Abstract
With the rapid advancement of information technology, data sharing has become increasingly accessible, leading to a heightened need for robust personal data protection. One important application in privacy-preserving computing is the aggregation of information when collaboratively establishing AI models through public distributed networks. To counter the threat posed by quantum computing to encrypted data, various quantum private summation (QPS) protocols have been proposed thus far. However, some of these existing protocols operate solely under modulo 2, while other approaches for modulo d often rely on impractically high-dimensional qudits. Therefore, this study proposes an innovative multiparty QPS method that balances participant data sharing and privacy without requiring high-dimensional photons. The proposed QPS protocol enables participants to contribute aggregated information to third parties without disclosing individual data. A security analysis further demonstrates that the proposed QPS effectively counters common eavesdropping attacks, ensuring reliable protection of personal data.
Keywords: Secure multi-party computation, Quantum private summation, Modular arithmetic, Single photons
Subject terms: Quantum physics, Computer science
Introduction
The rapid development of quantum computing has increased the challenges faced by conventional encryption algorithms. Shor’s algorithm1 demonstrates that the widely used RSA encryption algorithm2 can potentially be cracked in polynomial time using quantum computers. Consequently, quantum cryptography has emerged as a burgeoning technology to address these challenges. Based on the principles of quantum mechanics and the properties of quantum bits (qubits), quantum cryptography aims to achieve more secure, efficient, and revolutionary methods for information transmission. In classical computing, especially with AI models across networks, data are often exposed to legitimate participants during transmission and processing, which can lead to significant privacy risks. For instance, when aiming to obtain the total sum of all participants’ information while protecting their individual secrets from being disclosed, a quantum private summation (QPS) protocol is required to achieve this goal. The QPS protocol typically involves a third party (TP) and at least three agents. TP needs to calculate the sum of all participants’ secrets without revealing their actual contents and then publicly disclose the total sum. Throughout the process, the QPS protocol ensures security against eavesdroppers. A more practical example is as follows: Suppose we want to obtain the total score assigned by judges to a group of performers but also want to protect the individual scores given by each judge from being disclosed. In such a scenario, the organizers can implement a QPS protocol, ensuring that the total score is calculated without revealing the individual judges’ scores. This approach effectively protects the judges’ privacy while ensuring the accuracy of the total score. Moreover, similar quantum protocols have been successfully applied to other privacy-preserving mathematical computations, such as matrix multiplication3, the greatest common divisor4, and the least common multiple5.
In the past two decades, some QPS research6–19 based on either quantum logic gates or entanglement are proposed to achieve the summation of modulo 2. In 2010, Chen et al.6 proposed a semi-honest TP to utilize Greenberger-Horne-Zeilinger (GHZ) states for collecting secret bit strings from both communicating parties. The summation of the two secret bit strings is obtained through Bell measurements. Subsequently, in 2014, Zhang et al.7 started to employ various techniques in quantum secure computation, including 
gate and 
gate operations, to achieve the goal of QPS. Over the years, their research has evolved, incorporating different methodologies such as BPB states in 20158, multi-party protocols in 20179, and introducing a three-party semi-QPS protocol using GHZ states in 202110. This showcases a continuous exploration of innovative techniques for secure quantum computation. Liu et al.11 utilize Pauli gates for encoding and gates for information extraction. In the security analysis, it is demonstrated that TP can securely obtain the summation of the participants by conducting eavesdropping checks using decoy photons. Shi and Zhang12 proposed a groundbreaking special two-party QPS protocol, leveraging quantum principles for secure collaborative computation. The applications of their protocol include solving the Hamming distance problem, addressing private set intersection cardinality and private set union cardinality, and facilitating secure trade negotiations. In 2019, Gu et al.13 proposed an improvement to Zhang et al.’s protocol9 to address a security vulnerability. They introduced pre-shared keys between participants and a trusted party to enhance security against intercept-and-resend attacks. In 2022, Ye and Xu14 introduced a three-party QPS protocol that operates without the need for a TP, relying on single-particle states. Hu and Ye15 proposed a secure three-party semi-QPS protocol, allowing for eavesdropping checks, evaluation of participant honesty, and summation calculations without the need for complex entangled states. Ye et al.16 proposed a two-party QPS protocol aimed at facilitating summation between communicating parties over a quantum channel affected by noise, with the involvement of a TP. In 2023, Wu and Xie17 proposed a multi-party QPS protocol using single photons. In this protocol, they apply and gates to the photon sequence using keys generated through quantum key distribution (QKD) protocols and their respective secrets. This process ensures that the photons in the 
and 
bases of the photon sequence are randomized and equally distributed, effectively preventing eavesdropping. More recently, in 2024, Tian et al.18 proposed a set of semi-quantum summation protocols based on single photons, enabling resource-limited participants to securely compute sums without requiring measurement capabilities. Meanwhile, Cheng et al.19 introduced a multi-party quantum summation protocol utilizing W-class states, enhancing qubit efficiency and security against internal and external attacks.
