Submit manuscript...
eISSN: 2576-4543

Physics & Astronomy International Journal

Review Article Volume 2 Issue 6

Secure electronic voting scheme by the new quantum signature-masked authentication

Negin Fatahi, Hamid Reza Afsheh

Department of Physics, Islamic Azad University, Kermanshah Branch, Iran

Correspondence: Negin Fatahi, Department of Physics, Islamic Azad University, Kermanshah Branch, Iran

Received: October 25, 2018 | Published: December 17, 2018

Citation: Fatahi N, Afsheh HR. Secure electronic voting scheme by the new quantum signature-masked authentication. Phys Astron Int J. 2018;2(6):586-591. DOI: 10.15406/paij.2018.02.00146

Download PDF

Abstract

Signature-masked authentication is a type of authentication that a user can obtain services when the service provider ensured that the user has the corresponding credentials issued by a trusted central authentication (CA). In this paper, we introduce a new quantum signature-masked authentication scheme based on private key, in which, the centre of CA exports not only the original credential that certificates for the user by adding the user’s secret information but also private key between the user Alice and the service provider Bob. The shared private key makes it possible for the communicators to protect their encoded quantum message from CA cheating. It is proved that the scheme can resist the forgery attack, impersonation attack and outside attack. Also, as a potential application of the scheme, an electronic voting method by using signature-masked authentication is introduced.

Keywords: signature-masked authentication, quantum key distribution, greenberger-horne-zeilinger, digital video broadcasting

Introduction

The most successful subject of quantum cryptography is quantum key distribution (QKD), which was firstly constructed by Bennett et al.1 in 1984. It is believed that QKD is the first applied quantum information processing and its unconditional security has been proven.2,3 Most recently, in addition to QKD, quantum cryptography protocols have been widely studied in many fields such as quantum digital signature, quantum message authentication, quantum image encryption and quantum steganography. Quantum digital signature is an important topic and a primitive component of modern cryptography. The digital signature is a mathematical scheme that maintains the authenticity of the data and digital document in channel.4 A secure quantum signature scheme requires that each user is able to generate his (her) own signature effectively and verifies the validity of another user"s signature on a specific document. Also, no one is able to efficiently generate the signatures of other users on documents that those users didn"t sign. Therefore, it can be used to guarantee the authenticity, integrity and non-disavowal of transmitted messages or the signer of a document.

Digital signature is commonly used in software distributions and financial transactions where it is important to detect forgery or tampering. The first quantum digital signature scheme was proposed by Gottesman, et al.5 Then, research made several advances. The problem of how to authenticate quantum information sent through a quantum channel between two communicating parties with the minimum amount of resources is addressed by M Curty, et al.7 and they define that one elementary quantum message (a qubit) can be authenticated with a key of minimum length. An algorithm by using a symmetrical quantum key cryptosystem and Greenberger-Horne-Zeilinger (GHZ) triplet states relies on the availability of an arbitrator suggested by G Zeng, et al.8 Based on two-particle entangled Bell states, Q Li, et al.9 proposed an arbitrated quantum signature scheme while providing a higher efficiency in transmission and reducing the complexity of implementation. In 2004 H Lee, et al.10 presented two quantum signature schemes with message recovery which relies on the availability of an arbitrator that one of them by using a public board while the others does not. However both schemes provide confidentiality of the message and a higher efficiency in transmission. A quantum digital signature scheme was proposed based on quantum mechanics by using public quantum keys publicized by the signatory to verify the validity of the signature introduced by X Lu, et al.11 A prototype of quantum signature scheme using single photons and its extensions were presented.12 A protocol which can be used in multi-user quantum signature was based on the correlation of GHZ states and the controlled quantum teleportation proposed by X Wen, et al.13 Also, a true quantum signature algorithm based on continuous-variable entanglement state is proposed14 and by employing the signature key, a message state is encoded into a 2k-particle entangled state and a two-particle entangled state is prepared. The resulting states are exploited as a signature of the message state. Yang15 proposed a multi-proxy quantum group signature scheme with threshold shared verification. In 2010, Naseri16 revisited a weak blind signature scheme based on the correlation of Einstein-Padolsky-Rosen pairs and was shown that the scheme in its original form does not complete the task of a blind signature fairly. In addition, two papers in this field were presented.17,18

In many cryptography applications, there is a trusted centre of CA that exports the credential certificates to the qualified users. The user can obtain its services, when the service provider is ensured that users have the corresponding credentials issued by the CA. This type of authentication is called signature-masked authentication. In quantum signature-masked authentication scheme, the user can not send signature of the CA directly to the service provider while the service provider can be convinced that the user is legitimate and really knows the signature. Signature-masked authentication is widely used in many systems such as the identity authentication between Digital Set-Top-Box (DSTB) and smart card in secure Digital Video Broadcasting (DVB) service system.

Recently, some signature masked authentication has been proposed successively. The security of Zhang"s scheme analyze and a new quantum signature-masked authentication scheme proposed that in this scheme a semi-trusted center of CA issues the original credential certificates for a user and the final credential certificates is generated by adding her secret information.19 By using the Weil pairing based cryptographic primitives, signature-masked authentication schemes can be developed. In such a scheme, a legitimate user obtains a signature from a Certificate Authority, and for getting services from a service provider, he convinces the service provider that he has the signature without transmitting the original signature of the provider.20 A secure quantum identification system combining a classical identification procedure and quantum key distribution is proposed.21 For user authenticated quantum key distribution in jammable public channel between Alice and Bob via an arbitrator Trent, the secure protocols provide data integrity and mutual identification of the messenger and recipient.22 A secure quantum key verification scheme, which can simultaneously distribute the quantum secret key and verify the communicators identity proposed.23 Also in references2426 quantum image encryption based on generalized Arnold transforms, quantum image XOR operations and generalized affine transform and logistic map was proposed by NR Zhou, et al.24 Three protocols of quantum steganography based on probability measurements, the tensor product of Bell states and via a GHZ(4) state proposed in references.27,28 In addition, an arbitrated Quantum Signature Scheme based on Cluster States with high-Efficient was proposed in reference.29 what"s more, in relation to the quantum information a lot of research has been done3034 that these methods can be used to exchange information in a safe way. This paper is organized as follows: In section 2, we introduce a quantum identity authentication based on public key as Zhang"s scheme35 and we use the elementary method of this scheme in our new protocol. In section 3, we propose a quantum signature-masked authentication scheme based on the private key. In section 4, the security of the new protocol is analyzed. In section 5, a new electronic voting scheme proposed by using the protocol that is introduced in section 3. Conclusion is given in the last section.

Zhang's scheme for quantum signature-masked authentication

In this section, we review the Zhang’s protocol. This protocol includes three participants, Alice as a user, Bob as a service provider and a centre of CA. Three phases of Zhang’s protocol are preparation phase, signature phase and authentication phase, which are as follows:

Preparation phase

Alice randomly selects a public key Ka=(a1,b1,a2,b2,an,bn) for identity and sends it to CA. Then CA examines the qualification of Alice, if CA accepts Alice as a legitimate user, CA generates a private key Kb=(e1,f1,e2,f2,en,fn) and sends it to Alice in a secure way. Also CA calculates K=KaKb=(k1a,k1b,k2a,k2b,..kna,knb) and secretly stores it, where (ai,bi,ei,fi,kia,kib){0,1}, and represents bitwise exclusive-OR.

