Professional Documents
Culture Documents
3, MARCH 2020
Abstract— In this paper, we consider the problem of Experimental procedures for entanglement verification
entanglement verification across the quantum memories of any have been classified by van Enk et al. [16] as follows:
two nodes of a quantum network. Its solution can be a means 1) teleportation, 2) Bell-CHSH inequality tests, 3) tomography,
for detecting (albeit not preventing) the presence of intruders
that have taken full control of a node, either to make a 4) entanglement witnesses, 5) direct measurement of entangle-
denial-of-service attack or to reprogram the node. Looking for ment, 6) consistency with entanglement. All these approaches
strategies that only require local operations and classical com- have been studied analytically and experimentally, in the
munication (LOCC), we propose two entanglement verification context of scenarios that are different from the one described in
protocols characterized by increasing robustness and efficiency. this paper — where the source of entanglement is assumed to
Index Terms— Quantum network, entanglement verification, be trusted, but one party may be dishonest. Usually, the focus
LOCC. is either on untrusted sources of entangle qubits (photons,
in most cases) or on eavesdroppers that interfere with the
quantum channel while entangled qubits are transmitted.
I. I NTRODUCTION
Blume-Kohout et al. [17] illustrated a reliable method to
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.
AMORETTI AND CARRETTA: ENTANGLEMENT VERIFICATION IN QUANTUM NETWORKS WITH TAMPERED NODES 599
Definition 1: A two-party protocol P is -robust on the state of the qubit is either |0 or |1, respectively. Thus, if a
inputs of the two interacting parties if the probability that qubit results to be in superposition of the basis states, with
the protocol aborts is at most . unknown probability amplitudes, there is no way to know the
For the efficiency, we adopt a more specific definition. values of α and β with a single measurement.
Definition 2: A two-party entanglement verification One may use diagonal basis |+ = |0+|1 √
2
, |− = |0−|1
√
2
protocol P1 is more efficient than another two-party to represent the state of a qubit: |ψ = 2 |+ + 2 |−.
α+β
√ α−β
√
entanglement verification protocol P2 , if the probability that Measuring with respect to the diagonal basis results in +, with
the protocols abort is the same, but P1 sacrifices less Bell probability |α + β|2 /2, or −, with probability |α − β|2 /2.
states than P2 . The corresponding post-measurement states are |+ or |−,
respectively.
A. Contributions 1 1 1
The Hadamard operator H = √2 maps |0 to |+
We state the entanglement verification problem according to 1 −1
the single-prover quantum interactive proof model [24]. The |1
and to |−. Other operators
wewill use are Pauli-X: X =
two parties are denoted as Verifier and Prover, respectively. 01 1 0
, and Pauli-Z: Z = .
The Verifier wants to check the honesty of the Prover, which 10 0 −1
is untrusted. An n qubit system has 2 basis states. Any measurement
n
As a warm up, we summarize the reference protocol result x ∈ {0, 1}n occurs with probability |αx |2 , αx ∈ C, with
NA2010 [22] and we formalize its analysis by proving the the state of the qubits afterthe measurement being |x. The
following theorem. normalization condition is x∈{0,1}n |αx |2 = 1.
Theorem 1: NA2010 is (7/8)m -robust on any set of m Bell Sometimes it is not possible to decompose the state of an n
states shared by the Verifier and the Prover, assuming that the qubit quantum system in the tensor product of the component
Prover is an attacker that performs measurements either in states. Such a state is denoted as entangled. Bell states are
the computational or diagonal basis. maximally entangled quantum states of two qubits: |β00 =
|00+|11
Then, we propose two entanglement verification protocols,
√
2
, |β01 = |01+|10
√
2
, |β10 = |00−|11
√
2
, |β11 =
|01−|10
denoted as AC1 and AC2, which are characterized by √
2
. If we measure the first qubit, in |β00 we obtain
increasing robustness and efficiency. More specifically, either 0 or 1. Result 0 leaves the post-measurement state |00,
we prove the following theorems. while result 1 leaves |11. Thus, a measurement of the second
Theorem 2: AC1 is (3/4)m -robust on any set of m Bell qubit always gives the same result as the measurement of the
states shared by the Verifier and the Prover, assuming that the first qubit. The same reasoning applies to the other types of
Prover is controlled by an attacker that performs measure- Bell states.
ments either in the computational or diagonal basis. III. ATTACK M ODEL
Theorem 3: AC2 is (3/8)m -robust on any set of 2m
Bell states shared by the Verifier and the Prover, assuming In quantum networks, the following attack scenarios may
that the Prover is controlled by an attacker that performs be considered.
measurements either in the computational or diagonal basis. 1) The attacker is able to measure some (or all) of the
We also show that, remarkably, the success probability qubits—either by intercepting them while they travel on
of each AC2 round is always ≥ 1/2 for any measurement a network link, or by gaining access to the memory of
basis the malicious Prover adopts to destroy the entanglement. some nodes.
Noteworthy, this result holds despite the assumption that the 2) The attacker is able to entangle some (or all) of the
attacker has exactly the same capabilities of the Verifier. qubits with a quantum memory of her own, and measure
Moreover, we characterize and compare the three protocols that memory at a later point after listening in on the
in terms of efficiency, showing that AC2 is better than AC1, classical communications.
which is better than NA2010. 3) The attacker is able to completely take over certain
Last but not least, we illustrate simulation results, obtained nodes, including the quantum memories at those nodes.
with SimulaQron [25], and experimental results, based on the This is essentially the assumption that some parties are
IBM Q platform [26], that confirm the theoretical analysis of not trustworthy.
the three protocols. It is assumed that the attacker can listen in on all classical
communications.
II. N OTATION Work on quantum key distribution has generally shown
The notation adopted in this paper is the usual one in quan- that scenario 2 does not give the attacker appreciably more
tum computing [27], [28]. A qubit is a quantum-mechanical power than scenario 1. By contrast, scenario 3 makes the
2
system whose state can be represented in C . Using
as a vector attacker much more powerful. To detect the attacker while
1 0 intercepting qubits that are transmitted over quantum channels,
the computational basis |0 = , |1 = , the generic
0 1 there are several known effective strategies. For example,
state of a qubit is |ψ = α|0 + β|1, where α, β ∈ C are the generalized Bell’s theorem (CHSH inequalities) [29] can
called probability amplitudes (with |α|2 + |β|2 = 1). be used, as suggested by Ekert [12].
When a qubit gets measured, the result is either 0 or 1, with In this paper we focus on scenario 3, where the attacker
probability |α|2 or |β|2 , respectively. The post-measurement physically captures the node and takes full control of its
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.
600 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 38, NO. 3, MARCH 2020
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.
AMORETTI AND CARRETTA: ENTANGLEMENT VERIFICATION IN QUANTUM NETWORKS WITH TAMPERED NODES 601
B. AC1 Protocol
To check if the Prover has been compromised, the Verifier
may start the AC1 protocol illustrated in Fig. 2 and detailed Fig. 3. Frequency distribution of the probability p to detect the attacker
in Box IV-B. with AC1.
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.
602 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 38, NO. 3, MARCH 2020
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.
AMORETTI AND CARRETTA: ENTANGLEMENT VERIFICATION IN QUANTUM NETWORKS WITH TAMPERED NODES 603
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.
604 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 38, NO. 3, MARCH 2020
step. Currently, there is no publicly available facility. In order [15] K. Kompella, M. Aelmans, S. Wehner, and C. Sirbu, “Advertising
to test our protocols on a real hardware, the best we could entanglement capabilities in quantum networks,” Working Draft, IRTF,
Tech. Rep., Internet-Draft draft-kaws-qirg-advent-00, 2018. [Online].
do was to run the AC1 and AC2 quantum circuits on an Available: https://draft-kaws-qirg-advent-03
IBM Q device [26], by means of the Qiskit Terra library. [16] S. J. van Enk, N. Lütkenhaus, and H. J. Kimble, “Experimental proce-
The source code is available in the GitHub repository at [31]. dures for entanglement verification,” Phys. Rev. A, Gen. Phys., vol. 75,
no. 5, 2007, Art. no. 052318.
For example, let us consider AC1. Assuming that |β00 has [17] R. Blume-Kohout, J. O. S. Yin, and S. J. van Enk, “Entanglement
been measured in the computational basis, then v = 1 has verification with finite data,” Phys. Rev. Lett., vol. 105, no. 17, 2010,
probability 1/4 (as explained in Section IV). This is con- Art. no. 170501.
[18] M. Christandl and R. Renner, “Reliable quantum state tomography,”
firmed by the experimental results illustrating the distribution Phys. Rev. Lett., vol. 109, no. 12, 2012, Art. no. 120403.
of measured bit configurations, when repeating the protocol [19] J. M. Arrazola, O. Gittsovich, J. M. Donohue, J. Lavoie, K. J. Resch,
execution 8000 times for each possible value of s, on the and N. Lütkenhaus, “Reliable entanglement verification,” Phys. Rev. A,
Gen. Phys., vol. 87, no. 6, 2013, Art. no. 062331.
ibmq_essex device. With s = 0, the output distribution is: [20] A. J. Bennett et al., “Arbitrarily loss-tolerant Einstein-Podolsky-Rosen
{111 : 3.2%; 100 : 1.8%; 001 : 37.6%; 110 : 3.1%; 011 : steering allowing a demonstration over 1 km of optical fiber with no
3.9%; 000 : 44.3%; 010 : 4.2%; 101 : 1.9%}. With s = 1, detection loophole,” Phys. Rev. X, vol. 2, no. 3, 2012, Art. no. 031003.
[21] T. Moroder, J.-D. Bancal, Y.-C. Liang, M. Hofmann, and O. Gühne,
instead: {100 : 9.4%; 000 : 15.8%; 101 : 16.2%; 110 : “Device-independent entanglement quantification and related applica-
12.3%; 111 : 9.3%; 011 : 12.2%; 001 : 11%; 010 : 13.8%}. tions,” Phys. Rev. Lett., vol. 111, no. 3, 2013, Art. no. 030501.
Altogether, v (the leftmost bit) is 1 in about 25% of the [22] M. Nagy and S. G. Akl, “Entanglement verification with an application
to quantum key distribution protocols,” Parallel Process. Lett., vol. 20,
measured results. no. 3, pp. 227–237, Sep. 2010.
[23] R. Renner, “Security of quantum key distribution,” Ph.D. dissertation,
VI. C ONCLUSION Swiss Federal Inst. Technol., Zürich, Switzerland, 2005.
We have illustrated and analyzed three LOCC protocols [24] T. Vidick and J. Watrous, “Quantum proofs,” Found. Trends Theor.
Comput. Sci., vol. 11, nos. 1–2, pp. 1–215, 2016.
for entanglement verification across node pairs of a quan- [25] A. Dahlberg and S. Wehner, “SimulaQron—A simulator for developing
tum network. Two of these protocols (AC1 and AC2) have quantum Internet software,” Quantum Sci. Technol., vol. 4, no. 1,
been proposed for the first time in this work. Moreover, Jul. 2018, Art. no. 015001.
[26] IBM. IBM Q. (2019). [Online]. Available: https://www.ibm.com/
we have implemented, simulated and experimentally evaluated quantum-computing/
the aforementioned protocols with SimulaQron [25] and the [27] M. A. Nielsen and I. L. Chuang, Quantum Computation and Quantum
IBM Q platform [26], obtaining results that confirm the Information. Cambridge, U.K.: Cambridge Univ. Press, 2000.
[28] L. Gyongyosi and S. Imre, “A survey on quantum computing technol-
theoretical analysis. ogy,” Comput. Sci. Rev., vol. 31, pp. 51–71, Feb. 2019.
Regarding future work, we will investigate the possibility to [29] R. Fox and B. Rosner, “Proposed experiment to test local hidden-variable
extend our protocols to entangled states involving more than theories,” Phys. Rev. D, Part. Fields, vol. 4, no. 4, pp. 1243–1244,
Jul. 2002.
two qubits, such as GHZ states, W states and graph states [1]. [30] C. H. Bennett, G. Brassard, C. Crepeau, R. Jozsa, A. Peres, and
W. K. Wootters, “Teleporting an unknown quantum state via dual clas-
R EFERENCES sical and Einstein-Podolsky-Rosen channels,” Phys. Rev. Lett., vol. 70,
no. 13, pp. 1895–1899, 1993.
[1] R. V. Meter, Quantum Network. Hoboken, NJ, USA: Wiley, 2014. [31] Python Code. Entanglement Evaluation Protocols. Accessed:
[2] L. Gyongyosi, S. Imre, and H. V. Nguyen, “A survey on quantum Jan. 8, 2020. [Online]. Available: https://github.com/qis-unipr/
channel capacities,” IEEE Commun. Surveys Tuts., vol. 20, no. 2, entanglement-verification
pp. 1149–1205, 2nd Quart., 2018.
[3] L. Gyongyosi and S. Imre, “Multilayer optimization for the quantum
Internet,” Sci. Rep., vol. 8, no. 1, pp. 1–15, 2018. Michele Amoretti (Senior Member, IEEE) received
[4] L. Gyongyosi and S. Imre, “Opportunistic entanglement distribution for the Ph.D. degree in information technologies from
the quantum Internet,” Sci. Rep., vol. 9, no. 1, pp. 1–9, 2019. the University of Parma, Parma, Italy, in 2006.
[5] L. Gyongyosi and S. Imre, “Entanglement availability differentiation He is currently an Associate Professor of com-
service for the quantum Internet,” Sci. Rep., vol. 8, no. 1, pp. 1–8, 2018. puter engineering with the University of Parma.
[6] L. Gyongyosi and S. Imre, “Decentralized base-graph routing for the In 2013, he was a Visiting Researcher with the LIG
quantum Internet,” Phys. Rev. A, Gen. Phys., vol. 98, no. 2, 2018, Laboratory, Grenoble, France. He has authored or
Art. no. 022310. coauthored over 100 research articles in refereed
[7] L. Gyongyosi and S. Imre, “A Poisson model for entanglement opti- international journals, conference proceedings, and
mization in the quantum Internet,” Quantum Inf. Process., vol. 18, no. 7, books. His current research interests include high
p. 233, 2019. performance computing, quantum algorithms and
[8] S. Tani, H. Kobayashi, and K. Matsumoto, “Exact quantum algorithms protocols, and the Internet of Things.
for the leader election problem,” ACM Trans. Comp. Theory, vol. 4,
no. 1, pp. 1–24, 2012.
[9] H. Buhrman and H. Röhrig, “Distributed quantum computing,” in Proc.
Int. Symp. Math. Found. Comput. Sci. (MFCS), Bratislava, Slovak, 2003.
[10] M. Amoretti, M. Pizzoni, and S. Carretta, “Enhancing distributed Stefano Carretta received the Ph.D. degree in
functional monitoring with quantum protocols,” Quantum Inf. Process., physics from the University of Parma, in 2005. He is
vol. 18, no. 12, pp. 1–25, 2019. currently a Full Professor of physics of matter with
[11] C. H. Bennett and G. Brassard, “Quantum cryptography: Public-key the University of Parma and has a long experience in
distribution and coin tossing,” in Proc. IEEE Conf. Comput., Syst. Signal the theoretical modeling of magnetic molecules and
Process., Bangalore, India, Dec. 1984, pp. 175–179. other magnetic systems. In particular, he contributed
[12] A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. to some of the first proposals for using molecular
Rev. Lett., vol. 67, no. 6, pp. 661–663, Aug. 1991. nanomagnets in quantum information processing.
[13] U. Vazirani and T. Vidick, “Fully device-independent quantum key He is the coauthor of more than 120 research arti-
distribution,” Phys. Rev. Lett., vol. 62, no. 14, p. 133, 2019. cles published in international journals. His current
[14] M. Ben-Or and A. Hassidim, “Fast quantum byzantine agreement,” in research interest also encompasses quantum infor-
Proc. ACM STOC, Baltimore, ML, USA, 2005, pp. 481–485. mation processing with different platforms.
Authorized licensed use limited to: University of Melbourne. Downloaded on April 29,2021 at 12:09:47 UTC from IEEE Xplore. Restrictions apply.