Can you sign a quantum state?

by   Gorjan Alagic, et al.

Cryptography with quantum states exhibits a number of surprising and counterintuitive features. In a 2002 work, Barnum et al. argued informally that these strange features should imply that digital signatures for quantum states are impossible (Barnum et al., FOCS 2002). In this work, we perform the first rigorous study of the problem of signing quantum states. We first show that the intuition of Barnum et al. was correct, by proving an impossibility result which rules out even very weak forms of signing quantum states. Essentially, we show that any non-trivial combination of correctness and security requirements results in negligible security. This rules out all quantum signature schemes except those which simply measure the state and then sign the outcome using a classical scheme. In other words, only classical signature schemes exist. We then show a positive result: it is possible to sign quantum states, provided that they are also encrypted with the public key of the intended recipient. Following classical nomenclature, we call this notion quantum signcryption. Classically, signcryption is only interesting if it provides superior efficiency to simultaneous encryption and signing. Our results imply that, quantumly, it is far more interesting: by the laws of quantum mechanics, it is the only signing method available. We develop security definitions for quantum signcryption, ranging from a simple one-time two-user setting, to a chosen-ciphertext-secure many-time multi-user setting. We also give secure constructions based on post-quantum public-key primitives. Along the way, we show that a natural hybrid method of combining classical and quantum schemes can be used to "upgrade" a secure classical scheme to the fully-quantum setting, in a wide range of cryptographic settings including signcryption, authenticated encryption, and chosen-ciphertext security.


page 1

page 2

page 3

page 4


Quantum commitments and signatures without one-way functions

In the classical world, the existence of commitments is equivalent to th...

From the Hardness of Detecting Superpositions to Cryptography: Quantum Public Key Encryption and Commitments

Recently, Aaronson et al. (arXiv:2009.07450) showed that detecting inter...

Uncloneable Decryptors from Quantum Copy-Protection

Uncloneable decryptors are encryption schemes (with classical plaintexts...

Another Round of Breaking and Making Quantum Money: How to Not Build It from Lattices, and More

Public verification of quantum money has been one of the central objects...

How to Sign Quantum Messages

Signing quantum messages has been shown to be impossible even under comp...

Quantum Encryption of superposition states with Quantum Permutation Pad in IBM Quantum Computers

We present an implementation of Kuang and Bettenburg's Quantum Permutati...

Quantum and Semi-Quantum Lottery: Strategies and Advantages

Lottery is a game in which multiple players take chances in the hope of ...

Please sign up or login with your details

Forgot password? Click here to reset