Cryptanalysis of Quantum Secure Direct Communication Protocol with Mutual Authentication Based on Single Photons and Bell States

07/07/2020 ∙ by Nayana Das, et al. ∙ 0

Recently, Yan et al. proposed a quantum secure direct communication (QSDC) protocol with authentication using single photons and Einstein-Podolsky-Rosen (EPR) pairs (Yan et al., CMC-Computers, Materials & Continua, 63(3), 2020). In this work, we show that the QSDC protocol is not secure against intercept-and-resend attack and impersonation attack. An eavesdropper can get the full secret message by applying these attacks. We propose a modification of this protocol, which defeats the above attacks along with all the familiar attacks.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Quantum cryptography is an application of quantum mechanics in the field of cryptography, which provides unconditional security based on the laws of physics. In 1984, Bennett and Brassard proposed the first quantum cryptographic protocol, which is a quantum key distribution (QKD) protocol, also called the BB84 QKD [1]. Since then various types of QKD protocols have been proposed, such as QKD with entanglement [2, 3, 4], without entanglement [5, 6], experimental QKD [7, 8, 9, 10, 11] and so on.

Quantum secure direct communication (QSDC) is another direction of quantum cryptography, which offers secure communication without any shared key [3, 12, 13, 14, 15, 16, 17, 18]

. In QSDC protocols, the sender encodes the secret message into some qubits by using some predefined encoding rules and sends those qubits to the receiver. After some security checks, the receiver can get back the secret message. Some interesting generalization of QSDC protocols are quantum dialogue or bidirectional QSDC 

[19, 20, 21, 22, 23, 24, 25], multi-party QSDC [26, 27, 28, 29] and so on.

If QSDC or any quantum cryptographic protocol is not properly designed, it gives a chance to an eavesdropper to impersonate an authorized party. For this concern, each legitimate party should verify the authenticity of other parties, which requires quantum authentication protocols [30, 31, 32]. The first QSDC protocol with authentication was proposed in 2006 [33], and thereafter many researchers are working in this domain [34, 35, 36].

There are multiple quantum cryptographic protocols, which are proven to be insecure against various familiar attacks, such as, intercept-and-resend attack [37, 38, 39], impersonation attack [40, 41, 42], Denial-of-Service attack [43, 44, 45], man-in-the-middle attack [46, 47], entangle-measure attack [45, 48], Trojan horse attack [49, 50] etcetera. These are all active attacks, i.e., an eavesdropper has access to the communicated qubits in the quantum channel between the legitimate parties, and actively participates in the protocol. Some inactive attack also causes information leakage problems in some communication protocols [51, 52].

In 2020, Yan et al. have presented a QSDC protocol based on single photons and EPR pairs, which also realizes the mutual authentication [53]. For simplicity, throughout this paper, we call this QSDC protocol as YZCSS protocol. In this protocol, Alice, the message sender, prepares qubit pairs corresponding to the secret message and her authentication identity. She sends all the qubits to Bob, the message receiver, who uses his authentication identity to recover the secret message. However, in this article, we show that the YZCSS protocol is not secure against intercept-and-resend attack and impersonation attack. If an eavesdropper applies any one of these attacks, then it can get the complete secret message, i.e., not only a portion of the message is revealed, but also the entire message is compromised. Moreover, for impersonation attack, the legitimate parties can not realize the presence of the eavesdropper. Furthermore, we present a modification of the YZCSS protocol to improve its security.

The rest of the paper is organized as follows: in Section 2, we briefly describe the YZCSS protocol, then in the next section we discuss the security flaws of the YZCSS protocol. An improved version of the protocol is presented in Section 4 and finally we conclude our result.

