Experimental quantum e-commerce

Abstract

E-commerce, a type of trading that occurs at a high frequency on the internet, requires guaranteeing the integrity, authentication, and nonrepudiation of messages through long distance. As current e-commerce schemes are vulnerable to computational attacks, quantum cryptography, ensuring information-theoretic security against adversary's repudiation and forgery, provides a solution to this problem. However, quantum solutions generally have much lower performance compared to classical ones. Besides, when considering imperfect devices, the performance of quantum schemes exhibits a notable decline. Here, we demonstrate the whole e-commerce process of involving the signing of a contract and payment among three parties by proposing a quantum e-commerce scheme, which shows resistance of attacks from imperfect devices. Results show that with a maximum attenuation of 25 dB among participants, our scheme can achieve a signature rate of 0.82 times per second for an agreement size of approximately 0.428 megabit. This proposed scheme presents a promising solution for providing information-theoretic security for e-commerce.

Fig. 1.. Illustrations depicting the process and network of quantum e-commerce.

(A) Illustration of the process of quantum e-commerce. We consider the three-party scenario where Client buys a product from Merchant. TP is introduced as an arbiter to prevent either Merchant or Client from cheating. Merchant shares two sequences of coherent quantum states with Clinet and TP, respectively. Merchant then generates the contract with all information of the e-commerce and obtains a signature through a hash function and keys distilled by his sequences. Thereafter, Merchant sends the contract and signature to Client. Client, if agreeing with the contract, will send the contract, signature, and keys distilled by his consequence to TP. TP will then send keys distilled by his own sequence back to Client. Both Client and TP independently verify the signature through their own and received keys by hash functions. Client will pay the money to TP if he verifies the signature. TP will transfer the money to Merchant if he also passes the signature. (B) Flow chart of the protocol. Details of the procedure are explained in the protocol description step by step. (C) Diagram of users in quantum networks.

Fig. 2.. Experimental setup of KGP between Merchant and Client₂.

Here, we take KGP between Merchant and Client₂ as an example. The pulses are generated by a pulsed laser with an extincation ratio of over 30 dB and then split into two pulse sequences with a 50:50 BS. The pulses entering the loop are subjected to modulation by the phase modulator (PM) operated by either Merchant or Client. Monitor module consists of a dense wavelength division multiplexing (DWDM), a BS, and a photon detector (PD). After phase modulation, these two pulses interfere in the Eve’s BS and are detected by two superconducting nanowire single-photon detectors D₁ and D₂. Both the connections between Merchant and Eve and Client and Eve involve 2 km of optical fiber, and the total attenuation is 20 dB, achieved through VOA. Besides, there is an insertion of 1 km of optical fiber between Merchant and Client₂. Cir, circulator; PC, polarization controller.

Fig. 3.. Results of demonstration.

(A) Signature rate R under different losses. The total number of pulses sent is 10¹⁰. (B) The relationship between security level and different sizes of files with a key of the same length. The boundary line represents the scenario where the generation rate of keys per second is sufficient to sign a 0.428-Mb file at a security level of 5 × 10⁻¹⁰ 10 times with the same error rate under a 20-dB attenuation. In our implementation, a 0.428-Mb document can be signed 11.83 times while maintaining the 5 × 10⁻¹⁰ security level. Furthermore, with the keys generated within 1 s, a document of 0.102-terabit can be signed 10 times at a security level of 4 × 10⁻¹⁰ (ϵ_rob = 4 × 10⁻¹⁰).