Quantitative security analysis of three-level unitary operations in quantum secret sharing without entanglement

1 Introduction

Quantum secret sharing (QSS) is an important branch of quantum cryptography, whose security is based on the fundamental principle of quantum mechanics. It can share both the classical message [1–11] and quantum information [12–22]. Taking QSS protocols for classical message sharing into account, it is observed that it is a more efficient and lower cost way to use single particles instead of entangled particles. In addition, to achieve the unconditional security (in theory) and the ability of detecting eavesdropping, unitary operations are always used in such protocols. The classical secret message is encoded into quanta and/or scrambles the particles by unitary operations so that the eavesdropper cannot reliably identify each quantum state by appropriate measurement.

The quantitative security analysis of such protocols can be transformed into a quantitative calculation of unitary operation security. The feasibility of this idea has been proven by our pioneering work [23]. In [23], we proposed the substitute-Bell-state attack and the definition of minimum failure probability for the attack. Thus, the quantitative security analysis can be conducted according to the different selection methods of unitary operations. Several cases of two-level unitary operations were analyzed in [23] and more two-level cases are considered in our recent research [24].

However, these works on the security analysis of QSS are focused on the qubit system. In many scenarios, quantum communication protocols using high-dimensional states demonstrate larger capacity and better performance than the qubit system. Thus, it is worth studying the security of QSS protocols beyond the two-level system. Quantitative security analysis of QSS protocols remains a tough problem, and our pioneering idea is worth recommending. However, the research work based on this idea is not sufficient. In this paper, the security of QSS protocols using three-level unitary operations is analyzed quantitatively, and some comparisons between two-level and three-level situations are made. Finally, valuable conclusions are obtained, which can guide the designing and implementation of QSS protocols with single qutrits.

2 The security of unitary operations in quantum secret sharing protocols based on qutrits

2.1 Three-level Bell states and unitary operations

In a three-level quantum system, we call a single quantum state as a qutrit. The Z-basis of a three-level quantum system is $\left\{\left|0〉\right.,\left|1〉\right.,\left|2〉\right.\right\}$, and another basis can be constructed by a quantum Fourier transform, which is called the X-basis. For an arbitrary d-level quantum system, we have

where $0\le k\le d-1,\stackrel{—}{\varpi }=e^{2\pi i/d}$. So when $d=3$, the X-basis can be formed as follows:

where $w=e^{2\pi i/3}$.

To analyze the security of QSS protocols based on qutrits quantitatively, we design the Bell-state attack, which uses three-level Bell states and unitary operations. In a $d\times d$-level double quantum system, the d-level Bell state can be denoted as

where $w=e^{2\pi i/3}$, $d\ge 2$, $0\le n,m\le d-1$, and the symbol $‘{+}^{\prime }$ means module d plus. Obviously, there are $d^2$ d-level Bell states. In addition, the vector group $\left\{\left|{\psi }_{nm}〉\right.\right\}$ constitutes a complete orthogonal basis of the double quantum system. Thus, nine Bell states forming a complete orthogonal basis in a three-level quantum system can be specified as

Without loss of generality, the first Bell state $\left|{\psi }_{00}〉\right.=\left(1/\sqrt{3}\right)\left(\left|00〉\right.+\left|11〉\right.+\left|22〉\right.\right)$ is chosen to be the initial state that the eavesdropper uses for a Bell-state attack. Furthermore, an arbitrary three-level double quantum state can be expressed as follows:

where $x_i,y_i,z_i\in \mathbb{C}\left(i=1,2,3\right)$.

