Gottesman and Chuang Quantum Digital Signature: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
Line 94: Line 94:
==Discussion==
==Discussion==
*Theoretical Papers
*Theoretical Papers
#[https://arxiv.org/abs/1403.5551  WDKA (2015)] above example
# [https://arxiv.org/abs/quant-ph/0105032 GC-QDS (2001)] uses [[quantum one way function]] f(); Private keys: classical input x, Public keys: quantum output f(x). '''Requires''' quantum memory, quantum one way function, authenticated quantum and classical channels, [[SWAP Test]] (universal quantum computer). [[Unconditionally Secure]]
# [https://arxiv.org/abs/quant-ph/0105032 GC-QDS (2001)] uses [[quantum one way function]] f(); Private keys: classical input x, Public keys: quantum output f(x). '''Requires''' quantum memory, quantum one way function, authenticated quantum and classical channels, [[SWAP Test]] (universal quantum computer). [[Unconditionally Secure]]. [[Network Stage: Quantum Memory]]
#[https://arxiv.org/abs/quant-ph/0601130 ACJ (2006)] discusses coherent states comparison with a QDS scheme outlined in the last section. Protocol uses the same protocol as (2) but replaces qubits with [[coherent states]], thus replacing SWAP-Test with [[Coherent State Comparison]]. Additionally, it also requires quantum memory, authenticated quantum and classical channels, [[multiports]]. [[Unconditionally Secure]]
#[https://arxiv.org/abs/quant-ph/0601130 ACJ (2006)] discusses coherent states comparison with a QDS scheme outlined in the last section. Protocol uses the same protocol as (2) but replaces qubits with [[coherent states]], thus replacing SWAP-Test with [[Coherent State Comparison]]. Additionally, it also requires quantum memory, authenticated quantum and classical channels, [[multiports]]. [[Unconditionally Secure]], [[Network Stage: Quantum Memory]]
#[https://www.sciencedirect.com/science/article/pii/S0030402617308069 SWZY (2017)] Discusses an attack and suggests corrections on existing QDS scheme using single qubit rotations. Protocol uses rotation, qubits, [[one-way hash function]]; Private keys: angle of rotation, Public keys: string of rotated quantum states. '''Requires''' [[random number generator]], [[one-way hash function]], quantum memory, key distribution. [[Computationally Secure]]
#[https://arxiv.org/abs/1309.1375 DWA (2013)] first QDS scheme without quantum memory based on [https://arxiv.org/abs/quant-ph/0601130 (3)]. '''Requires''' [[Coherent States]], authenticated quantum and classical channels, [[multiports]], [[Unambiguous State Discrimination (USD)]] (State Elimination), no symmetrisation required. [[Unconditionally Secure]]. [[Network Stage: Prepare and Measure]]
#[https://journals.aps.org/pra/abstract/10.1103/PhysRevA.90.042335 AL (2014)] Establishes coherent state mapping of (2). Replaces SWAP Test with beam splitters. Uses [[Unambiguous State Discrimination (USD)]] (State Elimination). '''Requires''' [[Phase encoded Coherent states]], [[Balanced Beam Splitters]]. No explicit security proof provided. [[Network Stage: Prepare and Measure]]
#[https://arxiv.org/abs/1505.07509 AWA (2015)] security proof for generalisation of [https://arxiv.org/abs/1403.5551  WDKA (2015)] and [https://arxiv.org/abs/1309.1375 DWA (2013)] to more than two recipients case.
#[https://www.researchgate.net/publication/280062082_Practical_Quantum_Digital_Signature YFC (2016)] first QDS scheme without authenticated (trusted) quantum channels. Demonstrates one protocol with two implementation, [[two copies of single photon]] method and  [[decoy state]] method. First uses single qubit photons in three bases; Private key: classical description of states, Public key: pair of [[non-orthogonal states]] in any two of the three bases. '''Requires''' authenticated classical channels, [[polarisation measurement]] in three bases, [[Unambiguous State Discrimination (USD)]] (State Elimination), uses quantum correlations to check authentication.  Decoy State method uses [[phase-randomised weak coherent states]], [[50:50 Beam Splitter (BS)]], [[Unconditionally Secure]] [[Network Stage: Prepare and Measure]].
#[https://www.researchgate.net/publication/280034032_Secure_Quantum_Signatures_Using_Insecure_Quantum_Channels  AWKA (2015)] QDS scheme without authenticated quantum channels using parameter estimation phase. Uses a Key Generations Protocol (KGP) where noise threshold for Seller-Buyer and Seller-Verifier is better than when distilling secret key from QKD. Seller sends different key to Buyer and Verifier using KGP. This anamoly is justifiable due to symmetrisation.'''Requires''' authenticated classical channels, [[decoy state BB84 QKD]] setup. [[Unconditionally Secure]] [[Network Stage: Prepare and Measure]].
#[http://iopscience.iop.org/article/10.1088/1742-6596/766/1/012021 MH (2016)] security proof for generalisation of [https://www.researchgate.net/publication/280034032_Secure_Quantum_Signatures_Using_Insecure_Quantum_Channels  AWKA (2015)] to more than two recipients case.
#[https://www.nature.com/articles/srep09231 WCRZ (2015)] demonstrates sending multi-bit classical messages using [https://www.researchgate.net/publication/280034032_Secure_Quantum_Signatures_Using_Insecure_Quantum_Channels  AWKA (2015)] or other similar protocols.
#[https://www.sciencedirect.com/science/article/pii/S0030402617308069 SWZY (2017)] Discusses an attack and suggests corrections on existing QDS scheme using single qubit rotations. Protocol uses rotation, qubits, [[one-way hash function]]; Private keys: angle of rotation, Public keys: string of rotated quantum states. '''Requires''' [[random number generator]], [[one-way hash function]], quantum memory, key distribution. [[Computationally Secure]], [[Third Network Stage: Quantum Memory|Third Network Stage (Quantum Memory)]]
*Experimental Papers
*Experimental Papers

