1 Introduction

Benett and Brassard [1] proposed the first quantum key distribution protocol, which was commonly called BB84. From then on, along with the development of quantum cryptography [2], there exists more and more interesting applications, such as quantum key distribution [3,4,5,6], quantum secret sharing [7,8,9], quantum digital signature [10,11,12,13,14], and so on.

The concept of the secure multiparty computation (SMC) was first proposed by Yao, which was mainly used to implement the following tasks [15, 16]: In a distributed network of mutual distrust, each user can obtain the result of a function by cooperating without leaking their private information. The SMC problem is used to research in classical setting, but Shor [17] pointed out that it can be solved by models based on quantum setting with higher efficiency. Since then, more and more special SMC problems have been solved in quantum setting, such as quantum protocol for anonymous voting and surveying [18, 19], quantum anonymous ranking [20, 21], quantum auction [22,23,24], quantum protocol for millionaire problem [25], and so on.

In recent years, the design and analysis of QPC protocols have attracted many interests and attentions. The first QPC protocol was proposed by Yang [26]. Straight after, lots of QPC protocols have been presented based on different entangled states, such as Bell states, GHZ states, W states, and \(\chi \)-type states [27,28,29,30,31,32,33,34,35,36,37,38,39].

In this paper, we propose an efficient QPC protocol, which can compare three bits in each comparison time and decrease more comparison times. This protocol is based on the entanglement swapping of the four-qubit cluster state and extended Bell state (\(\chi \) state). For better finishing the task, the semi-honest TP who called Charlie is introduced to help the implementation of this comparison. But he only can obey the duty to perform the rules of the protocol and cannot obtain anything about the comparison results and the participants’ private information. Furthermore, with the decoy photons and pre-shared random sequence, it can detect the malicious eavesdropper Eve and forbid him knowing the actual comparison results and the information of the secret inputs.

The rest of this paper is organized as follows: In Sect. 2, an efficient QPC protocol is described in detail. In Sect. 3, the security of the proposed protocol is analyzed. Then, the efficiency comparison is presented in Sect. 4. At last, conclusion is given in Sect. 5.

2 The QPC protocol

In Reference [40], a general form of an N-qubit cluster was given as follows:

$$\begin{aligned} |C_N\rangle =\frac{1}{2^{N/2}}\otimes ^N_{a=1} \left( |0\rangle _a\delta ^{(a+1)}_z+|1\rangle \right) \end{aligned}$$
(1)

with the convention \(\delta ^{(N+1)}_z=1\). And these states have a strong violation of local reality and are shown to be robust against decoherence [41, 42]. In the case of two- and three-partite scenarios, this cluster state is the same as the Bell and GHZ states, respectively. In this paper, we choose the following four-qubit cluster state, where \(N=4\) in Eq. (1):

$$\begin{aligned} |C_4\rangle _{1234}=\frac{1}{2}(|0000\rangle +|0110\rangle +|1001\rangle -|1111\rangle ) \end{aligned}$$
(2)

And the whole system is the swapping of the cluster state \(|C_4\rangle _{1234}\) and the extended Bell state \(|\chi ^+\rangle _{56}\). Here the extended Bell state is one of the basis \(\{|\chi ^\pm \rangle ,|\omega ^\pm \rangle \}\), which can be derived by the Hadamard gate from the Bell basis {\(|\phi ^\pm \rangle =(|00\rangle \pm |11\rangle )/\sqrt{2}\), \(|\psi ^\pm \rangle =(|01\rangle \pm |10\rangle )/\sqrt{2}\)}.

$$\begin{aligned} |\chi ^+\rangle= & {} \frac{|\phi ^-\rangle +|\psi ^+\rangle }{\sqrt{2}}=\frac{|00\rangle -|11\rangle +|01\rangle +|10\rangle }{2}\nonumber \\ |\chi ^-\rangle= & {} \frac{|\phi ^+\rangle +|\psi ^-\rangle }{\sqrt{2}}=\frac{|00\rangle +|11\rangle +|01\rangle -|10\rangle }{2}\nonumber \\ |\omega ^+\rangle= & {} \frac{|\phi ^+\rangle -|\psi ^-\rangle }{\sqrt{2}}=\frac{|00\rangle +|11\rangle -|01\rangle +|10\rangle }{2}\nonumber \\ |\omega ^-\rangle= & {} \frac{|\phi ^-\rangle -|\psi ^+\rangle }{\sqrt{2}}=\frac{|00\rangle -|11\rangle -|01\rangle -|10\rangle }{2}\nonumber \\ \end{aligned}$$
(3)

