Secret Sharing with a Single d-level Quantum System

We give an example of a wide class of problems for which quantum information protocols based on multi-system entanglement can be mapped into much simpler ones involving one system. Secret sharing is a cryptographic primitive which plays a central role in various secure multiparty computation tasks and management of keys in cryptography. In secret sharing protocols, a classical message is divided into shares given to recipient parties in such a way that some number of parties need to collaborate in order to reconstruct the message. Quantum protocols for the task commonly rely on multi-partite GHZ entanglement. We present a multiparty secret sharing protocol which requires only sequential communication of a single quantum d-level system (for any prime d). It has huge advantages in scalabilility and can be realized with the state of the art technology. n be realized with the state of the art technology.

💡 Research Summary

The paper introduces a novel quantum secret‑sharing protocol that replaces multipartite GHZ‑type entanglement with the sequential transmission of a single d‑level quantum system (qudit), where d is any odd prime. Traditional quantum secret‑sharing schemes rely on preparing an (N + 1)‑partite GHZ state and require each party to measure in one of d mutually unbiased bases (MUBs). Such schemes suffer from poor scalability because generating high‑fidelity GHZ states becomes exponentially harder as the number of parties grows, and detector inefficiencies compound the problem.

The authors exploit a cyclic property of the full set of d + 1 MUBs that exists for prime dimensions. Two elementary unitary operators, X and Y, shift the basis index and the vector index within a basis, respectively. By composing powers of X and Y (Uℓ′,j′ = Xℓ′ Yj′), any vector |e(j)ℓ⟩ can be mapped to another vector |e(j + j′)ℓ + ℓ′⟩. This algebraic structure allows each participant to encode two private random numbers (xₙ, yₙ) onto the travelling qudit by applying X^{xₙ}Y^{yₙ}. The protocol proceeds as follows:

1. The distributor (R₁) prepares the initial state |ψ₀⟩ = |e(0)₀⟩, a member of the MUB set.
2. R₁ chooses random x₁, y₁ and applies X^{x₁}Y^{y₁}, then sends the qudit to R₂.
3. Each subsequent party Rₙ (n = 2,…,N + 1) independently selects random xₙ, yₙ, applies the same unitary, and forwards the qudit. The last party returns the qudit to R₁.
4. R₁ randomly selects a measurement basis indexed by J and measures, obtaining outcome a.
5. All parties publicly announce their yₙ values. The round is accepted as valid if Σ yₙ ≡ J (mod d). When this condition holds, the accumulated x‑values satisfy Σ xₙ ≡ a (mod d), establishing perfect correlations analogous to those of the GHZ protocol.
6. The secret is the adjusted value x₁^{(scr)} = x₁ − a (mod d), which can be reconstructed only when all N recipients cooperate, realizing an (N,N) threshold scheme.

Security is analyzed against several attacks. In a simple intercept‑resend attack, an eavesdropper measuring the travelling qudit in a randomly chosen MUB succeeds with probability 1/d; otherwise the state is disturbed and the round fails the Σ yₙ check, revealing the intrusion. More sophisticated attacks involving entangling ancillae or quantum memories are also considered. Because the distributor never reveals measurement outcomes before the y‑values are announced, the qudit remains in a mixed state from the adversary’s perspective, precluding any deterministic extraction of the secret. Any deviation from the required correlations is detected in the verification step, which mirrors the security test of BB84.

Performance-wise, each round succeeds with probability 1/d, independent of the number of parties, whereas GHZ‑based schemes suffer a success probability of η^{N+1} (η being detector efficiency). The single‑qudit protocol therefore scales linearly in resources: only one quantum channel and one measurement are needed, regardless of N. Current experimental platforms—photonic orbital angular momentum, trapped‑ion hyperfine levels, or superconducting circuits—already support the preparation, manipulation, and measurement of high‑dimensional qudits, making near‑term implementation feasible.

The authors acknowledge that the protocol relies on the existence of a complete set of MUBs, which is guaranteed only for dimensions that are powers of primes; consequently the present construction is limited to odd prime dimensions. Nonetheless, the work demonstrates that the essential correlations of multipartite GHZ secret sharing can be reproduced with a dramatically simpler physical setup, opening a practical pathway toward scalable quantum secret‑sharing networks.