A generalized architecture of quantum secure direct communication for N disjointed users with authentication

In this paper, we generalize a secured direct communication process between N users with partial and full cooperation of quantum server. So, N − 1 disjointed users u1, u2, …, uN−1 can transmit a secret message of classical bits to a remote user uN by utilizing the property of dense coding and Pauli unitary transformations. The authentication process between the quantum server and the users are validated by EPR entangled pair and CNOT gate. Afterwards, the remained EPR will generate shared GHZ states which are used for directly transmitting the secret message. The partial cooperation process indicates that N − 1 users can transmit a secret message directly to a remote user uN through a quantum channel. Furthermore, N − 1 users and a remote user uN can communicate without an established quantum channel among them by a full cooperation process. The security analysis of authentication and communication processes against many types of attacks proved that the attacker cannot gain any information during intercepting either authentication or communication processes. Hence, the security of transmitted message among N users is ensured as the attacker introduces an error probability irrespective of the sequence of measurement.

check. In other words, the quantum key distribution (QKD) process and the classical communication of ciphertext are reduced into one single quantum communication procedure in QSDC. In QSDC, the concept of direct transmission of secret messages involves two kinds of meaning: On one hand, secret messages rather than raw keys are transmitted; on the other hand, the receiver does not require any separate classical communication from the sender to decode out secret messages 26,31,32,[39][40][41][42][43][44][45][46][47][48][49][50][51][52]57,59 . In 2002, Long and Liu 52 put forward the first QSDC protocol, in which the secret message is transmitted directly. In the same year, by taking advantage of Einstein-Podolsky-Rosen (EPR) pairs as quantum information carriers, Boström and Felbinger 20 put forward the famous QSDC protocol referred to as the ping -pong protocol later. In 60 , the authors enhanced the capability of the ping -pong protocol by adding two more unitary operations. In 22 , a two-step quantum secure direct communication protocol was proposed for transferring quantum information by utilizing Einstein-Podolsky-Rosen (EPR) pair blocks to secure the transmission. In 21 , the authentication and communication process was performed using Greenberg-Horne-Zeilinger (GHZ) states. First, the GHZ states were used for authentication purposes; the remaining GHZ states were used to transmit the secret message directly. In 17 , the architecture for a centralized multicast scheme was proposed basing on a hybrid model of quantum key distribution and classical symmetric encryption. The proposed scheme solved the key generation and the management problem using a single entity called centralized Quantum Multicast Key Distribution Centre. In 61 , a novel multiparty concurrent quantum secure direct communication protocol based on GHZ states and dense coding is introduced. In 59 , a managed quantum secure direct communication protocol based on quantum encoding and incompletely entangled states is presented. In 57 , a scheme for quantum secure direct dialogue protocols, which is adapted to both collective-dephasing noise and collective-rotation noise, is proposed by using the logical Bell states as the traveling states to resist collective noise. Different from QSDC, there is another kind of quantum secret communication named deterministic secure quantum communication (DSQC), where the receiver needs a separate classical communication from the sender to help decode out secret messages. In the framework of DSQC, the receiver can read out the secret message only after the transmission of at least one bit of additional classical information for each quantum bit, different from QSDC in which the secret message can be read out directly without exchanging any classical information 20,23,24,26,29,36,38,53,55,56,58 . In 53 , a novel scheme for deterministic secure quantum communication (DSQC) over collective rotating noisy channel is proposed as a four special two-qubit states are found can constitute a noise-free subspaces, and so are utilized as quantum information carriers. In 2002, Beige et al. 54 first proposed a DSQC scheme based on single-photon two-quantum bit states. Then in 2004, Yan and Zhang 24 proposed a DSQC scheme based on EPR pairs and quantum teleportation. In 2005, Gao et al. 55 and Man et al. 26 proposed two DSQC protocols also based on entanglement swapping. In 2006, with EPR pairs based on the secret transmitting order of particles, Zhu et al. 20 proposed