CN114745129B - Reference system independent quantum digital signature method - Google Patents

Reference system independent quantum digital signature method Download PDF

Info

Publication number
CN114745129B
CN114745129B CN202210344383.9A CN202210344383A CN114745129B CN 114745129 B CN114745129 B CN 114745129B CN 202210344383 A CN202210344383 A CN 202210344383A CN 114745129 B CN114745129 B CN 114745129B
Authority
CN
China
Prior art keywords
bob
charlie
alice
message
probability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210344383.9A
Other languages
Chinese (zh)
Other versions
CN114745129A (en
Inventor
姬亮
张春辉
王琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN202210344383.9A priority Critical patent/CN114745129B/en
Publication of CN114745129A publication Critical patent/CN114745129A/en
Application granted granted Critical
Publication of CN114745129B publication Critical patent/CN114745129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

The invention provides a reference system independent quantum digital signature method which is applied to a quantum signature system. The quantum digital signature system comprises a user side Alice, bob, charlie and three parties, wherein Alice belongs to a signer, and Bob and Charlie belong to signers. The method comprises a key distribution stage and a message stage, wherein a key is generated by utilizing a reference system independent quantum key distribution protocol in the key distribution stage, and then quantum digital signature is completed by using the key generated by the process in the message stage. Under the condition that a larger deflection angle exists between user reference systems, the protocol can still keep a higher signature rate, and the performance of the protocol is superior to that of the existing BB84 quantum digital signature protocol.

