CN114745129A - Reference system independent quantum digital signature method - Google Patents

Reference system independent quantum digital signature method Download PDF

Info

Publication number
CN114745129A
CN114745129A CN202210344383.9A CN202210344383A CN114745129A CN 114745129 A CN114745129 A CN 114745129A CN 202210344383 A CN202210344383 A CN 202210344383A CN 114745129 A CN114745129 A CN 114745129A
Authority
CN
China
Prior art keywords
bob
charlie
alice
probability
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210344383.9A
Other languages
Chinese (zh)
Other versions
CN114745129B (en
Inventor
姬亮
张春辉
王琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN202210344383.9A priority Critical patent/CN114745129B/en
Publication of CN114745129A publication Critical patent/CN114745129A/en
Application granted granted Critical
Publication of CN114745129B publication Critical patent/CN114745129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

The invention provides a reference system independent quantum digital signature method, which is applied to a quantum signature system. The quantum digital signature system comprises three participants of Alice, Bob and Charlie at a user end, wherein Alice belongs to a signer, and Bob and Charlie belong to a signee. The method comprises a key distribution stage and a message stage, wherein a key is generated by using a reference frame independent quantum key distribution protocol in the key distribution stage, and then quantum digital signature is completed by using the key generated by the above process in the message stage. The protocol can still keep a higher signature rate under the condition of a larger deflection angle between user reference frames, and the performance of the protocol is superior to that of the existing BB84 quantum digital signature protocol.

