One-to-Many Simultaneous Secure Quantum Information Transmission

This paper presents a new quantum protocol designed to simultaneously transmit information from one source to many recipients. The proposed protocol, which is based on the phenomenon of entanglement, is completely distributed and is provably information-theoretically secure. Numerous existing quantum protocols guarantee secure information communication between two parties but are not amenable to generalization in situations where the source must transmit information to two or more parties, so they must be applied sequentially two or more times in such a setting. The main novelty of the new protocol is its extensibility and generality to situations involving one party that must simultaneously communicate different, in general, messages to an arbitrary number of spatially distributed parties. This is achieved by the special way employed to encode the transmitted information in the entangled state of the system, one of the distinguishing features compared to previous protocols. This protocol can prove expedient whenever an information broker, say, Alice, must communicate distinct secret messages to her agents, all in different geographical locations, in one go. Due to its relative complexity, compared to similar cryptographic protocols, as it involves communication among $n$ parties, and relies on $GHZ_{n}$ tuples, we provide an extensive and detailed security analysis so as to prove that it is information-theoretically secure. Finally, in terms of its implementation, the prevalent characteristic of the proposed protocol is its uniformity and simplicity because it only requires CNOT and Hadamard gates, and the local quantum circuits are identical for all information recipients.


Introduction
In today's world, advocating for the significance of privacy and security in every facet of our lives as individuals hardly needs justification.Privacy is not just a fundamental constitutional right but a cornerstone that demands respect and safeguarding in all circumstances.This imperative has driven the development and deployment of robust technical tools aimed at securing our digital data.The pursuit of foolproof algorithms and protocols to protect our privacy from unauthorized access stands as a prominent theme in current research.However, this endeavor is far from simple, given that we've entered a new scientific epoch, the quantum era, offering the potential of unprecedented computational power.This untapped power introduces novel algorithms that have the potential to compromise the security provided by well-established classical methods.Two illustrative examples underscoring this point are Shor's algorithm [1] and Grover's algorithm [2].Shor's algorithm has the capability to factorize large numbers in polynomial time, posing a practical threat to public key cryptosystems.Grover's algorithm accelerates unordered search tasks and may also be leveraged to attack symmetric key cryptosystems like AES.
As of today, quantum computers with the potential to challenge the classical status quo have not materialized.However, recent remarkable progress, as exemplified by IBM's 127-qubit Eagle processor [3] and the more recent 433-qubit Osprey processor [4], suggests that this may change sooner than initially expected.It appears prudent, if not imperative, to enhance our algorithms and protocols significantly before they become a vulnerability to our security infrastructure.This tremendous effort has given rise to two new scientific fields: post-quantum or quantum-resistant cryptography and quantum cryptography.The former represents an evolutionary step from the current state of affairs [5,6,7,8], addressing security concerns by relying on carefully chosen computationally challenging problems, an approach that has proven effective thus far.The latter, quantum cryptography, capitalizes on the laws of nature, such as entanglement, monogamy of entanglement, the no-cloning theorem, and nonlocality, to establish unassailable security.
In our view, the long-term trajectory of cryptography inevitably leads to quantum cryptography, which stands as a pivotal and contemporary research focus.This transition arises from the overwhelming advantages offered by the fundamental properties of quantum mechanics.These properties not only enable the secure protection of information but also facilitate efficient information transmission through the utilization of entangled states, as initially proposed by Arthur Ekert [9].Ekert's groundbreaking E91 quantum key distribution protocol (QKD) demonstrated the feasibility of key distribution using EPR pairs.Following this seminal work by Ekert, the field of quantum cryptography experienced a rapid proliferation of entanglement-based QKD protocols [10,11,12,13,14,15].This proliferation has underscored the significance of this approach and has spurred the research community to further extend the field by exploring other cryptographic primitives, such as quantum secret sharing.Quantum cryptography harnesses these unique and potent quantum phenomena to design secure protocols for a wide array of critical applications, including key distribution [16,9,11,12,13,14,15], secret sharing [17,18,19], quantum teleportation [20], cloud storage [21,22], quantum Byzantine Agreement [23], and blockchain [24,25,26].
