Reply to “Comment on ‘Multiparty quantum secret sharing of classical messages based on entanglement swapping’ ”

Abstract

In Ref. 1 , we proposed a multiparty quantum secret sharing QSS protocol based on Bell-state entanglement swapping. Our multiparty protocol is a general one, that is, it contains both the three-party n=3 case and its generalization to a more-party n 4 case. Recently, in Ref. 2 the authors first pointed out some advantages of our protocol, such as dense coding, easy implementation, high efficiency, etc. Then they claimed that if our protocol is attacked by the so-called participant attack, the protocol is insecure. In fact, our multiparty n 3 QSS protocol is secure against any outsiders’ or insider’s eavesdropping. Only the generalized protocol i.e., the n 4 QSS protocol is insecure under the specific dishonest insiders’ attack as shown in Ref. 2 . Nonetheless, this leak in the generalized protocol can be easily fixed and accordingly the advantage of high efficiency in our protocol can be retained. We will explain these as follows. In Ref. 1 , when we simply generalized our three-party protocol to a n n 4 -party one, we changed the original qubit distribution method due to our carelessness. The original distribution method is that Alice prepares the qubits and distributes them to her two agents. When generalizing, we changed the qubit distribution in such a way that each party sends a qubit to the next party. It is this change which leads to the insecurity under the special attack case 2 . The comment 2 aims essentially at this change. That is, the two dishonest parties who each initially shares an e-bit with the sender can let one of them share both the two e-bits and the other one shares none by exchanging their qubits and cheating. In this case, the protocol is insecure. It is a minor leak in our protocol. If the change about qubit distribution is removed during the generalization, that is, the same qubit distributions as that in the three-party case are maintained when generalizing, then the security of the n n 4 -party protocol can still be assured. The reason is as follows. When the sender distributes two qubits to an agent one by one, if the sender does not tell the agent the orderings of the two qubits, the agent cannot distinguish their orderings for the two qubits are identical. In this case, the two agents who share entanglements with the sender cannot assure that only one of them can definitively share the entanglements with the sender by exchanging their qubits. To be explicit, let us take the four-party case as an example: Alice prepares four photon Einstein-Podolsky-Rosen EPR pairs A2,B1 , B2,C1 , C2,D1 , and D2,A1 . She sends two photons B1,B2 to Bob, C1,C2 to Charlie, and D1, D2 to Dick. In this case, Alice shares the EPR pair A2, B1 with Bob and the EPR pair A1, D2 with Dick. Note that each sharer Bob, Charlie, Dick cannot differentiate his two photons since their two photons are identical. In this case, Bob or Dick cannot correctly let only one sharer say, Bob hereafter share two EPR pairs by exchanging their photons. Obviously, with probability 1/2 Bob may send the photon B1 to Dick. Also with probability 1/2, Dick may send the photon D1 to Bob. In either case, the goal of deterministically letting Bob share two EPR pairs with Alice cannot be realized via the exchange. Consequently, the so-called participant attack is invalid. Hence the leak in our generalized protocol can be easily fixed and accordingly the advantage of high efficiency the authors of Ref. 2 admitted is retained. Incidentally, the modification in Ref. 2 can fix the leak of our protocol also, however, it decreases the efficiency of the protocol.