State-of-the-Art Survey of Quantum Cryptography

Archives of Computational Methods in Engineering
https://doi.org/10.1007/s11831-021-09561-2
ORIGINAL PAPER
State-of-the-Art Survey of Quantum Cryptography

Ajay Kumar1 · Sunita Garhwal1
Received: 20 April 2020 / Accepted: 28 January 2021

© CIMNE, Barcelona, Spain 2021
Abstract
In today Internet era, confidential information transmitted over an insecure channel. With the significant development in the
area of quantum computing, there is a need for unconditional security in confidential information. Quantum key distribution
protocols are proven secure if all devices are perfect (in terms of technologies and proper protocol operations). The major
challenges in quantum communication are secret key rate, distance, cost and size of QKD devices. The purpose of this survey
article is to carry out a systematic review in the area of quantum cryptography by covering various aspects of non-deterministic
quantum key distribution protocols, quantum secure direct communication, semi-quantum key distribution, secure multiparty
communication protocol, post-quantum cryptography and device-independent cryptography techniques. In addition, we also
discussed various experimental work carried out in the area of quantum cryptography, various attacks and challenges relative
to the paradigm shift from classical cryptography to quantum cryptography. Quantum cryptography will become a future
replacement of classical cryptography techniques after the development of the first physical quantum computer.
Abbreviations using online transaction are increasing day by day. If two par-
PNS Photon number splitting ties do not share secret initially, then it is impossible in the
CHSH Clauser Horne Shimony Holt classical system to share secret key over an insecure channel
QBER Quantum bit error rate between these parties. In the today Internet era, our personal
RSA Rivest Shamir Adleman information (Such as Financial and Health) and National
DES Data encryption standard security data are transmitted over the Internet. Security of
QKD Quantum key distribution these transmitted data is utmost importance in today world.
QSDC Quantum secure direct communication Shor [1] designed an algorithm for finding prime factors of
SQKD Semi-quantum key distribution a large number. Once quantum computer will be available,
SMPC Secure multiparty communication Shor’s algorithm will give security threats to all classical
ASQKD Authenticated semi-quantum key distribution cryptographic protocol [2]. Research in quantum computing
DIQKD Device independent quantum key distribution accelerated after the Shor’s algorithm and Grover’s search
EPR Einstein Podolsky Rosen algorithm [3].
In a quantum system, information can not be copied (No-
cloning Theorem) or read by an eavesdropper. Classical
1 Introduction information can be copied like students prepare notes from
a book or blackboard without any disturbance, whereas
In a conventional digital communication system, information quantum information can not be copied. Any uncontrol-
can be passively monitored or copied; some eavesdropper lable control in quantum information is likely to be detected
can alter even information. Classical cryptosystem methods by the legitimate user. The concept of quantum cryptog-
(Rivest–Shamir–Adleman (RSA), Data Encryption Standard raphy evolved with Wiesner’s [4] idea almost fourth-nine
(DES)) are based on number theory and guesswork. There is years ago, and now commercial key distribution devices are
a need for more secure communication as the number of users available. Paper was written back in 1970 and remained
unpublished till 1983 as no one showed interest in his work.
B Ajay Kumar He described quantum coding and its application in money-
[email protected]
making and multiplexing of two or three messages (reading
1 Computer Science and Engineering Department, Thapar of one message can destroy other messages). He pointed out
Institute of Engineering and Technology, Patiala, India
123
A. Kumar, S. Garhwal
Fig. 1 Survey organization
that quantum money will have a serial number (similar as • We survey the existing literature on semi-quantum key
classical money) and 20 perfectly reflective boxes (each box distribution protocols.
contains a single photon in one of the four states, i.e. vertical, • An in-depth overview of multiparty communication pro-
horizontal, right-circular or left-circular). Bank will maintain tocols.
a record of each photon in each box with respect to the serial
number of quantum money, and fake currency can be avoided Outline of the Paper The rest of the paper is organized as
using the concept of no-cloning theorem. follows. Section 2 outlines the concepts of quantum cryptog-
Gisin et al. [5] carried out an early review on quantum raphy. In Sect. 3, research methodology has been described.
cryptography in 2002. Similar studies were carried out by Section 4 deals Discrete and Continuous Variable Quantum
Alleaume et al. [6], Giampouris [7] Diamanti et al. [8], Long Key Distribution and in Sect. 5, we classify various quantum
[9] and Zhou et al. [10]. We believe that there is still a need attacks. In Sect. 6, we described various Quantum Key Dis-
to carry out an in-depth study of the various quantum cryp- tribution Protocols. Sections 7, 8 and 9 deals with Quantum
tographic protocol. Compared with previous existing survey Secure Direct Communication, Semi-quantum Key Dis-
papers [5–10], our survey introduces the in-depth discussion tribution Protocol and Secure Multiparty Communication,
of Quantum key distribution protocols, reviews the exist- respectively. In Sect. 10, Device-Independent Cryptography
ing work published up to 2020, serving as a guide for other will be introduced and followed by Post Quantum Cryptog-
researchers to understand and apply the existing protocols, raphy in Sect. 11. Section 12 describes the current trends,
current research directions and discusses several open prob- sources of quantum cryptography research, various papers
lems. Further, this survey also helps the reader to identify a in terms of citations (Google as well as Web of Science),
few most impacting protocols and their sources. few real-life applications of quantum cryptography, and con-
For a better understanding of the state-of-the-art in quantum cluding remarks. Figure 1 represents the organization of the
cryptography, we surveyed with the following goals: paper.
2 Preliminaries
• We review various concepts and terminologies used for
understanding quantum protocols. In this section, several fundamental aspects of quantum com-
• A state-of-the-art of current trends in quantum cryptog- munication will be discussed.
raphy. We further elaborate various quantum attacks on
quantum protocols. The Heisenberg Uncertainty Principle: [11] It states that
• An exhaustive survey on deterministic protocols for certain pairs of physical properties are related and com-
quantum secure communication without the shared secret plementary in the sense measuring one property, prevent
key. simultaneously knowing of other property and destroying it.
• To identify and discusses the current trends in quan- Two-photon polarization rectilinear (horizontal and vertical)
tum cryptography like satellite-based communication, and diagonal (at 45◦ and 135◦ ) are complementary to each
device-independent cryptography and high-dimensional other.
Quantum key distribution. Properties of Quantum Protocol: Quantum Protocol must be
• Classification of discrete and continuous-variable quan- secure, correct and robust. In the classical protocol, correc-
tum key distribution. tion and security are the primary concern. Quantum protocols
123
are based on either the Heisenberg uncertainty principle or The classical one-time pad allows Alice and Bob to share
quantum entanglement. a secret message over the public classical channel. Quan-
tum one-time pad allows Alice and bob to share the secret
• Correct: Bob can able to decrypt the original message message (in the form of private quantum states) over a pub-
from Cipher-text using the decryption key. lic quantum channel. Assume Alice, Bob and Eve share a
• Secure: Eve has no gain of the information sent from quantum state ψ AB E . Schumacher and Westmoreland [15]
Alice to Bob. worked on classical private message sharing between Alice
• Robustness: The legitimate user (Alice/Bob) will detect and Bob by considering that Eve state is unrelated with state
errors if Eve attempt to obtain or alter the information of Alice and Bob, i.e. ψ AB E = ψ AB ⊗ ψ E . Brandao and
Oppenheim [16] carried out the work on the quantum one-
No Cloning Theorem: [12] It states that an unknown quantum time pad for sharing quantum messages by considering that
state cannot be cloned. Alice and Bob’s state is related with Eve state.
Quantum One-time Pad Encryption: |e = X k |m and
Quantum Entanglement: State of two or more quantum par- X |m = |m ⊕ 1
ticles are entangled if many of the physical properties of the Quantum One-time Pad Decryption: |m = X k |e =
particles are strongly correlated. State of an individual parti- X k |X k m
cle cannot be specified individually. Einstein et al. [13] gave Here X is a quantum operation for performing bit flip.
the initial thought that quantum mechanics is incomplete and If k = 0 then X 0 = I
described the concept of quantum entanglement by “Spooky If k = 1 then X 1 = X
action at a distance”. Quantum entanglement is a crucial phe-
nomenon for long-distance quantum key distribution. If two Quantum Bit Error Rate (QBER): In a classical system, the
qubits are maximal entanglement, then no eavesdropper has bit error rate is the error rate due to noise, interference or any
any share of entanglement. The heart of quantum cryptog- other issues like imperfections in sending or receiving device.
raphy is entangled states. It means quantum entanglement It indicates the quality of signal and success of packet deliv-
particle A and B must satisfy the following inequality: ery. In a quantum system, QBER is defined by the ratio of
the error rate to the key rate. QBER provides useful informa-
|ψ AB = |ψ A ⊗ |ψ B tion about Eavesdropper presence and how much information
eavesdropper knows.
Following are four maximally entangled states.
Privacy Amplification: In the quantum protocol, privacy
√ amplification is performed to reduce the amount of informa-
|ψ1 = 1/ 2(|0|0 + |1|1)
√ tion known to Eve by shrinking the key. Bennett et al. [17]
|ψ2 = 1/ 2(|0|0 − |1|1) introduced the concept of privacy amplification for amplify-
√
|ψ3 = 1/ 2(|0|1 + |1|0) ing the privacy between Alice and Bob.
√
|ψ4 = 1/ 2(|0|1 − |1|0)
3 Research Methodology
One Time Pad: Vernam [14] introduced the concept of one-
time pad or Vernam Cipher in 1918. Message and Secret Table 1 represents the review process, search criterion,
key are represented using a sequence of 0’s and 1’s using an databases, inclusion and exclusion criterion. Figure 2 depicts
encoding mechanism. the types of research papers considered in this survey paper.
Paper selection consists of following two phases:
• Encryption Process: It is carried out by XOR (modulo 2)
of the original message with secret key bit by bit. 1. Title and Abstract Level Screening: Initially, We had
Plain text(m): 11001101 selected papers from 1964 to 2020, and two essen-
Secret Key(k): 01100101 tial papers of 1927 and 1935 are considered. In this
Ciphertext(c): 10101000 c = m ⊕ k and ⊕ is XOR screening, we used the inclusion/exclusion criterion to
operation. publication title and abstract. To minimize the research
• Decryption Process: This is carried out by performing bias, both authors independently analyzed the search
XOR of the cipher text and the secret key. results and analyzed the results. Disagreements were
Ciphertext(c): 10101000 resolved through discussion. Figure 3 depicts the num-
Secret Key(k): 01100101 ber of research publications used from 1980 onward in
Plain text(m): 11001101 m = c ⊕ k this review paper.
123
Table 1 Review methodology, search criterion, databases, inclusion • Discrete Variable QKD Protocol: In discrete variable
and exclusion criterion QKD protocol, discrete refers to the spin of electron or
Property Category polarization of single photon. BB84, E91, SARG04, B92
are few examples of discrete variable QKD protocol.
Publication Journal articles
• Continuous Variable QKD Protocol: In continuous vari-
Conference, symposium and workshop Paper
able QKD protocol, Information is stored in the form
Web link of reputed companies (Toshiba,
QuantumCTek, ID Quantique)
of light. Protocol based on continuous variable offer
Patents, reports
advantage over discrete because coherent light with pho-
ton can easily producible using laser than single-photon
PhD/master thesis of reputed institute
[18]. Ralph [19] and Reid [20] independently introduced
Year 1964–2020
the concept of continuous-variable quantum key distri-
Evaluation Initial screening using title and abstract
bution. Ralph [19] examined two continuous variable
Criterion Followed by full-text
scheme based on coherent light and 2-mode squeezed
Search Quantum cryptography
light. Table 3 represents the classification of continuous-
strings Quantum protocol
variable quantum key distribution based on source state
Quantum key distribution and detection mechanism. In Table 3, squeeze state refers
Automated www.webofknowledge.com to the state with very low variance in one quadrature
search in
digital and very high in other quadrature. Coherent state refers
libraries to a state with no quadrature having very low variance.
https://aps.org Hillery [21] proposed a continuous analogue of BB84
https://ArXiv.org/ using squeezed states of light and Homodyne detec-
https://ieeexplore.ieee.org/Xplore/home.jsp tion mechanism. Garcia-Patron and Cerf [22] proposed
https://www.springer.com/ a continuous-variable QKD protocol based on squeezed
https://www.sciencedirect.com/ states and heterodyne detection for obtaining higher secu-
https://google.com/
rity key rate over the noisy line. Cerf and Grangier [23]
Classification Quantum key distribution,
surveyed various continuous-variable Quantum key dis-
of papers tribution protocol.
Quantum secure direct communication, Leverrier and Grangier [29] proposed two continu-
Semi-quantum key distribution, ous variable QKD protocols with discrete modulation
Secure multiparty communication, using two and four coherent states. They established
Device independent cryptography,
the security of these protocols against collective attacks.
Post quantum cryptography
Recently, Papanastasiou and Pirandola [30] designed
continuous-variable QKD protocol using discrete-alphabet
Inclusion Focus on the quantum protocols
encoding. They also studied the protocol against collec-
Exclusion Similar paper in ArXiv and later published in journal
tive Gaussian attacks.
Criterion Tutorials and short papers
Andersen et al. [31] discussed the integration of dis-
crete and continuous variable QKD in the applications of
quantum teleportation, entanglement distillation, error-
2. Full-Text Screening: In this phase, we had analyzed the correcting and testing Bell inequalities.
papers based on the full text. We applied the inclusion-
exclusion criterion specified in Table 1. If two or more
papers were contributed by the same authors and their 5 Quantum Attacks
significant contribution is same, we considered the most
relevant paper with a significant contribution. Eve’s attacks can be classified into individual, collective and
coherent attacks. The coherent attack is considered as the
most powerful among individual, collective and coherent
4 Discrete and Continuous Variable attacks. Table 4 indicates a summary of individual, collec-
Quantum Key Distribution Protocol tive and coherent attacks. More details on these classes can
be found in the PhD thesis of Snchez [32].
Quantum key distribution protocols are classified into Dis-
crete variable QKD and Continuous variable QKD protocol. • Individual Attack: Eve prepares each ancilla qubit inde-
Table 2 represents the major differences between discrete and pendently, interact with each qubit on quantum channel
continuous variable protocols. independently and measure independently. With the
123
Fig. 2 Graphical representation

for type of papers referred in the
review process
Fig. 3 Number of publications

from 1980 onward in the area of
quantum cryptography
123
Table 2 Discrete and

Type of Information Detection Example
continuous variable protocols
protocol prepared technique
Discrete variable Qubits Single photon BB84, SARG04

(Polarization of counter
single photon
or single
electron)
Continuous variable Continuous Homodyne Grosshans–
spectrum detection Grangier
quantum protocol
observable (
quadrature of
light)
Heterodyne Noise-tolerant
detection protocol
Table 3 Classification of
Author’s names Source state Detection technique Protocol
various continuous-variable
protocol [23] Cerf et al. [24] Squeezed state Homodyne detection Cerf–Levy–VanAssche
Grosshans and Grangier [25] Coherent state Homodyne detection Grosshans–Grangier
Grosshans et al. [26]
Lodewyck et al. [27] Coherent state Heterodyne detection No basis-switching
Weedbrook et al. [28]
Garcia-Patron and Cerf [22] Squeezed state Heterodyne detection Noise-tolerant
Table 4 Classes of attack in quantum cryptography

Type of Ancilla qubit Interaction with Measurement Quantum Powerful Example
attack prepared qubits on memory
individually channel
Individual ✗ Least Intercept-resend Faked-state [33]

Collective ✗ Moderate Symmetric collective attacks [34]
Coherent ✗ ✗ ✗ Strongest PNS attack [35–37]
technology available today, only Individual attacks are Photon Number Splitting Attack (PNS attack: Typically used
applicable. laser sources are coherent, and they emit more than one pho-
• Collective Attack: Eve prepares each ancilla qubit inde- ton in each signal. Alice usually encodes her qubits in one
pendently, interact with each qubit on quantum channel photon, two photons, three photons and so on with frequency
independently and measure jointly all ancilla qubits. The p1 , p2 , p3 , ... respectively. Eve (not limited by no-cloning
collective attack is a subclass of Coherent attack. theorem) keep few of the photons and store them in quantum
• Coherent Attack (Joint Attack): Eve prepares entangled memory whereas letting the other photons go to the Bob. Such
states of the ancilla qubits, interact with qubits on the an attack is known as photon-number splitting attack [35–
channel and then measure all ancilla qubits collectively. 37]. Eve waits till Alice reveals the bases publically to Bob
using a classical channel. Thereafter, Eve reveals the state
deterministically. In the PNS attack, Eve presence should
Makarov and Hjelme [33] discussed the concept of Faked
not be noticed as the photon rate received by Bob remains
states attack. Instead of creating the original state, Eve gen-
unmodified.
erates a light pulse, and the legitimate user (Alice or Bob)
Vakhitov et al. [39] introduced the concept of a large pulse
will not be able to notice the eavesdropper. Faked states is a
attack. It is based on the conventional optical eavesdrop-
kind of intercept and resend attack.
ping, and it eliminates the need for immediate interaction.
Pirandola [34] proposed the symmetric collective attacks by
Dehmani et al. [40] studied the effect of cloning attacks with
extending individual symmetric attacks of Gisin et al. [5] and
several eavesdroppers on the quantum error and mutual infor-
Fuchs et al. [38] for BB84 and six-state protocols.
123
mation between honest parties. Gisin et al. [41] analyzed the messages. In BB84, information is encoded in orthogonal
effect of Trojan horse attack on quantum key distribution. quantum states. BB84 protocol can be classified as prepare
They found that all system must have counter-measure and and measure protocol. In prepare and measure protocol, one
auxiliary detector monitors the incoming light. Kronberg and party (say Alice) prepare a quantum state and send the pre-
Molotkov [42] analyzed the concept of an optimal attack on pared quantum state to another party (say Bob), who will
BB84 protocol based on linear fiber optical elements and measure it. Both party then compare measurement and prepa-
controlled-NOT. Gisin et al. [41], Jain et al. [43] and Fei et ration bases and after post-processing comes up with a shared
al. [44] carried out their work on Trojan-horse and Man-in- secret key (Fig. 6).
the-middle attack, respectively. In BB84, Alice prepare a random qubit for sending to Bob
Side Channel attacks refer to the imperfections caused by in Circular (C) basis {|+, |−} with direction 45 and 135
experimental set up rather than information gained by a pro- degrees respectively or Rectilinear (R) {|0, |1} with direc-
tocol implementation. Lamas-Linares and Kurtsiefer [45] tion 0 and 90 degree respectively. It is a 4-state (vertical,
experimentally demonstrated the timing-side channel attack. horizontal, right-circular, left-circular) QKD protocol.
In timing side-channel attack, timing information disclosed Rectilinear (R) Basis:
by Communicating parties (Alice and Bob) during the public
discussion is used by Eve to access the significant part of the
1
secret key. Qi et al. [46] introduced the time-shift attack in | → = |0 =
0
which Eve shift the arrival time of signal pulse or synchro-
0
nization pulses or both between Alice and Bob. | ↑ = |1 =
Sun et al. [47] used a quantum hacking strategy by tampering 1
the source without leaving the trace behind. Various quantum
attacks can be classified into attack at source (Photon num- Circular (C) Basis:
ber splitting attack [35–37], Phase remapping attack [48,49],
Laser Seeding (Sun et al. [47] etc.) and attack at detection
√ 1 √
(Timing-side channel attack [45], Faked state attack [33], | = 1/ 2 = 1/ 2(| → + | ↑)
1
Time-shift attack [46,50] and Polarization shift [51]).
√ −1 √
In recent years, Various researchers studied the eavesdropper | = 1/ 2 = 1/ 2(−| → + | ↑)
strategy in quantum cryptography [52,53]. Jain et al. [54] 1
carried out a study on various attacks and their protection in
quantum key distribution protocol. BB84 is divided into quantum transmission phase (step 1 to
step 4) and classical communication phase (step 5 and step
6).
6 Quantum Key Distribution Protocol
Quantum Key Distribution (QKD) utilize the concept of Algorithm 1 BB84 protocol [55]
quantum mechanics for sharing the secret keys from one party 1: Alice chooses n-random bit by flipping coin.
(Alice) to another (Bob). It can not prevent eavesdropper 2: Alice again flip coin n-times for determining the basis used for each
corresponding random bit.
while enabling the legitimate user to detect the eavesdropper 3: Alice prepares the random bits in their corresponding basis and sends
and throw away the key if eavesdropper detected and new to Bob.
key generation takes place. QKD protocols are based on the 4: Bob does not know the basis corresponding to each random bit.
concept of the no-cloning theorem, Heisenberg uncertainty He tosses the coin n-times. He measures the received qubit in the
obtained random basis after tossing the coin. Bob announces the
principle and entanglement property. QKD usage, both clas- receipt of states.
sical and quantum channel. Figure 4 represents the significant 5: Alice and Bob publicly compare their bases using an authentic clas-
developments in quantum cryptography and Fig. 5 represents sical channel. Alice informs the Bob regarding bases agreement and
the significant developments in Quantum Key Distribution disagreement. If they disagree on a particular basis, they drop the
corresponding bit. Now Bob will get only n/2 random bits and n/2
Protocols. random bits are scratch out.
6: Bob randomly choose half of the remaining n/2 random bits
6.1 BB84 Protocol obtained from Step 5 and compare with Alice publicly. If both dis-
agree above a permitted allowed errors (due to noise), then they drop
the complete sequence of random bits and it indicate that Eve was
In 1984, Bennett and Brassard [55,56] developed a first quan- listening. If these n/4 random bits are almost similar (i.e. within
tum key distribution protocol named as BB84 based on the permitted allowed error due to noise) means Eve was not listening.
concept of quantum coding proposed by Wiesner’s [4]. They In this case, remaining n/4 will be used as a random key between
presented a protocol for coin tossing by exchanging quantum Alice and Bob.
123
Fig. 4 Significant development in quantum cryptography
Fig. 5 Significant development

in quantum key distribution
protocols
For a particular bit, if Alice and Bob both measure on the then Alice needs to start with 4n quantum bits as 2n ran-
same basis, they will get the same result for that particular dom bit available after step 4 and only n quantum bit key is
bit. If Alice send a particular bit in a Circular Basis and Bob generated after step 6. If the transmission has not disturbed,
measure it in Rectilinear Basis, then there is 50-50% chance then the shared key obtained after step 6 is used in the same
of getting | →> or | ↑>. Similarly, If Alice send a particular way as one-time pad used in a classical cryptosystem. Table 5
bit in Rectilinear Basis and Bob measure it in Circular Basis, illustrates an example of a shared secret key generated using
then there is 50–50% chance of getting > or >. the BB84 protocol.
In BB84, Alice communicate the basis in which she prepared Step 6 of BB84 can be carried out by various techniques
her qubits on a classical authenticate channel to Bob. If the such as parity checking [57]. In step 6.1, Alice selects some
same basis used by Bob, then their result matches otherwise random bits with odd parity, and Bob at the other end, picks
they discard the qubit. This process is called basis reconcil- the same set of random bits and their parity are compared. In
iation or Sifting. If Alice and Bob want to share n bit key, step 6.2, Alice select some random bits will even parity, and
123
Fig. 6 Communication between Alice and Bob using classical and quantum channel
Table 5 Example of quantum