Signature phase

Suppose that an authentication message of Alice is M=(c1,c2,cn), where Ci in {0,1}. Alice generates a quantum state encoded with Kb expressed by |ϕ=| φ c 1 e 1 , f 1 | φ c 2 e 2 , f 2 | φ c i e i , f i MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHvp GzcqGHQms8caaI9aGaaGiFaiabeA8aQnaaBaaaleaacaWGJbWaaSba aeaacaaIXaaabeaacqGHvksXcaWGLbWaaSbaaeaacaaIXaaabeaaca aISaGaamOzamaaBaaabaGaaGymaaqabaaabeaakiabgQYiXlabgEPi elaaiYhacqaHgpGAdaWgaaWcbaGaam4yamaaBaaabaGaaGOmaaqaba GaeyyLIuSaamyzamaaBaaabaGaaGOmaaqabaGaaGilaiaadAgadaWg aaqaaiaaikdaaeqaaaqabaGccqGHQms8cqGHxkcXcqGHxkcXcaaI8b GaeqOXdO2aaSbaaSqaaiaadogadaWgaaqaaiaadMgaaeqaaiabgwPi flaadwgadaWgaaqaaiaadMgaaeqaaiaaiYcacaWGMbWaaSbaaeaaca WGPbaabeaaaeqaaOGaeyOkJepaaa@6AAB@ , where a qubit | φ c i e i , f i ,i=(1,2,n) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaam4yamaaBaaabaGaamyAaaqabaGaeyyLIuSaamyz amaaBaaabaGaamyAaaqabaGaaGilaiaadAgadaWgaaqaaiaadMgaae qaaaqabaGccqGHQms8caaISaGaamyAaiabg2da9iabgIcaOiabggda XiabgYcaSiaaysW7cqGHYaGmcqGHSaalcaaMe8UaamOBaiabgMcaPa aa@51A1@  is one of the following states:

φ 0,0 =|0 MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiabeA8aQnaaBa aaleaacaaIWaGaaGilaiaaicdaaeqaaOGaeyOkJeVaeyypa0JaeyiF aWNaaGimaiabgQYiXdaa@4314@  (1)

φ 1,0 =|1 MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiabeA8aQnaaBa aaleaacaaIXaGaaGilaiaaicdaaeqaaOGaeyOkJeVaeyypa0JaeyiF aWNaaGymaiabgQYiXdaa@4316@

|| φ 0,1 = |0+|1 2 MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacaaI8b GaeqOXdO2aaSbaaSqaaiaaicdacaaISaGaaGymaaqabaGccqGHQms8 cqGH9aqpdaWcaaqaaiabgYha8jabgcdaWiabgQYiXlabgUcaRiabgY ha8jabggdaXiabgQYiXdqaamaakaaabaGaeyOmaidaleqaaaaaaaa@4B8C@

| φ 1,1 = |0|1 2 . MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaaGymaiaaiYcacaaIXaaabeaakiabgQYiXlabg2da 9maalaaabaGaeyiFaWNaeyimaaJaeyOkJeVaeyOeI0IaeyiFaWNaey ymaeJaeyOkJepabaWaaOaaaeaacqGHYaGmaSqabaaaaOGaaGOlaaaa @4B54@

According to values of fi, the quantum basis are selected. If fi=0, then ciei is encoded in the Z-basis ciei and if fi=1, then ciei is encoded in the X-basis {|+,

Alice sends the encoded quantum state |ϕ to CA (to check eavesdropping, Alice inserts some decoy particles Sel in the quantum state|ϕ. As soon as receiving |ϕ, CA applies W[1] to |ϕ according to K

W [1] :|ϕ| ϕ , MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabggdaXiabg2faDbaakiaaiQdacaaI8bGaeqy1 dyMaeyOkJeVaeyOKH4QaaGiFaiqbew9aMzaafaGaeyOkJeVaaGilaa aa@494B@

where W[1]  is defined as

W [1] = U 1 [1] V 1 [1] U 2 [1] V 2 [1] .. U ν [1] V n [1] MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabggdaXiabg2faDbaakiaai2dacaWGvbWaa0ba aSqaaiabggdaXaqaaiabgUfaBjabggdaXiabg2faDbaakiaadAfada qhaaWcbaGaeyymaedabaGaey4waSLaeyymaeJaeyyxa0faaOGaey4L IqSaamyvamaaDaaaleaacqGHYaGmaeaacqGHBbWwcqGHXaqmcqGHDb qxaaGccaWGwbWaa0baaSqaaiabgkdaYaqaaiabgUfaBjabggdaXiab g2faDbaakiabgEPielaai6cacaaIUaGaaGjbVlabgEPielaadwfada qhaaWcbaGaeqyVd4gabaGaey4waSLaeyymaeJaeyyxa0faaOGaamOv amaaDaaaleaacaWGUbaabaWaaWbaaWqabeaacqGHBbWwcqGHXaqmcq GHDbqxaaaaaaaa@683F@  (2)

and

U i [1] =U( k i a ), V i [1] =V( k i b ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfadaqhaa WcbaGaamyAaaqaaiabgUfaBjabggdaXiabg2faDbaakiaai2dacaWG vbGaaGikaiaadUgadaqhaaWcbaGaamyAaaqaaiaadggaaaGccaaIPa GaaGilaiaaysW7caWGwbWaa0baaSqaaiaadMgaaeaacqGHBbWwcqGH XaqmcqGHDbqxaaGccaaI9aGaamOvaiaaiIcacaWGRbWaa0baaSqaai aadMgaaeaacaWGIbaaaOGaaGykaaaa@5151@

U(1)=i σ y =|01||10| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGPbGaeq4Wdm3aaSbaaSqaaiaa dMhaaeqaaOGaeyypa0JaeyiFaWNaeyimaaJaeyOkJeVaeyykJeUaey ymaeJaeyiFaWNaeyOeI0IaeyiFaWNaeyymaeJaeyOkJeVaeyykJeUa eyimaaJaeyiFaWhaaa@5349@  (3)

U(0)=|00|+|11| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFaaa@4E51@  

V(1)=H= 1 2 (|0+|1)0|+ 1 2 (|0|1)1| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGibGaaGypamaalaaabaGaaGym aaqaamaakaaabaGaaGOmaaWcbeaaaaGccqGHOaakcqGH8baFcqGHWa amcqGHQms8cqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cqGHPaqkcqGH Pms4cqGHWaamcqGH8baFcqGHRaWkdaWcaaqaaiaaigdaaeaadaGcaa qaaiaaikdaaSqabaaaaOGaeyikaGIaeyiFaWNaeyimaaJaeyOkJeVa eyOeI0IaeyiFaWNaeyymaeJaeyOkJeVaeyykaKIaeyykJeUaeyymae JaeyiFaWhaaa@60F9@  

V(0)=|00|+|11|. MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFcqGHUaGlaaa@4F3A@  

CA encodes quantum state |ϕ', and he/she forms M sequence. For eavesdropping check CA prepares and inserts some decoy photons randomly in one of the states in eq. (1) into the sequence. Afterwards, CA sends quantum state |ϕ' and all decoy photons to Bob.

Authentication phase

When Bob receives all photons and states, CA announces publicly the positions and the states of decoy photons. Therefore, using the decoy photon security checking method, they can check if the quantum channel is secure or not.17,18 If they are confirmed that the channel is secure, Bob applies W[2] to |ϕ' according to Ka

W [2] :| ϕ | ϕ , MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabgkdaYiabg2faDbaakiaaiQdacaaI8bGafqy1 dyMbauaacqGHQms8cqGHsgIRcaaI8bGafqy1dyMbauGbauaacqGHQm s8caaISaaaaa@4964@  

where

W [2] = U 1 [2] V 1 [2] U 2 [2] V 2 [2] .. U n [2] V n [2] MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabgkdaYiabg2faDbaakiabg2da9iaadwfadaqh aaWcbaGaeyymaedabaGaey4waSLaeyOmaiJaeyyxa0faaOGaamOvam aaDaaaleaacqGHXaqmaeaacqGHBbWwcqGHYaGmcqGHDbqxaaGccqGH xkcXcaWGvbWaa0baaSqaaiabgkdaYaqaaiabgUfaBjabgkdaYiabg2 faDbaakiaadAfadaqhaaWcbaGaeyOmaidabaGaey4waSLaeyOmaiJa eyyxa0faaOGaey4LIqSaaGOlaiaai6cacaaMe8Uaey4LIqSaamyvam aaDaaaleaacaWGUbaabaGaey4waSLaeyOmaiJaeyyxa0faaOGaamOv amaaDaaaleaacaWGUbaabaGaey4waSLaeyOmaiJaeyyxa0faaaaa@6799@  (4)

and

U i [2] =U( a i ), V i [2] =V( b i ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfadaqhaa WcbaGaamyAaaqaaiabgUfaBjabgkdaYiabg2faDbaakiabg2da9iaa dwfacaaIOaGaamyyamaaBaaaleaacaWGPbaabeaakiaaiMcacaaISa GaaGjbVlaadAfadaqhaaWcbaGaamyAaaqaaiabgUfaBjabgkdaYiab g2faDbaakiabg2da9iaadAfacaaIOaGaamOyamaaBaaaleaacaWGPb aabeaakiaaiMcaaaa@4FF1@  (5)

