Standard (3, 5)-threshold quantum secret sharing by maximally entangled 6-qubit states

In this paper, a standard (3, 5)-threshold quantum secret sharing scheme is presented, in which any three of five participants can resume cooperatively the classical secret from the dealer, but one or two shares contain absolutely no information about the secret. Our scheme can be fulfilled by using the singular properties of maximally entangled 6-qubit states found by Borras. We analyze the scheme’s security by several ways, for example, intercept-and-resend attack, entangle-and-measure attack, and so on. Compared with the other standard threshold quantum secret sharing schemes, our scheme needs neither to use d-level multipartite entangled states, nor to produce shares by classical secret splitting techniques, so it is feasible to be realized.

Classical secret sharing (CSS), proposed by Shamir 1 and Blakley 2 independently in 1979, is an important issue in modern cryptography. Its basic idea is to divide the classical secret into some shares such that the dealer can transmit the shares to the participants respectively through classical channel, and only all the participants work together can recover the secret, at the same time, some parts of them can not get any information of the secret. Hillery et al. 3 proposed the concept of quantum secret sharing with reference to the classical secret sharing schemes, and designed two quantum secret sharing (QSS) schemes by using the quantum correlation of the GreenHorne-Zeilinger (GHZ) states in 1998. In Hillery's QSS scheme of classical information, Alice shares her classical key with Bob and Charlie based on the correlations of the results of measurements with Pauli operators X or Y. However, in their QSS scheme of quantum information, teleportation is used for Alice to share quantum state with Bob and Charlie. In the same year, Karlsson et al. 4 proposed another secret sharing protocol using the quantum correlation of two-particle entangled states, which encodes one bit information into unbiased orthogonal entangled state set {|ψ + �, |φ − �} or {| + �, | − �} randomly in order to prevent the attack from a dishonest receiver or an eavesdropper, who wants to obtain the secret alone without the help of other agents by capturing both particles and performing a measurement with Bell basis. Here, Guo 5 proposed the first QSS scheme of classical key using product state as quantum channel. It is based on BB84 by encoding 1 bit with {|00�, |11�} or {| + +�, | − −�} randomly. Afterwards, several novel QSS protocols using single photon and local unitary operations were presented by Zhang 6 , Han 7 , and Yan 8 , respectively. Recently, Tavakoli 9 pointed that a wide class of quantum protocols using d-level GHZ entanglement states (d is odd prime) can be mapped into simple ones involving one qudit, and proposed a QSS protocol which requires only sequential communication of a single d-level quantum system. Furthermore, Hao 10 proposed a novel quantum secret sharing scheme by a single-particle p 2 -dimensional quantum system (p is a prime) and unitary transformation between these mutually unbiased bases.
However, entangled states play a more important role in all sorts of quantum information processing tasks including QSS. Up to now, in addition to Hillery's and Karlsson's schemes mentioned earlier, a large number of QSS schemes have been proposed based on various entangled states, such as GHZ states [11][12][13][14] , GHZ like states 15,16 , Bell states [17][18][19][20][21] , genuine multiparty entangled states (including maximally genuine multiparty entangled states, www.nature.com/scientificreports/ cluster states and graph states, etc.) [22][23][24][25][26] , and d-level entangled states (for example, d-level GHZ states and d-level Bell states) [27][28][29][30][31][32] . A (t, n)(t ≤ n) threshold secret sharing (abbreviated to TSS) scheme divides a secret into n pieces such that any t or more than t out of n pieces can recover the secret, while less than t pieces can not. Shamir and Blakley proposed independently the first threshold classical secret sharing (abbreviated to TCSS) schemes, which are called Lagrange interpolating polynomial scheme and vector scheme, respectively. Naturally, if a TSS scheme is implemented by quantum technique, it is called (t, n) threshold quantum secret sharing (abbreviated to TQSS) scheme.
By using the technique of quantum error correction coding, the first TQSS scheme sharing quantum states was proposed by Cleve 33 in 1999. In 2013, Gheorghiu 34 introduced a scheme by embedding a classical linear code into a quantum error-correcting code and then mapping the latter to a quantum secret sharing protocol. In this protocol, some of the players are only required to perform local measurements and share their measurement results via classical channels.
It is worth pointing out that TQSS schemes based on quantum error correction coding can also be used to share classical messages because schemes sharing quantum state can also share classical information. However, these methods are not easy to be implemented because they usually require complicated operations and d-level multiparty entangled states.
Another importatnt idea of TQSS sharing classical information is to employ Shamir's secret splitting technique 1 to produce shares (classical information) and transmit shares by quantum mechanics. At present, a large number of TQSS schemes sharing classical information have been developed. Some examples are listed as follows:  40 proposed another TQSS scheme to share classical information in addition to quantum states by using the similar idea to Qin's. (6) In 2016, Qin 41 proposed a TQSS scheme based on single particle by using Shamir's secret splitting technique, in which the Hash function is used to guarantee the security of particle transmission. (7) In 2017, Song 42 proposed a TQSS scheme sharing a d-dimensional classical secret based on quantum Fourier transformation (QFT) and a d-level GHZ state by using Shamir's secret splitting technique. However, Kao 43 points out a calculation problem in Song's paper, which indicates that the agents are unable to obtain the boss's secret information. But, they have not suggested any improvement of the scheme in Ref. 42 to mitigate this loophole. To mitigate the loophole, Roy 44 has recently proposed a TQSS scheme sharing a d-level classical message based on a d-dimensional multi-particle entangled state by using QFT and classical secret splitting technique. (8) In 2019, Bai 45 proposed a quantum secret sharing scheme using a set of orthogonal generalized Bell states in C 4 C 4 and local distinguishability. In their proposed protocol the participants use one-way loop classical communication and local projective measurements to distinguish between the orthogonal states. And combined with the classical Shamir (t, n)-threshold scheme, a (t, n)-threshold quantum scheme was presented.
It is worth pointing out that TQSS schemes based on classical secret splitting technique are easy to understand, but they are not purely quantum and they are complex in calculating the shares.
In 2015, Rahaman 14 presented a novel restricted (2, n)-threshold LOCC-QSS scheme, in which any two cooperating players, one from each of two disjoint groups of players, can always reconstruct the secret based on the local distinguishability of n-qubit GHZ states. So far, based on the local distinguishability of multiparty entangled states, a great deal of threshold LOCC-QSS schemes have been found successively and summarized below: (1) In 2015, Yang 46 presented a standard (2, n)-threshold LOCC-QSS scheme, in which any two players can collaboratively recover the secret, using some pairs of locally distinguishable orthogonal d-level multipartite entangled states to represent the encoded secret. www.nature.com/scientificreports/ (4) In 2017, Wang 48 proposed the concept of judgment space to investigate the quantum secret sharing scheme based on local distinguishability, and developed a standard (3, 4)-threshold LOCC-QSS scheme and a standard (5, 6)-threshold LOCC-QSS scheme with three orthogonal 4-qudit (4-level) entangled states and three orthogonal 6-qudit (6-level) entangled states, respectively. Furthermore, Liu 49 proposed a standard (6, 7)-threshold LOCC-QSS scheme with five orthogonal 7-qudit (7-level). (5) In 2020, Dou 50 followed the work of Wang 48 and investigate the judgement space deeply. The digital representation and graphical representation of judgement space were given, and an algorithm was designed to search optional states for any given k and n. (6) In 2018, Bai 51 constructed a group of orthogonal multipartite entangled states in d-dimensional system and investigated the distinguishability of these entangled states under restricted local operations and classical communications, and proposed a restricted (5, n)-threshold quantum secret sharing scheme and a restricted (5, 8)-threshold quantum secret sharing scheme as an example based on these properties.
It is worth pointing out that, in the TQSS schemes based on the local distinguishability of multiple orthogonal entangled quantum states, we need to use high-dimensional quantum systems, namely qudit states instead of qubits. From above, it is known that complicated entangled qudit states or classical secret splitting technique is required in the existing standard TQSS schemes. However, TQSS schemes that are based on qubit system and do not require classical secret splitting technique are easier to implement. So, we study this question and propose a novel standard TQSS scheme sharing classical secret, in which the maximally entanged 6-qubit state (for convenience, called it BPB state) discovered by Borras 52 is used as channel and no classical secret splitting technique is required.
The remainder of this paper is organized as follows. Firstly, some singular properties of the BPB state will be described, and a standard (3, 5)-TQSS protocol sharing classical messages by the BPB states is presented. Then, the security of the protocol is analyzed. Finally, we conclude with a summary.

Standard (3, 5)-threshold quantum secret sharing
In this section, a standard (3, 5)-threshold quantum secret sharing scheme based on the BPB states is presented. In our protocol, we adopt the data block transmission technique 53 and the decoy photon technique 24,54-56 to assure the security of the transmission. First some key properties of the BPB state are developed, then a standard (3, 5)-threshold quantum secret sharing scheme is constructed by using the singular properties of the BPB state and Bell states, and finally the security analysis of the proposed protocol is presented.  In the same way, by formulas (7)-(10), we have: According to formula (4), it is known that there is 1 ebit of entanglement between any one particle and the other particles. Similarly, we have, there exists 2 ebits of entanglement between any splits of (2 − particles|4 − particles) by formulas (5) and (11), and 3 ebits of entanglement between any splits of (3 − particles|3 − particles) by formulas (6) and (12).

Standard (3, 5)-threshold quantum secret sharing scheme of classical message. Now, let us
construct the standard (3, 5)-threshold quantum secret sharing scheme based on the BPB state by the correlations of the measurement results on it and local distinguishability of Bell states. Our scheme is divided into four phases: preparing phase, checking phase, coding phase and decoding phase.
(1) Phase for preparing BPB states and inserting decoy photons. In this step, the dealer Alice prepares N BPB states indexed from 1 to N. All particles numbered i(1 ≤ i ≤ 6) in the BPB states constitute a particle sequence S i with length N. Then, Alice prepares randomly a different sequence, r i = � i (1, 2, . . . , N) , for each user Bob i . Here, � i (1, 2, . . . , N) represents an arbitrary permutation of the sequence (1, 2, . . . , N) . Now, for each particle sequence S i (i = 1, 2, . . . , 6) , Alice exchanges the order of particles in it to make a new sequence S ′ i according to the permutation sequence r i . In order to detect eavesdropping, for each particle sequence S ′ i , Alice prepares some decoy particles, which are randomly in the states {|0�, |1�, |+�, |−�} , and randomly inserts these decoy particles into the sequence S    (3) Phase for sharing secret. After Alice has distributed N BPB states to Bob i ( 1 ≤ i ≤ 6 ) in security, she informs each Bob i (1 ≤ i ≤ 6 ) of the order of the particles sent to him, respectively, i.e., the permutation � i (1, 2, . . . , N) . Then Bob i reorders his particles by the permutation. Now, any one user from { Bob 1 ,Bob 2 ,Bob 3 ,Bob 4 ,Bob 5 ,Bob 6 } can share N bits of message among the other five users using the N BPB states. That is to say, each BPB state can be used to share one bit. Suppose Bob k (1 ≤ k ≤ 6) wants to share N bits {b 0 b 1 · · · b N } among the other five users. Now, Bob k performs an appropriate unitary operation U j on the j − th particle to encode the secret b j . Here, U j satisfy: Then, Bob k measures each of his own particles with basis {|0�, |1�} or {|+�, |−�} randomly, respectively. Finally, Bob k publishes the measurements through classical channel. (4) Phase for recovering the secret messages. After Bob k has shared secret messages, any three of the other five users can work together to recover the secrets to be shared. Let's give an example to illustrate it. Suppose Bob 1 has shared his secrets by the procedure above. Now, any three users from {Bob j |2 ≤ j ≤ 6} can unite to disclose the secrets by the following method: Two users can make joint measurements on their particles in the same BPB state with Bell basis, and the third user makes local measurement with the same basis as Bob 1 . Now, By combining their own measurements with Bob 1 's measurements, they can obtain the secrets. For an instance (see Table 3), suppose that Bob 2 , Bob 3 and Bob 4 want to recover the secret shared by Bob 1 , then Bob 2 and Bob 4 can unite to make Bell measurement, and Bob 3 can make local measurement using the same basis as Bob 1 . Further, suppose that the joint measurement result from Bob 2 and Bob 4 is |φ + � , and the results from Bob 3 and Bob 1 are |+� and |+� , respectively, then we can infer that the secret is 1. It is worth pointing out, to fulfil the task, only specific two users(e.g., Bob 2 and Bob 4 in the example above), instead of any two users, can be chosen to unite to make measurement with Bell basis. By formulas (3) and (7)-(10), we can know which two of the three users need to make joint measurement with Bell basis, and which one needs to make local measurement in order to recover the secrets (see Table 4).