Since summation modulo 2 is equivalent to a bitwise exclusive-OR operation between secrets, some research suggests that this summation may lack practical significance and has limited applications in scenarios requiring the accumulation of numeric sums. Consequently, several studies have proposed a series of QPS protocols20–26 that utilize 
-level photons, known as quantum digits (qudits), along with the quantum Fourier transform (QFT)27 to achieve summation modulo . Other protocols28–30 extend these capabilities to perform both summation and multiplication modulo . Nevertheless, while qudits offer enhanced computational capacity compared to qubits, their practical application remains limited due to the complexities involved in preparation and control. Achieving stable, high-dimensional states in qudits demands advanced precision and technical rigor, with additional challenges from environmental interference and noise.
To address these issues, this study proposes replacing high-level qudits with low-level qubits and using straightforward modular arithmetic instead of complex QFT to achieve summation modulo in QPS. The quantum resources required for computation involve only a two-state quantum mechanical system, which typically consists of two orthogonal states, such as 
and 
. Through security analysis, the proposed QPS protocol demonstrates resilience against both internal and external eavesdropping attacks, thereby safeguarding the confidentiality of participants’ numerical values.
The remainder of this paper is organized as follows. “Proposed multiparty QPS protocol using qubits” section describes the formal process of the proposed QPS protocol. “Security analysis” section presents a security analysis of common attack methods. “Efficiency comparison” section provides an efficiency comparison with several QPS protocols, and “Conclusion” section provides a brief conclusion.
Proposed multiparty QPS protocol using qubits
This section is divided into two subsections: “Process of the proposed QPS protocol” subsection explains how the proposed QPS protocol’s process allows TP to obtain the sum of all participants’ secret values without revealing any of the participants’ individual values. “Example of a four-party QPS protocol” subsection provides an example of a four-party QPS protocol.
Process of the proposed QPS protocol
We assume that the proposed QPS protocol includes one semi-honest TP31 and 
agents: 
, 
, …, and 
. The semi-honest TP is expected to perform any attacks on the protocol except for collusion with participants. All agents , , …, and each possesses a secret numerical value 
, 
, …, and 
, respectively. Suppose that TP is aware of the upper bound of the sum of all agents’ secret values, denoted by 
, where 
. However, TP does not know the individual secret value of each agent. We represent the modulus in the quantum channel using 
qubits in binary system, where 
. An overview of the proposed QPS protocol is shown in Fig. 1, and the step-by-step process is depicted as follows.
-
Step 1:
TP and each agent individually run a QKD protocol such as BB8432 or E9133. Upon completion, TP and each agent obtain a pre-shared key
, 
, …, and 
, respectively, where 
is the pre-shared key between TP and 
. -
Step 2:
Agent
selects a random number 
known only to itself. -
Step 3:
For
from 1 to , with 
considered as TP: Agent represents the value of 
in binary using single photons in basis (i.e., or ), denoted as 
. The agent then inserts decoy photons in basis (i.e., 
or 
) at arbitrary positions, where 
and 
. Finally, sends this sequence of photons to agent 
. -
Step 4:
After
receives the photons, it engages in a public discussion with to verify if the states of the decoy photons match those sent by . If the states match, measures the remaining photons in the basis to obtain . If they do not match, the protocol is terminated and restarted from Step 2. -
Step 5: reveals the value of
to TP. TP calculates the result 
, which represents the summation of the secret values to of agents to in this protocol.
Fig. 1.
The process of TP obtains the summation with all agents.
In the proposed QPS protocol, TP and each agent initially establish a pre-shared key to protect their secrets. The value each agent obtains is the sum of all previous agent’ secrets and keys. Since each agent only has their own key and there are numerous possible combinations of additions, they cannot determine the secrets of the other agent. This protocol utilizes the properties of modular arithmetic. Even if an overflow occurs during the process due to addition, the value of TP after subtracting all the keys will revert to the pre-overflow value. Therefore, in a QPS protocol with a known upper bound, there is no need to worry about overflow issues. As for the first agent who transmits the photon sequence that include the information of 
, the value does not include the accumulated secret sum from previous agents, hence the random number is used to protect . Without the protection of , TP can deduce ’s secret value from 
and . Conversely, with the addition of , even if TP intercepts the photon and obtains , it is still unable to determine without knowing the value of . Finally, with the help of decoy photons, if the photons are intercepted and measured during transmission, the protocol will detect the action and immediately terminate the following process, ensuring its security.
