A New Semi-Quantum Two-Way Authentication Protocol between Control Centers and Neighborhood Gateways in Smart Grids

To address the potential threat to the power grid industry posed by quantum computers and ensure the security of bidirectional communication in smart grids, it is imperative to develop quantum-safe authentication protocols. This paper proposes a semi-quantum bidirectional authentication protocol between a control center (CC) and a neighboring gateway (NG). This method uses single photons to facilitate communication between the CC and the NG. Security analysis demonstrates that the protocol can effectively resist common attack methods, including double CNOT attacks, impersonation attacks, interception-measurement-retransmission attacks, and entanglement-measurement attacks. Comparisons with other protocols reveal that this protocol has significant advantages, making it more appealing and practical for real-world applications. Finally, by simulating the protocol on the IBM quantum simulator, this protocol not only validates the theoretical framework but also confirms the practical feasibility of the protocol.


Introduction
Smart grids revolutionize lifestyles by employing cutting-edge technologies, optimizing grid performance, dependability, and promoting the widespread adoption of renewable energy sources [1,2].However, their complex interconnections and incorporation of advanced software and hardware systems make smart grids vulnerable to a variety of security threats.The challenges include identity forgery, unauthorized access, data privacy infringements, and denial-of-service assaults.These challenges have the potential to cause security concerns such as power system failures, user data breaches, and financial losses [3][4][5].
Currently, the aforementioned security challenges are primarily addressed using traditional encryption and authentication methods [6,7].However, most of these methods depend on fundamental mathematical problems such as large integer factorization and discrete logarithm problems, which are susceptible to quantum computer attacks [8,9].To mitigate this issue, researchers have proposed incorporating quantum technology into smart power systems to enhance the security of smart power networks.Quantum technology offers unique advantages in smart grids.First, quantum key distribution (QKD) technology is used to distribute keys, effectively preventing information from being eavesdropped on or tampered with [10].Second, quantum authentication technology is used for efficient identity verification, ensuring the security and integrity of communications and data exchange [11].Research indicates that the inability to establish effective identity authentication between senders and receivers is a primary factor causing security risks in smart grids [12][13][14].Therefore, integrating quantum-based identity authentication into smart grids is crucial.This integration can provide highly secure communications while meeting the complex operational and management needs of smart grids, such as remote control, smart energy trading, and user privacy protection, as shown in Figure 1.Since Crepeau proposed the first quantum identity authentication protocol [15] in 1997, development of protocols based on both entangled and non-entangled states have continued [16][17][18][19].In practice, implementing devices with quantum capabilities, especially in smart grids, is both expensive and impractical.Thus, in practical application of quantum cryptography it is very important to limit the quantum capabilities of participants.In 2007, Boyer introduced the half-quantum concept to improve the practical implementation of quantum cryptographic protocols [20].The half-quantum concept allows some participants to have partial quantum capabilities: (1) measuring particles using the Z basis; (2) preparing Z-based particles; (3) rearranging the positions of particles; and (4) directly returning particles.Subsequently, a number of half-quantum cryptographic protocols have been proposed for various tasks [21][22][23][24][25][26][27][28].
As an important part of the modern power system, the security of the smart grid directly affects the reliable supply of electricity and stable operation of the system.Because smart grids involve many devices and nodes, traditional quantum cryptographic protocols may encounter high costs and complexity in practical applications.Semi-quantum cryptographic protocols provide a solution that reduces equipment complexity and cost while maintaining high security.Therefore, the use of semi-quantum cryptographic protocols in smart grids can not only improve the security of the system but also reduce implementation costs and technical barriers, thereby promoting widespread application in practical scenarios.As shown in Figure 1, the Control Center (CC) is situated at the core of the smart grid's fundamental structure.It functions as the central hub that oversees, manages, and makes decisions within the power system.The Neighborhood Gateway (NG) serves a crucial role as middleware, facilitating the transmission of information from the power system and connecting terminal equipment with upper-layer systems.Security concerns between the CC and NG directly affect the overall stability of the power system [29][30][31][32].Therefore, this paper proposes a semi-quantum two-way authentication technology that uses single photons for communication between the CC and the next NG.The CC has full quantum capabilities, while the NG has partial quantum capabilities, specifically using Z-based measurement particles, preparing Z-based particles, rearranging particle positions, and directly returning particles.The protocol is resistant to common attack methods such as double controlled NOT (CNOT) attacks, impersonation attacks, interception measurement retransmission attacks, and entanglement measurement attacks.Additionally, it significantly reduces the consumption of quantum resources and equipment requirements, effectively addressing the problem of identity forgery.
The rest of this paper is organized as follows: Section 2 describes the bidirectional authentication protocol flow in detail; Section 3 presents the security analysis of the protocol; Section 4 compares this protocol with other protocols; Section 5 provides an overview of the circuit simulation performed on the IBM platform; finally, Section 6 offers the conclusions.

