Multiparty quantum secret sharing scheme based on the phase shift operations

Multiparty quantum secret sharing scheme based on the phase shift operations

Optics Communications 308 (2013) 159–163 Contents lists available at ScienceDirect Optics Communications journal homepage: www.elsevier.com/locate/o...

376KB Sizes 0 Downloads 53 Views

Optics Communications 308 (2013) 159–163

Contents lists available at ScienceDirect

Optics Communications journal homepage: www.elsevier.com/locate/optcom

Multiparty quantum secret sharing scheme based on the phase shift operations Yu-tao Du, Wan-su Bao n Zhengzhou Information Science and Technology Institute, Zhengzhou 450000, China

art ic l e i nf o

a b s t r a c t

Article history: Received 14 February 2013 Received in revised form 5 May 2013 Accepted 10 June 2013 Available online 28 June 2013

Based on a kind of multiparty quantum secret sharing schemes with Bell states, we propose a novel collective attack strategy in this paper. In our strategy, the group of in-attackers can obtain the entire secret information without introducing any error. More interestingly, a new multiparty quantum secret sharing scheme is proposed based on the 3-element phase shift operations. The scheme can resist not only the existing attacks, but also the cheating attack from the dishonest agent. Meanwhile, the scheme improves the efficiency of scheme by reducing the number of the eavesdropping detections and the computation complexity. & 2013 Elsevier B.V. All rights reserved.

Keywords: Quantum secret sharing Collective attack Phase shift operations Cheating attack

1. Introduction Quantum Secret Sharing (QSS) is the expansion of the classical secret sharing in the quantum cryptography field, which allows a secret of dealer to be shared among many agents, and only the authorized groups of agents can reconstruct the secret information. Since Hillery et al. [1] proposed the first QSS scheme based on GHZ states in 1999, all sorts of QSS schemes [2–26] have been proposed. In 2007, Zhang et al. [20] proposed a multiparty QSS scheme (ZGW scheme) based on Bell states and local unitary operations, which is more efficient and more feasible than the previous schemes. From then on, many analyses [21–25] and improvements [21,23] of ZGW scheme have been proposed successively. In the theoretical analysis aspect, the attack strategies [21–23] can be illustrated as the compound entanglement swapping attack, which includes both the intercept-and-resend and entanglement swapping schemes. However, all of them cannot solve the contradiction between obtaining the whole secret information and introducing no error: the attack [21] given by Lin et al. can only obtain half of the secret without any error, the collective attack [22] given by Wang et al. will introduce the probabilistic error [25], and the attack [23] given by Gao will introduce 25% error rate [24]. The last two strategies can obtain the entire secret. In addition, the cheating attack has also attracted many attentions [31]. Unfortunately, the ZGW scheme and its improvements cannot resist the

n

Corresponding author. Tel.: +86 15838210996. E-mail address: [email protected] (W.-s. Bao).

0030-4018/$ - see front matter & 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.optcom.2013.06.014

attack. In the improvement aspect, there are mainly Lin's et al. scheme [21] and Gao's scheme [23], by increasing the sample photons detections between the dealer and agents to improve the authentication of quantum channels. By contrast, Gao's scheme is more secure than Lin's et al. scheme because of increasing the detection between Alice (dealer) and Bobn (the last agent), which has not been attacked successfully by now. In this paper, we propose a novel collective attack strategy with zero-error on Gao's scheme, which is also valid to both ZGW scheme and Lin's et al. In the strategy, the group of in-attackers can obtain the entire secret without introducing any error, by attacking different particle from different in-attacker separately. Furthermore, a new multiparty quantum secret sharing scheme is proposed based on the 3-element phase shift operations set fUð0Þ; Uð2π=3Þ; Uð4π=3Þg. We prove that the new scheme can resist not only the existing attacks on both ZGW scheme and its improvements, but also the cheating attack from the dishonest agent. In the capability analysis, we prove the new scheme improves the efficiency by reducing the number of eavesdropping detections and the computation complexity.