Example of a four-party QPS protocol
We now provide a four-party example of the proposed QPS protocol, which includes one semi-honest TP and three agents: , , and 
. Suppose the three agents , , and possess with secret values 
, 
, and 
respectively. TP knows that the upper bound of the sum of the three agents is 16, which means that the modulus of this protocol is 16, which can be represented in binary using 4 qubits in the quantum channel. The following steps are illustrated in Fig. 2. Note that the step numbers here do not correspond to those in “Process of the proposed QPS protocol” section or Fig. 2. However, the process is consistent with the flow in “Process of the proposed QPS protocol” section and Fig. 2.
-
Step 1:
TP and each of the three agents individually run any QKD protocol to generate a pre-shared key. We assume that the three keys are
, 
and 
. -
Step 2:
Let us assume that agent
randomly selects a number 
and keep this number to itself. -
Step 3.1: calculates the result of
to obtain 
and converts it into binary form 
, which is then encoded on qubits as 
. inserts four decoy photons in basis into this sequence of qubits. The resulting sequence of photons is then transmitted to agent . -
Step 3.2:
After
receives the photons, it engages in a public discussion with to verify whether the states of the four decoy photons match those sent by . If the states match, measures the remaining photons on a basis to obtain . Otherwise, the protocol is terminated and restarted from Step 2. -
Step 4.1:
A2 calculates the result of
to obtain 
and converts it into binary form 
, which is represented in qubits as 
. Subsequently, four decoy photons are generated in basis and inserted into the sequence before being transmitted to agent . -
Step 4.2:
Upon receiving the photons,
initiates a public discussion with to confirm the conformity of the states of the four decoy photons to those transmitted by . If the states align, proceeds to measure the remaining photons on the basis to derive 
. In case of a discrepancy, the protocol is terminated and restarted from Step 2. -
Step 5.1: calculates the result of
to yield 
and convert it into binary form 
, which is represented as 
. inserts four decoy photons in basis into the sequence and transmitted back to TP. -
Step 5.2:
Upon receiving the photons, TP initiates a public discussion with
to validate the states of the four decoy photons against those originally dispatched by . If the states match, TP proceeds to measure the remaining photons on a basis to ascertain 
. Otherwise, the protocol terminated and restarted from Step 2. -
Step 6: discloses to TP that the random number . TP then calculates and discloses the summation of agents’ secret values as
(i.e., , , and ) for the three agents in this protocol.
Fig. 2.
The example of TP obtains the summation with all agents.
Let us summarize the above example. Even though and know that 
and 
, respectively, neither of them can accurately determine the other participants’ secret values because they do not know the values of the pre-shared keys between those participants and TP. On the other hand, despite TP having those keys, it still cannot determine the value of from because the value of is unknown. Finally, TP measures the qubits of and obtain its decimal value as 
. It then subtracts , which was announced by , and the three keys to get a result 
. Taking the value of 
modulo 16 gives 14, which is the sum of the three participants.
Security analysis
In “Measure-and-resend attack” to “Third-party attacks” subsections, we discuss how this protocol defends against the measure-and-resend attack, the entangle-and-measure attack, Trojan horse attacks, the collusion attack, and TP’s attack, respectively.
Measure-and-resend attack
In the realm of quantum communication, measure-and-resend34,35 attacks pose a significant threat. In these attacks, the eavesdropper aims to capture and measure all photons sent by the original sender to extract crucial information, as shown in Fig. 3. The quantum non-cloneable theorem36 prevents the creation of identical copies, compelling the eavesdropper to use destructive measurements on the original photons to gain insights into the sender’s data. The uncertainty principle37 in quantum mechanics adds complexity, making it challenging for the eavesdropper to precisely determine the sender’s encoding basis. Randomly selecting bases introduces a 
chance of obtaining correct information and a 
chance of measuring erroneous data. Transitioning to the ‘resend’ phase, the eavesdropper transmits photons to the receiver based on their measurements. Quantum communication protocol transparency facilitates public discussions, enabling thorough eavesdropping checks. Discrepancies in measurement results using the same basis indicate the presence of an eavesdropper, as their chosen basis differs from that of the original sender.
Fig. 3.
Measure-and-resend attack scenario.
In summary, using decoy photons38,39 for eavesdropping checks is an effective security mechanism. Each decoy photon has a probability of successfully detecting the eavesdropper, leading to a detection probability of 
as the number of decoy photons increases. That is, with a sufficient number of decoy photons, the probability of successful detection gradually approaches 1. This ensures a high detection success rate, making it difficult for an eavesdropper to evade detection, as shown in Fig. 4. In quantum security protocols, to maximize detection effectiveness, a common strategy is to allocate half of the photon string to decoy photons. This aims to increase the chances of detecting the eavesdropper while simultaneously reducing the likelihood of their successful eavesdropping attempts. Such distribution strategies not only enhance security but also make eavesdropping activities highly risky, ensuring the confidentiality of communication. Overall, the introduction of decoy photons plays a crucial role in quantum communication protocols, improving the reliability of eavesdropping checks and ensuring communication security. The use of this method is an effective and flexible means to ensure the credibility and security of quantum communication when transmitting sensitive information.