Two-Way Authentication and Communication between NG and CC
This section details the semi-quantum two-way authentication protocol between the NG and CC.The protocol comprises three discrete phases: initialization, authentication, and data transport.The specific process is shown in Figure 2.
Table 1.Rules for generating quantum bit sequences Q i from shared key sequences K i .
Step 3: The CC operates on each bit in S i to generate Apply the encoding rule to generate the classic bit sequence MR A from T, where the encoding rule is: |0⟩ represents 0, and |1⟩ represents 1. CC rearranges the positions of Q, S, and T according to the shared key sequence K to form Q A , and CC transmits Q A to NG.The rearrangement rules are as follows: When K i = 00 or K i = 01, CC inserts T i after Q i and S i before Q i .When K i = 10 or K i = 11, CC inserts T i before Q i and S i after Q i .
To make the above steps clearer, assume n = 4, the key sequence K = {00, 01, 10, 11}, and the quantum bit sequence

Authentication Phase
Step 4: After receiving Q A , NG uses the shared key sequence K and the aforementioned arrangement rules to reconstruct Q ′ , S ′ , and T ′ .NG retains S ′ and T ′ , and then proceeds with the following operations on Q ′ : When Step 5: After receiving Q B , CC performs the following operations based on the key K: If K i = 00/01, CC calculates Q Bi based on Z and records the result as Z A .
If K i = 10/11, CC calculates Q Bi based on X and records the result as X A .Subsequently, CC verifies whether Z A and X A are derived from the key K to ensure the security of the channel, and then announces the value of Z A .Specifically, according to Table 1 If the above conditions are met, the authentication channel is considered secure, and CC then announces Z A .Otherwise, it is considered that there is an eavesdropper in the channel, and the protocol is terminated and restarted.
Step 6: NG compares the value of Z B with the value announced by CC.The authentication procedure will fail if Z A ̸ = Z B .If Z A = Z B , NG will successfully verify CC.Subsequently, NG measures the values of T ′ and S ′ based on Z, documents the results as Z T and Z S , compares them to determine ID * , and ultimately announces ID * .
Step 7: CC compares the value of ID with the value announced by NG.If ID ̸ = ID * , the authentication process will fail.If ID = ID * , CC will successfully verify NG.

Data Transport Phase
Step 8: After mutual authentication, NG stores the measurement result Z T as the classic bit sequence MR B , where |0⟩ represents 0, and |1⟩ represents 1. NG then performs an XOR operation on its own data information m B and MR B , obtaining B = m B ⊕ MR B .
Step 9: Similarly, CC performs an XOR operation on its data information m A and MR A to produce A = m A ⊕ MR A .CC and NG then declare A and B. Throughout this procedure, CC can determine the information of NG's data m B by calculating m B = B ⊕ MR A .

Security Analysis
The primary security concern during the identity authentication process is the possibility of identity forgery.To successfully form an identity, the attacker must have knowledge of the shared key sequence K used by the participants.The potential attacker in this case is an external threat known as Eve.Eve can employ various attack strategies, including double CNOT attacks, impersonation attacks, intercept-measure-resend attacks, entanglement measurement attacks, etc. to obtain the key sequence K.In this section, we perform a thorough analysis to determine whether Eve can illegitimately fabricate an identity by acquiring the shared key sequence K through the mentioned attack strategies, bypassing the identity authentication process successfully.

Double CNOT Attack
Eve can execute a double CNOT attack to gather information about the photons in transit, thereby acquiring the shared key sequence K.To carry out this assault, Eve prepares the auxiliary quantum state |q⟩ ei to perform the CNOT operation on each photon in Q Ai and Q Bi .Here, the |q⟩ ei is used as the target qubit, while Q Ai and Q Bi are used as the control qubits.
Eve intercepts the quantum state Q A i that is transmitted from the CC to the NG in Step 3. Afterward, the CNOT operation is performed on each photon in the quantum register Q A , denoted as U CNOT Q Ai .To be more precise: (1) After performing the CNOT operation, the state of the qubit Q A is updated and recorded as (5) The above formula shows that the quantum state |q⟩ e remains unchanged.Eve is unable to carry out a measurement on the auxiliary qubit to gather information about the specific transporting photon.Thus, when Eve executes the attack, it is only feasible to discern the exact state of the moving photon by probabilistic means, and no valuable information can be acquired.

