Quantum messages with signatures forgeable in arbitrated quantum signature schemes


Abstract in English

Even though a method to perfectly sign quantum messages has not been known, the arbitrated quantum signature scheme has been considered as one of good candidates. However, its forgery problem has been an obstacle to the scheme being a successful method. In this paper, we consider one situation, which is slightly different from the forgery problem, that we check whether at least one quantum message with signature can be forged in a given scheme, although all the messages cannot be forged. If there exist only a finite number of forgeable quantum messages in the scheme then the scheme can be secure against the forgery attack by not sending the forgeable quantum messages, and so our situation does not directly imply that we check whether the scheme is secure against the attack. But, if users run a given scheme without any consideration of forgeable quantum messages then a sender might transmit such forgeable messages to a receiver, and an attacker can forge the messages if the attacker knows them in such a case. Thus it is important and necessary to look into forgeable quantum messages. We here show that there always exists such a forgeable quantum message-signature pair for every known scheme with quantum encryption and rotation, and numerically show that any forgeable quantum message-signature pairs do not exist in an arbitrated quantum signature scheme.

Download