Fig. 4.
Trend of the detection rate of an eavesdropper as the number of decoy photons increases.
Entangle-and-measure attacks
In entangle-and-measure attack40–42, eavesdroppers employ 
gates for their intrusion, as shown in Fig. 5. Assuming that the photons in the quantum channel are in the basis, the eavesdropper designates the transmitted photons in the channel as the control qubit, while preparing a basis photon as the target qubit. If the photons in the channel are , the eavesdropper’s photon remains unchanged; conversely, if the photons in the channel are , the eavesdropper’s photon undergoes a flip. Since the control qubit remains unaffected, neither communicating party can detect the presence of the eavesdropper.
Fig. 5.
Entangle-and-measure attack scenario.
However, in the proposed QPS protocol, all decoy photons used in each transmission are in basis. If the eavesdropper applies the 
gate to launch the attack, the two photons become entangled, resulting in an entangled state of either 
or 
. This introduces a 
probability that the measurement of decoy photons by the receiving party differs from the state transmitted by the sender. With half of the channel consisting of decoy photons and each decoy photon having a chance of inducing a state change, the probability of detecting the eavesdropper when there are decoy photons are . As increases, the probability approaches to one. Therefore, entangle-and-measure attack is ineffective in this protocol.
Trojan Horse attacks
Trojan horse attacks come in two forms43–45. The first form is the delayed photon Trojan horse attack. In this scenario, eavesdroppers attach several delayed photons to each photon in the original sequence. Since the communicating parties measure photons only within specific time windows, these delayed photons remain undetected. When the receiver encodes the photon sequence, the delayed photons are also affected. After the receiver sends out the encoded sequence, the eavesdropper retrieves the delayed photons to get the encoding operations performed by the receiver. Common countermeasures include using optical delays to separate adjacent photons for observation and employing a photon number splitter to detect multiple photons within the same time window, indicating the presence of delayed photons launched by an attacker. The second type of attack is known as the invisible photon Trojan horse attack. In this scenario, the attacker injects an undetectable photon into each qubit transmitted to the participant. Since this photon is invisible to the participant’s detector, the participant unwittingly performs a unitary operation on the compromised qubit. This method allows the attacker to gain insights into the participant’s operations, akin to the delayed photon attack. To counteract this, common defenses include implementing filters that block photons with wavelengths outside the detection range of the single-photon detector.
Fortunately, our QPS protocol is immune to these attacks. Each participant in the process only measures photons without performing any operations, and there is no scenario where the same sequence of photons enters and exits the quantum channel more than once. Therefore, both forms of Trojan horse attacks are not applicable to the proposed QPS in this study.
Collusion attacks
In general, when considering private summation, we do not evaluate collusion attacks involving 
agents. This is because, in addition to the nature of summation itself, if the values of terms are known, the remaining value can naturally be deduced. For example, given the summation equation 
, if the result s is known and the values of terms are given, the value of the last term 
can be inevitably determined.
However, certain collusion attacks46–48 exist in both ring-type and relay-type multiparty scenarios, where 
sends photons to , and receives photons from . In such cases, and may collaborate to obtain ’s secret value, as shown in Fig. 6. When measures the values of the photons sent by , reveals to the numbers that sent to . By subtracting the two numbers, they can deduce the added numbers by . Fortunately, in the proposed QPS protocol, the added numbers include and . Since the two agents and do not know the exact value of , they cannot determine the value of . Therefore, the utilization of such pre-shared keys between TP and each agent can safeguard the secret of their data. As a result, the proposed QPS is immune to the collusion attacks.
Fig. 6.
Collusion attack scenario.
Third-party attacks
In our proposed QPS protocol, the third-party TP is assumed to be semi-honest, meaning it cannot collude with any agent to learn an agent’s secret value. Although TP can perform attacks other than collusion, the random number in Step 2 of “Proposed multiparty QPS protocol using qubits” section ensures the secrecy of the first agent ’s number from TP. Since the only information transmitted by is , TP cannot infer without knowing the value of . Furthermore, other agents compute the summation iteratively using the recurrence relation 
, making it difficult for TP to deduce any individual value from the accumulated sum for 
. As a result, the proposed QPS protocol remains secure against TP’s attacks.