Description

Reference system independent quantum digital signature method
Technical Field
The invention belongs to the field of quantum digital signature in quantum communication, and particularly relates to a reference system independent quantum digital signature method.
Background
Digital signatures are an important cryptographic protocol and are widely used in modern telecommunications, such as in the context of distributing mail and electronic finance. Most classical Digital signatures, such as RSA, DSA (Digital Signature Algorithm) and ecdsa (explicit customer Digital Signature Algorithm), rely on computational complexity for security. Unfortunately, with the advent of quantum computing, classical digital signatures have been compromised. In the quantum computing era, secure digital signatures are urgently needed. Compared with the classical Digital Signature, the Quantum Digital Signature (QDS) is based on the Quantum mechanics theory, and can ensure the security of communication in the aspect of information theory. The first quantum protocol was proposed by both d.gottesman and i.chuang. In this protocol, quantum storage and non-destructive behavior alignment techniques for long periods of time and quantum channels without eavesdropping are required to be satisfied. These requirements are difficult to achieve experimentally. Following this protocol, a number of quantum digital signature protocols have been proposed and implemented experimentally. Amiri et al, among others, proposes a quantum digital signature protocol that does not require a secure quantum channel, allowing the quantum channel to be eavesdropped by a third party. In this protocol, the sender and receiver prepare the key during KGP. However, in the quantum key distribution process, the reference systems of the two communicating parties need to be aligned to be consistent. They need to be polarization-consistent or interference-stable, which requires a large amount of resources, for example, it is impractical to implement a common polarization reference frame in terrestrial and satellite quantum communications.
Disclosure of Invention
The invention aims to provide a reference system independent quantum digital signature method aiming at the defects of the prior art, which is applied to a quantum digital signature system, adopts a reference system independent quantum key distribution method in a key generation stage, does not need to calibrate the reference systems of both communication sides, reduces unnecessary communication cost loss and reduces technical difficulty.
The technical scheme adopted by the invention for solving the technical problem is to adopt a Reference-Frame-Independent Quantum Digital Signature method (Reference-Frame-Independent Quantum Digital Signature), and in the Quantum key distribution process, two communication parties are respectively a sender and a receiver. And the sender and the receiver randomly select from the Z base, the X base and the Y base to perform projection measurement, and publish measurement results. Assuming that the total number of pulses sent by the sender is N, the gain obtained according to the reference system independent protocol
Figure BDA0003575839810000021
And bit error rate
Figure BDA0003575839810000022
The number of pulses and the number of bit errors under different bases can be obtained. And then, by parameter estimation, vacuum state and single photon response counts under different bases can be obtained, and single photon error rates under different bases can be calculated. The information amount intercepted by Eve uses I under a reference system independent protocolEMeasurement, so minimum entropy of Quantum digital signature protocol independent of reference frame
Figure BDA0003575839810000023
Comprises the following steps:
Figure BDA0003575839810000024
the method comprises a sending phase and a message phase. Wherein Alice is the sender and Bob/Charlie is the receiver. In the key distribution stage, Alice and Bob, Alice and Charlie generate bit strings according to a key generation protocol. Wherein Alice sends the quantum state to Bob and Charlie respectively, and Bob (Charlie) quantum state carries out projection measurement. In the message phase, the sender Alice sends Bob and Charlie the message to be signed and the signature. Bob and Charlie match the signature with their own secret key, and determine whether to receive the signature and message according to whether they meet the corresponding threshold conditions.
The method is applied to a Quantum Digital Signature (QDS) transmission system, wherein the QDS transmission system comprises a user side Alice, Bob and Charlie; the method comprises a key distribution stage and a message stage;
in the key distribution stage, Alice serves as a sender and sends N pulses, and Bob and Charlie serve as receivers, and the specific steps are as follows:
(1) in the key generation process, for a quantum key distribution protocol independent of a reference frame, a sender Alice random selection base Z is definedARadical XARadical YATo prepare a send state; receiver random selection base ZB(C)Radical XB(C)Radical YB(C)To measure the received state, where β represents the deflection angle and varies with time。
ZB(C)=ZA
XB(C)=cosβXA+sinβYA
YB(C)=cosβYA-sinβXA
Wherein each of the Z, X and Y groups has two states, one being a positive state, using Z0,X0,Y0One is negative, expressed by Z1,X1,Y1To indicate. In the case of Alice, the code may,
Figure BDA0003575839810000025
Figure BDA0003575839810000031
Figure BDA0003575839810000032
(2) the sender Alice randomly prepares BB84 state and decoy state sequences for signing a single-bit message m to be sent, and sends the single-bit message m to Bob or Charlie. Because two single photon detectors exist at the receiving end, the probability of effective response event under the condition of j-photon transmission is
