Top

Soft Computing

Published in:

Open Access 06-07-2017 | Methodologies and Application

Categorical quantum cryptography for access control in cloud computing

Authors: Lirong Qiu, Xin Sun, Juan Xu

Published in: Soft Computing | Issue 19/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Patentsearch

Off

Abstract

Access control is a mechanism that is used to decide which agent has access to which resource with some specific operations. This paper is devoted to the investigation of quantum cryptography in access control. We develop three quantum protocols and use them for key distribution, identity authentication and digital certification, respectively. We analyze our protocols by the graphical language of categorical quantum mechanics. These protocols are unconditionally secure and implementable by the current technology.

Communicated by V. Loia.

1 Introduction

In this paper, we study the application of quantum cryptography in access control in cloud computing. Models of access control in cloud computing are developed in Wang et al. (2009) and Hota et al. (2011). The model from Hota et al. (2011) is visualized in Fig. 1. The data owner stores encrypted data on the cloud which the user wants to access. The data owner distributes the decryption key and a digital certificate to the user if the access control policy permits the user to access. The user shows the certificate to the cloud and receives the encrypted data as shown in Fig. 1.

Hota et al. (2011) use classic cryptography to grant access. It is well known that once a large-scale quantum computer is built, the existing popular encryption schemes may be efficiently broken (Shor 1994). Quantum cryptography is theoretically unbreakable and will be heavily needed in the coming quantum era.

In this paper, we further develop the model of access control in cloud computing proposed by Hota et al. (2011), by using quantum cryptography to grant access to agents. No entanglement is used in our protocols, which makes them implementable by current technologies. We present our quantum protocols in the framework of categorical quantum mechanics (Abramsky and Coecke 2004; Coecke and Duncan 2008; Selinger 2011; Coecke et al. 2011; Backens et al. 2016), which is the study of quantum foundations and quantum information using category theory. We choose categorical quantum mechanics because it provides us an elegant graphics language, the ZX-calculus (Coecke and Duncan 2008), to help us design and verify quantum protocols.

The structure of the rest of this paper is as follows: After a brief review of the background knowledge on quantum computation and categorical quantum mechanics in Sect. 2, we present three quantum protocols for key distribution, authentication and certification, respectively, and show that they are unconditionally secure in Sect. 3. We discuss related works in Sect. 4 and conclude this paper in Sect. 5.

2 Quantum theory

This section serves as an oversimplified introduction to quantum computation and categorical quantum mechanics. We only focus on those knowledge which is needed to understand the protocols we will present in Sect. 3.

2.1 Qubits

The building block of quantum information is quantum bit, or qubit for short. Qubits are the fundamental units of information in quantum information processing in the same way that bits are the fundamental units of information for classical information processing.

Definition 1

(qubit) A qubit $\left[ \begin{matrix} a \\ b \end{matrix} \right] $ is a column vector in which a and b are complex numbers such that $|a|^2 + |b|^2 =1$.

We will use the Dirac notation to denote qubits: A qubit $\overrightarrow{\mathbf{x }} = \left[ \begin{matrix} a \\ b \end{matrix} \right] $ is denoted in Dirac notation as $|\mathbf x \rangle $. There are four special qubits which frequently appear in the literature:

$$\begin{aligned} |0\rangle = \left[ \begin{matrix} 1 \\ 0 \end{matrix} \right] , |1\rangle =\left[ \begin{matrix} 0 \\ 1 \end{matrix} \right] , |+\rangle = \frac{1}{\sqrt{2}} \left[ \begin{matrix} 1 \\ 1 \end{matrix} \right] , |-\rangle = \frac{1}{\sqrt{2}} \left[ \begin{matrix} 1 \\ -1 \end{matrix} \right] . \end{aligned}$$

For two qubits $|\mathbf x \rangle $ and $ |\mathbf y \rangle $, if $|\mathbf x \rangle =c |\mathbf y \rangle $ for some complex number c, then such c is called a global phase. A global phase has no physical meaning, which means $|\mathbf x \rangle $ and $|\mathbf y \rangle $ represents the same physical state. For a qubit $|\mathbf x \rangle = \left[ \begin{matrix} a \\ b \end{matrix} \right] $, the adjoin of $|\mathbf x \rangle $ is a row vector $\langle \mathbf x | = [ \overline{a}, \overline{b}] $, where $\overline{a}$ and $\overline{b}$ are the conjugate of a and b, respectively.

Table 1

Quantum gates on qubits

State	Operation
State	I	H	X
$\|0\rangle $	$\|0\rangle $	$\|+\rangle $	$\|1\rangle $
$\|1\rangle $	$\|1\rangle $	$\|-\rangle $	$\|0\rangle $
$\|+\rangle $	$\|+\rangle $	$\|0\rangle $	$\|+\rangle $
$\|-\rangle $	$\|-\rangle $	$\|1\rangle $	$\|-\rangle $

2.2 Quantum gates

The operation on qubits is called quantum gates, which are mathematically represented as matrices.

