Abstract
Digital signature plays an important role in cryptography. Many quantum digital signature (QDS) schemes have been proposed up to now since the security of classic digital signature (CDS) schemes becomes more and more vulnerable with the development of quantum computing algorithms. Most of the existing quantum signature schemes are based on probabilistic comparison of quantum states, which makes the schemes very complicated. In this paper, we propose a new QDS scheme based on local indistinguishability of orthogonal product states. In the scheme, the receiver cooperates with the arbitrator to verify the valid of the signature. The analysis of security and efficiency shows that our scheme is secure and efficient.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
Classical digital signature (CDS) can authenticate the integrity of a signed message and the identity of a signatory. It has been widely used in many practical occasions [1, 2], such as e-payment system, e-government, and so on. As we know, the security of classical digital signature (CDS) generally depends on the assumption of computational complexity (e.g. the factoring problem and discrete logarithm problem). However, the security of CDS is seriously challenged because of rapid development of quantum algorithms. Fortunately, quantum digital signature, which is based on the laws of quantum mechanics, is attracting a lot of attention since it can resist the attacks of quantum algorithms.
To achieve different purposes, various quantum signature schemes, such as arbitrated quantum signature (AQS) [3,4,5,6,7,8,9], quantum group signature (QGS) [10,11,12], quantum proxy signature (QPS) [13,14,15], quantum blind signature (QBS) [16,17,18,19], have been proposed. In Ref. [3], Zeng et al. gave the first AQS model by using the correlation of Greenberger-Horne-Zeilinger (GHZ) triplet states. Inspired by this pioneering work, Li et al. [7] replaced GHZ states with Bell states to give a more efficient AQS scheme. Later, Zou et al. [8] pointed out that these two schemes are insecure since the receiver can deny a valid signature and presented two new AQS schemes. Gao et al. [20] and Hwang et al. [21] pointed out that most of the previous signature schemes cannot resist a known message attack of the receiver. Recently, Yang et al. presented an AQS scheme [22] with cluster states. This scheme can achieve an efficiency of 100%. Inspired by the work [22], Fatahi et al. proposed a high-efficient arbitrated quantum signature scheme based on cluster states. However, these schemes are very difficult to implement since it is very difficult to prepare these cluster states under current conditions.
The local distinguishability of orthogonal product states is an important research topic in the field of quantum information. In recent years, many results about the local distinguishability of orthogonal product states have been proposed [23,24,25,26,27,28]. As we know, the preparation of product states consumes less resources compared with entangled states.
In this paper, we propose an AQS scheme which is based on the local indistinguishability of orthogonal product states. In this scheme, different particles of a state that comes from a set of indistinguishable product states are transmitted separately, which can improve the security of the scheme. The rest of the paper is organised as follows. In Section 2, some fundamental preliminaries are introduced. In Section 3, we give a detailed description for the proposed AQS scheme. In Section 4, We discuss the security and efficiency of the proposed scheme. At last, a short conclusion is given in Section 5.
2 Preliminaries
In this section, we introduce some preliminaries that are used in what follows. We say a set of orthogonal product states is locally indistinguishable [28, 29] if it cannot be perfectly distinguished by local operations and classical communications (LOCC).
Theorem 1
The set of orthogonal product states (1)
cannot be perfectly distinguished by LOCC.
Proof
Now we prove these states (1) cannot be perfectly distinguished by LOCC. To distinguish these eight product states, one of the three parties must start with a positive-operator-valued measure (POVM). Without loss of generality, suppose that the first party goes first with a set of general 2 × 2 POVM elements \(\{M^{\dagger }_{k}M_{k}; k = 1,2,\ldots ,l_{1}\}\), where
under the basis {|0〉,|1〉}. It is noted that the postmeasurement states must be pairwise orthogonal for making further discrimination feasible. That is, the states that are orthogonal on the first side should maintain the orthogonality on the first side after the measurement.
For the states |ψ5〉 and |ψ7〉, we have
and
Thus, we can get
and
So, we have
For the states |ψ3〉 and |ψ4〉, we have
Thus,
So, we have
This means that any of the POVM elements of the first party should be in the form
Consider the product states |ψ6〉 and |ψ8〉. If the first party discriminates these states outright then for one of states |ψ6〉 and |ψ8〉,
But given (5),
Therefore, \(m_{00}^{k}= 0\) and, since POVM elements must be positive, \(M_{k}^{\dag }M_{k}\) is the null matrix.
