Quantum Digital Signature

From Quantum Protocol Zoo
Revision as of 08:43, 11 November 2018 by Shraddha (talk | contribs)
Jump to navigation Jump to search

Functionality

Digital Signatures (DS) allow for the exchange of single or multiple bit classical messages from sender to multiple recipients, with a guarantee that the signature has come from a genuine sender and the properties of transferability, non-repudiation and unforgeability (see Properties).

Tags:Multi Party (three), Quantum Enhanced Classical Functionality, Specific Task, Blind Quantum Digital Signature, Arbitrated Signature, Quantum Proxy Signature, Designated Verifiable Quantum Signature, Limited Delegation of Quantum Signature

Protocols

For simlicity, most protocols use the case of three parties, one sender (Seller) and two recipients (Buyer and Verifier) exchanging one-bit classical messages signed by Quantum Digital Signatures (QDS).

Use Case

Signing e-Marksheet, Financial Transactions, Software Distribution, Cryptocurrencies, e-voting

Properties

All QDS protocols are divided into two phases, distribution and messaging. Distribution phase enables sender to generate private keys (kept secret with sender) and public keys (distributed to recipients) while messaging phase enables exchange of messages using the above keys.

  • A QDS scheme is correct if a message signed by a genuine sender is accepted by a recipient with unit probability.
  • A QDS scheme is secure if no one but the sender can sign a message such that it is accepted by a recipient with non-negligible probability.
  • Transferability means that at any point a recipient (buyer) can prove it to another recipient (verifier) that the concerned message has been signed by the claimed sender (Seller).
  • Unforgeability ensures that a dishonest recipient (buyer) can neither alter a DS nor sign a message with a fake DS (DS that has not come from a genuine sender) and forward it to other recipients (verifier) successfully.
  • Non-Repudiation implies that at any point a dishonest sender (seller) cannot deny having signed the message sent to a genuine recipient (Buyer).

Discussion

(Review Paper by Petros)