Dynamic Group Multi-party Quantum Key Agreement

This paper presents a novel dynamic group multi-party Quantum Key Agreement (DGMQKA) protocol, achieved by a multicast transmission method. The proposed method is able to achieve arbitrary number of groups and members under the same resources. In addition, it can be dynamically adjusted by joining a new member, combining two groups into one group, revoking an old member and dividing one group into two groups, for different and complex situations. Furthermore, the proposed protocol can be of help to research into Quantum Secret Sharing (QSS), which it complements. The security analysis shows that the proposed protocol can resist both external and internal attacks. In consumption comparison, the proposed protocol using the multicast transmission method is more effective than other current MQKA protocols.


The proposed method
The basic idea of the proposed protocol is an improvement from the work of Zeng et al. 61 . The broadcast transmission method makes Zeng et al. 's protocol very efficient. Similarly, through broadcast transmission, the proposed protocol is designed to group property that can be adjusted dynamically and makes different group can only obtain their own group key which called multicast in the proposed protocol. The proposed protocol is able to create arbitrary groups using the same quantum resources. As long as all members configure the same initial quantum resources, it is impossible to know how many groups there will be and how many members will be in each group. In addition, because the proposed protocol is just a cryptosystem, it focuses on key configuration and whether all members put the correct key intentions into the protocol is not discussed. The first example is in the easiest case, a two-group DGMQKA, where two groups generate respective groups and group key using the same entangled state. The second example is a multi-group case, multi-group DGMQKA, which is that more arbitrary number of groups and members perform the group key agreement, and is generalized from the two-group case. The third example is key generation, which shows every group how to exact their respective group key. The final example is the dynamic of the proposed protocol, in which any participant can join or leave a group, and any two groups can combine into one group, or any one group can divide into two groups.
Because of the flexibility of dynamic and group, this DGMQKA protocol is very suitable for complex scenarios, such as the scenario of wireless sensor network. The proposed protocol can satisfy any different and complex situations through joining a new sensor, revoking an old sensor, combining two groups of sensors into one group and dividing one group of sensors into two groups. In the scenario of wireless sensor network, there are many sensors in groups, and they need the group key to communicate with each group member. They will deliver information through other group sensors. For avoiding being eavesdropped, they can perform group key agreement. The group key can be used to encrypt and decrypt the information. Besides, if the sensors are movable, the situations of groups and members will be extremely variable. Therefore, this study can be very useful for any scenario which needs flexibility. The previous studies is only for single group without flexibility, and this study is the first MQKA protocol with properties of group and dynamic. In addition, quantum secret sharing is to divide a message or key into many pieces, while quantum key agreement is to combine many pieces of messages or keys into one. Because the two research areas complement each other, this study is also helpful for the researches of quantum secret sharing.
The proposed two-group DGMQKA protocol. The simplest case is two groups including 2 (the smallest even number, greater than 1) and 3 (the smallest odd number, greater than 1) participants. Because the encryption and decryption methods will differ with the even or odd number of participants in Zeng et al. 's protocol 61 , the smallest cases of even and odd numbers will be discussed here. Suppose that there are five member, G 1 (the subscript is the group number) is composed of two members, M 1 1 and M 2 1 (the upper superscript is the group number and the lower subscript is the member number), and G 2 is composed of three members: M 3 2 , M 4 2 and M 5 2 . The members of the two groups will respectively generate a specific group key through operation information that each performs and the measurement result that the group leader announces, but cannot be known by any other group. The protocol is composed of five steps, as follows: 1. Initially, there is a member who prepares the quantum resources, and this member can be any member of the group. Here, suppose that M 1 1 prepares an ordered sequence composed of N five-qubit entangled states 21  , M 3 2 , M 4 2 and M 5 2 use the corresponding bases to measure these detection qubits 62 , and check the states of these detection qubits 62 . If the error rate is higher