# A New Quantum Blind Signature Scheme with BB84-State

^{1}

^{2}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Preliminary Theory

#### 2.1. Properties of the Blind Signature

- Unforgeability: No one can generate an effective blind signature except the signer himself/herself. This is one of the most basic requirements.
- Non-repudiation: Once a signer has signed a message, he/she cannot deny his/her signature of the message.
- Blindness: Although a signer has signed a message, he/she cannot get the concrete content of the message.
- Unlinkability: Once the signature of the message is public, the signer cannot determine whether he/she has signed the message.
- Traceability: Once a dispute happens, the verifier can trace the signature.

#### 2.2. Quantum Fingerprint

#### 2.3. Improved QOTP Encryption

## 3. Quantum Blind Signature Scheme

#### 3.1. BB84-State Encoding

**Corollary**

**1.**

**Corollary**

**2.**

**Corollary**

**3.**

**Corollary**

**4.**

**Corollary**

**5.**

**Corollary**

**6.**

#### 3.2. The Proposed Quantum Blind Signature Scheme

#### 3.2.1. Initial Phase

#### 3.2.2. Blinding Phase

**Step B1.**The message owner A first prepares the original message m of the n-bit string. Then, A selects randomly the blind factor w of the n-bit string and blinds m to blind message $\tilde{m}$ based on the formula $\tilde{m}=m\oplus w$.

**Step B2.**According to Equations (2) and (3), A generates n-qubit blind states ${|\phi \rangle}_{\tilde{m}\oplus {k}_{AB}^{\prime},\tilde{m}}$ with the n-bit blind message $\tilde{m}$ and key ${k}_{AB}^{\prime}$, where the n-bit ${k}_{AB}^{\prime}$ is derived from the 2n-bit shared key ${k}_{AB}$ satisfying ${k}_{{AB}_{i}}^{\prime}={k}_{{AB}_{2i}}\oplus {k}_{{AB}_{(2i+1)}}$, $i\in [1,n]$. According to Equation (1), A generates quantum fingerprint $|f(\tilde{m})\rangle $ for blind message $\tilde{m}$. With the shared key ${k}_{AC}$ and ${k}_{AB}$, A applies the improved QOTP [35,36,45], which is described in Subsection 2.3, to encrypt her classical message m and blind factor w, and then obtains ${E}_{{k}_{AB}}({E}_{{k}_{AC}}(m||w))$, where the notation $\left|\right|$ denotes the concatenation of strings.

**Step B3.**A denotes $Sig{n}_{AB}\stackrel{def}{=}{\{|\phi \rangle}_{\tilde{m}\oplus {k}_{AB}^{\prime},\tilde{m}},|f(\tilde{m})\rangle ,{E}_{{k}_{AB}}({E}_{{k}_{AC}}(m||w))\}$ and transmits ${Sig{n}_{AB}}^{\otimes 2}$ to B through the quantum channel, where ${Sig{n}_{AB}}^{\otimes 2}$ represents two copies of $Sig{n}_{AB}$.

#### 3.2.3. Signing phase

**Step S1.**Analogous to the method in

**Step B1**, B obtains the n-bit key ${k}_{AB}^{\prime}$ from the shared 2n-bit key ${k}_{AB}$ between A and B. If the ${k}_{{AB}_{i}}^{\prime}$ is zero, B selects the diagonal basis $\{|+\rangle ,|-\rangle \}$, otherwise rectilinear basis $\{|0\rangle ,|1\rangle \}$. According to this basis rule, B measures all the qubits of the indistinguishable BB84-state ${|\phi \rangle}_{\tilde{m}\oplus {k}_{AB}^{\prime},\tilde{m}}$ corresponding in $Sig{n}_{AB}$ and gets the blind message ${\tilde{m}}^{\prime}$ with the key ${k}_{AB}^{\prime}$.

**Step S2.**According to Equation (1), B generates quantum fingerprint $|f({\tilde{m}}^{\prime})\rangle $. B then compares the generated $|f({\tilde{m}}^{\prime})\rangle $ with state $|f(\tilde{m})\rangle $ from $Sig{n}_{AB}$ and judges whether they are equal based on quantum fingerprint theory in [34]. If they are not equal, then B stops the scheme, otherwise draws the conclusion ${\tilde{m}}^{\prime}=\tilde{m}$ and goes on.

