Abstract
We present a security analysis of a multiparty quantum key distribution (QKD) based on Mermin-Ardehali-Belinskiĭ-Klyshko (MABK) type multipartite nonlocality. Our analysis provides an asymptotic secret key rate of the multiparty QKD under the restriction that successive trials are completely independent. In our analysis, we construct the relation between a secret key rate of the multiparty QKD and an expectation value of MABK operator. We show that side channel attacks, which can threaten the information theoretic (IT) security analysis of multiparty QKD, are prevented in our analysis. We compare secret key rates obtained by using the IT analysis, the existing fully device-independent analysis, and our analysis. It is shown that efficiency of the multiparty QKD can be improved with increasing number of authorized parties in our analysis as well.
© 2019 Optical Society of America under the terms of the OSA Open Access Publishing Agreement
1. Introduction
Quantum key distribution (QKD) is a novel scheme to share a random secret key between two distant authorized parties, Alice and Bob, by exploiting the principles of quantum mechanic. This protocol provides an information-theoretic security under a potential attack of malicious eavesdropper, conventionally called Eve. The first proposal of QKD, called BB84 protocol [1], exploits quantum superposition and no-cloning theorem [2] to guarantee its security. Subsequently, E91 protocol was suggested whose security is based on nonlocality [3]. After these proposals, many efforts have been made to analyse the security of the QKD protocols based on various quantum principles [4–10].
Although QKD protocols provide an information theoretic security theoretically, it was shown that the implementation of practical QKD system can have security defects due to imperfections of devices. An attack exploits the imperfections is known as a side channel attack, including photon number splitting attack [11], detector efficiency mismatch attack [12], detector blinding attack [13,14]. To overcome threats of all side channel attacks, device-independent (DI) security analysis was proposed [15–20]. In the DI analysis, the security of key string is based on the nonlocality verified by the Clauser-Horne-Shimony-Holt (CHSH) inequality [21]. However, it is assumed that successive rounds of QKD must be completely independent. Without such assumption, fully DI analysis was proposed [22–25] which only assume that the devices are modeled by the laws of quantum mechanics and they are spatially separated from each other and from Eve.
However, the implementation of the fully DI-QKD requires a loophole-free Bell test that poses high technological demands [26,27]. Therefore, there have been many suggestions to increase the practicality of QKD by loosening some constraints of the fully DI-QKD. The semi-DI (SDI) QKD was proposed with the quantum system of which dimensionality is bounded [28–30]. The one-sided DI-QKD, which one party has trusted devices and the other has a black box, was proposed as well [31,32]. The measurement-device-independent (MDI) QKD was proposed to remove all side channel attacks against measurement devices [33–36]. These QKD protocols are more practical than the fully DI-QKD, while they can prevent a part of side channel attacks.
In another branch of quantum communication research, quantum networks have been studied in order to generate connection among multiparty rather than one-to-one connection in the advent of quantum technologies [37–41]. In the circumstance, secret information sharing protocols among many authorized parties, including $N$-partite QKD ($N$-QKD) and quantum secret sharing (QSS), have been studied [42–54]. In $N$-QKD, all parties who share a multipartite entangled state are authorized parties and they distribute a random secret key. Strict security analyses of $N$-QKD have been studied in recent years. In 2017, the security of $N$-QKD was analysed based on generalized version of the information-theoretic (IT) security analysis [51]. In 2018, the fully DI security analysis of $N$-QKD, named as the fully DI conference key agreement (CKA), was provided [52] as an extension of bipartite DI-QKD [25]. The security of the DI-CKA relies on the relation between the Clauser-Horne-Shimony-Holt (CHSH) [21] and the Mermin-Ardehali-Belinskiĭ-Klyshko (MABK) [55–57] type nonlocality.
In this article, we propose a new security analysis of $N$-QKD based on multipartite nonlocality. Nonlocal correlations of a multipartite quantum system are verified by MABK inequality as like the DI-CKA. However, different from the DI-CKA, our analysis does not provide the fully DI security since our analysis is provided under the restriction that successive trials are completely independent. So Eve’s attack is restricted to an independent and identically distributed (i.i.d.) attack. For this reason, we call our analysis as SDI security analysis. The SDI analysis provides an asymptotic secret key rate of $N$-QKD. We construct a relation between a secret key rate of $N$-QKD and an expectation value of MABK operator. It is shown the SDI analysis can prevent some side channel attacks, which the IT analysis can not. The effect of the i.i.d. assumption in $N$-QKD with varying $N$, the number of authorized parties, is shown by comparing the DI-CKA and the SDI analysis. We compare the secret key rates obtained by using the IT analysis, the DI-CKA, and the SDI analysis in the same quantum depolarization noise as well.
