@article{hematpour_presence_2020,
	title = {Presence of dynamics of quantum dots in the digital signature using {DNA} alphabet and chaotic {S}-box},
	issn = {1573-7721},
	url = {https://doi.org/10.1007/s11042-020-10059-5},
	doi = {10.1007/s11042-020-10059-5},
	abstract = {The integrity and authenticity of the message, and it’s nonrepudiation, are provided by digital signatures. We introduce quantum digital signature schemes based on Quantum Dots, where DNA coding is used to increase the intricacy of phase space. We attain the optimal security standard by constructing a deterministic dynamic system in a finite phase space with n points and by using symbolic dynamics. Also, given the chaotic Substitution box(S-box), a confusing step has been added for greater security. The introduced quantum dynamical map is used to create procedures to resistance again the common attacks in the digital signature such as non-repudiation, unforgeability, and transferability. Its security depends on the length of the signature, directly.},
	language = {en},
	urldate = {2021-02-07},
	journal = {Multimedia Tools and Applications},
	author = {Hematpour, Nafiseh and Ahadpour, Sodeif and Behnia, Sohrab},
	month = nov,
	year = {2020},
}

@article{kang_quantum_2015,
	title = {Quantum {Signature} {Scheme} {Using} a {Single} {Qubit} {Rotation} {Operator}},
	volume = {54},
	issn = {1572-9575},
	url = {https://doi.org/10.1007/s10773-014-2254-y},
	doi = {10.1007/s10773-014-2254-y},
	abstract = {We present a quantum signature scheme using a single qubit rotation operator. In this protocol, the trusted center confirms the quantum signature and thus conforms with other quantum signature schemes. Utilizing the unitary properties of a single qubit rotation operator and Pauli operators, our protocol provides signature security and enhances the efficiency of communication. In addition, our protocol – using only a single qubit measurement – facilitates the ease of implementation and enhances convenience for users. The security of the protocol is analyzed.},
	language = {en},
	number = {2},
	urldate = {2021-02-07},
	journal = {International Journal of Theoretical Physics},
	author = {Kang, Min-Sung and Hong, Chang-Ho and Heo, Jino and Lim, Jong-In and Yang, Hyung-Jin},
	month = feb,
	year = {2015},
	pages = {614--629},
}

@article{amerimehr_quantum_2018,
	title = {Quantum {Symmetric} {Cryptosystem} {Based} on {Algebraic} {Codes}},
	volume = {22},
	issn = {1558-2558},
	doi = {10.1109/LCOMM.2018.2844245},
	abstract = {A quantum cryptosystem based on algebraic codes, which uses single photons as quantum message carriers, is given. The cryptosystem is equipped with authentication, data integrity, and non-repudiation. There is no need for a parallel classical channel since public conversation is omitted. Indeed by using a suitable algebraic error-correcting code, Alice and Bob do not need to share a string of common bases. Therefore, they already share only one secret key for encryption. The secret key can be reused many times also in a noisy environment. The encryption and the decryption are similar, so the cryptosystem can be thought symmetric. Analysis shows that the cryptosystem is secure, low cost, and more practical compared with the previous ones.},
	number = {9},
	journal = {IEEE Communications Letters},
	author = {Amerimehr, A. and Dehkordi, M. H.},
	month = sep,
	year = {2018},
	keywords = {algebraic codes, error correction codes, private key cryptography, quantum cryptography, algebraic error-correcting code, algebraic codes, quantum symmetric cryptosystem, parallel classical channel, data integrity, quantum message carriers, Protocols, Eavesdropping, Encryption, Error analysis, Photonics, Authentication, Quantum cryptography, quantum cryptosystem, algebraic codes, single photons, cryptographic primitives},
	pages = {1746--1749},
}

@article{xin_quantum_2019,
	title = {Quantum signature scheme based on {Hadamard} and {H} $_{\textrm{π/4}}$ operators},
	volume = {58},
	issn = {1559-128X, 2155-3165},
	url = {https://www.osapublishing.org/abstract.cfm?URI=ao-58-27-7346},
	doi = {10.1364/AO.58.007346},
	language = {en},
	number = {27},
	urldate = {2021-02-07},
	journal = {Applied Optics},
	author = {Xin, Xiangjun and Wang, Zhuo and Yang, Qinglan},
	month = sep,
	year = {2019},
	pages = {7346},
}

@article{li_arbitrated_2017,
	title = {An {Arbitrated} {Quantum} {Signature} {Scheme} without {Entanglement} $^{\textrm{*}}$},
	volume = {68},
	issn = {0253-6102},
	url = {https://iopscience.iop.org/article/10.1088/0253-6102/68/3/317},
	doi = {10.1088/0253-6102/68/3/317},
	number = {3},
	urldate = {2021-02-07},
	journal = {Communications in Theoretical Physics},
	author = {Li, Hui-Ran and Luo, Ming-Xing and Peng, Dai-Yuan and Wang, Xiao-Jun},
	month = sep,
	year = {2017},
	pages = {317},
}

@article{chen_public-key_2018,
	title = {Public-key quantum digital signature scheme with one-time pad private-key},
	volume = {17},
	issn = {1570-0755, 1573-1332},
	url = {http://link.springer.com/10.1007/s11128-017-1778-5},
	doi = {10.1007/s11128-017-1778-5},
	language = {en},
	number = {1},
	urldate = {2021-02-07},
	journal = {Quantum Information Processing},
	author = {Chen, Feng-Lin and Liu, Wan-Fang and Chen, Su-Gen and Wang, Zhi-Hua},
	month = jan,
	year = {2018},
	pages = {10},
}

@article{chen_new_2019,
	title = {A {New} {Quantum} {Blind} {Signature} {Scheme} with {BB84}-{State}},
	volume = {21},
	copyright = {http://creativecommons.org/licenses/by/3.0/},
	url = {https://www.mdpi.com/1099-4300/21/4/336},
	doi = {10.3390/e21040336},
	abstract = {The blind signature is widely used in cryptography applications because it can prevent the signer from gaining the original message. Owing to the unconditional security, the quantum blind signature is more advantageous than the classical one. In this paper, we propose a new provable secure quantum blind signature scheme with the nonorthogonal single-photon BB84-state and provide a new method to encode classical messages into quantum signature states. The message owner injects a randomizing factor into the original message and then strips the blind factor from the quantum blind signature signed by the blind signer. The verifier can validate the quantum signature and announce it publicly. At last, the analytical results show that the proposed scheme satisfies all of the security requirements of the blind signature: blindness, unforgeability, non-repudiation, unlinkability, and traceability. Due to there being no use of quantum entanglement states, the total feasibility and practicability of the scheme are obviously better than the previous ones.},
	language = {en},
	number = {4},
	urldate = {2021-02-07},
	journal = {Entropy},
	author = {Chen, Feng-Lin and Wang, Zhi-Hua and Hu, Yong-Mo},
	month = apr,
	year = {2019},
	keywords = {BB84-state, quantum fingerprint, quantum encryption algorithm, quantum blind signature, unconditional security},
	pages = {336},
}

@article{behera_experimental_2017,
	title = {Experimental realization of quantum cheque using a five-qubit quantum computer},
	volume = {16},
	issn = {1570-0755, 1573-1332},
	url = {http://link.springer.com/10.1007/s11128-017-1762-0},
	doi = {10.1007/s11128-017-1762-0},
	language = {en},
	number = {12},
	urldate = {2021-02-07},
	journal = {Quantum Information Processing},
	author = {Behera, Bikash K. and Banerjee, Anindita and Panigrahi, Prasanta K.},
	month = dec,
	year = {2017},
	pages = {312},
}

@article{yoon_quantum_2015,
	title = {Quantum signature scheme based on a quantum search algorithm},
	volume = {90},
	issn = {0031-8949, 1402-4896},
	url = {https://iopscience.iop.org/article/10.1088/0031-8949/90/1/015103},
	doi = {10.1088/0031-8949/90/1/015103},
	number = {1},
	urldate = {2021-02-07},
	journal = {Physica Scripta},
	author = {Yoon, Chun Seok and Kang, Min Sung and Lim, Jong In and Yang, Hyung Jin},
	month = jan,
	year = {2015},
	pages = {015103},
}

