Continuous variable quantum steganography protocol based on quantum identity

: Based on quantum identity authentication, a novel continuous variable quantum steganography protocol is proposed in this paper. It can e ﬀ ectively transmit deterministic secret information in the public quantum channel by taking full advantage of entanglement properties of continuous variable GHZ state. Compared with the existing quantum steganography results, this protocol has the advantages of good imperceptibility and easy implementation. Finally, the detailed performance analysis proves that the proposed protocol has not only these advantages, but also good security and information transmission e ﬃ ciency, even under eavesdropping attacks, especially to the spectroscopic noise attack.

Among them, quantum steganography, as a research branch of quantum information hiding, aims at covertly transmitting secret information in public quantum channel.Usually, it can be mainly divided into two categories.The first one is to use quantum communication characteristics to perform covert communication through single-particle or multi-particle as quantum carriers [20][21][22].In 2018, Zhu et al. proposed a novel quantum steganography protocol based on Brown entangled states, which proved its good security resisting on quantum noise [23].The second is to embed secret information into various multimedia carriers for covert communication [24,25].In 2018, Qu et al. proposed a novel quantum image steganography algorithm based on exploiting modification direction [26].
So far, most of the previous quantum steganography protocols are mainly based on discrete variables.Recently, the continuous variable quantum communication technique is beginning to emerge [27].It uses a classical light source as a signal source, and can encode information on a continuously changing observable physical quantity with low cost due to easy implementation.The encoded information is a symbol, which can be restored to binary bits only after some specific data processing.Therefore, the capacity of this technique can be large and the key generation rate is also high, which has quickly attracted widespread attention.As an example, the continuous-variable quantum key distribution (CVQKD) has absolute advantages over the discrete-variable quantum key distribution (DVQKD).The detection of DVQKD is based on single photons.The single photon signal is not only difficult to manufacture, but also difficult to be detected and costly.The CVQKD is using homodyne/heterodyne decoding to obtain quadrature encoding, which greatly improves the technical efficiency.In addition, non-Gaussian operations have many applications in improving the quantum entanglement and teleportation.In 2003, Olivares et al. proposed the Inconclusive photon subtraction (IPS) to improve teleportation [28].In 2015, Wu et al. applied local coherent superposition of photon subtraction and addition to each mode of even entangled coherent state to introduce a new entangled quantum state [29].In 2018, the CVQKD with non-Gaussian quantum catalysis was proposed [30].
In this paper, a continuous variable quantum steganography protocol is proposed based on the continuous variable GHZ entangled state [31] and the continuous variable quamtum identity authentication protocol [32].The protocol can realize the transmission of deterministic secret information in public quantum channel of identity authentication.It can convert segmented secret information into the whole secret information by adopting the specific encoding rule, randomly selecting quantum channel and replacing time slot.Through effectively verifying the identity of users, in the new protocol, the secret information can be implicitly transmitted to the recipient Bob, while the eavesdropper Eve disables to detect the existence of covert communication.Compared with the previous quantum steganography protocols, by introducing continuous variables into quantum steganography and making full use its characteristics of continuous variable, the proposed protocol can obtain the advantages of good imperceptibility, security and easy implementation for good applicability.
The paper is organized as follows.Section 2 introduces some basic knowledge about optics, the preparation of continuous variable GHZ states, and the principle of continuous variable quantum telecommuting required for the identity authentication process.Section 3 describes the concrete steps of the new continuous variable quantum steganography protocol in detail.Section 4 mainly analyzes the new protocol's imperceptibility, security and efficiency of information transmission, even in quantum noise environment.The conclusions are given in Section 5.

Quantum continuous variable and its encoding rules
We first review some of the knowledge of quantum optics.By using the creation operator a † and the annihilation operator a, the two regular components including the amplitude x and the phase p of a beam can be expressed as where a † and a satisfy boson reciprocity [a, a] = a † , a † = 0, a, a † = 1.Therefore x, p = i 2 , two typical components x and p satisfy the Heisenberg uncertainty principle: ∆x • ∆p ≥ 1 4 .A squeezed beam can be defined as where r is the compression factor.If r < 0, it indicates that the beam amplitude is compressed; if r > 0, it indicates that the beam phase is compressed.x (0) and p (0) indicate the amplitude and the phase of the vacuum state respectively, and x (0) , p (0) ∼ N 0, 1 4 .In the proposed protocol, the legal communication parties share the encoding rule in advance.They can encode the discrete information into different intervals(Turbo codes [33] or LDPC code [34]).