The article is structured as follows. We introduce MABK inequality and present a schematic descriptions of $N$-QKD in Sec. 2. In Sec. 3 we present the SDI security analysis based on MABK inequality and we compare the secret key rate evaluated by using the proposed SDI analysis to that evaluated by using the IT analysis and that of the DI-CKA. Finally, conclusion is drawn in Sec. 4.
2. Schematic description of multiparty QKD
In a conventional QKD, a two-dimensional quantum system, called a qubit [58], is exploited as an information carrier. MABK inequality [55] is known as a tight inequality of a multiparty qubit system [59]. The definition of the operator to evaluate MABK inequality is shown in Eq. (1):
In a conventional bipartite entanglement QKD protocol [3–7], the maximally entangled states, called Bell states, are exploited to distribute a secret key. One of the four orthonormal Bell states is described in Eq. (5):
In a bipartite QKD protocol, the authorized two parties, Alice and Bob, exploit two measurement bases, such as $\hat {Z}$ and $\hat {X}$, to share a random secret key since correlations between Alice and Bob’s measurement outcomes are preserved under a basis transformation as shown in Eq. (6):On the other hand, a form of correlation of the $N$-partite GHZ state is changed under a basis transformation. An example is described in Eq. (7):
The procedure of the $N$-QKD we propose is given as follows:
- 1. Alice generates a $N$-partite GHZ state described in Eq. (4). She keeps one qubit and distributes the others to $(N-1)$ Bobs.
- 2. Alice and Bobs choose a measurement basis randomly from among $\{\hat {X}', \hat {Y}', \hat {Z}'\}$.
- 3. Alice and Bobs announce their measurement bases through the classical(public) channel.
- 5. After several repetitions of the steps 1–4, the authorized parties perform a post-processing.
To guarantee the security of this $N$-QKD, the following assumptions are necessary.
- 1. The authorized parties have measurement devices corresponding to $X'$-, $Y'$-, and $Z'$-measurement and their outcomes are $-1$ or $1$. The measurement operators satisfies $\hat {X}'=\hat {X}$, $\hat {Y}'=\hat {Y}$, and $\hat {Z}'=\hat {Z}$ in the ideal setup.
- 2. The authorized parties hold trusted random number generators to select a measurement basis randomly.
- 3. The successive trials of the $N$-QKD must be completely independent.
- 4. The laboratory of each authorized party is isolated from the outside to prevent unindented information leakage or inflow.
- 5. The GHZ state generator is isolated from Alice’s measurement setup, so it can be assumed that Eve holds the source while Alice’s measurement is isolated from Eve.
Any experimental setup that is able to test MABK inequality can be exploited to perform this $N$-QKD. The generation of a photonic multipartite entangled state has been demonstrated [67–74], and there have been experimental tests of the multipartite nonlocality in photonic systems as well [75–79]. The $N$-partite QSS protocols that exploit $N$-partite entangled states were demonstrated successfully [80,81]. It is expected that the experimental setups of these QSS protocols are exploited to demonstrate the $N$-QKD.
3. Security analysis
Before we provide the SDI security analysis, we introduce extended depolarization procedure that is assumed in the IT analysis [51]. We follow the notations used in [51]. Orthonormal states of $N$-partite entangled qubits, is described as follows:
A depolarization operation can be decomposed to a sequence of local operations. The set of the extended depolarizing channel $\mathbf {D}$ is written in Eq. (9):
The form of a density matrix written in Eq. (11) cannot represent a general $N$-qubit state, but it was proven that if we know the initial $N$-qubit state, it can be brought to the form of Eq. (11) by means of local operations and classical communication (LOCC) [82]. In our scenario, a density matrix of the initially distributed quantum state can be constructed from the revealed $X'$- and $Y'$-measurement outcomes, so the authorized parties can try the appropriate LOCC to bring their quantum state to the form of Eq. (11). This LOCC makes the marginals for each ideal measurement be random, i.e. $\langle {\hat {X}'_{k}}\rangle =\langle {\hat {Y}'_{k}}\rangle =0$ for all $k\in \{1,2,\ldots ,N-1,N\}$. The density matrix described in Eq. (11) represents the quantum state after distribution through quantum channels although the original state that Alice wants to distribute is the $N$-partite GHZ state, $|{\psi ^{+}_{0}}\rangle$. Therefore, it is natural that $\lambda _{0}^{+}$ is assumed as the largest value among all $\lambda$s.
