Abstract
Based on the quantum asymmetric encryption with trapdoor information, a quantum public-key signature scheme is proposed. In our scheme, the signer signs a message with his/her private key, while the verifier verifies the quantum signature with the corresponding quantum public key. The signer’s private key and public key are asymmetric, and the signing algorithm and verifying algorithm are asymmetric as well. The security of the private key depends on the unconditionally secure deterministic quantum communication protocol rather than the classical one-way function. All the algorithms in our scheme are public. Hence, our scheme obeys Kerckhoffs’s principle. Our scheme is secure against forgery, repudiation, and eavesdropping attacks. On the other hand, in our scheme, the verifier need not perform any quantum swap test. The signer’s key pair can be reused due to the secrecy property of the private key. Compared with similar schemes, ours is relatively more secure and efficient.
Similar content being viewed by others
References
Diffie, W., Hellmann, M.: New direction in cryptography. IEEE IT 22, 644–654 (1976)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Boneh, D., Lipton, R.J.: Quantum cryptanalysis of hidden linear functions (extended abstract). In: Advances in Cryptology-CRYPTO’95 LNCS 963, pp. 424–437. Springer, Berlin (1995)
Huang, Y., Su, Z., Zhang, F., Ding, Y.: Quantum algorithm for solving hyperelliptic curve discrete logarithm problem. Quantum Inf. Process. 19(62), 1–17 (2020)
Gottesman, D., Chuang, I.: Quantum digital signatures. arXiv: quant-ph/0105032 (2001)
Buhrman, H., Cleve, R., Watrous, J., de Wolf, R.: Quantum fingerprinting. Phys. Rev. Lett. 87(16), 167902 (2001)
Nikolopoulos, G.M.: Applications of single-qubit rotations in quantum public-key cryptography. Phys. Rev. A 77(3), 032348 (2008)
Curty, M., Santos, D.J., Pérez, E., García-Fernández, P.: Qubit authentication. Phys. Rev. A 66, 022301 (2002)
Zeng, G.H., Keitel, C.H.: Arbitrated quantum-signature scheme. Phys. Rev. A 65(4), 042312 (2002)
Yang, Y.G., Lei, H., Liu, Z.C., Zhou, Y.H., Shi, W.M.: Arbitrated quantum signature scheme based on cluster states. Quantum Inf. Process. 15, 2487–2497 (2016)
Yang, Y.G., Zhou, Z., Teng, Y.W., Wen, Q.Y.: Arbitrated quantum signature with an untrusted arbitrator. Eur. Phys. J. D 61, 773–778 (2011)
Xin, X., He, Q., Wang, Z., Yang, Q., Li, F.: Security analysis and improvement of an arbitrated quantum signature scheme. Optik 189, 23–31 (2019)
Xin, X., He, Q., Wang, Z., Yang, Q., Li, F.: Efficient arbitrated quantum signature scheme without entangled states. Mod. Phys. Lett. A 34(21), 1950166 (2019)
Shi, R., Ding, W., Shi, J.: Arbitrated quantum signature with Hamiltonian algorithm based on blind quantum computation. Int. J. Theor. Phys. 57, 1961–1973 (2018)
Zhang, Y., Zeng, J.: An improved arbitrated quantum scheme with Bell states. Int. J. Theor. Phys. 57, 994–1003 (2018)
Jiang, D.H., Xu, Y.L., Xu, G.B., Jiang, D.H., Xu, Y.L., Xu, G.B.: Arbitrary quantum signature based on local indistinguishability of orthogonal product states. Int. J. Theor. Phys. 58(3), 1036–1045 (2019)
Wang, T.Y., Wei, Z.L.: One-time proxy signature based on quantum cryptography. Quantum Inf. Process. 11(2), 455–463 (2012)
Kaushik, A., Ajit, K.D., Debasish, J.: A novel approach for simple quantum digital signature based on asym-metric quantum cryptography. Int. J. Appl. Innov. Eng. Manag. 2(6), 13–17 (2013)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) The Workshop on the Theory and Application of Cryptographic Techniques, pp. 47–53. Springer, Heidelberg (1984)
Chen, F.L., Liu, W.F., Chen, S.G., Wang, Z.H.: Public-key quantum digital signature scheme with one-time pad private-key. Quantum Inf. Process. 17(10), 1–14 (2018)
Xin, X., Wang, Z., He, Q., Yang, Q., Li, F.: New public-key quantum signature with quantum one-way function. Int. J. Theor. Phys. 58, 3282–3294 (2019)
Xin, X., Wang, Z., Yang, Q.: Quantum signature scheme based on Hadamard and Hπ/4 operators. Appl. Opt. 58(27), 7346–7351 (2019)
Kawachi, A., Koshiba, T., Nishimura, H., Yamakami, T.: Computational indistinguishability between quantum states and its cryptographic application. J. Cryptol. 25, 528–555 (2012)
Köbler, J., Schöning, U., Torán, J.: The Graph Isomorphism Problem: Its Structural Complexity. Birkhäuser, Boston (1993)
Hu, Y.G.: Deterministic secure quantum communication with four-qubit GHZ States. Int. J. Theor. Phys. 57(9), 2831–2842 (2019)
Yan, L., Sun, Y., Chang, Y., Zhang, S., Wan, G., Sheng, Z.: Semi-quantum protocol for deterministic secure quantum communication using Bell states. Quantum Inf. Process. 17, 315 (2018)
Deng, F.G., Long, G.L., Liu, X.S.: Two-step quantum direct communication protocol using the Einstein–Podolsky–Rosen pair block. Phys. Rev. A 68, 042317 (2003)
Yang, L., Yang, B., Pan, J.: Quantum public-key encryption with information theoretical security. In: Proceedings of SPIE—The International Society for Optical Engineering, Quantum Optics II, p. 84400E1-7. SPIE, Washington (2012)
Yang, L., Xiang, C., Li, B.: Quantum probabilistic encryption scheme based on conjugate coding. China Commun. 10(2), 19–26 (2013)
Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
1.1 A. Review of QOWF based on single-qubit rotations
In this section, the QOWF based on single-qubit rotations [7] is briefly reviewed. Let \( \left| {\psi (\theta )} \right\rangle = \cos \left( {\frac{\theta }{2}} \right)\left| 0 \right\rangle + \sin \left( {\frac{\theta }{2}} \right)\left| 1 \right\rangle \), where 0 ≤ θ < 2π. Define the rotation operator about the y axis \( R(\theta ) = e^{ - i\theta Y/2} \), where the operator \( Y = i\left( {\left| 1 \right\rangle \left\langle 0 \right| - \left| 0 \right\rangle \left\langle 1 \right|} \right) \). Thus, we can get \( \left| {\psi (\theta )} \right\rangle = R(\theta )\left| 0 \right\rangle \). Let n ∈ N, \( s \in Z_{{2^{n} }} \) and θn = π/2n−1. For any integer pair {n, s}, the QOWF based on single-qubit rotation [7] is defined as \( s \mapsto \left| {\psi_{s} (\theta_{n} )} \right\rangle \), where
According to Holevo’s theorem, the map \( s \mapsto \left| {\psi_{s} (\theta_{n} )} \right\rangle \) is easy to compute but hard to invert for a given n ≫ 1.
1.2 B. Review of Kaushik et al.’s quantum public-key signature scheme
Kaushik et al.’s quantum public-key signature scheme [18] includes three steps.
-
i.
Key Generation
The signer generates her key pair by the steps as follows.
-
1.
Choose a random integer n ≫ 1.
-
2.
Generate a vectors = (s1, s2, …, st), where each si (1 ≤ i ≤ t) is independently and randomly selected in \( Z_{{2^{n} }} \).
-
3.
Prepare t qubits with state \( \left| 0 \right\rangle^{ \otimes t} \).
-
4.
Perform the rotation R(siθn) operation on the i-th qubit, where i = 1, 2, …, t. Thus, the state of the i-th qubit is \( \left| {\psi_{{s_{i} }} (\theta_{n} )} \right\rangle = R(s_{i} \theta_{n} )\left| 0 \right\rangle \).
-
5.
The signer’s private key is d = {n, s}, and his/her public key is e = {t, \( \left| {\psi (\theta_{n} )} \right\rangle \)}, where
-
ii.
Signature generation
The signer generates his/her quantum signature on the message M by the steps as follows.
-
1.
Compute the message digest u = (u1, u2, …, ut) = h(M) ∈ {0, 1}t, where h is a public hash function.
-
2.
Perform the rotation R(uiπ) operation on \( \left| 0 \right\rangle \) and get \( \left| {\psi_{{u_{i} }} (\pi )} \right\rangle = R(u_{i} \pi )\left| 0 \right\rangle \), where i = 1, 2, …, t.
-
3.
Perform the operation R(siθn) on \( \left| {\psi_{{u_{i} }} (\pi )} \right\rangle \) and get \( \left| {\psi_{{s_{i} ,u_{i} }} (\theta_{n} )} \right\rangle = R(s_{j} \theta_{n} )\left| {\psi_{{u_{i} }} (\pi )} \right\rangle \), where i = 1, 2, …, t. Let \( \left| {\psi_{s,u} (\theta_{n} )} \right\rangle = \otimes_{i = 1}^{t} \left| {\psi_{{s_{i} ,u_{i} }} (\theta_{n} )} \right\rangle \).
-
4.
The signer’s signature on M is \( \left| {\psi_{s,u} (\theta_{n} )} \right\rangle \).
-
iii.
Signature verification
The verifier verifies the quantum signature \( \left| {\psi_{s,u} (\theta_{n} )} \right\rangle \) on M by the following steps.
-
1.
Compute the message digest u = (u1, u2, …, ut) = h(M) and perform the operation \( R = \otimes_{i = 1}^{t} R( - u_{i} \pi ) \) on the signature.
-
2.
If the state of the output is the same as that of the public key (i.e., \( R\left| {\psi_{s,u} (\theta_{n} )} \right\rangle = \left| {\psi (\theta_{n} )} \right\rangle \)), the verifier accepts the signature. Or he rejects the signature.
In the step 2 of signature verification, the unknown quantum states have to be compared with each other so as to check whether they are the same. Therefore, in [18], many rounds of quantum swap test have to be performed. In the following, we mainly analyze its security against forgery attack.
1.3 C. Forgery attack
In this section, we prove that the scheme in [18] is insecure against forgery attack. In fact, given the public key of the signer, anyone can forge a quantum signature on any message M* by the following steps.
-
1.
Compute the message digest \( u^{ * } = (u_{1}^{ * } , \, u_{2}^{ * } , \cdots ,u_{t}^{ * } ) \, = h(M^{*} ) \in \{ 0, \, 1\}^{t} \).
-
2.
Perform the operation \( R^{ * } = \otimes_{i = 1}^{t} R(u_{i}^{ * } \pi ) \) on the signer’s public key \( \left| {\psi (\theta_{n} )} \right\rangle \) and get the forgery \( \left| {\psi_{{s,u^{*} }} (\theta_{n} )} \right\rangle = R^{ * } \left| {\psi (\theta_{n} )} \right\rangle \).
-
3.
The forged signature on M* is \( \left| {\psi_{{s,u^{*} }} (\theta_{n} )} \right\rangle \).
Note that the rotations around the same axis are commutative, i.e., [R(α), R(β)] = 0. Therefore, according to the verification steps, it is easy to prove that the forgery can pass the verification. Therefore, the quantum public-key signature in [18] is insecure against the forgery attack.
On the other hand, because anyone can forge the signer’s signature, the signer can deny his/her valid quantum signature and claim that the signature is forged by another party. Similarly, the signature verifier can also refuse a valid quantum signature and claim that it is forged by some person. Therefore, the scheme in [18] is not secure against repudiation attack, either.
Rights and permissions
About this article
Cite this article
Xin, X., Yang, Q. & Li, F. Quantum public-key signature scheme based on asymmetric quantum encryption with trapdoor information. Quantum Inf Process 19, 233 (2020). https://doi.org/10.1007/s11128-020-02736-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-020-02736-z