A simple protocol for certifying graph states and applications in quantum networks

We present a simple protocol for certifying graph states in quantum networks using stabiliser measurements. The certification statements can easily be applied to different protocols using graph states. We see for example how it can be used to for measurement based verified quantum compu- tation, certified sampling of random unitaries and quantum metrology and sharing quantum secrets over untrusted channels.


INTRODUCTION
Graph states are a family of multipartite quantum states, defined in one to one correspondance with a simple graph [1]. They are incredibly useful resources across quantum information, acting as the key entanglement resource for error correction [2], measurement based quantum computation [3], quantum secret sharing [4] and more [1]. Furthermore, they can be implemented in many different ways, for example in optics [5][6][7], [8,9] including on chip [10], in ion traps [11,12], super conducting qubits [13] and NV centres [14].
Many methods exist for testing graph states varying in the trust that must be assumed and the kind of statements that are made. With respect to trust assumptions, on the one hand techniques such as tomography [15] and entanglement witnesses [16] make assumptions about the source and measurements (essentially that they are honest but noisy). On the other hand tests which require the least trust, where neither the source nor the measurement devices are trusted, such as self testing [17], are incredibly demanding to implement in a way that closes all loopholes (necessary for security).
In this work we explore the mid ground, where (local) measurement devices are trusted, but sources and channels are not [7,[18][19][20]. Our statements of confidence are tailored to this end, following the language of quantum authentication [21], particularly suited to applications for quantum networks. At the end of the protocol one gets a quantum output -the state we want to use -and a classical output -which tells us weather we accept or reject. A successful test for us is then one that always accepts an ideal source, and outputs the ideal source state (completeness), and if it accepts, the state is not too far from the ideal state (soundness -see below for technical definitions). With this in hand, we see how it can be used for certification for various quantum network tasks, in particular for delegated computation, generation of randomness, quantum metrology and quantum secret sharing.
For a given graph G with vertices V , and denoting N (i) as the neighbours of i ∈ V , associating a qubit to each vertex, a graph state |G on |V | = n qubits is defined through the associated stabiliser equations where S i are the graph stabiliser operators, with generators S i := X i ⊗ j∈N (i) Z j associated to each of the N veritces, and X i and Z i are Pauli operators. We denote the full stabiliser group S = {S i } =< S 1 , ..., S n >, which has 2 N elements. We say that the graph state |G is shared amongst n players, who depending on the application may be in one physical location or distributed across a network. The idea of the protocol is very straightforward. The players ask the source for M copies of the graph state. They choose at random one of these to be used, and all the rest are tested by randomly choosing a stabiliser operator and checking it returns the value +1. Since the malicious parties (the source, channel... everything except the players) do not know which copy will be tested or used beforehand, the only way they will always pass all the tests is if the players receive the intended graph state each all M times.

PROTOCOL
Many variants of the protocol are possible, adapted in ways that may depend on the application or implementation at hand. For clarity we present one particular simple variant of a protocol. After we will comment on other possibilities. We start in the standard assumption that the honest parties, the players, share a secret classical key k = {r, t}, composed of r ∈ [1...M ], t = {t i } i =r , t i ∈ [1, ..., 2 n ] denoting K the set of all keys (k ∈ K). The protocol follows the steps below.
1. The source distributes M n-partite systems to the n players. In the honest case, this will be M copies of the graph state |G .
2. For copy i = r, each player performs their part of the measurement of stabiliser S ti . If all the stabilisers output value +1, Accept, otherwise Reject.
3. For copy r the state is the quantum output of the protocol.
The variable M plays the role of security parameter (see (9)). We briefly comment on some variants. Different parts of the protocol can be changed depending on the application. Indeed even the way the secret keys are shared even before the first step may vary, as we will see for the application to secret sharing. The way that the outcomes of the test in step 2 is shared and acceptance or rejection decided may be important for different cases, for example if some players in the network are dishonest or not trusted. One may also want to lower the accept threshold in step 2 to allow for noisy resource states, for example accepting if something less than 100% of stabiliser tests give the correct output +1. We will come back to these variants at different points later, but for now we continue with the simplest version presented above.