First, we provide our security analysis about i.i.d. states and measurements. An asymptotic secret key rate of the $N$-QKD can be calculated from the equation [7,8,51] shown in Eq. (12):
where $I(A,B_{j})$ is mutual information between Alice and $j$-th Bob, and $\chi (A;E)$ is Holevo information [83]. Hereafter, we omit the min in the subscript of $r$.The mutual information is easily calculated from the density matrix written in Eq. (11), as shown in Eq. (13):
The Holevo information is defined as written in Eq. (14):
where $S(\hat {\rho })$ is the von Neumann entropy and $z'$ is Alice’s $Z'$-measurement outcome. To evaluate an upper bound of the Holevo information, we assume Eve’s purified quantum state as shown in Eq. (15):From Eq. (16) and Eq. (19), an upper bound of the Holevo information can be calculated as shown in Eq. (20):
It is expectable to construct the relation between $G(\lambda _{0}^{+},\lambda _{0}^{-})$ and $S_{N}$, an expectation value of the MABK operator, since $S_{N}$ with the depolarized density matrix written in Eq. (11) is the function relies on only $\lambda _{0}^{+}$ and $\lambda _{0}^{-}$ as shown in Eq. (22):
Finally, the relation between a secret key rate of the $N$-QKD and $S_{N}$ is constructed as shown in Eq. (24):
The secret key rate written in Eq. (24) is obtained under the i.i.d. states and measurements. Now, we generalize the secret key rate for different states and measurements. Let us define the upper bound of the Holevo information as shown in Eq. (25):
Now, we compare the SDI analysis to the IT analysis of the $N$-QKD about security against a side channel attack. As an example, let us assume that Eve occupies the source part of the $N$-QKD, which is the GHZ state generator in the ideal $N$-QKD. In the circumstances, Eve can perform a side-channel attack against detectors of the authorized parties through the quantum channel, such as detector-blinding attacks [13,14]. In the detector-blinding attack, Eve sends strong light to single photon detectors involved in the setup of the authorized parties through the quantum channel. By doing this, Eve can control a click of the detectors because of malfunction of the detectors. When Eve’s encoding basis and a measurement basis of the authorized party are the same, while a detector click does not occur when the encoding basis and the measurement basis are different. Since an error is induced in outcome statistics of the authorized parties when Eve’s encoding basis and the measurement basis are different, the authorized parties cannot detect the existence of Eve under this attack in a conventional QKD protocol. By performing this attack, Eve can make measurement outcomes of the authorized parties be always $|{0}\rangle$ for $Z$-measurement, $|{+}\rangle$ for $X$-measurement, and $|{i+}\rangle$ for $Y$-measurement. Under this attack, $Q_{B_{k}}=0$ for all possible $k$ since the outcomes of $Z$-measurement are always the same.
In the IT analysis, the Holevo information relies on a phase error rate $Q_{p}$ which is obtained from the following equation: $Q_{p}=(1-\langle {\hat {X}^{\otimes N}}\rangle )/2$ [51]. Under the attack, the outcomes of $X$-measurement are 1 for all authorized parties, therefore $Q_{p}=0$ is obtained. So Alice and Bobs distribute secret keys from their outcomes, even when Eve has full information about the secret keys.
If we analyse the same outcome statistics by using the SDI analysis, $S_{N}$ is equal to the local realistic bound. Since there is no nonlocal correlation, a secret key rate becomes zero. Moreover, the detector blinding attack is forbidden in the assumptions of the SDI analysis since detection efficiency of the detectors should be close to $1$ for a loophole-free nonlocality test. In the detector blinding attack, a click event occurs only when Eve and $i$-th Bob choose the same basis, so a loophole-free nonlocality test is impossible. From this example, we can conclude that the SDI analysis provide more secure than the IT analysis, since there is an attack strategy that the SDI analysis can prevent while the IT analysis cannot.
We compare asymptotic secret key rates obtained by using the SDI analysis, the IT analysis [51] of $N$-QKD and the DI-CKA [52]. In the evaluation of the key rates, we assumed the ideal case, which means that there is no Eve and devices are well manufactured. Figures 4 and 5 show the secret key rates under depolarizing noise. The density matrix under the depolarizing noise is shown in Eq. (27):
Figure 4 shows asymptotic secret key rates obtained by using the SDI analysis (solid lines), the IT analysis (dashed lines) [51] and the DI-CKA (dotted lines) [52]. The black lines represent the secret key rates when the number of parties is $3$, and the red lines does when the number of parties is $11$. The secret key rates obtained by using the SDI analysis are in the middle of those evaluated by using the IT analysis and the DI-CKA. Since the DI-CKA provides fully DI security even against beyond i.i.d. adversary, the secret key rates of the DI-CKA is the lowest and the secret key rate decrease when the number of parties increase. The secret key rates obtained by using the SDI analysis and the IT analysis, which provide security against i.i.d. adversary, become more efficient with increasing $N$.
