Authentication of Quantum Messages: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
*[[Clifford Code for Quantum Authentication]] | *[[Clifford Code for Quantum Authentication]] | ||
*[[Trap Code for Quantum Authentication]] | *[[Trap Code for Quantum Authentication]] | ||
*[[Auth-QFT-Auth Scheme]] | |||
*[[Unitary Design Scheme]] | |||
'''Interactive Protocols:''' | '''Interactive Protocols:''' | ||
*[[Naive approach using Quantum Teleportation]] | *[[Naive approach using Quantum Teleportation]] | ||
| Line 18: | Line 20: | ||
==Properties== | ==Properties== | ||
*Any scheme, which authenticates quantum messages must also encrypt them [[Authentication of Quantum Messages#References|(1)]]. This is inherently different to the classical scenario, where encryption and authentication are two independent procedures. | *Any scheme, which authenticates quantum messages must also encrypt them [[Authentication of Quantum Messages#References|(1)]]. This is inherently different to the classical scenario, where encryption and authentication are two independent procedures. | ||
*'''Definition: Quantum Authentication Scheme (QAS)''' <br/>A quantum authentication scheme (QAS) consists of a suppliant <math>\mathcal{S}</math>, an authenticator <math>\mathcal{A}</math> and a set of classical private keys <math>K</math>. <math>\mathcal{S}</math> and <math>\mathcal{A}</math> are each polynomial time quantum algorithms. The following is fullfilled: | *'''Definition: Quantum Authentication Scheme (QAS)''' <br/>A quantum authentication scheme (QAS) consists of a suppliant <math>\mathcal{S}</math>, an authenticator <math>\mathcal{A}</math> and a set of classical private keys <math>K</math>. <math>\mathcal{S}</math> and <math>\mathcal{A}</math> are each polynomial time quantum algorithms. The following is fullfilled: | ||
# <math>\mathcal{S}</math> takes as input a <math>m</math>-qubit message system <math>M</math> and a key <math>k\in K</math> and outputs a transmitted system <math>T</math> of <math>m + t</math> qubits. | # <math>\mathcal{S}</math> takes as input a <math>m</math>-qubit message system <math>M</math> and a key <math>k\in K</math> and outputs a transmitted system <math>T</math> of <math>m + t</math> qubits. | ||
# <math>\mathcal{A}</math> takes as input the (possibly altered) transmitted system <math>T^\prime</math> and a classical key <math>k\in K</math> and outputs two systems: a <math>m</math>-qubit message state <math>M</math>, and a single qubit <math>V</math> which indicates acceptance or rejection. The classical basis states of <math>V</math> are called <math>|\mathrm{ACC}\rangle, |\mathrm{REJ}\rangle</math> by convention. </br>For any fixed key <math>k</math>, we denote the corresponding super-operators by <math>S_k</math> and <math>A_k</math>. | # <math>\mathcal{A}</math> takes as input the (possibly altered) transmitted system <math>T^\prime</math> and a classical key <math>k\in K</math> and outputs two systems: a <math>m</math>-qubit message state <math>M</math>, and a single qubit <math>V</math> which indicates acceptance or rejection. The classical basis states of <math>V</math> are called <math>|\mathrm{ACC}\rangle, |\mathrm{REJ}\rangle</math> by convention. </br>For any fixed key <math>k</math>, we denote the corresponding super-operators by <math>S_k</math> and <math>A_k</math>. | ||
*'''Definition: Security of a QAS''' <br/>For non-interactive protocols, a QAS is secure with error <math>\epsilon</math> if it is complete for all states <math>|\psi\rangle</math> and has a soundness error <math>\epsilon</math> for all states <math>|\psi\rangle</math>. These two conditions are met if: | *'''Definition: Security of a QAS''' <br/>For non-interactive protocols, a QAS is secure with error <math>\epsilon</math> if it is complete for all states <math>|\psi\rangle</math> and has a soundness error <math>\epsilon</math> for all states <math>|\psi\rangle</math>. These two conditions are met if: | ||
