Gottesman and Chuang Quantum Digital Signature: Difference between revisions

Line 21: Line 21:
* Unlike some classical information-theoretic (unconditional security) schemes which require secure anonymous broadcast channel or noisy channel, which are hard to achieve resources, the quantum scheme provides information-theoretic security by only demanding plausible quantum channels and modest interaction between parties involved.
* Unlike some classical information-theoretic (unconditional security) schemes which require secure anonymous broadcast channel or noisy channel, which are hard to achieve resources, the quantum scheme provides information-theoretic security by only demanding plausible quantum channels and modest interaction between parties involved.
* The scheme is secure against forgery if <math>(1-\delta^2)(M-G)>c_2M</math>, where <math>\delta</math> depends on public keys and hence, on quantum one way functions; M is the number of private keys chosen for each message bit; <math>G=2^{-(L-Tn)}2M</math>, and c_2 is the threshold for rejection.
* The scheme is secure against forgery if <math>(1-\delta^2)(M-G)>c_2M</math>, where <math>\delta</math> depends on public keys and hence, on quantum one way functions; M is the number of private keys chosen for each message bit; <math>G=2^{-(L-Tn)}2M</math>, and c_2 is the threshold for rejection.
* The Sender can successfully repudiate by probability <math>\tilde O(d^{-M})</math>, for some <math>d>1</math>
* The Sender can successfully repudiate by probability <math>\approx O(d^{-M})</math>, for some <math>d>1</math>


== Requirements ==
== Requirements ==
Write, autoreview, editor, reviewer
3,129

edits