Revision History for: Multipartite Entanglement Verification
- 2026-04-15 at 12:45 by Mina Doosti
implements Entanglement Verification
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- $\\\{\\\pi_i\\\}_{i=1}^{n}$: Protocol of each party
- $\\\pi_V$: Protocol of the verifier
- $\\\pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- $\\\{\\\theta_i\\\}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- $\\\{|+_{\\\theta_i}\\\rangle, |-_{\\\theta_i}\\\rangle\\\} = \\\left\\\{ \\\frac{1}{\\\sqrt{2}}(|0\\\rangle + e^{i\\\theta_i}|1\\\rangle), \\\frac{1}{\\\sqrt{2}}(|0\\\rangle – e^{i\\\theta_i}|1\\\rangle) \\\right\\\}$: Rotated measurement basis for the parties
- $\\\{y_i\\\}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|\\\psi\\\rangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
\\\begin{cases}
0 & \\\text{with probability } 1 – \\\frac{\\\tau^2}{2} \\\\\\\\\
1 & \\\text{with probability } \\\frac{\\\tau^2}{2}
\\\end{cases}
$$
where
$$
\\\tau = \\\min_U \\\text{TD}(|\\\phi_0^n\\\rangle\\\langle\\\phi_0^n|, U|\\\psi\\\rangle\\\langle\\\psi|U^\\\dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $\\\pi_V$:
Input: $\\\{y_i\\\}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in $\\\{0,1\\\}$ and $\\\{\\\theta_i\\\}_{i=1}^{n}$- Chose randomly angles $\\\Theta = \\\{\\\theta_i\\\}_{i=1}^{n}$ with $\\\theta_i \\\in [0,\\\pi)$ such that:
$$
\\\sum_j \\\theta_j \\\text{ is a multiple of } \\\pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i \\\neq v$ send $\\\theta_i$ to party $i$ via a private classical channel resource, keep $\\\theta_v$.
- Measures the qubit in the $\\\{|+_{\\\theta_v}\\\rangle ,|-_{\\\theta_v}\\\rangle \\\}$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
\\\oplus_j Y_j = \\\frac{1}{\\\pi} \\\sum_j \\\theta_j \\\quad (\\\bmod{2})
$$
And for each $i = 1,…,n, i \\\neq v$
Protocol for the $i$th party $\\\pi_i$:
Input: 1 angle $\\\theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the $\\\{|+_{\\\theta_i}\\\rangle ,|-_{\\\theta_i}\\\rangle \\\}$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $\\\forall i,\\\theta_i \\\in \\\{0,1\\\}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
- 2026-04-15 at 12:43 by Mina Doosti
implements Entanglement Verification
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- $\\\{\\\pi_i\\\}_{i=1}^{n}$: Protocol of each party
- $\\\pi_V$: Protocol of the verifier
- $\\\pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- $\\\{\\\theta_i\\\}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- $\\\{|+_{\\\theta_i}\\\rangle, |-_{\\\theta_i}\\\rangle\\\} = \\\left\\\{ \\\frac{1}{\\\sqrt{2}}(|0\\\rangle + e^{i\\\theta_i}|1\\\rangle), \\\frac{1}{\\\sqrt{2}}(|0\\\rangle – e^{i\\\theta_i}|1\\\rangle) \\\right\\\}$: Rotated measurement basis for the parties
- $\\\{y_i\\\}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|\\\psi\\\rangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
\\\begin{cases}
0 & \\\text{with probability } 1 – \\\frac{\\\tau^2}{2} \\\\\\\\\
1 & \\\text{with probability } \\\frac{\\\tau^2}{2}
\\\end{cases}
$$
where
$$
\\\tau = \\\min_U \\\text{TD}(|\\\phi_0^n\\\rangle\\\langle\\\phi_0^n|, U|\\\psi\\\rangle\\\langle\\\psi|U^\\\dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $\\\pi_V$:
Input: $\\\{y_i\\\}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in $\\\{0,1\\\}$ and $\\\{\\\theta_i\\\}_{i=1}^{n}$- Chose randomly angles $\\\Theta = \\\{\\\theta_i\\\}_{i=1}^{n}$ with $\\\theta_i \\\in [0,\\\pi)$ such that:
$$
\\\sum_j \\\theta_j \\\text{ is a multiple of } \\\pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i \\\neq v$ send $\\\theta_i$ to party $i$ via a private classical channel resource, keep $\\\theta_v$.