Efficiency comparison
In this section, we compare our proposed QPS protocol with some representative existing research6,7,9,17,20,21,23. The comparison metrics include the quantum resources used in the protocols, the quantum operations performed on primary photons, the requirement for quantum devices to resist Trojan horse attacks, the transmission mode’s load on each participant, the arithmetic calculations that the protocols can achieve, and the number of required photons, which are summarized in Table 1.
Table 1.
Efficiency comparison of several QPS protocols.
| Protocol | Chen et al.6 | Zhang et al.7 | Zhang et al.9 | Wu and Xie (2023) 17 | Yang and Ye (2018) 20 | Ji et al.21 | Wu and Ma23 | Proposed QPS |
|---|---|---|---|---|---|---|---|---|
| Quantum resource | GHZ state | Single qubits | GHZ state | Single qubits | d-level entangled state | d-level entangled state | d-level entangled state | Single qubits |
| Operation on primary photons | H, I, Z | I, Y | H | Y, H | QFT,
|
d-level Bell measurement | QFT,
|
None |
| Devices for Trojan horse attacks | No | Yes | No | Yes | No | No | Yes | No |
| Transmission type | Tree | Ring | Tree | Ring | Tree | Tree | Ring | Relay |
| Arithmetic calculations | Modulo-2 summation | Modulo-2 summation | Modulo-2 summation | Modulo-2 summation | Modulo- summation |
Modulo- summation |
Modulo- summation |
Modulo- summation |
| Number of photons | k (3N + 1) | k (1 + N/2) | k (3N − 1) | k (N + 2) | k (2N-1) | 4Nk + 5N + k + 1 | k (N + 3) | 2kN |
We assume that the summation has an upper bound of bits, and denotes the total number of agents participating in the protocol, excluding TP. During the transmission of each photon sequence, an equal number of decoy photons are required to ensure that there are no eavesdroppers in the communication. That is, each transmitted photon has a 50% probability of being used for security checks. Since existing QPS studies utilizing modulo-2 summation do not account for carry-over bits6,7,9,17, the summation of two bit-strings is simply performed using the exclusive-OR operation (e.g., 
). Compared to QPS studies using modulo- summation20,21,23, it is not possible to directly assess the range of sum values obtained between the two approaches. Therefore, in terms of efficiency comparison, this study focuses on evaluating the quantum resource costs (i.e., the number of photons) required to implement each QPS protocol. In the following discussion, we divide the comparisons into two parts: the first part discusses QPS research related to summation modulo 2 (i.e., bitwise exclusive-OR), and the second part focuses on QPS research related to summation modulo .
The existing QPS protocols on summation modulo 2 are discussed as follows. Chen et al.6 proposed a QPS scheme that apply the GHZ state as the quantum resource, which is more challenging to prepare compared to the single photons used in our QPS protocol. Their protocol involves operations on primary photons using , 
, and gates, whereas our protocol only requires single-photon measurement without any logic gate operations. Their transmission mode is tree-based, with the burden concentrated on TP, which can be viewed as a cloud service. In contrast, our protocol uses a relay transmission model, distributing the load evenly among all participants. Zhang et al.7 also utilizes single photons, which is similar to our scheme. Their protocol involves operations on primary photons using and gates. Their protocol relies on optical devices such as the wavelength filter and photon number splitting (PNS) to resist Trojan horse attacks, while the proposed QPS does not. In terms of transmission, the ring type requires TP to send photons, whereas the relay type does not. Zhang et al.9 uses GHZ states as the quantum resource, which is more complex to prepare compared to the single photons used in our protocol. Their protocol involves operating on primary photons using gates, whereas the proposed QPS only requires single-photon measurement without any logic gate operations. Both protocols do not require optical devices to resist Trojan horse attacks. In terms of transmission, their protocol employs a tree-based mode that places the burden on TP, while our scheme distributes the load evenly among all participants. Wu and Xie17 have been the most inspirational in shaping our research. In their protocol, TP shares a secure key with each agent individually, using this key to encrypt information. Since TP holds the keys for all agents, it can decrypt the information when the photons are returned to TP. Note that our QPS protocol use single photons as the quantum resource. Wu and Xie’s protocol requires operations on primary photons using and gates, whereas our protocol only requires single-photon measurement without any logic gate operations. Since Wu and Xie’s protocol involves the same sequence of photons repeatedly entering and exiting the quantum channel, it requires optical devices that are resistant to Trojan horse attacks, whereas our protocol does not.