Description

Reference system independent quantum digital signature method
Technical Field
The invention belongs to the field of quantum digital signature in quantum communication, and particularly relates to a reference system independent quantum digital signature method.
Background
Digital signatures are an important cryptographic protocol and are widely used in modern telecommunications, such as in the context of distributing mail and electronic finance. Most classical digital signatures, such as RSA, DSA (Digital Signature Algorithm) and ECDSA (Elliptic Curve Digital Signature Algorithm), rely on computational complexity for their security. Unfortunately, with the advent of quantum computing, classical digital signatures are threatened. Under the quantum computing age, secure digital signatures are urgently needed. Compared with classical digital signatures, quantum digital signatures (Quantum Digital Signature, QDS) are based on quantum mechanics theory, which can guarantee the security of communication at the information theory level. The first quantum protocol was proposed by both d.gottesman and i.chuang. In this protocol, it is desirable to meet long-term quantum storage and non-destructive state alignment techniques and quantum channels where eavesdropping is not present. These requirements are difficult to achieve experimentally. After this protocol, a number of quantum digital signature protocols were proposed and experimentally implemented. The quantum digital signature protocol proposed by r.amiri et al, in which a secure quantum channel is not required, allows for the presence of third party eavesdropping on the quantum channel. In this protocol, the sender and receiver prepare keys during KGP. However, during quantum key distribution, the reference systems of both parties communicating need to be calibrated consistently. They need to be polarization-consistent or interferometrically stable, which requires a lot of resources, for example, it is impractical to implement a common polarization reference system in terrestrial and satellite quantum communications.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a reference system independent quantum digital signature method which is applied to a quantum digital signature system, wherein a reference system independent quantum key distribution method is adopted in a key generation stage, so that reference systems of two communication parties are not required to be calibrated, unnecessary communication cost loss is reduced, and technical difficulty is reduced.
The technical scheme adopted by the invention for solving the technical problems is that a Reference system independent quantum digital signature method (Reference-Frame-Independent Quantum Digital Signature) is adopted, and in the quantum key distribution process, two communication parties are respectively a sender and a receiver. The sender and the receiver randomly select from the Z base, the X base and the Y base to carry out projection measurement, and publish the measurement result. Assuming that the total number of pulses transmitted by the transmitter is N, gain is obtained according to the reference system independent protocolBit error rate +.>The number of pulses and the number of errors under different bases can be obtained. And then, through parameter estimation, vacuum state and single photon response count under different bases can be obtained, and meanwhile, single photon error rate under different bases can be calculated. Since Eve eavesdrops under the reference-system-independent protocol with I E Measurement, therefore, minimum entropy for reference-frame-independent quantum digital signature protocol +.>The method comprises the following steps:
the method includes a send phase and a message phase. Wherein Alice is the sender and Bob/Charlie is the receiver. In the key distribution stage, alice and Bob, alice and Charlie generate bit strings according to a key generation protocol. Wherein Alice sends quantum states to Bob and Charlie, respectively, and Bob (Charlie) quantum states are subjected to projection measurement. In the message phase, sender Alice sends a message to be signed and a signature to Bob and Charlie. Bob and Charlie match the signature with their own keys and determine whether to receive the signature and message based on whether the corresponding threshold condition is met.
The method is applied to a quantum digital signature (Quantum Digital Signature, QDS) transmission system, wherein the QDS transmission system comprises a user end Alice, bob, charlie; the method comprises a key distribution stage and a message stage;
in the key distribution stage, alice serves as a sender, sends N pulses, and Bob and Charlie serve as receivers, and the specific steps are as follows:
