A Quantum Digital Signature (QDS) refers to the quantum mechanical equivalent of either a classical digital signature or, more generally, a handwritten signature on a paper document. Like a handwritten signature, a digital signature is used to protect a document, such as a digital contract, against forgery by another party or by one of the participating parties.
As e-commerce has become more important in society, the need to certify the origin of exchanged information has arisen. Modern digital signatures enhance security based on the difficulty of solving a mathematical problem, such as finding the factors of large numbers (as used in the RSA algorithm). Unfortunately, the task of solving these problems becomes feasible when a quantum computer is available (see Shor's algorithm). To face this new problem, new quantum digital signature schemes are in development to provide protection against tampering, even from parties in possession of quantum computers and using powerful quantum cheating strategies.
The public-key method of cryptography allows a sender to sign a message (often only the cryptographic hash of the message) with a sign key in such a way that any recipient can, using the corresponding public key, check the authenticity of the message. To allow this, the public key is made broadly available to all potential recipients. To make sure only the legal author of the message can validly sign the message, the public key is created from a random, private sign key, using a one-way function. This is a function that is designed such that computing the result given the input is very easy, but computing the input given the result is very difficult. A classic example is the multiplication of two very large primes: The multiplication is easy, but factoring the product without knowing the primes is normally considered infeasible.
Like classical digital signatures, quantum digital signatures make use of asymmetric keys. Thus, a person who wants to sign a message creates one or more pairs of sign and corresponding public keys. In general we can divide quantum digital signature schemes into two groups:
In both cases f is a one-way quantum function that has the same properties as a classical one-way function. That is, the result is easy to compute, but, in contrast to the classical scheme, the function is impossible to invert, even if one uses powerful quantum cheating strategies.
The most famous scheme for the first method above is provided by Gottesman and Chuang [1]
Most of the requirements for a classical digital signature scheme also apply to the quantum digital signature scheme.
In detail
A classical one-way function as said above is based on a classical infeasible mathematical task, whereas a quantum one-way function exploits the uncertainty principle which makes it impossible even for a quantum computer to compute the inverse. This is done by providing a quantum output state, with whom one cannot learn enough about the input string to reproduce it. In case of the first group of schemes this is shown by Holevo's theorem, which says, that from a given n-qubit quantum state one cannot extract more than n classical bits of information. [3] One possibility to ensure that the scheme uses less qubits for a bit string of a certain length is by using nearly orthogonal states
That gives us the possibility to induce a basis with more than two states. [1] So to describe an information of bits, we can use less than n qubits. An example with a 3 qubit basis
Only m qubits are needed to describe n classical bits when holds.
Because of Holevo's theorem and the fact, that m can be much smaller than n, we can only get m bits out of the n bits message. More general, if one gets T copies of the public key he can extract at most Tm bits of the private key. If is big becomes very large, which makes it impossible for a dishonest person to guess the sign key.
Note: You cannot distinguish between non-orthogonal states, if you only have a small amount of identical states. That's how the quantum one-way functions works.
Nevertheless leaks information about the private key, in contrast to the classical public key, which forces one to get nothing or all about the private key.
In the classical case we create a classical public key out of a classical sign key, thus it is easy to provide every potential recipient with a copy of the public key. The public key can be freely distributed. This becomes more difficult in the quantum case, because copying a quantum state is forbidden by the no cloning theorem, as long as the state itself is unknown. [4] So public keys can only be created and distributed by a person who knows the exact quantum state he wants to create, thus who knows the sign key (This can be the sender or in more general a trustful institution). Nevertheless, in contrast to the classical public key there is an upper bound for the number of public quantum keys T which can be created, without enabling one to guess the sign key and thus endangering the security of the scheme ( has to be big)
To make sure that every recipient gets identical results when testing the authenticity of a message, public keys distributed have to be the same. This is straightforward in the classical case, because one can easily compare two classical bit strings and see if those match. Nevertheless, in the quantum state it is more complicated. To test, if two public quantum states are the same one has to compare the following
This is done with the following quantum circuit which uses one Fredkin gate F, one Hadamard gate H and an ancilla qubit a. First of all the ancilla qubit is set to a symmetric state .
Right after the ancilla qubit is used as a control on the targets and in a Fredkin Gate.
Furthermore, a Hadamard gate is applied on the ancilla qubit and finally the first qubit gets measured. If both states are the same, the result is measured. If both states are nearly orthogonal, the result can be either or . [1]
The calculation of the swap test in more detail:
The overall state
After the Fredkin gate is applied
After the Hadamard gate is applied on the first qubit
After sorting for
Now it is easy to see, if the states then , which gives us a 0 whenever it is measured.
Let Person A (Alice) want to send a message to Person B (Bob). Hash algorithms won't be considered, so Alice has to sign every single bit of her message. Message-Bit b.
Alice chooses M pairs of private keys
The function which maps is known to all parties. Alice now computes the corresponding public keys and gives all of them to the recipients. She can make as many copies as she needs, but has to take care, not to endanger the security .
Her level of security limits the number of identical public keys she can create
If
Remember: In this example Alice picks only one bit b and signs it. She has to do that for every single bit in her message
Bob now possesses
Now Bob calculates for all received private keys (either ).
After he has done so he makes use of the swap test to compare the calculated states with the received public keys. Since the swap test has some probability to give the wrong answer he has to do it for all the M keys and counts how many incorrect keys he gets r. It is obvious, that M is some kind of a security parameter. It is more unlikely to validate a bit wrong for bigger M.
One problem which arises especially for small M is, that the number of incorrect keys different recipients measure differ with probability. So to define only one threshold is not enough, because it would cause a message to be validated differently, when the number of incorrect keys r is very close to the defined threshold.
This can be prevented by defining more than one threshold. Because the number of errors increase proportional with M, the thresholds are defined like
If we assume perfect channels without noise, so the bit can't be changed due to the transfer, then the threshold can be set to zero, because the swap test passes always, when the compared states are the same
Message authentication codes (MACs) mainly aim at data origin authentication, but they can also provide non-repudiation in certain realistic scenarios when a trusted third party is involved. In principle, the same idea can be exploited in the framework of quantum MACs. However, a broad class of quantum MACs does not seem to offer any advantage over their classical counterparts. [5]
Quantum teleportation is a technique for transferring quantum information from a sender at one location to a receiver some distance away. While teleportation is commonly portrayed in science fiction as a means to transfer physical objects from one location to the next, quantum teleportation only transfers quantum information. Moreover, the sender may not know the location of the recipient, and does not know which particular quantum state will be transferred.
In quantum computing, a qubit or quantum bit is the basic unit of quantum information—the quantum version of the classic binary bit physically realized with a two-state device. A qubit is a two-state quantum-mechanical system, one of the simplest quantum systems displaying the peculiarity of quantum mechanics. Examples include the spin of the electron in which the two levels can be taken as spin up and spin down; or the polarization of a single photon in which the two states can be taken to be the vertical polarization and the horizontal polarization. In a classical system, a bit would have to be in one state or the other. However, quantum mechanics allows the qubit to be in a coherent superposition of both states simultaneously, a property that is fundamental to quantum mechanics and quantum computing.
In quantum computing, Grover's algorithm, also known as the quantum search algorithm, refers to a quantum algorithm for unstructured search that finds with high probability the unique input to a black box function that produces a particular output value, using just evaluations of the function, where is the size of the function's domain. It was devised by Lov Grover in 1996.
Quantum superposition is a fundamental principle of quantum mechanics. It states that, much like waves in classical physics, any two quantum states can be added together ("superposed") and the result will be another valid quantum state; and conversely, that every quantum state can be represented as a sum of two or more other distinct states. Mathematically, it refers to a property of solutions to the Schrödinger equation; since the Schrödinger equation is linear, any linear combination of solutions will also be a solution.
The Deutsch–Jozsa algorithm is a deterministic quantum algorithm proposed by David Deutsch and Richard Jozsa in 1992 with improvements by Richard Cleve, Artur Ekert, Chiara Macchiavello, and Michele Mosca in 1998. Although of little current practical use, it is one of the first examples of a quantum algorithm that is exponentially faster than any possible deterministic classical algorithm.
The Hadamard transform is an example of a generalized class of Fourier transforms. It performs an orthogonal, symmetric, involutive, linear operation on 2m real numbers.
In quantum information theory, a quantum circuit is a model for quantum computation in which a computation is a sequence of quantum gates, which are reversible transformations on a quantum mechanical analog of an n-bit register. This analogous structure is referred to as an n-qubit register. The graphical depiction of quantum circuit elements is described using a variant of the Penrose graphical notation.
In quantum computing and specifically the quantum circuit model of computation, a quantum logic gate is a basic quantum circuit operating on a small number of qubits. They are the building blocks of quantum circuits, like classical logic gates are for conventional digital circuits.
Quantum error correction (QEC) is used in quantum computing to protect quantum information from errors due to decoherence and other quantum noise. Quantum error correction is essential if one is to achieve fault-tolerant quantum computation that can deal not only with noise on stored quantum information, but also with faulty quantum gates, faulty quantum preparation, and faulty measurements.
The Bell states or EPR pairs are specific quantum states of two qubits that represent the simplest examples of quantum entanglement; conceptually, they fall under the study of quantum information science. The Bell states are a form of entangled and normalized basis vectors. This normalization implies that the overall probability of the particle being in one of the mentioned states is 1: . Entanglement is a basis-independent result of superposition. Due to this superposition, measurement of the qubit will collapse it into one of its basis states with a given probability. Because of the entanglement, measurement of one qubit will assign one of two possible values to the other qubit instantly, where the value assigned depends on which Bell state the two qubits are in. Bell states can be generalized to represent specific quantum states of multi-qubit systems, such as the GHZ state for 3 or more subsystems.
In quantum computing, a quantum register is a system comprising multiple qubits. It is the quantum analog of the classical processor register. Quantum computers perform calculations by manipulating qubits within a quantum register.
In quantum information theory, superdense coding is a quantum communication protocol to communicate a number of classical bits of information by only transmitting a smaller number of qubits, under the assumption of sender and received pre-sharing an entangled resource. In its simplest form, the protocol involves two parties, often referred to as Alice and Bob in this context, which share a pair of maximally entangled qubits, and allows Alice to transmit two bits to Bob by sending only one qubit. This protocol was first proposed by Bennett and Wiesner in 1992 and experimentally actualized in 1996 by Mattle, Weinfurter, Kwiat and Zeilinger using entangled photon pairs. Superdense coding can be thought of as the opposite of quantum teleportation, in which one transfers one qubit from Alice to Bob by communicating two classical bits, as long as Alice and Bob have a pre-shared Bell pair.
In computer science, the controlled NOT gate is a quantum logic gate that is an essential component in the construction of a gate-based quantum computer. It can be used to entangle and disentangle Bell states. Any quantum circuit can be simulated to an arbitrary degree of accuracy using a combination of CNOT gates and single qubit rotations.
In cryptography, a Lamport signature or Lamport one-time signature scheme is a method for constructing a digital signature. Lamport signatures can be built from any cryptographically secure one-way function; usually a cryptographic hash function is used.
BB84 is a quantum key distribution scheme developed by Charles Bennett and Gilles Brassard in 1984. It is the first quantum cryptography protocol. The protocol is provably secure, relying on the quantum property that information gain is only possible at the expense of disturbing the signal if the two states one is trying to distinguish are not orthogonal and an authenticated public classical channel. It is usually explained as a method of securely communicating a private key from one party to another for use in one-time pad encryption.
In computational complexity theory and quantum computing, Simon's problem is a computational problem that is proven to be solved exponentially faster on a quantum computer than on a classical computer. The quantum algorithm solving Simon's problem, usually called Simon's algorithm, served as the inspiration for Shor's algorithm. Both problems are special cases of the abelian hidden subgroup problem, which is now known to have efficient quantum algorithms.
SARG04 is a quantum cryptography protocol derived from the first protocol of that kind, BB84.
Entanglement distillation is the transformation of N copies of an arbitrary entangled state into some number of approximately pure Bell pairs, using only local operations and classical communication (LOCC).
In quantum computing, the quantum Fourier transform is a linear transformation on quantum bits, and is the quantum analogue of the inverse discrete Fourier transform. The quantum Fourier transform is a part of many quantum algorithms, notably Shor's algorithm for factoring and computing the discrete logarithm, the quantum phase estimation algorithm for estimating the eigenvalues of a unitary operator, and algorithms for the hidden subgroup problem. The quantum Fourier transform was invented by Don Coppersmith.
Algorithmic cooling is an algorithmic method for transferring heat from some qubits to others or outside the system and into the environment, which results in a cooling effect. This method uses regular quantum operations on ensembles of qubits, and it can be shown that it can succeed beyond Shannon's bound on data compression. The phenomenon is a result of the connection between thermodynamics and information theory.