A digital signature permits a sender to mark a digital transmission so that recipients of the transmission can confirm the origin of the transmission and detect tampering with the transmission. A transmission with a digital signature is thus secure to the extent that only an authorized party can provide the required digital signature authenticating the transmission. For transmissions with conventional digital signatures, the security of a transmission is based on assumptions regarding one-way mathematical functions that convert private information (e.g., a private key) to information for public transmission. However, the security of one-way functions against conventional computing power is generally unproven, and at least some one-way functions are insecure against quantum computing technology, thereby allowing an unauthorized party to extract private information from public transmissions and then forge digital signatures.
Quantum digital signature techniques such as described by Gottesman and Chuang, “Quantum Digital Signatures” (arXiv:quant-ph/0105032) use fundamental principles of quantum physics for secure transmissions of information. These techniques allow a sender to sign a message using a quantum state as a signature. In particular, the sender can prepare copies of a quantum state corresponding to private information that only the sender knows. The sender can then distribute the copies of the quantum state to chosen recipients that use their copies of the quantum state to authenticate the message or detect tampering. The quantum no-cloning theorem prevents persons other than the sender from making further copies of the quantum state/signature, and interception and measurement destroy the quantum signature while providing only limited clues regarding the private information. Accordingly, with proper distribution methods, a quantum digital signature can be kept secure.
Certification of a quantum digital signature generally requires comparisons of copies of the quantum state representing the signature. Efficient methods for state comparisons are thus required.