According to the above analysis, all of the first party’s POVM elements must be proportional to the identity. Thus, the first party cannot go first; by the symmetry of states (1), neither the second party nor the third party can do it. Therefore, these states are locally indistinguishable. This completes the proof. □
3 The Proposed AQS Scheme
The proposed scheme involves three participants, namely, the signatory Alice, the receiver Bob and the arbitrator Trent. It should be noted that the arbitrator Trent is a disinterested third party and is trusted by Alice and Bob. The scheme is composed of three phases: initializing phase, signing phase, and verifying phase.
3.1 Initializing Phase
Suppose that m = {m1,m2,⋯ ,mn} is a 3n-bit message to be signed, where mi ∈{000,001,010,011,100,101,110,111} for i = 1,2,…,n.
-
(1)
Trent establishes an n-bit shared secret key \(K_{AT}=\{K_{AT}^{1},K_{AT}^{2},\ldots ,K_{AT}^{n}\}\) with Alice and an n-bit shared secret key \(K_{BT}=\{K_{BT}^{1},K_{BT}^{2},\ldots ,K_{BT}^{n}\}\) with Bob by quantum key distribution protocol [30,31,32,33,34,35,36].
-
(2)
Alice establishes an n-bit shared secret key \(K_{AB}=\{K_{AB}^{1}, K_{AB}^{2},\ldots ,K_{AB}^{n}\}\) with Bob by quantum key distribution protocol [30,31,32,33,34,35,36].
3.2 Signing Phase
-
(1)
Alice encodes the message m as a quantum sequence |S〉 according to the following rules:
$$\begin{array}{@{}rcl@{}} &&m_{i}= 000: \longmapsto|S^{i}\rangle=|\psi_{1}\rangle=|0\rangle_{1}|0\rangle_{2}|0\rangle_{3},\\ &&m_{i}= 111: \longmapsto|S^{i}\rangle=|\psi_{2}\rangle=|1\rangle_{1}|1\rangle_{2}|1\rangle_{3},\\ &&m_{i}= 001: \longmapsto|S^{i}\rangle=|\psi_{3}\rangle=\frac{1}{\sqrt{2}}(|0\rangle+|1\rangle)_{1}|0\rangle_{2}|1\rangle_{3},\\ &&m_{i}= 010: \longmapsto|S^{i}\rangle=|\psi_{4}\rangle=\frac{1}{\sqrt{2}}(|0\rangle-|1\rangle)_{1}|0\rangle_{2}|1\rangle_{3},\\ &&m_{i}= 100: \longmapsto|S^{i}\rangle=|\psi_{5}\rangle=\frac{1}{\sqrt{2}}|1\rangle_{1}(|0\rangle+|1\rangle)_{2}|0\rangle_{3},\\ &&m_{i}= 011: \longmapsto|S^{i}\rangle=|\psi_{6}\rangle=\frac{1}{\sqrt{2}}|1\rangle_{1}(|0\rangle-|1\rangle)_{2}|0\rangle_{3},\\ &&m_{i}= 101: \longmapsto|S^{i}\rangle=|\psi_{7}\rangle=\frac{1}{\sqrt{2}}|0\rangle_{1}|1\rangle_{2}(|0\rangle+|1\rangle)_{3},\\ &&m_{i}= 110: \longmapsto|S^{i}\rangle=|\psi_{8}\rangle=\frac{1}{\sqrt{2}}|0\rangle_{1}|1\rangle_{2}(|0\rangle-|1\rangle)_{3}, \end{array} $$(6)where |Si〉 is the i-th product state of the sequence |S〉 for i = 1,2,…,n.
-
(2)
Alice firstly generates the quantum sequence |S〉. Then, she picks out the j-th particle of each product state of |S〉 to form the sequence |S(j)〉 for j = 1,2,3.
-
(3)
For the first sequence |S(1)〉, Alice performs the following unitary operation on the i-th particle \(|S_{(1)}^{i}\rangle \) according to the i-th bit of KAB to get a new particle \(|\overline {S}_{(1)}^{i}\rangle \), i.e., \(H^{K_{AB}^{i}}|S_{(1)}^{i}\rangle =|\overline {S}_{(1)}^{i}\rangle \), where
$$\begin{array}{ll} H\equiv \frac{1}{\sqrt{2}} \left[ \begin{array}{cc} 1 &1 \\ 1 &-1 \end{array} \right] \end{array} $$is the Hadamard gate, \(H^{K_{AB}^{i}}=I\) (unit operator) if \(K_{AB}^{i}= 0\) and \(H^{K_{AB}^{i}}=H\) (Hadamard gate) if \(K_{AB}^{i}= 1\) for i = 1,2,⋯ ,n.