2. Gao's scheme Let us give a brief description of Gao's scheme as follows [21]: (1) Precomputation phase. Bob1 prepares k pairs of Bell states − (i.e.jφ1 〉ts , …, jφk 〉ts )pffiffiffirandomly from fjϕþ 〉; p jϕffiffiffi 〉; jψ þ 〉; jψ − 〉g: 7 7 jϕ 〉 ¼ ðj00〉 7 j11〉Þ= 2, jψ 〉 ¼ ðj01〉 7 j10〉Þ= 2. Then he stores all the photon s of these Bell states (as S1-sequence)

160

Y. Du, W. Bao / Optics Communications 308 (2013) 159–163

in his lab, and sends all the photon t of these Bell states (as T1-sequence) to Bob2. After receiving the T1-sequence, Bob2 firstly ascertains whether it is the single-photon sequence. If it is not, he aborts the communication; otherwise, he performs the local operations respectively on the photons of T1-sequence, which are chosen from the Pauli operations fI; sx ; sz ; isy g and Hadamard operation (H operation) with 12.5%, 12.5%, 12.5%, 12.5% and 50%.Here, I ¼ j0〉〈0j þ j1〉〈1j; sx ¼ j1〉〈0j þ j0〉〈1j; sz ¼ j0〉〈0j−j1〉〈1j 1 isy ¼ j0〉〈1j−j1〉〈0j; H ¼ pffiffiffi ðj0〉〈0j−j1〉〈1j þ j0〉 2

〈1j þ j1〉〈0jÞ

ð1Þ

Then Bob2 sends the T2-sequence (transformed from T1-sequence) to Bob3. Bobi (i¼ 3, …, n) does similar procedures as Bob2 till Bobn finishes his operations. At last, Bobn sends the Tn-sequence to Alice. Before sending Tn-sequence, Bobn prepares k1 single photons as sample photons randomly in one of four states: fj0〉; j1〉; j þ 〉; j−〉g, and inserts them into Tn-sequence for pffiffiffi pffiffiffi checking. Here j þ 〉 ¼ ðj0〉 þ j1〉Þ= 2; j−〉 ¼ ðj0〉−j1〉Þ= 2. (2) Secret distribution phase. After receiving the Tn-sequence, Alice asks Bobn to tell herself the positions and the initial states of all the sample photons in Tn-sequence. Then Alice can measure these photons with the suitable bases, and judge whether the channel between Bobn and Alice is secure, by comparing the initial states and the measurement results of them. After confirming that no eavesdropping exists, Alice randomly switches between the control mode and the message mode. In the control mode, Alice randomly selects the agent one by one to perform the following operations: Bob1 randomly chooses the measuring basis Z ¼fj0〉; j1〉g or X¼fj þ 〉; j−〉g to measure the photons of S1-sequence, and then to tell Alice his measuring bases and measurement results; other agents announce their unitary operations on the corresponding photons of Tn-sequence. Next, Alice can use the correct measuring bases to measure the corresponding photons of Tn-sequence, and judge whether the photons are attacked. If they are, the communication is aborted. Otherwise, it continues to the next mode. In the message mode, Alice encodes the secret by performing the Pauli operations on the last photons of Tn-sequence according to the following definitions: Iðsx ; sz ; isy Þ corresponds to the two classical bits }00}ð}10}; }01}; }11}Þ. After encoding, Alice sends the Tn+1-sequence to Bob1. Before sending Tn-sequence, Alice also prepares k2 sample photons randomly from four states: fj0〉; j1〉; j þ 〉; j−〉g, and inserts them into Tn+1-sequence for checking. (3) Secret recovery phase. After receiving the Tn+1-sequence, Bob1 also does the checking of sample photons with Alice Alice

Bob1

Bob2

Bobn

Fig. 1. The structure of Gao's scheme. denotes the Bell states |φi〉ts (i¼1,2,|...,k) prepared by Bob1, of which the left one is photon s, and the right one is photon t。.

to judge whether the channel between Alice and Bob1 is secure. If there is no eavesdropping, all the agents can recover the secret by collaborating together. At last, Alice announces a small part of the secret so that agents can judge whether Tn+1-sequence has been attacked. The structure of Gao's scheme is depicted in Fig. 1.