(1) In the key generation process, for a quantum key distribution protocol irrelevant to a reference system, a sender Alice random selection base Z is defined A Radical X A Radical Y A To prepare a transmit state; receiver random selection base Z B(C) Radical X B(C) Radical Y B(C) To measure the received state, where β represents the deflection angle and varies with time.
Z B(C) =Z A
X B(C) =cosβX A +sinβY A
Y B(C) =cosβY A -sinβX A
Wherein each of the Z group, the X group and the Y group has two states, one is in a positive state, Z is used 0 ,X 0 ,Y 0 Expressed, one is in the negative state, with Z 1 ,X 1 ,Y 1 To represent. For Alice,
(2) The sender Alice randomly prepares BB 84-state and decoy-state sequences for signing the single-bit message m to be sent, and sends to Bob or Charlie. Since there are two single photon detectors at the receiving end, the probability of an effective response event in the case of j-photon transmission isWhere d represents the dark count rate.
(3) Bob and Charlie then randomly select either the X-group or the Z-group or the Y-group for projection measurements and publish the measurement results. For weak coherent state, when the signal state intensity u or the decoy state intensity v is lambda, the transmitting base is zeta A The measurement base is xi B(C) The gain at the time isQBER is +.>The following equation is used to derive:
wherein lambda is E (u, v), xi A ξ B(C) ∈{Z A Z B(C) ,X A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) };Indicating that the sender sends +.>Receiver use->Probability of measurement (other-> And the same is true;represents poisson distribution, eta represents the total transmittance of a single photon signal, eta d For detection efficiency, α represents loss rate, S represents transmission distance,e d Is the background error code.
(4) Alice and Bob or Charlie perform pairing through a public channel, and keep the result of Z-base matching as an original key, and X-base and Y-base are used to estimate the information amount of an eavesdropper.
Definition I E Information amount acquired by eavesdropping for eavesdroppers:
wherein the method comprises the steps ofIs xi A ξ B(C) Maximum upper bound of single photon error rate is based on +.>And->As an intermediate parameter, C E Relevant information statistics acquired by the eavesdropper. H is a binary shannon entropy function, satisfying H (x) = -xlog 2 (x)-(1-x)log 2 (1-x)。
(5) Alice and Bob or Charlie randomly select a portion of bits k from the original number of pulses N for estimating the error during channel transmission, and if the error is too large, terminate the protocol. Defining between Alice and Bob, and selecting part of bits by Bob to obtain the remaining n bits asAlice selects a part of bits and then the remaining n bits are +.>Defining that between Alice and Charlie, the remaining n bits after Alice selects part of the bits are +.>The remaining n bits after Charlie selects part of the bits are +.>
(6) Bob divides the remaining n bits of the key into two equal-length parts, which are respectively marked asAndand will->Transmitting the message to Charlie through a secure classical channel; the same Charlie divides the remaining n bits of the user as a key into two equal-length parts which are respectively marked as +.>And->And will->Transmitting to Bob via a secure channel; bob holds a symmetric key of +.>The symmetric key held by Charlie is +.>
In the message phase, the message m and signature to be signed by sender AliceTo Bob and Charlie. The message phase comprises the steps of:
(7) Alice signs and signs messages (m, sig m ) To the receiver Bob, sig m Representing a signature of a message m, wherein
(8) Signature sent by Bob to AliceWith its own held symmetric keyRespectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s a (n/2), bob receives the signed message and proceeds to step (9), otherwise, refuses to sign the message and terminates the signature. s is(s) a Is a set safety threshold which gives a maximum error rate +.>Minimum error rate p introduced by eavesdropper e Related to (I)>Wherein->Is the upper bound of bit error rate estimated by the Serfling inequality.
(9) Bob signs a signed message (m, sig) received from Alice m ) To Charlie.
(10) Charlie will receiveWith its own held symmetric keyRespectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s v (n/2), charlie receives the signed message, otherwise refuses to sign the message and terminates the signature. Wherein s is v Is a set safety threshold,/>
(11) The security parameters of a given protocol are respectively:
P(robust)≤2∈ PE
P(forge)≤a+∈ F +8∈ PE