U(1)=i σ y =|01||10| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGPbGaeq4Wdm3aaSbaaSqaaiaa dMhaaeqaaOGaeyypa0JaeyiFaWNaeyimaaJaeyOkJeVaeyykJeUaey ymaeJaeyiFaWNaeyOeI0IaeyiFaWNaeyymaeJaeyOkJeVaeyykJeUa eyimaaJaaGiFaaaa@52CB@  

U(0)=|00|+|11| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFaaa@4E51@  

V(1)=H= 1 2 (|0+|1)0|+ 1 2 (|0|1)1| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGibGaeyypa0ZaaSaaaeaacqGH XaqmaeaadaGcaaqaaiabgkdaYaWcbeaaaaGccqGHOaakcqGH8baFcq GHWaamcqGHQms8cqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cqGHPaqk cqGHPms4cqGHWaamcqGH8baFcqGHRaWkdaWcaaqaaiabggdaXaqaam aakaaabaGaeyOmaidaleqaaaaakiabgIcaOiabgYha8jabgcdaWiab gQYiXlabgkHiTiabgYha8jabggdaXiabgQYiXlabgMcaPiabgMYiHl abggdaXiabgYha8baa@6206@  

V(0)=|00|+|11|. MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFcqGHUaGlaaa@4F3A@  

Bob measures |ϕ' on the basis (0,0,0) and gets message (c1''c2,.cn)'. If (c1,c2,cn)=(c1''c2,.cn') the signature is valid. Otherwise, the signature is invalid.

Prior to present our scheme, let us say few words about the security of Zhang’s protocol. There are two objections to this Protocol, which are forgery attack and impersonation attack.19

Forgery attack

One means that Alice knows public key K a MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadUeadaWgaa WcbaGaamyyaaqabaaaaa@3A01@  and private key K b MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadUeadaWgaa WcbaGaamOyaaqabaaaaa@3A02@  namely K= K a K b MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadUeacaaI9a Gaam4samaaBaaaleaacaWGHbaabeaakiabgwPiflaadUeadaWgaaWc baGaamOyaaqabaaaaa@3F8D@ , therefore CA and also Alice similarly can make the signature |ϕ' which is called credential certificates in the traditional cryptography. Therefore, when Bob reserves the signature |ϕ', he cannot recognize the true source of quantum state |ϕ', which may be Alice sent or CA. If Alice is malicious, she can forge valid signature by herself to get some services from the services provider Bob.

Impersonation attack in this protocol CA may be untrusted. In the preparation phase CA got public key Ka from Alice. An impersonation attack refers to an attack in which CA generates a quantum state |ϕ' and obtain Alice’s signature (credential certificates) without Alice’s participation. Therefore, CA wants to get Alice’s privacy information by forging her credential certificates, but Zhang’s scheme cannot check the malicious CA from the legitimate user Alice.

Because of these two attacks, Zhang’s scheme is limited in many network systems.19 For example, in many cryptographic application when a user wants to some services from a service provider (e.g. a user applies for a driving license from the traffic management department), firstly he has to prove to the service provider that he is eligible (e.g. he has passed the driving examination) he has a credential certificate issued by a trusted center of CA. Therefore, the service provider prepares the service to the user. So the Zhang’s scheme is not secure. Considering the disadvantages of the Zhang’s scheme, in the next section, by using a private key, a new secure protocol for quantum signature-masked authentication is proposed and a new method of electronic voting is introduced by this scheme.

New quantum signature-masked authentication scheme based on private key

In the reference19 a quantum signature-masked authentication scheme introduced which seems very complicated. In this paper by removing some parts of previous method and making the necessary changes, we propose a quantum signature-masked authentication scheme based on the private key. This new introduced method is just as secure and is simpler than the previous one. Then by using this new method we introduce secure electronic voting scheme in the next section. Similar to the Zhang’s scheme, our protocol involves a user Alice, a service provider Bob and a center of CA and includes but the following is set up, signature-masked and authentication phases.

Alice and Bob select a public key PA and PB respectively:

P A =( a 1 A , b 1 A , a 2 A , b 2 A , a n A , b n A ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadcfadaWgaa WcbaGaamyqaaqabaGccaaI9aGaaGjbVlaaiIcacaWGHbWaa0baaSqa aiaaigdaaeaacaWGbbaaaOGaaGilaiaaysW7caWGIbWaa0baaSqaai aaigdaaeaacaWGbbaaaOGaaGilaiaaysW7caWGHbWaa0baaSqaaiaa ikdaaeaacaWGbbaaaOGaaGilaiaaysW7caWGIbWaa0baaSqaaiaaik daaeaacaWGbbaaaOGaaGilaiaaysW7caWGHbWaa0baaSqaaiaad6ga aeaacaWGbbaaaOGaaGilaiaaysW7caWGIbWaa0baaSqaaiaad6gaae aacaWGbbaaaOGaaGykaaaa@5921@ (6)

P B =( a 1 B , b 1 B , a 2 B , b 2 B , a n B , b n B ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadcfadaWgaa WcbaGaamOqaaqabaGccaaI9aGaaGjbVlaaiIcacaWGHbWaa0baaSqa aiaaigdaaeaacaWGcbaaaOGaaGilaiaaysW7caWGIbWaa0baaSqaai aaigdaaeaacaWGcbaaaOGaaGilaiaaysW7caWGHbWaa0baaSqaaiaa ikdaaeaacaWGcbaaaOGaaGilaiaaysW7caWGIbWaa0baaSqaaiaaik daaeaacaWGcbaaaOGaaGilaiaaysW7caWGHbWaa0baaSqaaiaad6ga aeaacaWGcbaaaOGaaGilaiaaysW7caWGIbWaa0baaSqaaiaad6gaae aacaWGcbaaaOGaaGykaaaa@5928@ , (7)

where aiA,biA,aiB,biB{0,1},0in . Alice and Bob send P A MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadcfadaWgaa WcbaGaamyqaaqabaaaaa@39E6@  and P B MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadcfadaWgaa WcbaGaamOqaaqabaaaaa@39E7@  to CA, while they insert sufficiently large number of decoy particles into them for eavesdropping check.

