Multi-proxy Signature Scheme Using Five-qubit Entangled State Based on Controlled Quantum Teleportation

With the upgrading of communication technology and the rapid development of quantum computing, the classical digital signature schemes are faced with unprecedented challenges, so the research on quantum digital signature is imperative. In this paper, we propose a multi-proxy signature scheme based on controlled quantum teleportation of ﬁve-qubit entangled state. In this scheme, quantum fourier transform is used as an encryption method to encrypt message, which improves the quantum eﬃciency compared with the quantum one-time pad. The ﬁve-qubit maximally entangled state which is qubit threshold quantum error correction required is used as the quantum channel to ensure the stability of the scheme. Security analysis shows that our scheme is unforgeable and undeniable, and it can resist the intercept-resend attack.

Multi-proxy Signature Scheme Using Five-qubit Entangled State Based on Controlled Quantum Teleportation Digital signature has the function of traditional signature.It is an important technology to verify identity and ensure the integrity of legal information.Therefore, it has a wide application in e-commerce, information security and other fields.The security of most classical digital signature schemes depends on assumptions about difficult problems such as large integer factoring and discrete logarithm problem.With the continuous improvement of computer performance and the proposal of Shor algorithm [1], the security of classical cryptosystems is greatly challenged.Due to the physical characteristics of quantum, the study of quantum digital signature scheme is imperative.The concept of the quantum digital signature scheme was first proposed by Gottesman and Chuang [2] in 2001, using quantum one-way function to generate public key and employing quantum tests to verify the signatures.Based on the advantages of quantum security, various quantum signature schemes with quantum technologies are proposed successively.In 2019, Qin et al. [3] proposed a more efficient quantum multi-proxy signature scheme in practical application.In 2020, Tan et al. [4] argued that their scheme was not safe against proxy and forge attacks.To this end, they proposed an improved scheme, which not only retained the high efficiency characteristics of the original scheme but also improved the security of the scheme.In 2021, Gao et al. [5] proposed a new quantum (t, n) threshold group signature scheme based on d-dimensional quantum system, which had great advantages in terms of scalability.In 2022, Lu et al. [6] proposed a verifiable arbitration quantum signature scheme based on controlled quantum teleportation, which used mutually unbiased bases particles as decoy particles for eavesdropping detection and identity authentication, ensuring the security of the scheme.
The proxy signature scheme is a part of the digital signature.The proposal of multi-proxy signature scheme expands the application field of proxy signature.The proxy signature was first proposed in 1996 by Mambo et al. [7].In 2007, Wang et al. [8] constructed a novel identity-based multi-proxy signature scheme.The scheme proved to be safe in the random oracle model under the CDH (Computational Diffie-Hellman) assumption.In 2010, Zhang et al. [9] proposed an efficient proxy verifiable encrypted signature scheme that proved to be safe in the random oracle model.In 2013, Hwang et al. [10] proposed a new proxy signature scheme for designated verifiers that provided the ability to identify original and proxy signers and avoid abuse of signature power.In 2015, Asaar et al. [11] proposed the first identity-based proxy ring signature scheme based on the RSA assumption, which was improved in terms of security.In 2019, Zhang et al. [12] proposed an efficient proxy ring signature scheme without bilinear pairing ,which could be applied to real proxy environments and couldn't be forged in the random oracle model based on the discrete logarithmic problem assumption.In 2020, Wang et al. [13] proposed a sharing energy storage management model based on proxy signature in blockchain environment.The proposed proxy signature mechanism could achieve the delegation of digital signature power under the premise of security and reliability, which was applicable to the SES management model on blockchain.In 2021, Zheng et al. [14] proposed a proxy signature scheme for sensor networks that resisted network attacks, which reduced the storage cost required for traditional digital signature systems.In 2022, Chen et al. [15] proposed the first proxy re-signature scheme that could provide key-insulated property, which guaranteed the forward and backward security of the key.
Quantum teleportation is a technique that uses quantum entanglement and classical message interaction to transmit quantum states to any location.The concept of quantum teleportation was first proposed in 1993 by Bennet et al. [16].With the rapid development of quantum technology, the concept of quantum teleportation is constantly improved.In 2013, Cao et al. [17] proposed a weakly blind signature scheme based on truly entangled six qubits that guaranteed the unconditional security and anonymity of the message owner.In 2015, Cao et al. [18] proposed a quantum proxy weakly blind signature scheme with the five-qubit entangled state as quantum channel.In 2018, Niu et al. [19] proposed a quantum multi-proxy blind signature scheme based on fourqubit cluster state, whose security was guaranteed by the physical properties of quantum mechanics.In 2019, Liu et al. [20] proposed a quantum group proxy blind signature scheme based on five-qubit entangled state, in which the signer remained blindmmm to the signed messages content.However, he could still be traced.In 2020, Zheng et al. [21] proposed a semi-quantum proxy signature scheme for with quantum walk-based teleportation, which has better practical value.In 2021, Xia et al. [22] proposed a semi-quantum blind signature scheme based on five-particle GHZ state, which proposed a new eavesdropping detection method to improve the security of information interaction between the two communication parties.In 2022, You et al. [23] first proposed the concept of the quantum aggregate signature scheme that used the four-qubit cluster state as quantum channel.Most of the current schemes use the quantum onetime pad method for encryption.In order to improve the quantum efficiency of the encryption process, we find a new method that use the quantum fourier transform to encrypt the quantum message.
This paper proposes a multi-proxy signature scheme based on controlled quantum teleportation using five-qubit maximally entangled state as quantum channel.The five-qubit maximally entangled state [24] plays a key role in quantum information processing tasks, which is the qubit threshold [25,26] required for quantum error correction.This state exhibits genuine multipartite entanglement according to both negative partial transpose measure and the von Neumann entropy measure.This is more than the entanglement exhibited by the GHZ state, the W state and the cluster state [27].Even after tracing out one or two qubits from the state, entanglement sustains in the resulting subsystem and thus is highly"robust".The experiments in [28] discuss the principles of five-qubit entanglement and open teleportation, proving that studies of von Neumann, Bell, and single particle measurements are possible under existing development techniques and experimental conditions.The security of the scheme is guaranteed by the quantum key distribution protocol and the quantum fourier transform encryption method.The main contributions of this paper are as follows: (1) This paper uses the quantum fourier transform to encrypt messages, and the quantum efficiency is improved compared with the quantum one-time pad.
(2) In this paper, considering the five-qubit maximally entangled state as quantum channel gives the scheme high robustness.
(3) This scheme is unforgeable and undeniable and can resist interceptresend attack.