Figure BDA0003575839810000033
Where d represents the dark count rate.
(3) Bob and Charlie then randomly select X or Z or Y basis for projection measurements and publish the measurement results. For weak coherent state, when the signal state intensity u or decoy state intensity v is lambda, the sending base is xiAThe measuring base is xiB(C)Gain of time is
Figure BDA0003575839810000034
QBER is
Figure BDA0003575839810000035
The following equation is given:
Figure BDA0003575839810000036
Figure BDA0003575839810000037
Figure BDA0003575839810000038
Figure BDA0003575839810000039
Figure BDA00035758398100000310
Figure BDA00035758398100000311
Figure BDA00035758398100000312
wherein lambda belongs to (u, v) and xiAξB(C)∈{ZAZB(C),XAXB(C),XAYB(C),YAXB(C),YAYB(C)};
Figure BDA00035758398100000313
Means that the transmitting side transmits under the condition of the strength of lambda
Figure BDA00035758398100000314
For the receiving party
Figure BDA00035758398100000315
Probability of measurement (others)
Figure BDA00035758398100000316
Figure BDA00035758398100000317
The same thing);
Figure BDA00035758398100000318
representing the Poisson distribution, eta represents the total transmittance of a single photon signal, etadFor detection efficiency, α represents loss rate, S represents transmission distance, edIs the background error code.
(4) Alice and Bob or Charlie carry out base pairing through a public channel, and the result of Z base matching is reserved as an original key, and the X base and the Y base are used for estimating the information content of the eavesdropper.
Definition IEAmount of information obtained by eavesdropping for an eavesdropper:
Figure BDA0003575839810000041
Figure BDA0003575839810000042
Figure BDA0003575839810000043
Figure BDA0003575839810000044
wherein
Figure BDA0003575839810000045
Is xiAξB(C)The maximum upper bound of the fundamental single-photon error rate,
Figure BDA0003575839810000046
and
Figure BDA0003575839810000047
as an intermediate parameter, CEThe eavesdropper acquires the relevant information statistics. H is a binary Shannon entropy function and satisfies H (x) -xlog2(x)-(1-x)log2(1-x)。
(5) And Alice and Bob or Charlie randomly select a part of bits k from the original pulse number N for estimating the error code during channel transmission, and if the error code is too large, the protocol is terminated. Defining the space between Alice and Bob, and the rest n bits after Bob selects part of bits are
Figure BDA0003575839810000048
Alice selects a part of bits and then the remaining n bits are
Figure BDA0003575839810000049
Defining the bit length between Alice and Charlie, and the remaining n bits after Alice selects part of bits are
Figure BDA00035758398100000410
Charlie selects a part of bits and then the remaining n bits are
Figure BDA00035758398100000411
(6) Bob divides the rest n bits of the key into two parts with equal length as the key, and the two parts are respectively recorded as
Figure BDA00035758398100000412
And
Figure BDA00035758398100000413
and will be
Figure BDA00035758398100000414
Sending the information to Charlie through a safe classical channel; in the same way, Charlie divides the rest n bits as keys into two parts with equal length, and respectively records the two parts as the keys
Figure BDA00035758398100000415
And
Figure BDA00035758398100000416
and will be
Figure BDA00035758398100000417
Sending the information to Bob through a secure channel; after the exchange, Bob holds a symmetric key of
Figure BDA00035758398100000418
Charlie holds a symmetric key of
Figure BDA00035758398100000419
In the message phase, the sender Alice signs and the message m to be signed
Figure BDA00035758398100000420
Sent to Bob and Charlie. The message phase includes the steps of:
(7) alice signs and messages (m, Sig)m) Sent to the receiver Bob, SigmRepresents a signature on a message m, wherein
Figure BDA0003575839810000051
(8) Signature sent by Bob through Alice
Figure BDA0003575839810000052
Symmetric key held with itself
Figure BDA0003575839810000053
Comparing the corresponding positions respectively, and recording the number of mismatches; if the number of mismatches of both parts is less than sa(n/2), Bob receives the signed message and proceeds to step (9), otherwise rejects the signed message and terminates the signature. saIs a set safety threshold which causes the maximum bit error rate under the condition that the deflection angle is 45 DEG
Figure BDA0003575839810000054
And minimum bit error rate p introduced by eavesdroppereIn connection with this, the present invention is,
Figure BDA0003575839810000055
wherein
Figure BDA0003575839810000056
Is the upper bound of the bit error rate estimated using the Serfling inequality.
(9) Bob will receive the signed message (m, Sig) from Alicem) And sending the information to Charlie.
(10) Charlie will receive
Figure BDA0003575839810000057
Symmetric key held with itself
Figure BDA0003575839810000058
Comparing the corresponding positions respectively, and recording the number of mismatches; if the number of mismatches of both parts is less than sv(n/2), Charlie receives the signature message, otherwise rejects the signature message and terminates the signature. Wherein s isvIs a set safety threshold which is set by the user,
Figure BDA0003575839810000059
(11) the security parameters of the given protocol are respectively:
P(robust)≤2∈PE
P(forge)≤a+∈F+8∈PE
Figure BDA00035758398100000510
