Arbitrated Quantum Digital Signature: Difference between revisions

no edit summary
No edit summary
Line 9: Line 9:
* In the signing process, the [[Glossary#Quantum One Way Function|quantum one-way function]] used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.
* In the signing process, the [[Glossary#Quantum One Way Function|quantum one-way function]] used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.
* Seller and PKG are assumed to have a pre-shared quantum key (say, using [[Quantum Key Distribution|QKD]])
* Seller and PKG are assumed to have a pre-shared quantum key (say, using [[Quantum Key Distribution|QKD]])
* Secure quantum channel between seller and buyer is assumed


==Outline==
==Outline==
Line 23: Line 24:
** The public and the private key are used to perform Hadamard transformation on the state produced in the previous step in order to generate the signature quantum state.
** The public and the private key are used to perform Hadamard transformation on the state produced in the previous step in order to generate the signature quantum state.
** The Seller then performs some operation using her private key and measures the quantum state. It can be shown the states were one of the BB84 states and hence, can have one of the two possible bases ([[Glossary#Quantum States|X basis, Z basis or + basis,x basis]]) and four possible states. She records the basis and classical bit representing the state obtained.  
** The Seller then performs some operation using her private key and measures the quantum state. It can be shown the states were one of the BB84 states and hence, can have one of the two possible bases ([[Glossary#Quantum States|X basis, Z basis or + basis,x basis]]) and four possible states. She records the basis and classical bit representing the state obtained.  
**Seller then concatenates these classical bits, the two random string bits, and a timestamp unique to the signature. The concatenated classical string is used as the input of publicly chosen QOWF, to get the output called 'quantum digest'. She produces some copies of quantum digest depending on the number of recipients.   
**Seller then concatenates these classical bits, the two random string bits, and a timestamp unique to the signature. The concatenated classical string is used as the input of publicly chosen QOWF, to get the output called 'quantum digest'. She produces some copies of quantum digest for each recipient (buyer).   
**Seller then encrypts the timestamp and quantum output of QOWF with pre-shared common key via quantum vernam cipher. PKG unpads these and publicly announces for buyer's verification step.  
**Seller then encrypts the timestamp and quantum output of QOWF with pre-shared common key via quantum vernam cipher. PKG unpads these and publicly announces for buyer's verification step.  
** Sellers sends the signature to the buyer which includes the signature quantum state, message, timestamp and basis states.
** Sellers sends the signature to the buyer which includes the signature quantum state, message, timestamp and basis states.


* '''Verification''': In this method, the verifier checks the authenticity of the signature (whether the message has come from a genuine seller).
* '''Verification''': In this method, buyer checks the authenticity of the signature (whether the message has come from a genuine seller).
** The verifier performs some quantum gates using seller's public key and message on the signature quantum state.
** The buyer performs some quantum gates on the signature quantum state, using seller's public key and message. He measures the resulting quantum state, using basis states for each qubit sent in the signature. The result thus, obtained is represnted by a classical string, in the same way as done by seller.
**  
**The result should reveal the random string used by seller and hence, buyer can also generate the same number of copies of the quantum digest using the publicly known QOWF.
** One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one-way function.
**Buyer, thus, compares his outputs of QOWF with the ones sent by the seller using [[quantum SWAP Test]]. If the number of matches is greater than the accepted/decided threshold value, the signature is accepted else it is rejected.  
** Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
** If the test is passed the message from the Signer would be valid otherwise it is rejected.


==Notation==
==Notation==
Line 71: Line 70:


==Hardware Requirements==
==Hardware Requirements==
*'''Network Stage''':[[:Category:Quantum Memory Network Stage|Prepare and Measure]][[Category:Quantum Memory Network Stage]]
*The total number of qubits used in this protocol is equal to the total number of qubits in the message.
*The total number of qubits used in this protocol is equal to the total number of qubits in the message.
* Secure quantum channel between Signer and Verifier
* Secure quantum channel between seller and buyer
* Quantum channel between Signer and PKG
* Private database for both Signer and PKG
* Measurement devices for the Verifier.


==Properties==
==Properties==
* The protocol assumes the PKG to be a trusted party.
* This protocol cannot be broken even if the adversary had unlimited computing power.
* This protocol cannot be broken even if the adversary had unlimited computing power.
* In this protocol, it is proven that no adversary can break the secrecy of the Signer's signature private key.
* In this protocol, it is proven that no adversary can break the secrecy of the seller's signature private key.
* The quantum digital signature produces in this protocol is impossible to repudiate and cannot be forged in any condition.
* The quantum digital signature produced in this protocol is impossible to repudiate and cannot be forged in any condition.
* In the protocol the public and the private key belong to the classical bits, only the signature cipher has quantum nature.
* In the protocol the public and the private key belong to the classical bits, only the signature cipher has quantum nature.
* No Certificate Authority is required to manage digital public-key certificate of Signers.
* No Certificate Authority is required to manage digital public-key certificate of sellers.
* If  <math>|F\rangle = |F\rangle'</math>, the measuring result <math>|0\rangle</math> occurs with probability 1, otherwise it occurs with probability <math>\frac{1+\delta^2}{2}</math>. Hence, when repeated for <math>w</math> times, the probability of equality is at least 1-<math>(\frac{1+\delta^2}{2})^w</math>.
* If  <math>|F\rangle = |F\rangle'</math>, the measuring result <math>|0\rangle</math> occurs with probability 1, otherwise it occurs with probability <math>\frac{1+\delta^2}{2}</math>. Hence, when repeated for <math>w</math> times, the probability of equality is at least 1-<math>(\frac{1+\delta^2}{2})^w</math>.


Line 90: Line 86:
'''Output''': Signer receives <math>k_{pri}</math> from the PKG.
'''Output''': Signer receives <math>k_{pri}</math> from the PKG.


* <math>k_{pub}</math> is generated on the basis of Signer's public identity information like email or person ID-card.
* <math>k_{pub}</math> is generated on the basis of Seller's public identity information like email or person ID-card.
* PKG aquires <math>k_{pub}</math> through open channels.
* PKG aquires <math>k_{pub}</math> through open channels.
* PKG selects <math>G</math> randomly as its master key.
* PKG selects <math>G</math> randomly as its master key.
Line 148: Line 144:


==Further Information==
==Further Information==
Like most other classical digital signature schemes which provide unconditional security, this scheme also requires a trusted arbitrator who distributes public key to the recipients.
Like most other classical digital signature schemes which provide unconditional security, this scheme also requires a trusted arbitrator who distributes public key to the recipients. This protocol was preceded by a few other protocols which use an arbitrator to establish quantum digital signatures, which used entangled states.
==References==
==References==
#[https://arxiv.org/abs/quant-ph/0003059 BR (2000)]
#[https://arxiv.org/abs/quant-ph/0003059 BR (2000)]
#[https://www.sciencedirect.com/science/article/pii/S0378437106010119 Zhou et al. (2006)]
#[https://www.sciencedirect.com/science/article/pii/S0378437106010119 Zhou et al. (2006)]
<div style='text-align: right;'>''*contributed by Rhea Parekh''</div>
<div style='text-align: right;'>''*contributed by Rhea Parekh''</div>
Write, autoreview, editor, reviewer
3,129

edits