two DSQC schemes, one is a round trip scheme, and the other is a one way trip scheme. Lee et al. 29 proposed a protocol for controlled DSQC with Greenberger-Horne-Zeilinger (GHZ) states. In 2009, Xiu et al. 56 proposed a controlled DSQC scheme using five qubit entangled states and two-step security test. In 58 , a hyper entangled Bell state is used to design faithful deterministic secure quantum communication and authentication protocol over collective-rotation and collective-dephasing noisy channel, which doubles the channel capacity compared with using an ordinary Bell state as a carrier; a logical hyper entangled Bell state immune to collective-rotation and collective-dephasing noise is constructed. Different quantum authentication approaches have been developed for preventing various types of attacks and especially man-in-the-middle attack 62-66 . However, these quantum secure direct communication approaches are still prone to provide a low degree of effectiveness and an inadequate level of security. Here, we propose a convenient and efficient scheme for transmitting a series of classical messages among two, three, or more users (generalized to N users). Therefore, − N 1 disjointed users , , …, − u u u N 1 2 1 can transmit a secret message consisting of classical bits to a remote user u N . The transmission process is accomplished by utilizing the property of dense coding and Pauli unitary transformations. First, the quantum server authenticates and verifies the identities of the communicated disjointed users through the generated entangled shared key and the Controlled -NOT gate. After the authentication is completed successfully, the remaining generated entangled shared key is used to generate shared GHZ states, which are intended for directly transmitting the secret message. If there is a quantum channel among the users, they can communicate using our partial cooperation process. In that case, − N 1 disjointed users generate a random sequence of bit strings of the transmitted plain message. Next, each user applies an appropriate unitary transformation according to his plain message bit string value and transmits the transformed message to u N . Then, u N retrieves the original sent secret message by applying the N -GHZ measurement to his/her particle and , , …, − u u u N 1 2 1 particles. Afterwards, the quantum server calculates the status of his or her particle according to x basis and announces his or her measurement results. Then, u N uses those measurements and the quantum server publication to retrieve the original sent secret bits by , , …, − u u u N 1 2 1 . If there is no quantum channel among the users, they can use our full cooperation process, but in this case the transformed message will be sent to the quantum server instead of u N .
The efficiency and effectiveness of our protocol can be summarized into five points. First, the GHZ state is the maximally entangled state, so that the correlation can be more easily destroyed once any single N particle is attacking. Second, using the N -GHZ particle makes eavesdropping detection more effective and secure in comparison to some of the other QSDC protocols. For example 22 , proposed a two-step quantum secure direct communication where an EPR pair block is used to transfer the secret message. Furthermore 34 , proposed a multi-step quantum secure direct communication protocol where blocks of a multi-particle maximally entangled states are used to transmit secret messages. These protocols fail because the eavesdropper can capture some of the particles in the sequence and transmit what is left to the receiver through the quantum channel. If the eavesdropper intercepts the message sequence and conducts a GHZ measurement, he/she can retrieve some of the secret message. Therefore, the probability of information leakage exists. Third, our protocol increases the transmitted information capacity by using N -GHZ states as these provide a large Hilbert space. Fourth, − N 1 users can transmit a particular message to the receiver, u N , so the protocol is more effective as no quantum bits have to be discarded. Furthermore, the protocol is instantaneous as the receiver, , u N is able to decode the message while receiving it and there is no additional classical exchange between − N 1 (sender) users and u N (receiver). Finally, the security analysis of the authentication and communication processes of our protocol against many types of attacks proves that our protocol is unconditionally secured and the attacker will not reveal any information about the key or the transmitted message in the case of directly calculating the transferred particles over the communicated channel from the quantum server to the disjoint user, and vice versa, as the attacker introduces an error probability irrespective of the sequence of measurement.

Methods
Bell States and Controlled -NOT. The Bell states are one of the main theories of quantum information processing that denote entanglement 67,68 . Bell states are specific, highly entangled quantum states of two particles denoted by EPR. There are many research groups that proposed different approaches for realizing and experimentally generating EPR states. In 69 a high-intensity source of polarization-entangled photon pairs can be realized with high momentum definition. The proposed scheme allowed ready preparation of all four of EPR-Bell states with two-photon fringe visibilities in excess of 97%. In 70 EPR can be experimentally setup by utilizing light pulse from a mode-locked Ti-sapphire laser through a frequency doubler. The ultraviolet pulse from the doubler is split into two beams by a balanced beam-splitter and is focused on four pairs of BBO crystals to provide four EPR photon pairs. In our scheme, EPR pair can be realized by utilizing the same concept introduced in 70 .
These entangled particles have interrelated physical characteristics despite being spatially separated. When the quantum state is a multi-qubit, transformation can be achieved by applying the controlled quantum gates CNOT (Controlled -NOT), FREDKIN (Controlled -SWAP), and TOFFOLI (Controlled -Controlled -NOT). CNOT has an input of two qubits. It transforms the computational basis states by flipping the state of the second qubit only when the first qubit has a measurement of 1; otherwise, the quantum state remains unchanged 2,3,5,7,11 . The four Bell states (EPR pairs) used in both the authentication and communication processes in our scheme are defined by (Eq. (1). Authentication between the quantum server and users is achieved by the generated entangled shared key |Φ 〉 + qu and the − Controlled NOT gate. At the time of registration, the quantum server and disjoint user share a binary authentication key, A K . Each sends one entangled particle to form an EPR pair, |Φ 〉 + qu , in which the q and u particles correspond with the quantum server and disjoint user, respectively. The quantum server preserves q at its location and transmits the u particle to the intended disjoint user, as shown in (Eq. (2). Once the disjoint user obtains its u particle, it prepares a new state particle, n (See (Eq. 3), by encoding the shared authentication information according to the specified operation. When the quantum CNOT gate ₡ OP is performed on the transmitted particle and n, the resulted particle r is a state of three entanglement particles (See Eq. 4). After applying the requested operation, the disjoint user keeps particle u at its side and sends the resulted particle Φ r to the quantum server. Once the quantum server receives the resulted particle, Φ r , it decodes it by applying a quantum CNOT gate ₡ OP on both the local particle q and n (See Eq. 6, 7). The quantum server verifies the identity of the disjoint user by measuring φ n on the basis of Z. The resulted state must measure at either 0 or 1. If the measurement is equal to , 2i , the disjoint user is authenticated. However, if the resulted measurement is erroneous-meaning it is greater than the agreed threshold-then the authentication process will be terminated. Afterwards, the key is increased to authenticate the next disjoint user, sending the quantum server recursively back to step one until all disjoint users are authenticated.
and ⊗ denotes the specified user operation.
. ₡ 0 and ₡ 1 are described by (Eq. (5)) = ⊗ + ⊗ , Quantum Bit Transformation. Quantum computers can manipulate quantum information to transform a pure or mixed quantum state into another corresponding pure or mixed state 2,3,5,7,11 . In our scheme, the unitary transformation operations are defined by (Eq. (8)). For simplicity, we use X, Y, Z instead of σ σ σ , , i x y z , respectively. These are used to transform the GHZ state at the side of the sender(s) into an unreadable form that corresponds to the generated original classical message before transmitting it to the receiver.
Tables 1-4 describe the correlation between the received classical value and its corresponding unitary and GHZ transformations. Tables 1 and 2 illustrate the correlation that occurs during the communication process between two disjoint users (u i , u j ) with partial and full cooperation of the quantum server, respectively. The u i generates a sequence of random bit strings of transmitted, plain message. According to each two transmitted bits, (00, 01, 10, 11), the disjoint user, u i , applies one of the unitary transformation operations, Ŭ = {Ŭ 1 , Ŭ 2 , Ŭ 3 , Ŭ 4 }, which correspond to the four Pauli operations, {I, X, Y, Z}, respectively. Afterwards, the GHZ states convert according to the transmitted bits and the u i transformation

