Unconditionally Secure Quantum Signatures
Erika Andersson2015, Entropy
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols-signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)-are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.
Related papers
Review Unconditionally Secure Quantum Signatures
2016
Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols-signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)-are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.
Quantum digital signatures with quantum-key-distribution components
Physical Review A, 2015
Digital signatures provide guarantees on the authenticity and transferability of a message. This important cryptographic functionality is frequently used in modern communication systems. The security of currently used classical digital signature schemes, however, relies on computational assumptions, and thus they may not constitute a satisfactory long-term solution. In contrast, quantum digital signature (QDS) schemes offer information-theoretic security guaranteed by the laws of quantum mechanics. This is appealing, provided feasible schemes can be found. Here, we present two different quantum digital signature protocols which essentially use the same experimental requirements as quantum key distribution (QKD), which is already commercially available. This enables existing systems for QKD to be used also for digital signatures, which significantly extends and enhances the use of QKD systems. The first scheme is an improvement on a recent QDS scheme, removing the requirement of an optical multiport, which was a major source of losses. The second protocol is essentially a classical digital signature protocol, which employs quantum key distribution for obtaining secret shared classical keys. Relying on the security of QKD, this results in an information-theoretically secure digital signature scheme. * V. Dunjko and P. Wallden contributed equally to this work. † [email protected]
Secure quantum signatures using insecure quantum channels
Physical Review A, 2016
Digital signatures are widely used in modern communication to guarantee authenticity and transferability of messages. The security of currently used classical schemes relies on computational assumptions. We present a quantum signature scheme that does not require trusted quantum channels. We prove that it is unconditionally secure against the most general coherent attacks, and show that it requires the transmission of significantly fewer quantum states than previous schemes. We also show that the quantum channel noise threshold for our scheme is less strict than for distilling a secure key using quantum key distribution. This shows that "direct" quantum signature schemes can be preferable to signature schemes relying on secret shared keys generated using quantum key distribution.
13 On the security of arbitrated quantum signature schemes.pdf
Due to the potential capability of providing unconditional security, arbitrated quantum signature (AQS) schemes, whose implementation depends on the participation of a trusted third party, received intense attention in the past decade. Recently, some typical AQS schemes were cryptanalyzed and improved. In this paper, we analyze the security property of some AQS schemes and show that all the previous AQS schemes, no matter whether original or improved, are still insecure in the sense that the messages and the corresponding signatures can be exchanged among different receivers, allowing the receivers to deny having accepted the signature of an appointed message. Some further improved methods on the AQS schemes are also discussed.
Security Analysis of One Quantum Digital Signature Scheme
2009 Sixth International Conference on Information Technology: New Generations, 2009
We point out that the quantum digital signature scheme proposed in ICACT 2005 has three problems. According to the original description of the scheme, we find: (1) the quantum one-way function is not specified clearly; (2) the signer Alice does not use her private key in the signing process; (3) both the signing and the verification can not work well.
Contract Signature Using Quantum Information
This paper describes how to perform contract signature in a fair way using quantum information. The protocol proposed permits two partners, users of a communication network, to perform a contract signature based on the RSA security. The authentication of the signers is based on the use of a non-local XOR function of two classical bits.
Realization of Quantum Digital Signatures without the Requirement of Quantum Memory
Physical Review Letters, 2014
Digital signatures are widely used to provide security for electronic communications, for example in financial transactions and electronic mail. Currently used classical digital signature schemes, however, only offer security relying on unproven computational assumptions. In contrast, quantum digital signatures (QDS) offer information-theoretic security based on laws of quantum mechanics . Here, security against forging relies on the impossibility of perfectly distinguishing between non-orthogonal quantum states. A serious drawback of previous QDS schemes is however that they require long-term quantum memory, making them unfeasible in practice. We present the first realisation of a scheme [4] that does not need quantum memory, and which also uses only standard linear optical components and photodetectors. To achieve this, the recipients measure the distributed quantum signature states using a new type of quantum measurement, quantum state elimination 6]. This significantly advances QDS as a quantum technology with potential for real applications.
Continuous-variable quantum digital signatures over insecure channels
2018
Digital signatures ensure the integrity of a classical message and the authenticity of its sender. Despite their far-reaching use in modern communication, currently used signature schemes rely on computational assumptions and will be rendered insecure by a quantum computer. We present a quantum digital signatures (QDS) scheme whose security is instead based on the impossibility of perfectly and deterministically distinguishing between quantum states. Our continuous-variable (CV) scheme relies on phase measurement of a distributed alphabet of coherent states, and allows for secure message authentication against a quantum adversary performing collective beamsplitter and entangling-cloner attacks. Crucially, for the first time in the CV setting we allow for an eavesdropper on the quantum channels and yet retain shorter signature lengths than previous protocols with no eavesdropper. This opens up the possibility to implement CV QDS alongside existing CV quantum key distribution (QKD) pl...
