Multiparty blind quantum computation protocol with deterministic mutual identity authentication

Highlights

• A variant of measurement-device-independent quantum key distribution is proposed.

• A deterministic way of generating the authentication keys is proposed.

• A deterministic mutual identity authentication method is presented.

• Our proposal works in a deterministic and efficient way.

Abstract

Blind quantum computation (BQC) studies the problem of how a client with limited quantum computation power delegates a computing task to a quantum server while keeping his input, output and algorithm private. To resist attacks from the lack of identity authentication in BQC protocols, we propose a multiparty BQC protocol with deterministic mutual identity authentication. For concreteness, a variant of measurement-device-independent quantum key distribution (MDI-QKD) is first presented, and based on this, a method of deterministically generating the authentication keys of the registered client and the designated server is presented in the registration phase. Then a deterministic mutual identity authentication protocol is proposed to authenticate the identities of the registered client and the designated server by using the variant of MDI-QKD. Finally, in the blind quantum computation phase, the registered client can delegate a computing task to the designated server. Compared with existing BQC protocols with mutual identity authentication, our proposal works in a deterministic and efficient way. Furthermore, the proposed mutual identity authentication method can be applied in other quantum cryptography protocols, thus providing a valuable way for the construction of multiparty quantum communication protocols with identity authentication.

Introduction

Blind quantum computation (BQC) allows a client with limited quantum computation power to delegate a computing task to a quantum server confidentially. It is of critical importance nowadays due to the expensive cost and difficult maintenance of quantum computer. Owing to its excellent prospect, BQC attracts lots of attention and has been widely developed [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15]. The pioneering work was presented by Childs using the circuit-based quantum computing model [2]. In this protocol, the client is required to have a large quantum memory and the abilities of accessing the quantum channel. Subsequently, various BQC protocols were proposed based on a trusted third party [10] or more than one server [4]. However, it is impossible to achieve an ideal single-server BQC protocol with purely classical client without a trusted third party [11], [12], [13], [14], [15].

Authenticating the users’ identities is a prerequisite for quantum secure communications. Authenticating the identities of the client and the server is also a prerequisite for the security of BQC protocols. To resist attacks such as man-in-the-middle attack and denial-of-service attack, Li et al. [16] introduced the identity authentication to BQC, and proposed single-server and double-server BQC protocols based on a third party, respectively. However, the third party is required to be trusted. Subsequently, Shan et al. proposed a multiparty BQC protocol with mutual identity authentication [17]. In their protocol [17], there are four different roles: client, server, load balancer and certificate authority (CA). There are two load balancers, i.e., Load Balancer A and Load Balancer B. Load Balancer A takes charge of allocating m clients while Load Balancer B allocates n servers. CA is a semi-trusted third party which can help the generation of authentication keys in the registration phase by using measurement-device-independent quantum key distribution (MDI-QKD) [18] and the mutual identity authentication of the client and the server in the mutual identity authentication phase. The protocol in the third phase is similar to the single-server BQC protocol [12]. Unfortunately, the efficiencies of both the authentication key generation and the mutual identity authentication are low. In the registration phase, $A_i$ and $B_{\mathit{imodn}}$ only keep the bits under the same basis as the raw shared key when CA’s measurement result is $|{\psi }^{-}〉$. Here, $|{\psi }^{\pm }〉=\frac{1}{\sqrt{2}}(|01〉\pm |10〉)$. According to Table 1 in Ref. [17], this means that only a raw key bit is generated for every four pairs of single photons. In the mutual identity authentication phase, according to Table 2 in Ref. [17], only when CA’s state is $|{\varphi }^{-}〉$ or $|{\psi }^{+}〉$, there exists a quantum correlation between the measurement results of $A_i$ and $B_{\mathit{imodn}}$. Here, $|{\varphi }^{\pm }〉=\frac{1}{\sqrt{2}}(|00〉\pm |11〉)$. That implies that a half of the measurement results of $A_i$ and $B_{\mathit{imodn}}$ are useless for the mutual authentication thus leading to a lower authentication efficiency.

To solve these problems above, we present a variant of MDI-QKD and based on this, we further present a multiparty BQC protocol with deterministic mutual identity authentication where both the generation of the authentication keys of the registered client and the designated server and the authentication of their identities are performed in a deterministic way. Therefore, the protocol efficiency is improved significantly.

The rest of this article is organized as follows. In Section 2.1, a variant of MDI-QKD is presented. And then in Section 2.2, a concrete BQC protocol with deterministic mutual identity authentication is proposed based on the variant of MDI-QKD. The corresponding analyses are presented in terms of correctness, blindness and security of the proposed BQC protocol in Section 3. Discussion and conclusion are given in the last section.