CN111224780A - Arbitration quantum signature method based on XOR encryption - Google Patents

Arbitration quantum signature method based on XOR encryption Download PDF

Info

Publication number
CN111224780A
CN111224780A CN202010196798.7A CN202010196798A CN111224780A CN 111224780 A CN111224780 A CN 111224780A CN 202010196798 A CN202010196798 A CN 202010196798A CN 111224780 A CN111224780 A CN 111224780A
Authority
CN
China
Prior art keywords
quantum
particle
trent
bob
alice
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010196798.7A
Other languages
Chinese (zh)
Other versions
CN111224780B (en
Inventor
郑晓毅
苏景军
匡畅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic of Water Resources and Electric Engineering Guangdong Water Resources and Electric Power Technical School
Original Assignee
Guangdong Polytechnic of Water Resources and Electric Engineering Guangdong Water Resources and Electric Power Technical School
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic of Water Resources and Electric Engineering Guangdong Water Resources and Electric Power Technical School filed Critical Guangdong Polytechnic of Water Resources and Electric Engineering Guangdong Water Resources and Electric Power Technical School
Priority to CN202010196798.7A priority Critical patent/CN111224780B/en
Publication of CN111224780A publication Critical patent/CN111224780A/en
Application granted granted Critical
Publication of CN111224780B publication Critical patent/CN111224780B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optics & Photonics (AREA)
  • Optical Communication System (AREA)

Abstract

The invention discloses an arbitration quantum signature method based on XOR encryption, which comprises a signer Alice, a receiver Bob, an arbiter Trent and a three-particle GHZ state quantum key shared by three parties, wherein the three-particle GHZ state is a common entangled resource in quantum communication, and the signature method comprises the following steps: an initialization phase, a signature phase and a verification phase. The signer Alice, the receiver Bob and the arbiter Trent share three particle GHZ states and keep secret for own particle information respectively, the traditional XOR encryption and decryption method is used, quantum messages are encrypted and signed through the shared GHZ states, the flow of a conventional arbitration quantum signature protocol is improved by introducing decoy photon states, the requirements of non-forgeability and non-repudiation are met, and finally, the encryption of the protocol does not involve a complex encryption method or complex quantum operation, so that the method is more practical than other methods.

