A simple quantum voting scheme with multi-qubit entanglement

We propose a simple quantum voting scenario with a set of pairs of particles in a multi-particle entangled state. This scenario is suitable for large scale general votings. We also provide a proof of security of our scheme against the most general type of attack by generalizing Shor and Preskill’s proof of security of the other schemes.

Particles 1 is sent to Bob, particles 2 and 3 are sent to Alice and particles 4, 5 and 6 are left for Carol herself. Alice receives the particles from Carol and encodes her opinion on the vote, which is represented in binary notation as a ∈ {000, 001, …, 111}, by performing the operation B b ⊗ C c corresponding to b = g(a) on them (See Table 1), where g(x) is bijection.
Remarkably, in order to keep the votes from being duplicated, the voters perform the voting process with probability 1 − ε and the detecting process with probability ε, where 0 < ε < 1.
Suppose there are n candidates to be voted, which are coded in binary notation. In the voting process, Alice sends the two resulting particles (three bits of information) representing her opinion on vote to Bob every time. This kind of communication has be done for N times in all. Then the vote from Alice can be represented as υ = ∑ = a n ( )mod The voters, administrator and scrutinizer are connected by a quantum channel and a classical public channel. They follow the below procedures.
1 With probability 1 − ε, Alice performs the voting process. She randomly chooses a coding scheme g: Suppose this is the l th part of opinion on her vote. She encodes the value by performing the operation corresponding to b l = g(a l ) on the particles 2 and 3. Even if there is any eavesdropper Eve who tries a "man-in the middle" attack 23 to duplicate the vote finds out which operation Alice has performed, she still does not know her message. The coding scheme g acts as a secret key used by Alice. Here, there are eight unitary operations Table 1) on the particles 2 and 3. This process is similar to the scheme of densecoding using multiparticle quantum channel 24 . Then, she sends the resulting particles 2 and 3 to the administrator Bob. 2 At the same time, Carol makes a GHZ measurement on the particles 4, 5 and 6 and announces the result over the public channel. Then, she sends the particle 6 to Alice, and the rest particles are left for herself.
3 Bob receives Particles 2 and 3 and measures the three qubits resulting in the final state |ψ〉 f if along the GHZ basis. According to the result of Carol's measurement, he learns the form of the operation ⊗ B C b b l l (that is b l ), but not the three bits of information representing one part of Alice's opinions about the issues to be voted upon. 4 In the meantime of Step 1, with probability ε, Alice performs the detecting process. She measures the particle 2 along the orthogonal basis | + . The particles 1 and 3 will be in one of the two EPR states |Φ±〉 = 1 2 (|00〉±|11〉) with the same probability determined by both of the results of the measurement of Carol and Alice. Alice randomly chooses one out of the rectilinear ({|0〉, |1〉}) and orthogonal bases and measures particle 3 along it. Then she announces the two results of her measurement and the basis she has chosen. 5 If Bob has received the information over the public channel (not the particles), he will also perform the detecting process. He measures his particle 1 along the same basis and detects the correlations of the particles 1, 2 and 3. For example, if Carol measure the particles 4, 5 and 6 and gets the state |ψ〉 456 = 1 2 (|000〉 + |111〉) 456 , the rest particles 1, 2 and 3 will be in the same state |ψ〉 123  (|000〉 ± |111〉 which is determined by the result of the GHZ measurement on the rest qubits 4, 5 and 6. After a certain operation, the three qubits will be in the final state ψ f if σ x , σ y and σ z are Pauli operators. , the results of correlation detection are shown in Table 2. If the number of the mismatches r (here, mismatch means the results of Alice and Bob are not correlated), the error rate of the channel is estimated as e = (r)/(m) (m is the number of the pairs of particles used to detect the security of the quantum channel).
Note that the test samples m are sufficiently large, the estimated error rates e should be rather accurate. Now they demand that e < e max where e max is a prescribed maximally tolerable error rate. In our scheme, after Alice measures her particles with the orthogonal basis, the detection process is equal to that of a modified EPR scheme 25,26 . Please see refs 26-28 for details. If the constraint is satisfied, it has been proved that the error rate of the signal is also small enough to allow the stabilizer code to correct. Then they proceed to the next steps. Otherwise, they re-start the whole procedure.
6 Then Alice announces the coding scheme g, that is the relation among a l , b l and the corresponding operations.
7 Bob calls out the vote, but the other voters apart from the scrutinizer do not know who has sent this vote. 8 Since Carol and Alice share another GHZ state |ψ〉 456 , she can send a return receipt to Alice and make her to confirm her vote is taken into the results of the election. This step is achieved as Alice just has done. Carol performs the process to send receipt with probability 1 − ε as the modified densecoding using GHZ channel (seeing Steps 1 and 3). Or, she may perform the detecting process with ε to ensure the security of the channel (seeing Steps 5 and 6).
Since the security of our protocol is proven in Step 5, here, we show a data analysis guarantees the security of this protocol against a "man-in the middle" strategy 23 . An eavesdropper Eve intercepts and catches the two particles from Carol and prepares another GHZ state |ψ e 〉 123 = 1 2 (|000〉 + |111〉) 123 , and sends two particles to Alice. Then she catches the resulting qubits and makes a GHZ measurement on them to obtain the operation Alice has performed. She put the same operation on the initial particles which she has intercepted from Carol and sends them to Bob. Such an attack is called a "man-in-the-middle" attack.
If Eve is really smart she will try a man-in-the middle attack and duplicate the votes from the authorized voters. However, the voter will perform the detecting process with probability ε. So Eve has no chance to adapt her strategy. Then, an error rate is introduced showing the wrong type of correlation in the detecting process with probability 1 4 . That is with probability 1 4 Eve is detected. Since the probability for a detecting process is ε, for M pairs of particles, there are m pairs of particles are used to detect the security of channel (seeing Eq. 2). If Eve attacks all the time, the probability that she will not be detected with probability P d .
which is goes to 0 as m is large enough. Except for "man-in-the middle" attack, we will analyze the protocol against some other outsider's attack, such as "entangle-and-measure attack". Assume Eve applies the entangled state attack strategy. Namely, Eve takes an attack strategy by applying an arbitrary operation on her own ancillary state and the ballot state (particles 1, 2 and 3) which entangles the ancilla and the particles 1, 2, and 3. Her intervention can then be detected by the administrator Bob, which implies that Eve cannot change the ballot results of voters without being detected. Suppose Eve tries to attack the scheme by entangling her own particle as an ancilla with the ballot state. After voting, the administrator Bob may notice the entangled state which is shared with Alice previously is changed in Step 5. He then sends the states to corresponding voters to detect the destroyed votes. Therefore, whether or not Eve casts to the ballot state, the result can always be detected by voter Alice, which implies that Eve cannot intervene the procession of the ballot. Furthermore, the protocol can be further improved by introducing decoy state. To counter this attack, the decoy states are randomly inserted and when they are examined for security, the total detection probability of Eve is decreased by taking into account that the probability of generation of each decoy state.
There are still many questions that remain open and deserve further detailed investigation. Primarily, it is the analysis of the security of quantum voting against more sophisticated attacks, such as collaborating parties, the use of illegal voting operations, and cheating authorities that deserve further attention.

Discussion
Quantum secure voting could also be realized by using quantum key distribution. Each authorized voter encrypts her/his vote using quantum key, and sends it to the administrator who shares the key. Then, she/he decrypts the encrypted message and obtains the vote. Since this protocol needs a multi-party quantum key distribution between the administrator and each voter at first, it will bring vast waste of quantum resource. In our protocol, the voting is a deterministic process and does not need either a quantum key distribution or a teleportation compared to the previous protocols. There are one administrator and scrutinizer which supervise each other's performance and prevent other one from cheating. It is needed that one of them is absolutely trusted at least. We also prove that the protocol is secure against some outsider's attacks such as man-in-the-middle and entangle-and-measure attacks. Since the computations among voters are independent without the need of any global computation and every voter only has to communicate with the scrutinizer and finally sends his vote to the administrator, this protocol is suitable for large scale general elections and allows to be within the reach of current technology.