- Measures the qubit in the $\\\{|+_{\\\theta_v}\\\rangle ,|-_{\\\theta_v}\\\rangle \\\}$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
\\\oplus_j Y_j = \\\frac{1}{\\\pi} \\\sum_j \\\theta_j \\\quad (\\\bmod{2})
$$
And for each $i = 1,…,n, i \\\neq v$
Protocol for the $i$th party $\\\pi_i$:
Input: 1 angle $\\\theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the $\\\{|+_{\\\theta_i}\\\rangle ,|-_{\\\theta_i}\\\rangle \\\}$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $\\\forall i,\\\theta_i \\\in \\\{0,1\\\}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
- 2026-04-15 at 12:42 by Mina Doosti
implements Entanglement Verification
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- $\\\{\\\pi_i\\\}_{i=1}^{n}$: Protocol of each party
- $\\\pi_V$: Protocol of the verifier
- $\\\pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- $\\\{\\\theta_i\\\}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- $\\\{|+_{\\\theta_i}\\\rangle, |-_{\\\theta_i}\\\rangle\\\} = \\\left\\\{ \\\frac{1}{\\\sqrt{2}}(|0\\\rangle + e^{i\\\theta_i}|1\\\rangle), \\\frac{1}{\\\sqrt{2}}(|0\\\rangle – e^{i\\\theta_i}|1\\\rangle) \\\right\\\}$: Rotated measurement basis for the parties
- $\\\{y_i\\\}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|\\\psi\\\rangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
\\\begin{cases}
0 & \\\text{with probability } 1 – \\\frac{\\\tau^2}{2} \\\\\\\\\
1 & \\\text{with probability } \\\frac{\\\tau^2}{2}
\\\end{cases}
$$
where
$$
\\\tau = \\\min_U \\\text{TD}(|\\\phi_0^n\\\rangle\\\langle\\\phi_0^n|, U|\\\psi\\\rangle\\\langle\\\psi|U^\\\dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $\\\pi_V$:
Input: $\\\{y_i\\\}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in $\\\{0,1\\\}$ and $\\\{\\\theta_i\\\}_{i=1}^{n}$- Chose randomly angles $\\\Theta = \\\{\\\theta_i\\\}_{i=1}^{n}$ with $\\\theta_i \\\in [0,\\\pi)$ such that:
$$
\\\sum_j \\\theta_j \\\text{ is a multiple of } \\\pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i \\\neq v$ send $\\\theta_i$ to party $i$ via a private classical channel resource, keep $\\\theta_v$.
- Measures the qubit in the $\\\{|+_{\\\theta_v}\\\rangle ,|-_{\\\theta_v}\\\rangle \\\}$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
\\\oplus_j Y_j = \\\frac{1}{\\\pi} \\\sum_j \\\theta_j \\\quad (\\\bmod{2})
$$
And for each $i = 1,…,n, i \\\neq v$
Protocol for the $i$th party $\\\pi_i$:
Input: 1 angle $\\\theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the $\\\{|+_{\\\theta_i}\\\rangle ,|-_{\\\theta_i}\\\rangle \\\}$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $\\\forall i,\\\theta_i \\\in \\\{0,1\\\}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
- 2026-02-01 at 21:47 by kimworrall
implements Entanglement verification
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- ${pi_i}_{i=1}^{n}$: Protocol of each party
- $pi_V$: Protocol of the verifier
- $pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- ${theta_i}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- ${|+_{theta_i}rangle, |-_{theta_i}rangle} = left{ frac{1}{sqrt{2}}(|0rangle + e^{itheta_i}|1rangle), frac{1}{sqrt{2}}(|0rangle – e^{itheta_i}|1rangle) right}$: Rotated measurement basis for the parties
- ${y_i}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|psirangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
begin{cases}
0 & text{with probability } 1 – frac{tau^2}{2} \\\\\\\\\
1 & text{with probability } frac{tau^2}{2}
end{cases}
$$
where
$$
tau = min_U text{TD}(|phi_0^nranglelanglephi_0^n|, U|psiranglelanglepsi|U^dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $pi_V$:
Input: ${y_i}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in ${0,1}$ and ${theta_i}_{i=1}^{n}$- Chose randomly angles $Theta = {theta_i}_{i=1}^{n}$ with $theta_i in [0,pi)$ such that:
$$
sum_j theta_j text{ is a multiple of } pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i neq v$ send $theta_i$ to party $i$ via a private classical channel resource, keep $theta_v$.