Bit no. 1 2 3 4 5 6 7 8 ...
secret key sharing in BB84
protocol [56] Alice’s random bit 1 1 0 0 0 1 0 1 ...
Alice’s random Basis R C R C R R R C ...
Alice’s qubit | ↑> | > |→> | > |→> |↑> |→> | > ...
Bob’s random basis R R R C R R C C ...
Bob’s observed qubit | ↑> | ↑> | →> | > | →> | ↑> | > | > ...
Basis matching OK OK OK OK OK OK ...
Presumably shared key 1 0 0 0 1 1 ...
Alice–Bob security test 0 0 1 ...
Final secret key 1 0 1 ...
Bob check the same at the other end. If Alice and Bob agree berg and Vaidman protocol support similar features as BB84
for odd and even parity, there is very less chance of having protocol. Further, Goldenberg and Vaidman [64] reclaimed
eavesdropper. the novelty of their protocol and pointed out that they had
Unconditional security (Secure irrespective of the computa- used carrier of information in a quantum state and the quan-
tional power used by Eve) of BB84 protocol has been proved tum state belongs to a definite set of orthonormal states.
by various researchers [58–60]. Scarani and Kurtsiefer [61] Dan et al. [65] proposed an intercept/resend attack on BB84
pointed out the real implementation problems of QKD on based on Breidbart basis. Using their proposed attacking
25th anniversary of BB84 protocol and suggested two options strategy, the probability of Eve detection will decrease.
(device-independent security and reasonable security of a Although Eve can not be able to obtain the exact informa-
device). Their idea later give rise to the concept of device- tion. Wang et al. [66] analyzed the man-in-the-middle attack
independent cryptography. BB84 is completely robust if on the BB84 protocol and suggested the defence mechanism
Alice and Bob both usage qubit. If one party (say Alice) against it. An et al. [67] suggested solution for Beam Splitter
unknowingly transmit two or more copies of the qubit, then attack in BB84 protocol. Garcia-Patron et al. [68] proposed
BB84 is partially robust. single-photon two-qubit quantum logic for simulating the
Goldenberg and Vaidman [62] proposed GV protocol based optimal individual attack on BB84 protocol without quan-
on the orthogonal states. They claimed that their approach tum memory.
ensures the detection of eavesdroppers. Peres [63] com- Boyer et al. [69] proposed a protocol BB84-INFO-z (Iden-
mented on Goldenberg and Vaidman protocol that Golden- tical to BB84, except information bits are in z-basis) and
123
found that the modification in BB84 does not harm its secu- the double-blinding attack (On each side) on entangled proto-
rity against collective attacks. Fung et al. [48] introduced the cols. The double-blinding attack is not a kind of intercept and
phase-remapping attack in QKD protocol. Eve introduces resend attack. Eve is blocking entangled source completely
phase-remapping by time-shift on the signal pulses. They and replacing it with pairs of bright pulses. In BBM92, Eve
showed that if Alice and Bob are unaware of the attack, then gets full information of the key and remain undetected.
the final secret key will be compromised in some situations. Major advantage of BBM92 protocol is that Alice and Bob
Jiang et al. [70] introduced the frequency shift attack using will detect any malicious control by Eavesdropper to the
the imperfection used in phase-remapping attack [48]. Using source. In BBM92, we do not require a trusted central source
frequency shift attack, Eve gets more information as com- for generating entangled photon.
pared to phase-remapping attack. Fuchs et al. [38] presented
optimal eavesdropping strategy for four state BB84 protocol. 6.3 B92 Protocol
6.2 BBM92 Protocol Usage of two different bases in BB84 protocol is redundant.
In 1992, Bennett proposed a new protocol named B92 using
Bennett, Brassard and Mermin [71] proposed entanglement one non-orthogonal basis(→, ). In B92, Alice used only
version of BB84 named BBM92 without the usage of Bell’s one non-orthogonal basis. In B92 protocol [74], Alice only
theorem. In BBM92, Alice and Bob both take photons gen- sends information using the following two non-orthogonal
erated from a central source, and Alice is not supposed to states.
generate a photon. If Alice and Bob usage the same mea-
1
surement basis, then their results are perfectly correlated. If | → = |0 =
0
Alice and Bob choose a different basis (Alice choose C-basis
and Bob choose R-basis or vice-versa), then their results will √ √ 1
| = 1/ 2(| ↑ + | →) = 1/ 2
not be correlated. 1
BBM92 is again divided into quantum transmission phase
(Step 1- Step 3) and classical communication phase (Step Alice represents random bit 0 and 1 by → and respectively.
4-Step 5). Classical communication phase of BBM92 and
BB84 protocols are the same. Algorithm 3 B92 protocol [74]
1: Alice chooses n-random bit by flipping coin. She sends | →> for
random bit 0 and | > for random bit 1.
Algorithm 2 BBM92 protocol [71] 2: Bob measure received qubit in Rectilinear (R) or Circular (C) basis.
1: Alice and Bob receive their entangled photon from a central source. Bob certain cases occur when he observes | ↑> and | >. Bob
2: Alice chooses n-random bases (either R or C basis) corresponding uncertain cases occur when he observes → and .Table 7 and 8
to each random bit. show the certain and uncertain cases in B92 protocol. If Bob observes
3: Bob also chooses n-random bases (either R or C basis) corresponding | ↑> in Rectilinear basis, then the bit is 1. If Bob observes in
to each random bit. Circular basis, then the bit is 0.
4: Alice and Bob publicly compare their bases using an authentic clas- 3: Bob publicly informs Alice regarding uncertain bits and share half of
sical channel. Alice and Bob carry out basis reconciliation. They the certain bits to ensure security. The remaining half of the certain
keep the same basis qubit and discard the mismatch basis qubit. bit can be used as a secret key.
5: Alice and Bob compare a random subset of qubits (nearly half of
the qubits) to check the performance of the quantum channel. If they
agree to a large extent, then a remaining subset of agreed keys are Table 9 illustrates one example of a shared secret key gener-
used as the final secret key. If the error rate is less than a permitted
ated using the B92 protocol.
errors (let say 10%), then classical post-processing is done for cor-
recting the remaining bits. If the error rate is higher, then they drop Tamaki et al. [76,77] proved the security of B92 using
the corresponding qubits and procedure is repeated. a single-photon source. Koashi [78] proposed the imple-
mentation of B92 using strong phase-reference coherent
light. Kuppam [79] analysed and compared the performance
Table 6 illustrates example of shared secret key generated of BB84 and B92 protocol in PRISM. He observed that
using BBM92 protocol √ with two bases and maximally entan- the B92 protocol performs better in term of eavesdropper
gled state |ψ1 = 1/ 2(|00 + |11) . detection as compared to BB84. The number of accurate
Waks et al. [72] presented the security proof for BBM92 measurement by eavesdropper is less in B92 as compared
protocol using realistic and un-trustable source against indi- to BB84. Phoenix et al. [80] proposed a three mutually non-
vidual attacks. They found that average collision probability orthogonal state protocol to overcome suppression attack in
of BBM92 and BB84 is same, whereas, BBM92 perform B92 protocol. Senekane et al. [81] demonstrated an optical
better in terms of communication rate (a function of dis- implementation of the six-state QKD protocol using three
tance) as compared to BB84. Adenier et al. [73] proposed non-orthogonal states. They added the additional features of
123
Table 6 Example of secret key

Bit no. 1 2 3 4 5 6 7 8 9 10 11 12 ...
sharing using BBM92 protocol
[57] Alice’s bases C R C C R C C R C R R R ...
Bob’s bases C R C R C R C R R R R R ...
Alice’s observation 1 0 1 0 1 1 0 0 0 1 0 1 ...
Bob’s observation 1 0 1 1 0 0 0 0 1 1 0 1 ...
Bases comparison OK OK OK OK OK OK OK OK ...
Agreed key 1 0 1 0 0 1 0 1 ...
Security test 1 0 0 1 ...
Final secret key 0 1 1 0 ...
Table 7 Certain cases for B92 protocol [75]

Bob basis Bob observe Alice sent Bit Certainty reason
R | ↑> | > 1 If Alice sent | →> then Bob receive | →> in R basis
C | > | →> 0 If Alice sent | > then Bob receive in C basis
Table 8 Uncertain cases for

Bob basis Bob observe Uncertainty reason Bit
B92 protocol [75]
R | →> Alice may sent | →> or | > collapse into | →> 0|1
C | > Alice may sent | > or | →> collapse into | > 0|1
another detection set in [80] to improve security and eaves- Using |ψ3 | as entangled pair, Alice’s and Bob’s results
dropper detection probability. are perfectly anti-correlated when measured in the same
basis(i.e. they receive inverted bits). Using |ψ3 | following
compatible cases can occur:
6.4 E91 Protocol
Ekert [82] proposed an entanglement based protocol E91. 1. If Alice/Bob measure spin up, then Bob/Alice collapse
He used the generalized Bell’s theorem for testing of into a spin down.
eavesdropping. His approach used Bohm’s version of the 2. If Alice/Bob measure spin down, then Bob/Alice collapse
Einstein–Podolsky–Rosen (EPR) for generating identical into spin up.
random numbers at remote places. A sequence of entangled
pairs of qubits from central sources and each one of our com- Using |ψ3 as entangled pair, following Incompatible cases
municators (Alice and Bob) received one of the pairs. In can occur:
entangled pair, it does not matter whether Alice or Bob mea-
sure it first. If Alice/Bob measures the first pair, then Bob/ 1. If Alice/Bob measure spin up, then Bob/Alice collapse
Alice will collapse respectively. into spin down or spin up.
Consider Alice and Bob are in maximally entangled using 2. If Alice/Bob measure spin down, then Bob/Alice collapse
|ψ1 . into spin up or spin down.
√
|ψ1 = |E P R = 1/ 2(|00 + |11) In E91 protocol, Alice’s and Bob’s results are perfectly
correlated or anti-correlated, which help in identifying the
Eavesdropper. Entangled pair become disentangled due to
Using |ψ1 | as entangled pair, Alice’s and Bob’s results are
noise in the environment. Therefore we need to compare the
perfectly correlated when measured in the same basis (i.e.
matching of bases as in BB84 protocol.
they receive exactly same bits).
In original E91 protocol [82], Ekert had considered three
Consider Alice and Bob are in maximally entangled using
bases for Alice (0◦ , 45◦ and 90◦ ) and Bob (45◦ , 90◦ and 135◦
|ψ3 .
). There are 1/3 chances that Alice and Bob measure in com-
√ patible bases (E91 original protocol consider three bases).
|ψ3 = |E P R = 1/ 2(|10 + |01) Alice and Bob publicly announce their bases and discard
123

Bit no. 1 2 3 4 5 6 7 8 ...
in B92 protocol
Alice’s bit 1 1 0 1 1 0 1 0 ...
Alice’s qubit | > | > | →> | > | > | →> | > | →> ...
Bob’s random basis R C C C R C C R ...
Bob’s bit’s 1 0|1 0 0| 1 1 0 0| 1 0| 1 ...
Certain bit 1 0 1 0 ...
Security test 1 0 ...
Final secret key 0 1 ...
incompatible bases. In original E91 protocol, to produce a the implementation of E91 protocol by violating the Bell
key size of N , we need to 6N original key size as there is inequality to derive a secure key. Acin et al. [89] simplified
33% chances that bases are compatible and half of the key the E91 protocol by taking three bases on one side and two
is used to check the eavesdropper. bases on the other side. Honjo et al. [90] carried out an entan-
glement based QKD experiment over 100 KM of optical fiber
Algorithm 4 E91 protocol using superconducting single-photon detectors.
1: Alice and Bob receive their entangled photon from a central source
Fujiwara et al. [91] demonstrated the experimental realisation
using any one of four maximal entangled states(|ψ1√ to |ψ4 ). Con- of Acin et al. protocol [89] through 20 KM fiber using hybrid
sider source generate EPR pair |ψ3 = |E P R = 1/ 2(|10+|01) entanglement photon pair source. Li et al. [92] proposed a
2: Alice chooses one of the bases from 0, 45 and 90 degree to measure model of noise analysis in E91 protocol. They observed that
her received particle from entangled pair [57].
3: Bob chooses one of the bases from 45, 90 or 135 degree to measure
Eve could get 50% of the secret key if the noise level reaches
his received particle from entangled pair [57]. 0.5. Sharma and Lenka [93] applied the concept of E91 pro-
4: Alice and Bob publicly compare their basis using an authentic clas- tocol in an online banking system for user authentications.
sical channel. For the same bases measurement, Alice and Bob’s
results are perfectly anti-correlated for |ψ3 entangled state. Inver-
sion or 1’s complement of Bob’s string is equal to Alice’s string.
Alice and Bob carry out the post-processing, which involves any
6.5 Six-State Protocol
error detection and correction phase.
5: For different Bases, Alice and Bob announce their result publicly for Bruß [94] generalized the BB84 protocol and designed six-
checking the performance of the channel using the Bell test. This test state protocol using three conjugate bases. These six states
is used to ensure whether there is a potential eavesdropper present
are pointing towards positive and negative of x-axis, y-axis
or not.
and z-axis of the Bloch sphere. Bruß [94] further proved
that six-state protocol are more secure than BB84 protocol.
In 1964, John Stewart Bell [83] presented an analogy to Implementation of the six-state protocol can be carried out
Einstein Podolsky Rosen (EPR) paradox based on the spin using only optical technologies, without a quantum com-
measurement on pair of entangled photons. He presented a puter.
model of reality with hidden variables that allow entangle- Three bases in six-state protocol are:
ment. For classical particle, Bell’s inequality will be satisfied Along z-axis of Bloch Sphere: |0, √|1 √
with the measurement of particles. For entangled photons, Along x-axis of Bloch Sphere: 1/ 2(|0 + |1), 1/ 2(|0 −
the measurement will violate Bell’s inequality, and it repre- |1) √ √
sents the quantum behaviour of a system. Hensen et al. [84] Along y-axis of Bloch Sphere: 1/ 2(|0+i|1), 1/ 2(|0−
carried out an experiment and analyzed Loophole-free Bell i|1)
test using electron spins in diamond at the Delft University Alice selects the basis with equal probability of 1/3 and sends
of Technology. Ilic [85] described various concepts of error qubits to Bob. Increase in the number of inputs by Alice,
correction, privacy amplification and violation of Bell’s the- make it difficult to learn the message to eavesdropper Eve.
orem in E91 protocol. Li et al. [86] analysed the security of After Bob receives all qubits, Alice announces the basis used
E91 protocol and proposed a model for noise analysis. Their using a classical channel. Bob measure Alice’s basis and their
result shows that Eavesdropper can maximally get 50% of value are used as the key. Eavesdropper Eve can measure the
the key if the noise level is approximately 0.5. qubit sent by Alice by choosing random basis (1/3 for correct
Inamori et al. [87] proposed a symmetric incoherent eaves- bases and 2/3 for incorrect bases) and resend new qubits to
dropping strategy in E91 protocol. If Eve controls the Bob. Eve guesses the right bases with 1/3 probability and
preparation of entangled photon, the effectiveness of E91 incorrect basis with 2/3 probability. Therefore, Bob receives
protocol reduces to BB84 protocol. Ling et al. [88] reported the right qubits with probability 2/3 and incorrect qubits with
123

Bit no. 1 2 3 4 5 6 7 8 9 ...
in E91 protocol [57]
Alice’s base 45 45 0 90 45 0 90 90 90 ...
Bob’s bases 90 45 135 90 45 135 45 90 135 ...
Alice’s observation 0 0 0 1 1 1 1 0 1 ...
Bob’s observation 1 1 0 0 0 0 0 1 1 ...
Bases comparison OK OK OK OK ...
Same bases result 0|1 1|0 1|0 ...
Agreed key 0 1 1 0 ...
Different bases result 0|1 0|0 1|0 1|0 1|1 ...
1/3 probability [94]. practical implementation and security In SARG04 protocol, Alice never announces her basis to
proof of six-state protocol is difficult as compared to BB84. Bob. In classical sifting procedure, Alice does not reveal
her basis. For binary values of ai and bi gives us four dif-
Disadvantage of Six-State Protocol: In the six-state protocol, ferent qubit states (|ψ00 , |ψ10 , |ψ01 , |ψ11 ) as shown in
Bob has a quantum memory, and he performs all its measure- Table 12. It is evident from the 4th and 5th column of Table 11
ment after Alice reveals the Basis. In contrast, in BB84 Bob that ai is encoded in Computational or Hadamard basis is
initial measure his qubit in a random basis and then Alice decided by bi . As Bob announces the receipt of qubits, Alice
send him the basis in which she prepared the qubits and mis- will not share the basis in which these qubits are prepared.
match basis are discarded. Corresponding to each qubit, Alice prepare two states (one
Lo [95] proved the unconditional security of the six-state pro- in computational basis and other in Hadamard basis) and
tocol. Lo demonstrated the bit error rate of 12.7%, which is announces both to Bob. For example, Alice transmit |ψ11
an improvement over BB84 (11%) by allowing one-way clas- and she announces |ψ11 and |ψ10 in Hadamard and com-
sical communication. Kato and Tamaki [96] established the putational basis respectively. Bob Hadamard measurement
security proof of six-state protocol by using a photon number will result in |ψ11 , whereas computational measurement
resolving detector. They found that the bit error rate thresh- will result in |ψ00 and and |ψ10 with equal probability
old for six-state protocol is higher than the BB84 protocol. 1/2. If Bob observes |ψ00 state, he can determine the state
Garapo et al. [97] investigated the effect of collective-rotation |ψ11 sent by Alice. Further, Scarani et al. [100] proved that
noise on the six-state protocol. They observed that the six- the SARG04 is more robust than BB84 against PNS attack.
state protocol is robust against intercept-resend attacks on Table 11 represent various combinations of Alice announces
collective noise while keeping the rotation angle within cer- and detection of a qubit by Bob (other cases like Alice trans-
tain bounds. Bechmann-Pasquinucci and Gisin [98] found mit |ψ00 and |ψ11 for Alice qubit |ψ00 will occur in the
that coherent eavesdropping will not increase Eve’s Shan- same way).
non information but increase the probability of guessing all Branciard et al. [102] designed the entangled version of
correct bits. SARG04 and proved that for a wider class of Eve’s attacks,
Recently, Azuma and Ban [99] investigated the six-state pro- SARG04 perform better than BB84 in terms of secret key rate
tocol against intercept/resend and collective attacks. They and maximal achievable distance. Further, they also showed
showed that intercept/resend attack can be described by hid- that the quantum bit error rate (QBER) of SARG04 is twice
den variable models, whereas, the hidden-variable model can the QBER of BB84 if a channel of given visibility is avail-
not describe collective attacks if the disturbance is smaller able. Koashi [103] generalized the SARG04 protocol to n
than 1/3. quantum state protocol. Fung et al. [104] compared the per-
formance of SARG04 with decoy-state and SARG04 with
two-way classical communication with BB84. They showed
6.6 SARG04 Protocol that SARG04 with two-way communications could tolerate
a higher bit error rate than SARG04 with one-way commu-
Scarani et al. [100] designed SARG04 protocol, which is nications.
robust against PNS attack with weak pulses. SARG04 uses
two non-orthogonal quantum states similar to B92 protocol.
BB84 and SARG04 protocols have the same transmission 6.7 T12 Protocol
phase and the measurement phase. SARG04 usages a dif-
ferent post-processing phase as compared to BB84 protocol. Lucamarini et al. [105] introduced the concept of T12 proto-
SARG04 is more secure even Alice emits two photons. col with the same features as BB84 except that decay qubits
123
Table 11 SARG04 Alice

