All graph state verification protocols are composably secure

TL;DR

This paper resolves an open question by showing that graph-state verification protocols are composably secure within Abstract Cryptography, by compiling any secure protocol into a composable one that realizes an ideal verification resource for a graph state $|G\rangle$ up to a calculable error. A central contribution is the mergeable-states framework, which generalizes entanglement swapping to arbitrary graph states and enables the construction of simulators that preserve security under composition. To realize the ideal resource without requiring hazardous corrections, the authors introduce a random stabilizer (via a coin-flip resource) that effectively hides potential corrections, yielding a clean $|G\rangle$-sharing interface. The results are validated through two concrete use cases (MEVresistant and UM22_VerificationGraphStates) and are underpinned by scalable ZX-calculus for diagrammatic reasoning. Overall, the work enables safe, repeated composition of graph-state verification in quantum networks and clarifies the optimality of the bounds in black-box settings.

Abstract

Graph state verification protocols allow multiple parties to share a graph state while checking that the state is honestly prepared, even in the presence of malicious parties. Since graph states are the starting point of numerous quantum protocols, it is crucial to ensure that graph state verification protocols can safely be composed with other protocols, this property being known as composable security. Previous works [YDK21] conjectured that such a property could not be proven within the abstract cryptography framework: we disprove this conjecture by showing that all graph state verification protocols can be turned into a composably secure protocol with respect to the natural functionality for graph state preparation. Moreover, we show that any unchanged graph state verification protocols can also be considered as composably secure for a slightly different, yet useful, functionality. Finally, we show that these two results are optimal, in the sense that any such generic result, considering arbitrary black-box protocols, must either modify the protocol or consider a different functionality. Along the way, we show a protocol to generalize entanglement swapping to arbitrary graph states that might be of independent interest.

Figures (10)

• Figure 1: Informal presentation of the ideal resource $\pazocal{V}_{\ket{G}}^f$ for verified graph state sharing.
• Figure 2: Ideal filtered resource. The filter $\bot_S$ corresponds to an honest source inputting $c_S = \top$ and, for $i\in [n]$ the filter $\bot_i$ corresponds to an honest party sending $c_i = 0$ to $\pazocal{V}_{\ket{G}}^f$
• Figure 3: Concrete resource for generic graph state verification protocols
• Figure 4: Correctness of the protocol: $\bot_{[n]} \pazocal{V}_{\ket{G}}^f \bot_\mathtt{S}$$\approx$$\pi_{[n]}\pazocal{R}\pi_S$
• Figure 5: General case of the security proof: we need to find $\sigma_M$ such that $\pi_{H}\pazocal{R} \approx_{\epsilon} \bot_{H} \pazocal{V}_{\ket{G}}^f \sigma_M$

Theorems & Definitions (29)

• Definition 2.1: Security in AC
• Remark 2.2
• Definition 3.1: Graph state verification protocol
• Theorem 3.2
• proof
• Remark 3.3
• Definition 3.4: Mergeable states
• proof : Proof sketch
• Remark 3.5
• proof : Proof sketch