Another notable research direction in this field is Quantum Secure Direct Communication (QSDC for short) that was initiated in [27].The most important characteristic of QSDC, which distinguishes it from standard key distribution that establishes a common random key between two parties, is that QSDC transmits information directly and without using an existing key.The classical channel is employed only for detection purposes and not for transmitting information necessary to decipher the secret message.The intended recipient deciphers the secret information after receiving the quantum states via the quantum channel.For a though and comprehensive review of the current state of the field, we refer the reader to the recent [28].In a similar vein, the concept of Direct Secure Quantum Communication (DSQC) was initially proposed and further pursued in [29,30,31] DSQC, also different from quantum key distribution, is designed to transmit a secret message directly without establishing in advance a shared random key to encrypt it.The characteristic trait of DSQC is that in order to decode the secret information, one additional classical bit is required for each qubit.We also mention the important concept of Quantum Private Comparison (QPC), which applies to situations where multiple users who do not trust each other want to conduct secure multi-party computation and obtain the results without revealing their private information.QPC allows all participants to obtain the privacy comparison results at the same time, while ensuring that the privacy information of each participant is confidential and cannot be stolen by other participants.For more details, one may consult the recent [32] and references therein.
In this work, we introduce a new entanglement-based protocol for one-to-many simultaneous secure quantum information transmission, or OtMSQIT for short.The characteristic property of the new protocol is its extensibility, as it can be seamlessly generalized to an arbitrary number of entities.The protocol is described as a quantum game, involving the usual suspect Alice.Although, Alice's agents are assumed too many to be named individually, in some small scale examples they are referred to as the usual sidekicks Bob and Charlie.It is expected that the pedagogical nature of games will make the presentation of the technical concepts easier to follow.Quantum games, from their inception in 1999 [33,34], have known great acceptance since quantum strategies are sometimes superior to classical ones [35,36,37].The famous prisoners' dilemma game provides such the most prominent example, which also applies to other abstract quantum games [34,38], which also applies to other abstract quantum games [39].The quantization of many classical systems can even apply to political structures, as was shown in [40].In the broader context of the use of game-theoretic While on the subject of games on unconventional environments, it is worth to point out that games in biological systems have recently attracted significant attention [41,42,43].It is interesting to observe that biological systems may give rise to biostrategies superior compared to the classical ones, even in the Prisoners' Dilemma iconic game [44,45,46,47,48].
Contribution.This paper presents a new quantum protocol designed to simultaneously transmit information from one source to many recipients.The proposed entanglement-based protocol is completely distributed and is provably information-theoretically secure.Although there many quantum protocols that achieve secure information communication between two parties, most of them are not amenable to generalization to situations where the source must transmit information to two or more recipients in parallel.The main novelty of the new protocol is its extensibility and generality to situations involving one source that must simultaneously communicate different, in general, messages to an arbitrary number of spatially distributed parties.This is achieved by the special way the transmitted information is embedded in the entangled state of the system, one of the distinguishing features compared to previous protocols.This protocol can prove expedient whenever an information broker, say, Alice, must communicate distinct secret messages to a distributed network of agents in one go.Due to its relative complexity, compared to similar cryptographic protocols, as it involves communication among  parties, and relies on |  ⟩ tuples, we provide an extensive and detailed security analysis so as to prove that it is informationtheoretically secure.In terms of the capabilities of modern quantum apparatus, the implementation of the proposed protocol does not present any difficulty because it only requires CNOT and Hadamard gates.An additional advantage is that the local quantum circuits are identical for all information recipients.