State ai bi ai is encode in computational basis ai is encode in Hadamard basis
transmission states in
computational and Hadamard |ψ00 0 0
basis [101]
|ψ10 1 0
|ψ01 0 1
|ψ11 1 1
Table 12 Different combination of revealing the exact state by Bob in the SARG04 protocol [101,102]
Alice transmit Alice announces Bob observation 1 Bob observation 2 Bob observation 3 Bob final decision
p=1 p = 1/2 p = 1/2
|ψ00 > |ψ00 > |ψ00 > |ψ00 >

|ψ01 > |ψ01 >
|ψ11 >
|ψ01 > |ψ01 > |ψ01 > |ψ01 >
|ψ10 > |ψ10 >
|ψ00 >
|ψ10 > |ψ10 > |ψ10 > |ψ10 >
|ψ01 > |ψ01 >
|ψ11 >
|ψ11 > |ψ11 > |ψ11 > |ψ11 >
|ψ10 > |ψ10 >
|ψ00 >
are used, and different probabilities are assigned to C and pulses of photons is used to carry bit information from Alice
R basis. Decoy state protocol uses imperfect single-photon to Bob. Deng and Long [110] proposed a two-way QKD pro-
sources such as weak coherent state source. They observed tocol using faint laser pulses and without the involvement of
increased efficiency with a higher key rate in a gigahertz basis reconciliation. In Deng and Long protocol, first Bob
clocked QKD system. Bases are selected using asymmetric sends laser pulses to Alice, and Alice encodes it using uni-
probability using PZ ≥ 1/2 and PX = 1 − PZ . tary operations and returns laser pulses to Bob.
Lucamarini et al. [105] found that the optimal probability Stucki et al. [111] designed a Coherent one-way (COW)
value (PX ≤ 1/16) should be used to achieve higher possible quantum key distribution protocol to work with weak coher-
key rate. Toshiba’s QKD [106] (TQKD) system delivered ent pulses and high bit rate. In COW protocol, emitter Alice
digital keys over fiber optic using the concept of T12 protocol. encodes information in time. Alice information contains 0-
TQKD provide the digital key over a distance of 50 KM with pulses, no-light or μ−pulses in time slot separated by T.
a bit rate one megabit per sec; otherwise, it also facilitates Pan et al. [112] QKD protocol using twelve nonorthogonal
more than 100 Kms. states in a four-state system. Khan et al. [113] proposed KMB
protocol that allows more noise without adding intermediate
6.8 Other QKD Protocols nodes by using two mutually unbiased bases. Any attempt by
eavesdropper significantly increases the higher-dimensional
Table 13 represents a comparative summary of few QKD pro- photon state. In QKD protocols like BB84, a single particle
tocols. Bennett and Wiesner [107] found that Bob performs is transmitted over the quantum channel to share the secret
one of the four unitary operations on the EPR pairs prepared key. Noh [114] had introduced the concept of counterfactual
by Alice. By measuring two particles jointly, Alice can find quantum cryptography. Noh’s protocol is more secure with-
the operation performed by Bob. Bechmann-Pasquinucci and out the transmission of a particle on the quantum channel.
Peres [108] proposed a QKD protocol using a 3-state system Gao et al. [115], Wei et al. [116] and Gao et al. [117] carried
for carrying the information. They showed that the 3-state out work on the quantum private queries.
system provides better security than 2-state carriers. Inoue et
al. [109] proposed differential phase shift QKD where a sin-
gle photon is prepared in a superposition state of three basis
kets. The phase difference between two pulses out of three
123
Table 13 Comparative summary of few QKD protocols. Here O, N and C denote orthogonal, non-orthogonal and conjugate bases
Protocol name Reference Year Prepare and Basis No. of basis/no. of Discrete/ Entanglement Basis
measure bases states continuous reconciliation
BB84 [55,56] 1984 O 2, 4 D ✗

BBM92 [71] 1992 ✗ O 2, 4 D
B92 [74] 1992 N 1, 2 D ✗ ✗
E91 [82] 1991 ✗ N 3, 5 D
Six-state [94] 1998 C 3, 6 D ✗
SARG04 [100] 2004 O 2, 4 D ✗ ✗
7 Quantum Secure Direct Communication In message mode, if Alice wants to send 0, she per-
(QSDC) forms an identity operation I = |00| + |11| on
travel photon.
Cryptographic protocols like BB84 are non-deterministic and If Alice wants to send 1, she performs σz = |00| −
used to establish a shared secret key. Alice encodes a bit √ on travel qubit which result into |ψ4 =
|11|
in a quantum state and sends it to Bob, but Alice can not 1/ 2(|0|1 − |1|0).
able to determine the value decoded by Bob. Beige et al. Alice send the travel qubit back to Bob.
[118] introduced the concept of direct secure communica- Bob perform Bell measurement which results in |ψ3
tion. There is no need for establishing a shared secret key in or |ψ4 . Based on the result he can infer the encoded
the direct secure communication. In direct secure commu- qubit is 0 or 1.
nication, each photon transmits one bit of Alice’s message
• Alice choose control mode:
without revealing any information to an eavesdropper. The
protocol proposed by Beige et al. [118] is deterministic. Alice perform measurement in z-basis.
Alice represent + and − by |n + and |n − respectively, where Alice inform her result to Bob using Public channel.
n represent next cipher of Alice key. Alice announces her key Bob switches to control mode and perform measure-
publicly after verifying that no eavesdropper was listening. ment in the same basis.
Hong-Mei [119] proposed a QSDC protocol based on cluster Presence of Eavesdropper is detected if their result
entangled state. Figure 7 depicts significant development in coincide. If their result are anti-correlated then no
Quantum Secure Direct Communication. eavesdropper is presented.
This protocol is called ping-pong as the travelling photon