Impersonation Attack
If the attacker Eve impersonates NG or CC, she will try to complete fake authentication by randomly preparing qubits, sending qubit sequence, and performing single-qubit measurement.Supposing that Eve attempts to mimic CC, she stochastically chooses and creates 3n qubits from the set {|0⟩, |1⟩, |+⟩, |−⟩} to construct Q A , which she subsequently transmits to NG. NG performs the same action as explained in Step 4 and sends Q B to Eve.Due to Eve's lack of knowledge of the shared key sequence K, she is unable to accurately determine the value of Z A .If Eve successfully authenticates, the condition Z A = Z B must be met, where Z A ∈ {0, 1} n .Consequently, the probability of Eve's successful authentication is ( 1 2 ) n , and the probability of authentication failure is denoted as 3, if n is large enough, P 1 is approximate to 1. Consequently, NG's attempt to authenticate Eve will fail.) n , as the number of photons n increases, the detection probability P 2 tends towards 1. Figure 4 illustrates the correlation between the quantity of photons n needed to counteract this assault and the probability.

Intercept-Measure-Resend Attack
To acquire the shared key sequence K between the NG and the CC, Eve employs an intercept-measure-resend attack.In Step 3, Eve intercepts and measures the value of Q A .Subsequently, she constructs a fresh sequence of photons, denoted as Q A ′ , utilizing the acquired measurement results.Finally, Eve transmits this new sequence to Subsequently, at Step 4, Eve intercepts Q B , performs similar measurements to generate Q ′ B , and sends it to CC.Without knowing the shared key sequence K between the CC and the NG, Eve cannot determine the original location of Q B .Therefore, Eve cannot gain any valuable knowledge.After receiving Q B ′ , CC utilizes the shared key sequence K to measure Q B ′ and authenticate its security.The possible states of each photon in Q B ′ are limited to {|0⟩, |1⟩, |+⟩, |−⟩}.The probability of Eve successfully passing the inspection is ( 1 4 ) n , while the probability of the CC detecting Eve's attack is As the number of photons n increases, the detection probability P 3 tends toward 1.It can be inferred that Eve's presence can be discovered when executing an intercept-measure-resend attack.

Entanglement Measurement Attack
We assume that Eve uses the auxiliary state |e⟩ to carry out the entanglement attack.Eve captures the photon sent from CC to NG, applies U operation to the captured photon and auxiliary state |e⟩, and then sends the modified photon to NG.After NG returns the photon to CC, Eve measures her auxiliary state |e⟩ to obtain information about the key sequence K, as follows: Suppose that Eve employs the auxiliary state |e⟩ to carry out the entanglement assault.Eve captures the photons sent from CC to NG, applies U operations to both the captured photons and the auxiliary state |e⟩, and then sends the modified photons to NG.After NG returns the photon to CC, Eve measures her auxiliary state |e⟩ in order to obtain relevant information about the key sequence K, as described below: where |α| 2 + |β| 2 = 1 and |ε| 2 + |δ| 2 = 1.

Efficiency Analysis
In this section, we define the quantum bit efficiency as [33] η = b s q t +b t , where b s represents the expected bits obtained after consuming quantum bits in the protocol, q t represents the quantum bits consumed in the protocol, and b t represents the bits consumed using the classical channel.In this protocol, CC generates 3n-bit single particles in the initial stage, NG measures and generates n/2-bit single particles in the authentication stage, while the CC and NG share 2n-bit key sequence.The values Z A and Z B used for authentication are n/2-bit, ID * is n-bit, MR A and MR B used for data transmission are n-bit.Therefore, the quantum bit efficiency of the protocol is η = n/2+n+n 3n+n/2+2n × 100% ≈ 45.5%.This section compares the proposed protocol with previous protocols in terms of quantum resources, involvement of third parties, bits of shared keys, bidirectional authentication, and quantum bit efficiency, as illustrated in Table 2.

Ref. [24]
Ref. [25] Ref. [26] Ref. [27] Ref. [ According to Table 2, this protocol has several advantages over previous ones.First, it uses single particles as quantum resources, which are simpler to implement compared to protocols that require more complex entangled states, such as Bell states or GHZ states.Second, it does not require the participation of a third party, which not only enhances security but also reduces potential points of failure.Additionally, the protocol achieves a quantum bit efficiency of 45.5%, which is significantly higher than that of other protocols.Finally, the protocol supports two-way authentication, providing a more secure communication channel.These advantages make the protocol more attractive and practical in real-world applications.