SECURITY
We first formalise our notions of security. For simplicity we encode the classical output as orthogonal quantum states |ACC R for accept and |REJ R for reject. The output state will in general depend on the classical key k = {r, t}. For each key k ∈ K, we denote the output state of the players plus classical reference system as ρ k . We say the protocol is ǫ-secure if it satisfies the following two properties • Completeness. If the players recieve M copies of the ideal resource state |G , then for all keys k • Soundness. Denoting the expected output state over all key strings as ρ out := 1 |K| k∈K ρ k , and denoting the projection P f ail := (I − |G P G|) ⊗ |ACC R ACC|, then Completeness is trivially guaranteed since the test uses the stabilisers of the state itself, so it will always accept. Soundness follows through a similar reasoning to that in [20]. Let us denote by ρ the state of all the M.n systems that the players receive in step 1 of the protocol. In order to bound (3) we only need to to consider the output state conditioned on accept, let us denote it by ρ ACC . To find this we start with the fact that for a given key k = {r, t}, the projection corresponding to accepting all M − 1 tests can be written as : From this we have that ρ ACC can be written as with ρ r,t = 1 Tr(M r,t accept ρ) where A c denotes the complement of set A.
Putting this together, we obtain where Note that Q is hermitian and positive. It then remains to check that all eigenvalues of Q are smaller than 1, for which a proof can be found in the appendix. It then follows that for all source states ρ.
The protocol also has natural extensions for higher prime dimensional graph states, where proofs also follow straightforwardly.
We now present several applications, where the security follows directly as above with a simple application of our protocol, or slight variants of the security statement are made (verified t-designs) or some of the variants of the simplest protocol mentioned above give the utility required (quantum secret sharing).

APPLICATIONS
We focus on applications that can be considered as completely positive trace preserving (CPTP) map Γ acting on the quantum output. Since fidelity is monotonic under CPTP maps, the usefulness or soundness is preserved. This is the case, for example, when further interaction with the source is not required to run the protocol.
Formally, with respect to the CPTP application Γ one defines a new fail projector, Due to the monotonicity of fidelity, (3) implies that We now go through some examples of applications.

Verified blind quantum computation
In verified blind quantum computation a technologically limited Alice wishes to delegate some quantum computational task to a server, Bob, in such a way that Bob does not get information about the computation (blind), and moreover, that she can be confident the computation has been carried out correctly (verified). There are many techniques to achieve this -see [22] for a very recent overview.
In our scenario Alice is limited to single qubit measurements. Clearly this, on its own, is not enough for universal quantum computation. However, in measurement based quantum computation (MBQC), universal quantum computation is achieved by single qubit measurements on a graph state, with feed forward [3]. Importantly the measurements can be made one qubit at a time. Thus, if Alice asks Bob to provide her with a universal graph states, either cluster states [3] or brickwork states [23] for example -Alice can perform the computation she wants. Moreover this is blind to Bob -he gets only minimal information, an upper bound to the size of the computation (given by the size of the graph state Alice asks for). To verify the computation Alice can simply apply our protocol to test and use a universal graph state of her choice.
One has the same notions of completeness and soundness as those above, replacing the graph state by the ideal output of the computation. Completeness follows immediately from the universality of the chosen graph state. For soundness, we simply note that Alice's measurement sequence, which affects the computation, can be understood entirely as a CPTP map on the quantum output of our protocol. In this way, the condition (11) ensures soundness also. More specifically, if we denote the ideal output of a computation as ρ comp ideal , and the average output of a given computation ρ comp out , the failing projector becomes P comp F ail := (I − ρ comp ideal ) ⊗ |ACC ACC|, and we have from (11) a verification soundness condition (see e.g. [24]), Note that, compared to [24], this scaling with resources is poor. We will talk about this in the conclusions. We also note that the idea of testing graph states for MBQC computation has been presented before in several measurement based verification schemes, e.g. [25], [26]. Indeed, this application of our protocol is almost identical to the verified computation scheme in [26], the main differences being in the specifics of the test (we measure settings chosen from all stabilisers, they a subset) and the figure of merit used (we use the correctness and soundess above, they use the language of hypothesis testing). We present it here simply as an alternative possible scheme, with similar characteristics. As pointed out in [26], this scenario is suited to performing fault tolerant computation, since Alice could equally ask Bob for a resource graph state for fault tolerant computation, for example the topological scheme in [27] using 3D cluster states. This was the idea of the fault tolerant verified computation presented in [28], note however that this works only if the errors on Alice's measurement device are assumed to be independent from anything happening on Bob's side.

Verified t-designs
Graph states can also be used to sample from a random ensemble of unitaries -this is effectively MBQC without correction, where the measurement outcomes index which unitary is implemented. In particular, in [29] it was shown that ensembles with a particularly useful property of being t-designs can be efficiently sampled using graph states. A t-design is an ensemble of unitaries with the property that its statistical moments match those of a Haar ensemble up to order t, with applications across quantum information and physics, for example in estimating noise [30], private channels [31], modelling thermalisation [32], photonics [33], and even black hole physics [34]. Later in [35] this approach was developed to show that efficient t-designs can be generated using a regular lattice similar to the brickwork state. Both results rely heavily on the construction of [36,37] using random circuits.
Our protocol can be used to certify the application of a t-design random unitary onto an input, where the source of the graph state is not trusted. For each set of measurement outcomesm, we denote the applied CPTP map on the graph state as Γm. For simplicity we consider the action of the induced unitary on the input vertices I ⊂ V corresponing to inputs in the state |+ . Then [29,35] state that measurement resultm, occuring with probability pm applies a unitary on the input |+ ⊗|I| such that the ensemble {pm, Um} is an approximate tdesign (see [29] for detailed definitions). For security of verified t-designs one can replace the graph state in the definitions (2),(3) by the output state (13). The soundness is then guaranteed for eachm by (11). It can easily be seen that one can flip this around to give a statement on the fidelity, where P acc is the probability of passing the tests and ρ ACC is the output of the protocol conditioned on accepting.

