We present a quantum digital signature scheme whose security is based on fundamental principles of quantum physics. It allows a sender (Alice) to sign a message in such a way that the signature can be validated by a number of different people, and all will agree either that the message came from Alice or that it has been tampered with. To accomplish this task, each recipient of the message must have a copy of Alice’s “public key, ” which is a set of quantum states whose exact identity is known only to Alice. Quantum public keys are more difficult to deal with than classical public keys: for instance, only a limited number of copies can be in circulation, or the scheme becomes insecure. However, in exchange for this price, we achieve unconditionally secure digital signatures. Sending an m-bit message uses up O(m) quantum bits for each recipient of the public key. We briefly discuss how to securely distribute quantum public keys, and show the signature scheme is absolutely secure using one method of key distribution. The protocol provides a model for importing the ideas of classical public key cryptography into the quantum world. 1.

The desire to obtain an unconditionally secure bit commitment protocol in quantum cryptography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit commitment protocol was proposed together with a security proof. However, a basic flaw in the protocol was discovered by Mayers in 1995 and subsequently by Lo and Chau. Later the result was generalized by Mayers who showed that unconditionally secure bit commitment is impossible. A brief review on quantum bit commitment which focuses on the general impossibility theorem and on recent attempts to bypass this result is provided.

Quantum mechanics has the potential to play a major role in the future of cryptology. On the one hand, it could bring to its knees most of the current trends in contemporary cryptography. On the other hand, it offers an alternative for the protection of privacy whose security cannot be matched by classical means.

Can quantum mechanics be harnessed to provide unconditionally secure bit commitment schemes and other cryptographic primitives beyond key distribution? We review the general impossibility proof of Mayers and illustrate it by showing how to break some recent attempts to bypass it. In particular, secure schemes would follow if we could force participants to perform measurements at specified points in the execution of the protocol. It has been suggested to use short-lived classical bit commitment schemes for this purpose. Alas, this strategy was doomed as measurements can always be postponed in an undetectable way until cheating becomes possible. It is well known that quantum mechanics can be used to allow two people to establish confidential communication under the nose of an eavesdropper equipped with unlimited computing power [1, 3, 4]. Can quantum mechanics be useful for the implementation of other cryptographic tasks? One of the most important primitives in classical cryptography is...