A Hash-Based Quantum-Resistant Designated Verifier Signature Scheme
Mathematics
Digital signatures are unsuitable for specific applications that are sensitive on a personal or commercial level because they are universally verifiable. Jakobsson et al. proposed the Designated Verifier Signature (DVS) system, which only allows the intended verifier to validate a message’s signature. It prohibits the disclosure of a conviction to a third party. This functionality is useful in applications that require both authenticity and signer privacy, such as electronic voting and tender calls. The vast majority of current DVS schemes are based on difficult number theory problems such as integer factorization or discrete log problems over various groups. The development of a large-scale quantum computer would render these schemes unsafe. As a result, it is critical to develop quantum-resistant DVS methods. In both quantum and classical computers, signatures based on one-way functions are more efficient and secure. They have several advantages over digital signatures based on tr...
Security Analyses and Improvement of Arbitrated Quantum Signature with an Untrusted Arbitrator
International Journal of Theoretical Physics, 2013
Very recently, an arbitrated quantum signature (AQS) scheme of classical message with an untrusted arbitrator was presented[Eur. Phys. J. D 61(3), 773 (2011)]. In this paper, the security of the AQS scheme with an untrusted arbitrator is analyzed. An AQS scheme with an untrusted arbitrator should satisfy the unforgeable property and undeniable property. In particular, the malicious verifier can not modify a message and its signature to produce a new message with a valid signature, and the dishonest signer who really has sent the message to the verifier which the verifier accepted as an authentic one cannot later deny having sent this message. However, we show that, in the AQS scheme with an untrusted arbitrator, the dishonest signer can successfully disavow his/her signature and the malicious verifier can counterfeit a valued signature for any message by known message attack when he has received a message-signature pair. Then, we suggest an improved AQS scheme of classical message with an untrusted arbitrator that can solve effectively the two problems raised above. Finally, we prove the security of the improved scheme.
Related papers
13 Efficient arbitrated quantum signature and its proof of security.pdf
In this paper, an efficient arbitrated quantum signature scheme is proposed by combining quantum cryptographic techniques and some ideas in classical cryptography. In the presented scheme, the signatory and the receiver can share a long-term secret key with the arbitrator by utilizing the key together with a random number. While in previous quantum signature schemes, the key shared between the signatory and the arbitrator or between the receiver and the arbitrator could be used only once, and thus each time when a signatory needs to sign, the signatory and the receiver have to obtain a new key shared with the arbitrator through a quantum key distribution protocol. Detailed theoretical analysis shows that the proposed scheme is efficient and provably secure.
A SOLUTION FOR CONSTRUCTING QUANTUM - RESISTANT DIGITAL SIGNATURE SCHEMES
Journal of Military Science and Technology, ISSN: 1859-1043, 2024
In this article, the authors propose a solution for constructing quantum -resistant digital signature schemes based on a new type of hard problem, which belongs to the group of unsolvable problems. Therefore, the algorithms constructed according to the solution proposed here can be resistant to quantum attacks based on the quantum algorithm proposed by P. Shor. In addition to quantum resistance, the signature schemes proposed here can also be used as pre-quantum digital signature schemes (RSA, DSA, etc.) that are widely used in current practical applications.
Unconditionally secure digital signatures implemented in an 8-user quantum network
arXiv (Cornell University), 2022
The ability to know and verifiably demonstrate the origins of messages can often be as important as encrypting the message itself. Here we present an experimental demonstration of an unconditionally secure digital signature (USS) protocol implemented for the first time, to the best of our knowledge, on a fully connected quantum network without trusted nodes. Our USS protocol is secure against forging, repudiation and messages are transferrable. We show the feasibility of unconditionally secure signatures using only bi-partite entangled states distributed throughout the network and experimentally evaluate the performance of the protocol in real world scenarios with varying message lengths.
Multiparty quantum signature schemes
Quantum Information and Computation, 2016
Digital signatures are widely used in electronic communications to secure important tasks such as financial transactions, software updates, and legal contracts. The signature schemes that are in use today are based on public-key cryptography and derive their security from computational assumptions. However, it is possible to construct unconditionally secure signature protocols. In particular, using quantum communication, it is possible to construct signature schemes with security based on fundamental principles of quantum mechanics. Several quantum signature protocols have been proposed, but none of them has been explicitly generalised to more than three participants, and their security goals have not been formally defined. Here, we first extend the security definitions of Swanson and Stinson [1] so that they can apply also to the quantum case, and introduce a formal definition of transferability based on different verification levels. We then prove several properties that multipart...
Unconditionally secure digital signatures implemented in an eight-user quantum network*
New Journal of Physics
The ability to know and verifiably demonstrate the origins of messages can often be as important as encrypting the message itself. Here we present an experimental demonstration of an unconditionally secure digital signature (USS) protocol implemented for the first time, to the best of our knowledge, on a fully connected quantum network without trusted nodes. We choose a USS protocol which is secure against forging, repudiation and messages are transferrable. We show the feasibility of unconditionally secure signatures using only bi-partite entangled states distributed throughout the network and experimentally evaluate the performance of the protocol in real world scenarios with varying message lengths.
Security problem on arbitrated quantum signature schemes
2011
Until now, there have been developed many arbitrated quantum signature schemes implemented with a help of a trusted third party. In order to guarantee the unconditional security, most of them take advantage of the optimal quantum one-time encryption method based on Pauli operators. However, we in this paper point out that the previous schemes only provides a security against total break and actually show that there exists a simple existential forgery attack to validly modify the transmitted pair of message and signature. In addition, we also provide a simple method to recover the security against the proposed attack.
Achieving unconditional security by quantum cryptography
Classical cryptography algorithms are based on mathematical functions. The robustness of a given cryptosystem is based essentially on the secrecy of its (private) key and the difficulty with which the inverse of its one-way function(s) can be calculated. Unfortunately, there is no mathematical proof that will establish whether it is not possible to find the inverse of a given one-way function. Since few years ago, the progress of quantum physics allowed mastering photons which can be used for informational ends and these technological progresses can also be applied to cryptography (quantum cryptography). Quantum cryptography or Quantum Key Distribution (QKD) is a method for sharing secret keys, whose security can be formally demonstrated. It aims at exploiting the laws of quantum physics in order to carry out a cryptographic task. Its legitimate users can detect eavesdropping, regardless of the technology which the spy may have. In this study, we present quantum cryptosystems as a tool to attain the unconditional security. We also describe the well known protocols used in the field of quantum cryptography.
Unconditionally secure cryptosystems based on quantum cryptography
Information Sciences, 2008
Most modern cryptographic studies design cryptosystems and algorithms using mathematical concepts. In designing and analyzing cryptosystems and protocols, mathematical concepts are critical in supporting the claim that the intended cryptosystem is secure. Most early cryptographic algorithms are based either on factorization or on discrete logarithm problem. Such systems generally adopt rather simple mathematics, and, therefore, need extensive secondary index computation. This study discusses quantum cryptosystems, protection of system security, and optimization of system efficiency. Quantum cryptography detects intrusion and wiretap. In quantum mechanics, a wiretap is neither external nor passive; rather it modifies its entity based on the internal component of the system. The status of the quantum system changes once a wiretap is detected. Hence, only the designer of the system can discover the quantum status of the system; an eavesdropper can neither determine the quantum state nor duplicate the system. The quantum cryptosystem can achieve unconditional security, and thus guarantees secure communication.
Practical quantum multiparty signatures using quantum key distribution networks
ArXiv, 2022
Digital signatures are widely used for providing security of communications. At the same time, the security of currently deployed digital signature protocols is based on unproven computational assumptions. An efficient way to ensure an unconditional (information-theoretic) security of communication is to use quantum key distribution (QKD), whose security is based on laws of quantum mechanics. In this work, we develop an unconditionally secure signatures (USS) scheme that guarantees authenticity and transferability of arbitrary length messages in a QKD network. In the proposed setup, the QKD network consists of two subnetworks: (i) the internal network that includes the signer and with limitation on the number of malicious nodes, and (ii) the external one that has no assumptions on the number of malicious nodes. A price of the absence of the trust assumption in the external subnetwork is a necessity of the assistance from an internal subnetwork recipients for the verification of mess...
Measurement-device-independent quantum digital signatures
Physical Review A, 2016
Digital signatures play an important role in software distribution, modern communication, and financial transactions, where it is important to detect forgery and tampering. Signatures are a cryptographic technique for validating the authenticity and integrity of messages, software, or digital documents. The security of currently used classical schemes relies on computational assumptions. Quantum digital signatures (QDS), on the other hand, provide information-theoretic security based on the laws of quantum physics. Recent work on QDS Amiri et al., Phys. Rev. A 93, 032325 (2016); Yin, Fu, and Zeng-Bing, Phys. Rev. A 93, 032316 (2016) shows that such schemes do not require trusted quantum channels and are unconditionally secure against general coherent attacks. However, in practical QDS, just as in quantum key distribution (QKD), the detectors can be subjected to side-channel attacks, which can make the actual implementations insecure. Motivated by the idea of measurementdevice-independent quantum key distribution (MDI-QKD), we present a measurement-device-independent QDS (MDI-QDS) scheme, which is secure against all detector side-channel attacks. Based on the rapid development of practical MDI-QKD, our MDI-QDS protocol could also be experimentally implemented, since it requires a similar experimental setup.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.