Comment on "Security analysis and improvements of arbitrated quantum signature schemes"

TL;DR

This paper critically examines the security flaws in recent arbitrated quantum signature schemes, revealing vulnerabilities to denial-of-service and Trojan-horse attacks that compromise the schemes' integrity.

Contribution

It identifies specific security vulnerabilities in Zou et al.'s schemes, including active denial-of-service and Trojan-horse attacks, highlighting the need for more robust quantum signature protocols.

Findings

Existence of security flaws in Zou et al.'s schemes

Malicious verifier can actively deny signatures

Malicious signer can extract verifier’s secret key

Abstract

Recently, Zou et al. [Phys. Rev. A 82, 042325 (2010)] demonstrated that two arbitrated quantum signature (AQS) schemes are not secure, because an arbitrator cannot arbitrate the dispute between two users when a receiver repudiates the integrity of a signature. By using a public board, Zou et al. proposed two AQS schemes to solve the problem. This work shows that the same security problem may exist in Zou et al.'s schemes. Moreover, a malicious verifier, Bob, can actively negate a signed order if he wants to. This attack, a special case of denial-of-service (DoS) attack mentioned in [Phys. Rev. Lett. 91, 109801 (2003)], is important in quantum cryptography. Bob may get some benefits with this DoS attack, since he can actively deny Alice's signed order without being detected. This work also shows that a malicious signer can reveal the verifier's secret key without being detected by using Trojan-horse attacks.