where P (robust) is the robustness probability, ε PE The failure probability of error rate between Alice-Bob and Alice-Charlie estimated by using Serfling inequality; p (for) represents the probability of falsification, i.e. the probability of falsifying Alice signatures received by Bob and Charlie simultaneously, a is a preset constant probability, E F It is Bob that the error rate is less than s v Related parameters of probability of (2); p (repudiation) denotes the probability of repudiation, i.e. the probability that Alice signature is received by Bob but rejected by Charlie.
Further, in the presence of an eavesdropper Eve, the minimum entropy in the quantum Key Generation Process (KGP)The method comprises the following steps:
wherein the method comprises the steps ofAs a binary shannon function, satisfies H (x) = -xlog 2 (x)-(1-x)log 2 (1-x), ε is the failure probability for parameter estimation, Z represents Z-base, E represents eavesdropper Eve,>representing the lower bound of the single photon response count of the Z group, I E Representing the amount of information that Eve steals.
Further, in the presence of an eavesdropper Eve, eve steals information resulting in a minimum bit error rate p e The method meets the following conditions:H(x)=-xlog 2 (x)-(1-x)log 2 (1-x)。
the beneficial effects of the invention are as follows: compared with a general quantum number signature scheme, the method adopts a quantum key distribution method irrelevant to a reference system in a key generation stage, and the reference systems of two communication parties do not need to be calibrated, so that unnecessary communication cost loss is reduced, and technical difficulty is reduced. For worst case at deflection angleAt that time, its signature performance was studied using the optimization parameters. Simulation results demonstrate that reference-frame independent quantum digital signatures can cope with worst-case reference-frame deflection angle conditions, resulting in reasonably good performance, which clearly demonstrates the possibility that reference deflection with free drift can be used in quantum digital signatures.
Description of the drawings:
fig. 1 is a schematic diagram of a quantum digital signature independent of the frame of reference of the method of the present invention.
Fig. 2 is a graph of simulated comparison of the signature ratio of the BB84 quantum digital signature without deflection angle (0 °) and worst deflection angle (45 °) for the inventive method.
Detailed Description
The technical scheme of the invention is further described in detail below with reference to the accompanying drawings.
The invention relates to a reference system independent quantum digital signature method, which specifically comprises a key distribution stage and a message stage.
Key distribution phase: the sender is Alice, and the receiver is Bob and Charlie.
(1) Transmitting Fang Suiji the selection base Z by a reference-system-independent quantum key distribution protocol A Radical X A Radical Y A Preparing a transmission state, and randomly selecting a base Z by a receiver B(C) Radical X B(C) Radical Y B(C) And (5) measuring the received state projection.
(2) Alice sends N pulses and randomly selects BB84 state and decoy state preparation, which is sent to Bob or Charlie.
(3) The recipients Bob and Charlie randomly select X, Y, Z-based projection measurements and publish the measurement results.
(4) Alice and Bob or Charlie perform pairing through a public channel, and keep the result of Z-base matching as the original key.
(5) Alice and Bob or Charlie randomly select a portion of bits k from the original number of pulses N for estimating the error during channel transmission, and if the error is too large, terminate the protocol. Defining between Alice and Bob, where Bob selects part of the bits and then uses the remaining n bits asAlice selects part of the bits and the remaining n bits are +.>Defining between Alice and Charlie that the remaining n bits after Alice selects part of the bits are +.>Charlie selects part of bits with the remaining n bits +.>
(6) Bob compares his remaining n-bitsThe special key is divided into two equal-length parts which are respectively marked asAndand will->Transmitting the message to Charlie through a secure classical channel; the same Charlie divides the remaining n bits of the user as a key into two equal-length parts which are respectively marked as +.>And->And will->Transmitting to Bob via a secure classical channel; bob holds a key of +.>The key held by Charlie is
Message phase: message m and signature to be signed by sender AliceTo Bob and Charlie.
(7) Alice signs and signs messages (m, sig m ) To the receiver Bob, sig m Representing a signature of a message m, wherein
(8) Bob willIs->Respectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s a (n/2), bob receives the signed message and proceeds to step (9), otherwise, refuses to sign the message and terminates the signature. s is(s) a Is a set safety threshold which is associated with a worst case maximum error rate +.>Minimum error rate p introduced by eavesdropper e Related to the following.