By this step, Alice changes the sequence |S(1)〉 to a new sequence \(|\overline {S}_{(1)}\rangle \).
-
(4)
For the second sequence |S(2)〉, Alice performs the following unitary operation on the i-th particle \(|S_{(2)}^{i}\rangle \) according to the i-th bit of KAT to get a new particle \(|\overline {S}_{(2)}^{i}\rangle \), i.e., \(H^{K_{AT}^{i}}|S_{(2)}^{i}\rangle =|\overline {S}_{(2)}^{i}\rangle \), where H is the Hadamard gate, \(H^{K_{AT}^{i}}=I\) (unit operator) if \(K_{AT}^{i}= 0\) and \(H^{K_{AT}^{i}}=H\) (Hadamard gate) if \(K_{AT}^{i}= 1\) for j = 1,2,⋯ ,n.
By this step, Alice changes the sequence |S(2)〉 to a new sequence \(|\overline {S}_{(2)}\rangle \).
-
(5)
Firstly, Alice generates 3l decoy particles that are randomly in one of the four states: |0〉, |1〉, |+〉 and |−〉 for checking eavesdropping, where \(|+\rangle =\frac {1}{\sqrt {2}}(|0\rangle +|1\rangle )\) and \(|-\rangle =\frac {1}{\sqrt {2}}(|0\rangle -|1\rangle )\). Next she randomly inserts these 3l decoy particles into the quantum sequences \(|\overline {S}_{(1)}\rangle \), \(|\overline {S}_{(2)}\rangle \), |S(3)〉 and gets three corresponding sequences: \(|\overline {S}_{(1)}^{\prime }\rangle \), \(|\overline {S}_{(2)}^{\prime }\rangle \) and \(|S_{(3)}^{\prime }\rangle \). Then she encrypts m with KAB to get an encrypted message \(C=E_{K_{AB}}(m)\). Finally, Alice sends \(\{|\overline {S}_{(1)}^{\prime }\rangle ,|\overline {S}_{(2)}^{\prime }\rangle ,|S_{(3)}^{\prime }\rangle , C\}\) to Bob.
-
(6)
After confirming that Bob has received \(\{|\overline {S}_{(1)}^{\prime }\rangle ,|\overline {S}_{(2)}^{\prime }\rangle ,|S_{(3)}^{\prime }\rangle , C\}\), Alice announces the positions and the initial states of the decoy particles in the quantum sequences \(|\overline {S}^{\prime }_{(1)}\rangle \), \(|\overline {S}^{\prime }_{(2)}\rangle \) and \(|S^{\prime }_{(3)}\rangle \). Then for each of the decoy particles, Bob measures it with the corresponding basis and compares the measurement outcome with its initial state. If there exist no errors, Bob continues to the next step; otherwise, he restarts the protocol.
-
(7)
After checking eavesdropping, Bob can recover the quantum sequences \(|\overline {S}_{(1)}\rangle \), \(|\overline {S}_{(2)}\rangle \) and |S(3)〉. For the i-th particle \(|\overline {S}_{(1)}^{i}\rangle \) of \(|\overline {S}_{(1)}\rangle \), Bob performs the operation \(H^{K_{AB}^{i}}\), where \(H^{K_{AB}^{i}}=I\) if \(K_{AB}^{i}= 0\) and \(H^{K_{AB}^{i}}=H\) if \(K_{AB}^{i}= 1\) for i = 1,2,…,n. Thus Bob can get the sequence |S(1)〉 since \(H^{K_{AB}^{i}}|\overline {S}_{(1)}^{i}\rangle =|S_{(1)}^{i}\rangle \). For the i-th particle \(|S_{(3)}^{i}\rangle \) of |S(3)〉, Bob performs the operation \(H^{K_{BT}^{i}}\). Thus Bob can get the sequence \(|\overline {S}_{(3)}\rangle \) according to \(H^{K_{BT}^{i}}|{S}_{(3)}^{i}\rangle =|\overline {S}_{(3)}^{i}\rangle \) for i = 1,2,…,n.
-
(8)
Bob decrypts C to get the message m by \(m=D_{K_{AB}}(C)\) and encrypts m to get \(\overline {C}\) by \(\overline {C}=E_{K_{BT}}(m)\).
