Multiparty Quantum Key Agreement: Architectures, State-of-the-art, and Open Problems

TL;DR

It is argued that MQKA is best understood as a design space organized along three orthogonal but tightly coupled axes: network architecture, which determines how quantum states flow between participants; quantum resources, which encode the physical degrees of freedom used for implementation; and security model, which defines trust assumptions about devices and infrastructure.

Abstract

Multiparty quantum key agreement (MQKA) enables $n \geq 3$ mutually distrustful users to establish a shared secret key through collaborative quantum protocols. In this paper, we provide a comprehensive review where we argue that MQKA is best understood as a design space organized along three orthogonal but tightly coupled axes: (1) network architecture, which determines how quantum states flow between participants; (2) quantum resources, which encode the physical degrees of freedom used for implementation; and (3) security model, which defines trust assumptions about devices and infrastructure. Rather than treating MQKA as a linear sequence of isolated protocols, we develop this three-axis perspective to reveal recurrent patterns, sharp trade-offs, and unexplored design spaces. We classify MQKA protocols into structural families, map them to underlying quantum resources, and analyze how different security models shape fairness and collusion resistance. We further identify open challenges in composable security frameworks, network native integration, device-independent implementations, and propose a research roadmap toward hybrid-resource, bosonic-code-encoded, and fairness-aware MQKA suitable for the future quantum internet deployments in the post-NISQ era.

Figures (5)

• Figure 1: Circle-type MQKA topology: a traveling entangled carrier (Bell pair or single qubit) visits all parties $P_0,\dots,P_{n-1}$ in sequence, each applying a local unitary $U_i$ before forwarding.
• Figure 2: Complete-graph MQKA topology: every pair of participants $P_i,P_j$ shares at least one quantum channel to derive $K_{ij}$, and a classical layer compresses the pairwise keys into a global group key.
• Figure 3: Tree-type MQKA topology: leaf participants contribute local subkeys, internal nodes aggregate them, and the root derives the final key by combining all leaf contributions.
• Figure 4: Star / client--server MQKA topology: a central hub distributes multipartite entanglement and coordinates measurements, while peripheral clients $P_i$ perform local encodings and classical checks.
• Figure 5: Hybrid ring–ring MQKA topology: two circle-type subnetworks share a common participant $P_0$, as in W-state based hybrid architectures where $P_0$ couples and coordinates the two rings.