Editing Arbitrated Quantum Digital Signature

The Arbitrated Quantum Signature protocol is quantum digital signature scheme where the public and private keys are classical in nature, however the signature cipher has a quantum nature. This is based directly on the public-key cryptography where the signer's identity is used to generate the public-key and One-Time Pad protocol generates the private key.
</br></br>

'''Tags:''' [[Quantum Digital Signature]], Public key cryptography, [[:Category: Specific Task|Specific Task]]

==Assumptions==
* The protocol assumes perfect state preparation, transmissions and measurements.
* Private-key generation (PKG) is the arbitrator which is a trusted party. The master key and the identity of the Signer is kept secret by PKG.
* item In the signing process, the quantum one way function used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.

==Outline==

The entire protocol is broken in three phases: Key Generation, Signature and Verification. This scheme is presented between PKG, a Signer and a Verifier. The total number of qubits used in this protocol is equal to the total number of qubits in the message.</br>
* '''Key Generation''': In this method, the PKG generates a private key for the Signer and sends the same. This transaction can take place on both secure and insecure channels.
** Using identity-based encryption, Signer's public key is generated using their personal public information like email or ID card. This public key is accessible on open channels.
** PKG acquires the Signer's public key through the open channels.
** A quantum one way function is secretly and randomly selected by the PKG as the master key and along with that a random OTP number is also selected to denote Signer's different signature, thus acting as the identity. Using this identity and master key, a private key is generated for the Signer by the PKG.
** In the case of an insecure channel between the PKG and Signer, a secret key is shared in advance between them. PKG uses the shared key to encrypt the private key using the quantum Vernam cipher (Link here). Hence the Signer receives their private key.

* '''Signature''': In this method, the Signer generates a signature quantum state using the message they want send, their public and private keys. The Signer also selects a quantum one way function publicly to generate the quantum digest.
** The Signer selects two random strings and generates a quantum state of the message using these random strings.
** The public and the private key are used to generate the signature quantum state from the state produced in the previous step.
** The Signer then generates a private key state using the two selected random numbers and the private key. Along with that a basis state is generated, which is a set of basis of each qubit in the private key state. 
** Signer then generates a quantum digital digest using the quantum one way function with the message and private key state as input. This process is repeated several times to generate few copies of the quantum digest.
** The shared key with PKG is used to encrypt the quantum digest using the quantum Vernam cipher and then it is delivered to PKG. 
** PKG decrypts the received ciphertext state and announces publicly that the messages are ready for the Verifier to download and verify.
** Signers sends the signature to Verifier which includes the signature quantum state, plain text message, timestamp and basis state.

* '''Verify''': In this method, the verifier checks the authenticity of the signature.
** The Verifier uses Signer's public key and the signature sent to generate a quantum state. According to the Basis state set, the Verifier measures this quantum state and the result of this measurement is converted to a set of classical 2-bit string.
** One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one way function.
** Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
** If the test is passed the message from the Signer would be valid otherwise it is rejected.

==Notation==
* <math>n</math>: Total number of qubits of message.
* <math>k_{pub}</math>: Signer's public key, where <math>k_{pub} \in \{0,1\}^n</math>.
* <math>k_{pri}</math>: Signer's private, where <math>k_{pri} \in \{0,1\}^n</math>.
* <math>k_r</math>: Random OTP number selected by PKG to denote each of Signer's signatures, where <math>k_{r} \in \{0,1\}^n</math>.
* <math>k_{at}</math>: Shared key between the Signer and PKG where <math>k_{at} \in \{0,1\}^n</math>.
* <math>E_{k_{at}}</math>: Quantum Vernam cipher encrypted state which uses <math>k_{at}</math>.
* <math>G</math>: PKG's master key which is a one way function where <math>\{0,1\}^n \xrightarrow{}\{0,1\}^n</math> .
* <math>F</math>: Public quantum one way function selected by Signer to generate quantum digest.
* <math>m</math>: Message sent by Signer to the Verifier, where <math>m \in \{0,1\}^n</math>.
* <math>s</math>: Random string of uniform distribution selected by the Signer, where <math>s \in \{0,1\}^n</math>.
* <math>t</math>: Random string of uniform distribution selected by the Signer, where <math>t \in \{0,1\}^n</math>.
* <math>|\phi\rangle_{a_l,b_l}</math>: Quantum state which is defined by
<math>|\phi\rangle_{a_l,b_l} := H^{a_l}U_{\frac{\pi}{4}}H^{b_l}|0\rangle</math>
* <math>|\phi\rangle_{a_l,b_l,c_l}</math>: Quantum state which is defined by
<math>|\phi\rangle_{a_l,b_l,c_l} := Y^{c_l}|\phi\rangle_{a_l,b_l}</math>
* <math>|S\rangle_{k_{pri},m}</math>: Signature quantum state for message $m$ which is the quantum state
<math>|S\rangle_{k_{pri},m} = \bigotimes^{n}_{l=1} H^{k_{pub_l}\oplus k_{pri_l}} |\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math>
* <math>|P\rangle</math>: Private key quantum state where <math>|P\rangle \in \{|+\rangle, |-\rangle, |1\rangle, |0\rangle\}^n</math> and it is the quantum state:
<math>|P\rangle := H^{k_{pri}}|\phi\rangle_{s, t\oplus m}</math>
* <math>P</math>: Classical 2n-bit for <math>n</math>-qubit <math>|P\rangle</math> where <math>|+\rangle</math> is encoded to 10, <math>|-\rangle</math> to 11, <math>|1\rangle</math> to 00 and <math>|0\rangle</math> is encoded to 01.
* <math>B_P</math>: This is the set of the basis of each qubit state in <math>|P\rangle</math>.
<math> B_P = Basis(|P\rangle) \in \{+,\times \}</math>
* <math>|F\rangle</math>: Quantum digital digest received by PKG.
* <math>|F\rangle'</math>: Quantum digital digest generated by Verifier.
* <math>u</math>: The most number of verifiers in this scheme.
* <math>w</math>: Safety parameter threshold for acceptance.
* <math>w_0</math>: Security threshold decided in advance.
* <math>w'</math>: Number of times SWAP test is performed.
* <math>|V\rangle_{m, k_{pub},S}</math>: A quantum state, where
<math>|V\rangle_{m, k_{pub},S} := Y^m H^{k_{pub}}|S\rangle_{k_{pri}, m}</math>
This state is also expressed as <math>\beta|\phi\rangle_{k_{pri}\oplus s, t\oplus m}</math> where <math>\beta \in \{1, -1, \iota, -\iota\}</math>
* <math>|Q\rangle</math>: Result of Verifier's measurement of <math>|V\rangle_{m, k_{pub},S}</math>.
* <math>Q</math>: Classical bit string denoted as <math>Q \in \{00, 01, 10, 11\}^n</math>. It is proven that <math>P=Q</math>.
* <math>\delta</math>: <math>\langle F|F\rangle'</math>, where <math>\delta \in [0,1)</math>.