where P (robust) is the robustness probability, ∈PEIs the failure probability of the error rate between Alice-Bob and Alice-Charlie estimated by the Serfling inequality; p (forge) represents the probability of forgery, i.e., the probability of forged Alice signature being received by Bob and Charlie at the same time, a is a preset constant probability, and belongs toFThat Bob found an error rate less than svA parameter related to the probability of (d); p(repudiation) denotes the probability of repudiation, i.e. the probability that Alice's signature is received by Bob but rejected by Charlie.
Further, in the presence of an eavesdropper Eve, the minimum entropy in the quantum Key Generation Process (KGP)
Figure BDA00035758398100000511
Comprises the following steps:
Figure BDA0003575839810000061
wherein
Figure BDA0003575839810000062
Is a binary shannon function and satisfies H (x) -xlog2(x)-(1-x)log2(1-x), ε is the probability of failure for parameter estimation, Z denotes the Z-base, E denotes the eavesdropper Eve,
Figure BDA0003575839810000063
lower bound of the single photon response count representing the Z radical, IERepresenting the amount of information that Eve steals.
Further, in the case of an eavesdropper Eve, the minimum bit error rate p caused by Eve stealing informationeSatisfies the following conditions:
Figure BDA0003575839810000064
H(x)=-xlog2(x)-(1-x)log2(1-x)。
the invention has the beneficial effects that: compared with a general quantum number signature scheme, the quantum key distribution method which is irrelevant to the reference system is adopted in the key generation stage, the reference systems of both communication parties do not need to be calibrated, unnecessary communication cost loss is reduced, and the technical difficulty is reduced. For worst case deflection angle
Figure BDA0003575839810000065
Then, the signature performance is studied using the optimized parameters. Simulation results prove that the reference frame independent quantum digital signature can deal with the worst reference frame deflection angle situationWhile obtaining reasonably good performance, this clearly demonstrates the possibility that a reference deflection with free drift can be used in a quantum digital signature.
Description of the drawings:
FIG. 1 is a schematic diagram of a reference frame independent quantum digital signature of the method of the present invention.
FIG. 2 is a comparison graph of the simulation of the signature rate of BB84 quantum digital signatures at no deflection angle (0) and at worst deflection angle (45) for the method of the present invention at no deflection angle (0) and at worst deflection angle (45).
Detailed Description
The technical solution of the present invention is further described in detail below with reference to the accompanying drawings.
The invention relates to a reference system independent quantum digital signature method, which specifically comprises a key distribution stage and a message stage.
And a key distribution stage: the sender is Alice, and the receivers are Bob and Charlie.
(1) The sender randomly selects the base Z by a reference frame independent quantum key distribution protocolAGroup XARadical YAPreparing a sending state, the receiver randomly selecting a base ZB(C)Group XB(C)Radical YB(C)And measuring the received state projection.
(2) Alice sends N pulses and randomly selects BB84 state and decoy state preparation, and sends to Bob or Charlie.
(3) Receiver Bob and Charlie randomly select X, Y, Z-based projection measurements and publish the measurement results.
(4) Alice and Bob or Charlie perform base pairing through a public channel, and retain the result of Z base matching as the original key.
(5) And Alice and Bob or Charlie randomly select a part of bits k from the original pulse number N for estimating the error code during channel transmission, and if the error code is too large, the protocol is terminated. Defining the space between Alice and Bob, and the rest n bits after Bob selects part of bits are
Figure BDA0003575839810000071
Alice selects part of the bits and then the remaining n bits are
Figure BDA0003575839810000072
Defining the space between Alice and Charlie, wherein the rest n bits after Alice selects partial bits are
Figure BDA0003575839810000073
Charlie selects partial bits and then the remaining n bits are
Figure BDA0003575839810000074
(6) Bob divides the rest n bits of the key into two parts with equal length as the key, and the two parts are respectively recorded as
Figure BDA0003575839810000075
And
Figure BDA0003575839810000076
and will be
Figure BDA0003575839810000077
Sending the information to Charlie through a safe classical channel; in the same way, Charlie divides the rest n bits as keys into two parts with equal length, and respectively records the two parts as the keys
Figure BDA0003575839810000078
And
Figure BDA0003575839810000079
and will be
Figure BDA00035758398100000710
Sent to Bob over a secure classical channel; after exchange Bob holds a key of
Figure BDA00035758398100000711
Charlie holds a key of
Figure BDA00035758398100000712
And a message phase: message m and signature to be signed by sender Alice
Figure BDA00035758398100000713
Sent to Bob and Charlie.
(7) Alice signs and messages (m, Sig)m) Sent to the receiver Bob, SigmRepresents a signature on a message m, wherein
Figure BDA00035758398100000714
(8) Bob will
Figure BDA00035758398100000715
And itself
Figure BDA00035758398100000716
Comparing the corresponding positions respectively, and recording the number of mismatches; if the number of mismatches of both parts is less than sa(n/2), Bob receives the signed message and proceeds to step (9), otherwise rejects the signed message and terminates the signature. s isaIs a set safety threshold which, together with the worst case, results in a maximum bit error rate
Figure BDA00035758398100000717
