No Arabic abstract
Recently, the concept on `forgeable quantum messages in arbitrated quantum signature schemes was introduced by T. Kim et al. [Phys. Scr., 90, 025101 (2015)], and it has been shown that there always exists such a forgeable quantum message for every known arbitrated quantum signature scheme with four quantum encryption operators and the specific two rotation operators. We first extend the result to the case of any two unitary rotation operators, and then consider the forgeable quantum messages in the schemes with four quantum encryption operators and three or more rotation operators. We here present a necessary and sufficient condition for existence of a forgeable quantum message, and moreover, by employing the condition, show that there exists an arbitrated quantum signature scheme which contains no forgeable quantum message-signature pairs.
Even though a method to perfectly sign quantum messages has not been known, the arbitrated quantum signature scheme has been considered as one of good candidates. However, its forgery problem has been an obstacle to the scheme being a successful method. In this paper, we consider one situation, which is slightly different from the forgery problem, that we check whether at least one quantum message with signature can be forged in a given scheme, although all the messages cannot be forged. If there exist only a finite number of forgeable quantum messages in the scheme then the scheme can be secure against the forgery attack by not sending the forgeable quantum messages, and so our situation does not directly imply that we check whether the scheme is secure against the attack. But, if users run a given scheme without any consideration of forgeable quantum messages then a sender might transmit such forgeable messages to a receiver, and an attacker can forge the messages if the attacker knows them in such a case. Thus it is important and necessary to look into forgeable quantum messages. We here show that there always exists such a forgeable quantum message-signature pair for every known scheme with quantum encryption and rotation, and numerically show that any forgeable quantum message-signature pairs do not exist in an arbitrated quantum signature scheme.
Until now, there have been developed many arbitrated quantum signature schemes implemented with a help of a trusted third party. In order to guarantee the unconditional security, most of them take advantage of the optimal quantum one-time encryption method based on Pauli operators. However, we in this paper point out that the previous schemes only provides a security against total break and actually show that there exists a simple existential forgery attack to validly modify the transmitted pair of message and signature. In addition, we also provide a simple method to recover the security against the proposed attack.
In this paper, an efficient arbitrated quantum signature scheme is proposed by combining quantum cryptographic techniques and some ideas in classical cryptography. In the presented scheme, the signatory and the receiver can share a long-term secret key with the arbitrator by utilizing the key together with a random number. While in previous quantum signature schemes, the key shared between the signatory and the arbitrator or between the receiver and the arbitrator could be used only once, and thus each time when a signatory needs to sign, the signatory and the receiver have to obtain a new key shared with the arbitrator through a quantum key distribution protocol. Detailed theoretical analysis shows that the proposed scheme is efficient and provably secure.
For space-based laser communications, when the mean photon number per received optical pulse is much smaller than one, there is a large gap between communications capacity achievable with a receiver that performs individual pulse-by-pulse detection, and the quantum-optimal joint-detection receiver that acts collectively on long codeword-blocks of modulated pulses; an effect often termed superadditive capacity. In this paper, we consider the simplest scenario where a large superadditive capacity is known: a pure-loss channel with a coherent-state binary phase-shift keyed (BPSK) modulation. The two BPSK states can be mapped conceptually to two non-orthogonal states of a qubit, described by an inner product that is a function of the mean photon number per pulse. Using this map, we derive an explicit construction of the quantum circuit of a joint-detection receiver based on a recent idea of belief-propagation with quantum messages (BPQM) (arXiv:1607.04833). We quantify its performance improvement over the Dolinar receiver that performs optimal pulse-by-pulse detection, which represents the best classical approach. We analyze the scheme rigorously and show that it achieves the quantum limit of minimum average error probability in discriminating 8 (BPSK) codewords of a length-5 binary linear code with a tree factor graph. Our result suggests that a BPQM-receiver might attain the Holevo capacity of this BPSK-modulated pure-loss channel. Moreover, our receiver circuit provides an alternative proposal for a quantum supremacy experiment, targeted at a specific application that can potentially be implemented on a small, special-purpose, photonic quantum computer capable of performing cat-basis universal qubit logic.
We study the simultaneous message passing (SMP) model of communication complexity, for the case where one party is quantum and the other is classical. We show that in an SMP protocol that computes some function with the first party sending q qubits and the second sending c classical bits, the quantum message can be replaced by a randomized message of O(qc) classical bits, as well as by a deterministic message of O(q c log q) classical bits. Our proofs rely heavily on earlier results due to Scott Aaronson. In particular, our results imply that quantum-classical protocols need to send Omega(sqrt{n/log n}) bits/qubits to compute Equality on n-bit strings, and hence are not significantly better than classical-classical protocols (and are much worse than quantum-quantum protocols such as quantum fingerprinting). This essentially answers a recent question of Wim van Dam. Our results also imply, more generally, that there are no superpolynomial separations between quantum-classical and classical-classical SMP protocols for functional problems. This contrasts with the situation for relational problems, where exponential gaps between quantum-classical and classical-classical SMP protocols are known. We show that this surprising situation cannot arise in purely classical models: there, an exponential separation for a relational problem can be converted into an exponential separation for a functional problem.