Security Analysis of One Quantum Digital Signature Scheme (original) (raw)

13 Efficient arbitrated quantum signature and its proof of security.pdf

In this paper, an efficient arbitrated quantum signature scheme is proposed by combining quantum cryptographic techniques and some ideas in classical cryptography. In the presented scheme, the signatory and the receiver can share a long-term secret key with the arbitrator by utilizing the key together with a random number. While in previous quantum signature schemes, the key shared between the signatory and the arbitrator or between the receiver and the arbitrator could be used only once, and thus each time when a signatory needs to sign, the signatory and the receiver have to obtain a new key shared with the arbitrator through a quantum key distribution protocol. Detailed theoretical analysis shows that the proposed scheme is efficient and provably secure.

Review Unconditionally Secure Quantum Signatures

2016

Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols-signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)-are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

A SOLUTION FOR CONSTRUCTING QUANTUM - RESISTANT DIGITAL SIGNATURE SCHEMES

2024

In this article, the author proposes a solution for constructing quantum-resistant digital signature schemes based on the new hard problems, which belongs to the group of unsolvable problems. Therefore, the algorithms constructed according to the solution proposed here can be resistant to quantum attacks based on the quantum algorithm proposed by P. Shor [1]. In addition to quantum resistance, these signature schemes proposed here can also be used as pre-quantum digital signature schemes that are widely used in current practical applications.

Quantum digital signatures with quantum-key-distribution components

Physical Review A, 2015

Digital signatures provide guarantees on the authenticity and transferability of a message. This important cryptographic functionality is frequently used in modern communication systems. The security of currently used classical digital signature schemes, however, relies on computational assumptions, and thus they may not constitute a satisfactory long-term solution. In contrast, quantum digital signature (QDS) schemes offer information-theoretic security guaranteed by the laws of quantum mechanics. This is appealing, provided feasible schemes can be found. Here, we present two different quantum digital signature protocols which essentially use the same experimental requirements as quantum key distribution (QKD), which is already commercially available. This enables existing systems for QKD to be used also for digital signatures, which significantly extends and enhances the use of QKD systems. The first scheme is an improvement on a recent QDS scheme, removing the requirement of an optical multiport, which was a major source of losses. The second protocol is essentially a classical digital signature protocol, which employs quantum key distribution for obtaining secret shared classical keys. Relying on the security of QKD, this results in an information-theoretically secure digital signature scheme. * V. Dunjko and P. Wallden contributed equally to this work. † vedran.dunjko@uibk.ac.at

Security problem on arbitrated quantum signature schemes

2011

Until now, there have been developed many arbitrated quantum signature schemes implemented with a help of a trusted third party. In order to guarantee the unconditional security, most of them take advantage of the optimal quantum one-time encryption method based on Pauli operators. However, we in this paper point out that the previous schemes only provides a security against total break and actually show that there exists a simple existential forgery attack to validly modify the transmitted pair of message and signature. In addition, we also provide a simple method to recover the security against the proposed attack.

Contract Signature Using Quantum Information

This paper describes how to perform contract signature in a fair way using quantum information. The protocol proposed permits two partners, users of a communication network, to perform a contract signature based on the RSA security. The authentication of the signers is based on the use of a non-local XOR function of two classical bits.

Unconditionally Secure Quantum Signatures

Entropy, 2015

Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols-signatures based on the Rivest-Adleman-Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)-are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.

Security Analyses and Improvement of Arbitrated Quantum Signature with an Untrusted Arbitrator

International Journal of Theoretical Physics, 2013

Very recently, an arbitrated quantum signature (AQS) scheme of classical message with an untrusted arbitrator was presented[Eur. Phys. J. D 61(3), 773 (2011)]. In this paper, the security of the AQS scheme with an untrusted arbitrator is analyzed. An AQS scheme with an untrusted arbitrator should satisfy the unforgeable property and undeniable property. In particular, the malicious verifier can not modify a message and its signature to produce a new message with a valid signature, and the dishonest signer who really has sent the message to the verifier which the verifier accepted as an authentic one cannot later deny having sent this message. However, we show that, in the AQS scheme with an untrusted arbitrator, the dishonest signer can successfully disavow his/her signature and the malicious verifier can counterfeit a valued signature for any message by known message attack when he has received a message-signature pair. Then, we suggest an improved AQS scheme of classical message with an untrusted arbitrator that can solve effectively the two problems raised above. Finally, we prove the security of the improved scheme.