And minimum bit error rate p introduced by eavesdroppereIt is relevant.
(9) Bob will receive the signed message (m, Sig) from Alicem) And sending the information to Charlie.
(10) Charlie will receive
Figure BDA00035758398100000718
And itself
Figure BDA00035758398100000719
Comparing the corresponding positions respectively, and recording the number of mismatches; if the number of mismatches of both parts is less than sv(n/2), Charlie receives the signature message, otherwise rejects the signature message and terminates the signature.
In the key generation phase, assuming that the number of transmission pulses of a sender is N, a receiver uses two single photon detectors, and the probability of an effective response event under the condition of j-photons is as follows:
Figure BDA0003575839810000081
where d is the dark count rate.
The gain in the vacuum state is defined as: qw2d (1-d); quantum bit error rate:
Figure BDA0003575839810000082
note the book
Figure BDA0003575839810000083
In the signal state or the decoy state, the transmission base is
Figure BDA0003575839810000084
The measurement base is
Figure BDA0003575839810000085
Probability of time (others)
Figure BDA0003575839810000086
As such),
Figure BDA0003575839810000087
can be described as:
Figure BDA0003575839810000088
wherein
Figure BDA0003575839810000089
It is shown that the poisson distribution,
Figure BDA00035758398100000810
definition of
Figure BDA00035758398100000811
In the signal state (decoy state), the transmission basis is xiAThe measurement base is xiB(C)The gain of (a) is obtained,
Figure BDA00035758398100000812
for the qubit error rate, there are:
Figure BDA00035758398100000813
Figure BDA00035758398100000819
Figure BDA00035758398100000814
Figure BDA00035758398100000815
wherein lambda belongs to (u, v) and xiAξB(C)∈{ZAZB(C),XAXB(C),XAYB(C),YAXB(C),YAYB(C)}; total transmission of single photon signal of
Figure BDA00035758398100000816
ηdFor detection efficiency, α represents loss rate, S represents transmission distance, edIs the background error code.
Using gain
Figure BDA00035758398100000817
And a quantum bit error rate
Figure BDA00035758398100000818
The number of pulses and the number of bit errors under the corresponding basis can be calculated.
The number of pulses when the transmission base is Z base and the measurement base is also Z base is as follows:
Figure BDA0003575839810000091
wherein
Figure BDA0003575839810000092
Pu,Pv,PwRespectively representing the probability of selecting the Z base by the sender Alice, the probability of selecting the Z base by the receiver Bob (Charlie), the probability of selecting a signal state, the probability of selecting a decoy state and the probability of selecting a vacuum state by optimizing parameters, wherein Pw=1-Pu-Pv
Figure BDA0003575839810000093
Respectively representing the gains of signal state, decoy state and vacuum state under the corresponding Z base,
Figure BDA0003575839810000094
indicates the total number of pulses corresponding to the Z base, and
Figure BDA0003575839810000095
the pulse numbers of the signal state, the decoy state and the vacuum state under the corresponding Z base are shown. In the same way, X can also be obtainedAXB(C),XAYB(C),YAXB(C),YAYB(C)The number of pulses below.
Correspondingly, the number of bit errors when the transmission base is the Z base and the measurement base is also the Z base is
Figure BDA0003575839810000096
Wherein
Figure BDA0003575839810000097
Pu,Pv,PwRespectively representing the probability of selecting the Z base by the sender Alice, the probability of selecting the Z base by the receiver Bob (Charlie), the probability of selecting a signal state, the probability of selecting a decoy state and the probability of selecting a vacuum state for optimizing parameters, whereinPw=1-Pu-Pv
Figure BDA0003575839810000098
Respectively representing the gains of signal state, decoy state and vacuum state under the corresponding Z base,
Figure BDA0003575839810000099
respectively representing the quantum bit error rate under the corresponding Z-base signal state, the decoy state and the vacuum state.
Figure BDA00035758398100000910
Represents the total error number under the corresponding Z base,
Figure BDA00035758398100000911
respectively representing the number of error codes in a signal state, a decoy state and a vacuum state under the Z base. In the same way, X can also be obtainedAXB(C),XAYB(C),YAXB(C),YAYB(C)The number of error codes.
By using the Hough inequality, the upper and lower bounds of the pulse number and the error code number under the corresponding basis can be obtained, and for ZAZBBase:
Figure BDA0003575839810000101
where k is within the range of (u, v, w) and is within the range ofPEIs a security parameter of the system.
The vacuum state count and single photon state count at the corresponding basis can then be calculated. For ZAZBFor the basis, the vacuum state count is:
Figure BDA0003575839810000102
the single photon state counts were:
Figure BDA0003575839810000103
wherein
Figure BDA0003575839810000104
τnRepresenting the probability of preparing an n-photon state; by the same token, X can be calculatedAXB(C),XAYB(C),YAXB(C),YAYB(C)Vacuum state counting and single photon state counting.
And then calculating the single photon error rate under the corresponding basis. For ZAZBBasically, the single photon phase error rate is:
Figure BDA0003575839810000105
Figure BDA0003575839810000106
by the same token, X can be calculatedAXB(C),XAYB(C),YAXB(C),YAYB(C)The maximum upper bound of the lower single photon error rate.
Definition IEAmount of information obtained by eavesdropping for an eavesdropper:
Figure BDA0003575839810000107
Figure BDA0003575839810000108
Figure BDA0003575839810000109
Figure BDA0003575839810000111
wherein