(9) Bob signs a signed message (m, sig) received from Alice m ) To Charlie.
(10) Charlie will receiveIs->Respectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s v (n/2), charlie receives the signed message, otherwise refuses to sign the message and terminates the signature.
In the key generation phase, assuming that the number of pulses sent by the sender is N, the receiver uses two single photon detectors, and the probability of an effective response event for the j-photon case is:
where d is the dark count rate.
The gain in the vacuum state is defined as: q (Q) w =2d (1-d); quantum bit error rate:
recording deviceIn the signal state or in the decoy state, the transmitting group is +.>The measuring base is->Probability of time (othersIn the same sense),>can be described as:
wherein the method comprises the steps ofRepresenting poisson distribution->
Definition of the definitionIn the signal state (decoy state), the transmitting base is xi A The measurement base is xi B(C) Gain of->For the quantum bit error rate, there are:
wherein lambda is E (u, v), xi A ξ B(C) ∈{Z A Z B(C) ,X A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) -a }; the total transmittance of the single photon signal isη d For detection efficiency, α represents loss rate, S represents transmission distance, e d Is the background error code.
Using gainAnd a quantum bit error rate +.>The number of pulses and the number of bit errors under the corresponding base can be calculated.
The number of pulses when the transmission basis is the Z basis and the measurement basis is also the Z basis is as follows:
wherein the method comprises the steps ofP u ,P v ,P w To optimize the probability that the parameters represent the probability that sender Alice selects Z-base, respectively, the probability that receiver Bob (Charlie) selects Z-base,probability of selecting signal state, probability of selecting decoy state, probability of selecting vacuum state, wherein P w =1-P u -P v 。/>The gain of the corresponding Z-based signal state, decoy state and vacuum state are respectively expressed>Represents the total number of pulses corresponding to Z base, and +.>The number of pulses in the vacuum state corresponds to the signal state, the decoy state, and the Z-based signal state. X can be obtained in the same way A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) The number of pulses below.
Correspondingly, the transmitting base is Z base, and the number of error codes when the measuring base is Z base is
Wherein the method comprises the steps ofP u ,P v ,P w To optimize the probability that the parameters represent the sender Alice's choice of Z base, the probability that the receiver Bob (Charlie) choice of Z base, the probability of choosing signal states, the probability of choosing decoy states, the probability of choosing vacuum states, where P w =1-P u -P v 。/>The gain of the corresponding Z-based signal state, decoy state and vacuum state are respectively expressed>Respectively represent the signal state, the decoy state and the vacuum state under the corresponding Z baseIs a quantum bit error rate of (c). />Representing the total number of errors in the corresponding Z-base, -, etc>The number of errors in the Z-based signal state, the spoofing state and the vacuum state are respectively represented. X can be obtained in the same way A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) The number of errors below.
Using Huo Fuding inequality, the upper and lower bounds on the number of pulses and the number of errors under the corresponding base can be obtained for Z A Z B A base:
where k is E (u, v, w) and E PE Is a security parameter of the system.
The vacuum state count and single photon state count under the corresponding basis may then be calculated. For Z A Z B Basically, the vacuum state counts were:
the single photon state count is:
wherein the method comprises the steps ofτ n Representing the probability of preparing an n-photon state; similarly, X can be calculated A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) Vacuum state count and single photon state count under.
The single photon bit error rate under the corresponding basis can then be calculated. For Z A Z B Basically, the single photon phase error rate is:
similarly, X can be calculated A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) The single photon error rate below is the maximum upper bound.
Definition I E Information amount acquired by eavesdropping for eavesdroppers:
wherein the method comprises the steps ofIs xi A ξ B(C) The maximum upper bound of single photon bit error rate is based,and->As parameters, C E Statistics about the information are obtained for the eavesdropper. H is a binary shannon entropy function, satisfying H (x) = -xlog 2 (x)-(1-x)log 2 (1-x)。