Once CA receives P A MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadcfadaWgaa WcbaGaamyqaaqabaaaaa@39E6@  and P B MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadcfadaWgaa WcbaGaamOqaaqabaaaaa@39E7@ , Alice and Bob announce publicly the positions and the states of the decoy particle. CA performs a suitable measurement on each decoy particle with the same basis as Alice and Bob chose. Then, comparing his measurement results with Alice’s and Bob’s announcement, CA can examine the qualification of Alice and Bob. If the CA accepts Alice and Bob as legitimated users, he/she generates private keys S A MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadofadaWgaa WcbaGaamyqaaqabaaaaa@39E9@  and S B MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadofadaWgaa WcbaGaamOqaaqabaaaaa@39EA@  for Alice and Bob respectively and sends them in a secure quantum way:

S A =( c 1 A , d 1 A , c 2 A , d 2 A , c n A , d n A ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadofadaWgaa WcbaGaamyqaaqabaGccaaI9aGaaGjbVlaaiIcacaWGJbWaa0baaSqa aiaaigdaaeaacaWGbbaaaOGaaGilaiaaysW7caWGKbWaa0baaSqaai aaigdaaeaacaWGbbaaaOGaaGilaiaaysW7caWGJbWaa0baaSqaaiaa ikdaaeaacaWGbbaaaOGaaGilaiaaysW7caWGKbWaa0baaSqaaiaaik daaeaacaWGbbaaaOGaaGilaiaaysW7caWGJbWaa0baaSqaaiaad6ga aeaacaWGbbaaaOGaaGilaiaaysW7caWGKbWaa0baaSqaaiaad6gaae aacaWGbbaaaOGaaGykaaaa@5930@  (8)

S B =( c 1 B , d 1 B , c 2 B , d 2 B , c n B , d n B ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadofadaWgaa WcbaGaamOqaaqabaGccaaI9aGaaGjbVlaaiIcacaWGJbWaa0baaSqa aiaaigdaaeaacaWGcbaaaOGaaGilaiaaysW7caWGKbWaa0baaSqaai aaigdaaeaacaWGcbaaaOGaaGilaiaaysW7caWGJbWaa0baaSqaaiaa ikdaaeaacaWGcbaaaOGaaGilaiaaysW7caWGKbWaa0baaSqaaiaaik daaeaacaWGcbaaaOGaaGilaiaaysW7caWGJbWaa0baaSqaaiaad6ga aeaacaWGcbaaaOGaaGilaiaaysW7caWGKbWaa0baaSqaaiaad6gaae aacaWGcbaaaOGaaGykaaaa@5937@  (9)

where ciA,diA,ciB,biB{0,1},0in.

CA calculates and secretly stores E C = S A S B =( e 1 , f 1 , e 2 , f 2 ,, e n , f n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadweadaWgaa WcbaGaae4qaaqabaGccaaI9aGaam4uamaaBaaaleaacaWGbbaabeaa kiabgwPiflaadofadaWgaaWcbaGaamOqaaqabaGccaaI9aGaaGikai aadwgadaWgaaWcbaGaaGymaaqabaGccaaISaGaaGjbVlaadAgadaWg aaWcbaGaaGymaaqabaGccaaISaGaaGjbVlaadwgadaWgaaWcbaGaaG OmaaqabaGccaaISaGaaGjbVlaadAgadaWgaaWcbaGaaGOmaaqabaGc caaISaGaaGjbVlaaiYcacaaMe8UaamyzamaaBaaaleaacaWGUbaabe aakiaaiYcacaaMe8UaamOzamaaBaaaleaacaWGUbaabeaakiaaiMca aaa@5BB2@  where ei,fi{0,1} and represents bitwise exclusive-OR.

Signature-masked phase

Alice’s authentication message is:

M=( m 1 , m 2 ,. m n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaad2eacaaI9a GaaGjbVlaaiIcacaWGTbWaaSbaaSqaaiaaigdaaeqaaOGaaGilaiaa ysW7caWGTbWaaSbaaSqaaiaaikdaaeqaaOGaaGilaiaaysW7caaIUa GaaGjbVlaad2gadaWgaaWcbaGaamOBaaqabaGccaaIPaaaaa@4957@  (10)

 where mi{0,1},0in . Alice generates an encoded quantum state |ϕ' according to SA:

|ϕ=| φ m 1 c 1 A , d 1 A | φ m 2 c 2 A , d 2 A ......| φ m n c n A , d n A MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHvp GzcqGHQms8caaI9aGaaGiFaiabeA8aQnaaBaaaleaacaWGTbWaaSba aeaacaaIXaaabeaacqGHvksXcaWGJbWaa0baaeaacaaIXaaabaGaam yqaaaacaaISaGaamizamaaDaaabaGaaGymaaqaaiaadgeaaaaabeaa kiabgQYiXlabgEPielaaiYhacqaHgpGAdaWgaaWcbaGaamyBamaaBa aabaGaaGOmaaqabaGaeyyLIuSaam4yamaaDaaabaGaaGOmaaqaaiaa dgeaaaGaaGilaiaadsgadaqhaaqaaiaaikdaaeaacaWGbbaaaaqaba GccqGHQms8cqGHxkcXcaGGUaGaaiOlaiaac6cacaGGUaGaaiOlaiaa c6cacqGHxkcXcaaI8bGaeqOXdO2aaSbaaSqaaiaad2gadaWgaaqaai aad6gaaeqaaiabgwPiflaadogadaqhaaqaaiaad6gaaeaacaWGbbaa aiaaiYcacaWGKbWaa0baaeaacaWGUbaabaGaamyqaaaaaeqaaOGaey OkJepaaa@73A2@  (11)

 where for each i=1,2,n , a qubit | φ m i c i A , d i A MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaamyBamaaBaaabaGaamyAaaqabaGaeyyLIuSaam4y amaaDaaabaGaamyAaaqaaiaadgeaaaGaaGilaiaadsgadaqhaaqaai aadMgaaeaacaWGbbaaaaqabaGccqGHQms8aaa@471E@  is one of the following states:

| φ 0,0 =|0 MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaaGimaiaaiYcacaaIWaaabeaakiabgQYiXlabg2da 9iabgYha8jabgcdaWiabgQYiXdaa@444C@

| φ 1,0 =|1 MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaaGymaiaaiYcacaaIWaaabeaakiabgQYiXlabg2da 9iabgYha8jabggdaXiabgQYiXdaa@444F@  

| φ 0,1 = |0+|1 2 MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaaGimaiaaiYcacaaIXaaabeaakiabgQYiXlabg2da 9maalaaabaGaeyiFaWNaeyimaaJaeyOkJeVaey4kaSIaeyiFaWNaey ymaeJaeyOkJepabaWaaOaaaeaacqGHYaGmaSqabaaaaaaa@4A86@

| φ 1,1 = |0|1 2 . MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHgp GAdaWgaaWcbaGaaGymaiaaiYcacaaIXaaabeaakiabgQYiXlabg2da 9maalaaabaGaeyiFaWNaeyimaaJaeyOkJeVaeyOeI0IaeyiFaWNaey ymaeJaeyOkJepabaWaaOaaaeaacqGHYaGmaSqabaaaaOGaaGOlaaaa @4B54@

Alice selects a private key RA=(g1,h1,g2,h2,..gn,hn) where gi,hi{0,1},0in and sends it to Bob in a secure quantum channel. In this part Alice again uses decoy particles eavesdropping check method for sending RA to Bob.

Alice applies W[1] to |ϕ' according to RA and obtains the signature |ϕ' 

W[1]:|ϕ|ϕ',

W[1] is defined as

W [1] = U 1 [1] V 1 [1] U 2 [1] V 2 [1] .. U n [1] V n [1] MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabggdaXiabg2faDbaakiabg2da9iaadwfadaqh aaWcbaGaeyymaedabaGaey4waSLaeyymaeJaeyyxa0faaOGaamOvam aaDaaaleaacqGHXaqmaeaacqGHBbWwcqGHXaqmcqGHDbqxaaGccqGH xkcXcaWGvbWaa0baaSqaaiabgkdaYaqaaiabgUfaBjabggdaXiabg2 faDbaakiaadAfadaqhaaWcbaGaeyOmaidabaGaey4waSLaeyymaeJa eyyxa0faaOGaey4LIqSaaGOlaiaai6cacaaMe8Uaey4LIqSaamyvam aaDaaaleaacaWGUbaabaGaey4waSLaeyymaeJaeyyxa0faaOGaamOv amaaDaaaleaacaWGUbaabaGaey4waSLaeyymaeJaeyyxa0faaaaa@678B@  (12)

where

U i [1] =U( g i ), V i [1] =U(h) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfadaqhaa WcbaGaamyAaaqaaiabgUfaBjabggdaXiabg2faDbaakiabg2da9iaa dwfacaaIOaGaam4zamaaBaaaleaacaWGPbaabeaakiaaiMcacaaISa GaaGjbVlaadAfadaqhaaWcbaGaamyAaaqaaiabgUfaBjabggdaXiab g2faDbaakiabg2da9iaadwfacaaIOaGaamiAaiaaiMcaaaa@4ED4@  (13)

U(1)=i σ y =|01||10| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGPbGaeq4Wdm3aaSbaaSqaaiaa dMhaaeqaaOGaeyypa0JaeyiFaWNaeyimaaJaeyOkJeVaeyykJeUaey ymaeJaeyiFaWNaeyOeI0IaeyiFaWNaeyymaeJaeyOkJeVaeyykJeUa eyimaaJaaGiFaaaa@52CB@

U(0)=|00|+|11| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFaaa@4E51@

V(1)=H= 1 2 (|0+|1)0|+ 1 2 (|0|1)1| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGibGaeyypa0ZaaSaaaeaacqGH XaqmaeaadaGcaaqaaiabgkdaYaWcbeaaaaGccqGHOaakcqGH8baFcq GHWaamcqGHQms8cqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cqGHPaqk cqGHPms4cqGHWaamcqGH8baFcqGHRaWkdaWcaaqaaiabggdaXaqaam aakaaabaGaeyOmaidaleqaaaaakiabgIcaOiabgYha8jabgcdaWiab gQYiXlabgkHiTiabgYha8jabggdaXiabgQYiXlabgMcaPiabgMYiHl abggdaXiabgYha8baa@6206@  

V(0)=|00|+|11|. MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFcqGHUaGlaaa@4F3A@

Then Alice sends |ϕ' to CA through a secure quantum channel.

CA applies W[2] to |ϕ'according to E C = S A S B MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadweadaWgaa WcbaGaae4qaaqabaGccaaI9aGaam4uamaaBaaaleaacaWGbbaabeaa kiabgwPiflaadofadaWgaaWcbaGaamOqaaqabaaaaa@4053@  and obtains the signature |S. MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacaWGtb GaeyOkJeVaaGOlaaaa@3C7F@  

W [2] :| ϕ |S, MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabgkdaYiabg2faDbaakiabgQda6iaaiYhacuaH vpGzgaqbaiabgQYiXlabgkziUkaaiYhacaWGtbGaeyOkJeVaaGilaa aa@4899@

W[2] is defined as

W [2] = U 1 [2] V 1 [2] U 2 [2] V 2 [2] .. U ν [2] V ν [2] MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabgkdaYiabg2faDbaakiabg2da9iaadwfadaqh aaWcbaGaeyymaedabaGaey4waSLaeyOmaiJaeyyxa0faaOGaamOvam aaDaaaleaacqGHXaqmaeaacqGHBbWwcqGHYaGmcqGHDbqxaaGccqGH xkcXcaWGvbWaa0baaSqaaiabgkdaYaqaaiabgUfaBjabgkdaYiabg2 faDbaakiaadAfadaqhaaWcbaGaeyOmaidabaGaey4waSLaeyOmaiJa eyyxa0faaOGaey4LIqSaaGOlaiaai6cacaaMe8Uaey4LIqSaamyvam aaDaaaleaacqaH9oGBaeaacqGHBbWwcqGHYaGmcqGHDbqxaaGccaWG wbWaa0baaSqaaiabe27aUbqaaiabgUfaBjabgkdaYiabg2faDbaaaa a@6923@  (14)

where

U i [2] =U( e i ), V i [2] =U(f) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfadaqhaa WcbaGaamyAaaqaaiabgUfaBjabgkdaYiabg2faDbaakiabg2da9iaa dwfacaaIOaGaamyzamaaBaaaleaacaWGPbaabeaakiaaiMcacaaISa GaaGjbVlaadAfadaqhaaWcbaGaamyAaaqaaiabgUfaBjabgkdaYiab g2faDbaakiabg2da9iaadwfacaaIOaGaamOzaiaaiMcaaaa@4ED4@  (15)

U(1)=i σ y =|01||10| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGPbGaeq4Wdm3aaSbaaSqaaiaa dMhaaeqaaOGaeyypa0JaeyiFaWNaeyimaaJaeyOkJeVaeyykJeUaey ymaeJaeyiFaWNaeyOeI0IaeyiFaWNaeyymaeJaeyOkJeVaeyykJeUa eyimaaJaeyiFaWhaaa@5349@

U(0)=|00|+|11| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFaaa@4E51@

V(1)=H= 1 2 (|0+|1)0|+ 1 2 (|0|1)1| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGibGaeyypa0ZaaSaaaeaacqGH XaqmaeaadaGcaaqaaiabgkdaYaWcbeaaaaGccqGHOaakcqGH8baFcq GHWaamcqGHQms8cqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cqGHPaqk cqGHPms4cqGHWaamcqGH8baFcqGHRaWkdaWcaaqaaiabggdaXaqaam aakaaabaGaeyOmaidaleqaaaaakiabgIcaOiabgYha8jabgcdaWiab gQYiXlabgkHiTiabgYha8jabggdaXiabgQYiXlabgMcaPiabgMYiHl abggdaXiabgYha8baa@6206@

V(0)=|00|+|11|. MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFcqGHUaGlaaa@4F3A@

Finally, CA sends signature |S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacaWGtb GaeyOkJepaaa@3BC7@ to Bob.

Authentication phase

Bob authenticates Alice’s individuality, then appliesW[3]  to |S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacaWGtb GaeyOkJepaaa@3BC7@  according to Z b = S B R A =( q 1 , t 1 , q 2 , t 2 , q n , t n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadQfadaWgaa WcbaGaamOyaaqabaGccaaI9aGaam4uamaaBaaaleaacaWGcbaabeaa kiabgwPiflaadkfadaWgaaWcbaGaamyqaaqabaGccaaI9aGaaGikai aadghadaWgaaWcbaGaaGymaaqabaGccaaISaGaaGjbVlaadshadaWg aaWcbaGaaGymaaqabaGccaaISaGaaGjbVlaadghadaWgaaWcbaGaaG OmaaqabaGccaaISaGaaGjbVlaadshadaWgaaWcbaGaaGOmaaqabaGc caaISaGaaGjbVlaadghadaWgaaWcbaGaamOBaaqabaGccaaISaGaaG jbVlaadshadaWgaaWcbaGaamOBaaqabaGccaaIPaaaaa@59F2@  obtains the signature | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhaceWGtb GbauaacqGHQms8aaa@3BD3@ , where:

W [3] :|S| S , MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabgodaZiabg2faDbaakiaaiQdacaaI8bGaam4u aiabgQYiXlabgkziUkaaiYhaceWGtbGbauaacqGHQms8caaISaaaaa@476F@

W [3] = U 1 [3] V 1 [3] U 2 [3] V 2 [3] U n [3] V n [3] MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadEfadaahaa WcbeqaaiabgUfaBjabgodaZiabg2faDbaakiabg2da9iaadwfadaqh aaWcbaGaeyymaedabaGaey4waSLaey4mamJaeyyxa0faaOGaamOvam aaDaaaleaacqGHXaqmaeaacqGHBbWwcqGHZaWmcqGHDbqxaaGccqGH xkcXcaWGvbWaa0baaSqaaiabgkdaYaqaaiabgUfaBjabgodaZiabg2 faDbaakiaadAfadaqhaaWcbaGaeyOmaidabaGaey4waSLaey4mamJa eyyxa0faaOGaey4LIqSaaGjbVlabgEPielaadwfadaqhaaWcbaGaam OBaaqaaiabgUfaBjabgodaZiabg2faDbaakiaadAfadaqhaaWcbaGa amOBaaqaaiabgUfaBjabgodaZiabg2faDbaaaaa@6637@  (16)

and

U n [3] =U( q i ), V n [3] =V(t) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfadaqhaa WcbaGaamOBaaqaaiabgUfaBjabgodaZiabg2faDbaakiaai2dacaWG vbGaaGikaiaadghadaWgaaWcbaGaamyAaaqabaGccaaIPaGaaGilai aaysW7caWGwbWaa0baaSqaaiaad6gaaeaacqGHBbWwcqGHZaWmcqGH DbqxaaGccaaI9aGaamOvaiaaiIcacaWG0bGaaGykaaaa@4E7F@  (17)

