Prepare and Measure Quantum Digital Signature: Difference between revisions
Line 98: | Line 98: | ||
'''Theoretical''' | '''Theoretical''' | ||
#[https://arxiv.org/abs/1403.5551 WDKA (2015)] above example | #[https://arxiv.org/abs/1403.5551 WDKA (2015)] above example | ||
#[https://arxiv.org/abs/1309.1375 DWA (2013)] | #[https://arxiv.org/abs/1309.1375 DWA (2013)] first QDS scheme without quantum memory based on [[Coherent State Comparison]]. | ||
##'''Requires''' [[Coherent States]], authenticated quantum and classical channels, [[multiports]], [[Unambiguous State Discrimination (USD)]] (State Elimination), no symmetrisation required. | ##'''Requires''' [[Coherent States]], authenticated quantum and classical channels, [[multiports]], [[Unambiguous State Discrimination (USD)]] (State Elimination), no symmetrisation required. | ||
##'''Security:''' Information-theoretic | ##'''Security:''' Information-theoretic | ||
#[https://journals.aps.org/pra/abstract/10.1103/PhysRevA.90.042335 AL (2014)] | #[https://journals.aps.org/pra/abstract/10.1103/PhysRevA.90.042335 AL (2014)] establishes coherent state mapping of (2). Replaces SWAP Test with beam splitters. Uses [[Unambiguous State Discrimination (USD)]] (State Elimination). | ||
##'''Requires''' [[Coherent States|Phase encoded Coherent states]], [[Balanced Beam Splitters]]. | ##'''Requires''' [[Coherent States|Phase encoded Coherent states]], [[Balanced Beam Splitters]]. | ||
##No explicit security proof provided. | ##No explicit security proof provided. | ||
#[https://arxiv.org/abs/1505.07509 AWA (2015)] security proof for generalisation of [https://arxiv.org/abs/1403.5551 WDKA (2015)] and [https://arxiv.org/abs/1309.1375 DWA (2013)] to more than two recipients case. | #[https://arxiv.org/abs/1505.07509 AWA (2015)] security proof for generalisation of [https://arxiv.org/abs/1403.5551 WDKA (2015)] and [https://arxiv.org/abs/1309.1375 DWA (2013)] to more than two recipients case. | ||
#[https://www.researchgate.net/publication/280062082_Practical_Quantum_Digital_Signature YFC (2016)] | #[https://www.researchgate.net/publication/280062082_Practical_Quantum_Digital_Signature YFC (2016)] first QDS scheme without authenticated (trusted) quantum channels. Demonstrates one protocol with two implementation, two copies of single photon method and decoy state method. First uses single qubit photons in three bases; Private key: classical description of states, Public key: pair of [[non-orthogonal states]] in any two of the three bases. | ||
##'''Requires''' authenticated classical channels, [[polarisation measurement]] in three bases, [[Unambiguous State Discrimination (USD)]] (State Elimination), uses quantum correlations to check authentication. Decoy State method uses [[Coherent States|phase-randomised weak coherent states]], [[50:50 Beam Splitter (BS)]]. | ##'''Requires''' authenticated classical channels, [[polarisation measurement]] in three bases, [[Unambiguous State Discrimination (USD)]] (State Elimination), uses quantum correlations to check authentication. Decoy State method uses [[Coherent States|phase-randomised weak coherent states]], [[50:50 Beam Splitter (BS)]]. | ||
##Security: [[Information-theoretic]]. | ##Security: [[Information-theoretic]]. | ||
#[https://www.researchgate.net/publication/280034032_Secure_Quantum_Signatures_Using_Insecure_Quantum_Channels AWKA (2015)] | #[https://www.researchgate.net/publication/280034032_Secure_Quantum_Signatures_Using_Insecure_Quantum_Channels AWKA (2015)] QDS scheme without authenticated quantum channels using parameter estimation phase. Uses a Key Generations Protocol (KGP) where noise threshold for Seller-Buyer and Seller-Verifier is better than when distilling secret key from QKD. Seller sends different key to Buyer and Verifier using KGP. This anamoly is justifiable due to symmetrisation. | ||
##'''Requires''' authenticated classical channels, [[Decoy State QKD]] setup. | ##'''Requires''' authenticated classical channels, [[Decoy State QKD]] setup. | ||
##Security: [[Information-theoretic]]. | ##Security: [[Information-theoretic]]. |
Revision as of 12:40, 11 November 2018
Functionality Description
Digital Signatures (QDS) allow the exchange of classical messages from sender to multiple recipients, with a guarantee that the signature has come from a genuine sender. Additionally, it comes with the properties of (i) transferability i.e. messages with DS can be forwarded from one recipient to another such that DS is verifiable to have come from the original sender, (ii) non-repudiation i.e at any stage after sending the message to one recipient, sender cannot deny having sent the message and corresponding DS, and (iii) unforgeability i.e. a dishonest recipient cannot alter or fake the sender's DS and forward it to other recipients successfully.
