Quantum Anonymous Notification Protocol

Updated 22 November 2025

Quantum Anonymous Notification Protocol is a cryptographic primitive that enables anonymous notifications in quantum networks using entangled GHZ/W states and minimal classical communication.
It employs single-qubit operations and phase-flip techniques to guarantee information-theoretic anonymity and tracelessness, even against colluding adversaries.
Extensive security proofs, resource analyses, and experimental validations support its use in anonymous transmissions, private comparisons, and multiparty quantum tasks.

Quantum Anonymous Notification (QAN) Protocols constitute a class of cryptographic primitives for quantum networks, enabling a party (the notifier or sender) to anonymously inform another party (the receiver) of an intended quantum communication. QAN ensures information-theoretic sender and receiver anonymity against both internal and external adversaries, while providing correctness, robustness, and often the "traceless" property. These protocols are foundational for anonymous transmission, anonymous private comparison, and other multi-party quantum cryptographic tasks, and are implemented with resources such as Greenberger–Horne–Zeilinger (GHZ) or W states, single-qubit local operations, and minimal classical communication.

1. System Model, Resources, and Definitions

The QAN setting comprises $n$ nodes connected via quantum channels and a classical network. Typical primitives require pre-distribution of either $n$ -qubit entangled states (GHZ or W) or pairwise classical secrets. Quantum communication is orchestrated by an untrusted or trusted source. Classical channels may include pairwise-private, broadcast, or simultaneous broadcast capabilities.

Adversary Model: Permits arbitrary collusion: up to $t \leq n-2$ nodes may act dishonestly; in some models, a semi-honest or fully malicious quantum source is allowed (Unnikrishnan et al., 2018, Khan et al., 2020, Huang et al., 2020). An external adversary (Eve) may access quantum transmissions but is detected through verification rounds.

Quantum Resources:

GHZ state: $|GHZ_n\rangle = \frac{1}{\sqrt{2}}(|0^n\rangle + |1^n\rangle)$ , distributed as one qubit per user.
W state: $|W_n\rangle = \frac{1}{\sqrt{n}}(|10...0\rangle + |010...0\rangle + ... + |00...01\rangle)$ .
Pairwise QKD Key Sharing: For classical-only QAN primitives (see Table 1).

Classical Primitives: Notification subprotocols (e.g., Broadbent–Tapp [5]), parity computations, logical OR operations, collision detection.

Critical Definitions:

$\epsilon$ -anonymity: For any two honest users, the trace distance between adversary states is $\leq \epsilon$ . Maximal adversary guessing probability: $1/k + \epsilon$ (Unnikrishnan et al., 2018).
Tracelessness: No post-protocol transcript reveals the notifier (Khan et al., 2020).
Robustness: Tampering/eavesdropping detected with probability $1 - 2^{-S}$ for security parameter $S$ .

2. Canonical GHZ-Based QAN Protocol

The standard GHZ-based QAN proceeds as follows (Unnikrishnan et al., 2018, Khan et al., 2020, Jha et al., 15 Nov 2025):

Resource Distribution: The network establishes pre-shared $n$ -partite GHZ states; $K$ copies may be required for repeated attempts and testing.
Anonymous Notification Mechanism:
- The sender, say $S$ , intends to notify $R$ .
- All users perform single-qubit operations. Only $S$ —with probability $P_Z$ —applies a phase-flip (e.g., $\sigma_z$ or a $R_z(\pi)$ ) to $R$ 's qubit in a randomly selected copy of the GHZ state; all other qubits are untouched.
- All apply Hadamard $H$ gates and measure in the computational basis, yielding outcome bits $m_j^i$ .
- Each party broadcasts a (privately permuted) list of outcomes.
- For each GHZ index, the network computes the parity $m_j = \bigoplus_{i=1}^n m_j^i$ .
- Only $R$ knows which $m_j$ to watch; if $m_j=1$ , $R$ receives the notification.
Security Testing: Some copies are sacrificed for honest-state verification (basis-rotated measurements, parity checks) to detect malicious sources (Unnikrishnan et al., 2018, Jha et al., 15 Nov 2025).
Anonymous Teleportation and Applications: Once notified, S-R share an entangled EPR pair. Quantum messages are transferred using anonymous Bell measurements and masking, followed by anonymous classical communication (e.g., FRAMT, logical OR) (Unnikrishnan et al., 2018).

3. W-State and Pairwise-Key Notification Primitives

W-state Approach: Uses $|W_n\rangle$ . Sender encodes notification via local Pauli-X operations, followed by computational-basis measurement and broadcast. Traceless notification is recovered by the unique receiver using parity checks (Gong et al., 2021, Lipinska et al., 2018). Compared to GHZ, W-state protocols exhibit superior noise resilience—especially dephasing—and tolerate nonresponsive nodes, but their success probability is $2/n$ per round, limiting scalability.

Pairwise QKD Notification (Anonymous Broadcasting): Each node shares a one-time secret with every other. The sender flips a shared bit to inject the notification. All users broadcast the parity of their secrets, and the global XOR reveals the message, but no coalition of $n-2$ can identify the sender (Huang et al., 2020). This construction is experimentally demonstrated in city-scale fiber networks.

Resource	Security Model	Noise Robustness	Scalability
GHZ-state QAN	Full dishonest	Verification; high for dephasing	Polylogarithmic, only LOCC (GHZ verification) (Unnikrishnan et al., 2018, Jha et al., 15 Nov 2025)
W-state QAN	Semi-active (trusted source)	High (especially dephasing); tolerates loss	Success $\sim 2/n$ , best for moderate $n$ (Lipinska et al., 2018, Gong et al., 2021)
Pairwise QKD-key	Honest majority needed	Classical channel noise only	$O(n^2)$ scaling in secret bits (Huang et al., 2020)

4. Security Analysis and Robustness

GHZ-based Protocols: Sender and receiver anonymity follows by symmetry and indistinguishability of the quantum operation pattern. Rigorous security proofs show, for any two honest senders $i,j$ , the final adversary state differs by trace distance at most $\epsilon$ ; thus, adversary guessing probability cannot exceed $1/k+\epsilon$ , and for security parameter $S=O(\log(n/\delta))$ the anonymity error is tunable (Unnikrishnan et al., 2018, Jha et al., 15 Nov 2025). Verification steps ensure malicious sources or manipulated states are either detected with probability $1-2^{-S}$ or the protocol aborts.

W-state Protocols: Rely on permutation invariance and classical subprotocols that do not leak identities. Security holds under the semi-active adversary (trusted source), but general attacks by a malicious source remain an open issue (Gong et al., 2021, Lipinska et al., 2018). Tracelessness is inherent due to symmetrical codewords and public broadcasts.

Noise and Robustness: GHZ and W-state QAN provide distinct trade-offs:

Under dephasing (parameter $p$ ), GHZ-based notification parity bias decays as $(1-2p)^n$ (Jha et al., 15 Nov 2025).
Under depolarizing or lossy conditions, W schemes maintain high fidelity up to $n\sim 50$ ; for larger $n$ , the deterministic GHZ approach eventually surpasses W in threshold noise (Lipinska et al., 2018).
Protocols tolerate arbitrary collusions short of total control; for key-based schemes, $t \leq n-2$ is maximal (Huang et al., 2020).

5. Efficiency, Resource Consumption, and Scaling

GHZ-based QAN: The improved GHZ protocol with $R_z$ encoding and classical masking achieves communication complexity $O(n^2)$ per notification—each of $n$ users broadcasts $n$ bits. Quantum operations are single-qubit: $R_z$ , Hadamard, measurement (Jha et al., 15 Nov 2025). End-to-end latency is dictated by two classical broadcast rounds plus pre-distribution time for the GHZ states.

W-state QAN: Requires $n$ rounds (one per candidate receiver), each distributing a W state and incurring $n^2$ classical bits per execution (Gong et al., 2021). Success probability per round is $2/n$, so expected attempts grow linearly in $n$ ; both entanglement and transmission overhead scale as $O(n^2)$ .

Pairwise-key QAN: Achieves one notification per $O(n^2)$ secret bits; throughput is limited by the slowest pairwise QKD link in the network. Pseudocode and experimental parameters show rates of approximately 0.5 notifications/s for eight-user setups (Huang et al., 2020).

Scalability: All schemes demand $O(n^2)$ resources. GHZ-based approaches are favored for large $n$ if high-fidelity sources and broadcast are available. W-state is robust against loss and small $n$ noise, but less efficient for scaling.

6. Protocol Improvements, Experimental Realization, and Integration

Improved QAN (GHZ, rotation-based): The 2025 protocol introduces $R_z$ rotations with secret-shared angles, broadcast masking, and random permutation, further reducing side-channel leakage under dephasing noise (Jha et al., 15 Nov 2025). Analytical characterization shows that false-notification and miss rates can be tuned via choice of repetition parameter $K$ and notification probability $P_z$ .

Experimental Demonstrations: Secure anonymous broadcasting with QAN is implemented on eight-user, deployed-fiber, entanglement-based networks. These experiments validate information-theoretic security, robustness against up to $n-2$ dishonest users, and protocol throughput under realistic rates and loss (Huang et al., 2020).

Network Integration: QAN enhances quantum-augmented classical networks by enabling:

Machine-learning-based privacy selection, invoking expensive quantum notification only for high-sensitivity messages (leading to $40$– $70\%$ resource savings) (Jha et al., 15 Nov 2025).
Switch-bypass mechanisms preventing “quantum” payloads from being flagged at vulnerable network devices (Jha et al., 15 Nov 2025).

Comparison to Prior Art: Classical anonymous notification protocols are insecure under quantum attacks and require honest majorities (Unnikrishnan et al., 2018). Early quantum schemes required trusted sources and lacked verification, or were vulnerable to collusions. Modern QAN achieves information-theoretic anonymity even with untrusted sources, works via single-qubit LOCC, and tolerates arbitrary collusions (excluding total compromise) (Unnikrishnan et al., 2018, Jha et al., 15 Nov 2025, Khan et al., 2020).

7. Applications, Limitations, and Extensions

Applications:

Anonymous quantum transmission: Notifier sends qubits to receiver over anonymous EPR pairs (Unnikrishnan et al., 2018).
Anonymous quantum private comparison: Parties compare secret data without revealing participants (Khan et al., 2020).
Multiparty quantum computation, auctions, voting: QAN enables anonymous task participation (Khan et al., 2020).
Quantum-enhanced network stack: Reduces header-based information leakage, supports resource-efficient privacy enforcement (Jha et al., 15 Nov 2025).

Limitations:

GHZ-state-based QAN: Resource-intensive for large $n$ , relies on high-fidelity multi-partite entanglement distribution.
W-state-based QAN: Probabilistic, less scalable, requires a trusted source model (Lipinska et al., 2018).
Pairwise-key QAN: Secret-bit consumption grows as $O(n^2)$ ; honest-majority required for true anonymity (Huang et al., 2020).
Noise Handling: Advanced fault-tolerant or error-correcting QAN variants for adversarial quantum noise remain an open challenge (Gong et al., 2021).

QAN forms a rigorous, extensible foundation for anonymous quantum communication with formal security guarantees and efficient practical implementations across both all-quantum and hybrid quantum-classical networks (Unnikrishnan et al., 2018, Jha et al., 15 Nov 2025, Khan et al., 2020, Huang et al., 2020, Gong et al., 2021, Lipinska et al., 2018).