1 Introduction

Secret sharing, firstly introduced by Shamir[1]and Blakley,[2]is a cryptographic primitive which plays a significant role in the various secure multiparty computation tasks and management of keys.Secret sharing has extended to the quantum field.[3−9]Quantum secret sharing(QSS)is also a cryptographic protocol to distribute either a classical secret(string of bits)or a quantum secret(unknown quantum state)to a group of players P such that only authorized subsets of P can collaboratively recover the secret.The security of most classical cryptographic systems is based on the assumptions of computational complexity,which might be broken by the strong power of advanced algorithms,such as Shor algorithm.In addition,another main drawback of classical secret sharing schemes is that they are not perfectly secure from an eavesdropper attack.Compared to the classical one,QSS can enforce the security for cryptographic tasks due to the quantum no-cloning theorem and uncertainty properties of quantum mechanics.[10−11]In 1999,Hillery et al.[3]firstly introduced a protocol of QSS by using GHZ states.At the same year,Karlsson et al.[12]showed how a QSS protocol can be implemented using two-particle quantum entanglement and discussed how to detect eavesdropping or a dishonest participant.In 2004,Xiao et al.[13]generalized the QSS of Hillery et al. into arbitrary multipartite entangled state.From then on,various QSS schemes have been proposed.[14−23]Many scholars gave QSS schemes based on different principles,such as quantum error-correcting code[24]and local distinguishability of quantum states.[25−29]In these works,it has been shown that QSS is not only a mere theoretical concept,but also an experimental possibility.[30]

With the development and application of quantum communication,it is a great idea to design a quantum protocol with a single state.Recently,Tavakoli et al.[31]proposed a model of(n,n)-threshold secret sharing with a single d-level quantum system(for any prime d).This model has huge advantages in scalability and can be realized with state-of-the-art technology.However,in this scheme,there are two deficiencies.Firstly,the successful probability of each round is dependent on d measurement bases,that is,the efficiency is 1/d.With the increase of d,the efficiency of this scheme will be very low.In order to improve this problem,Karimipour et al.[32]proposed a QSS with a random walk in a lattice of states for arbitrary d.With this random walk picture at hand,they can improve their scheme efficiency to reach 1/2.Although the efficiency has been improved,Lin et al.[33]found that their scheme was not secure for one dishonest who can recover the secret without the help of other participants.Secondly,Tavakoli’s scheme is just an(n,n)-threshold and not suitable for a general access structure.For the problem,Lu et al.[34]proposed a(t,n)-threshold QSS scheme based on a single d-level quantum system.In this scheme,they employed the classical Shamir’s(t,n)-threshold secret sharing.However,it cannot be applied to the general access structure.The general access structure of a secret sharing scheme is a family of all authorized sets.In general,access structures are considered to be monotone,i.e.,any superset of an authorized set must be authorized.Because each person has different weight in real life,the ability to recover the secret is different.Therefore,this general access structure is of practical significance and plays a major role in secret sharing schemes.

刘彬告诉记者：“农民种地就是要种好地。我们相信，通过农拓者作物一站式全程解决方案的帮助下，和保姆式服务的服务下，我们不仅能帮助农民实现优质高产的梦，同时在五到七年的时间，做大做好属于农拓者的农产品品牌。”而我们也相信，在全产业链模式的引领和带动下，新疆辣椒（色素）产业的发展也将红遍新疆的每一寸土地！

In this paper,we propose a new QSS scheme,which can solve the above two problems.For the first problem,the distributor Alice in our scheme voluntarily chooses the measurement bases and sends them to all participants through quantum secure direct communication.[35]This operation can not only improve the efficiency of the protocol but also reduce the possibility of information leakage.Through this method,the efficiency of our scheme can reach 1.For the second problem,we treat each authorized set as a small threshold scheme.By cascading method,we apply our scheme to the general access structure,which makes it more practical.In particular,if the access structure contains only one authorized set,our scheme will be the same as Tavakoli’s.Therefore,our scheme is more extensive and meaningful.

The structure of the paper is organized as follows.In Sec.2,we give some preliminaries.In Sec.3,we propose the quantum secret sharing scheme for a general access structure and show an example.Section 4 analyzes the security and compares our scheme with the existing scheme.Finally,the conclusion is given in Sec.5.

2 Preliminaries

In this section we briefly recall some basic concepts such as the access structure and mutually unbiased(orthonormal)bases.

2.1 Access Structure

Let P be a set of players,then the authorized set is a subset of P,which can reconstruct the original secret.The access structure Γ of a secret sharing scheme is a family of all authorized sets.In general,access structures are considered to be monotone increasing,i.e.,any superset of an authorized set must be authorized.For A,A′⊆ P,if A ∈ Γ and A ⊆ A′,then A′∈ Γ.The basis of Γ is the collection of all minimal authorized sets of P.We assume that every participant belongs to at least one minimal authorized set.

2.2 Mutually Unbiased Bases and Unitary Operation

Mutually unbiased bases(MUBs)are the important tool in many quantum information processing.As noted in Refs.[36–37],it is possible to find d+1 MUBs in d-dimensional quantum system only if d is(any power of prime numbers)an odd prime. At first,the computational basis is denoted by{|k⟩|k ∈ D},where D={0,...,d−1}.For consistency,we also restrict d to odd prime number in the whole article.

3) 已知驱动铁钻工回转需要TH=11 894 Nm的转矩，根据传动比可以计算出T1=2 787 Nm，T2=4 703Nm。

Besides the computational basis,the explicit forms of the remaining d sets of MUBs are

where ω =e2πi/d,j ∈ D labels the basis and l∈ D enumerates the vectors of the given basis.They are mutually unbiased because the overlap is

设计意图 通过练习帮助学生进一步理解三角函数的概念，并能运用概念灵活求直角三角形中锐角的函数值，使学生对知识的理解螺旋上升，形成能力，达到了较高要求.

Internal attack In the following,we will primarily consider the participants conspiracy attack because it is always easier and more powerful than external attack and the participants can get more useful information than a fourth eavesdropper.In the worse case,only the distributor Alice and one more participant in each authorized set are honest.For example,we assume thatis honestand the rest t−1 are conspiring players.If they do not send their private keys to the TDC,they cannot recover any information because they do not know the TDC’s operator.If they send their private keys to the TDC,they can not restore the original information because the TDC does not start until it must receive all data.Even ifalso sends his key,they still can not obtain the secret due to the lack of Alice’s parameter αi.Because Alice’s parameter setting is dependent on the participant keys,if they send some fake keys,then the TDC will output “No”,that is,they cannot get the secret.

Using Eqs.(1)and(3),we can get

实现难点：OTN体系中增加L3支持，需要精心裁剪功能并 在OTN接口板卡中增加NP，功耗控制和可靠性保持不易。

For convenience,the operatoris written as Ux,y,

3 The QSS Scheme on Access Structure

In this section,we propose our scheme using a single qudit to realize a general access struture.Assume that the distributor Alice wants to share secret messages to a group P with n participants,and the general access structure is denoted by

where Ai(i=1,2,...,r)is the minimal authorized set.

By cascading method,we utilize our new scheme to implement the general access structure Γ,which every minimal authorized set Aican be realized by a small threshold scheme(see Fig.1).

本研究中补肾活血通窍方组成仙鹤草30g，熟地黄 15g，山萸肉 15g，山药10g，补骨脂 10g，菟丝子10g，狗脊 10g，枸杞子 10g，五味子 10g，磁石 30g，王不留行 18g，桃仁 10g，葛根 10g，石菖蒲 6g，炒谷芽15g。方中选用熟地、山茱萸、山药补肾益气健脾为君药；补骨脂，菟丝子、枸杞子、五味子入肝肾经，补中有泻，泻中有补，平补肝肾为臣药；王不留行、桃仁活血化瘀，寓祛瘀生新之意为臣药，磁石平肝潜阳、聪耳明目，五味子酸甘养护心肾，炒谷芽健脾为佐药，石菖蒲健脾宁神开窍，葛根鼓舞清阳，引药达病所为使药，诸药合用以达补肾活血通窍之力。

In order to facilitate the description of our scheme,suppose the minimal authorized set Aiis expressed as

Step 1 Preparation:According to the authorized set Ai,the distributor Alice randomly chooses some numbers,and sendsto the participantthrough quantum secure direct communication.Note that ifappears in a different authorized set,Alice sends only one y(ν)i .

Step 3 Measurement:After Alice has received the signal state,she determines which basis to measure the particle according toThrough her calculation,if they satisfy the following condition

Step 2 Distribution:Alice sends this stateto the fi rst participantin the authorized set Ai.After receiving the statehas not generated a private keythen he randomly chooses a numberOtherwise,the operation is skipped.Combined withsent by Alice,he performs the corresponding operationon this particle.sends the new state the next participantin Ai.Thendoes the same operation asIn turn,the last participantin Aisends the new state to Alice until he follows the above method.

Fig.1 (Color online)A flow chart for the access structure Γ={A1,A2,...,Ar},where Ai(i=1,2,...,r)is the minimal authorized set.Blue and red dots represent all participants,where red dots indicate that participants appear in different minimal authorized sets.Arrows denote the direction of particle transport.Every minimal authorized set Aican be realized by a threshold scheme.

For authorized set Ai(i=1,2,...,r),the protocol works because after all the transformations the final state reads

For the authorized set Ai,Alice generates two random numbersD and prepares a stateD and only Alice knows li,ji).Then she performs the operationand obtains a new signal state

then she chooses theto make a measurement on the last particle and records the measurement result ai.It implies that the private data of all participants in the authorized setsatisfy globally consistency condition

Step 4 Detection:In order to check the security,for a randomly chosen(by Alice)subset of the rounds,all participantsin Aisend their values of their private datato her,and Alice checks condition(7).If Eq.(7)does not hold,she aborts the scheme and starts again with a new set of resources.

Step 5 Reconstruction:If no eavesdropper is detected,according toand the measurement result ai,Alice can deduce that

For different authorized sets,there may be different bis.Therefore,Alice depends on bito adjust the parameter αi.In order to restore the original secret,each participant in Aisends the private keyto the trusted designed combiner(TDC).Afterwards,Alice also sends the parameter αiassociated with the authorized set Aito the TDC.After the TDC has received all data,it performs an operator O,which is denoted by

External attack The first strategy for the eavesdropper Eve is the intercept-and-resend attack.For this attack,we consider two cases.

The second strategy for the eavesdropper Eve is the entangle-and-measure attack.Assuming that the eavesdropper Eve implements ancillary system to obtain the information.Suppose that Eve performs the unitary transform UEto entangle an auxiliary particle on the transmitted particle and then measures the auxiliary particle to steal secret information.Without loss of generality,we consider the basisin the following forms,

Fig.2 (Color online)A distributive flow chart for the access structure Γ={P1P2,P2P3P5,P1P4P5},where Ux,y represents everyone operation,the red line represents the authorized set P1P2,the blue line represents the authorized set P2P3P5and the black line represents the authorized set P1P4P5.

In accordance with the above steps all participants have their private keys.We assume that x1=0,x2=2,x3=3,x4=1,x5=3 respectively.

2011年12月，德阳市成立家政服务行业协会，明宏成为首任会长，企业成为国家家政服务龙头型企业。2016年3月，家道家政获得德阳市首个服务业知名商标。

For the authorized set A1={P1P4P5},Alice can calculate that x1+x4+x5=4.Then she can choose parameter α1=3 and send it to the TDC.In order to restore the secret,P1,P4and P5send their private keys to the TDC.At last,the TDC can output the secret s=2(see Fig.3).

Fig.3 Reconstruction for the authorized set P1P4P5.

For the authorized set A2={P2P3P5},Alice can choose parameter α2=4 and send it to the TDC.P2,P3and P5send their private keys to the TDC.Then,the TDC can calculate α2+x2+x3+x5=12 mod 5=2 and output the secret s=2.

For the authorized set A3={P1P2},Alice can choose parameter α3=0.The TDC can calculate α3+x1+x2 and output the secret.

4 Analysis of Our Scheme

4.1 Security Discussion

In Ref.[31],Tavakoli et al.have given the security analysis of their scheme.However,we have improved their scheme and implemented a general access structure using cascading method.In order to check the security of our scheme,we analyse the attacks of our scheme,i.e.external attack and internal attack.

If Alice’s secret is more than one bit,Alice and all participants in the authorized set Aiexecute Steps 1–5 repeatedly.In order to save costs,the measurement basis information,can be reused.At the same time,Alice only needs to changeto ensure the security of every round.

(a)Eve may intercept the qudit,in the stateon the way fromin the authorized set Ai.

(b)Eve may intercept the qudit sent by the distributor Alice and send a qudit of her own to the first participantin Aiin its stead.Eve collects her qudit once it is sent by the last participantin Ai.

However,for two cases,she does not have any information about the measurement basis becausein our protocol are sent to participants through quantum secure direct communication without publication.In order to get the original secret,she can only choose one of d relevant bases to measure.Obviously,Eve can obtain the correct measurement result only when she happens to choose the true basis j′=j.Therefore,the successful probability is 1/d.The eavesdropping,to some extent depending on d,causes inconsistencies between the private data and condition(7).In addition,if Alice sends n-bit secret,the successful probability to obtain information is(1/d)n.Thus when the numbers of n get larger,the probability is(1/d)n≈0.Therefore,this intercept-and-resend attack does not work in our scheme.

Example 1 In order to explain our scheme more clearly,we will give an example in the following.Suppose the access structure is denoted by Γ={P1P4P5,P2P3P5,P1P2}with five honest participants and Alice wants to share the secret message s=2∈F5.We give a distributive flow chart for the access structure(see Fig.2).

where ω =e2πi/d;|E⟩is the initial state of Eve’s ancillary system;|εkm⟩(k,m=0,1,...,d−1)is the pure auxiliary state determined uniquely by the unitary transform UE,and

In order to avoid introducing the error rate,Eve has to set:akm=0,where km and k,m ∈ {0,1,...,d−1}.Therefore,Eq.(10)and Eq.(11)can be simplified as follows:

Similarly,Eve can obtain thatwhere g ∈ {0,1,...,d−1}and gl.Then for any l∈{0,1,...,d−1},we can get d equations.According to these d equations,we can compute that

Therefore,no matter what the useful state is,Eve can only obtain the same information from ancillary particles.The similar discussion can be applied for the other quantum stateTherefore,the entangle-and-measure attack is unsuccessful.

《厕所》里的哥哥莫里有惊恐障碍患者，之前在钢琴比赛的时候发作过一次，在妈妈去世之后更是严重到闭门不出。他在整理妈妈遗物时发现了缝纫机和布料，布料和小时候妈妈穿的长裙一模一样，于是他爱上了缝纫机和穿长裙，之后他竟然也可以穿着长裙弹琴，惊恐障碍症也没有发作。缝纫机是妈妈的遗物，长裙能让他想起了和妈妈在一起的童年时光。弟弟雷，他偏爱机器人模型到着魔，如果公寓着火，他会本能抢救机器人模型，痴迷的原因是因为雷的亲生妈妈去世之后，他哭得很伤心，莫里的妈妈给他买了机器模型，开心地瞬间忘记了亲生妈妈去世的事。

In Ref.[31],the authors considered that an alternative attack used by Eve is to send via the unitary gate of playerone more qudit or even a multiqudit pulse so that it can be somehow intercepted by her beyond the gate without intercepting the protocol qudit.For the eavesdropping,it is not suitable for our scheme and she cannot learn the actual unitary transformation,becausein our protocol are not announced.

1.暴露源及其危险度：确定具有传染性的暴露源包括血液、体液、精液和阴道分泌物。脑脊液、关节液、胸水、腹水、心包积液、羊水也具有传染性，但其引起感染的危险程度尚不明确。粪便、鼻分泌物、唾液、痰液、汗液、泪液、尿液及呕吐物通常认为不具有传染性。

In Ref.[31],the encoding operation consists of two unitary operators,Xdand Yd,which are depicted as follows:

热情是学习的动力之源，跨境电商可以很好地调动学生自主创业的激情。学校可以组织学生在教师的指导下，创立个人小微企业，寻找本地货源，通过跨境电商平台在网上寻找客户进行销售，一旦达成交易赚取利润，则可以极大地激发学生的创业激情，使其自觉地投入跨境电商实践中锻炼自己的实践技能。与此同时，学校还可以积极地组织学生参加各个层次的跨境电商创新创业大赛，根据学生所代理的企业店铺运营情况的好坏来衡量学生的实践技能水平。通过参加该类型的比赛也可以让学生比较直观地体验到跨境电商工作流程，并帮助他们认清自己的不足之处，从而达到以赛促学的效果。

4.2 Comparision

In this section,we compare our protocol with Tavakoli’s scheme[31]in Table 1.

In Tavakoli’s scheme,all participants randomly choose the measurement basis information y1,...,yn,that is,the distributor Alice does not know any information about the measurement basis.Before announcing them,she randomly chooses the basis MJ={|e(J)x ⟩|x∈D}(J∈D)to measure her own particle.Therefore,the probability of a valid round is 1/d.In addition,after y1,...,ynare announced,the eavesdropper may learn x1,...,xnfrom the attack with one more qudit or even a multiqudit pulse through the unitary gate.Therefore,the announcement of these data increases the probability of information leakage.In our protocol,the distributor voluntarily chooses y1,...,ynwithout announcement,that is,she knows the measurement basis information.Therefore,the probability of a valid round is 1.

In addition,Tavakoli et al. proposed an(n,n)-threshold scheme,i.e.,the(n,n)-threshold access structure.In our protocol,we give a quantum secret sharing scheme to realize a general access structure.If the access structure contains only one authorized set,then our scheme will become an(n,n)-threshold scheme.Therefore,our scheme is more extensive and meaningful.

Table 1 Comparison of Tavakoli’s scheme[31]and our proposed one.

Tavakoli’s scheme Our proposed scheme Quantum state Single qudit Single qudit Valid probability 1/d 1 Access structure (n,n)-threshold General access structure

5 Conclusion

In this paper,we proposed a quantum secret sharing scheme with a single d-level quantum state to realize a general access structure.In the proposed protocol,we still applied the cyclic property of MUBs because these bases are important tools in quantum information processing.In addition,we also analysed the security of our scheme against primary quantum attacks and compared our protocol with Tavakoli’s scheme.For our scheme,the probability of each valid round is 1.When our access structure contains only one authorized set,our scheme will be the same as Tavakoli’s.

However,since MUBs are still unknown,we only consider the odd primes.For even number or power of prime number,we do not give any discussion.In Refs.[36–27],many algebraic properties of power of prime numbers have been given,then we hope that more researchers will study these problems and propose more important schemes.

对广大青年来说,新时代既是最大的人生际遇,也是最大的人生考验。习近平总书记衷心希望“每一个青年都成为社会主义建设者和接班人,不辱时代使命,不负人民期望。”[17]青年发展观的提出与深化,回应着时代赋予青年人的重要使命,引导着青年成为社会发展与国家建设过程中的重要生力军。

Acknowledgements

方法点睛 此题要求“a”的范围，应先借助坐标系画出MN的位置，然后分类探求．因为二次函数图象经过定点(0，2)，所以，当a<0时，抓住“定点+左端点M”；当a>0时，要考虑两种特殊情形，既要抓住“定点+右端点N”，且又要抓住“抛物线与线段MN有两个交点的情况”，接着列式计算而获解．解答此题的关键是分层分类，抓住“一定(0，2)一端点(经过点M或N)”进行多层考虑、多面探求，然后再结合题意确定a的范围．

We want to express our gratitude to anonymous referees for their valuable and constructive comments.

References

[1]A.Shamir,Commun.ACM 22(1979)612.

[2]G.R.Blakley,in Proceedings of the National Computer Conference,(AFIPS,1979)(1979)pp.313–317.

[3]M.Hillery,V.Buzek,and A.Berthiaume,Phys.Rev.A 59(1999)1829.

[4]R.Cleve,D.Gottesman,and H.K.Lo,Phys.Rev.Lett.83(1999)648.

[5]D.Gottesman,Phys.Rev.A 61(2000)042311.

[6]F.G.Deng,H.Y.Zhou,and G.L.Long,J.Phys.A:Math.Gen.39(2006)14089.

[7]A.M.Lance,T.Symul,W.P.Bowen,et al.,Phys.Rev.Lett.92(2004)177903.

[8]F.G.Deng,X.H.Li,C.Y.Li,et al.,Phys.Rev.A 72(2005)044301.

[9]G.Gordon and G.Rigolin,Phys.Rev.A 73(2006)062316.

[10]W.K.Wootters and W.H.Zurek,Nature(London)299(1982)802.

[11]D.Dieks,Phys.Lett.A 92(1982)271.

[12]A.Karlsson,M.Koashi,and N.Imoto,Phys.Rev.A 59(1999)162.

[13]L.Xiao,G.L.Long,F.G.Deng,and J.W.Pan,Phys.Rev.A 69(2004)052307.

[14]H.Cao and W.P.Ma,IEEE Photonics J.9(2017)1.

[15]C.M.Bai,Z.H.Li,T.T.Xu,and Y.M.Li,Int.J.Theor.Phys.55(2016)4972.

[16]A.Maitra,S.J.De,G.Paul,and A.K.Pal,Phys.Rev.A 92(2015)022305.

[17]L.H.Gong,H.C.Song,C.S.He,et al.,Physica Scripta 89(2014)035101.

[18]P.Sarvepalli and R.Raussendorf,Phys.Rev.A 81(2010)052333.

[19]L.Y.Hsu and C.M.Li,Phys.Rev.A 71(2005)022321.

[20]C.M.Bai,Z.H.Li,M.M.Si,et al.,Eur.Phys.J.D 71(2017)255.

[21]X.J.Wang,L.X.An,X.T.Yu,et al.,Phys.Lett.A 381(2017)3282.

[22]Y.F.He and W.P.Ma,Int.J.Quantum Inf.14(2016)1650007.

[23]K.J.Zhang,L.Zhang,T.T.Song,et al.,Science China Phys.Mech.&Astron.6(2016)1.

[24]Z.Zhang,W.Liu,and C.Li,Chin.Phys.B 20(2011)050309.

[25]R.Rahaman and M.G.Parker,Phys.Rev.A 91(2015)022330.

[26]Y.H.Yang,F.Gao,X.Wu,et al.,Sci.Rep.5(2015)16967.

[27]C.M.Bai,Z.H.Li,T.T.Xu,et al.,Quantum Inf.Process 16(2017)59.

[28]J.Wang,L.Li,H.Peng,and Y.Yang,Phys.Rev.A 95(2017)022320.

[29]J.T.Wang,G.Xu,X.B.Chen,et al.,Phys.Lett.A 381(2017)998.

[30]H.Lu,Z.Zhang,L.K.Chen,et al.,Phys.Rev.Lett.117(2016)030501.

[31]A.Tavakoli,I.Herbauts,M.Zukowski,and M.Bourennane,Phys.Rev.A 92(2015)030302(R).

[32]V.Karimipour and M.Asoudeh,Phys.Rev.A 92(2015)030301(R).

[33]S.Lin,G.D.Guo,Y.Z.Xu,et al.,Phys.Rev.A 93(2016)062343.

[34]C.Lu,F.Miao,et al.,Quantum Inf.Process 17(2018)64.

[35]C.Wang,F.Miao,Y.S.Li,et al.,Phys.Rev.A 71(2005)044305.

[36]I.D.Ivonovic,J.Phys.A:Math.Gen.14(1981)3241.

[37]W.K.Wootters and B.D.Fields,Ann.Phys.191(1989)363.