Value
First Bit Second Bit u i Transformation GHZ Transformation

Table 2. Correlation between Received Classical Value and its Corresponding Unitary, GHZ Transformations and Quantum Bit Transformation Correlation during the Communication Process between Two Disjoint Users with Full Cooperation of Quantum Server.
Scientific RepoRts | 5:16080 | DOI: 10.1038/srep16080 (See Supplementary Information 1) for the communication process between two disjointed users with partial and full cooperation of the quantum server). Tables 3 and 4 describe the same correlation but among three disjointed users (u i , u j and u l ) with partial and full cooperation of quantum server respectively. The difference that a new user u j generates a random sequences bits string of transmitted plain message. u j applies Ψ I u j or Ψ X u j according to the value of particle 0 or 1 respectively. Afterwards, the GHZ states will be converted according to transmitted bits, u i and u j transformations (see Supplementary Information 2 for Communication Process between Three Disjoint Users with Partial and Full Cooperation of Quantum Server).

GHZ States, Measurement and Source.
A GHZ state is a certain type of maximally entangled quantum state that includes at least three qubits (particles). This kind of state was first examined by Greenberger, Horne, and Zeilinger in 1989 71 . The standard GHZ state is defined as qubits = 3; when qubits > 3, the GHZ state is defined by Eq. (9) seen below: qubits qubits In our scheme, when the quantum server receives a user(s) request for communication with another user, the quantum server distributes GHZ entanglement states among the involved participants' users in the communication process. Distribution is established after successful completion of the authentication process prior to the commencement of the communication process. The quantum server distributes all generated particles but holds one for itself. As a consequence, the quantum server and the participated users become entangled due to the presence of only one particle per distributed GHZ state. In addition, GHZ measurement is used by the receiver or quantum server, depending on the type of cooperation used during inter-user communication. Consistent with the GHZ measurement result, the receiver determines Value u i Bits u j Bit u i and u j Transformations GHZ Transformation   (10)). There're many research groups proposed different approaches for realizing and experimentally generating multi-photon GHZ states. In 72 , an experimental entanglement of six-photon GHZ states, cluster states, and graph states is proposed. The generating of six-photon GHZ states and cluster states is achieved by EPR-entangled photon pairs. In 73 an effective protocol for preparation of N -photon GHZ states with conventional photon detectors and can be realized through a simpler optical setup with a high success probabilities. In 74 a proposed a linear optical protocol to generate GHZ states of N distant photons with certain success probabilities. The proposed set up involved simple linear optical elements N pairs of the two-photon polarization entangled states, and the conventional photon detectors. In 75 an Experimental demonstration of five-photon entanglement and open-destination teleportation is proposed by utilizing two entangled photon pairs to generate a four-photon entangled state, which is then combined with a single-photon state. In 76 N -particle GHZ states can be generated easily using the N encoders preparation with cross-Kerr nonlinearities and can be realized simply through linear optical elements and homodyne detectors. In 70 Experimental generation of an eight-photon GHZ state is proposed. An eight-photon GHZ state with a measured fidelity of 0.59 ± 0.02 proved the presence of genuine eight-partite entanglement. This is achieved by improving the photon detection efficiency to 25% with a 300-mW laser pump.
In our scheme, we use the same concept introduced in 70,72 to generate shared GHZ states. In order to develop the realization of N -particle GHZ states, the photon detection efficiency has to be improved basing on laser pump. Furthermore, a large capacity of memory for all parties to store and retrieve the required information has to take into consideration. After a successful completion of the authentication process between the quantum server and a specified user, the remaining EPR is used to generate shared GHZ states to transmit the secret message among communicated users directly. Figure 1 demonstrates how the GHZ states among u i , the quantum server, and u j are generated according to the remaining EPR. Suppose, for example, the generated EPR for the authentication process between the quantum server and u i is given by (Eq. (11)). The quantum server particle is a part of another generated EPR for the purpose of authenticating u j (See Eq. 12). The result will then be a shared GHZ state among u i , the quantum server, and u j (See Eq. 13). Similarly, |Ψ 〉  Tables 5-8 show the correlation between the quantum server publication, receiver measurement, sender operation(s), and sent bits. (Table 5) describes the correlation between the quantum server publication, u j measurement, u i operation, and sent bits during a partial cooperation process between two disjoint users. The u j performs a Bell measurement on its particle and the u i particle; the quantum server then calculates the status of its particle according to the x basis {+ , − } and announces the measurement results. The u j uses its measurements and the quantum server publications to retrieve the original secret bits sent by u i . For example, when the u j measurement is equivalent to ψ − and the quantum server publication is − , the u j concludes that the u i applied an X operation and the sent bits were 01 (See Supplementary Table S1) for the correlation during a full cooperation process between two disjoint users). Table 6 describes the same correlation of a partial process, but among three disjoint users. Here, u l performs a GHZ measurement on its particle, u i particles, and u j particles. The quantum server calculates the status of its particle according to the x basis {+ , − } and announces the measurement results. Then, u l uses its measurement and the quantum server publications to retrieve the original secret bits sent by both u i and u j . For example, when the u l measurement is equivalent to ϕ + and the quantum server publication is − , u l can conclude that u i and u j applied Y and X operations, respectively, and the sent bits were 101 (See Supplementary Table S4) for correlation during a full cooperation process between Quantum Server Publication u j Measurement u i Operation Sent Bits