Then, the entanglement swapping principle of the states \(|C_4\rangle _{1234}\) and \(|\chi ^+\rangle _{56}\) is given below:

$$\begin{aligned}&|C_4\rangle _{1234}\otimes |\chi ^+\rangle _{56}\nonumber \\&\quad =\frac{1}{2}(|0000\rangle +|0110\rangle +|1001\rangle -|1111\rangle )_{1234}\otimes \frac{1}{2}(|00\rangle -|11\rangle +|01\rangle +|10\rangle )_{56}\nonumber \\&\quad =\frac{1}{4\sqrt{2}}(|00\rangle _{12}\otimes ((|\phi ^+\rangle _{35}+|\phi ^-\rangle _{35})\otimes (|\chi ^+\rangle _{46}+|\chi ^-\rangle _{46})\nonumber \\&\qquad +(|\psi ^+\rangle _{35}+|\psi ^-\rangle _{35})\otimes (|\omega ^+\rangle _{46}+|\omega ^-\rangle _{46}))\nonumber \\&\qquad +|01\rangle _{12}\otimes ((|\psi ^+\rangle _{35}-|\psi ^-\rangle _{35})\otimes (|\chi ^+\rangle _{46}+|\chi ^-\rangle _{46})\nonumber \\&\qquad +(|\phi ^+\rangle _{35}-|\phi ^-\rangle _{35})\otimes (|\omega ^+\rangle _{46}+|\omega ^-\rangle _{46}))\nonumber \\&\qquad +|10\rangle _{12}\otimes ((|\phi ^+\rangle _{35}+|\phi ^-\rangle _{35})\otimes (|\omega ^+\rangle _{46}-|\omega ^-\rangle _{46})\nonumber \\&\qquad +(|\psi ^+\rangle _{35}+|\psi ^-\rangle _{35})\otimes (|\chi ^+\rangle _{46}-|\chi ^-\rangle _{46}))\nonumber \\&\qquad -|11\rangle _{12}\otimes ((|\psi ^+\rangle _{35}-|\psi ^-\rangle _{35})\otimes (|\omega ^+\rangle _{46}-|\omega ^-\rangle _{46})\nonumber \\&\qquad +(|\phi ^+\rangle _{35}-|\phi ^-\rangle _{35})\otimes (|\chi ^+\rangle _{46}-|\chi ^-\rangle _{46})))\nonumber \\&\quad =\frac{1}{4}(|\phi ^+\rangle _{12}(|\phi ^+\rangle _{35}|\chi ^-\rangle _{46}+|\phi ^-\rangle _{35}|\chi ^+\rangle _{46}+|\psi ^+\rangle _{35}|\omega ^-\rangle _{46}+|\psi ^-\rangle _{35}|\omega ^+\rangle _{46})\nonumber \\&\qquad +|\phi ^-\rangle _{12}(|\phi ^+\rangle _{35}|\chi ^+\rangle _{46}+|\phi ^-\rangle _{35}|\chi ^-\rangle _{46}+|\psi ^+\rangle _{35}|\omega ^+\rangle _{46}+|\psi ^-\rangle _{35}|\omega ^-\rangle _{46})\nonumber \\&\qquad +|\psi ^+\rangle _{12}(|\psi ^+\rangle _{35}|\chi ^+\rangle _{46}-|\psi ^-\rangle _{35}|\chi ^-\rangle _{46}+|\phi ^+\rangle _{35}|\omega ^+\rangle _{46}-|\phi ^-\rangle _{35}|\omega ^-\rangle _{46})\nonumber \\&\qquad +|\psi ^-\rangle _{12}(|\psi ^+\rangle _{35}|\chi ^-\rangle _{46}-|\psi ^-\rangle _{35}v\chi ^+\rangle _{46}+|\phi ^+\rangle _{35}|\omega ^-\rangle _{46}-|\phi ^-\rangle _{35}|\omega ^+\rangle _{46}))\nonumber \\&\quad =\frac{1}{4}(|\phi ^+\rangle _{12}(|\chi ^-\rangle _{35}|\phi ^+\rangle _{46}+|\chi ^+\rangle _{35}|\phi ^-\rangle _{46}+|\omega ^-\rangle _{35}|\psi ^+\rangle _{46}+|\omega ^+\rangle _{35}|\psi ^-\rangle _{46})\nonumber \\&\qquad +|\phi ^-\rangle _{12}(|\chi ^+\rangle _{35}|\phi ^+\rangle _{46}+|\chi ^-\rangle _{35}|\phi ^-\rangle _{46}+|\omega ^+\rangle _{35}|\psi ^+\rangle _{46}+|\omega ^-\rangle _{35}||\psi ^-\rangle _{46})\nonumber \\&\qquad +|\psi ^+\rangle _{12}(|\chi ^+\rangle _{35}|\psi ^+\rangle _{46}-|\chi ^-\rangle _{35}|\psi ^-\rangle _{46}+|\omega ^+\rangle _{35}|\phi ^+\rangle _{46}-|\omega ^-\rangle _{35}|\phi ^-\rangle _{46})\nonumber \\&\qquad +|\psi ^-\rangle _{12}(|\chi ^-\rangle _{35}|\psi ^+\rangle _{46}-|\chi ^+\rangle _{35}|\psi ^-\rangle _{46}+|\omega ^-\rangle _{35}|\phi ^+\rangle _{46}-|\omega ^+\rangle _{35}|\phi ^-\rangle _{46})) \end{aligned}$$
(4)

