Quantum Information Processing (2022) 21:377

https://doi.org/10.1007/s11128-022-03723-2

Quantum secret sharing based on quantum information

masking

Chen-Ming Bai1 · Sujuan Zhang1 · Lu Liu1

Received: 19 May 2022 / Accepted: 27 October 2022 / Published online: 11 November 2022
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022

Abstract
In this paper, we construct a physical process to mask the d-dimensional quantum state
into multipartite quantum systems. According to this masker, we propose a quantum
secret sharing scheme to realize a class of special hypergraph access structures. In the
distribution phase of the proposed protocol, the distributor wants to share an unknown
d-dimensional quantum state and mask the secret state into a multi-party quantum
systems. In the reconstruction phase, participants in the authorized set carry out several
measurements and a series of appropriate unitary operations on their particles to obtain
the original information state. At last, we also analyze the security of our scheme in
three primary quantum attacks.

Keywords Quantum secret sharing · Access structure · Quantum information

masking · Multipartite quantum systems

1 Introduction

With the rapid development of Internet technology, the requirements of information

security are becoming more and more significant. As secret sharing is one of the
most important topics in cryptography, it can provide security services for various
real-life applications. In 1979, Shamir [1] and Blakley [2] independently introduced
the concept of secret sharing and designed the corresponding secret sharing protocols
based on different mathematical problem perspectives. Therefore, it provides a great
help to the information security.
Due to the study and development of quantum information and quantum com-
munication, several researchers extended the classical secret sharing protocols to the
quantum field [3–7]. Quantum secret sharing protocol (QSS) becomes the quantum

B Chen-Ming Bai
[email protected]

1 Department of Mathematics and Physics, Shijiazhuang Tiedao University, Shijiazhuang 050043,

China

123
377 Page 2 of 16 C.-M. Bai et al.

version solution of the secret sharing problem. The security of QSS is guaranteed by
many quantum physical mechanisms such as Heisenberg uncertainty principle and
the quantum no-cloning theorem. QSS schemes are generally divided into two dif-
ferent categories: (1) the shared secret is an unknown quantum state; (2) the shared
secret is classical information. However, in two cases, all participants are comprised
of quantum systems, and quantum communication is allowed among the dealer and
the participants.
In 1999, Hillery et al. [3] used the properties of a three-qubit or four-qubit entangled
GHZ state to construct the first QSS scheme. In 2004, Xiao et al. [8] generalized
the QSS of Hillery et al. into arbitrary multipartite entangled state. From then on,
various QSS schemes have been proposed [9–14]. To construct the quantum secret
sharing schemes, many researchers use two main methods: (1) the scheme based on
the single-particle-state transport; (2) the entanglement-based scheme. For example,
Bai et al. [15] proposed a verifiable threshold quantum secret sharing protocol with
d-dimensional GHZ state to realize the (t, n) threshold. Qin and Dai [16] proposed a
verifiable (t, n) threshold QSS using d-dimensional Bell state. Rahaman and Parker
[17] proposed a quantum secret sharing scheme based on local distinguishability. Bai
et al. [18] proposed a quantum secret sharing scheme based on the distinguishability of
some orthogonal multipartite entangled states in d-dimensional system under restricted
local operations and classical communication. Dou et al. [19] proposed a novel rational
QSS that shares two arbitrary qubits among multiple parties.
Among many quantum secret sharing protocols, quantum entanglement plays an
important role in the quantum cryptography, which is one of the most fundamen-
tal resources. Using the quantum correlation of a bipartite entangled state, classical
information can be hidden. In 2018, Modi et al. [20] showed that quantum informa-
tion can be hidden in the quantum correlations of bipartite composite systems rather
than the subsystems. The masking process is completed by unitary operations called
maskers which can map single-particle states into entangled states. Afterward, some
researchers have given relevant results on the masking of quantum information [21–
25]. In particular, Li and Wang [23] proposed quantum information masking schemes
using multi-particle entangled states.
Quantum information masking has potential applications in entanglement-based
quantum secret sharing scheme and future quantum communication protocols. There-
fore, in this paper, we firstly give the masking of d-dimensional quantum states and
map the quantum states into multipartite quantum systems. Then, we construct a quan-
tum state sharing scheme based on quantum information masking. For our scheme,
it can implement a special class of access structures. At last, we analyze the security
of our scheme against three primary quantum attacks: intercept-and-resend attack,
entangle-and-measure attack and dishonest participant attack.
The organization of this paper is as follows. In Sect. 2, we mask d-dimensional
quantum states into multipartite quantum systems. In Sect. 3, we propose the quantum
secret sharing scheme based on the quantum information masking. In Sect. 4, we
analyze the security of our scheme. Finally, the conclusion is given in Sect. 5.

123
Quantum secret sharing based on quantum information masking Page 3 of 16 377

2 Masking d-dimensional quantum states into multipartite quantum

systems

In this section, we mainly give some necessary concepts and principles about the
masking of quantum information, see Refs. [20, 23]. In Ref. [20], the authors proposed
the concept of quantum information masking.

