# Quantum Identity Authentication in the Counterfactual Quantum Key Distribution Protocol

^{1}

^{2}

^{3}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Review of the Counterfactual Quantum Key Distribution Protocol

_{2}; FM is the faraday mirror, which reflects the pulse while turns the state of the pulse to the orthogonal polarization; and D

_{1}can discriminate the polarizations of the pulse. The processes can be described as follows.

_{A}, Alice randomly rotates the state of the single-photon pulse to $|H\rangle $ or $|V\rangle $. In Step (2), Bob randomly performs $U(0)$ or $U(\pi /4)$ to the coming pulse by adjusting the angle of HWP

_{B}to be 0 or $\pi /4$, where

_{A}. Here, we assume that S always emits a pulse in state $|V\rangle $. When Alice’s and Bob’s choices are 0 and $\pi /4$, respectively, the pulse in path b has been reflected back to BS at Alice’s side, the state of the photon after the pulse passes BS the second time will become

## 3. QIA in the Counterfactual QKD System

_{A}is set at the right side of BS (see Figure 3).

#### 3.1. The QIA Protocol Based on the Counterfactual QKD

_{A}. Ignoring the global phases, if Alice adjusts ${\alpha}_{A}$, the angle of HWP

_{A}, to 0, the state of the pulse remains $|V\rangle $, and if Alice adjusts ${\alpha}_{A}$ to $\pi /4$, the state changes to $|H\rangle $. Bob also randomly chooses to flip the state of the coming pulse or not, utilizing HWP

_{B}. The above processes are just the alternative version of the counterfactual QKD protocol.

**1. Key status exchange**. Alice and Bob exchange the status of their pre-shared authentication keys and choose the one with the smallest subscript among those keys which are “valid” on both Alice’s and Bob’s sides. We denote the bits of this key K as

**2. Authentication of Bob’s identity**. The first m pulses are used to authenticate Bob’s identity in the manner that Alice chooses her bit randomly and Bob always chooses bit 0, and both of the above choices are under control of the first m bits of K.

- 2.1
- Alice generates a random string ${R}_{A}$ with m bits$$\{{r}_{1},{r}_{2},\dots ,{r}_{m}\}.$$
- 2.2
- For the ith pulse Alice emits into the system, she sets the angle of HWP
_{A}as$$\frac{\pi}{4}\times {r}_{i}+\frac{\pi}{8}\times {b}_{i}.$$ - 2.3
- For the ith coming pulse, Bob sets the angle of HWP
_{B}as$$\frac{\pi}{8}\times {b}_{i}.$$ - 2.4
- Alice checks the results of ${D}_{0}$ and ${D}_{1}$. If ${D}_{1}$ clicks with the probability of 100% for the pulses where ${r}_{i}$ = 1, and for those ${r}_{i}$ = 0, ${D}_{0}$ and ${D}_{1}$ click with the probability about 25% and 25%, respectively, Alice believes Bob’s identity and they go on to Step 3, otherwise, Alice skips to the last step.

**3. Authentication of Alice’s identity**. In this step, Bob checks Alice’s identity with the help of the last n bits of K.

- 3.1
- Bob generates a random string ${R}_{A}$ with m bits$$\{{s}_{1},{s}_{2},\dots ,{s}_{m}\}.$$
- 3.2
- For the $(m+j)$th pulse, Alice sets the angle of HWP
_{A}as$$\frac{\pi}{8}\times {a}_{i}.$$ - 3.3
- For the $(m+j)$th coming pulse, Bob sets the angle of HWP
_{B}as$$\frac{\pi}{4}\times {s}_{i}+\frac{\pi}{8}\times {a}_{i}.$$ - 3.4
- Bob checks results of ${D}_{2}$. If ${D}_{2}$ never clicks when ${s}_{i}$ = 0 and clicks with the probability of 50% for both the two cases that $\{{s}_{i}$ = 1,${a}_{i}$ = $0\}$ and $\{{s}_{i}$ = 1,${a}_{i}$ = $1\}$, Bob believes Alice’s identity.

