at certain numbers of repeaters (e.g., 3, 7, 11,…), where the success rate actually improves as the noise rate increases. This counterintuitive result arises because a 1D+star graph state with a specific number of qubits is immune to collective dephasing noise. Collective noise refers to quantum noise that affects multiple qubits simultaneously in a correlated manner, with collective dephasing noise being one such example. In the presence of collective noise, certain special quantum states, known as “free states,” can resist this type of disturbance. Due to the dephasingfree property of certain 1D+star graph states, the success rate improves once the noise rate exceeds 0.5. Remarkably, the success rate reaches 1.0 when the noise rate is 100%, indicating a fully collective noise environment. Based on these simulation results, we conclude that these 1D+star graph states are dephasingfree states, making them suitable for designing other dephasingtolerant quantum communication protocols.
In the second scenario, the study includes three repeaters aiding various participants (e.g., Alice, Bob_{1}, Bob_{2}, …, Bob_{n}) in establishing graph states. Again, due to the limitation of computer resources, a quantum network environment with up to 13 participants was simulated. The results for depolarizing and dephasing noise environments are presented in Fig. 15 and summarized in Tables 7 and 8, respectively. Similar to the first scenario, it’s evident that graph states can be perfectly established with various numbers of participants in an ideal quantum channel. Furthermore, the number of participants significantly impacts the success rate in different depolarizing noise conditions (Fig. 15a). Similar to the analysis of the previous scenario, the 1D+star graph state can also withstand collective dephasing noise when the 1D part contains 4 qubits, as demonstrated by the results under dephasing noise conditions (Fig. 15b). This finding further reinforces the potential of the 1D+star graph state for future developments in dephasingtolerant quantum communication protocols.
Finally, this research meticulously compiles and discusses the outcomes derived from conducting two distinct simulation experiments aimed at exploring quantum networking. In a noisy quantum network environment, the number of qubits significantly influences the success rate of establishing entanglement. Since the number of participants in real applications is fixed, reducing the number of repeaters in the routing path emerges as a solution to mitigate the impact of noise. Thus, employing fewer repeaters (i.e., creating shorter routing paths) for key distribution is crucial for enhancing qubit efficiency.
Additionally, there are certain types of noise that were not considered or discussed in the simulations of this study. These noises—such as photon loss, relaxation, gate errors, dark counts in measurement devices, and others—could pose potential limitations to the proposed entanglement distribution method and MMQKD protocol. For example, they could affect the communication distances and success rates of the proposed protocol. Analyzing the complexities of quantum network environments requires a separate, comprehensive research effort, which is beyond the scope of this work. Therefore, we consider these analyses as future work.
6 Conclusion
The existing MSQKD and MMSQKD protocols have two challenges: (1) the need for additional devices to defend against quantum Trojan horse attacks and (2) conformance to a specific network environment, namely, the series network. Therefore, this study proposes a property of 1D+star graph state and then uses this property to distribute GHZlike states among classical participants within a general repeaterbased quantum network. These GHZlike states are then used to propose an MMQKD protocol, specifically designed for a restricted quantum environment. In the proposed MMQKD protocol, the classical participants have only two quantum capabilities—singlequbit operation (i.e., \(\sigma _{Z}\) and H) and Zbasis measurement—and they do not need an additional quantum device/mechanism to protect against quantum Trojan horse attacks. Moreover, unlike the existing repeaterbased quantum network, repeaters use singlequbit measurement (i.e., Xbasis measurement) rather than the entanglement swapping to transmit the entanglement. Therefore, the proposed MMQKD protocol is more practical and lightweight than the existing MSQKD and MMSQKD protocols. Security analyses and simulation experiments were conducted to prove that the proposed MMQKD protocol is secure and feasible.
Our future research could explore leveraging the proposed measurement properties of the 1D+star graph state to develop additional lightweight and practical quantum communication protocols within quantum networks (e.g., quantum secret sharing). Furthermore, designing a routing algorithm for efficiently distributing the graph state among protocol participants is another promising direction. However, there are potential limitations and challenges for our method in larger quantum networks with complex noise environments. For instance, what is the maximum distance in our proposed protocol that can securely distribute keys in a noisy network? Therefore, the unresolved issues include analyzing the key rate bound in complex noisy quantum networks, mitigating decoherence, extending the storage time of entangled states, and designing efficient quantum error correction codes and purification techniques.
Data Availability
No datasets were generated or analysed during the current study.
Abbreviations
 QKD:

Quantum Key Distribution
 MMQKD:

Mediated Multiparty Quantum Key Distribution
 QSS:

Quantum Secret Sharing
 SQKD:

SemiQuantum Key Distribution
 TP:

Third Party
 MSQKD:

Multiparty SemiQuantum Key Distribution
 MMSQKD:

Mediated Multiparty SemiQuantum Key Distribution
References
Bennett CH, Brassard G. Quantum cryptography: public key distribution and coin tossing. In: IEEE int. conf. Computers, systems and signal processing, Bangalore, India. 1984. p. 175–9.
Shor PW, Preskill J. Simple proof of security of the BB84 quantum key distribution protocol. Phys Rev Lett. 2000;85(2):441–4.
Gottesman D, Lo HK. Proof of security of quantum key distribution with twoway classical communications. IEEE Trans Inf Theory. 2003;49(2):457–75.
Tsurumaru T, Tamaki K. Security proof for quantumkeydistribution systems with threshold detectors. Phys Rev A. 2008;78(3):032302.
Bennett CH, Brassard G, Mermin ND. Quantum cryptography without Bell’s theorem. Phys Rev Lett. 1992;68(5):557–9.
Cerf NJ, Bourennane M, Karlsson A, Gisin N. Security of quantum key distribution using dlevel systems. Phys Rev Lett. 2002;88(12):127902.
Long GL, Liu XS. Theoretically efficient highcapacity quantumkeydistribution scheme. Phys Rev A. 2002;65(3):032302.
Grosshans F, Van Assche G, Wenger J, Brouri R, Cerf NJ, Grangier P. Quantum key distribution using Gaussianmodulated coherent states. Nature. 2003;421(6920):238–41.
Hwang WY. Quantum key distribution with high loss: toward global secure communication. Phys Rev Lett. 2003;91(5):057901.
Lo HK, Ma XF, Chen K. Decoy state quantum key distribution. Phys Rev Lett. 2005;94(23):230504.
Hwang T, Lee KC, Li CM. Provably secure threeparty authenticated quantum key distribution protocols. IEEE Trans Dependable Secure Comput. 2007;4(1):71–80.
Li XH, Deng FG, Zhou HY. Efficient quantum key distribution over a collective noise channel. Phys Rev A. 2008;78(2):022321.
Hwang T, Hwang CC, Tsai CW. Quantum key distribution protocol using dense coding of threequbit W state. Eur Phys J D. 2011;61:785–90.
Lo HK, Curty M, Qi B. Measurementdeviceindependent quantum key distribution. Phys Rev Lett. 2012;108(13):130503.
Yang CW. New probabilistic quantum key distribution protocol. Int J Theor Phys. 2018;57(12):3651–7.
Hillery M, Bužek V, Berthiaume A. Quantum secret sharing. Phys Rev A. 1999;59(3):1829.
Gottesman D. Theory of quantum secret sharing. Phys Rev A. 2000;61(4):042311.
Zhang ZJ, Li Y, Man ZX. Multiparty quantum secret sharing. Phys Rev A. 2005;71(4):044301.
Hsu JL, Chong SK, Hwang T, Tsai CW. Dynamic quantum secret sharing. Quantum Inf Process. 2013;12:331–44.
Deng FG, Long GL. Secure direct communication with a quantum onetime pad. Phys Rev A. 2004;69(5):052319.
Long GL, Deng FG, Wang C, Li XH, Wen K, Wang WY. Quantum secure direct communication and deterministic secure quantum communication. Front Phys China. 2007;2:251–72.
Zhang W, Ding DS, Sheng YB, Zhou L, Shi BS, Guo GC. Quantum secure direct communication with quantum memory. Phys Rev Lett. 2017;118(22):220501.
Yang YG, Cao WF, Wen QY. Secure quantum private comparison. Phys Scr. 2009;80(6):065002.
Yang YG, Wen QY. An efficient twoparty quantum private comparison protocol with decoy photons and twophoton entanglement. J Phys A, Math Theor. 2009;42(5):055305.
Liu W, Liu C, Wang H, Jia T. Quantum private comparison: a review. IETE Tech Rev. 2013;30(5):439–45.
Fitzsimons JF. Private quantum computation: an introduction to blind quantum computing and related protocols. npj Quantum Inf. 2017;3(1):23.
Boyer M, Kenigsberg D, Mor T. Quantum key distribution with classical Bob. In: 2007 first int. conf. Quantum, nano, and micro technologies (ICQNM’07), Guadeloupe, French Caribbean, Jan. 2–5. IEEE; 2007. p. 2–5.
Boyer M, Gelles R, Kenigsberg D, Mor T. Semiquantum key distribution. Phys Rev A. 2009;79(3):032341.
Zou X, Qiu D, Li L, Wu L, Li L. Semiquantumkey distribution using less than four quantum states. Phys Rev A. 2009;79(5):052312.
Wang J, Zhang S, Zhang Q, Tang CJ. Semiquantum key distribution using entangled states. Chin Phys Lett. 2011;28(10):100301.
Yu KF, Yang CW, Liao CH, Hwang T. Authenticated semiquantum key distribution protocol using Bell states. Quantum Inf Process. 2014;13:1457–65.
Zou X, Qiu D, Zhang S, Mateus P. Semiquantum key distribution without invoking the classical party’s measurement capability. Quantum Inf Process. 2015;14:2981–96.
Li Q, Chan WH, Zhang S. Semiquantum key distribution with secure delegated quantum computation. Sci Rep. 2016;6(1):19898.
Li Q, Chan WH, Long DY. Semiquantum secret sharing using entangled states. Phys Rev A. 2010;82(2):022303.
Yang CW, Hwang T. Efficient key construction on semiquantum secret sharing protocols. Int J Quantum Inf. 2013;11(05):1350052.
Tsai CW, Yang CW, Lee NY. Semiquantum secret sharing protocol using Wstate. Mod Phys Lett A. 2019;34(27):1950213.
Chou WH, Hwang T, Gu J. Semiquantum private comparison protocol under an almostdishonest third party. 2016. ArXiv preprint. arXiv:1607.07961.
Lang YF. Semiquantum private comparison using single photons. Int J Theor Phys. 2018;57:3048–55.
Ye TY, Ye CQ. Measureresend semiquantum private comparison without entanglement. Int J Theor Phys. 2018;57:3819–34.
Zou X, Qiu D. Threestep semiquantum secure direct communication protocol. Sci China, Phys Mech Astron. 2014;57:1696–702.
Zhang MH, Li HF, Xia ZQ, Feng XY, Peng JY. Semiquantum secure direct communication using EPR pairs. Quantum Inf Process. 2017;16:1–14.
Yang CW. Efficient and secure semiquantum secure direct communication protocol against double CNOT attack. Quantum Inf Process. 2020;19:1–15.
Krawec WO. Mediated semiquantum key distribution. Phys Rev A. 2015;91(3):032323.
Lin PH, Tsai CW, Hwang T. Mediated semiquantum key distribution using single photons. Ann Phys. 2019;531(8):1800347.
Chen L, Li Q, Liu C, Peng Y, Yu F. Efficient mediated semiquantum key distribution. Phys A, Stat Mech Appl. 2021;582:126265.
Guskind J, Krawec WO. Mediated semiquantum key distribution with improved efficiency. Quantum Sci Technol. 2022;7(3):035019.
Zhang XZ, Gong WG, Tang YG, Ren ZZ, Guo XT. Quantum key distribution series network protocol with Mclassical Bobs. Chin Phys B. 2009;18(6):2143.
Zhou NR, Zhu KN, Zou XF. Multiparty semiquantum key distribution protocol with fourparticle cluster states. Ann Phys. 2019;531(8):1800520.
Tian Y, Li J, Ye C, Li C. Multiparty semiquantum key distribution protocol based on hyperentangled Bell states. Front Phys. 2022;966.
Ye CQ, Li J, Chen XB, Hou Y, Dong M, Ota K. Circular mediated semiquantum key distribution. Quantum Inf Process. 2023;22(4):170.
Tsai CW, Yang CW. Lightweight mediated semiquantum key distribution protocol with a dishonest third party based on Bell states. Sci Rep. 2021;11(1):23222.
Tsai CW, Yang CW, Lin J. Multiparty mediated quantum secret sharing protocol. Quantum Inf Process. 2022;21(2):63.
Tsai CW, Wang CH. Efficient mediated quantum secret sharing protocol in a restricted quantum environment. Ann Phys. 2023;535(11):2300116.
Berkolaiko G, Kuchment P. Introduction to quantum graphs. Providence: Am. Math. Soc.; 2013.
Bennett CH, Brassard G, Crépeau C, Jozsa R, Peres A, Wootters WK. Teleporting an unknown quantum state via dual classsical and EinsteinPodolskyRosen Channles. Phys Rev Lett. 1993;70(13):1895.
Zukowski M, Zeilinger A, Horne MA, Ekert AK. Bell experiment via entanglement swapping. Phys Rev Lett. 1993;71:4287.
Bose S, Vedral V, Knight PL. Multiparticle generalization of entanglement swapping. Phys Rev A. 1998;57(2):822.
Caleffi M. Optimal routing for quantum networks. IEEE Access. 2017;5:22299–312.
Le L, Nguyen TN. DQRA: deep quantum routing agent for entanglement routing in quantum networks. IEEE Trans Quantum Eng. 2022;3:1–12.
Meignant C, Markham D, Grosshans F. Distributing graph states over arbitrary quantum networks. Phys Rev A. 2019;100(5):052333.
Fischer A, Towsley D. Distributing graph states across quantum networks. In: 2021 IEEE int. conf. Quantum comput. Eng. (QCE), Broomfield, CO, USA; 2021.
Fung CHF, Ma X, Chau HF. Practical issues in quantumkeydistribution postprocessing. Phys Rev A. 2010;81(1):012318.
Deng FG, Li XH, Zhou HY, Zhang ZJ. Improving the security of multiparty quantum secret sharing against Trojan horse attack. Phys Rev A. 2005;72(4):044302.
Cai QY. Eavesdropping on the twoway quantum communication protocols with invisible photons. Phys Lett A. 2006;351(1–2):23–5.
Boyer M, Katz M, Liss R, Mor T. Experimentally feasible protocol for semiquantum key distribution. Phys Rev A. 2017;96(6):062335.
Coopmans T, Knegjens R, Dahlberg A, Maier D, Nijsten L, de Oliveira Filho J, Papendrecht M, Rabbie J, Rozpędek F, Skrzypczyk M, Wubben L, de Jong W, Podareanu D, TorresKnoop A, Elkouss D, Wehner S. NetSquid, a NETwork simulator for quantum information using discrete events. Commun Phys. 2021;4(1):164.
Funding
Project supported by the National Science and Technology Council, Taiwan, R.O.C. (Grant Nos. NSTC 1132221E025014 and NSTC 1132634F005001MBK).
Author information
Authors and Affiliations
Contributions
ChiaWei Tsai: Conceptualization, Methodology, Formal Analysis, Writing – Original Draft. ChunHsiang Wang: Experimentation and Review manuscript.
Corresponding author
Ethics declarations
Ethics approval and consent to participate
Not applicable.
Consent for publication
Not applicable.
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons AttributionNonCommercialNoDerivatives 4.0 International License, which permits any noncommercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/byncnd/4.0/.
About this article
Cite this article
Tsai, CW., Wang, CH. Multiparty quantum key distribution protocol in quantum network. EPJ Quantum Technol. 11, 63 (2024). https://doi.org/10.1140/epjqt/s40507024002755
Received:
Accepted:
Published:
DOI: https://doi.org/10.1140/epjqt/s40507024002755