Bob stores SA = {|S(1)〉, \(|\overline {S}_{(2)}\rangle \), \(|\overline {S}_{(3)}\rangle \), \(\overline {C}\}\) as Alice’s signature about the message m.
3.3 Verifying Phase
-
(1)
For checking eavesdropping, Bob generates 3l decoy states that are randomly in one of the four states: |0〉, |1〉, |+〉 and |−〉, where \(|+\rangle =\frac {1}{\sqrt {2}}(|0\rangle +|1\rangle )\) and \(|-\rangle =\frac {1}{\sqrt {2}}(|0\rangle -|1\rangle )\). Then he randomly inserts these 3l decoy states into the quantum sequences |S(1)〉, \(|\overline {S}_{(2)}\rangle \) and \(|\overline {S}_{(3)}\rangle \) to get three quantum sequences \(|S_{(1)}^{\prime \prime }\rangle \), \(|\overline {S}_{(2)}^{\prime \prime }\rangle \) and \(|\overline {S}_{(3)}^{\prime \prime }\rangle \). Bob sends the quantum sequences \(\{|S_{(1)}^{\prime \prime }\rangle \), \(|\overline {S}_{(2)}^{\prime \prime }\rangle \), \(|\overline {S}_{(3)}^{\prime \prime }\rangle \}\) and the encrypted message \(\overline {C}\) to Trent.
-
(2)
After confirming that Trent has received the quantum sequences \(\{|S_{(1)}^{\prime \prime }\rangle \), \(|\overline {S}_{(2)}^{\prime \prime }\rangle \), \(|\overline {S}_{(3)}^{\prime \prime }\rangle \}\) and the encrypted message \(\overline {C}\), Bob announces the positions and the initial states of the decoy particles in these three sequences. Then for each of the decoy particles, Bob measures it with the corresponding basis and compares the measurement outcome with its initial state. If there exist no errors, Trent continue to the next step; otherwise, he restarts the protocol.
-
(3)
After checking eavesdropping, Trent can recover the quantum sequences |S(1)〉, \(|\overline {S}_{(2)}\rangle \) and \(|\overline {S}_{(3)}\rangle \). For the i-th particle \(|\overline {S}_{(2)}^{i}\rangle \) of \(|\overline {S}_{(2)}\rangle \), Trent performs the operation \(H^{K_{AT}^{i}}\), where \(H^{K_{AT}^{i}}=I\) if \(K_{AT}^{i}= 0\) and \(H^{K_{AT}^{i}}=H\) if \(K_{AT}^{i}= 1\) for i = 1,2,…,n. Thus Trent can recover the sequence |S(2)〉 since \(H^{K_{AT}^{i}}|\overline {S}_{(2)}^{i}\rangle =|{S}_{(2)}^{i}\rangle \). For the i-th particle \(|\overline {S}_{(3)}^{i}\rangle \) of \(|\overline {S}_{(3)}\rangle \), Trent performs the operation \(H^{K_{BT}^{i}}\), where \(H^{K_{BT}^{i}}=I\) if \(K_{BT}^{i}= 0\) and \(H^{K_{BT}^{i}}=H\) if \(K_{BT}^{i}= 1\) for i = 1,2,…,n. Thus Trent can recover the sequence |S(3)〉.
-
(4)
Firstly, Trent recovers the sequence |S〉 by |S(1)〉, |S(2)〉 and |S(3)〉. Secondly, Trent measures each product state of |S〉 with the product basis (1) and records the measurement outcomes. Here we denote the measurement outcomes as \(\overline {m}\).
-
(5)
Trent recovers the message m by \(m=D_{K_{BT}}(\overline {C})\) and compares m with \(\overline {m}\). If \(m=\overline {m}\), he announces Alice’s signature is valid; while he announces Alice’s signature is invalid if \(m\neq \overline {m}\).
4 Security and Efficiency Analysis
In this section, we will first discuss the security of the scheme and then analyze the efficiency of the scheme. As we know, a secure AQS should meet two properties:
-
Unforgeability. Neither an outside attacker nor the signature receiver can generate a valid signature except a legal signatory.
-
Undeniability. If a signatory had signed a valid signature, he cannot successfully deny the signature.
4.1 Unforgeability
As a signature scheme, unforgeability is an important property. We will show that nobody can forge Alice’s valid signature. In fact, there exist two kinds of attacks. One is the outside attacks; the other is the participant’s attacks.
