Gottesman and Chuang Quantum Digital Signature: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 6: Line 6:
* Perfect devices and channels have been assumed
* Perfect devices and channels have been assumed
* It has been assumed that all recipients have received correct and identical copies of Sender's public key (explained later)
* It has been assumed that all recipients have received correct and identical copies of Sender's public key (explained later)
* All participants know, the map which takes private keys to public keys, threshold value of acceptance (<math>c_1</math>) and threshold value for rejection (<math>c_2</math>)


==Outline==
==Outline==

Revision as of 08:10, 28 May 2019

The example protocol achieves the functionality of (Quantum) Digital Signatures (QDS) allowing the exchange of classical messages from sender to multiple recipients, with a guarantee that the signature has come from a genuine sender, using quantum memory. It comes with all the Properties of QDS. Such protocols require parties to store quantum states for comparison at a later stage.

Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Quantum Digital Signature, Prepare and Measure Quantum Digital Signature, Measurement Device Independent Quantum Digital Signature (MDI-QDS)

Assumptions

  • Perfect devices and channels have been assumed
  • It has been assumed that all recipients have received correct and identical copies of Sender's public key (explained later)
  • All participants know, the map which takes private keys to public keys, threshold value of acceptance () and threshold value for rejection ()

Outline

Gottesman and Chuang signature scheme is based on quantum one way functions, which take classical bit sting as input and give quantum states as output. Quantum Digital Signature (QDS) protocols can be divided into two stages: the distribution stage, where quantum signals (public keys) are sent to all recipients, and the messaging stage, where classical messages are signed, sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message. Distribution phase can be divided into the following steps:

  • Key Distribution:

Similarly, Messaging Phase is divided into the following steps:

  • Signing:
  • Transfer:

Properties

  • Sending m bits message uses O(m) quantum bits for each recipient.
  • The public keys can be used only once.
  • Unlike some classical information-theoretic (unconditional security) schemes which require secure anonymous broadcast channel or noisy channel, which are hard to achieve resources, the quantum scheme provides information-theoretic security by only demanding plausible quantum channels and modest interaction between parties involved.

Requirements

  • Network Stage:Quantum Memory
  • Relevant Network Parameters:
  • Benchmark values: No experimental implementation using qubits. See Experimental Papers (1) for implementation using coherent states.

Pseudocode

Further Information

This protocol was the first ever scheme designed for Quantum Digital Signatures. Due to unavailability of quantum memory at the current stage, this scheme has not seen enough experimental implementations, yet variations of the same without the need of quantum memory has some progress such as Prepare and Measure Quantum Digital Signature, Measurement Device Independent Quantum Digital Signature (MDI-QDS), etc.. Following is the list of a few more protocols with similar requirement (quantum memory) but small variations. Theoretical Papers

  1. GC-QDS (2001) uses quantum one way function f(); Private keys: classical input x, Public keys: quantum output f(x).
    1. Requires quantum memory, quantum one way function, authenticated quantum and classical channels, SWAP Test (universal quantum computer).
    2. Security: Information-theoretic
  2. ACJ (2006) discusses coherent states comparison with a QDS scheme outlined in the last section.
    1. Protocol uses the same protocol as (2) but replaces qubits with coherent states, thus replacing SWAP-Test with Coherent State Comparison. Additionally, it also requires quantum memory, authenticated quantum and classical channels, multiports.
    2. Security: Information-theoretic
  3. SWZY (2017) Discusses an attack and suggests corrections on existing QDS scheme using single qubit rotations. Protocol uses rotation, qubits, one-way hash function; Private keys: angle of rotation, Public keys: string of rotated quantum states.
    1. Requires random number generator, one-way hash function, quantum memory, key distribution.
    2. Security: Computational

Experimental Papers

  1. CCDAJB (2012) uses phase encoded coherent states, coherent state comparison
    1. Loss from multiport=7.5 dB, Length of the key=
*contributed by Shraddha Singh
Retrieved from "https://wiki.veriqloud.fr/index.php?title=Gottesman_and_Chuang_Quantum_Digital_Signature&oldid=2666"