Abstract
Chen et al. (Phys Rev A 73:012303, 2006) constructed this “starlike cluster” state, which involves one qubit located at the center and n neighboring two-qubit arms. This genuine entangled state has been used for the construction of 2D and 3D cluster states, topological one-way computation, and dynamical quantum secret sharing. In this paper, we investigate the usefulness of this starlike cluster state and propose a theoretically extensible quantum digital signature scheme. The proposed scheme can be theoretically generalized to more than three participants. Moreover, it retains the merits of no requirements such as authenticated quantum channels and long-term quantum memory. We also give a security proof for the proposed scheme against repudiation and forgery.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11128-016-1458-x/MediaObjects/11128_2016_1458_Fig1_HTML.gif)
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Stinson, D.R.: Cryptography: Theory and Practice, 3rd edn. Chapman and Hall, Boca Raton, Florida (2006)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)
Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31, 469–472 (1985)
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1, 36–63 (2001)
Shor, P. W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proc. 35th Annual Symposium on the Foundations of Computer Science, Santa Fe, New Mexico, pp. 124–134. (1994)
Grover, L. K.: A fast quantum mechanical algorithm for database search. In: Proc. 28th Annual ACM Symposium on Theory of Computing, New York, pp. 212–218. (1996)
Gottesman, D., Chuang, I.: Quantum digital signatures. arXiv:quant-ph/0105032
Lamport, L.: Technical Report CSL-98. SRI International, Palo Alto (1979)
Andersson, E., Curty, M., Jex, I.: Experimentally realizable quantum comparison of coherent states and its applications. Phys. Rev. A 74, 022304 (2006)
Clarke, P.J., Collins, R.J., Dunjko, V., Andersson, E., Jeffers, J., Buller, G.S.: Experimental demonstration of quantum digital signatures using phase-encoded coherent states of light. Nat. Commun. 3, 1174 (2012)
Dunjko, V., Wallden, P., Andersson, E.: Quantum digital signatures without quantum memory. Phys. Rev. Lett. 112, 040502 (2014)
Collins, R.J., Donaldson, R.J., Dunjko, V., Wallden, P., Clarke, P.J., Andersson, E., Jeffers, J., Buller, G.S.: Realization of quantum digital signatures without the requirement of quantum memory. Phys. Rev.Lett 113, 040502 (2014)
Wallden, P., Dunjko, V., Kent, A., Andersson, E.: Quantum digital signatures with quantum-key-distribution components. Phys. Rev. A 91, 042304 (2015)
Amiri, R., Andersson, E.: Unconditionally secure quantum signatures. Entropy 17, 5635 (2015)
Donaldson, R.J., Collins, R.J., Kleczkowska, K., Amiri, R., Wallden, P., Dunjko, V., Jeffers, J., Andersson, E., Buller, G.S.: Experimental demonstration of kilometer-range quantum digital signatures. Phys. Rev. A 93, 012329 (2016)
Arrazola, J.M., Wallden, P., Andersson, E.: Multiparty quantum signature schemes. Quant. Inf. Comput. 6, 0435 (2016)
Yin, H.-L., Fu, Y., Chen, Z.-B.: Practical quantum digital signature. Phys. Rev. A 93, 032316 (2016)
Amiri, R., Wallden, P., Kent, A., Andersson, E.: Secure quantum signatures using insecure quantum channels. Phys. Rev. A 93, 032325 (2016)
Chen, Q., Cheng, J.H., Wang, K.L., Du, J.F.: Efficient construction of two-dimensional cluster states with probabilistic quantum gates. Phys. Rev. A 73, 012303 (2006)
Fujii, K., Tokunaga, Y.: Fault-tolerant topological one-way quantum computation with probabilistic two-qubit gates. Phys. Rev. Lett. 105, 250503 (2010)
Fujii, K., Tokunaga, Y.: Topological one-way quantum computation on verified logical cluster states. Phys. Rev. A 82, 060301 (2010)
Jia, H.-Y., Wen, Q.-Y., Gao, F., Qin, S.-J., Guo, F.-Z.: Dynamic quantum secret sharing. Phys. Lett. A 376, 1035–1041 (2012)
Zou, X.B., Mathis, W.: Schemes for generating the cluster states in microwave cavity QED. Phys. Rev. A 72, 013809 (2005)
You, J.Q., Wang, X.-B., Tanamoto, T., Nori, F.: Efficient one-step generation of large cluster states with solid-state circuits. Phys. Rev. A 75, 052319 (2007)
Lu, C.Y., Zhou, X.Q., Ghne, O., Gao, W.B., Zhang, J., Yuan, Z.S., Goebel, A., Yang, T., Pan, J.W.: Experimental entanglement of six photons in graph states. Nature 3, 91–95 (2007)
Scarani, V., Bechmann-Pasquinucci, H., Cerf, N.J., Du Šek, M., Lütkenhaus, N., Peev, M.: Quantum cryptography protocols robust against photon number splitting attacks for weak laser pulse implementations. Rev. Mod. Phys. 81, 1301 (2009)
Lo, H.-K., Curty, M., Tamaki, K.: Secure quantum key distribution. Nat. Photon 8, 595–604 (2014)
Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23, 493 (1952)
Korzh, B., Lim, C.C.W., Houlmann, R., Gisin, N., Li, M.J., Nolan, D., Sanguinetti, B., Thew, R., Zbinden, H.: Provably secure and practical quantum key distribution over 307 km of optical fibre. Nat. Photon. 9, 163–168 (2015)
Renner, R.: Ph.D thesis, ETH Zurich (2005)
Tomamichel, M., Lim, C.C.W., Gisin, N., Renner, R.: Tight finite-key analysis for quantum cryptography. Nat. Commun. 3, 634 (2012)
Swanson, C., Stinson, D.: Unconditionally secure signature schemes revisited. In: Fehr, S. (ed.) Information Theoretic Security, chap. 10, 1st edn. Springer, Berlin (2011)
Chaum, D., Roijakkers, S.: In: Menezes, A., Vanstone, S.A. (eds.) Proceedings of the \(10^{\text{th}}\) Annual International Cryptology Conference on Advances in Cryptology, Springer-Verlag, London, UK, pp. 206–214. (1991)
Hanaoka, G., Shikata, J., Zheng, Y., Imai, H.: Unconditionally secure digital signature schemes admitting transferability. In: Okamoto, T. (ed.) Advances in Cryptology ASIACRYPT 2000, pp. 130–142. Springer, Kyoto, Japan (2000)
Chefles, A.: Unambiguous discrimination between linearly dependent states with multiple copies. Phys. Rev. A 64, 062305 (2001)
Acknowledgements
This work was supported by the National Natural Science Foundation of China (Grant Nos. 61572053, 61602019, 61472048, 61402148); Beijing Natural Science Foundation (Grant Nos. 4162005, 4152038); China Social Security Foundation (No. 6003962); The Scientific Research Common Program of Beijing Municipal Commission of Education (No. KM201510005016); The Basic Research Foundation of Beijing University of Technology (No. X4007999201501); Natural Science Foundation of Hebei Province (No. F2015205114).
Author information
Authors and Affiliations
Corresponding author
Appendix A: The detailed process of the n-recipient QDS scheme
Appendix A: The detailed process of the n-recipient QDS scheme
Exploiting the scalability of cluster states, theoretically the preparation of arbitrary \((2n+1)\)-particle starlike cluster states is possible by means of the \((2n-1)\)-particle starlike cluster states, additional 3-qubit linear cluster states and some quantum local operations including single-qubit measurement and two-qubit controlled operation [22]. The concrete process is as follows:
As illustrated in Fig. 2, the signer Alice prepares another 3-qubit linear cluster state
Alice performs a CZ operation on the particle A and the particle \(A^{{\prime }}\), followed by a Y measurement on particle \(A^{{\prime }}\)(shown in Fig. 2a).
Here \(CZ=|00\rangle \langle 00|+|01\rangle \langle 01|+|10\rangle \langle 10|-|11\rangle \langle 11|\) and \(Y=\{(|0\rangle +i|1\rangle )/\sqrt{2},(|0\rangle -i|1\rangle )/\sqrt{2}\}\). By applying appropriate local operations, each pair can be transformed into a \((2n+1)\)-particle starlike cluster state theoretically.
The process of the QDS scheme with n recipients is similar to the one with two recipients. The whole scheme also includes three phases, i.e., the distribution phase, the estimation phase, and the messaging phase. In the proposed scheme, \(|0\rangle \), \(|+\rangle \) represent classical bit 0; \(|1\rangle \) and \(|-\rangle \) encode 1, respectively.