-
(1)
Outsider attacks
From the steps of quantum signature, an outside attacker has two chances to attack our proposed scheme. The first time is when Alice sends \(\{|\overline {S}_{(1)}^{\prime }\rangle , |\overline {S}_{(2)}^{\prime }\rangle , |S_{(3)}^{\prime }\rangle , C\}\) to Bob. The second time is when Bob sends the quantum sequences \(|S_{(1)}^{\prime \prime }\rangle \), \(|\overline {S}_{(2)}^{\prime \prime }\rangle \) and \(|\overline {S}_{(3)}^{\prime \prime }\rangle \) to Trent. In fact, the sequences \(\{|\overline {S}_{(1)}^{\prime }\rangle \), \(|\overline {S}_{(2)}^{\prime }\rangle \), \(|S_{(3)}^{\prime }\rangle \}\) and the sequences \(\{|S_{(1)}^{\prime \prime }\rangle \), \(|\overline {S}_{(2)}^{\prime \prime }\rangle \), \(|\overline {S}_{(3)}^{\prime \prime }\rangle \}\) are inserted into decoy particles which are randomly in one of the four states {|0〉,|1〉,|+〉,|−〉}. Just like the situation in BB84 protocol [37], if an outside attacker eavesdrops in the transmission process of quantum sequences, his/her eavesdropping actions will inevitably disturb part of the decoy particles. Thus his/her eavesdropping actions must be found by Bob or Trent.
-
(2)
Participant’s attacks
We consider the situation that Bob is a dishonest participant who wants to forge a valid signature of Alice. To forge a valid signature, Bob needs to know the shared key KAT of Alice and Trent. Thus Bob should know which state each particle of the sequence \(|\overline {S}_{(2)}\rangle \) is in. Of course Bob couldn’t measure these particles directly because he is not sure which basis of the two mutually unbiased bases {|0〉,|1〉} and {|+〉,|−〉} is correct for each particle of \(|\overline {S}_{(2)}\rangle \). Now we consider that Bob uses entanglement-measure attack to get the key KAT. That is, he performs a collective operation U on each particle and an auxiliary system |ε〉. Without loss of generality, suppose that the operation U holds:
$$\begin{array}{@{}rcl@{}} U(|0\rangle|\varepsilon\rangle)=\lambda_{1}|\xi_{1}\varepsilon_{1}\rangle+ \lambda_{2}|\xi_{2}\varepsilon_{2}\rangle \end{array} $$(7)$$\begin{array}{@{}rcl@{}} U(|1\rangle|\varepsilon\rangle)=\mu_{1}|\zeta_{1}\varepsilon^{\prime}_{1}\rangle+ \mu_{2}|\zeta_{2}\varepsilon^{\prime}_{2}\rangle \end{array} $$(8)Here, |λ1|2 + |λ2|2 = |μ1|2 + |μ2|2 = 1, \(\langle \xi _{1}|\xi _{2}\rangle =\langle \varepsilon _{1}|\varepsilon _{2}\rangle =\langle \zeta _{1}|\zeta _{2}\rangle =\langle \varepsilon ^{\prime }_{1}|\varepsilon ^{\prime }_{2}\rangle = 0\). (The right parts of (7) and (8) are in the forms of Schmidt decomposition.) If Bob wants to extract the useful information to be used to discriminate the particles |0〉 and 1〉 in \(|\overline {S}_{(2)}\rangle \) precisely, the two reduced density matrices of Bob’s auxiliary systems |λ1|2|ε1〉〈ε1| + |λ2|2|ε2〉〈ε2| and \(|\mu _{1}|^{2}|{\varepsilon }_{1}^{\prime }\rangle \langle {\varepsilon }_{1}^{\prime } |+| \mu _{2}|^{2}| {\varepsilon }_{2}^{\prime }\rangle \langle {\varepsilon }_{2}^{\prime }|\) must be discriminated precisely. That means \(\langle \varepsilon _{i}|\varepsilon ^{\prime }_{j}\rangle = 0\), where i,j = 1,2. With this condition, the unitary transformation of U on the particles |+〉 and |−〉 of \(|\overline {S}_{(2)}\rangle \) has the universal form
$$\begin{array}{@{}rcl@{}} U(\frac{1}{\sqrt{2}}(|0\rangle+\delta|1\rangle)|\varepsilon\rangle)=\frac{1}{\sqrt{2}} (\lambda_{1}|\xi_{1}\varepsilon_{1}\rangle+ \lambda_{2}|\xi_{2}\varepsilon_{2}\rangle+\delta\mu_{1}|\zeta_{1}\varepsilon^{\prime}_{1}\rangle+\delta \mu_{2}|\zeta_{2}\varepsilon^{\prime}_{2}\rangle)\\ \end{array} $$where δ = 1,− 1. Thus the reduced density matrices of auxiliary particles |+〉 and |−〉 of Bob are all
\(\frac {1}{2}(|\lambda _{1}|^{2}|\varepsilon _{1}\rangle \langle \varepsilon _{1}|+|\lambda _{2}|^{2} |\varepsilon _{2}\rangle \langle \varepsilon _{2})+|\mu _{1}|^{2}|\varepsilon _{1}^{\prime }\rangle \langle \varepsilon _{1}^{\prime }| +|\mu _{2}|^{2}|\varepsilon ^{\prime }_{2}\rangle \langle \varepsilon ^{\prime }_{2}|)\). This means that Bob cannot discriminate |+〉 and |−〉 of \(|\overline {S}_{(2)}\rangle \). Thus, Bob cannot get all the information of the sequence \(|\overline {S}_{(2)}\rangle \) by entanglement-measure attack. Therefore, he cannot get the key KAT.
