Digital signature (DS) is an essential application of cryptography, used to certify the provenance of a message and its authenticity, guaranteeing the non-repudiation, unforgeability, and transferability of messages. However, the forthcoming advent of quantum computation poses a significant threat to classical signature schemes. A possible solution could be the introduction of novel DS schemes based on the fundamental laws of quantum physics. Recently, several quantum DS (QDS) protocols have been proposed, even relying on the exploitation of off-the-shelf quantum key distribution (QKD) solutions. However, their efficiency and large signature size, uncorrelated to the size of the message to sign, represent the main limitation in their employment in a practical scenario. A trade-off solution could be a quantum-assisted DS (QADS), where the QKD technology is exploited together with classical cryptographic functions to achieve a stronger DS scheme, more resistant even to quantum attacks. We propose a generalized quantum-assisted digital signature (G-QADS) protocol based on a hybrid system, composed by the standard Wegman-Carter Message Authentication Code (WG-MAC) together with symmetric QKD keys, to enhance the security of the DS, allowing messages with arbitrary lengths to be signed while maintaining a suitable DS length. In this work, the G-QADS process is proposed for a three-party configuration (one signer and two verifiers), where the third participant is involved in the procedure just in the case of contention between the other two parties. The G-QADS protocol is then experimentally tested to prove its resilience to forging and non-repudiation attacks, demonstrating its capability in securing the message signature (with a success probability of the attacks < 10-18). The performance is experimentally tested exploiting QKD prototypes based on standard BB84 protocol with decoy states and polarization encoding, in a software-defined network (SDN) infrastructure supervised by a single SDN controller, which provides the management of both classical and quantum communication channels. The proposed solution could push the practical exploitation of QKD into a new application domain, leading to a more pervasive integration of quantum technology in realistic scenarios.
Generalized quantum-assisted digital signature service in an SDN-controlled quantum-integrated optical network
Ferrari, Marco;Brunero, Marco;Gagliano, Alessandro;Martelli, Paolo;Gatto, Alberto
2025-01-01
Abstract
Digital signature (DS) is an essential application of cryptography, used to certify the provenance of a message and its authenticity, guaranteeing the non-repudiation, unforgeability, and transferability of messages. However, the forthcoming advent of quantum computation poses a significant threat to classical signature schemes. A possible solution could be the introduction of novel DS schemes based on the fundamental laws of quantum physics. Recently, several quantum DS (QDS) protocols have been proposed, even relying on the exploitation of off-the-shelf quantum key distribution (QKD) solutions. However, their efficiency and large signature size, uncorrelated to the size of the message to sign, represent the main limitation in their employment in a practical scenario. A trade-off solution could be a quantum-assisted DS (QADS), where the QKD technology is exploited together with classical cryptographic functions to achieve a stronger DS scheme, more resistant even to quantum attacks. We propose a generalized quantum-assisted digital signature (G-QADS) protocol based on a hybrid system, composed by the standard Wegman-Carter Message Authentication Code (WG-MAC) together with symmetric QKD keys, to enhance the security of the DS, allowing messages with arbitrary lengths to be signed while maintaining a suitable DS length. In this work, the G-QADS process is proposed for a three-party configuration (one signer and two verifiers), where the third participant is involved in the procedure just in the case of contention between the other two parties. The G-QADS protocol is then experimentally tested to prove its resilience to forging and non-repudiation attacks, demonstrating its capability in securing the message signature (with a success probability of the attacks < 10-18). The performance is experimentally tested exploiting QKD prototypes based on standard BB84 protocol with decoy states and polarization encoding, in a software-defined network (SDN) infrastructure supervised by a single SDN controller, which provides the management of both classical and quantum communication channels. The proposed solution could push the practical exploitation of QKD into a new application domain, leading to a more pervasive integration of quantum technology in realistic scenarios.| File | Dimensione | Formato | |
|---|---|---|---|
|
QADS_invited_JOCN__revision.pdf
accesso aperto
:
Pre-Print (o Pre-Refereeing)
Dimensione
16.21 MB
Formato
Adobe PDF
|
16.21 MB | Adobe PDF | Visualizza/Apri |
|
jocn-17-2-a155.pdf
Accesso riservato
:
Publisher’s version
Dimensione
3.63 MB
Formato
Adobe PDF
|
3.63 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
