Write, autoreview, editor, reviewer
3,129
edits
Gottesman and Chuang Quantum Digital Signature: Difference between revisions
Gottesman and Chuang Quantum Digital Signature (edit)
Revision as of 08:40, 28 May 2019
, 28 May 2019→Properties
| Line 18: | Line 18: | ||
*Only limited (T) distribution of public keys should be allowed, such that <math>T < L/n</math>, where quantum public key is an 'n' qubit state and L is the length of classical bit string. | *Only limited (T) distribution of public keys should be allowed, such that <math>T < L/n</math>, where quantum public key is an 'n' qubit state and L is the length of classical bit string. | ||
* Unlike some classical information-theoretic (unconditional security) schemes which require secure anonymous broadcast channel or noisy channel, which are hard to achieve resources, the quantum scheme provides information-theoretic security by only demanding plausible quantum channels and modest interaction between parties involved. | * Unlike some classical information-theoretic (unconditional security) schemes which require secure anonymous broadcast channel or noisy channel, which are hard to achieve resources, the quantum scheme provides information-theoretic security by only demanding plausible quantum channels and modest interaction between parties involved. | ||
* The scheme is secure against forgery if <math>(1-\delta^2)(M-G)>c_2M</math>, where <math>\delta</math> depends on | * The scheme is secure against forgery if <math>(1-\delta^2)(M-G)>c_2M</math>, where <math>\delta</math> depends on public keys and hence, on quantum one way functions; M is the number of private keys chosen for each message bit; <math>G=2^{-(L-Tn)}2M</math>, and c_2 is the threshold for rejection. | ||
== Requirements == | == Requirements == | ||