CN113242135B - Arbitration quantum signature design method based on Grover iterative flexible tracking - Google Patents
Arbitration quantum signature design method based on Grover iterative flexible tracking Download PDFInfo
- Publication number
- CN113242135B CN113242135B CN202110517913.0A CN202110517913A CN113242135B CN 113242135 B CN113242135 B CN 113242135B CN 202110517913 A CN202110517913 A CN 202110517913A CN 113242135 B CN113242135 B CN 113242135B
- Authority
- CN
- China
- Prior art keywords
- sequence
- arbitration
- signature
- quantum
- arbitration manager
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an arbitration quantum signature design method based on Grover iterative flexible tracking, which utilizes a Grover search algorithm to realize that an arbitration manager can find a signer of a problem signature when the signature has disputes. In the arbitration process, the arbitration management system negotiates with each signature participant so as to obtain a final key and find a signer of a problem signature, thereby avoiding a mechanism of directly disclosing the arbitration group signature. The invention is characterized in that a complete arbitration signature verification system is established, and the arbitration management system can select whether to disclose the identity of a problem signature signer or not, thereby having flexible traceability and fairness.
Description
Technical Field
The invention relates to the field of quantum cryptography and quantum signatures, in particular to an arbitration quantum signature design method based on Grover iterative flexible tracking.
Background
Quantum cryptography is a novel cryptography, and based on cryptography and quantum mechanics, quantum physical methods are used to realize cryptography ideas. The quantum cryptography is applied to the digital signature, and the combination of the quantum signature and the quantum computation is the current leading-edge field, and has important theoretical significance and application value for the future development of the quantum cryptography.
The defects and deficiencies of classical calculations in information processing have prompted the rapid development of quantum calculations. The appearance of the Shor algorithm and the Grover search algorithm proves that quantum computing has strong parallel processing capacity, so that students design related quantum communication schemes by utilizing the advantages of quantum computing. The Grover algorithm with the secondary acceleration function for key search can adapt to different search requirements, and has some research achievements in the aspects of design and application of quantum communication protocols, including a controlled quantum conversation protocol (CQD), a quantum key agreement protocol (QKA), a quantum signature protocol (QKA) and the like based on the Grover algorithm, so that the feasibility of using the quantum search algorithm to construct a secure communication scheme is proved.
Currently, there are two main methods for constructing arbitration quantum signatures, one is a bit-by-bit signature scheme based on single-bit unitary operation, and the other is a multi-bit signature scheme based on inter-bit controlled operation. There have been some research efforts on the design analysis of the former signature scheme, while the latter signature scheme based on inter-bit controlled operations is rarely and insufficiently studied. Especially, a rigorous dispute resolution mechanism is lacked aiming at the problem of signature traceability, and a uniform evaluation standard is not existed aiming at the security, so that the application of arbitration quantum signatures in various fields lacks corresponding flexibility.
Disclosure of Invention
The invention aims to provide a Grover search algorithm-based semi-quantum arbitration signature design, which utilizes the Grover search algorithm to realize that an arbitration manager can find a signer of a problem signature when the signature is in dispute.
The technical scheme of the invention is as follows:
a method for designing an arbitration quantum signature based on Grover iterative flexible tracking comprises the following steps:
step A: in the proposed semi-quantum arbitration signature system, one is a trusted party arbitrating a manager, administrator P1,P2,P3,...,PN-1Signing participants for N-1 bits; each participant (legal user) can generate a random sequence with the length of 2n as a secret key of the participantWherein, in the step (A),is a secret key of the arbitration manager;
and B: each signing participant is prepared with a random sequenceAnd sequenceThe sequence lengths are all 2 n; according toThe value of (1), signature participantTo the sequencePerforming unitary operationsTo obtain a new sequence(ii) a Simultaneous signing of participantsRandom preparationBait particles randomly inserted into the sequenceTo obtain a sequence; Marking the respective status of each bait particleState value ofAnd a location; then the sequences are combinedSending the data to an arbitration manager;
and C: received sequenceThen, the arbitration manager directly reflects the bait particles back; thus, the arbitration manager can slave the sequenceTo obtainThen measuring the same according to a classical basisSequence to obtain measurement results(ii) a Next, the arbitration manager prepares a random sequenceAnd the arbitration manager itself holds a secret key of 2n bit lengthCan be based onAndpreparing a new sequence of qubits(ii) a Rearranging all qubits to form a sequenceAre prepared in the same wayBait particles and inserting them randomly into the sequenceTo obtain new sequences(ii) a Finally, the arbitration manager handles the sequenceSend to the next signed participant;
Step D:measuring the reflected bait particles with corresponding classical basis to obtain a measurementAnd with previously marked state valuesBy comparison, the process of the first and second steps,the value of the phase difference can be calculated; if the calculated difference does not exceed the threshold value,publicly informing the arbitration manager that the quantum channel is secure; on the contrary, the present invention is not limited to the above-described embodiments,declaring that the communication is invalid, immediately switching to a temporary channel and continuously executing the protocol, and then repeating the steps B to D by each manager to enable the arbitration manager T to obtain a final key K (owner secret key collection);
step E: in the proposed half-quantum arbitration signature system, one party is also a verifier, and an arbitration manager distributes distributed keys according to a final key K and a quantum keyAnd resolving the identity of the signer from the question signature information fed back by the verifier and searching the corresponding signature key, thereby finding the question signatureThe signer of (1).