@article{an_practical_2019,
	title = {Practical quantum digital signature with a gigahertz {BB84} quantum key distribution system},
	volume = {44},
	copyright = {\&\#169; 2018 Optical Society of America},
	issn = {1539-4794},
	url = {https://www.osapublishing.org/ol/abstract.cfm?uri=ol-44-1-139},
	doi = {10.1364/OL.44.000139},
	abstract = {Quantum digital signature (QDS) can guarantee message integrity and non-repudiation with information-theoretical security, and it has attracted more attention recently. Since proposed by Andersson et\&\#x00A0;al. [Phys. Rev. A93, 032325 (2016)PLRAAN1050-294710.1103/PhysRevA.93.032325], a quantum digital signature protocol using an insecure channel has been realized with several different quantum key distribution (QKD) systems. Here we report an experimental QDS based on a BB84 QKD system. An asymmetric Faraday\&\#x2013;Sagnac\&\#x2013;Michelson interferometer structure has been designed in our system, which is intrinsically stable against channel disturbance. The innovatory structure supports the system to work at high speed and, in practice, the repetition rate is in gigahertz. A 0.044\&\#x00A0;bit/s signature rate has been attained with a 25\&\#x00A0;dB channel loss composed of a 25\&\#x00A0;km installed fiber with additional optical attenuation in a 10\&\#x2212;10 security level. Thus, our QDS device is stable and highly efficient. This Letter provides a further step for the practical application of QDS.},
	language = {EN},
	number = {1},
	urldate = {2021-02-07},
	journal = {Optics Letters},
	author = {An, Xue-Bi and Zhang, Hao and Zhang, Chun-Mei and Chen, Wei and Wang, Shuang and Yin, Zhen-Qiang and Wang, Qin and He, De-Yong and Hao, Peng-Lei and Liu, Shu-Feng and Zhou, Xing-Yu and Guo, Guang-Can and Han, Zheng-Fu},
	month = jan,
	year = {2019},
	keywords = {Attenuation coefficient, Optical fibers, Phase modulation, Phase shift, Quantum key distribution, Quantum memories},
	pages = {139--142},
}

@article{wang_security_2015,
	title = {Security of quantum digital signatures for classical messages},
	volume = {5},
	copyright = {2015 The Author(s)},
	issn = {2045-2322},
	url = {https://www.nature.com/articles/srep09231},
	doi = {10.1038/srep09231},
	abstract = {Quantum digital signatures can be used to authenticate classical messages in an information-theoretically secure way. Previously, a novel quantum digital signature for classical messages has been proposed and gave an experimental demonstration of distributing quantum digital signatures from one sender to two receivers. Some improvement versions were subsequently presented, which made it more feasible with present technology. These proposals for quantum digital signatures are basic building blocks which only deal with the problem of sending single bit messages while no-forging and non-repudiation are guaranteed. For a multi-bit message, it is only mentioned that the basic building blocks must be iterated, but the iteration of the basic building block still does not suffice to define the entire protocol. In this paper, we show that it is necessary to define the entire protocol because some attacks will arise if these building blocks are used in a naive way of iteration. Therefore, we give a way of defining an entire protocol to deal with the problem of sending multi-bit messages based on the basic building blocks and analyse its security.},
	language = {en},
	number = {1},
	urldate = {2021-02-07},
	journal = {Scientific Reports},
	author = {Wang, Tian-Yin and Cai, Xiao-Qiu and Ren, Yan-Li and Zhang, Rui-Ling},
	month = mar,
	year = {2015},
	pages = {9231},
}

@article{ding_280-km_2020,
	title = {280-km experimental demonstration of a quantum digital signature with one decoy state},
	volume = {45},
	copyright = {\&\#169; 2020 Optical Society of America},
	issn = {1539-4794},
	url = {https://www.osapublishing.org/ol/abstract.cfm?uri=ol-45-7-1711},
	doi = {10.1364/OL.389848},
	abstract = {A quantum digital signature (QDS) guarantees the unforgeability, nonrepudiation, and transferability of signature messages with information-theoretic security, and hence has attracted much attention recently. However, most previous implementations of QDS showed relatively low signature rates and/or short transmission distance. In this Letter, we report a proof-of-principle phase-encoding QDS demonstration using only one decoy state. First, such a method avoids the modulation of the vacuum state, thus reducing experimental complexity and random number consumption. Moreover, incorporated with low-loss asymmetric Mach–Zehnder interferometers and a real-time polarization calibration technique, we have successfully achieved a higher signature rate, e.g., 0.98 bit/s at 103 km, and to date, a record-breaking, to the best of our knowledge, transmission distance of over 280-km installed fibers. Our work represents a significant step towards real-world applications of QDS.},
	language = {EN},
	number = {7},
	urldate = {2021-02-07},
	journal = {Optics Letters},
	author = {Ding, Hua-Jian and Chen, Jing-Jing and Ji, Liang and Zhou, Xing-Yu and Zhang, Chun-Hui and Zhang, Chun-Mei and Wang, Qin},
	month = apr,
	year = {2020},
	keywords = {Calibration, Continuous wave operation, Diode lasers, Modulation techniques, Parametric down conversion, Quantum electronics},
	pages = {1711--1714},
}

@article{yin_practical_2016,
	title = {Practical quantum digital signature},
	volume = {93},
	url = {https://link.aps.org/doi/10.1103/PhysRevA.93.032316},
	doi = {10.1103/PhysRevA.93.032316},
	abstract = {Guaranteeing nonrepudiation, unforgeability as well as transferability of a signature is one of the most vital safeguards in today's e-commerce era. Based on fundamental laws of quantum physics, quantum digital signature (QDS) aims to provide information-theoretic security for this cryptographic task. However, up to date, the previously proposed QDS protocols are impractical due to various challenging problems and most importantly, the requirement of authenticated (secure) quantum channels between participants. Here, we present the first quantum digital signature protocol that removes the assumption of authenticated quantum channels while remaining secure against the collective attacks. Besides, our QDS protocol can be practically implemented over more than 100 km under current mature technology as used in quantum key distribution.},
	number = {3},
	urldate = {2021-02-07},
	journal = {Physical Review A},
	author = {Yin, Hua-Lei and Fu, Yao and Chen, Zeng-Bing},
	month = mar,
	year = {2016},
	pages = {032316},
}

@article{xin_new_2019,
	title = {New {Public}-key {Quantum} {Signature} {Scheme} with {Quantum} {One}-{Way} {Function}},
	volume = {58},
	issn = {1572-9575},
	url = {https://doi.org/10.1007/s10773-019-04203-7},
	doi = {10.1007/s10773-019-04203-7},
	abstract = {Based on the asymmetric quantum cryptosystem, a new public-key quantum signature scheme is proposed. In our scheme, the signer’s public key is derived from her public identity information, and the corresponding private key is generated by the trusted private key generator (PKG). Both of the public key and the private key are classical bit strings, so they are easily kept. It is very convenient for the key management of the quantum signature system. The signer signs a message with her private key, and the quantum signature can be publicly verified with the signer’s public key and the quantum one-way function. Both of the private key and public key can be reused. On the other hand, in the signing phase, the signer sends the message to PKG via a classical unencrypted channel, which can be used to authenticate the identity of the signer. The proposed scheme has the properties of completeness, information-theoretic security, non-repudiation and unforgeability. Its information-theoretic security is ensured by quantum indistinguishability mechanics. On the other hand, our scheme is more efficient than the similar schemes.},
	language = {en},
	number = {10},
	urldate = {2021-02-07},
	journal = {International Journal of Theoretical Physics},
	author = {Xin, Xiangjun and Wang, Zhuo and He, Qianqian and Yang, Qinglan and Li, Fagen},
	month = oct,
	year = {2019},
	pages = {3282--3294},
}

@article{zheng_arbitration_2020,
	title = {Arbitration quantum signature protocol based on {XOR} encryption},
	volume = {18},
	issn = {0219-7499},
	url = {https://www.worldscientific.com/doi/abs/10.1142/S0219749920500252},
	doi = {10.1142/S0219749920500252},
	abstract = {Quantum signature is a branch of quantum cryptography that draws on the design ideas of classic digital signatures, and uses the basic principles of quantum mechanics to achieve the integrity, authenticity and nonrepudiation of quantum information. Among them, arbitration quantum signature (AQS) plays a very important role. In this paper, we proposed an AQS protocol based on XOR encryption. Unlike other protocols, a quantum one-time pad encryption method or chain-type CNOT encryption method is abandoned. The proposed protocol is designed based on the three-particle GHZ state combined with the idea of classical XOR encryption, with CNOT operations used to encrypt quantum messages and quantum signatures. A security analysis of the proposed protocol reveals that the proposed protocol can satisfy the AQS requirements of unforgeability and nonrepudiation.},
	number = {05},
	urldate = {2021-02-07},
	journal = {International Journal of Quantum Information},
	author = {Zheng, Xiao-Yi and Kuang, Chang},
	month = aug,
	year = {2020},
	pages = {2050025},
}

