Quantum Private Comparison Based on Quantum ... - Springer Link

Int J Theor Phys (2013) 52:1466–1473 DOI 10.1007/s10773-012-1464-4

Quantum Private Comparison Based on Quantum Search Algorithm Wei-Wei Zhang · Dan Li · Ting-Ting Song · Yan-Bing Li

Received: 23 October 2012 / Accepted: 21 December 2012 / Published online: 12 January 2013 © Springer Science+Business Media New York 2013

Abstract We propose two quantum private comparison protocols based on quantum search algorithm with the help of a semi-honest third party. Our protocols utilize the properties of quantum search algorithm, the unitary operations, and the single-particle measurements. The security of our protocols is discussed with respect to both the outsider attack and the participant attack. There is no information leaked about the private information and the comparison result, even the third party cannot know these information. Keywords Quantum cryptography · Quantum computation · Quantum private comparison

1 Introduction Since Bennett and Brassard proposed the first quantum key distribution protocol (BB84) [1] in 1984, quantum mechanics have been applied in many aspects of quantum cryptography, including quantum key distribution (QKD) [1–4], quantum secret sharing (QSS) [5], quantum secure direct communication (QSDC) [6–8], quantum watermark [9, 10] and so on. As a novel topic in quantum cryptography, the quantum private comparison (QPC) is developed rapidly and has attracted much attentions. To be specific, in QPC protocols, based on the properties of quantum mechanics including Heisenberg uncertainty principle, quantum no-cloning theorem and so on, two parties can determine whether their secret inputs W.-W. Zhang () · D. Li · T.-T. Song · Y.-B. Li State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China e-mail: [email protected] W.-W. Zhang State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Y.-B. Li Beijing Electronic Science and Technology Institute, Beijing 100070, P.R. China

Int J Theor Phys (2013) 52:1466–1473

1467

are equal or not without disclosing their own secrets to each other. As a fundamental primitive in multiparty computation, the comparison of the equality can be applied extensively to many applications including private bidding, auctions, ballot elections and so on. However, Lo [11] pointed out that in a two-party scheme it is impossible to evaluate a secure function. Therefore, a third party is necessary to help them reach the goal of private comparison. In 2009, Yang et al. proposed the first QPC protocol based on the decoy photons and two-photon entangled Einstein-Podolsky-Rosen (EPR) pairs, and another QPC protocol with polarized single photons respectively [12, 13]. Since then, with different kinds of assumption about the third party, many QPC protocols have been proposed based on different quantum states [14–23]. Furthermore, quantum search algorithm (QSA) is an important research topic in quantum algorithm. The most well-known QSA is Grover’s algorithm [24], which is designed for √ searching an unsorted database with N entries in O( N) steps, using O(log N ) storage space. Grover’s QSA shows that searching an unsorted database in the quantum mode can be much faster than that in the best possible classical algorithm, especially when N is large. Basically, Grover’s QSA is probabilistic in the sense that it provides the correct answer with a high probability. The probability of failure can be decreased by repeating the same search algorithm. The QSA used to be applied only to quantum computing. Recently,based on the idea of QSA, some researchers designed some cryptographic protocols, including QSS protocols [25–27] and quantum direct communication protocols [28, 29]. In this paper, we propose two quantum private comparison protocols based on quantum search algorithm with the help of a semi-honest third party. Our protocols utilize the properties of quantum search algorithm, the unitary operations, and the single-particle measurements. The security of our protocols is discussed with respect to both outsider attack and participant attack. There is no information leak about the private information and the comparison result, even the third party cannot know these information. The rest of this paper is organized as follows. In Sect. 2, we first briefly describe the properties of quantum search algorithm, which we will use in our QPC protocol. Then we describe our proposed QPC protocols in detail. In Sect. 3 we analyze their security. Finally, a short conclusion is given in Sect. 4.