Figure BDA0003575839810000112
Is xiAξB(C)The maximum upper bound of the fundamental single-photon error rate,
Figure BDA0003575839810000113
and
Figure BDA0003575839810000114
is a parameter, CEStatistics on the information are obtained for the eavesdropper. H is a binary Shannon entropy function and satisfies H (x) -xlog2(x)-(1-x)log2(1-x)。
For a reference system independent quantum digital signature, the minimum entropy in the KGP process exists when an eavesdropper Eve exists
Figure BDA0003575839810000115
And can determine the minimum rate P at which errors are introduced in the KGP process in the presence of an eavesdropper EveeThe value of (c):
Figure BDA0003575839810000116
where n is the length to be signed.
In the send phase, Alice signs the message and the signature (m, Sig)m) Sent to receivers Bob and Charlie, SigmRepresents a signature on a message m, wherein
Figure BDA0003575839810000117
Transmitted by Bob from Alice
Figure BDA0003575839810000118
And itself
Figure BDA0003575839810000119
Comparing the corresponding positions respectively, and recording the number of mismatches; if the number of mismatches of both parts is less than sa(n/2) Then Bob receives the signed message and will receive the signed message (m, Sig) from Alicem) Sending to Charlie, otherwise rejecting signature message and terminating signature. Charlie will receive
Figure BDA00035758398100001110
And itself
Figure BDA00035758398100001111
Comparing the corresponding positions respectively, and recording the number of mismatches; if the number of mismatches of both parts is less than sv(n/2), Bob receives the signed message, otherwise rejects the signed message and terminates the signature. s isa、svIs a set safety threshold which causes the maximum bit error rate with the worst case (deflection angle of 45 DEG)
Figure BDA00035758398100001112
And minimum bit error rate p introduced by eavesdroppereIt is related.
Figure BDA00035758398100001113
Wherein
Figure BDA00035758398100001114
The upper bound of the bit error rate is estimated by using a Serfling inequality (n is the length to be signed, and k is the bit error rate part bit used for estimating channel transmission):
Figure BDA0003575839810000121
Figure BDA0003575839810000122
Figure BDA0003575839810000123
aiming at the security analysis of a reference system independent quantum digital signature, the scheme of the invention comprehensively considers the robustness probability, the forgery probability and the repudiation probability. The robustness probability is the failure probability of the protocol when the system normally operates, and meets the following conditions:
P(robust)≤2∈PE, (22)
wherein ePEIs to estimate the failure probability of the error rate between Alice-Bob and Alice-Charlie using the Serfling inequality. The denial probability is a measure of the probability that Alice's signature is accepted by Bob but rejected by Charlie, which satisfies:
Figure BDA0003575839810000124
the forgery probability is a measure of the probability that the signature of forged Alice can be accepted by Bob and Charlie at the same time, and satisfies the following conditions:
P(forge)≤a+∈F+8∈PE, (24)
a is a preset constant probability and belongs toFThat Bob found an error rate less than svThe relevant parameter of the probability of (a) is,
Figure BDA0003575839810000125
wherein
Figure BDA0003575839810000126
Is the phase error rate of X base under single photon pulse.
In summary, the security of the protocol needs to satisfy:
ε≥P(robust)=P(repudiation)=P(forge)。 (26)
in order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings in combination with the specific simulation results.
The system parameters used in the simulation of the scheme of the invention are shown in table 1: alpha is the loss coefficient of the quantum channel; e.g. of the typedThe background bit error rate of the optical system; pdcIs the dark count rate; etadIs the detection effect of the detectorRate; e is aPEIs the probability of failure of the error rate estimation. In addition, under the given security level, the signature rate is optimized in full parameters, the optimized parameters comprise signal state and deceptive state strength { u, v }, and the probability { P) of selecting the signal state and the deceptive stateu,Pv}, probability of Alice selecting the Z basis
Figure BDA0003575839810000131
Probability of Bob (Charlie) selecting Z base
Figure BDA0003575839810000132
Fig. 1 shows the principle architecture of the present solution, which applies reference frame independent key distribution to quantum digital signatures.
FIG. 2 shows that the initial pulse number is N-106Safety is 10-5The signature rate of the reference-system-independent quantum digital signature (RFI-QDS) and BB84 quantum digital signature (BB84-QDS) at deflection angles of 0 DEG and 45 DEG, respectively, are plotted in comparison. For fair comparison, the parameters in table 1 are also used for the signature rate of BB84 quantum digital signature in simulation. It can be seen from the figures that for both protocols, the signature rate is higher for a 0 ° yaw angle than for a worst 45 ° yaw angle, but RFI-QDS is less affected by the yaw angle. For RFI-QDS, with a larger deflection angle, a higher signature rate can still be maintained, and the performance is better than BB84 quantum digital signature protocol under the same deflection angle.
TABLE 1
α ed Pdc ηd PE
0.2dB/km 0.015 3.0×10-6 14.5% 10-5
The above description is only a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above embodiment, but equivalent modifications or changes made by those skilled in the art according to the present disclosure should be included in the scope of the present invention as set forth in the appended claims.