Further, the step B includes the steps of:
b1: first, each signature participant prepares a random sequenceAnd sequenceThe sequence lengths are all 2 n; then, atFurther prepares a double-particle quantum sequence in a quantum state
B2: according toValue of (A)Signing participantsTo the sequencePerforming unitary operationsTo obtain a new sequence;
B3: at the same time, the user can select the desired position,from four statesIn preparation ofBait particles (a)Is the error detection rate) and is randomly inserted into the sequenceIn (b) obtaining the sequence(ii) a In particular, these bait particles are sufficiently resistant to the mathematical statistics of an eavesdropperSeparating out; in addition, the air conditioner is provided with a fan,marking the respective status, status value, of each bait particleAnd a location; finally, the process is carried out in a closed loop,will be sequencedAnd sending the data to an arbitration manager.
Further, the step C includes the steps of:
c1: received sequenceThereafter, the arbitration manager reflects these bait particles back directly, i.e., from the sequenceRemoving the bait particles and returning the bait particles to(ii) a Thus, the arbitration manager can slave the sequenceTo obtain;
C2: then measuring theSequence to obtain measurement results(ii) a Although the arbitration manager onlyPartial quantum capability, but each quantum administrator can derive the code exchange rule;
C3: next, the arbitration manager prepares a random sequenceThe arbitration manager itself holds a 2n bit length keyCan be based onAndpreparing a new sequence of qubitsWherein,(ii) a In addition, the arbitration manager rearranges all the qubits to form a sequenceTo prepare againBait particles and inserting the bait particles randomly into the sequenceTo obtain new sequences(ii) a Finally, the arbitration manager handles the sequenceSend to the next signed participant。
Further, the step D includes the steps of:
d1: when the bait particles are received in a reflected back,measuring each bait particle with a corresponding classical basis to obtain a measurement(ii) a Subsequently, by comparing the state valuesAnd measurement results,Can calculate outAnd withThe difference between them; if the calculated difference does not exceed the threshold value,publicly informing the arbitration manager that the quantum channel is secure; instead, once the calculated difference exceeds the threshold, indicating detection of an eavesdropper,declaring the communication invalid; in addition, the next signature participant is also notifiedDiscarding the message and standing by; if the quantum channels are secure, they will continue to step D2;
d2: confirmationReceived sequenceThereafter, the arbitration manager announces the status and location of each bait particle within the signature system for use in detecting the presence of an eavesdropper, and communicates withPerforming a similar eavesdropping detection procedure as step D1; if the difference between the status value and the measured value of the bait particles exceeds a predetermined threshold, the arbitration manager declares the communication invalid and the communication channel will be closed immediately; otherwise, declaring that the communication is safe and the encoding operation can be continuously executed;by passing fromRemoving the bait particles to obtain(ii) a Then, the user can use the device to perform the operation,according to its own secret keyTo the sequencePerforming unitary operationsTo obtainAnd by random preparation ofReinsertion of individual bait particlesTo obtainAnd similar to the step B, finally sending the data to an arbitration manager;
d3: received sequenceThereafter, the arbitration manager reflects these bait particles back directly, i.e., from the sequenceRemoving the bait particles and returning the bait particles to(ii) a Thus, the arbitration manager can be selected fromTo obtain a sequence(ii) a By the arbitration manager preparing it at randomBait particle reinsertionCan be obtained in(ii) a Finally sending it to the next signature participant;
D4: when the bait particles are received in a reflected back,the same operation as step D1 will be performed by the arbitration manager; if the quantum channels are confirmed to be safe, they will continue to execute step D5, otherwise, immediately switch to the temporary channel;
d5: confirmation sequenceHas been already coveredAfter the reception of the message, the message is sent to the receiver,the interception checking process will be discussed publicly with the arbitration manager; if the calculated error rate exceeds the threshold, the arbitration manager declares the communication invalid and immediately switches to the temporary channel to continue the protocol, and then notifiesDiscarding the message and standing by; otherwise, the encoding operation will continue to be performed;performing an operation similar to step D2, i.e. unitary operationAnd sequences can be obtainedAnd is combined withAnd by random preparationReinsertion of individual bait particlesTo obtainAnd similar to the step B, finally sending the data to the arbitration manager;
then, arbitrating the manager andthe process of detecting eavesdropping mentioned in step D3, D4, and encoding operations similar to those in step D5 are continued.
Further, the step E includes the steps of:
e1: receiving sequences from arbitration managerAfter that, the air conditioner is started to work,first a detection tap is performed with the arbitration manager. After the security of the communication is confirmed,slave sequenceIn order to remove the bait particles, and thenWill obtain a sequence. Next, the process of the present invention is described,performing a unitary operation on the sequenceCan obtain. When N-1 is odd, (i.e. isFor odd-bit signature participants), performing a Z-basis measurement on the sequence of quantum states for each result; and when N-1 is an even number, (i.e., the number of the N-1 is an even number)Even-numbered signed participants), X-base measurements are performed.
