A Novel Semi-quantum Private Comparison Scheme Using Bell Entangle States

Private comparison is the basis of many encryption technologies, and several related Quantum Private Comparison (QPC) protocols have been published in recent years. In these existing protocols, secret information is encoded by using conjugate coding or orthogonal states, and all users are quantum participants. In this paper, a novel semi-quantum private comparison scheme is proposed, which employs Bell entangled states as quantum resources. Two semi-quantum participants compare the equivalence of their private information with the help of a semi-honest third party (TP). Compared with the previous classical protocols, these two semi-quantum users can only make some particular action, such as to measure, prepare and reflect quantum qubits only in the classical basis f 0 j i; 1 j ig, and TP needs to perform Bell basis measurement on reflecting qubits to obtain the results of the comparison. Further, analysis results show that this scheme can avoid outside and participant attacks and its’ qubit efficiency is better than the other two protocols mentioned in the paper.

Boyer et al. [43,44] proposed the first semi-quantum cryptography protocol based on the classical BB84 protocol in 2007. In this protocol, some participants have not quantum ability to participate in key distribution, but they can communicate by following the semi-quantum operation rules in quantum channel: (1) Reflect qubits back to the sender without any interference (referred to as REFLECT), and (2) Measure qubits in the basis f 0 j i; 1 j igand prepare the same quantum states, then resend them back to the sender (referred to as MEASURE). Compared with traditional quantum cryptography, semi-quantum cryptography can make some participants need neither complete quantum capabilities nor participating in the preparation and measurement of quantum superposition states. Based on this concept, semi-quantum Private Comparison (SQPC) protocols [45][46][47] had been put forward recently. In 2016, Chou et al. [45] published the first SQPC protocol under an almost dishonest third party. After that, Thapliyal et al. [46] proposed one QPC protocol and one SQPC protocol in 2018 by using Bell state as quantum resources. In their studies, they not only allow classical users to participate in the protocol, but also create a unique method of security detection and avoid TP from obtaining additional information in the process. In the same year, Lang et al. [47] published two SQPC protocols using single photons as quantum resources, which are modified schemes of Sun et al. [48].
In order to improve the qubits' efficiency and make classical users be involved in quantum private comparison, we propose an SQPC protocol based on Bell state. Two semi-quantum users can compare their private information with the help of a semi-honest TP. Nevertheless, both of them can only make specific actions, such as measuring, preparing and reflecting the quantum qubits on the classical basisf 0 j i; 1 j ig. With the help of a pre-shared key, this protocol can eliminate participant attacks by making Alice and Bob choose the same semi-quantum operation simultaneously. The encoding of private information is hidden in the returned particles after Alice and Bob choose the MEASURE operation. In addition, quantum TP only needs to prepare 2N Bell states as quantum resources, and releases one qubit to announce the comparison.
The rest of this paper is arranged as follows. The detailed description of the SQPC protocol is described in Section 2, and the security analysis of the protocol is explained in Section 3. In Section 4, the discussion and conclusion of this protocol are provided, and the following semi-quantum research work is analyzed and arranged.

The Novel SQPC Scheme Based on Bell Entangled States
In the following, the detailed description of an SQPC scheme is provided step by step. Two semiquantum participants, Alice and Bob, are involved. Both of them have the same length of secret information. A ¼ a 1 ; a 2 ; Á Á Á ; a n g f (n is the length of private information). The third participant is a semi-honest quantum host TP, who always follows the process of the protocol but does not insure the safety of the protocol. Before performing the protocol, Alice and Bob share a master key K AB ( K AB 2 0; 1g f 2n ) by using Semi-quantum Key Distribution (SQKD) protocol [49]. K AB is used for indicating Alice and Bob to choose the operation of MEASURE or REFLECT. When K AB i ¼ 0, Alice and Bob will choose the MEASURE operation. Otherwise, they will choose the REFLECT operation.
The description of the scheme is the following steps. 2386 CMC, 2021, vol.66, no.3 Step 1: Semi-honest TP arranges 2n-bit Bell state sequence randomly chosen from f AE È ; w AE É , and splits every single Bell state into q 1 and q 2 , consisting of sequences S 1 and S 2 . Then TP sends the qubits S 1 and S 2 to Alice and Bob one by one, respectively.
Step 2: According to K AB , Alice (Bob) performs the operational rules of semi-quantum, MEASURE or REFLECT, on each qubit of S 1 (S 2 ) sequence. When K AB i ¼ 0, Alice (Bob) chooses the MEASURE operation on the qubit to obtain result c i for calculating Then she (he) prepares a single photon according to the result of K A i (if K A i ¼ 0, prepare 0 j i; Otherwise, prepare 1 j i) and send it back to TP. When K AB i ¼ 1, Alice (Bob) will reflect the qubit back to TP without any disturbance.
Step 3: TP makes Bell basis measurement with related qubits (the same position of S 1 ' and S 2 ') and records the result. Then TP confirms through a public channel.
Step 4: After receiving the announcement, Alice and Bob publishes the value of K AB to TP through the public channel. If these two K AB are not the same, TP terminates the protocol. Otherwise, TP proceeds to the next step.
Step 5: According to K AB , TP divides the result of measurement into MEASURE (M) and REFLECT (R) sequences (M; R 2 f AE ; w AE É È n ). When K AB i ¼ 0, TP splits it into M sequence; When K AB i ¼ 1, TP splits it into R sequence. For example: Then TP takes the next two steps: 1. Verifying the equivalence. Assume that TP prepares the initial Bell state to be f þ . If the result of measurement in the same position is R i 6 ¼ f þ , TP believes that eavesdropping exists in the channel. After finishing the comparison, TP calculates its error rate. If the error rate is above the predefined threshold, TP terminates the process of the protocol. Otherwise, TP announces the result of the comparison by operating. 2. Publishing the result of comparison. Assume that TP prepares the initial Bell state to be f þ and the measurement result at the same position is M i ¼ f AE , then TP thinks the secret information of Alice and Bob at the same position are same. When the measurement result at the same position is , TP recognizes the secret information of Alice and Bob at the same position are different. After checking all n bits, TP announces one qubit 0 or 1. If all of them are the same, TP publishes 0. Otherwise, TP publishes 1 through the public channel.
For clarity, we describe the flowchart of the proposed protocol in Fig. 1 and provide an example to illustrate the further procedure of comparison. Suppose that TP prepares 8 bits Bell state Step 4, TP knows the 3 rd , 4 th , 5 th and 7 th qubits are used for security detection. If the results of Bell basis measurement are not w þ ; w À j i; f þ ; w þ , TP terminates the protocol. As for the comparison, assume that the two MEASURE sequences Alice and Bob made are K A ¼ 0; 0; 1; 1g f and K B ¼ 1; 0; 1; 1g f . After making Bell basis measurement and comparison, TP will know that Alice and Bob just have the same qubit in the 2 nd and 3 rd positions. Thus TP announces 1. It can be concluded that TP has finished the comparison and cannot obtain any secret information from both sides.

Security Analysis
In this section, the security of the proposed protocol is analyzed from two aspects: (1) The secret information of participants is plagued by external eavesdroppers, and (2) Dishonest users or the semi-honest TP may steal the secret information in the procedure of the scheme. Then, the efficiency analysis of the scheme with some previous SQPC protocols are provided.

Outside Attack
We will give out the eavesdropping detection that Eve may take at every step of the proposed protocol.

TP
Prepare 2n Bell states from to consist of S 1 and S 2 sequence.
Performs MEASURE or REFLECT operation on S 1 according to K AB . Calculate When and resend it back to TP. Send the qubits back without any distribution when .
Make Bell basis measurement on related qubits and make confirm through a public channel.

Alice Bob
Step 2: Performs MEASURE or REFLECT operation on S 2 according to K AB . Calculate When and resend it back to TP.
Send the qubits back without any distribution when .
Send sequence Send sequence Step 3: Check the correlation of these two Step 4: Public the Public the According to KAB to divide the result into M sequence and R sequence.
(1) Check security of quantum channel (2) Publish the result of comparison Step 5: S en d S1 se q u en ce S en d S 2 se q u en ce

Security Analysis of Trojan Horse Attack
In Step 1, When TP sends S 1 and S 2 to Alice and Bob, respectively, Eve may launch an attack on the quantum channel. The attack is titled the Trojan horse attack [50,51], and can be prevented by adding a legitimate wavelength filter and a photon number splitter to both sides of Alice and Bob.

Security Analysis of Intercept-resend Attack
The external eavesdropper Eve intercepts the Bell states sent from TP to Alice (Bob) and prepares twoparticle states according to measurement results, then she sends these qubits to Alice and Bob. Eve will be inevitably detected for two reasons: (1) Two-particle states can only be prepared randomly because this is the closest method to simulating the original sequence, and (2) Alice and Bob's operation are still random to Eve, even though Alice and Bob publish the sequence K AB in Step 4. For example, the initial Bell state TP prepared is w þ . If Eve prepares the two-particles state to be 00 j i and then send 0 j ito Alice and 0 j i to Bob.
When Alice and Bob choose REFLECT operation, TP makes Bell basis measurement on 00 j iand then TP has equal probability to obtain w þ and w À j i. After analyzing all kinds of situation, TP finds out that Eve has a probability of 50% (All kinds of situation have been analyzed in Tab. 1).
It should also be pointed out that Even Eve cannot obtain any secret information by performing intercept-resend attacks. She can still affect the comparison of secret information in some cases. The protocol can avoid Eve's mistake by performing the detection firstly (Step 5).

Security Analysis of Measure-Resend Attack
The measure-resend attack refers to that Eve intercepts the particles sent from TP to Alice (Bob), measures them, then sends the measured states to Alice (Bob). She inevitably causes the original Bell state to collapse into two-particle states. When Alice and Bob choose REFLECT operation, TP only has 50% possibility to obtain the initial Bell state. For the MEASURE operation, Eve cannot be detected and does not cause any interfere with the comparison result. In Tab. 2 are shown all situations.

Security Analysis of Flip Attack
During the flip attack, Eve interferes with the correctness of the comparison by modifying the intercepted particles' information. This scheme can use the entanglement correlation of the Bell states to avoid this attack. Assuming that TP prepares the initial Bell state to be f þ , then sends the first qubit to Alice and the second one to Bob. Eve intercepts and measures it with the classical basis. If she obtains result 0 (1), she prepares single-photon 1 j i( 0 j i) and sends it to Alice (Bob). If Alice (Bob) chooses MEASURE, Eve will not be found without causing any mistakes. If they choose REFLECT, TP performs Bell basis measurement on these qubits 11 j i ( 00 j i), then obtains f þ and f À j i with the same probability. When TP finishes the Bell basis measurement on all reflected qubits. The probability of Eve being found is When n is large enough, the probability of being detected will reach 100%. In Tab. 2 are shown all situations.

Security Analysis of Entangle-Measure Attack
The entangle-measure attack means that Eve performs attack (UE,UF) on the Bell states among TP, Alice and Bob. UE and UF share a common probe space with initial state 0 j i E . As the explanation in Refs. [43,56], the shared probe enables Eve to launch an attack on the returning qubits depending on the information acquired by UE. Assume that the initial Bell state is w AE ¼ 1 ffiffi ffi 2 p 01 j iþ 10 j i ð Þ.
Case 1: When Alice and Bob choose the REFLECT operation, Eve may obtain any secret information from (UE,UF).
Thus F j i¼ 0 j i E . It means that Eve cannot obtain any information from this attack.

Case 2: When Alice and Bob choose the MEASURE operation, Eve loses
only can rely on U F 01 j i or U F 10 j i. Eve has the same probability to obtain 01 or 10, but it is useless.

Participant Attack
In the proposed protocol, dishonest users and semi-honest TP may try to obtain secret information. We analyze them in two ways. Case 1: Alice or Bob eavesdrops the other's secret information or disturbs the protocol's process.
Step 1, TP sends S1 to Alice and S2 to Bob. Firstly, both Alice and Bob can never perform certain operations on the other sequence. TP performs all joint measurements. This is the reason why Alice or Bob cannot obtain other's secret information. Besides, if Alice or Bob deliberately choose different KAB sequence, it will be checked out in Step 4. In the last step, TP only uses 1 qubit to stand for the equivalence of their private information. They have no way to know the different of secret information.
Case 2: Semi-honest TP eavesdrops Alice and Bob's private information.
The Semi-honesty determines that TP must implement the protocol base on the rules. Therefore, TP has only one way to obtain the private information of participants through M sequence (the sequence are all qubits that participants encode with their private information). For example, if the M sequence is 00 11 01 10, Eve only has the probability of 1/2 to obtain the initial state. When n is large enough, the probability of obtaining the private information of Alice is 1 2

Comparison
In this subsection, we aim to compare the efficiency of the proposed protocol with an SQPC protocols from References [46,52] .
In terms of the quantity of the preparation of initial states and workload of the participants, this protocol is better than Reference [46]. Assuming that the lengths of secret information of all three protocols are the same, the initial two qubits states we need to prepare (2n bits) are 1/4 of the previous protocols of References [46,52]. According to the value of KAB, classical Alice and Bob perform the MEASURE or REFLECT operation, which is different from the previous protocols. Meanwhile, TP does not need to classify the returned particles and make Bell basis measurement.
In addition, the qubits' efficiency of the proposed protocol is highest among these three protocols. The qubits efficiency [53] of the proposed SQPC protocol is defined as g¼ c q þ b Â 100%, where c, q and b are the numbers of secret bits, the qubits used and the classical bits involved, respectively.
As for the proposed protocol, in order to compare n-bit secret information of Alice and Bob (c ¼ 2n), TP needs to prepare 2n-bit Bell states (4n), and Alice and Bob prepare 2n-bit new qubits to send back to TP. Thus q ¼ 6n. As for the classical bits of the protocol, the length of secret information is n bits. Alice and Bob share KAB (2n) before preforming the protocol, and they need to publish the sequence of KAB in Step 4. Meanwhile, TP needs to publish the announcement by using three qubits. Thus b ¼ 2nþ2n Â 2 Â 2 þ 3 ¼ 10nþ3. Its qubit efficiency is g¼ 2n 6n þ 10n þ 3 % 12:5%. In addition, the qubit efficiencies of SQPC protocol from References [46,52] are g¼ 2n 92n þ 1 % 2:17% and g¼ 2n 16n þ 8n þ 10n % 5:88%, respectively. References [46,52] the comparison results are summarized in Tab. 3.

Discussion and Conclusion
In this paper, we have proposed a novel SQPC protocol with detailed procedures based on Bell entangled states. As the only quantum participant, TP can calculate the equivalence of private information of Alice and Bob, but he cannot obtain any private information of them. In addition, TP only needs to release 1 qubit through public channel to announce whether their private information is same. In addition, the paper has shown the detail of security against some eavesdropping attacks, and the qubit efficiency of the proposed scheme is higher than two other protocols.
Meanwhile, the quantum participants need several techniques in the scheme, such as the generation of Bell states in Reference [54] and the quantum storage techniques in Reference [55]. After focusing on semiquantum use, we are looking forward to analyzing the effect of noisy environment or noise channel. As mentioned in References [46,52] , there are various noise models, such as amplitude damping (AD) channels, bit flip (BF) channels, phase flip (PF) channels and depolarizing channels (DC). Different noise environments have different influence on quantum states and need to be analyzed separetedly.
As for the decoherence noise channel, the coupling of the quantum system to the environment will cause the decay of quantum information. It can be described as: where fis the parameters of the noise. It means that 0 j i does not change and 1 j i has a phase shift of if after transferring in the noise channel. Furthermore, we also find out that 01 j i and 10 j i cannot change in the channel because they have the same phase shift of if. In this protocol, TP needs to prepare 2N Bell states as quantum resources. TP can prepare the Bell state w AE AB ¼ to ensure that the Bell states will not change, but it only works in the situation of Alice and Bob's choosing the operation of REFLECT. Once they make MEASURE, 01 j i A 1 A 2 10 j i B 1 B 2 ( 10 j i A 1 A 2 01 j i B 1 B 2 ), it will induce error. They only have the ability of singlephoton measurement in the classical basis, and TP cannot obtain the actual results of comparison.
Further, future studies will focus on analyzing the impact of the noise channel to quantum cryptography protocols and preventing the classical users' operations from the influence of noise channels. Our studies also continue to track the possibilities between block-chain and quantum secure communication in Reference [56]. The protocol of Reference [46] The protocol of Reference [52] The present protocol Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.