Measurement Device Independent Quantum Digital Signature (MDI-QDS): Difference between revisions
Line 26: | Line 26: | ||
==Properties== | ==Properties== | ||
* The strings generated by Sender and Receiver are free from detector side channel attacks as one does not trust measurement devices. | * The strings generated by Sender and Receiver are free from detector side channel attacks as one does not trust measurement devices. | ||
* Implementation of long distance MDI-QKD | * Implementation of long distance MDI-QKD [Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(3)] employs establishes long distance QDS protocol without side channel attacks | ||
* It is valid against repudiation and forging attacks | * It is valid against repudiation and forging attacks | ||
==Pseudocode== | ==Pseudocode== | ||
Revision as of 05:14, 3 June 2019
The example protocol achieves the functionality of Quantum Digital Signature (QDS) by allowing exchange of messages using the procedure studied in Prepare and Measure Quantum Digital Signature but without trusting one's measurement devices, thus making the protocol device independent. It uses the security proof of MDI-QKD to the QDS scheme for insecure channels (1). This scheme involves three parties and is designed for signing one bit and the authors suggest that longer messages can be signed by iterating the same process. All three properties that define QDS i.e. non-repudiation, transferability and unforgeability are implied by the protocol.
Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Quantum Digital Signature (QDS), Prepare and Measure QDS
Assumptions
- There exists authenticated classical channels between seller and buyer, and, seller and verifier.
- Receiver and verifier share a MDI-QKD link, used to transmit classical messages in full secrecy.
- Adversary is allowed to perform coherent attacks, which is the most general class of attacks QKD protocols are vulnerable to, due to experimental realisation.
Outline
Quantum Digital Signature protocols can be separated into two stages: the distribution stage, where quantum public keys are sent to all recipients, and the messaging stage, where classical messages are sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message.
The following protocol consists of only quantum communication in the distribution phase and only classical communication in the messaging phase. It uses the protocol for QDS with insecure channels (1) and replaces KGP (Key generation protocol) with Measurement Device Independent KGP (MDI-KGP). Distribution phase can be divided into the following steps:
- Key Distribution: Seller uses MDI-KGP twice with buyer and verifier, to generate two different keys with each, one for message bit 0 and one for message bit 1. Seller's signature for a particular message bit is a conjugation/concatenation of corresponding key for message bit sent to the buyer and the verifier. Below is an overview of MGI-KGP extracted from MDI-QKD (page to be visited in case more explanation is required)
- MDI-KGP: MDI-KGP consists of only quantum communication part from MDI-QKD protocol in (2). This protocol requires an untrusted third party sitting in the middle of the participating parties, arbitrator. The following steps are performed with seller and each receiver, pairwise for each possible bit (0 and 1). Seller and receiver, both separately prepare a state in a randomly chosen basis (of the two chosen bases, say rectilinear (X basis) and diagonal (Z basis)), and send it to the arbitrator. The arbitrator performs Bell State Measurement on the two incoming states. A successful BSM entangles the two states and the outcome of the measurement is one of the four Bell States, which is declared by the arbitrator over public channel. This process is repeated until sifting condition is met. In sifting, seller and receiver then exchange the preparation basis chosen for each event, which is neglected if the basis is mismatched. If matched then, depending on the basis chosen, data (classical information of their own states/ classical bits) corresponding to each event is classified into two sets. This is repeated unless cardinality of the two sets is above a certain threshold number of elements. The receiver flips his bits (set elements) for each event according to the table shown in Pseudo Code. It is done to correlate seller's bits with receiver's bits. This marks the end of Sifting. Finally, one of the sets is used for error correction in MDI-QKD (not the concern of this protocol), while the other set is divided into two parts, one to be used as the code key and the other, to calculate the error rate. If error rate is greater than the tolerance value decided, the protocol is aborted by both parties. The signature/private key of seller for a particular message bit is the concatenation of both buyer and verifier's code keys corresponding to that bit.
- Symmetrisation: Buyer and Verifier exchange half of their MGI-KGP keys over MDI-QKD link. These become the final keys of the recipients. This prevents a dishonest seller succeed in cheating by sending dissimilar public keys to the receiver and makes the protocol secure against repudiation. Thus ends the distribution phase.
Similarly, Messaging Phase is divided into the following steps:
- Signing: Sender sends desired message and the corresponding signature to the desired receiver (called buyer). Buyer checks for mismatches, first with his half of the key, received directly from Seller and then, with verifier's half shared with him during symmterisation. If there are fewer mismatches than the decided threshold (to check for repudiation, determined by experimental parameters) then buyer accepts the signature.
- Transfer: Buyer forwards the same message and private key to the other receiver (called verifier) who compares it with his key for this message bit in the same way as the buyer, but with a different threshold value (to check for forgery and repudiation).
Requirements
- Network Stage: Prepare and Measure
- Authenticated quantum channel
- Authenticated classical channel
- MDI-QKD setup (without error correction and privacy amplification)
Properties
- The strings generated by Sender and Receiver are free from detector side channel attacks as one does not trust measurement devices.
- Implementation of long distance MDI-QKD [Measurement Device Independent Quantum Digital Signature (MDI-QDS)#References|(3)] employs establishes long distance QDS protocol without side channel attacks
- It is valid against repudiation and forging attacks
Pseudocode
Further Information
References