Arbitrated Quantum Digital Signature: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 12: Line 12:
==Outline==
==Outline==


Like other QDS protocols, it is divided into two phases: Distribution and Messaging. This scheme is presented between seller (one who signs the message), buyer (one whom the signed message is sent) and PKG (generates and distributes public-private key for seller) and a buyer.</br> Distribution includes the generation of public ad private keys as follows  
Like other QDS protocols, it is divided into two phases: Distribution and Messaging. This scheme is presented between the seller (one who signs the message), the buyer (one whom the signed message is sent) and PKG (generates and distributes public-private key for the seller) and a buyer</br>. Distribution includes the generation of public and private keys as follows  
* '''Key Generation''': In this step, PKG generates derives the public key of the seller and generates a private key which is secretly sent to Seller over insecure classical channel.  
* '''Key Generation''': In this step, PKG generates the public key of the seller and generates a private key which is secretly sent to Seller over the insecure classical channel.  
**Seller's public key is derived from her personal information such as her email-id over a public channel. A one way function is chosen by PKG randomly and secretly (known as master key), which uses the classical public key as its input.  
**Seller's public key is derived from her personal information such as her email-id over a public channel. A one-way function is chosen by PKG randomly and secretly (known as the master key), which uses the classical public key as its input.  
**A random OTP of the same length as the function outcome (random key), is used to convert it (the outcome) into seller's private key by performing bit-wise modulo 2 sum (exclusive OR gate).  
**A random OTP of the same length as the outcome of the function (random key), is used to convert it (the outcome) into seller's private key by performing bit-wise modulo 2 sum (exclusive OR gate).  
**The quantum pre-shared common key (assumption) is then used to one-time pad the private key via [[Arbitrated Quantum Digital Signature#References|Quantum Vernam Cipher (1), (2)]]. The one-time padded cipher-text is then communicated to seller (over insecure channel).  
**The quantum pre-shared common key (assumption) is then used to one-time pad the private key via [[Arbitrated Quantum Digital Signature#References|Quantum Vernam Cipher (1), (2)]]. The one-time padded cipher-text is then communicated to the seller (over the insecure channel).  
**Seller un-pads the cipher-text to obtain the private key using the pre-shared common key. Hence, in the end, everyone knows seller's public key and, only PKG and seller know her private key.  
**Seller un-pads the cipher-text to obtain the private key using the pre-shared common key. Hence, in the end, everyone knows the seller's public key and, only PKG and seller know her private key.  
Messaging comprises of the following steps
Messaging comprises of the following steps
* '''Signing''': In this step, the seller generates a signature quantum state using the message she wants to send, her public key and private key. The seller selects a quantum one way function publicly to generate a quantum digest (directory) using these classical inputs. Seller repeats each step for each message bit.
* '''Signing''': In this step, the seller generates a signature quantum state using the message she wants to send, her public key and private key. The seller selects a quantum one-way function publicly to generate a quantum digest (directory) using these classical inputs. Seller repeats each step for each message bit.
** Seller selects two random strings and generates a quantum state of the message using these random strings to operate a Unitary gate and [[Glossary#Quantum Gates|Hadamard Transform]] on a null/vacuum state (see [[Arbitrated Quantum Digital Signature#Pseudo Code|Pseudo Code]] for operations)
** Seller selects two random strings and generates a quantum state of the message using these random strings to operate a Unitary gate and [[Glossary#Quantum Gates|Hadamard Transform]] on a null/vacuum state (see [[Arbitrated Quantum Digital Signature#Pseudo Code|Pseudo Code]] for operations)
** The public and the private key are used to perform Hadamard transformation on the state produced in the previous step in order to generate the signature quantum state.
** The public and the private key are used to perform Hadamard transformation on the state produced in the previous step in order to generate the signature quantum state.
** The Seller then performs some operation using her private key and measures the quantum state. It can be shown the states were on of the BB84 states and hence, can have one of the two possible bases ([[Glossary#Quantum States|X basis,Z basis or + basis,x basis]]) and four possible states. She records the basis and classical bit representing the state obtained.  
** The Seller then performs some operation using her private key and measures the quantum state. It can be shown the states were one of the BB84 states and hence, can have one of the two possible bases ([[Glossary#Quantum States|X basis, Z basis or + basis,x basis]]) and four possible states. She records the basis and classical bit representing the state obtained.  
**Seller then concatenates these classical bits, the two random string bits, and a timestamp unique to the signature. The concatenated classical string is used as the input of publicly chosen QOWF, to get the output called 'quantum digest'. She produces some copies of quantum digest depending on the number of recipients.   
**Seller then concatenates these classical bits, the two random string bits, and a timestamp unique to the signature. The concatenated classical string is used as the input of publicly chosen QOWF, to get the output called 'quantum digest'. She produces some copies of quantum digest depending on the number of recipients.   
**Seller then encrypts the timestamp and quantum output of QOWF with pre-shared common key via quantum vernam cipher. PKG unpads these and publicly announces for buyer's verification step.  
**Seller then encrypts the timestamp and quantum output of QOWF with pre-shared common key via quantum vernam cipher. PKG unpads these and publicly announces for buyer's verification step.  
** Sellers sends the signature to the buyer which includes the signature quantum state, message, timestamp and basis states.
** Sellers sends the signature to the buyer which includes the signature quantum state, message, timestamp and basis states.