than the threshold, they will abort this communication; otherwise, they go to the next step. 3. Then, every member will be the group leader, in turn, who measures the entangled states and announces the measurement results. Hence, the order of the group leader in G with the number of group members P. The reason will be explained in the key generation section. Here, the number of members in G 1 is 2, so the number of entangled qubits has to be 3. Therefore, group leader M 1 1 in G 1 prepares an additional sequence which is composed of N single qubits in ′ 0 1 . Then, M 1 1 performs the CNOT 11′ operation on S 1 and S 1′ , where each qubit in S 1 is a control bit and each corresponding qubit in S 1′ is a target bit. Every five-qubit entangled state + ( 00000 11111 ) 1 2 12345 will be turned into six-qubit entangled state: + ′ ( 000000 111111 ) 1 2 11 2345 . Similarly, the number of members in G 2 is 3, so the number of entangled qubits has to be 3 (Fig. 1). After all the groups have gone through the above steps, all the members perform one of two operations {I, X} based on their own choice for a key that represents "0" or "1" on the qubits sequences on hand, as shown in Fig. 1. Then, every member will be the group leader in turn who measures the entangled states and announces the measurement results. Hence, the order of group leader in G 1 is M 1 1 and the order of group leader in G 2 is M 3 2 , M 4 2 , M 5 2 , …, M 5 2 . 4. After the key encryption, all members randomly insert the detection qubits 62 for channel checking as M 1 1 did in step 1. They send their qubits sequences to their group leader. When every group leader receives the qubit sequences with detection qubits 62 from members, they announce the positions and states of the detection qubits 62 for the channel checking, and check the error rate. They abort this communication if the error rate is higher than the threshold; otherwise, they go to the next step. 5. All group leaders perform the GHZ measurement and announce the measurement results. According to 's operation is I 1 and I 1′ with its own operation I 2 and measurement result of G 1 . However, they are unable to identify the operations combination of G 2 , which are III 345 or XXX 345 , because they cannot get operation information from the members of the G 1 . Similarly, for G 2 , the members of G 2 can only know the operations performed by other members in G 2 , but they cannot know the operations of the G 1 , which are III 11′2 or XXX 11′2 . Finally, the rule of key exaction is discussed in the following section.   The proposed multi-group DGMQKA protocol. The basic idea of the two-group DGMQKA protocol can be generalized to multi-group cases in the same way. This means that there are n arbitrary groups, G 1 , G 2 , …, G n . and m arbitrary members, M 1 And every group will agree their group key. The multi-group case contains five steps as follows: . This sequence is composed of N m-qubit entangled states. Then M 1 1 splits it into m sequences, S 1 , S 2 ,…, S m . After M 1 1 randomly inserts detection qubits 62 into these sequences, with the exception of S 1 , M 1 1 sends these qubit sequences with detection qubits 62 to all other members, respectively. , …, M m n use the corresponding bases to measure these detection qubits 62 . If the error rate is higher than the threshold, this communication should be aborted; otherwise, they go to the next step. 3. After all groups go through steps as Step3 of "The proposed two-group DGMQKA protocol" section 0, the number of entangled qubits satisfies    , where P are the number of group members. Then, all members add their own idea for a key by performing operations on qubits in hand. The operation rule is that all members are able to perform one of two operations {I, X} on their qubits sequences. The two operations, I and X, represent that key is "0" or "1". Then, every member will be the group leader in turns who measures the entangled states and announces the measurement results. 4. All members randomly insert the detection qubits 62 as M 1 1 did in step 1 after the self key encryption. They send their qubit sequences with detection qubits 62 to their group leader. After all group leaders receive the qubit sequences with detection qubits 62 from members, they announce the positions and states of detection qubits 62 for the channel checking, and check the error rate. They abort this communication if the error rate is higher than threshold; otherwise, they go to the next step. 5. All group leaders perform the GHZ measurement and announce the measurement results. After the measurement results are announced, all members can distinguish the operations of each group member and generate the group key.
Key generation. Once the measurement results are announced, all group members can utilize the measurement result and their own operation to deduce operations performed by other members in same group. Because each member just performs the operations on the qubit on hand, each can determine one bit of the group key in a key agreement.
