image: (a) Compared with classical schemes, Charlie plays the role of a certificate authority. Alice’s key can be viewed as a quantum private key, while Bob’s key is a quantum public key; in our protocol, they are asymmetric. The information-theoretically secure OTUH replaces the fixed one-way hash function. Here, we omit the pre-distribution stage for information-theoretically secure asymmetric quantum key generation, which replaces the classical private and public key generation process. (b) As an example, we sign a document of “The 120th anniversary of Nanjing University.” The details of the document, digest, signature, irreducible polynomial, and key bit strings are shown in hexadecimal. view more
Credit: ©Science China Press
Recently, the team led by Prof. Zeng-Bing Chen and Prof. Hua-Lei Yin have successfully, for the first time, realized transmission of megabit images with information-theoretical non-repudiation for over 100 kilometers based on asymmetric quantum cryptography. They creatively put forward the one-time universal2 hash function, combined with the asymmetric secret sharing and the one-time pad encryption to construct a practical quantum digital signature framework, increasing the signature rate by hundreds of millions of times. Meanwhile, the framework is highly compatible with various quantum secret sharing and quantum key distribution protocols. Therefore, the current metro, intercity, and satellite-ground quantum private communication networks can be immediately upgraded to a practical quantum secure network that simultaneously realizes confidentiality, authenticity, integrity, and non-repudiation. The study was published online in National Science Review (DOI: 10.1093/nsr/nwac228, 2022) with the title of "Experimental quantum secure network with digital signatures and encryption".
Cryptography can realize the four basic objectives of information security, namely, confidentiality, authenticity, integrity, and non-repudiation. Encryption and digital signatures are two crucial pillars of modern cryptography, in which encryption ensures the confidentiality of message transmission and digital signatures ensure the authenticity, integrity, and non-repudiation. These two techniques are security cornerstones of the current Internet, supporting the safe and effective running of the digital economy with trillions of dollars every year. Among them, digital signatures are widely used in e-commerce, online payment, e-mail and web browsing, which are closely related to our lives. With the advent of the era of quantum computing, encryption and digital signatures based on public key cryptography have huge security risks. As early as 1949, Shannon used information theory to prove that the one-time pad encryption algorithm can achieve unconditional security with perfect confidentiality. The so-called one-time pad encryption needs to meet two characteristics: 1. the keys must be greater than or equal to the length of the message and are true random numbers, 2. each key can only be used once and then discarded. To achieve one-time pad, people need to continuously generate true random numbers and share them securely between two communicating users. Based on the basic principles of quantum mechanics, quantum key distribution ensures that two communicating users share a completely private random key. The quantum secret communication combining quantum key distribution with one-time pad encryption can satisfy the confidentiality (namely, unconditional security) of transmiting messages. Since the first quantum key distribution (BB84) protocol was proposed in 1984, the quantum key distribution system has developed rapidly in high security, high bit rate, miniaturization, and networking, and has moved towards productization and standardization. Quantum secure communication has played an important role in various fields and information tasks. For example, the integrated space-to-ground quantum communication network, which is based on the Beijing-Shanghai quantum link and the Micius quantum satellite, has realized the confidential intercontinental video communication between the Chinese Academy of Sciences and the Austrian Academy of Sciences.
However, the use of symmetric encryption in quantum secure communication can only meet the confidentiality requirements, and cannot meet the non-repudiation requirements. Therefore, developing quantum digital signature based on the quantum law is an inevitable choice. As early as 2001, D. Gottesman (University of California, Berkeley) and I. L. Chuang (MIT) for the first time proposed the concept of quantum digital signatures, the so-called GC01 signature protocol. Enlightened by the framework of the one-time classical digital signature scheme of L. B. Lamport (laureate of the Turing Award), the quantum digital signatures are completed by constructing a quantum one-way function, which provides a research paradigm for the subsequent quantum digital signature protocols. However, the GC01 signature protocol requires challenging technologies far beyond the experimental conditions at that moment, including the preparation and transmission of complex high-dimensional single photon fingerprinting states, ultrahigh-dimensional swapping operation, and quantum memory with long storage time. On the other hand, it requires a security assumption of quantum channel that contradicts the nature of security (Note: insecure quantum channels are prerequisites for quantum cryptography). In 2012, researchers at University of Heriot-watt removed the technical requirements for high-dimensional single photon fingerprint states and ultrahigh-dimensional entanglement swapping operations by using coherent state encoding and optical multimode interference [Nat. Commun. 3, 1174 (2012)]. In 2014, European researchers cooperated to remove the technical requirements of quantum memory with long storage time by avoiding high-dimensional single photon fingerprint states and ultrahigh-dimensional swapping operations [Phys. Rev. Lett. 112, 040502 (2014); Phys. Rev. Lett. 113, 040502 (2014)]. In 2016, Hua-Lei Yin et al. in China [Phys. Rev. A 93, 032316 (2016)] and R. Amiri et al. in United Kingdom [Phys. Rev. A 93, 032,325 (2016)] proposed unconditionally secure quantum digital signature schemes independently using nonorthogonal encoding and orthogonal encoding, respectively. Subsequently, many researchers have made various researches on the theory and experiment of quantum digital signature. However, all quantum digital signatures follow the GC01 paradigm, that is, they can only sign single-bit messages each time by generating signatures through quantum one-way functions. For long messages, it is necessary to insert a specific sequence into the message and sign it bit by bit. Therefore, the current schemes in real-life scenarios are extremely inefficient and far from practical applications.