- Measures the qubit in the ${|+_{theta_v}rangle ,|-_{theta_v}rangle }$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
oplus_j Y_j = frac{1}{pi} sum_j theta_j quad (bmod{2})
$$
And for each $i = 1,…,n, i neq v$
Protocol for the $i$th party $pi_i$:
Input: 1 angle $theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the ${|+_{theta_i}rangle ,|-_{theta_i}rangle }$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $forall i,theta_i in {0,1}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
- 2025-09-25 at 20:46 by JuliaM
implements (Symmetric) Private Information Retrieval
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- $\\\{\\\pi_i\\\}_{i=1}^{n}$: Protocol of each party
- $\\\pi_V$: Protocol of the verifier
- $\\\pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- $\\\{\\\theta_i\\\}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- $\\\{|+_{\\\theta_i}\\\rangle, |-_{\\\theta_i}\\\rangle\\\} = \\\left\\\{ \\\frac{1}{\\\sqrt{2}}(|0\\\rangle + e^{i\\\theta_i}|1\\\rangle), \\\frac{1}{\\\sqrt{2}}(|0\\\rangle – e^{i\\\theta_i}|1\\\rangle) \\\right\\\}$: Rotated measurement basis for the parties
- $\\\{y_i\\\}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|\\\psi\\\rangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
\\\begin{cases}
0 & \\\text{with probability } 1 – \\\frac{\\\tau^2}{2} \\\\\\\\\
1 & \\\text{with probability } \\\frac{\\\tau^2}{2}
\\\end{cases}
$$
where
$$
\\\tau = \\\min_U \\\text{TD}(|\\\phi_0^n\\\rangle\\\langle\\\phi_0^n|, U|\\\psi\\\rangle\\\langle\\\psi|U^\\\dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $\\\pi_V$:
Input: $\\\{y_i\\\}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in $\\\{0,1\\\}$ and $\\\{\\\theta_i\\\}_{i=1}^{n}$- Chose randomly angles $\\\Theta = \\\{\\\theta_i\\\}_{i=1}^{n}$ with $\\\theta_i \\\in [0,\\\pi)$ such that:
$$
\\\sum_j \\\theta_j \\\text{ is a multiple of } \\\pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i \\\neq v$ send $\\\theta_i$ to party $i$ via a private classical channel resource, keep $\\\theta_v$.
- Measures the qubit in the $\\\{|+_{\\\theta_v}\\\rangle ,|-_{\\\theta_v}\\\rangle \\\}$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
\\\oplus_j Y_j = \\\frac{1}{\\\pi} \\\sum_j \\\theta_j \\\quad (\\\bmod{2})
$$
And for each $i = 1,…,n, i \\\neq v$
Protocol for the $i$th party $\\\pi_i$:
Input: 1 angle $\\\theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the $\\\{|+_{\\\theta_i}\\\rangle ,|-_{\\\theta_i}\\\rangle \\\}$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $\\\forall i,\\\theta_i \\\in \\\{0,1\\\}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
- 2025-07-01 at 14:46 by Mina Doosti
implements Entanglement verification
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- ${pi_i}_{i=1}^{n}$: Protocol of each party
- $pi_V$: Protocol of the verifier
- $pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- ${theta_i}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- ${|+_{theta_i}rangle, |-_{theta_i}rangle} = left{ frac{1}{sqrt{2}}(|0rangle + e^{itheta_i}|1rangle), frac{1}{sqrt{2}}(|0rangle – e^{itheta_i}|1rangle) right}$: Rotated measurement basis for the parties
- ${y_i}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|psirangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
begin{cases}
0 & text{with probability } 1 – frac{tau^2}{2} \\\\\\\\\
1 & text{with probability } frac{tau^2}{2}
end{cases}
$$
where
$$
tau = min_U text{TD}(|phi_0^nranglelanglephi_0^n|, U|psiranglelanglepsi|U^dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $pi_V$:
Input: ${y_i}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in ${0,1}$ and ${theta_i}_{i=1}^{n}$- Chose randomly angles $Theta = {theta_i}_{i=1}^{n}$ with $theta_i in [0,pi)$ such that:
$$
sum_j theta_j text{ is a multiple of } pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i neq v$ send $theta_i$ to party $i$ via a private classical channel resource, keep $theta_v$.
- Measures the qubit in the ${|+_{theta_v}rangle ,|-_{theta_v}rangle }$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
oplus_j Y_j = frac{1}{pi} sum_j theta_j quad (bmod{2})
$$
And for each $i = 1,…,n, i neq v$
Protocol for the $i$th party $pi_i$:
Input: 1 angle $theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the ${|+_{theta_i}rangle ,|-_{theta_i}rangle }$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $forall i,theta_i in {0,1}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
- 2025-07-01 at 14:46 by Mina Doosti
implements Entanglement verification
Introduction
This protocol [1] implement the task of Multipartite entanglement verification in a multinode quantum network. The protocol uses classical communication and measurements of quantum states to verify whether the parties share a GHZ state. We present here a loss tolerant version of the protocol, which doesn’t assume that the source of the state nor the parties (except one) are trusted.
It has various application in a setting where at each timestep a source shares a state. Most of the time this state will be verified using this protocol and once in a while it will be used to perform some computation or communication protocol (e.g. Anonymous transmission)
Outline
This protocol is based on the work in W. McCutcheon, A. Pappa et al.. The goal is for a specific party called the Verifier to check whether the source has shared a GHZ-state among the n-nodes network. It goes as follow:
- Sharing phase: The source creates and shares an n-qubits quantum state to all the parties using a state generation resource and quantum channels.
- Verification phase: The verifier choses and sends angles to each party that corresponds to measurement basis, using classical authenticated channels. Each party, including the verifier, measures its qubits in the basis indicated by the received angle. It then sends its outcome to the verifier who checks the parity of the outcomes and broadcast if the shared state was a GHZ state.
Assumptions
- Network: The network consists of n nodes that are fully identified and completely connected with pairwise authenticated classical channels. Additionally, there is a secure classical broadcast channel.
- Adversarial model: It suffices for one party to be honest. A dishonest party can be in control of the source.
Requirements
Network stage: quantum memory network.
Requirements:
- Authenticated classical channel between the parties
- Quantum channel between the source and the parties
- Ability to perform one-qubit rotation operations and one-qubit measurement at each node
Notation
- $n$: Number of parties
- $v$: Identifier of the Verifier
- ${pi_i}_{i=1}^{n}$: Protocol of each party
- $pi_V$: Protocol of the verifier
- $pi_S$: Protocol of the source
- $SG_n$: $n$-qubit State Generation resource
- ${theta_i}_{i=1}^{n}$: Angles sent from the Verifier to each party $i$ (indicates the measurement to
- perform)
- ${|+_{theta_i}rangle, |-_{theta_i}rangle} = left{ frac{1}{sqrt{2}}(|0rangle + e^{itheta_i}|1rangle), frac{1}{sqrt{2}}(|0rangle – e^{itheta_i}|1rangle) right}$: Rotated measurement basis for the parties
- ${y_i}_{i=1}^{n}$: Classical bits sent from each party $i$ to the Verifier (outcomes of the measurements)
- $b$: Outcome of the protocol
Properties
Correctness:
If the source shares a GHZ state and every party behaves honestly, the outcome broadcasted by the verifier is $b = 0$.Statistical Behavior:
The outcome of the protocol depends on the trace distance between the shared state $|psirangle$ and the ideal GHZ state.
The output $b$ is such that:
$$
b =
begin{cases}
0 & text{with probability } 1 – frac{tau^2}{2} \\\\\\\\\
1 & text{with probability } frac{tau^2}{2}
end{cases}
$$
where
$$
tau = min_U text{TD}(|phi_0^nranglelanglephi_0^n|, U|psiranglelanglepsi|U^dagger)
$$TD is the trace distance. $U$ is a quantum operation acting on $D$, the subspace of dishonest parties (i.e., a tensor product of a unitary on $D$ and the identity on the rest).
This means: the further the shared state is from the GHZ state, the less likely the verifier will accept it, even if dishonest parties apply local quantum operations to approximate the GHZ state.
Robustness:
The protocol still functions in the presence of photon losses.Security:
- The protocol is secure for one round against any coalition of dishonest parties, including the source.
- It is composably secure against a dishonest or noisy source.
Technical Description
Protocol for the verifier $pi_V$:
Input: ${y_i}_{i=1}^{n}$, 1 qubit, $v$
Output: one Bit in ${0,1}$ and ${theta_i}_{i=1}^{n}$- Chose randomly angles $Theta = {theta_i}_{i=1}^{n}$ with $theta_i in [0,pi)$ such that:
$$
sum_j theta_j text{ is a multiple of } pi
$$ - Upon the reception of the qubit, for $i = 1,…,n, i neq v$ send $theta_i$ to party $i$ via a private classical channel resource, keep $theta_v$.
- Measures the qubit in the ${|+_{theta_v}rangle ,|-_{theta_v}rangle }$ basis and get $y_v$
- Wait for the reception of all the other $y_i$.
- Upon the reception of all the $y_i$, broadcast 0 if and only if:
$$
oplus_j Y_j = frac{1}{pi} sum_j theta_j quad (bmod{2})
$$
And for each $i = 1,…,n, i neq v$
Protocol for the $i$th party $pi_i$:
Input: 1 angle $theta_i$, 1 qubit and $v$
Output: Bit $y_i$- Wait for the reception of both classical and quantum inputs.
- Measures the qubit in the ${|+_{theta_i}rangle ,|-_{theta_i}rangle }$ basis.
- Send the outcome $y_i$ to the Verifier via the private classical channel resource.
Image caption: Abstract Cryptography figure for the MEV protocol for n=3 parties. Each blue box is a converter representing a protocol a party is following and red boxes are the resources used namely: state generation resource, quantum and authenticated classical channels.
Experimental Implementations
The protocol has also been experimentally realised in [1]
Further Information
This protocol was first introduced in Multipartite Entanglement Verification Resistant against Dishonest Parties [2], in which the authors present an XY version of the protocol where $forall i,theta_i in {0,1}$. It means that each party applies an X or a Z gate on its qubit before measuring in the computational basis. It appeared that when a 50% qubit loss rate is tolerated, there exists a cheating strategy allowing a dishonest party to convince the verifier that the state shared was a GHZ state even when it is not.
This is why in “Experimental verification of multipartite entanglement in quantum networks”[2], the authors present the current version of the protocol which is loss tolerant. They also present an experimental realization of the verification protocol with $n=4$ parties and photonic GHZ states.
In “Anonymity for practical quantum networks” [3], Authors use this verification protocol as a subroutine allowing the parties to be certain to have a GHZ state shared when they perform an anonymous transmission protocol.
References
- McCutcheon, Will, Anna Pappa, Bryn A. Bell, Alex Mcmillan, André Chailloux, Tom Lawson, Mhlambululi Mafu et al. “Experimental verification of multipartite entanglement in quantum networks.” Nature communications 7, no. 1 (2016): 13251.
- Pappa, Anna, André Chailloux, Stephanie Wehner, Eleni Diamanti, and Iordanis Kerenidis. “Multipartite entanglement verification resistant against dishonest parties.” Physical review letters 108, no. 26 (2012): 260502.
- Unnikrishnan, Anupama, Ian J. MacFarlane, Richard Yi, Eleni Diamanti, Damian Markham, and Iordanis Kerenidis. “Anonymity for practical quantum networks.” Physical review letters 122, no. 24 (2019): 240501.