Security analysis of the presented TQSS protocols
In this section, we'll discuss how this protocol can prevent a dishonest Bob or a third eavesdropper Eve from acquiring the secret without being detected. In general, there are usual two types of attack method from attackers, i.e., intercept and resend attack, and entanglement attack. In our protocol, the decoy photons widely adopted in quantum secret sharing are used to check eavesdropping [39][40][41] . Consequently, when eavesdropper Eve intends to excute intercept-and-resend attack and tries to obtain the transmitted message, he can only intercept the quantum sequence but can not acquire the sequence states, and thus fails to resend a perfect copy of the sequence due to Heisenberg uncertainty principle and quantum no-cloning principle. Because Eve does not know the positions and states of the decoy photons, the attack will cause an increase in error rate to about 1/2 and thus be detected. On the other hand, If Eve possesses several agents' particles, he might attack successfully by making union measurement on his particles with Bell basis. However, since Eve can not distinguish which particles contribute to the same BPB state in the preparing phase, his measure must bring error rate of 1/2 in checking phase.
By the same analysis as Jiang 24 and Wang 56 , entangle-and-measure attack will cause error and be detected in checking step due to the decoy photons. In other words, if Eve wanted to get some useful information by entangling the attached particles, he will inevitably introduce interference, which will be found by the participants in the eavesdropping detection.

Conclusion
We have presented a standard (3, 5)-threshold quantum secret sharing protocol by genuinely maximally entangled 6-qubit states, i.e., BPB states. In our protocol, six users {Bob 1 , Bob 2 , Bob 3 , Bob 4 , Bob 5 , Bob 6 } a priori share a series of BPB states, of which Bob i owns the i − th particle of each BPB state. A BPB state can be reformulated as generalized Schimdt decomposition of any split (ij|kl|mn)(1 ≤ i � = j � = k � = l � = m � = n ≤ 6) , and the results of measurement on partial particles of the BPB state are correlative. Based on these singular properties, any three users except Bob i can recover the secret shared by Bob i . In fact, after preparing step, any one of the six users can share secret, and any three from the other five users can unite to recover the secret. The presented protocol is secure against eavesdropping by inserting the decoy photons into the distributed particle sequences.
A brief comparison of the various existing TQSS schemes sharing classical secrets with our scheme is summarized in Table 5. In summary, our protocol has the advantage that, it uses qubit entangled state instead of d-level entangled state as channel, in addtion it doesn't need to utilize Shamir's classical threshold scheme to produce secret shares. Therefore, our method is more simple and feasible. Table 4. Any three users from {Bob 2 , Bob 3 , Bob 4 , Bob 5 , Bob 6 } can unite to recover the secret shared by Bob1 through choosing two users to make Bell measurement and the third to make local measurement. Table 5. A brief comparison of the various existing standard TQSS schemes sharing classical information (for convenience, we divide them into three classes) with our scheme.

The first class
The second class The third class Our scheme