Such protocols require parties to prepare and measure quantum states instantly without having to store them. For simplicity, most protocols take into account the case of one sender and two recipients (Seller, buyer and verifier) exchanging single-bit classical messages.
Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Quantum Digital Signature, Quantum Digital Signature with Quantum Memory, Measurement Device Independent Quantum Digital Signature (MDI-QDS)
Requirements
- Network Stage: Prepare and Measure
- Relevant Network Parameters:
- Benchmark values: Length of the keys(L): , Verification threshold per qubit ():, Signing threshold per qubit():, time, scalability, no. of rounds, time, distance, scalability, no. of rounds, threshold values numbers, length of the key
Use Case
Online Transactions, Signing Marksheets
Example:
Outline
Quantum Digital Signature (QDS) protocols can be separated into two stages: the distribution stage, where quantum signals (public keys) are sent to all recipients, and the messaging stage, where classical messages are signed, sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message. Distribution phase can be divided into the following steps:
- Key Distribution: Seller generates her (public key,private key) pair and shares the public key with both receivers in this step. For each possible message (0 or 1), she generates two identical sequences/copies (one for each receiver per possible message) of randomly chosen BB84 ∈ {0,1,+,−} states. The sequence of states is called quantum public key and its classical description, private key. She then sends copies of each quantum public key to the receivers while keeping both the private keys secret to herself. At the end of this step, seller has two private keys, one for each possible message. Similarly, each receiver has two quantum public keys, one for each possible message.
- State Elimination: Receivers store their classical records of the quantum public keys in this step. For each quantum public key received, a receiver randomly chooses X or Z basis for each qubit and measures. Whatever outcome he gets, the receiver is certain that seller could not have generated a state orthogonal to his outcome. So, he records the state orthogonal to his outcome as the eliminated signature element. Such measurement is called ’Quantum State Elimination’. The sequence thus generated by measurement of all the qubits in a public key is called receiver’s eliminated signature for the respective quantum public key. Thus, each receiver finally has two eliminated signatures, one for each possible message.
- Symmetrisation: The two receivers exchange half of their randomly chosen eliminated signature elements. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receivers. Thus ends the distribution phase.
Similarly, Messaging Phase is divided into the following steps:
- Signing: Seller sends desired classical one bit message and the corresponding private key to the desired receiver (called buyer). Buyer compares the private key with his eliminated signature for the corresponding message and counts the number of mismatches (eliminated signature element in seller’s private key).
- Transfer: Buyer forwards the same message and private key to the other receiver (called verifier) who compares it with his eliminated signature for this message.
Properties
- The protocol-
- involves three parties (Seller, Buyer, Verifier) exchanging one-bit classical messages.
- Requires BB84 QKD setup, authenticated quantum and classical channels
- assumes maximum number of participating parties are honest. In the present case at least two parties are honest.
- provides information-theoretic security
- provides security against repudiation, i.e. the probability that seller succeeds in making buyer and seller disagree on the validity of her sent quantum signature decays exponentially with L, as stated by the formula .
- provides security against forgery, i.e. any recipient (verifier) with high probability rejects any message which was not originally sent by the seller herself. Forging probability is given by the formula, , where is 3/8 (calculated using uncertainty principle).
