Experimental quantum e-commerce

TL;DR

The whole e-commerce process of involving the signing of a contract and payment among three parties is demonstrated by proposing a quantum e-commerce scheme, which shows resistance of attacks from imperfect devices.

Abstract

E-commerce, a type of trading that occurs at a high frequency on the Internet, requires guaranteeing the integrity, authentication and non-repudiation of messages through long distance. As current e-commerce schemes are vulnerable to computational attacks, quantum cryptography, ensuring information-theoretic security against adversary's repudiation and forgery, provides a solution to this problem. However, quantum solutions generally have much lower performance compared to classical ones. Besides, when considering imperfect devices, the performance of quantum schemes exhibits a significant decline. Here, for the first time, we demonstrate the whole e-commerce process of involving the signing of a contract and payment among three parties by proposing a quantum e-commerce scheme, which shows resistance of attacks from imperfect devices. Results show that with a maximum attenuation of 25 dB among participants, our scheme can achieve a signature rate of 0.82 times per second for an agreement size of approximately 0.428 megabit. This proposed scheme presents a promising solution for providing information-theoretic security for e-commerce.

Figures (5)

• Figure 1: Illustrations depicting the process and network of quantum e-commerce. (A) Illustration of the process of quantum e-commerce. We consider the three-party scenario where Client buys a product from Merchant. TP is introduced as an arbiter to prevent either Merchant or Client from cheating. Merchant shares two sequences of coherent quantum states with Clinet and TP, respectively. Merchant then generates the contract with all information of the e-commerce, and obtains a signature through a hash function and keys distilled by his sequences. Thereafter, Merchant sends the contract and signature to Client. Client, if agreeing with the contract, will send the contract, signature and keys distilled by his consequence to TP. TP will then send keys distilled by his own sequence back to Client. Both Client and TP independently verify the signature through their own and received keys by hash functions. Client will pay the money to TP if he verifies the signature. TP will transfer the money to Merchant if he also passes the signature. (B) A flow chart of the protocol. Details of the procedure are explained in protocol description step by step.(C) A diagram of users in quantum networks.
• Figure 2: Experimental setup of KGP between Merchant and$\rm Client_2$. Here, we take KGP between Merchant and $\rm Client_2$ as an example. The pulses are generated by a pulsed laser with an extincation ratio of over 30 dB and then split into two pulse sequences with a 50: 50 beam splitter (BS). The pulses entering the loop are subjected to modulation by the phase modulator (PM) operated by either Merchant or Client. Monitor module consists of a dense wavelength division multiplexing (DWDM), a BS and a photon detector (PD). After phase modulation, these two pulses interfere in the Eve's BS and are detected by two superconducting nanowire single-photon detectors $\rm D_1$ and $\rm D_2$. Both the connections between Merchant and Eve and Client and Eve involve 2 kilometers of optical fiber and the total attenuation is 20 dB, achieved through VOA. Besides, there is an insertion of 1 kilometer of optical fiber between Merchant and $\rm Client_2$. VOA: variable optical attenuator; Cir: circulator.
• Figure 3: Results of demonstration. (A) Signature rate $R$ under different losses. The total number of pulses sent is $10^{10}$. (B) The relationship between security level and different sizes of files with a key of the same length. The boundary line represents the scenario where the generation rate of keys per second is sufficient to sign a 0.428-Mb file at a security level of $5\times 10^{-10}$ ten times with the same error rate under a 20dB attenuation. In our implementation, a 0.428-Mb document can be signed 11.83 times while maintaining the $5\times 10^{-10}$ security level. Furthermore, with the keys generated within one second, a document of 0.102-terabit (Tb) can be signed ten times at a security level of $4\times 10^{-10}$ ($\epsilon_{\rm rob} = 4\times 10^{-10}$).
• Figure :
• Figure :