Among these existing QPS protocols utilizing modulo-2 summation, the required number of photons in each scheme is evaluated as follows. In Chen et al.’s QPS protocol6, TP prepares sets of 
GHZ states, sending one photon from each set to every agent, resulting in 
photons. Each agent also prepares single photons (i.e., 
), and the transmission process requires decoy photons, leading to a total of 
photons. Zhang et al.7 introduce a QPS protocol in which each round-trip transmission involves half of the photons being decoy photons, reducing the overall photon consumption to 
. They later proposed another QPS protocol9 in which each agent generates photons (i.e., ), consumes photons to verify the first agent’s honesty, and uses decoy photons per round-trip transmission, resulting in a total of 
photons. Wu and Xie’s QPS protocol17 requires single photons for message transmission and decoy photons, amounting to 
photons.
Similarly, we evaluate the required number of photons in each QPS scheme utilizing modulo- summation, including the proposed QPS in this study. In Yang et al.’s QPS protocol20, d-level -particle entangled states are prepared and divided into sequences, with 
sets of decoy photons inserted into the second to the -th sequence, leading to 
photons. Ji et al. propose two different QPS protocols21, and in the more efficient one, TP prepares 
-particle cat states, each participant prepares 
d-level Bell states, and sets of decoy photons (i.e., ) to ensure communication security. Additionally, each participant generates an extra 
d-level Bell states, resulting in a total photon cost of 
. Wu and Ma’s QPS protocol23 uses 
Bell-state photons for message transmission and decoy photons for verification, resulting in a total of 
photons. In the proposed QPS protocol, photons are used to compute the upper bound of 
, and each agent transmits photons (with carrying messages and serving as decoy photons) to the next participant. With agents, the total photon count required for the proposed scheme is 
.
Although our proposed QPS protocol appears to require slightly more photons to complete the process, the QPS protocols proposed by Yang and Ye20, Ji et al.21, and Wu and Ma23 all utilize high-level qudits, which necessitate complex QFT to convert from the computational basis to the Fourier basis. In contrast, our QPS protocol eliminates the need for such complex QFT, making it significantly simpler to implement. Operationally, their protocols store secrets on qudits using phase shifting, whereas our scheme relies solely on single-photon measurements without any logic gate operations. In summary, the proposed QPS protocol provides a simpler and more cost-effective approach for computing summation modulo d while achieving a higher success rate.
Conclusion
This paper presents a multiparty QPS protocols that calculates the summation of agents’ secrets in modulo without revealing their contents. The proposed QPS protocol simplifies the use of qubits instead of qudits, eliminating the need for complex quantum Fourier transform. It also employs pre-shared keys to protect each participant’s secrets, allowing participants to only measure photons rather than perform logic gate operations, significantly enhancing success rates. Additionally, decoy photons enable any participant to immediately check for eavesdropping upon receiving photons, ensuring protocol security. If an eavesdropping attempt is detected, the protocol is promptly aborted. Extensive analysis of common attacks confirms the protocol’s reliability. In future work, the proposed QPS protocol could be explored for its potential to support multiplication. However, due to the limited combinations of multiplication operations and the significance of prime numbers, participants could potentially deduce others’ secrets more effectively, which warrants further observations.
Author contributions
Jason Lin: Conceptualization, Methodology, Investigation, Formal Analysis, Writing – Review & Editing. Shao-Lun Huang: Methodology, Formal Analysis, Writing – Original Draft. Chun-Wei Yang: Formal Analysis, and Review manuscript. Chia-Wei Tsai: Review the manuscript and project administration.
Funding
This work was partially supported by the National Science and Technology Council, Taiwan, R.O.C. (Grant Nos. NSTC 113–2221-E-025–014, NSTC 113–2221-E-039–020, NSTC 113–2221-E-005–086, and NSTC 113–2634-F-005–001-MBK) and China Medical University, Taiwan (Grant No. CMU112-S-42).
Data availability
The datasets analyzed during the current study are available from the corresponding author on reasonable request.
Declarations
Competing interests
The authors declare no competing interests.
