Authentication of Quantum Messages

Revision as of 16:48, 28 November 2021 by 137.226.108.44 (talk)

Functionality

Imagine a person sends some quantum information to another pereson over an insecure channel, where a dishonest party has access to the channel. How can it be guaranteed that in the end the receiver has the same quantum information and not something modified or replaced by the dishonest party? Authentication of quantum channels/quantum states/quantum messages provides this guarantee to the users of a quantum communication line/ channel. The sender is called the suppliant (prover) and the receiver is called the authenticator.

Note that, it is different from the functionality of digital signatures, a multi-party (more than two) protocol, which comes with additional properties (non-repudiation, unforgeability and transferability). Authenticating quantum states is possible, but signing quantum states is impossible, as concluded in (1). Also, unlike classical message authentication, quantum message authentication requires encryption. However, classical messages can be publicly readable (not encrypted) and yet authenticated.


Tags: Two Party Protocol, Quantum Digital Signature, Quantum Functionality, Specific Task, Building Block

Use Case

  • No classical analogue

Protocols

Non-interactive Protocols:

Interactive Protocols:

  • tbd

Properties

  • Any scheme, which authenticates quantum messages must also encrypt them (1).
  • Definition: Quantum Authentication Scheme (QAS)
    A quantum authentication scheme (QAS) consists of a suppliant  , an authenticator   and a set of classical keys  .   and   are each polynomial time quantum algorithms. The following is fullfilled:
  1.   takes as input an  -qubit message system   and a key   and outputs a transmitted system   of   qubits.
  2.   takes as input the (possibly altered) transmitted system   and a classical key   and outputs two systems: a  -qubit message state  , and a single qubit   which indicates acceptance or rejection. The classical basis states of   are called   by convention.
    For any fixed key  , we denote the corresponding super-operators by   and  .
  • Definition: Security of a QAS
    For non-interactive protocols, a QAS is secure with error   if it is complete for all states   and has a soundness error   for all states  . The latter is the case (for a specific state  ) if:
  1. Completeness:  
    This means if no adversary has acted on the encoded quantum message  , the quantum information received by   is the same initially sent by   and the single qubit   is in state  . To this end, we assume that the channel between   and   is noiseless if no adversary intervention appeared.
  2. Soundness: For all super-operators  , let   be the state output by   when the adversary’s intervention is characterized by  , that is:
     

    Here,   means the expectation when   is chosen uniformly at random from   The QAS then has a soundness error   for   if
     

    where   is the projector
     

Further Information

  1. Barnum et al (2002) First protocol on authentication of quantum messages. It is also used later for verification of quantum computation in Interactive Proofs for Quantum Computation. Protocol file for this article is given as the Polynomial Code based Quantum Authentication
contributed by Shraddha Singh and Isabel Nha Minh Le