7.1 Bostrom and Felbinger’s Ping-Pong Protocol
travels from Bob to Alice and back to Bob. In Ping-Pong
protocol, no bit is discarded. Incase Eve has complete access
Bostrom and Felbinger [120] proposed the concept of direct
of the information in each attack; the detection probability
communication using the concept of entanglement. They
is higher in Ping-Pong Protocol (1/2) as compared to BB84
proposed a deterministic ping-pong protocol. In ping-pong
Protocol (1/4).
protocol, the transmission is instantaneous (no additional
Various researchers [121–124] challenged the security of
information is needed to decode the message), and no qubits
Ping-Pong protocol by channel loss. Deng et al. [125] iden-
are discarded. It can be used for plain-text or secret key
tified an attack in the Ping-Pong protocol proposed by [120]
transmission. For secret key transmission protocol is asymp-
in a noise channel. Eavesdropper intercepts the photon and
totically secure, whereas in plain-text transmission it is
replaces it by a multi-photon signal in the same state for gen-
quasi-secure.
erating the fake signal for one photon. They also proposed
Following steps are used in Bostrom and Felbinger ping-pong
an improvement in the Ping-Pong protocol. Lucamarini and
protocol [120]:
Mancini [126] proposed a secure direct communication pro-
tocol LM05, which combines the advantages of BB84 and
√ prepare two photons in an entangled state |ψ3 =
• Bob Ping-Pong protocol.
1/ 2(|0|1 + |1|0). Han et al. [127] proposed a simple and experimental feasible
• Bob keeps one photon (Home qubit) and send other pho- modification to the original Ping-Pong protocol and proved
ton (travel qubit) to Alice through quantum channel. its security in the noisy and lossy channel. In their proposed
• Alice choose control or message mode. protocol, Alice prepares n-pairs of maximally entangled state
• Alice choose message mode: and send half of the qubits to Bob. In message mode, Bob per-
123
Fig. 7 Significant development in quantum secure direct communication
form one of following four unitary operations (I0 , I1 , Y0 , Y1 ) tion from the other two parties. Using their protocol Bob
to incoming states [127]: and Charlie can communicate to Alice. She receives one bit
of information from Bob and two bits of information from
I0 {|v, |0, |1} = {|v, |0, |1}, Charlie simultaneously through a different quantum channel.
I1 {|v, |0, |1} = {|v, −|0, −|1}, Following steps are used in Chamoli and Bhandari’s ping-
pong protocol [128]:
Y0 {|v, |0, |1} = {|v, |0, −|1},
Y1 {|v, |0, |1} = {|v, −|0, |1},
• Alice prepares initial state of three photons in one of the
eight GHZ states.
The existence of vacuum state make (I0 , I1 , Y0 , Y1 ) non- √
unitary. All four operations are having equal probability |1 = 1/ 2(|000 ABC ± |111 ABC )
√
(1/4). Bob uses I0 , I1 to encode 0 and Y0 , Y1 to encode 1 for |2 = 1/ 2(|100 ABC ± |011 ABC )
sending to Alice. The introduction of vacuum states intro- √
|3 = 1/ 2(|010 ABC ± |101 ABC )
duces phase randomization in Eve system. √
|4 = 1/ 2(|110 ABC ± |001 ABC )
7.2 Ping-Pong Protocol with GHZ state
Lets us consider
√ initial GHZ state with three photons is
Chamoli and Bhandari [128] modified the Bostrom and Fel- |5 = 1/ 2(|010 ABC + |101 ABC )
binger [120]’s Ping-pong protocol using three-particle GHZ • Alice keeps one photon and sends one photon to Bob
states and the receiver can simultaneously receive informa- and another one to Charlie through different quantum
123
Table 14 Encoded information of Bob and Charlie in Ping-Pong using 7.3 QSDC with Quantum Memory
GHZ state [128]
Communicator name Encoded information Operation on qubit To transmit a message effectively, QSDC needs to be com-
bined with quantum memory. Zhang et al. [134] introduced
Bob 0 I = |00| + |11|
the concept of quantum memory in Quantum Secure Direct
Bob 1 iσ y = |01| − |10|
Communication and demonstrated its application in long-
Charlie 00 I = |00| + |11|
distance quantum communication. They used the polariza-
Charlie 01 σx = |01| + |10| tion degree of freedom of photons as an information carrier
Charlie 10 iσ y = |01| − |10| and obtained 90% fidelity in the entanglement decoding.
Charlie 11 σz = |00| − |11|
7.4 QSDC with Authentication
channel without declaring the order of photons to Bob QSDC provides direct transmission of a message without
and Charlie. establishing a key, which leads to higher security. Thus there
• Bob and Charlie mutually decide whether they will pro- is a need to certify the user’s identity to prevent Eavesdrop-
ceed in control or message mode, and inform the same per. Lee et al. [135] proposed the first QSDC protocol for
to Alice. authentication. Min-Jie and Wei [136] proposed two proto-
• In control mode (Similar as in the original ping-pong pro- cols by combining the idea of user authentication and direct
tocol), Bob and Charlie perform measurement in z-basis communication with dense coding.
and inform their results to Alice through a public chan- Dan et al. [137] proposed a protocol for realizing identity
nel. authentication based on polarized photons and EPR pairs
Alice performs a measurement in z-basis, and if she (Four Bell states). They used EPR pairs for transmitting infor-
obtains result as expected, it means no eavesdropper is mation, whereas polarized photons are used for detecting
presented. the Eavesdropper and transmitting the identity authentica-
• Bob and Charlie can encode the information by perform- tion information. Security is guaranteed by shared identity
ing operation, as shown in Table 14. Both Bob and Charlie number, which is encoded in the form of polarized photons.
send their qubit to Alice. They proposed the following steps for comparing the identity
• Alice measures the GHZ state and receives one of the numbers [137]:
eight GHZ states. By observing the measured GHZ state,
Alice can able to determine the Bob and Charlie encoded • Alice and Bob have an identity number A I D and B I D
information deterministically. respectively.
• Bob prepares a sequence of entangled photons randomly
The main advantage of Chamoli and Bhandari protocol [128] in Bell states. Bob prepare polarized photons in Recti-
over Bostrom and Felbinger’s Ping-Pong Protocol [120] is linear or Circular basis (Similar as in BB84). He further
that Alice can receive one bit from Bob and two-bit from inserts the polarized photons in the sequence of entangled
Charlie. states and transmits the new sequence to Alice.
Naseri [129] analyzed the Chamoli and Bhandari [128] pro- • Alice receives the sequence, store in quantum memory,
tocol and pointed out that Eavesdropper can find out the measure polarized photons and publishes the measure-
secret message by introducing the concept of fake entan- ment bases and result.
gled particles. Using fake entangled particle, any dishonest • Alice will revise the wrong bases and determine whether
party can able to obtain the secret of others without any Bob is legal or not.
risk of detection. Furthermore, he proposed the improve-
ment in the protocol using decoy photon technique [130,131] Various researchers [86,138–144] proposed a number of
so that secure communications can be avoided against fake QSDC protocols with authentication. Sarvaghad-Moghaddam
entangled particles. In decoy photon technique, Alice pre- [145] proposed an efficient and secure protocol using the con-
pares some photons in one of the four non-orthogonal states cept of entanglement swapping for bidirectional quantum
|0, |1, |+, |− and insert it into the transmitted sequence to secure direct communication under the controller permis-
Bob and Charlie. She keeps the record of insertion positions sion.
for the detection of the dishonest sender. Li et al. [132] pro-
posed a QSDC protocol based on the hyper-entangled state 7.5 Quantum Dialogue
with improved efficiency for the detection of an eavesdrop-
per. In hyper-entangled state [133], photons are entangled in Ping-Pong Protocol supports only one-way communication.
multiple degrees of freedom. Ba An [146] pointed out denial-of-service or disturbance
123
attack in the Ping-Pong Protocol. Eve can wait in the Pong- qubits and measure them in any computational basis (states
route and see that a qubit is coming from Alice in the message of the basis must be non-orthogonal). Boyer et al. [156] intro-
mode. Eve can apply operation and destroy the entanglement duced the concept of SQKD based on entanglement in 2007.
or changes the EPR pair randomly. Bob will not receive use- In SQKD, Alice and Bob share the secret key as in QKD
ful information from Alice, and Eve also remains undetected. except Bob is usually classic in nature. They had not proved
To overcome the limitation of a denial-of-service attack, Ba that their protocol is robust against an eavesdropper. They
An [146] proposed the concept of quantum dialogue in which [157] extended their work and proposed two robust protocol
Alice and Bob can simultaneously exchange their messages. against eavesdropper. Figure 8 depicts the significant devel-
Bennett and Wiesner [107] proposed that Alice will always opment in semi-quantum key distribution protocol.
pong the qubit to Bob in both control and message mode. First, Alice sends a qubit to Bob, then Bob sends back to Alice
In addition, he used the concept of super-dense coding for after measuring and resend or reflect (send back the same
doubling the quantum channel capacity. qubit to Alice). SQKD protocols also require an authentic
Hong and Yang [147] showed that the quantum dialogue classical public channel. The main advantage of SQKD is
is not secure against intercept and resend attack. Further, that it will reduce hardware cost and computational burden.
Zhong-Xiao et al. [148] proposed the modified quantum In SQKD, Alice the powerful quantum communicant, can
dialogue, which is secure against the intercept-and-resend perform the following operations:
attack.
YuGuang and QiaoYan [149] proposed quasi-secure quan- • Prepare quantum state (such as single photons and Bell
tum dialogue protocol using batches of single photons. Alice state)
and Bob obtain classical information from running of single- • Bell measurement and multi-qubit joint measurement.
photon back and forth. Their protocol is free from the concept • Storing qubit in quantum memory.
of entanglement. Tan and Cai [150] pointed out that in quan-
tum dialogue protocols, half of the message between Alice In SQKD, Bob the classical-quantum communicant, can per-
and Bob is leaked through classical public communication. form the following operations:
Xia et al. [151] and Yan et al. [152] proposed their quantum
dialogue protocols using the GHZ state. • Qubit preparation and measurement in computational Z-
Cao and Jiang [153] proposed a multi-party quantum dia- basis |0, |1
logue protocol by introducing a semi-honest third party. Their • Reflect the qubit (Sending back to Alice without distribut-
protocol usage the concept of multi-particle entangled GHZ ing the qubit.
state and result in communication among multi-party without • Reorder the qubits via different delay lines.
leaking any information. Recently Gong et al. [154] proposed
a quantum network dialogue protocol for communication Krawec [158] designed a single state semi-quantum key dis-
among multiple legitimate parties using continuous-variable tribution protocols which permit reflections to carry informa-
GHZ state. Using their protocol, the sender can send infor- tion. He considered a restricted attack by Eve and showed the
mation to multiple users. The continuous-variable quantum robustness of the protocol. Further, Krawec [159] designed
protocol offers a significant improvement in channel capac- the Mediated semi-quantum key distribution protocol (multi-
ity. user quantum key distribution protocol) using Bell basis for
Chou et al. [155] proposed a dynamic group multi-party allowing two classical or limited semi-quantum users (Alice
quantum key agreement protocol using multicast transmis- and Bob) to establish a secret key using the untrusted full
sion method. It has the feature to deal with complex situations quantum server/center. In this quantum server/center will
such as joining and revoking of a member, dividing one group prepare the quantum states and forward it to Alice and Bob.
into two and combining two groups into one group. Alice and Bob can only reflect or measure in computational
Z-basis and need to rely on the quantum server/center for
performing measurement in alternate bases and ensuring the
8 Semi-Quantum Key Distribution Protocol security of quantum channel. He showed that semi-quantum
protocol has similar security as full quantum protocol.
Secure key distribution is possible when both Alice and Boyer et al. [156] proposed a four states in the quantum proto-
Bob are quantum in nature. Semi-quantum Key Distribution col. Zou et al. [160] proposed five different SQKD protocols
(SQKD) protocol operate over a two-way communication using less than four states and proved their robustness. In two
channel. In SQKD protocol, one/some of the two users/multi- of their protocol, Alice only sends one quantum state. They
user are classical in nature. A classical user with no quantum observed that the protocol with single quantum state have
memory can able to measure the qubits only in the compu- double information bit proportion as compared to Boyer et
tational basis. In contrast, a quantum user can prepare the al. protocol [156].
123
Fig. 8 Significant development in semi-quantum key distribution protocol
Lu and Cai [161] proposed a quantum protocol with clas- measure-resend protocol. Li et al. [165] proposed a semi-
sical Alice and Eve is aware about Alice classic nature. quantum secret sharing protocol by utilizing the concept of
They extended and devised a protocol when both Alice and product states (|+|+). Alice prepares the product state and
Bob are classical in nature. Zhang et al. [162] proved the sends one qubit to classical Bob and other to classical Charlie.
unconditional security of the single state semi-quantum key They tested the protocol by introducing some errors which
distribution protocol proposed by Zou et al. [160]. will further be noticed by the legitimate users.
Xian-Zhou et al. [163] developed and proved the robustness Yu et al. [166] designed the first SQKD protocol free from all
of a protocol to distribute key bits among one quantum party attack and without using authentic classical channels known
and m classical parties (No quantum capacity). Their protocol as Authenticated semi-quantum key distribution (ASQKD).
is secure against symmetrically individual attacks, and any Alice and Bob require pre-sharing of the master secret key,
attack should be detected with non-zero probability. which can be generated by using QKD or SQKD proto-
Jian et al. [164] proposed an improved and secured protocol col. After generating the master secret key, many session
using entangled states. Alice prepares two-particle entangled keys can be generated using ASQKD protocol. They pro-
state and measured particle in Bell state. Alice prepare N posed randomization based ASQKD and measure-resend
bell states and choose one particle from each states to form ASQKD protocols. Luo and Hwang [167] proposed two
N particle B1 , B2 , .., B N to Bob. Bob either measure it in a authenticated semi-quantum direct communication protocols
computational basis (Called SIFT) or reflecting the particles based on randomization and measure-resend. Sender (Say
(Send the qubit back to Alice without disturbing it or reorder- Alice) equipped with quantum devices transmit a message
ing of particles). Their proposed protocol can be modified to to the classical receiver. They analyzed that their protocols
123
are robust against Trojan horse attack, intercept and resend 9 Secure Multiparty Communication (SMPC)
attack, modification and impersonation attacks. Zou et al.
[168] proposed a semi-quantum protocol without involving Secure Multiparty Communication (SMPC) is also known
the classical Alice’s measurement capability. Their proposed as Secure function computation. It was introduced originally
protocol requires less number of quantum states sent by both by Yao [215] in the form of Millionaire problem for secure
parties and it is secure against joint attacks. multiparty computation. Millionaire problem is a compar-
Chou et al. [169] proposed a semi-quantum private comparison problem in which two millionaires want to discover
ison protocol with the presence of a dishonest third party. which one is richest without revealing the precise amount
Lu et al. [170] proposed a no-key semi-quantum direct of their personal fortune. SMPC has several applications in
communication protocol using only constant entanglement the field of online bidding, secure voting and market clear-
preservation time and a fixed number of quantum bit regis- ing price scenario. In general, SMPC refers to n parties, and
ters. they compute a publicly available function using a set of
Boyer et al. [171] in 2017 proposed a semi-quantum key private variables without revealing their personal fortune.
distribution using classical Alice, with a controllable mirror Figure 9 depicts the significant development of Secure Mul-
and four-level available systems. In Quantum Private Com- tiparty Communication.
parison’s, two users can compare equality of their private Zhang et al. [216] proposed a quantum protocol using Bell
secrets using a third semi-honest third party. Thapliyal et al. states for comparing the values of two distrustful parties with
[172] proposed two semi-quantum protocol for quantum pri- the help of the third semi-dishonest party. Mayers [217], and
vate compassion’s using orthogonal states and evaluated the Lo and Chau [218] independently pointed out in 1997 that the
performance under noisy environment. previously developed multiparty communication is insecure
Krawec [173,174] proved the unconditional security of Boyer due to unreliable quantum bit commitment scheme.
et al. [156] semi-quantum protocol. Iqbal and Krawec [175] Dong et al. [219] proposed a generalized multi-party deter-
designed a semi-quantum key distribution protocol using ministic quantum protocol using entanglement swapping. Shi
high-dimensional quantum states and carried out the security and Zhong [220] proposed two protocols for quantum multi-
analysis for the same. Recently, Tsai et al. [176] proposed a party communication using entanglement swapping and EPR
semi-quantum secret sharing protocol using W-state for three pairs. Liu et al. [221] found that multiparty protocol proposed
parties and found that the protocol is free from the well- by Shi and Zhong [220] is not secure as a dishonest partic-
known attacks. Iqbal and Krawec [177] carried a survey of ipant can able to determine the secret key independently by
various semi-quantum key protocol and pointed out several illegal means. Further, Liu et al. [221] proposed a secure mul-
open problems. Lin et al. [178] proposed a semi-quantum tiparty quantum protocol which is secure against participant
protocol to share a secret key between two classical users with attacks as well as an outside attack using a single particle.
the help of third untrusted party. The untrusted third party Sun et al. [222] improved the Liu et al. [221] protocol effi-
will require single-photon and Bell measurement capability. ciency from (k+1)(N1)(N −1) to (k+1)(N
1
) using two additional
Wen et al. [179] proposed a semi-quantum authentic protocol unitary operations, where N denotes the number of parties.
based on the correlation between GHZ and W state for deter- Xun-Ru et al. [223] proposed a three-party QKD based on
mining the identities of two participants. They pointed out EPR pairs. Yin et al. [224] proposed a three-party QKD pro-
that the proposed protocol is more secure and effective than tocol using two-qubit entangled state and each party equally
traditional quantum authentication protocols. Tao et al. [180] contribute to the establishment of a shared secret key. Zhu et
proposed two-semi direct communication protocols based on al. [225] found that Yin et al. [224] protocol is not secure if
Bell states and two pre-shared secret keys. To overcome the two dishonest parties offset the role of the third party in the
problem of double CNOT attack and information leakage generation of the shared secret key by launching a special
problem in the Sun et al. protocol [181], Yang [182] pro- kind of attack. They also proposed an improved protocol to
posed an efficient and secure semi-quantum protocol. Zhou overcome the participant attack.
et al. [183] presented two semi-quantum identification pro- Shukla et al. [226] proposed two protocols (Two-party and
tocols using a single photon. In their proposed protocols, multi-party) using multi-partite entangled states and found
quantum Alice and classical Bob can identify each other to that such quantum systems are useful in the implementa-
resist against a man-in-the-middle attack. Yan et al. [184] tion of quantum dialogue. Zhu et al. [227] showed that the
proposed a semi-quantum protocol to transmit a secret mes- Shukla et al. [226] protocol is not secure, and any participant
sage between classical Bob and quantum Alice using Bell can directly obtain the secret key of the other two partici-
states. pants. They found that in Shukla et al. [226] protocol, an
In addition to the above mentioned protocol, semi-quantum eavesdropper can flip any bit in the final secret key with-
key distribution protocol has attracted the attention by various out introducing any error. Finally, they proposed a protocol
researchers and carried out work in [185–214]. to overcome the limitation of Shukla et al. protocol [226].
123
Fig. 9 Significant development in secure multiparty communication
Further, Gu and Hwang [228] found that Zhu et al. protocol Liu et al. [238] proposed a multiparty protocol by taking Bell
[227] suffers from Collusive attack (Any two dishonest par- state as a quantum resource and considering the client-server
ties collaborate and perform manipulation in the final secret model. Participants will able to access quantum channel and
key without getting detected). Luo et al. [229] proposed a prepare single photons, whereas the delegate computation
quantum private comparisons protocol using l−parties and such as Bell measurement and unitary operations will be
d−dimensional entangled state. performed at remote quantum centers. Wang et al. [239] pro-
Huang et al. [230] pointed out that Sun et al. [222] protocol posed a general circle-type multi-party key agreement, which
cannot achieve privacy and fairness. They also proposed a fair is secure against t < N dishonest parties cooperation.
and secured protocol for secret key amongst n-parties with a Zhou et al. [240] proposed a semi-quantum protocol based
high qubit efficiency. Smania et al. [231] performed experi- on four-particle cluster states. Using Zhou et al. ’s protocol,
mental realisation of a three-party quantum protocol using the key can be distributed among one quantum and two clas-
qutrit communication using a three-level system includes sical parties. Further, they pointed out that the concepts can
Secret Sharing, Detectable Byzantine agreement and com- be extended for more than 3-user for communication. Sun
munication complexity reduction. et al. [241] proposed a fair multi-party protocol that resists
Sun et al. [232] proposed a multi-party quantum key protocol against Liu’s et al. [235] collusion attack. Participants pre-
by utilizing the four-photon cluster state, block transmission pare the initial states only and server to prepare the quantum
technique, dense coding method and decoy-state. Sun et al. states. The main advantage of this protocol is that any eaves-
[233] proposed fairness (No one alone cannot be able to dropper including server is not able to find the final shared
determine the key) multiparty quantum key protocol using secret key. Cao and Ma [242] proposed the first multiparty
maximally entangled six-qubit states. Sun et al. [234] pro- quantum key agreement based on Grover’s search algorithm.
posed a single qubit state protocol for multiparty quantum key They showed that their protocol work on a five-party sys-
agreement by performing an exclusive-OR operation on all tem and further compared the proposed protocols with the
the parties without the explicit need of entanglement states, existing protocols. A travelling mode in multiparty quantum
joint measurement and unitary operations. Li et al. [235] key agreement protocol achieves higher efficiency than the
found that circle-type multi-party quantum key agreement distributed mode. Cao et al. [243] proposed a multi-party
protocols are not fair, and any two dishonest parties at a spe- quantum key agreement protocol for travelling mode based
cial position can able to determine the shared secret key. In on non-orthogonal quantum pairs, Bell states and their dual-
multiparty quantum key agreement travelling and distributed ities by mixed dense encoding.
mode is used to transmit the quantum information. Huang Sun et al. [244] proposed an efficient multiparty quantum key
[236] proposed two protocols for travelling mode using EPR agreement protocol using sequential communication of a sin-
pairs and single photons. Huang et al. [237] proposed an gle d-level quantum system. Each participant only performs
efficient, fair and secure multiparty quantum key agreement a unitary operator and measurement complexity is indepen-
protocol using single photons in travelling mode. dent on the number of participants. The main advantage of
1
Sun et al. protocol is that the efficiency rate is 2N . Huang
123
et al. [245] investigated existing multi-party quantum key Wining condition of game a ⊕ b = x.y
agreement in a travelling mode. They found that dishonest Classical Case Optimal wining probability 75%
participants with favourable geographical location collabo- Quantum Case for Maximally Entangled State Winning
rating with other participants can able to determine the secret Probability 86%.
key. Further, they proposed a multi-party quantum key agree- Bell [83] experimented and showed that there exist no hidden
ment in travelling mode using non-orthogonal Bell states. He variable in nature. The Locality loophole refers that parti-
et al. [246] proposed a high-efficiency three-party quantum cles and detectors are communicating during the Bell test.
key agreement protocol by utilizing two-photon polarization Researchers are carrying out the work to close the loopholes
entangled Bell states and a few single-photon polarization one by one for excluding Einstein’s Hidden variable. Mayers
states. They used quantum dense coding to improve the effi- and Yao [250] introduced the concept of self-testing quantum
ciency and each participant need to perform one unitary source by considering the non-local correlations.
operation to encode the sub-secret key. Jo et al. [247] carried Colbeck [254] applied the Bell test to check the honesty of
out a security analysis which provides an asymptotic secret quantum apparatus. Pironio et al. [255] provided the security
key rate for multiparty quantum key distribution under the proof of Acin et al. [256] device-independent quantum key
restriction that the successive trials are independent. Moha- distribution protocol. Hensen et al. [84] carried out an experi-
jer and Eslami [248] pointed out that the participant attack ment Loophole-free Bell test using electron spins in artificial
on Sun et al. protocol [234] and proposed an improvement diamond at Delft University of Technology, Netherland. They
to avoid the participant attack. separated the electron and detector 1.3 Km apart so that they
can not be able to communicate. They performed 245 trials
to test CHSH-Bell inequality [253] and found that Einstein’s
10 Device Independent Cryptography hidden variables are wrong. Lucamarini et al. [257] designed
a device-independent entanglement based B92 protocol.
Actual device used in quantum key distribution suffer from Full Device-independent quantum key distribution shows
unavoidable imperfections and behave differently than the that security of the cryptographic protocol is based on the
theoretical assumptions. Zhao et al. [50] experimentally assumption of trusted random number generator, Authenti-
demonstrated time-shift attack (first quantum hacking attack) cated classical public channel, the correctness of quantum
against a commercially available QKD system. Lydersen physics and Both parties (Alice and Bob) physical locations
et al. [249] introduced the concept of detector blinding are secure. The major limitation of full-device independent
attack to acquire the whole secret key. QKD system suf- QKD is that it requires a loophole-free Bell test with dis-
fers from the loophole that allows the side-channel attack. tant parties, which is practically impossible with currently
Full-device independent QKD was proposed to avoid the available technologies.
side-channel attack. Figure 10 depicts the significant devel-
One-Sided Device-Independent QKD: In standard QKD,
opment in Device Independent Cryptography.
Alice and Bob both trusts their measurement apparatus.
In full device-independent cryptography, Alice and Bob can
Branciard et al. [258] introduced the concept of one-
buy a device from anyone (reliable or unreliable one). It
sided device-independent QKD, a less restricted device-
means the security does not rely on the truthfulness of the
independent QKD, where one of the party trust his/her
quantum apparatus. In full-device Independent Quantum Key
measurement apparatus. Cao et al. [243] proposed one-
Distribution (DIQKD), quantum apparatuses are considered
sided measurement-device-independent QKD to overcome
as a black box, which takes classical input and produces clas-
the limitations of measurement-device-independent QKD
sical output. Entanglement based devices are more difficult
and to enjoy the detection of loophole-free. They considered
to implement over long distances. Security of quantum key
Bob encoding system is trusted and carried out an experiment
distribution protocol lies with the credibility of the quan-
using a coherent light source. Tomamichel et al. [259] showed
tum devices. In device-independent cryptography, there is
that the standard BB84 QKD scheme is one-sided device-
no guarantee that the quantum device performs as per the
independent QKD by considering Bob’s quantum apparatus
specifications.
as malicious, and Alice apparatus is a trusted one. Walk et al.
Bell inequality test is performed to ensure that the devices
[260] carried out an experimental demonstration of Gaussian
are adequately entangled and ensure the testing of quantum-
protocol for one-sided device-independent QKD.
ness [82,250–252]. Bell inequality can be considered as the
Clauser–Horne–Shimony–Holt (CHSH) game [253] played Measurement Device-Independent Quantum Cryptography:
between honest parties (Alice and Bob) using their shared Measurement device-independent QKD is one of the feasi-
device. ble solutions with currently available technology to quantum
In CHSH game, Honest Alice (input x and output y) and hacking and bridging the gap between theoretical and prac-
Honest Bob (input y and output b) such that x, y ∈ 0, 1. tical implementation of QKD. Lo et al. [261] introduced
123
Fig. 10 Significant
development in device
independent cryptography
the concept of measurement device-independent QKD for measurement-device independent QKD is lower than prepare
removing all detector side channels attacks. In their approach, and measure the QKD system.
Alice and Bob prepare phase randomized weak coherent
Semi-Device Independence Fully device-independent QKD
pulse in different BB84 polarization state. These polariza-
is based on non-locality and applicable only for entanglement
tion states are selected randomly and independently for each
based protocols. Semi-device-independent QKD provides
signal. Further, they showed that the system remains secure
secure key distribution for one way prepare and measure
over 200 KMs in the existence of seriously flawed detec-
protocols [271]. The measurement apparatus’s dimension is
tors. Measurement device-independent QKD [262] provide
of fixed Hilbert space. Yang et al. [272] demonstrated the
high key rate and long-distance with the currently available
security of semi-device-independent QKD against collective
technologies.
attacks. Dall’Arno et al. [273] discussed security concerns in
Tang et al. [263] performed the first experimental real-
semi-device-independent QKD and suggested ways to pre-
ization of measurement device-independent QKD by con-
vent the malicious attack. Chaturvedi et al. [274] studied the
sidering the state preparation flaws and distributed secure
security of semi-device-independent QKD protocol under the
keys up to 40 KM. Experimental realization of measure-
random access code, cryptography primitive.
ment device-independent QKD has been carried out by
Woodhead et al. [275] proposed a semi-device-independent
various researchers (For details, the reader can see [221,264–
QKD based on modified BB84 protocol and Bob carried-out
267]). Qiao et al. [268] proposed a scheme for monitoring
CHSH-type estimation on the qubit send by Alice.
light source using single-photon detectors for measurement-
device-independent QKD. This new scheme significantly Detector Device-Independent Quantum Cryptography: To
improves the secure key rate and transmission distance. Cui et overcome the limitations of measurement-device indepen-
al. [269] proposed a high-dimensional measurement device dent QKD (Security key rate and Interface of two photons),
QKD protocol with qudits hyper-encoding in spatial mode Lim et al. [276] and Gonzalez [277] proposed the concept
and polarization degrees of freedom. They demonstrated of detector device-independent quantum cryptography the
that their scheme is unconditional secure for weak coherent combine the security of measurement-device independent
pulses with decoy states. Dellantonio et al. [270] also pro- quantum cryptography with the efficiency of conventional
posed a high-dimensional measurement-device-independent QKD. The main advantage of detector-based-independent
QKD protocol and carried out an analysis for phase error and QKD is that two-qubit single photon is used instead of an
imperfect sources. interface between two widely separated independent single-
Measurement-device independent QKD requires an interface photon source.
of two photons from two different light source, which makes Wei et al. [278] proposed detector blinding attack with
the experiment more demanding. Secure key rates achieved in intrinsic attack and Eve can obtain the security key with-
out getting detected. They also explicitly discussed the attack
123
Table 15 Few examples of symmetric and asymmetric cryptosystem Table 16 Public cryptosystems and their examples
with quantum attacks [287]
Scheme name Classical example
Type of cryptosystem Algorithm name Attack
Code-based McEliece’s Hidden Goppa-code 1978 [288]
Symmetric AES128 Grover’s algorithm cryptography
Symmetric AES256 Grover’s algorithm Lattice-based NTRU public cryptosystem [290]
Symmetric Salsa20 Grover’s algorithm cryptography
Asymmetric RSA2048 Shor’s algorithm Hash-based Lamport-Diffie one-time signature scheme [296]
cryptography
Asymmetric RSA3072 Shor’s algorithm
Winternitz one-time signature scheme [297]
Asymmetric ECC521 Shor’s algorithm
Multivariate- Patarin’s and
quadratic vinegar
equations signature
proposed by Qi and Siopsis [279], which combines the blind- cryptography scheme [300]
ing attack and detector wavelength dependency of a beam
splitter. Sajeed et al. [280] demonstrated that detector-device-
independent QKD is not secure against side-channel attacks. efficiency [289]. The main issue of a code-based cryp-
tosystem is the key size (megabyte) for higher security.
Although Researchers had proposed few code-based
11 Post Quantum Cryptography cryptography schemes; attacks have been proposed cor-
responding to these schemes. Still, the initially proposed
Security of existing classical cryptosystems relies on the scheme by McEliece remain unbreakable, but it suffers
Integer factorization problem, discrete logarithm problem or from a key size. In future, there is a possibility of new
elliptic-curve discrete logarithm problem. Shor algorithm can code-based cryptography approach to be proposed that
able to solve all these three problems using a quantum com- remain secure with the quantum attack.
puter. Grover algorithm [3] showed that the Security of the • Lattice-Based Cryptography: Hoffstein et al. [290] intro-
symmetric encryption algorithm is at risk. Table 15 repre- duced NTRU public cryptosystem with a smaller key size
sents a few symmetric and asymmetric cryptosystem with than McEliece cryptosystem. Several quantum attacks
quantum attacks. have been proposed by exploiting the polynomial struc-
Once a scalable quantum computer is developed, the exist- ture [291,292] and without exploiting the polynomial
ing classical security algorithms such as Diffie–Hellman structure [293–295]. To gain confidence against quan-
key-exchange [281], RSA public key encryption [282], Alge- tum attack, more research is needed to be carried out on
braically Homomorphic [283], Elliptic curve cryptography lattice-based cryptography.
[284] and Buchmann–Williams key-exchange [285] will • Hash-Based Cryptography: Hash-based cryptography
become insecure. There is a growing interest in post-quantum relies on the hash function and requires minimal security
algorithm to make the system secure. Post-quantum algo- requirements. Lamport-Diffie one-time signature scheme
rithms deal with cryptosystem that runs on a conventional [296] and Winternitz one-time signature scheme [297]
computer but secure against attacks by quantum computer are hash-based cryptography schemes. Dods et al. [298]
[286]. Bernstein and Lange [287] listed various existing and Hulsing [299] proposed the improved hash-based
cryptographic system and the quantum attacks against the cryptography schemes using better one-time signatures
cryptographic system. to decrease the signature size.
Post-quantum cryptography schemes are classified into code- • Multivariate-Quadratic Equations Cryptography: It is
based cryptography, Lattice-based Cryptography, Hash-based based on the computational difficulty involved to solve
Cryptography, Multivariate-quadratic equations cryptogra- non-linear equations over finite fields. This cryptog-
phy. Table 16 represents a few public cryptosystems with raphy scheme is also known as trapdoor multivariate
their examples. quadratic as it involves higher-order quadratic polyno-
mial equation. Patarin’s and vinegar signature scheme
• Code-Based Cryptography: McEliece [288] introduced [300], Ding and Schmidt’s Rainbow signature scheme
the concept of code-based cryptography in 1978. Code- [301] and Patarin’s et al. Quartz signature scheme [302]
based cryptosystem uses error-correcting code. There is are few well known multivariate public-key cryptography
a trade-off between efficiency and security in the code- schemes.
based cryptosystem. By reducing key size, efficiency can
be improved but at the cost of security. By increasing National Institute of Standards and Technology (NIST) has
the key size, security can be improved but at the cost of initiated the process to evaluate and standardize the quantum-
123
Fig. 11 Significant development in quantum cryptography after BB84 protocol
resistant algorithms for post-quantum cryptography. NIST performed decoy-state quantum key distribution between
had shortlisted 26 quantum algorithms (17 Public key encryp- multiple locations on the ground (Xinglong, Nanshan and
tion and key-establishment algorithms and 9 for digital Graz) and low-earth orbit satellite. They communicated the
signatures) for the post-quantum algorithms. Researchers are secret message over 7600 KM between locations in Europe
considering these 26 algorithms as the strongest candidate for and China. Sharma and Banerjee [315] carried out the
post-quantum algorithms [303]. There is an upward trend analysis of the atmospheric effect on satellite-based com-
of research in the area of post-quantum computing. Reader munication against Photon number splitting and intercept
can go through [286,287,304] for a detailed study on post- resend with unambiguous discrimination attacks. In 2017,
quantum cryptography. Bedington et al. [316] summarized the research on QKD with
satellite. Chunli Bai (President of Chinese Academy of Sci-
ence) and Anton Zeilinger (President of Austrian Academy of
12 Latest Trends and Concluding Remarks Sciences) successfully conducted the first Inter-Continental
video conference call using Chinese quantum satellite Micius
Latif et al. [305] proposed a framework for secure commu- [317]. Quantum key is transmitted using the satellite Micius.
nication in the cloud and internet of things environment. Chinese Academy of Science and Jian-Wei Pan research
They also proposed a quantum steganography protocol using group from University of Science and Technology, China col-
a hash function and entanglement states. Amer et al. [306] laboratively working on quantum communication between
proposed a semi-quantum key distribution protocol for tol- low earth orbit satellite and receiving stations on earth to
erating high-level of noise by considering the advantage of a achieve secure communications between optical ground sta-
two-way quantum channel. Figure 11 represents the signifi- tions in China and Europe. Many Indo-Pacific nations also
cant development in quantum cryptography after the design joined the race for Quantum satellite. The National Univer-
of the BB84 Protocol. Figure 12 represents the major experi- sity of Singapore developed a nano-satellite carrying quan-
mental work carried out in the area of quantum cryptography. tum node, which was launched by Indian vehicle in 2015.
Table 17 depicts a summary of various attacks on the quan- National Institute of information and Communications tech-
tum protocol. nology, Japan also demonstrated quantum communication
To overcome the limited distance communication over fiber using a micro-satellite in 2017. Quantum cryptography can
cables, free space-based QKD give rise to the concept of be applied in substantial numbers of applications. Table 18
satellite-based communication for sharing secret informa- represents a few real-life applications of quantum cryptogra-
tion. Yin et al. [312] explored the satellite-based com- phy.
munication between two entangled photons separated by
1203 KM on earth. Liao et al. [313] reported the devel- 12.1 Quantum Blind Computation
opment and launch of a low-earth satellite for achieving
the kilohertz key rate for a distance up to 1200 KM by It is likely possible that the quantum computer after its devel-
implementing decoy-state QKD. Further, Liao et al. [314] opment will be available in centers across the world. Blind
123
Fig. 12 Major experimental work in the area of quantum cryptography
Table 17 Summary of various

Attack name References Year(s)
attack on quantum protocol
Beam splitter attack [67] 2014
Detector blinding attack [249,278] 2010, 2017
Double blinding attack [73] 2012
Double CNOT attack [180] 2019
Einstein–Podolsky–Rosen Attack [218] 1997
Faked state [33] 2005
Frequency shift attack [70] 2014
Gaussian attacks [30] 2019
Intercept/resend attack [65,147] 2009, 2006
Large pulse attack [39] 2001
Laser seeding [47] 2015
Man-in-middle attack [41,43,44,66] 2006, 2014, 2018, 2009
Optimal attack [42] 2010
Phase remapping attack [48,49] 2007, 2010
PNS attack [35–37] 1995, 2000, 2011
Polarization shift [51] 2019
Symmetric collective attack [34] 2008
Time-shift attack [46,50] 2007, 2008
Timing-side channel attack [45] 2007
Trojan horse attack [41,43,44] 2006, 2014, 2018
123
Table 18 Applications of
Application Country/collaborating institutes Year
quantum cryptography
Secure online voting Switzerland Since 2007
FIFA World Cup secure link South Africa 2010
between Moses Mabhida
Stadium and main hub
POS system for transmitting Nokia, Bay Photonics, Oxford University 2017
quantum keys [307]
QkarD quantum smart card Los Alamos National Security 2010
[308,309]
Data protection of 6000 United states
banks and 6000 hospitals
[310]
Quantum encrypted video Chinese Academy of Sciences 2017
call [307]
Austrian Academy of Sciences in Vienna
Quantum voting [311] Southeast University, Nanjing, China 2017
East China Normal University, Shanghai, China
Table 19 Major sources titles

Journal name Number of paper used Publisher name
with papers > 3 used in the
review process Physical Review A 45 American Physical Society
Physical Review Letters 37 American Physical Society
Quantum Information Processing 33 Springer
International Journal of Theoretical Physics 17 Springer
Scientific Reports 15 Nature Publishing Group
New Journal of Physics 9 IOP Publishing
International Journal of Quantum Information 7 World Scientific
Optics Express 6 OSA, The Optical Society
NPJ Quantum Information 5 Nature Publishing Group
Nature 5 Nature Publishing Group
Chinese Physics Letters 5 Chinese Physical Society
Theoretical Computer Science 4 Elsevier
Physics Letters A 4 Elsevier
Journal of Modern Optics 4 Taylor and Francis
Modern Physics Letters A 4 World Scientific
SIAM Journal of Computing 3 Society for Industrial and
Applied Mathematics
International Journal of Quantum Information 3 World Scientific
Chinese Physics B 3 IOP Publishing
IEEE Access 3 IEEE
Nature Photonics 3 Nature Publishing Group
quantum computation is emerged for performing secure com- of her input, output and computation. Arrighi and Salvail
putation rather than secure communication. Consider Alice [318] introduced the concept of quantum blind computation
(does not have a quantum computer) and Bob have a quan- and proposed a protocol for carrying out the blind quantum
tum computer. Alice wants to utilize Bob quantum resources computation.
without revealing about the computation. In Blind quantum Broadbent et al. [319] proposed a protocol for blind quan-
computation, Bob will remain unaware of the usage of his tum computation. In their protocol, Alice, a purely classical
quantum computer by Alice. Alice will perform her compu- client, communicate with two non-communicating entangled
tation on Bob quantum computer, and Bob will not be aware servers for performing the computation. Fitzsimons [320]
123
reviewed the blind quantum computation. Li et al. [86] pro- 12.4 Position-Based Quantum Cryptography
posed two protocols for blind quantum computation with
identity authentication. Barz et al. [321], Greganti et al. [322] Chandran et al. [340] devised the concept of classical
and Huang et al. [323] experimentally demonstrated the con- position-based cryptography. Further, Chandran et al. [341]
cept of blind quantum computing. introduced the concept of position-based quantum cryptog-
raphy by considering the geographical position of a party as
the credential. Using position-based quantum cryptography,
two military bases can be communicated without pre-shared
12.2 Quantum Digital Signature
keys over an insecure channel. Bilski and Winiecki [342]
analyzed the position-based quantum cryptography in a
With the significant development in the area of a quan-
distributed system. Qi and Siopsis [279] studied the perfor-
tum network, Quantum digital signature and Quantum Key
mance of position-based quantum cryptography protocols
distribution are needed for signing and information distri-
over a noisy channel by assuming that no entanglement is
bution in the quantum network. Gottesman and Chuang
pre-shared between adversaries. Buhrman et al. [343] stud-
[324] introduced the concept of quantum digital signature
ied quantum setting in position-based quantum cryptography.
in 2001. Quantum digital Signature is an approach used to
Chakraborty and Leverrier [344] proposed interleaved prod-
sign a document by quantum means and transfer to the user
uct protocol for position verification.
with information-theoretically study [325,326]. Roberts et al.
[266] carried out an experimental demonstration of quantum
12.5 Chip-Based QKD Devices
digital signature by realising quantum network architecture
mediated by measurement-device-independent quantum key
The main limitation of the existing QKD equipment is cost,
distribution. Cai et al. [327] carried out cryptanalysis on
space and power consumption. To miniaturise and mass-
multiparty digital signatures. Shi et al. [328] carried out an
produce of QKD system, Sibson et al. [345] introduced
analysis of quantum signature scheme based on asymmetric
the concept of chip-based quantum communications. IMEC
quantum cryptography against forgery attack and suggested
(World-leading research and Innovation hub in Nanoelec-
the addition of random integer shared between the signer
tronics) and National University of Singapore (NUS) joined
and verifier. Collins et al. [329] reviewed the development in
their hands to develop robust, scalable and efficient tech-
experimental quantum digital signatures. Collins et al. [330],
nologies for QKD and quantum random number generation.
Donaldson et al. [331] carried out experimental demonstra-
Roger et al. [346] demonstrated on-chip quantum random
tion of quantum digital signature.
generator using laser pulses. Zhang et al. [347] designed
a 3 mm silicon photonic chip operating at 1550 nm for
continuous-variable QKD system by integrating the all-
12.3 High-Dimensional Quantum Key Distribution optical component except for laser source.
Encoding by the polarization of light in quantum key distri- 12.6 Quantum Bit Commitment
bution limits the information to be sent per photon. It puts
tight bounds on the error rates the system can tolerate. High- Bit commitment involves Alice and Bob, two mistrustful par-
dimensional Quantum Key Distribution is an efficient and ties. In Bit commit protocol, Bob is interested that Alice will
robust way to encode information with higher key rate. High- bind to her commitment and Alice conceal the commitment.
dimensional QKD systems are more resistant to noise in the Alice commits an encoded bit of information to Bob. Alice
channel and overcome the limitation of QKD by encoding cannot be able to change the information after submit, and
more bits per transmitted photon. Bob cannot identify the information until Alice decodes it.
In high-dimensional QKD protocol, information can be In 1997, Lo and Chau [218] showed that Alice could cheat
encoded using spatial modes [332–334], time-phased [335– using the Einstein-Podolsky-Rosen (EPR) attack success-
337]. Ding et al. [334] proposed a high-dimensional QKD fully, causing Quantum Bit commitment to insecure.
protocol based on space-division multiplexing in multi-core
fiber using silicon photonic integrated lightwave circuits. Jo 12.7 Quantum Coin Flipping Protocol
et al. [247] proposed an efficient high-dimensional QKD pro-
tocol using hybrid encoding by two-degree-of freedom of a Blum [348] introduced the concept of coin tossing. Coin
single photon, multi-path modes and orbital angular momen- tossing can be classified as weak or strong. The strong coin-
tum modes. Islam et al. [338,339] proposed and demonstrated tossing protocol is used if the preference of other party is
a high-dimensional quantum key distribution using two- unknown. In the weak coin-tossing protocol, the preference
photon interference technique. of other party is known. For instance, a divorced couple (Say
123
Table 20 Papers with citation> 1000 in the area of quantum cryptog- Table 21 Papers with google citation> 30 per year in the area of quan-
raphy tum cryptography
Reference Google Web of Publication Quantum/ ReferenceGoogle Google citation/m Web of Publication
citation science year classical citation m = 2020− science year
Year of Publication
[279] 21,388 NA 1978 C
[278] 18,797 NA 1976 C [287] 494 164.66 233 2017
[81] 13,969 NA 1964 Q [305] 435 145 241 2017
[80] 10,303 5960 1991 Q [53] 598 99.6 365 2014
[2] 9083 2723 1997 Q [306] 191 95.5 92 2018
[55,56] 7859 NA 1984 Q [246] 853 85.3 483 2010
[5] 7781 4595 2002 Q [283] 918 83.45 NA 2009
[281] 6498 NA 1987 C [131] 235 78.33 160 2017
[1] 6192 NA 1994 Q [324] 363 72.6 221 2015
[3] 5373 NA 1996 Q [348] 134 67 61 2018
[12] 5265 NA 1982 Q [301] 243 60.75 NA 2016
[212] 4509 NA 1982 Q [8] 208 52 120 2016
[73] 3379 1810 1992 Q [248] 769 51 458 2005
[57] 2528 1405 2000 Q [28] 917 50.94 567 2002
[70] 2226 1368 1992 Q [255] 403 50.375 309 2012
[280] 2046 NA 1978 C [142] 185 46.25 143 2016
[285] 2035 NA 1978 C [98] 736 46 366 2004
[294] 1858 NA 1989 C [218] 322 46 208 2013
[287] 1707 NA 1998 C [337] 127 42.33 57 2017
[4] 1647 NA 1996 Q [292] 169 42.25 NA 2016
[253] 1190 744 2007 Q [92] 905 41 439 1998
[117] 1190 772 2002 Q [36] 804 40.2 454 2000
[29] 1165 751 2003 Q [284] 117 39 23 2017
[250] 1145 NA 1969 Q [313] 304 38 168 2012
[59] 1106 512 2001 Q [50] 454 37.8 272 2008
[258] 1043 654 2012 Q [26] 180 36 107 2015
[17] 1014 NA 1988 Q [214] 800 34.78 373 1997
[311] 338 30.72 NA 2009
[252] 341 31 200 2009
[41] 429 30.64 280 2006
Alice and Bob) both want to stay with their single kid and
Alice is staying in North India and Bob is staying in South 12.8 QKD Devices
India. A weak coin-tossing protocol will be useful in such a
situation where both want to take the responsibility of their Toshiba’s QKD system [352] delivers secure key over 100
kid. KM on fiber optic-based network with a bit rate of 1 Megabit
Molina-Terriza et al. [349] designed the first quantum coin per second. This QKD system is based on T12 protocol (A
flipping protocol using qutrits rather than qubit for higher decoy-state protocol with appropriate modification in BB84)
securities. Here, both communicator Alice and Bob distrust [105]. Toshiba reported that cryogenic detectors operating at
each other. They showed the possibility of a cheater and ways room temperature would enhance the performance of high
to detect the cheater. Using the concept of photons entangled, bit rate [106].
Alice and Bob succeeded to toss a row coin remotely. To meet the requirement of Metropolitan Area Network,
Colbeck [350] designed a protocol for strong coin-tossing QuantumCTek [353] developed QKD-POL40 series QKD
using the power of entanglement and achieve a bias of 1/4. systems based on BB84 protocol with decoy-state and
The major advantage of colbeck’s protocol is that it requires polarization coding. QKD-POL40 is further classified in
only qubits for achieving the bias, whereas bit-commitment transmitting mode (QKD-POL40A) and receiving mode
require higher-dimensional system [351]. (QKD-POL40B). QuantumCTek’s QKD system is secure
123
against attacks (photon beam separation, light blinding and References

double counting) and provide the feature of quantum chan-
nel automatic correction. It provides 15 KBPS@10 dB under 1. Shor PW (1994) Algorithms for quantum computation: discrete
logarithms and factoring. In: Proceeding of 35th annual sympo-
typical key rate @25 ◦ C.
sium on the foundations of computer science, 20–22 Nov. NM,
IDquantique IDQ’s Cerberis QKD system [354] provides USA, Santa Fe, pp 124–134
secure key exchange at temperature 10◦ to 30◦ with secret 2. Shor PW (1997) Polynomial-time algorithms for prime factor-
key rate of 1.4 kb/s (12 dB). Details of parameters and feature ization and discrete logarithms on a quantum computer. SIAM J
Comput 26:1484–1509
of Cerberis QKD system can be found in [355].
3. Grover LK (1996) A fast quantum mechanical algorithm for
The Quantum Technologies Group of the University of database search. In: Proceedings of the 28th annual symposium
Geneva, ID Quantique and Corning Incorporated performed a on theory of computation, Philadelphia, Pennsylvania, USA, May
successful Quantum key distribution at a distance of 421 KM 22–24, pp 212–219
4. Wiesner S (1983) Conjugate coding. ACM SIGACT News 15:78–
using a three-state time-bin protocol with decoy approach and
88
2.5 GHZ repetition rate [356]. Travagnin and Lewis [357] 5. Gisin N, Ribordy G, Tittel W, Zbinden H (2002) Quantum cryp-
carried out a detailed survey of quantum key distribution tography. Rev Mod Phys 74:145–195
deployment worldwide. Yuan et al. [358] reported the first 6. Alleaume R, Branciard C, Bouda J, Debuisschert T, Dianati M,
Gisin N, Godfrey M, Grangier P, Langer T, Lutkenhaus N, Monyk
QKD complete system which delivers real-time secure keys C, Painchault P, Peev M, Poppe A, Pornin T, Rarity J, Renner
at the rate of exceeding 10 Mb/s. R, Ribordy G, Riguidel M, Salvail L, Shields A, Weinfurter H,
Zeilinger A (2014) Using quantum key distribution for crypto-
graphic purposes: a survey. Theor Comput Sci 560:62–81
12.9 Concluding Remarks 7. Giampouris D (2016) Short review on quantum key distribution
protocols. In: Vlamos P (ed) GeNeDis computational biology and
Classical Cryptography is still safe as classical computers bioinformatics, advances in experimental medicine and biology,
can not crack the cryptography algorithms. Concept of quan- vol 988. Springer, Cham, pp 149–157
8. Diamanti E, Lo HK, Qi B, Yuan Z (2016) Practical challenges in
tum cryptography has been commercialized rapidly after the quantum key distribution. npj Quantum Inf 2:16025
design of the BB84 protocol. Table 19 depicts the signifi- 9. Long GL (2017) Quantum secure direct communication: princi-
cant sources of quantum cryptography. Table 20 shows the ples, current status, perspectives. In: 2017 IEEE 85th vehicular
most influential quantum cryptography research papers with technology conference (VTC 2017 Spring) 4–7 June 2017 Syd-
ney, Australia, pp 1–5
citation > 1000. Table 21 represents a few additional influ- 10. Zhou T, Shen J, Li X, Wang C, Shen J (2018) Quantum cryptogra-
encing research papers with citations > 30 per year. phy for the future internet and the security analysis. Security and
Computational speed will improve dramatically after the Communications Networks Article id 8214619, pp 1–7
development of the quantum computer. Various research 11. Heisenberg W (1927) Uber Den Anschaulichen Inhalt Der
Quantentheoretischen Kinematik Und Mechanik. Zeitschrift Fur
organization and companies are working extensively towards Physik (in German) 43(3–4):172–198
the development of post-quantum algorithms. With NIST 12. Wootters WK, Zurek WH (1982) A single quantum cannot be
competitions, more attacks, algorithms design and imple- cloned. Nature 299:802–803
mentations are also emerging. Unconditional security of 13. Einstein A, Podolsky B, Rosen N (1935) Can quantum-
mechanical description of physical reality be considered com-
quantum cryptography will make it a long term security solu- plete? Phys Rev 47:777–780
tion. 14. Vernam GS (2019) Secret signaling system, US Patent 1310719A,
Determining the power of quantum hardware is also a July 22, 1919. https://patentimages.storage.googleapis.com/5d/
challenging issue. Significant work on verifying quantum ae/f5/1256151a84830e/US1310719.pdf
15. Schumacher B, Westmoreland MD (2006) Quantum mutual infor-
computation devices can be found in [359–361]. Significant mation and the one-time pad. Phys Rev A 74:042305
efforts have been made to develop QKD devices. However, 16. Brandao FGSL, Oppenheim J (2012) The quantum one-time pad
low-cost, robust and higher secure key rate and distance in the presence of an eavesdropper. Phys Rev Lett 108(4):040504
remain a challenges question. Satellite-based QKD also 17. Bennett CH, Brassard G, Robert JM (1988) Privacy amplification
by public discussion. SIAM J Comput 17(2):210–229
emerges rapidly because QKD based on ground approaches 18. Griffet C (2019) From discrete-to continuous-variable protocols
has a limited distance (due to fiber attenuation and atmo- for quantum key distribution, Master Thesis, Universite Libre De
spheric losses). Bruxelles
To overcome challenges in quantum cryptography (quantum 19. Ralph TC (1999) Continuous variable quantum cryptography.
Phys Rev A 61:010303
attacks, imperfections in quantum communications, cost, dis- 20. Reid MD (2000) Quantum cryptography with a predetermined
tance, secret key rate) and achieve the goal of the quantum key, using continuous variable Einstein–Podolsky–Rosen corre-
internet, research in the area of quantum cryptography will lations. Phys Rev A 62(6):062308-1–062308-6
take a rapid pace in the years to come. 21. Hillery M (2000) Quantum cryptography with squeezed states.
Phys Rev A 61:022309
Acknowledgements All figures in this manuscript has been drawn
using Edraw Software.
123
22. Garcia-Patron R, Cerf NJ (2009) Continuous-variable quantum 45. Lamas-Linares A, Kurtsiefer C (2007) Breaking a quantum key
key distribution protocols over noisy channels. Phys Rev Lett distribution system through a timing side channel. Opt Express
102:130501-1–130501-4 15(15):9388–9393
23. Cerf NJ, Grangier P (2007) From quantum cloning to quantum 46. Qi B, Fung CHF, Lo HK, Ma X (2007) Time-shift attack in prac-
key distribution with continuous variables: a review (Invited). J tical quantum cryptosystems. Quantum Inf Comput 7(1):73–82
Opt Soc Am 24(2):324–334 47. Sun SH, Xu F, Jiang MS, Ma XC, Lo HK, Liang LM (2015) Effect
24. Cerf NJ, Levy M, Assche GV (2001) Quantum distribution of of source tampering in the security of quantum cryptography. Phys
gaussian keys using squeezed states. Phys Rev A 63:052311 Rev A 92(2):022304
25. Grosshans F, Grangier P (2002) Continuous variable quantum 48. Fung CHF, Qi B, Tamaki K, Lo HK (2007) Phase-remapping
cryptography using coherent states. Phys Rev Lett 88:057902 attack in practical quantum-key-distribution systems. Phys Rev A
26. Grosshans F, Assche GV, Wenger J, Brouri R, Cerf NJ, Grang- 75(3):032314-1–032314-12
ier P (2003) Quantum key distribution using gaussian-modulated 49. Xu F, Qi B, Lo HK (2010) Experimental demonstration of phase-
coherent states. Nature 421:238–241 remapping attack in a practical quantum key distribution system.
27. Lodewyck J, Debuisschert T, Tualle-Brouri R, Grangier P (2005) New J Phys 12:113026
Controlling excess noise in fiber optics continuous variables quan- 50. Zhao Y, Fung CHF, Qi B, Chen C, Lo HK (2008) Quan-
tum key distribution. Phys Rev A 72:050303 tum hacking: experimental demonstration of time-shift attack
28. Weedbrook C, Lance AM, Bowen WP, Symul T, Ralph TC, Lam against practical quantum-key-distribution systems. Phys Rev A
PK (2004) Quantum cryptography without switching. Phys Rev 78:042333-1–042333-5
Lett 93(17):170504-1–170504-4 51. Wei K, Zhang W, Tang YL, You L, Xu F (2019) Implementa-
29. Leverrier A, Grangier P (2011) Continuous-variable quan- tion security of quantum key distribution due to polarization-
tum key distribution protocols with a discrete modulation. dependent efficiency mismatch. Phys Rev A 100(2):022325
arXiv:1002.4083 52. Boyer M, Liss R, Mor T (2020) Composable security against col-
30. Papanastasiou P, Pirandola S (2020) Continuous-variable quan- lective attacks of a modified BB4 QKD protocol with information
tum cryptography with discrete alphabets: composable security only in one basis. Theor Comput Sci 801:96–109
under collective gaussian attacks, pp 1–6. arXiv:1912.11418 53. Lo HK, Curty M, Tamaki K (2014) Secure quantum key distribu-
31. Andersen UL, Neergaard-Nielsen JS, Loock P, Furusawa A (2015) tion. Nat Photonics 8:595–604
Hybrid discrete-and continuous-variable quantum information. 54. Jain N, Stiller B, Khan I, Elser D, Marquardt C, Leuchs G (2016)
Nat Phys 11:713–719 Attacks on practical quantum key distribution systems (and how
32. Sanchez RG (2007) Quantum information with optical continuous to prevent them). Contemp Phys 57(3):366–387
variables: from Bell tests to key distribution, PhD Thesis, The 55. Bennett CH, Brassard G (1984) Quantum cryptography: public
Center for Quantum Information and Communication (QuIC) of key distribution and coin tossing. In: International conference on
the University of Bruxelles (ULB) computers, systems and signal processing Bangalore, India, Dec
33. Makarov V, Hjelme DR (2005) Faked states attack on quantum 10–12 1984, pp 175–179
cryptosystems. J Mod Opt 52:691–705 56. Bennett CH, Brassard G (2014) Quantum cryptography: public
34. Pirandola S (2008) Symmetric collective attacks for the eaves- key distribution and coin tossing. Theor Comput Sci 560:7–11
dropping of symmetric quantum key distribution. Int J Quantum 57. Chuang I, Oliver W, Shor P (2019) Introduction to quantum
Inf 6:765–771 computing online course. https://learn-xpro.mit.edu/quantum-
35. Huttner B, Imoto N, Gisin N, Mor T (1995) Quantum cryptogra- computing. Accessed 24 May 2020
phy with coherent states. Phys Rev A 51(3):1863–1869 58. Shor PW, Preskill J (2000) Simple proof of security of the BB84
36. Lutkenhaus N (2000) Security against individual attacks for quantum key distribution protocol. Phys Rev Lett 85(2):441–444
realistic quantum key distribution. Phys Rev A 61:052304-1– 59. Biham E, Boyer M, Boykin PO, Mor T, Roychowdhury V (2006)
052304-10 A proof of the security of quantum key distribution. J Cryptol
37. Liu WT, Sun SH, Liang LM, Yuan JM (2011) Proof-of-principle 19(4):381–439
experiment of a modifed photon-number-splitting attack against 60. Mayers D (2001) Unconditional security in quantum cryptogra-
quantum key distribution. Phys Rev A 83:042326-1–042326-5 phy. J ACM 48:351–406
38. Fuchs CA, Gisin N, Griffiths RB, Niu CS, Peres A (1997) Optimal 61. Scarani V, Kurtsiefer C (2014) The black paper of quantum
eavesdropping in quantum cryptography. I. Information bound cryptography: real implementation problems. Theor Comput Sci
and optimal strategy. Phys Rev A 56(2):1163–1172 560:27–32
39. Vakhitov A, Makarov V, Hjelme DR (2001) Large pulse attack 62. Goldenberg L, Vaidman L (1995) Quantum cryptography based
as a method of conventional optical eavesdropping in quantum on orthogonal states. Phys Rev Lett 75:1239–1243
cryptography. J Mod Phys 48(13):2023–2038 63. Peres A (1996) Quantum cryptography with orthogonal states?
40. Dehmani M, Ez-Zahraouy H, Benyoussef A (2010) Quan- Phys Rev Lett 77:3264
tum cryptography with several cloning attacks. J Comput Sci 64. Goldenberg L, Vaidman L (1996) Reply to comment:
6(7):684–688 Quantum cryptography with orthogonal states, pp 1–3.
41. Gisin N, Fasel S, Kraus B, Zbinden H, Ribordy G (2006) Trojan- arXiv:quant-ph/9604029.pdf
horse attacks on quantum-key-distribution-systems. Phys Rev A 65. Dan L, Chang-xing P, Dong-xiao Q, Bao-bin H, Nan Z (2009) A
73:022320-1–022320-6 new attack strategy for BB84 protocol based on Breidbart basis,
42. Kronberg DA, Molotkov SN (2010) Quantum scheme for an opti- ChinaCom2009-network and information security symposium,
mal attack on quantum key distribution protocol BB84. Bull Russ 26th–27th Aug 2009, Xian, China, vol 4, pp 1–3
Acad Sci Phys 74(7):912–918 66. Yong W, Huadeng W, Zhaohong L, Jinxiang H (2009) Man-in-
43. Jain N, Anisimova E, Khan I, Makarov V, Marquardt C, Leuchs the-middle attack on BB84 protocol and its defence. In: 2nd IEEE
G (2014) Trojan-horse attacks threaten the security of practical international conference on computer science and information
quantum cryptography. New J Phys 16:123030 technology (CSIT) Aug 8–11, Beijing, China, vol 2, pp 438–439
44. Fei YY, Meng XD, Gao M, Wang H, Ma Z (2018) Quantum man- 67. An H, Liu D, Yu T (2014) A solution for beam splitter attack on
in-the-middle attack on the calibration process of quantum key BB84 protocol. In: Proceedings of the 2014 international confer-
distribution. Sci Rep 8:1–10
123
ence on computer, communications and information technology, 89. Acin A, Massar S, Pironio S (2006) Efficient quantum key dis-
advances in intelligent systems research. Atlantis Press tribution secure against no-signalling eavesdroppers. New J Phys
68. Garcia-Patron R, Wong FNC, Shapiro JH (2010) Optimal indi- 8(126):1–11
vidual attack on BB84 quantum key distribution using single- 90. Honjo T, Nam SW, Takesue H, Zhang Q, Kamada H, Nishida Y,
photon two-qubit quantum logic. Proc SPIE Int Soc Opt Eng Tadanaga O, Asobe M, Baek B, Hadfield R, Miki S, Fujiwara M,
7702:77020C-1–77020C-10 Sasaki M, Wang Z, Inoue K, Yamamoto Y (2008) Long-distance
69. Boyer B, Liss R, Mor T (2017) Security against collective attacks entanglement-based quantum key distribution over optical fiber.
of a modified BB84 QKD protocol with information only in one Opt Express 16(23):19118–19126
basis. In: Proceedings of the 2nd international conference on com- 91. Fujiwara M, Yoshino KI, Nambu Y, Yamashita T, Miki S, Terai H,
plexity, future information systems and risk (COMPLEXIS 2017), Wang Z, Toyoshima M, Tomita A, Sasaki M (2014) Modified E91
vol 2, pp 23–29 protocol demonstration with hybrid entanglement photon source.
70. Jiang MS, Sun SH, Li CY, Liang LM (2014) Frequency shift attack Opt Express 22(11):13616–13624
on plug-and-play quantum key distribution systems. J Mod Opt 92. Li L, Li H, Li C, Chen X, Chang Y, Yang Y, Li J (2018) The security
61(2):147–153 analysis of E91 protocol in collective-rotation noise channel. Int
71. Bennett CH, Brassard G, Mermin ND (1992) Quantum cryptog- J Distrib Sens Netw 14(5):1–7
raphy without Bell’s theorem. Phys Rev Lett 68:557–559 93. Sharma A, Lenka SK (2016) E91 QKD protocol for authentication
72. Waks E, Zeevi A, Yamamoto Y (2002) Security of quantum key in online banking systems. Int J Bus Inf Syst 22(1):116–122
distribution with entangled photons against individual attacks. 94. Brub D (1998) Optimal eavesdropping in quantum cryptography
Phys Rev A 65:052310-1–052310-16 with six states. Phys Rev Lett 81:3018
73. Adenier G, Ohya M, Watanabe N, Basieva I, Khrennikov AY 95. Lo HK (2001) Proof of unconditional security of six-state quan-
(2012) Double blinding-attack on entanglement-based quantum tum key distribution scheme. Quantum Inf Comput 1(2):81–94
key distribution protocols. AIP Conf Proc 1424:9–16 96. Kato G, Tamaki K (2016) Security of six-state quantum key dis-
74. Bennett CH (1992) Quantum cryptography using any two tribution protocol with threshold detectors. Sci Rep 6:1–5
nonorthogonal states. Phys Rev Lett 68:3121–3124 97. Garapo K, Mafu M, Petruccione F (2016) Intercept-resend attack
75. Yonofsky NS, Mannucci MA (2008) Quantum computing for on six-state quantum key distribution over collective-rotation
computer scientists. Cambridge University Press, Cambridge noise channels. Chin Phys B 25(7):070303-1–070303-7
76. Tamaki K, Koashi M, Imoto N (2003) Unconditionally secure key 98. Bechmann-Pasquinucci H, Gisin N (1999) Incoherent and coher-
distribution based on two nonorthogonal states. Phys Rev Lett ent eavesdropping in the six-state protocol of quantum cryptog-
90:167904 raphy. Phys Rev A 59:4238
77. Tamaki K, Lukenhaus N (2004) Unconditional security of the 99. Azuma H, Ban M (2019) The intercept/resend attack and the
Bennett 1992 quantum key-distribution protocol over a lossy and collective attack on the six-state protocol of the quantum key dis-
noisy channel. Phys Rev A 69:032316 tribution, pp 1–24. arXiv:1912.00196
78. Koashi M (2004) Unconditional security of coherent-state quan- 100. Scarani V, Acin A, Ribordy G, Gisin N (2004) Quantum cryptog-
tum key distribution with a strong phase-reference pulse. Phys raphy protocols robust against photon number splitting attacks for
Rev Lett 93:120501 weak laser pulse implementations. Phys Rev Lett 92:057901
79. Kuppam S (2018) Modelling and analysis of quantum key dis- 101. Chuang I, Oliver W, Shor W (2019) Sarg04. https://en.wikipedia.
tribution protocols, BB84 and B92. In: Communicating quantum org/wiki/SARG04. Accessed 24 May 2019
processes (CQP) language and analysing in PRISM, pp 1–12. 102. Branciard C, Gisin N, Kraus B, Scarani V (2005) Security of two
arxiv.org/pdf/1612.03706.pdf quantum cryptography protocols using the same four qubit states.
80. Phoenix SJD, Barnett SM, Chefles A (2000) Three-state quantum Phys Rev A 72(3):032301
cryptography. J Mod Opt 47(2–3):507–516 103. Koashi M (2005) Security of quantum key distribution with dis-
81. Senekane M, Mafu M, Petruccione F (2015) Six-state symmetric crete rotational symmetry. arXiv:quant-ph/0507154
quantum key distribution protocol. J Quantum Inf Sci 5:33–40 104. Fung CF, Tamaki K, Lo HK (2005) On the performance of two
82. Ekert AK (1991) Quantum cryptography based on Bell’s theorem. protocols: SARG04 and BB84. arXiv:quant-ph/0510025
Phys Rev Lett 67:661–663 105. Lucamarini M, Patel KA, Dynes JF, Frohlich B, Sharpe AW, Dixon
83. Bell JS (1964) On the Einstein Podolsky Rosen paradox. Physics AR, Yuan ZL, Penty RV, Shields AJ (2013) Efficient decoy-state
1(3):195–200 quantum key distribution with quantified security. Opt Express
84. Hensen B, Kalb N, Blok MS, Dreau AE, Reiserer A, Vermeulen 21(21):24550–24565
RFL, Schouten RN, Markham M, Twitchen DJ, Goodenough K, 106. Comandar LC, Frohlich B, Lucamarini M, Patel KA, Sharpe AW,
Elkouss D, Wehner S, Taminiau TH, Hanson R (2016) Loophole- Dynes JF, Yuan ZL, Penty RV, Shields AJ (2014) Room tem-
free Bell test using electron spins in diamond: second experiment perature single-photon detectors for high bit rate quantum key
and additional analysis. Sci Rep 6(30289):1–11 distribution. Appl Phys Lett 104:021101
85. Ilic N (2007) The Ekert protocol. J Phys 334:1–4 107. Bennett CH, Wiesner SJ (1992) Communication via one- and two-
86. Li Q, Li Z, Chan WH, Zhang S, Liu C (2018) Blind quantum com- particle operators on Einstein–Podolsky–Rosen states. Phys Rev
putation with identity authentication. Phys Lett A 382(14):938– Lett 69:2881
941 108. Bechmann-Pasquinucci H, Peres A (2000) Quantum cryptogra-
87. Inamori H, Rallan L, Vedral V (2001) Security of EPR-based phy with 3-state systems. Phys Rev Lett 85(15):3313–3316
quantum cryptography against incoherent symmetric attacks. J 109. Inoue K, Waks E, Yamamoto Y (2002) Differential phase shift
Phys A: Math Gen 34(35):6913 quantum key distribution. Phys Rev Lett 89(3):037902
88. Ling A, Peloso M, Marcikic I, Lamas-Linares A, Kurtsiefer 110. Deng FG, Long GL (2004) Bidirectional quantum key distri-
C (2008) Experimental E91 quantum key distribution. In: Pro- bution protocol with practical faint laser pulses. Phys Rev A
ceedings of advanced optical concepts in quantum computing, 70(1):012311
memory, and communication. Integrated Optoelectronic Devices, 111. Stucki D, Fasel S, Gisin N, Thoma Y, Zbinden H (2007) Coher-
San Jose, California, USA, p 6903 ent one-way quantum key distribution. International Congress on
optics and optoelectronics, Prague, Czech. In: Proceedings photon
123
counting applications, quantum optics, and quantum cryptogra- 136. Min-Jie W, Wei P (2008) Quantum secure direct communication
phy, p 6583 based on authentication. Chin Phys Lett 25(11):3860–3863
112. Pan C, Yan-Song L, Fu-Guo D, Gui-Lu L (2007) Measuring- 137. Dan L, Chang-Xing P, Dong-Xiao Q, Nan Z (2010) A new quan-
basis encrypted quantum key distribution with four-state systems. tum secure direct communication scheme with authentication.
Commun Theor Phys 47:49–52 Chin Phys Lett 27:0503061–0503063
113. Khan MM, Murphy M, Beige A (2009) High error-rate quantum 138. Huang D, Chen Z, Guo Y, Lee MH (2007) Quantum secure direct
key distribution for long-distance communication. New J Phys communication based on chaos with authentication. J Phys Soc
11:063043 Jpn 76:124001-1–124001-4
114. Noh TG (2009) Counterfactual quantum cryptography. Phys Rev 139. Chen XB, Wen QY, Guo FZ, Sun Y, Xu G, Zhu FC (2008) Con-
Lett 103:230501 trolled quantum secure direct communication with W state. Int J
115. Gao F, Liu B, Wen QY, Chen H (2012) Flexible quantum pri- Quantum Inf 6:899–906
vate queries based on quantum key distribution. Opt Express 140. Chen ZN, Qin Z, Lu L (2009) A quantum secure direct commu-
20(16):17411–17420 nication with authentication. Inf Technol J 8(7):1027–1032
116. Wei CY, Gao F, Wen QY, Wang TY (2014) Practical quantum pri- 141. Yang XY, Ma Z, Lu X, Li HX (2009) Quantum secure direct
vate query of blocks based on unbalanced-state Bennett–Brassard- communication based on partially entangled states. In: Fifth inter-
1984 quantum-key-distribution protocol. Sci Rep 4:7537-1–7537- national conference on information assurance and security, 18–20
7 Aug, vol 2, pp 11–14
117. Gao F, Liu B, Huang W, Wen QY (2015) Post processing of the 142. Yu CH, Guo GD, Lin S (2013) Quantum secure direct communi-
oblivious key in quantum private query. IEEE J Sel Top Quantum cation with authentication using two nonorthogonal states. Int J
Electron 21(3):6600111 Theor Phys 52:1937–1945
118. Beige A, Englert BG, Kurtsiefer C, Weinfurter H (2002) Secure 143. Yang CW, Hwang T, Lin TH (2013) Modification attack on
communication with a publicly known key. Acta Phys Pol A QSDC with authentication and the improvement. Int J Theor Phys
101:357–368 52:2230–2234
119. Hong-Mei H (2015) Quantum secure direct communication pro- 144. Hu JY, Yu B, Jing MY, Xiao LT, Jia ST, Qin GQ, Long GL (2016)
tocol based on cluster entangled state. In: 10th international Experimental quantum secure direct communication with single
conference on P2P, parallel, grid, cloud and internet computing photons. Light Sci Appl 5:e16144
(3PGCIC). Krakow, Poland, pp 440–443 145. Sarvaghad-Moghaddam M (2019) Efficient controlled bidirec-
120. Bostrom K, Felbinger T (2002) Deterministic secure direct com- tional quantum secure direct communication using entanglement
munication using entanglement. Phys Rev Lett 89:187902 swapping in a network. arXiv:1902.11188 1–15
121. Wojcik A (2003) Eavesdropping on the “Ping-pong” quantum 146. Nguyen BA (2004) Quantum dialogue. Phys Lett A 328:6–10
communication protocol. Phys Rev Lett 90:157901 147. Hong C, Yang H (2006) Comment on “Quantum dialogue proto-
122. Cai QY (2003) The “ping-pong” protocol can be attacked without col”, pp 1–4. arXiv:quant-ph/0606174
eavesdropping. Phys Rev Lett 91:109801 148. Zhong-Xiao M, Zhan-Jun Z, Yong L (2005) Quantum dialogue
123. Zhang Z, Man Z, Li Y (2004) Improving Wojcik’s eavesdropping revisited. Chin Phys Lett 22(1):22–24
attack on ping-pong protocol. Phys Lett A 333:46–50 149. YuGuang Y, QiaoYan W (2007) Quasi-secure quantum dialogue
124. Bostroem K, Felbinger T (2008) On the security of the ping-pong using single photons. Sci China Press G Phys Mech Astron
protocol. Phys Lett A 372:3953–3956 50(5):558–562
125. Fu-Guo D, Xi-Han L, Chun-Yan L, Ping Z, Hong-Yu Z (2007) 150. Tan YG, Cai QY (2008) Classical correlation in quantum dia-
Eavesdropping on the “Ping-Pong” quantum communication pro- logue. Int J Quantum Inf 6(2):325–329
tocol freely in a noise channel. Chin Phys 16:277–281 151. Xia Y, Fu CB, ZHANG S, Hong SK, Yeon KH, Um CI (2006)
126. Lucamarini M, Mancini S (2005) Secure deterministic com- Quantum dialogue by using the GHZ state. J Korean Phys Soc
munication without entanglement. Phys Rev Lett 94:140501-1– 48:24–27
140501-4 152. Yan X, Jie S, Jing N, He-Shan S (2007) Controlled secure quantum
127. Han YG, Yin ZQ, Li HW, Chen W, Wang S, Guo GC, Han ZF dialogue using a pure entangled GHZ states. Commun Theor Phys
(2014) Security of modified ping-pong protocol in noisy and lossy 48(5):841–846
channel. Sci Rep 4:4936 153. Cao G, Jiang M (2017) Multi-party quantum dialogue protocol
128. Chamoli A, Bhandari CM (2009) Secure direct communication based on multi-particle GHZ states, 2017 Chinese Automation
based on ping-pong protocol. Quantum Inf Process 8:347–356 Congress (CAC), 20–22 Oct 2017, Jinan, China, pp 1614–1618
129. Naseri M (2010) Comment on: Secure direct communication 154. Gong L, Tian C, Li J, Zou X (2018) Quantum network dialogue
based on ping-pong protocol. Quantum Inf Process 9:693–698 protocol based on continuous-variable GHZ states. Quantum Inf
130. Chun-Yan L, Hong-Yu Z, Yan W, Fu-Guo D (2005) Secure quan- Process 17(331):1–12
tum key distribution network with Bell states and local unitary 155. Chou YH, Zeng GJ, Chang ZH, Kuo SY (2018) Dynamic group
operations. Chin Phys Lett 22:1049–1052 multi-party quantum key agreement. Sci Rep 8:4633
131. Li XH, Deng FG, Li CY, Liang YJ, Zhou P, Zhou H (2006) 156. Boyer M, Kenigsberg D, Mor T (2007) Quantum key distribution
Deterministic secure quantum communication without maximally with classical Bob. Phys Rev Lett 99(14):140501
entangled states. J Korean Phys Soc 49(4):1354–1359 157. Boyer M, Gelles R, Kenigsberg D, Mor T (2009) Semiquantum
132. Li J, Zhou Z, Wang N, Tian Y, Yang YG, Zheng Y (2019) Deter- key distribution. Phys Rev A 79:032341
ministic quantum secure direct communication protocol based on 158. Krawec WO (2014) Restricted attacks on semi-quantum key dis-
hyper-entangled state. IEEE Access 7:43948–43955 tribution protocols. Quantum Inf Process 13:2417–2436
133. Kwiat PG (1997) Hyper-entangled states. J Mod Opt 44(11– 159. Krawec WO (2015) Mediated semi-quantum key distribution.
12):2173–2184 Phys Rev A 91:032323
134. Zhang W, Ding DS, Sheng YB, Zhou L, Shi BS, Guo GC (2017) 160. Zou X, Qiu D, Li L, Wu L, Li L (2009) Semiquantum-key distribu-
Quantum secure direct communication with quantum memory. tion using less than four quantum states. Phys Rev A 79:0522312
Phys Rev Lett 118:2205011–2205016 161. Lu H, Cai QY (2008) Quantum key distribution with classical
135. Lee H, Lim J, Yang HJ (2006) Quantum direct communication alice. Int J Quantum Inf 6(6):1195–1202
with authentication. Phys Rev A 73:042305
123
162. Zhang W, Qiu D, Mateus P (2008) Security of a single-state semi- 185. Bechmann-Pasquinucci H, Tittel W (2000) Quantum cryptogra-
quantum key distribution protocol. Quantum Inf Process 17(6):1– phy using larger alphabets. Phys Rev A 61(6):0623081–06230812
21 186. Tan YG, Lu H, Cai QY (2009) Comment on “Quantum key dis-
163. Xian-Zhou Z, Wei-Gui G, Yong-Gang T, Zhen-Zhong R, Xiao- tribution with classical Bob”. Phys Rev Lett 102(9):098901–1
Tian G (2009) Quantum key distribution series network protocol 187. Boyer M, Mor R (2011) Comment on Semiquantum-key dis-
with M-classical Bobs. Chin Phys B 18:2143 tribution using less than four quantum states. Phys Rev A
164. Jian W, Sheng Z, Quan Z, Chao-Jing T (2011) Semiquantum key 83:046301-1–046301-2
distribution using entangled states. Chin Phys Lett 28:100301 188. Zou X, Qiu D (2011) Reply to “comment on ‘semiquantum-key
165. Li L, Qiu D, Mateus P (2013) Quantum secret sharing with clas- distribution using less than four quantum states”’. Phys Rev A
sical bobs. J Phys A: Math Theor 46:045304-1–045304-11 83:046302-1–046302-2
166. Yu KF, Yang CW, Liao CH, Hwang T (2014) Authenticated semi- 189. Gurevich P (2013) Experimental quantum key distribution with
quantum key distribution protocol using Bell states. Quantum Inf classical Alice. The Technion-Israel Institute of Technology, The-
Process 13:1457–1465 sis Master of Science in Computer Science
167. Luo YP, Hwang T (2015) Authenticated semi-quantum direct 190. Nie YY, Li YH, Wang ZS (2013) Semi-quantum information split-
communication protocols using Bell states. Quantum Inf Process ting using GHZ-type states. Quantum Inf Process 12(1):437–448
15:947–958 191. Maitra A, Paul G (2013) Eavesdropping in semiquantum key dis-
168. Zou X, Qiu D, Zhang S, Mateus P (2015) Semiquantum key tribution protocol. Inf Process Lett 113(12):418–422
distribution without invoking the classical party’s measurement 192. Boyer M, Mor T (2015) On the robustness of quantum key
capability. Quantum Inf Process 14:2981–2996 distribution with classical Alice (Photons-based protocol). In:
169. Chou WH, Hwang T, Gu J (2016) Semi-quantum private com- Proceedings of the ninth international conference on quantum,
parison protocol under an almost-dishonest third party, pp 1–18. nano/bio, and micro technologies, ICQNM2015, Venice, Italy,
arXiv:1607.07961 vol 9, pp 29–34
170. Lu H, Barbeau M, Nayak A (2017) Economic no-key semi- 193. Xie C, Li L, Qiu D (2015) A novel semi-quantum secret sharing
quantum direct communication protocol. IEEE Globecom Work- scheme of specific bits. Int J Theor Phys 54(10):3819–3824
shops, Singapore, 4–8 Dec 2017, pp 1–7 194. Krawec WO (2015) Semi-quantum key distribution: Protocols,
171. Boyer M, Katz M, Liss R, Mor T (2017) Experimentally fea- security analysis, and new models, PhD thesis, Stevens Institute
sible protocol for semiquantum key distribution. Phys Rev A of Technology
96(6):062335-1–062335-6 195. Yin A, Fu F (2016) Eavesdropping on semi-quantum secret shar-
172. Thapliyal K, Sharma RD, Pathak A (2018) Orthogonal-state- ing scheme of specific bits. Int J Theor Phys 55(9):4027–4035
based and semi-quantum protocols for quantum private compar- 196. Meslouhi A, Hassouni Y (2017) Cryptanalysis on authenticated
ison in noisy environment. Int J Quantum Inf 16(5):1850047-1– semi-quantum key distribution protocol using Bell states. Quan-
1850047-27 tum Inf Process 16(18):1–17
173. Krawec WO (2015) Security proof of a semi-quantum key distri- 197. Zhang W, Qiu D (2017) A single-state semi-quantum key distri-
bution protocol. In: IEEE international symposium on information bution protocol and its security proof, pp 1-12. arXiv:1612.03087
theory (ISIT), Hong Kong, China 14–19 June 2015, pp 686–690 198. Shukla C, Thapliyal K, Pathak A (2017) Semi-quantum commu-
174. Krawec WO (2016) Security of a semi-quantum protocol where nication: protocols for key agreement, controlled secure direct
reflections contribute to the secret key. Quantum Inf Process communication and dialogue. Quantum Inf Process 16(12):2951–
15(5):2067–2090 29519
175. Iqbal H, Krawec WO (2019) High-dimensional semi-quantum 199. Gao X, Zhang S, Chang Y (2017) Cryptanalysis and improvement
cryptography, pp 1–29. arXiv:1907.11340.pdf of the semi-quantum secret sharing protocol. Int J Theor Phys
176. Tsai CW, Yang CW, Lee NY (2019) Semi-quantum secret sharing 56(8):2512–2520
protocol using W-state. Mod Physi Lett A 34(27):1950213-1– 200. Zhang MH, Li HF, Xia ZQ, Feng XY, Peng JY (2017) Semiquan-
1950213-12 tum secure direct communication using EPR pairs. Quantum Inf
177. Iqbal H, Krawec WO (2019) Semi-quantum cryptography, pp 1– Process 16(5):117-1–117-14
60. arXiv:1910.05368.pdf 201. Yin A, Wang Z, Fu F (2017) A novel semi-quantum secret sharing
178. Lin PH, Tsai CW, Hwang T (2019) Mediated semi-quantum scheme based on Bell states. Mod Phys Lett B 31(13):1750150-
key distribution using single photons. Annalen Der Physik 1–1750150-6
531(8):1800347-1–1800347-7 202. Zhu KN, Zhou NR, Wang YQ, Wen XJ (2018) Semi-quantum
179. Wen XJ, Zhao XQ, Gong LH, Zhou NR (2019) A semi-quantum key distribution protocols with GHZ states. Int J Theor Phys
authentication protocol for message and identity. Laser Phys Lett 57(12):3621–3631
16:075206-1–075206-10 203. He J, Li Q, Wu C, Chan WH, Zhang S (2018) Measurement-
180. Tao Z, Chang Y, Zhang S, Dai J, Li X (2019) Two semi-quantum device-independent semiquantum key distribution. Int J Quantum
direct communication protocols with mutual authentication based Inf 16(2):1850012-1–1850012-10
on Bell states. Int J Theor Phys 58:2986–2993 204. Krawec WO (2018) Practical security of semi-quantum key distri-
181. Sun Y, Yan L, Chang Y, Zhang S, Shao T, Zhang Y (2019) Two bution. In: Proceeding of quantum information science, sensing,
semi-quantum secure direct communication protocols based on and computation X, International Society for Optics and Photon-
Bell states. Mod Phys Lett A 34(1):1950004-1–1950004-10 ics, vol 10660, p 1066009
182. Yang CW (2020) Efficient and secure semi-quantum secure direct 205. Xie C, Li L, Situ H, He J (2018) Semi-quantum secure direct
communication protocol against double Cnot attack. Quantum Inf communication scheme based on Bell states. Int J Theor Phys
Process 19:1–15 57(6):1881–1887
183. Zhou NR, Zhu KN, Bi W, Gong LH (2019) Semi-quantum iden- 206. Liu L, Xiao M, Song X (2018) Authenticated semiquantum
tifcation. Quantum Inf Process 18:197-1–197-17 dialogue with secure delegated quantum computation over a col-
184. Yan L, Sun YH, Chang Y, Zhang SB, Wan GG, Sheng ZW lective noise channel. Quantum Inf Process 17(12):342-1–342-17
(2018) Semi-quantum protocol for deterministic secure quantum 207. Zhang W, Qiu D, Mateus P (2018) Security of a single-state semi-
communication using Bell states. Quantum Inf Process 17:315- quantum key distribution protocol. Quantum Inf Process 17:135-
1–315-12 1–135-21
123
208. Yan-Feng L (2018) Semi-quantum private comparison using sin- 230. Huang W, Wen QY, Liu B, Su Q, Gao F (2014) Cryptanalysis of a
gle photons. Int J Theor Phys 57(10):3048–3055 multi-party quantum key agreement protocol with single particles.
209. Ye TY, Ye CQ (2018) Measure-resend semi-quantum private Quantum Inf Process 13:1651–1657
comparison without entanglement. Int J Theor Phys 57(12):3819– 231. Smania M, Elhassan AM, Tavakoli A, Bourennane M (2016)
3834 Experimental quantum multiparty communication protocols. NPJ
210. Zhao XQ, Chen HY, Wang YQ, Zhou NR (2019) Semi-quantum Quantum Inf 2:16010-1–16010-4
Bi-signature scheme based on W states. Int J Theor Phys 232. Sun Z, Yu J, Wang P (2016) Efficient multi-party quantum key
58(10):3239–3251 agreement by cluster states. Quantum Inf Process 15:373–384
211. Yan LL, Zhang SB, Chang Y, Sheng ZW, Yang F (2019) Mutual 233. Sun Z, Zhang C, Wang P, Yu J, Zhang Y, Long D (2016) Multi-
semiquantum key agreement protocol using Bell states. Mod Phys party quantum key agreement by an entangled six-qubit state. Int
Lett A 34(35):1950294 J Theor Phys 55(3):1920–1929
212. Yan L, Zhang S, Chang Y, Sheng Z, Sun Y (2019) Semi-quantum 234. Sun Z, Huang J, Wang P (2016c) Efficient multiparty quantum key
key agreement and private comparison protocols using Bell states. agreement protocol based on commutative encryption. Quantum
Int J Theor Phys 58:3852–3862 Inf Process 15:2101–2111
213. Lu H, Barbeau M, Nayak A (2019) Keyless semi-quantum point- 235. Liu B, Xiao D, Jia HY (2016) Collusive attacks to “circle-type”
to-point communication protocol with low resource requirements. multi-party quantum key agreement protocols. Quantum Inf Pro-
Sci Rep 9(1):64-1–64-15 cess 15:2113–2124
214. Tsai CW, Yang CW, Lee NY (2019) Lightweight mediated semi- 236. Huang W, Su Q, Xu B, Liu B, Fan F, Jia HY, Yang YH (2016)
quantum key distribution protocol. Mod Phys Lett A 34:1950281- Improved multiparty quantum key agreement in travelling mode.
1–1950281-13 Sci China Phys Mech Astron 59(12):120311-1–120311-10
215. Yao AC (1982) Protocols for secure computations. In: Proceed- 237. Huang W, Su Q, Liu B, He YH, Fan F, Xu BJ (2017) Efficient
ings of the 23r d annual IEEE symposium on foundations of multiparty quantum key agreement with collective detection. Sci
computer science (SCFS1982). IEEE Computer Society, Wash- Rep 7:15264-1–15264-9
ington, DC, USA, pp 160–164 238. Liu WJ, Chen ZY, Ji S, Wang HB, Zhang J (2017) Multi-party
216. Zhang WW, Li D, Zhang KJ, Zuo HJ (2013) A quantum protocol semi-quantum key agreement with delegating quantum computa-
for millionaire problem with Bell states. Quantum Inf Process tion. Int J Theor Phys 56(10):3164–3174
12:2241–2249 239. Wang P, Sun Z, Sun X (2017) Multi-party quantum key agreement
217. Mayers D (1997) Unconditionally secure quantum bit commit- protocol secure against collusion attack. Quantum Inf Process
ment is impossible. Phys Rev Lett 78:3414 16:170-1–170-10
218. Lo HK, Chau HF (1997) Is quantum bit commitment really pos- 240. Zhou NR, Zhu KN, Zou XF (2019) Multiparty semiquantum key
sible? Phys Rev Lett 78:3410 distribution protocol with four-particle cluster states. Ann Phys
219. Dong L, Xiu XM, Gao YJ, Chi F (2008) Multiparty controlled 531(8):1800520-1–1800520-12
deterministic secure quantum communication through entangle- 241. Sun Z, Cheng R, Wu C, Zheng C (2019) New fair multiparty
ment swapping. Int J Mod Phys C 19(11):1673–1681 quantum key agreement secure against collusive attacks. Sci Rep
220. Shi RH, Zhong H (2013) Multi-party quantum key agreement with 9:17177-1–17177-8
Bell states and bell measurements. Quantum Inf Process 12:921– 242. Cao H, Ma W (2017) Multiparty quantum key agreement based
932 on quantum search algorithm. Sci Rep 7:45046-1–45046-10
221. Liu Y, Chen TY, Wang LJ, Liang H, Shentu GL, Wang J, Cui K, Yin 243. Cao WF, Zhen YZ, Zheng YL, Li L, Chen ZB, Liu NL, Chen
HL, Liu NL, Li L, Ma X, Pelc JS, Fejer MM, Peng CZ, Zhang Q, K (2018) One-sided measurement-device-independent quantum
Pan JW (2013) Experimental measurement-device-independent key distribution. Phys Rev A 97:012313
quantum key distribution. Phys Rev Lett 111(13):130502 244. Sun Z, Wu C, Zheng S, Zhang C (2019) Efficient multiparty quan-
222. Sun Z, Zhang C, Wang B, Li Q, Long D (2013) Improvements tum key agreement with a single d-level quantum system secure
on “multiparty quantum key agreement with single particles.”. against collusive attack. IEEE Access 7:102377–102385
Quantum Inf Process 12:3411–3420 245. Huang WC, Yang YK, Jiang D, Chen LJ (2019) Efficient
223. Yin XR, Ma WP, Shen DS, Wang LL (2013) Three-party quantum travelling-mode quantum key agreement against participant’s
key agreement with bell states. Acta Phys Sin 62(17):170304-1– attacks. Sci Rep 9:16421-1–16421-9
170304-6 246. He WT, Wang J, Zhang TT, Alzahrani F, Hobiny A, Alsaedi
224. Yin XR, Ma WP, Liu WY (2013) Three-party quantum key A, Hayat T, Deng FG (2019) High-efficiency three-party quan-
agreement with two-photon entanglement. Int J Theor Phys tum key agreement protocol with quantum dense coding and Bell
52:3915–3921 states. Int J Theor Phys 58:2834–2846
225. Zhu ZC, Hu AQ, Fu AM (2016) Participant attack on three- 247. Jo Y, Park HS, Lee SW, Son W (2019) Efficient high-dimensional
party quantum key agreement with two-photon entanglement. Int quantum key distribution with hybrid encoding. Entropy 21:80
J Theor Phys 55(1):55–61 248. Mohajer R, Eslami Z (2017) Cryptanalysis of a multiparty quan-
226. Shukla C, Alam N, Pathak A (2014) Protocols of quantum key tum key agreement protocol based on commutative encryption.
agreement solely using bell states and Bell measurement. Quan- Quantum Inf Process 16:197-1–197-9
tum Inf Process 13:2391–2405 249. Lydersen L, Wiechers C, Wittmann C, Elser D, Skaar J, Makarov
227. Zhu ZC, Hu AQ, Fu AM (2015) Improving the security of proto- V (2010) Hacking commercial quantum cryptography systems by
cols of quantum key agreement solely using Bell states and Bell tailored bright illumination. Nat Photonics 4:686–689
measurement. Quantum Inf Process 14(11):4245–4254 250. Mayers D, Yao A (1998) Quantum cryptography with imperfect
228. Gu J, Hwang T (2017) Comment on improving the security of apparatus. In: Proceeding 39th annual symposium on foundations
protocols of quantum key agreement solely using Bell states and of computer science, Palo Alto, CA, USA, 8–11 Nov 1998, pp
Bell measurement. In: IEEE conference on dependable and secure 1–7
computing, 7–10 Aug 2017. Taiwan, Taipei, pp 520–521 251. Barrett J, Hardy L, Kent A (2005) No signalling and quantum key
229. Luo QB, Yang GW, She K, Niu WN, Wang YQ (2014) Multi-party distribution. Phys Rev Lett 95:010503
quantum private comparison protocol based on d-dimensional 252. Acin A, Masanes L (2016) Certified randomness in quantum
entangled states. Quantum Inf Process 13(10):2343–2352 physics. Nature 540:213–219
123
253. Clauser JF, Horne MA, Shimony A, Holt RA (1969) Proposed 272. Yang W, Wan-Su B, Hong-Wei L, Chun Z, Yuan L (2014) Security
experiment to test local hidden-variable theories. Phys Rev Lett of a practical semi-device-independent quantum key distribution
23:880–884 protocol against collective attacks. Chin Phys B 23(8):080303
254. Colbeck R (2006) Quantum and relativistic protocols for secure 273. Dall’Arno M, Passaro E, Gallego R, Pawlowski M, Acin A (2015)
multi-party computation, PhD Thesis, University of Cambridge Detection loophole attacks on semi-device-independent quantum
255. Pironio S, Acin A, Brunner N, Gisin N, Massar S, Scarani V (2009) and classical protocols. Quantum Inf Comput 15:0037
Device-independent quantum key distribution secure against col- 274. Chaturvedi A, Ray M, Veynar R, Pawlowski M (2018) On the
lective attacks. New J Phys 11:045021-1–045021-26 security of semi-device-independent QKD protocols. Quantum
256. Acin A, Brunner N, Gisin N, Massar S, Pironio S, Scarani V (2007) Inf Process 17:131
Device-independent security of quantum cryptography against 275. Woodhead E, Lim CCW, Pironio S (2012) Semi-device-
collective attacks. Phys Rev Lett 98:230501-1–230501-4 independent QKD based on BB84 and a CHSH-type estimation.
257. Lucamarini M, Vallone G, Gianani I, Mataloni P, Giuseppe GD In: 7th conference, TQC: conference on quantum computation,
(2012) Device-independent entanglement-based Bennett 1992 communication, and cryptography, Tokyo, Japan, May 17–19,
protocol. Phys Rev A 86(3):032325 Theory of Quantum Computation, Communication, and Cryp-
258. Branciard C, Cavalcanti EG, Walborn SP, Scarani V, Wiseman HM tography, vol 7, pp 107–115
(2012) One-sided device-independent quantum key distribution: 276. Lim CCW, Korzh B, Martin A, Bussieres F, Thew R, Zbinden
security, feasibility, and the connection with steering. Phys Rev H (2014) Detector-device-independent quantum key distribution.
A 85(1):010301 Appl Phys Lett 105:221112
259. Tomamichel M, Fehr S, Kaniewski J, Wehner S (2013) One- 277. Gonzalez P, Rebon L, Silva TFD, Figueroa M, Saavedra C, Curty
sided Device-independent QKD and position-based cryptography M, Lima G, Xavier GB, Nogueira WAT (2015) Quantum key
from monogamy games, advances in cryptology-EUROCRYPT. distribution with untrusted detectors. Phys Rev A 92(2):022337
In: 32nd annual international conference on the theory and appli- 278. Wei K, Liu H, Ma H, Yang X, Zhang Y, Sun Y, Xiao J, Ji Y
cations of cryptographic techniques, Athens, Greece, May 26–30. (2017) Feasible attack on detector-device-independent quantum
Lecture notes in computer science (LNCS), vol 7881, pp 609–625 key distribution. Sci Rep 7:449-1–449-8
260. Walk N, Hosseini S, Geng J, Thearle O, Haw JY, Armstrong S, 279. Qi B, Siopsis G (2015) Loss-tolerant position-based quantum
Assad SM, Janousek J, Ralph TC, Symul T, Wiseman HM, Lam cryptography. Phys Rev A 91:042337
PK (2016) Experimental demonstration of Gaussian protocols for 280. Sajeed S, Huang A, Sun S, Xu F, Makarov V, Curty M (2016) Inse-
one-sided device-independent quantum key distribution. Optica curity of detector-device-independent quantum key distribution.
3(6):634–642 Phys Rev Lett 117(25):250505
261. Lo HK, Curty M, Qi B (2012) Measurement-device-independent 281. Diffie W, Hellman M (1976) New directions in cryptography.
quantum key distribution. Phys Rev Lett 108(13):130503 IEEE Trans Inf Theory 22(6):644–654
262. Xu F, Curty M, Qi B, Lo HK (2015) Measurement-device- 282. Rivest RL, Shamir A, Adleman L (1978) A method for obtaining
independent quantum cryptography. IEEE J Sel Top Quantum digital signatures and public-key cryptosystems. Commun ACM
Electronics 21(3):148–158 21(2):120–126
263. Tang Z, Wei K, Bedroya O, Qian L, Lo HK (2016) Experimental 283. Rivest AL, Adleman L, Dertouzos M (1978b) On data banks and
measurement-device-independent quantum key distribution with privacy homomorphisms. Found Secure Comput 4(11):169–180
imperfect sources. Phys Rev A 93:042308 284. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput
264. Valivarthi R, Umesh P, John C, Owen KA, Verma VB, Nam 48(177):203–209
SW, Oblak D, Zhou Q, Tittel W (2019) Measurement-device- 285. Buchmann J, Williams HC (1988) A key-exchange system based
independent quantum key distribution coexisting with classical on imaginary quadratic fields. J Cryptol 1(2):107–118
communication. Quantum Sci Technol 4(4):045002 286. Bernstein DJ (2009) Introduction to post-quantum cryptography.
265. Xu F, Curty M, Qi B, Lo HK (2013) Practical aspects of In: Bernstein DJ, Buchmann J, Dahmen E (eds) Post-quantum
measurement-device-independent quantum key distribution. New cryptography. Springer, Berlin, pp 1–14
J Phys 15:113007 287. Bernstein DJ, Lange T (2017) Post-quantum cryptography. Nature
266. Roberts GL, Lucamarini M, Yuan ZL, Dynes JF, Comandar LC, 549:188–194
Sharpe AW, Shields AJ, Curty M, Puthoor IV, Andersson E (2017) 288. McEliece RJ (1978) A public-key cryptosystem based on alge-
Experimental measurement-device-independent quantum digital braic coding theory. The deep space network progress report, DSN
signatures. Nat Commun 8:1098 PR 42-44, pp 114–116
267. Hu XL, Cao Y, Yu ZW, Wang XB (2018) Measurement-device- 289. Overbeck R, Sendrier N (2009) Code-based cryptography. Book
independent quantum key distribution over asymmetric channel chapter in post-quantum cryptography. Springer, Berlin, pp 95–
and unstable channel. Sci Rep 8:17634 145
268. Qiao Y, Wang G, Li Z, Xu B, Guo H (2019) Monitor- 290. Hoffstein J, Pipher J, Silverman JH (1998) NTRU: a ring-based
ing an untrusted light source with single-photon detectors in public key cryptosystem. In: International algorithmic number
measurement-device-independent quantum key distribution. Phys theory symposium ANTS 1998: algorithmic number theory. Lec-
Rev A 99(5):052302 ture notes in computer science, LNCS, Springer, vol 1423, pp
269. Cui ZX, Zhong W, Zhou L, Sheng YB (2019) Measurement- 267–288
device-independent quantum key distribution with hyper- 291. Biasse JF, Song F (2016) Efficient quantum algorithms for com-
encoding. Sci China Phys Mech Astron 62:110311 puting class groups and solving the principal ideal problem in
270. Dellantonio L, Sorensen AS, Bacco D (2018) High-dimensional arbitrary degree number fields. In: Proceedings of the twenty-
measurement-device-independent quantum key distribution on seventh annual ACM-SIAM symposium on Discrete algorithms
two-dimensional subspaces. Phys Rev A 98:062301 (SODA’16), pp 893–902
271. Pawlowski M, Brunner N (2011) Semi-device-independent 292. Cramer R, Ducas L, Wesolowski B (2017) Short stickelberger
security of one-way quantum key distribution. Phys Rev A class relations and application to ideal-SVP. In: Proceeding of
84(1):010302 international association for cryptologic research (EUROCRYPT
2017), Lecture notes in computer science (LNCS), vol 10210, pp
324–348
123
293. Laarhoven T (2015) Sieving for shortest vectors in lattices using Alamos National Security, LLC (Los Alamos, NM) DOE Contract
angular locality-sensitive hashing. In: 35th annual cryptology Number AC52–06NA25396
conference on advances in cryptology (CRYPTO 2015), Santa 309. Hughes RJ, Nordholt JE, Peterson CG (2010) Secure multi-party
Barbara, CA, Lecture notes in computer science, vol 9215, pp communication with quantum key distribution managed by trusted
3–22 authority, US Patent, Los Alamos National Security, LLC (Los
294. Laarhoven T, Weger BD (2015) Faster sieving for shortest lattice Alamos, NM) DOE Contract Number AC52–06NA25396
vectors using spherical locality-sensitive hashing. In: Proceedings 310. Battelle (2020) The future of security: zeroing in on un-hackable
of 4th international conference on cryptology and information data with quantum key distribution https://www.wired.com/
security in Latin America (LATINCRYPT 2015), Lecture notes insights/2014/09/quantum-key-distribution/. Accessed 20 Feb
in computer science book series (LNCS), vol 9230, pp 101–118 2020
295. Becker A, Ducas L, Gama N, Laarhoven T (2016) New directions 311. Xue P, Zhang X (2017) A simple quantum voting scheme with
in nearest neighbor searching with applications to lattice siev- multi-qubit entanglement. Sci Rep 7:7586
ing. In: Proceedings of the twenty-seventh annual ACM-SIAM 312. Yin J, Cao Y, Li YH, Liao SK, Zhang L, Ren JG, Cai WQ, Liu
symposium on discrete algorithms (SODA 2016), Arlington, VA, WY, Li B, Dai H, Li GB, Lu QM, Gong YH, Xu Y, Li SL, Li FZ,
USA, January 10–12 2016, pp 10–24 Yin YY, Jiang ZQ, Li M, Jia JJ, Ren G, He D, Zhou YL, Zhang
296. Lamport L (1979) Constructing digital signatures from a one XX, Wang N, Chang X, Zhu ZC, Liu NL, Chen YA, Lu CY, Shu R,
way function. In: SRI international computer science lab- Peng CZ, Wang JY, Pan JW (2017) Satellite-based entanglement
oratory. Report no SRI-CSL-98, vol 1423, pp 1–7. https:// distribution Over 1200 kilometers. Science 356:1140–1144
www.microsoft.com/en-us/research/uploads/prod/2016/12/ 313. Liao SK, Cai WQ, Liu WY, Zhang L, Li Y, Ren JG, Yin J, Shen Q,
Constructing-Digital-Signatures-from-a-One-Way-Function. Cao Y, Li ZP, Li FZ, Chen XW, Sun LH, Jia JJ, Wu JC, Jiang XJ,
pdf Wang JF, Huang YM, Wang Q, Zhou YL, Deng L, Xi T, Ma L, Hu
297. Merkle RC (1989) A certified digital signature. In: Conference on T, Zhang Q, Chen YA, Liu NL, Wang XB, Zhu ZC, Lu CY, Shu R,
the theory and application of cryptology CRYPTO 1989: advances Peng CZ, Wang JY, Pan JW (2017) Satellite-to-ground quantum
in cryptology-CRYPTO’89. Lecture notes in computer science key distribution. Nature 549:43–60
book series (LNCS), vol 435, pp 218–238 314. Liao SK, Cai WQ, Handsteiner J, Liu B, Yin J, Zhang L, Rauch
298. Dods C, Smart NP, Stam M (2005) Hash based digital signature D, Fink M, Ren JG, Liu WY, Li Y, Shen Q, Cao Y, Li FZ, Wang
schemes. In: 10th proceeding of IMA international conference JF, Huang YM, Deng L, Xi T, Ma L, Hu T, Li L, Liu NL, Koidl F,
on cryptography and coding (IMACC 2005), Lecture notes in Wang P, Chen YA, Wang XB, Steindorfer M, Kirchner G, Lu CY,
computer science. Springer, Berlin, vol 3796, pp 96–115 Shu R, Ursin R, Scheidl T, Peng CZ, Wang JY, Zeilinger A, Pan
299. Hulsing A (2013) W − O T S + −shorter signatures for hash-based JW (2018) Satellite-relayed intercontinental quantum network.
signature schemes. In: Proceeding of 6th international conference Phys Rev Lett 120:030501-1–030501-4
on cryptology in Africa, Cairo, Egypt, June 22–24, Lecture notes 315. Sharma V, Banerjee S (2019) Analysis of atmospheric effects
in computer science. Springer, Berlin, Heidelberg, vol 7918, pp on satellite-based quantum communication: a comparative study.
173–188 Quantum Inf Process 18:Article no 67
300. Patarin J (1997) The oil and vinegar signature scheme. Presented 316. Bedington R, Arrazola JM, Ling A (2017) Progress in satellite
at the Dagstuhl workshop on cryptography quantum key distribution. npj Quantum Inf 3:Article no 30
301. Ding J, Schmidt D (2005) Rainbow, a new multivariable poly- 317. First quantum video call. https://www.innovations-report.com/
nomial signature scheme. In: International conference on applied html/reports/information-technology/austrian-and-chinese-
cryptography and network security—ACNS 2005. Lecture notes academies-of-sciences-successfully-conducted-first-inter-
in computer science, Springer, vol 3531, pp 164–175 continental-quantum-video-call.html. Accessed 6 Feb 2020
302. Patarin J, Courtois N, Goubin L (2001) QUARTZ, 128-bit long 318. Arrighi P, Salvail L (2006) Blind quantum computation. Int J
digital signatures, cryptographers track at the RSA conference, Quantum Inf 4(5):883–898
CT-RSA 2001: topics in cryptology, CT-RSA2001, Lecture notes 319. Broadbent A, Fitzsimons J, Kashefi E (2009) Universal blind
in computer science (LNCS). Springer, Berlin, Heidelberg, vol quantum computation. In: 50th annual IEEE symposium on foun-
2020, pp 282–297 dations of computer science. Atlanta, CA, USA 25–27 Oct, pp
303. NIST Post Quantum Cryptography. https://csrc.nist.gov/news/ 517–526
2019/pqc-standardization-process-2nd-round-candidates. 26 320. Fitzsimons JF (2017) Private quantum computation: an intro-
Feb 2020 duction to blind quantum computing and related protocols. NPJ
304. Chen L, Jordan S, Liu YK, Moody D, Peralta R, Perlner R, Smith- Quantum Inf 3:23
Tone D (2016) Report on post-quantum cryptography. Report of 321. Barz S, Kashefi E, Broadbent A, Fitzsimons JF, Zeilinger A,
National Institute of Standards and Technology, US Department Walther P (2012) Demonstration of blind quantum computing.
of Commerce, NISTIR 8105. https://nvlpubs.nist.gov/nistpubs/ Science 335:303–308
ir/2016/NIST.IR.8105.pdf 322. Greganti C, Roehsner MC, Barz S, Morimae T, Walther P (2016)
305. EL-Latif A A A, Abd-El-Atty B, Hossain M S, Elmougy S, Demonstration of measurement-only blind quantum computing.
Ghoneim A (2018) Secure quantum steganography protocol for New J Phys 18:013020
fog cloud internet of things. IEEE Access 6:10332–10340 323. Huang HL, Zhao Q, Ma X, Liu C, Su ZE, Wang XL, Li L, Liu NL,
306. Amer O, Krawec WO (2019) Semiquantum key distribution Sanders BC, Lu CY, Pan JW (2017) Experimental blind quantum
with high quantum noise tolerance. Phys Rev A 100:022319-1– computing for a classical client. Phys Rev Lett 119:050503
022319-16 324. Gottesman D, Chuang IL (2001) Quantum digital signatures, p
307. Chun H, Choi I, Faulkner G, Clarke L, Barber B, George G, Capon 050503. arXiv.org/abs/quant-ph/0105032
C, Niskanen A, Wabnig J, O’Brien D, Bitauld D (2017) Handheld 325. Andersson E, Curty M, Jex I (2006) Experimentally realizable
free space quantum key distribution with dynamic motion com- quantum comparison of coherent states and its applications. Phys
pensation. Opt Express 25(6):6784–6795 Rev A 74:022304
308. Nordholt JE, Hughes RJ, Newell RT, Peterson CG, Rosenberg D, 326. Amiri R, Andersson E (2015) Unconditionally secure quantum
McCabe KP, Tyagi KT, Dallman N(2010) Quantum key distribu- signatures. Entropy 17(8):5635–5659
tion using card, base station and trusted authority, US Patent, Los
123
327. Cai XQ, Wang TY, Wei CY, Gao F (2019) Cryptanalysis of multi- 346. Roger T, Paraiso T, Marco ID, Marangon DG, Yuan Z, Shields AJ
party quantum digital signatures. Quantum Inf Process 18(8):252 (2019) Real-time interferometric quantum random number gen-
328. Shi WM, Wang YM, Zhou YH, Yang YG (2018) Cryptanaly- eration on chip. J Opt Soc Am B 36(3):B137–B142
sis on quantum digital signature based on asymmetric quantum 347. Zhang G, Haw JY, Cai H, Xu F, Assad SM, Fitzsimons JF, Zhou
cryptography. Optik 154:258–260 X, Zhang Y, Yu S, Wu J, Ser W, Kwek LC, Liu AQ (2019) An
329. Collins RJ, Donaldson RJ, Buller GS (2018) Progress in exper- integrated silicon photonic chip platform for continuous-variable
imental quantum digital signatures. In: Proceedings of quantum quantum key distribution. Nat Photonics 13:839–842
communications and quantum imaging XVI, San Diego, Califor- 348. Blum M (1981) Coin flipping by telephone. CRYPTO, pp 11–15
nia, United States, p 10771 349. Molina-Terriza G, Vaziri A, Ursin R, Zeilinger A (2005) Experi-
330. Collins RJ, Amiri R, Fujiwara M, Honjo T, Shimizu K, Tamaki mental quantum coin tossing. Phys Rev Lett 94:040501
K, Takeoka M, Sasaki M, Andersson E, Buller GS (2017) Exper- 350. Colbeck R (2007) An entanglement-based protocol for strong coin
imental demonstration of quantum digital signatures over 43db tossing with bias 1/4. Phys Lett A 362:390–392
channel loss using differential phase shift quantum key distribu- 351. Spekkens RW, Rudolph T (2001) Degrees of concealment and
tion. Sci Rep 7:3235 bindingness in quantum bit commitment protocols. Phys Rev A
331. Donaldson RJ, Collins RJ, Kleczkowska K, Amiri R, Wallden P, 65:012310
Dunjko V, Jeffers J, Andersson E, Buller GS (2016) Experimen- 352. Toshiba (2020) https://www.toshiba.eu/pages/eu/cambridge-
tal demonstration of kilometer-range quantum digital signatures. research-laboratory/quantum-key-distribution/. Accessed 18
Phys Rev A 93(1):012329 Feb 2020
332. Mirhosseini M, Magana-Loaiza OS, O’Sullivan MN, Rodenburg 353. QuantumCTek (2020). http://www.quantum-info.com/english/.
B, Malik M, Lavery MPJ, Padgett MJ, Gauthier DJ, Boyd RW Accessed 18 Feb 2020
(2015) High-dimensional quantum cryptography with twisted 354. ID Quantique SA, Switzerland (2020). www.idquantique.com.
light. New J Phys 17:033033 Accessed 18 Feb 2020
333. Canas G, Vera N, Carine J, Gonzalez P, Cardenas J, Connolly 355. Cerberis (2020). https://www.idquantique.com/quantum-safe-
PWR, Przysiezna A, Gomez ES, Figueroa M, Vallone G, Vil- security/products/cerberis3-qkd-system/. Accessed 18 Feb 2020
loresi P, Silva TFD, Xavier GB, Lima G (2017) High-dimensional 356. Boaron A, Boso G, Rusca D, Vulliez C, Autebert C, Caloz M,
decoy-state quantum key distribution over multicore telecommu- Perrenoud M, Gras G, Bussieres F, Li MJ, Nolan D, Martin A,
nication fibers. Phys Rev A 96:022317 Zbinden H (2018) Secure quantum key distribution over 421 km
334. Ding Y, Bacco D, Dalgaard K, Cai X, Zhou X, Rottwitt K, of optical fiber. Phys Rev Lett 121:190502
Oxenlowe LK (2017) High-dimensional quantum key distribu- 357. Travagnin M, Lewis A (2019) Quantum key distribution in-field
tion based on multicore fiber using silicon photonic integrated implementations. JRC Technical Reports, pp 1–41
circuits. NPJ Quantum Inf 3:25 358. Yuan Z, Plews A, Takahashi R, Doi K, Tam W, Sharpe AW, Dixon
335. Mower J, Zhang Z, Desjardins P, Lee C, Shapiro JH, Englund D AR, Lavelle E, Dynes JF, Murakami A, Kujiraoka M, Lucamarini
(2013) High-dimensional quantum key distribution using disper- M, Tanizawa Y, Sato H, Shields AJ (2018) 10-Mb/s quantum key
sive optics. Phys Rev A 87:062322 distribution. J Lightwave Technol 36(16):3427–3433
336. Brougham T, Barnett SM, McCusker KT, Kwiat PG, Gauthier 359. Broadbent A (2018) How to verify a quantum computation. The-
DJ (2013) Security of high-dimensional quantum key distribution ory Comput 14(11):1–37
protocols using Franson interferometers. J Phys B At Mol Opt 360. Gheorghiu A, Kashefi E, Wallden P (2015) Robustness and device
Phys 46(10):104010 independence of verifiable blind quantum computing. New J Phys
337. Brougham T, Wildfeuer CF, Barnett SM, Gauthier DJ (2016) The 17(8):083040
information of high-dimensional time-bin encoded photons. Eur 361. Klarreich E (2018) Graduate student solves quantum verification
Phys J D 70:214 problem. QuantaMagazine
338. Islam NT (2018) High-rate, high-dimensional quantum key dis-
tribution systems, PhD Thesis, Duke University
339. Islam NT, Lim CCW, Cahall C, Qi B, Kim J, Gauthier DJ (2019)
Publisher’s Note Springer Nature remains neutral with regard to juris-
Scalable high-rate, high-dimensional quantum key distribution,
dictional claims in published maps and institutional affiliations.
pp 1–10. arXiv:1902.00811
340. Chandran N, Goyal V, Moriarty R, Ostrovsky R (2009) Position
based cryptography. In: Proceedings of the 29th annual interna-
tional cryptology conference on advances in cryptology, vol 29.
Springer, pp 391–407
341. Chandran N, Fehr S, Gelles R, Goyal V, Ostrovsky R
(2010) Position-based quantum cryptography. https://arxiv.org/
PS_cache/arxiv/pdf/1005/1005.1750v1.pdf
342. Bilski P, Winiecki W (2013) Analysis of the position-based quan-
tum cryptography usage in the distributed measurement system.
Measurement 46(10):4353–4361
343. Buhrman H, Chandran N, Fehr S, Gelles R, Goyal V, Ostrovsky R,
Schaffner C (2014) Position-based quantum cryptography: impos-
sibility and constructions. SIAM J Comput 43(1):150–178
344. Chakraborty K, Leverrier A (2015) Practical position-based quan-
tum cryptography. Phys Rev A 92:052304
345. Sibson P, Erven C, Godfrey M, Miki S, Yamashita T, Fujiwara
M, Sasaki M, Terai H, Tanner MG, Natarajan CM, Hadfield RH,
O’Brien JL, Thompson MG (2017) Chip-based quantum key dis-
tribution. Nat Commun 8:13984
123