==Hardware Requirements==
* Secure quantum channel between Signer and Verifier
* Quantum channel between Signer and PKG
* Private database for both Signer and PKG
* Measurement devices for the Verifier.

==Properties==
* The protocol assumes the PKG to be a trusted party.
* This protocol cannot be broken even if the adversary had unlimited computing power.
* In this protocol, it is proven that no adversary can break the secrecy of the Signer's signature private key.
* The quantum digital signature produces in this protocol is impossible to repudiate and cannot be forged in any condition.
* In the protocol the public and the private key belong to the classical bits, only the signature cipher has quantum nature.
* No Certificate Authority is required to manage digital public-key certificate of Signers.
* If  <math>|F\rangle = |F\rangle'</math>, the measuring result <math>|0\rangle</math> occurs with probability 1, otherwise it occurs with probability <math>\frac{1+\delta^2}{2}</math>. Hence, when repeated for <math>w</math> times, the probability of equality is at least 1-<math>(\frac{1+\delta^2}{2})^w</math>.

==Pseudocode==
'''Stage 1''': Key Generation </br>
'''Output''': Signer receives <math>k_{pri}</math> from the PKG.

* <math>k_{pub}</math> is generated on the basis of Signer's public identity information like email or person ID-card.
* PKG aquires <math>k_{pub}</math> through open channels.
* PKG selects <math>G</math> randomly as its master key.
* PKG selects <math>k_{r}</math> randomly.
* PKG calculates <math>k_{pri}</math> as
<div style="text-align: center;"><math>k_{pri} := G(k_{pub}) \oplus k_{r} </math></div>
* PKG uses <math>k_{at}</math> to encrypt <math>k_{pri}</math> and transmits <math>E_{k_{at}}</math> to Signer.
* Signer decrypts <math>E_{k_{at}}</math> using <math>k_{at}</math> and receives <math>k_{pri}</math>.

'''Stage 2''': Signature</br>
'''Output''': PKG receives the quantum digest <math>|F\rangle</math> and the Verifier receives the Signature <math>(ts, m, B_P,|S\rangle_{k_{pri}, m})</math> from the Signer.

* Signer wants to sign the message <math>m</math>.
* Signer selects <math>s</math> and <math>t</math>.
* For <math>l = 1, 2, ...n</math>:
** Signer generates the state <math>|\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math>, which is:
<div style="text-align: center;"><math> |\phi\rangle_{s_l,t_l\oplus m_l, m_l}  = Y^{m_l}H^{s_l}U_{\frac{\pi}{4}}H^{t_l\oplus m_l}|0\rangle</math></div>
* For <math>l = 1, 2, ...n</math>:
** Signer generates the Signature quantum state <math>|S\rangle_{{k_{pri}}_l,m_l}</math>, which is
<div style="text-align: center;"><math> |S\rangle_{{k_{pri}}_l,m_l} = H^{k_{pub_l}\oplus k_{pri_l}}|\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math></div>
* For <math>l = 1, 2, ...n</math>:
** Signer generates the private key  quantum state <math>|P\rangle_l</math>, which is
<div style="text-align: center;"><math>|P\rangle_l = H^{k_{pri_l}} |\phi\rangle_{s_l, t_l\oplus m_l}</math></div>
**  The classical <math>P_l</math> is calculated based on <math>|P\rangle_l</math>.
** The basis set is formed by Signer is:
<div style="text-align: center;"><math>  B_{P_l} = Basis(|P\rangle_l) \in \{+,\times \} </math></div>