3. The collective attack strategy with zero-error There are four eavesdropping detections in the Gao's scheme: the collective detection between Alice and agents in the control mode, the short-messages checking at the end of the scheme, and two detections of sample photons in the last two phases. On the ZGW scheme and its improved schemes, three attack strategies [21–23] in existence are based on the combination both intercept-and-resend and entanglement swapping. In terms of the effects to Gao's scheme, the attack given by Lin et al. [21] can only obtain half of the secret; the attack given by Gao [23] introduces 25% error rate. Both of them can be checked by the detections of sample photons between Alice and Bob1 or Bobn. In addition, the collective attack strategy given by Wang et al. [22] may introduce the probabilistic error: the Hadamard operation which should be used by agents with the probability 50% will not appear in the announcements of attackers, which can be detected by Alice lead to the abortion of the communication. To sum up, the Gao's scheme can resist all the attacks above. However, if the last two agents (Bobn−1 and Bobn) perform the intercept-and-resend attack respectively to half of photons differently, and tell lies which are based on entanglement swapping in the control mode, they can associate with Bob1 to obtain the entire secret without introducing any error. So the Gao's scheme is still insecure. 3.1. The description of the collective attack strategy Now we show the collective attack strategy with zero-error: (1) After receiving the Tn−2-sequence, Bobn−1 randomly switches between the legal mode and the attack mode to operate on photons (for instance photon t): in the legal mode, he performs the H operation; in the attack mode, he firstly performs the H operation too, then he stores the photon t and replaces it by photon t′ from jψ − 〉t′s′ prepared by himself. Having operated on every photon of Tn−2-sequence, Bobn−1 sends the T′n−1 -sequence replaced half to Bobn, and tell him the messages of operations. (2) After receiving the T′n−1 -sequence, Bobn switches between the legal mode and the attack mode according to Bobn−1's messages: in the legal mode, he performs no operation on photon t′ from Bobn−1; in the attack mode, he resends photon t′ from jψ − 〉t′s′ prepared by himself the same as Bobn−1. At last, Bobn sends the T′n -sequence replaced all to Alice. Before sending them, he inserts some sample photons to do the detections with Alice following along the scheme. (3) When Alice is in the control mode, Bobn−1 and Bobn perform the operations according to the positions of detections: if checking the photon t′ replaced by Bobn−1, he performs the Bell measurement on the photon t and photon s′, and declares the false operation according to the measurement result, meanwhile Bobn declares he did H operation; if checking the photon t′ replaced by Bobn, Bobn−1 and Bobn just exchange their operations. (4) When Alice is in the message mode, she sends the T′nþ1 -sequence encoded to Bob1, in which inserted some sample photons. After Bob1 does the detections with Alice following the scheme, he can associate with both Bobn−1 and

Y. Du, W. Bao / Optics Communications 308 (2013) 159–163

which performed H operation by Bobn−1, he switches the attack mode. Similarly, in the control mode, Bobn−1 declares H operation on these photons and Bobn declares Pauli operations. To sum up, both Bobn−1 and Bobn can declare they performed H operation with the probability 50%, which can introduce no error. Meanwhile, because they have replaced all the photons by their false photons, they can associate with Bob1 to obtain the entire secret. Obviously, the new attack is also valid to ZGW scheme and Lin's et al. improvement scheme. Hence, In addition to increasing the sample photons detections, we should explore other methods to improve the security of this kind of QSS schemes.

Alice

Measure Measure Bob1

Bob n -1

161

Bobn

Fig. 2. The schematic diagram of the new collective attack strategy.

Bobn to measure the photon t′ and the corresponding photon s′, finally to deduce the whole secret. The schematic diagram of the new collective attack strategy is depicted in Fig. 2.

3.2. The analysis of the attack This collective attack strategy does not only combine the strong points of these attacks [21–23], but also rejects their shortages. Lin et al. have proved that Bobn's operations cannot be detected [21]; next we will prove so does Bobn−1's. Suppose that jφ〉ts (from Tn−2sequence) is the new entanglement state after Bobn−2's operations: jφ〉ts ∈fjϕþ 〉ts ; jϕ− 〉ts ; jψ þ 〉ts ; jψ − 〉ts ; jξ〉ts ; jη〉ts ; jχ〉ts ; jς〉ts g;

Enlightened by the security analysis [26] of the single-photon QSS scheme, we think that the suitable unitary operations set can help to improve the security of the QSS scheme based on Bell States and unitary operations. The QSS scheme can resist the attacks from [21– 23], if the agents' operations are chosen from the n-element phase shift operations set fUðiθÞjθ ¼ 2π=n; i ¼ 0; 1; :::; n−1g, here iθ≠π=2; π; 3π=2 [27]. In this paper, we propose a new QSS scheme based on the 3-element phase shift operations set fUð0Þ; Uð2π=3Þ; Uð4π=3Þg, which retains the structure of Gao's scheme, and reduces the number of the sample photons detections.