In the study of National Science Review, the authors abandoned the GC01 paradigm and constructed a new paradigm of quantum digital signature. This work uses the universal2 hash function to map an arbitrarily long message to a digest containing only hundreds of bits. There is a theoretically provable upper bound of the collision probability for this mapping. The authors constructed the asymmetric quantum key relationship and information exchange order among the signature sender, receiver, and verifier, organically combined the one-time universal2 hashing, the asymmetric characteristics of ,secret sharing and the cryptographic characteristics of one-time pad encryption, and finally realized the information-theoretically secure signatures. As shown in Fig. 1, the one-time universal2 hashing is determined by the quantum key (called the quantum private key) and quantum random numbers of the signature sender, and the signature is generated by the output digest after the message is operated by the hash function and then encrypted by one-time pad. This method ensures that the signature will not reveal any information about the quantum private key and universal2 hash function. The quantum keys of the three parties meet the perfect secret sharing relationship to ensure the asymmetric characteristics of the receiver and the signer. The receiver can only obtain the complete quantum private key and universal2 hash function information of the signer with the help of the verifier's quantum key after declaring to the verifier that he has received the signature and forwarding the message, signature, and his quantum key (called the quantum public key) to the verifier. The strong collision resistance of the universal2 hash function prevents the receiver from tampering with the signed message in advance. At the same time, the receiver and verifier obtain the signer's quantum private key and universal2 hash function by exchanging their respective quantum keys to achieve symmetry, and complete hash verification. Therefore, the signer cannot cause divergence between the receiver and verifier, and cannot perform repudiation attacks. The one-time universal2 hash and one-time pad ensure that the quantum private key and universal2 hash function of each signature are independent of previous rounds, thus protecting the security of any multiple rounds of signatures. Through theoretical calculation, it is concluded that when 384 bits of asymmetric key are consumed for each signature, a message with a length of no more than 264 bits can be signed with a failure probability of no more than 10-19.
As shown in Fig. 2, this work constructs a quantum communication network based on the decoy-state BB84 quantum key distribution, and generates quantum keys on the 101 km Alice-Bob link and 126 km Alice-Charlie link. Alice, the signer, forms an asymmetric quantum key relationship shared secretly by three parties through XOR operation, and demonstrates the quantum digital signature of 130250 bytes of images. The experimental results show that, compared with the previous schemes, this work has 8-9 orders of magnitude advantages in the signature rate with superior practicality. In addition, the authors establish a full-functional quantum network with information-theoretical security and experimentally demonstrate three other cryptographic tasks in the network: encryption, secret sharing and conference key agreement. This work has theoretically realized the paradigm breakthrough of quantum digital signatures, improved the signature efficiency by hundreds of millions of times, and experimentally realized the first full-functional quantum security network.
This research work was supported by the Natural Science Foundation of Jiangsu Province, the Fundamental Research Funds for the Central Universities, the Key Research and Development Program of Nanjing Jiangbei New Aera, and the Program for Innovative Talents and Entrepreneurs in Jiangsu. The first author of this work is Associate Prof. Hua-Lei Yin of Nanjing University, and the corresponding authors are Associate Prof. Hua-Lei Yin of Nanjing University, Dr. Yao Fu and Prof. Zeng-Bing Chen of Nanjing University.
See the article:
Experimental quantum secure network with digital signatures and encryption
https://doi.org/10.1093/nsr/nwac228
Journal
National Science Review