@inproceedings{chailloux_efficient_2017,
	address = {Cham},
	series = {Lecture {Notes} in {Computer} {Science}},
	title = {An {Efficient} {Quantum} {Collision} {Search} {Algorithm} and {Implications} on {Symmetric} {Cryptography}},
	isbn = {9783319706979},
	doi = {10.1007/978-3-319-70697-9_8},
	abstract = {The cryptographic community has widely acknowledged that the emergence of large quantum computers will pose a threat to most current public-key cryptography. Primitives that rely on order-finding problems, such as factoring and computing Discrete Logarithms, can be broken by Shor’s algorithm ([49]).Symmetric primitives, at first sight, seem less impacted by the arrival of quantum computers: Grover’s algorithm [31] for searching in an unstructured database finds a marked element among {\textbackslash}(2{\textasciicircum}\{n\}{\textbackslash}) in time {\textbackslash}({\textbackslash}widetilde\{O\}(2{\textasciicircum}\{n / 2\}){\textbackslash}), providing a quadratic speedup compared to the classical exhaustive search, essentially optimal. Cryptographers then commonly consider that doubling the length of the keys used will be enough to maintain the same level of security.From similar techniques, quantum collision search is known to attain {\textbackslash}({\textbackslash}widetilde\{O\}(2{\textasciicircum}\{n / 3\}){\textbackslash}) query complexity [20], compared to the classical {\textbackslash}(O(2{\textasciicircum}\{n / 2\}){\textbackslash}). However this quantum speedup is illusory: the actual quantum computation performed is actually more expensive than in the classical algorithm.In this paper, we investigate quantum collision and multi-target preimage search and present a new algorithm, that uses the amplitude amplification technique. As such, it relies on the same principle as Grover’s search. Our algorithm is the first to propose a time complexity that improves upon {\textbackslash}(O(2{\textasciicircum}\{n/2\}){\textbackslash}), in a simple setting with a single processor. This time complexity is {\textbackslash}({\textbackslash}widetilde\{O\}(2{\textasciicircum}\{2n/5\}){\textbackslash}) (equal to its query complexity), with a polynomial quantum memory needed (O(n)), and a small classical memory complexity of {\textbackslash}({\textbackslash}widetilde\{O\}(2{\textasciicircum}\{n/5\}){\textbackslash}). For multi-target preimage attacks, these complexities become {\textbackslash}({\textbackslash}widetilde\{O\}(2{\textasciicircum}\{3n/7\}){\textbackslash}), O(n) and {\textbackslash}({\textbackslash}widetilde\{O\}(2{\textasciicircum}\{n/7\}){\textbackslash}) respectively. To the best of our knowledge, this is the first proof of an actual quantum time speedup for collision search. We also propose a parallelization of these algorithms. This result has an impact on several symmetric cryptography scenarios: we detail how to improve upon previous attacks for hash function collisions and multi-target preimages, how to perform an improved key recovery in the multi-user setting, how to improve the collision attacks on operation modes, and point out that these improved algorithms can serve as basic tools for some families of cryptanalytic techniques.In the end, we discuss the implications of these new attacks on post-quantum security.},
	language = {en},
	booktitle = {Advances in {Cryptology} – {ASIACRYPT} 2017},
	publisher = {Springer International Publishing},
	author = {Chailloux, André and Naya-Plasencia, María and Schrottenloher, André},
	editor = {Takagi, Tsuyoshi and Peyrin, Thomas},
	year = {2017},
	keywords = {Post-quantum cryptography ,  Symmetric cryptography ,  Collision search ,  Amplitude amplification },
	pages = {211--240},
}

@article{barnum_authentication_2002,
	title = {Authentication of {Quantum} {Messages}},
	url = {http://arxiv.org/abs/quant-ph/0205128},
	doi = {10.1109/SFCS.2002.1181969},
	abstract = {Authentication is a well-studied area of classical cryptography: a sender S and a receiver R sharing a classical private key want to exchange a classical message with the guarantee that the message has not been modified by any third party with control of the communication line. In this paper we define and investigate the authentication of messages composed of quantum states. Assuming S and R have access to an insecure quantum channel and share a private, classical random key, we provide a non-interactive scheme that enables S both to encrypt and to authenticate (with unconditional security) an m qubit message by encoding it into m+s qubits, where the failure probability decreases exponentially in the security parameter s. The classical private key is 2m+O(s) bits. To achieve this, we give a highly efficient protocol for testing the purity of shared EPR pairs. We also show that any scheme to authenticate quantum messages must also encrypt them. (In contrast, one can authenticate a classical message while leaving it publicly readable.) This has two important consequences: On one hand, it allows us to give a lower bound of 2m key bits for authenticating m qubits, which makes our protocol asymptotically optimal. On the other hand, we use it to show that digitally signing quantum states is impossible, even with only computational security.},
	urldate = {2021-02-09},
	journal = {The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings.},
	author = {Barnum, Howard and Crepeau, Claude and Gottesman, Daniel and Smith, Adam and Tapp, Alain},
	year = {2002},
	note = {arXiv: quant-ph/0205128},
	keywords = {Quantum Physics, Computer Science - Cryptography and Security},
	pages = {449--458},
}

@article{thapliyal_kaks_2018,
	title = {Kak’s three-stage protocol of secure quantum communication revisited: hitherto unknown strengths and weaknesses of the protocol},
	volume = {17},
	issn = {1573-1332},
	shorttitle = {Kak’s three-stage protocol of secure quantum communication revisited},
	url = {https://doi.org/10.1007/s11128-018-2001-z},
	doi = {10.1007/s11128-018-2001-z},
	abstract = {Kak’s three-stage protocol for quantum key distribution is revisited with special focus on its hitherto unknown strengths and weaknesses. It is shown that this protocol can be used for secure direct quantum communication. Further, the implementability of this protocol in the realistic situation is analyzed by considering various Markovian noise models. It is found that the Kak’s protocol and its variants in their original form can be implemented only in a restricted class of noisy channels, where the protocols can be transformed to corresponding protocols based on logical qubits in decoherence free subspace. Specifically, it is observed that Kak’s protocol can be implemented in the presence of collective rotation and collective dephasing noise, but cannot be implemented in its original form in the presence of other types of noise, like amplitude and phase damping noise. Further, the performance of the protocol in the noisy environment is quantified by computing average fidelity under various noise models, and subsequently a set of preferred states for secure communication in noisy environment have also been identified.},
	language = {en},
	number = {9},
	urldate = {2021-02-10},
	journal = {Quantum Information Processing},
	author = {Thapliyal, Kishore and Pathak, Anirban},
	month = jul,
	year = {2018},
	pages = {229},
}

@inproceedings{jorstad_cryptographic_1997,
	address = {Baltimore, Maryland, United States},
	title = {Cryptographic {Algorithm} {Metrics}},
	url = {https://csrc.nist.gov/csrc/media/publications/conference-paper/1997/10/10/proceedings-of-the-20th-nissc-1997/documents/128.pdf},
	booktitle = {Proceedings of the 20th {National} {Information} {Systems} {Security} {Conference}},
	author = {Jorstad, Norman and Smith, Landgrave T.},
	year = {1997},
}

@misc{tibbets_quantum_2019,
	title = {Quantum {Computing} and {Cryptography}: {Analysis}, {Risks}, and {Recommendations} for {Decisionmakers}},
	url = {https://cgsr.llnl.gov/content/assets/docs/QuantumComputingandCryptography-20190920.pdf},
	publisher = {Lawrence Livermore National Laboratory},
	author = {Tibbets, Jake},
	month = sep,
	year = {2019},
}

@article{bonnetain_quantum_2019,
	title = {Quantum {Security} {Analysis} of {AES}},
	volume = {2019},
	url = {https://hal.inria.fr/hal-02397049},
	doi = {10.13154/tosc.v2019.i2.55-93},
	abstract = {In this paper we analyze for the first time the post-quantum security of AES. AES is the most popular and widely used block cipher, established as the encryption standard by the NIST in 2001. We consider the secret key setting and, in particular, AES-256, the recommended primitive and one of the few existing ones that aims at providing a post-quantum security of 128 bits. In order to determine the new security margin, i.e., the lowest number of non-attacked rounds in time less than 2{\textasciicircum}128 encryptions, we first provide generalized and quantized versions of the best known cryptanalysis on reduced-round AES, as well as a discussion on attacks that don't seem to benefit from a significant quantum speed-up. We propose a new framework for structured search that encompasses both the classical and quantum attacks we present, and allows to efficiently compute their complexity. We believe this framework will be useful for future analysis. Our best attack is a quantum Demirci-Selçuk meet-in-the-middle attack. Unexpectedly , using the ideas underlying its design principle also enables us to obtain new, counter-intuitive classical TMD trade-offs. In particular, we can reduce the memory in some attacks against AES-256 and AES-128. One of the building blocks of our attacks is solving efficiently the AES S-Box differential equation, with respect to the quantum cost of a reversible S-Box. We believe that this generic quantum tool will be useful for future quantum differential attacks. Judging by the results obtained so far, AES seems a resistant primitive in the post-quantum world as well as in the classical one, with a bigger security margin with respect to quantum generic attacks.},
	language = {en},
	number = {2},
	urldate = {2021-02-11},
	journal = {IACR Transactions on Symmetric Cryptology},
	author = {Bonnetain, Xavier and Naya-Plasencia, María and Schrottenloher, André},
	month = jun,
	year = {2019},
	pages = {55},
}

