Quantum Direct Steganography Scheme Based on Modified Generator Projection Directions of Steane Code over a Single-Type Pauli Channel

Steganography serves as a principal technique for concealing information, applicable to both spatial and temporal transmissions (e.g., Alice embeds secret information within a quantum register for Bob to retrieve at a later time). The primary objectives of quantum steganography can be summarized as follows: 1) Communication: Alice must be capable of conveying classical or quantum information to Bob. 2) Secrecy: The embedded secret message within the cover data should be effectively concealed, rendering it challenging for Eve to discern. Furthermore, the capacity and robustness are pivotal criteria for assessing the efficacy of steganography schemes. Fig. 2 depicts the general process of quantum steganography, where the area outside the dashed box signifies the standard procedure, and the area within the dashed box highlights the encoding and decoding steps of the direct quantum state steganography method introduced in this paper.

Pauli operators constitute a fundamental set of operators within quantum theory, comprising $2\times 2$ unitary Hermitian matrices that satisfy anticommutation relations, as shown in Eq. 1 and 2.

where {a,b}=$ab+ba$.

The bit-flip channel (BC) is a quantum noise model where a qubit has a probability $p$ of undergoing a bit-flip error, which changes the state from $\ket{0}$ to $\ket{1}$ or vice versa. Mathematically, the channel can be described as:

Similarly, the mathematical descriptions of the phase-flip channel (PC) and the bit-phase flip channel (BPC) are given by Eq. 4 and 5, respectively.

Quantum channels are not merely mathematical constructs; they also represent actual physical phenomena. For instance, variations in external electromagnetic fields can induce bit-flip errors in superconducting qubits. Minor alterations in temperature and magnetic fields may result in phase-flip errors within ion trap systems. Additionally, high-energy particle collisions can precipitate both bit and phase flip errors in diamond NV center systems.

The stabilizer formalism, introduced by Gottesman [29], has been instrumental in the advancement of quantum error correction theory. Stabilizers are derived from the Pauli group. The Pauli group $G_{1}$ for a single qubit is defined as $G_{1}\equiv\alpha\{I,X,Y,Z\},\alpha=\{\pm 1,\pm{i}\}$. It is clear that $G_{1}$ is an Abelian group. The Pauli group on n-qubits is defined as $G_{m}\equiv{G_{1}^{\otimes{n}}}$.

A stabilizer $S$ is defined as a subgroup of $G_{n}$, typically expressed in terms of its generators: $S\equiv\langle{g_{1},g_{2},...,g_{l}}\rangle$, satisfying $\forall{k},g_{k}^{2}=I$, all mutually commute, i.e. $\forall{j,k},[g_{j},g_{k}]=g_{j}g_{k}-g_{k}g_{j}=0$. The vector space $V_{s}$ is defined as the set of states stabilized by all elements of $S$, meaning that for all $\forall\ket{\psi}\in V_{s},\prod_{k}g_{k}\ket{\psi}=\ket{\psi}$.

As discussed in Sect. II.1, the objective of steganography is to enable Alice and Bob to transmit secret information accurately while making it challenging for Eve to detect and extract that information. To accomplish this, we propose to alter the stabilizer encoding by adjusting the generator projection direction, thereby hindering Eve’s ability to correctly detect and perform error correction without knowledge of the specific rule.

Let us now consider the general conditions for quantum error correction (refer to [11], Theorem 10.1). Let $P$ be the projector onto a quantum code, and let $\{E_{i}\}$ denote the set of error operators that describe noisy quantum operations. The necessary and sufficient condition for the correctability of errors is that:

for some Hermitian matrix $\alpha$ of complex numbers.

Within the framework of stabilizer encoding, the projector $P$ is represented as: $P=(1/2^{l})\prod_{k=1}^{l}(I+g_{k})$, where $l$ denotes the number of generators $g_{k}$. We propose to modify $P$ by altering the projection direction orthogonally for some of its dimensions, while leaving the other dimensions unaltered. For instance, $\tilde{P}=(1/2^{l})(I-g_{h})\prod_{k\neq{h}}(I+g_{k})$.

The subsequent proposition demonstrates that in this context, Eve, being uninformed of the modification rule, will be unable to correct errors accurately if she persists in decoding based on the original projection directions. For the sake of simplicity, we consider the modification of a single generator direction; the extension to multiple directions is analogous.

Proposition 1: It is not possible to find a set of errors $\{E_{i}\}$ that the stabilizer code, defined by the projection operator $P=(1/2^{l})\prod_{k=1}^{l}(I+g_{k})$ can correct, such that $\tilde{P}E_{i}^{\dagger}E_{j}\tilde{P}=\beta_{ij}P$, where $\tilde{P}=(1/2^{l})(I-g_{h})\prod_{k\neq{h}}(I+g_{k})$, and $\beta_{ij}$ constitutes a Hermitian matrix.

In this context, $\tilde{P}$ can be interpreted as the projection encoding operation following a directional modification, as perceived by Alice and Bob, whereas $P$ represents the projection operation in the original direction, which Eve attempts to use for error correction.

Proof:

Let $\bar{P_{h}}=(1/2^{l-1})\prod_{k\neq{h}}(I+g_{k})$. It is straightforward to see from the expressions of $P$ and $\tilde{P}$ that:

Combining Eq. 6, direct calculation yields:

where,

For $D_{i,j,h}$, we discuss the problem in three cases.

Case1: $E_{i}^{\dagger}E_{j}$ commutes with all the generators $g_{k}$. That is, $[E_{i}^{\dagger}E_{j},g_{k}]=0,k=1,2,...l$. In this situation,

Substituting Eq. 10 into 8, we get:

Due to the orthogonality of $P$ and $\tilde{P}$, it is clearly shown that there does not exist $\beta_{ij}$ satisfying the conditions.

Case2: $E_{i}^{\dagger}E_{j}$ only anticommutes with $g_{h}$. That is, $\left\{E_{i}^{\dagger}E_{j},g_{h}=0\right\}$, while $[E_{i}^{\dagger}E_{j},g_{k}]=0,k\neq{h}$. In this situation,

Then, $\tilde{P}E_{i}^{\dagger}E_{j}\tilde{P}=\alpha_{ij}P-2PE_{i}^{\dagger}E_{j}$, indicating that there does not exist $\beta_{ij}$.

Case3: $E_{i}^{\dagger}E_{j}$ anticommutes with at least one generator other than $g_{h}$. Without loss of generality, suppose $\left\{E_{i}^{\dagger}E_{j},g_{1}=0\right\}$. Due to

and $\bar{P_{h}}(I-g_{1})=0$, therefore, all three terms of the polynomial on the right-hand side of Eq. 9 are zero, i.e. $D_{i,j,h}=0$. Let $\beta_{ij}=\alpha_{ij}$, the given conditions are satisfied. Combining the above three cases, Proposition 1 is proved.

We begin with two foundational assumptions: first, that Eve is aware of the generator (the original projection directions) of the $(7,1,3)$ code; second, that only single-qubit errors affect the encoded states. These assumptions are justifiable, as the generators of the $(7,1,3)$ code can be standardized for computational or communicative purposes. In scenarios where multiple qubits incur errors, concatenated coding can be implemented, re-encoding each qubit using the $(7,1,3)$ code. Thus, for our study, considering only single-qubit errors is adequate. Furthermore, our study focuses on single-type error channels (i.e. BC, PC, BPC mentioned above), which will be elaborated in the following.

As presented in Table 1, the interaction—either commutation or anticommutation—between single-qubit error operators and the generators are detailed in Table 2.

Now, let us concentrate on the projection direction along $g_{1}$ to demonstrate the alterations in the encoding and error correction processes when the projection is altered. At the sender’s end, the standard encoding operator is given by: $P=1/{2^{6}}\prod_{k=1}^{6}(I+g_{k})$, while Alice’s modified encoding operator is: $\tilde{P_{1}}=1/{2^{6}}(I-g_{1})\prod_{k=2}^{6}(I+g_{k})$. At the receiver’s end, Bob employs the modified generator directions for detection and correction, whereas Eve relies on the original projections. We examine two error scenarios: $E_{i}^{\dagger}E_{j}=I$ (i.e. $E_{i}=E_{j}$) and $E_{i}^{\dagger}E_{j}=Z_{4}$. Since $I$ commutes with all generators, it corresponds to Case 1 in Proposition 1. $Z_{4}$ only anticommutes with $g_{1}$, corresponding to Case 2. Consequently, neither scenario permits accurate error correction, implying that Eve cannot accurately ascertain the secret information.