Simulation Experiments on IBM Platform
Simulating circuits serves multiple purposes, such as elucidating protocol fundamentals, validating correctness, and affirming feasibility through tangible examples of communication processes.Based on the protocol described in Section 2, we can follow the steps below to simulate its various stages on the IBM Quantum Cloud Platform, explaining the role and results of each step.
Assuming the shared key sequence K : {10, 11, 00, 10, 01}, according to Table 1, the Control Center (CC) generates the quantum state sequence Q : {|+⟩, |−⟩, |0⟩, |+⟩, |1⟩}, the spe- cific quantum circuit is depicted in Figure 5a   After receiving Q A , NG reconstructs Q ′ , S ′ , and T ′ according to the key sequence K.It measures Q ′ and generates a quantum state identical to the measurement result, the specific quantum circuit is depicted in Figure 5b,c and the measurement result is illustrated in Figure 7a.Subsequently, CC measures the particle returned by NG according to the same key sequence K, the specific quantum circuit is shown in Figure 5d, and measurement result is displayed in Figure 7b.
From the quantum circuit diagrams and measurement results, it is evident that in NG's measurements, the position of C [2] in the classical memory is 0, and C[0]'s position is 1, denoted as Z B : {0, 1}.In contrast, in CC's measurements, the positions of C [2] and C[0] are 0 and 1 respectively, denoted as Z A : {0, 1}.Thus, Z A = Z B , indicating NG successfully authenticates CC.NG then measures S ′ and T ′ , the specific quantum circuit is shown in Figure 6.From Figure 7c,d The security and reliability of smart grids represent significant challenges in modern power systems.Through the simulation process outlined above, it is evident that the proposed protocol utilizes fundamental principles of quantum mechanics to ensure secure key distribution.By integrating quantum states with classical information, the protocol authenticates the identities of communicating parties, verifies data integrity and authenticity, prevents transmission tampering, and effectively mitigates man-in-the-middle attacks.Moreover, the protocol's steps for reconstruction and measurement effectively counteract errors induced by environmental noise, thereby enhancing system reliability.In terms of practicality, the advancement of quantum computing technology provides a solid technical foundation for implementing this authentication protocol.As a semiquantum authentication method, it notably reduces equipment requirements and resource consumption.In conclusion, this protocol not only addresses practical challenges in smart grid security but also delivers dependable security assurances for future developments in power systems.

Conclusions
In this paper, a new two-way authentication protocol is proposed to protect the power grid industry against potential threats from quantum computers.Compared with traditional methods, the proposed semi-quantum protocol leverages quantum principles while minimizing the need for quantum resources.This approach offers a practical solution for smart grids, enhancing security without requiring major modifications to existing infrastructure.A comparison with existing protocols shows that the proposed protocol has high quantum bit efficiency, making it more attractive and feasible for practical applications.Security analysis demonstrates that the protocol can resist common attack strategies and ensure the integrity of communications.Circuit simulations were performed on an IBM platform to verify the theoretical framework, confirm the feasibility of the protocol, and ensure its compliance with quantum principles.It is important to emphasize that the proposed protocol can be implemented with existing technologies.
and performs in Step 4 to generate Q B ′ based on the shared key K and sends it to CC. Eve intercepts Q B ′ and performs a CONT operation on each photon in Q B ′ , following these steps: U CNOT (|0⟩ B ⊗ |q⟩ e ) = |0⟩ B ⊗ |q⟩ e .

Figure 3 .
Figure 3. Detection probability of Eve impersonating CC.Supposing that Eve attempts to mimic NG, Eve's lack of knowledge about the key sequence K prevents her from recovering Q 1 , S 1 , and T 1 based on K. Instead, she can only generate n photon sequences Q B by randomly selecting from the set {|0⟩, |1⟩, |+⟩, |−⟩} and sending them to CC.To successfully obtain CC certification, Eve must have a value of Q B that is precisely identical to the value of Q. Eve must have precise knowledge of the exact state of every photon in Q.The possible states of each photon in Q are limited to {|0⟩, |1⟩, |+⟩, |−⟩}.Therefore, the probability of Eve passing the authentication is ( 1 4 ) n , the probability that Eve will fail to imitate CC authentication is P 2 = 1 − ( 1 4 ) n , as the

Figure 5 .
Figure 5.Quantum circuit diagram for CC authenticate NG.The diagram in (a) shows the quantum state generation by CC, while diagrams (b,c) depict the process where NG measures the quantum state based on K and generates the same quantum state according to the measurement results.Diagram (d) illustrates the circuit where CC measures the quantum state sequence returned by NG.

Figure 6 .
Figure 6.Quantum circuit diagram for NG authenticate CC.Diagram (a) shows the circuit for generating the quantum state sequence S by CC, while diagram (b) illustrates the circuit for generating the quantum state sequence T by NG.

Figure 7 .
Figure 7. Measurement results.In (a), the diagram shows the measurement results of NG as illustrated in Figure 5b.Diagram (b) represents the measurement results of CC as shown in Figure 5d.Diagrams (c,d) depict the measurement results of NG as illustrated in Figure 6a,b.
records the measurement result as Z B , generates the same state as the measurement result, and returns it to CC.When K i = 10/11, NG immediately sends Q i ′ back to CC without performing any additional processing.All photons that are returned by NG are labeled Q B .