Anonymous transmission is a multipartite task which enables two nodes to communicate a message in a network in an anonymous way. More specifically, one of the nodes of the network, a sender, communicates a quantum state to a receiver in a way that their identities remain completely hidden throughout the protocol. In particular, for the sender, it implies that her identity remains unknown to all the other nodes, whereas for the receiver, it implies that no one except the sender knows her identity. Note that the main goal of anonymous transmission is to fully hide the identities of the sender and the receiver — it does not aim at guaranteeing the reliability of the transmitted message.

• Aggregation of sensitive data: When Diffie and Hellman introduced public-key cryptography in the mid-nineteen seventies, it was clear that, beyond its mathematical interest, it would have a huge effect on real-world data processing. This intuition was largely proven to be true. As information flows in networks, the security of the data deeply affects the trust relationship between the communicating participants. For example, online payment would not exist if the buyer did not trust that their data was correctly secured. It is not exaggeration to state that cryptography is a key ingredient of the modern information society. These issues became more and more important since we have realised the value of data. Collecting data securely requires careful application of cryptographic techniques. But data owners also want to be able to capitalise on them, and computing over data while maintaining privacy requires techniques that are at the forefront of modern cryptographic research. Issues arise even from simple problems such as extracting statistics from distributed data. The data might be too valuable or regulated in a way that prevents sending it directly to a third party.Classical cryptography offers solutions to perform these operations. In particular, secure multiparty computing allows mistrustful parties to compute over their inputs while maintaining privacy. Some secure computing solutions also involve third parties but the theory ensures that they will not get any information during the process.

  Participatory trust and delegated trust: The two main security models considered for secure computing are participatory trust and delegated trust. In the participatory trust model, data owners perform a collective computation which is private by-design. The participants thus bear the responsibility for the privacy. In the delegated trust model, a third party aggregates the data from various participants and runs the computation. He is responsible for the privacy of the process. Various security issues arise from these situations. In the delegated trust model, the first step is to centralize the data. This requires to secure data in-transit as well as stored data. The second step is to compute over the securely stored data. In the participatory trust model, the protocol executed by the participants should be private by design. In both cases, quantum networks can increase security. In the example developed above, the aggregation is performed on healthcare data. These are very sensitive data that require carefully designed security. In particular, the long-term security that is inherent to quantum cryptography could strengthen the security of communication and storage in the case of delegated trust, and privacy by-design in the case of participatory trust.

  Using anonymous transmission: In some cases, the only information that needs to remain private is the sender’s identity. For example, monitoring car traffic can lead to a better management. Drivers, however, might not be willing to share their speed to avoid being caught over the speed limit for example. Quantum anonymous transmission could be used to hide the drivers’ identities while collecting valuable data. Cryptography can be used to make mistrustful parties collaborate to reach a common goal. While the amount of data is increasing, the responsibility of data’s owners is increasing as well. Quantum networks could help making better use of data, without sacrificing privacy and security.

• Toward regulation for security and privacy: A massive amount of data is being collected every day. The exploitation of these data is a central question of the digital strategy in any major company. The effects of these strategies can already be seen: big data is one of the key factors that enabled the rise of machine learning over the last fifteen years. This is one of the reasons why, over the same period, the value of data has been soaring. Collecting data also implies responsibilities. Companies in areas such as banking or payments are collecting and storing a lot of personal data. They are thus responsible for putting sufficient measures to ensure their security. To some extent, the trust relationship established between these industries and their clients also stands on their responsibility for the data they collect.