Claims (3)

1. A reference system independent quantum digital signature method is applied to a quantum digital signature transmission system, the quantum digital signature system comprises a user end Alice, Bob and Charlie, and is characterized by comprising a key distribution stage and a message stage;
in the key distribution stage, Alice serves as a sender and sends N pulses, and Bob and Charlie serve as receivers, and the specific steps are as follows:
(1) in the key generation process, according to a quantum key distribution protocol independent of a reference system, a sender Alice random selection base Z is definedA,XA,YATo prepare a send state; receiver random selection base ZB(C),XB(C),YB(C)To measure the received states, where β represents the deflection angle and varies over time:
ZB(C)=ZA
XB(C)=cosβXA+sinβYA
YB(C)=cosβYA-sinβXA
wherein each of the Z, X and Y groups has two states, one being a positive state, using Z0,X0,Y0One is negative state, represented by Z1,X1,Y1To represent; in the case of Alice, the code may,
Figure FDA0003575839800000011
Figure FDA0003575839800000012
Figure FDA0003575839800000013
(2) a sender Alice randomly prepares BB84 state and decoy state sequences, signs a single-bit message m to be sent, and sends the single-bit message m to Bob or Charlie; the probability of effective response event under the condition of j-photon transmission is that two single photon detectors exist at the receiving end
Figure FDA0003575839800000014
Wherein d represents a dark count rate;
(3) then Bob and Charlie randomly select X base, Z base or Y base to carry out projection measurement and publish the measurement result; for weak coherent state, when the signal state intensity u or decoy state intensity v is lambda, the sending base is xiAThe measurement base is xiB(C)Gain of time is
Figure FDA0003575839800000015
QBER is
Figure FDA0003575839800000016
Wherein QBER is the quantum bit error rate, and is obtained by the following formula:
Figure FDA0003575839800000021
Figure FDA0003575839800000022
Figure FDA0003575839800000023
Figure FDA0003575839800000024
Figure FDA0003575839800000025
Figure FDA0003575839800000026
Figure FDA0003575839800000027
wherein lambda belongs to (u, v) and xiAξB(C)∈{ZAZB(C),XAXB(C),XAYB(C),YAXB(C),YAYB(C)};
Figure FDA0003575839800000028
Indicating that the sending end sends under the condition of the strength of lambda
Figure FDA0003575839800000029
For receiving end
Figure FDA00035758398000000210
Probability of measurement, others
Figure FDA00035758398000000211
Figure FDA00035758398000000212
The same process is carried out;
Figure FDA00035758398000000213
representing a poisson distribution; eta represents the total transmittance of single photon signals, etadFor detection efficiency, α represents the loss rate, S is the transmission distance, edA background error code;
(4) alice and Bob or Charlie carry out base pairing through a public channel, and a Z base matching result is reserved as an original key, and an X base and a Y base are used for estimating the information content of an eavesdropper;
definition IEAmount of information acquired by eavesdropping for the eavesdropper:
Figure FDA00035758398000000214
Figure FDA00035758398000000215
Figure FDA00035758398000000216
Figure FDA00035758398000000217
wherein
Figure FDA00035758398000000218
Is xiAξB(C)The maximum upper bound of the fundamental single-photon error rate,
Figure FDA0003575839800000031
and
Figure FDA0003575839800000032
as an intermediate parameter, CEObtaining relevant information statistics for the eavesdropper; h is a binary Shannon entropy function and satisfies H (x) -xlog2(x)-(1-x)log2(1-x);
(5) Randomly selecting a part of bits k from the original pulse number N by Alice and Bob or Charlie for estimating the error code during channel transmission, and terminating the protocol if the error code is larger than a certain value;
defining the space between Alice and Bob, and the rest n bits after Bob selects part of bits are
Figure FDA0003575839800000033
Alice selects a part of bits and then the remaining n bits are
Figure FDA0003575839800000034
Defining the bit length between Alice and Charlie, and the remaining n bits after Alice selects part of bits are
Figure FDA0003575839800000035
Charlie selects n bits left after partial bits are selected as
Figure FDA0003575839800000036
(6) Bob divides the rest n bits of the key into two parts with equal length as the key, and the two parts are respectively recorded as
Figure FDA0003575839800000037
And
Figure FDA0003575839800000038
and will be
Figure FDA0003575839800000039
By passingSending the safe classical channel to Charlie; in the same way, Charlie divides the rest n bits as keys into two parts with equal length, and respectively records the two parts as the keys
Figure FDA00035758398000000310
And
Figure FDA00035758398000000311
and will be
Figure FDA00035758398000000312
Sent to Bob over a secure classical channel;
after the exchange, Bob holds a symmetric key of
Figure FDA00035758398000000313
Charlie holds a symmetric key of
Figure FDA00035758398000000314
In the message phase, a message m to be signed and a signature are signed by a sender Alice
Figure FDA00035758398000000315
Figure FDA00035758398000000316
Sending to Bob and Charlie; the message phase includes:
(7) alice signs and messages (m, Sig)m) Sent to the receiver Bob, SigmRepresents a signature on a message m, wherein
Figure FDA00035758398000000317
(8) Bob will sign
Figure FDA00035758398000000318
Symmetric key held with itself
Figure FDA00035758398000000319
Comparing the corresponding positions respectively, and recording the number of mismatching; if the number of mismatches of both parts is less than sa(n/2), Bob receives the signed message and performs step (9), otherwise, refuses to sign the message and terminates the signature; saIs a set safety threshold which causes the maximum bit error rate under the condition that the deflection angle is 45 degrees
Figure FDA00035758398000000320
And minimum bit error rate p introduced by eavesdropperseIn connection with this, the present invention is,
Figure FDA00035758398000000321
wherein
Figure FDA0003575839800000041
Is the upper bound of the bit error rate estimated by the Serfling inequality;
(9) bob will receive the signed message (m, Sig) from Alicem) Sending the information to Charlie;
(10) charlie will sign
Figure FDA0003575839800000042
Symmetric key held with itself
Figure FDA0003575839800000043
Comparing the corresponding positions respectively, and recording the number of mismatching; if the number of mismatches of both parts is less than sv(n/2), receiving the signature message by Charlie, otherwise rejecting the signature message and terminating the signature; wherein s isvIs a set safety margin that is set for,
Figure FDA0003575839800000044
(11) the security parameters of the given protocol are:
P(robust)≤2∈PE
P(forge)≤a+∈F+8∈PE
Figure FDA0003575839800000045
where P (robust) is the robustness probability, ∈PEIs the failure probability of the error rate between Alice-Bob and Alice-Charlie estimated by the Serfling inequality; p (forge) represents the probability of forgery, i.e., the probability of forged Alice signature being received by Bob and Charlie at the same time, a is a preset constant probability, and belongs toFThat Bob found an error rate less than svA parameter related to the probability of (d); p (repudiation) represents the probability of repudiation, i.e., the probability that Alice's signature is received by Bob but rejected by Charlie.
2. A reference frame independent quantum digital signature method as claimed in claim 1 wherein the minimum entropy in KGP process in the presence of eavesdropper Eve
Figure FDA0003575839800000046
Comprises the following steps:
Figure FDA0003575839800000047
wherein the KGP process is a quantum key generation process,
Figure FDA0003575839800000048
is a binary shannon function and satisfies H (x) -xlog2(x)-(1-x)log2(1-x), ε is the probability of failure for parameter estimation, Z denotes the Z-base, E denotes the eavesdropper Eve,
Figure FDA0003575839800000049
lower bound of the single photon response count representing the Z radical, IERepresenting the amount of information that Eve steals.
3. The reference frame independent quantum digital signature method as claimed in claim 2, wherein in the presence of an eavesdropper Eve, Eve steals information resulting in a minimum bit error rate peSatisfies the following conditions:
Figure FDA0003575839800000051
h satisfies H (x) ═ xlog2(x)-(1-x)log2(1-x)。
CN202210344383.9A 2022-03-31 2022-03-31 Reference system independent quantum digital signature method Active CN114745129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210344383.9A CN114745129B (en) 2022-03-31 2022-03-31 Reference system independent quantum digital signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210344383.9A CN114745129B (en) 2022-03-31 2022-03-31 Reference system independent quantum digital signature method

Publications (2)

Publication Number Publication Date
CN114745129A true CN114745129A (en) 2022-07-12
CN114745129B CN114745129B (en) 2023-09-26

Family

ID=82278451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210344383.9A Active CN114745129B (en) 2022-03-31 2022-03-31 Reference system independent quantum digital signature method

Country Status (1)

Country Link
CN (1) CN114745129B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115361118A (en) * 2022-08-03 2022-11-18 国网福建省电力有限公司 Loss tolerant reference frame and measuring device independent quantum key distribution method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039604A (en) * 2018-08-07 2018-12-18 南京邮电大学 A kind of passive type trick state Quantum Digital Signature Research method
AU2020100261A4 (en) * 2020-01-10 2020-03-26 Chengdu University Of Information Technology The quantum secret information direct communication method with mutual authentication
CN111541544A (en) * 2020-03-20 2020-08-14 南京邮电大学 Quantum digital signature method based on double-field protocol
CN111865599A (en) * 2020-02-15 2020-10-30 南京邮电大学 Single-decoy-state quantum digital signature method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039604A (en) * 2018-08-07 2018-12-18 南京邮电大学 A kind of passive type trick state Quantum Digital Signature Research method
AU2020100261A4 (en) * 2020-01-10 2020-03-26 Chengdu University Of Information Technology The quantum secret information direct communication method with mutual authentication
CN111865599A (en) * 2020-02-15 2020-10-30 南京邮电大学 Single-decoy-state quantum digital signature method
CN111541544A (en) * 2020-03-20 2020-08-14 南京邮电大学 Quantum digital signature method based on double-field protocol

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CHUNMEI ZHANG, ET AL.: "Practical reference-frame-independent quantum key distribution systems against the worst relative rotation of reference frames", JOURNAL OF PHYSICS COMMUNICATIONS *
施荣华;冯艳艳;石金晶;: "基于正则图上量子游走的仲裁量子签名方案", 电子与信息学报, no. 01 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115361118A (en) * 2022-08-03 2022-11-18 国网福建省电力有限公司 Loss tolerant reference frame and measuring device independent quantum key distribution method

Also Published As

Publication number Publication date
CN114745129B (en) 2023-09-26

Similar Documents

Publication Publication Date Title
Amiri et al. Secure quantum signatures using insecure quantum channels
Croal et al. Free-space quantum signatures using heterodyne measurements
JP4862159B2 (en) Quantum key distribution method, communication system, and communication apparatus
CN111541544B (en) Quantum digital signature method based on double-field protocol
CN111447056B (en) Configurable decoy state quantum digital signature method
CN113300762B (en) Passive light source monitoring method suitable for double-field protocol
CN111200493B (en) Post-processing system and method for phase polarization joint modulation QKD
Niemiec et al. Management of security in quantum cryptography
CN111865599B (en) Single-decoy-state quantum digital signature method
CN110086614B (en) Quantum digital signature method using marked single photon source
Cederlof et al. Security aspects of the authentication used in quantum cryptography
CN110086599B (en) Hash calculation method and signcryption method based on homomorphic chameleon Hash function
CN110493010A (en) Mailing system and receiving/transmission method based on Quantum Digital Signature Research
Niemiec et al. The measure of security in quantum cryptography
CN114745129B (en) Reference system independent quantum digital signature method
Cerf et al. Cloning and cryptography with quantum continuous variables
CN115834046A (en) Reference system independent quantum key distribution method with light source monitoring function
Bratzik et al. Min-entropy and quantum key distribution: Nonzero key rates for “small” numbers of signals
CN115001704B (en) Four-intensity decoy state quantum digital signature method
CN115643024A (en) Loss tolerance reference system independent quantum digital signature method
Sych et al. Critical error rate of quantum-key-distribution protocols versus the size and dimensionality of the quantum alphabet
CN115276988B (en) Four-strength measuring equipment independent key distribution method
CN114531227B (en) Compression-state-based wide signal-to-noise ratio continuous variable QKD data coordination method and system
CN115021941A (en) Quantum digital signature method with state preparation error tolerance function
CN109039477B (en) Fault-tolerant quantum conversation method based on decoherence-free subspace

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant