Cryptography

Digital signatures

Quantum Digital Signatures

Consider a set of sufficiently orthogonal (but not orthogonal) functions: $F = ∣ f_{1} ⟩, ∣ f_{2} ⟩, \dots, ∣ f_{N} ⟩$ ,

NB $N$ is much higher than $2^{n}$ , where $n$ is the number of qubits
- public key: generate $k_{0}$ and $k_{1}$ and set public key as $(F, (0, f_{k_{0}^{1}}), (1, f_{k_{1}^{2}}), \dots, (0, f_{k_{0}^{l}}), (1, f_{k_{1}^{l}}))$
- signing: $b \mapsto (b, k_{b}^{1}, \dots, k_{b}^{l})$
- verifying: reverse test checking that all the functions computed right plus two thresholds: $c_{1}$ and $c_{2}$
Quantum Digital Signatures without Quantum Memory

There're coherent states $∣ α ⟨$ and $∣ - α ⟨$ , s.t. it's efficient to:
- check they're the same (null-port must be zero)
- symmetrize two states (giving $∣ (α + β) /2 ⟨$ )
- identify what's the symmetrized state is
The protocol (Alice is sending to Bob and Charlie):
- private key are random sequences of signs $P K^{k} = (b_{1}^{k}, \dots, b_{L}^{k})$ for $k \in {0, 1}$ and $b \in {- 1, 1}$
- public key are the two sequences of quantum states $∣ b_{l}^{k} α ⟨$
- preparation:
  - Bob and Charlie use QDS multiport to a) check if they get the same state b) symmetrize input
  - Bob and Charlie measure output from multiport to identify what was the sign
- signature: Alice releases $(b, P K^{b})$
- verification:
  - check that there's equivocation is unlikely (occurrences of null-port being non-zero is low)
  - check that there's an expected number of unambiguous measurement outcomes (when doing the second step)
  - number of mismatches with the private key should not be too large
    
    NB thresholds for this step are different for Charlie and Bob, which is necessary if Alice tries to make one accept and another reject

See Secure Multi-party Quantum Computation.

Coordination in Quantum Networks

Cryptography

Digital signatures

Verifiable Secret Sharing