ð2Þ 4.1. The description of new scheme

and þ



jξ〉ts ¼ ðH⊗IÞts ; jϕ 〉ts jη〉ts ¼ ðH⊗IÞjϕ 〉ts ; jχ〉ts ¼ ðH⊗IÞjψ þ 〉ts ; jς〉ts ¼ ðH⊗IÞjψ − 〉ts :

ð3Þ

Obviously jφ′〉ts ¼ ðH⊗IÞjφ〉ts is still in the set of states above after Bobn−1's H operation on photon t. Then Bobn−1 replaces photon t by photon t′. When Alice is checking photon t′ replaced by Bobn−1, Bobn−1 performs the Bell measurement on the photon t and photons′. Based on the principium of entanglement swapping, the photon t′ and photon s will establish the new entanglement state jφ′′〉ts . According to the analysis of [21], there is a local unitary operation U′ from jφ′〉ts to jφ′′〉ts . Suppose Ux is the false operation announced by Bobn−1, so the relation between Ux and U′ is ðHU x ⊗IÞjφ〉ts ¼ ðU′H⊗IÞjφ〉ts ¼ jφ′′〉ts :

ð4Þ

−1

Hence, U x ¼ H U′H. Their corresponding relation is given in Table 1: At that time, Bobn−1 declares he performed Ux and Bobn declares H operation: ðI⊗HÞðI⊗U x Þjφ〉ts ¼ ðI⊗U′ÞðI⊗HÞjφ〉ts ¼ ðI⊗U′Þjφ′〉ts ¼ jφ′′〉ts :

ð5Þ

According to the Eq. (5), the false operations of Bobn cannot be detected too. Next, we prove that there is no probabilistic error of the new collective attack. Suppose after receiving n photons of Tn−2-sequence, Bobn−1 switches the attack mode with the probability 50%. Correspondingly, Bobn performs no operation on these photons. According to paragraphs above, Bobn−1 declares performing Pauli operations on ⌈n=2⌉ photons in the control mode. Meanwhile, Bobn declares H operation on these photons. When Bobn receives ⌊n=2⌋ photons on Table 1 The relation between Ux and U′. The value of U′ The value of Ux

4. Multiparty QSS scheme based on the 3-element phase shift operations

I I

sx sz

sz sx

isy isy

(1) Bob1 prepares k pairs of Bell states (i.e.jφ1 〉ts , …, jφk 〉ts ) − randomly from fjϕþ 〉; jϕ− 〉; jψ þ 〉; jψ here jϕ 7 〉 ¼ p ffiffiffi pffiffiffi〉g, ðj00〉 7j11〉Þ= 2, jψ 7 〉 ¼ ðj01〉 7 j10〉Þ= 2. Then he stores all the photon s of these Bell states (as S1-sequence) in his lab, and sends all the photon t (as T1-sequence) to Bob2. (2) After receiving the T1-sequence, Bob2 firstly ascertains whether it is the single-photon sequence. If it is not, he aborts the communication; otherwise, he performs the local operations UðαÞ respectively on the photons of T1-sequence, which are chosen randomly from the 3-element phase shift operations set fUð0Þ; Uð2π=3Þ; Uð4π=3Þg. Here suppose   N ¼ UðαÞUðαÞ ¼ cos αj0〉〈0j− sin αj0〉〈1j þ sin αj1〉  2π 4π ; : ð6Þ 〈0j þ cos αj1〉〈1j; α ¼ 0; 3 3 Then Bob2 sends the T2-sequence (transformed from T1-sequence) to Bob3. Bobi (i¼3, …, n) does similar procedures as Bob2 till Bobn finishes his operations. At last, Bobn sends the Tn-sequence to Alice. (3) After receiving the Tn-sequence, Alice firstly confirms whether it is the single-photon sequence like Bob2. Then she randomly switches between the control mode and the message mode. In the control mode, Alice randomly selects the agent one by one to perform the following operations: Bob1 randomly chooses the Z-basis or the X-basis to measure the photons of S1-sequence, and then tells Alice his measuring bases and measurement results; other agents announce their unitary operations on the corresponding photons of Tn-sequence. Next, Alice can use the correct measuring bases to measure the corresponding photons of Tn-sequence, and judge whether the photons are attacked. If they are, the communication is aborted. Otherwise, it continues to the next mode. In the message mode, Alice encodes the secret by performing the Pauli operations on the last photons of Tn-sequence, according to the following definitions: Iðsx ; sz ; isy Þ