Description

Arbitration quantum signature method based on XOR encryption
Technical Field
The invention relates to the technical field of quantum cryptography, in particular to an arbitration quantum signature method based on XOR encryption.
Background
As the work on AQS research has progressed, some researchers have begun investigating the security of protocols. In 2011, Gao et al indicated that AQS based on quantum one-time pad encryption has a security hole. This is because the Pauli operations used in encryption are commutative, so the recipient can forge a quantum signature. Choi et al subsequently proposed an AQS protocol that was resistant to the attack method reported by Gao et al. This is based on improved QOTP encryption. However, paper et al indicates that this method does not prevent the recipient from forging the signature. Instead, they use the mixed-key quantum encryption concept proposed in the art to design a multiple encryption method that can be applied to the quantum signature protocol. In 2015, Li et al proposed a new AQS protocol based on chained CNOT operation. The protocol encrypts quantum messages by using chained CNOT operations and is resistant to signature forgery that Pauli operations can produce. Later, Roman et al also proposed a new method of forgery attack against the plum protocol. In this regard, in 2017, sheet et al used the idea of key control to improve the chained CONT operation for encrypting quantum messages. The protocol enhances the ability to resist forgery attacks by introducing a shared key-controlled permutation operation to reorder the location of quantum messages. However, the requirements for quantum operation in the protocol are so high that the protocol is difficult to implement in practical conditions.
All AQS protocols should have two basic security conditions: non-forgeability and non-repudiation. To improve the security of the protocol, most AQS protocols are designed for enhancing the security of quantum message encryption and quantum signatures. Although the security performance is improved, more quantum resources and quantum operations are consumed, which increases the difficulty of practical application, and for this reason, an arbitration quantum signature method based on XOR encryption is proposed to solve the above problems.
Disclosure of Invention
The present invention aims to provide an arbitration quantum signature method based on XOR encryption to solve the problems proposed in the above background art.
In order to achieve the purpose, the invention provides the following technical scheme: an arbitration quantum signature method based on XOR encryption comprises a signer Alice, a receiver Bob, an arbiter Trent and three parties sharing three partiesThe particle GHZ state quantum key, the three particle GHZ states are common entangled resources in quantum communication, and the three particle GHZ states are represented by an expression (1):
Figure BDA0002417920350000021
performing a unitary Hadamard operation (H operation) on all three particles, expression (2) can be obtained:
Figure BDA0002417920350000022
the signature method according to the three-particle GHZ state quantum key is as follows:
A. initialization phase
(I1) Trent prepares n + d set GHZ state, and performs Hadamard operation on each of three particles in GHZ state, and can obtain expression (3):
Figure BDA0002417920350000023
for each GHZ state particle, the Trent reserves one particle and distributes the other two particles to Alice and Bob respectively;
(I2) the method for Trent to randomly use the d group GHZ state in the n + d group GHZ state to verify the safety of the transmission channel comprises the following steps: trent randomly selects a measurement base for particles reserved in a randomly selected d-group GHZ state, wherein the Z base { |0>,|1>} or X base { | +>,|->And fourthly, making single-particle-based measurement, recording a measurement result according to a certain recording rule, and then, Trent publishes d-group GHZ-state specific positions and specific measurement-based information Mi={M1,M2,M3...Md},Md∈{X,Z};
(I3) According to the information published by Alice and Bob, Trent calculates the quantum transmission error rate according to the expression (2), if the error rate exceeds a certain threshold value, the quantum channel is considered to be unsafe due to wiretapping, at the moment, all entangled particles are discarded, the protocol is terminated, on the contrary, the communication channel can be considered to be safe, and three parties continue to complete the protocol by using the remaining n groups of GHZ states;
B. signature phase
(S1) Alice prepares the signed quantum message as in expression (4):
Figure BDA0002417920350000031
wherein | ai|2+|bi|21 and Alice prepares three identical quantum messages
Figure BDA0002417920350000032
Simultaneously randomly generating an n-bit binary parameter r, and then encrypting | P>To quantum pseudorandom string | P'>As expressed by expression (5): l P'>=Er(|P>);
(S2) Alice uses the particle sequence A of n groups of GHZ states to make three copies of | P'>Performs a controlled not gate (CNOT) operation, as in expression (6):
Figure BDA0002417920350000033