Definition 1 [20] An operation N is said to mask quantum information contained in

states {|ak  A1 ∈ H A1 } by mapping them to states {|Ψk  ∈ H A1 ⊗ H A2 } such that all
the marginal states of |Ψk  are the same, i.e.,

ρ A1 = Tr A2 (|Ψk  Ψk |) and ρ A2 = Tr A1 (|Ψk  Ψk |).

In Ref. [23], Li et al. generalized the definition of masking of quantum states into
the multipartite ones.

Definition 2 [23] An operation N is said to mask quantum  information contained in

states {|ak  A1 ∈ H A1 } by mapping them to states {|Ψk  ∈ nj=1 H A j } such that all
the marginal states of |Ψk  are the same, i.e.,

ρ A j = Tr Aj (|Ψk  Ψk |) ( j ∈ {1, 2, . . . , n}),

j denotes the set {A1 , A2 , . . . , An } \ {A j }.

where A

To calculate ρ A j , the following lemma is given in Ref. [23].

n
Lemma 3 Let |Ψ  be a quantum state in the multipartite system j=1 H A j . For every
j ∈ {1, 2, · · · , n}, if |Ψ  can be denoted by

nj

ck |ψk  A j |μk  Aj ,
k=1

with {|μk  Aj : 1 ≤ k ≤ n j } as the orthonormal states in the system without A j , then
one can obtain the following partial trace:

nj

ρ A j = Tr Aj (|Ψ  Ψ |) = |ck |2 |ψk  A j ψk | .
k=1

According to Definition 2 and Lemma 3, Li and Wang [23] defined the unitary
processing as

d−1

d 2πikl
e d |kk
|l → |Ψl  = k=0
√ , l = 0, 1, . . . , d − 1.
j=1
d

123
377 Page 4 of 16 C.-M. Bai et al.

→ d−1  
Hence, the general state − α = αl |l should be changed into Ψ−→
α =
d−1 l=0
α
l=0 l |Ψl  under the above process.
Since the above masking process is composed of the tensor products of many gener-
alized Bell states, this encoding method cannot be used to implement the construction
of the quantum secret sharing scheme for our specified access structure.
Furthermore, we construct the following physical process U through the generalized
GHZ states,

Cd → Cd ⊗ Cd ⊗ · · · ⊗ Cd ,
 
d−1  r  n−r
1   
l + i, l + i, . . . , l + i ,
|l → |Ψl  = √ i, i, . . . , i (1)
d i=0  


where r ≥ 2, n − r ≥ 2, l = 0, 1, . . . , d − 1 and "+" means the adder modulo d. For

reading consistency,
→ we d−1adopt the same notation as in Ref.
 [23].
 d−1
Therefore, −
α = l=0 αl |l should be mapped into Ψ−→α = l=0 αl |Ψl  under
the above process, that is,
 
 r  n−r
−    1 
d−1 
d−1
 
→
 α → Ψ− αl i, i, . . . , i l + i, l + i, . . . , l + i .
α = √
→ (2)
d l=0 i=0  


 r −1 
  n−r
 
 
For i, i, . . . , i l + i, l + i, . . . , l + i , there are d 2 terms and they are orthonor-
 
mal without considering the first system    A1. Through applying Lemma 3, we can
easily calculate the partial trace of Ψ− →α Ψ− → 
α , i.e.,
  
ρ A1 = Tr A1 (Ψ−
α Ψ−
→ 
α )
→

1
d−1
= |i i| (3)
d
i=0
Id
= .
d

By the symmetry of the n systems, ρ A j = Idd for j = 1, 2, . . . , n. Therefore, regardless

of how the d parameters of α0 , α1 , . . . , αd−1 are selected, all the n local states share
the information about Ψ− →
α . Thus, this shows that the von Neumann entropy of each
subsystem A j is S(ρ A j ) = log2 d.

3 Quantum state sharing scheme

In this section, we construct a quantum state sharing scheme using the above method
for masking quantum information into multipartite quantum systems. The proposed

123
Quantum secret sharing based on quantum information masking Page 5 of 16 377

scheme can implement the following access structure Γ , namely it is denoted by

 
Γ = P1 ∪ A, P2 ∪ A, . . . , Pr ∪ A, Pr +1 ∪ A, Pr +2 ∪ A, . . . , Pn ∪ A , (4)

where Pi (i = 1, 2, . . . , n) represents each participant in our scheme; A =

{P1 , P2 , . . . , Pr } and A = {Pr +1 , Pr +2 , . . . , Pn }.
When A = {P1 } and A = {P2 , P3 , . . . , Pn }, the access structure Γ becomes a
hyperstar access structure.