Definition 2

(quantum gate) A quantum gate $U= \left[ \begin{matrix} a &{} \quad b \\ c &{}\quad d \end{matrix} \right] $ is an $2\times 2$ matrix over complex numbers such that $U U^{\dagger } =I$, where I is the identity matrix of rank 2 and $U^{\dagger }= \left[ \begin{array}{ll} {\overline{a}} &{}\quad {\overline{c}} \\ {\overline{b}} &{} \quad {\overline{d}} \end{array} \right] $ is the transpose conjugate of U.

The following are three famous quantum gates which are widely used in the literature:

$$\begin{aligned} I= \left[ \begin{matrix} 1 &{} \quad 0 \\ 0 &{}\quad 1 \end{matrix} \right] , H=\frac{1}{\sqrt{2}} \left[ \begin{matrix} 1 &{}\quad 1 \\ 1 &{}\quad -1 \end{matrix} \right] ,X=\left[ \begin{matrix} 0 &{}\quad 1 \\ 1 &{}\quad 0 \end{matrix} \right] . \end{aligned}$$

Here I is the identity gate. H is the Hadamard gate, and X is the Pauli-X gate. The application of I, X and H gates to qubits $|0\rangle $, $|1\rangle $, $|+\rangle $ and $|-\rangle $ is shown in Table 1 (with globe phase omitted). For example,

$$\begin{aligned} H |0\rangle = \frac{1}{\sqrt{2}} \left[ \begin{matrix} 1 &{}\quad 1 \\ 1 &{} \quad -1 \end{matrix} \right] \left[ \begin{matrix} 1 \\ 0 \end{matrix} \right] = \frac{1}{\sqrt{2}} \left[ \begin{matrix} 1 \\ 1 \end{matrix} \right] =|+\rangle . \end{aligned}$$

2.3 Measurement

To acquire information about a qubit, a measurement must be performed on it. In quantum computation, measurements are usually used to read out a computational result. A quantum measurement on a qubit is described by a collection $\{M_k\}$ of $2\times 2$ matrix satisfying

$$\begin{aligned} \sum _{k} M_k^{\dagger } M_k =I \end{aligned}$$

where $M_k$ is called measurement operators, and the index k is used to label the measurement outcomes. Note that k is simply labels and has no special meanings. If we are to measure a qubit $|\mathbf x \rangle $, then the probability that result k occurs is

$$\begin{aligned} p(k)= \langle \mathbf x | M_k^{\dagger } M_k | \mathbf x \rangle , \end{aligned}$$

which is calculated by matrix multiplication.

Example 1

The measurement on a qubit in the computational basis $\{| 0 \rangle ,| 1 \rangle \}$ is $M^c=\{M_0,M_1\}$, where

$$\begin{aligned} M_0= | 0 \rangle \langle 0 | =\left[ \begin{matrix} 1 &{}\quad 0 \\ 0 &{} \quad 0 \end{matrix} \right] , M_1= | 1 \rangle \langle 1 | = \left[ \begin{matrix} 0 &{} \quad 0 \\ 0 &{}\quad 1 \end{matrix} \right] . \end{aligned}$$

If we measure the qubit $|+ \rangle $ by $M^c$, then the probability of the occurrence of result-0 is

$$\begin{aligned} p(0)= & {} \langle + | M_0^{\dagger } M_0 | + \rangle \\= & {} \left[ \frac{1}{\sqrt{2}} ,\frac{1}{\sqrt{2}} \right] \left[ \begin{array}{ll} 1 &{}\quad 0 \\ 0 &{}\quad 0 \end{array} \right] \left[ \begin{array}{ll} 1 &{} \quad 0 \\ 0 &{}\quad 0 \end{array} \right] \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ \frac{1}{\sqrt{2}} \end{array} \right] \\= & {} \left[ \frac{1}{\sqrt{2}} ,\frac{1}{\sqrt{2}} \right] \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ 0 \end{array} \right] = \frac{1}{2} . \end{aligned}$$

A similar calculation will show that the probability of getting result-1 is also $\frac{1}{2}$.