For a reference-system-independent quantum digital signature, the minimum entropy in KGP process in the presence of eavesdropper EveAnd can determine the minimum rate P at which errors are introduced in the KGP process in the presence of eavesdroppers Eve e Is the value of (1):
where n is the length to be signed.
In the send phase Alice signs the message with a signature (m, sig m ) To the receivers Bob and Charlie, sig m Representing a signature of a message m, whereinBob sends Alice +.>And itself by itselfRespectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s a (n/2), bob receives the signed message and sends a signed message (m, sig) received from Alice m ) And sending the message to Charlie, otherwise, refusing to sign the message and terminating the signature. Charlie will receive +.>And itself by itselfRespectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s v (n/2), bob receives the signed message, otherwise refuses to sign the message and terminates the signature. s is(s) a 、s v Is a set safety threshold which causes a maximum error rate with the worst case (deflection angle of 45 DEG)>Minimum error rate p introduced by eavesdropper e Related to the following. />Wherein->The upper bound of the bit error rate estimated by using the Serfling inequality (n is the length to be signed, and k is the bit error rate part used for estimating the channel transmission):
aiming at the security analysis of a reference system independent quantum digital signature, the scheme comprehensively considers the robustness probability, the forging probability and the repudiation probability. The robustness probability is a failure probability for measuring the protocol in normal operation of the system, and meets the following conditions:
P(robust)≤2∈ PE , (22)
wherein E is PE The failure probability of error rate between Alice-Bob and Alice-Charlie is estimated using the serfing inequality. The repudiation probability is a measure of Alice's signature being signedThe probability that Bob accepts but is rejected by Charlie, it satisfies:
the forgery probability is a measure of the probability that a signature that falsifies Alice can be accepted by Bob and Charlie at the same time, and it satisfies:
P(forge)≤a+∈ F +8∈ PE , (24)
a is a preset constant probability, E F It is Bob that the error rate is less than s v Is used to determine the probability of a given parameter,
wherein the method comprises the steps ofIs the phase error rate of the X base under single photon pulse.
In summary, the security of the protocol needs to satisfy:
ε≥P(robust)=P(repudiation)=P(forge)。 (26)
in order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings in conjunction with specific simulation results.
The system parameters used in the simulation of the scheme of the invention are shown in table 1: alpha is the loss coefficient of the quantum channel; e, e d The background error rate of the optical system; p (P) dc Is the dark count rate; η (eta) d The detection efficiency of the detector; e-shaped article PE Failure probability for error rate estimation. In addition, under a given security level, the signature rate is optimized in full parameters, wherein the optimized parameters comprise signal state and decoy state intensities { u, v }, and the probability { P ] of selecting the signal state and the decoy state u ,P v Alice selects the Z-base probability }Probability of Bob (Charlie) selecting Z-base +.>
Fig. 1 illustrates the principle architecture of the present scheme, which is based on the application of reference-independent key distribution to quantum digital signatures.
Fig. 2 shows that the number of pulses is n=10 at the beginning 6 The safety is 10 -5 The reference system independent quantum digital signature (RFI-QDS) and BB84 quantum digital signature (BB 84-QDS) with deflection angles of 0 DEG and 45 DEG respectively are compared with each other. For fair comparison, the parameters in table 1 were used for the signature rate of the BB84 quantum digital signature during simulation. It can be seen from the figure that for both protocols the deflection angle is 0 deg. higher than the worst deflection angle 45 deg. signature rate, but the RFI-QDS is less affected by the deflection angle. For RFI-QDS, in the case of a larger deflection angle, a higher signature rate can still be maintained, and the performance of the digital signature is superior to that of BB84 quantum digital signature protocol under the same deflection angle.
TABLE 1
α e d P dc η d PE
0.2dB/km 0.015 3.0×10 -6 14.5% 10 -5
The above description is merely of preferred embodiments of the present invention, and the scope of the present invention is not limited to the above embodiments, but all equivalent modifications or variations according to the present disclosure will be within the scope of the claims.

