Quantum Secure Direct Communication with Authentication Expansion Using Single Photons

Transcription

1 Commun. Theor. Phys. (Beijing, China) 54 (2010) pp c Chinese Physical Society and IOP Publishing Ltd Vol. 54, No. 5, November 15, 2010 Quantum Secure Direct Communication with Authentication Expansion Using Single Photons YANG Jing ( ó), 1 WANG Chuan ( ), 1,2, and ZHANG Ru (Ì) 1, 1 School of Science, Beijing University of Posts and Telecommunications, Beijing , China 2 Department of Physics, Tsinghua University, Beijing , China (Received June 12, 2010; revised manuscript received August 10, 2010) Abstract In this paper we propose two quantum secure direct communication (QSDC) protocols with authentication. The authentication key expansion method is introduced to improve the life of the keys with security. In the first scheme, the third party, called Trent is introduced to authenticate the users that participate in the communication. He sends the polarized photons in blocks to authenticate communication parties Alice and Bob using the authentication keys. In the communication process, polarized single photons are used to serve as the carriers, which transmit the secret messages directly. The second QSDC process with authentication between two parties is also discussed. PACS numbers: Dd, Hk Key words: quantum secure direct communication, quantum authentication, authentication key expansion 1 Introduction Quantum key distribution (QKD) provides a novel method for two legitimate parties to establish a shared random string of secret keys over a long distance. The advantage of QKD is its unconditional security. QKD has progressed quickly [1 6] since the first QKD protocol was proposed in 1984 by Bennett and Brassard. [1] It is wellknown that the security of QKD is guaranteed by the laws of quantum physics, [7 9] the uncertainty principle and the non-cloning theorem. Recently a novel quantum communication mode was proposed and actively pursued: [10 14] quantum secure direct communication (QSDC). Different from QKD, QSDC is to transmit important messages directly without first establishing random keys. So QSDC system requires a higher security than QKD. In 2002, Long and Liu proposed a two-step QKD protocol, [10] in which the sender Alice prepares an ordered EPR pair sequence, then divides them into two sequences, which are sent in blocks by two steps. After Bob received the two sequences, he performs Bell state measurements on the EPR pairs and reads out state information. Secure keys are generated between the two parties after security checking and privacy amplification process. They have mentioned that the two-step communication can be used to transmit secret message directly, so it is also fully a QSDC protocol. Later, Beige et al. proposed a quantum secure direct communication scheme. [11] In this scheme the messages can be read out only after the transmission of an additional classical information for each qubit. In the year 2002, Boström and Felbinger put forward a ping-pong protocol [12] scheme, which is a quasi-secure direct communication scheme. This QSDC protocol introduces the idea of quantum dense coding [15] with Einstein Podolsky Rosen (EPR) pairs. However, the protocol is not secure and it can be attacked under the denial of service attack. In 2003, Cai proposed a secure QSDC scheme [13] of the ping-pong protocol. Later, Deng and Long proposed the two-step QSDC protocol [14] to overcome the defects in the ping-pong protocol. By dividing the EPR pairs into two sequences and transmitting the block of the pairs in two steps, secret message can be transmitted directly. In the following decades, the idea of QSDC has been realized in many quantum systems and different protocols are presented. [16 28] In realistic conditions, the qubits are inevitably effected by the channel noise, which means that quantum coherence is destroyed. Decoherence is a major obstacle in the realization of quantum information processors. Based on the type of interaction processes between the qubits and their environment, decoherence free subspaces (DFS) qubits in quantum communication, which are immune to decoherence and to protect fragile quantum information against the detrimental effects of decoherence are proposed. [29 30] In 2006, Zou et al. proposed a scheme for the generation of four-photon polarization-entangled decoherence-free subspace states based on post-selection strategy and current experimental technology. [31] Later, Xia et al. proposed a scheme for generating the four photon polarization-entangled decoherence-free subspace states. [32] The proposed scheme involves only simple linear optical elements and conventional photon detectors, Supported by the National Fundamental Research Program under Grant No. 2010CB923202, Specialized Research Fund for the Doctoral Program of Education Ministry of China under Grant No , the Fundamental Research Funds for the Central Universities under Grant No. BUPT2009RC0710, China National Natural Science Foundation under Grant Nos , and Corresponding author, chuan-wang03@mail.tsinghua.edu.cn Corresponding author, ruzhang@bupt.edu.cn