A unitary operation is a bounded linear operation $U:H\to H$ on a Hilbert space $H$ that satisfies $U{U}^{*}=I$, where $U^{*}$ is the adjoint of $U$ and $I:H\to H$ is the identity operation. In a three-level system, the unitary operations can be represented by a $3*3$ matrix. For simplicity, we consider the double quantum states consisting of three basis states, that is, one of $x_1$, $x_2$, and $x_3$; $y_1$, $y_2$, and $y_3$; or $z_1$, $z_2$, and $z_3$ is 1 (see Formula 5). Here, $x_i=1$ is bound to $y_i=0$ and $z_i=0$ because the two-qutrit quantum state is obtained under a Bell-state attack and selected unitary operation (see Section 2.3). Therefore, there will be six situations showed as follows (if the unitary matrix at the left side of the arrow is supposed to be used in a Bell-state attack, three Bell states will be obtained at the right side of the arrow):

Without the loss of generality, we select the first situation as an example for research.

Next, to measure the security of different unitary operations, we first provide a general QSS protocol based on qutrits, and then propose the so-called Bell-state attack and state the minimum failure probability for this attack. The quantitative computing results show how to select appropriate three-level unitary operations to protect the QSS protocols against a Bell-state attack.

2.2 A general quantum secret sharing protocol based on qutrits

A generic QSS protocol based on qutrits is shown in Figure 1 (it is supposed to be a (n, n) secret sharing threshold protocol). The procedure is as follows:

(1) First, Alice prepares qutrits all in $\left|0\right.〉$. A binary string $A^0$ is the secret to be shared. Alice performs unitary operations on qutrits according to the value of $A^0$ and a random string $B^0$ (to be used to change the basis).

(2) After that, the qutrit sequence, denoted as $\left|{\mathrm{\Psi }}^0〉\right.$, is sent to Bob 1.

(3) Bob 1 to Bob n perform local three-level unitary operations according to the values of $A$ and $B$.

(4) Bob n sends the qutrits back to Alice. Then, Bob 1 to Bob n declare the information about individual unitary operations (not unitary operations themselves) via classical communication.

(5) Alice measures the qutrits using proper bases according to the information and publishes the result.

(6) Only when all the Bobs collaborate together, the secret can be revealed. Sample detection can be implemented by classical communication to judge if there is a wiretap.

FIGURE 1. A general QSS protocol based on single states. Binary string $A^0$ is the secret, and $B^0$ is a random string. Alice prepares, transform, and finally measures the single qutrits, while Bob 1 to Bob n only do local unitary operations on these qutrits according to $A^{\mathrm{i}}$ and $B^{\mathrm{i}}$.

In addition, unitary operations can be executed in one or two steps, which were defined in our previous work, shown as follows [23].

Definition 1. (one-step unitary operation): Bob i performs once a random local unitary operation on each quantum state before sending. All possible options are put into “{}”, called a unitary operation set.

Definition 2. (two-step unitary operation): Bob i performs twice a random local unitary operation on each quantum state before sending, and the probability of the first and second operations being the same is zero. The symbol “{; }” is used to indicate the two-step unitary operation, while the first possible options are listed before the semicolon, and the subsequent options, after the semicolon.

2.3 Bell-state attack in a three-level quantum system

Bob i is supposed to be dishonest during the execution of the three-level QSS protocol. He aims to generate a Bell-state attack to obtain the integrated encoded information from Bob i+1 to Bob j. The schematic diagram of the Bell-state attack is illustrated in Figure 2 (which is a variant of the substitute-Bell-state attack [23]), and the procedure of the attack is as follows:

(1) Bob $i$ retains the single qutrits $\left|{\mathrm{\Psi }}^{i-1}〉\right.$ sent from Bob $i$-1 and does nothing on these particles. Meanwhile, he generates N three-level Bell states ${\left|\mathrm{\Phi }〉\right.}_{12}={\otimes }_{k=1}^N{\left|{\varphi }_k〉\right.}_{12}$. ${\left|{\varphi }_k〉\right.}_{12}$ can be any one of the nine Bell states given in Formula 4. Without the loss of generality, $\left|{\varphi }_k〉\right.$ is assumed to be $\left|{\psi }_{00}〉\right.=\left(1/\sqrt{3}\right)\left(\left|00〉\right.+\left|11〉\right.+\left|22〉\right.\right)$.