State-of-the-Art Survey of Quantum Cryptography

Uploaded by

Copyright:

Available Formats

State-of-the-Art Survey of Quantum Cryptography

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

State-of-the-Art Survey of Quantum Cryptography

Uploaded by

Copyright:

Available Formats

Archives of Computational Methods in Engineering

State-of-the-Art Survey of Quantum Cryptography

Received: 20 April 2020 / Accepted: 28 January 2021

Fig. 1 Survey organization

Fig. 2 Graphical representation

Fig. 3 Number of publications

Table 2 Discrete and

Discrete variable Qubits Single photon BB84, SARG04

Table 4 Classes of attack in quantum cryptography

Individual ✗ Least Intercept-resend Faked-state [33]

Fig. 4 Significant development in quantum cryptography

Fig. 5 Significant development

Table 5 Example of quantum

Table 6 Example of secret key

Table 7 Certain cases for B92 protocol [75]

Table 8 Uncertain cases for

Table 9 Example of secret key

Table 10 Example of secret key

Table 11 SARG04 Alice

|ψ00 > |ψ00 > |ψ00 > |ψ00 >

BB84 [55,56] 1984 O 2, 4 D ✗

This protocol is called ping-pong as the travelling photon

Fig. 7 Significant development in quantum secure direct communication

Fig. 8 Significant development in semi-quantum key distribution protocol

Fig. 9 Significant development in secure multiparty communication

Fig. 11 Significant development in quantum cryptography after BB84 protocol

Fig. 12 Major experimental work in the area of quantum cryptography

Table 17 Summary of various

Table 19 Major sources titles

against attacks (photon beam separation, light blinding and References

You might also like