2 Brief review of the YZCSS protocol

In this section, we describe the YZCSS protocol. There are two parties, namely, Alice and Bob with their corresponding identities and respectively, where . Alice wants to send a secret message to Bob by using single photons and Bell states, where the Bell states (EPR pairs) are defined as:

(1)

The steps of the protocol are as follows:

  1. Alice and Bob have their previously shared identities and , they used some QKD to exchange and . Alice prepares two ordered sets of two-qubit states and corresponding to the message and her own identity , each ordered set contains qubit pairs. For , let the -th bit of (or or ) be (or or ) and the -th qubit of (or ) be (or ). She prepares the qubits by using the following rule:

    1. if (or ) , then (or ) or

      with equal probability,

    2. if (or ) , then (or ) or with equal probability.

    The qubit pairs of the ordered set are called decoy states. Now Alice inserts these decoy states into the ordered set according to the following rule:

    1. if , then she inserts before , and

    2. if , then she inserts after .

    Let the new ordered set be containing qubit pairs. Then Alice sends to bob using a quantum channel. Let us take an example.

    Example 1

    Let , and .
    Then , and
    .

  2. After Bob receives , he knows the exact positions of the decoy photons corresponding to his identity . Bob measures those decoy photons in proper bases according to . If , then he chooses basis, where , thus , and if , then he chooses the Bell basis to measure . Bob also measures the qubit pairs of in basis or Bell basis randomly. He notes the measurement results.

  3. Bob asks Alice to announce the initial states of the qubit pairs of for security check. They compare the initial states and the measurement results of the decoy photons and calculate the error rate. If the error rate exceeds some pre-defined threshold value, then they terminate the protocol, else they continue.

  4. Bob gets all the secret message bits from the measurement results of the qubit pairs of . The relation between the measurement results and the secret message bits are given in Table 1. To check the integrity of the secret message Alice and Bob publicly compare some parts of the message.

The authors of [53] have shown that the YZCSS protocol is secure against various kinds of attacks, such as impersonation attack, intercept-and-resend attack, man-in-the-middle attack, entangle-measure attack. However, in the next section, we show that an eavesdropper can design a strategy that allows him to effectively execute the intercept-and-resend attack. A similar argument follows for impersonation attack as well, making this protocol insecure against these two attacks.

Secret message Encoded Basis chosen measurement Decoded
bit of Alice qubit by Bob result of Bob secret bit
0 basis 0
Bell basis or 0
basis 0
Bell basis or 0
1 basis or 1
Bell basis 1
basis or 1
Bell basis 1
Table 1: Different cases of the YZCSS protocol

3 Security loophole of the YZCSS protocol

We now show that the YZCSS protocol discussed in the previous section is not secure against intercept-and-resend attack and impersonation attack, an eavesdropper () can get the whole secret message and Alice’s authentication identity by adopting these attacks.

3.1 Intercept-and-resend attack

In this attack strategy, when Alice sends the quantum states to Bob, intercepts those from the quantum channel, he measures the states and resends those to Bob. However, to attack the YZCSS protocol, follows a special strategy while resending the quantum states to Bob. The process of the attack is as follows.

  1. intercepts the ordered set and measures each two-qubit state randomly in basis or Bell basis and notes down the measurement results. For , if he chooses basis to measure the -th qubit pair of and the measurement result is either or , then he simply sends this state to Bob. But if the measurement result is either or , definitely knows that he chooses the wrong basis and the initial state was either or . Then he randomly prepares or and sends it to Bob. Similarly if chooses Bell basis and gets or , then sends them. Otherwise, he randomly sends or to Bob.

  2. constructs a -bit string from the measurement results by using Table 2.

    Basis chosen by ’s measurement result Corresponding bit of
    basis or 0
    or 1
    Bell basis or 0
    or 1
    Table 2: Rule of construction of by
  3. splits the -bit string into number of -bit strings , and for , . Now from the construction procedure of the ordered set , exactly knows that each contains the -th bit of secret message and the -th bit of Alice’s authentication identity . If both the bits of are equal, i.e., , where , then he concludes and . Again if , where = bit complement of , then he waits for Alice’s announcement about the initial states of the decoy photons. If she announces or , then concludes and , otherwise he concludes and . Thus can successfully attack the protocol and gets the complete secret message.

Now Alice and Bob can detect this intercept-and-resend attack at the time of security check, but it has no impact on the attack result as one of the main requirement of a QSDC protocol is: “the secret messages which have been encoded already in the quantum states should not leak even though an eavesdropper may get hold of channel” [14].

3.2 Impersonation attack

By analyzing the YZCSS protocol, we find that the authentication procedure of this QSDC protocol is unidirectional, i.e., only Bob can verify Alice’s identity. Here we show that how impersonate Bob to acquire the secret message of Alice. The process is as follows:

  1. Alice prepares the ordered set and sends it to .

  2. After receiving , measures all the qubit pairs randomly in or Bell basis and generates a -bit string from the measurement results by using Table 2.

  3. asks Alice to declare the initial state of the decoy photons and from this information, he gets the whole secret message (by using the same process as in Step 3 of the intercept-and-resend attack).

In this case, Alice can not detect , or in other words, only one-way authentication is possible in the YZCSS protocol. Moreover, without knowing the exact position of the decoy photons, can get the whole secret message.

Let us take an example of this attack.

Example 2

Let , and .
Then , and
.

  1. has the ordered set .

  2. Let be a sequence of bases which choses to measure the qubit pairs of .

  3. Let the ordered set of measurement results be
    .

  4. Then and , , , , . concludes and .

  5. Alice announces and then concludes

    • and ,

    • and ,

    • and ,

    • and .

    Thus gets the whole secret message .

Another problem of the YZCSS protocol is that the length of the authentication identities of Alice and Bob are equal to the length of the secret message. Since the identities are previously shared, Alice can send a fixed length message to Bob, which is a disadvantage of this protocol. In the next section, we propose a remedy to these security problems of the YZCSS protocol.

4 Proposed modification

Now we discuss how to modify this YZCSS protocol so that it can provide mutual authentication and stand against the intercept-and-resend attack. In the original protocol, the length of and are equal to the length of the message, which may vary. However, in our improved version, we fix the length of and , and the fixed-length is unknown to any third party. Here we use some techniques of the authentication protocol proposed by Fei et al. [42]. Our modified protocol is given below:

  1. Qubits preparation to encode secret message:

    1. Alice and Bob have their previously shared -bit identities and , where , and are unknown to everybody other than Alice and Bob. Alice prepares an ordered set of qubit pairs corresponding to her -bit message . For , she prepares the qubit pairs of by using the following rule:

      (2)

      She applies a random permutation on the ordered set containing qubits and let the new ordered set be . For , let the -th qubit be . Note that the two qubits of each qubit pair corresponding to the message bits are in two random positions of .

    2. Alice prepares the first ordered set of decoy photons , for authentication, corresponding to her own identity as follows: for ,

      (3)

      where and . Now she inserts these decoy states into the ordered set according to the following rule: for ,

      1. if , then she inserts before ,

      2. if , then she inserts after ,

      where , greatest integer not greater than and . Let the new ordered set be containing qubits. For better understanding, let us take an example,

      Example 3

      Let , and .

      1. and let the -th pair of be .

      2. .

      3. .

      4. .


      5. .

    3. She prepares a second set of decoy photons randomly from and inserts them in random positions of and sends the new ordered set to Bob using a quantum channel.

  2. Security check: After Bob receives , Alice announces the positions and bases of the second set of decoy photons. Bob measures those decoy photon and they calculate the error rate in the channel by comparing the measurement results with the initial states. If the error rate is low, then they continue the protocol, otherwise terminate this.

  3. Authentication procedure:

    1. Bob knows the exact positions of the decoy photons of corresponding to his identity . He measures those decoy photons in proper bases according to . If , then he chooses the basis and if , then he chooses the basis to measure .

    2. For , Alice and Bob construct an -bit string such that, if or , then , else .

    3. They randomly choose (approximate) positions and Alice announces the values of the corresponding bits of . Bob compares these values with his corresponding measurement results to authenticate Alice’s identity. Similarly Bob announces the remaining bits of for his identity authentication. If any of them finds intolerable error rate, then he or she aborts this protocol.

