Skip to main content
Log in

Quantum public-key signature scheme based on asymmetric quantum encryption with trapdoor information

  • Published:
Quantum Information Processing Aims and scope Submit manuscript

Abstract

Based on the quantum asymmetric encryption with trapdoor information, a quantum public-key signature scheme is proposed. In our scheme, the signer signs a message with his/her private key, while the verifier verifies the quantum signature with the corresponding quantum public key. The signer’s private key and public key are asymmetric, and the signing algorithm and verifying algorithm are asymmetric as well. The security of the private key depends on the unconditionally secure deterministic quantum communication protocol rather than the classical one-way function. All the algorithms in our scheme are public. Hence, our scheme obeys Kerckhoffs’s principle. Our scheme is secure against forgery, repudiation, and eavesdropping attacks. On the other hand, in our scheme, the verifier need not perform any quantum swap test. The signer’s key pair can be reused due to the secrecy property of the private key. Compared with similar schemes, ours is relatively more secure and efficient.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Diffie, W., Hellmann, M.: New direction in cryptography. IEEE IT 22, 644–654 (1976)

    Article  MathSciNet  Google Scholar 

  2. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  Google Scholar 

  3. Boneh, D., Lipton, R.J.: Quantum cryptanalysis of hidden linear functions (extended abstract). In: Advances in Cryptology-CRYPTO’95 LNCS 963, pp. 424–437. Springer, Berlin (1995)

  4. Huang, Y., Su, Z., Zhang, F., Ding, Y.: Quantum algorithm for solving hyperelliptic curve discrete logarithm problem. Quantum Inf. Process. 19(62), 1–17 (2020)

    ADS  MathSciNet  Google Scholar 

  5. Gottesman, D., Chuang, I.: Quantum digital signatures. arXiv: quant-ph/0105032 (2001)

  6. Buhrman, H., Cleve, R., Watrous, J., de Wolf, R.: Quantum fingerprinting. Phys. Rev. Lett. 87(16), 167902 (2001)

    Article  ADS  Google Scholar 

  7. Nikolopoulos, G.M.: Applications of single-qubit rotations in quantum public-key cryptography. Phys. Rev. A 77(3), 032348 (2008)

    Article  ADS  MathSciNet  Google Scholar 

  8. Curty, M., Santos, D.J., Pérez, E., García-Fernández, P.: Qubit authentication. Phys. Rev. A 66, 022301 (2002)

    Article  ADS  MathSciNet  Google Scholar 

  9. Zeng, G.H., Keitel, C.H.: Arbitrated quantum-signature scheme. Phys. Rev. A 65(4), 042312 (2002)

    Article  ADS  Google Scholar 

  10. Yang, Y.G., Lei, H., Liu, Z.C., Zhou, Y.H., Shi, W.M.: Arbitrated quantum signature scheme based on cluster states. Quantum Inf. Process. 15, 2487–2497 (2016)

    Article  ADS  MathSciNet  Google Scholar 

  11. Yang, Y.G., Zhou, Z., Teng, Y.W., Wen, Q.Y.: Arbitrated quantum signature with an untrusted arbitrator. Eur. Phys. J. D 61, 773–778 (2011)

    Article  ADS  Google Scholar 

  12. Xin, X., He, Q., Wang, Z., Yang, Q., Li, F.: Security analysis and improvement of an arbitrated quantum signature scheme. Optik 189, 23–31 (2019)

    Article  ADS  Google Scholar 

  13. Xin, X., He, Q., Wang, Z., Yang, Q., Li, F.: Efficient arbitrated quantum signature scheme without entangled states. Mod. Phys. Lett. A 34(21), 1950166 (2019)

    Article  ADS  MathSciNet  Google Scholar 

  14. Shi, R., Ding, W., Shi, J.: Arbitrated quantum signature with Hamiltonian algorithm based on blind quantum computation. Int. J. Theor. Phys. 57, 1961–1973 (2018)

    Article  MathSciNet  Google Scholar 

  15. Zhang, Y., Zeng, J.: An improved arbitrated quantum scheme with Bell states. Int. J. Theor. Phys. 57, 994–1003 (2018)

    Article  MathSciNet  Google Scholar 

  16. Jiang, D.H., Xu, Y.L., Xu, G.B., Jiang, D.H., Xu, Y.L., Xu, G.B.: Arbitrary quantum signature based on local indistinguishability of orthogonal product states. Int. J. Theor. Phys. 58(3), 1036–1045 (2019)

    Article  MathSciNet  Google Scholar 

  17. Wang, T.Y., Wei, Z.L.: One-time proxy signature based on quantum cryptography. Quantum Inf. Process. 11(2), 455–463 (2012)

    Article  ADS  MathSciNet  Google Scholar 

  18. Kaushik, A., Ajit, K.D., Debasish, J.: A novel approach for simple quantum digital signature based on asym-metric quantum cryptography. Int. J. Appl. Innov. Eng. Manag. 2(6), 13–17 (2013)