**4. Key status update**. Alice and Bob update the statuses of K as “invalid”.

#### 3.2. Correctness of the Proposed QIA Protocol

_{A}is

_{A}in the situation that ${\alpha}_{A}$=$\alpha $, ${\rho}_{PBS}({\alpha}_{1},{\alpha}_{2})$ to denote the state when the pulse first passes PBS in the situation that ${\alpha}_{A}$=${\alpha}_{1}$ and ${\alpha}_{B}$=${\alpha}_{2}$, and ${\rho}_{BS}^{\prime}({\alpha}_{1},{\alpha}_{2})$ to denote the state when the pulse passes BS the second time. For the situation of $\{\pi /8,\pi /8\}$,

#### 3.3. The Security Analysis for No-Error Cases

## 4. Authenticated Counterfactual QKD Protocol

**a**

**. Set-up**. For the main processes described above, ${p}_{i}$ is convergent when i gets larger, however it is much smaller than the convergence value for small is. For example, ${p}_{i}$ = 0 when i ≤ r. If the adversary only attacks these signals with smaller ${p}_{i}$, he is more likely to pass the participant’s test. Therefore, before the formal steps of the protocol, Alice and Bob should equalize ${p}_{i}$ for different is. ${l}_{r}$ pulses would be used in this stage, where

- ${a}_{1}$
- Alice emits ${l}_{r}$ single-photon pulses to the system one by one. For each pulse, Alice (Bob) randomly choose the angle of HWP
_{A}(HWP_{B}) to be one of {0, $\pi /8$, $\pi /4$, $3\pi /8$}. - ${a}_{2}$
- If the photon goes to Bob’s detector, i.e., ${D}_{2}$ clicks and ${D}_{0}$ and ${D}_{1}$ do not, they record a classical bit 1. If the photon goes back to Alice, i.e., ${D}_{0}$ or ${D}_{1}$ clicks and ${D}_{2}$ does not, they record a classical bit 0.
- ${a}_{3}$
- After all the ${l}_{r}$ pulses have been detected by the three detectors, Alice and Bob get a ${l}_{r}$ bit binary number. Then, they use a hash function to uniformly map the above number into the set $\{0,1,\dots ,4r\}$, and denote the result as ${f}_{r}$. Note that, for one single binary bit, the uncertainty is$$-\frac{1}{4}log(\frac{1}{4})-\frac{3}{4}log(\frac{3}{4})\approx 0.56.$$Alice and Bob produce ${l}_{r}$ signals here so that the uncertainty of the ${l}_{r}$ bits is larger than $log(4r+1)$, to make the value of ${f}_{r}$ totally random.

**b**

**. Signal transmission and identity authentication**. Utilizing the random number ${f}_{r}$ generated in last step, the participants start to distribute a new key while authenticate each other’s identity.

- ${b}_{1}$
- For the first ${f}_{r}$ pulses in this step, Alice and Bob perform the QKD process, i.e., they both randomly alter the angles of HWP
_{A}and HWP_{B}to be 0 or $\pi /4$ and record the clicking situation of each detector and the state of the photon if the detector has clicked. - ${b}_{2}$
- The $({f}_{r}+1)$th pulse is the first pulse for identity authentication. As in Steps 2.2 and 2.3 in the above QIA protocol, Alice alters the angle of HWP
_{A}to be $\pi /4\ast {r}_{1}$+$\pi /8\ast {b}_{1}$ and Bob alters the angle of HWP_{B}to be $\pi /8\ast {b}_{1}$, where ${b}_{1}$ is the first bit of the authentication key and ${r}_{i}$ is a random bit. - ${b}_{3}$
- From the $({f}_{r}+2)$th pulse, the participants start to insert the process of QIA into the QKD according to the random data of the clicks of the detectors. Precisely, each time the click times of ${D}_{2}$ reaches an integral multiple of r, they insert one round of the QIA process immediately until the authentication process for Bob’s identity has finished.
- ${b}_{4}$
- Alice checks Bob’s identity according to Step 2.4.
- ${b}_{5-8}$
- If the test for Bob’s identity passes, they continue to transmit the rest QKD signals and authenticate Alice’s identity by repeating the processes from ${b}_{1}$ to ${b}_{4}$ but perform the operations in Steps 3.2–3.4 instead of these in Steps 2.2–2.4, respectively.

**c**

**. Eavesdropping detection**. Alice and Bob first check the validity of each other’s identity. If the identity authentication passes, they continue to the rest part of the counterfactual QKD protocol to generate a new key and use part of the new key to update the authentication keys.

## 5. Conclusions

## Author Contributions

## Acknowledgments

## Conflicts of Interest

## Appendix A. Security of the Counterfactual QIA Protocol

#### Appendix A.1. Security of Bob’s Identity

_{A}the second time, the state turns to

_{0}and D

_{1}are not correct. We divide the probability that the adversary would be found into four parts. The first part is the probability that Alice detects a horizontal polarized photon,

_{0}when ${r}_{i}$ = 1,

_{0}and D

_{1}, and this part is related with the length of the authentication key and the required confidence of the users’ identities in the actual applications.

_{2}. If the authentication key bit is 0, after Bob’s operation, the whole state would become

#### Appendix A.2. Security of Alice’s Identity

## References

- Shor, P.W. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science, Santa Fe, NM, USA, 20–22 November 1994. [Google Scholar]
- Bennett, C.H.; Brassard, G. Quantum cryptography: Public key distribution and coin tossing. In Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, 9–12 December 1984. [Google Scholar]
- Lo, H.K.; Chau, H.F. Unconditional security of quantum key distribution over arbitrarily long distances. Science
**1999**, 283, 2050–2056. [Google Scholar] [CrossRef] - Shor, P.W.; Preskill, J. Simple proof of security of the BB84 quantum key distribution protocol. Phys. Rev. Lett.
**2000**, 85, 441–444. [Google Scholar] [CrossRef] - Scarani, V.; Bechmann-Pasquinucci, H.; Cerf, N.J.; Dusek, M.; Luetkenhaus, N.; Peev, M. The security of practical quantum key distribution. Rev. Mod. Phys.
**2009**, 81, 1301–1350. [Google Scholar] [CrossRef] [Green Version] - Long, G.-L.; Liu, X. Theoretically efficient high-capacity quantum key distribution scheme. Phys. Rev. A
**2002**, 65, 032302. [Google Scholar] [CrossRef] - Deng, F.-G.; Long, G.-L. Controlled order rearrangement encryption for quantum key distribution. Phys. Rev. A
**2003**, 68, 042315. [Google Scholar] [CrossRef] - Bostrom, K.; Felbinger, T. Deterministic secure direct communication using entanglement. Phys. Rev. Lett.
**2002**, 89, 187902. [Google Scholar] [CrossRef] [PubMed] - Lin, S.; Wen, Q.-Y.; Zhu, F.-C. Quantum secure direct communication with x-type entangled states. Phys. Rev. A
**2008**, 78, 064304. [Google Scholar] [CrossRef] - Gao, F.; Qin, S.-J.; Wen, Q.-Y.; Zhu, F.-C. Cryptanalysis of multiparty controlled quantum secure direct communication using Greenberger-Horne-Zeilinger state. Opt. Commun.
**2010**, 283, 192. [Google Scholar] [CrossRef] - Huang, W.; Wen, Q.-Y.; Jia, H.-Y.; Qin, S.-J.; Gao, F. Fault tolerant quantum secure direct communication with quantum encryption against collective noise. Chin. Phys. B
**2012**, 21, 100308. [Google Scholar] [CrossRef] - Cleve, R.; Gottesman, D.; Lo, H.K. How to share a quantum secret. Phys. Rev. Lett.
**1999**, 83, 648–651. [Google Scholar] [CrossRef] - Hillery, M.; Buzek, V.; Berthiaume, A. Quantum secret sharing. Phys. Rev. A
**1999**, 59, 1829. [Google Scholar] [CrossRef] - Yang, Y.-G.; Wen, Q.-Y.; Zhang, X. Multiparty simultaneous quantum identity authentication with secret sharing. Sci. China-Phys. Mech. Astron.
**2008**, 51, 321–327. [Google Scholar] [CrossRef] - Qin, S.-J.; Gao, F.; Wen, Q.-Y.; Zhu, F.-C. Security of quantum secret sharing with two-particle entanglement against individual attacks. Quant. Inf. Comput.