E2: however, becausePresence of (2)Not the final key K, signing the participantHas to negotiate with the arbitration manager. Due to the fact thatHas obtained the secret key,Representing modulo-2 addition. However, becauseIn the presence of a gas, or a liquid,the final key is not known, so this protocol flow is not over. Subsequently, the process of the present invention,announcing his (her) key currently available, i.e.. At the same time, arbitration manager publishes notificationsSequence of
E3: arbitration manager shares secret key with verifierArbitration manager and signed participant shared secret keyE.g. sharing a secret key with one of the signing participants Bob(ii) a All keys in the systemAre distributed based on the quantum key distribution protocol. The verifier prepares the set of signing keys and a set of authentication sequences corresponding thereto, i.e.Andwherein,In order to be a hash function of the received signal,it is mainly used for encrypting the signature of the message,the method is mainly used for identifying and authenticating the problem signer when disputes occur;
e4: signing participants Bob use a shared keyThe encryption sequence set isOther signature participants perform operations similar to Bob to encrypt the sequence group, and then each signature participant stores the encrypted sequence group in a database and records the sequence group in a table form(ii) a Final key negotiated by arbitration manager and signature participant in database(i.e. the final key K obtained in step D), i.e. encryption;
E5: if disputes occur, the verifier provides an authentication sequence of the problem signatureGiving the arbitration manager; d, the arbitration manager performs arbitration according to the final secret key K obtained from the step D,Secret key distributed by quantum secret key distributionAnd problem signature information fed back from the verifierThen the problem signature can be foundThe signer of (1); suppose Bob is the problem signer and its signing key isThe authentication sequence is(ii) a First, the arbitration manager decrypts the key according to the final key K obtained from step DTo obtain(ii) a Distributed keys are then distributed according to quantum key distributionDecryption,To obtainAnd(ii) a Finally, the arbitration management party can sign information according to the problems fed back from the verifierAnd the corresponding problem signer Bob is found.
The invention has the advantages that: the arbitration manager can find the problem signatureThe signer of (1). In the arbitration process, the arbitration management party negotiates with the signature participants to obtain the final key, so that a direct 'public' mechanism without flexible traceability of the arbitration quantum group signature is avoided, the system has the right of selecting whether to disclose the identity of the signature signer with a problem, and the system has better fairness. In addition, the invention adopts the half-quantum secret sharing, and the half-quantum secret sharing occupies less quantum resources, thereby not only being applied in practice, but also enhancing the operability. Therefore, compared with the conventional quantum secret sharing protocol, both communication sides are not required to have full quantum capacity, and quantum resources are saved.
Aiming at the fact that a direct 'public' mechanism for arbitrating quantum group signatures does not have flexible traceability, the invention designs a complete arbitrating quantum signature verification system, an arbitrating manager can select a mechanism for disclosing the identity of a problem signature signer according to different scenes, and a negotiation mode is adopted with signature participants when the signatures have disputes, so that the information security of each participant is guaranteed, and the system has good fairness and flexibility.
Aiming at the high cost of the current quantum state preparation, the invention adopts a classic measurement base execution scheme and a semi-quantum secret sharing protocol for converting quantum information into digital information, thereby not only occupying less quantum resources, but also enhancing the operability in practice. By combining a quantum Grover iterative search algorithm, the database problem can be optimized, the complexity is reduced, and higher efficiency is embodied in the aspect of accelerating the key search of a signature system.
Drawings
In order to make the objects, technical means and advantages of the present invention more apparent, the present invention is illustrated by the following drawings.
Fig. 1 is a general flowchart of an arbitration quantum signature design method based on Grover iterative flexible tracking according to the present invention.
Fig. 2 is a random schematic of bait particles inserted after encoding.
FIG. 3 is a target state flip diagram of the Grover algorithm.
FIG. 4 is a Grover algorithm mean iteration flip chart.
FIG. 5 is a flow chart of the participant mutually-adding decoy particle blinding sequence work of the arbitration quantum signature design method based on Grover iterative flexible tracking.
Detailed Description
The arbitration quantum signature design method based on the Grover iterative flexible tracking specifically comprises the following steps A to E.
Step A: in the proposed semi-quantum arbitration signature system, one is a trusted party arbitrating a manager, P1,P2,P3,...,PN-1Signing participants for N-1 bits; each participant (legal user) can generate a random sequence with the length of 2n as a secret key of the participantWherein, in the step (A),,is a secret key of the arbitration manager.
The step B comprises the following steps:
b1: first, each signature participant prepares a random sequenceAnd sequenceThe sequence lengths are all 2 n; then, atFurther prepares a double-particle quantum sequence in a quantum state
B2: according toValue of (A)Signing participantsTo the sequencePerforming unitary operationsTo obtain a new sequence;
B3: at the same time, the user can select the desired position,from four statesIn preparation ofBait particles (a)Is the error detection rate) and is randomly inserted into the sequenceIn (b) obtaining a sequence(ii) a In particular, these bait particles are sufficiently resistant to mathematical statistical analysis by eavesdroppers; in addition, the first and second substrates are,marking the respective status, status value, of each bait particleAnd a location; finally, the process is carried out in a batch,will be sequencedAnd sending the data to an arbitration manager.
