The Classification of Quantum Symmetric-Key Encryption Protocols

The classification of quantum symmetric-key encryption protocol is presented. According to five elements of a quantum symmetric-key encryption protocol: plaintext, ciphertext, key, encryption algorithm and decryption algorithm, there are 32 different kinds of them. Among them, 5 kinds of protocols have already been constructed and studied, and 21 kinds of them are proved to be impossible to construct, the last 6 kinds of them are not yet presented effectively. That means the research on quantum symmetric-key encryption protocol only needs to consider with 5 kinds of them nowadays.

💡 Research Summary

The paper proposes a systematic taxonomy for quantum symmetric‑key encryption (QSKE) protocols by modeling each protocol as a five‑tuple (P, C, K, E, D), where P is the plaintext, C the ciphertext, K the key, E the encryption operation, and D the decryption operation. Each component can be either a classical object (C) – a bit string – or a quantum object (Q) – a quantum state. This binary choice yields 2⁵ = 32 possible configurations. The authors enumerate all 32 configurations in Table 1 and label each as E (exists), O (open/unknown), or N (non‑existent).

Existing (E) protocols – five cases

1. Kind 1 (C,C,C,C,C) – ordinary classical symmetric‑key schemes such as DES or AES. All five elements are classical; this case is trivially realizable.
2. Kind 12 (C,C,Q,Q,Q) – classical plaintext and key, but quantum ciphertext, encryption, and decryption. The paper gives a concrete example: Alice encodes a classical bit x into a qubit |x⟩, applies a Y‑gate controlled by k₂ and a Hadamard controlled by k₁, sends the resulting state to Bob, who measures in a basis determined by k₁ to recover x⊕k₂ and then removes the mask. This is essentially a quantum one‑time‑pad with a classical key.
3. Kind 16 (C,Q,Q,Q,Q) – classical plaintext, quantum key, ciphertext, encryption, and decryption. The key is an EPR pair shared between Alice and Bob. Alice performs a CNOT between the plaintext qubit and her half of the EPR pair, sends the other qubit to Bob, who performs a CNOT with his half and measures to obtain the original bit. The entangled key guarantees non‑clonability and enables secure key recycling.
4. Kind 28 (Q,Q,Q,Q,Q) with a classical key – this is the well‑known Private Quantum Channel (PQC). Two classical bits (k₁,k₂) control Pauli operators Z^{k₁}X^{k₂} applied to the quantum plaintext. The ciphertext is a maximally mixed state to an eavesdropper; Bob applies the inverse Pauli operators to recover the plaintext. The protocol is unconditionally secure.
5. Kind 32 (Q,Q,Q,Q,Q) – fully quantum in every component. The key is a Bell state; encryption consists of a CNOT between the key and the plaintext, producing an entangled ciphertext. Bob applies the inverse CNOT with his half of the Bell pair, disentangling the system and retrieving the original plaintext. This demonstrates that a completely quantum symmetric‑key scheme is possible when the key is an entangled resource.

Impossible (N) protocols – twenty‑one cases
These configurations require at least one of the algorithms (E or D) to be classical while at least one of P, C, or K is quantum. The authors argue that a classical algorithm cannot accept or output a quantum state; therefore any protocol mixing a classical algorithm with quantum data violates the operational model. Consequently, all 21 configurations of this type are provably unrealizable.

Open (O) protocols – six cases
For these configurations the authors have not found concrete constructions, but they outline plausible design ideas.

• Kind 2 (C,C,C,C,Q) – all classical except decryption, which is quantum. The suggestion is to use a classical NP‑hard problem (e.g., discrete logarithm) as the encryption step and a quantum algorithm (Shor’s algorithm) as the decryption step.
• Kind 3 (C,C,C,Q,C) – encryption is quantum while the other components are classical. The proposal replaces classical randomness with quantum measurement collapse, yielding a probabilistic encryption that can produce different ciphertexts for the same plaintext.
• Kinds 4, 8, 20, 24 – the authors claim existence by embedding classical algorithms into quantum circuits (for 4 and 8) or by treating the classical key as a quantum‑encoded state (for 8) and by straightforward adaptations for 20 and 24. No concrete security analysis is provided; these remain theoretical.

Key insights

1. Entangled keys are essential for fully quantum protocols. The paper demonstrates that using two identical but independent quantum states as a key fails: the encryption and decryption operations do not invert each other, leading to a maximally mixed output. Entanglement restores reversibility and enables key recycling.
2. The taxonomy clarifies the research landscape. By showing that only five configurations are currently realizable, the authors argue that future work should concentrate on these five, while the 21 impossible cases can be safely ignored. The six open cases present opportunities for novel constructions.
3. Quantum symmetric‑key encryption subsumes classical symmetric‑key encryption. The model treats classical protocols as a special case (Kind 1), reinforcing the view that quantum cryptography extends rather than replaces classical cryptography.
4. The paper hints at extending the framework to quantum public‑key encryption. By adding a public‑key component (G₁, G₂) to the tuple, a similar classification could be performed, though this is left for future work.

Conclusion
The authors deliver a comprehensive classification of QSKE protocols into 32 types, rigorously proving the impossibility of 21 mixed classical‑quantum configurations, presenting concrete examples for five existing types, and sketching ideas for six open types. The work highlights the pivotal role of entangled quantum keys and provides a clear roadmap for researchers: focus on the five proven protocols, explore the six open configurations, and avoid the impossible mixed cases. This taxonomy offers a valuable reference for both theoreticians designing new quantum encryption schemes and practitioners assessing the feasibility of proposed protocols.