Blind Delegation of Quantum Digital Signature: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
(Created page with "This protocol performs the task of Quantum Digital Signature such that the Signer does not get to know the content of the message being signed. It ensures that the owner canno...")
 
Line 88: Line 88:
## The Verifier then un-blinds the message <math>M'</math> using <math>K_{AC}^k</math> to obtain the message <math>M</math>. <br/> <math> M_k = M'_k \times (K_{AC}^k)^{-1} </math>
## The Verifier then un-blinds the message <math>M'</math> using <math>K_{AC}^k</math> to obtain the message <math>M</math>. <br/> <math> M_k = M'_k \times (K_{AC}^k)^{-1} </math>
## He then checks if the determinant of <math>M</math> obtained from the signature is the same as <math>det(M)</math> obtained from the Owner. If it holds, he verifies the following equations: <br/> <math> det(S^k) = det(M'_kK_{BC}^k) = det(M'_k) \times det(T^n_p) </math> <br/> <math> = (-1)^ndet(M'_k) = (-1)^{2n}det(M_k) </math>
## He then checks if the determinant of <math>M</math> obtained from the signature is the same as <math>det(M)</math> obtained from the Owner. If it holds, he verifies the following equations: <br/> <math> det(S^k) = det(M'_kK_{BC}^k) = det(M'_k) \times det(T^n_p) </math> <br/> <math> = (-1)^ndet(M'_k) = (-1)^{2n}det(M_k) </math>
==Further Information==
<div style='text-align: right;'>''*contributed by Natansh Mathur''</div>

Revision as of 16:15, 17 April 2019

This protocol performs the task of Quantum Digital Signature such that the Signer does not get to know the content of the message being signed. It ensures that the owner cannot deny at a later stage having signed the message, a receiver cannot fake or alter the QDS and the verifier can use the above two properties to verify if the sent message is signed by the genuine sender, thus, satisfying properties of transferability, non-repudiation, and unforgeability.

Assumptions

  • Honest majority assumption: assumes that more than half the number of participating parties are honest. In the present case, at least two parties are honest.
  • It requires authenticated classical channel and insecure quantum channels.

Outline

The Blind QDS Protocol consists of 5 stages: setup, key distribution, message blinding, signing and verification. Each pair of participants share a unique key using Simon et al.'s QKD Algorithm.

Setup

There are 3 participants. The owner is the one who will transform the message into a matrix form and blind it. The signer will sign it. The verifier is the one who checks if a signature matches a message.

Key Distribution

All three pairs establish their pairwise quantum key matrices using the QKD protocol.

Message Blinding

The owner of the message now converts the message into matrix format. Then (s)he blinds the message matrix using the key shared with the verifier by multiplying the matrices. Now, (s)he encrypts the blind message with the key shared with the signer by multiplying the matrices. Finally, (s)he sends the encrypted matrix and the determinant of the blinded matrix to the signer and only the determinant of the message matrix to the verifier.

Signing

The signer creates a signature for the blinded message which means that he does not know the message matrix. He decrypts the encrypted message with his shared key to obtain the blinded message and checks its authenticity by comparing its determinant value with the received value. He then creates the signature using the blinded message and the key shared with the verifier and sends it to the verifier.

Verification

The verifier decrypts the signature using his key shared with the signer. Next, he un-blinds the blinded message using the key shared with the owner. He verifies the message matrix by comparing its determinant value with the received value.


Notations

  • : Set of quantum key matrices shared between Owner and Signer.
  • : Set of quantum key matrices shared between Signer and Verifier.
  • : Set of quantum key matrices shared between Owner and Verifier.
  • : Set of message matrices to be signed.
  • : Set of Blinded message matrices.
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M''} : Set of Blinded and Encrypted message matrices.
  • : Set of Signature matrices.
  • : Number of elements in every set.


Hardware Requirements

  • Requires Simon et al.'s QKD setup.
  • Insecure quantum and authenticated classical channels.


Properties

  • The protocol provides security against both the forgery and repudiation attacks.
  • The protocol can sign long messages and is not restricted to binary ones.
  • The protocol has the ability to detect errors due to the usage of Fibonacci, Lucas and Fibonacci-Lucas matrices.
  • The protocol uses the setup of Simon et al.'s QKD algorithm to distribute quantum keys.


Pseudo Code

Every pair of parties share different quantum key matrices , and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle K_{BC}} respectively using Simon et al.’s QKD algorithm. The key matrices , and are either Fibonacci or Lucas or Fibonacci-Lucas matrices. The protocol consists of 5 stages:

  1. Setup
    1. The owner who transforms the message into an Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} -square matrix and blinds the matrix.
    2. The signer who signs the blind message.
    3. The verifier who checks if a signature matches the message.
  2. Key Distribution
    1. Every pair uses Simon et al.'s QKD protocol to establish their pairwise key matrices Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \{K_{AB}^1, K_{AB}^2,..., K_{AB}^\alpha\} = K_{AB}} between Owner and Signer; Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \{K_{BC}^1, K_{BC}^2,..., K_{BC}^\alpha\} = K_{BC}} between Signer and Verifier; between Owner and Verifier.
  3. Message Blinding
    1. The Owner transforms the message into matrices Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (M_1, M_2,..., M_\alpha) = M} where , .
    2. The Owner blinds the message matrix using Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle K_{AC}}
    3. The Owner now encrypts the message matrix using
      Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M''_k = M'_k \times K^k_{AB} k \in \{1,2,...,\alpha\} }
    4. Finally, the Owner sends to the Signer, and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle det(M_k)} to the Verifier.
  4. Signing
    1. The Signer decrypts with the key to obtain .
      Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M'_k = M''_k \times (K_{AB}^k)^{-1} }
      where Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (K_{AB}^k)^{-1}} denotes the inverse matrix of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle K_{AB}^k} .
    2. If the determinant of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M'_k} recovered by the Signer is not equal to the value of the determinant obtained from the Owner, the Signer aborts the protocol. Otherwise, he performs the next step.
    3. He signs the blind message Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M'_k} using Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle K_{BC}^k} . The signature is
      Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle S^k = M'_k \times K_{BC}^k }
    4. He then sends the signature Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle S = \{S^1, S^2,..., S^\alpha\}} to the Verifier.
  5. Verification
    1. The Verifier decrypts the signature Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle S} using to obtain the blind message Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M'} .
    2. The Verifier then un-blinds the message using to obtain the message .
    3. He then checks if the determinant of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle M} obtained from the signature is the same as Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle det(M)} obtained from the Owner. If it holds, he verifies the following equations:
      Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle det(S^k) = det(M'_kK_{BC}^k) = det(M'_k) \times det(T^n_p) }
      Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle = (-1)^ndet(M'_k) = (-1)^{2n}det(M_k) }

Further Information

*contributed by Natansh Mathur