An Arbitrated Quantum Signature Scheme Based on Chaotic Quantum Encryption Algorithm

An arbitrated quantum signature (AQS) scheme is demonstrated via the improved quantum chaotic encryption algorithm with the quantum one-time pad based on chaotic operation string. In this scheme, the signatory signs the message and the receiver verifies the signature's validity with the aid of the arbitrator who plays a crucial role when a dispute arises. Analysis shows that the signature can neither be forged nor disavowed by the malicious attacker.


Introduction
Digital signature that enables to settle disputes about the authenticity of the message is an essential cryptographic primitive.It has been applied in secure electronic commerce, whose security depends much on the intractability of factoring large numbers or solving discrete logarithms.However, it would be broken via Shor's algorithm when a quantum computer would be available someday [1].Consequently, quantum signature has been suggested to provide the authenticity and nonrepudiation of quantum states with unconditional security based on quantum mechanics [2,3].There are usually two essential requirements in quantum signature, i.e., unforgeability and undeniability [4].
An arbitrated quantum signature (AQS) scheme [2] was proposed to sign the quantum message via quantum one-time pad [5] using the Greenberger-Horne-Zeilinger (GHZ) states with availability of the trusted arbitrator.The security depends on the secure keys shared among legal users.However, it could be repudiated by the dishonest receiver [6].After that an improved AQS scheme was presented using Bell states instead of GHZ states while providing a higher efficiency in transmission and reducing the complexity of its implementation [7].However, it was pointed out that the yielded signature could still be repudiated by the receiver as the original scheme did [6].Although two AQS schemes were proposed to solve this problem, the receiver would actively negate the signature since he may get the benefits from the denial-of-service (DoS) attack strategy without being detected [8,9].Actually, in an AQS scheme the entrusted arbitrator plays an important role when a dispute arises among participants.Since the arbitrator may not solve a dispute when Bob claims that the verification of the signature is not successful, the previous AQS schemes are not always valid due to the contradiction to the undeniable requirement of signatures [2,3,7].Recently, it has been pointed out [13,14] that those AQS schemes [2,3,7] provide security only against a total break attack and there is an existential forgery attack that can validly modify the signature.In order to conquer this shortcoming, we designate an AQS scheme using an improved quantum chaotic encryption algorithm with classical communications that are assumed to be susceptible to eavesdropping but not to the injection or alteration of the message [10][11][12].The quantum chaotic encryption system has several interesting characteristics, such as the sensitive dependence on initial conditions and system parameters, pseudo-random property, non-periodicity and topological transitivity, etc.These characteristics meet some secure requirements such as diffusion and mixing in quantum cryptosystem.The present scheme can not only avoid being disavowed by the receiver, but also can preserve all merits in the previous schemes.
As far as we know, the chaos-based AQS scheme with diffusion quantum operations has not been reported.In this paper, we propose an AQS scheme via the improved quantum chaotic encryption algorithm.This paper is organized as follows.In section II, we designate a quantum chaotic encryption algorithm based on the quantum one-time pad depending on the chaotic operation string performed on quantum states.In section III, we develop an AQS scheme based on the improved quantum chaotic encryption algorithm.It involves three participants, including the signatory, the receiver and the arbitrator, in three phases, i.e., initializing phase, signing phase and verifying phase.In section IV we analyze the security of the AQS scheme according to the requirements of the quantum signature.It is shown that the present scheme is secure due to the implementation of the quantum chaotic encryption algorithm.Finally, conclusions are drawn in section IV.

Quantum Chaotic Encryption Algorithm
We let Pauli matrices x  , z  and y  denote Pauli-X, Pauli-Z and Pauli-Y gates respectively.Let P be a quantum message described as . Subsequently,   E  denotes the conventional quantum one-time pad for a given string of length 2n, i.e., with where I denotes an identity operation. , , , , Recall that for a given key of length 2n there is a chaotic encryption algorithm expressed in a recursive fashion where denotes the cryptogram string of length 2n that is used for the quantum encrypting algorithm in Equation(1), and T is a chaotic key-dependent transformation.In detail, we write ,0 , for each a string of length 2n in the round, , , The string consists of r rounds of identical transformations applied in a sequence to the initial key .The chaotic transformation CT is defined as where ,0 ,2 1 denotes a subkey that controls the round, each function i ( , , ) f is obtained via discretization of a conventional nonlinear map with mixing property and robust chaos, 0 , 0 , 2 , 0 , , The decrypting structure undoes the transformations of the encrypting structure where r decrypting rounds are applied to the received vector r to recover 0 .In each decrypting round, the inverse transformation can be described as We note that the afore-mentioned chaotic map f can be generated in a quadratic (logistic) chaotic map [20] given by   It can be implemented in two steps [21].
In the first step, the logistic map is scaled so that input and output values are in the interval [0, 22n].The second step is discretization of the newly derived map.
In addition, this map can also be generated in an exponential chaotic map where the number a is a generator of the multiplicative group of nonzero elements of the Galois field of order .
In what follows, we consider an improved quantum chaotic encryption algorithm with a quantum one-time pad based on the chaotic string throughout this paper.Assume that the Hadamard gate can be defined as h According to the algorithm in Equation(1) for a given chaotic string of length 2n, we obtain the similar quantum chaotic encryption algorithm given by It is obvious that one can not obtain the exact relation- due to the properties of Paulioperations [1].This feature can be well suitable for a particular purpose of the generation of the quantum signature that can not be forged or disavowed by the attacker.