Quantum Metrology
In quantum metrology entangled states are used to measure with more precision than is possible with classical probes [38]. The general setting can be understood as an interferometer which imparts a phase ψ on one arm, each time a system passes through it. The idea is to send in many probes N in an entangled state ρ, whereafter measurements can reveal the phase with higher precision than possible sending in separable states.
How well this process allows the parameter ψ to be estimated is quantified by the Quantum Fisher Information, F Q (ρ). Note, as indicated by the notation, for a simple interferometer the quantum Fisher information is independent of the value of ψ since it is unitarily encoded [39,40]. In particular, for ν independent repetitions of the process, the precision is characterised by the mean squared error ∆ 2ψ of a (consistent and unbiased) estimatorψ, which is lower bounded by the Quantum Cramér-Rao Bound [41], For the standard interferometer, the best possible scaling with N is achieved by the N -party GHZ state The GHZ state is locally equivalent to a graph state for the fully connected graph. Our certification protocol can easily be adapted using the same local unitaries to test ρ GHZ (simply by rotating the test measurements accordingly).
In [40] they show that the quantum Fisher information of two states differs by an amount bounded by their fidelity if ρ or σ are pure. That is, if two states are close, as measured by their fidelity, their usefulness for quantum metrology is close. Given the fidelity bound implied by our test (14), we see that the quantum Fisher information is also bounded. For the rotated protocol testing a GHZ states, given the output state conditioned on accepting ρ ACC , we have, Secret sharing over untrusted channels In quantum secret sharing a dealer wishes to distribute a secret quantum state amongst N players such that only certain subsets of players can access the secret -the authorised sets. It was shown in [4,42] that any secret sharing scheme can be implemented using graph states.
However, these rely on the trusted sharing of the graph state. If we are careful, a variant of our protocol can be used to boost these protocols to one where the network of dealer and players do not need to trust the source of the graph state or the channels used to share them.
There are two important subtleties in the application of our protocol here, stemming from the fact that unauthorised sets of players should be treated as adversaries. Firstly, it makes their inclusion in the stabiliser tests not ideal. Secondly, if they also have access to the random key k this could potentially allow attacks. In [20] a protocol was presented which can be understood as a variant of the application of our scheme where i) the stabiliser tests are restricted to an authorised set, and ii) the classical key k is distributed by a classical secret sharing scheme, with the same access structure. A proof of principle example of this protocol was implemented in [7], demonstrating its simplicity.

CONCLUSIONS
In this work we have presented a protocol for certifying graph states and a few applications in quantum networks. There are clearly some applications that our protocol would not be suited for -namely ones where further interactions are required with Bob. Such interactions may allow for Bob to correlate his strategy in cheating the 'test' part to the future applications potentially threatening functionality (be it security or otherwise). Nevertheless its simplicity lends itself to many applications as we have seen, not only in the form of protocol presented here, but also its suitability to permit variants, as with secret sharing. A simple variant can also deal with noisy states for example, where one would not expect, even an honest noisy source to pass all the time. In such a case one can change the accept requirement to require some smaller portion of correct answers. One can adapt the security statements and proofs to this end without too much difficulty.
We end with a discussion on scaling of soundness condition with S. In the kind of protocol presented here, it is impossible to beat the 1/S scaling. This is clear simply because a malicious party can behave honestly for all but one requested state, and send one false/dishonest state. With probability 1/S the malicious party's choice of when to be dishonest coincides with the users choice of which one would be used and not tested, so strategy passes the test perfectly yet the state can be arbitrarily far from the ideal one and potentially ruin whatever application. Thus in order to beat the 1/S scaling one expects to need some more entanglement. This can be done, for example, by encoding the desired state on some randomly chosen error correcting code -the essential trick used in the original authentication paper by Barnum et al [21]. Such an approach can give an exponential scal-ing in security with the number of systems sent. The downside now is that the entanglement required scales with the security. This then suggests a tradeoff between entanglement and scaling.
In this context, the advantage of our protocol is that, for many applications, the difficulty in implementing a certified version of an application becomes only the same difficulty as producing the same resource state many times, rather than asking for much more difficult larger, scaling, entanglement. In optics for example, this advantage makes certified secret sharing possible [7], doing so an entangled code version would require impractical scaling in entanglement.