Organization
The paper is organized as follows.Section 1 contains an introduction to the subject along with bibliographic pointers to related works.Section 2 presents the underlying machinery necessary for understanding the technicalities of the protocol.Section 3 provides an analytical and rigorous exposition of the proposed quantum protocol.Section 4 is devoted to the detailed security analysis of the protocol, and, finally, Section 5 gives a brief summary of this work, and outlines directions for future research.

Background & terminology
In the realm of quantum physics, one encounters peculiar hallmark properties that defy classical physics and challenge our everyday intuition.One of the prime examples of this strangeness is entanglement, a phenomenon that not only bewilders but also holds immense potential for accomplishing feats that are difficult or even impossible in the classical world.Entanglement arises in composite quantum systems, typically composed of at least two subsystems, often situated at separate locations.From a mathematical standpoint, a composite system is considered entangled when its state can only be described as a linear combination of two or more product states involving its subsystems.One of the remarkable advantages of quantum entanglement is that when a measurement is performed on one qubit of an entangled pair or tuple, the other qubit(s) instantaneously collapse(s) to the corresponding basis state in the product, regardless of the physical distance separating them.It is precisely this celebrated characteristic of quantum entanglement that finds application in various quantum cryptographic protocols, such as key distribution and secret sharing, among others.
Arguably, the most well-known examples of maximal entanglement are pairs of qubits in one of the four Bell states, also referred to as EPR pairs.For more details, including their precise mathematical description, the interested reader may consult any standard textbook, such as [49,50,51].Fortunately, maximal entanglement is generalized in the most straightforward and intuitive way in the case of multipartite systems.Perhaps, the most celebrated form of maximal entanglement encountered in composite systems consisting of  qubits, where  ≥ 3, is the |  ⟩ state (GHZ are the initials of the researchers Greenberger, Horne, and Zeilinger).In such a scenario, a composite quantum system consists of  individual qubits, possibly spatially separated, with each qubit considered as a separate subsystem.All these  qubits are entangled in the |  ⟩ state, which is mathematically described as follows: In the previous formula (2.1), the subscript , 0 ≤  ≤  − 1, designates the   ℎ individual qubit.Today, existing quantum computers can produce arbitrary GHZ states using standard quantum gates such as the Hadamard and CNOT gates.Moreover, the circuits that generate these states are very efficient because they require lg  steps for the |  ⟩ state [52].
The protocol introduced in this work requires a more elaborate and general distributed quantum system, in which each individual subsystem is not just a single qubit, but a quantum register   , 0 ≤  ≤  − 1, consisting of  qubits.In this respect, the defining property of this setting is that the corresponding qubits of all the  registers are entangled in the |  ⟩ state.This is formalized by the following Definition 2.1.Definition 2.1 (Entanglement Distribution Scheme).The (, ) Symmetric Bit-wise Entanglement Distribution Scheme, denoted by   , , asserts the existence of  spatially distributed quantum registers  0 ,  1 , . . .,  −1 , each containing  bits, satisfying the property that for each , 0 ≤  ≤  − 1, the  qubits occupying the   ℎ position of each register are entangled in the |  ⟩ state.
As a result, the global state of the composite distributed system is expressed by the next equation, proved in [19].
In the above equation (2.2), the following notation is employed.
• We follow the typical convention of writing bit vectors x ∈ B  in boldface.A bit vector x of length  is simply a sequence of  bits x =  −1 . . . 0 .In this fashion, the zero bit vector is designated by 0 = 0 . . .0.
• The notation x ∈ B  means that the bit vector x ranges through all the 2  bit vector representations of the basis kets.
• To avoid any possible confusion, we use again the indices , 0 ≤  ≤  − 1, to make clear that |x⟩  denotes the state of the   ℎ quantum register.
A visual depiction of this setup is given in Figure 1, where the corresponding qubits comprising the |  ⟩ -tuple are drawn with the same color.This composite system contains  distributed qubits in total because there exist  qubits in each of the  registers.The registers are all assumed to be in different geographic locations, but the entanglement effect due to the  |  ⟩ -tuples provides the necessary correlation that enables us to view this as one, albeit distributed, system.
A distributed system consisting of  spatially separated quantum registers  0 , . . .,  −1 .Each register has  qubits and the corresponding qubits are entangled in the |  ⟩ state.In addition to |  ⟩ tuples, our communication scheme makes use of two other signature states, namely |+⟩ and |−⟩, defined as During the formal mathematical analysis of the proposed protocol, it will be necessary to apply the important and useful formula that expresses the -fold Hadamard transform of an arbitrary basis ket.This formula, proved in most standard textbooks, such as [49] and [53], is given below.
In (2.5), the symbolism x • y denotes the inner product modulo 2 operation.Given bit vectors x, y ∈ B  , with x =  −1 . . . 0 and y =  −1 . . . 0 , x • y is defined as where ⊕ stands for addition modulo 2. The inner product modulo 2 operation satisfies the following characteristic property.If c ∈ B  is different from 0, then for half of the elements x ∈ B  , the result of the operation c • x is 0, and for the remaining half, the result of the operation c • x is 1.Obviously, if c = 0, then for all x ∈ B  , c • x = 0 (a more detailed analysis can be found in [19]).For future reference, this property is referred to as the characteristic inner product (CIP) property.
As a final note, let us clarify that measurements are performed with respect to the computational basis {|0⟩ , |1⟩}, unless otherwise specified.During the implementation of our protocol, when performing the first validation test, it will also be necessary to make measurements with respect to the Hadamard basis {|+⟩ , |−⟩}.Whenever such an occasion arises, it will be mentioned explicitly.