The I operation indicates that the key is "0"; otherwise, the key is "1". The final key appears when all the operation information turns to key information and utilize the XOR operation to transform all the operation results to one bit information. Thus, the final key is determined by the operations performed by all the group members. For example, M 1 1 in G 1 announces the measurement result which is ψ ′ 011 11 2 ⇒ 011 11′2 , and M 1 1 and M 2 1 can utilize it and their own operations to deduce that the operation combination is XII 11′2 . However, the operation combination is in two possible measurement results. According to Table 1, find in same measurement results, have two possible operation combination here. Thus, every member needs to compare his/her operation with the measurement result. When the measurement result is different from the operations, it is flipped. That is to say, if the measurement result of the first qubit is 1, it will be turned into 0. Here, because the result of first qubit is 0 1 , it is still ′ 011 11 2 . However, if M 1 1 operation is XI 11′ (10). Because it is different from the measurement result of qubit 1 and 1' , ′ 01 11 , the measurement result is flipped to ′ 100 11 2 . Finally, M 1 1 obtains the group key which is 1⊕0⊕0 = 1. Following the same steps, M 2 1 can also get the group key "1".
Here, we explain the condition of the number of entangled qubits: , where P is the number of group participants. The aim is mainly to solve the same XOR result problem, which anyone can estimate the key, when the number of participants is even. So, all the group leaders decide whether the number of participants is even or odd, and then turn the number of entangled qubits into odd numbers. Thus, when P is 2, 3, 4, 5, …, K, the number of group entangled qubits have to be . This proposed protocol will be problematic without the above condition. For example, there are two participants, A and B, in same group. If group leader A announces the measurement result is ( 00 , the possible operation combinations which they perform are II(00) or XX (11). If they use the method of key generation without the above condition, they will obtain same key after XOR operation whatever they deduce. Therefore, as long as they announce the measurement results, all the people including non-participants and other members of groups can know the key. This problem always happens when the number of participants is even, and this is why this protocol needs the condition. To solve above problem, group leader A just adds a entangled qubit and performs the GHZ measurement. After the announcement, we can find that the two possible operation combinations which they perform are III(000) or XXX(111). Besides, we also observe that the key generation is different from two possible operation combinations: III(000) is 0 after 0 ⊕ 0 ⊕ 0 = 0 and XXX(111) is 1 after 1 ⊕ 1 ⊕ 1 = 1. Therefore, only group members can use the measurement result and operations to generate the key; the others cannot.
In Zeng et al. 61 , the operation rule is that all participants perform one of two operations I, X, with the exception of one participant, who performs one of four operations I, X, Y, Z. Group members must take turns fulfilling this function. The key generating methods are different according to the number of participants that are even or odd. However, the operation rule of the proposed protocol is that every participant performs one of two operations I, X and there is only one key generating method. Dynamic in protocol. To make the proposed protocol more flexible, dynamic properties are added to it. It is able to perform four distinct dynamic actions, namely, 1. join members, 2. combine two groups into one group, 3. revoke members and 4. divide one group into two groups, to be discussed.
A new member joins. The process is that configure initial quantum state to all members including new members again in order to generate a new group key. Suppose that there is a group, G 1 , composed of M , wants to join G 1 and generate new group key. This process consists of five steps: 1. After the previous key agreement, because the group leaders have to take turns, M i three-qubit entangled states (because every member needs to take turns as a leader to collect entangled states for performing GHZ measurement) respectively. Then they perform the corresponding operations on all three-qubit entangled states to turn them into initial states + ( 000 111 ) 1 2 123 . After that, the number of entangled qubit has to be    where P is the number of group members. Because of a new member joining, this condition is not satisfied odd number of the entangled qubit, M i 1 splits the (N)/ (3) three-qubit entangled states into three sequences: S i 1 , S i 2 and S i 3 . After that, taking one leader as an example, the others do the same thing: . Therefore, every three-qubit entangled state will be turned into a five-qubit entangled state. Then M 1 1 renames his sequence from  S S S , , , announce the positions and states of detection qubits 62 after other members receive sequences with detection qubits 62 . And all members can use the corresponding bases to measure these detection qubits 62 . If the error rate is higher than the threshold, this communication should be aborted. Otherwise, they go to the next step. 1 . 4. After the key encryption, all members randomly insert the detection qubits 62 for channel checking. They send their qubit sequences to their group leader. When every group leader has received the qubit sequences with detection qubits 62 from the members, they announce the positions and states of the detection qubits 62 for the channel checking, and check the error rate. They abort this communication if the error rate is higher than the threshold; otherwise, they go to the next step. 5. All group leaders perform the GHZ measurement and announce the measurement results. All members can obtain the group key through the measurement results and their own operation information.
