hardware algorithms error_correction

A quantum algorithm for one-shot signatures

Curator's Take

This article presents the first concrete circuit‑level design for a quantum one‑shot signature scheme, showing how a classical public key can be paired with a genuinely quantum secret key to produce instantly verifiable signatures. By giving explicit qubit and gate counts and pinpointing where obfuscation is needed, it bridges the gap between abstract cryptographic constructions and near‑term hardware constraints—a step that aligns with recent pushes toward practical quantum digital signatures and publicly verifiable randomness beacons. While the resource estimates still demand sizable, error‑corrected devices, the work provides a clear roadmap for integrating quantum‑enhanced authentication into future delegated‑computing and token‑transfer protocols.

— Mark Eatherly

Summary

We provide a pre-obfuscation circuit-level implementation of an efficient one shot signature scheme, which has known applications to delegated signatures, secured token transfer, and publicly verifiable randomness. The algorithm consists of two stages: a key generation stage where a classical public key/quantum secret key pair is produced, and a signing stage where the quantum secret key is processed with a message string to produce a classical signature. There is no algorithmic error in the construction and the signed message can be efficiently checked by a classical verifier. Our scheme works by preparing a superposition over elements of a random affine coset determined by the output of a puncturable pseudorandom function, together with a circuit that tests coset membership. The logical qubit number scales like $Θ( κ\log(r) + n + l)$ and the gate complexity scales like $Θ(n^3 + nl)$, where $r$ is the public key size, $n+l$ is the signature size, $l$ is the message size, and $κ= Ω(n)$ is the cryptographic security parameter. We provide explicit qubit and gate counts for varying $n$ and identify the circuit components where obfuscation would be required for security against classical and quantum polynomial time attacks.