Quantum Public-Key Cryptosystem with Reusable (Public Key Privtate Key) Pair Using the Bell States

1. Introduction

Quantum cryptography is a very active fields of quantum information science. As known classical cryptographic protocls are based on Computational Complexity. But quantum cryptographic protocols are based on the properties of quantum systems. Their securities are guaranteed by the principles of quantum mechanics. So quantum cryptographic protocols can show unconditionally security. It is a big advantage in relative to classical cryptographic protocls. In 1984 Bennett and Brassard provided the first quantum key distribution protocol [1] which is called BB84 protocol. Thereafter many QKD schemes were developed [2,3,4,5,6,7,8,9,10,11,12]. QKD schemes have also been realized in laboratory. Bennett et al first carried out BB84 procotol in 1992 [13]. Now people have completed QKD experiment in optical fibre over 400 kilometers [14] and QKD experiment over 1 kilometer in free space [15]. In 2017 researchers even finished QKD between Micius satellite and the earth station in which the transmission distance is beyond 1200 kilometers [16].

In tranditional cryptosystems any two users need to share a secret string named the key before they begin to communicate with each other. If there are a large number of users, it’s very difficult and expensive for a user to build and manage all the keys with every other user. Rivest, Sharmir and Adleman provided the first public-key algorithm in 1978 which can solve this problem [17]. This public-key algorithm is called RSA algorithm on which people can establish a public-key cryptosystem. In public-key cryptosystems, every user has only a (public key, private key) pair. A user’s public key can be open to everyone and his or her private key is kept absolutly secret. Obviously it greatly cut down the difficulty and management expense for key management. Today public-key cryptosystems are widely applied in modern society to safeguard information security and privacy. However Shore presented a quantum algorithm which can crack RSA algorithm on future quantum computers [18]. Now people have found quantum algorithms to most of classical public-key algorithms so that they are all insecure once quantum computers come to being. Quantum public-key algorithms may be used to solve this problem. In 2001 Gottesman and Chuang constructed a quantum one-way function and proposed that a quantum public-key cryptosystem may be realized based on quantum one-way functions [19]. Nikolopoulos presented the first quantum public-key algorithm [20] in 2008. After that researchers issued many quantum public-key cryptosystem schemes [21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38].

It’s known quantum public-key cryptosystems are based on the special properties of quantum systems. Usually a user’s public key is a group of quantum systems. But these quantum systems will be consumped after a secret communication process finishes. Their states will irreversibly change. That is to say, the public key no longer exsist. So every user has to restruct their (public key, private key) after the communication process and keep the public key in KMC. Another solution is that every user keeps many copies of his or her public key in KMC. Obviously it brings huge management expense to the quantum public-key cryptosystems.

A quantum public-key cryptosystem with resusable public key based on the Bell states is presented in this paper. Every user creates a group of two-particle quantum system as his or her (public key, private key) pair. The public-key is kept in KMC while the private key is hold by the user. Two users can accomplish secret communications by the help of KMC. No third party can get the secret message exchanged between the two users. After a communication process finishes, the state of the (public key, private key) pair keep unchanged. That is to say, the public key and private key can be reused. So this public-key cryptosystem needs much less management expenses for key management in relative to previous quantum publc-key cryptosystems. It’s easier to carry out in practice.

2. Main Idea

A two-level quantum system is often used as the carrier of information. It’s called a qubit whose state space is a 2-dimension Hilbert space. There are four states $|0>,|1>,|+>,|->$ of a qubit in which

$$\begin{array}{c}\hfill |+>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0>+|1>)\\ \hfill |->={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0>-|1>).\end{array}$$

(1)

They form two complete orthogonal base

$$\begin{array}{c}\hfill B_{01}=\left\{\right|0>,|1>\}\\ \hfill B_{+-}=\left\{\right|+>,|->\}.\end{array}$$

(2)

People can measure a qubit in $B_{01}$ or $B_{+-}$. There are four basic quantum operations on a qubit

$$\begin{array}{c}\hfill I=\left(\begin{array}{ccc}1\hfill & 0& \\ 0\hfill & 1\end{array}\right),{\sigma }_x=\left(\begin{array}{ccc}0\hfill & 1& \\ 1\hfill & 0\end{array}\right)\\ \hfill {\sigma }_y=\left(\begin{array}{ccc}0\hfill & -i& \\ i\hfill & 0\end{array}\right),{\sigma }_z=\left(\begin{array}{ccc}1\hfill & 0& \\ 0\hfill & -1\end{array}\right)\end{array}$$

(3)

The Bell states are four states of a two-qubit quantum system.

$$\begin{array}{c}\hfill |{\Phi }^{+}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|00>+|11>)={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|+->+|-+>)\\ \hfill |{\Phi }^{-}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|00>-|11>)={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|+->-|-+>)\\ \hfill |{\Psi }^{+}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|01>+|10>)={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|++>+|-->)\\ \hfill |{\Psi }^{-}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|01>-|10>)={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|++>-|-->).\end{array}$$

(4)

They form a complete orthogonal basis for a two-qubit system in which people can measure the two-qubit system. Such measurement is called the Bell measurement.

Let’s assume that there is a key management center (KMC). Two users, for rexample, Alice and Bob want to communicate wtth each other by the help of KMC. There is a quantum channel and a classical channel through which everyone can use. The quantum channel is insecure which everyone can control. The classical channel is public so that everyone can listen to it. But at the same time it’s authenticated so that no one can pretending to be someone else. First Alice creates n two-qubit systems in the state

$$|{\Phi }^{+}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2+|1{>}_1\left|1{>}_2\right)$$

(5)

in which the subscript is used to discriminate the two qubits. Alice keeps qubit 2 of each two-qubit system in KMC while she holds qubit 1 of each two-qubit system at her hands. If Bob wants to sends a message denoted as a n-bit binary string P to Alice. He informs KMC through the classical channel. Then to qubit 2 of every two-qubit system KMC creates an auxilliary qubit denoted as qubit A in state |0>. To every two-qubit system KMC performs a CNOT operation on qubit 2 and the corresponding qubit A in which qubit 2 is the control qubit and qubit A is the target qubit. So the state of the whole three-qubit system turns into

$$S={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A+|1{>}_1|1{>}_2\left|1{>}_A\right).$$

(6)

Next KMC sends qubit A of every two-qubit system to Bob through the quantum channel. After receiving the qubits, Bob performs on qubit A of every two-qubit system according to the message P. To every bit $P_i$ in P. He does in accordance with the following coding rule.

Coding rule: If $P_i$ is “0”, he perorms nothing; if the bit in $P_i$ is “1”, he performs ${\sigma }_x$ on qubit A.

Then the state of the whole three-qubit system turn into

$$\begin{array}{c}\hfill S{S}_1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A+|1{>}_1|1{>}_2\left|1{>}_A\right),if{P}_i=0;\\ \hfill S{S}_2={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|1{>}_A+|1{>}_1|1{>}_2\left|0{>}_A\right),if{P}_i=1.\end{array}$$

(7)

Then Bob sends the qubits to Alice through the quantum channel. When Alce receives them, she first performs CNOT operation on qubit 1 of the two-qubit system and the corresponding qubit A in which qubit 1 is the control qubit and qubt A is the target qubit. The state of the whole three-qubit system becomes

$$\begin{array}{c}\hfill S{T}_1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A+|1{>}_1|1{>}_2\left|0{>}_A\right),if{P}_i=0;\\ \hfill S{T}_2={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|1{>}_A+|1{>}_1|1{>}_2\left|1{>}_A\right),if{P}_i=1.\end{array}$$

(8)

It can be rewritten as

$$\begin{array}{c}\hfill S{T}_1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2\left)\right|+|1{>}_1|1{>}_2\left)\right|0{>}_A,if{P}_i=0;\\ \hfill S{T}_2={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|+|1{>}_1|1{>}_2\left)\right|1{>}_A,if{P}_i=1.\end{array}$$

(9)

Then Alice measures qubit A in $B_{01}$ and records as the following decoding rule.

Decoding rule: If the measurement result is |0>, she records as “’0’; If the measurement result is |1>, she records as “1”.

Finally Alice get a n-bit binary string $P^{\prime }$. It’s easy to find that $P_i^{\prime }=P_i$ and the state of the two-qubit system compoed of qubit 1 qnd qubit 2 turns back into

$$|{\Phi }^{+}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2+|1{>}_1\left|1{>}_2\right).$$

(10)

The proof can be summarized by the Table 1.

The notions in Table 1 are denoted as:

$Stat{e}_{12}$: the oringinal state of the two-qubit system composed of qubit 1 and qubit 2;

$Stat{e}_{12A}$: the state of the whole three-qubit system composed of qubit 1, qubit 2 and qubit A after KMC’s CONT operation;

$P_i$: the i-th bit in P;

$Stat{e}_{12A}^{\prime }$: the state of the whole three-qubit system after Bob’s operation;

$Stat{e}_{12A}^{\prime \prime }$: the state of the whole three-qubit system after Alice’s CNOT operation;

$P_i^{\prime }$: the corresponding i-th bit in $P^{\prime }$;

$Stat{e}_{12}^{\prime }$: the final state of the two-qubit system.

In section 4 we will prove that no other one can get the secret message P which Bob send Alice. So Alice and Bob finish a secret communication process. Moreover Alice’s (public key, prvate key) pair keeps unchanged after the communication process. That is to say, Alice’s public key and private key are reusable just like those in classical public-key crytposytem. So we can build a quantum public-key cryptosystem with reusable (public key, private key) pair based on the idea above.

3. Quantum Public-Key Cryptosystem with Resuable (Public Key, Private Key) Pair

The quantum public-key cryptosystem with reusable key is given as follws.

There are N users and a key management center (KMC). An insecure quantum channel is public to everyone. At the same time there is authenticated public classical channel which everyone can listen to it but no one can impersonate other one. Every user creates M two-qubit systems in the state

$$|{\Phi }^{+}>={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2+|1{>}_1\left|1{>}_2\right).$$

(11)

as his or her (public key, private key) pair in which the subscripts are used to discriminate the two qubits. To each two-qubit system the user keeps qubit 1 and gives qubit 2 to KMC. So the user holds an M-qubit sequence $Q^d$ which is his or her private key. KMC holds an M-qubit sequence $Q^e$ which is the user’s public key. if a user Bob wants to send a secret message which can be denoted as an n-bit binary string P to another user Alice. They perform the following process as follows.

step 1: Alice produce k=M-n checking bits at random. Then Alice randomly inserts these bits into P. Finally she gets new string $PT$ which is just the plain text to be transmited to Bob. The inserted qubits are used for error-checking.

step 2: Bob informs KMC through the classical channel telling KMC that he wants to send a secret message to Alice.

step 3: To each qubit in $Q^e$ KMC creates an auxilliary qubit denoted qubit A in state $|0>$. So KMC has a M-qubit sequence denoted as $Q^A$. Then KMC performs CNOT operation on qubit 2 in $Q^e$ and qubit A in $Q^A$ in which qubit 2 is the control qubit and qubit A is the target qubit. At last KMC send the qubit sequence $Q^A$ to Bob through the quantum channel.

step 4: After receiving $Q^A$, Bob encodes $PT$ on $Q^A$ according to the coding rule. That is to say, when the bit in $PT$ is 0, he performs nothing and when the bit in $PT$ is 1, he performs ${\sigma }_x$ on the corresponding qubit in $Q^A$.

step 5: Bob sends $Q^A$ to Alice through the quantum channel.

step 6: When Alice gets $Q^A$, she puts it together with $Q^d$ at her hands. Then to each qubit in $Q^d$ Alice performs CNOT operation on qubit 1 in $Q^d$ and qubit A in $Q^A$ in which qubit 1 is the control qubit and qubit A is the target qubit.

step 7: Alice measures all qubits in $Q^A$ and records her meaurement results accords to the decoding rule. Then she gets a binary string $P{T}^{\prime }$.

step 8(error-checking): Alice asks Bob for error-chencking through the classical channel. After receiving Alice’s requirement, Bob declares all the checking bits and their positions in $PT$ through the classical channel. Then Alice extracts the correspongding bits in $P{T}^{\prime }$ and compares them with Bob’s checking bits. If there are too many disagreements, Alice and Bob abandon the communication process. Or they go into next step.

step 9: Alice threw all the bits for error-checking from $P{T}^{\prime }$ to get a new binary string $P^{\prime }$.

It’s easy to find that $P^{\prime }=P$. Now Alice has obtained the message which Bob sends her. In section 4 it’s proved that no third party except Alice and Bob can get the message. So Alice and Bob complete a secret communication process. Moreover the state of every two-qubit system consisting of qubit 1 and qubit 2 turns back to $|{\Phi }^{+}>$. So Alice’s (public key, private key) pair can be reusable.

4. Security of the Cryptosystem

This cryptosystem is secure. Any two users can exchange secret messages by the help of KMC. No third party can gets the secret message. Let’s give the proof as follows.

If an eavesdropper Eve wants to get the secret message which Bob sends to Alice, she can listen to both the classical channel and the quantum channel. First Eve may catch the qubits in $Q^A$ when they are sent from KMC to Bob. But Bob hasn’t encode his mesaage in $Q^A$ now. If Eve measures the qubits in $Q^A$, she can get nothing about the message. Moreover if Eve measures them, she will crash the communication process and will be found by Alice and Bob at last. When Eve gets $Q^A$, the state of the each three-qubit system is

$$S={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A+|1{>}_1|1{>}_2\left|1{>}_A\right).$$

(12)

If Eve measures it, the state turn to

$$S^{\prime }=\left(\right|0{>}_1\left|0{>}_2\right|0{>}_A$$

(13)

or

$$S^{\prime \prime }=\left(\right|1{>}_1\left|1{>}_2\right|1{>}_A.$$

(14)

So the three-qubit system are no longer entangled. Then Eve sends $Q^A$ to Bob. After Bob receives $Q^A$, he encodes his message $PT$ on it according to the coding rule. Then the state of the each three-qubit system is

$$\begin{array}{c}\hfill S_0^{\prime }=\left(\right|0{>}_1\left|0{>}_2\right|0{>}_A,ifP{T}_i=0;\\ \hfill S_1^{\prime }=\left(\right|0{>}_1\left|0{>}_2\right|1{>}_A,ifP{T}_i=1.\end{array}$$

(15)

or

$$\begin{array}{c}\hfill S_0^{\prime \prime }=\left(\right|1{>}_1\left|1{>}_2\right|1{>}_A,ifP{T}_i=0;\\ \hfill S_1^{\prime \prime }=\left(\right|1{>}_1\left|1{>}_2\right|0{>}_A,ifP{T}_i=1.\end{array}$$

(16)

Next Bob sends $Q^A$ to Alice. After receiving $Q^A$, Alice performs CNOT operation the qubit A in $Q^A$ and corresponding qubit 1 in $Q^d$ in which the former is the target qubit and the latter is the control qubit. The state of the each three-qubit system is

$$\begin{array}{c}\hfill S_0^T=\left(\right|0{>}_1\left|0{>}_2\right|0{>}_A,ifP{T}_i=0;\\ \hfill S_1^T=\left(\right|0{>}_1\left|0{>}_2\right|1{>}_A,ifP{T}_i=1.\end{array}$$

(17)

or

$$\begin{array}{c}\hfill S_0^T=\left(\right|1{>}_1\left|1{>}_2\right|0{>}_A,ifP{T}_i=0;\\ \hfill S_1^T=\left(\right|1{>}_1\left|1{>}_2\right|1{>}_A,ifP{T}_i=1.\end{array}$$

(18)

Then Alice measures all the qubits in $Q^A$ and records her measurement results according to the decoding rule. It’s easy to find that Alice’s measurement result is |0> or |1> with the same probability whatever $P{T}_i=0$ or $P{T}_i=1$. That is to say, finally the string $P{T}^{\prime }$ which Alice gets is a random string. So $P{T}^{\prime }\ne PT$. Then Bob declares all the k checking bits in $PT$. Alice compares them with the corresponding bits in $P{T}^{\prime }$. Obvious the average probability that Alice and Bob has the same value for a bit is 1/2. So for all the k checking bits, the probability that Alice and Bob get the same value is

$$p_{error}={\left({\displaystyle \frac{1}{2}}\right)}^k.$$

(19)

If k=100

$$p_{error}={\left({\displaystyle \frac{1}{2}}\right)}^{100}\approx {10}^{-30}.$$

(20)

It’s a very small probability. So Alice and Bob are sure to found Eve’s existence.

Second Eve may catch $Q^A$ when Bob sends it to Alice. Now the state of each three-qubit system is

$$\begin{array}{c}\hfill S{S}_0={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A+|1{>}_1|1{>}_2\left|1{>}_A\right),ifP{T}_i=0;\\ \hfill S{S}_1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|1{>}_A+|1{>}_1|1{>}_2\left|0{>}_A\right),ifP{T}_i=1.\end{array}$$

(21)

Eve measures qubit A and records her measurement result according the decoding rule. Alice measurement result is recorded as $|\phi >$. Then the state of the three-qubit system turns to

$$\begin{array}{c}\hfill S{S}_{00}=|0{>}_1|0{>}_2|0{>}_A,ifP{T}_i=0and|\phi >=|0>;\\ \hfill S{S}_{01}=|1{>}_1|1{>}_2|1{>}_A,ifP{T}_i=0and|\phi >=|1>;\\ \hfill S{S}_{10}=|1{>}_1|1{>}_2|0{>}_A,ifP{T}_i=1and|\phi >=|0>;\\ \hfill S{S}_{10}=|0{>}_1|0{>}_2|1{>}_A,ifP{T}_i=1and|\phi >=|1>.\end{array}$$

(22)

Obviously Eve will get measurement result $|0>$ and $|1>$ with the same probability $1/2$ whatever $P{T}_i=0$ or $P{T}_i=1$. So there are no correlations between $PT$ and the string $PE$ which Alice gets. Or in other words Eve can’t get $PT$ by such method.

Third let’s consider a complex strategy of attack. Eve may implement entanglement attack. When Bob sends $Q^A$ to Alice, Eve catches it. Then she creates an auxilliary qubit for each qubit in $Q^A$ and performs CNOT operation on them with attention to get the message. When Eve gets $Q^A$, the state of the whole three-qubit system is

$$\begin{array}{c}\hfill S1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A+|1{>}_1|1{>}_2\left|1{>}_A\right),ifP{T}_i=0;\\ \hfill S2={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|1{>}_A+|1{>}_1|1{>}_2\left|0{>}_A\right),ifP{T}_i=1.\end{array}$$

(23)

Then Eve creats an auxilliary qubit (denoted as qubit E) in $|0>$ and performs CNOT operation on qubit A and qubit E in which the former is the target qubit and the latter is the control qubit. So the state of the four-qubit system is

$$\begin{array}{c}\hfill SS1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A|0{>}_E+|1{>}_1|1{>}_2|1{>}_A\left|1{>}_E\right),ifP{T}_i=0;\\ \hfill SS2={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|1{>}_A|1{>}_E+|1{>}_1|1{>}_2|0{>}_A\left|0{>}_E\right),ifP{T}_i=1.\end{array}$$

(24)

Then Eve sends $Q^A$ to Alice. After receiving $Q^A$ Alice performs CNOT operation on qubit A in $Q^A$ and quabit 1 in $Q^d$ in which qubit A is the target qubit and qubit 1 is the control qubit. The state of the four-qubit system turns into

$$\begin{array}{c}\hfill SSS1={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|0{>}_A|0{>}_E+|1{>}_1|1{>}_2|0{>}_A\left|1{>}_E\right),ifP{T}_i=0;\\ \hfill SSS2={\displaystyle \frac{1}{\sqrt{2}}}\left(\right|0{>}_1|0{>}_2|1{>}_A|1{>}_E+|1{>}_1|1{>}_2|1{>}_A\left|0{>}_E\right),ifP{T}_i=1.\end{array}$$

(25)

Finally Alice measures $Q^A$. At the same time Eve measures all her auxilliary qubits and record it accoding to the decoding rule. It’s easy to find that Eve will get measurement result $|0{>}_E$ and $|1{>}_E$ with the same probability $1/2$ whatever Alice gets measurement result $|0{>}_1$ or $|1{>}_1$. So the string $PE$ which Eve gets aren’t equal to $P_T$. It can be summarized in the following Table 2.

So Eve can’t get the secret message by strategy of entangment attack.

Now we have showed that no eavesdroopers can get the secret message from Bob to Alice.

5. Discussion

In this quantum public-key cryptosystem to accomplish secret communications what people need to do are creating a group of two-qubit systems, performing CNOT operation on two qubits, exchanging qubits through a quantum channel and doing single-particle measurement on a qubit. All these have been carried out decades of years. So there are no fundamental obstacles for this public-key cryptosystem to be realized in practice by today’s technology.

In most of previous quantum public-key cryptosystem, the quantum systems serving as user’s (public key, private key) pair are consumed after a communication process because their states evitably changed so that they are no longer available for next communication process. To maintain the public-key cryptosystem to continue working, every user has to reconstruct his or her (public-key, private key) pair and give the public key to KMC. Obviously it is costly because reconstructing (public-key, private key) pairs and sharig public keys with KMC cause rather more resource consump and more time delay. Another solution is to create many copies of (public-key, private key) pairs for every user and keep all the public keys in KMC. But it need much more resource consumption. Moreover it also brings much more difficulties for both KMC and users to perform key management. This is a serious barrier for quantum public-key cryptosystems to be applied in practice. In this quantum public-key cryptosystem the two-qubit systems serving as a user’s (public key, private key) pair keep unchanged after a communication process. Or in other words, all the public key and the private key of every user are reusable. So it is much easier to carry out in practice in relative to tranditional quantum public-key cryptosystem. This is a remarkable advantage of this public-key cryptosystem.

6. Conclusions

This paper provided a quantum public-key cryptosystem with reusable (public key, private key) pair using the Bell states. Every user shares a group of two-qubit systems in the Bell state with KMC as his or her (public key, private key) pair. If a user Bob wants to send a secret message to another user Alice, he ask for KMC’s help. Then KMC creates a group of auxilliary qubits and engtangles them with Alice’s (public key, private key) pair by performing CNOT operations. Next KMC sends the auxilliary qubits to Bob. After receiving the auxlilliary qubits, Bob encodes his message on them and sends them to Alice. When Alice receives the auxilliary qubits, Alice also performs CNOT operations on them and her (public key, private key) pair. Then she measures the auxilliary qubits and get the message at last. At the same time the two-qubit systems turn back to their original states. Alice’s (public key, private key) pair keeps unchanged after the communication process so that it can be reused. In this public-key cryptosystem, users doesn’t need to save many copies of (public key, private key) pair or reconstruct (public key, private key) pair after a communication process. It greatly reduces the expense for key management. So this quantum public-key cryptosystem is easier to realize in relative to previous quantum public-key cryptosystems.