Authentication of quantum messages

Howard Barnum, Claude Crépeau, Daniel Gottesman, Adam Davison Smith, Alain Tapp

Research output: Contribution to journalConference article

142 Citations (Scopus)

Abstract

Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical secret key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a secret, classical random key, we provide a non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m + s qubits, where the error probability decreases exponentially in the security parameter s. The scheme requires a secret key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically. This reasoning has two important consequences: It allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. Moreover, we use it to show that digitally signing quantum states is impossible.

Original languageEnglish (US)
Pages (from-to)449-458
Number of pages10
JournalAnnual Symposium on Foundations of Computer Science - Proceedings
StatePublished - Dec 1 2002
EventThe 34rd Annual IEEE Symposium on Foundations of Computer Science - Vancouver, BC, Canada
Duration: Nov 16 2002Nov 19 2002

Fingerprint

Authentication
Cryptography
Paramagnetic resonance
Communication
Testing
Error probability

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture

Cite this

Barnum, H., Crépeau, C., Gottesman, D., Smith, A. D., & Tapp, A. (2002). Authentication of quantum messages. Annual Symposium on Foundations of Computer Science - Proceedings, 449-458.
Barnum, Howard ; Crépeau, Claude ; Gottesman, Daniel ; Smith, Adam Davison ; Tapp, Alain. / Authentication of quantum messages. In: Annual Symposium on Foundations of Computer Science - Proceedings. 2002 ; pp. 449-458.
@article{54a4f65e272a4457b276fff840b7c227,
title = "Authentication of quantum messages",
abstract = "Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical secret key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a secret, classical random key, we provide a non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m + s qubits, where the error probability decreases exponentially in the security parameter s. The scheme requires a secret key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically. This reasoning has two important consequences: It allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. Moreover, we use it to show that digitally signing quantum states is impossible.",
author = "Howard Barnum and Claude Cr{\'e}peau and Daniel Gottesman and Smith, {Adam Davison} and Alain Tapp",
year = "2002",
month = "12",
day = "1",
language = "English (US)",
pages = "449--458",
journal = "Annual Symposium on Foundations of Computer Science - Proceedings",
issn = "0272-5428",

}

Barnum, H, Crépeau, C, Gottesman, D, Smith, AD & Tapp, A 2002, 'Authentication of quantum messages', Annual Symposium on Foundations of Computer Science - Proceedings, pp. 449-458.

Authentication of quantum messages. / Barnum, Howard; Crépeau, Claude; Gottesman, Daniel; Smith, Adam Davison; Tapp, Alain.

In: Annual Symposium on Foundations of Computer Science - Proceedings, 01.12.2002, p. 449-458.

Research output: Contribution to journalConference article

TY - JOUR

T1 - Authentication of quantum messages

AU - Barnum, Howard

AU - Crépeau, Claude

AU - Gottesman, Daniel

AU - Smith, Adam Davison

AU - Tapp, Alain

PY - 2002/12/1

Y1 - 2002/12/1

N2 - Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical secret key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a secret, classical random key, we provide a non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m + s qubits, where the error probability decreases exponentially in the security parameter s. The scheme requires a secret key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically. This reasoning has two important consequences: It allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. Moreover, we use it to show that digitally signing quantum states is impossible.

AB - Authentication is a well-studied area of classical cryptography: a sender A and a receiver B sharing a classical secret key want to exchange a classical message with the guarantee that the message has not been modified or replaced by a dishonest party with control of the communication line. In this paper we study the authentication of messages composed of quantum states. We give a formal definition of authentication in the quantum setting. Assuming A and B have access to an insecure quantum channel and share a secret, classical random key, we provide a non-interactive scheme that enables A to both encrypt and authenticate an m qubit message by encoding it into m + s qubits, where the error probability decreases exponentially in the security parameter s. The scheme requires a secret key of size 2m + O(s). To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. It has long been known that learning information about a general quantum state will necessarily disturb it. We refine this result to show that such a disturbance can be done with few side effects, allowing it to circumvent cryptographic protections. Consequently, any scheme to authenticate quantum messages must also encrypt them. In contrast, no such constraint exists classically. This reasoning has two important consequences: It allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. Moreover, we use it to show that digitally signing quantum states is impossible.

UR - http://www.scopus.com/inward/record.url?scp=0036954511&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0036954511&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:0036954511

SP - 449

EP - 458

JO - Annual Symposium on Foundations of Computer Science - Proceedings

JF - Annual Symposium on Foundations of Computer Science - Proceedings

SN - 0272-5428

ER -

Barnum H, Crépeau C, Gottesman D, Smith AD, Tapp A. Authentication of quantum messages. Annual Symposium on Foundations of Computer Science - Proceedings. 2002 Dec 1;449-458.