The One-to-Many Simultaneous Secure Quantum Information Transmission Protocol
This section contains an in-depth presentation of the entanglement-based protocol for the one-to-many simultaneous secure quantum information transmission, abbreviated to OtMSQIT from now on.The presentation has the form of a quantum game, involving  players.One of them, is the famous spymaster Alice, who must simultaneously communicate to each of her  − 1 agents a secret message.In the general exposition of the game, we refer collectively to the  − 1 who remain anonymous.In the examples, where the game is played by a small number of players, namely 3 or 4, Alice's agents are the equally prominent heroes Bod, Charlie, and Dave.The secret messages are generally different for every agent, although it is conceivable that in special cases all the messages are identical.The messages themselves may encode secret commands, or encryption keys, or some other type of instruction.Their exact purpose is not important; the crucial thing is that the whole process be information-theoretically secure, so as to ensure that Eve, the adversary who eavesdrops, will not obtain any secret information.The most Eve can do is to obstruct the execution of the OtMSQIT protocol, but even in this case, she will be detected and the protocol will be aborted before the final decryption takes place.The envisioned situation is specified by the next Definition 3.1.
Definition 3.1 (One to Many Simultaneous Secure Quantum Information Transmission).Consider the following situation.
• Alice controls a network of  − 1 agents: Agent 0 , . . ., Agent −2 .Alice and all her agents reside in different geographical locations.
• Alice must transmit to each of her agents a personalized information bit vector, abbreviated to PIV from now on, i  , 0 ≤  ≤  − 2.
• Time is of the essence, so, to speed things up, Alice wants the information transmission to her agents to take place simultaneously, in one go.
• Given the PIVs i 0 , . . ., i −2 , Alice constructs the aggregated information bit vector, AIV from now on, i as their concatenation.
• Most importantly, the communication must be information-theoretically secure, so that her adversary, the eavesdropper Eve, can't obtain any secret information.
The task at hand is to come up with a quantum protocol that will provably guarantee that Alice attains all the above goals.
Let us make some clarifications, to eliminate any possible misunderstanding.
• Theoretically, the number  of players is totally arbitrary, i.e., it may be any large integer.The only conceivable limitation could be the ability of our currently available apparatus to generate |  ⟩ tuples when  goes beyond a certain limit.
• Alice assigns a specific ordering to her network of agents.The position , 0 ≤  ≤  − 2, of each agent in this ordering is common knowledge, that is Alice and all her agents know who is Agent 0 , . . ., Agent −2 .
• In general, the PIVs are assumed to be of different lengths.This is more realistic and flexible than assuming PIVs of the same length.Obviously, our protocol can easily handle the special case where the information bit vectors have a fixed length.
• Alice communicates via the classical channel to all of her agents the length of the AIV and the lengths |i 0 |, . . ., |i −2 | of the PIVs.This does not compromise secrecy because knowing the length of a secret vector does not reveal its contents.We use the symbolism | • | to designate the length, i.e., number of bits, of the enclosed bit vector.
We make the important remark that in the construction of the AIV, the order with which PIVs are concatenated is in accordance with the ordering depicted in Figure 1.This is because for consistency we adhere to the Qiskit [54] convention in the ordering of qubits, by placing the least significant qubit at the top of the figure and the most significant at the bottom.To rigorously define the AIV, we must first define an auxiliary sequence of positive integers as follows: which allows us to proceed to the following definition of the AIV i.
From now on, and in accordance with the previous equation (3.2), we will use  to designate the length of the AIV.

Entanglement distribution & validation stage
It is helpful to describe the evolution of the OtMSQIT protocol in stages.The first is the entanglement distribution & validation stage, during which the following tasks take place.
Alice prepares a sequence of  |  ⟩ tuples, that is  qubits, called the information sequence IS, which will be used for the actual transmission of the AIV.
(EDV 2 ) Additionally, Alice prepares the decoy sequence DS consisting of  nonentangled tuples, called decoy tuples, which will be used during the first stage of the protocol for the validation test.In a decoy tuple, each qubit is prepared in a state that is chosen randomly and with equal probability from the states {|+⟩ , |−⟩}.It is important to emphasize that each qubit of the decoy tuple is prepared independently of the other qubits of the same tuple.Altogether,  decoy qubits will be prepared in the Hadamard basis.
(EDV 3 ) Assuming that in each -tuple the qubits are numbered from 0 (the least significant) to  − 1 (the most significant), Alice ⋄ stores in her input register, denoted by   in Figure 3, the ( − 1)  ℎ qubit of each of the  +  in total -tuples, and ⋄ sends to Agent  the   ℎ qubit, 0 ≤  ≤  − 2, of each of the  +  tuples through the quantum channel.These qubits will populate Agent  's input register, designated by    in Figure 3. Overall, Alice prepares ( + ) qubits, and transmits ( + ) ( − 1) qubits to her agents, out of which the ( − 1) are information carriers and the  ( − 1) are decoys.
It is of critical importance that Alice inserts the decoy sequence randomly and uniformly within the information sequence, using an appropriate probability distribution.Obviously, Alice must keep track of the positions of decoy tuples.Moreover, for each decoy tuple, Alice must record the states of all of its qubits.
(EDV 5 ) After the distribution of the  +  tuples has been completed, Alice proceeds to conduct the validation test, which is analyzed in detail in Section 4.During this test, the  decoy tuples are measured and consumed.If the outcome of the test is deemed a success, Alice knows that her adversary Eve did not manage to tamper with the distribution of the entangled qubits.Thus, the OtMSQIT protocol can safely proceeds to the next stage, in which only the  |  ⟩ tuples are used.If the outcome of the test considered a failure, the execution of the protocol is aborted.
Let us point out that the case where the protocol is aborted indicates that the security measures are not up to the task at hand.Hence, measures must be taken to enhance security, before the process can start all over again.We also emphasize that in the mathematical analysis of the OtMSQIT protocol and the forthcoming figures, we have intentionally omitted the decoy tuples in order to streamline and simplify the computation, and to avoid the overcluttering of the figures.Of course, the utilization of these tuples in the validation test is thoroughly explained in Section 4.

