Arbitrated Quantum Digital Signature

The Arbitrated Quantum Signature protocol is quantum digital signature scheme where the public and private keys are classical in nature, however the signature cipher has a quantum nature. This is based directly on the public-key cryptography where the signer's identity is used to generate the public-key and One-Time Pad protocol generates the private key.

Tags: Quantum Digital Signature, Public key cryptography, Specific Task

Assumptions

• The protocol assumes perfect state preparation, transmissions and measurements.
• Private-key generation (PKG) is the arbitrator which is a trusted party. The master key and the identity of the Signer is kept secret by PKG.
• item In the signing process, the quantum one way function used to create the quantum digest is assumed to take polynomial time to compute and is hard to invert.

Outline

The entire protocol is broken in three phases: Key Generation, Signature and Verification. This scheme is presented between PKG, a Signer and a Verifier. The total number of qubits used in this protocol is equal to the total number of qubits in the message.

• Key Generation: In this method, the PKG generates a private key for the Signer and sends the same. This transaction can take place on both secure and insecure channels.
  • Using identity-based encryption, Signer's public key is generated using their personal public information like email or ID card. This public key is accessible on open channels.
  • PKG acquires the Signer's public key through the open channels.
  • A quantum one way function is secretly and randomly selected by the PKG as the master key and along with that a random OTP number is also selected to denote Signer's different signature, thus acting as the identity. Using this identity and master key, a private key is generated for the Signer by the PKG.
  • In the case of an insecure channel between the PKG and Signer, a secret key is shared in advance between them. PKG uses the shared key to encrypt the private key using the quantum Vernam cipher (Link here). Hence the Signer receives their private key.

• Signature: In this method, the Signer generates a signature quantum state using the message they want send, their public and private keys. The Signer also selects a quantum one way function publicly to generate the quantum digest.
  • The Signer selects two random strings and generates a quantum state of the message using these random strings.
  • The public and the private key are used to generate the signature quantum state from the state produced in the previous step.
  • The Signer then generates a private key state using the two selected random numbers and the private key. Along with that a basis state is generated, which is a set of basis of each qubit in the private key state.
  • Signer then generates a quantum digital digest using the quantum one way function with the message and private key state as input. This process is repeated several times to generate few copies of the quantum digest.
  • The shared key with PKG is used to encrypt the quantum digest using the quantum Vernam cipher and then it is delivered to PKG.
  • PKG decrypts the received ciphertext state and announces publicly that the messages are ready for the Verifier to download and verify.
  • Signers sends the signature to Verifier which includes the signature quantum state, plain text message, timestamp and basis state.

• Verify: In this method, the verifier checks the authenticity of the signature.
  • The Verifier uses Signer's public key and the signature sent to generate a quantum state. According to the Basis state set, the Verifier measures this quantum state and the result of this measurement is converted to a set of classical 2-bit string.
  • One of the randomly selected string by the Signer can be easily inferred by the Verifier from the state after the measurement. The Verifier is then able to generate their own copy of quantum digital digest using the publicly announced quantum one way function.
  • Verifier now publicly gains the timestamp and quantum digital digest from PKG and verifies that state with the produced quantum digital digest in the above step with the SWAP test. As the SWAP test has a probabilistic result, it is performed several times with the copies of quantum digital digest and then verified.
  • If the test is passed the message from the Signer would be valid otherwise it is rejected.

Notation

• ${\displaystyle n}$: Total number of qubits of message.
• ${\displaystyle k_{pub}}$: Signer's public key, where ${\displaystyle k_{pub}\in \{0,1\}^{n}}$.
• ${\displaystyle k_{pri}}$: Signer's private, where ${\displaystyle k_{pri}\in \{0,1\}^{n}}$.
• ${\displaystyle k_{r}}$: Random OTP number selected by PKG to denote each of Signer's signatures, where ${\displaystyle k_{r}\in \{0,1\}^{n}}$.
• ${\displaystyle k_{at}}$: Shared key between the Signer and PKG where ${\displaystyle k_{at}\in \{0,1\}^{n}}$.
• ${\displaystyle E_{k_{at}}}$: Quantum Vernam cipher encrypted state which uses ${\displaystyle k_{at}}$.
• ${\displaystyle G}$: PKG's master key which is a one way function where ${\displaystyle \{0,1\}^{n}{\xrightarrow {}}\{0,1\}^{n}}$ .
• ${\displaystyle F}$: Public quantum one way function selected by Signer to generate quantum digest.
• ${\displaystyle m}$: Message sent by Signer to the Verifier, where ${\displaystyle m\in \{0,1\}^{n}}$.
• ${\displaystyle s}$: Random string of uniform distribution selected by the Signer, where ${\displaystyle s\in \{0,1\}^{n}}$.
• ${\displaystyle t}$: Random string of uniform distribution selected by the Signer, where ${\displaystyle t\in \{0,1\}^{n}}$.
• ${\displaystyle |\phi \rangle _{a_{l},b_{l}}}$: Quantum state which is defined by

${\displaystyle |\phi \rangle _{a_{l},b_{l}}:=H^{a_{l}}U_{\frac {\pi }{4}}H^{b_{l}}|0\rangle }$

• ${\displaystyle |\phi \rangle _{a_{l},b_{l},c_{l}}}$: Quantum state which is defined by

${\displaystyle |\phi \rangle _{a_{l},b_{l},c_{l}}:=Y^{c_{l}}|\phi \rangle _{a_{l},b_{l}}}$

• ${\displaystyle |S\rangle _{k_{pri},m}}$: Signature quantum state for message $m$ which is the quantum state

${\displaystyle |S\rangle _{k_{pri},m}=\bigotimes _{l=1}^{n}H^{k_{pub_{l}}\oplus k_{pri_{l}}}|\phi \rangle _{s_{l},t_{l}\oplus m_{l},m_{l}}}$

• ${\displaystyle |P\rangle }$: Private key quantum state where Failed to parse (syntax error): {\displaystyle |P\rangle \in {(|\+\rangle, |\-\rangle, |1\rangle,|0\rangle\)^n}} and it is the quantum state

${\displaystyle |P\rangle :=H^{k_{pri}}|\phi \rangle _{s,t\oplus m}}$

• $P$: Classical 2n-bit for $n$-qubit $\ket{P}$ where $\ket{+}$ is encoded to 10, $\ket{-}$ to 11, $\ket{1}$ to 00 and $\ket{0}$ is encoded to 01.
• $B_P$: This is the set of the basis of each qubit state in $\ket{P}$.

    \begin{equation}
        B_P = Basis(\ket{P}) \in \{+,\times \}
    \end{equation}

• $\ket{F}$: Quantum digital digest received by PKG.
• $\ket{F}'$: Quantum digital digest generated by Verifier.
• $u$: The most number of verifiers in this scheme.
• $w$: Safety parameter threshold for acceptance.
• $w_0$: Security threshold decided in advance.
• $w'$: Number of times SWAP test is performed.
• $\ket{V}_{m, k_{pub},S}$: A quantum state, where

    \begin{equation}
       \ket{V}_{k_{pub},S} := Y^m H^{k_{pub}}\ket{S}_{k_{pri}, m}
    \end{equation}
    This state is also expressed as $\beta\ket{\phi}_{k_{pri}\oplus s, t\oplusm}$ where $\beta \in \{1, -1, \iota, -\iota\}$

• $\ket{Q}$: Result of Verifier's measurement of $\ket{V}_{m, k_{pub},S}$.
• $Q$: Classical bit string denoted as $Q \in \{00, 01, 10, 11\}^n$. It is proven that $P=Q$.
• $\delta$: $\braket{F}{F}'$, where $\delta \in [0,1)$.