(S3) Alice prepares enough decoy photon states | D>,|D>Is randomly in { |0>,|1>,|+>,|->One of the four single particle states, then Alice will trick the photon state | D>Insert | P'>And two other sets of particle sequences
Figure BDA0002417920350000041
To form two new particle sequences { | P'>,|D>And
Figure BDA0002417920350000042
then the two groups of particle sequences are respectively sent to Trent and Bob;
C. verification phase
(V1) after the Trent receives the particle sequence sent by Alice, the Alice tells the Trent the detailed information of the decoy photon state | D > so that the Trent can measure and calculate the error rate to finish the eavesdropping detection, if the error rate is zero or is lower than a specific threshold value, the eavesdropping behavior can be considered to be absent, the Trent removes the decoy photon state | D > and declares the protocol to continue, and if not, the protocol is terminated;
(V2) when Bob receives the particle sequence, he detects the presence or absence of eavesdropping on the communication channel in the same way. If eavesdropping behavior is found, the protocol is terminated. Otherwise, Bob deletes the decoy photon state | D>Then using the particle sequence B in the n groups of GHZ states held by him to one of the particle sequences
Figure BDA0002417920350000043
Perform a CNOT operation, such as expression (7):
Figure BDA0002417920350000044
(V3) Bob prepares the decoy photon state | D again as shown in (S3)>Then randomly inserted into
Figure BDA0002417920350000045
Formation of a novel particle sequence
Figure BDA0002417920350000046
Bob then sends this new particle sequence to Trent, leaving another particle sequence in his hand
Figure BDA0002417920350000047
(V4) after Trent receives the particle sequence from Bob, it performs eavesdropping detection in the same way as before, and if no eavesdropping behavior is detected, Trent will remove the decoy photon state | D>And using the particle sequence T in the n groups of GHZ states in the hand to pair the particle sequences
Figure BDA0002417920350000048
Perform a CNOT operation, such as expression (8):
Figure BDA0002417920350000049
and verified by quantum state comparison techniques, then Trent prepares the bait photon state | D in the same way>And randomly insert
Figure BDA0002417920350000051
Form a newOf the particle sequence
Figure BDA0002417920350000052
And send it to Bob;
(V5) Bob receives the particle sequence, performs channel security check according to the previous method, and determines whether to continue the protocol and store Alice's quantum signature.
In a preferred embodiment, the unitary Hadamard operation H is:
Figure BDA0002417920350000053
and
Figure BDA0002417920350000054
the expression (2) shows that under the condition of taking z group as measuring base to measure single particle group, the measuring result of GHZ state after H conversion is written into binary number, wherein '0' represents measuring result |0>And "1" represents the measurement result |1>It can be easily found that the measurement results of the three particles satisfy the classic exclusive-or relationship.
In a preferred embodiment, in step a, the recording rule is as follows, "0" represents the measurement results { |0>, | + >, and "1" represents the measurement results { |1>, | - >.
In a preferred embodiment, the encryption method E is performed in step (S1)rComprises the following steps: when r isiWhen 1, pi>Performing a unitary transformation X transform, i.e. X ═ 0><1|+|1><0|, when riWhen 0, then pi>Performing an I-identity transformation, i.e. I ═ 0><0|+|1><1 l, it can be easily seen that the corresponding decryption method E'r=Er
In a preferred embodiment, in step (V4), the quantum state comparison technique is verified as:
Figure BDA0002417920350000055
if the two are equal, Trent prepares | VT>=|1>Otherwise preparing | VT>=|0>And if equal, Trent will again be on the particle sequence
Figure BDA0002417920350000056
Perform a CNOT operation, such as expression (9):
Figure BDA0002417920350000057
in a preferred embodiment, in step (V5), the security is checked by deleting the bait photon state | D by Bob if there is no eavesdropping action>And judging whether | VT>=|1>If so, Bob pairs the particle sequence using the particle sequence B of the n sets of GHZ states in his hand
Figure BDA0002417920350000061
Perform a CNOT operation, such as expression (10):
Figure BDA0002417920350000062
later, Bob verified using quantum state comparison techniques, as expressed in expression (11):
Figure BDA0002417920350000063
if the two are equal, Bob publishes | VB>=|0>Rejecting Alice's signature and terminating the protocol, otherwise, Bob notifies Alice to declare parameter r, and through Alice's issued parameter r, Bob will restore | P '>To | P>=E'r|P'>And store
Figure BDA0002417920350000064
As the quantum signature of Alice.