2 The Proposed Protocols Based on Quantum Search Algorithm In a two qubit Grover’s quantum search algorithm (QSA), a database is represented as an two particles quantum state |S = |+|+, where |+ = √12 (|0 + |1). According to the search target |ω, two specific unitary operations are performed on |S. These two specific operations are: Uω = I − 2|ωω| and US = 2|SS| − I . Subsequently, the 2 particles are measured with Z basis, and the measurement result becomes the search target |ω. The following are two properties of QSA. Property I of QSA ([29]) Let ωi ∈ {00, 01, 10, 11}, where 0 ≤ i ≤ 3. Uωi = I − 2|ωi ωi | and |S = |+|+. If ω0 = ω1 ⊕ ω2 ⊕ ω3 , then Uω3 Uω2 Uω1 |S = ±Uω0 |S. Property II of QSA ([27]) Let |S = |+|+, for ab ∈ {00, 01, 10, 11}, |Sab=00 = |+|+, |Sab=01 = |−|+, |Sab=10 = |+|−, |Sab=11 = |−|−. After Uωi and US are operated on the database |Sab , the resulted state is measured in Z basis, and the result is R. There exists the following equation: ab ⊕ ωi = R.

1468

Int J Theor Phys (2013) 52:1466–1473

Through executing a QPC protocol, two parties can determine whether their secret inputs are equal or not without disclosing their own secrets to each other. In this section, our two QPC protocols based on QSA with the help of semi-honest third party (TP) are described in steps. The third party (TP) is assumed to be semi-honest, who may misbehave on its own but will not conspire with either of two parties. The public channels between TP and Alice as well as between TP and Bob are assumed to be authenticated. All of the quantum protocols for millionaire problem should fulfill the following requirements: 1. Security: after the execution, the correct comparison results can be known by two parties (Alice and Bob). However, any information about the value of each other’s secrets will not be exposed, except that revealed by the conclusion. And all malicious behaviors during the process could be discovered. 2. Privacy: the results of the comparisons are private. Although the protocol is implemented with the help of the semi-honest TP (Trent), he/she cannot know the comparison results. In other words, no one can deduce the results from the outcomes announced by Trent, except Alice and Bob. 3. Fairness: our protocol is fair, because Alice and Bob get the conclusions at same time with Trent’s assistance. Now, let us give an explicit description for our two QPC protocols based on the properties of QSA with the help of a semi-honest third party (Trent). Here, Alice and Bob hold two secret binary inputs Sa = (sa0 , sa1 , . . . , san ) and Sb = (sb0 , sb1 , . . . , sbn ) respectively. In the first protocol, sai , sbi ∈ {00, 01, 10, 11}, in the second protocol, sai , sbi ∈ {0, 1}. Our quantum protocols are as follows. Protocol I 1. Alice and Bob share two key sequences kAi , kBi (kAi , kBi ∈ {00, 01, 10, 11}), which can be fulfilled by QKD process, such as secure BB84 protocol. Alice, Bob, Trent produce their own random bits sequence ωai , ωbi , ωti respectively. Here, ωai , ωbi , ωti ∈ {00, 01, 10, 11}, i ∈ {0, 1, . . . , n2 }. 2. Trent prepares n2 |S states, and then according to the value of ωti , he/she performs unitary operation Uωti on the ith |S state. These particles form the sequence ST . In order to prevent the eavesdropping, Trent inserts δ decoy photons, each randomly in one of the states in |0|1|+|−, into the sequences ST at random positions. The new sequences are named ST and Trent sends ST to Alice. 3. After Alice’s receiving the sequence, Trent announces the positions and bases of the decoy particles he/she inserted. Then Alice measures these particles with the corresponding bases, and analyzes the error rate. If the errors is over a certain threshold, they think there exists eavesdropping and abort the protocol. Otherwise, they proceed to next step. 4. According to ωai , Alice applies Uωai on her particles, obtains the sequence SA . In order to prevent the eavesdropping, Alice inserts δ decoy photons, each randomly in one of the states in |0|1|+|−, into the sequences SA at random positions. The new sequences are named SA and Alice sends SA to Bob. 5. After these sequences’ arriving, Alice announces the positions and bases of the decoy particles she inserted. Then Bob measures these particles with the corresponding basis, and analyzes the error rate. If the errors is over a certain threshold, they think there exists eavesdropping and abort the protocol. Otherwise, they proceed to next step. 6. According to ωbi , Bob applies Uωi and US on his particles, obtains the sequence SB . b Then, Bob measures his particles with Z basis, obtaining the results Rbi .

Int J Theor Phys (2013) 52:1466–1473

1469

7. Alice (Bob) computes RAi = sai ⊕ ωai ⊕ kAi (RBi = sbi ⊕ ωbi ⊕ Rbi ⊕ kBi ), and announces RAi (RBi ) to Trent. (In our paper, all the summation is the module 2 operation.) 8. Trent computes Ri = RAi ⊕ RBi ⊕ ωti , and announces Ri to Alice and Bob. 9. According to Ri , kAi kBi , Alice and Bob can deduce the comparison result. Concretely, Alice and Bob compute Ri = Ri ⊕ kAi ⊕ kBi . If Ri = 00, their secrets is equal, otherwise, their secrets is not equal. Once they find any pair of bits are not equal, they can conclude that their secrets are not equal, and stop the comparison of bits. The correctness of this protocol is ensured by the property I of QSA. Concretely, Alice and Bob compare the equality of Sa , Sb with the help of the semi-honest Trent. From property I of QSA and our protocol, we know ωai ⊕ ωbi ⊕ ωti = Rbi . Then, we get the following equation: Ri = RAi ⊕ RBi ⊕ ωti ⊕ kAi ⊕ kBi = sai ⊕ ωai ⊕ kAi ⊕ sbi ⊕ ωbi ⊕ Rbi ⊕ kBi ⊕ ωti ⊕ kAi ⊕ kBi = sai ⊕ sbi ⊕ ωai ⊕ ωbi ⊕ Rbi ⊕ ωti = sai ⊕ sbi

(1)

From Eq. (1), we can see that Ri is the sum of xor values of the binary bits of Sa and Sb , if R = 00, then sai = sbi , otherwise, sai = sbi . Protocol II 1. Alice and Bob share two key sequences kAi , kBi (kAi , kBi ∈ {0, 1}), which can also be fulfilled by QKD process, such as the secure BB84 protocol. Alice, Bob, Trent produce their own random bits sequence Kai , Kbi , Kti respectively. Here, Kai , Kbi , Kti ∈ {0, 1}, i ∈ {0, 1, . . . , n}. 2. According to Kai , Alice prepares a sequence of photons. If the value of Kai is “0” (“1”), Alice prepares the state |+ (|−). Bob also prepares a sequence of photons with the same way as Alice. The sequence of photons prepared by Alice (Bob) is named SA (SB ). Moreover, Alice (Bob) prepares sufficient decoy photons which are randomly chosen from one of the four different states, |0|1|+|−. Alice (Bob) randomly inserts the decoy photons into SA (SB ) to get a new sequence SA (SB ). Then Alice (Bob) sends SA

(SB ) to Trent respectively. 3. After Trent has received SA (SB ), the security of the quantum channels must be checked via public discussions. Alice and Bob announce the positions, bases and values of the decoy photons. Then, Trent measures the decoy photons according to the corresponding bases. If the error rate exceeds a predetermined threshold, Alice will abort the communication and restart the protocol; otherwise, they continue the protocol. 4. Trent combines the ith photons of SA and SB to get n two qubit initial states |SKai K i . b According to his/her secret Kti , Trent performs corresponding unitary operation on the initial states. If Trent’s UKti = 0, he/she performs U00 or U11 , otherwise, he/she performs U01 or U10 . Then Trent performs US , and measures the resulted states with Z basis, obtaining the measurement results RTi . Concretely, if the measurement result is |00 or |11, she records RTi = 0. Otherwise, he/she records RTi = 1. 5. Alice (Bob) computes RAi = sai ⊕ Kai ⊕ kAi (RBi = sbi ⊕ Kbi ⊕ kBi ), and announces RAi (RBi ) to Trent. 6. Trent computes Ri = RAi ⊕ RBi ⊕ (Kti ⊕ RTi ), and announces Ri to Alice and Bob. 7. According to Ri , kAi kBi , Alice and Bob can deduce the comparison result. Concretely, Alice and Bob compute Ri = Ri ⊕ kAi ⊕ kBi . If Ri = 0, their secrets is equal, otherwise,

1470

Int J Theor Phys (2013) 52:1466–1473

their secrets is not equal. Once they find any pair of bits are not equal, they can conclude that their secrets are not equal, and stop the comparison of bits. The correctness of this protocol is ensured by the property II of QSA. Concretely, Alice and Bob compare the equality of Sa , Sb with the help of the semi-honest Trent. From property II of QSA and our protocol, we know Kai ⊕ Kbi ⊕ Kti = RTi . Then, we get the following equation: Ri = RAi ⊕ RBi ⊕ Kti ⊕ RTi ⊕ kAi ⊕ kBi = sai ⊕ Kai ⊕ kAi ⊕ sbi ⊕ Kbi ⊕ kBi ⊕ Kti ⊕ RTi ⊕ kAi ⊕ kBi = sai ⊕ sbi ⊕ Kai ⊕ Kbi ⊕ Kti ⊕ RTi = sai ⊕ sbi

(2)

From Eq. (2), we can see that Ri is the sum of xor values of the binary bits of Sa and Sb , if R = 00, then sai = sbi , otherwise, sai = sbi . In order to improve the efficiency of our protocol, Alice and Bob can follow some ideas in Ref. [30] to deal with their two private information. Alice and Bob divide their binary strings Sa = (sa0 , sa1 , . . . , san ) and Sb = (sb0 , sb1 , . . . , sbn ) by way of l (l > 1) bits as a group. These groups are denoted by Sa = (a1 , a2 , . . . , a nl ) and Sb = (b1 , b2 , . . . , b nl ). They can use our protocol to compare two groups ai , bi belonged to Alice and Bob respectively. If ai = bi , they can terminate the comparison and know Sa = Sb ; otherwise they have to continue to compare others groups.

3 Security Analysis In this section, we focus on analyzing the security of our protocols. Meaning, for Sa = (sa0 , sa1 , . . . , san ) and Sb = (sb0 , sb1 , . . . , sbn ), our protocol can decide whether they are equal without leaking any information about the values. Any information about the private information, the comparison result of secret inputs will not be leaked out, even Trent cannot know these information. The purpose of someone’s malicious behavior is trying to obtain sa , sb or the comparison result. To analyze the security of our protocol, we will consider two possible cases. The first one is the attack from an outsider. The second is the attack from one of the participants. 3.1 Outsider Attack As for outside attackers, the security analysis is same for our protocol I and protocol II. In our protocol I (II), the only chance of attack from the outside eavesdropper is to attack the quantum channel in Steps 2, 4 (2). However, the particles are transmitted with the technique of decoy single particles, which are in manner of quantum data block [31]. Anyone who do not know the positions and bases of decoy particles cannot distinguish the decoy particles and the signal particles, which are in maximally mixed states for him/her. That means the eavesdropping checking process of Steps 3, 5 (3) can defend the attack from outsiders, where all the outsiders’ eavesdropping strategies can be found with nonzero probability. Once the participants ensure that the channel is secure, the outside eavesdroppers cannot obtain any information from the transmitting particles. Besides, the keys KA , KB between Alice and Bob and the states transmitted from Trent are unknown to outside eavesdroppers. Therefore, according to what announced in the protocol, outside eavesdroppers cannot obtain any information about Sa , Sb , and the comparison result.

Int J Theor Phys (2013) 52:1466–1473

1471

When our protocol is used in the noisy quantum channel, some special attacks (including the delay photon Trojan horse attack and the invisible photon eavesdropping (IPE) Trojan horse attack, the photon-number-splitting (PNS) attack) arise. Here, with the help of a photon-number splitter, the delay-photon Trojan horse attack can be defeat. Moreover, if there adds a filter with which only the wavelengths close to the operating one can be let in, the IPE attack can be defeated. Through inserting a filter in front of the devices to filter out the photon signal with an illegitimate wavelength and using some beam splitters to split the sampling signals chosen for eavesdropping check before measuring the signals, the PNS attack can be defeated. If the multiphoton rate is unreasonably high, the transmission is terminated. Otherwise, the procedure continues to the next step. 3.2 Participant Attack The term “participant attack”, which emphasizes that the attacks from dishonest users are generally more powerful and should be paid more attention to, is first proposed by Gao et al in Ref. [32]. It has attracted much attention in the cryptanalysis of quantum cryptography [33–40], and becomes an important study point. In this section, we analyze the possibility of the three parties to get information about Sa and Sb . As far as the participant attack is concerned, we will consider the following two possible cases. Case 1. One Player’s Attack In protocol I, we consider the following two situations. (I), Alice wants to steal Bob’s secrets. The only chance for Alice to steal Bob’s secrets is in step 7, where Bob announces RB to Trent. While RB is encrypted with ωbi ⊕ Rbi , which is unknown to Alice. Thus , Alice can obtain nothing from RB . (II), Bob wants to steal Alice’s secrets. The chances for Bob to steal Alice’s secrets are in steps 2 and 6. As for the channel from Trent to Alice, Bob is an outsider. Alice’s attack to SA belongs to outsider attack, which is shown unuseful in previous section. While RA is encrypted with ωai , which is unknown to Bob. Thus, Bob can obtain nothing from RA . In protocol II, since the role of Alice is symmetric with that of Bob, we just consider the case that Alice wants to get Bob’s secrets. Alice can only infer Bob’s private information from SA which is in her hands, or from SB , which is transformed from Bob to Trent, or form RB , which is announced by Bob. Since Alice’s any operation on SA will not arouse any changes on Bob’s SB , Alice cannot attack successfully through operating on SA . For the channel from Bob to Trent, Alice is an outsider. Alice’s attack on SB belongs to outsider attack, which is shown unuseful in previous section. RB is encrypted by ωbi , which is unknown to Alice. Thus Alice cannot obtain any information from RB . Therefore, Alice can obtain nothing through her attacks. We can use the same method to analyze that Bob cannot learn any information about Alice’s private information SA . Case 2. The Semi-Honest Trent’s Attack In protocol I, the chances for Trent to steal Alice’s and Bob’s secrets are in step 4 and 7. As for the quantum communication between Alice to Bob in step 4, Trent is an outsider. Trent’s attack on SA belongs to outsider attack, which is shown unuseful in previous section. In step 7, since Alice and Bob encrypt their secrets with KA , KB , Trent cannot obtain anything from the announcement RA , RB , including the private information Sa , Sb , and the comparison result. So, Trent cannot get the private information Sa , Sb , even about the comparison result. In protocol II, Trent can only infer private information Sa , Sb from RA , RB . Because Alice and Bob encrypt their secrets with KA , KB , Trent cannot obtain anything from the announced RA , RB , including the private information Sa , Sb , and the comparison result. So, Trent cannot get the private information Sa , Sb , even about the comparison result.

1472

Int J Theor Phys (2013) 52:1466–1473

4 Conclusion In this paper, we propose two quantum private comparison protocols based on quantum search algorithm with the help of a semi-honest third party. Our protocols utilize the properties of quantum search algorithm, the unitary operations, and the single-particle measurements. With respect to both outsider attack and participant attack, the security of our protocols is discussed. No information about the private information and the comparison result is leaked out, even the third party cannot know these information. Acknowledgements This work is supported by NSFC (Grant Nos. 61272057, 61170270, 61100203, 61003286, 61121061), NCET (Grant No. NCET-10-0260), SRFDP (Grant No. 20090005110010), Beijing Natural Science Foundation (Grant Nos. 4112040, 4122054), the Fundamental Research Funds for the Central Universities (Grant No. 2011YB01).

References 1. Bennett, C.H., Brassard, G.: Quantum cryptography: public-key distribution and coin tossing. In: IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, pp. 175–179. IEEE, New York (1984) 2. Ekert, A.K.: Quantum cryptography based on Bell theorem. Phys. Rev. Lett. 67(6), 661–663 (1991) 3. Bennett, C.H.: Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett. 68(21), 3121–3124 (1992) 4. Liu, B., Gao, F., Wen, Q.Y.: Single-photon multiparty quantum cryptographic protocols with collective detection. IEEE J. Quantum Electron. 47, 1389–1390 (2011) 5. Hillery, M., Buzˇek, V., Berthiaume, A.: Quantum secret sharing. Phys. Rev. A 59, 1829–1834 (1999) 6. Boström, K., Felbinger, T.: Deterministic secure direct communication using entanglement. Phys. Rev. Lett. 89, 187902 (2002) 7. Deng, F.G., Long, G.L., Liu, X.S.: Two-step quantum direct communication protocol using the EinsteinPodolsky-Rosen pair block. Phys. Rev. A 68, 042317 (2003) 8. Lin, S., Wen, Q.Y., Gao, F., Zhu, F.C.: Quantum secure direct communication with chi-type entangled states. Phys. Rev. A 78, 064304 (2008) 9. Zhang, W.-W., Gao, F., Liu, B., et al.: Quantum Inf. Process. (2012). doi:10.1007/s11128-012-0423-6 10. Zhang, W.-W., Gao, F., Liu, B., et al.: Int. J. Theor. Phys. (2012). doi:10.1007/s10773-012-1354-9 11. Lo, H.K.: Insecurity of quantum secure computations. Phys. Rev. A 56(2), 1154–1162 (1997) 12. Yang, Y.G., Wen, Q.Y.: An efficient two-party quantum private comparison protocol with decoy photons and two-photon entanglement. J. Phys. A, Math. Theor. 42, 055305 (2009) 13. Yang, Y.G., Cao, W.F., Wen, Q.Y.: Secure quantum private comparison. Phys. Scr. 80(6), 065002 (2009) 14. Liu, W., Wang, Y.-B., Cui, W.: Quantum private comparison protocol based on Bell entangled states. Commun. Theor. Phys. 57, 583–588 (2012) 15. Chen, X.-B., Xu, G., Niu, X.-X., Wen, Q.-Y., Yang, Y.-X.: An efficient protocol for the private comparison of equal information based on the triplet entangled state and single-particle measurement. Opt. Commun. 283, 1561–1565 (2010) 16. Liu, W., Wang, Y.-B., Jiang, Z.-T.: An efficient protocol for the quantum private comparison of equality with W state. Opt. Commun. 284, 3160–3163 (2011) 17. Liu, W., Wang, Y.-B., Jiang, Z.-T., Cao, Y.-Z.: A protocol for the quantum private comparison of equality with χ -type state. Int. J. Theor. Phys. 51, 69–77 (2012) 18. Liu, W., Wang, Y.-B., Jiang, Z.-T., Cao, Y.-Z., Cui, W.: New quantum private comparison protocol using χ -type state. Int. J. Theor. Phys. 51, 1953–1960 (2012) 19. Liu, W. Wang, Y.-B.: Quantum private comparison based on GHZ entangled states. Int. J. Theor. Phys. (2012) doi:10.1007/s10773-012-1246-z 20. Jia, H.-Y., Wen, Q.-Y., Li, Y.-B., Gao, F.: Quantum private comparison using genuine four-particle entangled states. Int. J. Theor. Phys. 51, 1187–1194 (2012) 21. Liu, B., Gao, F., Jia, H.-Y., Huang, W., Zhang, W.-W., Wen, Q.-Y.: Efficient quantum private comparison employing single photons and collective detection. Quantum Inf. Process. (2012). doi:10.1007/s11128-012-0439-y 22. Tseng, H.-Y., Lin, J., Hwang, T.: New quantum private comparison protocol using EPR pairs. Quantum Inf. Process. 11, 373–384 (2012)