Preliminary Theory 2.1 Bell State
The four Bell states of two-qubit are: Assuming that Alice and Bob share a quantum state in one of the Bell states: where Due to the entanglement property of the EPR pair, particle (B) will collapse to the same state as particle (A) after Alice has already measured particle (A).Therefore, if Alice and Bob choose the same basis Bz = {|+⟩, |−⟩} or Bx = {|0⟩, |1⟩} to measure their particle separately, they will get the same result.For example, if both Alice and Bob choose Bx = {|0⟩, |1⟩} as the measurement basis, and Alice gets the result |+⟩, then Bob's measurement must also be |+⟩.However, after Alice's measurements, if Bob chooses a basis different from Alice, then he will get a random result.

Controlled Quantum Teleportation
The maximally entangled state of the five particles has the following form: This quantum teleportation consists of four participants: message owner Alice, proxy signer David, original signer Charlie, verifier Bob.David holds Particles (2,4), Charlie possesses Particles (1,5), Particle (3) is belong to Bob.
If Charlie allows Bob and David to complete their remote transmission, he will make the Bell measurements on his particles (1,5), and then he will send his measurements to David.
David makes the three-particle von Neumann measurement on his Particles (M, 2, 4) with the basis {|γ 1 ⟩, |γ 2 ⟩, . . ., |γ 8 ⟩}, where |γ i ⟩, (i=1,2,. . .,8) satisfy: David sends his measurements to Bob.According to the measurements of Charlie and David, Bob performs appropriate unitary operation on particle (3) and successfully reconstructs the original unknown quantum state.Under the control of David and Charlie, the unknown quantum state |ϕ⟩ M is successfully transmitted to the receiver Bob.The controlled quantum teleportation process is shown in Fig. 1.
Encryption algorithm: When the jth bit of the key is 0, fourier transform of the jth particle of the messages that needs to be encrypted, otherwise the unitary transformation of I is performed to obtain the encrypted messages.
(I2) Alice shares secret key K AB with Bob.Charlie shares secret key K BC with Bob. Bob shares secret key K BUj (j = 1, 2, ..., t) with U j , respectively.And Charlie shares secret key K CUj (j = 1, 2, ..., t) with U j , respectively.The unconditional security of key distribution process is achieved by the quantum key distribution(QKD) protocol [30,31].Fig. 2 shows the key distribution process.
where A j i and B j i denote the ith two entangled particles.In each EPR pair, U j sends particles A j i to Alice while leaving particles B j i to himself.Charlie produces 2n five-qubit Entangled states as quantum channel.He sends particles F j i and H j i to U j , and sends particles G j i to Bob, but particles E j i and I j i are left to himself.Particle distribution process is shown in Fig. 3.
Quantum channel is safe if their measurements satisfy the relationship in Table 1 or the error rate is less than the threshold value.Otherwise, they will stop the process.Similarly, the tn EPR pairs are also randomly selected by U j to ensure the security of the quantum channel between U j and Alice.The process is similar to the above process, we don't repeat the details.Alice measures her quantum sequences according to the message m.If m j (i) = 0, she will measure the particle A j i with the basis Bz = {|+⟩, |−⟩}.If m j (i) = 1, she will use the basis Bx = {|0⟩, |1⟩} to measure the particles A j i .The measurement results are recorded as M = {M 1 (1), . . ., M j (i), . . ., M t (n)}, where M j (i) ∈ {|0⟩, |1⟩, |+⟩, |−⟩}.Alice encodes the measurements into a calculated basis sequence of tn bits M ′ = {M ′ 1 (1), . . ., M ′ j (i), . . ., M ′ t (n)} by the method shown in Table 2, where M ′ j (i) ∈ {|1⟩, |2⟩, |3⟩, |8⟩}.
Table 2 Encode measurement results as calculated basis(1) Table 3 Encode measurement results as calculated basis(2)

Coding process1 Coding process2
Coding results (I5) Alice uses key K AB to encrypt M ′ via the QFT, when the qth(q = 1, 2, . . ., tn) bit of K AB is 0, QFT is performed on particle M ′ q = M ′ j (i).Otherwise, Alice performs I transform on particle M ′ q = M ′ j (i), and obtains the

Authorizing Phase
We choose U j to act as representative of all proxy signers to generate this signature.After receiving Alice's signature request, U j asks the original signer Charlie to authorize him to complete the proxy signature on message.Charlie keeps the particles (E j i , I j i ) in five-qubit maximally entangled state |ξ 5 ⟩.If Charlie agrees U j to sign the secret message M ′ , he will help U j and Bob to complete their teleporation.Charlie performs Bell measurements on particles (E j i , I j i ), and records the results as Γ Cj , he then encrypts Γ Cj with key K CUj to get encrypted message E K CU j {Γ Cj }.Charlie sends E K CU j {Γ Cj } to U j as his proxy authorization.If Charlie does not agree U j to sign the secret message, he terminates this teleporation.Charlie encrypts Γ C = {Γ C1 , Γ C2 , . . ., Γ Ct } with key K BC to get encrypted message Γ ′ C = E K BC {Γ C }, then sends Γ ′ C to Bob.

Signing Phase
After receiving the secret message E K CU j {Γ Cj }, U j decrypts it with key K CUj to obtain Γ Cj , and then performs three-particle von Neumann measurements on particles (B j i , F j i , H j i ).The measurement results are recorded as β Uj , then U j encrypts β Uj and Γ Cj with secret key K BUj to get secret message S Uj = E K U j {β Uj , Γ Cj }.U j sends S Uj = E K U j {β Uj , Γ Cj } to Bob. {S U1 , S U2 , . . ., S Ut } is U j 's proxy signatures for M ′ .

Verifying Phase
Bob first verifies the agent identity, and then verifies the validity of U j 's proxy signature.Bob receives secret message M ′′ sent to him by Alice, and then decrypts M ′′ with the key K AB .After Bob measures the decrypted quantum message with the calculated basis, M ′ is obtained.After Bob receives Γ ′ C = E K BC {Γ C } that Charlie sends to him, he decrypts it with key K BC to get Γ C .Bob receives S Uj = E K U j {β Uj , Γ Cj } sent to him by U j , and decrypts it with the key K BUj to obtain β Uj and Γ ′′ Cj .If Γ C = {Γ ′′ C1 , Γ ′′ C2 , . . ., Γ ′′ Ct }, then U j is trusted.Bob will perform the following steps to verify the validity of the signature.Otherwise, he would end the agreement.Based on the messages Γ C and β Uj , Bob performs unitary operations on the particles G j i to reconstruct the original unknown quantum state.
Based on the message M ′ obtained by Bob.When M ′ = |0⟩ or |1⟩, Bob performs single particle measurement on particle G j i based on the basis {|0⟩, |1⟩}.When M ′ = |2⟩ or |3⟩, Bob performs single particle measurement on particle G j i based on the basis {|+⟩, |−⟩}.The measurement result is encoded as a calculated basis sequence of tn bits according to the coding method described Table 5 The measurements of each participant Charlie's measurement results

U j 's measurement results
Particles G j i Unitary operations above.The result is recorded as , the proxy signature is valid.Otherwise, Bob will reject it.
For both Alice and U 3 , suppose that the measurement result is , and then are encrypted with key K AB = 010010101101100 to obtain M ′′ .The QFT is per- }, the rest particles are subjected to I transformed.Alice sends the result M ′′ to Bob.
Step S3.After receiving Γ ′ Cj that sent by Charlie, U j use secret key K CUj to decrypt it, and then get Γ Cj .U 1 performs the von Neumann measurements on particles (B 1  1 The von Neumann measurements are performed on the particles (B 3  1 3 , the signatures are valid.

Correctness Analysis
Theorem 1 If Bob receives Γ ′ C correctly during the verifying phase, then Bob can know that the proxy signer U j is trusted.
Proof of Theorem 1 During the verifying phase, Bob receives S Uj = E K BU j {β Uj , Γ Cj } from U j .Since the key K BUj is shared by Bob and U j through QKD, the adversary can not get any message about the key.Therefore, if there is an adversary who wants to forge Γ ′ C , which can be found by the verifier.Bob can get the correct Γ ′ C only if the S sent by U j is correct, the proxy signer U j is trusted.□ Theorem 2 If C = M ′ , the proxy signature scheme is correct.
Proof of Theorem 2 Due to the entanglement properties of the EPR pairs, particles B j i will collapse to the same state with particles A j i after Alice measures the particles A j i .Charlie performs the Bell measurements on particles (E j i I j i ).Charlie encrypts the measurements and sends the encrypted measurements to U j and Bob, respectively.After receiving the encrypted results, U j performs the von Neumann measurement on particles (B j i F j i H j i ).He encrypts the measurements and sends it to Bob.According to Γ C and β Uj , Bob measures particles G j i to reconstruct the original quantum state to get M ′ .Then, he can measure particles G j i according to the measurement M ′ .Finally he found that C = M ′ , then the signature is valid.□ 6 Security Analysis

Non-deniability
In the scheme of this paper, we get the original signer Charlie and the proxy signer U j cannot deny their authorization and signature.According to the authorizing phase in Section 3, we learned that U j needs to decrypt the authorization sent by Charlie with K CUj .However, the key distribution is done via the QKD protocol, which is unconditional security.The proxy signer U j cannot perform the Bell measurements on particles (E j i I j i ) to get the measurements.So U j cannot deny the authorization.Under the above analysis, the original signer Charlie cannot deny his authorization.Similarly, U j 's proxy signature cannot be denied by himself because of the unconditional security of the QKD protocol.

External Attacker Eve cannot Forge the Signature
Suppose the attacker Eve wants a forged signature of U j , she needs to know the measurement Γ Cj from Charlie's Bell measurement, the von Neumann measurement β Uj and the shared key K BUj between the proxy signer U j and the verifier Bob.However, Eve cannot know the Bell measurement Γ Cj , von Neumann measurement β Uj , and the key distribution is all done through the quantum channels, the QKD protocol has unconditional security.Therefore, Eve cannot know the key shared between U j and Bob to complete the signature S.

Message Owner Alice Fails to Forge the Signature
Assuming that the message owner Alice wants to forge the signature, she needs to know the measurement Γ Cj from Charlie's Bell measurement, the von Neumann measurement β Uj and the shared key K BUj between the proxy signer U j and the verifier Bob.If Alice fails to correctly know the Bell measurement Γ Cj , von Neumann measurement β Uj and the key K BUj , she will get the wrong signature.The signature is sent to the verifier later can not pass the verification, the verification is invalid.Due to the unconditional security of the QKD protocol, Alice cannot get the key K BUj shared between the proxy signer U j and the verifier Bob.The Bell measurement Γ Cj and the von Neumann measurement β Uj could not be known by Alice.So the message owner Alice cannot forge the signature.

The Original Signer Charlie cannot Forge the Signature
Because Charlie cannot know the key K BUj shared between the proxy signer U j and the verifier Bob, so he not implement the forgery of the signature.

The Verifier Bob cannot Forge the Signature
If the verifier Bob wants to forge the signature, he needs to know the Bell measurement Γ Cj , the von Neumann measurement β Uj , as well as the key K BUj .However, he is unable to know the von Neumann measurement Γ Cj , so the verifier Bob cannot forge the signature.

Resistance of Intercept-resend Attack
Our scheme can resist intercept-resend attack.Suppose there is an attacker Eve, she is able to capture the particles that Charlie sends to Bob and U j .She replaces them with her own particles.She will inevitably destroy the relevance of particles in quantum states, so it can be discovered by Bob.

Efficiency Analysis
According to [32], the quantum efficiency of this scheme can be defined as: Here, we need not consider the number of bits required for the eavesdropping check.b s represents the number of bits of the message m, q t represents the number of qubits transmitted in the quantum channels, b t represents the number of classical bits transmitted in the classical channels.In our scheme, the length of the message m is tn bits.In the initializing phase, the quantum messages transmitted between Alice and U j are tn qubits; the quantum messages transmitted between Charlie and U j are 2tn qubits; the quantum messages transmitted by Charlie with Bob are tn bits.In the authorizing phase, the quantum messages transmitted between Charlie and U j are tn qubits.In the signing phase, the quantum messages transmitted between U j and Bob are 2tn qubits; the quantum messages transmitted between Charlie and Bob tn qubits.q t = tn + 2tn + tn + tn + 2tn + tn = 8tn.Therefore, the efficiency of our scheme is shown to be: Eavesdropping check yes no no

Conclusions
In this paper, we propose a multi-proxy signature scheme based on controlled quantum teleportation, using a five-qubit maximally entangled state as quantum channel.Different from quantum signature schemes in cryptography, the security of our scheme is ensured by QFT encryption and QKD.Therefore, it is unconditional security.The proposed scheme takes five-qubit maximally entangled state as the quantum channel, and five-qubit entangled state plays a key role in quantum information processing tasks, which is the qubit threshold required for quantum error correction.At present, most signature schemes use quantum one-time pad encryption method to encrypt messages.In order to improve the quantum efficiency of the encryption process, we propose a new method that use the QFT to encrypt the quantum messages.Security analysis shows that our scheme is unforgeable and undeniable, and it can also against intercept-resend attack.Our scheme also employs the von Neumann measurements, Bell measurements, and single particle measurements.It is easy to implement under the current technology and experimental conditions.

Table 1
The results of the eavesdropping detection measurements

Table 6
Scheme comparison