Preparation of continuous variable GHZ state
The continuous variable GHZ state is very important for quantum information processing and quantum communication in the new protocol.As shown in Figure 1, the continuous variable GHZ state is produced by making two squeezed vacuum states a in1 and a in2 pass through a beam splitter BS 1 (transmission coefficient is 0.5) to generate a out1 and a * in3 firstly.And then, it makes a * in3 and another squeezed vacuum state a in3 pass through a beam splitter BS 2 (transmission coefficient is 1) to generate a out2 and a out3 .Obviously, a out1 , a out2 and a out3 is a set of the continuous variable GHZ entangled state that be defined as Let suppose that r 1 = r 2 = r 3 = r, it can calculate the correlation of amplitude and phase between a out1 , a out2 and a out3 (2.11) (2.12) If the compression parameter r → +∞, the correlation between the output optical modes a out1 , a out2 and a out3 will become stronger and stronger lim r→+∞ It is obvious that the amplitude between any two of the continuous variable GHZ state output modes is positively correlated, and the phase between them also has the entanglement characteristic.

The principle of continuous variable quantum telecommuting
The principle of continuous variable quantum telecommuting can be described as shown in Figure 2. Alice prepares a coherent state a A = |x A + ip A to be transmitted.Simultaneously, Alice and Bob share two entangled optical modes a out1 and a out2 .After everything is ready, Alice sends the coherent state and a out1 through a 50/50 beam splitter for Bell state measurement to obtain x o and p o After Alice announces the measurement results through the classic channel, Bob takes the corresponding unitary operation D β= (2.17)

Continuous variable quantum steganography protocol
We propose a novel continuous variable quantum steganography protocol based on quantum identity authentication protocol and continuous variable GHZ state.It can effectively transmit deterministic secret information in the public quantum channel.When Bob attempts to communicate with Alice, they need to share an initial identity key K 1 and a series of time slot keys T which are binary sequences known only to Alice and Bob in advance.The details of the protocol are shown in Figure 3.We assume that the quantum channel is lossless, the proposed protocol is as follows.
Alice prepares the continuous variable GHZ entangled states a out1 , a out2 and a out3 .Alice keeps a out1 by herself, then transmits a out2 and a out3 to Bob through two quantum channels R1 and R2 respectively.Alice randomly selects a quantum channel for normal information transmission mode (identity authentication).The other is the channel of the secret information transmission mode (steganographic information).
The normal information transmission mode: (A1) Alice chooses a out2 (R1 channel) or a out3 (R2 channel) to send to Bob.For convenience, we assume that the channel selected by the normal information transmission mode is the R1 channel.
(A2) After Alice confirms that Bob has received a out2 , she converts K 1 to decimal sequence k 1 .And then, Alice selects two decimal numbers k 2 and v, satisfying the normal distribution N 0, σ 2 .Alice prepares a vacuum state |0 with displacement operation D (α 1 = (k 1 + k 2 ) + in).The coherent state optical mode a 1 which is used to update the identity key, is obtained.Simultaneously, Alice also prepares a vacuum state with displacement operation D (α 1 = (k 1 + v) + in).The coherent state optical mode a 1 , which is used as a decoy state for identity authentication, is obtained.After that, Alice randomly selects a 1 or a 1 to make Bell state measurement with a out1 on each time slot and obtains, Alice publishes the time slots t which used a 1 , and Bob measures the amplitude components on these time slots to obtain a sequence δ 1 .The value of sequence δ minus sequence δ 1 is defined as δ 1 .
(A4) Bob converts K 1 to a decimal sequence k 1 , then calculates v = δ 1 − k 1 .After Bob announces v , Alice calculates a fidelity parameter H = v − ϕv 2 min .In the lossless channel, we get ϕ=1.If the calculation H is equal to 0, it means k 1 = k 1 .The user identity is verified to be legal.Bob then updates the identity key sequence δ 1 − k 1 to obtain k 2 .If H is greater than 0, it means that the eavesdropper Eve exists or the user is illegal.As a result, the communication will be abandoned.
The secret information transmission mode: (B1) Alice divides her steganographic information into p-blocks for block transmission.Let assume that the steganographic information of the q-th block (q ≤ p) is 010.According to the previously shared encoding rule, steganographic information 010 corresponds to the interval (−2, −1].After that, Alice takes the first time slot T a from the binary time slot key T and converts it to a decimal number t a .And then, she chooses the random variable m ∈ (−2, −1], and does the translation operation D (α = m + in) on a out3 in the time slot t a to get a out3 , where m is the secret information that needs to be transmitted.Alice sends a out3 to Bob via quantum channel R2.
(B2) Bob also obtains t a based on the shared time slot key, and measures the amplitude component of the received beam mode a out3 in the time slot t a to obtain the sequence ξ 1 .After that, Bob then selects the time slot t u (u a) to measure the amplitude component for obtaining the sequence ξ 2 .Bob calculates ξ 1 −ξ 2 to obtain the secret information m.
(B3) According to the previously shared encoding rule, the information of the q-th block is obtained by Bob.The identity keys of both parties are also updated, and the transmission of the secret information of this block is completed.In the next round, Alice randomly selects one quantum channel for normal information transmission mode, and another quantum channel for secret information transmission mode.Then Alice repeats the above steps until all the steganographic information are transmitted.
As shown in Figure 3, when Alice wants to transmit private information to Bob, she randomly selects a quantum channel for identity authentication by using the modulated vacuum states and the continuous variable quantum telecommuting.At the same time, after the encoded secret information
is modulated in the shared time slot, the transmission of the secret information is also carried out in another quantum channel.Under the cover of determining whether the Bob's identity is legal, it is difficult for an eavesdropper to discover that another channel is transmitting information.Even if the eavesdropper knows the existence of the secret information, it is impossible to obtain useful information without knowing the modulated time slot and the encoding rule.
In the field of experiment, the protocol is also feasible.The secure transmission using entangled squeezed states has been exemplified [35].The experimental demonstration of the continuous variable quantum telecommuting has also been proposed [36].Our protocol is mainly based on these two techniques.Therefore, this protocol is capable of having good performance in experiments.

Security analysis
The security of the scheme is mainly based on the entanglement properties of the GHZ state, the specific encoding rule, the shared time slot key and the block transmission.Among them, quantum entanglement guarantees the correlation of quantum transmission.The encoding rule ensures that the information in the quantum channel is not completely equal to the identity key information.The shared time slot key decides the writing and reading of the secret information.
The normal message transmission mode is to avoid Eve's active attack through identity authentication.In order to conduct an active attack, Eve needs to be authenticated.The most effective method is to obtain an updated authentication key and implement an active attack in the next authentication flow.In order to obtain the updated authentication key, Eve's good optional method is to intercept all the quantum signals sent by Alice and measure their components.Combined with the information sent by the classic channel, Eve can recover the updated authentication key and prepare a quantum state to send to Bob during an authentication process.However, due to the quantum uncertainty principle, Eve will inevitably introduce excessive noise, which will be detected by the legal user through the calculation of the fidelity parameter.As shown in Figure 3, there are two quantum channels and two classical channels in the proposed protocol.We have always assumed that the information transmitted in the classical channel is public, and the security of the normal information transmission mode has been proved above [32].Therefore, we focus on the security of the secret information transmission mode.
It's noteworthy that this protocol may suffer from physical attacks, such as the wavelength attack.This kind of attack makes full of use of the potential imperfections in the protocol's implementation to enable the eavesdropper to control the light intensity transmission of the receiver's splitter.The attack method is to intercept the beam and measure the signal using the local oscillator by heterodyne measurement to obtain the quadrature values, and then switch the wavelength of the input light.It can make the eavesdropper completely control the receiver's beam splitter without being discovered.In this case, the new protocol is also capable of resisting the attack by randomly adding or not adding a wavelength filter before the monitoring detector and observing the difference value [37].
Because only two quantum channels (R1 and R2) are used to transmit quantum information and the information is modulated on the amplitude and phase of the beam, the attacker Eve can take an attack by using a spectroscope to intercept the signal for measurement and attempting to obtain the key.As shown in Figure 4, Let assume that the spectroscopic coefficient used by Eve is γ (0 ≤ γ ≤ 1).The two beams a A1 and a A2 sent by Alice pass through the beam splitter and become Eve According to the difference of the spectroscopic coefficients, the safety analysis can be carried out in three cases: 1.If γ = 0, Eve intercepts all signals.In this case, Eve may combine a E1 and a E2 with the Bell state measurement to obtain Due to the correlation between the amplitudes of a A1 and a A2 , Eve measures the amplitude component, as x u → 0.Even if the time slot containing the secret information has been stolen, Eve disables to get any information.The phase of a A1 and a A2 does not modulate the secret information, and only the uncorrelated random information n exists.Therefore, Eve will only think that it is the ordinary noise in the quantum channel, so that the transmission of the secret information can be undetected.
Eve may also measure a A1 and a A2 separately.According to the principle of key modulation, let assume that Eve measures the amplitude of a A1 and the phase of a A2 respectively.Because the correlation of amplitude, Eve can recover a A2 after measurement.However, due to the quantum uncertainty principle, Eve cannot recover the phase of a A1 and this operation will reduce the phase Here, x N1 ∼ N (0, V N1 ).If we measure the amplitude of a B1 , only λ 3 e r x 1 (0) will be the effective signal, while the rest are noise.The signal-to-noise ratio of Bob can be calculated as The amount of information between Alice and Bob is Similarly, the signal-to-noise ratio of Eve is The amount of information between Alice and Eve is Therefore, according to the Shannon information theory, the quantum channel transmission rate is If V N1 = 1 4 , the secret information transmission rate obtained by Eq. (4.19) is as shown in Figure 5.The secret information transmission rate ∆I is proportional to the quantum channel transmission efficiency λ.If the channel transmission efficiency λ < 0.5, the information transmission rate ∆I < 0, the amount of information acquired by Eve is greater than the amount of information obtained by Bob, so that the channel is unsafe.If the channel transmission efficiency λ > 0.5, the information transmission rate ∆I > 0, the secret information transmission can be carried out safely.The security of the proposed protocol is also dependent on the entanglement properties of the continuous variable GHZ state.If the compression parameter r = 0, the information transmission rate will reach 0. It is almost impossible to transmit information.If the compression parameter r increases, the information transmission rate also increases.Compared with discrete variable communication, it can also greatly reduce the quantum states that need to be prepared and shorten the time required for information transmission.For example, the discrete variables communication can only transmit 1 bit of classical information per qubit.If a deterministic key of 1000 bits is needed, at least 1000 qubits are required.In the proposed protocol, if r = 3 and the channel transmission efficiency is equal to 0.9, the information transmission rate will be 4 qubits/s.At this point, only 250 qubits is required to complete the same work.So it's obviously that the efficiency of information transmission can be greatly improved.

Conclusion
This paper proposes a novel continuous variable quantum steganography protocol based on quantum identity authentication.For covert communication, the protocol implements the transmission of secret information in public channel of quantum identity authentication.Compared with the existing quantum steganography results, by taking full advantage of entanglement properties of continuous variable GHZ state, this protocol not only has the advantages of good imperceptibility and easy implementation in physics, but also good security and information transmission efficiency, even under eavesdropping attacks especially to the spectroscopic noise attack.In addition, the capacity of secret information is potential to be enlarged by introducing better information coding method.

Figure 1 .
Figure 1.Preparation of continuous variable GHZ state.
18) According to Eqs. (2.13) and (2.14), if the compressing parameter r → +∞, we can obtain x B = x A , p B = p A − p out3 .It means that Alice and Bob obtain a highly correlated sequence on the amplitude component.Therefore, in the proposed protocol, we only modulate the effective information on the amplitude component and the uncorrelated random information n on the phase component.

Figure 2 .
Figure 2. The principle of continuous variable quantum telecommuting.

) and p o = 1 √ 2 (p 1 +
p out1 ).Then, Alice announces x o and p o to Bob through the public classic channel.(A3) According to the received x o and p o , Bob performs the unitary operation D o = √ 2 (x o + ip o ) on the received a out2 , and then selects the amplitude component to measure and get the sequence δ.