Secret embedding stage
During this stage the AIV is embedded into the entanglement.Alice, using her local quantum circuit, will distribute the information she wants to communicate to her agents into the entangled input registers.At this stage, each input register contains  qubits, since the  decoy tuples have been previously consumed.Alice and her  − 1 agents, all in different geographical locations, operate on their local quantum circuits.Alice's circuit consists of her input register   with  qubits and her output register  with just one qubit in the |−⟩ state, upon which she acts via unitary transforms.All agents have identical local circuits, comprised of the -qubit input registers    , 0 ≤  ≤  − 2, respectively, on which they apply the -fold Hadamard transform.Although the quantum input registers are spatially separated, they constitute one composite distributed quantum circuit because of the strong correlations among their qubits due to the   , entanglement distribution scheme of Definition 2.1.The whole setup is shown in Figure 3. Recall that all quantum circuits in this paper follow the Qiskit [54] convention in the ordering of qubits, by placing the least significant qubit at the top of the figure and the most significant at the bottom.

Spatially Separated
. . .The initial state of the distributed quantum circuit (consult Figure 3) is denoted by | 0 ⟩.With the help of (2.2), | 0 ⟩ can be written as

𝐼 𝑅
Alice initiates the execution of the OtMSQIT protocol by acting on her local input register   via the unitary transform    .By doing so, she embeds the secret information she intends to communicate to her  − 1 agents to the distributed circuit.The unitary transform    is based on the function   , which uses the AIV i, as shown below The unitary transform    itself implements the ubiquitous scheme By combining (3.4) and (3.5),    can be explicitly written as The action of the    drives the system at the end of Phase 1 to state | 1 ⟩: Therefore, at the end of Phase 1, the AIV is embedded in a distributed and implicitly way in the state | 1 ⟩ of the distributed quantum circuit.The next subsection describes the process by which it can be deciphered by the players.

Decryption stage
The key ingredient in the decryption of the secret is the -fold Hadamard transform that all players apply to their input registers during Phase 2, as visualized in Figure 3. Hence, at the end of Phase 2 the state of he system has become | 2 ⟩: Using formula (2.5),  ⊗ |x⟩  ,  ⊗ |x⟩ −2 , . . .,  ⊗ |x⟩ 0 can be rewritten as shown below.
This allows us to express as | 2 ⟩ as At this point it is expedient to recall the characteristic inner product property (CIP).This property implies that whenever . .|y 0 ⟩ 0 .Thus, | 2 ⟩ can be cast in the following reduced form: where Following [19] and [55], we call equation (3.11) the Fundamental Correlation Property that intertwines Alice and her agents' input registers.This equation has arisen due to the initial entanglement among all the input registers.At the end of Phase 2, the AIV has been embedded in the global state of the distributed quantum circuit and has manifest itself by imposing this constraint upon the contents of the input registers.
Subsequently, Alice and her agents complete the quantum part of the OtMSQIT Protocol by measuring the contents of their input registers in the computational basis, and driving the system to its final state   .
We write the contents of Alice and her agents' input registers explicitly as ) Accordingly, we may conceptually divide the AIV and each input register into  − 1 segments, so that corresponding segments are correlated to a PIV.We employ the notation i  , a  , and y   , 0 ≤ ,  ≤  −2, to designate the   ℎ segment of the AIV, of Alice's input register, and of Agent  's input register, respectively.The formal definition of segments, which is presented below, relies on the sequence of positive numbers  0 , . . .,  −3 that was given in (3.1). ) In view of (3.15) -(3.17), we may rewrite (3.2), (3.13) and (3.14) as Equation (SCP) expresses the Fundamental Correlation Property among the  − 1 segments, aptly named Segment Correlation Property.This property asserts that by simply XOR-ing the   ℎ segments of all the input registers, we can recover the PIV i  .
From this point onward, the execution of the OtMSQIT protocol will utilize only the classical channel.For the actual decryption the following transmissions take place through the classical channel.
Let us emphasize that during the decryption stage • No agent sends any information to Alice.
• Agent  keeps to herself the   ℎ segment y   of her input register.Ergo, Eve, despite her knowing the segments a  and y   , 0 ≤  ≠  ≤  − 2, transmitted via the classical channel, lacks the crucial ingredient y   and is, thus, unable to obtain the PIV i  .
Example 3.1 (Alice, Bob & Charlie use the OtMSQIT protocol).This example features our 3 protagonists Alice, Bob, and Charlie.As, always they are in different geographical locations, and they possess their own local quantum input registers, each having 6 qubits.In particular, there are six triplets of qubits, each triplet entangled in the | 3 ⟩, according to the   3,9 entanglement distribution scheme.Alice intends to send the PIVs i  = 101 and i  = 010 to Bob and Charlie, respectively.This implies that the resulting AIV is i = 101010, which can be embedded into the global state of the circuit via CNOT gates.The concrete implementation in Qiskit of the general quantum circuit of Figure 3 for this scenario, is visualized in Figure 4.
The final measurements by Alice, Bob and Charlie will produce one of the 2 18 = 262144 equiprobable outcomes.Clearly, showing all these outcomes would result in an unintelligible figure, so we have depicted only 25 of them in Figure 5.One may trivially confirm that every outcome satisfies the Segment Correlation Property and verifies equations (3.11) and (SCP).Therefore, if Alice and Charlie send their segment 1 to Bob, then Bob, by XOR-ing with his own segment 1, will uncover i  = 101.Symmetrically, if Alice and Bob send their segment 0 to Charlie, then Charlie will decipher i  = 010.
To see how this works in practice, let us consider the last bar of the histogram of Figure 5.The label of this bar is 111111 100111 110010, which, according to the quantum circuit of Figure 3, means that Alice's input register contains the bit vector a = 111111, Bob's input register contains the bit vector b = 100111, and Charlie's input register contains the bit vector c = 110010.Consequently, Alice, Bob, and Charlie's segments 0 are a 0 = 111, b 0 = 111, and c 0 = 010, respectively.Alice and Bob communicate their segments 0 to Charlie, who XORs them with his own segment 0, i.

Security analysis
The current section contains the security analysis of the OtMSQIT protocol.We proceed by assuming the existence of Eve, who is the cunning adversary that strives to compromise the security of the protocol and obtain some secret information like a PIV.As usual, we take for granted the existence of a classical authenticated channel, which will enable us to detect the presence of the eavesdropper Eve.We emphasize that the classical channel is not used for the transition of secret information; this privilege belongs exclusively to the quantum channel.The OtMSQIT protocol involves communication among  parties, and relies on |  ⟩ tuples, which makes it substantially more complex than typical QKD protocols involving only Alice, Bob, and Eve.Therefore, we provide an extensive and detailed security analysis in order to prove that it is information-theoretically secure.When considering strategies that may be employed by Eve, we often distinguish subcases depending on whether acts upon just one qubit or all −1 qubits from each |  ⟩ tuple, so as to account for all possibilities.This accounts for the rather lengthy and technical current section.For a recent comprehensive text analyzing security issues of quantum protocols in general, we refer to [56] and the more recent [57].
At the end of the day, the security analysis of not just the OtMSQIT protocol, but of every quantum protocol relies on certain well-understood assumptions.We briefly state them for the purpose of making the current work self-contained.Naturally, we assume that quantum theory is correct, which in turn means that hallmark features such as the no-cloning theorem [58], the monogamy of entanglement [59], and nonlocality [60] are valid.The unique features and enhanced efficiency of the quantum protocols are precisely due to these properties, otherwise, they would not offer any advantage over classical protocols.Secondly, we assume that quantum theory is complete, which implies that Eve is bound by the laws of quantum mechanics, and she cannot obtain more information beyond what these laws permit.
The importance of the validation test cannot be overestimated.If the test result is considered a failure, then the OtMSQIT protocol must be aborted.The secret embedding stage can safely begin only after the validation test has been successfully completed.The test itself consists of the following steps.
(VT 1 ) Alice communicates to every one of her agents Agent 0 , . . ., Agent −2 the positions of the decoys, so that they can measure them in the Hadamard basis.
(VT 2 ) Each agents sends back to Alice the results of her measurements.It is important to realize that the expected measurement outcome is, in general, different for every agent because, according to (EDV 2 ), each qubit of the decoy tuple is prepared independently of the other qubits of the same tuple.
(VT 3 ) Alice analyzes the results received from her agents, and decides whether the test was successful or not, according to the following rationale.