@inproceedings{khan_security_2020,
	title = {Security {Analysis} of {QKD} {Protocols}: {Simulation} {Comparison}},
	shorttitle = {Security {Analysis} of {QKD} {Protocols}},
	doi = {10.1109/IBCAST47879.2020.9044522},
	abstract = {The inception of quantum key distribution (QKD) empowered the communication networks with unconditional security because of the unique characteristics of quantum mechanics. Since QKD genesis, various protocols have been proposed to augment the feasibility of its real-world implementation and to overcome the inherent vulnerabilities of communication channel. In the past several years' studies emphasize the significance of QKD in the field of secure communication, because it can counter critical attacks quite effectively. In this paper, we present in-depth security analysis of the notable QKD protocols which encompasses from their theoretical assertions to their practical implementation factors and simulation outcomes.},
	booktitle = {2020 17th {International} {Bhurban} {Conference} on {Applied} {Sciences} and {Technology} ({IBCAST})},
	author = {Khan, E. and Meraj, S. and Khan, M. M.},
	month = jan,
	year = {2020},
	note = {ISSN: 2151-1411},
	keywords = {cryptographic protocols, quantum cryptography, telecommunication channels, quantum key distribution, communication networks, unconditional security, quantum mechanics, real-world implementation, inherent vulnerabilities, communication channel, secure communication, in-depth security analysis, QKD protocols, QKD, Quantum Key Distribution, Quantum Cryptography, QKD Protocols, Security Analysis, Simulation},
	pages = {383--388},
}

@article{ablayev_quantum_2013,
	title = {Quantum {Hashing}},
	url = {http://arxiv.org/abs/1310.4922},
	abstract = {We present a version of quantum hash function based on non-binary discrete functions. The proposed quantum procedure is "classical-quantum", that is, it takes a classical bit string as an input and produces a quantum state. The resulting function has the property of a one-way function (pre-image resistance), in addition it has the properties analogous to classical cryptographic hash second pre-image resistance and collision resistance. This function can be naturally used in a quantum digital signature protocol.},
	urldate = {2021-02-13},
	journal = {arXiv:1310.4922 [quant-ph]},
	author = {Ablayev, Farid and Vasiliev, Alexander},
	month = oct,
	year = {2013},
	note = {arXiv: 1310.4922},
	keywords = {Quantum Physics},
}

@inproceedings{plesa_hybrid_2017,
	address = {Targoviste},
	title = {Hybrid scheme for secure communications using quantum and classical mechanisms},
	isbn = {9781509064571 9781509064588},
	url = {http://ieeexplore.ieee.org/document/8166458/},
	doi = {10.1109/ECAI.2017.8166458},
	urldate = {2021-04-25},
	booktitle = {2017 9th {International} {Conference} on {Electronics}, {Computers} and {Artificial} {Intelligence} ({ECAI})},
	publisher = {IEEE},
	author = {Plesa, Mihail-Iulian},
	month = jun,
	year = {2017},
	pages = {1--6},
}

@article{cheng_h._lightweight_2021,
	title = {A {Lightweight} {Implementation} of {NTRUEncrypt} for 8-bit {AVR} {Microcontrollers}},
	copyright = {Creative Commons Attribution 4.0 International, Open Access},
	url = {https://zenodo.org/record/4431753},
	doi = {10.5281/ZENODO.4431753},
	abstract = {Introduced in 1996, NTRUEncrypt is not only one of the earliest but also one of the most scrutinized lattice-based cryptosystems and expected to remain secure in the upcoming era of quantum computing. Furthermore, NTRUEncrypt offers some efficiency benefits over “pre-quantum” cryptosystems like RSA or ECC since the low-level arithmetic operations are less computation-intensive and, thus, more suitable for constrained devices. In this paper, we present AVRNTRU, a highly-optimized implementation of NTRUEncrypt for 8-bit AVR microcontrollers that we developed from scratch to reach high performance and resistance to timing attacks. AVR NTRU complies with the EESS \#1 v3.1 specification and supports product-form parameter sets such as ees443ep1, ees587ep1, and ees743ep1. Entire encryption (including mask generation and blinding-polynomial generation) using the ees443ep1 parameters requires 847973 clock cycles on an ATmega1281 microcontroller; the decryption is more costly and has an execution time of 1051871 cycles. We achieved these results with the help of a novel hybrid technique for multiplication in a truncated polynomial ring, whereby one of the operands is a sparse ternary polynomial in product form and the other an arbitrary element of the ring. A constant-time multiplication in the ring given by the ees443ep1 parameters takes only 192577 cycles, which sets a new speed record for the arithmetic part of a lattice-based cryptosystem on AVR.},
	language = {en},
	urldate = {2021-04-25},
	author = {{Cheng, H.} and {Großschädl, J.} and {Rønne, P.} and {Ryan, P.}},
	month = feb,
	year = {2021},
	keywords = {Post-Quantum Cryptography, NTRU, Polynomial Arithmetic, Product- Form Polynomials, Constant-Time Implementation},
}

@misc{moody_nist_2020,
	title = {{NIST} {PQC} {Standardization} {Update} - {Round} 2 and {Beyond}},
	url = {https://csrc.nist.gov/CSRC/media/Presentations/pqc-update-round-2-and-beyond/images-media/pqcrypto-sept2020-moody.pdf},
	author = {Moody, Dustin},
	month = sep,
	year = {2020},
}

@techreport{ben-sasson_scalable_2018,
	title = {Scalable, transparent, and post-quantum secure computational integrity},
	url = {https://eprint.iacr.org/2018/046},
	abstract = {Human dignity demands that personal information, like medical and forensic data, be hidden from the public. But veils of secrecy designed to preserve privacy may also be abused to cover up lies and deceit by parties entrusted with Data, unjustly harming citizens and eroding trust in central institutions.

Zero knowledge (ZK) proof systems are an ingenious cryptographic solution to the tension between the ideals of personal privacy and institutional integrity, enforcing the latter in a way that does not compromise the former. Public trust demands transparency from ZK systems, meaning they be set up with no reliance on any trusted party, and have no trapdoors that could be exploited by powerful parties to bear false witness. For ZK systems to be used with Big Data, it is imperative that the public verification process scale sublinearly in data size. Transparent ZK proofs that can be verified exponentially faster than data size were first described in the 1990s but early constructions were impractical, and no ZK system realized thus far in code (including that used by crypto-currencies like Zcash) has achieved both transparency and exponential verification speedup, simultaneously, for general computations.

Here we report the first realization of a transparent ZK system (ZK-STARK) in which verification scales exponentially faster than database size, and moreover, this exponential speedup in verification is observed concretely for meaningful and sequential computations, described next. Our system uses several recent advances on interactive oracle proofs (IOP), such as a “fast” (linear time) IOP system for error correcting codes.

Our proof-of-concept system allows the Police to prove to the public that the DNA profile of a Presidential Candidate does not appear in the forensic DNA profile database maintained by the Police. The proof, which is generated by the Police, relies on no external trusted party, and reveals no further information about the contents of the database, nor about the candidate’s profile; in particular, no DNA information is disclosed to any party outside the Police. The proof is shorter than the size of the DNA database, and verified faster than the time needed to examine that database naively.},
	number = {046},
	urldate = {2021-04-25},
	author = {Ben-Sasson, Eli and Bentov, Iddo and Horesh, Yinon and Riabzev, Michael},
	year = {2018},
	keywords = {zero knowledge, computational integrity, blockchains, interactive proofs, interactive oracle proofs},
}

@incollection{takagi_applying_2016,
	address = {Cham},
	title = {Applying {Grover}’s {Algorithm} to {AES}: {Quantum} {Resource} {Estimates}},
	volume = {9606},
	isbn = {9783319293592 9783319293608},
	shorttitle = {Applying {Grover}’s {Algorithm} to {AES}},
	url = {http://link.springer.com/10.1007/978-3-319-29360-8_3},
	urldate = {2021-04-25},
	booktitle = {Post-{Quantum} {Cryptography}},
	publisher = {Springer International Publishing},
	author = {Grassl, Markus and Langenberg, Brandon and Roetteler, Martin and Steinwandt, Rainer},
	editor = {Takagi, Tsuyoshi},
	year = {2016},
	doi = {10.1007/978-3-319-29360-8_3},
	pages = {29--43},
}

@incollection{canteaut_implementing_2020,
	address = {Cham},
	title = {Implementing {Grover} {Oracles} for {Quantum} {Key} {Search} on {AES} and {LowMC}},
	volume = {12106},
	isbn = {9783030457235 9783030457242},
	url = {https://link.springer.com/10.1007/978-3-030-45724-2_10},
	language = {en},
	urldate = {2021-04-25},
	booktitle = {Advances in {Cryptology} – {EUROCRYPT} 2020},
	publisher = {Springer International Publishing},
	author = {Jaques, Samuel and Naehrig, Michael and Roetteler, Martin and Virdia, Fernando},
	editor = {Canteaut, Anne and Ishai, Yuval},
	year = {2020},
	doi = {10.1007/978-3-030-45724-2_10},
	pages = {280--310},
}

@article{younes_bounded-error_2015,
	title = {A bounded-error quantum polynomial-time algorithm for two graph bisection problems},
	volume = {14},
	issn = {1570-0755, 1573-1332},
	url = {http://link.springer.com/10.1007/s11128-015-1069-y},
	doi = {10.1007/s11128-015-1069-y},
	language = {en},
	number = {9},
	urldate = {2021-04-25},
	journal = {Quantum Information Processing},
	author = {Younes, Ahmed},
	month = sep,
	year = {2015},
	pages = {3161--3177},
}