2 830 YANG Jing, WANG Chuan, and ZHANG Ru Vol. 54 which makes the protocol more realizable in experiments. And in the present protocol, the polarized single photons are used as the carriers transmitting the secret messages. The previous QSDC schemes are all based on the EPR pairs. The security is guaranteed by the non-locality of the EPR pairs. However, the preparation and measurement process of the EPR states are complicated. In 2004, Deng and Long proposed a QSDC scheme [33] based on using single photons serve as a one-time pad to encode the secret messages. This protocol is also proved to be unconditionally secure, which is easier to be implemented and exhibits more potential applications. Quantum authentication is the key element to identify the legitimate users to ensure the security of quantum communication. In 1999, Dusek proposed the first protocol for quantum identification system. [34] The use of quantum resources in authentication has been proposed before in quantum key distribution scenarios. These programs extend the application of the quantum authentication. It indicates that the authentication has been more and more important in quantum communication. [35 36] In 2002, Curty et al. proposed a qubit authentication scheme. In this scheme, the authentication of quantum information, which was sent through a quantum channel between two communication parties is discussed with the minimum amount of resources. Besides that, they showed that a qubit can not be authenticated with a key of minimum length. [37] In 2005, Lee et al. proposed an authentication scheme [38] using three-particle entangled GHZ states to authenticate the secure users in communication process. The users can identify each other by checking the correlation of GHZ states. The protocol introduces a third party, Trent, to supply the GHZ states for authenticating Alice and Bob. At first, Alice and Bob register their secret identity and hash functions to Trent. Then Trent makes unitary operations on the GHZ states with the Alice s and Bob s authentication keys. After that, Alice and Bob make the reverse unitary operations on their qubits. Then the two users could choose the positions of a subset of GHZ states and make a local measurements in the Z basis on them to compare the results and confirm that the other party is legitimate or not. Later, Yang et al. proposed an efficient QSDC protocol with authentication. [39] This scheme does not need the third party, the whole authentication process and the communication procedure are worked just between Alice and Bob. EPR pairs and polarized single photons in batches are used in this scheme. The EPR pairs are used to transmit secret messages and the polarized single photons used for authentication and eavesdropping check. Notice that, the present QSDC protocols with authentication both use the entangled particles, which will introduce more complexity into the scheme as discussed above. In the actual process of the quantum communication, the initial sharing keys are used to authenticate each communication parties and the classical channel, then the remaining quantum keys are used as the new authentication ones directly. This means the users do not make any operation on the authentication keys. It makes the security of the authentication keys can not be guaranteed. So we could use the idea of authentication expansion to overcome the defect. [40] Here in this study, we develop two protocols for QSDC with authentication expansion using single photons. In the first scheme, the third party, Trent is introduced to authenticate the users participating in the communication. He supplies the polarized single photons in batches to authenticate Alice and Bob through the user s authentication key. After the identification of the legitimate users, the communication process can be worked between Alice and Bob. Also the polarized single photons are used to serve as a one-time pad encoding the secret messages directly. QKD is used to extend the authentication keys to improve the life of them on the basis of the security. The second QSDC protocol with authentication is constructed between two parties Alice and Bob. The security of quantum authentication is also discussed. 2 Quantum Secure Direct Communication with Quantum Authentication Here we first describe the measurement bases and the states of the single photons used for QSDC. The two measuring bases (MB), the rectilinear basis, H = 0, V = 1 and the diagonal basis, u = (1/ 2)( ), d = (1/ 2)( 0 1 ) are used between the three parties Trent, Alice and Bob. For simplicity we call them the Z basis and X basis, respectively. Here H and V represent the horizontal and vertical polarizations of the photons, respectively. They agree that the 0 and u states represent the binary value 0, and the 1 and d states represent the binary value Three Parties QSDC with Authentication The first QSDC scheme contains three phases: (i) When the authentication process starts, the third party Trent is introduced to authenticate the users Alice and Bob who participate in the communication. Trent owns the photon source and supplies the single photons to the other parties. (a1) Trent knows user s secret identity sequence and a one-way hash function h A(B) beforehand. This information must be kept secret between the users. Alice s (Bob s) authentication keys shared with Trent can be calculated as h A (ID A, c A ) (h B (ID B, c B )), where ID A (ID B ) are Alice s (Bob s) identity sequence, and c A (c B ) is the counter of calls on Alice s (Bob s) hash function. (a2) Trent prepares a series of polarized single photons. He selects randomly one of the two bases to prepare the single photons. So each photon is randomly in one of the four polarization states: H, V, u, and d. After the preparation process, he will announce, which measuring basis be chose and the states of the single photons. (a3) Trent encodes the single photons with Alice s and Bob s authentication keys h A (ID A, c A ) and h B (ID B, c B ).

3 No. 5 Quantum Secure Direct Communication with Authentication Expansion Using Single Photons 831 For example, if the i-th value of h A (ID A, c A ) is same as h B (ID B, c B ), then Trent makes an identity operation I to the i-th single photon. If the i-th value of h A (ID A, c A ) is opposite to h B (ID B, c B ), Hadamard operation is performed. After performing the operations on the single photons, Trent sends the states to Alice. (a4) After receiving the single photons, which were encoded by Trent, Alice checks these photons with her authentication keys h A (ID A, c A ). If the i-th value of h A (ID A, c A ) is 0, then she makes an identity operation I to the i-th single photon. If the i-th value of h A (ID A, c A ) is 1, she performs Hadamard operations on the photons. Then, Alice distributes the photons to Bob through the quantum channel. (a5) Bob checks the photons that were sent by Alice with his authentication keys. The procedures are similar with step (a4). Then Bob returns them to Trent. Trent measures the photons using the measuring basis according to the initial information of the states. Then he will announces the states of these photons. If the results are same as the initial states, which were prepared by Trent, then we could ensure that Alice and Bob are legitimate users. On the basis of legitimacy, Alice (Bob) can infer that Bob s (Alice s) authentication keys through the states of the photons and her (his) authentication keys. We could put their authentication keys together and denote them as H(A, B). Then Alice and Bob switch to the second process and proceeds with (c1). Otherwise, Trent determines that there exists illegal user between Alice and Bob. He asks Alice and Bob to announce their operation to verify the legitimacy of them. The process can be seen from Fig. 1. (i) However,we notice the case that Trent is needed only in the first step of authentication, the rest authentication process occurs between Alice and Bob. The description of the process will be demonstrated in details as follows. (ii) After the determination of the legitimacy of the users, the communication process between Alice and Bob can be continued. (b1) Bob selects randomly one of the two measuring basis and prepares a series of polarized single photons. Each photon is randomly in one of the four polarization states: H, V, u = (1/ 2)( H + V ) and d = (1/ 2)( H V ). After preparing these photons, Bob could send them to Alice. These single photons are used to check the security of communication, so we call them C-batch photons. (b2) On receiving the batch of photons, Alice and Bob check the security of the communication by the following procedures: Alice selects randomly a sufficiently large subset of photons from the whole sequence, and she measures each of them using one of the two measuring bases, also choosing randomly. Then Alice compares the positions, measuring basis and the result of the measurement with Bob publicly. If the error rate is lower than the error bound, then they can confirm that the communication is secure. (b3) After ensuring the security of the quantum line, Alice encodes the photons leftover in the C batch after the eavesdropping check. The photons used for coding are called M batch according to the secret message. Alice and Bob agree on the two unitary operations, I = and U = iσ y = correspond to classical information 0 and 1, respectively. If the secret message is 0, Alice makes the operation I to the single photon, and if the secret message is 1, the U operation is applied. The U operation makes the following transformation on the single qubits: U 0 = 1, U 1 = 0, U u = d, U d = u. (2) Then Alice returns the encoded photons to Bob. (b4) Bob measures the photons in the M batch using the basis according to the initial information of them, and reads out the secret messages directly. For example, if Bob prepares the single photon in state of the H and receives the V state, then he can infer that Alice makes the U operation and sends the secret message 1. (iii) Before the next QSDC process, Alice and Bob need to be authenticated again. The keys can not be used as the security is decreased. So the quantum secure authentication expansion process is introduced in our protocol. The detailed process is described in Fig. 2. (c1) Alice and Bob generate their authentication keys H(A, B) according to certain rules, which is known by Alice and Bob. The initial authentication keys used in the first round communication are called the K 1 batch. (c2) The K 1 batch is divided into m parties marked with k 11, k 12,..., k 1m. Using one-time pad QKD, [16] each part of the initial keys k 1i produce the corresponding quantum keys (We call them kq 1i quantum batch, which were produced by the i-th party of the initial authentication keys k 1i ). (c3) Since the kq 1i batch has the same length with the K 1 part, we perform the XOR operation on the qubit of the quantum keys (kq 1i ) to produce the next step authentication keys (K 2 ). The process can be described as: m K 2 = kq 1i. (3) i=1 (c4) In the following authentication process, the quantum keys K 2 are used as the new H(A, B). The authentication process is performed between Alice and Bob. The process of authentication can be illustrated as follows: Alice prepares a batch of single photons, then she performs the operations on the single photons according to the authentication keys H(A, B), i.e. if the i-th value of H(A, B) is 0, then she makes an identity operation I to the i-th single photon, and if the i-th value of H(A, B) is 1, the Hadamard operation is performed. Alice sends the photons to Bob securely. After receiving the photons, Bob

4 832 YANG Jing, WANG Chuan, and ZHANG Ru Vol. 54 makes the operations on them and announces the results of these photons. After the error correction process, Alice can infer the legitimacy of Bob. Note that this is a twoway authentication process, so if Bob want to certificate Alice, he performs the same process. Fig. 1 The process of three parties QSDC with authentication. (i) User s secret identity sequence and a one-way hash function are known to Trent. (ii) Trent prepares a batch of polarized single photons. Each photon is randomly in one of the four polarization states: H, V, u, and d. (iii) Trent encodes the single photons with Alice s and Bob s authentication keys (h A(ID A, c A) and h B(ID Bc B)). Trent sends the states to Alice. (iv) Alice continues to operate these photons with her authentication keys (h A(ID Ac A), then distributes them to Bob. (v) Bob performs unitary operations on the photons, which were sent from Alice. Then Bob returns them to Trent. (vi) Trent compares the photons with the initial ones to certify the legitimacy of Alice and Bob. Fig. 2 Authentication key expansion process. k 1i represents the i-th party of the authentication keys; k qi represents the authentication keys generated by QKD process. 2.2 Two Parties QSDC with Authentication However, if Trent does not involve in the quantum channel, the communication users can also be authenticated. At first, a secure quantum channel is established between Alice and Bob to get the initial quantum keys. The method is similar to the BB84 protocol. [1] There are a variety of ways to generate the authentication keys from the initial quantum keys between Alice and Bob. After generating the authentication keys, the authentication process can be performed between the communication parties. The description of the process will be demonstrated in details as follows. According to the authentication keys, Alice could test the legitimacy of Bob. First, Alice produces a series of polarized photons for the authentication process. If the i-th value of authentication keys is 0, then she makes an identity operation I to the i-th single photon. If the i-th value of authentication keys is 1, Hadamard operation is performed. Then Alice distributes the photons to Bob. If Bob is legitimate, he knows the initial authentication keys, so he could make the corresponding operation on the photons. Then he announces what the results of these photons, Alice can infer Bob s legitimacy. If Bob is illegal, he makes the operations randomly, then he is easily discovered by comparing the results on Alice s side. This is a two-way authentication process: if Bob wants to certificate Alice, he should perform the same process. The methods are similar to the first QSDC protocol that we discussed above. Here we can notice that Trent is not required during the second QSDC scheme, and the communication parties need to prepare the single photons twice, one prepared by Alice and the other by Bob. 3 Discussion and Summary In this study we proposed two quantum secure direct communication protocols with authentication, which are all based on the polarized single photons. In the first scheme, the third party, Trent is introduced to authenticate the users participating in the communication. He supplies the polarized photons in batches to authenticate Alice and Bob through the user s authentication keys. After the identification of the legitimate users, the communication process can be realized between Alice and Bob. In this process, polarized single photons are used to serve as a one-time pad, which is used directly to encode the secret messages. We also use the method of quantum key distribution to extend the authentication keys by improving the life of them on the basis of the security. The second QSDC protocol with authentication is processed between two parties Alice and Bob. In our QSDC protocls, the legitimate users can be discovered by the authentication process, which provides a key ingredient in secure communication. In the first authentication scheme, a secure three-party quantum channel is established, then Trent certificates Alice and Bob concurrently. If there exists an illegal user between Alice and Bob, Trent requests Alice

5 No. 5 Quantum Secure Direct Communication with Authentication Expansion Using Single Photons 833 and Bob to announce their operations to verify the legitimacy. While in the second scheme, two quantum channels are established. One is built between Alice to Bob, the other is established from Bob to Alice. Before Bob performs the operations on the photons, which are encoded by Alice, the security of the quantum channel from Alice to Bob must be ensured. In the authentication expansion process, Alice and Bob generate their authentication keys H(A, B) to form the K 1 batch. The generation rules are only known by Alice and Bob. If the eavesdropper (called Eve) dose not know the rules, for example, she impersonates Alice (Bob), it is impossible for her to produce the authentication keys shared with Bob (Alice). After each round secure communication, Alice and Bob change the shared authentication keys. It prevents the possibility of Eve to obtain the authentication keys and overcomes the defects of the static management on the keys. The eavesdropping check of our QDSC protocol is similar with BB84 QKD scheme. [1] However, the security of QSDC is different from the traditional security analysis in QKD, which means that Eve is not allowed to get any information during communication. The difference between our protocol and BB84 QKD is that parts of the photons are measured and the M-batch photons are stored, whereas all the randomly selected photons are measured one by one in the BB84 QKD scheme. The security of BB84 QKD is assured by means of the fact that Alice and Bob choose randomly sufficient instances for checking eavesdropping. [41] The process of the QSDC scheme before Alice encodes her message using the unitary operation is in fact identical to the variant of the BB84 QKD process. The secret keys are encoded in the state of the photons of the M-batch. So in one-time pad encryption, it is completely safe and no secret messages can be leaked even if the text is intercepted by the eavesdropper. Here the quantum-one-time pad QSDC protocol is even more secure than the classical one-time pad in the sense that an eavesdropper cannot even intercept the whole cipher text as the photons measuring basis is chosen randomly. Since Alice and Bob perform the two-step transmission on the single photon qubits, the eavesdropper Eve might hide herself in the channel and performs various attacks, such as intercept-resend attack and individual attack. If Eve performs intercept-resend attack, she has to measure the transmitting photons in the two steps. As the photons are prepared randomly in one of the four polarized states, the measurement process will introduce the errors with 25%. After each step transmission, Alice and Bob will perform security checking process. So this attack will easily be discovered by the legitimate users. Also Eve s measurement reveals her nothing but random results. If she performs individual attack, as discussed in Ref. [42], Eve s attack will also introduce the bit errors with probabilities sin 2 φ/2 on the security checking qubits, here φ characterizes the strength of the attack. Then the eavesdropping behavior will be discovered by the security checking process between Alice and Bob. Compared with the authentication scheme using entangled particles, [38 39] the protocols are easier to realize as the single photons are used instead of the entangled states in the authentication process. By encoding the single photons with the hash function and making the comparison between the encoded photons and the initial ones, we could successfully certificate the legitimacy of the users. The benefits of the two QSDC protocols we proposed are mainly embodied in the following aspects: (i) If QSDC users are not legitimate, for example one of them is disguised by the eavesdropper, the communication process can not be continued. We certificate the legitimacy of Alice and Bob first in our protocol. Both of the two protocols guarantee the authentication process to be worked smoothly. (ii) The method of the authentication process is simple and feasible. The main point is to find the shared keys between the certification sides. In the first scheme, we introduce Trent to certificate Alice and Bob with the authentication keys h A, h B. Then Alice and Bob can achieve the initial shared keys H(A, B). In the second scheme, the shared authentication keys between Alice and Bob can be obtained in a simpler way. (iii) The authentication expansion method is introduced in the authentication process to guarantee the legitimacy of the users during the communication and the life of the authentication keys is improved. (iv) Polarized single photons are used to serve as a one-time pad, which is used directly to encode the secret messages. The use of single photons overcomes the preparation and measurement complexity of the EPR pairs. Of course, the schemes also have some disadvantages, such as the coding capacity. During the communication process, one polarized single photon can only carry one bit of classical information as we use two unitary operations to encode the message: I = and U = iσ y = corresponding to 0, 1, respectively. References [1] C.H. Bennett and G. Brassard, in Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India IEEE, New York (1984) pp [2] A.K. Ekert, Phys. Rev. Lett. 67 (1991) 661. [3] C.H. Bennett, Phys. Rev. Lett. 68 (1992) [4] C.H. Bennett, G. Brassard, and N.D. Mermin, Phys. Rev. Lett. 68 (1992) 557. [5] F.G. Deng and G L. Long, Phys. Rev. A 68 (2003)

6 834 YANG Jing, WANG Chuan, and ZHANG Ru Vol. 54 [6] W. Chen, Z.F. Han, X.F. Mo, F.X. Xu, G. Wei, and G.C. Guo, Chin. Sci. Bull. 53(9) (2008) [7] J.F. Clauser, Phys. Rev. D 9 (1974) 853. [8] W.K. Wooters and W.H. Zurek, Nature (London) 299 (1982) 802. [9] P.W. Milonni and M.L. Hardies, Phys. Lett. A 92 (1982) 321. [10] G.L. Long and X.S. Liu, Phys. Rev. A 65 (2002) [11] A. Beige, et al., Acta Phys. Pol. A 101 (2002) 357 [12] K. Boström and T. Felbinger, Phys. Rev. Lett. 89 (2002) [13] Q.Y. Cai, Phys. Rev. Lett. 91 (2003) [14] F.G. Deng, G.L. Long, and X.S. Liu, Phys. Rev. A 68 (2003) [15] C.H. Bennett and S.J. Wiesner, Phys. Rev. Lett. 69 (1992) [16] F.G. Deng and G.L. Long, Phys. Rev. A 69 (2004) [17] C. Wang, F.G. Deng, Y.S. Li, X.S. Liu, and G.L. Long, Phys. Rev. A 71 (2005) [18] X.H. Li, C.Y. Li, F.G. Deng, P. Zhou, Y.J. Liang, and H.Y. Zhou, Chin. Phys. 16(8) (2007) [19] Y. Xia, J. Song, J. Nie, and H.S. Song, Commun. Theor. Phys. 48 (2007) 841; J. Song, Y. Xia, and H.S. Song, Commun. Theor. Phys. 49 (2008) 635; Y. Xia, J. Song, and H.S. Song, Commun. Theor. Phys. 49 (2008) 919. [20] J. Song, A.D. Zhu, and S. Zhang, Chin. Phys. B 16(3) (2007) 621. [21] Y. Xia, J. Song, and H.S. Song, Opt. Commun. 279 (2007) 395. [22] Y. Xia and H.S. Song, Phys. Lett. A 364 (2007) 117. [23] F. Gao, F.Z. Guo, Q.Y. Wen, and F.C. Zhu, Sci. in China Ser. G-Physics Mechanics Astron 51(12) (2008) [24] Y.G. Yang and Q.Y. Wen, Sci. in China Ser. G-Physics Mechanics Astron 51(2) (2008) 176. [25] T. Gao, Z. Naturforsch A 59 (2004) 597. [26] A.D. Zhu, Y. Xia, Q.B. Fan, and S. Zhang, Phys. Rev. A 73 (2006) [27] J. Wang, Q. Zhang, and C.J. Tang, Phys. Lett. A 258 (2006) 256. [28] G.L. Long, F.G. Deng, C. Wang, X.H. Li, K. Wen, and W.Y. Wang, Frontiers of Physics in China 2(3) (2007) 251. [29] D. Bacon, J. Kempe, D.A. Lidar, and K.B. Whaley, Phys. Rev. Lett. 85 (2000) [30] J. Kempe, D. Bacon, D.A. Lidar, and K.B. Whaley, Phys. Rev. A 63 (2001) [31] X.B. Zou, J. Shu, and G.C. Guo, Phys. Rev. A 73 (2006) [32] Y. Xia, J. Song, H.S. Song, and S. Zhang, J. Opt. Soc. Am. B 26 (2009) 129. [33] F.G. Deng and G.L. Long, Phys. Rev. A 69 (2004) [34] M. Dusek, et al., Phys. Rev. A 60 (1999) 149. [35] D. Ljunggren, M. Bourennane, and A. Karlsson, Phys. Rev. A 62 (2000) [36] G. Zeng and W. Zhang, Phys. Rev. A 61 (2000) [37] M. Curty, D.J. Santos, and E. Perez, Phys. Rev. A 66 (2002) [38] H. Lee, J. Lim, and H.J. Yang, Quant-ph/ [39] Y.G. Yang, Q.Y. Wen, and F.C. Zhu, Chin. Phys. 16 (2007) [40] H.W. Li, Master Thesis (2009). [41] P.W. Shor and J. Preskill, Phys. Rev. Lett. 85 (2000) 411. [42] J. Yang, C. Wang, and R. Zhang, Chin. Phys. B (2010) in press.