Measurement Device Independent Quantum Digital Signature (MDI-QDS): Difference between revisions
Line 11: | Line 11: | ||
The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(1)]] and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps: | The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(1)]] and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps: | ||
*'''Key Distribution:''' Seller uses MDI-KGP twice with Buyer and Verifier, each, to generate four different [[correlated]] keys. Both Seller and Receiver have two keys each, one for message bit 0 and one for message bit 1. Sender's signature for a particular message bit is a conjugation of corresponding key for message bit sent to the Buyer and the Verifier. | *'''Key Distribution:''' Seller uses MDI-KGP twice with Buyer and Verifier, each, to generate four different [[correlated]] keys. Both Seller and Receiver have two keys each, one for message bit 0 and one for message bit 1. Sender's signature for a particular message bit is a conjugation of corresponding key for message bit sent to the Buyer and the Verifier. | ||
*'''MDI-KGP:''' MDI-KGP consists of the following steps (only quantum communication part) from MDI-QKD protocol in [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(2)]]: | *'''MDI-KGP:''' MDI-KGP consists of the following steps (only quantum communication part) from MDI-QKD protocol in [[Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(2)]]:</br> | ||
**''State Preparation'' | The MDI-QKD protocol assumes a trusted third party, arbitrator. The following steps are performed with Seller and each recipient, pairwise. | ||
**''Measurement'' | **''State Preparation'' Seller and buyer/verifier prepare states in randomly chosen basis (from [[X, Z bases]]) and chosen intensity. These states are sent to the arbitrator | ||
**''Sifting'' | **''Measurement'' Arbitrator, if honest, performs Bell measurement on the received states. If the measurement is successful, Bell state is communicated by arbitrator over public channel. | ||
**''Sifting'' Seller and buyer/verifier exchange the information regarding the intensity and basis used to prepare states, in case of successful Bell measurement. These states are grouped into two sets, depending on the basis used for preparation. The above steps are repeated until the cardinality of both sets is more than required threshold number of elements for each set. | |||
**''Parameter Estimation'' | **''Parameter Estimation'' | ||
*'''Symmetrisation:''' Buyer and Verifier exchange half of their randomly chosen eliminated signature elements. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receiver and makes the protocol secure against repudiation. Thus ends the distribution phase. | *'''Symmetrisation:''' Buyer and Verifier exchange half of their randomly chosen eliminated signature elements. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receiver and makes the protocol secure against repudiation. Thus ends the distribution phase. |
Revision as of 17:47, 28 May 2019
The example protocol achieves the functionality of Quantum Digital Signature (QDS) by allowing exchange of messages using the procedure studied in Prepare and Measure Quantum Digital Signature but without trusting one's measurement devices, thus making the protocol device independent. It uses the security proof of MDI-QKD to the QDS scheme for insecure channels (1). This scheme involves three parties and is designed for signing one bit and the authors suggest that longer messages can be signed by iterating the same process. All three properties that define QDS i.e. non-repudiation, transferability and unforgeability are implied by the protocol.
Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Quantum Digital Signature (QDS), Prepare and Measure QDS, QKD
Assumptions
- There exists authenticated classical channels between Sender and Receiver and Sender and Verifier.
- Receiver and Verifier share a MDI-QKD link, used to transmit classical messages in full secrecy
Outline
Quantum Digital Signature protocols can be separated into two stages: the distribution stage, where quantum public keys are sent to all recipients, and the messaging stage, where classical messages are sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message.
The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels (1) and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps:
- Key Distribution: Seller uses MDI-KGP twice with Buyer and Verifier, each, to generate four different correlated keys. Both Seller and Receiver have two keys each, one for message bit 0 and one for message bit 1. Sender's signature for a particular message bit is a conjugation of corresponding key for message bit sent to the Buyer and the Verifier.
- MDI-KGP: MDI-KGP consists of the following steps (only quantum communication part) from MDI-QKD protocol in (2):
The MDI-QKD protocol assumes a trusted third party, arbitrator. The following steps are performed with Seller and each recipient, pairwise.
- State Preparation Seller and buyer/verifier prepare states in randomly chosen basis (from X, Z bases) and chosen intensity. These states are sent to the arbitrator
- Measurement Arbitrator, if honest, performs Bell measurement on the received states. If the measurement is successful, Bell state is communicated by arbitrator over public channel.
- Sifting Seller and buyer/verifier exchange the information regarding the intensity and basis used to prepare states, in case of successful Bell measurement. These states are grouped into two sets, depending on the basis used for preparation. The above steps are repeated until the cardinality of both sets is more than required threshold number of elements for each set.
- Parameter Estimation
- Symmetrisation: Buyer and Verifier exchange half of their randomly chosen eliminated signature elements. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receiver and makes the protocol secure against repudiation. Thus ends the distribution phase.
Similarly, Messaging Phase is divided into the following steps:
- Signing: Sender sends desired message and the corresponding signature to the desired receiver (called buyer). Buyer compares the private key with his eliminated signature for the corresponding message and counts the number of mismatches (eliminated signature element in seller's private key).
- Transfer: Buyer forwards the same message and private key to the other receiver (called verifier) who compares it with his eliminated signature for this message.
Requirements
Properties
- The strings generated by Sender and Receiver are free from detector side channel attacks as one does not trust measurement devices.
- Implementation of long distance MDI-QKD (see Further Information in MDI-QKD) employs establishes long distance QDS protocol without side channel attacks
- It is valid against repudiation and forging attacks
Pseudocode
Further Information
References