Security of quantum digital signatures for classical messages
17 浏览量
2021-02-10
05:35:38
上传
评论
收藏 552KB PDF 举报
Security of quantum digital signatures for
classical messages
Tian-Yin Wang
1,2
, Xiao-Qiu Cai
1
, Yan-Li Ren
3
& Rui-Ling Zhang
4
1
School of Mathematical Science, Luoyang Normal University, Luoyang, 471022, China,
2
Start Travel Collaborative Innovation
center of Zhongyuan Economic area, Luoyang Normal University, Luoyang 471022, China,
3
School of Communication and
Information Engineering, Shanghai University, Shanghai, 200444, China,
4
School of Information Technology, Luoyang Normal
University, Luoyang 471022, China.
Quantum digital signatures can be used to authenticate classical messages in an information-theoretically
secure way. Previously, a novel quantum digital signature for classical messages has been proposed and gave
an experimental demonstration of distributing quantum digital signatures from one sender to two receivers.
Some improvement versions were subsequently presented, which made it more feasible with present
technology. These proposals for quantum digital signatures are basic building blocks which only deal with
the problem of sending single bit messages while no-forging and non-repudiation are guaranteed. For a
multi-bit message, it is only mentioned that the basic building blocks must be iterated, but the iteration of
the basic building block still does not suffice to define the entire protocol. In this paper, we show that it is
necessary to define the entire protocol because some attacks will arise if these building blocks are used in a
naive way of iteration. Therefore, we give a way of defining an entire protocol to deal with the problem of
sending multi-bit messages based on the basic building blocks and analyse its security.
D
igital signature (DS) is a fundamental cryptographic primitive, which has been frequently used in e-
commerce and e-government to ensure both the integrity and the origin of a message. However, the
degree of security provided by current classical digital signature (CDS) schemes generally depends on
certain unproven assumptions related to the intractability of certain difficult mathematical problems, such as big
number factorization problem
1
and discrete logarithmic problem
2
. With the rapid development of quantum
computing
3
, the security of such CDS schemes is seriously challenged.
Fortunately, quantum digital signature (QDS) provides a way of authenticating classical messages with
information-theoretic security against forging and repudiation. Gottesman and Chuang introduced the concept
of QDS in 2001, and proposed the first QDS scheme for classical messages based on quantum one-way functions
4
.
Recently, a novel QDS proposal for classical messages was put forth (named C-proposal hereafter), which has
been implemented using phase-encoded coherent states of light in experiments
5
. However, it needs quantum
memory like previous proposals, which makes it also unfeasible in practice with current technology. To deal with
this problem, Dunjko et al gave the first practical QDS proposal for classical messages, in which quantum memory
is no longer required
6
; in addition, this proposal has been implemented using just standard linear optical
components and photodetectors
7
. Furthermore, Dunjko et al presented another two different QDS protocols for
classical messages, which essentially only use the same experimental requirements as quantum key distribution
8
.
Most important of all, in contrast with other DS schemes, this kind of proposals
5–8
have an important advantage:
the trusted authorities are not needed any longer.
These QDS proposals
5–8
are basic building blocks, which only deal with the problem of sending single bit
messages while no-forging and non-repudiation are guaranteed. For a long multi-bit message, it is only men-
tioned that the basic building blocks must be iterated, but the iteration of the basic building blocks still does not
suffice to define the entire protocol, and therefore there still must be an additional set of rules which stipulate how
disputes are resolved, or how validity of a long message is proven and so on.
In this paper, we show that it is necessary to define the entire protocol because some attacks will arise if these
basic building blocks are used just in a naive way of iteration. Furthermore, based on the basic building blocks in
these proposals
5–8
, we propose an entire protocol to deal with the problem of sending multi-bit messages, in which
the rules on how to resolve disputes, and how to prove the validity of a multi-bit message and so on are given.
OPEN
SUBJECT AREAS:
QUANTUM MECHANICS
QUANTUM INFORMATION
Received
8 August 2014
Accepted
24 February 2015
Published
18 March 2015
Correspondence and
requests for materials
should be addressed to
T.-Y.W.
(wangtianyin79@
163.com)
SCIENTIFIC REPORTS | 5 : 9231 | DOI: 10.1038/srep09231 1
资源评论
