Authentication of Quantum Messages: Difference between revisions
Line 1: | Line 1: | ||
==Functionality== | ==Functionality== | ||
If a person sends some information over an insecure channel (a dishonest/malicious party has access to the channel), what is the guarantee that the receiver on the other end will receive the same information as sent and not something which is modified or replaced by the dishonest party? Authentication of quantum channels/quantum states/quantum messages provides this guarantee to the users of a quantum communication line/ channel. The sender is called the suppliant (prover) and the receiver is called the authenticator. Note that, it is different from the functionality of [[Quantum Digital Signature|digital signatures]], a multi-party (more than two) protocol, which comes with additional properties (non-repudiation, unforgeability and transferability). Also, authenticating quantum states is possible but signing quantum states is impossible, as concluded in [[Authentication of Quantum Messages#References|(1)]]. | If a person sends some information over an insecure channel (a dishonest/malicious party has access to the channel), what is the guarantee that the receiver on the other end will receive the same information as sent and not something which is modified or replaced by the dishonest party? Authentication of quantum channels/quantum states/quantum messages provides this guarantee to the users of a quantum communication line/ channel. The sender is called the suppliant (prover) and the receiver is called the authenticator. Note that, it is different from the functionality of [[Quantum Digital Signature|digital signatures]], a multi-party (more than two) protocol, which comes with additional properties (non-repudiation, unforgeability and transferability). Also, authenticating quantum states is possible but signing quantum states is impossible, as concluded in [[Authentication of Quantum Messages#References|(1)]]. | ||
Unlike [[classical message authentication|Authentication of Classical Messages]] | |||
'''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[Quantum Digital Signature]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]] | '''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[Quantum Digital Signature]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]] |
Revision as of 04:26, 27 January 2020
Functionality
If a person sends some information over an insecure channel (a dishonest/malicious party has access to the channel), what is the guarantee that the receiver on the other end will receive the same information as sent and not something which is modified or replaced by the dishonest party? Authentication of quantum channels/quantum states/quantum messages provides this guarantee to the users of a quantum communication line/ channel. The sender is called the suppliant (prover) and the receiver is called the authenticator. Note that, it is different from the functionality of digital signatures, a multi-party (more than two) protocol, which comes with additional properties (non-repudiation, unforgeability and transferability). Also, authenticating quantum states is possible but signing quantum states is impossible, as concluded in (1). Unlike Authentication of Classical Messages
Tags: Two Party Protocol, Quantum Digital Signature, Quantum Functionality, Specific Task, Building Block
Use Case
- No classical analogue
Protocols
- Non-interactive Protocols
- Interactive Protocols
Properties
- Any scheme which authenticates quantum messages must also encrypt them. (1)
- Definition 1: A quantum authentication scheme (QAS) is a pair of polynomial time quantum algorithms (suppliant) and (authenticator) together with a set of classical keys such that:
- takes as input an -qubit message system and a key and outputs a transmitted system of qubits.
- takes as input the (possibly altered) transmitted system ' and a classical key and outputs two systems: a -qubit message state , and a single qubit which indicates acceptance or rejection. The classical basis states of are called by convention. For any fixed key , we denote the corresponding super-operators by and .
- For non-interactive protocols, a QAS is secure with error for a state if it satisfies:
- Completeness: For all keys Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle k\epsilon K: A_k(S_k(|\psi\rangle \langle\psi|)=|\psi\rangle \langle\psi| \otimes |ACC\rangle \langle ACC|}
- Soundness: : For all super-operators , let Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \rho_{auth}} be the state output be when the adversary’s intervention
is characterized by , that is:
Further Information
- Barnum et al (2002) First protocol on authentication of quantum messages. It is also used later for verification of quantum computation in Interactive Proofs for Quantum Computation. Protocol file for this article is given as the Polynomial Code based Quantum Authentication