International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 6, June 2013 ISSN 2319 - 4847
1
2
3
1,2&3
IIIT Bhubaneswar, Bhubaneswar-751003
In recent years quantum cryptography has received a lot of attention. A lot of schemes have been discussed so far in quantum cryptography including key distribution, signature and quantum message authentication etc. Here we discuss one more approach for signing classical messages using trapdoor one-way function. This approach is based on public-private key quantum cryptography. In particular we discuss trapdoor one-way functions those will be used in asymmetric quantum cryptography. After describing one-way functions, we will present an interesting algorithm for signing messages blindly.
Keywords: Asymmetric Quantum Cryptography, digital signature, quantum trapdoor one-way functions, quantum digital signature.
Trends of secure data sharing are being used from the time of Julius Caesar. The art of securing data is cryptography.
Several methods are being used under cryptography to achieve various services of cryptography like Integrity, confidentiality and non-repudiation etc. For non-repudiation cryptographic primitive that is used is digital Signature.
Digital signature, as an analogy to hand-written signature for authenticating the origin of a message and ensuring the message not being modified during transmission, is an essential cryptographic primitive. It has been being widely used in various fields, particularly in secure electronic commerce [3].
However, all of the existing classical (digital) signature schemes whose security depends on the difficulty of solving some hard mathematical problems were threatened by last-increasing power of computers and innovative techniques such as quantum computation [3]. For instance, once quantum computers would be successfully built, most of classical signature schemes would not be secured through Shor’s algorithm [1]. On the other hand, quantum physics has thrown light on the study of cryptography for obtaining unconditional security [4]-[9]. Therefore, researchers turn to investigate quantum counterpart of classical signature, quantum signature (QS) can provide unconditional security which ensures that the attacker (or the malicious receiver) cannot forge the signature, and, in the same time, the signatory cannot deny the signature even though unlimited computing resources are available.
Modern public-key (or else asymmetric) cryptography relies on numerical trapdoor one-way functions[2], i.e., functions that are “easy” to compute, but “hard” to invert without some additional information (the so-called trapdoor information) [2]. The security of conventional public-key cryptography relies on the hardness of some computational problems (e.g., integer factorization problem, discrete logarithm problem, etc).
The rest of the paper is organized as follows: in section 2 we give motivation behind our work. In section 3,4 we present existing scheme and proposed work respectively and we give proofs related to that in subsequent section 5. In section 6 we give conclusion and future work that can be done further more.
Main reason of having a lot of attention in recent years in this area is the shortcomings of existing classical conventional schemes. Researches have shown that if in future quantum computers were invented then, today’s conventional schemes will not be secured any more.
It has been shown by Shor’s algorithm [1] that if in coming future there is a quantum computer, and then conventional approaches will be no more secured. It can solve various problems which are insolvable in polynomial time like integer factorization problem. Hence, RSA problem would be solvable and no more security is possible with that algorithm.
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 6, June 2013 ISSN 2319 - 4847
Here we discuss about a new kind of cryptography that is based on the principles of physics instead on unproven assumption of mathematics, Quantum cryptography.
Since digital signatures also based on public key cryptography and once it is easy to break them, then digital signatures will also not be secure any more. For that purpose also quantum cryptography has received a lot of attention. Here we will present one simple approach to generate quantum digital signature using quantum public cryptography based on quantum trapdoor one-way function
3.1
Quantum Trapdoor Functions based on single-qubit rotations
Definition [2]: - Consider two sets S and Q which involve numbers and quantum states of a physical system, respectively. A quantum OWF is a map ƒ: S → Q, which is “easy” to perform, but “hard” to invert.
In [2] , for the sake of simplicity, they present a quantum trapdoor one-way function with the single qubit states lying on x-z plane of Bloch sphere. According to [2], Let us denote by {|0 z
>, |1 z
>} the eigenstates of the Pauli operator Zˆ =
(|0 z
> <0 z
| − |1 z
> <1 z
|), which form an orthonormal basis in the Hilbert space of a qubit H
2
. A general qubit state lying on the x − z plane can be written as | ψ ( θ )> = cos ( θ /2) |0 z rotation operator about the y axis,
R(
θ
)
= e − i θ ˆ Y/2
=
R(
θ
)
|0 z
>.
with ˆ Y = i( |1 z
> + sin (
> <0 z
| −
θ
|0
/2) |1 z
><1 z z
>, where 0 ≤ θ < 2 π . Introducing the
| ), we may alternatively write | ψ ( θ )>
The input to this function is a classical bit string s and a string of qubits having states |0 z
>. The qubit is rotated by s θ n
where s is a random classical bit string. Hence, output of the function is also a quantum state which is obtained after rotation. i.e.
| ψ s( θ n)> ≡
R(s
θ n
)
|0 z
>
=cos(s θ n
/2)|0 z
> + sin(s θ n
/2)|1 z
>
For a given pair of integers {n, s}, the function s → | ψ s( θ n)> is easy to compute since it involves single-qubit rotations only. In particular, it is known that any single qubit operation can be simulated to an arbitrary accuracy ε > 0, by a quantum algorithm involving a universal set of gates (i.e., Hadamard, phase, controlled-NOT, and π /8 gates) [10].
3.2 Quantum Public –Key Encryption
In analogy to classical asymmetric cryptosystems, in the [2] protocol the encryption and the decryption keys are different. In the following we describe the three stages of the protocol.
Stage 1 — Key generation. Each user participating in the cryptosystem generates a key consisting of a private part d, and a public part e, as determined by the following steps.
1. Choose a random positive integer n ≫ 1.
2. Choose a random integer string s of length N i.e. s = (s
1
, s
2
3. Prepare N qubits in the state |0
4. Apply a rotation R
(j)
(s j
|Ψ sj
(θ n
)> j
= R
(j)
(s j
θ n
) |0
θ n
) on j
Z
> z th
> ⊗
N
. qubit with θ
5. Now private key is d = {n , s} and public key is e={N, |ψ
(pk)
Where |ψ
(pk)
(θ n
)> = ⊗ j=1
N
|Ψ sj
(θ n
)> j n
= π/2 n-1
, . . . , s
(θ n
)>}
N
), with s
, thus state becomes j
chosen independently from Z
2n
.
Stage 2 — Encryption. Assume now that one of the users (Bob) wants to send Alice an r-bit message m = (m
1
,m
2
, . . .
,m r
), with m j
∈ {0, 1} and r ≤ N. To encrypt the message, he should do the following steps without altering the order of the public-key qubits:
1. Obtain Alice’s authentic public key e. If r > N, he should ask Alice to increase the length of her public key.
2. Encrypt the j-th bit of his message, say m key, whose state becomes |ψs j
,m j
(θn)> j
= R
(j) j
, by applying the rotation R
(j)
(m j
π) on the corresponding qubit of the public
(m j
π) |ψs j
(θn)> j
.
3. The quantum cipher text (or else cipher state) is the new state of the N qubits, i.e.,
|ψ
(c) s,m
(θn)>= ⊗ j=1
N
|ψ sj,mj
(θn)> j
, and is sent back to Alice.
Stage 3 — Decryption. To recover the plaintext m from the cipher state
|ψ
I s,m
(θn)>, Alice has to perform the following st eps.
1. Undo her initial rotations, i.e., to apply R
(j)
(s j
θ n
)
−1
on the j-th qubit of the cipher text.
2. Measure each qubit of the cipher text in the basis { |0
Moreover, it is worth recalling here that R
(j)
(α)
−1
= R z
(j)
>, |1 z
>}.
(α)
†
= R
(j)
( −α), while diffe rent rotations around the same axis commute, i.e., [R
(j)
(α),R
(j)
(β)] = 0.
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
ISSN 2319 - 4847 Volume 2, Issue 6, June 2013
4.
ROPOSED
ORK
Now we will propose an efficient and interesting algorithm for simple quantum digital signature using the above quantum trapdoor one-way function. It also consists of 3 steps:- i.
Key Generation:-
This step is same as the discussed one. Sender and receiver generate their public and private keys as:-
1.
Choose a random positive integer n ≫ 1.
2.
Choose a random integer string s of length N i.e. s = (s
1
, s
2
, . . . , s
N
), with s j
chosen independently from Z
2n
.
3.
Prepare N qubits in the state |0 z
> ⊗
N
.
4.
Apply a rotation R
(j)
(s j
θ n
) on j th qubit with θ n
= π/2 n-1
, thus state becomes
|Ψ sj
(θ n
)> j
= R
(j)
(s j
θ n
) |0
Z
>
5.
Now private key is d = {n , s} and public key is e={N, |ψ
(pk)
(θ n
)>}
Where |ψ
(pk)
(θ n
)> = ⊗ j=1
N
|Ψ sj
(θ n
)> j ii.
Signature Step:-
In this step signature is generated as follows:-
1.
Calculate fingerprint of the message ‘M’ as
R = H(M)
2.
Apply rotation operation as on |0
Z
>
|Ψ
Rj
(θ n
)> j
= R
(j)
(R j
π) |0
Z
>
3.
Now apply rotation operation using private key ‘s’ on |Ψ
Rj
(θ n
)> j
as
|Ψ
Rj , sj
(θ n
)> j
= R
(j)
(s j
θ n
) |Ψ
Rj
(θ n
)> j
.
4.
Hence signature will be
|ψ
R,s
(S)
(θ n
)> = ⊗ j=1
N
|Ψ
Rj , sj
(θ n
)> j
.
5.
Message-signature pair is
(M, |ψ
R,s
(S)
(θ n
)>) iii.
Verification Step:-
After sending the above message-signature pair, receiver verifies them bye performing following steps and verifies for the condition as:-
1.
Calculates ‘R’ of received message ‘M’ and apply inverse rotation on the signature.
R
(j)
(-R j
π) |Ψ
Rj , sj
(θ n
)> j
2.
If output is equal to the public key of sender then signature is verified as valid signature or else rejects signature. i.e.
R (j)
(-R j
Rj , sj
n
)> j
sj
n
)> j
5.1 Proof of Correctness:-
If algorithm performs then mentioned condition must be true. Now we consider LHS
=
R (j)
(-R j
π) |Ψ
Rj , sj
(θ n
)> j
=
R (j)
=
R (j)
=
R (j)
=
R (j)
=
R (j)
(-R
(-R
(s j
θ j j n
π) |Ψ
π) (
R
) I( |0
Rj , sj
(j)
(-R j
π) (
R (j)
(s j
θ n
) (
R (j)
Z
(θ
(s j
θ n
>) ) n
)> j
) |Ψ
(s j
θ n
) (
R
(-R j
π) (
R
Rj
(j)
(θ n
)> j
)
(j)
(R j
π) |0
Z
>) )
(R j
π) |0
Z
>) )*
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 6, June 2013 ISSN 2319 - 4847
=
R (j)
(s j
θ n
) ( |0
Z
>) )
= |Ψ sj
(θ n
)> j
= RHS
5.2 Analysis of Receiver’s forgery:-
It is not possible for a receiver to forget the signature, as we know in the signature phase sender’s private key is used for signing. We prove it by contradiction.
