Quantum Man-in-the-middle Attacks: a Game-theoretic Approach with Applications to Radars

Abstract

The detection and discrimination of quantum states serve a crucial role in quantum signal processing, a discipline that studies methods and techniques to process signals that obey the quantum mechanics frameworks. However, just like classical detection, evasive behaviors also exist in quantum detection. In this paper, we formulate an adversarial quantum detection scenario where the detector is passive and does not know the quantum states have been distorted by an attacker. We compare the performance of a passive detector with the one of a non-adversarial detector to demonstrate how evasive behaviors can undermine the performance of quantum detection. We use a case study of target detection with quantum radars to corroborate our analytical results.

Index Terms— Quantum detection, quantum man-in-the-middle attack, quantum radars,

1 Introduction

The past two decades have witnessed a booming development of theories and applications of quantum systems. The discipline of quantum signal processing (QSP) [1] was founded under the construction of quantum mechanics frameworks [2] and studies the manipulation, detection and restoration of quantum signals. One important branch of study of quantum systems is the detection and discrimination of states. In quantum signal processing, detecting the quantum state with good accuracy lays a foundation for many signal processing problems including the reconstruction of the original quantum state.

One challenge in designing quantum detection systems results from undesirable interactions [3] between the target mixed states and the exogenous environments. In particular, the quantum states can be manipulated adversarially by malicious attackers, who undermine the detection performance significantly. For instance, a quantum man-in-the-middle attack [4] jeopardizes the encryption process in quantum key distribution. There is a need to formulate the adversarial manipulations of quantum states for quantum detection systems.

In this paper, we develop a game-theoretical framework to study how a strategic attacker can undermine the performance of a quantum detector by distorting the quantum states produced by the quantum system. Game-theoretic frameworks have been widely implemented in studying attacker-defender relationships in cyber-security [5, 6]. In a generic quantum detection characterized by hypothesis testing scenario [7], the detector (He) receives a sample of quantum states drawn from an unknown ensemble characterized by a density operator. The detector aims to make a decision regarding the genuine density operator that produces the quantum state. In our adversarial scenario, an attacker (She) observes the true density operator, intercepts the original quantum states, and sends strategically distorted quantum states to the ‘naive’ detector, who applies the decision rule as if the received quantum states were untainted. We model the relationship between the attacker and the naive detector as a Stackelberg game [8], where the attacker plays the role of a leader and the detector the follower.

Our analysis sheds light on fundamental limits on a quantum detector’s performance in adversarial situations. We observe that by varying the threshold, one can depict the detection rate and false alarm rate of a naive quantum detector in terms of a receiver-operational-characteristic (ROC) curve [7], which illustrates the detector performance. Compared to the curve for non-adversarial quantum detectors, the naive detector’s performances deteriorate significantly as the attacker attenuate the component of the mixed state that is projected on the detection region. Our results have clear implications for developing improved and attack-aware quantum detection systems that can combat strategically-designed quantum operations upon states. Our contributions are twofold:

The rest of the paper is organized as follows. In Section 2, we formulate man-in-the-middle-attack as a Stackelberg game and compute his optimal strategies. In Section 3, we illustrate our formulation with a case study in target detection using quantum radars of a particular type. We conclude in Section 4.

Notations

We denote $\mathcal{H}$ as the Hilbert space (over the set of real numbers $\mathbb{R}$ ) and $\mathcal{H}^{*}$ as its dual space. We inherit Dirac’s bra-ket notations [9] to denote generic quantum states: $\langle\varphi|\in\mathcal{H}^{*},|\varphi\rangle\in\mathcal{H}$ . Let $B(\mathcal{H})$ be the space of all positive, Hermitian and bounded operators from $\mathcal{H}$ to itself. Let $\mathcal{S}$ be the subset of $B(\mathcal{H})$ such trace of its operators is $1$ . In addition, we denote $\mathcal{V}$ as the space of projection-valued measurements [2]. We denote $\mathbf{1}\in B(\mathcal{H})$ as the identity operator. For any operator $A\in B(\mathcal{H})$ , we denote its conjugate transpose as $A^{\dagger}$ .

2 The formulation of a quantum man-in-the-middle (MITM) attacker

We begin by considering a non-adversarial detection formulation based on quantum hypothesis testing introduced in [7]. Suppose that there is an unknown target quantum system characterized by a density operator $\rho\in\mathcal{S}(\mathcal{H})$ . We consider the binary hypothesis testing scenario, assuming that the nature of the system specifies two possible choices for $\rho=\rho_{0}$ or $\rho=\rho_{1}$ , each of which forms a hypothesis $H_{0},H_{1}$ as follows:

H_{0}:\rho_{0}=\sum_{j=1}^{d}{r^{0}_{j}|\psi_{j}\rangle\langle\psi_{j}|},\;\;H_{1}:\rho_{1}=\sum_{i=1}^{d}{r^{1}_{i}|\varphi_{i}\rangle\langle\varphi_{i}|},

(1)

with $\sum_{i}{r^{1}_{i}}=\sum_{j}{r^{1}_{j}}=1,\;r^{1}_{j},r^{0}_{i}\geqslant 0$ and $|\psi_{j}\rangle,|\varphi_{i}\rangle\in\mathcal{H},\;i,j=1,2,\dots,d$ . We assume that $\{|\psi_{j}\rangle\},\{|\varphi_{i}\rangle\}$ span the Hilbert space $\mathcal{H}$ of dimension $d$ . Notice that we do not assume that $\rho_{0},\rho_{1}$ commute; i.e. $\{|\psi_{j}\rangle\}^{d}_{j=1},\{|\varphi_{i}\rangle\}^{d}_{i=1}$ may be two different bases of $\mathcal{H}$ . The target system produces quantum states $|\varphi\rangle\in\mathcal{H}$ which are collected by a detector (He), who wants to arrive at a decision rule $\delta\in\mathcal{H}\rightarrow[0,1]$ on which is the genuine characterization of the target system in (1): $\delta(\varphi)=k,\;k\in\{0,1\},$ when he thinks the hypothesis $H_{k}$ holds true. According to the measurement postulate of quantum mechanics [2], the detector decides by applying a measurement $\Pi_{1}\in\mathcal{V}$ upon the received quantum state $|\varphi\rangle$ : $\delta(\varphi)=\langle\varphi|\Pi_{1}|\varphi\rangle$ . The decision rule $\delta$ , or equivalently the measurement $\Pi_{1}$ , leads to a detection rate $P_{D}:\mathcal{V}\rightarrow[0,1]$ and a false alarm rate $P_{F}:\mathcal{V}\rightarrow[0,1]$ as follows:

\displaystyle P_{D}(\Pi_{1})=\text{Tr}(\Pi_{1}\rho_{1}),\;\;P_{F}(\Pi_{1})=\text{Tr}(\Pi_{1}\rho_{0}).