Int J Theor Phys (2013) 52:1466–1473

1473

23. Yang, Y.-G., Xia, J., Jia, X., Zhang, H.: Comment on “Quantum private comparison protocols with a semi-honest third party”. Quantum Inf. Process. (2012). doi:10.1007/s11128-012-0433-4 24. Grover, L.K.: Quantum mechanics helps in searching for a needle in a haystack. Phys. Rev. Lett. 79(2), 325 (1997) 25. Hsu, L.-Y.: Quantum secret-sharing protocol based on Grover’s algorithm. Phys. Rev. A 68(2), 022306 (2003) 26. Hao, L., Li, J.-L., Long, G.-L.: Eavesdropping in a quantum secret sharing protocol based on Grover algorithm and its solution. Sci. China, Phys. Mech. Astron. 53(3), 491–495 (2010) 27. Tseng, H.-Y., Tsai, C.-W., Hwang, T., Li, C.-M.: Quantum secret sharing based on quantum search algorithm. Int. J. Theor. Phys. 51(10), 3101–3108 (2012) 28. Wang, C., Hao, L., Song, S.-Y., Long, G.-L.: Quantum direct communication based on quantum search algorithm. Int. J. Quantum Inf. 8(3), 443–450 (2010) 29. Tseng, H.-Y., Tsai, C.-W., Hwang, T.: Controlled deterministic secure quantum communication based on quantum search algorithm. Int. J. Theor. Phys. 51(8), 2447–2454 (2012) 30. Yao, A.C.: In: Proceedings of 23rd IEEE Symposium on Foundations of Computer Science (FOCS’ 82), Washington, DC, USA, p. 160 (1982) 31. Long, G.L., Liu, X.S.: Phys. Rev. A 65, 032302 (2002) 32. Gao, F., Qin, S.J., Wen, Q.Y., Zhu, F.C.: A simple participant attack on the Bradler-Dusek protocol. Quantum Inf. Comput. 7, 329 (2007) 33. Qin, S.J., Gao, F., Wen, Q.Y., et al.: Cryptanalysis of the Hillery-Buzek-Berthiaume quantum secretsharing protocol. Phys. Rev. A 76, 062324 (2007) 34. Gao, F., Wen, Q.Y., Zhu, F.C.: Comment on “Quantum exam” [Phys. Lett. A 350, 174 (2006)]. Phys. Lett. A 350, 174 (2006) 35. Gao, F., Qin, S.J., Wen, Q.Y., et al.: Cryptanalysis of multiparty controlled quantum secure direct communication using Greenberger-Horne-Zeilinger state. Opt. Commun. 283, 192 (2010) 36. Gao, F., Guo, F.Z., Wen, Q.Y., et al.: Comment on “Experimental demonstration of a quantum protocol for byzantine agreement and liar detection”. Phys. Rev. Lett. 101, 208901 (2008) 37. Song, T.T., Zhang, J., Gao, F., et al.: Participant attack on quantum secret sharing based on entanglement swapping. Chin. Phys. B 18, 1333 (2009) 38. Guo, F.Z., Qin, S.J., Gao, F., et al.: Participant attack on a kind of MQSS schemes based on entanglement swapping. Eur. Phys. J. D 56, 445 (2010) 39. Lin, S., Gao, F., Guo, F.Z., et al.: Comment on “Multiparty quantum secret sharing of classical messages based on entanglement swapping”. Phys. Rev. A 76, 036301 (2007) 40. Lin, S., Wen, Q.Y., Gao, F., et al.: Improving the security of multiparty quantum secret sharing based on the improved Bostrom-Felbinger protocol. Opt. Commun. 281, 4553 (2008)