**Step S3.**B first selects randomly two n-bit strings u and v. According to Equation (2) and Equation (1), B then generates respectively the QBS BB84-state ${|\phi \rangle}_{\tilde{m}\oplus u,v}$ and quantum fingerprint $|f(u\left|\right|v\left|\right|\tilde{m})\rangle $ with u, v, and $\tilde{m}$. With the shared key ${k}_{BC}$, B encrypts his strings u and v and then gets ${E}_{{k}_{BC}}(u,v)$. From the receiving $Sig{n}_{AB}$, B decrypts the ${E}_{{k}_{AB}}({E}_{{k}_{AC}}(m||w))$ with his shared key ${k}_{AB}$ and gets ${E}_{{k}_{AC}}(m||w)$, then encrypts it with his shared key ${k}_{BC}$ and obtains ${E}_{{k}_{BC}}({E}_{{k}_{AC}}(m||w))$. B denotes $Sig{n}_{BC}\stackrel{def}{=}\{|f(u|\left|v\right||\tilde{m})\rangle ,{E}_{{k}_{BC}}(u,v),{E}_{{k}_{BC}}({E}_{{k}_{AC}}(m||w))\}$.

**Step S4.**B transmits ${Sig{n}_{BC}}^{\otimes 2}$ and ${{|\phi \rangle}_{\tilde{m}\oplus u,v}}^{\otimes 2}$ to A through the quantum channel.

#### 3.2.4. Unblinding Phase

**Step U1.**After receiving the blind signature ${|\phi \rangle}_{\tilde{m}\oplus u,v}$ for blind message $\tilde{m}$ signed by B, A applies ${H}^{w}$ to ${|\phi \rangle}_{\tilde{m}\oplus u,v}$ with her blind factor w and gets ${H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$, which is a quantum signature for the original message m. With the shared key ${k}_{AC}$, A generates ${E}_{{k}_{AC}}{({H}^{w}|\phi \rangle}_{\tilde{m}\oplus u,v})$ and ${E}_{{k}_{AC}}(m||w)$. A denotes $Sig{n}_{AC}\stackrel{def}{=}\{{E}_{{k}_{AC}}{({H}^{w}|\phi \rangle}_{\tilde{m}\oplus u,v}),{E}_{{k}_{AC}}(m||w)\}$.

**Step U2.**A generates ${E}_{{k}_{AT}}({Sig{n}_{AC}}^{\otimes 2},{Sig{n}_{BC}}^{\otimes 2})$ and transmits it to T through the quantum channel.

**Step U3.**T decrypts the received ${E}_{{k}_{AT}}({Sig{n}_{AC}}^{\otimes 2},{Sig{n}_{BC}}^{\otimes 2})$ and gets ${Sig{n}_{AC}}^{\otimes 2}$ and ${Sig{n}_{BC}}^{\otimes 2}$. Then, T performs the C-SWAPtest [34] to compare the two copies of $Sig{n}_{AC}$ in ${Sig{n}_{AC}}^{\otimes 2}$. The same test is also done on ${Sig{n}_{BC}}^{\otimes 2}$. Once an unequal result of the comparison occurs, T draws the conclusion that the signature is invalid and aborts the process. After T finishes the comparison tests successfully, he preserves one copy of $Sig{n}_{AC}$ and $Sig{n}_{BC}$ to be prepared to solve disputes when they arise in the future. Finally, T generates ${E}_{{k}_{CT}}(Sig{n}_{AC},Sig{n}_{BC})$ with another copy of $Sig{n}_{AC}$ and $Sig{n}_{BC}$ and transmits it to C through the quantum channel.

#### 3.2.5. Verifying Phase

**Step V1.**C first gets $Sig{n}_{AC}$ and $Sig{n}_{BC}$ from the received ${E}_{{k}_{CT}}(Sig{n}_{AC},Sig{n}_{BC})$ with his shared key ${k}_{CT}$. Then, C decrypts the ${E}_{{k}_{BC}}({E}_{{k}_{AC}}(m||w))$ in $Sig{n}_{BC}$ with his shared key ${k}_{BC}$, gets ${E}_{{k}_{AC}}^{\prime}(m||w)$, and performs the C-SWAP test [34] to compare it with ${E}_{{k}_{AC}}(m||w)$ in $Sig{n}_{AC}$. If the result of the comparison is not equal, C draws the conclusion that the signature is invalid and aborts the process. Otherwise, C then applies the key-controlled-“T” QOTP to decrypt ${E}_{{k}_{AC}}(m||w)$ with his shared key ${k}_{AC}$ and finally gets (m, w).