(2)

In Bayesian hypothesis testing formulation, the detector knows the probabilities that $H_{1},H_{0}$ hold true are $c_{1},\;c_{0}$ ( $c_{1}+c_{0}=1$ ) respectively. Referring to [7] and denoting $\tau=\frac{c_{1}}{c_{0}}$ , detector’s optimal solution measurement $\Pi^{*}_{1}$ can be designed as follows:

\Pi^{*}_{1}(\tau)=\sum_{\eta_{j}>0}{|\eta_{j}\rangle\langle\eta_{j}|},

(3)

where $\{|\eta_{j}\rangle\}^{d}_{j=1}$ are orthogonal eigenstates of $\rho_{1}-\tau\rho_{0}$ with eigenvalues $\eta_{j}$ .

Refer to caption — Fig. 1: The scheme of quantum state detection with adversaries. The target system produces quantum states $|\varphi\rangle$ from different ensembles depending on the true hypothesis $H_{0},H_{1}$ . The attacker hijacks and replaces the clean quantum states with the distorted ones. One case study is the target detection of quantum radars [10].

2.1 Quantum man-in-the-middle attack: a Stackelberg game formulation

We now introduce the scenario (as in Figure 1) of adversarial quantum detection in which an attacker (She) stands between the target system and detector, intercepts the quantum state $|\varphi\rangle\in\mathcal{H}$ from the target systems and sends out strategically distorted signal $|\varphi^{\prime}\rangle\in\mathcal{H}$ to the detector to undermine his performance. We assume that the detector is passive and ‘naive’ about the distortion and designs his optimal measurement operation as if the quantum state $|\varphi^{\prime}\rangle$ were directly generated from the target system. Upon receiving $|\varphi^{\prime}\rangle$ , the detector designs an optimal decision rule $\hat{\delta}^{*}:\mathcal{H}\rightarrow[0,1]$ by measuring the quantum state $|\varphi^{\prime}\rangle$ from attacker with measurement, denoted as $\Pi_{1}$ as follows:

\hat{\delta}^{*}(\varphi^{\prime})=\langle\varphi^{\prime}|\Pi^{*}_{1}|\varphi^{\prime}\rangle.

Thus we let the detector’s cost function $u_{B}:\mathcal{V}\times\mathcal{S}\times\mathcal{S}\rightarrow\mathbb{R}$ be the Bayesian risk, which is a weight sum of counterfactual miss rate and counterfactual false alarm rate in (2) as if the quantum state were untainted:

	$\displaystyle\underset{\rho^{\prime}_{1},\rho^{\prime}_{0}\in\mathcal{S}}{\min}$	$\displaystyle u_{B}(\Pi_{1},\rho^{\prime}_{1},\rho^{\prime}_{0})$		(4)
	$\displaystyle\Longleftrightarrow\underset{\rho^{\prime}_{1},\rho^{\prime}_{0}\in\mathcal{S}}{\min}$	$\displaystyle c_{1}\text{Tr}((\mathbf{1}-\Pi_{1})\rho_{1})+c_{0}\text{Tr}(\Pi_{1}\rho_{0}),\;\;$		(4)

which leads to his optimal measurement $\Pi^{*}_{1}$ as in (3). The attacker, after observing the true hypothesis ( $H_{1}$ or $H_{0}$ ) on the target systems, obtains the quantum state $|\varphi\rangle\in\mathcal{H}$ . Based on his observation on the true density state ( $\rho_{1}$ or $\rho_{0}$ ), the attacker designs quantum noisy operations ${E}^{1},E^{0}\in B(\mathcal{H})$ acting upon the received state $|\varphi\rangle$ to create a distorted quantum state $|\varphi^{\prime}\rangle$ . According to [11], we formulate the resulting noisy density operators $E^{0},E^{1}$ as the ‘operator-sum’ representation as follows:

\displaystyle\mathcal{E}

\displaystyle=\{(E^{0},E^{1})\in{B}(\mathcal{H})^{\otimes 2}:\sum_{k}{E^{l}_{k}E^{l\dagger}_{k}}=\mathbf{1},\;\;l\in\{0,1\}\}.

(5)

We could treat the space $\mathcal{E}$ in (5) as the attacker’s action space. Yet we argue through the following lemma that it is equivalent to characterize the attacker’s strategies as a pair of density operators $\rho^{\prime}_{1},\rho^{\prime}_{0}$ .

Lemma 1 (Equivalency of attacker’s strategies)

Let $\rho_{1},\rho_{0}$ be the two density operators in (1). Then, for any $\rho^{\prime}_{1},\rho^{\prime}_{0}\in\mathcal{S}$ there exist operations ${E}^{1},{E}^{0}\in\mathcal{E}$ of the operator-sum representation such that ${E}^{1}(\rho_{1})=\rho^{\prime}_{1},\;{E}^{0}(\rho_{0})=\rho^{\prime}_{0}$ .

Knowing detector’s strategy (3) the detector designs her optimal strategies $\rho^{\prime*}_{1},\rho^{\prime*}_{0}$ by minimizing her utility function $u_{A}:\mathcal{S}\times\mathcal{S}\times\mathcal{V}\rightarrow\mathbb{R}$ as follows:

	$\displaystyle\underset{\rho^{\prime}_{0},\rho^{\prime}_{1}\in\mathcal{S}}{\min}$	$\displaystyle\;{u_{A}(\rho^{\prime}_{1},\rho^{\prime}_{0},\Pi^{*}_{1})},$		(6)
	$\displaystyle\Longleftrightarrow\underset{\rho^{\prime}_{0},\rho^{\prime}_{1}\in\mathcal{S}}{\min}$	$\displaystyle\;\text{Tr}(\Pi^{*}_{1}\rho^{\prime}_{1})+\lambda[S(\rho^{\prime}_{1}\\|\rho_{1})+S(\rho^{\prime}_{0}\\|\rho_{0})],$		(6)

where we adopt the Von-Neumann relative entropy [11] for any two density operators $\nu_{1},\nu_{0}\in\mathcal{S}$ as $S(\nu_{1}\|\nu_{0}):=\text{Tr}(\nu_{1}(\ln\nu_{1}-\ln\nu_{0}))$ , and $\Pi^{*}_{1}$ is the solution to detector’s optimization problem (4).