Claims (3)

1. The quantum digital signature method independent of the reference system is applied to a quantum digital signature transmission system, and the quantum digital signature system comprises a user side Alice, bob, charlie and is characterized by comprising a key distribution stage and a message stage;
in the key distribution stage, alice serves as a sender, sends N pulses, and Bob and Charlie serve as receivers, and the specific steps are as follows:
(1) In the key generation process, according to a quantum key distribution protocol irrelevant to a reference system, a sender Alice random selection base Z is defined A ,X A ,Y A To prepare a transmit state; receiver random selection base Z B(C) ,X B(C) ,Y B(C) To measure the received state, where β represents the deflection angle and varies with time:
Z B(C) =Z A
X B(C) =cosβX A +sinβY A
Y B(C) =cosβY A -sinβX A
wherein each of the Z group, the X group and the Y group has two states, one is in a positive state, Z is used 0 ,X 0 ,Y 0 Expressed, one is in the negative state, with Z 1 ,X 1 ,Y 1 To represent; for Alice,
(2) The sender Alice randomly prepares BB84 state and decoy state sequences, is used for signing a single-bit message m to be sent, and sends the single-bit message m to Bob or Charlie; the receiving end has two single photon detectors, and the probability of effective response event under the condition of j-photon transmission is thatWherein d represents the dark count rate;
(3) Then Bob and Charlie randomly select X base, Z base or Y base for projection measurement and publish measurement results; for weak coherent state, when the signal state intensity u or the decoy state intensity v is lambda, the transmitting base is zeta A The measurement base is xi B(C) The gain at the time isQBER is +.>Wherein QBER is the quantum bit error rate, and is obtained by the following formula:
wherein lambda is E (u, v), xi A ξ B(C) ∈{Z A Z B(C) ,X A X B(C) ,X A Y B(C) ,Y A X B(C) ,Y A Y B(C) };Indicating that the sender sends +.>For receiving end->Probability of measurement, others-> And the same is done; />Representing poisson distribution; eta represents the total transmittance of the single photon signal, eta d For detection efficiency, α represents loss rate, S is transmission distance, e d Is a background error code;
(4) Alice and Bob or Charlie perform pairing through a public channel, a Z-base matching result is reserved as an original key, and an X-base and a Y-base are used for estimating the information quantity of an eavesdropper;
definition I E Information amount acquired by eavesdropping for eavesdroppers:
wherein the method comprises the steps ofIs xi A ξ B(C) Maximum upper bound of single photon error rate is based on +.>And->As an intermediate parameter, C E Relevant information statistics acquired for the eavesdropper; h is binary shannonEntropy function, satisfying H (x) = -xlog 2 (x)-(1-x)log 2 (1-x);
(5) Alice and Bob or Charlie randomly select part of bits k from the original pulse number N for estimating the error code when the channel is transmitted, and if the error code is larger than a certain value, the protocol is terminated;
defining between Alice and Bob, and selecting part of bits by Bob to obtain the remaining n bits asAlice selects a part of bits and then the remaining n bits are +.>Defining that between Alice and Charlie, the remaining n bits after Alice selects part of the bits are +.>The remaining n bits after Charlie selects part of the bits are +.>
(6) Bob divides the remaining n bits of the key into two equal-length parts, which are respectively marked asAndand will->Transmitting the message to Charlie through a secure classical channel; the same Charlie divides the remaining n bits of the user as a key into two equal-length parts which are respectively marked as +.>And->And will->Transmitting to Bob via a secure classical channel;
the symmetric key held by Bob after exchange isThe symmetric key held by Charlie is
In the message phase, the sender Alice will sign the message m and sign Transmitting to Bob and Charlie; the message phase comprises:
(7) Alice signs and signs messages (m, sig m ) To the receiver Bob, sig m Representing a signature of a message m, wherein
(8) Bob signsSymmetric key held by itself->Respectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s a (n/2), bob receives the signed message and proceeds to step (9), otherwise, refusing to sign the message and terminating the signature; s is(s) a Is a set safety threshold, which is related toMaximum error rate is caused at a rotation angle of 45 DEG +.>Minimum error rate p introduced by eavesdropper e In relation to the use of a liquid crystal display device,
wherein the method comprises the steps ofThe error rate upper bound is estimated by using a Serfling inequality;
(9) Bob signs a signed message (m, sig) received from Alice m ) Send to Charlie;
(10) Charlie will signSymmetric key held by itself->Respectively comparing the corresponding positions and recording the number of mismatch; if the number of mismatches between the two parts is less than s v (n/2), then Charlie receives the signed message, otherwise refuses to sign the message and terminates the signature; wherein s is v Is a set safety margin for the device,
(11) The security parameters of a given protocol are respectively:
P(robust)≤2∈ PE
P(forge)≤a+∈ F +8∈ PE
where P (robust) is the robustness probability, ε PE The failure probability of error rate between Alice-Bob and Alice-Charlie estimated by using Serfling inequality; p (forge) represents the probability of falsification, i.e. the probability that a falsified Alice signature is received by Bob and Charlie simultaneously, a is a preset constant probability, E F It is Bob that the error rate is less than s v Related parameters of probability of (2); p (repudiation) represents the probability of repudiation, i.e. the probability that Alice signature is received by Bob but rejected by Charlie.
2. A reference frame independent quantum digital signature method as claimed in claim 1 wherein the minimum entropy in KGP process in the presence of eavesdropper EveThe method comprises the following steps:
wherein the KGP process is a quantum key generation process,as a binary shannon function, satisfies H (x) = -xlog 2 (x)-(1-x)log 2 (1-x), ε is the failure probability for parameter estimation, Z represents Z-base, E represents eavesdropper Eve,>representing the lower bound of the single photon response count of the Z group, I E Representing the amount of information that Eve steals.
3. A reference frame independent quantum digital signature method as claimed in claim 2 wherein in the presence of an eavesdropper Eve, the Eve steals information resulting in a minimum bit error rate p e The method meets the following conditions:
h satisfies H (x) = -xlog 2 (x)-(1-x)log 2 (1-x)。
CN202210344383.9A 2022-03-31 2022-03-31 Reference system independent quantum digital signature method Active CN114745129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210344383.9A CN114745129B (en) 2022-03-31 2022-03-31 Reference system independent quantum digital signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210344383.9A CN114745129B (en) 2022-03-31 2022-03-31 Reference system independent quantum digital signature method