Compared with the prior art, the invention has the beneficial effects that: in the method, a signer Alice, a receiver Bob and an arbiter Trent share three particle GHZ states and respectively keep secret on particle information of the signer Alice, the receiver Bob and the arbiter Trent, different from other protocols which adopt a quantum one-time pad encryption method or a chain CNOT encryption method, the protocol borrows the traditional XOR encryption and decryption method, the quantum information is encrypted and signed through the shared GHZ states, the flow of the conventional arbitration quantum signature protocol is improved by introducing decoy photon states, the requirements of non-forgeability and non-repudiation are realized, and finally, the encryption of the protocol does not involve a complex encryption method or complex quantum operation, so the method is more practical than other protocols.
Drawings
FIG. 1 is a detailed process diagram of the initialization phase of the present invention;
FIG. 2 is a diagram illustrating the signature phase of the present invention;
FIG. 3 is a diagram illustrating the verification phase of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-3, the present invention provides a technical solution: an arbitration quantum signature method based on XOR encryption comprises a signer Alice, a receiver Bob, an arbiter Trent and a three-party shared three-particle GHZ state quantum key, wherein the three-particle GHZ state is an entangled resource commonly used in quantum communication, and is represented by an expression (1):
Figure BDA0002417920350000071
performing a unitary Hadamard operation (H operation) on all three particles, expression (2) can be obtained:
Figure BDA0002417920350000072
the unitary Hadamard operation H is:
Figure BDA0002417920350000073
and
Figure BDA0002417920350000074
the expression (2) shows that under the condition of taking z group as measuring base to measure single particle group, the measuring result of GHZ state after H conversion is written into binary number, wherein '0' represents measuring result |0>And "1" represents the measurement result |1>Can easily findAnd if the measurement results of the three particles meet the classical exclusive-or relationship, the method for signing the quantum key according to the three-particle GHZ state is as follows:
A. initialization phase
(I1) Trent prepares n + d set GHZ state, and performs Hadamard operation on each of three particles in GHZ state, and can obtain expression (3):
Figure BDA0002417920350000075
for each GHZ state particle, the Trent reserves one particle and distributes the other two particles to Alice and Bob respectively;
(I2) the method for Trent to randomly use the d group GHZ state in the n + d group GHZ state to verify the safety of the transmission channel comprises the following steps: trent randomly selects a measurement base for particles reserved in a randomly selected d-group GHZ state, wherein the Z base { |0>,|1>} or X base { | +>,|->And (6) carrying out single-particle-based measurement, and recording the measurement result according to a certain recording rule, wherein the recording rule is as follows, and 0 represents the measurement result { |0>,|+>And "1" represents the measurement result { |1>,|->Trent then publishes d group d specific positions of GHZ states and specific measurement base information Mi={M1,M2,M3...Md},Md∈{X,Z};
(I3) According to the information published by Alice and Bob, Trent calculates the quantum transmission error rate according to the expression (2), if the error rate exceeds a certain threshold value, the quantum channel is considered to be unsafe due to wiretapping, at the moment, all entangled particles are discarded, the protocol is terminated, on the contrary, the communication channel can be considered to be safe, and three parties continue to complete the protocol by using the remaining n groups of GHZ states;
B. signature phase
(S1) Alice prepares the signed quantum message as in expression (4):
Figure BDA0002417920350000081
wherein | ai|2+|bi|21 and Alice prepares three identical quantum messages
Figure BDA0002417920350000082
Simultaneously randomly generating an n-bit binary parameter r, and then encrypting | P>To quantum pseudorandom string | P'>As expressed by expression (5): l P'>=Er(|P>) And an encryption method ErComprises the following steps: when r isiWhen 1, pi>Performing a unitary transformation X transform, i.e. X ═ 0><1|+|1><0|, when riWhen 0, then pi>Performing an I-identity transformation, i.e. I ═ 0><0|+|1><1 l, it can be easily seen that the corresponding decryption method E'r=Er
(S2) Alice uses the particle sequence A of n groups of GHZ states to make three copies of | P'>Performs a controlled not gate (CNOT) operation, as in expression (6):
Figure BDA0002417920350000091
(S3) Alice prepares enough decoy photon states | D>,|D>Is randomly in { |0>,|1>,|+>,|->One of the four single particle states, then Alice will trick the photon state | D>Insert | P'>And two other sets of particle sequences
Figure BDA0002417920350000092
To form two new particle sequences { | P'>,|D>And
Figure BDA0002417920350000093
then the two groups of particle sequences are respectively sent to Trent and Bob;
C. verification phase
(V1) after the Trent receives the particle sequence sent by Alice, the Alice tells the Trent the detailed information of the decoy photon state | D > so that the Trent can measure and calculate the error rate to finish the eavesdropping detection, if the error rate is zero or is lower than a specific threshold value, the eavesdropping behavior can be considered to be absent, the Trent removes the decoy photon state | D > and declares the protocol to continue, and if not, the protocol is terminated;