In the objective function of (6), the attacker trades off between undermining the genuine detection rate (the first term) and minimizing the loss incurred from distorting quantum states through noisy gates (the second term). Such a loss term originates from the detector’s awareness of the distortion if the received quantum states deviate significantly from the ‘normal’ ones. The parameter $\lambda\in\mathbb{R}_{+}$ is a regularization parameter characterizing the attacker’s intentions.

Summarizing the formulations raised in (4) and (6), we arrive at the game between passive quantum detector and the attacker $\mathcal{G}$ , which is a Stackelberg game [8] defined as follows.

Definition 1

We define the relationship between the passive quantum detector and the attacker as a Stackelberg game $\mathcal{G}$ with the following tuples

\mathcal{G}=\langle\mathcal{I},\Theta,\mathcal{H},\mathcal{E},\mathcal{V},u_{A},u_{B}\rangle,

(7)

where $\mathcal{I}=\{\text{Attacker},\;\text{Detector}\}$ refers to the set of players; $\Theta=\{H_{0},H_{1}\}$ refers to the set of true hypotheses specified in (1); $\mathcal{H}$ is the Hilbert space; the set $\mathcal{E}$ in (5) characterizes the attacker’s strategy space; the set of measurements $\mathcal{V}$ characterizes the detector’s space of decision rules. The functions $u_{A},u_{B}$ specified in (4) and (6) the objectives of the attacker and the detector, respectively.

We now state the attacker’s optimal design of distorted mixed densities $\rho^{\prime*}_{1},\rho^{\prime*}_{0}$ into the following proposition:

Proposition 1 (Attacker’s optimal strategies)

Let $\mathcal{G}$ be the Stackelberg game between the attacker and the detector (the passive quantum detector) as mentioned in definition 1. Then the attacker’s optimal strategies $\rho^{\prime*}_{1},\rho^{\prime*}_{0}$ are expressed as follows:

	$\displaystyle\rho^{\prime*}_{0}$	$\displaystyle=\rho_{0},$		(8)
	$\displaystyle\rho^{\prime*}_{1}$	$\displaystyle=\frac{\exp(\ln\rho_{1}-\frac{1}{\lambda}\Pi^{}_{1})}{\text{Tr}(\exp(\ln\rho_{1}-\frac{1}{\lambda}\Pi^{}_{1}))}.$		(9)

We have several remarks on the attacker’s and the detector’s optimal strategies. First, as $\lambda\rightarrow 0$ , the penalty for distorting the mixed state vanishes, and the attacker manages to suppress all the components in $\Pi_{1}$ . On the other hand, when $\lambda\rightarrow\infty$ , the attacker’s optimal strategies $\rho^{\prime*}_{1}=\rho_{1}$ , meaning the attacker does not distort the original density operator at all because the penalty for distorting the mixed states becomes infinitely high.

Secondly, we can interpret the attacker’s optimal manipulation of mixed density states as in Proposition (1) as the attenuation of the components of the original quantum state $\rho_{1}$ upon the subspace spanned by the base states $\{|\eta_{i}\rangle\}_{i}$ lying in the region of detection. Applying Baker-Campbell-Hausdorf formula to the nominator of the RHS, of (9) we obtain

\rho^{\prime*}_{1}=\frac{\rho_{1}e^{-\frac{1}{\lambda}\Pi^{*}_{1}}e^{-\frac{1}{2\lambda}[\ln\rho_{1},\Pi^{*}_{1}]+\dots}}{\text{Tr}(\exp(\ln\rho_{1}-\frac{1}{\lambda}\Pi^{*}_{1}))},

(10)

where “ $\dots$ ” refers to additional terms involving iterative Poisson brackets of $\ln\rho_{1}$ and $\frac{1}{\lambda}\Pi_{1}$ . The product $\rho_{1}e^{-\frac{1}{\lambda}\Pi^{*}_{1}}$ indicates the attenuation of the original mixed state $\rho_{1}$ on the subspace controlled by the parameter $\frac{1}{\lambda}$ . The the remaining factor $e^{-\frac{1}{2\lambda}[\ln\rho_{1},\Pi_{1}]+\dots}$ , where the commutator $[\ln\rho_{1},\Pi_{1}]$ is included in the exponent, implies that the quantum uncertainty principle also affects attacker’s optimal strategies.

Thirdly, when $\rho_{1},\Pi^{*}_{1}$ commute (a sufficient condition would be $\rho_{1},\rho_{0}$ commute), the attacker’s optimal strategies (8)(9) reduce to the strategies in classical Stackelberg hypothesis testing games as formulated in Section II of [12].

We can now compute the genuine detection rate $\bar{P}_{D}:\mathcal{V}\rightarrow[0,1]$ under the attacker’s manipulation:

\bar{P}_{D}(\Pi^{*}_{1})=\text{Tr}(\Pi^{*}_{1}\rho^{\prime*}_{1}),\;\bar{P}_{F}(\Pi^{*}_{1})=\text{Tr}(\Pi^{*}_{1}\rho^{\prime*}_{0}),

(11)

where $\rho^{\prime*}_{1}$ is obtained from (9). We have the following statement:

Proposition 2

Let $(\rho^{\prime*}_{0},\rho^{\prime*}_{1},\Pi^{*}_{1})$ be the optimal strategy profile for the Stackelberg game $\mathcal{G}$ derived in (8)(9) and (4), respectively. Recall $P_{D},\bar{P}_{D}$ as the counterfactual and genuine detection rates defined in (2) and (11), respectively. Then, under some technical assumptions we have:

\;P_{D}(\Pi^{*}_{1})e^{-\frac{1}{\lambda}}\leqslant\bar{P}_{D}(\Pi^{*}_{1})\leqslant P_{D}(\Pi^{*}_{1}),\;\forall\Pi^{*}_{1}\in\mathcal{V}.

(12)

Proposition 2 characterizes an upper and lower bound of the genuine detection rate under strategically designed quantum operations.