* '''Verification''': In this method, the verifier checks the authenticity of the signature (whether the message has coe from a genuine seller).
* '''Verification''': In this method, the verifier checks the authenticity of the signature (whether the message has come from a genuine seller).
** The verifier performs some quantum gates using seller's public key and message on the signature quantum state.
** The verifier performs some quantum gates using seller's public key and message on the signature quantum state.
**  
**  
** One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one way function.
** One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one-way function.
** Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
** Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
** If the test is passed the message from the Signer would be valid otherwise it is rejected.
** If the test is passed the message from the Signer would be valid otherwise it is rejected.

Revision as of 14:54, 7 June 2019

This example protocol provides a quantum digital signature scheme where the public (known to all) and private (secret key preserved with the seller) keys are classical in nature, however the signature has a quantum nature. This is based directly on public-key cryptography where the seller's identity is used to generate the public-key and one-time pad generates the private key.

Tags: Quantum Digital Signature, Public key cryptography, Specific Task, Multi Party

Assumptions

  • The protocol assumes perfect state preparation, transmissions, and measurements.
  • Private-key generation (PKG) is a trusted third party, arbitrator.
  • In the signing process, the quantum one-way function used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.
  • Seller and PKG are assumed to have a pre-shared quantum key (say, using QKD)

Outline

Like other QDS protocols, it is divided into two phases: Distribution and Messaging. This scheme is presented between the seller (one who signs the message), the buyer (one whom the signed message is sent) and PKG (generates and distributes public-private key for the seller) and a buyer
. Distribution includes the generation of public and private keys as follows

  • Key Generation: In this step, PKG generates the public key of the seller and generates a private key which is secretly sent to Seller over the insecure classical channel.
    • Seller's public key is derived from her personal information such as her email-id over a public channel. A one-way function is chosen by PKG randomly and secretly (known as the master key), which uses the classical public key as its input.
    • A random OTP of the same length as the outcome of the function (random key), is used to convert it (the outcome) into seller's private key by performing bit-wise modulo 2 sum (exclusive OR gate).
    • The quantum pre-shared common key (assumption) is then used to one-time pad the private key via Quantum Vernam Cipher (1), (2). The one-time padded cipher-text is then communicated to the seller (over the insecure channel).
    • Seller un-pads the cipher-text to obtain the private key using the pre-shared common key. Hence, in the end, everyone knows the seller's public key and, only PKG and seller know her private key.

Messaging comprises of the following steps

  • Signing: In this step, the seller generates a signature quantum state using the message she wants to send, her public key and private key. The seller selects a quantum one-way function publicly to generate a quantum digest (directory) using these classical inputs. Seller repeats each step for each message bit.
    • Seller selects two random strings and generates a quantum state of the message using these random strings to operate a Unitary gate and Hadamard Transform on a null/vacuum state (see Pseudo Code for operations)
    • The public and the private key are used to perform Hadamard transformation on the state produced in the previous step in order to generate the signature quantum state.
    • The Seller then performs some operation using her private key and measures the quantum state. It can be shown the states were one of the BB84 states and hence, can have one of the two possible bases (X basis, Z basis or + basis,x basis) and four possible states. She records the basis and classical bit representing the state obtained.
    • Seller then concatenates these classical bits, the two random string bits, and a timestamp unique to the signature. The concatenated classical string is used as the input of publicly chosen QOWF, to get the output called 'quantum digest'. She produces some copies of quantum digest depending on the number of recipients.
    • Seller then encrypts the timestamp and quantum output of QOWF with pre-shared common key via quantum vernam cipher. PKG unpads these and publicly announces for buyer's verification step.
    • Sellers sends the signature to the buyer which includes the signature quantum state, message, timestamp and basis states.
  • Verification: In this method, the verifier checks the authenticity of the signature (whether the message has come from a genuine seller).
    • The verifier performs some quantum gates using seller's public key and message on the signature quantum state.
    • One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one-way function.
    • Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
    • If the test is passed the message from the Signer would be valid otherwise it is rejected.

