Polynomial Code based Quantum Authentication: Difference between revisions

The paper Authentication of Quantum Messages by Barnum et al. provides a non-interactive scheme for the sender to encrypt as well as authenticate quantum messages. It was the first protocol designed to achieve the task of authentication for quantum states, i.e. it gives the guarantee that the message sent by a party (suppliant) over a communication line is received by a party on the other end (authenticator) as it is and, has not been tampered with or modified by the dishonest party (eavesdropper).

Tags: Two Party Protocol, Quantum Functionality, Specific Task, Building Block

Assumptions

• The sender and the receiver share a private, classical random key drawn from a probability distribution

Notations

• ${\displaystyle {\mathcal {S}}}$: suppliant (sender)
• ${\displaystyle {\mathcal {A}}}$: authenticator (prover)
• ${\displaystyle \rho }$: quantum message to be sent
• ${\displaystyle m}$: number of qubits in the message ${\displaystyle \rho }$
• ${\displaystyle \{Q_{k}\}}$: stabilizer purity testing code, each stabilizer code is identified by index ${\displaystyle k}$
• ${\displaystyle n}$: number of qubits used to encode the message with ${\displaystyle \{Q_{k}\}}$
• ${\displaystyle x}$: random binary ${\displaystyle 2m}$-bit key
• ${\displaystyle s}$: security parameter

Properties

• For a ${\displaystyle m}$-qubit message, the protocol requires ${\displaystyle m+s}$ qubits to encode the quantum message.
• The protocol requires a private key of size ${\displaystyle 2m+O(s)}$.

Protocol Description

• Preprocessing: ${\displaystyle {\mathcal {S}}}$ and ${\displaystyle {\mathcal {A}}}$ agree on some stabilizer purity testing code ${\displaystyle \{Q_{k}\}}$ and some private and random binary strings ${\displaystyle k,x,y}$.
  • ${\displaystyle k}$ is used to choose a random stabilizer code ${\displaystyle Q_{k}}$
  • ${\displaystyle x}$ is a ${\displaystyle 2m}$-bit random key used for q-encryption
  • ${\displaystyle y}$ is a random syndrome
• Encryption and encoding:

1. ${\displaystyle {\mathcal {S}}}$ q-encrypts the ${\displaystyle m}$-qubit original message ${\displaystyle \rho }$ as ${\displaystyle \tau }$ using the classical key ${\displaystyle x}$ and a quantum one-time pad. This encryption is given by ${\displaystyle \tau =\sigma _{x}^{{\vec {t}}_{1}}\sigma _{z}^{{\vec {t}}_{2}}\rho \sigma _{z}^{{\vec {1}}_{1}}\sigma _{x}^{{\vec {t}}_{1}}}$, where ${\displaystyle {\vec {t}}_{1}}$ and ${\displaystyle {\vec {t}}_{2}}$ are ${\displaystyle m}$-bit vectors and given by the random binary key ${\displaystyle x}$.
2. ${\displaystyle {\mathcal {S}}}$ then encodes ${\displaystyle \tau }$ according to ${\displaystyle Q_{k}}$ with syndrome ${\displaystyle y}$, which results in the ${\displaystyle n}$-qubit state ${\displaystyle \sigma }$. This means ${\displaystyle {\mathcal {S}}}$ encodes ${\displaystyle \rho }$ in ${\displaystyle n}$ qubits using ${\displaystyle Q_{k}}$, and then "applies" errors according to the random syndrome.
3. ${\displaystyle {\mathcal {S}}}$ sends ${\displaystyle \sigma }$ to ${\displaystyle {\mathcal {A}}}$.

• Decoding and decryption:

1. ${\displaystyle {\mathcal {A}}}$ receives the ${\displaystyle n}$ qubits, whose state is denoted by ${\displaystyle \sigma ^{\prime }}$.
2. ${\displaystyle {\mathcal {A}}}$ measures the syndrome ${\displaystyle y^{\prime }}$ of the code ${\displaystyle Q_{k}}$ on his ${\displaystyle n}$ qubits in state ${\displaystyle \sigma ^{\prime }}$.
3. ${\displaystyle {\mathcal {A}}}$ compares the syndromes ${\displaystyle y}$ and ${\displaystyle y^{\prime }}$ and aborts the process if they are different.
4. ${\displaystyle {\mathcal {A}}}$ decodes his ${\displaystyle n}$-qubit word according to ${\displaystyle Q_{k}}$ obtaining ${\displaystyle \tau ^{\prime }}$.
5. ${\displaystyle {\mathcal {A}}}$ q-decrypts ${\displaystyle \tau ^{\prime }}$ using the random binary strings ${\displaystyle x}$ obtaining ${\displaystyle \rho ^{\prime }}$.

Further Information

References

1. Barnum et al. (2002).