162

Y. Du, W. Bao / Optics Communications 308 (2013) 159–163

corresponds to two classical bits }00}ð}10}; }01}; }11}Þ. After encoding, Alice sends the Tn+1-sequence to Bob1. (4) After receiving the Tn+1-sequence, all the agents can recover the secret by collaborating together: Bob1 (or the other agent) collects all the agents' messages of operations, to deduce the compound operations and the correct measuring bases on these photons, and then he measures the pairs of photons in the corresponding positions of Tn+1-sequence and S1-sequence to deduce the secret of Alice. (5) At last, Alice announces a small part of the secret to agents to judge whether Tn+1-sequence has been attacked. If it has been, the eavesdropper cannot gain any useful information but destroy the communication. 4.2. Security analysis Except a series of attacks in the practical views (same to Gao's scheme), we will analyze the security of the new scheme in the theoretical views. 4.2.1. Security against compound entanglement swapping attack The attack strategies [21–23] in existence can be illustrated as the compound entanglement swapping attack, which includes both the intercept-and-resend and entanglement swapping scheme. In the kind of attack strategies, the in-attacker (such as Eve) or their group can intercept and replace the travel photon (such as photon t) with photon t′ of Bell states jψ − 〉t′s′ , and then send it to the dealer. After the dealer sending back photon t′ with the secret, Eve can associate with other agents to obtain the secret by measuring both photon t′and s′of jψ − 〉t′s′ together. If the eavesdropping detection is coming, Eve can measure both photon t and s′ together and deduce the suitable unitary operations according to the discipline of entanglement swapping to escape from the detection. The compound entanglement swapping attack requires two basic conditions: first, the agents of QSS scheme need send photon t to the dealer after their operations, thus in-attackers can have the opportunity to replace it with false photon t′; second, the false operations announced by in-attackers must be contained in the unitary operations set of the QSS scheme so that their lies can escape from the eavesdropping detections. Correspondingly, there are two effective means against this kind of attacks: first, modify the structure of the QSS scheme by sending no photons to the dealer, so that it is useless for in-attackers to replace the photon t; second, restrict the announcements of in-attackers, so that they cannot declare the proper unitary operations to hide their behaviors in the process of detections [26]. The new scheme can resist the kind of attacks (contained the new attack proposed) by using the 3-element phase shift operations set N=fUð0Þ; Uð2π=3Þ; Uð4π=3Þg to restrict the in-attacker's announcements. Suppose N′ is the false operations set, and both all elements of N and their compositions may establish the multiplicative group (N). Easy to know N=(N):           3   3 2 4 4 2 2 4 π U π ¼U π U π ¼ Uð0Þ; U π π U ¼ U ¼ Uð0Þ 3 3 3 3 3 3

ð7Þ It has been demonstrated that N′⊄ðNÞ in [26]. Thus, the false operations cannot be deduced by all elements of N and their compositions to escape from the detections. 4.2.2. Security against cheating attack The cheating attack from the dishonest agent [31] is as follows: in the secret reconstruction phase, the dishonest agent may provide a false share such that the secret cannot be recovered correctly by the authorized groups but he can correct the error alone. At present, the most schemes cannot resist this attack.

