Gottesman and Chuang Quantum Digital Signature: Difference between revisions

m
Line 28: Line 28:
*The protocol-
*The protocol-
**involves three parties (Seller, Buyer, Verifier) exchanging one-bit classical messages.
**involves three parties (Seller, Buyer, Verifier) exchanging one-bit classical messages.
**'''Requires''' [[BB84 QKD]] setup, [[authenticated]] quantum and classical channels
**'''Requires''' quantum one-way function, quantum memory, [[authenticated]] quantum and classical channels
**assumes maximum number of participating parties are honest. In the present case at least two parties are honest.
**assumes maximum number of participating parties are honest. In the present case at least two parties are honest.
**provides information-theoretic security
**provides information-theoretic security
**provides security against repudiation, i.e. the probability that seller succeeds in making buyer and seller disagree on the validity of her sent quantum signature decays exponentially with L, as stated by the formula <math>P(\text{rep})\le e^{-(s_v-s_a)^2L}</math>.
**provides security against repudiation, i.e. the probability that seller succeeds in making buyer and seller disagree on the validity of her sent quantum signature decays exponentially with L, as stated by the formula {equation}
**provides security against forgery, i.e. any recipient (verifier) with high probability rejects any message which was not originally sent by the seller herself. Forging probability is given by the formula, <math>P(\text{forge})\le e^{-(c_{\min}-2s_v)^2L}</math>, where <math>c_{\min}</math> is 3/8 (calculated using uncertainty principle).
**provides security against forgery, i.e. any recipient (verifier) with high probability rejects any message which was not originally sent by the seller herself. Forging probability is given by the formula, {equation}


===Pseudo Code===
===Pseudo Code===
Write, autoreview, editor, reviewer
3,129

edits