In fact, it means that Bob has a method to discriminate |0〉,|1〉,|+〉,|−〉 of \(|\overline {S}_{(2)}\rangle \) if he can get all the information of the sequence \(|\overline {S}_{(2)}\rangle \). However, this is impossible since |0〉,|1〉 and |+〉,|−〉 come from two mutually orthogonal unbiased basis.
4.2 Undeniability
Suppose that Alice has signed a signature SA for a message m, but she wants to deny that he has signed the signature. In our scheme, it is easy for Trent to detect her deception. This is because the shared key KAT of Alice and Trent is contained in the signature SA. Once Trent has successfully verified the signature, Alice cannot deny its validity.
On the other hand, Bob cannot deny that he had received Alice’s signature after Trent has successfully verified Alice’s signature. This is because the sequences that Bob sent to Trent contain the information of the shared key KBT of Bob and Trent. In short, neither Alice nor Bob can deny a valid signature.
4.3 Efficiency Analyses
In Refs. [38, 39], quantum efficiency is introduced to evaluate the efficiency of quantum protocols. For a quantum protocol, quantum efficiency is defined as
where bs represents the total number of the transmitted message bits, qt is the number of the qubits exchanged in the protocol (the qubits used for checking eavesdropping are not counted) and bt is the number of classical bits exchanged for decoding of the message (classical bits utilized for eavesdropping check are not counted).
In our scheme, Bob receives a 3n bits classical message while Trent receives a 3n bits classical message and 3n qubits. A total of 6n qubits are transmitted among Alice, Bob and Trent. It is obvious that bs = 9n, qt = 6n and bt = 6n. Thus we can get the efficiency of our scheme is 9n/(6n + 6n) = 75%.
We compare the efficiency of our scheme with that of Refs. [22] and [40] (See Table 1). It is obvious that our scheme is more efficient. Furthermore, compared with entangled states, product states can be obtained straightforwardly and no ancillary particles are required, thus our scheme is easier to implement than the schemes using cluster states.
5 Conclusions
In this paper, we propose an AQS scheme based on orthogonal product states that cannot be perfectly distinguished by LOCC. The proposed scheme can resist all known attacks. Compared with the existing schemes, our scheme is more efficient and easy to realize since the preparation and storage of orthogonal product states are relatively simple. It should be pointed out that the different particles of each orthogonal product state are separately transmitted in our scheme, which can ensure the security of the scheme.
The local distinguishability of orthogonal product states has got a lot of attention in the past two decades [23,24,25,26,27,28]. Our scheme is a useful exploration about the application of local indistinguishable orthogonal product states since there exist a few research results in this field [41,42,43,44,45,46,47,48,49,50].