Pseudo Code
- Notations Used:
- L: Length of keys used
- : Threshold value for signing
- : Threshold value for verification
- : Quantum Public key for message k
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \{\beta^k_1,...,\beta^k_L\}} : Classical Private key for classical one-bit message k
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \beta^k_l} : Classical description of qubit in
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle B^m} : Buyer's Eliminated Signature for message m
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle V^m} : Verifier's Eliminated Signature for message m
- : Buyer’s random bit to determine the measurement basis of qubit in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |\psi^k\rangle}
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle v^k_l} : Verifier’s random bit to determine the measurement basis of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle l^{th}} qubit in
- : measurement outcome of
Stage 1 Distribution
- Input L
- Output Seller: ; Buyer: ; Verifier:
- Key Distribution:
- For k = 0,1
- Seller prepares quantum public key Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle |\psi^k\rangle=\bigotimes^L_{l=1}|\beta^k_l\rangle} , where
- She sends Buyer (k,)
- She sends Verifier (k,)
- State Elimination:
- For k = 0,1
- For l = 1,2,...,L
- Buyer chooses
- If , Buyer measures his qubit in X basis
- If , Buyer measures his qubit in Z basis
- return
- Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle B^k_l=1-m_{b^k_l}}
- For l = 1,2,...,L
- Verifier repeats steps 2(a)-2(b) with randomly chosen basis to get his eliminated signature elements Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle V^k_l}
- Symmetrisation
- For k = 0,1
- Buyer chooses I
- , Buyer sends Verifier
- Verifier chooses J
- , Verifier sends Buyer Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (k,j,v^k_j,V^k_j)}
- Buyer replaces
- Verifier replaces
- For k = 0,1
Stage 2 Messaging
- Input Seller: Message m, Private Key for m:
- Output Buyer: accept or abort, Verifier: accept or abort
- Signing: ’mismatch’ is when Buyer finds an eliminated signature element in Seller’s private key
- Seller sends Buyer (m,)
- For l = 1,2,..,L
- Buyer counts the number of mismatches () and returns
- If , Buyer accepts m else he aborts
- Transfer
- Buyer sends Verifier (m,)
- For l = 1,2,....,L
- Verifier counts the number of mismatches () and returns
- If , Verifier accepts m else he aborts
Relevant Papers
Theoretical
- WDKA (2015) above example
- DWA (2013) first QDS scheme without quantum memory based on Coherent State Comparison.
- Requires Coherent States, authenticated quantum and classical channels, multiports, Unambiguous State Discrimination (USD) (State Elimination), no symmetrisation required.
- Security: Information-theoretic
- AL (2014) establishes coherent state mapping of (2). Replaces SWAP Test with beam splitters. Uses Unambiguous State Discrimination (USD) (State Elimination).
- Requires Phase encoded Coherent states, Balanced Beam Splitters.
- No explicit security proof provided.
- AWA (2015) security proof for generalisation of WDKA (2015) and DWA (2013) to more than two recipients case.
- YFC (2016) first QDS scheme without authenticated (trusted) quantum channels. Demonstrates one protocol with two implementation, two copies of single photon method and decoy state method. First uses single qubit photons in three bases; Private key: classical description of states, Public key: pair of non-orthogonal states in any two of the three bases.
- Requires authenticated classical channels, polarisation measurement in three bases, Unambiguous State Discrimination (USD) (State Elimination), uses quantum correlations to check authentication. Decoy State method uses phase-randomised weak coherent states, 50:50 Beam Splitter (BS).
- Security: Information-theoretic.
- AWKA (2015) QDS scheme without authenticated quantum channels using parameter estimation phase. Uses a Key Generations Protocol (KGP) where noise threshold for Seller-Buyer and Seller-Verifier is better than when distilling secret key from QKD. Seller sends different key to Buyer and Verifier using KGP. This anamoly is justifiable due to symmetrisation.
- Requires authenticated classical channels, Decoy State QKD setup.
- Security: Information-theoretic.
- WCRZ (2015) demonstrates sending multi-bit classical messages using AWKA (2015) or other similar protocols.
- MH (2016) security proof for generalisation of AWKA (2015) to more than two recipients case.
Experimental Papers