Efficient Arbitrated Quantum Digital Signature with Multi-Receiver Verification

TL;DR

An arbitrated quantum digital signature scheme is proposed, in which the signature can be verified by multiple receivers simultaneously, and meanwhile, the transferability of the signature is still kept, by employing one‐time universal hashing algorithm and a one‐time pad encryption scheme.

Abstract

Quantum digital signature is used to authenticate the identity of the signer with information theoretical security, while providing non-forgery and non-repudiation services. In traditional multi-receiver quantum digital signature schemes without an arbitrater, the transferability of one-to-one signature is always required to achieve unforgeability, with complicated implementation and heavy key consumption. In this article, we propose an arbitrated quantum digital signature scheme, in which the signature can be verified by multiple receivers simultaneously, and meanwhile, the transferability of the signature is still kept. Our scheme can be simplified performed to various quantum secure networks, due to the proposed efficient signature calculation procedure with low secure key consumption and low computation complexity, by employing one-time universal hashing algorithm and one-time pad encryption scheme. The evaluation results show that our scheme uses at least two orders of magnitude less key than existing signature schemes with transferability when signing files of the same length with the same number of receivers and security parameter settings.

Figures (6)

• Figure 1: Schematic diagram of the AQDS scheme with multi-receiver verification. $M$ is the original message. $D$ is the digest generated by $U_s$, $S$ is the signature generated by the signer and $\{S_i, M_i\}$ ($1 \le i \le k,i \in N$) is the signature and message pair received by the arbitrator $U_a$ from the receiver $U_i$. $X_i$ ($Y_i$) and $X_a$ ($Y_a$) are the $2n$ ($n$)-bit keys generated by QKD between $U_i$ and $U_s$ and between $U_a$ and $U_s$ respectively. $R_s$ is the $n$-bit quantum random number generated by $U_s$, $R_i$ is the random number obtained by $U_i$ decrypting $S_i$ from $U_s$, and $R_a^i$ is the random number obtained by $U_a$ decrypting $S_i$ from $U_i$. $T_i$ ($T_{a}^{i}$) and $H_{nm}^k$ ($H_{nm}^{a_i}$) are the $n$-bit hash value and the Toeplitz universal hash function generated by $U_i$ ($U_a$), respectively.
• Figure 2: The secure key consumption versus the length of message. $\epsilon_f$ is the security parameter and $k$ is the number of receivers.
• Figure 3: The total key consumption versus the number of receivers. $\epsilon_f$ is the security parameter and $m$ is the length of message.
• Figure 4: The time required to perform one round AQDS scheme with the message length of $1$ byte and $1$MB.
• Figure 5: Multi-receiver AQDS in the eight-user quantum network. (a) The physical layer topology of the eight-user quantum network. (b) The communication layer topology of the eight-user quantum network. (c) AQDS scheme in the eight-user network. In this scenario, Alice is the signer, Ivan is the arbitrator, and the other six users are the receivers.