d−1 that the secret |s is an arbitrary d-dimensional

Distribution phase Assuming
quantum state, i.e., |s = l=0 αl |l. In order to share the distribution, Alice selects
a masker N and defines a unitary operator UN on the system of the secret |s plus
n − 1 ancillary systems A2 , A3 , . . . , An . Therefore,

N : UN |s A1 ⊗ |b A2 ,A3 ,...,An = |Ψs  , (5)

where
 
 r  n−r
1    
d−1 d−1
|Ψs  = √ αl i, i, . . . , i l + i, l + i, . . . , l + i (r ≥ 2 and n − r ≥ 2).
d l=0 i=0  


Furthermore, Alice uses the checking photon technique to guarantee the security of
transmission and randomly chooses some checking single photons from the following
set Z or X , i.e.,

Z = {|0 , |1 , . . . , |d − 1} and X = {|J0  , |J1  , . . . , |Jd−1 },

d−1 l j 2πi
where |J j  = √1 l=0 ω |l and ω = e
d . These photons randomly selected from
d
X or Z can be represented as
 
Ck = pk1 , pk2 , . . . , pkN ,

where pki indicates the particle selected from X or Z and k = 1, 2, . . . , n.

At last, Alice inserts the kth particle of |Ψs  into the sequence Ck and obtains new
sequences S1 , S2 , . . . , Sn . Then, she sends the sequence Sk to the participant Pk (see
Fig. 1).
After confirming that these participants P1 , P2 , . . . , Pn have received their own
sequences, Alice announces the positions and measuring basis of checking photons in
each sequence. All participants take measures to their corresponding checking photons
in specific bases and resend these results to Alice. According to all participants’ results,
Alice can compute the error rate. If the error rate is higher than threshold value, then
she must abort the protocol.
Reconstruction phase The secret |s can be reconstructed from any authorized set
in Γ . These participants can carry out several measurements on their particles and
then utilize the classical communication to tell their results to the others.

123
377 Page 6 of 16 C.-M. Bai et al.

Fig. 1 The distribution phase of our scheme, where Ck is the set of checking single photons, Sk is the set of
particles after Ck inserts the kth particle of |Ψs , and these black solid dots represent the particles of |Ψs 

Case 1 We analyze the authorized set {P j ∪ A}, where j = 1, 2, . . . , r and A =

{Pr +1 , Pr +2 , . . . , Pn } (see Fig. 2). Before the recovery, the quantum state can be
rewritten as

 
 r  n−r
1    
d−1 d−1
|Ψs  = √ 
αl i, i, . . . , i l + i, l + i, . . . , l + i
d l=0 i=0  
 r  n−r  n−r 
    n−r
1   





= √ 0 · · · 0 (α0 0 · · · 0 + α1 1 · · · 1 + · · · + αd−1 d − 1, . . . , d − 1 )
d    
 r  n−r  n−r  n−r
   
   

+ 1 · · · 1 (α0 1 · · · 1 + α1 2 · · · 2 + · · · + αd−1 0 · · · 0 ) + · · ·
 
   
 
 r  n−r
 
+ d − 1, . . . , d − 1 (α0 d − 1, . . . , d − 1
 
 n−r 
  n−r

 
+α1 0 · · · 0 + · · · + αd−1 d − 2, . . . , d − 2 ) . (6)
 

The participant P j carries out several measurements on his particle under the basis
of {|0, |1, . . . , |d − 1}. At the same time, these participants in A can get the fol-
lowing collapse states on his own particle. For convenience, we omit the correlative
coefficients, and therefore, they can be denoted by

123
Quantum secret sharing based on quantum information masking Page 7 of 16 377

Fig. 2 Quantum circuit diagram of the recovery secret for the authorized set {P j ∪ A}

⎧  r −1  n−r  n−r 
⎪
⎪     n−r
⎪
⎪ P    
⎪
⎪
j
   
|0 −→ 0 · · · 0 (α0 0 · · · 0 + α1 1 · · · 1 + · · · + αd−1 d − 1, . . . , d − 1 ),
⎪
⎪    
⎪
⎪
⎪
⎪
⎪
⎪
⎪
⎪  r −1  n−r  n−r  n−r
⎪
⎪    
⎪
⎪ P    
⎪
⎪ |1 − →
j
1 · · · 1 (α0 1 · · · 1 + α1 2 · · · 2 + · · · + αd−1 0 · · · 0 ),
⎪
⎪    
⎨    
.. (7)
⎪
⎪ .
⎪
⎪    n−r
⎪
⎪  r −1  n−r 
⎪
⎪   
⎪
⎪ |d − −
P
→
j
 − . . . , − (α  − . . . , − + α 
⎪
⎪ 1  d 1, d 1 0 d 1, d 1 1 0 · · · 0 + · · ·
⎪
⎪   
⎪
⎪ 
⎪
⎪  n−r
⎪
⎪ 
⎪
⎪
⎪
⎪ +αd−1 d − 2, . . . , d − 2 ).
⎩ 

After the player P j carries out the measurement, he tells the results of measure-
ment to these participants in A via a classical authenticated channel. According to
the classical information, these participants can adopt a series of appropriate unitary
operations on their particles. The specific recovery process is as follows:
When the particle of P j ∈ A is a control qudit and the rest particles of A \ {P j }
are the target qudits, they utilize the controlled operation, that is, if the control state is
|i (i = 0, 1, . . . , d − 1), then the target qudit |ϕ is changed to Ui |ϕ, where it can

123
377 Page 8 of 16 C.-M. Bai et al.

be denoted by

 
X i+1 O
Ui = , (8)
O E d−i−1

where

⎛ ⎞ ⎛ ⎞
0 ··· 0 1 1 0 ··· 0
⎜0 ··· 1 0⎟ ⎜0 1 0⎟
⎜ ⎟ ⎜ ⎟
Xj = ⎜ . .. .. ⎟ and E j = ⎜ . . . .. ⎟ ( j = 0, 1, . . . , d − 1). (9)
⎝ .. . . ⎠ ⎝ .. .. . . .⎠
1 · · · 0 0 j× j 0 0 ··· 1 j× j

Without lost of generality, we take P j = Pr +1 as an example. After the controlled

operation, Eq. (7) can be changed to

⎧  n−r  n−r 
⎪    n−r
⎪
⎪   
⎪
⎪ α0 0, . . . , 0 + α1 1, . . . , 1 + · · · + αd−1 d − 1, . . . , d − 1
⎪
⎪
⎪
⎪   
⎪
⎪  n−r −1
⎪
⎪ 
⎪
⎪ 
⎪
⎪ −→ (α0 |0 + α1 |1 + · · · + αd−1 |d − 1) 0, 0 . . . , 0 ,
⎪
⎪
⎪
⎪ 
⎪
⎪  n−r  n−r  n−r
⎪
⎪   
⎪
⎪   
⎪
⎪ α0 1, . . . , 1 + α1 2, . . . , 2 + · · · + αd−1 0, . . . , 0
 
⎪
⎪
⎪
⎪   
⎪
⎨  n−r −1

 (10)
⎪
⎪ −→ (α |1 + α |2 + · · · + α |0) 0, 0 . . . , 0 ,
⎪
⎪ 0 1 d−1 
⎪
⎪ 
⎪
⎪
⎪
⎪ .
⎪
⎪ ..
⎪
⎪   n−r 
⎪
⎪  n−r   n−r
⎪
⎪   
⎪
⎪   
α0 d − 1, . . . , d − 1 + α1 0, . . . , 0 + · · · + αd−1 d − 2, . . . , d − 2
⎪
⎪
⎪
⎪   
⎪
⎪  n−r −1
⎪
⎪ 
⎪
⎪ 
⎪
⎪ 0, 0 . . . , 0 .
⎪
⎪ −→ (α 0 |d − 1 + α 1 |0 + · · · + α d−1 |d − 2) 
⎩ 

According to the measurements of P j , Pr +1 performs the corresponding unitary

operation for the quantum state after the controlled operation. Namely, if the measure-
ment result of P j is |i (i = 0, 1, . . . , d − 1), then Pr +1 performs the corresponding
unitary operation Vi on his own state. The unitary operation Vi can be denoted by

123
Quantum secret sharing based on quantum information masking Page 9 of 16 377

 
O E d−i
Vi = , (11)
Xi O

where X j and E j are the same as Eq. (9).

Case 2 We analyze the authorized set {P j ∪ A}, where j = r + 1, r + 2, . . . , n
and A = {P1 , P2 , . . . , Pr } (see Fig. 3). Quantum state |Ψs  can be also rewritten as

 
 r  n−r
1    
d−1 d−1
|Ψs  = √ 
αl i, i, . . . , i l + i, l + i, . . . , l + i
d l=0 i=0  
 r   r  n−r
   r  
1    
= √ (α0 0 · · · 0 + α1 d − 1, . . . , d − 1 + · · · + αd−1 1 · · · 1 ) 0 · · · 0
d    
 r  r
 
 
+(α0 1 · · · 1 + α1 0 · · · 0 + · · ·
 
 r  n−r 
   r
  
+αd−1 2 · · · 2 ) 1 · · · 1 + · · · + (α0 d − 1, . . . , d − 1
  

 r

+α1 d − 2, . . . , d − 2 + · · ·

 r 
  n−r

 
 
+αd−1 0, . . . , 0 ) d − 1, . . . , d − 1 . (12)
 

The participant P j carries out several measurements on his particle under the basis
of {|0, |1, . . . , |d − 1} and sends these measurements to these participants in A via
a classical channel. After that, these participants perform the controlled operations as
described as Eq. (8). Therefore, for convenience, we take P1 as an example and obtain
that

⎧  r −1
⎪ 
⎪
⎪ 
⎪
⎪ (α |0 + α |d − 1 + · · · + α |1) 0, 0 . . . , 0 ,
⎪
⎪
0 1 d−1 
⎪
⎪ 
⎪
⎪  r −1
⎪
⎪ 
⎪
⎪ 
⎨ (α0 |1 + α1 |0 + · · · + αd−1 |2) 0, 0 . . . , 0 ,

 (13)
⎪
⎪
⎪
⎪ ..
⎪
⎪ .
⎪
⎪  r −1
⎪
⎪ 
⎪
⎪ 
⎪
⎪ 
⎩ (α0 |d − 1 + α1 |d − 2 + · · · + αd−1 |0) 0, 0 . . . , 0 .
⎪


123
377 Page 10 of 16 C.-M. Bai et al.