@article{brassard_limitations_2000,
	title = {Limitations on {Practical} {Quantum} {Cryptography}},
	volume = {85},
	issn = {0031-9007, 1079-7114},
	url = {https://link.aps.org/doi/10.1103/PhysRevLett.85.1330},
	doi = {10.1103/PhysRevLett.85.1330},
	language = {en},
	number = {6},
	urldate = {2021-04-25},
	journal = {Physical Review Letters},
	author = {Brassard, Gilles and Lütkenhaus, Norbert and Mor, Tal and Sanders, Barry C.},
	month = aug,
	year = {2000},
	pages = {1330--1333},
}

@misc{national_security_agency_nsa_quantum_nodate,
	title = {Quantum {Key} {Distribution} ({QKD}) and {Quantum} {Cryptography} ({QC})},
	url = {https://www.nsa.gov/what-we-do/cybersecurity/quantum-key-distribution-qkd-and-quantum-cryptography-qc/},
	urldate = {2021-04-25},
	author = {{National Security Agency (NSA)}},
}

@article{fei_quantum_2018,
	title = {Quantum man-in-the-middle attack on the calibration process of quantum key distribution},
	volume = {8},
	issn = {2045-2322},
	url = {http://www.nature.com/articles/s41598-018-22700-3},
	doi = {10.1038/s41598-018-22700-3},
	language = {en},
	number = {1},
	urldate = {2021-04-26},
	journal = {Scientific Reports},
	author = {Fei, Yang-Yang and Meng, Xiang-Dong and Gao, Ming and Wang, Hong and Ma, Zhi},
	month = dec,
	year = {2018},
	pages = {4283},
}

@inproceedings{costello_efficient_2016,
	address = {Berlin, Heidelberg},
	series = {Lecture {Notes} in {Computer} {Science}},
	title = {Efficient {Algorithms} for {Supersingular} {Isogeny} {Diffie}-{Hellman}},
	isbn = {9783662530184},
	doi = {10.1007/978-3-662-53018-4_21},
	abstract = {We propose a new suite of algorithms that significantly improve the performance of supersingular isogeny Diffie-Hellman (SIDH) key exchange. Subsequently, we present a full-fledged implementation of SIDH that is geared towards the 128-bit quantum and 192-bit classical security levels. Our library is the first constant-time SIDH implementation and is up to 2.9 times faster than the previous best (non-constant-time) SIDH software. The high speeds in this paper are driven by compact, inversion-free point and isogeny arithmetic and fast SIDH-tailored field arithmetic: on an Intel Haswell processor, generating ephemeral public keys takes 46 million cycles for Alice and 52 million cycles for Bob, while computing the shared secret takes 44 million and 50 million cycles, respectively. The size of public keys is only 564 bytes, which is significantly smaller than most of the popular post-quantum key exchange alternatives. Ultimately, the size and speed of our software illustrates the strong potential of SIDH as a post-quantum key exchange candidate and we hope that these results encourage a wider cryptanalytic effort.},
	language = {en},
	booktitle = {Advances in {Cryptology} – {CRYPTO} 2016},
	publisher = {Springer},
	author = {Costello, Craig and Longa, Patrick and Naehrig, Michael},
	editor = {Robshaw, Matthew and Katz, Jonathan},
	year = {2016},
	keywords = {Post-quantum cryptography ,  Diffie-Hellman key exchange ,  Supersingular elliptic curves ,  Isogenies ,  SIDH },
	pages = {572--601},
}

@article{curty_quantum_2001,
	title = {Quantum authentication of classical messages},
	url = {https://arxiv.org/abs/quant-ph/0103122v2},
	doi = {10.1103/PhysRevA.64.062309},
	abstract = {Although key distribution is arguably the most studied context on which to apply quantum cryptographic techniques, message authentication, i.e., certifying the identity of the message originator and the integrity of the message sent, can also benefit from the use of quantum resources. Classically, message authentication can be performed by techniques based on hash functions. However, the security of the resulting protocols depends on the selection of appropriate hash functions, and on the use of long authentication keys. In this paper we propose a quantum authentication procedure that, making use of just one qubit as the authentication key, allows the authentication of binary classical messages in a secure manner.},
	language = {en},
	urldate = {2021-04-26},
	author = {Curty, Marcos and Santos, David J.},
	month = mar,
	year = {2001},
}

@article{nikolopoulos_information-theoretically_2020,
	title = {Information-theoretically secure data origin authentication with quantum and classical resources},
	url = {https://arxiv.org/abs/2011.06849v1},
	doi = {10.3390/cryptography4040031},
	abstract = {In conventional cryptography, information-theoretically secure message authentication can be achieved by means of universal hash functions, and requires that the two legitimate users share a random secret key, which is twice as long as the message. We address the question as of whether quantum resources can offer any advantage over classical unconditionally secure message authentication codes. It is shown that passive prepare-and-measure quantum message-authentication schemes cannot do better than their classical counterparts. Subsequently we present an interactive entanglement-assisted scheme, which ideally allows for the authentication of classical messages with a classical key, which is as long as the message.},
	language = {en},
	urldate = {2021-04-26},
	author = {Nikolopoulos, Georgios M. and Fischlin, Marc},
	month = nov,
	year = {2020},
}

@article{rieffel_introduction_1998,
	title = {An {Introduction} to {Quantum} {Computing} for {Non}-{Physicists}},
	url = {https://arxiv.org/abs/quant-ph/9809016v2},
	abstract = {Richard Feynman's observation that quantum mechanical effects could not be simulated efficiently on a computer led to speculation that computation in general could be done more efficiently if it used quantum effects. This speculation appeared justified when Peter Shor described a polynomial time quantum algorithm for factoring integers. In quantum systems, the computational space increases exponentially with the size of the system which enables exponential parallelism. This parallelism could lead to exponentially faster quantum algorithms than possible classically. The catch is that accessing the results, which requires measurement, proves tricky and requires new non-traditional programming techniques. The aim of this paper is to guide computer scientists and other non-physicists through the conceptual and notational barriers that separate quantum computing from conventional computing. We introduce basic principles of quantum mechanics to explain where the power of quantum computers comes from and why it is difficult to harness. We describe quantum cryptography, teleportation, and dense coding. Various approaches to harnessing the power of quantum parallelism are explained, including Shor's algorithm, Grover's algorithm, and Hogg's algorithms. We conclude with a discussion of quantum error correction.},
	language = {en},
	urldate = {2021-04-26},
	author = {Rieffel, Eleanor G. and Polak, Wolfgang},
	month = sep,
	year = {1998},
}

@article{humble_consumer_2018,
	title = {Consumer {Applications} of {Quantum} {Computing}: {A} {Promising} {Approach} for {Secure} {Computation}, {Trusted} {Data} {Storage}, and {Efficient} {Applications}},
	volume = {7},
	issn = {2162-2248},
	shorttitle = {Consumer {Applications} of {Quantum} {Computing}},
	url = {https://www.osti.gov/pages/biblio/1490615-consumer-applications-quantum-computing-promising-approach-secure-computation-trusted-data-storage-efficient-applications},
	doi = {https://doi.org/10.1109/MCE.2017.2755298},
	abstract = {The U.S. Department of Energy's Office of Scientific and Technical Information},
	language = {English},
	number = {6},
	urldate = {2021-04-26},
	journal = {IEEE Consumer Electronics Magazine},
	author = {Humble, Travis S. (ORCID:0000000294490498)},
	month = oct,
	year = {2018},
}

@article{albash_adiabatic_2016,
	title = {Adiabatic {Quantum} {Computing}},
	url = {https://arxiv.org/abs/1611.04471v2},
	doi = {10.1103/RevModPhys.90.015002},
	abstract = {Adiabatic quantum computing (AQC) started as an approach to solving optimization problems, and has evolved into an important universal alternative to the standard circuit model of quantum computing, with deep connections to both classical and quantum complexity theory and condensed matter physics. In this review we give an account of most of the major theoretical developments in the field, while focusing on the closed-system setting. The review is organized around a series of topics that are essential to an understanding of the underlying principles of AQC, its algorithmic accomplishments and limitations, and its scope in the more general setting of computational complexity theory. We present several variants of the adiabatic theorem, the cornerstone of AQC, and we give examples of explicit AQC algorithms that exhibit a quantum speedup. We give an overview of several proofs of the universality of AQC and related Hamiltonian quantum complexity theory. We finally devote considerable space to Stoquastic AQC, the setting of most AQC work to date, where we discuss obstructions to success and their possible resolutions.},
	language = {en},
	urldate = {2021-04-26},
	author = {Albash, Tameem and Lidar, Daniel A.},
	month = nov,
	year = {2016},
}

@article{bauckhage_adiabatic_2017,
	title = {Adiabatic {Quantum} {Computing} for {Binary} {Clustering}},
	url = {https://arxiv.org/abs/1706.05528v1},
	abstract = {Quantum computing for machine learning attracts increasing attention and recent technological developments suggest that especially adiabatic quantum computing may soon be of practical interest. In this paper, we therefore consider this paradigm and discuss how to adopt it to the problem of binary clustering. Numerical simulations demonstrate the feasibility of our approach and illustrate how systems of qubits adiabatically evolve towards a solution.},
	language = {en},
	urldate = {2021-04-26},
	author = {Bauckhage, Christian and Brito, Eduardo and Cvejoski, Kostadin and Ojeda, Cesar and Sifa, Rafet and Wrobel, Stefan},
	month = jun,
	year = {2017},
}

@article{ying_quantum_2010,
	title = {Quantum computation, quantum theory and {AI}},
	volume = {174},
	issn = {0004-3702},
	url = {https://www.sciencedirect.com/science/article/pii/S0004370209001398},
	doi = {10.1016/j.artint.2009.11.009},
	abstract = {The main purpose of this paper is to examine some (potential) applications of quantum computation in AI and to review the interplay between quantum th…},
	language = {en},
	number = {2},
	urldate = {2021-04-26},
	journal = {Artificial Intelligence},
	author = {Ying, Mingsheng},
	month = feb,
	year = {2010},
	pages = {162--176},
}

@article{gisin_quantum_2002,
	title = {Quantum cryptography},
	volume = {74},
	url = {https://link.aps.org/doi/10.1103/RevModPhys.74.145},
	doi = {10.1103/RevModPhys.74.145},
	abstract = {Quantum cryptography could well be the first application of quantum mechanics at the single-quantum level. The rapid progress in both theory and experiment in recent years is reviewed, with emphasis on open questions and technological issues.},
	number = {1},
	urldate = {2021-04-26},
	journal = {Reviews of Modern Physics},
	author = {Gisin, Nicolas and Ribordy, Grégoire and Tittel, Wolfgang and Zbinden, Hugo},
	month = mar,
	year = {2002},
	pages = {145--195},
}

@inproceedings{nurhadi_quantum_2018,
	title = {Quantum {Key} {Distribution} ({QKD}) {Protocols}: {A} {Survey}},
	shorttitle = {Quantum {Key} {Distribution} ({QKD}) {Protocols}},
	doi = {10.1109/ICWT.2018.8527822},
	abstract = {The security strength of key distribution of most conventional cryptography is relied on mathematical complexity and the irrational time needed to break the algorithm. But it will be ineffective if the secret key distribution procedure is weak. In 1994 Peter Shor proposed an algorithm that can factorize great integer number efficiently by using principle of quantum computer, this algorithm poses a threat to some of the conventional cryptography. Recently, Quantum Key Distribution (QKD) is drawing much attention of researcher as a solution of that problem of key distribution. Theoretically, QKD have been proven can be provide unconditionally secure communication based on quantum mechanics laws. In this article we survey the QKD protocols. Also, we present a little experiment of some QKD protocols that we discussed on this paper.},
	booktitle = {2018 4th {International} {Conference} on {Wireless} and {Telematics} ({ICWT})},
	author = {Nurhadi, Ali Ibnun and Syambas, Nana Rachmana},
	month = jul,
	year = {2018},
	keywords = {Protocols, Photonics, Quantum mechanics, Security, Uncertainty, Polarization, Cows, QKD Protocols, Quantum Cryptography, Quantum Key Distribution},
	pages = {1--5},
}

@inproceedings{liu_multi-path_2019,
	title = {Multi-path based {Quasi}-real-time {Quantum} {Key} {Distribution} in {Software} {Defined} {Quantum} {Key} {Distribution} {Networks} ({SD}-{QKDN})},
	doi = {10.1109/ICOCN.2019.8934684},
	abstract = {We propose a multi-path based quasi-real-time quantum key distribution scheme in software defined quantum key distribution networks (SD-QKDN). Simulation results show the proposed scheme performs well in terms of service successful probability and secret-key utilization.},
	booktitle = {2019 18th {International} {Conference} on {Optical} {Communications} and {Networks} ({ICOCN})},
	author = {Liu, Xiang and Yu, Xiaosong and Zhao, Yongli and Zhou, Xiaotian and Xie, Shimulin and Li, Jincheng and Zhang, Jie},
	month = aug,
	year = {2019},
	keywords = {Quantum key distribution, Encryption, Optical fiber communication, Simulation, Indexes, quantum key distribution, quasi-real-time, multi -path, SD-QKDN},
	pages = {1--3},
}

@inproceedings{yu_study_2020,
	title = {Study on {Statistical} {Analysis} {Method} of {Decoy}-state {Quantum} {Key} {Distribution} with {Finite}-length {Data}},
	volume = {1},
	doi = {10.1109/ITNEC48623.2020.9084715},
	abstract = {In order to solve the statistical fluctuation problem caused by the finite data length in the practical quantum key distribution system, four commonly used statistical methods, DeMoivre-Laplace theorem, Chebyshev inequality, Chernoff boundary and Hoeffding boundary, are used to analyze. The application conditions of each method are discussed, and the effects of data length and confidence level on quantum key distribution security performance are simulated and analyzed. The simulation results show that the applicable conditions of Chernoff boundary are most consistent with the reality of the practical quantum key distribution system with finite-length data. Under the same experimental conditions, the secure key generation rate and secure transmission distance obtained by Chernoff boundary are better than those of the other three methods. When the data length and confidence level change, the stability of the security performance obtained by the Chernoff boundary is the best.},
	booktitle = {2020 {IEEE} 4th {Information} {Technology}, {Networking}, {Electronic} and {Automation} {Control} {Conference} ({ITNEC})},
	author = {Yu, Wei and Zhou, Yuanyuan and Zhou, Xuejun and Wang, Lei and Chen, Shang},
	month = jun,
	year = {2020},
	keywords = {Security, Statistical analysis, Fluctuations, Chebyshev approximation, Random variables, Photonics, Quantum key distribution, quantum key distribution, finite-length data, statistical analysis, security performance},
	pages = {2435--2440},
}

@inproceedings{park_research_2020,
	title = {Research on {Plug}-and-{Play} {Twin}-{Field} {Quantum} {Key} {Distribution}},
	doi = {10.1109/ICTC49870.2020.9289265},
	abstract = {In this paper, we have proposed a plug-and-play twin-field quantum key distribution scheme that has passive mode-matching characteristics of quantum signals and can be operated stably. Also, we have experimentally demonstrated the implementation feasibility of our proposed scheme.},
	booktitle = {2020 {International} {Conference} on {Information} and {Communication} {Technology} {Convergence} ({ICTC})},
	author = {Park, Chang Hoon and Ki Woo, Min and Park, Byung Kwon and Kim, Yong-Su and Kim, Sangin and Han, Sang-Wook},
	month = oct,
	year = {2020},
	note = {ISSN: 2162-1233},
	keywords = {Interference, Quantum key distribution, Information and communication technology, Convergence, plug-and-play, quantum key distribution, twin-field},
	pages = {890--893},
}

@article{ekert_quantum_1996,
	title = {Quantum computation and {Shor}'s factoring algorithm},
	volume = {68},
	issn = {0034-6861, 1539-0756},
	url = {https://link.aps.org/doi/10.1103/RevModPhys.68.733},
	doi = {10.1103/RevModPhys.68.733},
	language = {en},
	number = {3},
	urldate = {2021-04-27},
	journal = {Reviews of Modern Physics},
	author = {Ekert, Artur and Jozsa, Richard},
	month = jul,
	year = {1996},
	pages = {733--753},
}

@article{kak_three-stage_2006,
	title = {A {Three}-{Stage} {Quantum} {Cryptography} {Protocol}},
	volume = {19},
	issn = {0894-9875, 1572-9524},
	url = {http://link.springer.com/10.1007/s10702-006-0520-9},
	doi = {10.1007/s10702-006-0520-9},
	language = {en},
	number = {3},
	urldate = {2021-04-28},
	journal = {Foundations of Physics Letters},
	author = {Kak, Subhash},
	month = jun,
	year = {2006},
	pages = {293--296},
}

@inproceedings{mandal_multi-photon_2013,
	address = {Bangkok},
	title = {Multi-photon implementation of three-stage quantum cryptography protocol},
	isbn = {9781467357425 9781467357401 9781467357418},
	url = {http://ieeexplore.ieee.org/document/6496343/},
	doi = {10.1109/ICOIN.2013.6496343},
	urldate = {2021-04-28},
	booktitle = {The {International} {Conference} on {Information} {Networking} 2013 ({ICOIN})},
	publisher = {IEEE},
	author = {Mandal, S. and Macdonald, G. and El Rifai, Mayssaa and Punekar, N. and Zamani, F. and {Yuhua Chen} and Kak, S. and Verma, P. K. and Huck, R. C. and Sluss, J.},
	month = jan,
	year = {2013},
	pages = {6--11},
}

@inproceedings{parakh_correcting_2016,
	address = {Thessaloniki, Greece},
	title = {Correcting rotational errors in three stage {QKD}},
	isbn = {9781509019908},
	url = {http://ieeexplore.ieee.org/document/7500409/},
	doi = {10.1109/ICT.2016.7500409},
	urldate = {2021-04-28},
	booktitle = {2016 23rd {International} {Conference} on {Telecommunications} ({ICT})},
	publisher = {IEEE},
	author = {Parakh, Abhishek and van Brandwijk, Joel},
	month = may,
	year = {2016},
	pages = {1--5},
}