**Step V2.**After getting ${E}_{{k}_{BC}}(u,v)$ from the $Sig{n}_{BC}$, C decrypts ${E}_{{k}_{BC}}(u,v)$ with his shared key ${k}_{BC}$ and then gets (u, v).

**Step V3.**From the received $Sig{n}_{AC}$, C decrypts ${E}_{{k}_{AC}}{({H}^{w}|\phi \rangle}_{\tilde{m}\oplus u,v})$ with his shared key ${k}_{AC}$ and gets ${H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$. With the m obtained in

**Step V1**, C applies ${H}^{m}$ to ${H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$ and gets ${H}^{m}{H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$.

**Step V4.**With the u, v obtained in

**Step V2**, C performs single-particle measurements on the n-qubit ${H}^{m}{H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$ obtained in

**Step V3**and gets ${u}^{\prime},{v}^{\prime}$. The rules of measurement are as follows. According to Corollary 2, C uses diagonal basis $\{|+\rangle ,|-\rangle \}$ to measure the BB84-state if ${u}_{i}\oplus {v}_{i}=0$, otherwise rectilinear basis $\{|0\rangle ,|1\rangle \}$. Based on the measurement result and Equation (2), C can deduce the corresponding ${u}_{i}^{\prime}$, ${v}_{i}^{\prime}$. C aborts the process if ${u}_{i}\ne {u}_{i}^{\prime}$ or ${v}_{i}\ne {v}_{i}^{\prime}$ for some $i\in [1,n]$, otherwise goes on.

**Step V5.**C generates quantum fingerprint $|f(u\left|\right|v\left|\right|(m\oplus w))\rangle $ with the deduced (u, v) and (m, w) and then compares it with $|f(u\left|\right|v\left|\right|\tilde{m})\rangle $ in $Sig{n}_{BC}$ from B. If the result of comparison is equal, C draws the conclusion that the signature is valid, otherwise declares that the signature is not valid.

**Step V6.**According to Equation (2), C regenerates the quantum BB84-state signature ${|\phi \rangle}_{m\oplus u,v}$ with the known m, u, and v. C announces publicly the QBS correctness and declares the signature ${\{m,|\phi \rangle}_{m\oplus u,v}\}$ to the public.

## 4. Security Analyses

#### 4.1. Correctness

**Theorem**

**1.**

**Proof.**

**Step V3**, after receiving ${E}_{{k}_{AC}}{({H}^{w}|\phi \rangle}_{\tilde{m}\oplus u,v})$ from A, C decrypts it and gets ${H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$ with his shared key ${k}_{AC}$, then applies ${H}^{m}$ to ${H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$ to generate ${H}^{m}{H}^{w}{|\phi \rangle}_{\tilde{m}\oplus u,v}$, i.e.,

#### 4.2. Against External Attack

#### 4.3. Blindness

**Step U2**. In such circumstances, the two strategies of B become invalid. Thus, our proposed scheme meets the standard of blindness.

#### 4.4. Unforgeability

**Step V5**. There are two ways for A to forge. One way is that A prepares the original message pair (${m}_{1}$, ${w}_{1}$) in

**Step B1**and ${E}_{{k}_{AB}}({E}_{{k}_{AC}}({m}_{1},{w}_{1}))$ in

**Step B2**and at the same time generates ${E}_{{k}_{AC}}{({H}^{{w}_{2}}|\phi \rangle}_{\tilde{m}\oplus u,v})$ and ${E}_{{k}_{AC}}({m}_{2},{w}_{2})\}$ in

**Step U1**. In this way, C will find that (${m}_{1}$, ${w}_{1}$) is not equal (${m}_{2}$, ${w}_{2}$) and abort this signature. Thus, this strategy is unsuccessful. Another way for A’s forgery is to generate ${E}_{{k}_{AC}}{({H}^{{w}_{2}}|\phi \rangle}_{\tilde{m}\oplus u,v})$ and ${E}_{{k}_{AC}}({m}_{1},{w}_{1})\}$ in

**Step U1**. This way can pass C’s examination in

**Step V1**, but C would still find this strategy in

**Step V3**and

**Step V4**. In

**Step V3**, C applies ${H}^{{m}_{1}}$ to ${H}^{{w}_{2}}{|\phi \rangle}_{\tilde{m}\oplus u,v}$ and gets:

**Step V4**for this way. Thus, the two forgery ways for A are not effective, and the unforgeability of the proposed scheme holds.