#''Completeness:'' A QAS is complete for a specific quantum state <math>|\psi\rangle</math> if <math>\forall k\in K: A_k(S_k(|\psi\rangle \langle\psi|)=|\psi\rangle \langle\psi| \otimes |\mathrm{ACC}\rangle \langle \mathrm{ACC}|.</math> <br/>This means if no adversary has acted on the encoded quantum message <math>|\psi\rangle</math>, the quantum information received by <math>\mathcal{A}</math> is the same initially sent by <math>\mathcal{S}</math> and the single qubit <math>V</math> is in state <math>|\mathrm{ACC}\rangle \langle \mathrm{ACC}|</math>. To this end, we assume that the channel between <math>\mathcal{S}</math> and <math>\mathcal{A}</math> is noiseless if no adversary intervention appeared. | #''Completeness:'' A QAS is complete for a specific quantum state <math>|\psi\rangle</math> if <math>\forall k\in K: A_k(S_k(|\psi\rangle \langle\psi|)=|\psi\rangle \langle\psi| \otimes |\mathrm{ACC}\rangle \langle \mathrm{ACC}|.</math> <br/>This means if no adversary has acted on the encoded quantum message <math>|\psi\rangle</math>, the quantum information received by <math>\mathcal{A}</math> is the same initially sent by <math>\mathcal{S}</math> and the single qubit <math>V</math> is in state <math>|\mathrm{ACC}\rangle \langle \mathrm{ACC}|</math>. To this end, we assume that the channel between <math>\mathcal{S}</math> and <math>\mathcal{A}</math> is noiseless if no adversary intervention appeared. | ||
| Line 26: | Line 30: | ||
==Further Information== | ==Further Information== | ||
#[https://arxiv.org/pdf/quant-ph/0205128.pdf| Barnum et al. (2002).] First protocol on authentication of quantum messages. It is also used later for verification of quantum computation in [[Interactive Proofs for Quantum Computation]]. Protocol file for this article is given as the [[Polynomial Code based Quantum Authentication]] | #[https://arxiv.org/pdf/quant-ph/0205128.pdf| Barnum et al. (2002).] First protocol on authentication of quantum messages. It is also used later for verification of quantum computation in [[Interactive Proofs for Quantum Computation]]. Protocol file for this article is given as the [[Polynomial Code based Quantum Authentication]]. | ||
<div style='text-align: right;'>'' | #[https://arxiv.org/pdf/1607.03075.pdf%7C| Broadbent et al. (2016).] Paper on efficient simulation of authentication of quantum messages. | ||
#[https://link.springer.com/chapter/10.1007/978-3-319-56617-7_12| Portmann (2017).] Paper on quantum authentication with full key recycling in the case of acceptance and partial key recycling in the case of tampering detection. | |||
#[https://link.springer.com/article/10.1007%2Fs11047-014-9454-5| Damgård et al. (2014).] Quantum authentication with fully re-usable keys in the case of acceptance using a quantum computer. | |||
#[https://link.springer.com/chapter/10.1007/978-3-319-56617-7_11| Fehr et al. (2017).] More efficient quantum authentication with fully re-usable keys in the case of acceptance without the need of quantum computers. | |||
#[https://link.springer.com/chapter/10.1007/978-3-319-63715-0_12| Garg (2017).] New class of security definitions for quantum authentication and protocols fullfilling these definitions: [[Auth-QFT-Auth Scheme]], [[Unitary Design Scheme]]. | |||
<div style='text-align: right;'>''Contributed by Isabel Nha Minh Le and Shraddha Singh''</div> | |||
<div style='text-align: right;'>''This page was created within the [https://www.qosf.org/qc_mentorship/| QOSF Mentorship Program Cohort 4]''</div> | |||