Figure 5(a) shows the secret key rates of various party numbers $N$ evaluated by using the SDI analysis. The secret key rate of the $N$-QKD becomes higher with increasing $N$ and the difference between the secret key rate of $N$-QKD and $(N+1)$-QKD becomes smaller when $N$ increases. The decrease of the difference can be also seen in Fig. 5(b). Figure 5(b) shows the relation between the threshold of multiparty QBER when the secret key rate becomes zero and the number of parties. In the plot, it is shown that the increase of the threshold becomes insignificant when $N$ is larger than $8$.
4. Conclusion
In this article, we presented SDI security analysis of $N$-QKD in the asymptotic limit based on MABK inequality. We show the SDI analysis can prevent a side channel attack that threatens the IT analysis. It was shown that a secret key rate evaluated by using the SDI analysis becomes more efficient with increasing $N$ while that of the DI-CKA, which provides fully DI security, becomes lower with the same condition. The tendency of the difference of secret key rates between $N$-QKD and $(N+1)$-QKD when $N$ increases is shown as well.
Funding
National Research Council of Science and Technology (NST) (CAP-15-08-KRISS).
Acknowledgments
Y. Jo thanks to the Agency for Defense Development for the graduate student scholarship program. W. Son acknowledges the University of Oxford and the Korea Institute for Advanced Study (KIAS) for their visitorship program.
References
1. C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, (IEEE, 1984), p. 175
2. W. K. Wootters and W. H. Zurek, “A single quantum cannot be cloned,” Nature 299(5886), 802–803 (1982). [CrossRef]
3. A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef]
4. D. Deutsch, A. Ekert, R. Jozsa, C. Macchiavello, S. Popescu, and A. Sanpera, “Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels,” Phys. Rev. Lett. 77(13), 2818–2821 (1996). [CrossRef]
5. D. Mayers, “Unconditional security in quantum cryptography,” J. Assoc. Comput. Mach. 48(3), 351–406 (2001). [CrossRef]
6. P. W. Shor and J. Preskill, “Simple Proof of Security of the BB84 Quantum Key Distribution Protocol,” Phys. Rev. Lett. 85(2), 441–444 (2000). [CrossRef]
7. I. Devetak and A. Winter, “Distillation of secret key and entanglement from quantum states,” Proc. R. Soc. London, Ser. A 461(2053), 207–235 (2005). [CrossRef]
8. R. Renner, N. Gisin, and B. Kraus, “Information-theoretic security proof for quantum-key-distribution protocols,” Phys. Rev. A 72(1), 012332 (2005). [CrossRef]
9. M. Koashi, “Unconditional security of quantum key distribution and the uncertainty principle,” J. Phys. Conf. Ser. 36, 98–102 (2006). [CrossRef]
10. M. Koashi, “Simple security proof of quantum key distribution based on complementarity,” New J. Phys. 11(4), 045018 (2009). [CrossRef]
11. G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders, “Limitations on practical quantum cryptography,” Phys. Rev. Lett. 85(6), 1330–1333 (2000). [CrossRef]
12. V. Makarov, A. Anisimov, and J. Skaar, “Effects of detector efficiency mismatch on security of quantum cryptosystems,” Phys. Rev. A 74(2), 022313 (2006). [CrossRef]
13. L. Lydersen, C. Wiechers, C. Wittmann, D. Elser, J. Skaar, and V. Makarov, “Hacking commercial quantum cryptography systems by tailored bright illumination,” Nat. Photonics 4(10), 686–689 (2010). [CrossRef]
14. A. Huang, S. Sajeed, P. Chaiwongkhot, M. Soucarros, M. Legre, and V. Makarov, “Testing Random-Detector-Efficiency Countermeasure in a Commercial System Reveals a Breakable Unrealistic Assumption,” IEEE J. Quantum Electron. 52(11), 1–11 (2016). [CrossRef]
15. J. Barrett, L. Hardy, and A. Kent, “No signaling and quantum key distribution,” Phys. Rev. Lett. 95(1), 010503 (2005). [CrossRef]
16. A. Acín, N. Gisin, and L. Masanes, “From Bell’s Theorem to Secure Quantum Key Distribution,” Phys. Rev. Lett. 97(12), 120405 (2006). [CrossRef]
17. A. Acín, S. Massar, and S. Pironio, “Efficient quantum key distribution secure against no-signalling eavesdroppers,” New J. Phys. 8(8), 126 (2006). [CrossRef]
18. V. Scarani, N. Gisin, N. Brunner, L. Masanes, S. Pino, and A. Acín, “Secrecy extraction from no-signaling correlations,” Phys. Rev. A 74(4), 042339 (2006). [CrossRef]
19. A. Acín, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, “Device-Independent Security of Quantum Cryptography against Collective Attacks,” Phys. Rev. Lett. 98(23), 230501 (2007). [CrossRef]
20. S. Pironio, A. Acín, N. Brunner, N. Gisin, S. Massar, and V. Scarani, “Device-independent quantum key distribution secure against collective attacks,” New J. Phys. 11(4), 045021 (2009). [CrossRef]
21. J. F. Clauser, M. A. Horne, A. Shimony, and R. A. Holt, “Proposed Experiment to Test Local Hidden-Variable Theories,” Phys. Rev. Lett. 23(15), 880–884 (1969). [CrossRef]
22. J. Barrett, R. Colbeck, and A. Kent, “Unconditionally secure device-independent quantum key distribution with only two devices,” Phys. Rev. A 86(6), 062326 (2012). [CrossRef]
23. J. Barrett, R. Colbeck, and A. Kent, “Memory Attacks on Device-Independent Quantum Cryptography,” Phys. Rev. Lett. 110(1), 010503 (2013). [CrossRef]
24. B. W. Reichardt, F. Unger, and U. Vazirani, “Classical command of quantum systems,” Nature 496(7446), 456–460 (2013). [CrossRef]
25. U. Vazirani and T. Vidick, “Fully Device-Independent Quantum Key Distribution,” Phys. Rev. Lett. 113(14), 140501 (2014). [CrossRef]
26. J.-Å. Larsson, M. Giustina, J. Kofler, B. Wittmann, R. Ursin, and S. Ramelow, “Bell-inequality violation with entangled photons, free of the coincidence-time loophole,” Phys. Rev. A 90(3), 032107 (2014). [CrossRef]
27. W. Rosenfeld, D. Burchardt, R. Garthoff, K. Redeker, N. Ortegel, M. Rau, and H. Weinfurter, “Event-Ready Bell Test Using Entangled Atoms Simultaneously Closing Detection and Locality Loopholes,” Phys. Rev. Lett. 119(1), 010402 (2017). [CrossRef]
28. M. Pawłowski and N. Brunner, “Semi-device-independent security of one-way quantum key distribution,” Phys. Rev. A 84(1), 010302 (2011). [CrossRef]
29. Y. Wang, W.-S. Bao, H.-W. Li, C. Zhou, and Y. Li, “Security of a practical semi-device-independent quantum key distribution protocol against collective attacks,” Chin. Phys. B 23(8), 080303 (2014). [CrossRef]
30. C. Zhou, P. Xu, W.-S. Bao, Y. Wang, Y. Zhang, M.-S. Jiang, and H.-W. Li, “Finite-key bound for semi-device-independent quantum key distribution,” Opt. Express 25(15), 16971–16980 (2017). [CrossRef]
31. C. Branciard, E. G. Cavalcanti, S. P. Walborn, V. Scarani, and H. M. Wiseman, “One-sided device-independent quantum key distribution: Security, feasibility, and the connection with steering,” Phys. Rev. A 85(1), 010301 (2012). [CrossRef]
32. Y. Wang, W.-s. Bao, H.-w. Li, C. Zhou, and Y. Li, “Finite-key analysis for one-sided device-independent quantum key distribution,” Phys. Rev. A 88(5), 052322 (2013). [CrossRef]
33. H.-K. Lo, M. Curty, and B. Qi, “Measurement-device-independent quantum key distribution,” Phys. Rev. Lett. 108(13), 130503 (2012). [CrossRef]
34. Y. Jo and W. Son, “Key-rate enhancement using qutrit states for quantum key distribution with askew aligned sources,” Phys. Rev. A 94(5), 052316 (2016). [CrossRef]