(V2) when Bob receives the particle sequence, he detects the presence or absence of eavesdropping on the communication channel in the same way. If eavesdropping behavior is found, the protocol is terminated. Otherwise, Bob deletes the decoy photon state | D>Then using the particle sequence B in the n groups of GHZ states held by him to one of the particle sequences
Figure BDA0002417920350000094
Perform a CNOT operation, such as expression (7):
Figure BDA0002417920350000095
(V3) Bob prepares the decoy photon state | D again as shown in (S3)>Then randomly inserted into
Figure BDA0002417920350000096
Formation of a novel particle sequence
Figure BDA0002417920350000097
Bob then sends this new particle sequence to Trent, leaving another particle sequence in his hand
Figure BDA0002417920350000101
(V4) after Trent receives the particle sequence from Bob, it performs eavesdropping detection in the same way as before, and if no eavesdropping behavior is detected, Trent will remove the decoy photon state | D>And using the particle sequence T in the n groups of GHZ states in the hand to pair the particle sequences
Figure BDA0002417920350000102
Perform a CNOT operation, such as expression (8):
Figure BDA0002417920350000103
and verified as follows by a quantum state comparison technology:
Figure BDA0002417920350000104
if the two are equal, Trent prepares | VT>=|1>Otherwise preparing | VT>=|0>And is combined withAnd if equal, Trent will again be on the particle sequence
Figure BDA0002417920350000105
Perform a CNOT operation, such as expression (9):
Figure BDA0002417920350000106
subsequently, Trent prepares bait photon state | D in the same manner>And randomly insert
Figure BDA0002417920350000107
Formation of a novel particle sequence
Figure BDA0002417920350000108
And send it to Bob;
(V5) when Bob receives the particle sequence, channel security checks are performed as before, and if there is no eavesdropping action, Bob deletes the bait photon state | D>And judging whether | VT>=|1>If so, Bob pairs the particle sequence using the particle sequence B of the n sets of GHZ states in his hand
Figure BDA0002417920350000109
Perform a CNOT operation, such as expression (10):
Figure BDA00024179203500001010
later, Bob verified using quantum state comparison techniques, as expressed in expression (11):
Figure BDA00024179203500001011
if the two are equal, Bob publishes | VB>=|0>Rejecting Alice's signature and terminating the protocol, otherwise, Bob notifies Alice to declare parameter r, and through Alice's issued parameter r, Bob will restore | P '>To | P>=E'r|P'>And store
Figure BDA00024179203500001012
As the quantum signature of Alice.
After signing, the method can be subjected to security analysis, and a secure quantum signature protocol has two basic characteristics of (1) non-forgeability, which means that an attacker (including a dishonest receiver Bob) cannot maliciously forge the signature. (2) Undeniable, i.e. the signer cannot reject the signature, the recipient cannot reject the received signature. In this protocol, when Alice and Bob disagree on the signatures, Trent will act as an arbitrator to resolve the divergence, and thus Trent is absolutely secure and reliable in our protocol. Below, we will analyze our protocol to satisfy the non-forgeability and non-repudiation, proving that it is secure under some existing attack methods:
non-forgeability
If an external eavesdropper Eve wants to forge Alice's signature, the only way is to obtain all the state information of the particles in the GHZ state that the three parties share in the protocol initialization phase, but this is obviously not possible. There are generally three common eavesdropping methods, interception-retransmission, measurement-retransmission, and entanglement measurement attacks. Eve cannot steal messages using these three methods because she cannot know the specific location and specific measurement basis of the d-set of GHZ states that are randomly used for authentication. Therefore, if there is an eavesdropping behavior, the error rate in the channel verification process in the initialization phase will be high, and the eavesdropping behavior will be inevitably detected.
It can be seen that absolute secure quantum key distribution based on the GHZ state is the basis of our proposed arbitration quantum signature. In addition, decoy photon states are introduced during the initialization, signature and verification phases of the protocol so as to detect any eavesdropping behavior in time, thereby preventing an external eavesdropper from stealing any useful information.
Now consider an insider attacker and a dishonest receiver Bob. He cannot forge Alice's signature because of the encrypted message | P'>Is sent directly by Alice to the arbiter Trent. In the protocol process, decoy photon state | D for channel security detection is also introduced>. This means that Bob cannot know | P 'until Trent sends authentication information back to Bob'>Any of (3). Therefore, Bob is unlikely to forge
Figure BDA0002417920350000121
To make
Figure BDA0002417920350000122
(X2) non-repudiation