(2) Bob $i$ transmits the second particles ${\left|\mathrm{\Phi }〉\right.}_2$ of the Bell states to Bob $i+1$ and retains the first particles ${\left|\mathrm{\Phi }〉\right.}_1$.

(3) Bob $i$ intercepts the single qutrits $\left|{\mathrm{\Psi }}^{i+1}〉\right.$ sent from Bob $j$ to Bob $j$ +1 and replaces it with $\left|{\mathrm{\Psi }}^{i-1}〉\right.$.

(4) The particle sequences ${\left|\mathrm{\Phi }〉\right.}_1$ and $\left|{\mathrm{\Psi }}^j〉\right.$ are combined in pairs by Bob $i$ to form new N Bell states ${\left|{\mathrm{\Phi }}^{\prime }〉\right.}_{12}={\otimes }_{k=1}^N{\left|{\varphi }_k^{\prime }〉\right.}_{12}$. Then, Bob $i$ measures the new Bell states by proper bases in order to obtain integrated encoded information from Bob i+1 to Bob j.

(5) When samples are tested, Bob $i$ claims the unitary operations that are consistent with the comprehensive effect of the unitary operations that Bob $i$ +1, Bob $i$ +2, . . ., and Bob j implemented, to avoid the attack from being detected.

FIGURE 2. Schematic diagram of Bell-state attack from Bob i for the integrated encoding information from Bob i+1 to Bob j. ${\left|\mathrm{\Phi }〉\right.}_1$ and ${\left|\mathrm{\Phi }〉\right.}_2$ are the two particles of the Bell states Bob i generates. Bob i intercepts and captures $\left|{\mathrm{\Psi }}^j〉\right.$ sent from Bob j to Bob j+1, and replaces it by $\left|{\mathrm{\Psi }}^{i-1}〉\right.$. ${\left|\mathrm{\Phi }〉\right.}_1$ and $\left|{\mathrm{\Psi }}^j〉\right.$ are combined to form new Bell states ${\left|{\mathrm{\Phi }}^{\prime }〉\right.}_{12}$.

It should be noted that Bob j can also be Bob i+1, and in this situation, Bob i aims only to obtain the unitary operations that Bob $i$ +1 has performed.

Now, the key question is how to measure the effect of the Bell-state attack? To determine this, we pick up the minimum failure probability formula that we put forward previously [23, 24].

Definition 3. (minimum failure probability): Assume that a QSS protocol based on single qutrits is under a Bell-state attack. The attacker has acquired N new two-qutrit states $\left|{\varphi }_k〉\right.$. Suppose the prior probability of $\left|{\varphi }_k〉\right.$ is $p_k$, and the number of quantum states to be distinguished is n. Thus, the minimum failure probability of the Bell-state attack (denoted as $F_{\mathit{min}}$) is defined as follows:

Apparently, $F_{\mathit{min}}$ equals to 1 minus the maximum probability of reliably distinguishing different quantum states. The value of $F_{\mathit{min}}$ is between 0 and 1. When $F_{\mathit{min}}=0$, the protocol is totally unsecure. In other words, all the states are mutually orthogonal; Bob i could definitely distinguish each state by proper measurement and interpret all encoded information successfully. It should be noted that $F_{\mathit{min}}\ne 1$ because if $F_{\mathit{min}}=1$, the states to be distinguished must be the same, and this is impossible in QSS protocols.Therefore, when $F_{\mathit{min}}$ is larger, the effective information that a Bell-state attack can gain is less, that is, the QSS protocol is verified to be safer and vice versa.

2.4 The security of one-step three-level unitary operations

To research the security of three-level unitary operations under a Bell-state attack, we first provide the nine unitary operations corresponding to nine Bell states (shown in Formula 4) in Formula 8. In other words, the nine Bell states can be obtained when the second qutrit of the initial state ${\left|\mathrm{\Phi }〉\right.}_{12}=\left|{\psi }_{00}〉\right.=\left(1/\sqrt{3}\right)\left(\left|00〉\right.+\left|11〉\right.+\left|22〉\right.\right)$ is affected individually by the nine unitary operations and recombined with the first qutrit.

where $w=e^{2\pi i/3}$.

Moreover, without the loss of generality, $U_{01}$ (shown in Formula 6), $X_1$, $X_5,$ and $X_9$ are chosen as the three-level unitary operations in QSS protocols for encoding the message and/or scrambling states, relabeled as

It should be noted that $U_0$ can transform a qutrit between the X-basis and Z-basis.

Here is the explanation of why $X_1$, $X_5,$ and $X_9$ are chosen as $U_1$, $U_2,$ and $U_3$, respectively. When $U_{01}$ is chosen, we get ${\left|\mathrm{\Phi }〉\right.}_1\left(U_{01}{\left|\mathrm{\Phi }〉\right.}_2\right)$ = $\left(1/\sqrt{3}\right)\left(\left|{\psi }_{00}〉\right.+\left|{\psi }_{11}〉\right.+\left|{\psi }_{22}〉\right.\right)$. So we select preferentially the unitary operations leading to the states that are not orthogonal to ${\left|\mathrm{\Phi }〉\right.}_1\left(U_{01}{\left|\mathrm{\Phi }〉\right.}_2\right)$. It is easy to find that selecting $X_1$, $X_5,$ and $X_9$ is optimal, which leads to $\left|{\psi }_{00}〉\right.,\left|{\psi }_{11}〉\right.,\mathrm{a}\mathrm{n}\mathrm{d}\left|{\psi }_{22}〉\right.$, and the maximum value of $F_{\mathit{min}}$. On the contrary, if other unitary operations are selected, the denominator of Formula 9 remains unchanged, while the numerator decreases, that is, $F_{\mathit{min}}$ decreases and the security reduces.

Finally, there are seven sets of one-step three-level unitary operations corresponding to the aforementioned matrices, and the minimum failure probability $F_{\mathit{min}}$ of each set is calculated and shown in Table 1.

TABLE 1. The minimum failure probability of Bell-state attack under one-step three-level unitary operations. The quantum states are obtained from the different transformations of initial state $\left|{\psi }_{00}〉\right.=\left(1/\sqrt{3}\right)\left(\left|00〉\right.+\left|11〉\right.+\left|22〉\right.\right)$ under selected unitary operations. The curly braces of selected unitary operations, Dirac symbol and normalization of obtained quantum states are omitted.

From Table 1, we can conclude the following:

(1) If the four unitary operations of $U_0$, $U_1$, $U_2,$ and $U_3$ are chosen for the quantum secret sharing process, only three values of the minimum failure probability are available. In other words, $F_{\mathit{min}}=\sqrt{3}/3$ when two unitary operations are selected; $F_{\mathit{min}}=2\sqrt{3}/9$ when three are selected; and $F_{\mathit{min}}=\sqrt{3}/6$ when all four are selected. In a word, in one-step three-level unitary operations, the fewer unitary operations the legitimate communicator selects, the larger $F_{\mathit{min}}$ is and the higher the security of this QSS protocol is verified.

(2) Based on the aforementioned analysis, the minimum failure probability formula in a three-level quantum system can be simplified as follows:

where N denotes the number of selected unitary operations. For the six situations listed in Formula 6, if we choose the other five situations and corresponding $U_0$ and $X_i\left(i=1,2,...,9\right)$, the same values of $F_{\mathit{min}}$ will be attained, along with the same simplified formula of minimum failure probability.

2.5 The security of two-step three-level unitary operations

The one-step unitary operation case is mentioned previously. We try the similar analysis in a two-step unitary operation instance.

First of all, according to the definition of a two-step unitary operation and the selected four unitary operations $U_0$, $U_1$, $U_2,$ and $U_3$, all combinations can be divided into four categories as follows:

1. $U_0;\left\{\begin{array}{l}\begin{array}{l}\begin{array}{l}{U}_1,U_2\left(3\right)\\ U_1,U_2,U_3\left(1\right)\end{array}\\ U_1,U_0\left(3\right)\\ U_1,U_2,U_0\left(3\right)\end{array}\\ U_1,U_2,U_3,U_0\left(1\right)\end{array}\right.⟹11$ combinations;

2. $\begin{array}{c}{U}_1,U_0\\ \times 3\end{array};\left\{\begin{array}{l}\begin{array}{l}\begin{array}{l}\begin{array}{l}{U}_1\left(3\right)\\ U_1,U_2\left(3\right)\end{array}\\ U_1,U_2,U_3\left(1\right)\end{array}\\ U_2,U_0\left(2\right)\\ U_1,U_2,U_0\left(3\right)\end{array}\\ U_1,U_2,U_3,U_0\left(1\right)\end{array}\right.⟹13\times 3=39$ combinations;

3. $\begin{array}{c}{U}_1,U_2,U_0\\ \times 3\end{array};\left\{\begin{array}{l}\begin{array}{l}\begin{array}{l}{U}_1\left(3\right)\\ U_1,U_2\left(3\right)\end{array}\\ U_1,U_2,U_3\left(1\right)\end{array}\\ U_1,U_3,U_0\left(2\right)\\ U_1,U_2,U_3,U_0\left(1\right)\end{array}\right.⟹10\times 3=30\mathrm{c}\mathrm{o}\mathrm{m}\mathrm{b}\mathrm{i}\mathrm{n}\mathrm{a}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n}\mathrm{s}$;

4. $U_1,U_2,U_3,U_0;\left\{\begin{array}{l}\begin{array}{l}{U}_1\left(3\right)\\ U_1,U_2\left(3\right)\end{array}\\ U_1,U_2,U_3\left(1\right)\end{array}\right.⟹7\mathrm{c}\mathrm{o}\mathrm{m}\mathrm{b}\mathrm{i}\mathrm{n}\mathrm{a}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n}\mathrm{s}$.

Here, the first possible unitary operations are listed before the semicolon, and the subsequent operations, after the semicolon; the symbol “$\times 3$” means that there are three similar unitary operation combinations in the first step; the symbol “(3)” denotes that there are three similar unitary operation combinations in the second step. For example, in the first category, “$U_1,U_2\left(3\right)$” indicates that there are three similar combinations, that is, $\left\{U_1,U_2\right\}$, $\left\{U_1,U_3\right\}$, and $\left\{U_2,U_3\right\}$. In short, there are totally $11+39+30+7=87$ combinations.

Second, we provide the states after continuous action of two unitary operations (shown in Table 2), supposing the initial state is $\left|{\psi }_{00}〉\right.=\left(1/\sqrt{3}\right)\left(\left|00〉\right.+\left|11〉\right.+\left|22〉\right.\right)$. If the two unitary operations are executed in an opposite order, the same state is obtained. So there are totally 10 results, as shown in Table 2. In addition, ${\alpha }_{ij}\left(i,j=0,1,2,3\right)$ denotes the obtained state after the two unitary operations, where the subscripts i and j represent the corresponding unitary operations $U_i$ and $U_j$.

TABLE 2. The states after continuous action of two unitary operations. The two subscripts of $\alpha$ correspond to subscripts of the two used unitary operations.

Third, to calculate $F_{\mathit{min}}=\frac{1}{n-1}{\displaystyle \sum }_{i\ne j}\sqrt{p_i{p}_j}\left|〈{\varphi }_i|{\varphi }_j〉\right|$, we first calculate the norm of the inner product of the two quantum states, that is, $\left|〈{\varphi }_i|{\varphi }_j〉\right|\left(i\ne j\right)$. The results are shown in Table 3.

TABLE 3. The norm of inner product of the two quantum states. The inner product values are symmetric about the diagonal.

From Table 3 we can see that the inner product values are symmetric about the diagonal and the inner product values between ${\alpha }_{01},{\alpha }_{02}$ and ${\alpha }_{03}$ is 0. So the four combinations in the first category with “$U_1,U_2\left(3\right)$" and “$U_1,U_2,U_3\left(1\right)$” in the second step can be omitted. Therefore, there are totally $87-4=83$ combinations, which are divided into 18 situations, and the values of $F_{\min }$ are shown in Table 4.

TABLE 4. The values of $F_{\mathit{min}}$ and the corresponding numbers of unitary operation sets. All the 83 non zero combinations are showed in 18 cases. The first-step possible unitary options are listed before the semicolon, and the second-step options after the semicolon.

From Table 4, it can be seen that the values of $F_{\mathit{min}}$ are the same separately in cases 1 and 4; in cases 2, 5, and 10; and in cases 3 and 16. So it can be merged into 14 cases. Thus, the values of $F_{\mathit{min}}$ (accurate to four decimal places) and the number of unitary operation sets corresponding to each value are shown in Table 5.

TABLE 5. The values of $F_{\mathit{min}}$ and the corresponding numbers of unitary operation sets when the values in Table 4 are accurate to four decimal places. Thus 18 cases are merged to 14 cases.

The results in Table 5 are also illustrated in Figure 3 for clarity. Then, some conclusions can be drawn based on the results.

(1) Among the two-step three-level unitary operations, the minimum failure probability of the Bell-state attack densely distributed between [0.34, 0.39], totally 48 sets, and there are 17 sets between [0.24, 0.29]. Furthermore, 12 sets have the highest value of $F_{\mathit{min}}$, that is, $\sqrt{3}/3\approx 0.58$, and 6 sets have the second highest value of $F_{\mathit{min}}=5\sqrt{3}/18\approx 0.48$.

(2) The sets that have the highest value of $F_{\mathit{min}}$ are $\left\{U_0;U_i,U_0\right\}$ and $\left\{U_i,U_0;U_i\right\}\left(i=1,2,3\right)$. This means the sets possessing the least selected operations have the highest security, except for $\left\{U_0;U_1,U_2\right\}$, $\left\{U_0;U_1,U_3\right\},$ and $\left\{U_0;U_2,U_3\right\}$ whose $F_{\mathit{min}}=0$. This is similar to the two-level unitary operation situation [24].

(3) Among the six situations shown in Formula 6, if another situation is selected, that is, another Bell-state combination and corresponding $U_0$ and $X_i\left(\mathrm{i}=1,2,\cdots ,9\right)$ are selected, the similar calculation process and conclusions will be obtained because their mutual relationship is consistent with the first situation.

FIGURE 3. The minimum failure probability of two-step three-level unitary operations. The values of $F_{\mathit{min}}$ are accurate to four decimal places and three are totally 84 unitary operation sets.

2.6 The selection of three-level unitary operations

Based on the quantitative computing results and analysis on one-step and two-step unitary operations in a three-level system, the selection rules of unitary operations are summarized as follows:

(1) The unitary operations in QSS protocols based on qutrits should be chosen carefully. First, the unitary operations whose $F_{\mathit{min}}$ is 0 should not be chosen since the protocol is obviously insecure in such a situation. Second, the unitary operation to transform the basis is a necessary but not a sufficient condition for the security. In other words, the unitary operation like $U_0$ can change the basis; so if $U_0$ is not selected, the QSS protocol is totally insecure. However, although $U_0$ is the possible choice, the security of the protocol still cannot be guaranteed. For example, $F_{\mathit{min}}$ of $\left\{U_0;U_1,U_2\right\}$, $\left\{U_0;U_1,U_3\right\}$, $\left\{U_0;U_2,U_3\right\},$ and $\left\{U_0;U_1,U_2,U_3\right\}$ is 0.

