Polynomial Code based Quantum Authentication: Difference between revisions
Polynomial Code based Quantum Authentication (edit)
Revision as of 18:24, 8 December 2021
, 8 December 2021no edit summary
No edit summary |
|||
Line 1: | Line 1: | ||
The [https://arxiv.org/pdf/quant-ph/0205128.pdf | The paper [https://arxiv.org/pdf/quant-ph/0205128.pdf Authentication of Quantum Messages by Barnum et al.] provides a non-interactive scheme for the sender to encrypt as well as [[Authentication of Quantum Messages|authenticate quantum messages]]. It was the first protocol designed to achieve the task of authentication for quantum states, i.e. it gives the guarantee that the message sent by a party (suppliant) over a communication line is received by a party on the other end (authenticator) as it is and, has not been tampered with or modified by the dishonest party (eavesdropper). | ||
'''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]] | '''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]] | ||
==Assumptions== | ==Assumptions== | ||
*The sender and the receiver share a private | *The sender and the receiver share a private, classical random key drawn from a probability distribution | ||
==Notations== | ==Notations== | ||
*<math>\mathcal{S}</math>: suppliant (sender) | |||
*<math>\mathcal{A}</math>: authenticator (prover) | |||
*<math>\rho</math>: quantum message to be sent | |||
*<math>m</math>: number of qubits in the message <math>\rho</math> | |||
*<math>\{Q_k\}</math>: [[Stabilizer Purity Testing Code | stabilizer purity testing code]], each stabilizer code is identified by index <math>k</math> | |||
*<math>n</math>: number of qubits used to encode the message with <math>\{Q_k\}</math> | |||
*<math>x</math>: random binary <math>2m</math>-bit key | |||
*<math>s</math>: security parameter | *<math>s</math>: security parameter | ||
==Properties== | ==Properties== | ||
*For | *For a <math>m</math>-qubit message, the protocol requires <math>m+s</math> qubits to encode the quantum message. | ||
*The protocol requires a private key of size <math>2m+O(s)</math>. | |||
==Protocol Description== | ==Protocol Description== | ||
*'''''Preprocessing:''''' <math>\mathcal{S}</math> and <math>\mathcal{A}</math> agree on some [[Stabilizer Purity Testing Code | stabilizer purity testing code]] <math>\{Q_k\}</math> and some private and random binary strings <math>k, x, y</math>. | |||
**<math>k</math> is used to choose a random stabilizer code <math>Q_k</math> | |||
**<math>x</math> is a <math>2m</math>-bit random key used for q-encryption | |||
**<math>y</math> is a random syndrome | |||
*'''''Encryption and encoding:''''' | |||
#<math>\mathcal{S}</math> q-encrypts the <math>m</math>-qubit original message <math>\rho</math> as <math>\tau</math> using the classical key <math>x</math> and a [[Quantum One-Time Pad | quantum one-time pad]]. This encryption is given by <math>\tau = \sigma_x^{\vec{t}_1}\sigma_z^{\vec{t}_2}\rho\sigma_z^{\vec{1}_1}\sigma_x^{\vec{t}_1}</math>, where <math>\vec{t}_1</math> and <math>\vec{t}_2</math> are <math>m</math>-bit vectors and given by the random binary key <math>x</math>. | |||
#<math>\mathcal{S}</math> then encodes <math>\tau</math> according to <math>Q_k</math> with syndrome <math>y</math>, which results in the <math>n</math>-qubit state <math>\sigma</math>. This means <math>\mathcal{S}</math> encodes <math>\rho</math> in <math>n</math> qubits using <math>Q_k</math>, and then "applies" errors according to the random syndrome. | |||
#<math>\mathcal{S}</math> sends <math>\sigma</math> to <math>\mathcal{A}</math>. | |||
*'''''Decoding and decryption:''''' | |||
#<math>\mathcal{A}</math> receives the <math>n</math> qubits, whose state is denoted by <math>\sigma^\prime</math>. | |||
#<math>\mathcal{A}</math> measures the syndrome <math>y^\prime</math> of the code <math>Q_k</math> on his <math>n</math> qubits in state <math>\sigma^\prime</math>. | |||
#<math>\mathcal{A}</math> compares the syndromes <math>y</math> and <math>y^\prime</math> and aborts the process if they are different. | |||
#<math>\mathcal{A}</math> decodes his <math>n</math>-qubit word according to <math>Q_k</math> obtaining <math>\tau^\prime</math>. | |||
#<math>\mathcal{A}</math> q-decrypts <math>\tau^\prime</math> using the random binary strings <math>x</math> obtaining <math>\rho^\prime</math>. | |||
==Further Information== | ==Further Information== | ||
==References== | ==References== | ||
<div style='text-align: right;'>''contributed by Shraddha Singh''</div> | #[https://arxiv.org/pdf/quant-ph/0205128.pdf| Barnum et al. (2002).] | ||
<div style='text-align: right;'>''contributed by Shraddha Singh and Isabel Nha Minh Le''</div> |