  Security regulation and data value: Banking and payment are heavily regulated industries. One aspect of this regulation is the duration of data security. The value of data obviously evolves over time. The images of a football game have a very high value for a short time, whereas the value of personal, healthcare or classified data remains high for at least thirty years. For banking data, ten or twenty years of security is standard, and in some cases, it tends to evolve toward thirty years.
  Considering the value of data over time has very different consequences in the classical and quantum case. In classical cryptography, the mathematical security follows from the conjectured hardness of some computational problem. For example, the security of RSA encryption follows from the hardness of factoring large numbers. Therefore, in order to set the size of encryption keys (a large number in the case of RSA), it is necessary not only to consider current computational power, but also anticipate its increase during all the lifetime of the data. These previsions are usually done by governments through either IT security Agencies (BSI in Germany, ANSSI in France) or standardization institutions (NIST in the US). These previsions are obviously more relevant for the short term than the long term, which makes the question of long-term security very complex in the case of classical cryptography.
  As we mentioned already, quantum cryptography can make data as secure in the future as they are at the moment they are encrypted. This could completely change the way we approach security over time. In particular, the question of the long-term security of data should be reconsidered in this setting. Quantum key distribution and its applications to secure storage is opening new doors for the regulation of the security of the most sensitive data.
  The general framework for data privacy in Europe is GDPR. This regulation lays down the people’s right regarding the processing and movement of their personal data. This puts stringent limitations on how collected data can be used. Data aggregation, introduced earlier, is a case in which cryptography can be used to enforce trust between mistrustful parties. Similar approaches can be developed for regulated data.

  Reinforcing rulings with cryptography: Using cryptography to design GDPR-compliant applications is already being considered in the classical case. Quantum cryptography can offer more tools for such designs. Anonymous transmission and secure delegated quantum computation can be used to hide some selected information to the recipients of quantum communication. These tools seem relevant in even more complex contexts such as the protection of free speech or whistleblowers. Beyond the economic consequences that we have already reviewed, cryptography can be used to enforce the application of human rights. Quantum networks will offer more options for regulating security in the long term, personal data protection, and more.

Security of an anonymous transmission protocol is defined in terms of the guessing probability, i.e., the maximum probability that adversaries guess the identity of the sender $S$ or receiver $R$ given all the classical and quantum information they have available at the end of the protocol.

• Guessing probability: Let $\mathcal{A}$ be a subset of adversaries among $n$ nodes. Let $C$ be the register that contains all classical and quantum side information accessible to the adversaries. Then, the probability of adversaries guessing the sender is given by:<br />$$P_{\text{guess}}[S|C,S\notin {\mathcal {A}}]=\max _{\{M^{i}\}}\sum _{i\in [n]}P[S=i|S\notin {\mathcal {A}}]{\text{Tr}}[M^{i}\cdot \rho _{C|S=i}]$$ where the maximisation is taken over the set of POVMs $\\\{M^{i}\\\}$ for the adversaries and $\rho _{C|S=i}$ is the state of the adversaries at the end of the protocol, given that node $i$ is the sender.
• Sender-security: We say that an anonymous transmission protocol is sender-secure if, given that the sender is honest, the probability of the adversary guessing the sender is $$P_{\text{guess}}[S|C,S\notin {\mathcal {A}}]\leq \max _{i\in [n]}P[S=i|S\notin {\mathcal {A}}].$$
• Receiver-security: We say that an anonymous transmission protocol is receiver-secure if, given that the receiver is honest, the probability of the adversary guessing the receiver is: $$P_{\text{guess}}[R|C,R\notin {\mathcal {A}}]\leq \max _{i\in [n]}P[R=i|R\notin {\mathcal {A}}]$$ The above definitions are general and hold for any adversarial scenario, in particular for an active adversary.

The definitions above guarantee information-theoretic security of the protocol when the resource states are both trusted [4], [1], [2] and not trusted [3], [5].

1.  Lipinska, Victoria, Gláucia Murta, and Stephanie Wehner. “Anonymous transmission in a noisy quantum network using the W state.” Physical Review A 98, no. 5 (2018): 052320.
2. Yang, Wei, Liusheng Huang, and Fang Song. “Privacy preserving quantum anonymous transmission via entanglement relay.” Scientific reports 6, no. 1 (2016): 26762.
3. Elliott, Chip, David Pearson, and Gregory Troxel. “Quantum cryptography in practice.” In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pp. 227-238. 2003.
4. Christandl, Matthias, and Stephanie Wehner. “Quantum anonymous transmissions.” In International conference on the theory and Application of cryptology and information security, pp. 217-235. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005.
5. Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.