IntJTheorPhys(2015)54:2605–2612DOI10.1007/s10773-014-2491-0NovelQuantumProxySignaturewithoutEntanglementGuang-baoXuReceived:26July2014/Accepted:20December2014/Publishedonline:13January2015©SpringerScience+BusinessMediaNewYork2015AbstractProxysignatureisanimportantresearchtopicinclassiccryptographysinceithasmanyapplicationoccasionsinourreallife.Butonlyafewquantumproxysignatureschemeshavebeenproposeduptonow.Inthispaper,weproposeaquantumproxysignaturescheme,whichisdesignedbasedonquantumone-timepad.Ourschemecanberealizedeas-ilysinceitonlyusessingle-particlestates.Securityanalysisshowsthatitissecureandmeetsallthepropertiesofaproxysignature,suchasverifiability,distinguishability,unforgeabilityandundeniability.KeywordsProxysignature·Arbitratedquantumsignature·Quantumproxysignature1IntroductionAsanimportantbranchofcryptography,classicdigitalsignature(CDS)hasbeenwidelyusedinmanypracticalapplications,suchase-paymentsystem,e-government,andsoon.Inreallife,somespecialrequirementsareneededandproxysignatureisakindofspecialCDS.Proxysignature,whichallowsthatanoriginalsignerauthorizesaproxysignertosignamessageonbehalfofhim/her,wasfirstlyproposedbyMamboetal.[1]in1996.Sincethen,manyproxysignatureschemes[2–5]havebeenproposed,whichgreatlyenrichestheresearchofdigitalsignatureandbroadensthescopeofapplicationofdigitalsignature.How-ever,mostofCDSschemesincludingproxysignatureschemesarebasedoncomputationalcomplexity[6,7].Withthedevelopmentofquantumcomputingalgorithms,theybecomeG.-b.Xu(�)StateKeyLaboratoryofNetworkingandSwitchingTechnology,BeijingUniversityofPostsandTelecommunications,Beijing,100876,Chinae-mail:xuguangbao@163.comG.-b.XuCollegeofMathematicsandSystemsScience,ShandongUniversityofScienceandTechnology,Qingdao,266590,Shandong,China2606IntJTheorPhys(2015)54:2605–2612moreandmorevulnerable.Fortunately,quantumcryptography[8],whichisbasedonquan-tummechanicsandphysicalprinciples,canresisttheattacksofquantumalgorithmseventheattackershaveunlimitedcomputationalpower.Intheprocessofquantumcryptogra-phyresearch,manyresearchresultsarepresented,suchasquantumkeydistribution[9–14],quantumsecretsharing[15–19]andquantumsignature[20–27,31–38].Quantumsignature(QS),asanimportantquantumcryptographicprimitive,hasattractedalotofattentionsinceitwasfirstlyintroducedbyGottesmanandChuang[21].Itcanofferthefunctionsofmessageauthenticationandundeniability.In2002,Barnumetal.[22]pointedoutthatdigitallysigningquantumstatesisimpossiblebecauseonemustdoaperfectencryptiononaquantummessageifhewantstosecurelyauthenticateit.How-ever,scholarsdonotceasetheresearchofquantumsignature.Inthesameyear,ZengandKeitel[23]presentedanarbitratedquantumsignature(AQS)basedonGreenberger-Horne-Zeilinger(GHZ)states.Curtyetal.[24]pointedoutthesecuritystatementsclaimedbytheauthorsareincorrectinRef[23].In2007,Wangetal.[25]proposedaneffi-cientquantumsignatureschemeofclassicalmessages.Theauthorsclaimedtheschemeisefficientthanotherquantumsignatureschemes.In2009,Lietal.[26]proposedanarbi-tratedquantumsignatureschemeusingBellstates,whichsimplifiesZengetal.’sprotocolbyreplacingGHZstateswithBellones.Zouetal.[27]presentedanotherAQSschemewithoututilizingentangledstatesinthesigningphaseandtheverifyingphase.In2011,Gaoetal.[28]pointedoutthereceivercanforgethesender’ssignatureandthesendercandenyhissignatureinLietal.’sschemeandZouetal.’sscheme.Choietal.[29]pointedoutthatthereexistsanexistentialforgeryattackthatcanvalidlymodifythetrans-mittedpairofmessageandsignatureinthepreviousschemes[23,24,26,27,30,31].Infact,theattackproposedin[29]isidenticaltotheoneof[28].Yangetal.[36]pro-posedamulti-proxyquantumgroupsignatureschemein2008,whichcanbeusedforsigningclassicalmessage.Shietal.[37]presentedamultipartyquantumproxygroupsig-natureschemefortheentangledstatemessagewithquantumfouriertransformin2011.In2012,Wangetal.[38]proposedaone-timeproxysignaturebasedonquantumcryp-tography,whichhasallthepropertiesofproxysignature.However,theschemecanonlysignaclassicmessageratherthanaquantumone.Furthermore,theuseofonewayhashfunctionmakestheschemevulnerablesincehashfunctionisbasedoncomputationcomplexity.Inthispaper,Weproposeaquantumproxysignature(QPS)scheme.Thesecurityoftheschemeisbasedonthelawsofquantumphysics.Therestofthepaperisarrangedasfollows.InSection2,somepreliminariesareintroduced.InSection3,ournewQPSschemeisdescribed.InSection4,thesecurityoftheproposedQPSschemeisdiscussed.Atlast,ashortconclusionisgiveninSection5.2Preliminaries2.1ThePropertiesofProxySignatureInthissection,letusintroducetheproperties[38]ofproxysignature.Therearefourpar-ticipantsinaproxysignaturescheme,anoriginalsigner,aproxysigner,areceiverandanarbitrator.Ingeneral,aproxysignatureshouldmeetthefollowingproperties:(1)Verifiability.Thevalidityofproxyauthorizationandproxysignaturecanbeverified.IntJTheorPhys(2015)54:2605–26122607(2)Distinguishability.Theproxysignatureandtheoriginalsigner’ssignaturecanbedistinguishedbythearbitrator.(3)Unforgeability.Nobodycangenerateavalidproxysignatureexceptfortheproxysigner.(4)Undeniability.Oncetheproxysignatureisverifie