* For <math>k = 1, 2, ...u w</math>: Different copies of the quantum digital digest state is prepared.
** For <math>l = 1, 2, ...n</math>:
# The quantum digital digest state <math>|F\rangle_l</math> is prepared by Signer, where:
<div style="text-align: center;"><math> |F\rangle_l =  |F(t_l||m_l||P_l|| t_l s_l)\rangle_l</math></div>


* Signer encrypts <math>|F\rangle</math> using quantum Vernam cipher and sends <math>E_{k_{at}}(ts, \otimes^{uw}_{l=1}|F\rangle)</math> to PKG.
* PKG decrypts  <math>E_{k_{at}}(ts, \otimes^{uw}_{l=1}|F\rangle)</math> using <math>k_{at}</math> and gets <math>(ts, \otimes^{uw}_{l=1}|F\rangle)</math>. 
* PKG announces publicly that the quantum digest is ready.
* Signer transmits <math>(ts, m, B_P, |S\rangle_{k_{pri}, m})</math> to Verifier, which is the signature.

'''Stage 3''': Verification</br>
'''Output''': <math>m</math> is considered valid or is rejected by the Verifier.
* Verifier receives <math>|k\rangle_{pub}</math> from open channels.
* Verifier generates the state <math>|V\rangle_{m, k_{pub},S}</math>.
* For <math>l = 1, 2, ... w</math>: 
** Verifier measure the state <math>|V\rangle_{{(m, k_{pub},S)}_{l}}</math> according to the basis (diagonal or horizontal) in <math>B_{P_l}</math>.
** The result of the measurement is recorded as <math>|Q\rangle_l</math>, which is converted to <math>Q_l</math>.
* <math>t</math> is inferred by the Verifier using <math>Q</math>
* Verifier gains <math>(ts, \otimes^{w}_{l=1} |F\rangle)</math> from PKG.
* For <math>k = 1, 2, ... w'</math>: 
** Verifier generates <math>|F\rangle'</math> using <math>F</math> by the calculation
<div style="text-align: center;"><math> |F\rangle' = |F(t||m||Q||t s)\rangle</math></div>
** Verifier gains <math>(ts, |F\rangle)</math> from PKG.
** Verifier performs SWAP test between <math>|F\rangle</math> and <math>|F\rangle'</math>.
* If <math>w'>w_0</math> and measurement result everytime =  <math>|0\rangle'</math>:
**  Verifier counts the message <math>m</math> as valid.
* else:
** <math>m</math> is rejected by the Verifier.

==Further Information==

<div style='text-align: right;'>''*contributed by Rhea Parekh''</div>
@@ Line 1: / Line 1: @@
-This [https://www.researchgate.net/publication/321657113_Public-key_quantum_digital_signature_scheme_with_one-time_pad_private-key example protocol] provides a quantum digital signature scheme where the public (known to all) and private (secret key preserved with the seller) keys are classical in nature, however the signature has a quantum nature. This scheme is based on public-key cryptography where the seller's identity is used to generate the public-key and [https://en.wikipedia.org/wiki/One-time_pad one-time pad] generates the private key.
+The Arbitrated Quantum Signature protocol is quantum digital signature scheme where the public and private keys are classical in nature, however the signature cipher has a quantum nature. This is based directly on the public-key cryptography where the signer's identity is used to generate the public-key and One-Time Pad protocol generates the private key.
 </br></br>
-'''Tags:''' [[Quantum Digital Signature]], Public key cryptography, [[:Category: Specific Task|Specific Task]], [[:Category:Multi Party Protocols|Multi Party]] [[Category:Multi Party Protocols]][[Category:Specific Task]]
+'''Tags:''' [[Quantum Digital Signature]], Public key cryptography, [[:Category: Specific Task|Specific Task]]
 ==Assumptions==
-* The protocol assumes perfect state preparation, transmissions, and measurements.
+* The protocol assumes perfect state preparation, transmissions and measurements.
-* Private-key generation (PKG) is a trusted third party, arbitrator.
+* Private-key generation (PKG) is the arbitrator which is a trusted party. The master key and the identity of the Signer is kept secret by PKG.
-* In the signing process, the [[Glossary#Quantum One Way Function|quantum one-way function]] used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.
+* item In the signing process, the quantum one way function used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.
-* Seller and PKG are assumed to have a pre-shared quantum key (say, using [[Quantum Key Distribution|QKD]])
-* Secure quantum channel between seller and buyer is assumed
 ==Outline==
-Like other QDS protocols, it is divided into two phases: Distribution and Messaging. This scheme is presented between the seller (one who signs the message), the buyer (one whom the signed message is sent) and PKG (generates and distributes public-private key for the seller) and a buyer. </br> Distribution includes the generation of public and private keys as follows
+The entire protocol is broken in three phases: Key Generation, Signature and Verification. This scheme is presented between PKG, a Signer and a Verifier. The total number of qubits used in this protocol is equal to the total number of qubits in the message.</br>
-* '''Key Generation''': In this step, PKG generates the public key of the seller and generates a private key which is secretly sent to Seller over the insecure classical channel.
+* '''Key Generation''': In this method, the PKG generates a private key for the Signer and sends the same. This transaction can take place on both secure and insecure channels.
-**Seller's public key is derived from her personal information such as her email-id over a public channel. A one-way function is chosen by PKG randomly and secretly (known as the master key), which uses the classical public key as its input.
+** Using identity-based encryption, Signer's public key is generated using their personal public information like email or ID card. This public key is accessible on open channels.
-**A random OTP of the same length as the outcome of the function (random key), is used to convert it (the outcome) into seller's private key by performing bit-wise modulo 2 sum (exclusive OR gate).
+** PKG acquires the Signer's public key through the open channels.
-**The quantum pre-shared common key (assumption) is then used to one-time pad the private key via [[Arbitrated Quantum Digital Signature#References|Quantum Vernam Cipher (1), (2)]]. The one-time padded cipher-text is then communicated to the seller (over the insecure channel).
+** A quantum one way function is secretly and randomly selected by the PKG as the master key and along with that a random OTP number is also selected to denote Signer's different signature, thus acting as the identity. Using this identity and master key, a private key is generated for the Signer by the PKG.
-**Seller un-pads the cipher-text to obtain the private key using the pre-shared common key. Hence, in the end, everyone knows the seller's public key and, only PKG and seller know her private key.
+** In the case of an insecure channel between the PKG and Signer, a secret key is shared in advance between them. PKG uses the shared key to encrypt the private key using the quantum Vernam cipher (Link here). Hence the Signer receives their private key.
-Messaging comprises of the following steps
-* '''Signing''': In this step, the seller generates a signature quantum state using the message she wants to send, her public key and private key. The seller selects a quantum one-way function publicly to generate a quantum digest (directory) using these classical inputs. Seller repeats each step for each message bit.
-** Seller selects two random strings and generates a quantum state of the message using these random strings to operate a Unitary gate and [[Glossary#Quantum Gates|Hadamard Transform]] on a null/vacuum state (see [[Arbitrated Quantum Digital Signature#Pseudo Code|Pseudo Code]] for operations)
-** The public and the private key are used to perform Hadamard transformation on the state produced in the previous step in order to generate the signature quantum state.
-** The Seller then performs some operation using her private key and measures the quantum state. It can be shown the states were one of the BB84 states and hence, can have one of the two possible bases ([[Glossary#Quantum States|X basis, Z basis or + basis,x basis]]) and four possible states. She records the basis and classical bit representing the state obtained.
-**Seller then concatenates these classical bits, the two random string bits, and a timestamp unique to the signature. The concatenated classical string is used as the input of publicly chosen QOWF, to get the output called 'quantum digest'. She produces some copies of quantum digest for each recipient (buyer).
-**Seller then encrypts the timestamp and quantum output of QOWF with pre-shared common key via quantum vernam cipher. PKG unpads these and publicly announces for buyer's verification step.
-** Sellers sends the signature to the buyer which includes the signature quantum state, message, timestamp and basis states.
-* '''Verification''': In this method, buyer checks the authenticity of the signature (whether the message has come from a genuine seller).
+* '''Signature''': In this method, the Signer generates a signature quantum state using the message they want send, their public and private keys. The Signer also selects a quantum one way function publicly to generate the quantum digest.
-** The buyer performs some quantum gates on the signature quantum state, using seller's public key and message. He measures the resulting quantum state, using basis states for each qubit sent in the signature. The result thus, obtained is represnted by a classical string, in the same way as done by seller.
+** The Signer selects two random strings and generates a quantum state of the message using these random strings.
-**The result should reveal the random string used by seller and hence, buyer can also generate the same number of copies of the quantum digest using the publicly known QOWF.
+** The public and the private key are used to generate the signature quantum state from the state produced in the previous step.
-**Buyer, thus, compares his outputs of QOWF with the ones sent by the seller using [[Glossary#SWAP test|quantum SWAP Test]]. If the number of matches is greater than the accepted/decided threshold value, the signature is accepted else it is rejected.
+** The Signer then generates a private key state using the two selected random numbers and the private key. Along with that a basis state is generated, which is a set of basis of each qubit in the private key state.
+** Signer then generates a quantum digital digest using the quantum one way function with the message and private key state as input. This process is repeated several times to generate few copies of the quantum digest.
+** The shared key with PKG is used to encrypt the quantum digest using the quantum Vernam cipher and then it is delivered to PKG.
+** PKG decrypts the received ciphertext state and announces publicly that the messages are ready for the Verifier to download and verify.
+** Signers sends the signature to Verifier which includes the signature quantum state, plain text message, timestamp and basis state.
+* '''Verify''': In this method, the verifier checks the authenticity of the signature.
+** The Verifier uses Signer's public key and the signature sent to generate a quantum state. According to the Basis state set, the Verifier measures this quantum state and the result of this measurement is converted to a set of classical 2-bit string.
+** One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one way function.
+** Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
+** If the test is passed the message from the Signer would be valid otherwise it is rejected.
 ==Notation==
 * <math>n</math>: Total number of qubits of message.
-* <math>f</math>: public function to obtain public key from user's email-id
+* <math>k_{pub}</math>: Signer's public key, where <math>k_{pub} \in \{0,1\}^n</math>.
-* <math>k_{pub}</math>: Seller's public key, where <math>k_{pub} \in \{0,1\}^n</math>.
+* <math>k_{pri}</math>: Signer's private, where <math>k_{pri} \in \{0,1\}^n</math>.
-* <math>k_{pri}</math>: Seller's private, where <math>k_{pri} \in \{0,1\}^n</math>.
+* <math>k_r</math>: Random OTP number selected by PKG to denote each of Signer's signatures, where <math>k_{r} \in \{0,1\}^n</math>.
-* <math>k_r</math>: Random OTP number selected by PKG to denote each of Seller's signatures, where <math>k_{r} \in \{0,1\}^n</math>.
+* <math>k_{at}</math>: Shared key between the Signer and PKG where <math>k_{at} \in \{0,1\}^n</math>.
-* <math>VC(x,y)</math>: function VC performs one time pads 'y' using quantum pad key 'x' via [[Arbitrated Quantum Digital Signature#References|Quantum Vernam Cipher (1), (2)]].
-* <math>k_{at}</math>: Shared key between the Seller and PKG where <math>k_{at} \in \{0,1\}^n</math>.
 * <math>E_{k_{at}}</math>: Quantum Vernam cipher encrypted state which uses <math>k_{at}</math>.
 * <math>G</math>: PKG's master key which is a one way function where <math>\{0,1\}^n \xrightarrow{}\{0,1\}^n</math> .
-* <math>F</math>: Public quantum one way function selected by Seller to generate quantum digest.
+* <math>F</math>: Public quantum one way function selected by Signer to generate quantum digest.
-* <math>m</math>: Message sent by Seller to the Buyer, where <math>m \in \{0,1\}^n</math>.
+* <math>m</math>: Message sent by Signer to the Verifier, where <math>m \in \{0,1\}^n</math>.
-* <math>s</math>: Random string of uniform distribution selected by the Seller, where <math>s \in \{0,1\}^n</math>.
+* <math>s</math>: Random string of uniform distribution selected by the Signer, where <math>s \in \{0,1\}^n</math>.
-* <math>t</math>: Random string of uniform distribution selected by the Seller, where <math>t \in \{0,1\}^n</math>.
+* <math>t</math>: Random string of uniform distribution selected by the Signer, where <math>t \in \{0,1\}^n</math>.
-*<math>l</math>: qubit address
 * <math>|\phi\rangle_{a_l,b_l}</math>: Quantum state which is defined by
 <math>|\phi\rangle_{a_l,b_l} := H^{a_l}U_{\frac{\pi}{4}}H^{b_l}|0\rangle</math>
 * <math>|\phi\rangle_{a_l,b_l,c_l}</math>: Quantum state which is defined by
 <math>|\phi\rangle_{a_l,b_l,c_l} := Y^{c_l}|\phi\rangle_{a_l,b_l}</math>
-* <math>|S\rangle_{k_{pri},m}</math>: Signature quantum state for message <math>m</math> which is the quantum state
+* <math>|S\rangle_{k_{pri},m}</math>: Signature quantum state for message $m$ which is the quantum state
 <math>|S\rangle_{k_{pri},m} = \bigotimes^{n}_{l=1} H^{k_{pub_l}\oplus k_{pri_l}} |\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math>
 * <math>|P\rangle</math>: Private key quantum state where <math>|P\rangle \in \{|+\rangle, |-\rangle, |1\rangle, |0\rangle\}^n</math> and it is the quantum state:
 <math>|P\rangle := H^{k_{pri}}|\phi\rangle_{s, t\oplus m}</math>
 * <math>P</math>: Classical 2n-bit for <math>n</math>-qubit <math>|P\rangle</math> where <math>|+\rangle</math> is encoded to 10, <math>|-\rangle</math> to 11, <math>|1\rangle</math> to 00 and <math>|0\rangle</math> is encoded to 01.
-* <math>B_l</math>: This is the set of the basis of each <math>l^th</math> qubit in <math>|P\rangle</math>.
+* <math>B_P</math>: This is the set of the basis of each qubit state in <math>|P\rangle</math>.
-<math> B_l \in \{+,\times \}</math>
+<math> B_P = Basis(|P\rangle) \in \{+,\times \}</math>
-*<math>B_l(|P_l\rangle)</math>: Measurement of <math>l^{th}</math> qubit in basis <math>B_l</math>
-*<math>b_l</math>: measurement result of <math>l^{th}</math> qubit in the concerned quantum state
 * <math>|F\rangle</math>: Quantum digital digest received by PKG.
-* <math>|F\rangle'</math>: Quantum digital digest generated by Buyer.
+* <math>|F\rangle'</math>: Quantum digital digest generated by Verifier.
-* <math>u</math>: The most number of Buyer in this scheme.
+* <math>u</math>: The most number of verifiers in this scheme.
 * <math>w</math>: Safety parameter threshold for acceptance.
 * <math>w_0</math>: Security threshold decided in advance.
@@ Line 70: / Line 65: @@
 <math>|V\rangle_{m, k_{pub},S} := Y^m H^{k_{pub}}|S\rangle_{k_{pri}, m}</math>
 This state is also expressed as <math>\beta|\phi\rangle_{k_{pri}\oplus s, t\oplus m}</math> where <math>\beta \in \{1, -1, \iota, -\iota\}</math>
+* <math>|Q\rangle</math>: Result of Verifier's measurement of <math>|V\rangle_{m, k_{pub},S}</math>.
 * <math>Q</math>: Classical bit string denoted as <math>Q \in \{00, 01, 10, 11\}^n</math>. It is proven that <math>P=Q</math>.
-*<math>g(Q)</math>: g is a classical function which when takes classical 2n bit string Q, gives seller's random string t as output. This function can be calculated.
 * <math>\delta</math>: <math>\langle F|F\rangle'</math>, where <math>\delta \in [0,1)</math>.
 ==Hardware Requirements==
-*'''Network Stage''':[[:Category:Quantum Memory Network Stage|Prepare and Measure]][[Category:Quantum Memory Network Stage]]
+* Secure quantum channel between Signer and Verifier
-*The total number of qubits used in this protocol is equal to the total number of qubits in the message.
+* Quantum channel between Signer and PKG
-* Secure quantum channel between seller and buyer
+* Private database for both Signer and PKG
+* Measurement devices for the Verifier.
-==Knowledge Graph==
-{{graph}}
 ==Properties==
+* The protocol assumes the PKG to be a trusted party.
 * This protocol cannot be broken even if the adversary had unlimited computing power.
-* In this protocol, it is proven that no adversary can break the secrecy of the seller's signature private key.
+* In this protocol, it is proven that no adversary can break the secrecy of the Signer's signature private key.
-* The quantum digital signature produced in this protocol is impossible to repudiate and cannot be forged in any condition.
+* The quantum digital signature produces in this protocol is impossible to repudiate and cannot be forged in any condition.
-* In the protocol the public and the private key belonging to the classical bits, only the signature cipher has quantum nature.
+* In the protocol the public and the private key belong to the classical bits, only the signature cipher has quantum nature.
-* No Certificate Authority is required to manage digital public-key certificate of sellers.
+* No Certificate Authority is required to manage digital public-key certificate of Signers.
 * If  <math>|F\rangle = |F\rangle'</math>, the measuring result <math>|0\rangle</math> occurs with probability 1, otherwise it occurs with probability <math>\frac{1+\delta^2}{2}</math>. Hence, when repeated for <math>w</math> times, the probability of equality is at least 1-<math>(\frac{1+\delta^2}{2})^w</math>.
-==Protocol Description==
+==Pseudocode==
-<u>'''Stage 1'''</u> Key Distribution </br>
+'''Stage 1''': Key Generation </br>
-'''Input''': Seller and PKG (<math>k_{at}</math>)</br>
+'''Output''': Signer receives <math>k_{pri}</math> from the PKG.
-'''Output''': Seller and PKG (<math>k_{pri}</math>); Everyone (<math>k_{pub}</math>)
+* <math>k_{pub}</math> is generated on the basis of Signer's public identity information like email or person ID-card.
+* PKG aquires <math>k_{pub}</math> through open channels.
+* PKG selects <math>G</math> randomly as its master key.
+* PKG selects <math>k_{r}</math> randomly.
+* PKG calculates <math>k_{pri}</math> as
+<div style="text-align: center;"><math>k_{pri} := G(k_{pub}) \oplus k_{r} </math></div>
+* PKG uses <math>k_{at}</math> to encrypt <math>k_{pri}</math> and transmits <math>E_{k_{at}}</math> to Signer.
+* Signer decrypts <math>E_{k_{at}}</math> using <math>k_{at}</math> and receives <math>k_{pri}</math>.
+'''Stage 2''': Signature</br>
+'''Output''': PKG receives the quantum digest <math>|F\rangle</math> and the Verifier receives the Signature <math>(ts, m, B_P,|S\rangle_{k_{pri}, m})</math> from the Signer.
+* Signer wants to sign the message <math>m</math>.
+* Signer selects <math>s</math> and <math>t</math>.
+* For <math>l = 1, 2, ...n</math>:
+** Signer generates the state <math>|\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math>, which is:
+<div style="text-align: center;"><math> |\phi\rangle_{s_l,t_l\oplus m_l, m_l}  = Y^{m_l}H^{s_l}U_{\frac{\pi}{4}}H^{t_l\oplus m_l}|0\rangle</math></div>
+* For <math>l = 1, 2, ...n</math>:
+** Signer generates the Signature quantum state <math>|S\rangle_{{k_{pri}}_l,m_l}</math>, which is
+<div style="text-align: center;"><math> |S\rangle_{{k_{pri}}_l,m_l} = H^{k_{pub_l}\oplus k_{pri_l}}|\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math></div>
+* For <math>l = 1, 2, ...n</math>:
+** Signer generates the private key  quantum state <math>|P\rangle_l</math>, which is
+<div style="text-align: center;"><math>|P\rangle_l = H^{k_{pri_l}} |\phi\rangle_{s_l, t_l\oplus m_l}</math></div>
+**  The classical <math>P_l</math> is calculated based on <math>|P\rangle_l</math>.
+** The basis set is formed by Signer is:
+<div style="text-align: center;"><math>  B_{P_l} = Basis(|P\rangle_l) \in \{+,\times \} </math></div>
-#PKG generates <math>k_{pub}= f(</math>Seller's email-id)
+* For <math>k = 1, 2, ...u w</math>: Different copies of the quantum digital digest state is prepared.
-# PKG randomly chooses <math>G</math>, <math>k_r</math>
+** For <math>l = 1, 2, ...n</math>:
-# PKG calculates <math>k_{pri} := G(k_{pub}) \oplus k_{r} </math>
+# The quantum digital digest state <math>|F\rangle_l</math> is prepared by Signer, where:
-# PKG encrypts <math>VC(k_{at},k_{pri})=E_{k_{at}}</math>
+<div style="text-align: center;"><math> |F\rangle_l =  |F(t_l||m_l||P_l|| t_l s_l)\rangle_l</math></div>
-# Seller decrypts <math>VC(k_{at}, E_{k_{at}})=k_{pri}</math>.
-<u>'''Stage 2.1'''</u> Messaging: Signature</br>
-'''Input''': Seller (<math>k_{pri}</math>, <math>m</math>, <math>k_{pub}</math>) </br>
-'''Output''': PKG (<math>|F\rangle</math>), Buyer (Signature <math>(ts, m, B_P,|S\rangle_{k_{pri}, m})</math>
-# Seller randomly chooses <math>s</math> and <math>t</math>.
+* Signer encrypts <math>|F\rangle</math> using quantum Vernam cipher and sends <math>E_{k_{at}}(ts, \otimes^{uw}_{l=1}|F\rangle)</math> to PKG.
-# <math>\forall l\epsilon\{1,..,n\}</math>, Seller operates <math>Y^{m_l}H^{s_l}U_{\frac{\pi}{4}}H^{t_l\oplus m_l}|0\rangle=|\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math>
+* PKG decrypts  <math>E_{k_{at}}(ts, \otimes^{uw}_{l=1}|F\rangle)</math> using <math>k_{at}</math> and gets <math>(ts, \otimes^{uw}_{l=1}|F\rangle)</math>.
-#<math>\forall l\epsilon\{1,..,n\}</math>, Seller generates <math> |S\rangle_{{k_{pri}}_l,m_l} = H^{k_{pub_l}\oplus k_{pri_l}}|\phi\rangle_{s_l,t_l\oplus m_l, m_l}</math>
+* PKG announces publicly that the quantum digest is ready.
-#<math>\forall l\epsilon\{1,..,n\}</math>, Seller generates <math>|P\rangle_l = H^{k_{pri_l}} |\phi\rangle_{s_l, t_l\oplus m_l}</math></div>
+* Signer transmits <math>(ts, m, B_P, |S\rangle_{k_{pri}, m})</math> to Verifier, which is the signature.
-#For <math>l = 1, 2, ...n</math>:
-##Seller chooses <math>B_l \epsilon_R\{+,\times\}</math>
-##Seller measures in basis <math>B_l: B_l(|P_l\rangle)=b_l</math>
-##'''If''' <math>B_l = +</math> '''then'''
-###'''If''' <math>b_l=1</math> '''then''' <math>P_l=00</math> '''else''' <math>P_l=01</math>
-##'''If''' <math>B_l = \times</math> '''then'''
-###'''If''' <math>b_l=1</math> '''then''' <math>P_l=10</math> '''else''' <math>P_l=11</math>
-# For <math>k = 1, 2, ...u w</math>:
-## For <math>l = 1, 2, ...n</math>:
-### <math> |F\rangle_l =  |F(t_l||m_l||P_l|| t_l s_l)\rangle_l</math></div>
-# Seller encrypts <math>VC(k_{at},(ts, \otimes^{uw}_{l=1}|F\rangle ))=E_{k_{at}}</math> and sends to PKG
-# PKG decrypts  <math>VC(k_{at},E_{k_{at}})=(ts, \otimes^{uw}_{l=1}|F\rangle )</math>
-# PKG announces publicly that the quantum digest is ready.
-# Seller transmits '''Signature''' <math>(ts, m, B, |S\rangle_{k_{pri}, m})</math> to buyer.
-<u>'''Stage 2.2'''</u> Messaging: Verification</br>
+'''Stage 3''': Verification</br>
-'''Input:''' Buyer (Signature <math>(ts, m, B, |S\rangle_{k_{pri}, m})</math>, public key <math>(k_{pub})</math>)</br>
+'''Output''': <math>m</math> is considered valid or is rejected by the Verifier.
-'''Output''': Buyer accepts or rejects the signature
+* Verifier receives <math>|k\rangle_{pub}</math> from open channels.
-# Buyer operates: <math>Y^mH^{k_{pub}}|S\rangle_{k_{pri}, m}=|V\rangle_{m, k_{pub},S}</math>.
+* Verifier generates the state <math>|V\rangle_{m, k_{pub},S}</math>.
-#For <math>l = 1, 2, ... w</math>:
+* For <math>l = 1, 2, ... w</math>:
-##Buyer measures <math>|V\rangle_{{(m, k_{pub},S)}_{l}}</math> in basis <math>B_l: B_l(|V_l\rangle_{{(m, k_{pub},S)}_{l}})=b_l</math>
+** Verifier measure the state <math>|V\rangle_{{(m, k_{pub},S)}_{l}}</math> according to the basis (diagonal or horizontal) in <math>B_{P_l}</math>.
-##'''If''' <math>B_l = +</math> '''then'''
+** The result of the measurement is recorded as <math>|Q\rangle_l</math>, which is converted to <math>Q_l</math>.
-###'''If''' <math>b_l=1</math> '''then''' <math>Q_l=00</math> '''else''' <math>Q_l=01</math>
+* <math>t</math> is inferred by the Verifier using <math>Q</math>
-##'''If''' <math>B_l = \times</math> '''then'''
+* Verifier gains <math>(ts, \otimes^{w}_{l=1} |F\rangle)</math> from PKG.
-###'''If''' <math>b_l=1</math> '''then''' <math>Q_l=10</math> '''else''' <math>Q_l=11</math>
+* For <math>k = 1, 2, ... w'</math>:
-# Buyer obtains <math>t=g(Q)</math>
+** Verifier generates <math>|F\rangle'</math> using <math>F</math> by the calculation
-# Buyer receives <math>(ts, \otimes^{w}_{l=1} |F\rangle)</math> from PKG.
+<div style="text-align: center;"><math> |F\rangle' = |F(t||m||Q||t s)\rangle</math></div>
-# For <math>k = 1, 2, ... w'</math>:
+** Verifier gains <math>(ts, |F\rangle)</math> from PKG.
-## Buyer generates <math> |F\rangle' = |F(t||m||Q||t s)\rangle</math></div>
+** Verifier performs SWAP test between <math>|F\rangle</math> and <math>|F\rangle'</math>.
-## Buyer receives <math>(ts, |F\rangle)</math> from PKG.
+* If <math>w'>w_0</math> and measurement result everytime =  <math>|0\rangle'</math>:
-## Buyer performs SWAP test: '''QSWAP'''(<math>|F\rangle,|F\rangle'</math>)
+**  Verifier counts the message <math>m</math> as valid.
-##If '''QSWAP'''=true, '''then''' <math>w'=w'+1</math>
+* else:
-# If <math>w'>w_0</math> buyer '''accepts'''
+** <math>m</math> is rejected by the Verifier.
-#'''Else''' buyer '''rejects'''
 ==Further Information==
-Like most other classical digital signature schemes which provide unconditional security, this scheme also requires a trusted arbitrator who distributes the public key to the recipients. This protocol was preceded by a few other protocols which use an arbitrator to establish quantum digital signatures, most of which used entangled states.
-#[https://arxiv.org/abs/quant-ph/0109007 Zeng and Keitel (2002)]
-#[https://arxiv.org/abs/quant-ph/0511224 Wang et al (2005)]
-#[https://journals.aps.org/pra/abstract/10.1103/PhysRevA.79.054307 Li et al (2009)]
-#[https://arxiv.org/ftp/arxiv/papers/1003/1003.2337.pdf Zhou and Qiu (2010)]
-#[http://adsabs.harvard.edu/abs/2011EPJD...61..773Y Guang et al (2011)]
-#[http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.414.2231&rep=rep1&type=pdf Zou et al (2013)]
-#[https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6992228 Wang et al (2014)]
-#[https://iopscience.iop.org/article/10.1088/0253-6102/68/3/317/meta Li et al (2017)]
-==References==
+<div style='text-align: right;'>''*contributed by Rhea Parekh''</div>
-#[https://arxiv.org/abs/quant-ph/0003059 BR (2000)]
-#[https://www.sciencedirect.com/science/article/pii/S0378437106010119 Zhou et al. (2006)]
-<div style='text-align: right;'>''*contributed by Rhea Parekh and Shraddha Singh''</div>