Combine two groups into one group. They exchange their old operations (key) information to each other in order to combine into one group. If three or more groups want to combine into one group, the process must be undergone in group pairs. Suppose that members of the G 1 , composed of M 1 1 and M 2 1 , and G 2 , composed of M 3 2 , M 4 2 , and M 5 2 , want to combine into one group. They must exchange operations information of the two groups. It requires all three-qubit entangled states which are held by every member respectively. The process involves six steps: 1. Take one member as an example, M 1 1 turns his all three-qubit entangled states into + ′ ( 000 111 )  Revoke an old member. This is the process by which all members except an evicted member configure a fresh initial GHZ state for generating a new group key. Suppose that there is a group G 1 which is composed of M five-qubit entangled states into five sequences: S i 1 , ′ S i 1 , S i 2 , S i 3 and S i 4 , and performs CNOT 11′ on S i 1 and ′ S i 1 , and performs CNOT 14 on S i 1 and S i 4 . N five-qubit entangled states will be turned into N three-qubit entangled states. After that, taking one leader as an example, the others do the same thing: M 1 1 inserts the detection qubits 62 into S 2 1 and S 3 1 and sends S 2 1 and S 3 1 with the detection qubits 62 to M 2 1 and M 3 1 , respectively. 2. M i 1 (i = 1, 2, 3) announces the positions and states of the detection qubits 62 after other members receive sequences with detection qubits 62 . All the members use the corresponding bases to measure these detection qubits 62 . If the error rate is higher than the threshold, this communication should be aborted; otherwise, they go to the next step. 3. The operation rule is that all members are able to perform one of two operations {I, X} on their qubits sequences. The two operations, I and X, represent that key is "0" and "1", respectively. Then, every member will be the group leader in turn who measures the entangled states and announces the measurement results. Hence, the order of group leader in G 1 is M 1 1 . 4. After the key encryption, all members randomly insert the detection qubits 62 for channel checking. They send their qubit sequences to their group leader. When every group leader has received the qubit sequences with detection qubits 62 from members, they announce the positions and states of the detection qubits 62 for the channel checking, and check the error rate. They abort this communication if the error rate is higher than the threshold; otherwise, they go to the next step. 5. All group leaders perform the GHZ measurement and announce the measurement results. All members can obtain the group key through the measurement results and their own operation information.
