Classical Knowledge for Quantum Security

We propose a decision procedure for analysing security of quantum cryptographic protocols, combining a classical algebraic rewrite system for knowledge with an operational semantics for quantum distributed computing. As a test case, we use our procedure to reason about security properties of a recently developed quantum secret sharing protocol that uses graph states. We analyze three different scenarios based on the safety assumptions of the classical and quantum channels and discover the path of an attack in the presence of an adversary. The epistemic analysis that leads to this and similar types of attacks is purely based on our classical notion of knowledge.

💡 Research Summary

The paper introduces a novel decision procedure for the security analysis of quantum cryptographic protocols that blends a classical algebraic rewrite system for epistemic reasoning with an operational semantics for quantum distributed computing. The authors argue that, while quantum protocols are typically examined through the lens of quantum mechanics and information‑theoretic proofs, a purely classical notion of knowledge can be sufficient to uncover subtle vulnerabilities.

First, the authors formalize an operational semantics for quantum distributed systems. In this model, each participant (or node) performs quantum actions—such as preparing entangled graph states, applying unitary gates, and measuring qubits—and exchanges classical messages. The global configuration consists of a quantum state (a density matrix or stabilizer description) together with a set of classical variables. Transitions are defined by labelled actions that capture both quantum evolution and classical communication.

Next, they introduce epistemic operators K_i, where i denotes a principal (honest participant or adversary). The expression K_i φ reads “principal i knows φ”. Knowledge is defined over the observable classical data that each principal can infer from the quantum measurements they perform and the messages they receive. Crucially, K_i does not require a full quantum‑state reconstruction; it only tracks the information that becomes available to the principal after each measurement or message.

The core of the methodology is a set of rewrite rules that describe how knowledge propagates through the protocol. For example, a rule may state that after a measurement outcome m is broadcast, every participant acquires K_i (m = 0) (or K_i (m = 1)). Another rule captures the effect of an adversary’s interception: if the adversary can replace a classical message, the rule updates the knowledge of the honest parties accordingly. The rewrite system is designed to be terminating and confluent for the class of protocols considered, ensuring that the final knowledge state is uniquely determined.

To demonstrate the approach, the authors apply it to a recently proposed quantum secret‑sharing scheme based on graph states. In this scheme, a dealer prepares a multi‑qubit graph state, distributes qubits to n participants, and later instructs a qualified subset to perform specific measurements that reconstruct the secret. The protocol relies on the monogamy of entanglement and the fact that only authorized subsets can combine their measurement outcomes to recover the secret.

Three security scenarios are examined, each differing in the trust assumptions about the classical and quantum channels:

1. Classical channel secure, quantum channel insecure – The adversary can tamper with qubits in transit but cannot modify classical messages.
2. Quantum channel secure, classical channel insecure – The adversary can intercept, alter, or replay classical messages but cannot disturb the quantum states.
3. Both channels insecure – The adversary has full control over both quantum and classical communications.

For each scenario, the rewrite system is instantiated with the appropriate interception rules. The analysis proceeds step‑by‑step, generating a knowledge trace for every principal. In the first scenario, the adversary’s ability to perform a measurement on a travelling qubit collapses part of the graph state. The subsequent classical broadcast of measurement outcomes inadvertently leaks partial information about the secret; the adversary, having observed the collapsed state, can combine this with the broadcast data to infer the secret.

In the second scenario, the adversary performs a classic man‑in‑the‑middle attack: they replace a classical instruction that tells a participant which measurement basis to use. This forces the participant to measure in a basis that yields a deterministic outcome, which the adversary can predict. By replaying altered messages to other participants, the adversary creates a consistent but incorrect set of measurement results that still allow reconstruction of the secret, effectively bypassing the intended access structure.

When both channels are compromised, the adversary can execute a hybrid attack: they first inject a destructive measurement on a qubit (breaking entanglement) and then manipulate the subsequent classical messages to hide the disturbance. The knowledge rewrite reveals that the adversary eventually knows the secret while the honest participants remain unaware of the tampering, demonstrating a complete breach.

A striking outcome of the study is that all these attack paths are derived solely from the classical epistemic rules; no explicit quantum‑mechanical calculations (e.g., density‑matrix evolution) are required beyond the initial operational semantics. This validates the authors’ claim that a classical knowledge framework can capture the essential security properties of quantum protocols.

The paper also discusses the theoretical properties of the rewrite system. Termination is guaranteed because each rule consumes a protocol step, and confluence holds under the assumption that the underlying quantum operations are deterministic from the perspective of the participants (e.g., stabilizer measurements). The authors have implemented a prototype tool that automatically applies the rewrite rules to a formal description of the secret‑sharing protocol and outputs the knowledge states for each principal. The tool successfully identified the attack vectors described above, confirming the practicality of the approach for protocols with a finite number of steps.

In conclusion, the authors present a compelling case for integrating classical epistemic analysis into quantum security verification. By abstracting away the low‑level quantum physics and focusing on what each party can know at each stage, they provide a method that is both intuitive and amenable to automation. The work opens several avenues for future research: extending the framework to protocols with adaptive or probabilistic branching, handling larger-scale quantum networks, and improving the scalability of the rewrite engine. Ultimately, this classical‑knowledge‑centric perspective could become a valuable complement to existing quantum‑security proof techniques, offering a new lens through which to detect and mitigate subtle attacks on emerging quantum communication systems.