**Step U1**. According to our scheme, ${m}^{\prime}$ and ${w}^{\prime}$ must be encrypted with the shared key ${k}_{{A}^{\prime}C}$, and then, ${E}_{{k}_{{A}^{\prime}C}}({m}^{\prime},{w}^{\prime})$ will be transmitted to C. In

**Step V1**, C decrypts ${E}_{{k}_{{A}^{\prime}C}}({m}^{\prime},{w}^{\prime})$ with the shared key ${k}_{AC}$, but C cannot get the correct ${m}^{\prime}$ and ${w}^{\prime}$ because of B’s random guess key ${k}_{{A}^{\prime}C}$. In

**Step V4**, C will find the forgery trick because the equations are not satisfied.

#### 4.5. Non-Repudiation

**Step V1**of the verifying phase, it indicates that the ${E}_{{k}_{AC}}(m||w)$ is equal in $Sig{n}_{AC}$ and $Sig{n}_{BC}$. C confirms the fact of C not aborting the signature verification procedure. If so, C can not deny this verification step. In

**Step V4**of the verifying phase, C performs single-particle measurements on the quantum signature and deduces B’s signature parameters ${u}^{\prime}$ and ${v}^{\prime}$. C would aborts the process if he finds disagreement between the derivative results $({u}^{\prime},{v}^{\prime})$ and received results $(u,v)$. Thus, C cannot deny his actions in this step. In

**Step V5**of the verifying phase, C validates the quantum fingerprint and judge A’s blind parameter w. Similarly, his announcement for A’s blindness cannot be disavowed. In the whole process, it shows that C has accepted the process of signature verification and cannot deny his validation fact if C does not abandon the verification in the verifying phase.

#### 4.6. Unlinkability

#### 4.7. Traceability

## 5. Conclusions

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Shor, P.W. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA, 20–22 November 1994; pp. 124–134. [Google Scholar]
- Bennett, C.H.; Brassard, G. Quantum cryptography: Public key distribution and coin tossing. Theor. Comput. Sci.
**2014**, 560, 7–11. [Google Scholar] [CrossRef][Green Version] - Bennett, C.H. Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett.
**1992**, 68, 3121–3124. [Google Scholar] [CrossRef] - Ekert, A.K. Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett.
**1991**, 67, 661–663. [Google Scholar] [CrossRef] [PubMed] - Sasaki, T.; Yamamoto, Y.; Koashi, M. Practical quantum key distribution protocol without monitoring signal disturbance. Nature
**2014**, 509, 475–478. [Google Scholar] [CrossRef] [PubMed] - Giovannetti, V.; Lloyd, S.; Maccone, L. Quantum private queries. Phys. Rev. Lett.
**2008**, 100, 230502. [Google Scholar] [CrossRef] [PubMed] - Liu, B.; Gao, F.; Huang, W.; Wen, Q.Y. QKD-Based quantum private query without a failure probability. Sci. China-Phys. Mech. Astron.
**2015**, 58, 100301. [Google Scholar] [CrossRef] - Wei, C.Y.; Cai, X.Q.; Liu, B.; Wang, T.-Y.; Gao, F. A Generic Construction of Quantum-Oblivious- Key-Transfer-Based Private Query with Ideal Database Security and Zero Failure. IEEE Trans. Comput.
**2018**, 67, 2–8. [Google Scholar] [CrossRef] - Gottesman, D.; Chuang, I. Quantum digital signatures. arXiv, 2001; arXiv:quant-ph/0105032. [Google Scholar]
- Zeng, G.H.; Keitel, C.H. Arbitrated quantum-signature scheme. Phys. Rev. A
**2002**, 65, 042312. [Google Scholar] [CrossRef] - Dunjko, V.; Wallden, P.; Andersson, E. Quantum digital signatures without quantum memory. Phys. Rev. Lett.
**2014**, 112, 040502. [Google Scholar] [CrossRef] - Wallden, P.; Dunjko, V.; Kent, A.; Andersson, E. Quantum digital signatures with quantum key distribution components. Phys. Rev. A
**2015**, 91, 042304. [Google Scholar] [CrossRef] - Amiri, R.; Wallden, P.; Kent, A.; Andersson, E. Secure quantum signatures using insecure quantum channels. Phys. Rev. A
**2016**, 93, 032325. [Google Scholar] [CrossRef] - Lo, H.-K.; Curty, M.; Qi, B. Measurement-Device-Independent Quantum Key Distribution. Phy. Rev. Lett.
**2012**, 108, 130503. [Google Scholar] [CrossRef] - Puthoor, I.V.; Amiri, R.; Wallden, P.; Curty, M.; Andersson, E. Measurement-device-independent quantum digital signatures. Phy. Rev. A
**2016**, 94, 022328. [Google Scholar] [CrossRef] - Yin, H.L.; Wang, W.L.; Tang, Y.L.; Zhao, Q.; Liu, H.; Sun, X.-X.; Zhang, W.-J.; Li, H.; Puthoor, I.V.; You, L.-X.; et al. Experimental measurement-device-independent quantum digital signatures over a metropolitan network. Phy. Rev. A
**2017**, 95, 042338. [Google Scholar] [CrossRef] - Roberts, G.L.; Lucamarini, M.; Yuan, Z.L.; Dynes, J.F. Experimental measurement-device-independent quantum digital signatures. Nat. Comun.
**2017**, 8, 1098. [Google Scholar] [CrossRef] [PubMed][Green Version] - Chaum, D. Blind signature for untraceable payments. In Advances in Cryptology; Springer: Boston, MA, USA; pp. 199–203.
- Wen, X.; Niu, X.; Ji, L.; Tian, Y. A weak blind signature scheme based on quantum cryptography. Opt. Commun.
**2009**, 282, 666–669. [Google Scholar] [CrossRef] - Qi, S.; Zheng, H.; Wen, Q.; Li, W. Quantum blind signature based on two-state vector formalism. Opt. Commun.
**2010**, 283, 4408–4410. [Google Scholar] [CrossRef] - Yang, C.W.; Hwang, T.; Luo, Y.P. Enhancement on “quantum blind signature based on two-state vector formalism”. Quantum Inf. Process.
**2012**, 12, 109–117. [Google Scholar] [CrossRef] - Zhang, M.; Xu, G.A.; Chen, X.B.; Yang, S.; Yang, Y.-X. Attack on the improved quantum blind signature protocol. Int. J. Theor. Phys.
**2013**, 52, 331–335. [Google Scholar] [CrossRef] - Khodambashi, S.; Zakerolhosseini, A. A sessional blind signature based on quantum cryptography. Quantum Inf. Process.
**2014**, 13, 121–130. [Google Scholar] [CrossRef] - Shi, W.M.; Zhang, J.B.; Zhou, Y.H.; Yang, Y.G. A new quantum blind signature with unlinkability. Quantum Inf. Process.
**2015**, 14, 3019–3030. [Google Scholar] [CrossRef] - Luo, Y.P.; Tsai, S.L.; Hwang, T.; Kao, S.H. On “a new quantum blind signature with unlinkability”. Quantum Inf. Process.
**2017**, 16, 87. [Google Scholar] [CrossRef] - Yin, X.; Ma, W.; Liu, W. A blind quantum signature scheme with χ-type entangled states. Int. J. Theor. Phys.
**2012**, 51, 455–461. [Google Scholar] [CrossRef] - Wang, M.M.; Chen, X.B.; Yang, Y.X. A blind quantum signature protocol using the GHZ states. Sci. China Phys. Mech. Astron.
**2013**, 56, 1636–1641. [Google Scholar] [CrossRef] - Zuo, H.J. Cryptanalysis of quantum blind signature scheme. Int. J. Theor. Phys.
**2013**, 52, 322–329. [Google Scholar] [CrossRef] - Ribeiro, J.; Souto, A.; Mateus, P. Quantum blind signature with an offline repository. Int. J. Quantum Inf.
**2015**, 13, 1550016. [Google Scholar] [CrossRef] - Lai, H.; Luo, M.X.; Pieprzyk, J.; Qu, Z.G.; Li, S.; Orgun, M.A. An efficient quantum blind digital signature scheme. Sci. China Inf. Sci.
**2017**, 60, 082501. [Google Scholar] [CrossRef] - Wang, T.Y.; Wen, Q.Y. Fair quantum blind signatures. Chin. Phys. B
**2010**, 19, 0307. [Google Scholar] - He, L.B.; Huang, L.S.; Yang, W.; Xu, R. Cryptanalysis of fair quantum blind signatures. Chin. Phys. B
**2012**, 21, 030306. [Google Scholar] [CrossRef] - Zou, X.F.; Qiu, D.W. Attack and improvements of fair quantum blind signature schemes. Quantum Inf. Process.
**2013**, 12, 2071–2085. [Google Scholar] [CrossRef] - Buhrman, H.; Cleve, R.; Watrous, J.; De, W.R. Quantum Fingerprinting. Phys. Rev. Lett.
**2001**, 87, 167902. [Google Scholar] [CrossRef] [PubMed] - Zhang, K.J.; Zhang, W.W.; Li, D. Improving the security of arbitrated quantum signature against the forgery attack. Quantum Inf. Process.
**2013**, 12, 2655–2669. [Google Scholar] [CrossRef] - Zhang, K.J.; Qin, S.J.; Sun, Y.; Song, T.T.; Su, Q. Reexamination of arbitrated quantum signature: the impossible and the possible. Quantum Inf. Process.
**2013**, 12, 3127–3141. [Google Scholar] [CrossRef] - Boykin, P.; Roychowdhury, V. Optimal encryption of quantum bits. Phys. Rev. A
**2003**, 67, 042317. [Google Scholar] [CrossRef] - Brassard, G. Quantum communication complexity (a survey). arXiv, 2001; arXiv:quant-ph/0101005. [Google Scholar]
- Buhrman, H.; Cleve, R.; Massar, S.; Wolf, R.D. Non-Locality and communication complexity. Rev. Mod. Phys.
**2009**, 82, 665–698. [Google Scholar] [CrossRef] - Horn, R.T.; Babichev, S.A.; Marzlin, K.P.; Lvovsky, A.I.; Sanders, B.C. Single-Qubit optical quantum fingerprinting. Phys. Rev. Lett.
**2005**, 95, 150502. [Google Scholar] [CrossRef] - Du, J.; Zou, P.; Peng, X.; Oi, D.K.L.; Kwek, L.C.; Oh, C.H.; Ekert, A. Experimental quantum multimeter and one-qubit fingerprinting. Phys. Rev. A
**2006**, 74, 042319. [Google Scholar] [CrossRef] - Xu, F.; Miguel, A.J.; Wei, K.; Wang, W.; Palacios-Avila, P.; Feng, C.; Sajeed, S.; Lütkenhaus, L.; Lo, H.-K. Experimental quantum fingerprinting with weak coherent pulses. Nat. Commun.
**2015**, 6, 8735. [Google Scholar] [CrossRef] [PubMed][Green Version] - Arrazola, J.M.; Lutkenhaus, N. Quantum fingerprinting with coherent states and a constant mean number of photons. Phys. Rev. A
**2014**, 89, 062305. [Google Scholar] [CrossRef] - Guan, J.Y.; Xu, F.; Yin, H.L.; Li, Y.; Zhang, Y.-J.; Chen, S.-J.; Yang, X.-Y.; Li, L.; You, L.-X.; Chen, T.-Y.; et al. Observation of Quantum Fingerprinting Beating the Classical Limit. Phys. Rev. Lett.
**2016**, 116, 240502. [Google Scholar] [CrossRef] - Li, F.G.; Shi, J.H. An arbitrated quantum signature protocol based on the chained CNOT operations encryption. Quantum Inf. Process
**2015**, 14, 2171–2181. [Google Scholar] [CrossRef]

**Figure 1.**The flow-process diagram of the proposed QBS scheme. Alice blinds the message m with blind factor w and passes $\tilde{m}$ to Bob. With the proposed encoding method of the BB84-state, Bob signs $\tilde{m}$ with u and v and then sends the blind signature ${|\phi \rangle}_{\tilde{m}\oplus u,v}$ back to Alice. Two copies of the unblinding signature are sent to Trent. After Trent’s identical verification for the two signatures, one of the signatures is transmitted to Charlie. Once Charlie verifies the validity of the signature, he publishes the signature ${\{m,|\phi \rangle}_{m\oplus u,v}\}$.

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Chen, F.-L.; Wang, Z.-H.; Hu, Y.-M. A New Quantum Blind Signature Scheme with BB84-State. *Entropy* **2019**, *21*, 336.
https://doi.org/10.3390/e21040336

**AMA Style**

Chen F-L, Wang Z-H, Hu Y-M. A New Quantum Blind Signature Scheme with BB84-State. *Entropy*. 2019; 21(4):336.
https://doi.org/10.3390/e21040336

**Chicago/Turabian Style**

Chen, Feng-Lin, Zhi-Hua Wang, and Yong-Mo Hu. 2019. "A New Quantum Blind Signature Scheme with BB84-State" *Entropy* 21, no. 4: 336.
https://doi.org/10.3390/e21040336