In the verifiable QSS scheme [31], the authorized groups can resist the attack by verifying the truth of shares. However, the ZGW scheme and its improvements are not verifiable. The new scheme can resist the attack by using the phase shift operations set N=fUð0Þ; Uð2π=3Þ; Uð4π=3Þg. Suppose that jϕþ 〉ts is the Bell states prepared by Bob1, and Eve is dishonest agent who performed the unitary operation UðαÞ∈N on photon t in step 2. However, she provides the false operation UðβÞ≠UðαÞ in step 4, here UðβÞ∈N. If the compound operation of other agents is UðθÞ, then ½UðβÞUðθÞ⊗Ijϕþ 〉ts ≠½UðαÞUðθÞ⊗Ijϕþ 〉ts

ð8Þ þ

The final entanglement states ½UðαÞUðθÞ⊗Ijϕ 〉p may be located ts ffiffiffi þ − þ − þ − in the basis fjϕ 〉; jϕ 〉; jψ 〉; jψ 〉g, fðjϕ 〉 þ 3 jψ − 〉Þ=2; pffiffiffi pffiffiffi þ pffiffiffi − pffiffiffi ðjϕ 〉þ þ − þ − 3jψ þ 〉Þ=2; ðjψ 〉 þ 3 jϕ 〉Þ=2; ðjψ 〉 þ 3 jϕ 〉Þ=2gorfðjϕ 〉− 3 jψ 〉Þ= pffiffiffi pffiffiffi pffiffiffi 2; ðjϕ− 〉− 3jψ þ 〉Þ=2; ðjψ − 〉− 3jϕþ 〉Þ=2; ðjψ þ 〉− 3jϕ− 〉Þ=2g. Easy to know three bases are non-orthogonal. If Eve provides the false share for recovery, the authorized group of agents will choose the wrong measurement basis. According to the uncertainty principle, the measurement result will inevitably be distributed in error states randomly, so that Eve cannot obtain any secret information from error results. 4.3. Capability analysis The new scheme improves efficiency from three aspects as follows, which are presented in Table 2: (1) The new scheme reduces two detections of sample photons compared with the Gao's scheme, in order to decrease the numbers of message communications and quantum states preparations. (2) The elements of the set N=fUð0Þ; Uð2π=3Þ; Uð4π=3Þg satisfy the commutative principle of multiplication: Suppose ∀α; β∈f0; 2π=3; 4π=3g, then  UðαÞUðβÞ ¼ ¼

cos α sin α

− sin α cos α



cos β sin β

cos ðα þ βÞ

− sin ðα þ βÞ

sin ðα þ βÞ

cos ðα þ βÞ

− sin β !

!

cos β

¼ UðβÞUðαÞ ¼ Uðα þ βÞ;

ð9Þ

So the agents need not to consider the order of operations by themselves but do the module addition directly to deduce the compound operation of all agents. Suppose Bobi (i ¼2, …, n) performs unitary operations U ðiÞ ¼ Uðθi Þ on the photon t, wherein θi ∈f0; 2π=3; 4π=3g. The compound operation of all agents is   n n 2π 4π ; ; U ¼ ∏ U ðiÞ ¼ UðθÞ; and θ ¼ ∑ θi ∈ 0; 3 3 i¼2 i¼2

ð10Þ

Thus it provides convenience to the secret reconstruction phase, and improves further the efficiency of the scheme. (3) The unitary operations set N of the new scheme is of the least elements with satisfy the conditions of the security, which reduces the complexity for recovering the secret. According to conclusions of [28–30], if the elements of set N constitute a multiplicative group (N), the number of elements of (N) must be no less than 3, or else elements of (N) can be distinguished while performing them on a suitable single-particle state or one particle of an entangled state, which cannot satisfy the conditions of

Y. Du, W. Bao / Optics Communications 308 (2013) 159–163

163

Table 2 The comparisons between the new scheme and schemes in existence. Issue/scheme

ZGW scheme [20]

Lin's scheme [21]

Gao's scheme [23]

The new scheme

The The The The

2k 2 Reverse order of encoding 5

2k+k2 3 Reverse order of encoding 5

2k+k1 +k2 4 Reverse order of encoding 5

2k 2 Random order 3

total number of photons times of detections order of recovering secret number of elements of the operations set

security. Obviously, the number of elements of the 3-element phase shift operations set N reaches the lower bound: N ¼(N) ¼fUð0Þ; Uð2π=3Þ; Uð4π=3Þg. 5. Conclusions To summarize, in this paper we firstly propose a new collective attack strategy on ZGW scheme and its improvements, which shows that increasing the sample-particle detections cannot resist the dishonest participants' attacks. Furthermore, by reducing the number of sample photons detections and using the 3-element phase shift operations set N=fUð0Þ; Uð2π=3Þ; Uð4π=3Þg, we propose a novel multiparty QSS scheme, which not only improves the security of scheme, but also the efficiency compared with Gao's scheme. The new collective attack strategy and the design thinking of the QSS scheme about the selection of unitary operations set also have guiding significance for the analysis and design of other QSS schemes based on local unitary operations. References [1] [2] [3] [4]

M. Hillery, V. Buzek, A. Berthiaume, Physical Review A 59 (1999) 1829. A. Karlsson, M. Koashi, N. Imoto, Physical Review A 59 (1999) 162. D. Gottesman, Physical Review A 61 (2000) 042311. W. Tittel, H. Zbinden, N. Gisin, Physical Review A 63 (2001) 042301.

[5] V. Karimipour, A. Bahraminasab, S. Bagherinezhad, Physical Review A 65 (2002) 042320. [6] H.F. Chau, Physical Review A 66 (2002) 060302. [7] S. Bagherinezhad, V. Karimipour, Physical Review A 67 (2003) 044302. [8] G.P. Guo, G.C. Guo, Physical Letters A 310 (2003) 247. [9] L. Xiao, G.L. Long, F.G. Deng, J.W. Pan, Physical Review A 69 (2004) 052307. [10] Z.J. Zhang, Y. Li, Z.X. Man, Physical Review A 71 (2005) 044301. [11] Z.J. Zhang, Z.X. Man, Physical Review A 72 (2005) 022303. [12] Z.J. Zhang, Physical Letters A 342 (2005) 60. [13] F.G. Deng, X.H. Li, H.Y. Zhou, Z.J. Zhang, Physical Review A 72 (2005) 044303. [14] R. Cleve, D. Gottesman, H.K. Lo, Physical Review Letters 83 (1999) 648. [15] S. Bandyopadhyay, Physical Review A 62 (2000) 012308. [16] L.Y. Hsu, Physical Review A 68 (2003) 022306. [17] Y.M. Li, K.S. Zhang, K.C. Peng, Physical Letters A 324 (2004) 420. [18] A.M. Lance, T. Symul, W.P. Bowen, B.C. Sanders, P.K. Lam, Physical Review Letters 92 (2004) 177903. [19] L.F. Han, Y.M. Liu, J. Liu, Z.J. Zhang, Optics Communications 281 (2008) 2690. [20] Z.J. Zhang, G. Gao, X. Wang, L.F. Han, S.H. Shi, Optics Communications 269 (2007) 418. [21] S. Lin, Q.Y. Wen, F. Gao, F.C. Zhu, Optics Communications 281 (2008) 4553. [22] T.Y. Wang, Q.Y. Wen, F. Gao, S. Lin, F.C. Zhu, Physical Letters A 373 (2008) 65. [23] G. Gao, Optics Communications 284 (2011) 902. [24] T.Y. Wang, Q.Y. Wen, Optics Communications 284 (2011) 3664–3666. [25] G. Gao, 〈http://arXiv.org/abs/1107.4529v1〉, [quant-ph], 22 July 2011. [26] T.Y. Wang, Q.Y. Wen, Quantum Information and Computation 11 (2011) 434. [27] S.J. Qin, Doctor thesis, Beijing University of Posts and Telecommunications, 2008. [28] A. Acín, Physical Review Letters 87 (2001) 177901. [29] G.M. DA′riano, P. LoPresti, M.G.A. Paris, Physical Review Letters 87 (2001) 270404. [30] R.Y. Duan, Y. Feng, M.S. Ying, Physical Review Letters 98 (2007) 100503. [31] Y.G. Yang, Y.W. Teng, H.P. Chai, Q.Y. Wen, International Journal of Theoretical Physics 50 (2011) 792.