References
Mambo, M., Usuda, K., Okamoto, E.: Proxy signature: Delegation of the power to sign messages. IEICE Trans. Fundam. E79(A(9)), 1338–1353 (1996)
Cao, F., Cao, Z.F.: A secure identity-based proxy multi-signature scheme. Inf. Sci. 179(3), 292–302 (2009)
Zeng, G.H., Keitel, C.H.: Arbitrated quantum-signature scheme. Phys. Rev. A 65(4), 042312 (2002)
Curty, M., Lutkenhaus, N.: Comment on arbitrated quantum-signature scheme. Phys. Rev. A 77(4), 046301 (2008)
Cao, Z.J., Markowitch, O.: A note on an arbitrated quantum signature scheme. Int. J. Quantum Inf. 7(6), 1205–1209 (2009)
Zeng, G.H.: Reply to Comment on Arbitrated quantum-signature scheme. Phys. Rev. A 78(1), 016301 (2008)
Li, Q., Chan, W.H., Long, D.Y.: Arbitrated quantum signature scheme using Bell states. Phys. Rev. A 79(5), 054307 (2009)
Zou, X.F., Qiu, D.W.: Security analysis and improvements of arbitrated quantum signature schemes. Phys. Rev. A 82, 042325 (2010)
Yang, Y.G., Wen, Q.Y.: Arbitrated quantum signature of classical messages against collective amplitude damping noise. Opt. Commun. 283(16), 3198–3201 (2010)
Wen, X.J., Tian, Y., Ji, L.P., Niu, X.M.: A group signature scheme based on quantum teleportation. Phys. Scr. 81(5), 055001 (2010)
Xu, R., Huang, L.S., Yang, W., He, L.B.: Quantum group blind signature scheme without entanglement. Opt. Commun. 284(14), 3654–3658 (2011)
Yang, Y.G., Wen, Q.Y.: Quantum threshold group signature. Sci. Chin. Ser. G Phys. Astron. 51(10), 1505–1514 (2008)
Yang, Y.G.: Multi-proxy quantum group signature scheme with threshold shared verification. Chin. Phys. B 17(2), 415–418 (2008)
Wang, T.Y., Wei, Z.L.: One-time proxy signature based on quantum cryptography. Quantum Inf. Process. 11(2), 455–463 (2012)
Shi, J.J., Shi, R.H., Guo, Y., Peng, X.Q., Tang, Y.: Batch proxy quantum blind signature scheme. Sci. Chin. Inf. Sci. 56(5), 052115 (2013)
Wen, X.J., Niu, X.M., Ji, L.P., Tian, Y.: Aweak blind signature scheme based on quantum cryptography. Opt. Commun. 282(4), 666–669 (2009)
Wang, T.Y., Wen, Q.: Fair quantum blind signatures. Chin. Phys. B 19(6), 060307 (2010)
Yin, X.R., Ma, W.P., Liu, W.Y.: A blind quantum signature scheme with χ-type entangled states. Int. J. Theor. Phys. 51(2), 455–461 (2012)
Lou, X.P., Chen, Z.G., Guo, Y.: A weak quantum blind signature with entanglement permutation. Int. J. Theor. Phys. 54(9), 3283–3292 (2015)
Gao, F., Qin, S.J., Guo, F.Z., Wen, Q.Y.: Cryptanalysis of the arbitrated quantum signature protocols. Phys. Rev. A 84(2), 022344 (2011)
Hwang, T., Luo, Y.P., Chong, S.K.: Comment on security analysis and improvements of arbitrated quantum signature schemes. Phys. Rev. A 85, 056301 (2012)
Yang, Y.G., Lei, H., Liu, Z.C., et al.: Arbitrated quantum signature scheme based on cluster states. Quantum Inf. Process. 15, 2487–2497 (2016)
Yu, S.X., Oh, C.H.: Detecting the local indistinguishability of maximally entangled states. arXiv:1502.01274v1 [quant-ph] (2015)
Wang, Y.L., Li, M.S., Zheng, Z.J., Fei, S.M.: Nonlocality of orthogonal product-basis quantum states. Phys. Rev. A 92, 032313 (2015)
Zhang, Z.C., Gao, F., Cao, Y., Qin, S.J., Wen, Q.Y.: Local indistinguishability of orthogonal product states. Phys. Rev. A 93, 012314 (2016)
Xu, G.B., Wen, Q.Y., Qin, S.J., Yang, Y.H., Gao, F.: Quantum nonlocality of multipartite orthogonal product states. Phys. Rev. A 93(3), 032341 (2016)
Xu, G.B., Yang, Y.H., Wen, Q.Y., Qin, S.J., Gao, F.: Locally indistinguishable orthogonal product bases in arbitrary bipartite quantum system. Sci. Rep. 6, 31048 (2016)
Xu, G.B., Wen, Q.Y., Gao, F., Qin, S.J., Zuo, H.J.: Local indistinguishability of multipartite orthogonal product bases. Quantum Inf. Process. 16, 276 (2017)