The detail steps of the proposed protocol can be described as follows:

Input: Alice and Bob have their private integer X and Y, respectively. The binary representations of X and Y in \(F_{2^L}\) can be written as: \(X=(x_0,x_1,\ldots ,x_{N-1})\), \(Y=(y_0,y_1,\ldots ,y_{N-1})\), where \(x_i,y_i\in \{0,1\}\), and \(X=\sum _{i=0}^{L-1}x_i2^i\), \(Y=\sum _{i=0}^{L-1}y_i2^i\), \(2^L-1<\max \{X,Y\}<2^L\).

Output: Whether \(X=Y\) or not.

Charlie is a semi-honest third party, who helps the two participants Alice and Bob to compare their secrets, but he cannot obtain anything from the processing executed with Alice and Bob in the protocol. Beforehand, Alice(Bob) and Charlie use a secure QKD protocol to establish a common secret key \(K_{AC}(K_{BC})\), respectively. And the two participants, Alice and Bob also share a secret key sequence \(K: (k_0,k_1,\ldots ,k_{L-1}), k_i\in \{0,1\}, i=0,1,\ldots ,(L-1)\) through a secure QKD protocol.

2.1 Preparing step

  1. (1)

    Alice(Bob) divides the N-bit binary string X(Y) into \(\left\lceil {N/3L}\right\rceil \) groups, each group having 3L bits. If \(N\,\hbox {mod} 3 \ne 1\), Alice(Bob) always adds \(3L-(N\,\hbox {mod} 3L)\) 0 at the end of the N-bit binary string X(Y). Then, \(X=A_{\left\lceil {N/3L}\right\rceil -1}\ldots A_1A_0, Y=B_{\left\lceil {N/3L}\right\rceil -1}\ldots B_1B_0\).

    $$\begin{aligned} A_j= & {} \left( x_j^{3L-1},\ldots ,x_j^1,x_j^0\right) ,\quad B_j=\left( y_j^{3L-1},\ldots , y_j^1,y_j^0\right) ,\nonumber \\ j= & {} 0,1,\ldots ,\left\lceil {N/3L}\right\rceil -1 \end{aligned}$$
    (5)
  2. (2)

    For each group \(A_j(B_j)\), Alice and Bob form every three adjacent bits into a pair \(Q_A^i=\left( x_j^{3i},x_j^{3i+1},x_j^{3i+2}\right) , Q_B^i=\left( y_j^{3i},y_j^{3i+1},y_j^{3i+2}\right) \)

    $$\begin{aligned} A_j=\left( Q_A^{L-1},\ldots ,Q_A^1,Q_A^0\right) ,\quad B_j=\left( Q_B^{L-1},\ldots ,Q_B^1,Q_B^0\right) \end{aligned}$$
    (6)
  3. (3)

    In the jth round of the comparison, Charlie prepares an ordered sequence \(S_1(S_2)\) which consists of L ordered \(|C_4\rangle _{1234}\) (\(|\chi ^+\rangle _{56}\)) states.

    $$\begin{aligned} \begin{aligned}&S_1{:}~\left[ P_1^0P_2^0P_3^0P_4^0,P_1^1P_2^1P_3^1P_4^1,\ldots ,P_1^{L-1} P_2^{L-1}P_3^{L-1}P_4^{L-1}\right] \\&S_2{:}~\left[ P_5^0P_6^0,P_5^1P_6^1,\ldots ,P_5^{L-1}P_6^{L-1}\right] \end{aligned} \end{aligned}$$
    (7)

    where the subscripts {1,2,3,4 (5,6)} denote the different particle in each quantum state \(S_1(S_2)\), and the superscripts \(\{0,1,\ldots ,L-1\}\) denote the ith entangle quantum state prepared by Charlie.