**2009**, 9, 765–772. [Google Scholar] - Lin, S.; Wen, Q.-Y.; Qin, S.-J.; Zhu, F.-C. Multiparty quantum secret sharing with collective eavesdropping-check. Opt. Commun.
**2009**, 282, 4455–4459. [Google Scholar] [CrossRef] - Wang, T.-Y.; Wen, Q.-Y. Security of a kind of quantum secret sharing with single photons. Quant. Inf. Comput.
**2011**, 11, 434–443. [Google Scholar] - Giovannetti, V.; Lloyd, S.; Maccone, L. Quantum private queries. Phys. Rev. Lett.
**2008**, 100, 230502. [Google Scholar] [CrossRef] [PubMed] - Jakobi, M.; Simon, C.; Gisin, N.; Branciard, C.; Bancal, J.-D.; Walenta, N.; Zbinden, Z. Practical private database queries based on a quantum-key-distribution protocol. Phys. Rev. A
**2011**, 83, 022301. [Google Scholar] [CrossRef] - Gao, F.; Qin, S.; Huang, W.; Wen, Q.Y. Quantum private query: A new kind of practical quantum cryptographic protocol. Sci. China Phys. Mech. Astron.
**2019**, 62, 70301. [Google Scholar] [CrossRef] - Gao, F.; Liu, B.; Huang, W.; Wen, Q.Y. Postprocessing of the oblivious key in quantum private query. IEEE J. Sel. Top. Quant.
**2015**, 21, 6600111. [Google Scholar] - Liu, B.; Gao, F.; Huang, W.; Wen, Q.Y. QKD-based quantum private query without a failure probability. Sci. China-Phys. Mech. Astron.
**2015**, 58, 100301. [Google Scholar] [CrossRef] - Wei, C.-Y.; Cai, X.-Q.; Liu, B.; Wang, T.-Y.; Gao, F. A generic construction of quantum-oblivious-transfer-based private query with ideal database security and zero failure. IEEE T Comput.
**2018**, 67, 2–8. [Google Scholar] [CrossRef] - Huang, W.; Su, Q.; Xu, B.-J.; Liu, B.; Fan, F.; Jia, H.Y.; Yang, Y.H. Improved multiparty quantum key agreement in travelling mode. Sci. China Phys. Mech. Astron.
**2016**, 59, 120311. [Google Scholar] [CrossRef] - Huang, W.; Wen, Q.-Y.; Liu, B.; Su, Q.; Qin, S.-J.; Gao, F. Quantum anonymous ranking. Phys. Rev. A
**2014**, 89, 032325. [Google Scholar] [CrossRef] - Xu, B.-J.; Chen, Z.-Y.; Li, Z.-Y.; Yang, J.; Su, Q.; Huang, W.; Zhang, Y.; Guo, H. High speed continuous variable source-independent quantum random number generation. Quantum Sci. Technol.
**2019**, 4, 025013. [Google Scholar] [CrossRef] [Green Version] - Noh, T.-G. Counterfactual Quantum Cryptography. Phys. Rev. Lett.
**2009**, 103, 230501. [Google Scholar] [CrossRef] - Kwiat, P.G.; White, A.G.; Mitchell, J.R.; Nairz, O.; Weihs, G.; Weinfurter, H.; Zeilinger, A. High-efficiency quantum interrogation measurements via the quantum Zeno effect. Phys. Rev. Lett.
**1999**, 83, 4725–4728. [Google Scholar] [CrossRef] - Hosten, O.; Rakher, M.T.; Barreiro, J.T.; Peters, N.A.; Kwiat, P.G. Counterfactual quantum computation through quantum interrogation. Nature
**2006**, 439, 949–952. [Google Scholar] [CrossRef] - Sun, Y.; Wen, Q.-Y. Counterfactual quantum key distribution with high efficiency. Phys. Rev. A
**2010**, 82, 052318. [Google Scholar] [CrossRef] - Yin, Z.-Q.; Li, H.-W.; Chen, W.; Han, Z.-F.; Guo, G.-C. Security of counterfactual quantum cryptography. Phys. Rev. A
**2010**, 82, 042335. [Google Scholar] [CrossRef] - Ren, M.; Wu, G.; Wu, E.; Zeng, H. Experimental demonstration of counterfactual quantum key distribution. Laser Phys.
**2011**, 21, 755–760. [Google Scholar] [CrossRef] [Green Version] - Brida, G.; Cavanna, A.; Degiovanni, I.P.; Genovese, M.; Traina, P. Experimental realization of counterfactual quantum cryptography. Laser Phys. Lett.
**2012**, 9, 247–252. [Google Scholar] [CrossRef] [Green Version] - Liu, Y.; Ju, L.; Liang, X.-L.; Tang, S.-B.; Tu, G.-L.S.; Zhou, L.; Peng, C.-Z.; Chen, K.; Chen, T.Y.; Chen, Z.-B.; et al. Experimental Demonstration of Counterfactual Quantum Communication. Phys. Rev. Lett.
**2012**, 109, 030501. [Google Scholar] [CrossRef] [Green Version] - Yin, Z.-Q.; Li, H.-W.; Yao, Y.; Zhang, C.-M.; Wang, S.; Chen, W.; Guo, G.-C.; Han, Z.-F. Counterfactual quantum cryptography based on weak coherent states. Phys. Rev. A
**2012**, 86, 022313. [Google Scholar] [CrossRef] - Zhang, S.; Wang, J.; Tang, C.-J. Security proof of counterfactual quantum cryptography against general intercept-resend attacks and its vulnerability. Chin. Phys. B
**2012**, 21, 060303. [Google Scholar] [CrossRef] - Zhang, S.; Wang, J.; Tang, C.J. Counterfactual attack on counterfactual quantum key distribution. Europhys. Lett.
**2012**, 98, 30012. [Google Scholar] [CrossRef] - Li, Y.-B. Analysis of counterfactual quantum key distribution using error-correcting theory. Quantum Inf. Process.
**2014**, 13, 2325–2342. [Google Scholar] [CrossRef] - Liu, X.; Zhang, B.; Wang, J.; Tang, C.; Zhao, J.; Zhang, S. Eavesdropping on counterfactual quantum key distribution with finite resources. Phys. Rev. A
**2014**, 90, 022318. [Google Scholar] [CrossRef] - Chen, Y.; Gu, X.; Jiang, D.; Xie, L.; Chen, L. Counterfactual quantum cryptography network with untrusted relay. Int. J. Mod. Phys. B
**2015**, 29, 1550134. [Google Scholar] [CrossRef] - Yang, X.; Wei, K.; Ma, H.; Sun, S.; Du, Y.; Wu, L. Trojan horse attacks on counterfactual quantum key distribution. Phys. Lett. A
**2016**, 380, 1589–1592. [Google Scholar] [CrossRef] - Salih, H.; Li, Z.-H.; Al-Amri, M.; Zubairy, M.S. Protocol for Direct Counterfactual Quantum Communication. Phys. Rev. Lett.
**2013**, 110, 170502. [Google Scholar] [CrossRef] - Cao, Y.; Li, Y.-H.; Cao, Z.; Yin, J.; Chen, Y.-A.; Yin, H.-L.; Chen, T.Y.; Ma, X.; Peng, C.Z.; Pan, J.W. Direct counterfactual communication via quantum Zeno effect. Proc. Natl. Acad. Sci. USA
**2017**, 114, 4920–4924. [Google Scholar] [CrossRef] [Green Version] - Zhang, S. Probabilistic direct counterfactual quantum communication. Chin. Phys. B
**2017**, 26, 020304. [Google Scholar] [CrossRef] - Zhang, J.-L.; Guo, F.-Z.; Gao, F.; Liu, B.; Wen, Q.-Y. Private database queries based on counterfactual quantum key distribution. Phys. Rev. A
**2013**, 88, 022334. [Google Scholar] [CrossRef] - Zhang, S.; Wang, J.; Tang, C.-J. Counterfactual Quantum Deterministic Key Distributionl. Commun. Theor. Phys.
**2013**, 59, 27–31. [Google Scholar] [CrossRef] - Salih, H. Tripartite counterfactual quantum cryptography. Phys. Rev. A
**2014**, 90, 012333. [Google Scholar] [CrossRef] - Shenoy, A.H.; Srikanth, R.; Srinivas, T. Counterfactual quantum certificate authorization. Phys. Rev. A
**2014**, 89, 052307. [Google Scholar] [CrossRef] - Guo, Q.; Cheng, L.-Y.; Chen, L.; Wang, H.-F.; Zhang, S. Counterfactual quantum-information transfer without transmitting any physical particles. Sci. Rep.
**2015**, 5, 8516. [Google Scholar] [CrossRef] [PubMed] - Li, Z.-H.; Al-Amri, M.; Zubairy, M.S. Direct counterfactual transmission of a quantum state. Phys. Rev. A
**2015**, 92, 052315. [Google Scholar] [CrossRef] - Arvidsson-Shukur, D.R.M.; Barnes, C.H.W. Quantum counterfactual communication without a weak trace. Phys. Rev. A
**2016**, 94, 062303. [Google Scholar] [CrossRef] [Green Version] - Wang, T.-Y.; Li, Y.-P.; Zhang, R.-L. Analysis of Counterfactual Quantum Certificate Authorization. Int. J. Theor. Phys.
**2016**, 55, 5331–5335. [Google Scholar] [CrossRef] - Guo, Q.; Zhai, S.; Cheng, L.-Y.; Wang, H.-F.; Zhang, S. Counterfactual quantum cloning without transmitting any physical particles. Phys. Rev. A
**2017**, 96, 052335. [Google Scholar] [CrossRef]

**Figure 1.**The schematic of the counterfactual QKD [27]. Here, C is the optical circulator; OD is the optical delay to make the two paths a and b be the same; OL is the optical loop and SW is the optical switch, which help Bob choose the pulse in specific polarization to the detector D

_{2}; FM is the faraday mirror, which reflects the pulse while turns the state of the pulse to the orthogonal polarization; and D

_{1}can discriminate the polarizations of the pulse.

**Figure 2.**The schematic of the alternative version of the counterfactual QKD [33]. The alternative version uses two half wave plates HWP

_{A}and HWP

_{B}, instead of the OL and SW, to implement the random choices of the participants. Another difference is that the alternative version uses mirrors (M) instead of faraday mirrors in the original one.

**Figure 3.**The schematic of the proposed QIA protocol and the authenticated QKD protocol. HWP

_{A}is set at right side of BS in our protocol instead of left in the alternative version. Since the polarizations of the pulses detected by D

_{0}is also used to detect the adversary in our protocol, we add a PBS and an additional detector in the D

_{0}.

**Figure 4.**The graphs of function ${p}_{r}(l)$ when r = 10 (the red line), 15 (the green line), and 20 (the blue ine).

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Liu, B.; Gao, Z.; Xiao, D.; Huang, W.; Zhang, Z.; Xu, B.
Quantum Identity Authentication in the Counterfactual Quantum Key Distribution Protocol. *Entropy* **2019**, *21*, 518.
https://doi.org/10.3390/e21050518

**AMA Style**

Liu B, Gao Z, Xiao D, Huang W, Zhang Z, Xu B.
Quantum Identity Authentication in the Counterfactual Quantum Key Distribution Protocol. *Entropy*. 2019; 21(5):518.
https://doi.org/10.3390/e21050518

**Chicago/Turabian Style**

Liu, Bin, Zhifeng Gao, Di Xiao, Wei Huang, Zhiqing Zhang, and Bingjie Xu.
2019. "Quantum Identity Authentication in the Counterfactual Quantum Key Distribution Protocol" *Entropy* 21, no. 5: 518.
https://doi.org/10.3390/e21050518