@misc{noauthor_quantum_nodate,
	title = {Quantum {Key} {Distribution}},
	url = {https://community.qiskit.org/textbook/ch-algorithms/quantum-key-distribution.html},
	abstract = {A university quantum algorithms/computation course supplement based on Qiskit},
	language = {en},
	urldate = {2021-04-30},
}

@misc{computer_security_division_post-quantum_2017,
	title = {Post-{Quantum} {Cryptography} {\textbar} {CSRC} {\textbar} {CSRC}},
	url = {https://csrc.nist.gov/projects/post-quantum-cryptography},
	abstract = {Round 3 Seminars Presentations \& Videos   NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.  Full details can be found in the Post-Quantum Cryptography Standardization page.    The Round 3 candidates were announced July 22, 2020.  NISTIR 8309, Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process is now available.  NIST has developed Guidelines for Submitting Tweaks for Third Round Finalists and Candidates.  Background  In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and...},
	language = {EN-US},
	urldate = {2021-05-01},
	journal = {CSRC {\textbar} NIST},
	author = {Computer Security Division, Information Technology Laboratory},
	month = jan,
	year = {2017},
}

@article{arute_quantum_2019,
	title = {Quantum supremacy using a programmable superconducting processor},
	volume = {574},
	issn = {0028-0836, 1476-4687},
	url = {http://www.nature.com/articles/s41586-019-1666-5},
	doi = {10.1038/s41586-019-1666-5},
	language = {en},
	number = {7779},
	urldate = {2021-05-01},
	journal = {Nature},
	author = {Arute, Frank and Arya, Kunal and Babbush, Ryan and Bacon, Dave and Bardin, Joseph C. and Barends, Rami and Biswas, Rupak and Boixo, Sergio and Brandao, Fernando G. S. L. and Buell, David A. and Burkett, Brian and Chen, Yu and Chen, Zijun and Chiaro, Ben and Collins, Roberto and Courtney, William and Dunsworth, Andrew and Farhi, Edward and Foxen, Brooks and Fowler, Austin and Gidney, Craig and Giustina, Marissa and Graff, Rob and Guerin, Keith and Habegger, Steve and Harrigan, Matthew P. and Hartmann, Michael J. and Ho, Alan and Hoffmann, Markus and Huang, Trent and Humble, Travis S. and Isakov, Sergei V. and Jeffrey, Evan and Jiang, Zhang and Kafri, Dvir and Kechedzhi, Kostyantyn and Kelly, Julian and Klimov, Paul V. and Knysh, Sergey and Korotkov, Alexander and Kostritsa, Fedor and Landhuis, David and Lindmark, Mike and Lucero, Erik and Lyakh, Dmitry and Mandrà, Salvatore and McClean, Jarrod R. and McEwen, Matthew and Megrant, Anthony and Mi, Xiao and Michielsen, Kristel and Mohseni, Masoud and Mutus, Josh and Naaman, Ofer and Neeley, Matthew and Neill, Charles and Niu, Murphy Yuezhen and Ostby, Eric and Petukhov, Andre and Platt, John C. and Quintana, Chris and Rieffel, Eleanor G. and Roushan, Pedram and Rubin, Nicholas C. and Sank, Daniel and Satzinger, Kevin J. and Smelyanskiy, Vadim and Sung, Kevin J. and Trevithick, Matthew D. and Vainsencher, Amit and Villalonga, Benjamin and White, Theodore and Yao, Z. Jamie and Yeh, Ping and Zalcman, Adam and Neven, Hartmut and Martinis, John M.},
	month = oct,
	year = {2019},
	pages = {505--510},
}

@misc{noauthor_ibms_2020,
	title = {{IBM}'s {Roadmap} {For} {Scaling} {Quantum} {Technology}},
	copyright = {© Copyright IBM Corp. 2021},
	url = {https://www.ibm.com/blogs/research/2020/09/ibm-quantum-roadmap/},
	abstract = {Our quantum roadmap is leading to increasingly larger and better chips, with a 1,000-qubit chip, IBM Quantum Condor, targeted for the end of 2023.},
	language = {en-US},
	urldate = {2021-05-01},
	journal = {IBM Research Blog},
	month = sep,
	year = {2020},
}

@book{shi_superconducting_2015,
	title = {Superconducting {Nanomaterials}},
	isbn = {9781455777549},
	url = {https://www.sciencedirect.com/science/article/pii/B9781455777549000081},
	abstract = {Superconductivity is an important physical property of materials that occur at the nanoscale. As one can imagine, the applications of achievable super…},
	language = {en},
	urldate = {2021-05-01},
	publisher = {William Andrew Publishing},
	author = {Shi, Donglu and Guo, Zizheng and Bedford, Nicholas},
	month = jan,
	year = {2015},
	doi = {10.1016/B978-1-4557-7754-9.00008-1},
}

@misc{noauthor_what_nodate,
	title = {What {Is} a {DoS} {Attack}?},
	url = {https://academy.binance.com/en/articles/what-is-a-dos-attack},
	abstract = {In short, a DoS attack - or Denial-of-Service attack - is a method used to disrupt legitimate users' access to a target network or web resource.},
	language = {en},
	urldate = {2021-05-01},
	journal = {Binance Academy},
}

@techreport{barker_guideline_2020,
	address = {Gaithersburg, MD},
	title = {Guideline for using cryptographic standards in the federal government:: cryptographic mechanisms},
	shorttitle = {Guideline for using cryptographic standards in the federal government},
	url = {https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175Br1.pdf},
	number = {NIST SP 800-175Br1},
	urldate = {2021-05-01},
	institution = {National Institute of Standards and Technology},
	author = {Barker, Elaine},
	month = mar,
	year = {2020},
	doi = {10.6028/NIST.SP.800-175Br1},
	pages = {NIST SP 800--175Br1},
}

@article{shor_polynomial-time_1997,
	title = {Polynomial-{Time} {Algorithms} for {Prime} {Factorization} and {Discrete} {Logarithms} on a {Quantum} {Computer}},
	volume = {26},
	issn = {0097-5397},
	url = {https://epubs.siam.org/doi/10.1137/S0097539795293172},
	doi = {10.1137/S0097539795293172},
	abstract = {A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.},
	number = {5},
	urldate = {2021-05-01},
	journal = {SIAM Journal on Computing},
	author = {Shor, Peter W.},
	month = oct,
	year = {1997},
	pages = {1484--1509},
}

@article{bernstein_quantum_1997,
	title = {Quantum {Complexity} {Theory}},
	volume = {26},
	issn = {0097-5397},
	url = {https://doi.org/10.1137/S0097539796300921},
	doi = {10.1137/S0097539796300921},
	abstract = {In this paper we study quantum computation from a complexity theoretic viewpoint. Our first result is the existence of an efficient universal quantum Turing machine in Deutsch's model of a quantum Turing machine (QTM) [Proc. Roy. Soc. London Ser. A, 400 (1985), pp. 97--117]. This construction is substantially more complicated than the corresponding construction for classical Turing machines (TMs); in fact, even simple primitives such as looping, branching, and composition are not straightforward in the context of quantum Turing machines. We establish how these familiar primitives can be implemented and introduce some new, purely quantum mechanical primitives, such as changing the computational basis and carrying out an arbitrary unitary transformation of polynomially bounded dimension. We also consider the precision to which the transition amplitudes of a quantum Turing machine need to be specified. We prove that \$O({\textbackslash}log T)\$ bits of precision suffice to support a \$T\$ step computation. This justifies the claim that the quantum Turing machine model should be regarded as a discrete model of computation and not an analog one. We give the first formal evidence that quantum Turing machines violate the modern (complexity theoretic) formulation of the Church--Turing thesis. We show the existence of a problem, relative to an oracle, that can be solved in polynomial time on a quantum Turing machine, but requires superpolynomial time on a bounded-error probabilistic Turing machine, and thus not in the class \${\textbackslash}BPP\$. The class \${\textbackslash}BQP\$ of languages that are efficiently decidable (with small error-probability) on a quantum Turing machine satisfies \${\textbackslash}BPP {\textbackslash}subseteq {\textbackslash}BQP {\textbackslash}subseteq {\textbackslash}Ptime{\textasciicircum}\{{\textbackslash}SP\}\$. Therefore, there is no possibility of giving a mathematical proof that quantum Turing machines are more powerful than classical probabilistic Turing machines (in the unrelativized setting) unless there is a major breakthrough in complexity theory.},
	number = {5},
	urldate = {2021-05-01},
	journal = {SIAM Journal on Computing},
	author = {Bernstein, Ethan and Vazirani, Umesh},
	month = oct,
	year = {1997},
	keywords = {quantum computation, reversibility, Fourier sampling, universal quantum Turing machine, quantum polynomial time, quantum Turing machines},
	pages = {1411--1473},
}