35. L. Dellantonio, A. S. Sørensen, and D. Bacco, “High-dimensional measurement-device-independent quantum key distribution on two-dimensional subspaces,” Phys. Rev. A 98(6), 062301 (2018). [CrossRef]
36. Y. Jo, K. Bae, and W. Son, “Enhanced Bell state measurement for efficient measurement-device-independent quantum key distribution using 3-dimensional quantum states,” Sci. Rep. 9(1), 687 (2019). [CrossRef]
37. A. Acín, J. I. Cirac, and M. Lewenstein, “Entanglement percolation in quantum networks,” Nat. Phys. 3(4), 256–259 (2007). [CrossRef]
38. M. Peev, C. Pacher, R. Alléaume, C. Barreiro, J. Bouda, W. Boxleitner, T. Debuisschert, E. Diamanti, M. Dianati, J. F. Dynes, S. Fasel, S. Fossier, M. Fürst, J.-D. Gautier, O. Gay, N. Gisin, P. Grangier, A. Happe, Y. Hasani, M. Hentschel, H. Hübel, G. Humer, T. Länger, M. Legré, R. Lieger, J. Lodewyck, T. Lorünser, N. Lütkenhaus, A. Marhold, T. Matyus, O. Maurhart, L. Monat, S. Nauerth, J.-B. Page, A. Poppe, E. Querasser, G. Ribordy, S. Robyr, L. Salvail, A. W. Sharpe, A. J. Shields, D. Stucki, M. Suda, C. Tamas, T. Themel, R. T. Thew, Y. Thoma, A. Treiber, P. Trinkler, R. Tualle-Brouri, F. Vannel, N. Walenta, H. Weier, H. Weinfurter, I. Wimberger, Z. L. Yuan, H. Zbinden, and A. Zeilinger, “The SECOQC quantum key distribution network in Vienna,” New J. Phys. 11(7), 075001 (2009). [CrossRef]
39. F. Xu, W. Chen, S. Wang, Z. Yin, Y. Zhang, Y. Liu, Z. Zhou, Y. Zhao, H. Li, D. Liu, Z. Han, and G. Guo, “Field experiment on a robust hierarchical metropolitan quantum cryptography network,” Chin. Sci. Bull. 54(17), 2991–2997 (2009). [CrossRef]
40. M. Sasaki, M. Fujiwara, H. Ishizuka, W. Klaus, K. Wakui, M. Takeoka, S. Miki, T. Yamashita, Z. Wang, A. Tanaka, K. Yoshino, Y. Nambu, S. Takahashi, A. Tajima, A. Tomita, T. Domeki, T. Hasegawa, Y. Sakai, H. Kobayashi, T. Asai, K. Shimizu, T. Tokura, T. Tsurumaru, M. Matsui, T. Honjo, K. Tamaki, H. Takesue, Y. Tokura, J. F. Dynes, A. R. Dixon, A. W. Sharpe, Z. L. Yuan, A. J. Shields, S. Uchikoga, M. Legré, S. Robyr, P. Trinkler, L. Monat, J.-B. Page, G. Ribordy, A. Poppe, A. Allacher, O. Maurhart, T. Länger, M. Peev, and A. Zeilinger, “Field test of quantum key distribution in the Tokyo QKD Network,” Opt. Express 19(11), 10387 (2011). [CrossRef]
41. D. Stucki, M. Legré, F. Buntschu, B. Clausen, N. Felber, N. Gisin, L. Henzen, P. Junod, G. Litzistorf, P. Monbaron, L. Monat, J.-B. Page, D. Perroud, G. Ribordy, A. Rochas, S. Robyr, J. Tavares, R. Thew, P. Trinkler, S. Ventura, R. Voirol, N. Walenta, and H. Zbinden, “Long-term performance of the swissquantum quantum key distribution network in a field environment,” New J. Phys. 13(12), 123001 (2011). [CrossRef]
42. M. Hillery, V. Bužek, and A. Berthiaume, “Quantum secret sharing,” Phys. Rev. A 59(3), 1829–1834 (1999). [CrossRef]
43. A. Karlsson, M. Koashi, and N. Imoto, “Quantum entanglement for secret sharing and secret splitting,” Phys. Rev. A 59(1), 162–168 (1999). [CrossRef]
44. A. Cabello, “Multiparty key distribution and secret sharing based on entanglement swapping,” arXiv:quant-ph/0009025 (2000).
45. V. Scarani and N. Gisin, “Quantum communication between $\mathit {N}$ partners and bell’s inequalities,” Phys. Rev. Lett. 87(11), 117901 (2001). [CrossRef]
46. V. Scarani and N. Gisin, “Quantum key distribution between N partners: Optimal eavesdropping and Bell’s inequalities,” Phys. Rev. A 65(1), 012311 (2001). [CrossRef]
47. K. Chen and H.-K. Lo, “Conference key agreement and quantum sharing of classical secrets with noisy GHZ states,” in Proceedings. Int. Symp. Inf. Theory, 2005. ISIT 2005., (IEEE, 2005), pp. 1607–1611.
48. Z.-j. Zhang, Y. Li, and Z.-x. Man, “Multiparty quantum secret sharing,” Phys. Rev. A 71(4), 044301 (2005). [CrossRef]
49. R. Matsumoto, “Multiparty quantum-key-distribution protocol without use of entanglement,” Phys. Rev. A 76(6), 062316 (2007). [CrossRef]
50. A. Maitra, S. J. De, G. Paul, and A. K. Pal, “Proposal for quantum rational secret sharing,” Phys. Rev. A 92(2), 022305 (2015). [CrossRef]
51. M. Epping, H. Kampermann, C. Macchiavello, and D. Bruß, “Multi-partite entanglement can speed up quantum key distribution in networks,” New J. Phys. 19(9), 093012 (2017). [CrossRef]
52. J. Ribeiro, G. Murta, and S. Wehner, “Fully device-independent conference key agreement,” Phys. Rev. A 97(2), 022307 (2018). [CrossRef]
53. M. Choi, Y. Lee, and S. Lee, “Quantum secret sharing and Mermin operator,” Quantum Inf. Process. 17(10), 258 (2018). [CrossRef]
54. F. Grasselli, H. Kampermann, and D. Bruß, “Finite-key effects in multipartite quantum key distribution protocols,” New J. Phys. 20(11), 113014 (2018). [CrossRef]
55. N. D. Mermin, “Extreme quantum entanglement in a superposition of macroscopically distinct states,” Phys. Rev. Lett. 65(15), 1838–1840 (1990). [CrossRef]
56. M. Ardehali, “Bell inequalities with a magnitude of violation that grows exponentially with the number of particles,” Phys. Rev. A 46(9), 5375–5378 (1992). [CrossRef]
57. A. V. Belinskiĭ and D. N. Klyshko, “Interference of light and Bell’s theorem,” Phys. Usp. 36(8), 653–693 (1993). [CrossRef]
58. B. Schumacher, “Quantum coding,” Phys. Rev. A 51(4), 2738–2747 (1995). [CrossRef]
59. M. Żukowski and Č. Brukner, “Bell’s Theorem for General N -Qubit States,” Phys. Rev. Lett. 88(21), 210401 (2002). [CrossRef]
60. R. F. Werner and M. M. Wolf, “Bell’s inequalities for states with positive partial transpose,” Phys. Rev. A 61(6), 062102 (2000). [CrossRef]
61. D. Alsina, A. Cervera, D. Goyeneche, J. I. Latorre, and K. Życzkowski, “Operational approach to bell inequalities: Application to qutrits,” Phys. Rev. A 94(3), 032102 (2016). [CrossRef]
62. D. M. Greenberger, M. A. Horne, A. Shimony, and A. Zeilinger, “Bell’s theorem without inequalities,” Am. J. Phys. 58(12), 1131–1143 (1990). [CrossRef]
63. M. Giustina, A. Mech, S. Ramelow, B. Wittmann, J. Kofler, J. Beyer, A. Lita, B. Calkins, T. Gerrits, S. W. Nam, R. Ursin, and A. Zeilinger, “Bell violation using entangled photons without the fair-sampling assumption,” Nature 497(7448), 227–230 (2013). [CrossRef]
64. B. G. Christensen, K. T. McCusker, J. B. Altepeter, B. Calkins, T. Gerrits, A. E. Lita, A. Miller, L. K. Shalm, Y. Zhang, S. W. Nam, N. Brunner, C. C. W. Lim, N. Gisin, and P. G. Kwiat, “Detection-Loophole-Free Test of Quantum Nonlocality, and Applications,” Phys. Rev. Lett. 111(13), 130406 (2013). [CrossRef]
65. B. Hensen, H. Bernien, A. E. Dréau, A. Reiserer, N. Kalb, M. S. Blok, J. Ruitenberg, R. F. L. Vermeulen, R. N. Schouten, C. Abellán, W. Amaya, V. Pruneri, M. W. Mitchell, M. Markham, D. J. Twitchen, D. Elkouss, S. Wehner, T. H. Taminiau, and R. Hanson, “Loophole-free Bell inequality violation using electron spins separated by 1.3 kilometres,” Nature 526(7575), 682–686 (2015). [CrossRef]
66. K. Kostrzewa, W. Laskowski, and T. Vértesi, “Closing the detection loophole in multipartite Bell experiments with a limited number of efficient detectors,” Phys. Rev. A 98(1), 012138 (2018). [CrossRef]
67. D. R. Hamel, L. K. Shalm, H. Hübel, A. J. Miller, F. Marsili, V. B. Verma, R. P. Mirin, S. W. Nam, K. J. Resch, and T. Jennewein, “Direct generation of three-photon polarization entanglement,” Nat. Photonics 8(10), 801–807 (2014). [CrossRef]
68. J.-W. Pan, M. Daniell, S. Gasparoni, G. Weihs, and A. Zeilinger, “Experimental demonstration of four-photon entanglement and high-fidelity teleportation,” Phys. Rev. Lett. 86(20), 4435–4438 (2001). [CrossRef]
69. H. Weinfurter and M. Żukowski, “Four-photon entanglement from down-conversion,” Phys. Rev. A 64(1), 010102 (2001). [CrossRef]
70. S. Gaertner, M. Bourennane, M. Eibl, C. Kurtsiefer, and H. Weinfurter, “High-fidelity source of four-photon entanglement,” Appl. Phys. B 77(8), 803–807 (2003). [CrossRef]
71. P. Walther, M. Aspelmeyer, and A. Zeilinger, “Heralded generation of multiphoton entanglement,” Phys. Rev. A 75(1), 012313 (2007). [CrossRef]
72. X.-C. Yao, T.-X. Wang, P. Xu, H. Lu, G.-S. Pan, X.-H. Bao, C.-Z. Peng, C.-Y. Lu, Y.-A. Chen, and J.-W. Pan, “Observation of eight-photon entanglement,” Nat. Photonics 6(4), 225–228 (2012). [CrossRef]
73. X.-L. Wang, L.-K. Chen, W. Li, H.-L. Huang, C. Liu, C. Chen, Y.-H. Luo, Z.-E. Su, D. Wu, Z.-D. Li, H. Lu, Y. Hu, X. Jiang, C.-Z. Peng, L. Li, N.-L. Liu, Y.-A. Chen, C.-Y. Lu, and J.-W. Pan, “Experimental ten-photon entanglement,” Phys. Rev. Lett. 117(21), 210502 (2016). [CrossRef]
74. Y. Tsujimoto, M. Tanaka, N. Iwasaki, R. Ikuta, S. Miki, T. Yamashita, H. Terai, T. Yamamoto, M. Koashi, and N. Imoto, “High-fidelity entanglement swapping and generation of three-qubit GHZ state using asynchronous telecom photon pair sources,” Sci. Rep. 8(1), 1446 (2018). [CrossRef]
75. Z. Zhao, T. Yang, Y.-A. Chen, A.-N. Zhang, M. Żukowski, and J.-W. Pan, “Experimental violation of local realism by four-photon greenberger-horne-zeilinger entanglement,” Phys. Rev. Lett. 91(18), 180401 (2003). [CrossRef]
76. R. Ceccarelli, G. Vallone, F. De Martini, P. Mataloni, and A. Cabello, “Experimental entanglement and nonlocality of a two-photon six-qubit cluster state,” Phys. Rev. Lett. 103(16), 160401 (2009). [CrossRef]
77. C. Erven, E. Meyer-Scott, K. Fisher, J. Lavoie, B. L. Higgins, Z. Yan, C. J. Pugh, J.-P. Bourgoin, R. Prevedel, L. K. Shalm, L. Richards, N. Gigov, R. Laflamme, G. Weihs, T. Jennewein, and K. J. Resch, “Experimental three-photon quantum nonlocality under strict locality conditions,” Nat. Photonics 8(4), 292–296 (2014). [CrossRef]
78. C. Zhang, Y.-F. Huang, Z. Wang, B.-H. Liu, C.-F. Li, and G.-C. Guo, “Experimental greenberger-horne-zeilinger-type six-photon quantum nonlocality,” Phys. Rev. Lett. 115(26), 260402 (2015). [CrossRef]
79. C. Zhang, C.-J. Zhang, Y.-F. Huang, Z.-B. Hou, B.-H. Liu, C.-F. Li, and G.-C. Guo, “Experimental test of genuine multipartite nonlocality under the no-signalling principle,” Sci. Rep. 6(1), 39327 (2016). [CrossRef]
80. S. Gaertner, C. Kurtsiefer, M. Bourennane, and H. Weinfurter, “Experimental demonstration of four-party quantum secret sharing,” Phys. Rev. Lett. 98(2), 020503 (2007). [CrossRef]
81. B. A. Bell, D. Markham, D. A. Herrera-Martí, A. Marin, W. J. Wadsworth, J. G. Rarity, and M. S. Tame, “Experimental demonstration of graph-state quantum secret sharing,” Nat. Commun. 5(1), 5480 (2014). [CrossRef]
82. W. Dür and J. I. Cirac, “Classification of multiqubit mixed states: Separability and distillability properties,” Phys. Rev. A 61(4), 042314 (2000). [CrossRef]
83. A. S. Holevo, “Bounds for the Quantity of Information Transmitted by a Quantum Communication Channel,” Probl. Inf. Transm. 9, 177–183 (1973).