Example 2

The measurement on a qubit in the symbolic basis $\{| + \rangle ,| - \rangle \}$ is $M^s=\{M_+,M_-\}$, where

$$\begin{aligned} M_+= | + \rangle \langle + | = \frac{1}{2} \left[ \begin{matrix} 1 &{}\quad 1 \\ 1 &{}\quad 1 \end{matrix} \right] , M_-= | - \rangle \langle - | = \frac{1}{2} \left[ \begin{matrix} 1 &{}\quad -1 \\ -1 &{}\quad 1 \end{matrix} \right] . \end{aligned}$$

If we measure the qubit $|0 \rangle $ by $M^s$, then the probability of the occurrence of result-+ is

$$\begin{aligned} p(+)= & {} \langle 0 | M_+^{\dagger } M_+ | 0 \rangle = \left[ 1 ,0 \right] \left[ \begin{array}{ll} \frac{1}{2} &{} \quad \frac{1}{2} \\ \frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] \left[ \begin{array}{ll} \frac{1}{2} &{}\quad \frac{1}{2} \\ \frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] \left[ \begin{array}{l} 1 \\ 0 \end{array} \right] \\= & {} \left[ \frac{1}{{2}} ,\frac{1}{{2}} \right] \left[ \begin{array}{l} \frac{1}{{2}} \\ \frac{1}{{2}} \end{array} \right] = \frac{1}{2} . \end{aligned}$$

A similar calculation will show that the probability of getting result-− is also $\frac{1}{2}$.

2.4 Graphical calculus for quantum computation

The ZX-calculus introduced by Coecke and Duncan (2008) is a graphical calculus for quantum computation. Due to the built-in rewrite rules for diagrams, quantum computation can be performed graphically in ZX-calculus.

Diagrams of the ZX-calculus consist of nodes and wires between them. A quantum gate is represented by a diagram in which there are exactly two wires connected to any node. There are three types of nodes in ZX-calculus: where the phases $\phi , \theta \in [0,2\pi )$. A green node with phase $\phi $ is called a $Z(\phi )$ node while a red node with phase $\theta $ is called a $X(\theta )$ node. The yellow node has no phase, and it is called Hadamard node. Diagrams are read from bottom to top, that is, the wire at the bottom is considered as the input while the one on the top is the output. For example, the I and X gates can be represented by Z(0) and $X(\pi )$ nodes, respectively. Indeed,

$$\begin{aligned} Z(0)= & {} |0\rangle \langle 0|+e^{i0} |1\rangle \langle 1| = |0\rangle \langle 0|+ |1\rangle \langle 1| \\= & {} \left[ \begin{array}{l} 1 \\ 0 \end{array} \right] \left[ 1 ,0 \right] + \left[ \begin{array}{l} 0 \\ 1 \end{array} \right] \left[ 0 ,1 \right] \\= & {} \left[ \begin{array}{ll} 1 &{}\quad 0 \\ 0 &{} \quad 0 \end{array} \right] + \left[ \begin{array}{ll} 0 &{}\quad 0 \\ 0 &{}\quad 1 \end{array} \right] = \left[ \begin{array}{ll} 1 &{}\quad 0 \\ 0 &{}\quad 1 \end{array} \right] .\\ X(\pi )= & {} |+\rangle \langle +|+e^{i\pi } |-\rangle \langle -| = |+\rangle \langle +|- |-\rangle \langle -|\\= & {} \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ \frac{1}{\sqrt{2}} \end{array} \right] \left[ \frac{1}{\sqrt{2}} ,\frac{1}{\sqrt{2}} \right] - \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ -\frac{1}{\sqrt{2}} \end{array} \right] \left[ \frac{1}{\sqrt{2}} ,-\frac{1}{\sqrt{2}} \right] \\= & {} \left[ \begin{array}{ll} \frac{1}{2} &{}\quad \frac{1}{2} \\ \frac{1}{2} &{} \quad \frac{1}{2} \end{array} \right] - \left[ \begin{array}{ll} \frac{1}{2} &{} \quad -\frac{1}{2} \\ -\frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] = \left[ \begin{array}{ll} 0 &{}\quad 1 \\ 1 &{}\quad 0 \end{array} \right] . \end{aligned}$$

Connecting the output of one node to the input of another corresponds to the composition of operators. Therefore, corresponds to

$$\begin{aligned} X(\pi ) Z(\pi )= & {} (|+\rangle \langle +|+e^{i\pi } |-\rangle \langle -|)(|0\rangle \langle 0|+e^{i\pi } |1\rangle \langle 1|) \\= & {} \left[ \begin{matrix} 0 &{}\quad 1 \\ 1 &{}\quad 0 \end{matrix} \right] \left[ \begin{matrix} 1 &{} \quad 0 \\ 0 &{}\quad -1 \end{matrix} \right] = \left[ \begin{matrix} 0 &{}\quad -1 \\ 1 &{}\quad 0 \end{matrix} \right] . \end{aligned}$$

The ZX-calculus contains rewriting rules that allow the derivation of equalities between diagrams. The rules related to this article are the following, where n is an integer: In the next section, we will use the following X-gates for encryption and decryption:

$X(0)= I$
$X(\frac{\pi }{2}) =|+\rangle \langle +|+e^{\frac{\pi }{2}i} |-\rangle \langle -| = |+\rangle \langle +|- i|-\rangle \langle -| $
$$\begin{aligned}= & {} \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ \frac{1}{\sqrt{2}} \end{array} \right] \left[ \frac{1}{\sqrt{2}} ,\frac{1}{\sqrt{2}} \right] - i \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ -\frac{1}{\sqrt{2}} \end{array} \right] \left[ \frac{1}{\sqrt{2}} ,-\frac{1}{\sqrt{2}} \right] \\= & {} \left[ \begin{array}{ll} \frac{1}{2} &{}\quad \frac{1}{2} \\ \frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] - i\left[ \begin{array}{ll} \frac{1}{2} &{} \quad -\frac{1}{2} \\ -\frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] = \frac{1}{2} \left[ \begin{array}{ll} 1-i &{}\quad 1+i \\ 1+i &{}\quad 1-i \end{array} \right] . \end{aligned}$$
$X(\pi )= X$
$X(\frac{3\pi }{2}) =|+\rangle \langle +|+e^{\frac{3\pi }{2}i} |-\rangle \langle -| = |+\rangle \langle +|+ i|-\rangle \langle -| $
$$\begin{aligned}= & {} \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ \frac{1}{\sqrt{2}} \end{array} \right] \left[ \frac{1}{\sqrt{2}} ,\frac{1}{\sqrt{2}} \right] + i \left[ \begin{array}{l} \frac{1}{\sqrt{2}} \\ -\frac{1}{\sqrt{2}} \end{array} \right] \left[ \frac{1}{\sqrt{2}} ,-\frac{1}{\sqrt{2}} \right] \\= & {} \left[ \begin{array}{ll} \frac{1}{2} &{} \quad \frac{1}{2} \\ \frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] + i\left[ \begin{array}{ll} \frac{1}{2} &{} \quad -\frac{1}{2} \\ -\frac{1}{2} &{}\quad \frac{1}{2} \end{array} \right] \\= & {} \frac{1}{2} \left[ \begin{array}{ll} 1+i &{} \quad 1-i \\ 1-i &{} \quad 1+i \end{array} \right] . \end{aligned}$$

Applying $X(\frac{\pi }{2})$ to $|0\rangle $, we get

$$\begin{aligned} \frac{1}{2} \left[ \begin{matrix} 1-i &{}\quad 1+i \\ 1+i &{}\quad 1-i \end{matrix} \right] \left[ \begin{matrix} 1 \\ 0 \end{matrix} \right] = \frac{1}{2} \left[ \begin{matrix} 1- i \\ 1+i \end{matrix} \right] . \end{aligned}$$

The qubit $\frac{1}{2} \left[ \begin{matrix} 1- i \\ 1+i \end{matrix} \right] $ is (up to a globe phase) denoted as $|-i\rangle $ in the literature.

Applying $X(\frac{\pi }{2})$ to $|1\rangle $, we get

$$\begin{aligned} \frac{1}{2} \left[ \begin{matrix} 1-i &{} \quad 1+i \\ 1+i &{} \quad 1-i \end{matrix} \right] \left[ \begin{matrix} 0 \\ 1 \end{matrix} \right] = \frac{1}{2} \left[ \begin{matrix} 1+ i \\ 1-i \end{matrix} \right] . \end{aligned}$$

The qubit $\frac{1}{2} \left[ \begin{matrix} 1+ i \\ 1-i \end{matrix} \right] $ is (up to a globe phase) denoted as $|+i\rangle $ in the literature.

Example 3

If we measure the qubit $|+i \rangle $ by $M^c$, then the probability of the occurrence of result-0 is

$$\begin{aligned} p(0)= & {} \langle +i | M_0^{\dagger } M_0 | +i \rangle \\= & {} \frac{1}{2} \left[ 1-i ,1+i \right] \left[ \begin{array}{ll} 1 &{}\quad 0 \\ 0 &{}\quad 0 \end{array} \right] \left[ \begin{array}{ll} 1 &{} \quad 0 \\ 0 &{}\quad 0 \end{array} \right] \frac{1}{2} \left[ \begin{array}{ll} 1+i \\ 1-i \end{array} \right] \\= & {} \frac{1}{2} \left[ 1-i ,1+i \right] \frac{1}{2} \left[ \begin{array}{ll} 1+i \\ 0 \end{array} \right] = \frac{1}{4} \times 2= \frac{1}{2} . \end{aligned}$$

A similar calculation will show that the probability of getting result-1 is also $\frac{1}{2}$. Moreover, if we measure the qubit $|-i \rangle $ by $M^c$, then the probability of the occurrence of result-0 and result-1 is also $\frac{1}{2}$.

3 Quantum cryptography for access control

Many cryptographic schemes have been designed to solve the problem of granting access (Akl and Taylor 1983; Nagy and Akl 2010; José and Hernández 2014; Choi et al. 2014). The general methodology is to first encrypt all objects, then distribute the decryption key to those authorized agents. More precisely, assume we are the owner of $\{ data_1,\ldots , data_k\}$. We first use $key_1,\ldots , key_n$ to encrypt those data. So we have $Enc_{key_1}(data_1), \ldots , $ $Enc_{key_n}(data_n)$. Then, we assign $key_i$ to an agent iff the agent is permitted to access $data_i$. Therefore, key distribution plays a central role in granting access .

3.1 Quantum key distribution

The scenario for the three-pass protocol is the following

Alice lives in a country where the police open all mails.
Bob wants to send an object to Alice.
Bob has a strongbox which is big enough for several locks, but Alice does not have any key for any of those locks.

How can Bob securely send the object to Alice? They may use the following three-pass protocol:

Bob puts the object into the box, locks it, and sends it to Alice.

Alice locks the box with her own lock and sends it back to Bob.

Bob unlocks his lock and sends the box to Alice again. Alice finally unlocks her lock and gets the object.

In classical cryptography, this protocol can be realized by using the classical exclusive-OR operation $\oplus $. However, such realization is insecure under eavesdropping. On the other hand, the quantum cryptographic protocol we will propose is safe under eavesdropping because the quantum no-cloning theorem prevents the copy of non-trivial quantum states (Yanofsky and Mannucci 2008).

We use qubit $|0\rangle $ and $|1\rangle $ to encode 0 and 1, respectively. Our key space for encryption and decryption contains 4 X-gates $\{X(0),X(\frac{\pi }{2}),X(\pi ), X(\frac{3\pi }{2})\}$. The encryption of a qubit $|i\rangle $ with key k is defined as $Enc_{k}(i) = k |i\rangle $, and the decryption of a qubit $|i\rangle $ is $Dec_{k}(i) = k |i\rangle $, where $k \in \{X(0),X(\frac{\pi }{2}),X(\pi ), X(\frac{3\pi }{2})\}$. We let $(X(m),X(2\pi -m))$ be a pair of encryption/decryption keys. The encryption and decryption of $|0\rangle $, $|1\rangle $, $|+i\rangle $, and $|-i\rangle $ are shown in Table 2.

Figure 2 shows our quantum three-pass protocol for a sender (agent 1) to send his key to a receiver (agent 2). At the beginning of the protocol, agent 1 encrypts the string element-wise and sends the resulting string to agent 2. Then agent 2 encrypts the ciphertext and sends the result back to agent 1. Agent 1 then decrypts the string and sends it to agent 2. Now agent 2 decrypts the string and gets the key.

The correctness of our protocol is guaranteed by the rules (S) and (ID) of the ZX-calculus. The (S) rule ensures that the sequential application of X-gates can be summed up, while the (ID) rule says the application of an $X(2n\pi )$ gate is the same as the identity operator.

Theorem 1

The quantum three-pass protocol is correct.

Table 2

Quantum X-gates on qubits

State	Operation
State	X(0)	$X(\frac{\pi }{2})$	$X(\pi )$	$X(\frac{3\pi }{2})$
$\|0\rangle $	$\|0\rangle $	$\|-i\rangle $	$\|1\rangle $	$\|+i\rangle $
$\|1\rangle $	$\|1\rangle $	$\|+i\rangle $	$\|0\rangle $	$\|-i\rangle $
$\|+i\rangle $	$\|+i\rangle $	$\|0\rangle $	$\|-i\rangle $	$\|1\rangle $
$\|-i\rangle $	$\|-i\rangle $	$\|1\rangle $	$\|+i\rangle $	$\|0\rangle $

Proof

Suppose agent 1 chooses $(X(m_1),X(2\pi - m_1) )$ as his keys and agent 2 chooses $(X(m_2),X(2\pi - m_2) )$ as his key, then we have the following graphical derivation. Therefore, the operations of the two agents apply in the protocol amounts to an identity operator, which means the qubit is correctly transferred. $\square $

The security of most existing protocols of key distribution for access control relies on the computational complexity of problems like prime factorization. Therefore, once a quantum computer is built, these protocols may be compromised in polynomial time (Shor 1994). Conversely, our protocol is secure with respect to quantum computers, since it provides unconditional security. In the plaintext, the probability of the appearance of 0 and 1 is both 0.5. For a qubit $|0\rangle $, if we encrypt it and then measure the ciphertext with the computational qubit basis $\{|0\rangle , |1\rangle \}$, then with probability 0.5 we will get $|1\rangle $. This is because with probability $\frac{1}{4}$ the key is $X(\frac{\pi }{2})$ and $X(\frac{3\pi }{2})$, and the measurement of $|+i\rangle $ and $|-i\rangle $ using standard basis will give us $|1\rangle $ with probability 0.5. With probability $\frac{1}{4}$, the key is I and X, respectively, and the measurement using standard basis will give us $|1\rangle $ with probability 0 and 1, respectively. Therefore, the probability of finding $|1\rangle $ after the encryption of $|0\rangle $ is $\frac{1}{4} \times 0 + \frac{1}{4} \times 0.5 + \frac{1}{4} \times 1 + \frac{1}{4} \times 0.5 =0.5$. Similar analysis of other cases will show that our cryptographic scheme is unconditional secure. Moreover, our protocol uses only simple quantum gates and it is implementable by the current technology.

3.2 Quantum authentication

The quantum three-pass protocol is still vulnerable to the man-in-the-middle attack. We apply an authentication protocol to react to the man-in-the-middle attack. We assume every user has registered a secret key to the data owner and the owner, which can be used to authenticate the user’s identity.

Figure 3 shows our protocol for agent 2 to authenticate the identity of agent 1. In this protocol, the two agents have a private key $K^1, K^2$, respectively, and share a key $K^s$. Every symbol $k_i$ is taken from $\{X(0),X(\frac{\pi }{2}),X(\pi ), X(\frac{3\pi }{2})\}$. There are four stages in this protocol. In the first stage, agent 1 generates a binary string, encrypts it by the shared key and sends it to agent 2. In the second stage, agent 2 first decrypts the ciphertext and keeps the result, then it generates a binary string and encrypts it by both the shared key and its private key. Agent 2 then sends the ciphertext to agent 1. In stage 3, agent 1 first decrypts the ciphertext by the shared key, then encrypts it by the string it generated in the first stage, with bit 0 being treated as quantum gate I and bit 1 being treated as quantum gate X. Then, it sends the ciphertext to agent 2. Finally, in stage 4 agent 2 decrypts the ciphertext by using both the string it obtained in the stage 2 and its private key. Then agent 2 tests if the plain text is the same as the text it generated in the second stage. The authentication succeeds if and only if the two plaintexts are identical.

Just like in the quantum three-pass protocol, the encryption scheme in our authentication protocol is unconditional secure when the keys are comprised of quantum gates randomly chosen from $\{X(0),X(\frac{\pi }{2}),X(\pi ), X(\frac{3\pi }{2})\}$. Note that the keys can be comprised of other quantum gates such as $\{Z(0),Z(\frac{\pi }{2}),Z(\pi ), Z(\frac{3\pi }{2})\}$. According to Reference Juan et al. (2011), to avoid the substitute-Bell-state attack, there must be at least one quantum gate which can realize the transformation between two complementary quantum observables.

3.3 Quantum certificate and signature

As we introduced in the first section (Fig. 1), in cloud computing the data owner sends the key together with a certificate to the user. A certificate can be created by a quantum signature (Zeng and Keitel 2002; Zou and Qiu 2010; Zou et al. 2013). An ideal signature is supposed to (at least) satisfy two properties: One is that it is unforgeable by an attacker, the other is the non-repudiation of the signer and the receiver. In our specific setting, however, we do not care whether the certificate is deniable by the receiver. This is because as the data user, the receiver needs the certificate to get the data. A rational receiver will not deny his possession of the certificate when he in fact owns it. Figure 4 shows our protocol for quantum certification, which is simpler than most existing quantum signature protocols.

There are three agents in this protocol: Alice the signer (data owner), Bob the receiver (data user) and Trend the trust third party (cloud). We assume there is a public channel which is susceptible to eavesdropping but not to the injection or alteration of message. Alice and Trend first create a shared key before the protocol starts by the quantum three-pass protocol. Then Alice randomly generates a message $(a_1,\ldots , a_n)$ and announces it via the public channel. Alice encrypts the message by her shared key with Trend and sends it to Bob as a certificate. Bob then sends the certificate to Trend. Trend decrypts the certificate and compares it with the message Alice has announced. The certificate succeeds if and only if they are the same.

The certificate generated by this protocol is unforgeable, because the attacker can only successfully forge the certificate when he knows the shared key of Alice and Trend. But this key is generated by the quantum three-pass protocol, which is unconditional secure. On the other hand, the certificate cannot be repudiated by the signer because only she can produce the correct certificate.

The first protocol for quantum key distribution is developed by Bennetta and Brassard (1984), known as the BB84 protocol. A quantum three-pass protocol for key distribution is proposed in Kanamori and Yoo (2009). Comparing to the protocol of Kanamori and Yoo, the key space of our protocol is significantly smaller.

Many quantum authentication protocols have been proposed (Dusek et al. 1999; Barnum et al. 2002; Nagy and Akl 2007; Kanamori et al. 2009; Mosca et al. 2013). Some protocols use classical cryptography with quantum key distribution (Dusek et al. 1999). Other protocols (Nagy and Akl 2007) employ entanglement for which the entangled pairs are used as a quantum private key. The protocol proposed in Kanamori et al. (2009) is similar to ours in the sense that they also use quantum gates as elements of the keys. The difference is that while infinite many quantum gates are used in the keys of Kanamori et al. (2009), we use only four gates $\{X(0),X(\frac{\pi }{2}),X(\pi ), X(\frac{3\pi }{2})\}$.