⋄
If 0 or very few wrong measurement outcomes are found, then Alice considers the validation test successful.

⋄
If the number of errors is ≈  4 , or above a similar threshold, then Alice deems that the validation test failed, in which case she aborts and terminates the protocol.
In the ideal scenario, where there is no eavesdropping and the quantum channel is perfect, there will be 0 wrong measurement outcomes.In a more realistic scenario, even when there is no eavesdropping, we anticipate a few errors due to channel imperfections, but the number of errors is expected to be ≪  4 .To understand the rationale behind the validation procedure, let us consider Eve's possible actions during the distribution phase.First, we make the critical remark that Eve has no way of knowing the position of the decoys.Therefore, Eve must treat all tuples in an identical manner.
(EA 1 ) Measure & Resend.Eve intercepts one or more qubits from each |  ⟩ -tuple during their transmission from Alice to her agents.After measuring the intercepted qubit(s), Eve sends them back to their intended recipient.We make the following observations.
⋄ By the act of measurement, Eve destroys the entanglement.In view of the fact that in order to embed AIV into the global state of the distributed circuit entanglement is absolutely necessary, the protocol will fail.Hence, it is imperative that Alice discovers the loss of entanglement and aborts the execution of the protocol.

⋄
First, we examine the scenario where Eve always uses the computational basis for her measurements.In this scenario, the probability that Eve measures one decoy qubit and gets the wrong outcome is 1  2 , since all the decoys are measured in the wrong basis, and the probability to obtain the wrong outcome in such a case is 1  2 .Consequently, the probability that Eve obtains the correct outcome is 1  2 .This last probability implies that if Eve measures a second qubit from the same tuple, the probability to get two correct outcomes is way smaller.So, if Eve intercepts and measures two or more qubits from the same tuple, she stands to gain nothing in case they belong to a |  ⟩ tuple, while she risks increasing the number of errors each time they belong to a decoy tuple.Therefore, Eve, being rational, will only measure one qubit from each tuple.

⋄
Now we consider the scenario where Eve randomly chooses the measurement basis between the computational or the Hadamard basis with equal probability.In this situation, the probability that Eve measures one decoy qubit and gets the wrong outcome is given by 1  4 , since the probability that a decoy is measured in the wrong basis is 1  2 , and, even then, the probability to get the wrong outcome is 1 2 .Consequently, the probability that Eve obtains the correct outcome is 3 4 .For the same reasons that we explained above, Eve will only measure one qubit from each tuple.
Intercept & Send Fake |  ⟩ -tuples.Eve intercepts a number of qubits from every |  ⟩ -tuple during their transmission from Alice to her agents.This number may range from just 1 to  − 1. Eve can't clone the intercepted qubits due to the nocloning theorem, but it is conceivable that she has prepared her own |  ⟩ tuples.This opens up the possibility to keep the intercepted qubits and forward her own in their place.Again, we make the following remarks.
⋄ By doing so, Eve tampers with the entanglement.The protocol will fail because at least one PIV will not be encoded into the entanglement.Again, it is crucial that Alice discovers the loss of entanglement and aborts the execution of the protocol.

⋄
Eve, even if she were successful, will fail to gain any information.This is because her qubits are not entangled with Alice's qubits.The latter is the unique source of information who embeds the PIVs to those registers that are entangled with her own.

⋄
The flaw in this scenario is once again that Eve has no way of knowing the position of the decoys.If Eve intercepts just one qubit from every tuple, she will, inadvertently, replace  decoy qubits with her |  ⟩ qubits.When, during the validation test, these are measured in the Hadamard basis, the probability to obtain the wrong outcome is 1  2 .This will produce approximately ≈  2 errors that will be easily noticed by Alice.If Eve intercepts  qubits from each tuple, the probability to get at least one wrong measurement in a decoy tuple is 2  −1 2  , which will result in approximately ≈  2  −1 2  errors.In addition to the increased number of errors, Alice will easily notice that for  decoy qubits in every decoy tuple the measurement results from her agents are identical, instead of uniformly distributed as they should be, as ordained by (EDV 2 ).Practically, this strategy has almost zero chances of success, since Alice will, undoubtedly, infer the presence of Eve.
(EA 3 ) Entangle with Ancilla Qubits & Measure Later.Eve intercepts one qubit from every |  ⟩ -tuple during their transmission from Alice to her agents.Now, instead of measuring or replacing the intercepted qubits, Eve entangles them with her ancilla qubits, and then forwards them to their intended recipient.Eve plans to wait until the protocol completes, before measuring her qubits, hoping to gain useful information.In this case, we stress the next points.

