Measurement Device Independent Quantum Digital Signature (MDI-QDS): Difference between revisions
| Line 10: | Line 10: | ||
Quantum Digital Signature protocols can be separated into two stages: the distribution stage, where quantum public keys are sent to all recipients, and the messaging stage, where classical messages are sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message.<br/> | Quantum Digital Signature protocols can be separated into two stages: the distribution stage, where quantum public keys are sent to all recipients, and the messaging stage, where classical messages are sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message.<br/> | ||
The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(1)]] and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps: | The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(1)]] and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps: | ||
*'''Key Distribution:''' Seller uses MDI-KGP twice with | *'''Key Distribution:''' Seller uses MDI-KGP twice with buyer and verifier, individually, to generate two different [[correlated]] keys, each. Both Seller and Receiver have two keys each, one for message bit 0 and one for message bit 1. Sender's signature for a particular message bit is a conjugation of corresponding key for message bit sent to the Buyer and the Verifier. | ||
*'''MDI-KGP:''' MDI-KGP consists of the following steps (only quantum communication part) from MDI-QKD protocol in [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(2)]]:</br> | *'''MDI-KGP:''' MDI-KGP consists of the following steps (only quantum communication part) from MDI-QKD protocol in [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(2)]]:</br> | ||
The MDI-QKD protocol requires a third party, arbitrator. The following steps are performed with Seller and each recipient, pairwise. | The MDI-QKD protocol requires a third party, arbitrator. The following steps are performed with Seller and each recipient, pairwise. | ||
Revision as of 03:10, 3 June 2019
The example protocol achieves the functionality of Quantum Digital Signature (QDS) by allowing exchange of messages using the procedure studied in Prepare and Measure Quantum Digital Signature but without trusting one's measurement devices, thus making the protocol device independent. It uses the security proof of MDI-QKD to the QDS scheme for insecure channels (1). This scheme involves three parties and is designed for signing one bit and the authors suggest that longer messages can be signed by iterating the same process. All three properties that define QDS i.e. non-repudiation, transferability and unforgeability are implied by the protocol.
Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Quantum Digital Signature (QDS), Prepare and Measure QDS
Assumptions
- There exists authenticated classical channels between Sender and Receiver and Sender and Verifier.
- Receiver and Verifier share a MDI-QKD link, used to transmit classical messages in full secrecy
Outline
Quantum Digital Signature protocols can be separated into two stages: the distribution stage, where quantum public keys are sent to all recipients, and the messaging stage, where classical messages are sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message.
The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels (1) and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps:
- Key Distribution: Seller uses MDI-KGP twice with buyer and verifier, individually, to generate two different correlated keys, each. Both Seller and Receiver have two keys each, one for message bit 0 and one for message bit 1. Sender's signature for a particular message bit is a conjugation of corresponding key for message bit sent to the Buyer and the Verifier.
- MDI-KGP: MDI-KGP consists of the following steps (only quantum communication part) from MDI-QKD protocol in (2):
The MDI-QKD protocol requires a third party, arbitrator. The following steps are performed with Seller and each recipient, pairwise.
- State Preparation:Seller and buyer/verifier prepare states in randomly chosen basis and randomly chosen intensity. These states are sent to the arbitrator
- Measurement:Arbitrator, if honest, performs Bell State Measurement (BSM) on the received states. If the measurement is successful, Bell state is communicated by arbitrator to over public channel.
- Sifting: In case of successful BSM, Seller and buyer/verifier exchange the information regarding the intensity and basis used to prepare states over authenticated quantum channel. Otherwise they discard their data. The data corresponding to successful measurements are grouped into two sets, depending on the basis used for preparation. The above steps are repeated until the cardinality of both sets is more than required threshold number of elements for each set. In the end, Buyer/Verifier flips his bits in his two sets according to the Bell state obtained in each case (given in Pseudo code below).
- Parameter Estimation:
- Symmetrisation: Buyer and Verifier exchange half of their randomly chosen eliminated signature elements. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receiver and makes the protocol secure against repudiation. Thus ends the distribution phase.
Similarly, Messaging Phase is divided into the following steps:
- Signing: Sender sends desired message and the corresponding signature to the desired receiver (called buyer). Buyer compares the private key with his eliminated signature for the corresponding message and counts the number of mismatches (eliminated signature element in seller's private key).
- Transfer: Buyer forwards the same message and private key to the other receiver (called verifier) who compares it with his eliminated signature for this message.
Requirements
- Network Stage: Prepare and Measure
- Required Parameters:
- Scalability:
- Authenticated quantum channel
- Authenticated classical channel
- MDI-QKD setup (without error correction and privacy amplification)
Properties
- The strings generated by Sender and Receiver are free from detector side channel attacks as one does not trust measurement devices.
- Implementation of long distance MDI-QKD (see Further Information in MDI-QKD) employs establishes long distance QDS protocol without side channel attacks
- It is valid against repudiation and forging attacks
Pseudocode
Further Information
References