Publications (2)

Publication Number Publication Date
CN114745129A CN114745129A (en) 2022-07-12
CN114745129B true CN114745129B (en) 2023-09-26

Family

ID=82278451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210344383.9A Active CN114745129B (en) 2022-03-31 2022-03-31 Reference system independent quantum digital signature method

Country Status (1)

Country Link
CN (1) CN114745129B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039604A (en) * 2018-08-07 2018-12-18 南京邮电大学 A kind of passive type trick state Quantum Digital Signature Research method
AU2020100261A4 (en) * 2020-01-10 2020-03-26 Chengdu University Of Information Technology The quantum secret information direct communication method with mutual authentication
CN111541544A (en) * 2020-03-20 2020-08-14 南京邮电大学 Quantum digital signature method based on double-field protocol
CN111865599A (en) * 2020-02-15 2020-10-30 南京邮电大学 Single-decoy-state quantum digital signature method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039604A (en) * 2018-08-07 2018-12-18 南京邮电大学 A kind of passive type trick state Quantum Digital Signature Research method
AU2020100261A4 (en) * 2020-01-10 2020-03-26 Chengdu University Of Information Technology The quantum secret information direct communication method with mutual authentication
CN111865599A (en) * 2020-02-15 2020-10-30 南京邮电大学 Single-decoy-state quantum digital signature method
CN111541544A (en) * 2020-03-20 2020-08-14 南京邮电大学 Quantum digital signature method based on double-field protocol

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Practical reference-frame-independent quantum key distribution systems against the worst relative rotation of reference frames;Chunmei Zhang, et al.;Journal of Physics Communications;全文 *
基于正则图上量子游走的仲裁量子签名方案;施荣华;冯艳艳;石金晶;;电子与信息学报(第01期);全文 *

Also Published As

Publication number Publication date
CN114745129A (en) 2022-07-12

Similar Documents

Publication Publication Date Title
CN111541544B (en) Quantum digital signature method based on double-field protocol
Croal et al. Free-space quantum signatures using heterodyne measurements
CN113300762B (en) Passive light source monitoring method suitable for double-field protocol
CN111865599B (en) Single-decoy-state quantum digital signature method
US11533171B2 (en) Apparatus and method for quantum direct communication using single qubits
CN110493010B (en) Mail receiving and sending method of mail system based on quantum digital signature
CN110086614B (en) Quantum digital signature method using marked single photon source
CN110086599B (en) Hash calculation method and signcryption method based on homomorphic chameleon Hash function
CN111200493B (en) Post-processing system and method for phase polarization joint modulation QKD
CN113225184A (en) Passive decoy state modulation reference system-independent quantum key distribution system and method
US20220271928A1 (en) Method and system for quantum key distribution
Niemiec et al. The measure of security in quantum cryptography
Cerf et al. Cloning and cryptography with quantum continuous variables
CN114745129B (en) Reference system independent quantum digital signature method
CN115001704B (en) Four-intensity decoy state quantum digital signature method
CN115643024A (en) Loss tolerance reference system independent quantum digital signature method
CN116055034B (en) Quantum memory and measuring equipment independent quantum key distribution method based on quantum memory
CN115834046A (en) Reference system independent quantum key distribution method with light source monitoring function
CN115276988B (en) Four-strength measuring equipment independent key distribution method
US20220109565A1 (en) Method, Apparatus, Computer Program and Data Carrier for Determining a Shared Secret Cryptographic Key
CN115021941A (en) Quantum digital signature method with state preparation error tolerance function
CN109039477B (en) Fault-tolerant quantum conversation method based on decoherence-free subspace
CN116155508B (en) Passive decoy state double-field quantum digital signature method
CN115589299B (en) Quantum double-signature protocol with high fidelity
Kuhn Vulnerabilities in Quantum Key Distribution Protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant