Quantum anonymous collision detection for quantum networks

Quantum mechanics offers new opportunities for diverse information processing tasks in communication and computational networks. In the last two decades, the notion of quantum anonymity has been introduced in several networking tasks that provide an unconditional secrecy of identity for the communicating parties. In this article, we propose a quantum anonymous collision detection (QACD) protocol which detects not only the collision but also guarantees the anonymity in the case of multiple senders. We show that the QACD protocol serves as an important primitive for a quantum anonymous network that features tracelessness and resource efficiency. Furthermore, the security analysis shows that this protocol is robust against the adversary and malicious participants.


Introduction
Quantum information science has enabled outstanding improvement in security for communication [1], cryptography [2], metrology [3] and computation [4]. Such tasks include quantum secret sharing [5,6], blind quantum computation [7,8], secure quantum clock synchronization [9], and distributed secure quantum computation [10]. These technologies pave way for the vision of a secure quantum internet [11,12]. However, these protocols are mostly developed to protect the content of the messages, which means that the encoded information can be accessed only by the sender and the intended receiver. On the other hand, in many real-life applications, it is more desirable to hide the identity of the sender and receiver than the information itself. Thus, the secrecy of identity was coined as anonymity which should be guaranteed without making any assumption on the computational power of the adversary. This property is the main enabler of several interesting applications such as anonymous quantum voting [13][14][15], anonymous quantum key agreement [16], quantum anonymous multi-data ranking [17], and anonymous quantum private comparison [18].
The first-ever quantum anonymous transmission protocol was proposed in [19]. This proposal consisted of two protocols-namely-the quantum anonymous broadcast for classical information and sharing entanglement between sender and receiver anonymously.
These two protocols were combined to send a quantum message via quantum teleportation [20]. However, it was assumed that a perfect n-partite GHZ state is shared among the participants. This work was followed by several other proposals for anonymous networkbased tasks. For example, anonymous quantum communication with disruption detection [21], anonymous entanglement generation from EPR pairs [22], and anonymous quantum communication via a noisy channel [23]. More recently, the protocol for anonymity in quantum networks was presented [24]. In this protocol, their main aim was the anonymous verification of GHZ state that is shared via protocols in [25,26]. However, all these protocols have to detect multiple senders prior to their own run of the protocol. Thus, an anonymous collision detection protocol seems indispensable for a truly anonymous execution of these anonymous networking tasks.
A quantum anonymous collision detection (QACD) protocol was proposed in [19] that utilizes O( log n + 1) n-partite GHZ qubit states in an n-node network as a resource. This protocol was proposed under the assumption of semihonest participants, i.e., all participants are honest but curious. However, in real life, anonymous network is usually built among the mutually untrusted participants. Hence, the protocols designed under the semihonest model assumption are impractical. It was also proved that a quantum source cannot securely evaluate any two-party classical deterministic function [27,28]. This result also applies to the QACD protocols since these protocols can be viewed as a manifestation of two-party classical deterministic function. The motivation for our work lies in the securely and resourcefully collision detection for multiple senders among mutually untrustworthy participants.
In this paper, we propose the quantum anonymous collision detection protocol to detect the collision in the case of multiple senders with the help of the server, as depicted in Fig. 1. The server is almost dishonest which means that it is allowed to misbehave on its own without conspiring with the participants. This protocol guarantees the anonymity of the sender and also features tracelessness property, i.e., the identity of the sender remains hidden even if the adversary gains access to the encoded state. Our protocol is more efficient than the previously proposed protocol and utilizes O(1) n-partite GHZ qudit state. We also show the correctness and robustness against both external and internal adversaries of the protocol. The rest of the paper is organized as follows. First, we present the quantum anonymous collision detection protocol for multiple senders. Then the security and correctness of the protocol is shown. In the end, we conclude the paper.

Quantum anonymous collision detection (QACD)
In this section, we provide the QACD protocol for any quantum anonymous network where collision is detected anonymously with the help of the server. The server in our protocol is allowed to misbehave through active and passive attack but cannot conspire with the participants. However, it is unable to match the identity of the participants with the encoded data. This protocol will also work under untrustworthy participants.
Communication Scenario-Our protocol consist of n agents and the server that can perform local operation and classical communication (LOCC) as graphically illustrated in Fig. 2. Each user is connected to the server via a quantum and a classical authenticated channel. The d-dimensional GHZ state is shared among the agents and the server, where d > n. The server prepares and distributes the GHZ state by utilizing the entanglement distribution and verification protocol of [17].
After the sharing of the GHZ state, each user applies the quantum Fourier transform to If any participant wants to be the sender, then it applies the shift operator to their qudit, where ⊕ represents addition mod d. Then, measurements is performed and result is communicated via classical authenticated channel.
Here, the communication objective is to detect the collision anonymously in the case of multiple senders. The protocol is anonymous until the communication does not change the uncertainty about the identity of the sender. The objective of the adversaries and malicious agents t is to break the anonymity or security of the protocol. Eve has access to the public communication occurring through authenticated channels. In a practical scenario, she may have certain network resources beyond public communication. For example, she may have support from t < n malicious parties and has access to all their classical and quantum resources denoted by Q t . Finally, in an unlikely but possible scenario, she may hijack the quantum channel and gain access to the joint quantum state of k parties, denoted by R k . Note that these parties are acting honestly and do not conspire with her. Now we can formally idealize the QACD protocol features, provided that the GHZ state is shared correctly.
Correctness: Each party should be notified with certainty if there are multiple senders in a run of the protocol.
Anonymity: The identity of the senders remain hidden regardless of their announced data.
Traceless: Even with access to all network resources including the encoded quantum state and classical communication, the status (sender/ non sender) of all parties remain hidden.
Security: The participants private data should be protected against adversarial (outside/inside) attacks.
In the following, we present the quantum anonymous collision detection protocol with tracelessness.

Security analysis
Here we provide the security analysis of the protocol. QACD protocol has to satisfy two condition for security: (1) correctness, (2) secrecy. First, we show the correctness of the protocol.

Correctness
Here, we prove the correctness of Protocol 1. Initially, an (n + 1)-partite GHZ state (1) is shared between the agents and the server. Each participant encodes operation on its qudit using the unitaries. If the participants want to be a sender, they apply U s otherwise they

Protocol Parameters
• A server and n participants.

The Protocol
(1) All parties including the server apply F d to their qudits.
(2) Each party 1 ≤ i ≤ n applies U a i on q i according to the rule: if party i wants to be the sender, Here, with ⊕ being the modulo d addition and I d is the identity operator on d-dimensional Hilbert space. apply I d . Each participant and server is given one qudit q i from the GHZ state After the first and second step, participants apply U a i F on (4). Consequently, state transforms |w 1 ⊕ a 1 ⊗ · · · ⊗ |w n ⊕ a n ⊗ |w n+1 ⊕ 0 , After this, each participant and the server measure their qudit in B basis. Each participants announces the measurement result m i to the server via a classical authenticated channel. The server calculates If there are multiple senders, then C > 1 and a collision is detected.

Secrecy
In this subsection, we analyze the secrecy of Protocol 1. If an eavesdropper wants to know the sender's identity, they should get the specific value of the participant's classified input. We characterize the security in two different scenarios: (i) the adversary or server attacks the protocol alone without any collaboration with the participants, and (ii) the adversary collaborates with t malicious participants to attack the anonymity of the honest participants.
In the first scenario, we assume the preshared GHZ qudit state and its method of sharing as mentioned in [17]. Any misadventure by the server or adversary can be detected easily during the distribution of GHZ state. Since there is no further communication on quantum channel in our protocol. So, Eve or server cannot perform the active attack. She has to rely on the passive attacks. The participants encode their information on their respective qudit states and then perform the measurements. The announced result by the participant has no information regarding the identity of the sender. Therefore, Eve or server cannot deduce any useful information about the identity of the sender. We can say that this protocol is robust against outside adversaries since Eve is unable to gain any information and the sender remains anonymous.
In the second scenario, Eve collaborates with t malicious participants to extract the honest participants' classified inputs. A malicious participant already has some information about the protocol. So, this kind of attack is more powerful and deserves more attention. Eve has access to the resources Q t of malicious participants t. To gain useful information about honest participant's k private inputs, she can only utilize the resources Q t of malicious participants and classical information announced by the honest participants k. However, this resource Q t is not useful. Intuitively, the secret string possessed by the n parties satisfy w 1 + w 2 + · · · + w n + w n+1 = 0(mod d). Since the honest participant's resource R k is only known to them, we can conclude that Eve cannot get any one of the honest participant's string. In other words, she is unable to get the private inputs of honest participants with the resources of the malicious participants t. Now we consider an unlikely scenario in which an adversary, after the encoding process, hijacks the quantum channel and gets the honest participants' resources R k as well. She has the encoded state As we know that after Fourier transform, the GHZ state transforms into a random string satisfying w 1 + · · · + w n + w n+1 = 0(mod d). The private inputs are encrypted on these random strings. Since these conditions are similar to the quantum one-time pad scheme [1] and provide the same unconditional security to this protocol. So even if the adversary has the honest participant's resources R k , she cannot track the senders. This shows the tracelessnes of the protocol. The only possibility for Eve is to know the sender's identity if all parties behave as senders at the same time. This event only happens with 1/2 n-t probability and this probability decreases as t decreases.

Conclusion
In this work, we have proposed a quantum anonymous collision detection (QACD) protocol, which is a prerequisite for quantum anonymous networks. This protocol efficiently detects the collision in case of multiple senders with the help of a server. The QACD protocol provides sender anonymity. This protocol also features tracelessness, which means that the encoding operation cannot be traced back to the encoding parties. Our proposed protocol is more efficient in terms of quantum resources than previously proposed protocols. Furthermore, security analysis showed that the proposed QACD protocol is robust against malicious participants and adversaries.