⋄
The result of Eve's actions is that, instead of having  |  ⟩ tuples distributed among Alice and her  − 1 agents, we end up with  | +1 ⟩ tuples evenly distributed among Alice, her  − 1 agents, and Eve.Eve, even if she were successful, will fail to gain any information.This is because in order to decipher even a single PIV, she will require the contents of Alice and her agents' registers.

⋄
Of course, by doing so Eve changes the entanglement.The protocol will fail for the same reason as above, i.e., to decipher even a single PIV, Alice and her agents will require the contents of Eve's register.Again, it is imperative that Alice discovers the loss of entanglement and aborts the execution of the protocol.

⋄
Like in all previous case, the decoys will enable Alice to infer the presence of Eve.Recall that Eve has no way of knowing the position of the decoys.If Eve intercepts just one qubit from every tuple, she will entangle  decoy qubits with her ancilla qubits.When, during the validation test, these are measured in the Hadamard basis, the probability to obtain the wrong outcome is 1  2 .This will produce approximately ≈  2 errors that will be easily noticed by Alice.If Eve intercepts  qubits from each tuple, the probability to get at least one wrong measurement in a decoy tuple is 2  −1 2  , which will result in approximately ≈  2  −1 errors.In addition to the increased number of errors, Alice will easily notice that for  decoy qubits in every decoy tuple the measurement results from her agents are identical, instead of uniformly distributed as they should be, as ordained by (EDV 2 ).This policy too has practically zero chances of success.
The above security analysis demonstrates that by setting the error threshold at ≈  4 the OtMSQIT protocol is information-theoretically secure.Let us also emphasize the fact that even if Eve successfully eavesdrops during the entanglement distribution phase, she will get no information whatsoever because no information has been encoded yet.However it is still possible that she may disrupt the execution of the protocol.The validation test is designed to detect such an interference and abort the protocol.In closing, we remark that in the eventuality where the protocol is aborted, the security measures are not up to the task at hand.Hence, first measures must be taken to enhance security and then the process can start all over again.

Discussion and conclusions
In this article, we introduce a new entanglement-based protocol for one-to-many simultaneous secure quantum information transmission, which we call OtMSQIT for short.The characteristic property of the new protocol is its extensibility, as it can be seamlessly generalized to an arbitrary number of entities.The proposed entanglement-based protocol is completely distributed and is provably information-theoretically secure.There many quantum protocols that achieve secure information communication between two parties, but most of them can't be generalized to situations involving parallel information transmission to two or more parties.This is achieved by the special way the transmitted information is embedded in the entangled state of the system, one of the distinguishing features compared to previous protocols.The advantage of this method is that it is seamlessly extensible and can be generalized to a setting involving an arbitrary number of players.This is not only useful, but necessary, whenever one information source must transmit simultaneously different secret messages to many recipients, without the need to apply the same two party protocol many times sequentially.Due to its relative complexity, compared to similar cryptographic protocols, as it involves communication among  parties, and relies on |  ⟩ tuples, we provide an extensive and detailed security analysis so as to prove that it is information-theoretically secure.In terms of the capabilities of modern quantum apparatus, the implementation of the proposed protocol does not present any difficulty because it only requires CNOT and Hadamard gates.An additional advantage is that the local quantum circuits are identical for all information recipients.

Figure 1 :
Figure 1: In the above figure, qubits that belong to the same |  ⟩ -tuple are drawn with the same color.

Example 2 . 1 (Figure 2 :
Figure 2: This figure is a pictorial representation of the setting outlined in this example.The 3 spatially separated players, Alice, Bob, and Charlie possess the 3 quantum registers r 2 , r 1 , and r 0 , respectively, each containing 9 qubits.The 3 qubits occupying the   ℎ position of each register, 0 ≤  ≤ 8, are entangled in the | 3 ⟩ state.To visually indicate this fact, we have drawn the qubits of the same quadruple with the same color.

Figure 3 :
Figure 3: The above figure shows the quantum circuits employed by Alice and her agents.Although these circuits are spatially separated, they are correlated due to entanglement and constitute a composite system.The state vectors | 0 ⟩, | 1 ⟩, | 2 ⟩, and   describe the evolution of the distributed system.

Figure 4 :
Figure 4: A small scale quantum circuit simulating the OtMSQIT protocol involving Alice and her two agents Bob and Charlie.

Figure 5 :
Figure 5: A few of the possible measurements and their corresponding probabilities for the circuit of Figure 4.