Editing Blind Delegation of Quantum Digital Signature (section)

==Protocol Description==

Every pair of parties share different quantum key matrices <math>K_{AB}</math>, <math>K_{AC}</math> and <math>K_{BC}</math> respectively using Simon et al.’s QKD algorithm.
The key matrices <math>K_{AB}</math>, <math>K_{AC}</math> and <math>K_{BC}</math> are either Fibonacci or Lucas or Fibonacci-Lucas matrices.
The protocol consists of 5 stages:

# Setup
## The owner who transforms the message into an <math>n</math>-square matrix and blinds the matrix.
## The signer who signs the blind message.
## The verifier who checks if a signature matches the message.
# Key Distribution
## Every pair uses Simon et al.'s QKD protocol to establish their pairwise key matrices <math>\{K_{AB}^1, K_{AB}^2,..., K_{AB}^\alpha\} = K_{AB}</math> between Owner and Signer; <math>\{K_{BC}^1, K_{BC}^2,..., K_{BC}^\alpha\} = K_{BC}</math> between Signer and Verifier; <math>\{K_{AC}^1, K_{AC}^2,..., K_{AC}^\alpha\} = K_{AC}</math> between Owner and Verifier.
# Message Blinding
## The Owner transforms the message into matrices <math>(M_1, M_2,..., M_\alpha) = M</math> where <math>M_k = (m_{tj})_{n\times n}</math>, <math>k \in \{1,2,..., \alpha\}, t,j \in \{1,2,..., n\}</math>.
## The Owner blinds the message matrix using <math>K_{AC}</math> <br/> <math> M'_k = M_k \times K^k_{AC} k \in \{1,2,...,\alpha\} </math>
## The Owner now encrypts the message matrix using <math>K_{AB}</math> <br/> <math> M''_k = M'_k \times K^k_{AB} k \in \{1,2,...,\alpha\} </math>
## Finally, the Owner sends <math>(M''_k, det(M'_k))</math> to the Signer, and <math>det(M_k)</math> to the Verifier.
# Signing
## The Signer decrypts <math>M''_k</math> with the key <math>K^k_{AB}</math> to obtain <math>M'_k</math>. <br/> <math>M'_k = M''_k \times (K_{AB}^k)^{-1} </math> <br/> where <math>(K_{AB}^k)^{-1}</math> denotes the inverse matrix of <math>K_{AB}^k</math>.
## If the determinant of <math>M'_k</math> recovered by the Signer is not equal to the value of the determinant obtained from the Owner, the Signer aborts the protocol. Otherwise, he performs the next step.
## He signs the blind message <math>M'_k</math> using <math>K_{BC}^k</math>. The signature is <br/> <math> S^k = M'_k \times K_{BC}^k </math>
## He then sends the signature <math>S = \{S^1, S^2,..., S^\alpha\}</math> to the Verifier.
# Verification
## The Verifier decrypts the signature <math>S</math> using <math>K_{BC}^k</math> to obtain the blind message <math>M'</math>. <br/> <math> M'_k = S^k \times (K_{BC}^k)^{-1} </math>
## The Verifier then un-blinds the message <math>M'</math> using <math>K_{AC}^k</math> to obtain the message <math>M</math>. <br/> <math> M_k = M'_k \times (K_{AC}^k)^{-1} </math>
## He then checks if the determinant of <math>M</math> obtained from the signature is the same as <math>det(M)</math> obtained from the Owner. If it holds, he verifies the following equations: <br/> <math> det(S^k) = det(M'_kK_{BC}^k) = det(M'_k) \times det(T^n_p) </math> <br/> <math> = (-1)^ndet(M'_k) = (-1)^{2n}det(M_k) </math>