Gottesman and Chuang Quantum Digital Signature: Difference between revisions

Jump to navigation Jump to search

Gottesman and Chuang Quantum Digital Signature (edit)

Revision as of 15:47, 11 November 2018

4,102 bytes removed ,  11 November 2018
m
no edit summary
mNo edit summary
Line 9: Line 9:
*'''Relevant Network Parameters:'''
*'''Relevant Network Parameters:'''
*'''Benchmark values:'''
*'''Benchmark values:'''
==Use Case==
Online Transactions, Signing Marksheets


==Example:==  
==Example:==  
Line 26: Line 23:
===Properties===
===Properties===
----
----
*The protocol-
**involves three parties (Seller, Buyer, Verifier) exchanging one-bit classical messages.
**'''Requires''' quantum one-way function, quantum memory, [[authenticated]] quantum and classical channels
**assumes maximum number of participating parties are honest. In the present case at least two parties are honest.
**provides information-theoretic security
**provides security against repudiation, i.e. the probability that seller succeeds in making buyer and seller disagree on the validity of her sent quantum signature decays exponentially with L, as stated by the formula {equation}
**provides security against forgery, i.e. any recipient (verifier) with high probability rejects any message which was not originally sent by the seller herself. Forging probability is given by the formula, {equation}
===Pseudo Code===
===Pseudo Code===
----
----
*'''Notations Used:'''
*'''Notations Used:'''
**L: Length of keys used
==Relevant Papers==
**<math>s_a</math>: Threshold value for signing
**<math>s_v</math>: Threshold value for verification
**<math>|\psi^k\rangle</math>: Quantum Public key for message k 
**<math>\{\beta^k_1,...,\beta^k_L\}</math>: Classical Private key for classical one-bit message k
**<math>\beta^k_l</math>: Classical description of <math>l^{th}</math> qubit in <math>|\psi^k\rangle</math>
**<math>B^m</math>: Buyer's Eliminated Signature for message m
**<math>V^m</math>: Verifier's Eliminated Signature for message m
**<math>b^k_l</math>: Buyer’s random bit to determine the measurement basis of <math>l^{th}</math> qubit in <math>|\psi^k\rangle</math>
**<math>v^k_l</math>: Verifier’s random bit to determine the measurement basis of <math>l^{th}</math> qubit in <math>|\psi^k\rangle</math>
**<math>m_{b^k_l}</math>: measurement outcome of <math>b^k_l</math>
 
<u>'''Stage 1'''</u> Distribution
*'''Input''' L
*'''Output''' Seller: <math>\{\beta^0_1,...,\beta^0_L\},\{\beta^1_1,...,\beta^1_L\}</math>; Buyer: <math>B^0,B^1</math>; Verifier: <math>V^0,V^1</math>
**'''Key Distribution:'''
#For k = 0,1
## Seller prepares quantum public key <math>|\psi^k\rangle=\bigotimes^L_{l=1}|\beta^k_l\rangle</math>, where <math>\beta^k_l\in_R \{0,1,+,-\}</math>
## She sends Buyer (k,<math>|\psi^k\rangle</math>)
## She sends Verifier (k,<math>|\psi^k\rangle</math>)
**'''State Elimination:'''
#For k = 0,1
##For l = 1,2,...,L
### Buyer chooses <math>b^k_l \epsilon_R {0,1}</math>
###If <math>b^k_l=0</math>, Buyer measures his qubit in X basis <math>\{|+\rangle,|-\rangle\}</math>
###If <math>b^k_l=0</math>, Buyer measures his qubit in Z basis <math>\{|0\rangle,|1\rangle\}</math>
###'''return''' <math>m_{b^k_l}</math>
###<math>B^k_l=1-m_{b^k_l}</math>
 
**Verifier repeats steps 2(a)-2(b) with randomly chosen basis <math>v^k_l</math> to get his eliminated signature elements <math>V^k_l</math>
 
**'''Symmetrisation'''
##For k = 0,1
### Buyer chooses I<math>\subset_R\{1,2,...,L\}, |I|=[L/2]</math>
### <math>\forall i\epsilon I</math>, Buyer sends Verifier <math>(k,i,b^k_i,B^k_i)</math>
### Verifier chooses J<math>\subset_R\{1,2,...,L\}, |J|=[L/2]</math>
### <math>\forall j\epsilon J</math>, Verifier sends Buyer <math>(k,j,v^k_j,V^k_j)</math>
### <math>\forall j\epsilon J</math> Buyer replaces <math>B^k_l=V^k_l</math>
### <math>\forall i\epsilon I</math> Verifier replaces <math>V^k_l=B^k_l</math>
 
<u>'''Stage 2'''</u> Messaging
*'''Input''' Seller: Message m, Private Key for m: <math>\{\beta^m_1,...,\beta^m_L\}</math>
*'''Output''' Buyer: accept or abort, Verifier: accept or abort
**'''Signing:''' ’mismatch’ is when Buyer finds an eliminated signature element in Seller’s private key
# Seller sends Buyer (m,<math>\{\beta^m_1,...,\beta^m_L\}</math>)
# For l = 1,2,..,L
##Buyer counts the number of mismatches (<math>B^m_l=V^m_l</math>) and returns <math>S_b</math>
# If <math>S_b < s_aL/2</math>, Buyer accepts m else he aborts
**'''Transfer'''
# Buyer sends Verifier (m,<math>\{\beta^m_1,...,\beta^m_L\}</math>)
# For l = 1,2,....,L
##Verifier counts the number of mismatches (<math>V^m_l=B^m_l</math>) and returns <math>S_v</math>
# If <math>S_v < s_vL/2</math>, Verifier accepts m else he aborts
 
==Discussion==
*Theoretical Papers
*Theoretical Papers
# [https://arxiv.org/abs/quant-ph/0105032 GC-QDS (2001)] uses [[quantum one way function]] f(); Private keys: classical input x, Public keys: quantum output f(x). '''Requires''' quantum memory, quantum one way function, authenticated quantum and classical channels, [[SWAP Test]] (universal quantum computer). [[Unconditionally Secure]]
# [https://arxiv.org/abs/quant-ph/0105032 GC-QDS (2001)] uses [[quantum one way function]] f(); Private keys: classical input x, Public keys: quantum output f(x). '''Requires''' quantum memory, quantum one way function, authenticated quantum and classical channels, [[SWAP Test]] (universal quantum computer). [[Unconditionally Secure]]
Shraddha
Write, autoreview, editor, reviewer
3,129

edits

Retrieved from "https://wiki.veriqloud.fr/index.php?title=Special:MobileDiff/1222"

Navigation menu