Divide one group into two groups. This process is similar to that for the proposed two-group DGMQKA protocol. Suppose that there is a group, G 1 , composed of 12345 . Every member splits them into five sequences and inserts detection qubits 62 into every sequence except their own sequence. After that every member sends all the sequences with detection qubits 62 to other members. b. Every member announces the positions and states of detection qubits 62 after other members have received sequences with detection qubits 62 . All members are able to use the corresponding bases to measure these detection qubits 62 . If the error rate is higher than the threshold, this communication should be aborted; otherwise, they go to the next step. c. The number of members in G 1 is 2, so the number of entangled qubits has to be 3. Therefore, there is a member in G 1 to prepare a sequence which is composed of N/5 single qubits in 0 . Here, suppose that M 1 1 prepares a sequence S 1′ composed of N/5 single qubits in ′ 0 1 . Then, M 1 1 performs the CNOT 11′ operation on S 1 and S 1′ , where each qubit in S 1 is a control bit and the corresponding each qubit in S 1′ is a target bit. Every five-qubit entangled state: + ( 00000 11111 ) 1 2 12345 will be turned into six-qubit entangled state: + ′ ( 000000 111111 ) 1 2 11 2345 . The number of members in G 2 is 3, so the number of entangled qubits have to be 3 and this condition is satisfied. After all the groups have gone through the above steps, all members add their own idea for a key by performing operations on qubits in hand. The operation rule is that all members are able to perform one of two operations {I, X} on their qubits sequences. The two operations: I and X, represent that key is "0" and "1", respectively. Then, every member will be the group leader in turns who measures the entangled states and announces the measurement results. Hence, the order of group leader in G 1 is 2 . d. After the key encryption, all members randomly insert the detection qubits 62 for channel checking. They send their qubit sequences to their group leader. When every group leader receives the qubit sequences with detection qubits 62 from members, they announce the positions and states of the detection qubits 62 for the channel checking, and check the error rate. They abort this communication if the error rate is higher than the threshold; otherwise, they go to the next step. e. Finally, the two group leaders perform GHZ measurement and announce the measurement results for generating a group key. As a result, the members of the two groups have their respective group keys and one group has successfully been divided into two groups. Security analysis. This section will discuss External and Internal attacks. An external attack is any situation in which an eavesdropper wants to obtain the key agreement results. An internal attack is a situation in which any group member is able to determine the key agreement results.
External attack. In the following discussion, an eavesdropper, Eve, wants to extract the secret key without being detected. Secret messages can only be encrypted after the key is generated. This means that secret messages are not leaked if Eve is detected trying to steal the key. Therefore, this section will only discusses the situation in which Eve steals the key and has not been detected. Four common attack strategies can be used to achieve this goal: an intercept-and-resend attack, a control-not attack, an entangling attack, and a Trojan horse attack. The intercept-resend attack is addressed first. In the proposed protocol, the sender will insert detection qubits 62 into a qubit sequence with random states and positions in every qubit resource transmission. If Eve intercepts all qubits and measures them to try to get the operations performed by group members, she may change the states of the detection qubits 62 because she doesn't know the detection qubits 62 , correct states and positions. She will be detected by the 1 4 probability with single qubit 1,62 . There is a − (1 ) n 3 4 probability that Eve will not be detected with a continuous n single detection qubit.
Next, the control-not attack is addressed. Eve uses a control-not gate to steal the information of operations performed by group members 63 . Suppose that there is a group G 1 composed of two members, , Eve performs CNOT 2,E on qubit 2 and qubit E, which is 0 E , where qubit 2 is a control bit and qubit E is a target bit. Then, Eve sends qubit 2 to M 2 1 . After M 2 1 performs the operation for generating a group key, Eve performs CNOT D,E again. Then, Eve performs Z-basis measurement on qubit E. If the measurement result of qubit E is 0 E , it means that the operation of M 2 1 is I 2 ; otherwise, the operation of M 2 1 is X 2 . However, Eve cannot know what qubits are detection qubits 62 for channel checking, and she may change the states of these detection qubits 62 and thus be detected. Eve performs CNOT D,E , where the control bit is detection qubit |+⟩ D D and target bit is 0 E as (1). After this, qubit D will be entangled with qubit E, such that the state qubit D may be measured to |− D ⟩ in X-basis. If the measurement result of qubit D is ⟩ D |− , Eve can be detected. However, if the state of detection qubit D is | ⟩ 0 D or | ⟩ 1 D , Eve cannot be detected because qubit D isn't entangled with qubit E. The detection probability is 1 4 with a single qubit for channel checking.