The one implementation method of quantum circuits is illustrated in Fig. 3. We adhere to the method outlined in Reference [31] and incorporate error operation modules, determined by commutation relations, into the standard encoding circuit. The key components include the $Z_{j}$ and $Z_{k}$ modules; specifically, the $Z_{k}$ module, enclosed within the dashed box, is used exclusively by Bob during the decoding phase, provided he is cognizant of the protocol. Alice and Bob control the $Z_{k}$ module to modify the direction of $g_{1}$, with additional details elaborated in Eqs. 17 to 19 within Sect. III.2.

In Fig. 3, the key modules for encoding and error detection are mathematically represented as follows:

During the detection phase, generators are measured in isolation. The measurement outcome is 0 if the error commutes with a generator, and 1 if it anticommutes. By consulting Table 2, the type of error can be identified and subsequently corrected. For instance, if a $Z_{6}$ error occurs, it anticommutes with $g_{1}$ and $g_{2}$, while commuting with the remaining generators, thus:

The measurement outcomes 1 for $g_{1}$.

The preceding scenario pertains to the use of the original projection direction. However, with Alice’s encoding projection direction now aligned with $-g_{1}$, the measurement outcome for the $Z_{6}$ error on $g_{1}$ is the converse of what it was in the original direction (refer to Eq. 16). The measurement of $g_{1}$ yields 0.

Consequently, the syndromes measured by Eve for the generators $g_{1}$ through $g_{6}$ shift from 110000 to 010000. Based on Table 2, Eve incorrectly identifies a $Z_{2}$ error rather than the $Z_{6}$ error. Table 3 displays the discrepancy between the actual errors and Eve’s perceived errors. While Eve’s measurements are entirely erroneous, Bob, who is cognizant of the protocol, can use Table 3 to adjust and rectify the errors. This process ensures the accurate transmission of the quantum state from Alice to Bob, fulfilling one of the primary objectives of steganography.

It is crucial to acknowledge that this steganographic method is effective solely for single-Pauli error channels. Should the channel encounter multiple error types concurrently (e.g., depolarizing channels exhibiting $X$, $Y$, and $Z$ errors), this approach becomes inapplicable. For instance, altering the $g_{1}$ direction may result in $X$ and $Y$ errors yielding unanticipated syndromes (e.g., 100001, not present in Table 2), prompting Eve to suspect non-single-qubit errors. Consistent occurrence of such events could arouse Eve’s suspicion. Current research on steganographic methods for depolarizing channels predominantly focuses on employing a key to deliberately introduce a small number of errors that encode secret messages into the channel, as elaborated in references [13, 14, 15, 16].

Let us examine a scenario where the eavesdropper, Eve, intercepts and measures the secret quantum state to obtain the error syndrome before resending it to Bob, akin to a measure-resend attack. The question arises whether Bob can detect this interference and still correct the errors. The answer is that while Bob can indeed detect the interference, he cannot successfully complete the error correction.

As depicted in Fig. 2, the encoded quantum state $\ket{\psi_{A}}$ travels from Alice to Eve and then from Eve to Bob, passing through two channels (Channel-1 and Channel-2, both with the same channel parameters). This results in the quantum state being subjected to noise twice. To evade detection, Eve must perform error correction before resending, attempting to make the state appear as though it has only encountered noise once. However, since Alice has applied the MGPD method, Eve’s error correction will not function as expected.

We illustrate this with an example of modifying the $g_{1}$ direction, as shown in Table 4. From Table 4, it is evident that the quantum state $\ket{\psi_{E}}$ resent by Eve is equivalent to applying a $Z_{4}$ error to the initial encoded state $\ket{\psi_{A}}$.

Assume the probability of a single physical qubit error in the channel is $p$ (Note that within a logical block consisting of 7 qubits, there is assumed to be only a single erroneous assumption). Consequently, the probability of no error occurring is $p_{0}=1-7p$, and the probability of an error occurring is $p_{e}=7p$. The possible error scenarios for the quantum state $\ket{\psi_{B}}$ received by Bob are shown in Table 5. Upon conducting a statistical analysis, Bob will observe two discrepancies: 1) The probability of no error $p_{0}^{{}^{\prime}}=p$; 2) $p(Z_{4})=1-7p\neq{p(Z_{k})}=p,k\neq{4}$. These anomalies enable Bob to detect the presence of the eavesdropper, Eve, prompting him to alert Alice to cease communication. Since the two channel errors surpass the error-correcting capacity of the Steane code, Bob is unable to complete the error correction and must discard the compromised quantum states.

In the method outlined in the previous subsection, Alice and Bob fulfill their communication objective by consenting to alter the encoding projection direction. This subsection focuses on an additional goal—security—and delves into techniques to bolster the imperceptibility of the steganographic behavior. In the preceding section, Bob could detect eavesdropping based on shifts in error probabilities, and Eve could also potentially conduct steganalysis using statistical channel characteristics. For instance, if the error probability for a particular qubit within a 7-qubit encoded block deviates markedly from the rest, it might arouse Eve’s suspicion of steganographic activity. We will now discuss strategies to counteract Eve’s suspicions.

In specific channel environments, we assume the probability of an error occurring is $p_{e}$ and the probability of no error occurring is $p_{o}$, satisfying $p_{o}+p_{e}=1$. Typically, $p_{o}\neq{p_{e}}$. However, upon examining Table 3, it becomes evident that, from Eve’s perspective, the probability of no error occurring (denoted as $(I)$) is equivalent to the probability of an error occurring, with the exception of the $Z_{4}$ error. The probability of a $Z_{4}$ error stands out as distinct from that of the other qubits. This inconsistency allows Eve to easily detect anomalies through statistical analysis.

To mitigate this issue, we must employ specific strategies to regulate the fluctuations in error probabilities resulting from the MGPD. Taking the $(7,1,3)$ code as an example in the context of a phase-flip channel (with analogous methods applicable to bit-flip and bit-phase-flip channels), we can, by referring to Table 3, establish the correlation between the errors perceived by Eve and the actual errors for various potential direction adjustments, as detailed in Table 6.

Recall Fig. 3 from Sect. III.1, where the operator corresponding to the encoding circuit is (See Ref. [31]):

To obtain the correct encoding direction $(I+g_{1})(I+g_{2})(I+g_{3})$ (Eve’s perspective), it is necessary to apply $Z_{j}$ to to Eq. 17 to make the adjustment. For example:

By examining the sequence of elements in the first column of Table 6
(i.e., $I,Z_{4},Z_{2},Z_{1},Z_{6},Z_{5},Z_{3},Z_{7}$), the relationship between $j$ in $Z_{j}$ and the measurement outcomes $M_{1},M_{2},M_{3}$ can be formulated as follows:

The value of $k$ in $Z_{k}$ module can be be selected by consulting Table 6 and considering the desired direction of modification.

Furthermore, it is observed that Table 6 is a square matrix, analogous to a ’Sudoku’ puzzle, where $I$, $Z_{1}$ to $Z_{7}$ appear without repetition in each column, and $I$ occupies distinct positions in each row, ensuring comprehensive coverage from the original $Z_{1}$ to $Z_{7}$ (from Eve’s perspective). It is evident that Alice can uniformly apply directional modulation encoding, thereby achieving a balance in the probability of error occurrence for each physical qubit, with the exception of no-error scenarios.

Specifically, let us assume that the acceptable probability range for a single qubit to undergo a phase-flip error in the target channel is $[p,p+\delta]$, where $p$ denotes the mean error probability and $0\leq\delta\ll 1$ signifies the permissible deviation. From Eve’s standpoint, this corresponds to a minor alteration in the channel’s characteristics, as illustrated in Eq. 20.

This implies that any error probability falling within this interval is regarded as typical and is not likely to be flagged as unusual by Eve. Consequently, we can determine the execution probabilities $p_{g}$ for the seven modified directions (one execution per encoded block) outlined in Table 6, ensuring they align with the physical behavior of the channel, as demonstrated in Eqs. 21 and 22.

In addition to the constraints on the probabilities imposed by $1-7p\geq 0,p+\delta\leq 1/7+\varepsilon,0<\varepsilon\ll 1$. We can get:

Once the parameters $p_{g}$ and $\delta$ have been established in accordance with the aforementioned criteria, the proposed scheme fulfills its fundamental security objectives and effectively counters the issue of resisting statistical analysis , as initially discussed in this subsection.

Expanding on this foundation, we address two pivotal concerns: 1) The selection of modified directions and the associated key consumption. 2) The parameter setting issue.

Regarding the first issue, based on the set of modified direction-probability correspondence pairs $\left\{(\text{Original},1-7p_{g}),(g_{1};p_{g}),(g_{2};p_{g}),...,(g_{1},g_{2},g_{3};p_{g})\right\}$, Alice can construct a sequence from the set $\left\{0,1,2,...,7\right\}$ with frequencies approximating the aforementioned probabilities. The numbers in this sequence correspond to the row numbers in Table 6, indicating the orthogonal adjustments of the respective generator directions. For example, if $p=0.1,\delta=0.02$, then $p_{g}=0.1$, the sequence could be set as $K=(0,1,2,0,3,4,0,5,6,7)$ (not unique), such that the frequency of modified directions is $0.7=7p_{g}$, and the frequency of unmodified directions is $0.3=1-7p_{g}$.

Alice then repeatedly employs this sequence for encoding and communicates it to Bob. With this sequence, Bob can accurately perform error correction and decoding. In this context, unless Eve conducts statistical analysis in frames of 10, it is challenging for her to discern the error pattern. Even if Eve analyzes in frames that are multiples of 10, the subtle probability fluctuations in error occurrences on specific physical qubits, resulting solely from the modification of encoding projection directions, are unlikely to be detected. Consequently, Alice only needs to transmit a constant-sized numerical sequence as the key to Bob, thereby achieving the communication functionality of the steganography scheme.

For the second issue, we examine the embedding rate and security of the steganography scheme. In the scheme previously described, Alice directly embeds the secret message into the code-stream for transmission. Here, the encoded states with modified projection directions are designated as stego states, which Eve cannot accurately obtain, while those without modification are considered normal states, capable of being corrected by Eve and thus not used by Alice to convey secret information. Furthermore, each set of 7-qubits block represents 1 logical qubit of quantum information. If the steganographic embedding rate is defined as the ratio of the secret message’s volume to the number of physical qubits in the carrier, then the embedding rate $r=(1/7)\times 7p_{g}=p_{g}$, indicating a linear positive correlation. The security index $s$ is inversely related to the distortion rate, which corresponds to the aforementioned probability deviation $\delta$; to enhance s, a smaller $\delta$ is necessary (if modeled with a linear function, it denotes a linearly decreasing relationship). During the implementation of the steganography protocol, a trade-off must be made based on practical conditions, as shown in Eq. 22. By integrating Eqs. 22 and 23, suitable parameters $\delta$ and $p_{g}$ can be determined.

Drawing on the methods and strategies outlined in Sections III.1 and III.2, we now provide a comprehensive description of the steganography protocol, as depicted in Fig. 4.

Step1 (Transmitter: Strategy class selection) Alice selects the class of strategy for modifying the projection direction based on the quantum system’s channel environment. As detailed in Sect. III.1, for the bit-flip channel, the strategy class is $\left\{\text{Original};g_{4};g_{5};g_{6};g_{4},g_{5};g_{4},g_{6};g_{5},g_{6};g_{4},g_{5},g_{6}\right\}$; for the phase-flip channel, it is
$\left\{\text{Original};g_{1};g_{2};g_{3};g_{1},g_{2};g_{1},g_{3};g_{2},g_{3};g_{1},g_{2},g_{3}\right\}$; and for the bit-phase-flip channel, it is
$\left\{\text{Original};g_{1},g_{4};g_{2},g_{5};g_{3},g_{6};g_{1},g_{2},g_{4},g_{5};g_{1},g_{3},g_{4},g_{6};g_{2},g_{3},g_{5},g_{6};g_{1},g_{2},g_{3},g_{4},g_{5},g_{6}\right\}$.

Step2 (Transmitter: Key preparation) Alice employs the method outlined in Sect. III.2, leveraging her knowledge of the channel’s error probability $p$, to determine the distortion parameter $\delta$, calculate the adjustment probability $p_{g}$, and construct the key sequence $K$ accordingly.

Step3 (Transmitter: Secret state encoding) Based on the intended secret message, whether classical or an arbitrary quantum state, Alice utilizes the key sequence $K$ and the strategy set chosen in Step1 to apply stabilizer encoding with modified generator directions, as shown in Fig. 3. Thus, the code stream carrying the secret information is generated, comprising logical encoded blocks, each consisting of 7 physical qubits.

Step4 (Information transmission) Alice transmits the carrier state stream $(\ket{\psi_{s1}},\ket{\psi_{s2}},...)$ through the quantum channel to Bob, while the key sequence $K$ and strategy set selected in Step1 are sent via a classical secure channel.

Step 5 (Receiver: Syndrome measurement) Upon receiving the erroneous quantum states $(\ket{\psi_{s1}^{{}^{\prime}}},\ket{\psi_{s2}^{{}^{\prime}}},...)$ through the channel, Bob measures them according to the generator projection directions corresponding to the strategy set rules specified by the key $K$ to obtain the error syndromes.

Step 6 (Receiver: Eavesdropping detection) Bob integrates the measurement outcomes from Step 5 and, guided by the key sequence $K$, determines an appropriate detection length. He conducts statistical analysis on every $k$-th position within each segment of length $\text{len}(K)$ in the state stream, (i.e. $\left\{\ket{\psi_{st}}\ |\ t\ \text{mod}\ \text{len}(K)=k\right\}$, corresponding to states subjected to the same MGPD), employing the method outlined in Sect. III.1, to ascertain the presence of eavesdropper Eve.

Step 7 (Receiver: Error correction) Should eavesdropping be detected, Bob alerts Alice to halt any further communication and discards the quantum states received in the current round. If no eavesdropping is detected, errors are rectified using the error correction module illustrated in Fig. 3. After discarding the irrelevant states at non-embeddable positions as indicated by key $K$, the recovered secret states can undergo post-processing and application.

1) Security: As detailed in Sect. III.1, if Eve intercepts the quantum states encoded with the $(7,1,3)$ code that contain the secret information, she can only perceive false syndromes, indicating incorrect error occurrences and locations (refer to Table 3), unless she is aware of the actual generator projection directions modified by Alice. This results in erroneous error correction and post-processing, thereby ensuring the secrecy of the quantum states’ content.

2) Imperceptibility: As outlined in Sect. III.2, Alice and Bob maintain the uniformity of the single physical bit error probability observed by Eve through the prearranged ’Sudoku’ table (Table 6). By managing the frequency of the MGPD with a shared key, they keep the deviation between the physical qubit error rate and the actual channel error rate within a small fluctuation $\delta$, making it challenging for Eve to discern.

3) Capacity: The capacity of steganography is typically denoted by the steganographic rate $r$ , the ratio of the number of secret messages to the number of carriers. As mentioned in Sect. III.2, Alice embeds secret quantum states at positions corresponding to the MGPD with a probability of $7p_{g}$. For the $(7,1,3)$ code, the steganographic rate is $r=(1/7)\times 7p_{g}=p_{g}$. Moreover, capacity and imperceptibility are inversely related.

4) Robustness: The steganography scheme, which relies on stabilizer codes, inherently exhibits robustness against channel noise and errors. As discussed in Sect. III.1, while this scheme is not impervious to measure-resend attacks, it can detect the presence of the eavesdropper Eve, thus ensuring the security of the communication or verifying the reliability of the received quantum state data.

5) Key Consumption: According to the analysis in Sect. III.2, the length of the auxiliary key sequence required for the steganography scheme is a constant $C$, independent of the secret state sequence length, rendering this resource consumption negligible.

The analysis presented above demonstrates that the steganography scheme outlined in this paper is applicable to both information hiding and quantum communication contexts. We now proceed to compare our scheme with selected prior works. Despite variations in form, framework, and procedure among these methods, we can identify common foundational criteria to facilitate a consistent and fair evaluation.