1.1 The distribution phase
Assume the signed message is m. Alice prepares a sequence of N \((2n+1)\)-qubit cluster states in Eq. (1). For each cluster state, she sends the particle \(B_i\) to \(Bob_i\), \(i=1,2,\ldots ,n\). \(Bob_1 ,Bob_2 ,\ldots ,Bob_n\) will announce the result if their detectors have no click, and then Alice and \(Bob_i (i=1,2,\ldots ,n)\) discard all the corresponding data and keep the left 2M bits for Alice and M bits for each \(Bob_{i} \, (i=1,2,\ldots ,n)\), respectively. For each cluster state, Alice measures the particle A in the Z basis and measures the particle \(A_i \) in the Z or X basis randomly. \(Bob_i \) measures the particle \(B_i \) in the Z or X basis randomly, for \(i=1,2,\ldots ,n\). For each cluster state, Alice announces bit 0 if her measurement result of the particle \(A_i \, (i=1,2,\ldots ,n)\) belongs to the set \(\{|0\rangle ,\, |+\rangle \}\) while bit 1 if it belongs to the set \(\{|1\rangle ,\, |-\rangle \}\) through the authenticated classical channels. \(Bob_i\) interprets Alice’s measurement result of the particles \(A_i\) according to her public information. Let \(P_{B_i}^c\) be the probability that \(Bob_i\) has a conclusive result for each received quantum state; in the ideal case, \(P_{B_i }^c =P^{c}=1/4\), for \(i=1,2,\ldots ,n\). Note that \(Bob_i\) does not announce whether he has a conclusive result, for \(i=1,2,\ldots ,n\).
1.2 The estimation phase
For \(i=1,2,\ldots ,n\), Alice informs \(Bob_i\) to choose \(M_{t_i } \) bits as the test bits to estimate correlation randomly and independently. \(Bob_i \) announces the position of test bits, respectively and independently. For each position, Alice publishes the measurement outcome of the corresponding particles A, \(A_i \), respectively. \(Bob_i \) publishes the measurement outcome of the corresponding particle \(B_i\), respectively. Alice announces the measurement basis of the corresponding particle \(A_i \). Finally, \(Bob_i \) publishes the measurement basis of the corresponding particle \(B_i \), respectively. According to the correlation of Eq. (1), they calculate the mismatching rate \(e_{B_i }^c \) of conclusive results from the test bits. When \(e_{B_i }^c \) gets too high, they abort the protocol. Or when \(P_{B_i}^c \) shows a big deviation from the ideal value \(P^{c}=1/4\), they also announce to abort the protocol. Otherwise, Alice keeps \(M_u \) untested bits, denoted \(S_{A_i}\), respectively. \(Bob_i\) keeps \(M_u \) untested bits, denoted \(S_{A_i}\), respectively.
1.3 The messaging phase
The signer Alice randomly chooses the desired recipient, for example \(Bob_1\), who will be the authenticator in the messaging stage. Alice sends the message m and the corresponding bit strings \(S_{A_1} ,S_{A_2} ,\ldots ,S_{A_n}\) to the authenticator, \(Bob_1\)(if \(Bob_i \,(i\ne 1)\) is the authenticator chosen by Alice, Alice will send the message m and the corresponding bit strings \(S_{A_1 } ,S_{A_2} ,\ldots ,S_{A_n}\) to \(Bob_i\)). \(Bob_1 \) checks the mismatching rate \(P^{c}E_{B_1 }^c\) between \(S_{A_1}\) and \(S_{A_1}^{\prime } \) according to the correlation in Table 2, where \(E_{B_1 }^c \) is the mismatching rate of the conclusive results and \(S_{A_1}^{\prime } \) is inferred according to \(S_{B_1 }\) and Alice’s public information in the distribution phase. The inconclusive outcomes are considered to match Alice’s announcement bits automatically. If the mismatching rate \(E_{B_1 }^c \le T_{B_1 } (T_{B_1 } \) is the authentication security threshold), \(Bob_1 \) accepts the message. Otherwise, he rejects it and announces to abort the protocol. After \(Bob_1 \) accepts the message, he forwards it and the corresponding bit strings \(S_{A_1} ,S_{A_2} ,\ldots ,S_{A_n}\) to the recipient \(Bob_2 \).
For \(i=2,3,\ldots ,n-1\), \(Bob_i \) checks the mismatching rate \(P^{c}E_{B_i }^c \) between \(S_{A_i }\) and \(S_{A_i}^{\prime } \) according to the correlation in Table 2, where \(E_{B_i }^c \) is the mismatching rate of the conclusive results and \(S_{A_i }^{\prime } \) is inferred according to \(S_{B_i }\) and Alice’s public information in the distribution phase. The inconclusive outcomes are considered to match Alice’s announcement bits automatically. If the mismatching rate \(E_{B_i }^c \le T_{B_i} (T_{B_i } \) is the verification security threshold), \(Bob_i\) accepts the forwarded message and forwards it and the corresponding bit strings \(S_{A_1 } ,S_{A_2} ,\ldots ,S_{A_n }\) to the recipient \(Bob_{i+1} \). Otherwise, he rejects it.
Rights and permissions
About this article
Cite this article
Yang, YG., Liu, ZC., Li, J. et al. Theoretically extensible quantum digital signature with starlike cluster states. Quantum Inf Process 16, 12 (2017). https://doi.org/10.1007/s11128-016-1458-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-016-1458-x