Notation

  • : Total number of qubits of message.
  • : Signer's public key, where .
  • : Signer's private, where .
  • : Random OTP number selected by PKG to denote each of Signer's signatures, where .
  • : Shared key between the Signer and PKG where .
  • : Quantum Vernam cipher encrypted state which uses .
  • : PKG's master key which is a one way function where .
  • : Public quantum one way function selected by Signer to generate quantum digest.
  • : Message sent by Signer to the Verifier, where .
  • : Random string of uniform distribution selected by the Signer, where .
  • : Random string of uniform distribution selected by the Signer, where .
  • : Quantum state which is defined by

  • : Quantum state which is defined by

  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |S\rangle_{k_{pri},m}} : Signature quantum state for message $m$ which is the quantum state

  • : Private key quantum state where and it is the quantum state:

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |P\rangle := H^{k_{pri}}|\phi\rangle_{s, t\oplus m}}

  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle P} : Classical 2n-bit for -qubit where Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |+\rangle} is encoded to 10, to 11, to 00 and is encoded to 01.
  • : This is the set of the basis of each qubit state in .

  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |F\rangle} : Quantum digital digest received by PKG.
  • : Quantum digital digest generated by Verifier.
  • : The most number of verifiers in this scheme.
  • : Safety parameter threshold for acceptance.
  • : Security threshold decided in advance.
  • : Number of times SWAP test is performed.
  • : A quantum state, where

This state is also expressed as where

  • : Result of Verifier's measurement of .
  • : Classical bit string denoted as . It is proven that .
  • : , where .

Hardware Requirements

  • The total number of qubits used in this protocol is equal to the total number of qubits in the message.
  • Secure quantum channel between Signer and Verifier
  • Quantum channel between Signer and PKG
  • Private database for both Signer and PKG
  • Measurement devices for the Verifier.

Properties

  • The protocol assumes the PKG to be a trusted party.
  • This protocol cannot be broken even if the adversary had unlimited computing power.
  • In this protocol, it is proven that no adversary can break the secrecy of the Signer's signature private key.
  • The quantum digital signature produces in this protocol is impossible to repudiate and cannot be forged in any condition.
  • In the protocol the public and the private key belong to the classical bits, only the signature cipher has quantum nature.
  • No Certificate Authority is required to manage digital public-key certificate of Signers.
  • If , the measuring result occurs with probability 1, otherwise it occurs with probability . Hence, when repeated for times, the probability of equality is at least 1-.

Pseudocode

Stage 1: Key Generation
Output: Signer receives from the PKG.

  • is generated on the basis of Signer's public identity information like email or person ID-card.
  • PKG aquires through open channels.
  • PKG selects randomly as its master key.
  • PKG selects randomly.
  • PKG calculates as
  • PKG uses to encrypt and transmits to Signer.
  • Signer decrypts using and receives .

Stage 2: Signature
Output: PKG receives the quantum digest and the Verifier receives the Signature from the Signer.

  • Signer wants to sign the message .
  • Signer selects and .
  • For :
    • Signer generates the state , which is:
  • For :
    • Signer generates the Signature quantum state , which is
  • For :
    • Signer generates the private key quantum state , which is
    • The classical is calculated based on .
    • The basis set is formed by Signer is:
  • For : Different copies of the quantum digital digest state is prepared.
    • For :
  1. The quantum digital digest state is prepared by Signer, where:


  • Signer encrypts using quantum Vernam cipher and sends to PKG.
  • PKG decrypts using and gets .
  • PKG announces publicly that the quantum digest is ready.
  • Signer transmits to Verifier, which is the signature.

Stage 3: Verification
Output: is considered valid or is rejected by the Verifier.

  • Verifier receives from open channels.
  • Verifier generates the state .
  • For :
    • Verifier measure the state according to the basis (diagonal or horizontal) in .
    • The result of the measurement is recorded as , which is converted to .
  • is inferred by the Verifier using
  • Verifier gains from PKG.
  • For :
    • Verifier generates using by the calculation
    • Verifier gains from PKG.
    • Verifier performs SWAP test between and .
  • If and measurement result everytime = :
    • Verifier counts the message as valid.
  • else:
    • is rejected by the Verifier.

Further Information

Like most other classical digital signature schemes which provide unconditional security, this scheme also requires a trusted arbitrator who distributes public key to the recipients.

References

  1. BR (2000)
  2. Zhou et al. (2006)
*contributed by Rhea Parekh