A note on an arbitrated quantum signature scheme
Olivier Markowitch2009
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Zeng and Keitel proposed an arbitrated quantum signature scheme in 2002. Recently, Curty and Lütkenhaus pointed out that the protocol is not operationally specified. In a reply, Zeng gave more details of the scheme. The author also claimed that the scheme is suitable for unknown messages. In this letter, we remark that the invented scenario in the original scheme is artificial. This is because its security entirely depends on the presence of a trustworthy arbitrator. Moreover, the claim that the original scheme is suitable for unknown messages is not sound.
Related papers
13 On the security of arbitrated quantum signature schemes.pdf
Due to the potential capability of providing unconditional security, arbitrated quantum signature (AQS) schemes, whose implementation depends on the participation of a trusted third party, received intense attention in the past decade. Recently, some typical AQS schemes were cryptanalyzed and improved. In this paper, we analyze the security property of some AQS schemes and show that all the previous AQS schemes, no matter whether original or improved, are still insecure in the sense that the messages and the corresponding signatures can be exchanged among different receivers, allowing the receivers to deny having accepted the signature of an appointed message. Some further improved methods on the AQS schemes are also discussed.
Security problem on arbitrated quantum signature schemes
2011
Until now, there have been developed many arbitrated quantum signature schemes implemented with a help of a trusted third party. In order to guarantee the unconditional security, most of them take advantage of the optimal quantum one-time encryption method based on Pauli operators. However, we in this paper point out that the previous schemes only provides a security against total break and actually show that there exists a simple existential forgery attack to validly modify the transmitted pair of message and signature. In addition, we also provide a simple method to recover the security against the proposed attack.
Security Analyses and Improvement of Arbitrated Quantum Signature with an Untrusted Arbitrator
International Journal of Theoretical Physics, 2013
Very recently, an arbitrated quantum signature (AQS) scheme of classical message with an untrusted arbitrator was presented[Eur. Phys. J. D 61(3), 773 (2011)]. In this paper, the security of the AQS scheme with an untrusted arbitrator is analyzed. An AQS scheme with an untrusted arbitrator should satisfy the unforgeable property and undeniable property. In particular, the malicious verifier can not modify a message and its signature to produce a new message with a valid signature, and the dishonest signer who really has sent the message to the verifier which the verifier accepted as an authentic one cannot later deny having sent this message. However, we show that, in the AQS scheme with an untrusted arbitrator, the dishonest signer can successfully disavow his/her signature and the malicious verifier can counterfeit a valued signature for any message by known message attack when he has received a message-signature pair. Then, we suggest an improved AQS scheme of classical message with an untrusted arbitrator that can solve effectively the two problems raised above. Finally, we prove the security of the improved scheme.
13 Efficient arbitrated quantum signature and its proof of security.pdf
In this paper, an efficient arbitrated quantum signature scheme is proposed by combining quantum cryptographic techniques and some ideas in classical cryptography. In the presented scheme, the signatory and the receiver can share a long-term secret key with the arbitrator by utilizing the key together with a random number. While in previous quantum signature schemes, the key shared between the signatory and the arbitrator or between the receiver and the arbitrator could be used only once, and thus each time when a signatory needs to sign, the signatory and the receiver have to obtain a new key shared with the arbitrator through a quantum key distribution protocol. Detailed theoretical analysis shows that the proposed scheme is efficient and provably secure.
Review Unconditionally Secure Quantum Signatures
2016
Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols-signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)-are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.
Authentication of quantum messages
Imaging and Applied Optics, 2011
Abstract: Message authentication is a cryptographic task that allows the receiver to reject a message that is forged or has been tampered with. A protocol to authenticate quantum messages was proposed by Barnum, Crépeau, Gottesman, Tapp, and Smith [1] and stand-alone security was proved. Here, we are concerned with universal composable security (which requires a protocol to be essentially indistinguishable from the ideal functionality and ensures overall security when the protocol is part of any larger scheme). We show that the protocol in [1] is universal ...
Realization of Quantum Digital Signatures without the Requirement of Quantum Memory
Physical Review Letters, 2014
Digital signatures are widely used to provide security for electronic communications, for example in financial transactions and electronic mail. Currently used classical digital signature schemes, however, only offer security relying on unproven computational assumptions. In contrast, quantum digital signatures (QDS) offer information-theoretic security based on laws of quantum mechanics . Here, security against forging relies on the impossibility of perfectly distinguishing between non-orthogonal quantum states. A serious drawback of previous QDS schemes is however that they require long-term quantum memory, making them unfeasible in practice. We present the first realisation of a scheme [4] that does not need quantum memory, and which also uses only standard linear optical components and photodetectors. To achieve this, the recipients measure the distributed quantum signature states using a new type of quantum measurement, quantum state elimination 6]. This significantly advances QDS as a quantum technology with potential for real applications.
Comment on "Quantum key agreement protocol
ArXiv, 2020
The first two party Quantum Key Agreement (QKA) protocol, based on quantum teleportation, was proposed by Zhou et al. (Electronics Letters 40.18 (2004): 1149-1150). In this protocol, to obtain the key bit string, one of the parties use a device to obtain inner product of two quantum states, one being unknown, and the other one performs Bell measurement. However, in this article, we show that it is not possible to obtain a device that would output the inner product of two qubits even when only one of the qubit is unknown. This is so because existence of such device would imply perfectly distinguishing among four different states in a two-dimensional vector space. This is not permissible in quantum mechanics. Furthermore, we argue that existence of such a device would also imply violation of the ``No Signalling Theorem" as well. Finally, we also comment that this protocol is not a valid key agreement protocol at all.
High-Efficient Arbitrated Quantum Signature Scheme Based on Cluster States
International Journal of Theoretical Physics, 2016
The arbitrated quantum signature characteristics including the security and the efficiency are investigated and a new efficient and secure arbitrated quantum signature is proposed. It is shown that the proposed scheme exhibits an efficiency of 64 %. Furthermore, to gain a higher security, the decoy photons security checking is employed.
A Hash-Based Quantum-Resistant Designated Verifier Signature Scheme
Mathematics
Digital signatures are unsuitable for specific applications that are sensitive on a personal or commercial level because they are universally verifiable. Jakobsson et al. proposed the Designated Verifier Signature (DVS) system, which only allows the intended verifier to validate a message’s signature. It prohibits the disclosure of a conviction to a third party. This functionality is useful in applications that require both authenticity and signer privacy, such as electronic voting and tender calls. The vast majority of current DVS schemes are based on difficult number theory problems such as integer factorization or discrete log problems over various groups. The development of a large-scale quantum computer would render these schemes unsafe. As a result, it is critical to develop quantum-resistant DVS methods. In both quantum and classical computers, signatures based on one-way functions are more efficient and secure. They have several advantages over digital signatures based on tr...
Related topics
Related papers
Unconditionally Secure Quantum Signatures
Entropy, 2015
Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols-signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)-are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.
Security Analysis of One Quantum Digital Signature Scheme
2009 Sixth International Conference on Information Technology: New Generations, 2009
We point out that the quantum digital signature scheme proposed in ICACT 2005 has three problems. According to the original description of the scheme, we find: (1) the quantum one-way function is not specified clearly; (2) the signer Alice does not use her private key in the signing process; (3) both the signing and the verification can not work well.
Multiparty quantum signature schemes
Quantum Information and Computation, 2016
Digital signatures are widely used in electronic communications to secure important tasks such as financial transactions, software updates, and legal contracts. The signature schemes that are in use today are based on public-key cryptography and derive their security from computational assumptions. However, it is possible to construct unconditionally secure signature protocols. In particular, using quantum communication, it is possible to construct signature schemes with security based on fundamental principles of quantum mechanics. Several quantum signature protocols have been proposed, but none of them has been explicitly generalised to more than three participants, and their security goals have not been formally defined. Here, we first extend the security definitions of Swanson and Stinson [1] so that they can apply also to the quantum case, and introduce a formal definition of transferability based on different verification levels. We then prove several properties that multipart...
Quantum digital signatures with quantum-key-distribution components
Physical Review A, 2015
Digital signatures provide guarantees on the authenticity and transferability of a message. This important cryptographic functionality is frequently used in modern communication systems. The security of currently used classical digital signature schemes, however, relies on computational assumptions, and thus they may not constitute a satisfactory long-term solution. In contrast, quantum digital signature (QDS) schemes offer information-theoretic security guaranteed by the laws of quantum mechanics. This is appealing, provided feasible schemes can be found. Here, we present two different quantum digital signature protocols which essentially use the same experimental requirements as quantum key distribution (QKD), which is already commercially available. This enables existing systems for QKD to be used also for digital signatures, which significantly extends and enhances the use of QKD systems. The first scheme is an improvement on a recent QDS scheme, removing the requirement of an optical multiport, which was a major source of losses. The second protocol is essentially a classical digital signature protocol, which employs quantum key distribution for obtaining secret shared classical keys. Relying on the security of QKD, this results in an information-theoretically secure digital signature scheme. * V. Dunjko and P. Wallden contributed equally to this work. † [email protected]
Secure quantum signatures using insecure quantum channels
Physical Review A, 2016
Digital signatures are widely used in modern communication to guarantee authenticity and transferability of messages. The security of currently used classical schemes relies on computational assumptions. We present a quantum signature scheme that does not require trusted quantum channels. We prove that it is unconditionally secure against the most general coherent attacks, and show that it requires the transmission of significantly fewer quantum states than previous schemes. We also show that the quantum channel noise threshold for our scheme is less strict than for distilling a secure key using quantum key distribution. This shows that "direct" quantum signature schemes can be preferable to signature schemes relying on secret shared keys generated using quantum key distribution.
Contract Signature Using Quantum Information
This paper describes how to perform contract signature in a fair way using quantum information. The protocol proposed permits two partners, users of a communication network, to perform a contract signature based on the RSA security. The authentication of the signers is based on the use of a non-local XOR function of two classical bits.
A Note on the Post-quantum Security of (Ring) Signatures
Public-Key Cryptography – PKC 2022, 2022
This work revisits the security of classical signatures and ring signatures in a quantum world. For (ordinary) signatures, we focus on the arguably preferable security notion of blind-unforgeability recently proposed by Alagic et al. (Eurocrypt'20). We present two short signature schemes achieving this notion: one is in the quantum random oracle model, assuming quantum hardness of SIS; and the other is in the plain model, assuming quantum hardness of LWE with super-polynomial modulus. Prior to this work, the only known blind-unforgeable schemes are Lamport's one-time signature and the Winternitz one-time signature, and both of them are in the quantum random oracle model. For ring signatures, the recent work by Chatterjee et al. (Crypto'21) proposes a definition trying to capture adversaries with quantum access to the signer. However, it is unclear if their definition, when restricted to the classical world, is as strong as the standard security notion for ring signatures. They also present a construction that only partially achieves (even) this seeming weak definition, in the sense that the adversary can only conduct superposition attacks over the messages, but not the rings. We propose a new definition that does not suffer from the above issue. Our definition is an analog to the blind-unforgeability in the ring signature setting. Moreover, assuming the quantum hardness of LWE, we construct a compiler converting any blind-unforgeable (ordinary) signatures to a ring signature satisfying our definition.
Practical quantum multiparty signatures using quantum key distribution networks
ArXiv, 2022
Digital signatures are widely used for providing security of communications. At the same time, the security of currently deployed digital signature protocols is based on unproven computational assumptions. An efficient way to ensure an unconditional (information-theoretic) security of communication is to use quantum key distribution (QKD), whose security is based on laws of quantum mechanics. In this work, we develop an unconditionally secure signatures (USS) scheme that guarantees authenticity and transferability of arbitrary length messages in a QKD network. In the proposed setup, the QKD network consists of two subnetworks: (i) the internal network that includes the signer and with limitation on the number of malicious nodes, and (ii) the external one that has no assumptions on the number of malicious nodes. A price of the absence of the trust assumption in the external subnetwork is a necessity of the assistance from an internal subnetwork recipients for the verification of mess...
A SOLUTION FOR CONSTRUCTING QUANTUM - RESISTANT DIGITAL SIGNATURE SCHEMES
Journal of Military Science and Technology, ISSN: 1859-1043, 2024
In this article, the authors propose a solution for constructing quantum -resistant digital signature schemes based on a new type of hard problem, which belongs to the group of unsolvable problems. Therefore, the algorithms constructed according to the solution proposed here can be resistant to quantum attacks based on the quantum algorithm proposed by P. Shor. In addition to quantum resistance, the signature schemes proposed here can also be used as pre-quantum digital signature schemes (RSA, DSA, etc.) that are widely used in current practical applications.
A secure quantum group signature scheme based on Bell states
A secure quantum group signature scheme based on Bell states, 2013
In this paper, we propose a new secure quantum group signature with Bell states, which may have applications in e-payment system, e-government, e-business, etc. Compared with the recent quantum group signature protocols, our scheme is focused on the most general situation in practice, i.e. only the arbitrator is trusted and no intermediate information needs to be stored in the signing phase to ensure the security. Furthermore, our scheme has achieved all the of group signature—anonymity, verifiability, traceability, unforgetability and undeniability, by using some current developed quantum and classical technologies. Finally, a feasible security analysis model for quantum group signature is presented.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.