Quantum Digital Signature
Functionality
Digital Signatures (DS) allow for the exchange of single or multiple bit classical messages from sender to multiple recipients, with a guarantee that the signature has come from a genuine sender and the properties of transferability, non-repudiation and unforgeability (see Properties).
Protocols
For simlicity, most protocols use the case of three parties, one sender (Seller) and two recipients (Buyer and Verifier) exchanging one-bit classical messages signed by Quantum Digital Signatures (QDS).
- Prepare and Measure Quantum Digital Signature
- Quantum Digital Signature with Quantum Memory
- Measurement Device Independent Quantum Digital Signature (MDI-QDS)
Tags:Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Blind Quantum Digital Signature, Arbitrated Signature, Quantum Proxy Signature, Designated Verifiable Quantum Signature, Limited Delegation of Quantum Signature
Use Case
Signing e-Marksheet, Financial Transactions, Software Distribution, Cryptocurrencies, e-voting
Properties
All QDS protocols are divided into two phases, distribution and messaging. Distribution phase enables sender to generate private keys (kept secret with sender) and public keys (distributed to recipients) while messaging phase enables exchange of messages using the above keys.
- A QDS scheme is correct if a message signed by a genuine sender is accepted by a recipient with unit probability.
- A QDS scheme is secure if no one but the sender can sign a message such that it is accepted by a recipient with non-negligible probability.
- Transferability means that at any point a recipient (buyer) can prove it to another recipient (verifier) that the concerned message has been signed by the claimed sender (Seller).
- Unforgeability ensures that a dishonest recipient (buyer) can neither alter a DS nor sign a message with a fake DS (DS that has not come from a genuine sender) and forward it to other recipients (verifier) successfully.
- Non-Repudiation implies that at any point a dishonest sender (seller) cannot deny having signed the message sent to a genuine recipient (Buyer).
Discussion
(Review Paper by Petros)