密碼學的目的是為使合法授權的二方得以秘密進行通訊，更精確地說，一個有效率的密碼系統除可讓此二方順利進行秘密通訊外，並將同時建立足夠的障礙，以防止他方竊取此通訊內容。傳統的密碼學主要倚重於電腦計算上的高複雜度來建立此障礙，而量子密碼學則師法於物理基本原理，特別是量子力學。當主導上一世紀後段的摩爾定律（Moore's Law）即將達到其物理瓶頸，並迫使我們必需面對量子力學上的基本現象時，這樣的轉變欲加彰顯其不可小覷的重要性。
在本研究中，我們首先指出最近有關結合量子直接秘密通訊（quantum secure direct communication）與認證（authentication）機制協定的研究中，存在著一些易受攻擊的弱點，並且造成秘密訊息遭受竊聽者（eavesdropper）甚或是認證者（authenticator）的竊取。為了改善這些弱點，我們提出一個全新的量子通訊協定，在這個協定中，認證者將僅能執行參與使用者的身分認證作業，並無法介入後續使用者的秘密通訊過程，使用者的秘密訊息因而得以確保安全。同時，基於網路環境中，使用者並無法確認網路環境是否確為合法認證者所提供，致使現有部分使用者在一些網路環境中受到偽冒的服務提供者攻擊，因此，我們提出的量子通訊協定也包含一個相互認證（mutual authentication）的機制，亦即除了認證者需認證申請者是否為合法的使用者外，使用者亦會反向檢驗提供服務者是否為合法的認證者，以確保使用者不致將秘密訊息洩漏予偽冒的認證者。
我們的量子雙向認證直接通訊協定主要可分為認證及通訊二大部分，惟有當使用者順利完成認證程序後，認證者才會啟動後續的通訊作業。所提出的認證方法引入了量子貝爾態（Bell states）及量子么正變換（unitary transformations），之後再利用量子纏結置換（entanglement swapping）及本地么正運算（local unitary operations）進行通訊作業。由於巧妙地引用量子纏結置換，認證者在完成認證作業後，將無法再接觸使用者的通訊管道，因而也無法碰觸到使用者之間的秘密訊息。除了量子疊加性（quantum superposition），量子纏結（quantum entanglement）是開啟量子秘密通訊的另一關鍵特性，但因現有技術的限制，目前實作仍僅侷限於二點間利用分享的纏結態以進行量子秘密通訊，尚無法建構同時多點的量子通訊網路，由於我們所提出的方法並未在任二個使用者間相互建立直接的量子通訊管道，因此非常適於多點網路內任二點之間的秘密通訊，未來若量子實作技術改良並成熟後，將可有機會應用於需要相互認證的量子通訊網路中。

Cryptography is the art of enabling two legitimate parties to communicate in secret. An effective cryptosystem should make it easy for legitimate parties to achieve private (secret) communication and in the same time make it very difficult for any illegitimate parties to eavesdrop on the message of the communication. While classical cryptography relies more heavily on the computational complexity of classical computers, quantum cryptography turns to the physical laws, especially in regard to the principles of quantum mechanics. This transformation will play an even more important role when the Moore's Law reaches its physical limit and then we may enter the realm of quantum mechanics.
In this dissertation, we first point out that some recently proposed quantum secure communication protocols without or with authentication schemes in the literature are vulnerable under some specific attacks, and the secrete message will leak out to the eavesdropper or the authenticator who is introduced to authenticate users participating in the communication. We then propose a new protocol that is capable of achieving quantum secure direct communication with mutual authentication as long as the authenticator would do the authentication job faithfully.
Our quantum protocol introduces a mutual authentication procedure, uses the quantum Bell states, and applies unitary transformations in the authentication process. Then it exploits and utilizes the entanglement swapping and local unitary operations in the communication processes. Thus, after the mutual authentication process, the client users are left alone to communicate with each other, and the authenticator has no access to the secrete message. In addition, our protocol does not require a direct quantum link between any two users, who want to communicate with each other. This may also be an appealing advantage in the implementation of a practical quantum communication network in the future.

[1] R. L. Rivest, A. Shamir and L. M. Adleman, A method of obtaining
digital signatures and public-key cryptosystems, Communications
of the ACM, Vol. 21(2), 120, (1978).
[2] P. W. Shor, Algorithms for quantum computation: discrete logarithms
and factoring, In Proceedings, 35th Annual Symposium
on Foundations of Computer Science, IEEE Press, Los Alamitos,
CA, (1994).
[3] L. M. K. Vandersypen, M. Steffen, G. Breyta, C. S. Yannoni,
M. H. Sherwood and I. L. Chuang, Experimental realization
of Shor’s quantum factoring algorithm using nuclear magnetic
resonance, Nature, Vol. 414, 883 (2001).
[4] G. Moore, Cramming More Components onto Integrated Circuits,
Electronics Magazine, Vol. 38, No. 8 (1965).
[5] C. H. Bennett and G. Brassard, Quantum cryptography: public
key distribution and coin tossing, Proceedings of the IEEE International
Conference on Computers, Systems and Signal Processing,
Bangalore, India (IEEE, New York), pp. 175-179 (1984).
[6] D. Mayers, Unconditional security in Quantum Cryptography,
e-print arXiv.org, quant-ph/9802025.
[7] H. -K. Lo and H. F. Chau, Unconditional security of quantum
key distribution over arbitrarily long distances, Science, Vol.
283, p. 2050 (1999).
[8] P. W. Shor and J. Preskill, Simple Proof of Security of the BB84
Quantum Key Distribution Protocol, Physical Review Letters,
Vol. 85, 441 (2000).
[9] K. Inoue, E. Waks and Y. Yamamoto, Differential-phase-shift
quantum key distribution using coherent light, Physical Review
A, Vol. 68, 022317 (2003).
[10] Z. D. Walton, A. F. Abouraddy, A. V. Sergienko, B. E. A. Saleh
and M C. Teich, Decoherence-Free Subspaces in Quantum Key
Distribution, Physical Review Letters, Vol. 91, 087901 (2003).
[11] J.-C. Boileau, R. Laflamme, M. Laforest and C. R. Myers, Robust
Quantum Communication Using a Polarization-Entangled
Photon Pair, Physical Review Letters, Vol. 93, 220501 (2004).
[12] X. Ma, C. -H. Fred Fung, F. Dupuis, K.Chen, K. Tamaki and H.
-K. Lo, Decoy-state quantum key distribution with two-way classical
postprocessing, Physical Review A, Vol. 74, 032330 (2006).
[13] Y. Zhao, B. Qi, X. Ma, H. -K. Lo and L. Qian, Experimental
Quantum Key Distribution with Decoy States, Physical Review
Letters, Vol. 96, 070502 (2006).
[14] C. -Z. Peng, J. Zhang, D. Yang, W. -B. Gao, H. -X. Ma, H.
Yin, H. -P. Zeng, T. Yang, X. -B. Wang and J. -W. Pan, Experimental
Long-Distance Decoy-State Quantum Key Distribution
Based on Polarization Encoding, Physical Review Letters, Vol.
98, 010505 (2007).
[15] A. Beige, B. G. Englert, Ch. Kurstsiefer, and H. Weinfurter, Secure
Communication with a Publicly Known Key, Acta Physica
Polonica A, Vol. 101, 357 (2002).
[16] K. Bostr¨om and T. Felbinger, Deterministic Secure Direct Communication
Using Entanglement, Physical Review Letters, Vol.
89, 187902 (2002).
[17] F. -G. Deng, G. L. Long and X. -S. Liu, Two-step quantum direct
communication protocol using the Einstein-Podolsky-Rosen pair
block, Physical Review A, Vol. 68, 042317 (2003).
[18] F. -G. Deng and G. L. Long, Secure direct communication with
a quantum one-time pad, Physical Review A, Vol. 69, 052319
(2004).
[19] Z. X. Man, Z. J. Zhang and Y. Li, Deterministic secure direct
communication by using swapping quantum entanglement and
local unitary operations, Chinese Physics Letters, Vol. 22, 18
(2005).
[20] M. Lucamarini and S. Mancini, Secure Deterministic Communication
without Entanglement, Physical Review Letters, Vol. 94,
140501 (2005).
[21] C.Wang, F. -G. Deng, Y. S. Li, X. -S. Liu and G. L. Long, Quantum
secure direct communication with high-dimension quantum
superdense coding, Physical Review A, Vol. 71, 044305 (2005).
[22] M. Curty and D. J. Santos, Quantum authentication of classical
messages, Physical Review A, Vol. 64, 062309, (2001).
[23] M. Duˇsek, O. Haderka, M.Hendrych and R. Myˇska, Quantum
identification system, Physical Review A, Vol. 60, 149, (1999).
[24] G. Zeng and W. Zhang, Identity verification in quantum key
distribution, Physical Review A, Vol. 61, 022303, (2000).
[25] D. Ljunggren, M. Bourennane and A. Karlsson, Authority-based
user authentication in quantum key distribution, Physical Review
A, Vol. 62, 022305, (2000).
[26] E. Biham, B. Huttner and T. Mor, Quantum cryptographic network
based on quantum memories, Physical Review A, Vol. 54,
2651, (1996).
[27] S.-J. Qin, F. Gao, Q.-Y. Wen, F.-C. Zhu, A special attack on
the multiparty quantum secret sharing of secure direct communication
using single photons, Optics Communications, Vol. 281,
5472 (2008).
[28] C. -A. Yen, S. -J. Horng, H. -S. Goan and T. -W. Kao, Comment
on “A special attack on the multiparty quantum secret sharing
of secure direct communication using single photons”, Optics
Communications, Vol. 283, 3202 (2010).
[29] G. M. Nikolopoulos, Applications of single-qubit rotations in
quantum public-key cryptography, Physical Review A, Vol. 77,
032348 (2008).
[30] C.-A. Yen, S.-J. Horng, H.-S. Goan, T.-W. Kao and Y.-H. Chou,
Quantum direct communication with mutual authentication,
Quantum Information & Computation, Vol. 9, 376 (2009).
[31] L.-F. Han, Y.-M. Liu, J. Liu and Z.-J. Zhang, Multiparty quantum
secret sharing of secure direct communication using single
photons, Optics Communications, Vol. 281, 2690 (2008).
[32] H. Lee, J. Lim and H. Yang, Quantum direct communication
with authentication, Physical Review A, Vol. 73, 042305 (2006).
[33] Z. J Zhang, J. Liu, D. Wang and S. H. Shi, Comment on “Quantum
direct communication with authentication”, Physical Review
A, Vol. 75, 026301 (2007).
[34] Nakahara, Mikio and Tetsuo Ohmi, Quantum computing; from
linear algebra to physical realizations, CRC Press, p.29 (2008).
[35] Norwood Russell Hanson, Copenhagen Interpretation of Quantum
Theory, American Journal of Physics, Vol. 27, p.1 (1959).
[36] M. A. Nielsen and I. L. Chuang, Quantum Computation and
Quantum Information, Cambridge, U.K.: Cambridge Univ.
Press, pp.80-97 (2000).
[37] C. J. Isham, Lectures on Quantum Theory: Mathematical and Structural Foundations, World Scientific Publishing Company,
Imperial College Press, London, pp.72-75 (1995).
[38] P. Dirac, The principles of quantum mechanics, Oxford, U.K.:
Oxford Univ. Press, pp.11-17 (1982).
[39] M. A. Nielsen and I. L. Chuang, Quantum Computation and
Quantum Information, Cambridge, U.K.: Cambridge Univ.
Press, pp.13-16 (2000).
[40] M. A. Nielsen and I. L. Chuang, Quantum Computation and
Quantum Information, Cambridge, U.K.: Cambridge Univ.
Press, pp.174-177 (2000).
[41] C. H. Bennett and S. J. Wiesner, Communication via one- and
two-particle operators on Einstein-Podolsky-Rosen states, Physical
Review Letters, Vol. 69, 2881 (1992).
[42] A. Einstein, B. Podolsky and N. Rosen, Can Quantum-
Mechanical Description of Physical Reality Be Considered Complete?
Physical Review, Vol. 47, 777 (1935).
[43] J. S. Bell, On the einstein-podolsky-rosen paradox, Physics, Vol.
1, 195 (1964).
[44] C. H. Bennett, G. Brassard, C. Cr´epeau, R. Jozsa, A. Peres and
W. K. Wootters, Teleporting an unknown quantum state via
dual classical and Einstein-Podolsky-Rosen channels, Physical
Review Letters, Vol. 70, 1895 (1993).
[45] S. Wiesner, Conjugate coding, ACM SIGACT News, Vol. 15 ,
pp. 78 - 88 (1983).
[46] Wootters, W.K. and Zurek, W.H., A Single Quantum Cannot
be Cloned, Nature, 299, pp. 802-803 (1982).
[47] M. ˙Zukowski, A. Zeilinger, M. A. Horne and A. K. Ekert,
‘‘Event-ready-detectors’’ Bell experiment via entanglement
swapping, Physical Review Letters, Vol. 71, 4287 (1993).
[48] S. Bose, V. Vedral and P. L. Knight, Multiparticle generalization
of entanglement swapping, Physical Review A, Vol. 57, 822
(1998).
[49] Z. J. Zhang and Z. X. Man, Deterministic secure direct communication
by using swapping quantum entanglement and local
unitary operations, e-print arXiv.org, quant-ph/0403218.
[50] M. Hillery, V. Buˇzek and A. Berthiaume, Quantum secret sharing,
Physical Review A, Vol. 59, 1829 (1999).
[51] C. E. Shannon, Communication Theory of Secrecy Systems, Bell
System Technical Journal, Vol.28(4), pp. 656-715 (1949).
[52] C. H. Bennett, Quantum cryptography using any two nonorthogonal
states, Physical Review Letters, Vol. 68, 3121 (1992).
[53] A. K. Ekert, Quantum cryptography based on Bell’s theorem,
Physical Review Letters, Vol. 67, 661 (1991).
[54] C. H. Bennett, G. Brassard and N. D. Mermin, Quantum cryptography
without Bell’s theorem, Physical Review Letters, Vol.
68, 557 (1992).
[55] G. S. Vernam, Cipher Printing Telegraph Systems For Secret
Wire and Radio Telegraphic Communications, Journal of the
American Institute of Electrical Engineers, Vol. 55, 109 (1926).
[56] S. Lin, Q.-Y.Wen, F. Gao and F.-C. Zhu, Quantum secure direct
communication with -type entangled states, Physical Review
A, Vol. 78, 064304 (2008).
[57] B. Schneier, Applied Cryptography: protocols, algorithms, and
source code in C, edition 2nd, John Wiley & Sons New York,
p.70 (1996).
[58] D. Greenberger, M. Horne and A. Zeilinger, in: Bell’s Theorem,
Quantum Theory, and Conceptions of the Universe, M. Kafatos
(Ed.), Kluwer, Dordrecht, 69-72 (1989).
[59] M. Hillery, V. Buˇzek and A. Berthiaume, Quantum secret sharing,
e-print arXiv.org quant-ph/9806063.
[60] A. Karlsson, M. Koashi and N. Imoto, Quantum entanglement
for secret sharing and secret splitting, Physical Review A, Vol.
59, 162 (1999).
[61] L. Xiao, G. Lu Long, F.-G. Deng and J.-W. Pan, Efficient multiparty
quantum-secret-sharing schemes, Physical Review A, Vol.
69, 052307 (2004).
[62] S. K. Singh and R. Srikanth, Generalized quantum secret sharing,
Physical Review A, Vol. 71, 012328 (2005).
[63] Z.-J. Zhang, Y. Li and Z.-X. Man, Multiparty quantum secret
sharing, Physical Review A, Vol. 71, 044301 (2005).
[64] S. Bagherinezhad and V. Karimipour, Quantum secret sharing
based on reusable Greenberger-Horne-Zeilinger states as secure
carriers, Physical Review A, Vol. 67, 044302 (2003).
[65] V. Karimipour, A. Bahraminasab and S. Bagherinezhad, Entanglement
swapping of generalized cat states and secret sharing,
Physical Review A, Vol. 65, 042320 (2002).
[66] Z.-J. Zhang and Z.-X. Man, Multiparty quantum secret sharing
of classical messages based on entanglement swapping, Physical
Review A, Vol. 72, 022303 (2005).
[67] F.-L. Yan and T. Gao, Quantum secret sharing between multiparty
and multiparty without entanglement, Physical Review A,
Vol. 72, 012304 (2005).
[68] Y. Sun, Q.-Y. Wen, F. Gao, X.-B. Chen and F.-C. Zhu, Multiparty
quantum secret sharing based on Bell measurement, Optics
Communications, Vol. 282, 3647 (2009).
[69] W. Tittel, H. Zbinden and N. Gisin, Experimental demonstration
of quantum secret sharing, Physical Review A, Vol. 63,
042301 (2001).
[70] H. F. Chau, Practical scheme to share a secret key through a
quantum channel with a 27.6% bit error rate, Physical Review
A, Vol. 66, 060302 (2002).
[71] C. Schmid, P. Trojek, M. Bourennane, C. Kurtsiefer, M.
˙Z
ukowski and H. Weinfurter, Experimental Single Qubit Quantum
Secret Sharing, Physical Review Letters, Vol. 95, 230505
(2005).
[72] A. M. Lance, T. Symul, W. P. Bowen, B. C. Sanders, T. Tyc,
T. C. Ralph and P. K. Lam, Continuous-variable quantum-state
sharing via quantum disentanglement, Physical Review A, Vol.
71, 033814 (2005).
[73] G. Gordon and G. Rigolin, Generalized quantum-state sharing,
Physical Review A, Vol. 73, 062316 (2006).
[74] T. Gao, F.-L. Yan, Z.-X. Wang, Quantum secure direct communication
by Einstein-Podolsky-Rosen pairs and entanglement
swapping, Nuovo Cimento B, Vol. 119, 313 (2004).
[75] A. -D. Zhu, Y. Xia, Q. -B. Fan and S. Zhang, Secure direct
communication based on secret transmitting order of particles,
Physical Review A, Vol. 73, 022338 (2006).
[76] F. -G. Deng, X. -H. Li, C. -Y. Li, P. Zhou and H. -Y. Zhou,
Quantum secure direct communication network with Einstein-
Podolsky-Rosen pairs, Physics Letters A, Vol. 359, 359 (2006).
[77] J. Wang, Q. Zhang and C. -J. Tang, Quantum secure direct communication based on order rearrangement of single photons,
Physics Letters A, Vol.358, 256 (2006).
[78] C. Wang, F. G. Deng and G. L. Long, Multi-step quantum
secure direct communication using multi-particle Green-Horne-
Zeilinger state, Optics Communications, Vol. 253, 15 (2005).
[79] X. -R. Jin, X. Ji, Y. -Q. Zhang, S. Zhang, S. -K. Hong, K.
-H. Yeon and C. -I. Um, Three-party quantum secure direct
communication based on GHZ states, Physics Letters A, Vol.
354, 67 (2006).
[80] J. Wang, Q. Zhang and C. -J. Tang Multiparty controlled quantum
secure direct communication using Greenberger-Horne-
Zeilinger state, Optics Communications, Vol. 266, 732 (2006).
[81] A. Chamoli and C. M. Bhandari, Secure direct communication
based on ping—pong protocol, Quantum Information Processing,
Vol. 8, 347 (2009).
[82] A. W´ojcik, Eavesdropping on the Ping-Pong Quantum Communication
Protocol, Physical Review Letters, Vol. 90, 157901
(2003).
[83] Z. Zhang, Z. Man and Y. Li, Improving W´ojcik’s eavesdropping
attack on the ping-pong protocol, Physics Letters A, Vol. 333,
46 (2004).
[84] Z. -J. Zhang, Y. Li, Z. -X. Man, Improved Wojcik’s eavesdropping
attack on ping-pong protocol without eavesdroppinginduced
channel loss, Physics Letters A, Vol. 341, 385 (2005).
[85] K. Bostr¨om and T. Felbinger, On the security of the ping-pong
protocol, Physics Letters A, Vol. 372, 3953 (2008).
[86] D. Gottesman and I. L. Chuang, Quantum digital signatures,
e-print arXiv.org, quant-ph/0105032.
[87] F. Gao, Q.-Y. Wen, S.-J. Qin, F.-C. Zhu, Quantum asymmetric
cryptography with symmetric keys, e-print arXiv.org, quantph/
0810.2859.
[88] G. M. Nikolopoulos, Erratum: Applications of single-qubit rotations
in quantum public-key cryptography, Physical Review A,
Vol. 78, 019903 (2008).
[89] R. G. Gallager, Low Density Parity Check Codes, IRE Transactions
on Information Theory, IT-8, 21 (1962).
[90] R. Tanner, A recursive approach to low complexity codes, IEEE
Transactions on Information Theory, Vol. 27, 533 (1981).
[91] B. M. J. Leiner, LDPC Codes - a brief Tutorial (2005).
[92] D. MacKay and R. Neal, Good codes based on very sparse matrices,
in:Cryptography and Coding, 5th IMA Conf., Berlin, Germany:
Springer, pp. 100-111 (1995) .
[93] D. MacKay, Good error-correcting codes based on very sparse
matrices, IEEE Transactions on Information Theory, Vol. 45,
399 (1999).
[94] N. Alon and M. Luby, A Linear Time Erasure-Resilient Code With Nearly Optimal Recovery, IEEE Transactions on Information
Theory, Vol. 42, 1732 (1996).
[95] A. R. Calderbank and P. W. Shor, Good quantum errorcorrecting
codes exist, Physical Review A, Vol. 54, 1098 (1996).
[96] A. M. Steane, Error Correcting Codes in Quantum Theory,
Physical Review Letters, Vol. 77, 793 (1996).
[97] S. Lin and D. J. Costello, Error Control Coding, Second Edition,
p.51, Upper Saddle River, NJ, USA, Prentice-Hall, Inc. (2004).
[98] S. W. McLaughlin, http://www.ece.gatech.edu/users/swm/ECE
6606/LDPC.pdf.
[99] W. Wasilewsk and K. Banaszek, Protecting an optical qubit
against photon loss, Physical Review A, Vol. 75, 042316 (2007).
[100] B. Schneier, Applied Cryptography, edition 2nd, John Wiley &
Sons New York (1996).
[101] M. N. Wegman and J. L. Carter, New hash functions and their
use in authentication and set equality, Journal of Computer and
System Sciences, Vol. 22, 265-279 (1981).