Revision as of 12:12, 7 November 2018

Functionality Description

Digital Signatures (QDS) allow the exchange of classical messages from sender to multiple recipients, with a guarantee that the signature has come from a genuine sender. Additionally, it comes with the properties of (i) transferability i.e. messages with DS can be forwarded from one recipient to another such that DS is verifiable to have come from the original sender, (ii) non-repudiation i.e at any stage after sending the message to one recipient, sender cannot deny having sent the message and corresponding DS, and (iii) unforgeability i.e. a dishonest recipient cannot alter or fake the sender's DS and forward it to other recipients successfully.
Such protocols require parties to store quantum states for comparison at a later stage. For simplicity, most protocols take into account the case of one sender and two recipients (Seller, buyer and verifier) exchanging single-bit classical messages.

Tags: Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Quantum Digital Signature, Prepare and Measure Quantum Digital Signature, Measurement Device Independent Quantum Digital Signature (MDI-QDS)

Requirements

  • Network Stage: Quantum Memory
  • Relevant Network Parameters:
  • Benchmark values:

Use Case

Online Transactions, Signing Marksheets

Example:

Outline


Quantum Digital Signature (QDS) protocols can be separated into two stages: the distribution stage, where quantum signals (public keys) are sent to all recipients, and the messaging stage, where classical messages are signed, sent and verified. Here, we take the case of three parties, one sender (referred to as seller) and two receivers (buyer and verifier) sharing a one bit message. Distribution phase can be divided into the following steps:

  • Key Distribution:
Figure

Similarly, Messaging Phase is divided into the following steps:

  • Signing:
  • Transfer:

Properties


  • The protocol-
    • involves three parties (Seller, Buyer, Verifier) exchanging one-bit classical messages.
    • Requires quantum one-way function, quantum memory, authenticated quantum and classical channels
    • assumes maximum number of participating parties are honest. In the present case at least two parties are honest.
    • provides information-theoretic security
    • provides security against repudiation, i.e. the probability that seller succeeds in making buyer and seller disagree on the validity of her sent quantum signature decays exponentially with L, as stated by the formula {equation}
    • provides security against forgery, i.e. any recipient (verifier) with high probability rejects any message which was not originally sent by the seller herself. Forging probability is given by the formula, {equation}

Pseudo Code


  • Notations Used:
    • L: Length of keys used
    • : Threshold value for signing
    • : Threshold value for verification
    • : Quantum Public key for message k
    • : Classical Private key for classical one-bit message k
    • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \beta^k_l} : Classical description of qubit in
    • : Buyer's Eliminated Signature for message m
    • : Verifier's Eliminated Signature for message m
    • : Buyer’s random bit to determine the measurement basis of qubit in
    • : Verifier’s random bit to determine the measurement basis of qubit in
    • : measurement outcome of

Stage 1 Distribution

  • Input L
  • Output Seller: ; Buyer: ; Verifier:
    • Key Distribution:
  1. For k = 0,1
    1. Seller prepares quantum public key , where
    2. She sends Buyer (k,)
    3. She sends Verifier (k,)
    • State Elimination:
  1. For k = 0,1
    1. For l = 1,2,...,L
      1. Buyer chooses
      2. If , Buyer measures his qubit in X basis
      3. If , Buyer measures his qubit in Z basis
      4. return
    • Verifier repeats steps 2(a)-2(b) with randomly chosen basis to get his eliminated signature elements
    • Symmetrisation
    1. For k = 0,1
      1. Buyer chooses I
      2. , Buyer sends Verifier
      3. Verifier chooses J
      4. , Verifier sends Buyer
      5. Buyer replaces
      6. Verifier replaces

Stage 2 Messaging

  • Input Seller: Message m, Private Key for m:
  • Output Buyer: accept or abort, Verifier: accept or abort
    • Signing: ’mismatch’ is when Buyer finds an eliminated signature element in Seller’s private key
  1. Seller sends Buyer (m,)
  2. For l = 1,2,..,L
    1. Buyer counts the number of mismatches () and returns
  3. If , Buyer accepts m else he aborts
    • Transfer
  1. Buyer sends Verifier (m,)
  2. For l = 1,2,....,L
    1. Verifier counts the number of mismatches () and returns
  3. If , Verifier accepts m else he aborts

Discussion

  • Theoretical Papers
  1. GC-QDS (2001) uses quantum one way function f(); Private keys: classical input x, Public keys: quantum output f(x). Requires quantum memory, quantum one way function, authenticated quantum and classical channels, SWAP Test (universal quantum computer). Unconditionally Secure
  2. ACJ (2006) discusses coherent states comparison with a QDS scheme outlined in the last section. Protocol uses the same protocol as (2) but replaces qubits with coherent states, thus replacing SWAP-Test with Coherent State Comparison. Additionally, it also requires quantum memory, authenticated quantum and classical channels, multiports. Unconditionally Secure
  3. SWZY (2017) Discusses an attack and suggests corrections on existing QDS scheme using single qubit rotations. Protocol uses rotation, qubits, one-way hash function; Private keys: angle of rotation, Public keys: string of rotated quantum states. Requires random number generator, one-way hash function, quantum memory, key distribution. Computationally Secure
  • Experimental Papers