  4. (4)

    Charlie takes the first two particles of all \(|C_4\rangle _{1234}\) states in \(S_1\) to form an ordered sequence \(S_C\).

    $$\begin{aligned} S_C{:}~\left[ P_1^0P_2^0,P_1^1P_2^1,\ldots ,P_1^{L-1}P_2^{L-1}\right] \end{aligned}$$
    (8)

Charlie takes the third particle of all \(|C_4\rangle _{1234}\) states in \(S_1\) and the first particle of all \(|\chi ^+\rangle _{56}\) states in \(S_2\) to form an ordered sequence \(S_A\).

$$\begin{aligned} S_A{:}~\left[ P_3^0P_5^0,P_3^1P_5^1,\ldots ,P_3^{L-1}P_5^{L-1}\right] \end{aligned}$$
(9)

Charlie takes the fourth particle of all \(|C_4\rangle _{1234}\) states in \(S_1\) and the second particle of all \(|\chi ^+\rangle _{56}\) states in \(S_2\) to form an ordered sequence \(S_B\).

$$\begin{aligned} S_B:\left[ P_4^0P_6^0,P_4^1P_6^1,\ldots ,P_4^{L-1}P_6^{L-1}\right] \end{aligned}$$
(10)
  1. (5)

    To prevent eavesdropping, Charlie prepares two bunches of decoy photons \(D_A\) and \(D_B\) randomly chosen from states \(\{|0\rangle ,|1\rangle ,|+\rangle ,|-\rangle \}\). Then Charlie mixes the sequences \(S_A\) with \(D_A\) (\(S_B\) with \(D_B\)) to form a new sequence \(S'_A\) \((S'_B)\). And then, he sends \(S'_A\) and \(S'_B\) to Alice and Bob, respectively.

2.2 Checking step

When Alice(Bob) receives the sequence \(S'_A (S'_B)\), Charlie announces the positions and measuring basis of the decoy photons \(D_A\) and \(D_B\). Then, Alice(Bob) measures the decoy particles with the corresponding measuring basis for eavesdropping detection. If the error rate exceeds a suitable threshold, Charlie will terminate this communication and restart from the preparing step. Otherwise, the protocol goes to the next step.

2.3 Coding step

  1. (1)

    Alice(Bob) first recovers \(S_A(S_B)\) by discarding the decoy photons. Then, according to the pre-shared sequence K, Alice(Bob) calculates \(K=\bigoplus _{i=0}^{L-1} k_i\), the symbol \(\bigoplus \) denotes the bit-wise exclusive-OR. Then, if \(K=0\), she(he) chooses the basis \(\{|\phi ^\pm \rangle ,|\psi ^\pm \rangle \}\) \((\{|\chi ^\pm \rangle ,|\omega ^\pm \rangle \})\) to measure the ith pair \(P_3^iP_5^i\) \((P_4^iP_6^i)\) in \(S_A(S_B)\), and if \(K=1\), she(he) chooses the basis \(\{|\chi ^\pm \rangle ,|\omega ^\pm \rangle \}\) \((\{|\phi ^\pm \rangle ,|\psi ^\pm \rangle \})\). And we denote the measurement results with \(M_A^i(M_B^i)\). After the measurement, according to Table 1, Alice and Bob will obtain a three-bit value \(C_A^i\) and \(C_B^i\), respectively.

  2. (2)

    Alice(Bob) calculates \(R_A^i=Q_A^i\bigoplus C_A^i\) (\(R_B^i=Q_B^i\bigoplus C_B^i\)), where \(Q_A^i(Q_B^i)\) is derived from Preparing step (2). Then, Alice(Bob) encrypts the sequence \(R_A^0R_A^1,\ldots ,R_A^{L-1}\) \((R_B^0R_B^1,\ldots ,R_B^{L-1})\) with \(K_{AC}(K_{BC})\) and sends it to Charlie by quantum-one-time pad.