U(1)=i σ y =|01||10| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGPbGaeq4Wdm3aaSbaaSqaaiaa dMhaaeqaaOGaeyypa0JaeyiFaWNaeyimaaJaeyOkJeVaeyykJeUaey ymaeJaeyiFaWNaeyOeI0IaeyiFaWNaeyymaeJaeyOkJeVaeyykJeUa eyimaaJaeyiFaWhaaa@5349@

U(0)=|00|+|11| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadwfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFaaa@4E51@

V(1)=H= 1 2 (|0+|1)0|+ 1 2 (|0|1)1| MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHXaqmcqGHPaqkcqGH9aqpcaWGibGaeyypa0ZaaSaaaeaacqGH XaqmaeaadaGcaaqaaiabgkdaYaWcbeaaaaGccqGHOaakcqGH8baFcq GHWaamcqGHQms8cqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cqGHPaqk cqGHPms4cqGHWaamcqGH8baFcqGHRaWkdaWcaaqaaiabggdaXaqaam aakaaabaGaeyOmaidaleqaaaaakiabgIcaOiabgYha8jabgcdaWiab gQYiXlabgkHiTiabgYha8jabggdaXiabgQYiXlabgMcaPiabgMYiHl abggdaXiabgYha8baa@6206@

V(0)=|00|+|11|. MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadAfacqGHOa akcqGHWaamcqGHPaqkcqGH9aqpcqGH8baFcqGHWaamcqGHQms8cqGH Pms4cqGHWaamcqGH8baFcqGHRaWkcqGH8baFcqGHXaqmcqGHQms8cq GHPms4cqGHXaqmcqGH8baFcqGHUaGlaaa@4F3A@

Bob measures | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhaceWGtb GbauaacqGHQms8aaa@3BD3@  on the basis (0,0,0) and gets message M =( m 1 ' m 2 ,.. m n )' MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiqad2eagaqbai aai2dacaaIOaGaamyBamaaBaaaleaacaaIXaaabeaakiqaiEcagaqb aiaad2gadaWgaaWcbaGaaGOmaaqabaGccaaISaGaaGjbVlaai6caca aIUaGaaGjbVlaad2gadaWgaaWcbaGaamOBaaqabaGccaaIPaGaam4j aaaa@47B4@ . If ( m 1 , m 2 ,., m n )=( m 1 m 2 ,. m n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiIcacaWGTb WaaSbaaSqaaiaaigdaaeqaaOGaaGilaiaaysW7caWGTbWaaSbaaSqa aiaaikdaaeqaaOGaaGilaiaaysW7caaIUaGaaGilaiaaysW7caWGTb WaaSbaaSqaaiaad6gaaeqaaOGaaGykaiaai2dacaaIOaGabmyBayaa faWaaSbaaSqaaiaaigdaaeqaaOGabmyBayaafaWaaSbaaSqaaiaaik daaeqaaOGaaGilaiaaysW7caaIUaGaaGjbVlqad2gagaqbamaaBaaa leaacaWGUbaabeaakiaaiMcaaaa@53A1@  the signature is valid. Otherwise, the signature is invalid.

We can show correctness of the proposed quantum signature-masked authentication scheme based on private key as follow.

The initial quantum state |ϕ generated according to S A MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadofadaWgaa WcbaGaamyqaaqabaaaaa@39E9@  by Alice. During the signature-masked and authentication phases, it passes the following process:

 messageM S A |ϕ R A | ϕ S A S B |S S B R A | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaabaaaaaaaaape GaaiiOaiaad2gacaWGLbGaam4CaiaadohacaWGHbGaam4zaiaadwga caaMc8Uaamyta8aacqGHsgIRdaahaaWcbeqaaiaadofadaWgaaqaai aadgeaaeqaaaaakiaaiYhacqaHvpGzcqGHQms8cqGHsgIRdaahaaWc beqaaiaadkfadaWgaaqaaiaadgeaaeqaaaaakiaaiYhacuaHvpGzga qbaiabgQYiXlabgkziUoaaCaaaleqabaGaam4uamaaBaaabaGaamyq aaqabaGaeyyLIuSaam4uamaaBaaabaGaamOqaaqabaaaaOGaaGiFai aadofacqGHQms8cqGHsgIRdaahaaWcbeqaaiaadofadaWgaaqaaiaa dkeaaeqaaiabgwPiflaadkfadaWgaaqaaiaadgeaaeqaaaaakiaaiY haceWGtbGbauaacqGHQms8aaa@6A09@  (18)

 By equations (8), (9) and RA we have:

d i A = h i d i A d i B d i B h i MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqiVCI8FfYJH8YrFfeuY=Hhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadsgadaqhaa WcbaGaamyAaaqaaiaadgeaaaGccaaI9aGaamiAamaaBaaaleaacaWG PbaabeaakiabgwPiflaadsgadaqhaaWcbaGaamyAaaqaaiaadgeaaa GccqGHvksXcaWGKbWaa0baaSqaaiaadMgaaeaacaWGcbaaaOGaeyyL IuSaamizamaaDaaaleaacaWGPbaabaGaamOqaaaakiabgwPiflaadI gadaWgaaWcbaGaamyAaaqabaaaaa@4E39@  (19)

d i A = h i d i A d i B d i B h i MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadsgadaqhaa WcbaGaamyAaaqaaiaadgeaaaGccaaI9aGaamiAamaaBaaaleaacaWG PbaabeaakiabgwPiflaadsgadaqhaaWcbaGaamyAaaqaaiaadgeaaa GccqGHvksXcaWGKbWaa0baaSqaaiaadMgaaeaacaWGcbaaaOGaeyyL IuSaamizamaaDaaaleaacaWGPbaabaGaamOqaaaakiabgwPiflaadI gadaWgaaWcbaGaamyAaaqabaaaaa@5070@  (20)

As previously noted, Bob can measure | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhaceWGtb GbauaacqGHQms8aaa@3BD3@  on the basis (|0,|0,..|0) and get (m'1m'2,m'n),  and it is easy to verify ( m 1 , m 2 ,. m n )=( m 1 , m 2 , m n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiIcaceWGTb GbauaadaWgaaWcbaGaaGymaaqabaGccaaISaGaaGjbVlqad2gagaqb amaaBaaaleaacaaIYaaabeaakiaaiYcacaaMe8UaaGOlaiaaysW7ce WGTbGbauaadaWgaaWcbaGaamOBaaqabaGccaaIPaGaaGypaiaaiIca caWGTbWaaSbaaSqaaiaaigdaaeqaaOGaaGilaiaaysW7caWGTbWaaS baaSqaaiaaikdaaeqaaOGaaGilaiaaysW7caWGTbWaaSbaaSqaaiaa d6gaaeqaaOGaaGykaaaa@52E9@  holds.

Security analysis

In this section, a security of the proposed scheme is analyzed and it has been shown that the protocol withstands forgery attack, impersonation attack and outside attack. First of all, it’s noted that all states and keys are transferred in secure quantum channel and sent by using the decoy particles eavesdropping check method. Therefore, the probability of an attack is low. It is also possible one of the user, the service provider or the center of authentication is untrustworthy.

Alice forgery attack

Let us discuss how the proposed protocol withstands the Alice forgery attack.