The step C comprises the following steps:
c1: received sequenceThereafter, the arbitration manager reflects these bait particles back directly, i.e., from the sequenceRemoving the bait particles and returning the bait particles to(ii) a Thus, the arbitration manager can slave the sequenceTo obtain;
C2: then measuring theSequence to obtain measurement results(ii) a Although the arbitration manager has only partial quantum capability, each quantum manager can obtain the result under the condition of knowing the code exchange rule;
C3: next, the arbitration manager prepares a random sequenceThe arbitration manager itself holds a 2n bit length keyCan be based onAndpreparing a new sequence of qubitsWherein (ii) a In addition, the arbitration manager rearranges all the qubits to form a sequenceAnd then prepare againBait particles and inserting the bait particles randomly into the sequenceTo obtain new sequences(ii) a Finally, the arbitration manager handles the sequenceSend to the next signed participant。
The step D comprises the following steps:
d1: when the bait particles are received in a reflected back,measuring each bait particle with a corresponding classical basis to obtain a measurement(ii) a Subsequently, by comparing the state valuesAnd measurement results,Can calculate outAndthe difference between them; if the calculated difference does not exceed the threshold value,publicly informing the arbitration manager that the quantum channel is secure; instead, once the calculated difference exceeds the threshold, indicating detection of an eavesdropper,declaring the communication invalid; in addition, the next signature participant is also notifiedDiscarding the message and standing by; if the quantum channels are secure, they will continue to step D2;
d2: confirmationReceived sequenceThereafter, the arbitration manager announces the status and location of each bait particle within the signature system for use in detecting the presence of an eavesdropper, and communicates withPerforming a similar eavesdropping detection procedure as step D1; if the difference between the status value and the measured value of the bait particles exceeds a predetermined threshold, the arbitration manager declares the communication invalid and the communication channel will be closed immediately; otherwise, declaring that the communication is safe and the encoding operation can be continuously executed;by passing fromRemoving the bait particles to obtain(ii) a Then, the user can use the device to perform the operation,according to its own secret keyTo the sequencePerforming unitary operationsTo obtainAnd by random preparationReinsertion of individual bait particlesTo obtainAnd similar to the step B, finally sending the data to the arbitration manager;
d3: received sequenceThereafter, the arbitration manager reflects these bait particles back directly, i.e., from the sequenceRemoving the bait particles and returning the bait particles to(ii) a Thus, the arbitration manager can be selected fromTo obtain a sequence(ii) a By making the arbitration manager prepare it at randomBait particle reinsertionCan be obtained(ii) a Finally sending it to the next signature participant;
D4: when the bait particles are received in a reflected back,the same operation as step D1 will be performed by the arbitration manager; if the quantum channels are confirmed to be safe, they will continue to execute step D5, otherwise, immediately switch to the temporary channel;
d5: confirmation sequenceHas been already coveredAfter the reception of the message, the message is sent to the receiver,the interception checking process will be discussed publicly with the arbitration manager; if the calculated error rate exceeds the threshold, the arbitration manager declares communication invalid and immediately switches to the temporary channel to continue the protocol, and then notifiesDiscarding the message and standing by; otherwise, the encoding operation will continue to be performed;performing an operation similar to step D2, i.e. unitary operationAnd sequences can be obtainedAnd by random preparation ofReinsertion of individual bait particlesTo obtainAnd similar to the step B, finally sending the data to an arbitration manager;
then, arbitrating the manager andthe process of detecting eavesdropping mentioned in step D3, D4, and encoding operations similar to those in step D5 are continued.
The step E comprises the following steps:
e1: receiving sequences from arbitration managerAfter that, the air conditioner is started to work,first a detection tap is performed with the arbitration manager. After the security of the communication is confirmed,slave sequenceIn which the bait particles are removed in sequence, and thenWill obtain a sequence. Next, the process of the present invention is described,performing a unitary operation on the sequenceCan obtain. When N-1 is odd, (i.e. isFor odd-bit signature participants), performing a Z-basis measurement on the sequence of quantum states for each result; and when N-1 is an even number (Even-numbered signed participants), X-base measurements are performed.
E2: however, becausePresence of (2)Not the final key K, signing the participantHave to negotiate with the arbitration manager. Due to the fact thatHas obtained the secret key,Representing modulo-2 addition. However, becauseIn the presence of a gas, or a liquid,the final key is not known, so this protocol flow is not over. Subsequently, the process of the present invention,announcing his (her) key currently available, i.e.. At the same time, arbitration manager publishes notificationsSequence of
E3: arbitration manager and verifier share secret keyArbitration manager and signed participant shared secret keyE.g. sharing a secret key with one of the signing participants Bob(ii) a All keys in the systemAre distributed based on the quantum key distribution protocol. The verifier prepares the set of signing keys and a set of authentication sequences corresponding thereto, i.e.Andwherein,In order to be a hash function of the received signal,it is mainly used for encrypting the signature of the message,the method is mainly used for identifying and authenticating the problem signer when disputes occur;
e4: signing participants Bob use a shared keyThe encryption sequence set isOther signature participants perform operations similar to Bob to encrypt the sequence group, and then each signature participant stores the encrypted sequence group in a database and records the sequence group in a table form(ii) a Final key negotiated by arbitration manager and signature participant in database(i.e. the final key K obtained in step D), i.e. encryption;
E5: if disputes occur, the verifier provides an authentication sequence of the problem signatureGiving the arbitration manager; d, distributing distributed keys according to the final key K and the quantum key obtained from the step D by the arbitration managerAnd problem signature information fed back from the verifierThen the problem signature can be foundThe signer of (1); suppose Bob is the problem signer and its signing key isThe authentication sequence is(ii) a First, the arbitration manager decrypts the key according to the final key K obtained from step DTo obtain(ii) a Distributed keys are then distributed according to quantum key distributionDecryptionTo obtainAnd(ii) a Finally, the arbitration management party can sign information according to the problems fed back from the verifierAnd the corresponding problem signer Bob is found.
The specific implementation of the arbitration quantum signature design method based on the flexible Grover iteration tracking is as follows.
Arbitration quantum signature design overall framework based on Grover iterative flexible tracking
The arbitration quantum signature design method based on Grover iterative flexible tracking is shown in FIG. 1.
The participants involved are as follows:
(a) the signature participant is a representative administrator in the administrator group and is responsible for managing the organization where the legal voter is located, and can perform electronic signature on the vote of the legal voter to enable the vote to be effective.
(b) The arbitration manager is also a uniquely assigned and trusted supervisor, whose primary responsibility is to supervise the group of all administrators, and not attempt to forge the signatures of any administrators in the group.
(c) The system uniquely specifies and trusted validators who do not collude with either party, the main responsibility being to verify validity based on signature information on the ballot. After the votes are validated, the voter discloses the legal votes.
When a dispute occurs, the arbitration manager cannot directly "disclose" the identity of the signer because the key and the corresponding receiver are not recorded. Moreover, the key is a false signature key and authentication sequence for the arbitration manager, and the problem signature cannot be foundThe corresponding signer. The verifier will have an authentication sequence and signatureAnd sending the data to an arbitration manager. In the arbitration process, the arbitration management party negotiates with managers to obtain a final key K, and decrypts the key K in the initial stage stepTo obtainThen distributing the distributed keys using quantum keys(e.g., shared secret keys of signed participants and arbitration managers)) And received from the ticket checkerResolving the signer identity and looking up the corresponding signature key to find the problematic signatureThe signer of (1). In particular, the ticket checker and the arbitration manager verify that the respective management ownsAndwhether or not to satisfyWhereinIs a hash function. If the equality is not satisfied, the ticket checker and the arbitration manager publish that the signature is invalid, otherwise, the signature is accepted.
Application of bait particle blinding
In order to prevent some participants (signing participants or arbitration managers) from obtaining the final key in advance, the proposed scheme provides that all participants start to execute the protocol and detect the eavesdropping process at the same time. Information exchange between participants will only take place if all transmitted quantum states are confirmed to be secure. Otherwise, the channel will close immediately, as shown in FIG. 2, where for ease of description, letIs composed ofThe bits sign the participants. Signing participants from four statesIn preparation ofBait particles (a)Is the error detection rate) and is randomly inserted into the sequenceIn (b) obtaining a sequence. Signing participant markRecording the corresponding state and state value of each bait particleAnd a location. Finally, the signature participants will sequenceAnd sending the data to an arbitration manager. The arbitration management party returns the bait particles to the signing participant after receiving the bait particles, and when the signing participant receives the returned bait particles, each bait particle is measured by using the corresponding classical base to obtain a measurement result. Subsequently, by comparing the state valuesAnd measurement resultsThe signature participant can calculate the value of the phase difference. If the calculated difference does not exceed the threshold, the signing participant publicly informs the arbitration manager that the quantum channel is secure.
Application of the semi-Quantum concept
Semi-quantum secret sharing is the crystallization of classical and quantum domains that can reduce the use of quantum states and the cost of purchasing quantum devices, the concept of which was proposed by Li et al on the basis of the Boyer protocol. Half-quantum secret sharing limits the quantum capability of either the sender or the receiver, so only partial quantum operations can be performed, while an unrestricted party has full quantum capability. The limited party (classical party) can only do the following four operations:
(2) measuring the particles under a classical basis;
(3) returning or sending the particles without any interference;
(4) the particles are reordered by different delay cases.
In the secret sharing process, a single party cannot obtain the secret key, and the secret key can be obtained only through the cooperation of the two parties of the receiver and the sender. At present, the quantum state is difficult to prepare, and the half quantum secret sharing occupies less quantum resources, so that the quantum state can be applied in practice and the operability is enhanced. Therefore, compared to the conventional quantum secret sharing protocol, the half quantum secret sharing technology, which does not require both communication parties to have full quantum capability, is more valuable to practical research.
In the present invention, the arbitration manager can obtain the measurement result R according to the classical base measurement sequence S. The arbitration manager can also prepare a sequence of quantum bits based on the measurement results, combining the key K and the random sequence V. She then rearranges all the qubits of sequence B to form a new sequence of qubits C. The flexible tracking subsystem based on the arbitration quantum group signature is designed according to the semi-quantum secret sharing, so that the quantum resource consumption can be reduced, and the aim of message secret communication can be fulfilled.
Quantum search algorithm
(1) Grover search algorithm principle
And searching the target state in the unordered database, wherein the successful searching times of the classical algorithm are N. However, if the Grover search algorithm is performed, the number of search successes will be reduced toSecond, aboutThe advantage is more pronounced, especially for larger databases, i.e. the larger N. The Grover algorithm can effectively find elements meeting specific requirements from a huge unordered database. The principle of the Grover search algorithm is described as follows:
in quantum computing, a set of N disordered elements may be represented by 2N quantum ground states of a quantum register, one element for each quantum ground state, and the quantum states of the system may be viewed as a superposition of these quantum ground states. Because the elements in a set are unordered, that is, each element has equal probability, the set of unordered elements can be represented by quantum superposition states of equal probability magnitude. Assume the initial state of the system isThen toPerforming H-gate operationsThe later equal probability amplitude quantum superposition state is:
here, the first and second liquid crystal display panels are,is the probability magnitude corresponding to each quantum ground state,is the measured sub-state of the systemThe probability of (c). Unitary operations acting on the system quantum states can be simultaneously performed on each quantum ground state, which is not only the parallelism of quantum computation, but also the basis of the Grover algorithm for improving search efficiency. The basic idea of the Grover algorithm is to repeatedly execute the iteration G of the Grover operator, namely to repeatedly execute two specific unitary operations to change the original probability amplitude of each quantum basic state, finally to maximize the probability amplitude of the corresponding target quantum basic state and approach 1, and then to measure the changed quantum stateTo obtain a high probability of correct solutions.
Two unitary operations are shown below (Andrepresenting different unitary operations in the Grover algorithm, whereinThe state of the target is marked,and searching for a target state. )
WhereinWhich is representative of the value of the target state,represents a database, is unordered, and,。
grover iterations are further described below by FIG. 3 and FIG. 4The method comprises the following specific steps:
to pairExecute oracle operation (O for short), checkElement (1) ofWhether the search problem is met or not, the executed operation is as follows: if it isThen to the target state(black part) byPhase inversion(ii) a If it isThen, thenNot flipped over. At this time, the amplitude of the target state is negative, and the amplitudes of the remaining quantum states are positive. Note:i.e. byWhereinAndthe same is the value of the target state,the operation is constant.
Flipping the probability magnitudes of all states around the average magnitude axis () I.e. the unitary operation used is:as shown in FIG. 4, whereinThe amplitude is significantly increased and the non-target state (white portion) amplitude is significantly decreased.
Finally, repeating the above steps to approximatelyAnd secondly, if the probability is infinitely close to 1, performing measurement operation to achieve the aim of searching a target state with the maximum probability, otherwise, executing the algorithm again.
(2) Nature and theorem of the Grover algorithm
The invention applies the Grover algorithm to the design of the arbitration quantum group blind signature, and fully utilizes the advantage of unitary operation of the Grover algorithm to complete the design of a specific scheme. The scheme assumes the existence of a disordered database of two-particle quantum statesIs shown in whichIs a search target and. Thus, can be inTwo specific unitary operations are repeatedly executed to find out the corresponding target.Is defined as: if it isThen, then(ii) a If it isThen, then(ii) a If it isThen, then(ii) a If it isThen, then。
The Grover algorithm can play a role in secondary acceleration on searching a target key, so that quantum computing resources are saved. The main properties and theorem thereof are described below, belowBoth modulo-2 addition operations:
The following theorems 1 to 3 are to be based on Property 1 and Property 2Is promoted toIn the case of (c).
Theorem 3: is provided with,,,,,,,Wherein. First to each otherPerforming two special unitary operations separatelyAndand then the result is obtainedPerforming measurement based on the calculation base, and setting the measured result asThen, then And R is satisfied。
From theorems 1 and 2, theorems 4 and 5 can be derived, as follows:
Procedure for the preparation of the
Receiving sequences from arbitration managerAfter that, the air conditioner is started to work,first a detection tap is performed with the arbitration manager. After the security of the communication is confirmed,slave sequenceIn order to remove the bait particles, and thenWill obtain a sequence. In the following, the step of,performing a unitary operation on the sequenceCan obtain. When N-1 is odd, (i.e. isFor odd-numbered signed participants), performing a Z-basis measurement on the sequence of quantum states for each result; and when N-1 is an even number (i.e., theEven signed participants) X-base measurements are performed.
The sequence can be obtained by using theorem 4 or theorem 5 described above, respectively.To the sequencePerforming unitary operations for each of two particle statesAfter that, the final sequence can be obtained. Thus, the t-th group of second particles of the sequence S can be described as
(1) Assuming N-1 is an odd number, the t-th set of two-particle states can utilize the Z radicalFor explanation. According to theorem 4, the calculation result isCan be expressed as
Next, the arbitration quantum signature design method according to the present invention is referred to in step CAndwherein, in the step (A),andcan be changed in another way to be expressed asAndthe above formula can be replaced by
Further simplified into
The result is that
However, becauseIn the presence of a gas, or a liquid,and not the final key. The signing participant needs to negotiate further with the arbitration manager.
(2) Assuming N-1 is an even number, the t-th group of two-particle states can be represented by XFor explanation. According to theorem 5, the calculation result isCan be expressed as
Then the arbitration quantum signature design method according to the invention is as mentioned in step CAndwherein the content of the first and second substances,andcan be changed in another way to be expressed asAndthe above formula can be replaced by
Further simplified into
The result is that
However, becausePresence of (2)Not the final key K, signing the participantHave to negotiate with the arbitration manager. Due to the fact thatHas obtained the secret key,Representing modulo-2 addition. However, becauseIn the presence of a gas, or a liquid,the final key is not known, so this protocol flow is not over. Subsequently, the process of the present invention,announcing his (her) key currently available, i.e.. At the same time, arbitration manager publishesSequence of
In this way, the arbitration manager can also obtain the maximumTerminal key. In this way, the arbitration manager and the signature participant successfully complete flexible negotiations and also embody the fairness of the protocol. The negotiation between the other quantum administrators and the arbitration manager is the same as the process performed between the signing participants and the arbitration manager. At this time, if the sequence S can be decoded into a sequenceAnd the signing participant wants to know the key of the arbitration manager, i.e.. Signing participants will measure the sequenceAnd can obtain the results. In addition, the signature participant can also be based onAndthe result of (2) obtaining a key, i.e.. Finally, the signed participant can get the key of the arbitration managerHere, the。
Claims (6)
1. A method for designing an arbitration quantum signature based on Grover iterative flexible tracking comprises the following steps:
s1: in the proposed semi-quantum-arbitrated signature system, each signature participant P1,P2,P3,...,PN-1And the arbitration manager generates a random sequence with the length of 2n as a secret key of the arbitration manager,Is a secret key of the arbitration manager;
s2: each signature participant newly generates two different 2 n-length random sequencesAnd sequenceWherein the participants are signedAccording to a sequenceValue pair sequence of middle elementCarrying out Grover algorithm encryption; signing participantsInserting the encrypted sequences into bait particles to obtain sequencesSending the information to an arbitration manager;
s3: arbitration manager receive sequenceThen returning the bait particles to the signature participant(ii) a The arbitration manager measures the sequence using the classical basisAnd the measurement result and the secret key of the measurement result are usedAnd generating a random sequence of 2n lengthMixing to form a new qubit sequence(ii) a The arbitration manager then inserts the new qubit sequence into the bait particle to obtainTo the next signed participant;
S4: signing participantsReceiving the bait particles returned by the arbitration management party, measuring the difference value between the inserted bait particles and the bait particles returned by the arbitration management party, if the difference value does not exceed the threshold value, declaring that the communication is safe, otherwise, declaring that the communication is invalid; the latter signature participantExecuting and signing participantsThe same detection operation removes the bait particles to obtainThen, thenAnd in S2The same operation pairEncrypted inserted bait particles are sent to the arbitration manager, and then the arbitration manager performs the same operation as S3, and all the rest signed participants repeat the steps to obtain the sequenceInsertion of bait particles to obtain sequencesSending to signed participants;
S5: signing participantsAnd Trent executes detection interception, removes bait particles to obtain a sequence,Performing Grove on the sequencer unitary operation to obtain quantum state sequenceWhen N-1 is an odd number, for the sequence of quantum statesPerforming a Z-basis measurement; when N-1 is an even number, for the sequence of quantum statesPerforming X-based measurements to obtainWhereinGenerating a random sequence in S3 for the arbitration managerWhen the signature is disputed, the arbitration manager will open the sequenceAt this timeAccording toAndget the final keyThe arbitration manager obtains the final key in the same wayThe arbitration manager can base on the final keyAnd the dispute existence signature information fed back by the verification party is used for finding out the signature participants signing the dispute existence signature.
2. The method for designing an arbitrated quantum signature based on Grover iterative flexible tracking according to claim 1, wherein step S1 specifically includes: each signature participant prepared a random sequenceAnd a secret keyThe lengths are all 2 n; then, atFurther prepares a double-particle quantum sequence in a quantum stateWherein,。
3. The method for designing an arbitrated quantum signature based on Grover iterative flexible tracking as claimed in claim 1, wherein step S2 specifically includes: according to random sequencesValue of, signing the participantTo the sequencePerforming Grover unitary operationTo obtain a blinded sequence(ii) a At the same timeFrom four statesIn preparation ofBait particles (a)Is error detection rate) is inserted into the blinded sequenceTo obtain a new sequenceAnd sending the data to an arbitration manager.
5. The method for designing an arbitrated quantum signature based on Grover iterative flexible tracking as claimed in claim 1, wherein step S3 specifically includes: arbitration manager receive sequenceThereafter, the bait particles are returned directly to the signing participant, thus arbitrating the manager from the sequenceTo obtain(ii) a The arbitration manager then measures the sequence based on the classical basis to obtain a measurement result(ii) a Then the arbitrator prepares random sequence with length of 2nAnd secret key of itselfAnd measurement resultsMixing to make a sequenceRearranging all the qubits to finally form a new sequence of qubits(ii) a The arbitration manager also preparesBait particles and inserting the bait particles randomly into the sequenceTo obtain new sequencesTo the next signed participant。
6. The method for designing an arbitrated quantum signature based on Grover iterative flexible tracking according to claim 1, wherein step S4 specifically includes: signing participantsReceiving the bait particles returned by the arbitration manager,measuring each bait particle with a corresponding classical basis to obtain a measurement(ii) a Subsequently, by comparing the state valuesAnd measurement results,Calculate outAnd withThe difference between them; if the difference value does not exceed the threshold value, declaring that the communication is safe, otherwise declaring that the communication is invalid; the latter signature participantExecuting and signing participantsThe same detection operation removes the bait particles to obtainThen, thenAccording to its own private keyTo the sequencePerforming unitary operationsTo obtainAnd by random preparation ofReinsertion of individual bait particlesTo obtainSending to the arbitration manager, then the arbitration manager performs the same operation as S3, and all the remaining signed participants repeat the steps to obtain the sequenceInsertion of bait particles to obtain sequencesTo signed participants。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110517913.0A CN113242135B (en) | 2021-05-12 | 2021-05-12 | Arbitration quantum signature design method based on Grover iterative flexible tracking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110517913.0A CN113242135B (en) | 2021-05-12 | 2021-05-12 | Arbitration quantum signature design method based on Grover iterative flexible tracking |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113242135A CN113242135A (en) | 2021-08-10 |
CN113242135B true CN113242135B (en) | 2022-05-31 |
Family
ID=77133949
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110517913.0A Active CN113242135B (en) | 2021-05-12 | 2021-05-12 | Arbitration quantum signature design method based on Grover iterative flexible tracking |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113242135B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113691374B (en) * | 2021-09-02 | 2022-08-02 | 中国电信股份有限公司 | Data encryption method and device, storage medium and electronic equipment |
CN114938282B (en) * | 2022-07-22 | 2022-12-30 | 中国科学技术大学 | Threshold group signature method and device based on multidimensional quantum system and electronic equipment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224780B (en) * | 2020-03-19 | 2023-06-23 | 广东水利电力职业技术学院(广东省水利电力技工学校) | Arbitration quantum signature method based on XOR encryption |
-
2021
- 2021-05-12 CN CN202110517913.0A patent/CN113242135B/en active Active
Non-Patent Citations (3)
Title |
---|
《Quantum signature scheme based on a quantum search algorithm》;Chun Seok Yoon等;《Physica Scripta》;20141230;全文 * |
《Quantum-assisted QD-CFS signatures》;RafaelTrapaniPossignolo等;《Journal of Computer and System Sciences》;20141016;全文 * |
《多相位Grover量子搜索算法研究》;马博文;《中国优秀硕士学位论文全文数据库信息科技辑》;20190115;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113242135A (en) | 2021-08-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2376651C2 (en) | Using isogenies to design cryptosystems | |
CN111162913B (en) | Arbitration quantum signature method based on glass color sampling random unitary operation | |
CN113242135B (en) | Arbitration quantum signature design method based on Grover iterative flexible tracking | |
CN110574058A (en) | Computer-implemented system and method for performing transaction blending on blockchains | |
CN107615285A (en) | The Verification System and device encrypted including the unclonable function of physics and threshold value | |
CN108737116B (en) | Voting protocol method based on d-dimensional three-quantum entangled state | |
CN112511307A (en) | Quantum secret voting method based on single particle | |
Lai et al. | An efficient quantum blind digital signature scheme | |
Fehr | Quantum cryptography | |
Xia et al. | A secure and efficient authenticated key exchange scheme for smart grid | |
Lai et al. | Efficient k-out-of-n oblivious transfer scheme with the ideal communication cost | |
CN116743395A (en) | Grid password-based threshold ring signature method | |
CN110912695B (en) | Quantum arbitration signature method and system based on six-particle invisible transmission state | |
Lou et al. | Sequential quantum multiparty signature based on quantum fourier transform and chaotic system | |
Jiang | Timed encryption with application to deniable key exchange | |
Wei et al. | A general compiler for password-authenticated group key exchange protocol in the standard model | |
Xin et al. | Identity-based quantum signature based on Bell states | |
CN112019335A (en) | Multi-party cooperative encryption and decryption method, device, system and medium based on SM2 algorithm | |
Liu et al. | An improved protocol for optimistic multi-party fair exchange | |
Wang et al. | A Quantum Concurrent Signature Scheme Based on the Quantum Finite Automata Signature Scheme | |
Debnath et al. | Efficient post-quantum private set-intersection protocol | |
Atashpendar | From information theory puzzles in deletion channels to deniability in quantum cryptography | |
Grigoriev et al. | Secrecy without one-way functions | |
Li et al. | An efficient quantum-resistant undeniable signature protocol for the E-voting system | |
Yang et al. | Strongly authenticated key exchange protocol from bilinear groups without random oracles |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |