Counterfactual quantum certificate authorization Akshata Shenoy H., 1, ∗ R. Srikanth, 2, 3, † and T. Srinivas 1 1 Department of Electrical Communication Engineering, Indian Institute of Science, Bangalore, India 2 PPISR, Bangalore, India 3 Raman Research Institute, Bangalore, India We present a multi-partite protocol in a counterfactual paradigm. In counterfactual quantum cryptography, secure information is transmitted between two spatially separated parties even when there is no physical travel of particles transferring the information between them. We propose here a tripartite counterfactual quantum protocol for the task of certificate authorization. Here a trusted third party, Alice, authenticates an entity Bob (e.g., a bank) that a client Charlie wishes to securely transact with. The protocol is counterfactual with respect to either Bob or Charlie. We prove its security against a general incoherent attack, where Eve attacks single particles. I. INTRODUCTION Suppose a client (Charlie) wishes to undertake a busi- ness transaction with a bank Bob. Charlie looks up Bob’s website via an internet search but is unsure of the website’s authenticity. His transaction requires him to securely transmit confidential information to Bob. A solution to this frequently encountered problem in e- commerce is certificate authorization (CA) where Alice, a well-known trusted third party validates Bob’s web- site on request from Charlie. Classically, this task is ac- complished via digital signatures and public-private keys [1, 2]. Alice, as a certificate authority, has a mutual agree- ment with a financial firm, whereby the latter provides her with the current information about Bob’s claimed online identity. Upon verifying that the website indeed belongs to Bob, Alice issues certificates in the form of digital signatures and public-private keys, thereby vali- dating Bob’s website. Charlie can now transact with Bob using the latter’s certified public key. Alice keeps herself updated regarding the renewal and expiry of certificates and current information of the certificate holders. For example, if Bob changes the name of his website, the certificate issued to the website becomes invalid. To re- sume transactions, he needs to submit an application for a new certificate including legal documents supporting the change. Here we wish to introduce a quantum method to ac- complish the above described task in the counterfac- tual paradigm which we call counterfactual quantum cer- tificate authorization (CQCA). Counterfactual quantum cryptography [3–5] is based on the idea of interaction- free measurements [6, 7], which involves communicating information even without the physical transmission of a particle, a point that is of foundational interest [8]. Infor- mation is transferred by blocking rather than transmit- ting a particle. While this is also possible classically, in * Electronic address: akshata@ece.iisc.ernet.in † Electronic address: srik@poornaprajna.org the classical case, the blockade results in a particle detec- tion near the blockade, whereas in the quantum case by virtue of single particle nonlocality, the particle may be detected away from the blockade, which is the counterfac- tual element here. Counterfactual protocols use orthog- onal states for encoding bits [9–11]. Its security has been analyzed by various authors [12–15], and issues related to improving its efficiency [16] and experimental realiza- tion by others [17–20], including a fully counterfactual version of the Noh 2009 (N09) protocol using a Mach- Zehnder interferometer setup [21]. The present authors proposed a semicounterfactual quantum key distribution (QKD) protocol to clarify the origin of security in the counterfactual paradigm [22]. In the proposed CQCA protocol, Alice, in certifying Bob to Charlie, enables the latter two to share a secure random key. In this respect, the quantum version differs from classical CA, where Alice plays no role in the se- cure communication between Bob and Charlie. Thus the security must be considered with respect to both a mali- cious eavesdropper Eve as well Alice, who could overstep her CA role and try to eavesdrop on their transaction. The article is structured as follows: In Sec. (II), a protocol for CQCA is presented. In Sec. (III), we prove its security in the case of a general incoherent attack by Eve, and a semihonest Alice. In the Sec. (IV), we provide a summary and conclusions. II. A PROTOCOL FOR CA Alice, Bob and Charlie are assumed to be online on both a conventional classical as well as a quantum net- work. Charlie sends a classical request to certificate au- thority Alice, whose station is equipped with a single- photon source (SPS) and a beam splitter (BS) (Fig. 1). After classically acknowledging Charlie and classically intimating Bob about Charlie’s contact, Alice initiates the protocol on a quantum channel by transmitting to them a packet that consists of a single photon, which is split at BS into the channels that lead to Bob (arm B) and Charlie (arm C ). We label these particles B and C . Each transmission packet is hybrid in nature, consisting arXiv:1402.2250v2 [quant-ph] 9 Jun 2014