Walgate, J., Hardy, L.: Nonlocality, asymmetry, and distinguishing bipartite states. Phy. Rev. Lett. 89, 147901 (2002)
Wang, T.Y., Wen, Q.Y., Chen, X.B.: Cryptanalysis and improvement of a multi-user quantum key distribution protocol. Opt. Commun. 283(24), 5261–5263 (2010)
Salas, P.J.: Security of plug-and-play QKD arrangements with finite resources. Quant. Inf. Comput. 13, 861–879 (2013)
Deng, F.G., Long, G.L., Liu, X.S.: Two-step quantum direct communication protocol using the Einstein-Podolsky-Rosen pairblock. Phys. Rev. A 68, 042317 (2003)
Chen, X.B., et al.: Cryptanalysis of secret sharing with a single d-level quantum system. Quantum Inf. Process. 17, 225 (2018)
Long, G.L., Liu, X.S.: Theoretically efficient high-capacity quantum-key-distribution scheme. Phys. Rev. A 65, 032302 (2002)
Guo, G.P., Li, C.F., Shi, B.S., Li, J., Guo, G.C.: Quantum key distribution scheme with orthogonal product states. Phys. Rev. A 64, 042301 (2001)
Cai, Q.Y., Tan, Y.G.: Photon-number-resolving decoy-state quantum key distribution. Phys. Rev. A 73, 032305 (2006)
Huang, W., Wen, Q., Liu, B., Gao, F., Sun, Y.: Quantum key agreement with EPR pairs and single-particle measurements. Quantum Inf. Process. 13(3), 649–663 (2014)
He, Y.F., Ma, W.P.: Quantum key agreement protocols with four-qubit cluster states. Quantum Inf. Process. 14(9), 3483–3498 (2015)
Cabello, A.: Quantum key distribution in the Holevo limit. Phys. Rev. Lett. 85, 5635–5638 (2000)
Fatahi, N., Naseri, M., Gong, L.H., Liao, Q.H.: High-efficient arbitrated quantum signature scheme based on cluster states. Int. J. Theor. Phys. 56, 609–616 (2017)
Zhao, Q.L., Li, X.Y.: A bargmann system and the involutive solutions associated with a new 4-order lattice hierarchy. Anal. Math. Phys. 6(3), 237–254 (2016)
Wang, Y.H.: Beyond regular semigroups. Semigroup Forum 92(2), 414–448 (2016)
Zhang, J.K., Wu, X.J., Xing, L.S., Zhang, C.: In Herbert bifurcation analysis of five-level cascaded H-bridge inverter using proportional-resonant plus time-delayed feedback. Int. J. Bifurcat. Chaos. 26, 11 (2016)
Zhang, T.Q., Meng, X.Z., Zhang, T.H.: Global analysis for a delayed siv model with direct and environmental transmissions. J. Appl. Anal. Comput. 6(2), 479–491 (2016)
Meng, X.Z., Wang, L., Zhang, T.H.: Global dynamics analysis of a nonlinear impulsive stochastic chemostat system in a polluted environment. J. Appl. Anal. Comput. 6(3), 865–875 (2016)
Meng, X.Z., Zhao, S.N., Zhang, W.Y.: Adaptive dynamics analysis of a predator-prey model with selective disturbance. Appl. Math. Comput. 266, 946–958 (2015)
Zhao, W.C., Li, J., Meng, X.Z.: Dynamical analysis of SIR epidemic model with nonlinear pulse vaccination and lifelong immunity. Discrete Dyn. Nat. Soc. 2015, 848623 (2015)
Cui, Y.J., Zou, Y.M.: An existence and uniqueness theorem for a second order nonlinear system with coupled integral boundary value conditions. Appl. Math. Comput. 256, 438–444 (2015)
Yu, J., Li, M.Q., Wang, Y.L., He, G.P.: A decomposition method for large-scale box constrained optimization. Appl. Math. Comput. 231, 9–15 (2014)
Jiang, T.S., Jiang, Z.W., Ling, S.T.: An algebraic method for quaternion and complex least squares coneigen-problem in quantum mechanics. Appl. Math. Comput. 249, 222–228 (2014)
Acknowledgements
This work is supported by NSFC (Grant No. 61601171).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, DH., Xu, YL. & Xu, GB. Arbitrary Quantum Signature Based on Local Indistinguishability of Orthogonal Product States. Int J Theor Phys 58, 1036–1045 (2019). https://doi.org/10.1007/s10773-018-03995-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10773-018-03995-4