(2) More complex unitary operations cannot be counted on to generate higher security. In a one-step unitary operation, Max [$F_{\mathit{min}}$ ($U_1,U_2,\dots ,U_i$)] > Max [$F_{\mathit{min}}$ ($U_1,U_2,\dots ,U_i,U_{i+1}$)], that is, fewer unitary operations lead to larger $F_{\mathit{min}}$ and higher security of the QSS protocol. The two-step unitary operation has the similar situation. This is because in one-step scene, the more the unitary operations, the more the pairwise non-orthogonal quantum states obtained.

(3) When the same unitary operations are selected, the security of two-step unitary operations is not necessarily higher than that of one-step unitary operations. There exist possibilities. For example, $F_{\mathit{min}}$ ({$U_0,U_1,U_2$}) = $F_{\mathit{min}}$ ({$U_0;U_0,U_1,U_2$}) $\approx 0.38$; $F_{\mathit{min}}$ ({$U_0,U_1,U_2$}) $\approx 0.38$ < $F_{\mathit{min}}$ ({$U_0,U_1;U_0,U_2$}) $\approx 0.48$; $F_{\mathit{min}}$ ({$U_0,U_1,U_2$}) $\approx 0.38$ > $F_{\mathit{min}}$ ({$U_0,U_1,U_2;{U_1,U}_2$}) $\approx 0.26$. So we should choose the two-step unitary operations with the highest value of $F_{\mathit{min}}$.

(4) The maximum of $F_{\mathit{min}}$ of the three-level unitary operations ($\approx 0.58$) is less than the maximum of $F_{\mathit{min}}$ of the two-level unitary operations ($\approx 0.71$) [23, 24]. This does not mean that two-level unitary operations are safer than three-level unitary operations because the value of $F_{\mathit{min}}$ is influenced by specified unitary operation types. We have restricted the types of two-level and three-level unitary operations, so this is just a comparison between two preset conditions.

In brief, we should choose the unitary operation sets that have a higher value of $F_{\mathit{min}}$ to ensure the security of QSS protocols based on qutrits.

3 Conclusion

In this paper, we first present a general QSS protocol based on single qutrits, and then propose the Bell-state attack and the definition of minimum failure probability for the attack. In this way, QSS protocols based on single qutrits and three-level unitary operations are considered, and the quantitative security analysis is performed corresponding to different sets of four three-level unitary operations. The results show that the selection of unitary operations will significantly affect the security of such QSS protocols. As a result, some crucial rules for choosing unitary operations are given to ensure the security or achieve a higher security. This work can serve as an important guidance in designing and implementing QSS protocols based on single qutrits and three-level unitary operations. The method and results may also contribute to analyze the security of other high-level quantum cryptography protocols based on unitary operations, such as secure computation [25], quantum secure direct communication [26], quantum key agreement [27], quantum private query [28], and quantum oblivious transfer [29]. Furthermore, unitary operations are also used in other quantum algorithms, for example, the quantum blockchain algorithm [30] and quantum artificial intelligence algorithm [31], and it will be interesting in attempting to analyze their security using our method.

Data availability statement

The original contributions presented in the study are included in the article/Supplementary Material; further inquiries can be directed to the corresponding author.

Author contributions

JX, XL, and ZL conceived the presented idea. YH and YZ verified the methods and developed the analyses. ZZ and YS completed the calculation. All authors contributed to the article and approved the submitted version.

Funding

This work is supported by the National Natural Science Foundation of China (Grant nos 62201252 and 62071240), the Innovation Program for Quantum Science and Technology (Grant no. 2021ZD0302900), and the Natural Science Foundation of Jiangsu Province, China (Grant no. BK20220804).

Conflict of interest

The authors declare that the research was conducted in the absence of any commercial or financial relationships that could be construed as a potential conflict of interest.

Publisher’s note

All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors, and the reviewers. Any product that may be evaluated in this article, or claim that may be made by its manufacturer, is not guaranteed or endorsed by the publisher.

References