Thirdly, entangling attack is discussed. Suppose Eve intercepts a sequence S i (I = 2, 3, ..., n), where n is the number of participants, and performs a unitary operation U on the intercepted qubits to entangle an ancillary qubit E prepared in advance. The unitary operation U can be defined by the following equations:  where e 00 , e 01 , e 10 and e 11 are four states decided by the unitary operation U, |a| 2 + |b| 2 = 1 and |c| 2 + |d| 2 = 1. If Eve does not want to be detected in the channel checking, she cannot change the state of the qubits in S i . Therefore, the operation U must satisfy a = d = 1, b = c = 0 and e 00 = e 11 . However, Eve cannot distinguish between e 00 and e 11 , and this means that Eve cannot distinguish among 0 , 1 , + and − . As a result, Eve cannot obtain any useful information, and the entangling attack is unsuccessful for the proposed protocol. Finally, let us discuss the Trojan horse attack. If the qubit is a photon, there are two kind of Trojan horse attacks: delay-photon 64 and the invisible photon 65 attack. In order to handle the problems, the specific detecting devices are used, such as photon number splitter (PNS) and wavelength filter. For the delay-photon attack, the PNS can be used to count the number of photons for detecting whether excess exists in the signal transmission. As for the invisible attack, a wavelength filter (WF) can be added before the receiver's device which can leach out the spy photons and thus prevent the invisible photon attack.
In our protocol, the qubit sequence are always inserted into detection qubits 62 in every transmission. Our protocol can defend above three common external attack through the detection qubits 62 . Moreover, the specific devices, which are PNS and WF, are added for defeating the Trojan horse attack. In addition, in dynamic, join a new member, combine two groups into one group, revoke an old member, and divide one group into two groups, it is also secure because of detection qubits 62 in every transmission. Therefore, our protocol won't be attacked by eavesdropper whether it is in dynamic or not.
Internal attack. In this proposed protocol, after the measurement results are announced, all group members know the group key. As a result, the member who announces the measurement results is every important. Take the above two-group case for example; if the group operations of G 2 are III 345 , the measurement results should be Ψ 000 or Ψ 100 . Group leader, M 3 2 who announces the measurement results, would like to decide the group key by announcing measurement results which are different from the original. In addition, the group key must be generated afresh when a new member is added to a group, when two groups combine into one group, when a member is revoked from a group, and when one group is split into two groups. If the group leaders are dishonest, the group key also can be controlled through announcing different measurement. Therefore, the group leader has to be by turns. It can sure that no one can control the whole key string.

Consumption comparison.
Three standards of comparison are use in this study, namely, "number of transmissions", "number of qubit measurement", and "number of qubit for channel checking". The proposed protocol is compared with 8 current MQKA protocols, namely "Shi and Zhong 53 ", "Liu et al. 54 ", "Shukla et al. 55 " (Zhu et al. 56 pointed out Shukla et al. 's protocol is insecurity and modified it with additional classical message, but the consumption is almost the same as the original one, so we count it into this section), "Sun et al. 1 57 ", "Sun et al. 2 58 ", "Huang et al. 59 ", "Cao and Mao 60 " and "Zeng et al. 61 ". Although the proposed protocol can be used in two groups or more, it will be compared with other protocols using only one group. Table 2 shows the detailed consumption comparison between these 8 MQKA protocols and ours. The consumption analysis will be described as follows: Number of transmission. Using the same key length key agreement, the proposed protocol is compared with 8 current MQKA protocols in terms of number of transmissions. Each qubit is counted as the number of transmissions from all participants, with the exception of qubits for channel checking. Here, N is the number of participants. According to Table 2, the number of transmissions of all current MQKA protocols is N 3 except 61 , because of unicast transmission. The performance of the proposed protocol is same as Zeng et al. 's protocol 61 , because those two protocols are based on the MQSDC protocol 25 . However, the proposed protocol is more flexible. Therefore, the numbers of transmissions of these current MQKA protocols are higher than that of the proposed protocol. The total comparison is shown in Fig. 3.
Number of qubit measurement. In this section, the number of qubits measurement is discussed. Different quantum states are used in the current MQKA protocol, such as single qubit, Bell states, GHZ states, four-qubit cluster states and six-qubit states. Current MQKA protocols are able to finish the agreement process after the measurement. The greater the number of qubits measured, the higher the cost. Assume that same length key is agreed in every MQKA protocol, and one qubit measurement will be counted once 53 . takes a large number of qubits because it has to run Bell state measurements in every transmission 54 . must prepare many single qubits and requires a large number of qubits. Others 55,57-61 and the proposed protocol require fewer qubits because these protocols only measure qubits in the last transmission. The proposed protocol only needs the GHZ measurement once, the same as Zeng et al. 's protocol 61 , because they are based on MQSDC 25 . Details are shown in Fig. 4.