Table 5. Correlation between Quantum Server Publication, Receiver Measurement, Sender (s) Operation(s) and Sent Bits during partial cooperation process between Two Disjoint Users.
(C, D) shows an illustrative example for transmitting a message 100111 from u i to u j with partial and full support of quantum server respectively.

Sent Bits
Message Sent

Table 6. Correlation between Quantum Server Publication, Receiver Measurement, Sender (s) Operation(s) and Sent Bits during partial cooperation process among Three Disjoint Users.
Scientific RepoRts | 5:16080 | DOI: 10.1038/srep16080 three disjoint users). Tables 7 and 8 illustrate the transmission of messages 100111 from u i to u j with partial and full support of the quantum server, respectively.

Results and Discussion
Masquerade as Dishonest Disjoint User Security Analysis. If an attacker would like to masquerade as dishonest disjoint user, then the attacker will work on the transmitting particle u (disjoint user particle) from the quantum server to the disjoint user. With the assumption that the attacker applying a universal operation R on u see (Eq. (14, 15)). where R represents an additional state which is created by the attacker, a represents the attacker particle and, When the attacker applying its operation, a new shared key state will be created see (Eq. (17, 18)).

One-way Channel Substitution Fraudulent Attack Security Analysis.
As the transmitted particle from the quantum server to the disjoint user doesn't contain any fact about the authentication key, so in this type of attack only the restored n (new state particle) from the disjoint user to the quantum server have to be measured. The maximum reachable information which an attacker may obtain over the communicated channel between a quantum server and a disjoint user can be computed by Holevo theory 79 see (Eq. (25)) As ᶊ (ᵽ) is equivalent to Von Neumann entropy ᵽ ᵽ ᵽ − ( ), Tr log i 2 is a component in the hybrid status and is the possibility of ᵽ i in the universe ᵽ. So the eavesdropper just has information about the authentication key by directly calculating the n (new state particle), so the resulted Ӽ (ᵽ) relies on the reduced density matrix of n, by substitution of (Eq. (25)) as shown in (Eq. (26)) As both ᵽ n and ᵽ ni required reduced density matrix for ᵽ and ᵽ i respectively. For any authentication key, the reduced density matrix of n can be represented in (Eq. (27) By replacing values for both ᵽ n and ᵽ ni in Eq. (26), Ӽ (ᵽ n ) = 0. So, the eavesdropper will not reveal any information about the key in case of directly calculating the transferred particles over the communicated channel from the quantum server to the disjoint user.

Two-Way Channel Substitution Fraudulent Attack Security Analysis. The attacker applies an
operation Θ 1 at his/her side on the transmitted particle u and supportive particle . Afterwards, the attacker transmits the resulted particle to the disjoint user. When the disjoint user receives the transmitted particle, he/she does not realize that there is attacker and he did an operation. The disjoint user applyies his normal operation and transmits the resulted particle to the quantum server. The attacker intercepts the information particle sent by the disjoint user. The attacker applies an operation Θ 2 at his side to the information particle and supportive particle η . Afterwards, the attacker transmits the resulted particle to the quantum server. The attacker attempts to retrieve certain amount of information about the key by employing two supportive particles ε and η (See Supplementary Information 3 for Full Calculations of Two -Way Channel Substitution Fraudulent Attack along with equations). When the two-bit key + A A i i 1 = 00, so the resulting decoding state by the quantum server is given in (Eq. (33, 34)) We can calculate the total possibility for discovering the attacker (Ṗ Total ) in the authentication process is given by (Eq. (35)) If the attacker would like to minimize his/her detection probability, he/she has to adjust Ṗ Total as a minimum discovering probability (See Eq. 36) which is calculated under the condition of Total So, the attacker's total information amount on the transmitted key bits between the quantum server and the disjoint user can be estimated in (Eq. (37)). where Θ Total represents the total operation performed by the attacker Θ 1 and Θ 2 , x represents the key values (00, 01, 10, 11) with probability indicates the selected random values from variable x,  = η µτ y ij with i, j, µ τ , ∈ , { 0 1}. Consequently, the joint gained information by attacker's total operation Θ Total is given in (Eq. (38))  Total  T otal  Total  T otal   Total  T otal  Total  T otal   1  4  1  8  16  log 1  8  1 6   1  8  16  log 1  8  1 6  39   2  2   2   2  2   2 Therefore the total estimation probability of A K is given in (Eq. (40)) By simplification of Eq. (40) of A K is given in (Eq. (41)) (see Supplementary Information (5) for Proving Relation between and  θ sin )

If
indicates that the total estimation probability is maximized see (Eq. (42)) (see Supplementary Information (6) for Proving Relation between and Total) Therefore, the probability of the attacker for successfully retrieving the transmitted keys = , , By substituting (Eq. (42)) in equation (Eq. (43)), so Figure 2A is shown that the possibility for discovering the attacker while attempting to retrieve any information about the key bits is equal to non-zero. For example if Total = 25% means the attacker can gain maximal joint information = .
T bit 0 5 on the transmitted keys between the quantum server and disjoint user. From Fig. 2B, we can conclude that when the total estimation probability is maximized which means reaching to one, the attacker can positively maximum retrieve 0.5 bit of the transmitted key A K while the maximum total estimation probability is equal to 25%. Figure 2C illustrates that if the minimum discovery probability is equal to [0, 12.5, 25, 50] ). Figure 2D shows that the maximum and minimum values for successfully retrieving the information of the transmitted keys A k by the attacker while N = [2,4,8,16] . , . , .
,  Figures 2F and 3 illustrate while the number of transmitted key bits N becomes larger, the possibility of successfully retrieving A k becomes smaller and reach zero. So, the attacker will not reveal an enormous amount of information which can be ignored and avoided by updating key between the disjoint user and the quantum server periodically. In this case, the information of the attacker on the old key will be useless.

Generalization of Communication Process between N Disjoint Users with Full Cooperation of Quantum Server. Here, we generalize our approach for Communication Process between N Disjoint
Users with full Cooperation of Quantum Server as shown in Fig. 4B. The sequence of the steps is similar to a partial one except that the selected ………. Communication Process Security Analysis. After u j retrieves the original secret sent bits which sent by u i , u i informs u j about the positions of the transmitted particles and the selected unitary transformation applied to them. Afterwards, u j verifies the selected particles by u i and obtains an approximation of error percentage in the communication process. If the error percentage is under the specified threshold both u i and u j can continue the transmission of the secret messages, otherwise the communi- cation process will be terminated. If an attacker tries to spy on the transmitted GHZ particles, the attacker at most can obtain one particle. So, the attacker couldn't decide which operation is applied by u i , consequently couldn't retrieve any transmitted secret bits. Suppose that the attacker apply an operation Θ u A i on u i and his qubit A see (Eq. (45)).  As shown in (Eq. (47,48)), the attacker can't gain any information during intercepting the communication process. As well the attacker introduces an error probability of ½ irrespective of the sequence of measurement. For example, suppose that the attacker measurement is the same as u i means the applied unitary transformation may be I or Z. If the measurements are different then the possible applied unitary transformation may be X or Y.