Footnotes
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
References
- 1.Shor, P. W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev.41(2), 303–332 (1999). [Google Scholar]
- 2.Rivest, R. L., Shamir, A. & Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM21(2), 120–126 (1978). [Google Scholar]
- 3.Liu, W.-J. & Li, Z.-X. Secure and efficient two-party quantum scalar product protocol with application to privacy-preserving matrix multiplication. IEEE Trans. Circuits Syst. I Regul. Pap.70(11), 4456–4469 (2023). [Google Scholar]
- 4.Li, Z.-X., Liu, W.-J. & Su, B.-M. Efficient quantum secure multi-party greatest common divisor protocol and its applications in private set operations. EPJ Quantum Technol.11(1), 57 (2024). [Google Scholar]
- 5.Li, Z.-X. & Liu, W.-J. Quantum secure multi-party computation protocols for solving least common multiple problem. Chin. J. Comput.47(6), 1393–1412 (2024). [Google Scholar]
- 6.Chen, X. B., Xu, G., Yang, Y. X. & Wen, Q. Y. An efficient protocol for the secure multi-party quantum summation. Int. J. Theor. Phys.49, 2793–2804 (2010). [Google Scholar]
- 7.Zhang, C., Sun, Z., Huang, Y. & Long, D. High-capacity quantum summation with single photons in both polarization and spatial-mode degrees of freedom. Int. J. Theor. Phys.53, 933–941 (2014). [Google Scholar]
- 8.Zhang, C., Sun, Z. W., Huang, X. & Long, D. Y. Three-party quantum summation without a trusted third party. Int. J. Quantum Inf.13(02), 1550011 (2015). [Google Scholar]
- 9.Zhang, C., Situ, H., Huang, Q. & Yang, P. Multi-party quantum summation without a trusted third party based on single particles. Int. J. Quantum Inf.15(02), 1750010 (2017). [Google Scholar]
- 10.Zhang, C., Huang, Q., Long, Y. & Sun, Z. Secure three-party semi-quantum summation using single photons. Int. J. Theor. Phys.60(9), 3478–3487 (2021). [Google Scholar]
- 11.Liu, W., Wang, Y. B. & Fan, W. Q. An novel protocol for the quantum secure multi-party summation based on two-particle Bell states. Int. J. Theor. Phys.56, 2783–2791 (2017). [Google Scholar]
- 12.Shi, R. H. & Zhang, S. Quantum solution to a class of two-party private summation problems. Quantum Inf. Process.16, 1–9 (2017). [Google Scholar]
- 13.Gu, J., Hwang, T. & Tsai, C. W. Improving the security of ‘high-capacity quantum summation with single photons in both polarization and spatial-mode degrees of freedom’. Int. J. Theor. Phys.58, 2213–2217 (2019). [Google Scholar]
- 14.Ye, T. Y. & Xu, T. J. A lightweight three-user secure quantum summation protocol without a third party based on single-particle states. Quantum Inf. Process.21(9), 309 (2022). [Google Scholar]
- 15.Hu, J. L. & Ye, T. Y. Three-party secure semiquantum summation without entanglement among quantum user and classical users. Int. J. Theor. Phys.61(6), 170–180 (2022). [Google Scholar]
- 16.Ye, T. Y., Xu, T. J., Geng, M. J. & Chen, Y. Two-party secure semiquantum summation against the collective-dephasing noise. Quantum Inf. Process.21(3), 118 (2022). [Google Scholar]
- 17.Wu, W. Q. & Xie, M. Z. Quantum secure multi-party summation using single photons. Entropy25(4), 590 (2023). [DOI] [PMC free article] [PubMed] [Google Scholar]
- 18.Tian, Y., Zhang, N., Ye, C., Bian, G. & Li, J. Different secure semi-quantum summation models without measurement. EPJ Quantum Technol.11(1), 35 (2024). [Google Scholar]
- 19.Cheng, Q., Situ, H., Huang, Q. & Zhang, C. Secure three-party quantum summation based on W-class states. Int. J. Theor. Phys.63(4), 98 (2024). [Google Scholar]
- 20.Yang, H. Y. & Ye, T. Y. Secure multi-party quantum summation based on quantum Fourier transform. Quantum Inf. Process.17(6), 129 (2018). [Google Scholar]
- 21.Ji, Z. et al. Quantum protocols for secure multi-party summation. Quantum Inf. Process.18, 1–19 (2019). [Google Scholar]
- 22.Sutradhar, K. & Om, H. A generalized quantum protocol for secure multiparty summation. IEEE Trans. Circuits Syst. II Express Briefs67(12), 2978–2982 (2020). [Google Scholar]
- 23.Wu, W. & Ma, X. Multi-party quantum summation without a third party based on d-dimensional Bell states. Quantum Inf. Process.20(6), 200 (2021). [Google Scholar]
- 24.Ye, T. Y. & Hu, J. L. Quantum secure multiparty summation based on the phase shifting operation of d-level quantum system and its application. Int. J. Theor. Phys.60, 819–827 (2021). [Google Scholar]
- 25.Yi, X., Cao, C., Fan, L. & Zhang, R. Quantum secure multi-party summation protocol based on blind matrix and quantum Fourier transform. Quantum Inf. Process.20(7), 249 (2021). [Google Scholar]
- 26.Cai, X. Q., Wang, T. Y., Wei, C. Y. & Gao, F. Cryptanalysis of secure multiparty quantum summation. Quantum Inf. Process.21(8), 285 (2022). [Google Scholar]
- 27.Coppersmith, D. An approximate Fourier transform useful in quantum factoring. Preprint at quant-ph/0201067. (2002).
- 28.Shi, R. H., Mu, Y., Zhong, H., Cui, J. & Zhang, S. Secure multiparty quantum computation for summation and multiplication. Sci. Rep.6(1), 19655 (2016). [DOI] [PMC free article] [PubMed] [Google Scholar]
- 29.Lv, S. X., Jiao, X. F. & Zhou, P. Multiparty quantum computation for summation and multiplication with mutually unbiased bases. Int. J. Theor. Phys.58, 2872–2882 (2019). [Google Scholar]
- 30.Sutradhar, K. & Om, H. Hybrid quantum protocols for secure multiparty summation and multiplication. Sci. Rep.10(1), 9097 (2020). [DOI] [PMC free article] [PubMed] [Google Scholar]
- 31.Zhang, W. W. & Zhang, K. J. Cryptanalysis and improvement of the quantum private comparison protocol with semi-honest third party. Quantum Inf. Process.12, 1981–1990 (2013). [Google Scholar]
- 32.Bennett, C. H. & Brassard, G. Quantum cryptography: Public key distribution and coin tossing. In International Conference on Computers, Systems and Signal Processing, Bangalore, India, December. 9–12 (1984).
- 33.Ekert, A. K. Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett.67(6), 661–663 (1991). [DOI] [PubMed] [Google Scholar]
- 34.Zhang, Z. J. Multiparty quantum secret sharing of secure direct communication. Phys. Lett. A342(1–2), 60–66 (2005). [Google Scholar]
- 35.Han, L. F., Liu, Y. M., Liu, J. & Zhang, Z. J. Multiparty quantum secret sharing of secure direct communication using single photons. Opt. Commun.281(9), 2690–2694 (2008). [Google Scholar]
- 36.Wootters, W. K. & Zurek, W. H. A single quantum cannot be cloned. Nature299(5886), 802–803 (1982). [Google Scholar]
- 37.Busch, P., Heinonen, T. & Lahti, P. Heisenberg’s uncertainty principle. Phys. Rep.452(6), 155–176 (2007). [Google Scholar]
- 38.Li, C.-Y., Zhou, H.-Y., Wang, Y. & Deng, F.-G. Secure quantum key distribution network with Bell states and local unitary operations. Chin. Phys. Lett.22(5), 1049–1052 (2005). [Google Scholar]
- 39.Li, C.-Y. et al. Efficient quantum cryptography network without entanglement and quantum memory. Chin. Phys. Lett.23(11), 2896–2899 (2006). [Google Scholar]
- 40.Deng, F. G., Long, G. L. & Liu, X. S. Two-step quantum direct communication protocol using the Einstein-Podolsky-Rosen pair block. Phys. Rev. A68(4), 042317 (2003). [Google Scholar]
- 41.Gao, F., Guo, F., Wen, Q. & Zhu, F. Comparing the efficiencies of different detect strategies in the ping-pong protocol. Sci. China Ser. G51(12), 1853–1860 (2008). [Google Scholar]
- 42.Wang, T.-Y., Wen, Q.-Y. & Zhu, F.-C. Secure authentication of classical messages with single photons. Chin. Phys. B18(8), 3189–3192 (2009). [Google Scholar]
- 43.Deng, F. G., Li, X. H., Zhou, H. Y. & Zhang, Z. J. Improving the security of multiparty quantum secret sharing against Trojan horse attack. Phys. Rev. A72(4), 044302 (2005). [Google Scholar]
- 44.Cai, Q. Y. Eavesdropping on the two-way quantum communication protocols with invisible photons. Phys. Lett. A351(1–2), 23–25 (2006). [Google Scholar]
- 45.Gisin, N., Fasel, S., Kraus, B., Zbinden, H. & Ribordy, G. Trojan-horse attacks on quantum-key-distribution systems. Phys. Rev. A73(2), 022320 (2006). [Google Scholar]
- 46.Wang, T. Y., Wen, Q. Y., Gao, F., Lin, S. & Zhu, F. C. Cryptanalysis and improvement of multiparty quantum secret sharing schemes. Phys. Lett. A373(1), 65–68 (2008). [Google Scholar]
- 47.Gao, G. Simple collaboration eavesdropping on the improved multiparty quantum secret sharing protocol. Int. J. Theor. Phys.49, 2210–2214 (2010). [Google Scholar]
- 48.Wang, S. H., Chong, S. K. & Hwang, T. On multiparty quantum secret sharing with Bell states and Bell measurements. Opt. Commun.283(21), 4405–4407 (2010). [Google Scholar]
Associated Data
This section collects any data citations, data availability statements, or supplementary materials included in this article.
Data Availability Statement
The datasets analyzed during the current study are available from the corresponding author on reasonable request.