@article{mavroeidis_impact_2018,
	title = {The {Impact} of {Quantum} {Computing} on {Present} {Cryptography}},
	volume = {9},
	issn = {21565570, 2158107X},
	url = {http://thesai.org/Publications/ViewPaper?Volume=9&Issue=3&Code=ijacsa&SerialNo=54},
	doi = {10.14569/IJACSA.2018.090354},
	language = {en},
	number = {3},
	urldate = {2021-05-04},
	journal = {International Journal of Advanced Computer Science and Applications},
	author = {Mavroeidis, Vasileios and Vishi, Kamer and D., Mateusz and Jøsang, Audun},
	year = {2018},
}

@article{saeedi_room-temperature_2013,
	title = {Room-{Temperature} {Quantum} {Bit} {Storage} {Exceeding} 39 {Minutes} {Using} {Ionized} {Donors} in {Silicon}-28},
	volume = {342},
	issn = {0036-8075, 1095-9203},
	url = {https://www.sciencemag.org/lookup/doi/10.1126/science.1239584},
	doi = {10.1126/science.1239584},
	language = {en},
	number = {6160},
	urldate = {2021-05-05},
	journal = {Science},
	author = {Saeedi, K. and Simmons, S. and Salvail, J. Z. and Dluhy, P. and Riemann, H. and Abrosimov, N. V. and Becker, P. and Pohl, H.-J. and Morton, J. J. L. and Thewalt, M. L. W.},
	month = nov,
	year = {2013},
	pages = {830--833},
}

@article{zhong_optically_2015,
	title = {Optically addressable nuclear spins in a solid with a six-hour coherence time},
	volume = {517},
	issn = {0028-0836, 1476-4687},
	url = {http://www.nature.com/articles/nature14025},
	doi = {10.1038/nature14025},
	language = {en},
	number = {7533},
	urldate = {2021-05-05},
	journal = {Nature},
	author = {Zhong, Manjin and Hedges, Morgan P. and Ahlefeldt, Rose L. and Bartholomew, John G. and Beavan, Sarah E. and Wittig, Sven M. and Longdell, Jevon J. and Sellars, Matthew J.},
	month = jan,
	year = {2015},
	pages = {177--180},
}

@article{mavroeidis_impact_2018-1,
	title = {The {Impact} of {Quantum} {Computing} on {Present} {Cryptography}},
	volume = {9},
	issn = {21565570, 2158107X},
	url = {http://arxiv.org/abs/1804.00200},
	doi = {10.14569/IJACSA.2018.090354},
	abstract = {The aim of this paper is to elucidate the implications of quantum computing in present cryptography and to introduce the reader to basic post-quantum algorithms. In particular the reader can delve into the following subjects: present cryptographic schemes (symmetric and asymmetric), differences between quantum and classical computing, challenges in quantum computing, quantum algorithms (Shor's and Grover's), public key encryption schemes affected, symmetric schemes affected, the impact on hash functions, and post quantum cryptography. Specifically, the section of Post-Quantum Cryptography deals with different quantum key distribution methods and mathematicalbased solutions, such as the BB84 protocol, lattice-based cryptography, multivariate-based cryptography, hash-based signatures and code-based cryptography.},
	number = {3},
	urldate = {2021-05-06},
	journal = {International Journal of Advanced Computer Science and Applications},
	author = {Mavroeidis, Vasileios and Vishi, Kamer and Zych, Mateusz D. and Jøsang, Audun},
	year = {2018},
	note = {arXiv: 1804.00200},
	keywords = {Computer Science - Cryptography and Security, 81P94, 11T71, 94A60, 14G50},
}

@techreport{chatterjee_signcryption_2020,
	title = {Signcryption in a {Quantum} {World}},
	url = {https://eprint.iacr.org/2020/1388},
	abstract = {This work initiates a formal study of signcryption in the quantum setting. We start with formulating suitable security definitions for confidentiality and authenticity of signcryption both in insider and outsider models against quantum adversaries. We investigate the quantum security of generic constructions of signcryption schemes based on three paradigms, viz., encrypt-then-sign (EtS), sign-then-encrypt (StE) and commit-then-encrypt-and-sign (CtE\&S). In the insider model, we show that the quantum variants of the classical results hold in the quantum setting with an exception in the StE paradigm. However, in outsider model we need to consider an intermediate setting in which the adversary is given quantum access to unsigncryption oracle but classical access to signcryption oracle. In two-user outsider model, as in the classical setting, we show that post-quantum CPA security of the base encryption scheme is amplified in the EtS paradigm if the base signature scheme satisfies a stronger definition. We prove an analogous result in the StE paradigm. Interestingly, in the multi-user setting, our results strengthen the known classical results. Furthermore, our results for the EtS and StE paradigms in the two-user outsider model also extend to the setting of authenticated encryption. In this course, we point out a flaw in the proof of quantum security of authenticated encryption in the EtS paradigm given in a recent paper. We briefly discuss the difficulties in analyzing the full quantum security of signcryption in outsider model. Finally, we briefly discuss concrete instantiations in various paradigms utilising some available candidates of quantum secure encryption and signature schemes.},
	number = {1388},
	urldate = {2021-05-06},
	author = {Chatterjee, Sanjit and Pandit, Tapas and Puria, Shravan Kumar Parshuram and Shah, Akash},
	year = {2020},
	keywords = {public-key cryptography, Signcryption, Post-quantum cryptography, Quantum security},
}

@article{amiri_unconditionally_2015,
	title = {Unconditionally {Secure} {Quantum} {Signatures}},
	volume = {17},
	copyright = {http://creativecommons.org/licenses/by/3.0/},
	url = {https://www.mdpi.com/1099-4300/17/8/5635},
	doi = {10.3390/e17085635},
	abstract = {Signature schemes, proposed in 1976 by Diffie and Hellman, have become ubiquitous across modern communications. They allow for the exchange of messages from one sender to multiple recipients, with the guarantees that messages cannot be forged or tampered with and that messages also can be forwarded from one recipient to another without compromising their validity. Signatures are different from, but no less important than encryption, which ensures the privacy of a message. Commonly used signature protocols—signatures based on the Rivest–Adleman–Shamir (RSA) algorithm, the digital signature algorithm (DSA), and the elliptic curve digital signature algorithm (ECDSA)—are only computationally secure, similar to public key encryption methods. In fact, since these rely on the difficulty of finding discrete logarithms or factoring large primes, it is known that they will become completely insecure with the emergence of quantum computers. We may therefore see a shift towards signature protocols that will remain secure even in a post-quantum world. Ideally, such schemes would provide unconditional or information-theoretic security. In this paper, we aim to provide an accessible and comprehensive review of existing unconditionally securesecure signature schemes for signing classical messages, with a focus on unconditionally secure quantum signature schemes.},
	language = {en},
	number = {8},
	urldate = {2021-05-06},
	journal = {Entropy},
	author = {Amiri, Ryan and Andersson, Erika},
	month = aug,
	year = {2015},
	keywords = {quantum information, information-theoretic security, digital signatures},
	pages = {5635--5659},
}

@article{gottesman_quantum_2001,
	title = {Quantum {Digital} {Signatures}},
	url = {http://arxiv.org/abs/quant-ph/0105032},
	abstract = {We present a quantum digital signature scheme whose security is based on fundamental principles of quantum physics. It allows a sender (Alice) to sign a message in such a way that the signature can be validated by a number of different people, and all will agree either that the message came from Alice or that it has been tampered with. To accomplish this task, each recipient of the message must have a copy of Alice's "public key," which is a set of quantum states whose exact identity is known only to Alice. Quantum public keys are more difficult to deal with than classical public keys: for instance, only a limited number of copies can be in circulation, or the scheme becomes insecure. However, in exchange for this price, we achieve unconditionally secure digital signatures. Sending an m-bit message uses up O(m) quantum bits for each recipient of the public key. We briefly discuss how to securely distribute quantum public keys, and show the signature scheme is absolutely secure using one method of key distribution. The protocol provides a model for importing the ideas of classical public key cryptography into the quantum world.},
	urldate = {2021-05-07},
	journal = {arXiv:quant-ph/0105032},
	author = {Gottesman, Daniel and Chuang, Isaac},
	month = nov,
	year = {2001},
	note = {arXiv: quant-ph/0105032},
	keywords = {Quantum Physics},
}

@article{amiri_secure_2016,
	title = {Secure quantum signatures using insecure quantum channels},
	volume = {93},
	url = {https://link.aps.org/doi/10.1103/PhysRevA.93.032325},
	doi = {10.1103/PhysRevA.93.032325},
	abstract = {Digital signatures are widely used in modern communication to guarantee authenticity and transferability of messages. The security of currently used classical schemes relies on computational assumptions. We present a quantum signature scheme that does not require trusted quantum channels. We prove that it is unconditionally secure against the most general coherent attacks, and show that it requires the transmission of significantly fewer quantum states than previous schemes. We also show that the quantum channel noise threshold for our scheme is less strict than for distilling a secure key using quantum key distribution. This shows that “direct” quantum signature schemes can be preferable to signature schemes relying on secret shared keys generated using quantum key distribution.},
	number = {3},
	urldate = {2021-05-07},
	journal = {Physical Review A},
	author = {Amiri, Ryan and Wallden, Petros and Kent, Adrian and Andersson, Erika},
	month = mar,
	year = {2016},
	pages = {032325},
}