An influential quantum signature scheme named arbitrated quantum signature was proposed by Zeng and Keitel (2002). Zou and Qiu (2010) simplifies the protocol of Zeng and Keitel by achieving arbitrated quantum signature without entangled states. Our protocol for quantum certification is even simpler than the protocol of Zou and Qiu, because we ignore the concern of the repudiation of the receiver.

5 Conclusion

In this paper, we study the application of quantum cryptography in access control in cloud computing. We proposed quantum protocols for key distribution, authentication and certification. We analyze our protocols by the graphical language of categorical quantum mechanics. The protocols we presented is unconditional secure and implementable by the current technology.

Acknowledgements

Lirong Qiu has been supported by the National Nature Science Foundation of China (NO. 61672553) and Ministry of Education humanities social sciences research projects (No. 16YJCZH076). Xin Sun has been supported by the National Science Centre of Poland (BEETHOVEN, UMO-2014/15/G/HS1/04514). Juan Xu has been supported by Natural Science Foundation of Jiangsu Province, China (Grant No. BK20140823) and Chinese Postdoctoral Science Foundation (Grant No. 2013M531353).

Compliance with ethical standards

Conflict of interest

All authors declare that they have no conflict of interest.

Human participants

This article does not contain any studies with human participants or animals performed by any of the authors.

Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

previous article Many-objective artificial bee colony algorithm for large-scale software module clustering problem

next article Modified multiple search cooperative foraging strategy for improved artificial bee colony optimization with robustness analysis

Abramsky S, Coecke B (2004) A categorical semantics of quantum protocols. In: 19th IEEE Symposium on logic in computer science (LICS 2004), 14–17 July 2004, Turku, Finland, Proceedings, pp 415–425. IEEE Computer Society

Akl SG, Taylor PD (1983) Cryptographic solution to a problem of access control in a hierarchy. ACM Trans Comput Syst 1(3):239–248CrossRef

Backens M, Perdrix S, Wang Q (2016) A simplified stabilizer zx-calculus. In: Duncan R, Heunen C (eds) Proceedings 13th international conference on quantum physics and logic, QPL 2016, Glasgow, Scotland, 6-10 June 2016, vol 236. EPTCS, pp 1–20

Barnum H, Crépeau C, Gottesman D, Smith AD, Tapp A (2002) Authentication of quantum messages. In: 43rd Symposium on Foundations of Computer Science (FOCS 2002), 16–19 November 2002, Vancouver, BC, Canada, Proceedings of IEEE Computer Society, pp 449–458

Bennetta C, Brassard G (1984) Quantum cryptography: public key distribution and coin tossing. In: Proceedings of IEEE international conference on computers, systems and signal processing, pp 175–179

Choi J, Choi C, Ko B-K, Kim P (2014) A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Comput 18(9):1697–1703

Coecke B, Duncan R (2008) Interacting quantum observables. In: Aceto L, Damgård I, Goldberg L-A, Halldórsson MM, Ingólfsdóttir A, Walukiewicz I (eds) Automata, languages and programming, 35th International Colloquium, ICALP 2008, Reykjavik, Iceland, July 7–11, 2008, Proceedings, Part II - Track B: logic, semantics, and theory of programming and Track C: security and cryptography foundations, Lecture Notes in Computer Science, vol 5126, Springer. pp 298–310

Coecke B, Wang Q, Wang B, Wang Y, Zhang Q (2011) Graphical calculus for quantum key distribution (extended abstract). Electr Notes Theor Comput Sci 270(2):231–249CrossRefMATH

Dusek M, Haderka O, Hendrych M, Myska R (1999) Quantum identification system. Phys Rev A 60:149–156CrossRef

Hernández JL, Moreno MV, Jara AJ, Skarmeta AF (2014) A soft computing based location-aware access control for smart buildings. Soft Comput 18(9):1659–1674CrossRef

Hota C, Sanka S, Rajarajan M, Nair SK (2011) Capability-based cryptographic data access control in cloud computing. Int J Adv Netw Appl 3(3):1152–1161

Kanamori Y, Yoo S-M (2009) Quantum three-pass protocol: key distribution using quantum superposition states. Int J Netw Secur Appl 1(2):64–70

Kanamori Y, Yoo S-M, Gregory DA, Sheldon FT (2009) Authentication protocol using quantum superposition states. I J Netw Secur 9(2):101–108

Mosca M, Stebila D, Ustaoglu B (2013) Quantum key distribution in the classical authenticated key exchange framework. In: Gaborit P (ed) Post-quantum cryptography - 5th international workshop, PQCrypto 2013, Limoges, France, June 4–7, 2013. Proceedings of lecture notes in computer science, vol 7932, Springer. pp 136–154

Nagy N, Akl SG (2007) Authenticated quantum key distribution without classical communication. Parallel Process Lett 17(3):323–335MathSciNetCrossRef

Nagy N, Akl SG (2010) A quantum cryptographic solution to the problem of access control in a hierarchy. Parallel Process Lett 20(3):251–261MathSciNetCrossRef

Selinger P (2011) Finite dimensional hilbert spaces are complete for dagger compact closed categories (extended abstract). Electr Notes Theor Comput Sci, 270(1):113–119. In: Proceedings of the joint 5th international workshop on quantum physics and logic and 4th workshop on developments in computational models (QPL/DCM 2008)

Shor PW (1994) Polynominal time algorithms for discrete logarithms and factoring on a quantum computer. In: Adleman LM, Huang MDA (eds) Algorithmic number theory, first international symposium, ANTS-I, Ithaca, NY, USA, May 6–9, 1994, Proceedings of lecture notes in computer science, vol 877, Springer. p 289

Wang W, Li Z, Owens R, Bhargava BK (2009) Secure and efficient access to outsourced data. In: Sion R, Song D (eds) Proceedings of the first ACM cloud computing security workshop, CCSW 2009, Chicago, IL, USA, November 13, 2009, ACM, pp 55–66

Xu J, Chen H, Liu W, Liu Z (2011) Selection of unitary operations in quantum secret sharing without entanglement. Sci China Inf Sci 54:1837–1842MathSciNetCrossRefMATH

Yanofsky N, Mannucci M (2008) Quantum computing for computer scientists. Cambridge University Press, New YorkCrossRefMATH

Zeng G, Keitel C (2002) Arbitrated quantum-signature scheme. Phys Rev A 65:042312CrossRef

Zou X, Qiu D (2010) Security analysis and improvements of arbitrated quantum signature schemes. Phys Rev A 82:042325CrossRef

Zou X, Qiu D, Mateus P (2013) Security analyses and improvement of arbitrated quantum signature with an untrusted arbitrator. Int J Theor Phys 52(9):3295–3305MathSciNetCrossRefMATH

Title: Categorical quantum cryptography for access control in cloud computing
Authors: Lirong Qiu
Xin Sun
Juan Xu
Publication date: 06-07-2017
Publisher: Springer Berlin Heidelberg
Published in: Soft Computing / Issue 19/2018
Print ISSN: 1432-7643
Electronic ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-017-2688-2

State	Operation
State	I	H	X
\(\|0\rangle \)	\(\|0\rangle \)	\(\|+\rangle \)	\(\|1\rangle \)
\(\|1\rangle \)	\(\|1\rangle \)	\(\|-\rangle \)	\(\|0\rangle \)
\(\|+\rangle \)	\(\|+\rangle \)	\(\|0\rangle \)	\(\|+\rangle \)
\(\|-\rangle \)	\(\|-\rangle \)	\(\|1\rangle \)	\(\|-\rangle \)

State	Operation
State	X(0)	\(X(\frac{\pi }{2})\)	\(X(\pi )\)	\(X(\frac{3\pi }{2})\)
\(\|0\rangle \)	\(\|0\rangle \)	\(\|-i\rangle \)	\(\|1\rangle \)	\(\|+i\rangle \)
\(\|1\rangle \)	\(\|1\rangle \)	\(\|+i\rangle \)	\(\|0\rangle \)	\(\|-i\rangle \)
\(\|+i\rangle \)	\(\|+i\rangle \)	\(\|0\rangle \)	\(\|-i\rangle \)	\(\|1\rangle \)
\(\|-i\rangle \)	\(\|-i\rangle \)	\(\|1\rangle \)	\(\|+i\rangle \)	\(\|0\rangle \)

Springer Professional

Categorical quantum cryptography for access control in cloud computing

Abstract

1 Introduction

2 Quantum theory

2.1 Qubits

2.2 Quantum gates

2.3 Measurement

2.4 Graphical calculus for quantum computation

3 Quantum cryptography for access control

3.1 Quantum key distribution

3.2 Quantum authentication

3.3 Quantum certificate and signature

5 Conclusion

Acknowledgements

Compliance with ethical standards

Conflict of interest

Human participants

Premium Partner

Springer Professional

Abstract

1 Introduction

2 Quantum theory

2.1 Qubits

2.2 Quantum gates

2.3 Measurement

2.4 Graphical calculus for quantum computation

3 Quantum cryptography for access control

3.1 Quantum key distribution

3.2 Quantum authentication

3.3 Quantum certificate and signature

4 Related work

5 Conclusion

Acknowledgements

Compliance with ethical standards

Conflict of interest

Human participants

Other articles of this Issue 19/2018

Two phase heuristic algorithm for the multiple-travelling salesman problem

The solution of fuzzy Sylvester matrix equation

Green supplier evaluation in manufacturing systems: a novel interval-valued hesitant fuzzy group outranking approach

A calculus for containment of fuzzy attributes

Reliability-based operation of reservoirs: a hybrid genetic algorithm and cellular automata method

Solution of short-term hydrothermal scheduling using sine cosine algorithm

Premium Partner