An efficient and secure multiparty quantum secret sharing scheme based on single photons

Optics Communications 281 (2008) 6130–6134

Contents lists available at ScienceDirect

Optics Communications journal homepage: www.elsevier.com/locate/optcom

An efficient and secure multiparty quantum secret sharing scheme based on single photons Tian-yin Wang a,b,*, Qiao-yan Wen a, Xiu-bo Chen a, Fen-zhuo Guo a, Fu-chen Zhu c a

State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Xitucheng Road 10#, Beijing 100876, China School of Mathematical Science, Luoyang Normal University, Luoyang 471022, China c National Laboratory for Modern Communications, P.O. Box 810, Chengdu 610041, China b

a r t i c l e

i n f o

Article history: Received 18 May 2008 Received in revised form 5 September 2008 Accepted 9 September 2008

PACS: 03.67.Hk 03.67.Dd 03.65.Ud

a b s t r a c t A scheme of multiparty quantum secret sharing of classical messages (QSSCM) is proposed based on single photons and local unitary operations. In this scheme, eavesdropping checks are performed only twice, and one photon can generate one bit of classical secret message except those chosen for eavesdropping check; in addition, only the sender and one of the agents are required to store photons. Thus, this scheme is more practical and efficient. Ó 2008 Elsevier B.V. All rights reserved.

Keywords: Quantum secret sharing Single photons Quantum teleportation

1. Introduction The principles of quantum mechanics supplied many interesting applications in the field of quantum information in the last decade. Quantum secret sharing (QSS) is an important branch of quantum information, which allows a secret to be shared among many participants in such a way that only the authorized groups can reconstruct it [1]. QSS is an useful tool in the cryptographic applications and it is likely to play a key role in protecting secret quantum information, e.g., in secure operations of distributed quantum computation, sharing difficult-to-construct ancilla states and joint sharing of quantum money, and so on [2]. Classical secret sharing schemes are designed based on certain unproven computational assumptions such as the infeasibility of factoring large integers and solving discrete logarithm. Unfortunately, quantum algorithms are capable of factoring large integers and solving discrete logarithm [3]. Fortunately, in contrast to classical secret sharing, the security of QSS relies on quantum-mechanical law rather than on computational complexity, so QSS is secure even if the

* Corresponding author. Address: State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Xitucheng Road 10#, Beijing 100876, China. E-mail address: [email protected] (T.-y. Wang). 0030-4018/$ - see front matter Ó 2008 Elsevier B.V. All rights reserved. doi:10.1016/j.optcom.2008.09.026

attackers have unlimited computational resources; in addition, the information splitting of a secret and the information distribution in QSS is realized by local measurements and unitary operations on distributed quantum states, so QSS allows to distribute the shares securely in the presence of eavesdropping; moreover, QSS can supplies a secure way for sharing not only a classical message (i.e., bit) but also a quantum state. Therefore, since Hillery et al. first proposed a QSS scheme using Greenberger-Horne-Zeilinger states in 1999 [4], a lot of QSS schemes [1,2,5–21] have been proposed in both theoretical and experimental aspects. All these schemes [1,2,4–21] can be divided into two kinds, one only deals with the QSSCM [1,5,9–12,14,16–21], or only deals with the QSS of quantum information [2,6–8,13,15] where the secret is an arbitrary quantum state, and the other studies both [4], that is, deals with QSS of classical messages and QSS of a quantum state simultaneously. In all these schemes [1,2,4–21] dealing with the QSS, entangled states are used. In fact, entanglement is necessary in QSS of quantum states, but it is not necessary in QSSCM, and single photons are ideal source for quantum communication, compared with those QSSCM schemes using entangled state, the QSSCM schemes without entanglement are more practical within the present technology, so Guo and Guo first proposed a QSSCM scheme with multi-particle product states in Ref. [22] and then Deng et al. presented a scheme for bidirec-

T.-y. Wang et al. / Optics Communications 281 (2008) 6130–6134

tional quantum secret sharing and secret splitting with polarized single photons in Ref. [23]. These two QSSCM schemes are secure, but eavesdropping check need to be performed between the sender and any agent, and n photons can generate only one bit of classical secret in Refs. [22,23], here n is the number of the agents. Thus, when n is large, many photons would be wasted in these two QSSCM schemes. Yan and Gao proposed a scheme for quantum secret sharing between multiparty and multiparty without entanglement in Ref. [24] and Schmid et al. gave an experimental single qubit quantum secret sharing in Ref. [25], but the Refs. [26–28] have shown these two QSSCM schemes do not reach the security level of QSSCM. Based on the quantum secure direct communication (QSDC) protocols [29,30], Zhang et al. also proposed a multiparty QSSCM scheme using single photons in Ref. [31]. In the scheme, some special unitary operations (e.g., four Pauli operations) are used to realize the sharing controls. Unfortunately, the scheme is vulnerable to some attacks [32–34]. In order to overcome the flaws in Ref. [31], Han et al. use random phase shift operations instead of some special discrete unitary operations to realize the sharing controls and gave an improvement QSSCM scheme [35]. However, with the development of quantum cryptanalysis, Qin et al. [36] proposed a new attack with quantum teleportation, and any dishonest agent can recover the sender’s secret message and introduce no error with this teleportation attack in Han et al.’s scheme. Therefore, how to design a practical, secure and efficient multiparty QSSCM scheme based on single photons is a urgent and significance problem to be solved. In this paper, we propose a new multiparty QSSCM scheme using single photons and local unitary operations. In this scheme, only two eavesdropping checks are required, and one photon can generate one bit of classical secret message except those chosen for eavesdropping check; in addition, only the sender and one of the agents need to store photons. Thus, this scheme is more practical and efficient. Most important of all, this scheme can resist all the attacks in Refs. [26–28,32–34,36]. Now let us turn to our multiparty QSSCM scheme. For convenience, let us first describe a four-party QSSCM scheme in detail. Suppose Alice wants to send a secret message to three agents, Bob, Charlie and Dick. However, Alice requires the three agents can infer the secret messages only by their mutual assistance. This four-party QSSCM scheme includes the following five steps. (1) Firstly, according to the bit length of her secret message, Alice prepares the product state of single photons Ni¼1 j0ii , here N is the bit length of Alice’s secret message and j0i, j1i denote the horizontal and vertical polarization modes of photons hereafter, respectively. Then, she prepares K sample photons Kj¼1 jSj i to detect eavesdropping in the following step (3), here jSpj i2 ffiffiffi fj0i, j1i, jþi, jigðj pffiffiffi ¼ 1; 2; . . . ; KÞ and jþi ¼ ðj0i þ j1iÞ= 2, ji ¼ ðj0i  j1iÞ= 2. Finally, she inserts randomly the K sample photons Kj¼1 jSj i into the N single photons Ni¼1 j0ii and sends all the photons to Bob. Note that any one does not know the initial states and positions of the K sample photons Kj¼1 jSj i except Alice. (2) When Bob receives the photons Ni¼1 j0ii and Kj¼1 jSj i, on each photon, Bob chooses a local unitary operation from I, rx , iry , rz and H with probability 12.5%, 12.5%, 12.5%, 12.5% and 50%, respectively, and performs this unitary operation on it. Here I ¼ ðj0ih0j þ j1ih1jÞ, rx ¼ ðj1ih0j þ j0ih1jÞ, iry ¼ ðj0i h1j  j1ih0jÞ, prffiffiffiz ¼ ðj0ih0j  j1ih1jÞ, H ¼ ðj0ih0j þ j1ih0j þ j0i h1j  j1ih1jÞ= 2. Suppose after Bob’s encryption, the photons Ni¼1 j0ii and Kj¼1 jSj i evolve to Ni¼1 U Bi j0ii , Kj¼1 U Bj jSj i, respectively, where U Bi and U Bj denote the local unitary operations that Bob chooses randomly. Then Bob sends the photons Ni¼1 U Bi j0ii and Kj¼1 U Bj jSj i to Charlie. Charlie does the same procedures as Bob, then he sends the encrypted photons Ni¼1 U C i U Bi j0ii and Kj¼1 U C j U Bj jSj i to Dick, where U C i and U C j

6131

denote the local unitary operations that Charlie chooses randomly. Dick also does the same procedures as Bob, then he sends the encrypted photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i back to Alice, where U Di and U Dj denote the local unitary operations that Charlie chooses randomly. (3) After receiving the photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i, Alice measures every sample photon U Dj U C j U Bj jSj i ðj ¼ 1; 2; . . . ; KÞ with X-basis or Z-basis randomly, here Z ¼ fj0i; j1ig and X ¼ fjþi; jig. Then, Alice publics the positions of all sample photons Kj¼1 U Dj U C j U Bj jSj i, but she keep their measurement outcomes and initial states secret. In the following, Alice lets the three agents tell her their exact unitary operations U Bj ,U C j and U Dj ðj ¼ 1; 2; . . . ; KÞ. After that, Alice can determine the error rate according to these K sample photons’ initial state Kj¼1 jSj i, measurement outcomes (Note that there is 50% probability that Alice will choose the wrong measurement basis, so half of the measurement outcomes are useless.) and U Bj ,U C j ,U Dj ðj ¼ 1; 2; . . . ; KÞ. If the error rate exceeds the threshold, then the communication is aborted. Otherwise, Alice encodes her secret bits by performing a unitary operation U Ai on the photon U Di U C i U Bi j0ii ði ¼ 1; 2; . . . ; NÞ, where U Ai 2 fI; iry g and I (iry ) correspond to the classical bit 0(1). After her encoding, similarly does as the step (1), Alice also prepares K 0 sample 0 photons Kk¼1 jS0k i and inserts randomly them into the encoded photons Ni¼1 U Ai U Di U C i U Bi j0ii . Then she sends the 0 photonsKk¼1 jS0k i and Ni¼1 U Ai U Di U C i U Bi j0ii to one of the agents, for example, Bob. (4) After confirming that Bob has received the photons 0 Ni¼1 U Ai U Di U C i U Bi j0ii and Kk¼1 jS0k i, Alice tells him the posi0 tions and initial states of these K 0 sample photons Kk¼1 jS0k i. 0 Then, Bob measures these K sample photons with proper measurement basis according to Alice’s announcement. After these, they can check whether the encoded photons Ni¼1 U Ai U Di U C i U Bi j0ii have been attacked. If they are attacked, the eavesdropper Eve cannot get access to any useful information but interrupts the transmissions. Otherwise, Bob stores the encoded photons Ni¼1 U Ai U Di U C i U Bi j0ii and this four-party QSSCM is successfully accomplished. (5) When Bob, Charlie and Dick approve to recover Alice’s secret message, Charlie and Dick tell Bob their exact unitary operations U C i ,U Di ði ¼ 1; 2; . . . ; NÞ. If the number of H in the three unitary operations U Bi ,U C i ,U Di is odd, Bob performs X-basis measurement on the encoded photon U Ai U Di U C i U Bi j0ii ; otherwise, he performs Z-basis measurement. Thus, they can deduce Alice’s unitary operation U Ai on each encoded photon U Ai U Di U C i U Bi j0ii by their unitary operations U Bi ,U C i ,U Di and Bob’s measurement outcome, and recover Alice’s secret message. For example, suppose U Bi ¼ rx , U C i ¼ rZ and U Di ¼ H, so Bob knows he should measure the encoded photon U Ai U Di U C i U Bi j0ii with X-basis, and if Bob’s measurement outcome is j þ ii , the state of the photon j0ii evolves as follows:

j0ii ) U Bi j0ii ¼ j1ii ) U C i j1ii ¼ j1ii ) U Di j1ii ¼ j  ii ) U Ai j  ii ) j þ ii : Thus, they can deduce easily U Ai ¼ iry and recover the secret bit 1. Otherwise, if Bob’s measurement outcome is j  ii , they can deduce U Ai ¼ I and recover the secret bit 0. So far we have proposed a four-party QSSCM scheme using single photons and local unitary operations. In fact, it is a (3; 3) threshold QSSCM scheme. Now let us discuss the security of this four-party QSSCM scheme. As we know, the security of QSS is more complex than quantum key distribute and QSDC because not all of the legitimate agents in QSS schemes are credible, that is, some of

6132

T.-y. Wang et al. / Optics Communications 281 (2008) 6130–6134

the agents may deceive [4,5,32,33,37]. In contrast to other eavesdroppers outside, the dishonest agents have many advantages. First, they know partial information legally. Second, they can tell a lie in the stage of eavesdropping detection to try to avoid introducing errors. Therefore, the main goal for the security of QSS is to prevent the dishonest agents from deceiving, and we can conclude that a (t; n) threshold QSS scheme is secure only and only if any t  1 agents cannot recover the sender’s secret even if they cooperate together, here t is the threshold. In the following, we will prove that this (3; 3) threshold QSSCM scheme can satisfy this conclusion. Firstly, we will show any two agents cannot deduce the remaining agent’s unitary operation. The reason is that any agent’s unitary operation is chosen from the five unitary operations I, rx , iry , rz and H with probability 12.5%, 12.5%, 12.5%, 12.5% and 50%, respectively. If he/her performs these five operations on a single photon jci ¼ aj0i þ bj1i, respectively, here jjajj2 þ jjbjj2 ¼ 1, he/her will get the following five states:

aj0i þ bj1i; bj0i þ aj1i; bj0i  aj1i; aj0i  bj1i; ajþi þ bji: Obviously these five states cannot be complete orthogonal. If he/her performs these five operations on one particle of any entangle state j/i, respectively, he will get five nonorthogonal entangle states. Without loss of generality, suppose he performs these five operations on the first particle of the entangle state j/i ¼ j0ij/1 i þ j1ij/2 i, respectively, he will get the five entangle states

j0ij/1 i þ j1ij/2 i; j0ij/1 i  j1ij/2 i;

j0ij/2 i þ j1ij/1 i; j0ij/2 i  j1ij/1 i; jþij/1 i þ jij/2 i:

We can prove that these five entangle states also cannot be complete orthogonal with simple calculation. By the quantum no-distinguishing theorem, nonorthogonal states can’t be perfectly distinguished. Here, we emphasize that H transformation is necessary in this scheme, if we only choose four pauli transformations, this scheme won’t resist the attacks in Ref. [33]; moreover, we can prove the probability that any two agents successfully get the remaining agent’s encrypted transformation is 50%, so any two agents can’t deduce the remaining agent’s operation. Therefore, the attacks in the Refs. [26,28,33,34] are invalid to this scheme. Secondly, we will show any two agents cannot recover Alice’s secret message without the help of the remaining agent even if they cooperate together. If any two agents want to recover Alice’s secret message, they must have the ability to deduce Alice’s encoding operation U Ai ði ¼ 1; 2; . . . ; NÞ. Since they don’t know the remaining agent’s unitary operation, they cannot deduce Alice’s operation only by measuring the encoded photons and their own unitary operations. Thus, if they want to deduce Alice’s operation U Ai ði ¼ 1; 2; . . . ; NÞ, they have only two options, one is to send fake photons to Alice instead of the encrypted photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i, and the other is to entangle a ancillary state on every photon in the encrypted photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i. However, the two options won’t escape eavesdropping check by Alice in the step (3). Now let us discuss the first option, suppose that two agents send fake photons to Alice instead of the encrypted photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i. Here we emphasize it is necessary that Alice measures these sample photons Kj¼1 U Dj U C j U Bj jSj i before he publics the positions of these sample photons. If the agents get the positions of these sample photons before Alice measures them, any agent can escape eavesdropping check and obtain Alice’s message through sending fake photons to Alice. Without loss of generality, suppose the dishonest agent Dick wants to recover Alice’s message by himself, he does not perform any operations on the photons Ni¼1 U C i U Bi j0ii and

Kj¼1 U C j U Bj jSj i, and puts them in his quantum data storehouse. þ Then, he prepares N þ K EPR pairs NþK l¼1 jUl i12 , where the subscript 1p and 2 denote the corresponding photon, and jUþ l i12 ¼ j00i þ j11iÞ ffiffiffi = 2, ðl ¼ 1; 2; . . . ; N þ KÞ, and sends all the photon 1 to Alice instead of Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i. When Alice publics the positions of the sample photons Kj¼1 U Dj U C j U Bj jSj i, Bob combines the states jUþ j i12 and U C j U Bj jSj i, and gets

jUþj i12  ðU C j U Bj jSj iÞ ¼ IU C j U Bj jSj i1 jUþ i þ rx U C j U Bj jSj i1 jWþ i þ iry U C j U Bj jSj i1 jW i þ rz U Cj U Bj jSj i1 jU i

ð1Þ

pffiffiffi pffiffiffi where jU i ¼ j00i  j11iÞ= 2, jW i ¼ j01i  j10iÞ= 2. Then, Bob makes a joint measurement on the photon 2 and corresponding sample photon U C j U Bj jSj i ðj ¼ 1; 2; . . . ; KÞ with Bell-basis. Next, he tells Alice his local unitary operation U Dj according to his measurement outcome. For example, if his measure outcome is jUþ i, he tells Alice his local unitary operation U Dj ¼ I. We can see Alice always gets the desired outcome, so there is no error introduced and Dick can escape eavesdropping check. When Alice sends the encoded photons, i.e., all the photons 1 to Bob, Dick intercepts them and performs a Bell measurement on the photons 1 and 2 after 0 Alice publics the positions of the sample photons Kk¼1 jS0k i. Thus, Dick can easily deduce Alice’s encoding operation U Ai ði ¼ 1; 2; . . . ; KÞ according to his measurement outcome and recover Alice’s secret message. However, in our four-party QSSCM scheme, Alice measures the sample photons before she public their positions, and the state jUþ j i12 has collapsed before the agents prepares to deceive by this teleportation attack, so any two agents can’t transfer the states of real sample photons to their fake photons by quantum teleportation. Thus, this scheme can resist the similar attack [36]. From the above analysis, we can see if the two agents want to escape eavesdropping check they can only public appropriate unitary operations to keep the check results consistent. However, they cannot get the measurement outcome and the initial state of each sample photon, so they keep the check results consistent only by guess and their deceit will introduce 50% error rate and cannot pass Alice’s detection. Next, let us discuss the second option, suppose that the two agents entangle a ancillary state on each photon in the encrypted photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U Cj U Bj jSj i, but if they entangle a ancillary state jEj i on the sample photon jSj i ðj ¼ 1; 2; . . . ; KÞ, they will inevitably introduce errors in the eavesdropping check and be detected by Alice. Without loss of generality, suppose they employ a general operation U on the sample photonjSj i and the ancillary state jEj i, which can be denoted as follows:

Uj0ijEj i ¼ aj0ijd00 i þ bj1ijd01 i;

ð2Þ

Uj1ijEj i ¼ cj0ijd10 i þ dj1ijd11 i:

ð3Þ

where jjajj2 þ jjbjj2 ¼ 1 and jjcjj2 þ jjdjj2 ¼ 1. Since the sample photon jSj i will determinately evolve to one of the four states j0i, j1i, jþi and ji after the three agents’ operating, if the two dishonest agents want to introduce no error in the eavesdropping check by Alice. The general operation U must satisfy the following conditions:

Uj0ijEj i ¼aj0ijd00 i þ bj1ijd01 i ¼ aj0ijd00 i;

ð4Þ

Uj1ijEj i ¼cj0ijd10 i þ dj1ijd11 i ¼ dj1ijd11 i;

ð5Þ

pffiffiffi UjþijEj i ¼ðaj0ijd00 i þ bj1ijd01 i þ cj0ijd10 i þ dj1ijd11 iÞ= 2 ¼ðjþiðajd00 i þ bjd01 i þ cjd10 i þ djd11 iÞ=2 þðjiðajd00 i  bjd01 i þ cjd10 i  djd11 iÞ=2 ¼ðjþiðajd00 i þ bjd01 i þ cjd10 i þ djd11 iÞ=2;

ð6Þ

T.-y. Wang et al. / Optics Communications 281 (2008) 6130–6134

pffiffiffi UjijEj i ¼ðaj0ijd00 i þ bj1ijd01 i  cj0ijd10 i  dj1ijd11 iÞ= 2

6133

(V) When all the agents approve to recover Alice’s secret message, they can recover Alice’s secret message by the same way in the step (5).

¼ðjþiðajd00 i þ bjd01 i  cjd10 i  djd11 iÞ=2 þðjiðajd00 i  bjd01 i  cjd10 i þ djd11 iÞ=2 ¼ðjiðajd00 i  bjd01 i  cjd10 i þ djd11 iÞ=2:

ð7Þ

From the above Eqs. (4)–(7), we can get

b ¼ c ¼ 0;

ð8Þ

ajd00 i  bjd01 i þ cjd10 i  djd11 i ¼ 0;

ð9Þ

ajd00 i þ bjd01 i  cjd10 i  djd11 i ¼ 0:

ð10Þ

Here 0 denotes a column vector. Further, we can get ajd00 i ¼ djd11 i. Thus, we can conclude that any two dishonest agents introduce no error in the eavesdropping only when the ancillary state and the sample photon are product states, and this attack is also invalid to this four-party QSSCM scheme. Through the above security analysis, we can conclude that only all the three agents cooperate together can they recover the sender, Alice’s secret message. Therefore, this (3; 3) threshold QSSCM scheme is secure in theory. It is noted that we do not consider the invisible photon attack and Trojan horse attack strategy in this four-party QSSCM scheme and the following multiparty QSSCM scheme, and we can prevent these two attacks easily with similar solutions in Refs. [32,38] in practice. Now, let us generalize the four-party QSSCM scheme to multiparty QSSCM scheme. Suppose the sender, Alice, wants to transmit a secret message to the n agents, Bob, Charlie, Dick,. . .,Zach. In the same time, Alice requires that only all the n agents cooperate together can they obtain her secret message. The first step of the multiparty QSSCM scheme is the same as that in the four-party QSSCM scheme, so we describe our scheme from step two. (II) Bob, Charlie and Dick carriy out almost the same actions as in the step (2) except Dick sending the photons Ni¼1 U Di U C i U Bi j0ii and Kj¼1 U Dj U C j U Bj jSj i to Alice. In the multiparty QSSCM scheme, Dick should send the photons to the next legitimate receiver. Other receivers do similar procedures as Bob till Zach finishes his actions. Zach sends the encrypted photons Ni¼1 U i j0ii and Kj¼1 U j jSj i to Alice, where U i ¼ U Zi . . . U Di U C i U Bi , U j ¼ U Zj . . . U Dj U C j U Bj , U Zi and U Zj denote the local unitary operations that Zack chooses randomly. (III) After receiving the encrypted photons Ni¼1 U i j0ii and Kj¼1 U j jSj i, Alice judges whether the photons Ni¼1 U i j0ii have been attacked by the same method of eavesdropping check in the step (3), if so, she aborts this communication; otherwise, she encodes his secret message on the photons Ni¼1 U i j0ii by the unitary operation U Ai ði ¼ 1; 2; . . . ; NÞ. Alice 0 also prepares K 0 sample photons Kk¼1 jS0k i and inserts ran0 domly these K sample photons into the encoded photons 0 Ni¼1 U Ai U i j0ii . Then she sends the photons Kk¼1 jS0k i and N i¼1 U Ai U i j0ii to one of the agents, for example, Bob. (IV) After confirming that Bob has received the photons 0 Ni¼1 U Ai U i j0ii and Kk¼1 jS0k i, Alice tells him the position and initial state of each sample photon. Then, Bob measures these K 0 sample photons with proper measurement basis according to Alice’s announcement. After these, they can check whether the encoded photons Ni¼1 U Ai U i j0ii have been attacked. If they are attacked, the eavesdropper Eve can’t get access to any useful information but interrupts the transmissions. Otherwise, Bob stores the encoded photons Ni¼1 U Ai U i j0ii and this multiparty QSSCM is successfully accomplished.

So far we have generalized the four-party QSSCM to multiparty QSSCM. The security of the present multiparty QSSCM scheme is the same as the security of four-party QSSCM scheme and only all the n agents cooperate can they recover Alice’s secret message. Note that both the four-party QSSCM and multiparty QSSCM are successfully accomplished under the condition that the channel is error-free, but when there is some noise on the line, we expect an appropriate threshold can be set according to the noise, if the error rate exceeds the threshold, then the communication is aborted; otherwise, it continues. It ensures that some noise on the line will not immediately abort the schemes. In the present multiparty QSSCM scheme, one encoded photon can generate one bit of classical secret message and the encoding capacity for the single photon reaches the Holevo bound of one classical bit. The efficiency for qubits gq ¼ qu =qt approaches the maximal value 100% as almost all the single photons are useful for carrying the message in principle, here qu is the useful qubits and qt is the total qubits transmitted. The total efficiency gt in the multiparty QSSCM scheme also approaches 100% as the classical information exchanged is not necessary except for the eavesdropping checks. gt is defined as Refs. [19,21,39,40]

gt ¼

bs ; qt þ bt

ð11Þ

where bs is the number of bits in the message, qt and bt are the qubits used and the classical bits exchanged between the parties in the quantum communication, respectively. In summary, using single photons and local unitary operations, we present a (n; n) threshold QSSCM scheme. Compared with other schemes without entanglement [22–24,34], the times of eavesdropping checks are greatly reduced, so this scheme saves a lot of photons; in addition, its efficiency for qubits and the total efficiency both approach the maximal value 100%; moreover, only the sender Alice and one of the agents are required to store quantum data. Most important of all, the security analysis shows that it can resist all the attacks that have been proposed. Therefore, this scheme is more practical, secure and efficient. Acknowledgements We thank to the anonymous referee for his/her several detailed suggestions on revision. This work was supported by the National High Technology Research and Development Program of China, Grant Nos. 2006AA01Z419, the National Natural Science Foundation of China, Grant Nos. 906040230, 60873191, the National Laboratory for Modern Communications Science Foundation of China, Grant No. 9140C1101010601, the Natural Science Foundation of Beijing, Grant No. 4072020, the Natural Science Foundation of Education Bureau of Henan Province, Grant Nos. 2007120007, 2008B120005. References [1] [2] [3] [4] [5] [6] [7] [8] [9]

D. Gottesman, Phys. Rev. A 61 (2000) 042311. Y.M. Li, K.S. Zhang, K.C. Peng, Phys. Lett. A 324 (2004) 420. P.W. Shor, SIAM Rev. 41 (1999) 303. M. Hillery, V. Buzeˇk, A. Berthiaume, Phys. Rev. A 59 (1999) 1829. A. Karlsson, M. Koashi, N. Imoto, Phys. Rev. A 59 (1999) 162. R. Cleve, D. Gottesman, H.K. Lo, Phys. Rev. Lett. 83 (1999) 648. S. Bandyopadhyay, Phys. Rev. A 62 (2000) 012308. A.C.A. Nascimento, J. Mueller-Quade, H. Imai, Phys. Rev. A 64 (2001) 042311. W. Tittel, H. Zbinden, N. Gisin, Phys. Rev. A 63 (2001) 042301.

6134 [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24]

T.-y. Wang et al. / Optics Communications 281 (2008) 6130–6134 H.F. Chau, Phys. Rev. A 66 (2002) 060302. V. Karimipour, A. Bahraminasab, Phys. Rev. A 65 (2002) 042320. S. Bagherinezhad, V. Karimipour, Phys. Rev. A 67 (2003) 044302. L.Y. Hsu, Phys. Rev. A 68 (2003) 022306. L. Xiao, G.L. Long, F.G. Deng, J.W. Pan, Phys. Rev. A 69 (2004) 052307. A.M. Lance, T. Symul, W.P. Bowen, B.C. Sanders, P.K. Lam, Phys. Rev. Lett. 92 (2004) 177903. L.Y. Hsu, C.M. Li, Phys. Rev. A 71 (2005) 022321. A.M. Lance, T. Symul, W.P. Bowen, B.C. Sanders, T. Tyc, T.C. Ralph, P.K. Lam, Phys. Rev. A 71 (2005) 033814. Z.J. Zhang, Phys. Lett. A 342 (2005) 60. F.G. Deng, X.H. Li, C.Y. Li, P. Zhou, H.Y. Zhou, Phys. Lett. A 354 (2006) 190. Z.J. Zhang, G. Gao, X. Wang, L.F. Han, S.H. Shi, Opt. Commun. 269 (2007) 418. F.G. Deng, X.H. Li, H.Y. Zhou, Phys. Lett. A 372 (2008) 1957. G.P. Guo, G.C. Guo, Phys. Lett. A 310 (2003) 247. F.G. Deng, H.Y. Zhou, G.L. Long, Phys. Lett. A 337 (2005) 329. F.L. Yan, T. Gao, Phys. Rev. A 72 (2005) 012304.

[25] C. Schmid, P. Trojek, M. Bourennane, C. Kurtsiefer, M. Zukowski, H. Weinfurter, Phys. Rev. Lett. 95 (2005) 230505. [26] C.M. Li, C.C. Chang, T. Hwang, Phys. Rev. A 73 (2006) 016301. [27] G.P. He, Phys. Rev. Lett. 98 (2007) 028901. [28] L.F. Han, Y.M. Liu, S.H. Shi, Z.J. Zhang, Phys. Lett. A 361 (2007) 24. [29] F.G. Deng, G.L. Long, Phys. Rev. A 69 (2004) 052319. [30] M. Lucamarimi, S. Mancini, Phys. Rev. Lett. 94 (2005) 140501. [31] Z.J. Zhang, Y. Li, Z.X. Man, Phys. Rev. A 71 (2005) 044301. [32] F.G. Deng, X.H. Li, H.Y. Zhou, Z.J. Zhang, Phys. Rev. A 72 (2005) 044302. [33] S.J. Qin, F. Gao, Q.Y. Wen, F.C. Zhu, Phys. Lett. A 357 (2006) 101. [34] F.G. Deng, X.H. Li, H.Y. Zhou, Z.J. Zhang, Phys. Rev. A 73 (2006) 049901. [35] L.F. Han, Y.M. Liu, J. Liu, Z.J. Zhang, Opt. Commun. 281 (2008) 2690. [36] S.J. Qin, F. Gao, Q.Y. Wen, F.C. Zhu, Opt. Commun. 281 (2008) 5472. [37] S.J. Qin, F. Gao, Q.Y. Wen, F.C. Zhu, Phys. Rev. A 76 (2007) 062324. [38] X.H. Li, F.G. Deng, H.Y. Zhou, Phys. Rev. A 74 (2006) 054302. [39] A. Cabello, Phys. Rev. Lett. 85 (2000) 5635. [40] G.L. Long, X.S. Liu, Phys. Rev. A 65 (2002) 022317.