## Secret sharing though quantum operations

3

0

I have a secret say $$s$$. I have a dealer $$D$$ and three participants $$A, B, C$$. I want to share this secret $$s$$ in such a way that the participation of all $$3$$ is essential to reconstruct the secret. Now for creating the shares, I use some classical sharing algorithms and create shares $$s_A,s_B,s_C$$. Now how do I distribute these shares among the participants quantum mechanically using qudits? What I thought is the following steps.

First, let the basis be $$\{|0\rangle, |1\rangle,.....,|d-1\rangle\}.$$ Now since each of the participant $$A, B, C$$ has his/her share, one of them starts the reconstruction process by first preparing a $$|0\rangle$$ and taking its Fourier transform, so I get $$|\phi\rangle_1=\sum_{y=0}^{d-1}|y\rangle_1$$Now the next step is to initialize two $$|0\rangle$$ states and perform the CNOT gate on them with the first qudit as the control, so to get $$|\phi\rangle_2=\sum_{y=0}^{d-1}|y\rangle_1|y\rangle_2|y\rangle_3$$After this step we perform the Quantum Fourier transformation on all the particles to get $$|\phi\rangle_3=\sum_{y=0}^{d-1}\sum_{k_1=0}^{d-1}\sum_{k_2=0}^{d-1}\sum_{k_3=0}^{d-1}\omega^{(k_1+k_2+k_3)y}|k_1\rangle_1|k_2\rangle_2|k_3\rangle_3$$ Now since the summation is finite i rearrange the terms to get $$|\phi\rangle_3=\sum_{k_1=0}^{d-1}\sum_{k_2=0}^{d-1}\sum_{k_3=0}^{d-1}\sum_{y=0}^{d-1}\omega^{(k_1+k_2+k_3)y}|k_1\rangle_1|k_2\rangle_2|k_3\rangle_3$$ With $$\sum_{i=0}^{d-1}\omega^i=0$$, we have the condition that the state left after this operation will be subject to the condition that $$k_1+k_2+k_3=0\;mod\;d$$ , we will have $$|\phi\rangle_3=\sum_{k_1=0}^{d-1}\sum_{k_2=0}^{d-1}\sum_{k_3=0}^{d-1}|k_1\rangle_1|k_2\rangle_2|k_3\rangle_3$$

now after preparing this state each participant $$A,B,C$$ applies a transformation $$U_{s_B},U_{s_A},U_{s_C}$$ which gives the state as $$|\phi\rangle_3=\sum_{k_1=0}^{d-1}\sum_{k_2=0}^{d-1}\sum_{k_3=0}^{d-1}|k_1+s_A\rangle_1|k_2+s_B\rangle_2|k_3+ s_C\rangle_3$$ After peparing this state the state is returned by the participants to the dealer who measures state for the shares and if it is right then announces the result/secret. Now my questions are:

(i) Even though this is a very preliminary effort, can somebody tell me whether can we can actually do this?

(ii) My second question is if this is possible then can we improve this scheme to achieve the condition for the detection of a fraudulent participant? Can somebody help??

There is one main key point in the description of your question: Is $$s$$ meant to be a classical secret or a quantum secret?
If $$s$$ is meant to be a classical secret, then the answer is yes, but there is not really much quantum in the positive answer. If $$s_A$$, $$s_B$$, and $$s_C$$ are all $$d$$-state digits, then there is a simple construction that works in which $$s$$ is also a $$d$$-state digit. (There is also a simple argument that you cannot make $$s$$ any larger than this.) Namely, you should choose $$s_A$$ and $$s_B$$ uniformly and independently at random, and the then choose $$s_C$$ such that $$s = s_A + s_B + s_C$$ in the abelian group $$\mathbb{Z}/d$$. If you want to make this look quantum, then you can, because you store a digit in a qudit. You can turn $$s_A$$ into $$|s_A\rangle$$, etc. Then you are free to measure all three and take their sum, or just measure their sum. The problem with this answer is that you did more than necessary to share the secret. You only used the qudits as classical digits of the same size. This is like taking a million-dollar luxury car to the supermarket when you could have done the exact same thing with a \\$5,000 used car.
Let's say instead that $$s$$ is meant to be a quantum secret $$|s\rangle$$. Then first of all, your language for extracting the secret is not correct. If the dealer measures everything to gain the secret, then the result cannot be a quantum state $$|s\rangle$$, because everything has been measured and all quantum superposition is then gone. Moreover, the shares must be entangled for this to work, so they are not separate states $$|s_A\rangle$$, $$|s_B\rangle$$, and $$|s_C\rangle$$, but rather a joint state $$|s_{ABC}\rangle$$. To extract $$|s\rangle$$, the dealer must carefully apply some unitary operator to the joint state to get out $$|s\rangle$$ as a piece of some larger state, without measuring $$|s\rangle$$ itself.
So let's say those are the rules. We can go back and borrow a different concept from classical secret-sharing. Namely, instead of 3 parties we may have $$\ell$$ parties. Instead of saying that we need all of the parties together to learning everything and with any fewer we know nothing, we can have the weaker condition that for some $$t < \ell$$, any set of $$t$$ or fewer parties cannot say anything about the secret. Then there is a remarkable fact that a quantum secret-sharing with these rules is exactly the same thing as a quantum error-correcting code (QECC) of length $$\ell$$ using $$d$$-state qudits, with minimum error distance $$t+1$$. Classical error correction is in a natural sense dual to classical secret-sharing. Quantum error correction turns out to be a self-dual problem that is the same as quantum secret-sharing.
If we take the original question in its quantum form, the question becomes finding a QECC of length 3 with $$d$$-state qudits and minimum distance 3. I don't think that any such code exists that can store any non-trivial information, although I would have to do some review to remember how to prove that. I don't even expect there to be such a code with minimum distance 2 (so that only each individual party has no glimpse of the secret) if you want to the secret to have as many as $$d$$ states when $$d=2$$. I can check this in the special class of additive codes, and I can say non-rigorously that additive codes are sometimes optimal. However, if the parameters are $$\ell = 3$$, $$t = 2$$, and $$d$$ an odd integer, then I think that there is an additive QECC of this type. We can assume that $$d=p$$ is prime (because otherwise we can factor $$d$$ and make separate codes). Then we can choose three non-zero exponents $$s,t,u \in \mathbb{Z}/p$$ that sum to zero, and we can make a quantum code that stores one qudit using the quantum parity checks $$X \otimes X \otimes X$$ and $$Z^s \otimes Z^t \otimes Z^u$$.