Prepare Arbitrated Quantum Signature Scheme with Chaotic Encryption
As an AQS scheme, it should satisfy at least two constraints, i.e., one is that the signature should not be forged by the attacker and another is the impossibility of disavowal of the signatory and receiver.It usually involves three participants, including the signatory Alice, the receiver Bob and the trusted arbitrator Charlie, in three signing phases, i.e., initializing phase, signing phase and verifying phase.In the previous AQS scheme [2,3], it has been stated that Bob can not disavow that he has obtained the signature.However, he can repudiate the integrality of the signature since he can reject the signature in verifying phase [6,8,9].It means that Bob can admit receipt of the signature but deny its correctness.
In order to conquer this shortcoming, we design an improved AQS scheme based on the quantum chaotic encryption algorithm with the prepared chaotic string using the shared key and subkey.Suppose that Alice wants to sign the quantum message  and has at least three copies of P .In order to obtain a low error probability in verifying phase, we can assume that n is large enough; otherwise we can use m P  instead of P , where m is a large enough integer.Then the proposed AQS scheme goes as follows.

Initializing Phase
Step I1.Alice shares an initial secret key 0 of length 2n with Charlie through quantum key distribution (QKD) protocol [10,11].Then she selects another private subkey where the subscripts a and b denote the photons that are transmitted to Alice and Bob via the authenticated quantum channel [15,16].

Signing Phase
Step S1.Alice transforms the message P into the random qubit string   ' a t using the quantum onetime pad algorithm expressed in Equation (7) with her subkey t a .For each resulting qubit, one obtains Step After implementing Bell state measurements on her photon pairs, she obtains denotes one of Bell states performed on the i th photon pair.
Step S4.Alice transforms Bob via the authenticated quantum channels.

Verifying Phase
Step V1. Bob performs the quantum chaotic encryption algorithm on and V.If 0 V  , then it shows that the signature has been obviously forged; otherwise Bob informs Alice to publish her subkey t a and goes on to the next verification.
Step V6.Alice publishes the subkey t a by the secure public channel. Step

Impossibility of Fo
gnature the basis of the quantum chaotic encryption algorithm in terms of the GHZ triplet states or the single-qubit states without being entangled.As the aforementioned statements, it can also strengthen the security of the corresponding signature in a small-scale quantum computation network.
So far we have proposed an AQS sch improved quantum chaotic encryption algorithm.In this section, what we are concerned is the security of this scheme.
If an attacker Eve tries to forge Alice's si a S for her own sake, she should know the initially s secret key 0 a k and subkey a t .However, it is impossi- ble due to unconditional ecurity of quantum key distribution (QKD) [10,11].In addition, the usage of the chaotic encryption algorithm enhances the security of the present scheme [20,21].In a worse case that 0 a k is exposed to Eve, she can not succeed in forging t signature since she can not create the appropriate Bell state measurement Consequently, the forgery of Eve is impossible.
If the malicious Bob attempts to counterfeit Alice's signature a S in verifying phase, he also has to know Alice's secret key 0 a k to generate a S .However, the information that he can achieve betrays nothing about 0 a k from a S due to the properties of the chaotic opion strin erformed in quantum chaotic encryption algorithm [20,21].Therefore, Bob can not forge Alice's signature.Furtherm erat g p ore, in the previous AQS schemes [13,14], the security is mostly ensured against the distillation of the secret key from the transmitted signature.Unfortunately, there are some security flaws due to the usage of quantum one-time pad with Pauli operations x  and z  that have a relation . Therefor there is possible forgery atta es a dishonest user to modify the signature even without any knowledge of the secret key.Without loss of generality, we consider a case that the malicious Bob is an attacker.Actually, in order to avoid being disavowed by Bob, this scheme utilizes the secure classic channel for the transmission of the subkey a t that is assumed not be sus-

Conclusions
We have investigated an AQS scheme ceptible to be altered by an attacker [16].
based on the cryption system in three phases, i.e., ning phase and verifying phase.The Sci-(60902044, 61272495), the lents in University, China .042312quantum chaotic en initialing phase, sig signatory sign the message via the improved quantum chaotic encryption algorithm based on the chaotic operation string tied to the initial key and subkey shared with the arbitrator.The receiver verifies the signature with the aid of the arbitrator, who plays a crucial role when a possible dispute arises.The security is ensured by the employment of the quantum chaotic encryption system with the secret key and subkey being embedded in.Security analysis shows that the signature can not be forged by the attacker.In addition, neither the signatory nor the receiver can successfully disavow the signed message.
using the quantum onetime pad algorithm with her subkey .


which should be consistent with a S .After comparing two unknown states a S and c S[17][18][19], he sets the verification parameter1 V  if a S S  c ; otherwise he sets V = 0.Step V3.Charlie performs another quantum chaotic encryption algorithm on' , a P S and V using the chaotic string b the verification of the si ture.For the urther verification, Charlie needs to decrypt not wo the present scheme due to the fact he has to recover the initial message P with shows that Bob can not repudiate the integrality of the signature.

[ 1 ]
M. Nielsen and I. Chuang, "Quantum computation and quantum info University Press, Cambridge, 20 itted of the message excepts for his judgment V that shows its authenticity.Actually, it provides a potential approach for Charlie to resolve a dispute between Alice and Bob.Otherwise it is an exact message authentication instead of a signature.For example, Bob says that Alice signed for the message , P but Alice announces that she did not sign such a message (maybe she indeed signed another message [20,21]r Bob receives t a , he recovers Alice's encrypted qubit string a [20,21].After Charlie's verification, the message is transm to Bob, and hence he does not know the content , the signature is in form of ER P , where R and E note a quantum random ope and a quantum one-time pad encryption, respectively.If Bob implements a forgery attack by performing an operation Q, then the resulting signature becomes de ration QER P .In the verifying phase, Charlie obtains † † Alice only sign the transformed message via the quantum chaotic encryption algorithm based on the chaotic operation string.To restore the initial message P , Bob has to require Alice to publish her subkey a t then recovers the measurement result P