3 Case study: target detection using quantum radars

We now apply the formulation of the quantum man-in-the-middle attack discussed in Section 2 to study spoofing in quantum radar detection. A quantum radar is a standoff detection system using photons to explore some quantum phenomena to strengthen its capacity to detect targets of interest. In this section, we assume that our quantum radar generates non-entangled, monochromatic, coherent [13] photonic quantum states subject to noise in line with Llyod’s theory [14].

We illustrate the MITM attack scheme in Figure 1: a quantum radar (detector) determines on the absence or presence of the target object based on the reflective photon-based quantum states. An attacker blocks the transmission of reflective quantum signals, manipulates them through noisy quantum gates selected from the action space in (5), which can be implemented using photonic quantum circuits [15], and sends out manipulated quantum signals. We use the mean number representation to characterize photonic quantum states from the reflective signals [16]. We associate the hypotheses $H_{0},H_{1}$ with the mixed state of reflective signals under the absence $H_{0}$ or presence $H_{1}$ of the target object in Figure 1, respectively as follows:

	$\displaystyle H_{0}:\rho_{0}$	$\displaystyle=(1-N_{B})\|0\rangle\langle 0\|+N_{B}{\|k\rangle\langle k\|},$		(13)
	$\displaystyle H_{1}:\rho_{1}$	$\displaystyle=(1-x)\left((1-N_{B})\|0\rangle\langle 0\|+N_{B}{\|k\rangle\langle k\|}\right)+x\|l\rangle\langle l\|,$		(13)

where $x\in[0,1]$ refers to the reflective index, and $N_{B}\in[0,1]$ characterizes the noise of the environment.

Based on the true hypothesis $H_{0},H_{1}$ and the input quantum state, the spoofer/attacker produces distorted quantum mixed densities $\rho^{\prime*}_{0},\rho^{\prime*}_{1}$ as in (6). We choose $N_{B}=0.4,l=2,k=1,x=0.9$ in (13) and depict in Figure 2 the relationship between the detection rate in terms the mean number of photons under attacks parameterized by different choices of $\lambda$ . We observe that no matter the distortion level, the quantum detector reaches its worst detection rates when the mean photon number is around $0.62$ , and its second worst rate is at $1.69$ . Nevertheless, different distortion levels cause a contrast in detection rates among all mean photon number states. In Figure 3, we plot the receiver-operational-characteristic (ROC) curves of classical quantum detectors and passive quantum detectors when the attacker’s manipulation strategy is controlled under different choices of $\lambda$ . We observe that the passive quantum detectors perform worse than the classical quantum detectors because the spoofer manipulate the states to undermine the detection rates. Lower values of $\lambda$ lead to stronger distortion of states and thus worse performance in terms of the ROC curves.

4 Conclusion

We have formulated the quantum man-in-the-middle attack under the Stackelberg framework to study the fundamental limit of the reduction of the detection performance. We characterize the attacker’s optimal strategies as a suppression of the target’s density operator on the region of detection, which is reshaped by the quantum effects. We show that a passive quantum detector suffers an exponential reduction of detection rate in the worst case. Our numerical results also imply how adversarial attacks affect the performance of quantum radars.

One direction to extend our adversarial quantum detection framework would be to consider various detection frameworks such as side-channel attack detection [17]. It would be also possible to consider hybrid detection models taking advantage of both classical and quantum information as inputs.

References

[1] Yonina C Eldar and Alan V Oppenheim, “Quantum signal processing,” IEEE Signal Processing Magazine, vol. 19, no. 6, pp. 12–32, 2002.
[2] John Von Neumann, Mathematical foundations of quantum mechanics: New edition, Princeton university press, 2018.
[3] Adel Sohbi, Isabelle Zaquine, Eleni Diamanti, and Damian Markham, “Decoherence effects on the nonlocality of symmetric states,” Physical Review A, vol. 91, no. 2, pp. 022101, 2015.
[4] Yang-Yang Fei, Xiang-Dong Meng, Ming Gao, Hong Wang, and Zhi Ma, “Quantum man-in-the-middle attack on the calibration process of quantum key distribution,” Scientific reports, vol. 8, no. 1, pp. 1–10, 2018.
[5] Quanyan Zhu and Tamer Basar, “Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: games-in-games principle for optimal cross-layer resilient control systems,” IEEE Control Systems Magazine, vol. 35, no. 1, pp. 46–65, 2015.
[6] Yunhan Huang, Juntao Chen, Linan Huang, and Quanyan Zhu, “Dynamic games for secure and resilient control system design,” National Science Review, vol. 7, no. 7, pp. 1125–1141, 2020.
[7] Carl.W.Helsotrom, Quantum Detection and Estimation Theory, ISSN. Elsevier Science, 1976.
[8] Heinrich Von Stackelberg, Market structure and equilibrium, Springer Science & Business Media, 2010.
[9] Paul Adrien Maurice Dirac, The principles of quantum mechanics, Number 27. Oxford university press, 1981.
[10] Gregory Slepyan, Svetlana Vlasenko, Dmitri Mogilevtsev, and Amir Boag, “Quantum radars and lidars: Concepts, realizations, and perspectives,” IEEE Antennas and Propagation Magazine, vol. 64, no. 1, pp. 16–26, 2021.
[11] Michael A Nielsen and Isaac Chuang, Quantum computation and quantum information, Cambridge University Press, 2010.
[12] Yinan Hu and Quanyan Zhu, “Game-theoretic neyman-pearson detection to combat strategic evasion,” arXiv preprint arXiv:2206.05276, 2022.
[13] Ricardo Gallego Torromé, Nadya Ben Bekhti-Winkel, and Peter Knott, “Introduction to quantum radar,” arXiv preprint arXiv:2006.14238, 2020.
[14] Seth Lloyd, “Enhanced sensitivity of photodetection via quantum illumination,” Science, vol. 321, no. 5895, pp. 1463–1465, 2008.
[15] Jeremy L O’brien, “Optical quantum computing,” Science, vol. 318, no. 5856, pp. 1567–1570, 2007.
[16] Anthony Mark Fox, Mark Fox, et al., Quantum optics: an introduction, vol. 15, Oxford university press, 2006.
[17] Florian Lemarchand, Cyril Marlin, Florent Montreuil, Erwan Nogues, and Maxime Pelcat, “Electro-magnetic side-channel attack through learned denoising and classification,” in ICASSP 2020-2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 2020, pp. 2882–2886.
[18] P.D. Lax, Linear Algebra and Its Applications, Pure and Applied Mathematics: A Wiley Series of Texts, Monographs and Tracts. Wiley, 2007.
[19] Tosio Kato, Perturbation theory for linear operators, vol. 132, Springer Science & Business Media, 2013.

5 Appendix

5.1 Proof of Lemma 1

Proof. It suffices to prove that $\rho^{\prime}_{1}$ and $E_{1}$ are equivalent in characterizing the attacker’s generic strategies when observing the hypothesis $H_{1}$ . Without loss of generality we assume further that $\rho_{1}$ is strictly positive, that is $r^{1}_{i}>0$ for all $i$ . We prove two claims as follows.

Claim 1

For every $\rho^{\prime}_{1}\in\mathcal{S}$ , there always exist a collection of operators $\{E^{1}_{1},E^{1}_{2},\dots,E^{1}_{d^{2}}\}$ such that

\rho^{\prime}_{1}=E^{1}(\rho_{1})=\sum_{k=1}^{d^{2}}{E^{1}_{k}\rho_{1}E^{1\dagger}_{k}}.

(14)

Proof of Claim 1. Since we assume $\text{dim}(\mathcal{H})=d$ , we know the distorted density operator $\rho^{\prime}_{1}$ has $d^{2}$ degrees of freedom. Since $\rho^{\prime}_{1}\in\mathcal{S}$ , we can parameterize them in the basis $|\varphi_{i}\rangle$ as well with the coefficients $a^{\prime}_{ij}$ . We can express them in terms of the basis $\{|\varphi_{j}\rangle\}^{d}_{1}$ as follows:

\rho^{\prime}_{1}=\sum_{i,j=1}^{d}{a^{\prime}_{ij}|\varphi_{i}\rangle\langle\varphi_{j}|}.

(15)

The impact of the quantum operations upon $\rho_{1}$ can be characterized by the change of coordinates of $\rho_{1}$ into the ones of $\rho^{\prime}_{1}$ under the basis $|\varphi_{i}\rangle\langle\varphi_{j}|$ . Now the operations $\{E^{1}_{k}\}$ turn the coordinates from $a_{ij}$ into $a^{\prime}_{ij}$ , respectively. Under the representation (or basis) of $\{|\varphi_{j}\rangle\}^{d}_{1}$ , we can select the matrix representation of $E^{1}_{k},E^{0}_{k}$ , where $k=1,2,\dots,d^{2}$ as follows:

\displaystyle E^{1}_{k}

\displaystyle=\begin{bmatrix}0&\ldots&\ldots&\ldots&0\\ 0&\ldots&\sqrt{\frac{a^{\prime}_{ij}}{a_{ij}}}&\ldots&0\\ \vdots&\vdots&\ddots&\vdots&\vdots\\ 0&\ldots&\ldots&\ldots&0\end{bmatrix}.\;

(16)

$(E^{1}_{k})_{i(k),j(k)}=\sqrt{\frac{a^{\prime}_{ij}}{a_{ij}}}\;$ where $i(k),j(k)$ refers to the row index and column index corresponding to the subscript $k$ . The rest of the entries for $E^{1}_{k}$ are all zero. Then it is clear to verify that

E^{1}({\rho_{1}})=\rho^{\prime}_{1}

(17)

as claimed.

Also, we have the following conclusion.

Claim 2

Let $\rho_{1}\in S$ be a density operator. For every $E^{1}\in B(\mathcal{H})$ , we can find a $\rho^{\prime}_{1}\in\mathcal{S}$ such that

\rho^{\prime}_{1}=\sum_{k=1}^{d^{2}}{E^{1}_{k}\rho_{1}E^{1\dagger}_{k}}.

(18)

Proof of claim 2. Our goal is to prove that $\rho^{\prime}_{1}$ obtained in (18) meets the requirements of a density operator, that is, it has a trace of $1$ ; it is positive definite; it is symmetric (or Hermitian). We first of all notice

$\displaystyle\text{Tr}(\rho^{\prime}_{1})$	$\displaystyle=\text{Tr}\left(\sum_{k=1}^{d^{2}}{E^{1}_{k}\rho_{1}E^{1\dagger}_{k}}\right)=\sum_{k=1}^{d^{2}}\text{Tr}(E^{1}_{k}\rho_{1}E^{1\dagger}_{k})$	(19)
	$\displaystyle=\sum_{k=1}^{d^{2}}\text{Tr}(E^{1\dagger}_{k}E^{1}_{k}\rho_{1})=\text{Tr}\left(\sum_{k=1}^{d^{2}}{E^{1\dagger}_{k}}E^{1}_{k}\rho_{1}\right)$
	$\displaystyle=\text{Tr}[\left(\sum_{k=1}^{d^{2}}{E^{1\dagger}_{k}}E^{1}_{k}\right)\rho_{1}]$

Noticing that $\sum_{k=1}^{d^{2}}{E^{1\dagger}_{k}}E^{1}_{k}=\mathbf{1}$ , we conclude

\text{Tr}(\rho^{\prime}_{1})=\text{Tr}(\rho_{1})=1.

(20)

Next we prove symmetry of $\rho^{\prime}_{1}$ . For convenience we denote $\rho_{ij},\rho_{ij}$ as the matrix entries of $\rho_{1},\rho^{\prime}_{1}$ respectively. It suffices to assume that every matrix $E^{1}_{k}$ is written in the form similar as the one in (16). We want to show that

\omega(j,k)=E_{i_{1}j_{1}}\rho_{1}E^{\dagger}_{i_{2}j_{2}}+E_{i_{2}j_{2}}\rho_{1}E^{\dagger}_{i_{1}j_{1}}

(21)

is also symmetric for all choices of $i_{1},i_{2},j_{1},j_{2}\leqslant d$ . Here $E_{i_{1}j_{1}}$ is a $d$ by $d$ matrix where every entry is zero except $(i_{1},j_{1})$ . By computing entry-wisely, we notice that

[E_{i_{1}j_{1}}\rho_{1}E^{\dagger}_{i_{2}j_{2}}]_{kl}=\begin{cases}a_{i_{1}j_{1}}\rho_{i_{1}i_{2}}a_{i_{2}j_{2}}&\text{if}\;k=i_{1},\;k=i_{2},\\ 0&\mbox{else}\end{cases}

(22)

Similarly,

[E_{i_{2}j_{2}}\rho_{1}E^{\dagger}_{i_{1}j_{1}}]_{kl}=\begin{cases}a_{i_{2}j_{2}}\rho_{i_{2}i_{1}}a_{i_{1}j_{1}}&\text{if}\;k=i_{2},\;k=i_{1},\\ 0&\mbox{else}.\end{cases}

(23)

Substituting (22) and (23) into (21) and considering $\rho_{i_{1}i_{2}}=\rho_{i_{2}i_{1}}$ due to symmetry of $\rho_{1}$ , we get $\omega(j,k)$ is indeed symmetric. Since every matrix can be written as a linear combination of $\{E_{j}\}_{1\leqslant j\leqslant d^{2}}$ , we get that $E^{1}_{k}\rho_{1}E^{1}_{k}$ is symmetric for all $1\leqslant k\leqslant d^{2}$ . As a consequence, $\rho^{\prime}_{1}$ as expressed in (14) is symmetric too.

Finally we can show that $\rho^{\prime}_{1}\geqslant 0$ . Denote $\gamma_{k}=E^{1}_{k}\rho_{1}E^{1\dagger}_{k}$ . Since $\rho_{1}\geqslant 0$ , we know by the property of positive definite matrix [18] that $\gamma_{k}$ are all positive definite matrices for all $k$ . Again by the property of closure under additivity we conclude that $\rho^{\prime}_{1}=\sum_{k=1}^{d^{2}}{\gamma_{k}}$ is a positive definite operator.

Summarizing claim 1 and claim 2, we conclude that it is equivalent to characterize the attacker’s action by $E^{1}\in B(\mathcal{H})$ or by $\rho^{\prime}_{1}\in\mathcal{S}$ . Similar arguments can be made regarding $E^{0}\in B(\mathcal{H})$ and $\rho^{\prime}_{0}\in\mathcal{S}$ . This concludes the proof of lemma 1.

5.2 Proof of Proposition 1

Proof. We obtain the attacker’s optimal strategies by solving the optimization problem (6). First of all, we can make sure that the optimal strategies $\rho^{\prime*}_{1},\rho^{\prime*}_{0}$ exist. Since the objective function $u_{A}$ is convex in terms of $\rho_{1}$ and $\rho_{0}$ , We apply first-order conditions by taking partial derivatives of $u_{A}$ in terms of $\rho^{\prime}_{0},\rho^{\prime}_{1}$ and set them to be zero, respectively:

	$\displaystyle 0$	$\displaystyle\equiv\frac{\partial u_{A}}{\partial\rho^{\prime}_{1}}=\Pi^{*}_{1}+\lambda(\ln\rho^{\prime}_{1}-\ln\rho_{1}),$		(24)
	$\displaystyle 0$	$\displaystyle\equiv\frac{\partial u_{A}}{\partial\rho^{\prime}_{0}}=\ln\rho^{\prime}_{0}-\ln\rho_{0},$		(25)

with equality and inequality constraints, which are requirements for $\rho^{\prime*}_{1},\rho^{\prime*}_{0}$ being density operators, as follows:

		$\displaystyle\text{Tr}(\rho^{\prime}_{1})=1,\;\text{Tr}(\rho^{\prime}_{0})=0,$		(26)
		$\displaystyle\rho^{\prime}_{1}=\rho^{\prime T}_{1},\;\rho^{\prime}_{0}=\rho^{\prime T}_{0},$
		$\displaystyle\rho^{\prime}_{1}\geqslant 0,\;\rho^{\prime}_{0}\geqslant 0.$

By solving (24) and (25) we obtain

	$\displaystyle\rho^{\prime*}_{1}$	$\displaystyle=\frac{1}{Z_{1}}\exp(\ln\rho_{1}-\frac{1}{\lambda}\Pi^{*}_{1}),$		(27)
	$\displaystyle\rho^{\prime*}_{0}$	$\displaystyle=\frac{1}{Z_{0}}\rho_{0},$		(27)

where $Z_{1},Z_{0}$ are normalization constants. Referring to the equality constraints we conclude that $Z_{0}=1$ and $Z_{1}=\text{Tr}(\exp(\ln\rho_{1}-\frac{1}{\lambda}\Pi^{*}_{1}))$ and arrive at the the solution in (8)(9).

5.3 Proof of Proposition 2

We make the following assumptions:

Assumption 1

We assume the following conditions in proposition 2:

1.

$r^{1}_{i}>0$ and arranges in a strictly descending order (every eigenvalue is algebraically simple) in terms of $i$ ;
2.

The basis $\{|\varphi_{i}\rangle\}$ is orthonormal;
3.

The eigenstates $|\eta_{j}\rangle$ are orthonormal; The eigenstates $|\eta_{j}\rangle$ are also arranged in a descending order regarding the eigenvalues of $\rho_{1}-\tau\rho_{0}$ ; The eigenvalues $\eta_{j}$ are positive whenever $j\geqslant k_{0}$ ;
4.

The difference between eigenvalues are much larger than the projection:

$\forall j\neq i,\;\;\sum\Big{|}\frac{\langle\varphi_{i}|\Pi^{*}_{1}|\varphi_{j}\rangle}{r^{1}_{i}-r^{1}_{j}}\Big{|}<1$ (28)

The assumptions above make sense since $\rho_{1}$ is positive definite, symmetric operator. Also, the detector’s optimal strategy $\Pi^{*}_{1}$ is a projection operator with finite rank. We can now state the proof.

Proof. We adopt the classic perturbation theory for symmetric finite-dimensional linear operators [19]. Let $|\alpha_{j}\rangle$ be the eigenstates of the operator $\ln\rho_{1}-\frac{1}{\lambda}\Pi^{*}_{1}$ with eigenvalue $e^{\alpha_{j}}$ . Then we can write

\exp\left(\ln\rho_{1}-\frac{1}{\lambda}\Pi^{*}_{1}\right)=\sum_{j}{e^{\alpha_{j}}|\alpha_{j}\rangle\langle\alpha_{j}|}.

(29)

Therefore

		$\displaystyle\bar{P}_{D}(\Pi^{}_{1})=\text{Tr}(\Pi^{}_{1}\rho^{\prime*}_{1})$		(30)
		$\displaystyle=\frac{1}{Z_{1}}\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|}\Big{)}$
		$\displaystyle=\frac{1}{Z_{1}}\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{i}{\|\eta_{i}\rangle\langle\eta_{i}\|}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|}\sum_{i^{\prime}}{\|\eta_{i^{\prime}}\rangle\langle\eta_{i^{\prime}}\|}\Big{)}$
		$\displaystyle=\frac{1}{Z_{1}}\text{Tr}\Big{(}\sum_{k\geqslant k_{0},i}{\|\eta_{k}\rangle\Big{(}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|\eta_{i^{\prime}}\rangle\Big{)}\langle\eta_{i^{\prime}}\|}}\Big{)}$
		$\displaystyle=\sum_{j}{\frac{e^{\alpha_{j}}}{\sum_{j^{\prime}}{e^{\alpha_{j^{\prime}}}}}\sum_{k\geqslant k_{0}}{\|\langle\alpha_{j}\|\eta_{k}\rangle}\|^{2}}$

On the other hand, we know

		$\displaystyle P_{D}(\Pi^{}_{1})=\text{Tr}(\Pi^{}_{1}\rho_{1})$		(31)
		$\displaystyle=\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|}\Big{)}$
		$\displaystyle=\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{i}{\|\eta_{i}\rangle\langle\eta_{i}\|}\sum_{j}{r^{1}_{j}\|\varphi_{j}\rangle\langle\varphi_{j}\|}\sum_{i^{\prime}}{\|\eta_{i^{\prime}}\rangle\langle\eta_{i^{\prime}}\|}\Big{)}$
		$\displaystyle=\text{Tr}\Big{(}\sum_{k\geqslant k_{0},i}{\|\eta_{k}\rangle\Big{(}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|\eta_{i^{\prime}}\rangle\Big{)}\langle\eta_{i^{\prime}}\|}}\Big{)}$
		$\displaystyle=\sum_{j}{r^{1}_{j}\sum_{k\geqslant k_{0}}{\|\langle\varphi_{j}\|\eta_{k}\rangle}\|^{2}}.$

Using the theories of perturbation, consider $\ln\rho_{1}$ as the unperturbed operator, $\Pi^{*}_{1}$ as the perturbation, with $\frac{1}{\lambda}$ controlling the amplitude of the perturbation. Then the eigenvectors, under assumption 1, can be written as a series of $\frac{1}{\lambda}$ as follows:

|\alpha_{j}\rangle=|\varphi_{j}\rangle-\frac{1}{\lambda}\sum_{k^{\prime}\neq j}{\frac{\langle\varphi_{k^{\prime}}|\Pi^{*}_{1}|\varphi_{j}\rangle}{r^{1}_{k^{\prime}}-r^{1}_{j}}|\varphi_{k^{\prime}}\rangle}+o\left(\frac{1}{\lambda^{2}}\right)

(32)

As a consequence,

		$\displaystyle\|\langle\eta_{k}\|\alpha_{j}\rangle\|^{2}$		(33)
		$\displaystyle=\|\langle\eta_{k}\|\varphi_{j}\rangle\|^{2}-\frac{2}{\lambda}\langle\eta_{k}\|\sum_{k^{\prime}\neq j}{\frac{\langle\varphi_{k^{\prime}}\|\Pi^{*}_{1}\|\varphi_{j}\rangle}{r^{1}_{k^{\prime}}-r^{1}_{j}}\|\varphi_{k^{\prime}}\rangle}\langle\eta_{k}\|\varphi_{j}\rangle$
		$\displaystyle+o\left(\frac{1}{\lambda^{2}}\right)\leqslant\|\langle\eta_{k}\|\varphi_{j}\rangle\|^{2}.$

We can also write out the perturbed eigenvalue $\alpha_{j}$ in terms of the unperturbed eigenvalue $r^{1}_{j}$ as well as the series of the scale $\frac{1}{\lambda}$ as follows:

\alpha_{j}=\ln r^{1}_{j}-\frac{1}{\lambda}\langle\varphi_{j}|\Pi^{*}_{1}|\varphi_{j}\rangle+o\left(\frac{1}{\lambda^{2}}\right).

(34)

As a result,

e^{\alpha_{j}}=r^{1}_{j}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j}|\Pi^{*}_{1}|\varphi_{j}\rangle+o\left(\frac{1}{\lambda^{2}}\right)\right)

(35)

For sufficiently small $1/\lambda$ the higher order term $o(\frac{1}{\lambda^{2}})$ vanishes. We get that for all $k\geqslant k_{0}$ and $j=1,2,\dots,d$ ,

		$\displaystyle\frac{e^{\alpha_{j}}}{\sum_{j^{\prime}}{e^{\alpha_{j^{\prime}}}}}\|\langle\alpha_{j}\|\eta_{k}\rangle\|^{2}$		(36)
		$\displaystyle=\frac{r^{1}_{j}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j}\|\Pi^{}_{1}\|\varphi_{j}\rangle\right)}{\sum_{j^{\prime}}{r^{1}_{j^{\prime}}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j^{\prime}}\|\Pi^{}_{1}\|\varphi_{j^{\prime}}\rangle\right)}}$
		$\displaystyle\left(\|\langle\eta_{k}\|\varphi_{j}\rangle\|^{2}-\frac{2}{\lambda}\langle\eta_{k}\|\sum_{k^{\prime}\neq j}{\frac{\langle\varphi_{k^{\prime}}\|\Pi^{*}_{1}\|\varphi_{j}\rangle}{r^{1}_{k^{\prime}}-r^{1}_{j}}\|\varphi_{k^{\prime}}\rangle}\langle\eta_{k}\|\varphi_{j}\rangle\right)$

Denote

	$\displaystyle s^{1}_{j}$	$\displaystyle=\frac{r^{1}_{j}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j}\|\Pi^{}_{1}\|\varphi_{j}\rangle\right)}{\sum_{j^{\prime}}{r^{1}_{j^{\prime}}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j^{\prime}}\|\Pi^{}_{1}\|\varphi_{j^{\prime}}\rangle\right)}}$		(37)
		$\displaystyle=\frac{r^{1}_{j}\exp\left(-\frac{1}{\lambda}\sum_{k^{\prime}\geqslant k_{0}}{\|\langle\varphi_{j}\|\eta_{k^{\prime}}\rangle\|^{2}}\right)}{\sum_{j^{\prime}}{r^{1}_{j^{\prime}}\exp\left(-\frac{1}{\lambda}\sum_{k^{\prime}\geqslant k_{0}}{\|\langle\varphi_{j}\|\eta_{k^{\prime}}\rangle\|^{2}}\right)}}.$		(37)

Noticing that $\sum_{j}{r^{1}_{j}}=\sum_{j}{s^{1}_{j}}=1$ . Also if for some $j_{1},j_{2}\leqslant d$ , $\sum_{k\geqslant k_{0}}{|\langle\varphi_{j}|\eta_{k}\rangle|^{2}}\leqslant\sum_{k\geqslant k_{0}}{|\langle\varphi_{j^{\prime}}|\eta_{k}\rangle|^{2}}$ is large, then we must have $s^{1}_{j^{\prime}}\geqslant s^{1}_{j}$ . By generalization of AM-GM inequality we conclude that

\sum_{j}{\sum_{k\geqslant k_{0}}{\frac{e^{\alpha_{j}}}{\sum_{j^{\prime}}{e^{\alpha_{j^{\prime}}}}}|\langle\alpha_{j}|\eta_{k}\rangle|^{2}}}\leqslant\sum_{j}{\sum_{k\geqslant k_{0}}{r^{1}_{j}|\langle\varphi_{j}|\eta_{k}\rangle|^{2}}}.

(38)

Noticing the expression of $P_{D}(\Pi^{*}_{1})$ in (31) and $\bar{P}_{D}(\Pi^{*}_{1})$ in (30), we get

\bar{P}_{D}(\Pi^{*}_{1})\leqslant P_{D}(\Pi^{*}_{1}).

(39)

On the other hand, $s^{1}_{j}\geqslant\frac{r^{1}_{j}e^{-\frac{1}{\lambda}}}{1-\frac{1}{\lambda}+\frac{1}{\lambda^{2}}}$ for all $j$ . We also notice

|\langle\alpha_{j}|\eta_{k}\rangle|^{2}\geqslant(1-\frac{1}{\lambda})|\langle\varphi_{j}|\eta_{k}\rangle|^{2},\;\forall j,k\geqslant k_{0}.

(40)

As a result, we have

\bar{P}_{D}(\Pi^{*}_{1})\geqslant P_{D}(\Pi^{*}_{1})e^{-\frac{1}{\lambda}},

(41)

which concludes the proof.

		$\displaystyle\bar{P}_{D}(\Pi^{}_{1})=\text{Tr}(\Pi^{}_{1}\rho^{\prime*}_{1})$		(30)
		$\displaystyle=\frac{1}{Z_{1}}\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|}\Big{)}$
		$\displaystyle=\frac{1}{Z_{1}}\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{i}{\|\eta_{i}\rangle\langle\eta_{i}\|}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|}\sum_{i^{\prime}}{\|\eta_{i^{\prime}}\rangle\langle\eta_{i^{\prime}}\|}\Big{)}$
		$\displaystyle=\frac{1}{Z_{1}}\text{Tr}\Big{(}\sum_{k\geqslant k_{0},i}{\|\eta_{k}\rangle\Big{(}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|\eta_{i^{\prime}}\rangle\Big{)}\langle\eta_{i^{\prime}}\|}}\Big{)}$
		$\displaystyle=\sum_{j}{\frac{e^{\alpha_{j}}}{\sum_{j^{\prime}}{e^{\alpha_{j^{\prime}}}}}\sum_{k\geqslant k_{0}}{\|\langle\alpha_{j}\|\eta_{k}\rangle}\|^{2}}$

		$\displaystyle P_{D}(\Pi^{}_{1})=\text{Tr}(\Pi^{}_{1}\rho_{1})$		(31)
		$\displaystyle=\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|}\Big{)}$
		$\displaystyle=\text{Tr}\Big{(}\sum_{k\geqslant k_{0}}{\|\eta_{k}\rangle\langle\eta_{k}\|}\sum_{i}{\|\eta_{i}\rangle\langle\eta_{i}\|}\sum_{j}{r^{1}_{j}\|\varphi_{j}\rangle\langle\varphi_{j}\|}\sum_{i^{\prime}}{\|\eta_{i^{\prime}}\rangle\langle\eta_{i^{\prime}}\|}\Big{)}$
		$\displaystyle=\text{Tr}\Big{(}\sum_{k\geqslant k_{0},i}{\|\eta_{k}\rangle\Big{(}\sum_{j}{e^{\alpha_{j}}\|\alpha_{j}\rangle\langle\alpha_{j}\|\eta_{i^{\prime}}\rangle\Big{)}\langle\eta_{i^{\prime}}\|}}\Big{)}$
		$\displaystyle=\sum_{j}{r^{1}_{j}\sum_{k\geqslant k_{0}}{\|\langle\varphi_{j}\|\eta_{k}\rangle}\|^{2}}.$

		$\displaystyle\|\langle\eta_{k}\|\alpha_{j}\rangle\|^{2}$		(33)
		$\displaystyle=\|\langle\eta_{k}\|\varphi_{j}\rangle\|^{2}-\frac{2}{\lambda}\langle\eta_{k}\|\sum_{k^{\prime}\neq j}{\frac{\langle\varphi_{k^{\prime}}\|\Pi^{*}_{1}\|\varphi_{j}\rangle}{r^{1}_{k^{\prime}}-r^{1}_{j}}\|\varphi_{k^{\prime}}\rangle}\langle\eta_{k}\|\varphi_{j}\rangle$
		$\displaystyle+o\left(\frac{1}{\lambda^{2}}\right)\leqslant\|\langle\eta_{k}\|\varphi_{j}\rangle\|^{2}.$

		$\displaystyle\frac{e^{\alpha_{j}}}{\sum_{j^{\prime}}{e^{\alpha_{j^{\prime}}}}}\|\langle\alpha_{j}\|\eta_{k}\rangle\|^{2}$		(36)
		$\displaystyle=\frac{r^{1}_{j}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j}\|\Pi^{}_{1}\|\varphi_{j}\rangle\right)}{\sum_{j^{\prime}}{r^{1}_{j^{\prime}}\exp\left(-\frac{1}{\lambda}\langle\varphi_{j^{\prime}}\|\Pi^{}_{1}\|\varphi_{j^{\prime}}\rangle\right)}}$
		$\displaystyle\left(\|\langle\eta_{k}\|\varphi_{j}\rangle\|^{2}-\frac{2}{\lambda}\langle\eta_{k}\|\sum_{k^{\prime}\neq j}{\frac{\langle\varphi_{k^{\prime}}\|\Pi^{*}_{1}\|\varphi_{j}\rangle}{r^{1}_{k^{\prime}}-r^{1}_{j}}\|\varphi_{k^{\prime}}\rangle}\langle\eta_{k}\|\varphi_{j}\rangle\right)$