For non-repudiation, neither Alice nor Bob can deny the validity of the signature because the GHZ state in the respective hands is only known to themselves in the specific state information.
Suppose Alice has signed an encrypted quantum message | P'>And corresponding quantum signatures
Figure BDA0002417920350000123
She cannot deny her signature issued for Bob. In other words, Alice excludes the corresponding quantum signature
Figure BDA0002417920350000124
In addition, other quantum message signatures cannot be forged
Figure BDA0002417920350000125
This is because, on the premise of the secure distribution of GHZ state, Alice cannot obtain any information of the GHZ state particles owned by Bob, and therefore it is impossible to forge another message signature in addition to the legitimate message signature
Figure BDA0002417920350000126
To replace
Figure BDA0002417920350000127
The Trent verification is passed. This means that
Figure BDA0002417920350000128
Cannot be established.
Also, in this protocol, message | P 'is encrypted'>Is directly sent to the arbitrator Trent by Alice, and the corresponding mail signature is verified in Trent
Figure BDA0002417920350000129
And return to
Figure BDA00024179203500001210
Before giving Bob, Bob isCannot obtain | P'>Any of (3).
Bob need only be able to accept her signature and dispute once Alice attempts to deny her acceptance
Figure BDA00024179203500001211
And sending the information to Trent for judgment. Trent will determine that the signature must be signed by Alice. In addition, decoy photon state | D is introduced into the whole protocol>Therefore, any attempt by Alice to alter the signature verification information
Figure BDA00024179203500001212
And
Figure BDA00024179203500001213
must be discovered.
The recipient deny means that Bob denies his receipt of the quantum information | P>The signature of (2). Based on the premise of GHZ state safe distribution, three parties only know the information of GHZ state particles in the hands of the three parties, but not the particle information of other two parties, so that Bob cannot know two groups of CNOT operations CNOTA and CNOTT. Thus, if Bob wants to get quantum message | P>And the corresponding quantum signature, he cannot deny him receipt of
Figure BDA0002417920350000131
And a parameter r. In particular when, in the case of,
Figure BDA0002417920350000132
bob cannot claim out
Figure BDA0002417920350000133
Since he needs Alice to issue a parameter r to recover the quantum message | P>. Otherwise, he will not get the correct quantum signature
Figure BDA0002417920350000134
Therefore, Bob cannot reject the quantum signature;
(X3) efficiency comparison
In the field of quantum cryptography, research on quantum signatures is being deepened. Many quantum signature protocols have been proposed so far, and many good ideas have also been proposed in the design of arbitrated quantum signatures. However, there are still some security holes in such protocols. Particularly in the core part of the protocol, the quantum signature encryption algorithm uses relatively complicated encryption operations, which undoubtedly increases the difficulty of implementation in practical applications. Moreover, this approach is also ineffective in preventing counterfeit signatures.
The quantum arbitration signature protocol does not adopt any form of quantum one-time pad encryption method, and does not adopt an encryption method based on chain type CNOT operation or combination of the chain type CNOT operation and key control. In contrast, since the three-party shared GHZ-state key satisfies the classical XOR relationship, the protocol encrypts and signs the quantum message using a CNOT operation (in effect, XOR encryption).
Although the three parties keep secret on own GHZ state particle information, the particles owned by the three parties meet the XOR relation, so that quantum messages and signatures can be verified and decrypted. By introducing decoy photon states and improving the flow of conventional quantum signature protocols, we have found that the protocol can also meet the requirements of arbitrating the non-forgeability and non-repudiation of quantum signatures. Finally, the most basic requirement of the protocol is the safe distribution of the three-particle GHZ state, which is also ensured by the safety detection in the whole protocol process. Thus, the solution proposed herein is safe and effective.
In summary, in this protocol, the signer Alice, the receiver Bob and the arbitrator Trent share the three-particle GHZ state and keep their own particle information secret. Different from other protocols which adopt a quantum one-time pad encryption method or a chain CNOT encryption method. The protocol encrypts and signs the quantum message by sharing the GHZ state by using the traditional XOR encryption and decryption method. By introducing decoy photon states, the flow of the conventional arbitration quantum signature protocol is improved, and the requirements of non-forgeability and non-repudiation are met. Finally, it can be seen that the encryption of this protocol does not involve complex encryption methods or complex quantum operations and is therefore more practical than other protocols.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (6)

1. An arbitration quantum signature method based on XOR encryption comprises a signer Alice, a receiver Bob, an arbiter Trent and a three-party shared three-particle GHZ state quantum key, and is characterized in that: the three-particle GHZ state is an entangled resource commonly used in quantum communication, and is represented by an expression (1):
Figure FDA0002417920340000011
performing a unitary Hadamard operation (H operation) on all three particles, expression (2) can be obtained:
Figure FDA0002417920340000012
the signature method according to the three-particle GHZ state quantum key is as follows:
A. initialization phase
(I1) Trent prepares n + d set GHZ state, and performs Hadamard operation on each of three particles in GHZ state, and can obtain expression (3):
Figure FDA0002417920340000013
for each GHZ state particle, the Trent reserves one particle and distributes the other two particles to Alice and Bob respectively;
(I2) the method for Trent to randomly use the d group GHZ state in the n + d group GHZ state to verify the safety of the transmission channel comprises the following steps: trent randomly selects a measurement base for particles reserved in a randomly selected d-group GHZ state, wherein the Z base { |0>,|1>} or X base { | +>,|->And fourthly, making single-particle-based measurement, recording a measurement result according to a certain recording rule, and then, Trent publishes d-group GHZ-state specific positions and specific measurement-based information Mi={M1,M2,M3...Md},Md∈{X,Z};
(I3) According to the information published by Alice and Bob, Trent calculates the quantum transmission error rate according to the expression (2), if the error rate exceeds a certain threshold value, the quantum channel is considered to be unsafe due to wiretapping, at the moment, all entangled particles are discarded, the protocol is terminated, on the contrary, the communication channel can be considered to be safe, and three parties continue to complete the protocol by using the remaining n groups of GHZ states;
B. signature phase
(S1) Alice prepares the signed quantum message as in expression (4):
Figure FDA0002417920340000021
wherein | ai|2+|bi|21 and Alice prepares three identical quantum messages
Figure FDA0002417920340000022
Simultaneously randomly generating an n-bit binary parameter r, and then encrypting | P>To quantum pseudorandom string | P'>As expressed by expression (5): l P'>=Er(|P>);
(S2) Alice uses the particle sequence A of n groups of GHZ states to make three copies of | P'>Performs a controlled not gate (CNOT) operation, as in expression (6):
Figure FDA0002417920340000023
(S3) Alice prepares enough decoy photon states | D>,|D>Is randomly in { |0>,|1>,|+>,|->One of the four single particle states, then Alice will trick the photon state | D>Insert | P'>And two other sets of particle sequences
Figure FDA0002417920340000024
To form two new particle sequences { | P'>,|D>And
Figure FDA0002417920340000025
then the two groups of particle sequences are respectively sent to Trent and Bob;
C. verification phase
(V1) after the Trent receives the particle sequence sent by Alice, the Alice tells the Trent the detailed information of the decoy photon state | D > so that the Trent can measure and calculate the error rate to finish the eavesdropping detection, if the error rate is zero or is lower than a specific threshold value, the eavesdropping behavior can be considered to be absent, the Trent removes the decoy photon state | D > and declares the protocol to continue, and if not, the protocol is terminated;
(V2) when Bob receives the particle sequence, he detects the presence or absence of eavesdropping on the communication channel in the same way. If eavesdropping behavior is found, the protocol is terminated. Otherwise, Bob deletes the decoy photon state | D>Then using the particle sequence B in the n groups of GHZ states held by him to one of the particle sequences
Figure FDA0002417920340000031
Perform a CNOT operation, such as expression (7):
Figure FDA0002417920340000032
(V3) Bob prepares the decoy photon state | D again as shown in (S3)>Then randomly inserted into
Figure FDA0002417920340000033
Formation of a novel particle sequence
Figure FDA0002417920340000034
Bob then sends this new particle sequence to Trent, leaving another particle sequence in his hand
Figure FDA0002417920340000035
(V4) after Trent receives the particle sequence from Bob, it performs eavesdropping detection in the same way as before, and if no eavesdropping behavior is detected, Trent will remove the decoy photon state | D>And using particles in n groups of GHZ states in his handSequence T vs. particle sequence
Figure FDA0002417920340000036
Perform a CNOT operation, such as expression (8):
Figure FDA0002417920340000037
and verified by quantum state comparison techniques, then Trent prepares the bait photon state | D in the same way>And randomly insert
Figure FDA0002417920340000038
Formation of a novel particle sequence
Figure FDA0002417920340000039
And send it to Bob;
(V5) Bob receives the particle sequence, performs channel security check according to the previous method, and determines whether to continue the protocol and store Alice's quantum signature.
2. An arbitrated quantum signing method based on XOR encryption according to claim 1, characterized by: the unitary Hadamard operation H is:
Figure FDA00024179203400000310
and
Figure FDA00024179203400000311
the expression (2) shows that under the condition of taking z group as measuring base to measure single particle group, the measuring result of GHZ state after H conversion is written into binary number, wherein '0' represents measuring result |0>And "1" represents the measurement result |1>It can be easily found that the measurement results of the three particles satisfy the classic exclusive-or relationship.
3. An arbitrated quantum signing method based on XOR encryption according to claim 1, characterized by: in step a, the recording rule is as follows, "0" represents the measurement result { |0>, | + >, and "1" represents the measurement result { |1>, | - >.
4. An arbitrated quantum signing method based on XOR encryption according to claim 1, characterized by: in step (S1), encryption method ErComprises the following steps: when r isiWhen 1, pi>Performing a unitary transformation X transform, i.e. X ═ 0><1|+|1><0|, when riWhen 0, then pi>Performing an I-identity transformation, i.e. I ═ 0><0|+|1><1 l, it can be easily seen that the corresponding decryption method E'r=Er
5. An arbitrated quantum signing method based on XOR encryption according to claim 1, characterized by: in step (V4), the quantum state comparison technique verifies that:
Figure FDA0002417920340000041
if the two are equal, Trent prepares | VT>=|1>Otherwise preparing | VT>=|0>And if equal, Trent will again be on the particle sequence
Figure FDA0002417920340000042
Perform a CNOT operation, such as expression (9):
Figure FDA0002417920340000043
6. an arbitrated quantum signing method based on XOR encryption according to claim 1, characterized by: in step (V5), the security is checked by deleting bait photon state | D by Bob if there is no eavesdropping action>And judging whether | VT>=|1>If so, Bob pairs the particle sequence using the particle sequence B of the n sets of GHZ states in his hand
Figure FDA0002417920340000044
Perform a CNOT operation, such as expression (10):
Figure FDA0002417920340000045
later, Bob verified using quantum state comparison techniques, as expressed in expression (11):
Figure FDA0002417920340000046
if the two are equal, Bob publishes | VB>=|0>Rejecting Alice's signature and terminating the protocol, otherwise, Bob notifies Alice to declare parameter r, and through Alice's issued parameter r, Bob will restore | P '>To | P>=E’r|P'>And store
Figure FDA0002417920340000051
As the quantum signature of Alice.
CN202010196798.7A 2020-03-19 2020-03-19 Arbitration quantum signature method based on XOR encryption Active CN111224780B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010196798.7A CN111224780B (en) 2020-03-19 2020-03-19 Arbitration quantum signature method based on XOR encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010196798.7A CN111224780B (en) 2020-03-19 2020-03-19 Arbitration quantum signature method based on XOR encryption

Publications (2)

Publication Number Publication Date
CN111224780A true CN111224780A (en) 2020-06-02
CN111224780B CN111224780B (en) 2023-06-23

Family

ID=70828450

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010196798.7A Active CN111224780B (en) 2020-03-19 2020-03-19 Arbitration quantum signature method based on XOR encryption

Country Status (1)

Country Link
CN (1) CN111224780B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113242135A (en) * 2021-05-12 2021-08-10 华东交通大学 Arbitration quantum signature design method based on Grover iterative flexible tracking
CN113849862A (en) * 2021-09-23 2021-12-28 北京印刷学院 Quantum signature method based on secret sharing
CN114938282A (en) * 2022-07-22 2022-08-23 中国科学技术大学 Threshold group signature method and device based on multidimensional quantum system and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124275A (en) * 2017-06-13 2017-09-01 苏州大学 A kind of serial cryptographic key distribution method of dynamic based on GHZ states
CN110635907A (en) * 2019-11-07 2019-12-31 广东水利电力职业技术学院(广东省水利电力技工学校) Controlled quantum conversation method with identity authentication function based on GHZ-like state

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124275A (en) * 2017-06-13 2017-09-01 苏州大学 A kind of serial cryptographic key distribution method of dynamic based on GHZ states
CN110635907A (en) * 2019-11-07 2019-12-31 广东水利电力职业技术学院(广东省水利电力技工学校) Controlled quantum conversation method with identity authentication function based on GHZ-like state

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113242135A (en) * 2021-05-12 2021-08-10 华东交通大学 Arbitration quantum signature design method based on Grover iterative flexible tracking
CN113849862A (en) * 2021-09-23 2021-12-28 北京印刷学院 Quantum signature method based on secret sharing
CN114938282A (en) * 2022-07-22 2022-08-23 中国科学技术大学 Threshold group signature method and device based on multidimensional quantum system and electronic equipment
CN114938282B (en) * 2022-07-22 2022-12-30 中国科学技术大学 Threshold group signature method and device based on multidimensional quantum system and electronic equipment

Also Published As

Publication number Publication date
CN111224780B (en) 2023-06-23

Similar Documents

Publication Publication Date Title
Wang et al. One-time proxy signature based on quantum cryptography
Zeng et al. Arbitrated quantum-signature scheme
CN110213060B (en) Non-entanglement quantum blind signature method and system based on quantum walking
CN111224780B (en) Arbitration quantum signature method based on XOR encryption
CN111092733B (en) Quantum blind double signature method for resisting collective noise
CN110071814B (en) Quantum blind signature method and system based on Bell state entanglement exchange
CN109787770B (en) Public key arbitration quantum signature protocol based on quantum block encryption
Shi et al. Batch proxy quantum blind signature scheme
Shen et al. Quantum dialogue with authentication based on Bell states
Yu-Guang et al. Scalable arbitrated quantum signature of classical messages with multi-signers
CN110166251B (en) Semi-quantum group signature method and system based on quantum walking
CN107947941A (en) A kind of Hamilton quantum arbitrated signature and verification method based on the blind calculating of quantum
Zhou et al. Quantum deterministic key distribution protocols based on the authenticated entanglement channel
CN111082937B (en) Bidirectional identity authentication method based on single photon
CN110635907B (en) Controlled quantum conversation method with identity authentication function based on GHZ-like state
CN116318702A (en) Multi-particle GHZ state-based semi-quantum ring signature method and device
CN110912695B (en) Quantum arbitration signature method and system based on six-particle invisible transmission state
Zheng et al. Arbitration quantum signature protocol based on XOR encryption
CN110932856B (en) Verifiable quantum key negotiation method
Huang et al. Authenticated quantum key distribution with collective detection using single photons
CN113938275A (en) Quantum homomorphism signature method based on d-dimensional Bell state
Zhao et al. A novel quantum sequential signature protocol with Y-SNOP states
Zhong et al. A quantum partially blind signature scheme without entanglement
Shi et al. The security analysis of a threshold proxy quantum signature scheme
CN114938282B (en) Threshold group signature method and device based on multidimensional quantum system and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant