Proposal for Quantum Rational Secret Sharing

A rational secret sharing scheme is a game in which each party responsible for reconstructing a secret tries to maximize his utility by obtaining the secret alone. Quantum secret sharing schemes, either derived from quantum teleportation or from quantum error correcting code, do not succeed when we assume rational participants. This is because all existing quantum secret sharing schemes consider that the secret is reconstructed by a party chosen by the dealer. In this paper, for the first time, we propose a quantum secret sharing scheme which is resistant to rational parties. The proposed scheme is fair (everyone gets the secret), correct and achieves strict Nash equilibrium.

💡 Research Summary

The paper addresses a fundamental gap in the intersection of quantum secret sharing (QSS) and rational secret sharing (RSS). Classical secret‑sharing schemes such as Shamir’s are vulnerable when participants are rational: each player prefers to learn the secret while allowing as few others as possible to learn it. In the classical setting this leads to a Nash equilibrium where no one sends his share, and the secret is never reconstructed. Existing QSS protocols (GHZ‑based, W‑state, cluster‑state, etc.) inherit the same weakness because they assume “honest” participants and a dealer‑chosen reconstruction set; a rational last‑receiver can simply withhold his share and keep the secret to himself.

To overcome this, the authors propose a Quantum Rational Secret Sharing (QRSS) protocol that integrates game‑theoretic rationality into the quantum domain. The core technical contribution is the use of a Calderbank‑Shor‑Steane (CSS) quantum error‑correcting code to encode the secret. By distributing entangled qubits that are codewords of a CSS code, any single participant’s measurement or tampering yields no useful information about the secret, and the code automatically corrects arbitrary errors introduced by honest participants. Consequently, rational players have no incentive to deviate by sending false shares or measuring their qubits prematurely.

The protocol proceeds in rounds. In each round the dealer (assumed online) distributes either a genuine share of the secret or a fake one, with probability γ for the genuine share. The actual round in which the true secret is revealed is hidden from the participants, following a geometric distribution G(γ). This randomness mirrors the classical RSS approach and is essential for achieving fairness.

Fairness is formally defined (adapted from Asharov and Lindell) as the condition that for any player i, the probability that i alone obtains the secret is strictly less than the probability that the other players obtain it. The authors prove that fairness holds whenever γ satisfies
γ < (UTT_i − UNN_i) / (UTN_i − UNN_i),
where the U‑terms denote utilities for the outcomes “all obtain the secret” (UTT), “none obtain” (UNN), “i obtains alone” (UTN), etc. This condition is identical to that required in classical RSS, showing that the quantum encoding does not alter the utility‑based threshold.

Correctness is defined as the guarantee that, under any admissible strategy profile, the secret is reconstructed correctly. Because the secret is encoded in a CSS code, any combination of up to (t − 1) erroneous shares can be corrected, ensuring that the reconstruction succeeds whenever the required threshold of honest shares is received.

The game‑theoretic analysis demonstrates that the protocol achieves a strict Nash equilibrium. If a player withholds his share, the reconstruction fails, yielding the lowest utility (UNN). Sending the share, on the other hand, leads to the highest attainable utility (UTT) given the other players follow the protocol. Since no unilateral deviation can improve a player’s expected payoff, the equilibrium is strict.

Security considerations are discussed in two models. In the “fail‑stop” model, rational players may abort early but never send false shares; this aligns with the assumption that measuring or altering an entangled share provides no advantage. The Byzantine model, where players could send arbitrary false information, is not the primary focus, but the authors note that the CSS encoding plus random round selection mitigates the impact of a few dishonest participants. The lack of a quantum signature scheme for entangled shares is acknowledged; the protocol circumvents this by relying on physical properties of the code rather than cryptographic signatures.

In summary, the QRSS scheme combines three essential properties:

1. Fairness – all honest participants obtain the secret with equal probability, preventing any single rational player from gaining an advantage.
2. Correctness – the secret is reliably reconstructed thanks to the error‑correcting capability of the CSS code.
3. Strict Nash equilibrium – the unique rational strategy for every participant is to honestly transmit his share, as any deviation reduces expected utility.

The paper concludes by suggesting future work on extending the model to Byzantine adversaries, developing quantum signature mechanisms for entangled shares, and implementing the protocol on real quantum communication platforms to evaluate performance and robustness in practice.