Prepare and Measure Quantum Digital Signature: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 8: Line 8:
  '''Tags:''' [[Multi Party Protocols|Multi Party (three)]], [[Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]], [[Specific Task|Specific Task]], [[Measurement Device Independent Quantum Digital Signature|Measurement Device Independent Quantum Digital Signature (MDI-QDS)]]
  '''Tags:''' [[Multi Party Protocols|Multi Party (three)]], [[Quantum Enhanced Classical Functionality|Quantum Enhanced Classical Functionality]], [[Specific Task|Specific Task]], [[Measurement Device Independent Quantum Digital Signature|Measurement Device Independent Quantum Digital Signature (MDI-QDS)]]
== Example:==  
== Example:==  
Following is an example is based on the protocol [https://arxiv.org/abs/1403.5551  Quantum Digital Signatures with Quantum Key Distribution Components]
Following is an example based on the protocol [https://arxiv.org/abs/1403.5551  Quantum Digital Signatures with Quantum Key Distribution Components]
===Outline===
===Outline===
----
----

Revision as of 16:47, 22 October 2018

Functionality Description

Digital Signatures (DS) allow for the exchange of classical messages from sender to multiple recipients, with a guarantee that the signature has come from a genuine sender. Additionally, it comes with the properties of transferability, i.e. messages with DS can be forwarded from one recipient to another such that DS is verifiable to have come from the original sender, and non-repudiation, i.e at any stage after sending the message to one recipient, sender cannot deny having sent the message and corresponding DS. The lowest network stage at which this functionality can be achieved is Prepare and Send Quantum Network.

Use Case

Online Transactions, Signing Marksheets

Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Measurement Device Independent Quantum Digital Signature (MDI-QDS)

Example:

Following is an example based on the protocol Quantum Digital Signatures with Quantum Key Distribution Components

Outline


Quantum Digital Signature (QDS) protocols can be separated into two stages: the distribution stage, where quantum public keys are sent to all recipients, and the messaging stage, where classical messages are sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message. Following protocol requires Client to prepare and send quantum public keys to the buyer and verifier, hence the name, Prepare and Send QDS. Distribution phase can be divided into the following steps:

  • Key Distribution: Seller generates her (public key,private key) pair and shares the public key with both receivers in this step. For each possible message (0 or 1), she generates two identical sequences/copies (one for each receiver per possible message) of randomly chosen BB84 ∈ {0,1,+,−} states. The sequence of states is called quantum public key and its classical description, private key. She then sends copies of each quantum public key to the receivers while keeping both the private keys secret to herself. At the end of this step, seller has two private keys, one for each possible message. Similarly, each receiver has two quantum public keys, one for each possible message.
  • State Elimination: Receivers store their classical records of the quantum public keys in this step. For each quantum public key received, a receiver randomly chooses X or Z basis for each qubit and measures. Whatever outcome he gets, the receiver is certain that seller could not have generated a state orthogonal to his outcome. So, he records the state orthogonal to his outcome as the eliminated signature element. Such measurement is called ’Quantum State Elimination’. The sequence thus generated by measurement of all the qubits in a public key is called receiver’s eliminated signature for the respective quantum public key. Thus, each receiver finally has two eliminated signatures, one for each possible message.
  • Symmetrisation: The two receivers exchange half of their randomly chosen eliminated signature elements. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receivers. Thus ends the distribution phase.

Similarly, Messaging Phase is divided into the following steps:

  • Signing: Seller sends desired message and the corresponding private key to the desired receiver (called buyer). Buyer compares the private key with his eliminated signature for the corresponding message and counts the number of mismatches (eliminated signature element in seller’s private key).
  • Transfer: Buyer forwards the same message and private key to the other receiver (called verifier) who compares it with his eliminated signature for this message.
Figure

Requirements


  • Key Distribution length of keys (L, a security parameter), authenticated quantum channel
  • State Elimination measurement devices
  • Symmetrisation authenticated classical channel
  • Signing authentication threshold per qubit, authenticated classical channel
  • Verification verification threshold per qubit

Properties


  • The protocol requires no quantum memory.
  • The protocol belongs to the First Network Stage: Prepare and Send Quantum Network
  • The protocol assumes maximum number of participating parties are honest. In the present case at least two parties are honest.
  • The protocol provides security against repudiation, i.e. the probability that seller succeeds in making buyer and seller disagree on the validity of her sent quantum signature decays exponentially with L, as stated by the formula .
  • The protocol provides security against forgery, i.e. any recipient (verifier) with high probability rejects any message which was not originally sent by the seller herself. Forging probability is given by the formula, , where Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle c_{min}} is the minimum possible rate at which buyer declares a single signature element which has been eliminated by the verifier.

Pseudo Code


  • Notations
    • : Quantum Public key for message k
    • : Classical Private key for classical one-bit message k
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \beta^k_l} : the classical description of qubit in
    • : Buyer's Eliminated Signature for message m
    • : Verifier's Eliminated Signature for message m
    • : Buyer’s random bit to determine the measurement basis of qubit in
    • : Verifier’s random bit to determine the measurement basis of qubit in
    • : measurement outcome of

Stage 1 Distribution

  • Input L
  • Output Seller: ; Buyer: ; Verifier:
    • Key Distribution:
  1. For k = 0,1
    1. Seller prepares quantum public key , where
    2. She sends Buyer (k,)
    3. She sends Verifier (k,)
    • State Elimination:
  1. For k = 0,1
    1. For l = 1,2,...,L
      1. Buyer chooses
      2. If , Buyer measures his qubit in X basis
      3. If , Buyer measures his qubit in Z basis
      4. return
    • Verifier repeats steps 2(a)-2(b) with randomly chosen basis to get his eliminated signature elements
    • Symmetrisation
    1. For k = 0,1
      1. Buyer chooses I
      2. , Buyer sends Verifier
      3. Verifier chooses J
      4. , Verifier sends Buyer
      5. Buyer replaces
      6. Verifier replaces

Stage 2 Messaging

  • Input Seller: Message m, Private Key for m:
  • Output Buyer: accept or abort, Verifier: accept or abort
    • Signing: ’mismatch’ is when Buyer finds an eliminated signature element in Seller’s private key
  1. Seller sends Buyer (m,)
  2. For l = 1,2,..,L
    1. Buyer counts the number of mismatches () and returns
  3. If , Buyer accepts m else he aborts
    • Transfer
  1. Buyer sends Verifier (m,)
  2. For l = 1,2,....,L
    1. Verifier counts the number of mismatches () and returns
  3. If , Verifier accepts m else he aborts

Relevant Papers

  1. GC-QDS Uses quantum one way function f(); Private keys: classical input x, Public keys: quantum output f(x). Requires security parameter L, quantum memory, quantum one way function, authenticated quantum channels, threshold values for message authentication and verification such that , SWAP Test (universal quantum computer). The protocol can be implemented at the Third Network Stage (Quantum Memory)