Now let us assume that it is possible for a receiver to forge the given signature. For that purpose, he needs sender’s private or signing key (n,s) which is secure and remains private according to [2]. If he tries to apply some operations on existing signature for forging and suppose if he is succeeded in that aim, i.e. he has a new signature |S’> and then for the new signature he needs to determine the new message M’ corresponding to the forged signature |S’>, which is not possible due to signing the hash code of the message and one-way collision free property of hash functions. Hence it is not possible for a receiver to forge sign and generate a new signature that passed verification successfully i.e. due to 2 reasons it is not possible forging of signature by receiver or attacker:-
1. Privacy of the private key of sender.
2. Unpredicted behavior and one-way collision free hash functions.
5.3. Analysis of Sender’s Disavowal:-
It is not possible for the sender to deny from the signature. This can be easily seen from the fact that in verification phase the condition is matched w ith the public key of sender i.e. |Ψ sj
(θ n
)> j
. If in future sender denies from the signature then by verifying and announcing his public key, receiver can easily detect that sender is lying and repudiating from his sign.
Here we discuss importance of quantum cryptography, quantum trapdoor one-way functions and their use in quantum cryptography. We also described one already existing scheme for encryption-decryption using quantum public cryptography using quantum trapdoor one-way functions. Based on this approach we proposed a simple digital signature approach.
In future, in this field some other interesting topics are still left to explored like blind signature using quantum public cryptography, proxy signatures etc. We hope that our discussion will be helpful in further study of these topics in future.
[1.] P. W. Shor, Algorithms for quantum computation: Discrete logarithms and factoring, in: Proceedings of the 35th
Annual IEEE Symposium on Foundations of Computer Science, 1994, pp. 124–134
[2.] Georgios M. Nikolopoulos, “Applications of single-qubit rotations in quantum public-key cryptography”, technical report available at http://arxiv.org/abs/0801.2480 18 jan 2008.
[3.] Qin Lia et al, “On the existence of quantum signature for quantum messages”, technical report available at http://arxiv.org/abs/1302.4528, 19 feb. 2013.
[4.] C. H. Bennett, G. Brassard, Quantum cryptography: Public key distribution and coin tossing, in: Proceedings of the
IEEE International Conference on Computers, Systems and Signal Processing, 1984, pp. 175–179.
[5.] A. K. Ekert, Quantum cryptography based on bell’s theorem, Physical Review Letters 67 (1991) 661–663.
[6.] G. Brassard, The dawn of a new era for quantum cryptography: The experimental prototype is working!, Sigact
News 20 (1989) 78–82.
[7.] H.-K. Lo, H. F. Chau, Unconditional security of quantum key distribution over arbitrarily long distances, Science
283 (1999) 2050–2057.
[8.] C. H. Bennett, D. P. Divincenzo, Quantum information and computation, Nature 404 (2000) 247–255.
[9.] D. Mayers, Unconditional security in quantum cryptography, Journal of the ACM 48 (2001) 351–406.
[10.] M. A. Nielsen and I. L. Chuang, Quantum Computation and Quantum Information (Cambridge University Press,
Cambridge, London, 2000).
Ashutosh Kaushik received his B.Tech. Degree from Anand Engineering College, Agra. Presently he is pursuing
M.tech degree in CSE department in IIIT Bhubaneswar, Odisha, India. His main interest lies in Network security and
Cryptography.
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org, editorijaiem@gmail.com
Volume 2, Issue 6, June 2013 ISSN 2319 - 4847
Prof Das has spent quality time in the industry & IT Promotion before entering into the world of academics. He has assumed many top level management responsibilities such as Director and Chief Executive of ELCOSMOS Electronics
Ltd., Director of Electronics Test and Development Centre (ETDC), Dean of Odisha Centre for IBM software His current interests are in the field of Computational Finance, Computer Architecture and Information Security.
Debasish Jena was born in 18th December, 1968. He received his B Tech degree in Computer Science and
Engineering, his Management Degree and his MTech Degree in 1991, 1997 and 2002 respectively. He got his PhD degree from NIT Rourkela in 2010. He has joined IIIT Bhubaneswar as Associate Professor since 22.08.2011. .In addition to his responsibility, he was also IT, Consultant to Health Society, Govt. of Orissa for a period of 2 years from 2004 to 2006.His research areas of interest are Information Security , Web Engineering, Bio- Informatics and
Database Engineering .