Table 1 \(C_A^i (C_B^i)\)’s value according to \(M_A^i (M_B^i)\)
Full size table

2.4 Decoding step

  1. (1)

    Charlie decrypts the two encrypted sequences from Alice and Bob by \(K_{AB},K_{AC}\), and calculates \(R_{AB}^i=R_A^i\bigoplus R_B^i\). Then, Charlie uses the Bell basis to measure the ith pair in \(S_C\) and gets \(M_C^i\). Through calculating and summarizing for all cases, we find the following relations shown in Table 2.

  2. (2)

    As shown in Table 2, we can get the relation between \(Q_A\) and \(Q_B\). If \(R_{AB}^i=101\) and \(M_C^i=|\phi ^+\rangle \) ( \(R_{AB}^i=100\) and \(M_C^i=|\phi ^-\rangle \), \(R_{AB}^i=110\) and \(M_C^i=|\psi ^+\rangle \), \(R_{AB}^i=111\) and \(M_C^i=|\psi ^-\rangle \) ), the \(Q_A^i=Q_B^i\). Else the \(Q_A^i\ne Q_B^i\). If all the \(Q_A^i=Q_B^i\), then \(Q_A=Q_B\). Once at least one data element \(Q_A^i\ne Q_B^i\), then \(Q_A\ne Q_B\). Then, two cases are shown in following Table 3.

Table 2 Relation between \(Q_A^i,Q_B^i\)’s value according to \(R_{AB}^i\) and \(M_C^i\)
Full size table
Table 3 Two cases of \(Q_A^i,Q_B^i\)’s value
Full size table

3 Security analysis

In this section, we will give the security analysis of the proposed protocol. There are two types of attack as the outside attack and dishonest participant attack. Type I: The outside eavesdropper attempts to steal two participants’ inputs X or Y. Type II: The dishonest participants and TP may try to obtain the private information.

3.1 Outside attack

For the outside eavesdropper Eve, he has many means to attack the protocol, such as the intercept-resend attack, the entanglement-measure attack, the collective attack, and the Trojan horse attack. However, the entanglement-measure attack and the collective attack will be detected with nonzero probability during the checking step. And the Trojan horse attack also can be automatically prevented due to the one-way transmission.

Moreover, the chance which would be used by Eve to steal the secret inputs by the intercept-resend attack is the transmission of \(S'_A(S'_B)\) and encrypted sequence \(R^i_A(R^i_B)\) in the preparing step and coding step, respectively. For example, we consider Eve takes the intercept-resend attack strategy on Alice as follows:

Case 1 In the preparing step

Eve first intercepts the sequence \(S'_A\) (from Charlie to Alice in preparing step (5)) and then he measures \(S'_A\) with the basis \(\{|\phi ^\pm \rangle ,|\psi ^\pm \rangle \}\) \((\{|\chi ^\pm \rangle ,|\omega ^\pm \rangle \})\). Then, a measurement result sequence \(M'_A\) is obtained by Eve. According to the measurement result \(M'_A\), Eve generates the new quantum sequence \(S''_A\) and resends it to Alice for preventing Charlie to perceive the attack. Nevertheless, Eve doesn’t know the position of the decoy single photons in \(S'_A\), he cannot abandon the decoy photos when he measures the quantum sequence \(S'_A\). Therefore, the decoy photons will destroy the correctness of the measurement results and Eve’s new quantum sequence \(S''_A\), and the sequence \(S''_A\) will quite different from \(S'_A\). Once Alice start the eavesdropping process when she received the photon sequence \(S''_A\), the attack will be easily detected since that the decoy photons have been damaged. In the coding step, the outside eavesdropper cannot get any information of X and Y from \(R_A^i\) and \(R_B^i\).

Case 2 In the decoding step

Charlie announces only one cbit F for the comparison of secret messages. From this one cbit, outside eavesdropper cannot deduce any information of X and Y. In addition, in this protocol, even if Eve gets the accurate particle pairs, he cannot get the right measurement results. According to the pre-shared sequence \((k_0,k_1,\ldots ,k_{L-1})\) through a secure QKD protocol between Alice and Bob, and they will measure the particles with different basis according to \(K=\bigoplus _{i=0}^{L-1} k_i\). Then, the right basis to chose can get the right measurement results. As Eve cannot know the pre-shared sequence between Alice and Bob, he cannot choose the right basis and get the right measurement results.

Hence, this protocol is secure against the outside attack.

3.2 Participant attack

Generally, the participants always have more opportunities and advantages to attack than an outside eavesdropper. Next, we will give three cases to analyze the possibility of the three parties to get information about X or Y, respectively.

Case 1 Alice(Bob) attempts to obtain Bob(Alice)’s secrets.

In the whole process of the protocol, Alice(Bob) doesn’t transmit any information to Bob(Alice) except K, but the pre-shared sequence K only determines the choice of the measurement basis. Therefore, Alice(Bob) cannot infer any information about Bob(Alice)’s secrets.

Case 2 Charlie attempts to obtain Alice(Bob)’s secrets.

Gao [39] points out that the setting in coding step (1) will leak Alice(or Bob)’s private information by malicious Charlie’ fake single attack. In this paper, by the pre-shared sequence K between Alice and Bob, Charlie cannot get the right measurement basis to measure the particle pairs in \(S_A(S_B)\). Then, he cannot get the right measurement results \(M_A^i(M_A^i)\) and infer Alice(Bob)’s secret inputs accurately. Moreover, the secret inputs have been divided into \(\left\lceil {N/3L}\right\rceil \), \((L=1,2,\ldots )\) groups, while each group has 3L bits. And Alice(Bob) always adds \(3L-(N\,\hbox {mod} 3L)\) 0 at the end of the N-bit binary string X(Y), so Charlie cannot know the real length of them. From above reasons, Charlie cannot obtain any information about Alice(Bob)’s secrets.

Case 3 Charlie attempts to obtain the comparison results.

Charlie only know the results \(R_{AB}^i\) and \(M_C^i\), and he cannot know the comparison principle between Alice and Bob. Due to the pre-shared sequence K, Alice and Bob get the comparison results according to Table 2. The sequence K is pre-shared by a secure QKD protocol between Alice and Bob, and Charlie has no information about it, so he cannot obtain the correct measurement results, then he cannot know the comparison results.

Hence, this protocol is secure against the participant attack.

4 Efficiency comparison

Considering the qubit efficiency, which was the percentage value between the classic bits and quantum particles in every comparison time. In this protocol, it can encode three-bit data element to three-bit stochastic codes so that three-bit secret inputs can be compared in one comparison time, and the qubit efficiency is 50%. However, the most previous protocols can only compare one or two bits in every comparison time. And the comparison results with some similar previous protocols are shown in Table 4.

Table 4 Comparison among the similar QPC protocols
Full size table

In addition, we can simply estimate the classical computations and quantum operations involved in this scheme. As the classical bit-wise exclusive-OR \(\bigoplus \) operations in the coding step and decoding step are 3L among once group comparison, the whole scheme needs \(3L*\left\lceil {N/3L}\right\rceil \) classical operations. Here, we do not consider the classical of the pre-shared sequence in coding step since that it can be calculated in the spare time. While the quantum operations, there need \(D+3L*\left\lceil {N/3L}\right\rceil \) quantum measurements operated by the three participants, where D denotes the measurement of decoy photons. Unfortunately, Ref. [32] also needs 2N unitary operations, but there is no need for that in other protocols. Then, the detail comparison results with other similar protocols are shown in Table 5.

As a conclusion, the comparison results in Table 4 and Table 5 have shown that our proposed scheme is more efficient than other protocols.

Table 5 Time complexity comparison with similar protocols
Full size table

5 Conclusion

In this paper, an efficient QPC protocol based on the entanglement swapping between the four-qubit cluster state and extended Bell state has been presented. The four-qubit cluster state \(|C_4\rangle \) is different from the 4-qubit W-state as that it is hard to destroy the entanglement by local operations. And it also has a strong violation of local reality and shows to be robust against decoherence.

Then, with the help of semi-honest TP, two participants can compare the equality of their private information without leaking them. But he only can obey the duty to perform the rules of the protocol and cannot obtain anything about the comparison results and the participants’ private information. Furthermore, with the decoy photons and pre-shared random sequence, it can detect the malicious eavesdropper Eve and forbid him stealing the actual comparison results and the secret inputs. What’s more, this protocol has proved to be safe against the outside and participants attacks. Meanwhile, the efficiency comparison shows that the proposed scheme is more efficient than similar previous protocols.