Number of qubit for channel checking. The number of qubits used for channel checking should be discussed with sequence transmission. These sequences are inserted into the qubits for channel checking. In this section, sequences are composed of 200 qubits. There are 20 qubits for channel checking in a sequence. The probability of an eavesdropper being detected is − ≈ .
( ) 1 0 997 3 4 20 . Without losing fairness, each protocol agrees on a 180N bit key, where N is the number of participants. Because of different transmission methods, those protocols 53-55,57-60 using unicast transmission require more qubits for channel checking than in Zeng et al. 61 and the proposed protocol using multicast transmission. Therefore, our proposed protocol is more flexible than Zeng et al. 's protocol 61 . Details are given in Fig. 3.  Implementation discussion. The proposed protocol mainly uses GHZ states. The entangled state, however, is difficult to maintain on a noisy channel, especially in dealing with a multiple entangled state. In addition, there are two important issues: absorption and decoherence. First is the absorption issue: the transmission distance of sender and receiver is also a challenging issue because the qubit is easily absorbed by the channel. Second is the decoherence issue: the qubit state easily interacts with the environment, leading to the state being changed because the qubit is too small to be disturbed. Many researchers have tried to solve these issues by the quantum repeater with the techniques of entanglement purification and concentration. Bennett et al. first proposed two protocols for entanglement purification 66 and concentration 67 , where the purification extracts one of the four Bell states for mixed states and concentration adjusts the amplitude to the maximally entangled states for pure state. The entanglement purification and concentration can give ideal entangled states to the agents. Briegel et al. 68 proposed a quantum repeater protocol by using entanglement swapping to exchange the entangled chain repeatedly till to create a quantum channel between the sender and receiver. So far, many protocols on purification [69][70][71][72] , concentration [73][74][75][76][77] and repeater have been implemented and experimented on to create a pure Bell state. Those techniques caused the practicality of quantum repeater 78,79 to become mature. Furthermore, more types of entangled states concerning purification and concentration have been subject to experiments and applications, such as multipartite entanglement purification 71 , concentration in graphene 77 , GHZ 80 , cluster 81 state, N-particle W state 76 , and an application for quantum blind computation 72 . The proposed protocol can use only the concept of Briegel et al.'s quantum repeater 68 for implementation, which distributes only two entangled states for the sender and receiver, and can be currently implemented. Using the technique of Chou et al. 's MQSS 40 protocol, the sender can distribute the Bell state by quantum repeater and perform GHZ measurement based on the qubits he holds. The multiple Bell state entangled chain will become a GHZ state; then the GHZ distribution can be completed. Another advantage of the proposed protocol is that it can work well with same initial state, i.e. they can distribute the GHZ state in the beginning when they get together. This advantage is very suitable for a wireless sensor network because these sensors get together in the  beginning. After this, during the key generation stage, those agents can perform nonlocal controlled-gate [82][83][84] operations to accomplish the GHZ measurement without GHZ state transmission, by only consuming a Bell state between each controlled and target bit. In the future, a quantum internet 85 will become more and more feasible, and save additional cost for the consumption of a quantum repeater and nonlocal operations.

Conclusion
This study successfully proposes a novel dynamic group MQKA protocol. The protocol is the first MQKA with dynamic group properties. Thus, the proposed protocols are fundamentally different from all the existing MQKA protocols. Because of the multicast transmission method, the proposed protocol is more effective than other MQKA protocols. In addition, its dynamic nature makes the protocol more flexible. On the other hand, the proposed protocol is also helpful for research of QSS because the two complement each other. In the security analysis section of this paper, the proposed protocol was able to defend external eavesdropper attacks and internal malicious participant attacks. In the consumption comparison section, the performance of the proposed protocol was shown to be superior to the compared MQKA protocols 53-55,57,58,60,61 . Data availability. No datasets were generated or analysed during the current study.