Most of the classical designated verifier signature schemes are insecure against quantum adversary. In this paper, a quantum signature scheme for the designated verifier is proposed. In our scheme, during the initialization phase, the partners share secret keys by performing the quantum key distribution protocol. On the other hand, by performing the quantum direct communication protocol, the key generator center shares secret keys with the signer and the designated verifier, respectively. The key generator center generates a particle sequence of Bell state and distributes the particles between the signer and the designated verifier. During the signature generation phase, the signer encrypts the particle sequence by the secret keys and Hardmard operators. After that, the signer performs the controlled unitary operations on the encrypted particle sequence so as to generate the quantum signature. The designated verifier can simulate the quantum signature by performing the same symmetric signing steps as that performed by the original signer. Hence, the quantum signature signed by the true signer is the same as the one simulated by the receiver, which makes our scheme possess the designated properties. During the signature verification phase, the designated verifier performs the controlled unitary operations on the quantum signature and obtains the quantum ciphertexts. After that, the designated verifier decrypts the quantum ciphertexts by the symmetric secret keys and Hardmard operators so that the quantum signature can be verified. Our signature is secure against forgery attack, inter-resending attacks and Trojan horse attack. Because the trace distance between the density operators of different quantum signatures is zero, the information-theoretical security of our quantum signature scheme can be proved. The unconditionally secure quantum key distribution protocol and the one-time pad encryption algorithm can guarantee the security of the secret keys shared by the partners. What is more, the security assumption about the key generation center is weak. That is, it is not necessary to assume that the key generation center should be fully trusted. On the other hand, in our scheme, the quantum one-way function is not used. To generate a quantum signature, the signer need not prepare for entangled particle sequence. To verify a quantum signature, the verifier need not apply any state comparison to the received particles. The qubit efficiency is 100%. Therefore, our scheme has the advantages in the security and efficiency over the other quantum signature schemes for the designated verifier.
Read full abstract