  4. Message decoding:

    1. Bob discards all the decoy photons and gets back the ordered set .

    2. Alice announces the random permutation which she applied on . Bob applies the inverse permutation on and gets .

    3. He measures the qubit pairs of in basis or Bell basis randomly and notes the measurement results.

    4. Bob gets all the secret message bits from the measurement results of the qubit pairs of . The relation between the measurement results and the secret message bits are given in Table 1. To check the integrity of the secret message, Alice and Bob publicly compare some parts of the message.

4.1 Security analysis of the modified protocol

We now show that our modified protocol is secure against some common attacks. First, we discuss the intercept-and-resend attack and the impersonation attack as the original YZCSS protocol was proven to be insecure against these two attacks. Then we also discuss Denial-of-Service attack, man-in-the-middle attack, entangle-measure attack and Trojan horse attack.

  1. Intercept-and-resend attack: Let intercepts the ordered set from the quantum channel. Since each qubit of the qubit pairs corresponding to the secret message is in random position, it is impossible for to find correct qubit pairs of . At-most can do is to measure the qubits of in or basis. In that case, he does not get any useful information about the secret message, and also Alice and Bob detect him and terminate the protocol at the time of security checking (Step 2 of the modified protocol). Note that, if Alice does not apply the random permutation on the qubits of , then may get some information about the secret message, though in that case also Alice and Bob can detect his presence.

  2. Impersonation attack: In the YZCSS protocol, only Alice announces the exact states of the decoy photons corresponding to and Bob compares them with his measurement results to check the authenticity of Alice. In the modified version, both Alice and Bob have to announce the information about the initial states of the decoy photons of , they do not announce the exact states to keep secret. If impersonating any one of Alice and Bob, then the other one can detect him and aborts this protocol (since the length of is unknown to , he can not calculate ). Moreover, in this case also can not get any information about as the corresponding qubits of each qubit pairs of are at random positions in .

  3. Denial-of-Service (DoS) attack: The motivation of , for adopting the DoS attack, is to tamper the secret message. Let captures the ordered set and makes a certain operation to every qubit of . However, this action will be detected by the legitimate parties at the security checking procedure in Step 2 and as a result, Alice and Bob terminate this protocol. Now suppose that makes changes in only a few qubits, then if the introduced error in Step 2 is smaller than the threshold value, Alice and Bob can not detect . In that case, it introduces a very small amount of error in the secret message, which is also negligible.

  4. Man-in-the-middle attack: When Alice sends the ordered set to Bob, intercepts and keep this with him. He prepares another set of qubits and sends it to Bob. In this case, also Alice and Bob can realize the existence of and abort the protocol in Step 2.

  5. Entangle-measure attack:

    In order to steal partial information, may apply this attack. He first intercepts the qubits of the ordered set and prepares some ancillary state , then applies an unitary to the joint states of qubits of and such that the composite system become entangled. However, the effect of the unitary operation on the second set of decoy photons are as follows:

    (4)

    Since is unitary, we must have

    (5)

    Thus when the decoy states are prepared in basis, the error rate is .

    Further, we get

    (6)

    where

    • ,

    • ,

    • ,

    • .

    Thus when the decoy states are prepared in basis, the error rate is . Thus from the error rate introduced by in the communication process, Alice and Bob detect this eavesdropping in Step 2. Furthermore, the random permutation applied on increases the security of the modified version and does not get any useful information about the secret message by measuring the ancillary states.

  6. Trojan horse attack: Both the YZCSS protocol and its modified version are one-way quantum communication protocols, i.e., only Alice prepares qubits and sends them to Bob. Thus these protocols have immunity to the Trojan horse attack.

5 Conclusion

In this paper, we analyze the security of QSDC protocols with authentication (YZCSS protocol) and demonstrate that this protocol is vulnerable to two specific attacks, namely, intercept-and-resend attack and impersonation attack. An eavesdropper adopting any one of these two attacks gets the whole secret message. The authentication process in the YZCSS protocol is unidirectional, which causes the impersonation attack. To address these concerns, we propose a modification of the YZCSS protocol, where a mutual authentication process is suggested, and the modified protocol resists the intercept-and-resend attack. We also prove that it is secure against several familiar attack strategies.

Acknowledgement

The first author would like to acknowledge Ritajit Majumdar of Advanced Computing & Microelectronics Unit, Indian Statistical Institute for the stimulating discussions and his insightful comments.

References

  • [1] Charles H Bennett and Gilles Brassard. Quantum cryptography: Public key distribution and coin tossing. arXiv preprint arXiv:2003.06557, 2020.
  • [2] Artur K Ekert. Quantum cryptography based on Bell’s theorem. Physical review letters, 67(6):661, 1991.
  • [3] Gui-Lu Long and Xiao-Shu Liu. Theoretically efficient high-capacity quantum-key-distribution scheme. Physical Review A, 65(3):032302, 2002.
  • [4] Jian Li, Na Li, Lei-Lei Li, and Tao Wang. One step quantum key distribution based on EPR entanglement. Scientific reports, 6:28767, 2016.
  • [5] Charles H Bennett. Quantum cryptography using any two nonorthogonal states. Physical review letters, 68(21):3121, 1992.
  • [6] Marco Lucamarini and Stefano Mancini. Secure deterministic communication without entanglement. Physical review letters, 94(14):140501, 2005.
  • [7] Charles H Bennett, François Bessette, Gilles Brassard, Louis Salvail, and John Smolin. Experimental quantum cryptography. Journal of cryptology, 5(1):3–28, 1992.
  • [8] Yi Zhao, Bing Qi, Xiongfeng Ma, Hoi-Kwong Lo, and Li Qian. Experimental quantum key distribution with decoy states. Physical review letters, 96(7):070502, 2006.
  • [9] Zhiyuan Tang, Zhongfa Liao, Feihu Xu, Bing Qi, Li Qian, and Hoi-Kwong Lo. Experimental demonstration of polarization encoding measurement-device-independent quantum key distribution. Physical review letters, 112(19):190503, 2014.
  • [10] Robert Bedington, Xueliang Bai, Edward Truong-Cao, Yue Chuan Tan, Kadir Durak, Aitor Villar Zafra, James A Grieve, Daniel KL Oi, and Alexander Ling. Nanosatellite experiments to enable future space-based QKD missions. EPJ Quantum Technology, 3(1):12, 2016.
  • [11] Xiaoqing Zhong, Jianyong Hu, Marcos Curty, Li Qian, and Hoi-Kwong Lo. Proof-of-principle experimental demonstration of twin-field type quantum key distribution. Physical Review Letters, 123(10):100506, 2019.
  • [12] Almut Beige, Berthold-Georg Englert, Christian Kurtsiefer, and Harald Weinfurter. Secure communication with a publicly known key. arXiv preprint quant-ph/0111106, 2001.
  • [13] KJ Boström and Timo Felbinger. Ping-pong coding. Phys. Rev. Lett., 89(quant-ph/0209040):187902, 2002.
  • [14] Fu-Guo Deng, Gui Lu Long, and Xiao-Shu Liu. Two-step quantum direct communication protocol using the Einstein-Podolsky-Rosen pair block. Physical Review A, 68(4):042317, 2003.
  • [15] Fu-Guo Deng and Gui Lu Long.

    Secure direct communication with a quantum one-time pad.

    Physical Review A, 69(5):052319, 2004.
  • [16] Chuan Wang, Fu-Guo Deng, Yan-Song Li, Xiao-Shu Liu, and Gui Lu Long. Quantum secure direct communication with high-dimension quantum superdense coding. Physical Review A, 71(4):044305, 2005.
  • [17] Jian-Yong Hu, Bo Yu, Ming-Yong Jing, Lian-Tuan Xiao, Suo-Tang Jia, Guo-Qing Qin, and Gui-Lu Long. Experimental quantum secure direct communication with single photons. Light: Science & Applications, 5(9):e16144, 2016.
  • [18] Wei Zhang, Dong-Sheng Ding, Yu-Bo Sheng, Lan Zhou, Bao-Sen Shi, and Guang-Can Guo. Quantum secure direct communication with quantum memory. Physical review letters, 118(22):220501, 2017.
  • [19] Ba An Nguyen. Quantum dialogue. Physics Letters A, 328(1):6–10, 2004.
  • [20] Zhanjun Zhang. Deterministic secure direct bidirectional communication protocol. arXiv preprint quant-ph/0403186, 2004.
  • [21] Man Zhong-Xiao, Zhang Zhan-Jun, and Li Yong. Quantum dialogue revisited. Chinese Physics Letters, 22(1):22, 2005.
  • [22] Yan Xia, Chang-Bao Fu, Shou Zhang, Suc-Kyoung Hong, Kyu-Hwang Yeon, and Chung-In Um. Quantum dialogue by using the GHZ state. arXiv preprint quant-ph/0601127, 2006.
  • [23] Ji Xin and Zhang Shou. Secure quantum dialogue based on single-photon. Chinese Physics, 15(7):1418, 2006.
  • [24] Gan Gao. Two quantum dialogue protocols without information leakage. Optics communications, 283(10):2288–2293, 2010.
  • [25] Nayana Das and Goutam Paul. Two efficient measurement device independent quantum dialogue protocols. arXiv preprint arXiv:2005.03518, 2020.
  • [26] Ting Gao, Feng-Li Yan, and Zhi-Xi Wang. Deterministic secure direct communication using GHZ states and swapping quantum entanglement. Journal of Physics A: Mathematical and General, 38(25):5761, 2005.
  • [27] Xing-Ri Jin, Xin Ji, Ying-Qiao Zhang, Shou Zhang, Suc-Kyoung Hong, Kyu-Hwang Yeon, and Chung-In Um. Three-party quantum secure direct communication based on GHZ states. Physics Letters A, 354(1-2):67–70, 2006.
  • [28] Gao Ting, Yan Feng-Li, and Wang Zhi-Xi. A simultaneous quantum secure direct communication scheme between the central party and other M parties. Chinese Physics Letters, 22(10):2473, 2005.
  • [29] Xiaoqing Tan, Xiaoqian Zhang, and Cui Liang. Multi-party quantum secure direct communication. In 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pages 251–255. IEEE, 2014.
  • [30] Marcos Curty and David J Santos. Quantum authentication of classical messages. Physical Review A, 64(6):062309, 2001.
  • [31] Bao-Sen Shi, Jian Li, Jin-Ming Liu, Xiao-Feng Fan, and Guang-Can Guo. Quantum key distribution and quantum authentication based on entangled state. Physics letters A, 281(2-3):83–87, 2001.
  • [32] Hwayean Lee, Jongin Lim, and HyungJin Yang. Quantum authentication and quantum key distribution protocol. arXiv preprint quant-ph/0510144, 2005.
  • [33] Hwayean Lee, Jongin Lim, and HyungJin Yang. Quantum direct communication with authentication. Physical Review A, 73(4):042305, 2006.
  • [34] Liu Dan, Pei Chang-Xing, Quan Dong-Xiao, and Zhao Nan. A new quantum secure direct communication scheme with authentication. Chinese Physics Letters, 27(5):050306, 2010.
  • [35] Yan Chang, Chunxiang Xu, Shibin Zhang, and Lili Yan. Controlled quantum secure direct communication and authentication protocol based on five-particle cluster state and quantum one-time pad. Chinese science bulletin, 59(21):2541–2546, 2014.
  • [36] Tzonelih Hwang, Yi-Ping Luo, Chun-Wei Yang, and Tzu-Han Lin. Quantum authencryption: one-step authenticated quantum secure direct communications for off-line communicants. Quantum information processing, 13(4):925–933, 2014.
  • [37] Su-Juan Qin, Fei Gao, Qiao-Yan Wen, and Fu-Chen Zhu. Improving the quantum secure direct communication by entangled qutrits and entanglement swapping against intercept-and-resend attack. Optics communications, 283(7):1566–1568, 2010.
  • [38] Toung-Shang Wei, Chia-Wei Tsai, and Tzonelih Hwang. Comment on “quantum key distribution and quantum authentication based on entangled state”. International Journal of Theoretical Physics, 50(9):2703–2707, 2011.
  • [39] Chih-Hung Chang, Yi-Ping Luo, Chun-Wei Yang, and Tzonelih Hwang. Intercept-and-resend attack on controlled bidirectional quantum direct communication and its improvement. Quantum Information Processing, 14(9):3515–3522, 2015.
  • [40] Zhan-jun Zhang, Jun Liu, Dong Wang, and Shou-hua Shi. Comment on “quantum direct communication with authentication”. Physical Review A, 75(2):026301, 2007.
  • [41] Qin Su-Juan, Wen Qiao-Yan, Meng Luo-Ming, and Zhu Fu-Chen. High efficiency of two efficient QSDC with authentication is at the cost of their security. Chinese Physics Letters, 26(2):020312, 2009.
  • [42] Gao Fei, Qin Su-Juan, Guo Fen-Zhuo, and Wen Qiao-Yan. Cryptanalysis of quantum secure direct communication and authentication scheme via Bell states. Chinese Physics Letters, 28(2):020303, 2011.
  • [43] Qing-yu Cai. The ping-pong protocol can be attacked without eavesdropping. arXiv preprint quant-ph/0402052, 2004.
  • [44] Yu-Guang Yang, Xin Jia, Juan Xia, Lei Shi, and Hua Zhang. Comment on “quantum secure direct communication with authentication expansion using single photons”. International Journal of Theoretical Physics, 51(12):3681–3687, 2012.
  • [45] Zhi-Hao Liu, Han-Wu Chen, Dong Wang, and Wen-Qian Li. Cryptanalysis and improvement of three-particle deterministic secure and high bit-rate direct quantum communication protocol. Quantum Information Processing, 13(6):1345–1351, 2014.
  • [46] M Peev, M Nölle, O Maurhardt, T Lorünser, M Suda, A Poppe, R Ursin, A Fedrizzi, and Anton Zeilinger. A novel protocol-authentication algorithm ruling out a man-in-the middle attack in quantum cryptography. International Journal of Quantum Information, 3(01):225–231, 2005.
  • [47] Tzu-Han Lin, Ching-Ying Lin, and Tzonelih Hwang. Man-in-the-middle attack on “quantum dialogue with authentication based on bell states”. International Journal of Theoretical Physics, 52(9):3199–3203, 2013.
  • [48] Gao Fei, Lin Song, Wen Qiao-Yan, and Zhu Fu-Chen. A special eavesdropping on one-sender versus n-receiver QSDC protocol. Chinese Physics Letters, 25(5):1561, 2008.
  • [49] Fu-Guo Deng, Xi-Han Li, Hong-Yu Zhou, and Zhan-jun Zhang. Improving the security of multiparty quantum secret sharing against Trojan horse attack. Physical Review A, 72(4):044302, 2005.
  • [50] Nicolas Gisin, Sylvain Fasel, Barbara Kraus, Hugo Zbinden, and Grégoire Ribordy. Trojan-horse attacks on quantum-key-distribution systems. Physical Review A, 73(2):022320, 2006.
  • [51] Fei Gao, Su-Juan Qin, Qiao-Yan Wen, and Fu-Chen Zhu. Comment on:“Three-party quantum secure direct communication based on GHZ states” [Phys. Lett. A 354 (2006) 67]. Physics Letters A, 372(18):3333–3336, 2008.
  • [52] Nayana Das and Goutam Paul. Improving the security of “Measurement-device-independent quantum communication without encryption”. arXiv preprint arXiv:2006.05263, 2020.
  • [53] Lili Yan, Shibin Zhang, Yan Chang, Zhibin Sun, and Zhiwei Sheng. Quantum secure direct communication protocol with mutual authentication based on single photons and Bell states. Computers, Materials & Continua, 63(3):1297–1307, 2020.