In this scheme, Alice may be dishonest. We show that she cannot forge |S. The verifying process of the signature |ϕ' must use the private keys SA and SB, so the receiver Bob can confirm Alice’s legation with the help of CA. An effective |S needs using the knowledge of the Bob’s private key SB, because Alice does not know the value of SB, she cannot forge signature |S. Concluding, a malicious Alice cannot forge credential certificates by herself to get some services from the service provider Bob.

Bob forgery attack

Suppose that, an attacker wants to impersonate the service provider Bob to verify Alice’s identity in order to provide some false services. In the verify phase, a verifier has to use his private key SB and the shared private keys RA between Alice and Bob to verify the validity of Alice’s credential certificates |S . Only the service provider B ob has the two keys SB and RA. So no one can verify the validity of Alice’s credential certificates except Bob. As well as, one possible strategy for the malicious Bob that tries to forge Alice’s signature is to obtain the private key RA to generate |ϕ', however, since the key is distributed through quantum key distribution, it would be impossible, . Moreover, the service provider Bob does not know Alice’s private keySA, therefore Alice’s credential certificates |ϕ' cannot be forged by the service provider.

Impersonation attack

The new proposed scheme based on private key can withstand the impersonation attack. May be, an attacker may impersonate the user Alice in order to use some services from the service provider Bob. Firstly, CA may forge Alice’s credential certificates |ϕ', then impersonate Alice to obtain some services from the service provider Bob, actually CA may be destructive. CA can not generate a valid , because an effective |ϕ' needs using the knowledge of the shared key RA that is transmitted between Alice and Bob in secure quantum channel. So, the quantum state |ϕ' is unknown to CA and CA cannot impersonate the user Alice to get some services from the service provider Bob.

Outside attack

Alice, Bob and CA as the participants, are still unable to forge signatures, let assume an outsider attacker Eve. All the keys, quantum states and messages transmitted through quantum channel are encrypted by using a decoy particles encryption algorithm. Also, in our proposed scheme based on a private key, the CA issues the original signature for the qualified Alice. Because no one knows the two private keys SA and SB except CA, only CA can generate |S. Therefore, our scheme is manageable and withstands the outside attack.

Secure electronic voting scheme

In this section, we proposed a new method of Electronic voting by using the quantum signature- masked authentication based on private key that introduced in previous section. Electronic voting includes the following several parties:

  1. Elector and owner of the vote message is the voter Alice.
  2. Charlie is the vote management center and signer that checks the qualification of voters, distributes ballots.
  3. Bob is the center of counting votes and teller.
  4. Diana is a scrutineer that supervises the behaviour of Charlie. Charlie and Diana will verify the messages and signatures.

Proposed Electronic voting contains three phases:

  1. Setup
  2. Vote stage
  3. Counting ballots and supervising.

Set up phase

First, the voter Alice sends her identification information to the vote management center Charlie. Then Charlie checks whether Alices identity is eligible and whether this vote is the first one. If not, he will refuse to award tickets. Conversely, if Alice satisfies the vote conditions, the vote management center will randomly assign Alice a unique vote ID and this means that the voter registration is successful. After registration, the public keys PA and PB and private keys SA and SB such as (6), (7), (8), (9) share between Alice, Bob and Charlie. Charlie calculates and secretly stores E C = S A S B . MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadweadaWgaa WcbaGaae4qaaqabaGccaaI9aGaam4uamaaBaaaleaacaWGbbaabeaa kiabgwPiflaadofadaWgaaWcbaGaamOqaaqabaGccaaIUaaaaa@4115@

Vote stage

Alice converts the vote message M into a n-bit binary sequence. That is

M=( m 1 , m 2 ,. m n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaad2eacaaI9a GaaGjbVlaaiIcacaWGTbWaaSbaaSqaaiaaigdaaeqaaOGaaGilaiaa ysW7caWGTbWaaSbaaSqaaiaaikdaaeqaaOGaaGilaiaaysW7caaIUa GaaGjbVlaad2gadaWgaaWcbaGaamOBaaqabaGccaaIPaaaaa@4957@ ,                         (21)

where mi{0,1},0in . The vote message M is blind to quantum state |ϕ' according to SA as defined in previous section by (11). Alice sends |ϕ' to scrutineers Diana.

Alice selects a serial number as binary sequences RAg1,h1,g2,h2,,gn,hn where gi,hi{0,1},0in  and sends it to the center of counting votes Bob.

Alice applies W[1] according to serial number RA to |ϕ' obtains the signature |ϕ' and sends it to the vote management center Charlie. The W[1] define by (12).

The vote management Charlie applies W[2] : | ϕ |S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacuaHvp GzgaqbaiabgQYiXlabgkziUkaaiYhacaWGtbGaeyOkJepaaa@4258@  according to E C = S A S B MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadweadaWgaa WcbaGaae4qaaqabaGccaaI9aGaam4uamaaBaaaleaacaWGbbaabeaa kiabgwPiflaadofadaWgaaWcbaGaamOqaaqabaaaaa@4053@ and sends signature |S to teller Bob.

Counting ballots and supervising

The center of counting votes Bob after receiving the signed votes and authenticates Alice’s W[3]  : |S| S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacaWGtb GaeyOkJeVaeyOKH4QaaGiFaiqadofagaqbaiabgQYiXdaa@4168@  according to private key and serial number Z b = S B R A =( q 1 , t 1 , q 2 , t 2 , q n , t n ). MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaadQfadaWgaa WcbaGaamOyaaqabaGccaaI9aGaam4uamaaBaaaleaacaWGcbaabeaa kiabgwPiflaadkfadaWgaaWcbaGaamyqaaqabaGccaaI9aGaaGjbVl aaiIcacaWGXbWaaSbaaSqaaiaaigdaaeqaaOGaaGilaiaaysW7caWG 0bWaaSbaaSqaaiaaigdaaeqaaOGaaGilaiaaysW7caWGXbWaaSbaaS qaaiaaikdaaeqaaOGaaGilaiaaysW7caWG0bWaaSbaaSqaaiaaikda aeqaaOGaaGilaiaaysW7caWGXbWaaSbaaSqaaiaad6gaaeqaaOGaaG ilaiaaysW7caWG0bWaaSbaaSqaaiaad6gaaeqaaOGaaGykaiaaysW7 caaIUaaaaa@5DC4@

Bob sends | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhaceWGtb GbauaacqGHQms8aaa@3BD3@  to scrutineers Diana.

Bob measures | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhaceWGtb GbauaacqGHQms8aaa@3BD3@  on the basis (|0,|0,|0)  and gets ( m 1 , m 2 ,., m n ), MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiIcaceWGTb GbauaadaWgaaWcbaGaaGymaaqabaGccaaISaGaaGjbVlqad2gagaqb amaaBaaaleaacaaIYaaabeaakiaaiYcacaaMe8UaaGOlaiaaiYcaca aMe8UabmyBayaafaWaaSbaaSqaaiaad6gaaeqaaOGaaGykaiaacYca aaa@47BB@ if ( m 1 , m 2 , m n )=( m 1 , m 2 , m n ) MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiIcaceWGTb GbauaadaWgaaWcbaGaaGymaaqabaGccaaISaGaaGjbVlqad2gagaqb amaaBaaaleaacaaIYaaabeaakiaaiYcacaaMe8UabmyBayaafaWaaS baaSqaaiaad6gaaeqaaOGaaGykaiaai2dacaaIOaGaamyBamaaBaaa leaacaaIXaaabeaakiaaiYcacaaMe8UaamyBamaaBaaaleaacaaIYa aabeaakiaaiYcacaaMe8UaamyBamaaBaaaleaacaWGUbaabeaakiaa iMcaaaa@50A4@ the vote is legible and signature masked can be verified otherwise, vote and signature is invalid.

Under the scrutineer Diana, the teller Bob gets every voter’s ballot. Diana as a supervisor compares the signature message | S MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhaceWGtb GbauaacqGHQms8aaa@3BD3@  that Bob sent with the |ϕ MathType@MTEF@5@5@+= feaahqart1ev3aaatCvAUfeBSjuyZL2yd9gzLbvyNv2CaerbuLwBLn hiov2DGi1BTfMBaeXatLxBI9gBaerbd9wDYLwzYbItLDharqqtubsr 4rNCHbGeaGqkY=wjYlH8qqFD0xXdHaVhbbf9v8qqaqFr0xc9pk0xbb a9q8WqFfeaY=biLkVcLq=JHqpepeea0=as0Fb9pgeaYRXxe9vr0=vr 0=vqpWqaaeaabiGaciaacaqabeaadaqaaqaaaOqaaiaaiYhacqaHvp GzcqGHQms8aaa@3CB7@ . If these two states are equal, it means the signature masked and vote is valid if not, which indicates the presence of cheating.

For the voters to confirm information later, every voter’s ballot number and election contents are posted on bulletin boards.

Finally, if there is no dispute announce to the public that that the election is effective and announce the election results.

The proposed electronic voting is secure because the quantum- signature masked authentication protocol that used for voting is protected under the each kind of attack (as explained in section 4).

Conclusion

In summary, a quantum signature-masked authentication scheme based on private key is pro- posed. Different from previous protocols, by using the private key RA that is only known by Alice and Bob, the center of CA does not know the contents of the message. The user’s final credential certificate is issued by hers and CA together. It has been shown that the proposed protocol can resist not only inside attacks such as the participant’s Alice’s forgery attack, Bob’s forgery attack, impersonation attack but also it is secure against outside attacks which can be widely used in many systems, such as the identity authentication between Digital Set-Top-Box (DSTB) and smart card in secure Digital Video Broadcasting (DVB) service system. Also, we introduce a new electronic voting scheme by using this secure method.

Acknowledgments

This work is supported by Kermanshah Branch, Islamic Azad University

Conflict of interest

Authors declare there is no conflict of interest.

References

  1. CH Bennett, G Brassard. Quantum Cryptography Public Key Distribution and Coin Tossing. In Proceedings of IEEE International Conference on Computers Systems and Signal Processing; 1984 December; India. p. 175−179.
  2. D Mayers. Unconditional security in quantum cryptography. Journal of the ACM. 2001;48(3):351−406.
  3. P Shor, J Priskill. Simple proof of security of the bb84 quantum key distribution protocol. Physical Review Letters. 2000;85:441−444.
  4. O Goldreich. Foundations of Cryptography. UK: Cambridge university press; 2001.
  5. D Gottesman, I Chuang. Quantum digital signatures. 2001. p. 8.
  6. H Barnum, C Crepeau, D Gottesman, et al. Authentication of quantum messages. The 43rd Annual IEEE Symposium on Foundations of Computer Science; 2002 Nov 19; IEEE: Canada. p. 449−458.
  7. M Curty, DJ Santos, E Perez, et al. Qubit authentication. Physical Review A. 2002;66(2):022301.
  8. G Zeng, CH Keitel. Arbitrated quantum−signature scheme. Physical Review A. 2002;65(4):042312.
  9. Q Li, WH Chan, DY Long. Arbitrated quantum signature scheme using Bell states. Physical Review A. 2009;79(5):054307.
  10. H Lee, C Hong, H Kim, et al. Arbitrated quantum signature scheme with message recovery. Physics Letters A. 2004;321(5−6):295−300.
  11. X Lu, D Feng. Quantum digital signature based on quantum one-way functions. The 7th International Conference on Advanced Communication Technology; 2005 July 21−23; South Korea. p. 514−517.
  12. J Wang, Q Zhang, C Tang. Quantum signature scheme with single photons. Optoelectronics Letters. 2006;2(3):209−212.
  13. X Wen, Y Liu, Y Sun. Quantum multi-signature protocol based on teleportation. Zeitschrift fur Naturforschung A. 2007;62(3−4)147−151.
  14. G Zeng, M Lee, Y Guo, et al. Continuous variable quantum signature algorithm. International Journal of Quantum Information. 2007;5(4):553−573.
  15. YG Yang. Multi-proxy quantum group signature scheme with threshold shared verification. Chinese Physics B. 2008;17(2):415.
  16. M Naseri. A weak blind signature based on quantum cryptography. International Journal of the Physical Sciences. 2011;6(21):5051−5053.
  17. Naseri M. Comment on: “secure direct communication based on ping-pong protocol” [ Quantum Inf. Process. 8, 347 ( 2009)]. Quantum Information Processing. 2010;9(6):693−698.
  18. Sheikhehi F, Naseri M. Probabilistic bidirectional quantum secure communication based on a shared partially entangled states. International Journal of Quantum Information. 2011;9(supp 0l):357−365.
  19. WM Shi, YG Yang, YH Zhou. Quantum signature masked authentication schemes. Optik. 2015;126(23):3544−3548.
  20. FG Zhang, K Kim. Signature-masked Authentication Using the Bilinear Pairings. Cryptology and Information Security Laboratory (CAIS), Information and Communications University, South Korea. 2002.
  21. M Dusek, O Haderka, M Hendrych, et al. Quantum identification system. Physical Review A. 1999;60:149156.
  22. D Ljunggren, M Bourennane, A Karlsson, et al. Authority−based user authenticationin quantum key distribution. Physical Review A. 2000;62:022305.
  23. GH Zeng, WP Zhang. Identity verification in quantum key distribution. Physical Review A. 2001;61:022303.
  24. N Zhou, T Hua, L Gong, et al. Quantum image encryption based on generalized Arnold transform and double random phase encoding. Quantum Information Processing. 2015;14(4):1193−1213.
  25. H Liang, X Tao, N Zhou. Quantum image encryption based on generalized affine transform and logistic map. Quantum Information Processing. 2016;15(7):2701−2724.
  26. L Gong, X He, Sh Cheng, et al. Quantum image encryption algorithm based on quantum image XOR operations. International Journal of Theoretical Physics. 2016;55(7):3234−3250.
  27. ZH Wei, XB Chen, XX Niu, et al. A novel quantum steganography protocol based on probability measurements. International Journal of Quantum Information. 2013;11(7):1350068.
  28. SJ Xu, XB Chen, XX Niu, et al. High-efficiency quantum steganography based on the tensor product of Bell states. Science China−Physics Mechanics and Astronomy. 2013;56(9):1745−1754.
  29. N Fatahi, M Naseri, LH Gong, et al. High−Efficient Arbitrated Quantum Signature Scheme Based on Cluster States. International Journal of Theoretical Physics. 2016;56(2):609−616.
  30. M Naseri, Sh Heidari, M Baghfalaki, et al. A new secure quantum watermarking scheme. Optik. 2017;139:77−86.
  31. M Naseri, M Abdolmaleky, F Parandin, et al. A New Quantum Gray−Scale Image Encoding Scheme, Communication in Theoretical Physics. 2018;69(2):215226.
  32. M Naseri, Sh Heidari, R Gheibi, et al. A novel quantum binary images thinning algorithm: A quantum version of the Hilditch’ s algorithm. Optik. 2017;131:678−686.
  33. M Naseri, N Fatahi, A Farouk, et al. Applications of Quantum Mechanics in Secure Communication. In Hassanien A, Elhoseny M, Kacprzyk J, editors. Quantum Computing: An Environment for Intelligent Large Scale Real Application. Cham: Springer; 2018; p. 25−40.
  34. M Naseri, LH Gong, M Houshmand, et al. An Anonymous Surveying Protocol via Greenberge-Horne-Zeilinger States. International Journal of Theoretical Physics. 2016;55(10):4436−4444.
  35. XL Zhang. One-way quantum identity authentication based on public key. Chin Sci Bull. 2009;54:2018202.
Creative Commons Attribution License

©2018 Fatahi, et al. This is an open access article distributed under the terms of the, which permits unrestricted use, distribution, and build upon your work non-commercially.