    Google Scholar 

  19. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) The Workshop on the Theory and Application of Cryptographic Techniques, pp. 47–53. Springer, Heidelberg (1984)

    Google Scholar 

  20. Chen, F.L., Liu, W.F., Chen, S.G., Wang, Z.H.: Public-key quantum digital signature scheme with one-time pad private-key. Quantum Inf. Process. 17(10), 1–14 (2018)

    ADS  MathSciNet  MATH  Google Scholar 

  21. Xin, X., Wang, Z., He, Q., Yang, Q., Li, F.: New public-key quantum signature with quantum one-way function. Int. J. Theor. Phys. 58, 3282–3294 (2019)

    Article  MathSciNet  Google Scholar 

  22. Xin, X., Wang, Z., Yang, Q.: Quantum signature scheme based on Hadamard and Hπ/4 operators. Appl. Opt. 58(27), 7346–7351 (2019)

    Article  ADS  Google Scholar 

  23. Kawachi, A., Koshiba, T., Nishimura, H., Yamakami, T.: Computational indistinguishability between quantum states and its cryptographic application. J. Cryptol. 25, 528–555 (2012)

    Article  MathSciNet  Google Scholar 

  24. Köbler, J., Schöning, U., Torán, J.: The Graph Isomorphism Problem: Its Structural Complexity. Birkhäuser, Boston (1993)

    Book  Google Scholar 

  25. Hu, Y.G.: Deterministic secure quantum communication with four-qubit GHZ States. Int. J. Theor. Phys. 57(9), 2831–2842 (2019)

    Article  Google Scholar 

  26. Yan, L., Sun, Y., Chang, Y., Zhang, S., Wan, G., Sheng, Z.: Semi-quantum protocol for deterministic secure quantum communication using Bell states. Quantum Inf. Process. 17, 315 (2018)

    Article  ADS  MathSciNet  Google Scholar 

  27. Deng, F.G., Long, G.L., Liu, X.S.: Two-step quantum direct communication protocol using the Einstein–Podolsky–Rosen pair block. Phys. Rev. A 68, 042317 (2003)

    Article  ADS  Google Scholar 

  28. Yang, L., Yang, B., Pan, J.: Quantum public-key encryption with information theoretical security. In: Proceedings of SPIE—The International Society for Optical Engineering, Quantum Optics II, p. 84400E1-7. SPIE, Washington (2012)

  29. Yang, L., Xiang, C., Li, B.: Quantum probabilistic encryption scheme based on conjugate coding. China Commun. 10(2), 19–26 (2013)

    Article  Google Scholar 

  30. Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. Theor. Comput. Sci. 560, 7–11 (2014)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Xiangjun Xin.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

1.1 A. Review of QOWF based on single-qubit rotations

In this section, the QOWF based on single-qubit rotations [7] is briefly reviewed. Let \( \left| {\psi (\theta )} \right\rangle = \cos \left( {\frac{\theta }{2}} \right)\left| 0 \right\rangle + \sin \left( {\frac{\theta }{2}} \right)\left| 1 \right\rangle \), where 0 ≤ θ < 2π. Define the rotation operator about the y axis \( R(\theta ) = e^{ - i\theta Y/2} \), where the operator \( Y = i\left( {\left| 1 \right\rangle \left\langle 0 \right| - \left| 0 \right\rangle \left\langle 1 \right|} \right) \). Thus, we can get \( \left| {\psi (\theta )} \right\rangle = R(\theta )\left| 0 \right\rangle \). Let n ∈ N, \( s \in Z_{{2^{n} }} \) and θn = π/2n−1. For any integer pair {n, s}, the QOWF based on single-qubit rotation [7] is defined as \( s \mapsto \left| {\psi_{s} (\theta_{n} )} \right\rangle \), where

$$ \left| {\psi_{s} (\theta_{n} )} \right\rangle = R(s\theta_{n} )\left| 0 \right\rangle = \cos \left( {\frac{{s\theta_{n} }}{2}} \right)\left| 0 \right\rangle + \sin \left( {\frac{{s\theta_{n} }}{2}} \right)\left| 1 \right\rangle . $$
(A1)

According to Holevo’s theorem, the map \( s \mapsto \left| {\psi_{s} (\theta_{n} )} \right\rangle \) is easy to compute but hard to invert for a given n ≫ 1.

1.2 B. Review of Kaushik et al.’s quantum public-key signature scheme

Kaushik et al.’s quantum public-key signature scheme [18] includes three steps.

  1. i.

    Key Generation

The signer generates her key pair by the steps as follows.

  1. 1.

    Choose a random integer n ≫ 1.

  2. 2.

    Generate a vectors = (s1, s2, …, st), where each si (1 ≤ i ≤ t) is independently and randomly selected in \( Z_{{2^{n} }} \).

  3. 3.

    Prepare t qubits with state \( \left| 0 \right\rangle^{ \otimes t} \).

  4. 4.

    Perform the rotation R(siθn) operation on the i-th qubit, where i = 1, 2, …, t. Thus, the state of the i-th qubit is \( \left| {\psi_{{s_{i} }} (\theta_{n} )} \right\rangle = R(s_{i} \theta_{n} )\left| 0 \right\rangle \).

  5. 5.

    The signer’s private key is d = {n, s}, and his/her public key is e = {t, \( \left| {\psi (\theta_{n} )} \right\rangle \)}, where

$$ \left| {\psi (\theta_{n} )} \right\rangle = \otimes_{i = 1}^{t} \left| {\psi_{{s_{i} }} (\theta_{n} )} \right\rangle . $$
(B1)
  1. ii.

    Signature generation

The signer generates his/her quantum signature on the message M by the steps as follows.

  1. 1.

    Compute the message digest u = (u1, u2, …, ut) = h(M) ∈ {0, 1}t, where h is a public hash function.

  2. 2.

    Perform the rotation R(uiπ) operation on \( \left| 0 \right\rangle \) and get \( \left| {\psi_{{u_{i} }} (\pi )} \right\rangle = R(u_{i} \pi )\left| 0 \right\rangle \), where i = 1, 2, …, t.

  3. 3.

    Perform the operation R(siθn) on \( \left| {\psi_{{u_{i} }} (\pi )} \right\rangle \) and get \( \left| {\psi_{{s_{i} ,u_{i} }} (\theta_{n} )} \right\rangle = R(s_{j} \theta_{n} )\left| {\psi_{{u_{i} }} (\pi )} \right\rangle \), where i = 1, 2, …, t. Let \( \left| {\psi_{s,u} (\theta_{n} )} \right\rangle = \otimes_{i = 1}^{t} \left| {\psi_{{s_{i} ,u_{i} }} (\theta_{n} )} \right\rangle \).

  4. 4.

    The signer’s signature on M is \( \left| {\psi_{s,u} (\theta_{n} )} \right\rangle \).

  5. iii.

    Signature verification

The verifier verifies the quantum signature \( \left| {\psi_{s,u} (\theta_{n} )} \right\rangle \) on M by the following steps.

  1. 1.

    Compute the message digest u = (u1, u2, …, ut) = h(M) and perform the operation \( R = \otimes_{i = 1}^{t} R( - u_{i} \pi ) \) on the signature.

  2. 2.

    If the state of the output is the same as that of the public key (i.e., \( R\left| {\psi_{s,u} (\theta_{n} )} \right\rangle = \left| {\psi (\theta_{n} )} \right\rangle \)), the verifier accepts the signature. Or he rejects the signature.

In the step 2 of signature verification, the unknown quantum states have to be compared with each other so as to check whether they are the same. Therefore, in [18], many rounds of quantum swap test have to be performed. In the following, we mainly analyze its security against forgery attack.

1.3 C. Forgery attack

In this section, we prove that the scheme in [18] is insecure against forgery attack. In fact, given the public key of the signer, anyone can forge a quantum signature on any message M* by the following steps.

  1. 1.

    Compute the message digest \( u^{ * } = (u_{1}^{ * } , \, u_{2}^{ * } , \cdots ,u_{t}^{ * } ) \, = h(M^{*} ) \in \{ 0, \, 1\}^{t} \).

  2. 2.

    Perform the operation \( R^{ * } = \otimes_{i = 1}^{t} R(u_{i}^{ * } \pi ) \) on the signer’s public key \( \left| {\psi (\theta_{n} )} \right\rangle \) and get the forgery \( \left| {\psi_{{s,u^{*} }} (\theta_{n} )} \right\rangle = R^{ * } \left| {\psi (\theta_{n} )} \right\rangle \).

  3. 3.

    The forged signature on M* is \( \left| {\psi_{{s,u^{*} }} (\theta_{n} )} \right\rangle \).

Note that the rotations around the same axis are commutative, i.e., [R(α), R(β)] = 0. Therefore, according to the verification steps, it is easy to prove that the forgery can pass the verification. Therefore, the quantum public-key signature in [18] is insecure against the forgery attack.

On the other hand, because anyone can forge the signer’s signature, the signer can deny his/her valid quantum signature and claim that the signature is forged by another party. Similarly, the signature verifier can also refuse a valid quantum signature and claim that it is forged by some person. Therefore, the scheme in [18] is not secure against repudiation attack, either.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xin, X., Yang, Q. & Li, F. Quantum public-key signature scheme based on asymmetric quantum encryption with trapdoor information. Quantum Inf Process 19, 233 (2020). https://doi.org/10.1007/s11128-020-02736-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11128-020-02736-z

Keywords

Navigation