Fig. 3 Quantum circuit diagram of the recovery secret for the authorized set {P j ∪ A}

According to the measurements of P j , P1 performs the corresponding unitary oper-

ation for the quantum state after the controlled operation. Namely, if the measurement
result of P j is |i (i = 0, 1, . . . , d − 1), then P1 performs the corresponding unitary
operation Wi on his own state (see Fig. 3). The unitary operation Wi can be denoted
by
 
X i+1 O
Wi = , (14)
O X d−i−1

where X j is the same as Eq. (9).

Example 1 Suppose that A = {P1 , P2 } and A = {P3 , P4 }, the access structure Γ

becomes a (3, 4)-threshold access structure. In addition, Alice is going to share her
secret quantum state |s among P1 , P2 , P3 , P4 such that three of them must collaborate
to reconstruct Alice’s secret.
Define |Ψ0 , |Ψ1 , |Ψ2  to be

1
|Ψ0  = √ (|0000 + |1111 + |2222),
3
1
|Ψ1  = √ (|0011 + |1122 + |2200),
3
1
|Ψ2  = √ (|0022 + |1100 + |2211).
3

Therefore, all the qutrit states can be masked under the processing defined by

|0 → |Ψ0  , |1 → |Ψ1  , |2 → |Ψ2  .

123
Quantum secret sharing based on quantum information masking Page 11 of 16 377

Furthermore, we can obtain that the general qutrit state |s = α0 |0 + α1 |1 + α2 |2
should be changed to

|Ψ  = α0 |Ψ0  + α1 |Ψ1  + α2 |Ψ2 

1
= √ [α0 (|0000 + |1111 + |2222)
3
+α1 (|0011 + |1122 + |2200)
+α2 (|0022 + |1100 + |2211)] P1 P2 P3 P4 . (15)

Alice inserts the ith particle of |Ψ  into the checking sequence and sends the
sequence to the participant Pi (i = 1, 2, 3, 4). Alice uses the decoy particles to check
the security of the channel. If it is secure, then the participants perform the secret
recovery.
For convenience, we take the authorized set {P1 P2 P3 } as an example. The quantum
state |Ψ  can be denoted by

1
|Ψ  = √ [(α0 |00 + α1 |22 + α2 |11) |00 + (α0 |11 + α1 |00 + α2 |22) |11
3
+(α0 |22 + α1 |11 + α2 |00) |22] P1 P2 P3 P4 . (16)

The participant P3 measures his particles under the basis of {|0, |1, |2}. At the
same time, the other participants can get the following collapse states, where these
states are as follows:
⎧
⎪
⎪
P3
⎨ |0 −→ (α0 |00 + α1 |22 + α2 |11) |00 ,
P3
⎪ |1 −→ (α0 |11 + α1 |00 + α2 |22) |11 , (17)
⎪
⎩ P3
|2 −→ (α0 |22 + α1 |11 + α2 |00) |22 .

After that, the players P1 and P2 can make use of the controlled operation to reconstruct
the original secret. The controlled operation is as follows: If the control qutrit is |i,
then the target qutrit is changed from |ϕ to Ui |ϕ, where
⎛ ⎞ ⎛ ⎞ ⎛ ⎞
100 010 001
U0 = ⎝ 0 1 0 ⎠ , U1 = ⎝ 1 0 0 ⎠ , U2 = ⎝ 0 1 0 ⎠ .
001 001 100

If the measurement result of P3 is |i (i = 0, 1, 2), then P1 performs the corresponding

unitary operation Wi on his own state, where
⎛ ⎞ ⎛ ⎞ ⎛ ⎞
100 010 001
W0 = ⎝ 0 0 1 ⎠ , W1 = ⎝ 1 0 0 ⎠ , W2 = ⎝ 0 1 0 ⎠ .
010 001 100

Through the above process, the participants are able to collaborate to recover the
original secret quantum state |s = α0 |0 + α1 |1 + α2 |2.

123
377 Page 12 of 16 C.-M. Bai et al.

4 Security analysis

The security of the quantum secret sharing protocol is very important. Therefore, in this
section, we analyze the security of our scheme against three primary quantum attacks:
intercept-and-resend attack, entangle-and-measure attack and dishonest participant
attack.
Intercept-and-resend attack In the particle distribution, we mainly insert these
quantum shares into the detected photon sequences and use the decoy photon technique
to check eavesdropper’s attacks, which some sample checking single photons are
chosen from the X -basis and Z -basis.
Suppose the external eavesdropper Eve can utilize the intercept-and-resend attack.
During the transmission, Eve can successfully intercept all sequences. After that,
she measures these particles by the X -basis or Z -basis and sends the fake particle
sequences that he has prepared to the participants. Because the eavesdropper does not
know the position and basis of each decoy particle, she must introduce many errors.
If the eavesdropper successfully finds the right particle of the quantum state |Ψs 
encoded the secret information in every sequence Sk (k = 1, 2 . . . , n), the successful
probability is P(Sk ) = N 1+1 , where N represents the number of decoy particles in the
sequence Sk . Since each sequence is independent of each other sequences, the total
successful probability for n sequences is
 n
! " 1
Ptotal S1 , S2 , . . . , Sn = .
N +1
Thus, when the quantum state of the selected encoded information is certain and N
gradually increases, then we have that

lim Ptotal (S1 , S2 , . . . , Sn ) = 0.

N →+∞

So this intercept-and-resend attack does not work in our scheme.

Entangle-and-measure attack To obtain the information, the eavesdropper Eve
prepares an auxiliary system and uses a unitary transformation U E to entangle the
prepared auxiliary system with the particles sent by the distributor.
For the basis Z = {|0 , |1 , . . . , |d − 1}, the above process is as follows:
⎧
⎪
⎪ U E |0|E = a00 |0|e00  + a01 |1|e01  + · · · + a0,d−1 |d − 1|e0,d−1 ,
⎪
⎪
⎪
⎪
⎨
U E |1|E = a10 |0|e10  + a11 |1|e11  + · · · + a1,d−1 |d − 1|e1,d−1 , (18)
⎪
⎪ .
⎪
⎪ .
⎪
⎪ .
⎩
U E |d − 1|E = ad−1,0 |0|ed−1,0  + ad−1,1 |1|ed−1,1  + · · · + ad−1,d−1 |d − 1|ed−1,d−1 ,

where |E is the initial state of Eve’s ancillary system; |ekl  (k, l = 0, 1, . . . , d − 1)
is the pure auxiliary state determined uniquely by the unitary transform U E , and


d−1
|akl |2 = 1 (k = 0, 1, . . . , d − 1). (19)
l=0

123
Quantum secret sharing based on quantum information masking Page 13 of 16 377

To avoid increasing the error rate for these states, Eve has to set the partial coefficient
to zero, i.e., akl = 0, where k = l and k, l ∈ {0, 1, . . . , d − 1}. Therefore, Eq. (18)
can be simplified as follows:

U E |k|E = akk |k|ekk . (20)

According to Eq. (20), Eve uses the unitary transform U E acting in the initial state
of the ancillary system |E with the basis X = {|J0  , |J1  , . . . , |Jd−1 },, which can
be obtained
1#
U E |J j |E = |J0 (a00 |e00  + ω j a11 |e11  + · · · + ω(d−1) j ad−1,d−1 |ed−1,d−1 )
d
+ · · · + |J j−1 (a00 |e00  + ωa11 |e11  + · · · + ω(d−1) ad−1,d−1 |ed−1,d−1 )
+|J j (a00 |e00  + a11 |e11  + · · · + ad−1,d−1 |ed−1,d−1 ) + · · ·
+|J j+1 (a00 |e00  + ω−1 a11 |e11  + · · · + ω−(d−1) ad−1,d−1 |ed−1,d−1 ) + · · ·
+|Jd−1 (a00 |e00  + ω j−d+1 a11 |e11 
$
+ · · · + ω(d−1)( j−d+1) ad−1,d−1 |ed−1,d−1 ) (21)

Similarly, to avoid introducing

  errors, Eve also needs to set these coefficients of
|J0  , |J1  , . . . ,  J j−1 ,  J j+1 , . . . , |Jd−1  in Eq. (21) to zero, that is,
⎧ (d−1) j a
⎪ a00 |e00  + ω a11 |e11  + · · · + ω d−1,d−1 |ed−1,d−1  = 0,
j
⎪
⎪
⎪ .
⎪
⎪ ..
⎪
⎪
⎪
⎪ (d−1) a
⎨ a00 |e00  + ωa11 |e11  + · · · + ω
⎪ d−1,d−1 |ed−1,d−1  = 0,
.. (22)
⎪ .
⎪
⎪ −1 −(d−1)
⎪
⎪ a00 |e00  + ω a11 |e11  + · · · + ω ad−1,d−1 |ed−1,d−1  = 0
⎪
⎪ .
⎪
⎪ .
⎪
⎪ .
⎩
a00 |e00  + ω j−d+1 a11 |e11  + · · · + ω(d−1)( j−d+1) ad−1,d−1 |ed−1,d−1  = 0,

According to these d − 1 equations, we can solve the system of linear equations

and omit all of the global phases. Therefore, we obtain that

a00 |e00  = a11 |e11  = · · · = ad−1,d−1 |ed−1,d−1 . (23)

Furthermore, no matter how the transmitted particle changes, Eve will get only
the same information from the auxiliary system and cannot steal the useful secret
information. So the entangle-and-measure attack is unsuccessful.
Dishonest participant attack For the QSS scheme, the dishonest participant attack
is of great importance because it is always easier than the external attack and the
participants can obtain more useful information than a fourth eavesdropper.
In this attack, we take the authorized set {P1 ∪ A} as an example, where A =
{Pr +1 , Pr +2 , . . . , Pn }. Here, we analyze the following three situations:
Case 1 Suppose that P1 is a dishonest participant in our scheme.

123
377 Page 14 of 16 C.-M. Bai et al.

For this case, a dishonest participant can intercept other participants’ particles
and resend the forged sequence, or entangle the ancillary system on the transmitted
particles. However, these particles in our scheme are protected by the decoy photons
from X -basis or Z -basis. From the above analysis of “intercept-and-resend attack” and
“entangle-and-measure attack,” we can know that the dishonest participant cannot steal
secret information from the transmitted particles due to these decoy particles.
On the other hand, if P1 is dishonest, he calculates the partial trace of |Ψs  Ψs |,
i.e.,

Id
ρ P1 = Tr P2 ,...,Pn (|Ψs  Ψs |) = . (24)
d

In this situation, we can easily find the dishonest participant is unsuccessful since that
ρ P1 is a maximal mixed state.
Case 2 Suppose that P1 , Pr +1 , Pr +2 , . . . , Pn−1 are dishonest participants in our
scheme.
For this case, the participant P1 carries out several measurements on his particle
under the basis of {|0, |1, . . . , |d − 1}. At the same time, these participants in A
can get the following collapse states on his own particle. Without losing generality,
we will take the measurement |0 as an example as follows:
   
 r −1  n−r  n−r  n−r
   
   
 0 · · · 0 (α 0 0 · · · 0 + α 1 1 · · · 1 + · · · + α d−1  d − 1, . . . , d − 1 ) Pr +1 ,Pr +2 ,...,Pn . (25)
   
   

Therefore, Pr +1 , Pr +2 , . . . , Pn are in an entangled state in Eq. (25). After the player

P1 carries out the measurement, he tells the results of measurement to these dishonest
participants in A via a classical authenticated channel. According to the classical
information, these dishonest participants can adopt a series of appropriate unitary
operations on their particles. The entangled state in Eq. (25) is changed to

 n−r −2


(α0 |00 + α1 |11 + · · · + αd−1 |d − 1, d − 1) Pr +1 Pn 0 · · · 0 . (26)

Pr +2 ···Pn−1

Assuming that the members of unauthorized set {P1 Pr +1 · · · Pn−1 } want to obtain
the secret, they will take various methods to destroy the entanglement. However, it is
hard to make the entangled state become a separable state since the particle d−1of Pr +1
is always entangled with Pn in Eq. (26). If they cannot get that |s = l=0 αl |l ,
it means that they cannot have any information about the secret. Through the above
analysis, it is shown that this scheme is safe.
Case 3 Suppose that Pr +1 , Pr +2 , . . . , Pn−1 , Pn are dishonest participants in our
scheme.

123
Quantum secret sharing based on quantum information masking Page 15 of 16 377

For this case, these dishonest participants can adopt a series of appropriate unitary
operations on their particles. Therefore, the state |Ψs  is changed to
1 %
|Ψs  = √ |0 · · · 0 (α0 |0 + α1 |1 + · · · + αd−1 |d − 1)
d
+ |1 · · · 1 (α0 |1 + α1 |2 + · · · + αd−1 |0) + · · ·
&
+ |d − 1, . . . , d − 1 (α0 |d − 1 + α1 |0 + · · · + αd−1 |d − 2) P ···P P
1 r r +1
⊗ |0 · · · 0 Pr +2 ···Pn . (27)

It means that the particle of Pr +1 is always entangled with P1 . If the entanglement in

Eq. (27) cannot be destroyed here, they cannot know the measurements and thus cannot
use the correct recovery unitary operation. Therefore, these dishonest participants
cannot obtain the original secret.

5 Conclusions

We studied the masking of quantum information, that is, there existed a masker such
that the quantum state is masked into the multipartite quantum systems. According to
the masking of quantum states, we proposed the quantum secret sharing scheme and
realized a class of special hypergraph access structures. In the distribution phase, we
shared an unknown d-dimensional quantum state |s and masked the secret state into
an n-party quantum systems. Then, each particle can be transmitted by the method of
decoy photon states. In the reconstruction phase, participants in the authorized set used
some measurements and a series of appropriate unitary operations on their particles
to obtain the original information state. Moreover, we showed that our protocol was
secure against intercept-and-resend attack, entangle-and-measure attack and dishonest
participant attack.
Acknowledgements We want to express our gratitude to anonymous referees for their valuable and con-
structive comments. This work was sponsored by Natural Science Foundation of Hebei Province under
Grant Nos. A2022210002 and A2021210027, and the National Natural Science Foundation of China under
Grant No. 12001480.

Data availability The data sets generated during and/or analyzed during the current study are available from
the corresponding author on reasonable request.

References
1. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612 (1979)
2. Blakley G.R.: Safeguarding cryptograhic keys. In: Proceedings of the National Computer Conference
(AFIPS, 1979), pp. 313–317 (1979)
3. Hillery, M., Buzek, V., Berthiaume, A.: Quantum secret sharing. Phys. Rev. A 59, 1829 (1999)
4. Cleve, R., Gottesman, D., Lo, H.K.: How to share a quantum secret. Phys. Rev. Lett. 83, 648 (1999)
5. Gottesman, D.: Theory of quantum secret sharing. Phys. Rev. A 61, 042311 (2000)
6. Deng, F.G., Zhou, H.Y., Long, G.L.: Circular quantum secret sharing. J. Phys. A: Math. Gen. 39,
14089–14099 (2006)
7. Liao, Q., Liu, H., Zhu, L., et al.: Quantum secret sharing using discretely modulated coherent states.
Phys. Rev. A 103(3), 032410 (2021)

123
377 Page 16 of 16 C.-M. Bai et al.

8. Xiao, L., Long, G.L., Deng, F.G., Pan, J.W.: Efficient multiparty quantum-secret-sharing schemes.
Phys. Rev. A 69, 052307 (2004)
9. Gao, Z.K., Li, T., Li, Z.H.: Deterministic measurement-device-independent quantum secret sharing.
Sci. China Phys. Mech. Astron. 63(12), 1–8 (2020)
10. Grice, W.P., Qi, B.: Quantum secret sharing using weak coherent states. Phys. Rev. A 100, 022339
(2019)
11. Wu, X., Wang, Y., Huang, D.: Passive continuous-variable quantum secret sharing using a thermal
source. Phys. Rev. A 101(2), 022301 (2020)
12. Moreno, M.G.M., Brito, S., Nery, R.V., Chaves, R.: Device-independent secret sharing and a stronger
form of Bell nonlocality. Phys. Rev. A 101, 052339 (2021)
13. Lipinska, V., Murta, G., Ribeiro, J., Wehner, S.: Verifiable hybrid secret sharing with few qubits. Phys.
Rev. A 101, 032332 (2020)
14. Roy, S., Mukhopadhyay, S.: Device-independent quantum secret sharing in arbitrary even dimensions.
Phys. Rev. A 100, 012319 (2019)
15. Bai, C.M., Zhang, S., Liu, L.: Verifiable quantum secret sharing scheme using d-dimensional GHZ
state. Int. J. Theor. Phys. 60, 1–13 (2021)
16. Qin, H., Dai, Y.: Verifiable (t, n) threshold quantum secret sharing using d-dimensional Bell state.
Inform. Process. Lett. 116(5), 351–355 (2016)
17. Rahaman, R., Parker, M.G.: Quantum scheme for secret sharing based on local distinguishability. Phys.
Rev. A 91, 022330 (2015)
18. Bai, C.M., Zhang, S., Liu, L.: Quantum secret sharing for a class of special hypergraph access structures.
Quantum Inf. Process. 21(3), 1–17 (2022)
19. Dou, Z., Xu, G., Chen, X.B., et al.: A secure rational quantum state sharing protocol. Sci. China Inf.
Sci. 61(2), 1–12 (2018)
20. Modi, K., Pati, A.K., Sen, A., et al.: Masking quantum information is impossible. Phys. Rev. Lett.
120(23), 230501 (2018)
21. Liang, X.B., Li, B., Fei, S.M., et al.: Impossibility of masking a set of quantum states of nonzero
measure. Phys. Rev. A 101(4), 042321 (2020)
22. Du, Y., Guo, Z., Cao, H., et al.: Masking quantum information encoded in pure and mixed states. Int.
J. Theor. Phys. 60(7), 2380–2399 (2021)
23. Li, M.S., Wang, Y.L.: Masking quantum information in multipartite scenario. Phys. Rev. A 98(6),
062306 (2018)
24. Ding, F., Hu, X.: Masking quantum information on hyperdisks. Phys. Rev. A 102(4), 042404 (2020)
25. Li, M.S., Modi, K.: Probabilistic and approximate masking of quantum information. Phys. Rev. A
102(2), 022418 (2020)

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps
and institutional affiliations.

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under
a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted
manuscript version of this article is solely governed by the terms of such publishing agreement and applicable
law.

123