<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Hash Based Digital Signature Scheme with Integrated TRNG</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Maksim Iavich</string-name>
          <email>m.iavich@scsa.ge</email>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Avtandil Gagnidze</string-name>
          <email>gagnidzeavto@yahoo.com</email>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Giorgi Iashvili</string-name>
          <email>g.iashvili@scsa.ge</email>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Caucasus University</institution>
          ,
          <addr-line>Tbilisi</addr-line>
          ,
          <country country="GE">Georgia</country>
        </aff>
        <aff id="aff1">
          <label>1</label>
          <institution>Georia University</institution>
          ,
          <addr-line>Tbilisi</addr-line>
          ,
          <country country="GE">Georgia</country>
        </aff>
      </contrib-group>
      <fpage>79</fpage>
      <lpage>82</lpage>
      <abstract>
        <p>- The critical analysis of the existing hash based digital signature schemes and their improvements is done in the article. One of the improvements is integrating PRNG to Merkle crypto system. It is shown that integrating PRNG to Merke is not safe, because quantum computers are able to break PRNGs, that were considered safe against attacks implemented on classical computers.</p>
      </abstract>
      <kwd-group>
        <kwd>TRNG</kwd>
        <kwd>hash-based</kwd>
        <kwd>signature schemes</kwd>
        <kwd>quantum</kwd>
        <kwd>cryptography</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>-</title>
      <p>TRNG based on qubits behavior is offered in the article and
is offered to integrate this TRNG to Merkle. By means of the size
of the signature key is reduced.</p>
      <p>The principle of the crypto system is not changed, but only
TRNG is integrated. TRNG is completely safe; it is based on the
state of qubits, which are real random numbers. So the received
scheme is secure.</p>
    </sec>
    <sec id="sec-2">
      <title>I. INTRODUCTION</title>
      <p>Scientists and cyber security experts are actively working
on the development of quantum computers.</p>
      <p>Google Corporation, Universities Space Research
Association and federal agency NASA together with
DWAVE, the manufacturer of quantum processors began to
work on creation of quantum processors. D-Wave 2X is a
quantum processor that contains 2,048 physical qubits.
Usually 1152 qubits are used to perform calculations.</p>
      <p>Google is working on releasing the new CPU. Twenty
qubit processor is already undergoing tests, and the company
promises to have its working forty nine qubit chip ready by the
end of this year. Until it began trialing the twenty qubit chip,
Google’s most powerful quantum chip was the nine qubit
effort from 2015. Each additional qubit doubles the data
search area, so the calculation speed is significantly</p>
      <p>Quantum computers will be able to break most, if not
absolutely all conventional cryptosystems, that are widely
used in practice.</p>
      <p>
        So, traditional digital signature systems that are used
presently in practice are vulnerable to attacks implemented on
quantum computers. The security of these systems is based on
Copyright held by the author(s).
the problem of factoring large numbers and calculating
discrete logarithms. Some cryptosystems for example RSA
system with four thousand bit keys are considered useful to
protect information from attacks implemented on classical
computer, but are absolutely not protected against attacks
implemented using quantum computers [
        <xref ref-type="bibr" rid="ref1 ref2">1,2</xref>
        ].
      </p>
      <p>RSA cryptosystem is used in many products on different
platforms and in different areas. To date, this cryptosystem is
integrated into many commercial products, the number of
which is growing every day. RSA system is also widely used
in operating systems from Microsoft, Apple, Sun, and Novell.
In hardware performance RSA algorithm is used in secure
phones, Ethernet, network cards, smart cards, and is also
widely used in the cryptographic hardware. Along with this,
the algorithm is a part of the underlying protocols protected
Internet communications, including S / MIME, SSL and S /
WAN, and is also used in many organizations, for example,
government, banks, most corporations, public laboratories and
universities.</p>
      <p>RSA BSAFE encryption technology is used
approximately by 500 million users worldwide. Since in
encryption technology is mostly used the RSA algorithm, it
can be considered one of the most common public key
cryptosystems being developed together with the development
of the Internet.</p>
      <p>On this basis the RSA destruction will entail easy hacking
of most products that can grow into a complete chaos</p>
      <p>Active work is being conducted to create RSA alternatives,
which are protected from attacks by a quantum computer.</p>
      <p>
        Hash based digital signature schemes are considered as
one of the RSA alternatives. These schemes use a
cryptographic hash function. The security of these digital
signature schemes relies on the collision resistance of the hash
functions that they use [
        <xref ref-type="bibr" rid="ref3 ref4">3,4</xref>
        ]. Lamport–Diffie one-time
signature scheme Lamport–Diffie one-time signature scheme
is hash based digital signature scheme, and it is considered as
alternative for the post-quantum era.
      </p>
      <p>The signature key X of this system consists of 2n lines of
length n, and the lines are selected randomly.</p>
      <p>
        X= (xn-1[0], xn-1[
        <xref ref-type="bibr" rid="ref1">1</xref>
        ], …, x0[0], x0[
        <xref ref-type="bibr" rid="ref1">1</xref>
        ]) ∈ {0,1} n,2n (1)
Verification key Y of this system consists of 2n lines of length
n, and the lines are selected randomly.
      </p>
      <p>
        Y= (yn-1[0], yn-1[
        <xref ref-type="bibr" rid="ref1">1</xref>
        ], …, y0[0], y0[
        <xref ref-type="bibr" rid="ref1">1</xref>
        ]) ∈ {0,1} n,2n (2)
To calculate the key we use one way function f:
f: {0,1} n {0,1} n;
yi[j] = f(xi[j]), 0&lt;=i&lt;=n-1, j=0,1 (3)
      </p>
      <sec id="sec-2-1">
        <title>B. Document signature:</title>
        <p>
          Message m of arbitrary size, is transformed into size n by
means of the hash function:
h(m)=hash = (hashn-1, … , hash0) (4)
Function h is a cryptographic hash function:
h: {0,1} *{0,1} n
Signature occurs as follows:
sig= (xn-1[hash n-1], …, x0[hash0]) ∈ {0,1} n,n (5)
If the i-th bit in the message is equal to 0, i-th string in this
signature is assigned to xi[0]. If the i-th bit in the message
is equal to 1, i-th string in this signature is assigned to xi [
          <xref ref-type="bibr" rid="ref1">1</xref>
          ].
The length of the signature is n2.
        </p>
      </sec>
      <sec id="sec-2-2">
        <title>C. Signature verification</title>
        <p>For signature verification sig = (sign-1, …, sig0), the hash of
the message is calculated.
hash = (hashn-1, … , hash0) and the following equality must
be verified:
(f(sign-1), …, f(sig0)) = (yn-1[hashn-1], …, y0[hash0]) (6)
If it is true, then the signature is correct.</p>
      </sec>
      <sec id="sec-2-3">
        <title>D. Winternitz one time signature scheme.</title>
        <p>
          In Lamport one-time signature scheme, key generation and
signature generation are quite effective, the size of the
signature is very large as it is equal to n2. Winternitz one-time
signature scheme was proposed in order to decrease the
signature size. In Winternitz one-time signature scheme
several bits of the hashed message are signed simultaneously
with one string of the key, so the length of the signature is
reduced significantly [
          <xref ref-type="bibr" rid="ref5">5</xref>
          ].
        </p>
      </sec>
      <sec id="sec-2-4">
        <title>E. Keys generation</title>
        <p>The signature key X of this system consists of sn lines of
length n, and the lines are selected randomly.</p>
        <p>Winternitz parameter is selected w&gt; = 2, it must be equal to
the number of bits to be signed simultaneously.
s1=n/w and s2=(log2s1 +1+w)/w are calculated (7)
s= s1+ s2 (8)
X= (xs-1[0], …, x0) ∈ {0,1} n,s (9)</p>
      </sec>
    </sec>
    <sec id="sec-3">
      <title>Verification key is derived as following:</title>
      <p>Y= (ys-1[0], …, y0) ∈ {0,1} n,s, where (10)
yi=f2^w-1(xi), 0&lt;=i&lt;=s-1 (11)
The verification key and the signature are equal to ns bits.</p>
      <sec id="sec-3-1">
        <title>F. Document signature</title>
        <p>To sign the document, message must be hashed hash=h(m)
If length of hash is not devisable by w minimum number of
zeros are prepended to hash and it is divided into s1 parts of
length w.
hash=ks-1,…, ks-s1 (12)
the checksum is calculated:
с=∑i=s-s1s-1(2w-ki) (13)
as c&lt;= s12w, the length of its binary representation is
log2 s12w+1 (14)
If the length of representation is not devisable by w, the
minimum number of zeros must be prepended to this binary
representation and must be divided into s2 parts of length w.
с=ks2-1,…, k0 (15)
Finally, the signature of m is calculated:
sig=(f^ks-1(xs-1), …, f^k0(x0)) (16)
The size of the signature is sn.</p>
      </sec>
      <sec id="sec-3-2">
        <title>G. Signature verification</title>
        <p>bit strings ks-1,…, k0 are calculated to verify the signature
sig = (sign-1, …, sig0) (17)
The following equality is checked:
(f^(2w-1-ks-1))(sign-1), …, (f^(2w-1-k0))(sig0) = yn-1, … y0 (18)
If the signature is correct, then sigi =f^ki(xi) (19)
(f^(2w-1-ki))(sigi)= (f^(2w-1))(xi)=yi ; i=s-1,…, 0 (20)
The size of the signature in Winternitz one-time signature
scheme is significantly reduced ns&lt;n2, so the length of the key
is significantly reduced, because: ns&lt;n2&lt;2n2</p>
        <p>II. MERKLE CRYPTO-SYSTEM
To sign the message using one-time signature scheme,
different key pair must be used for every message. This is
very problematic, because it is very difficult to exchange big
number of keys.</p>
        <p>
          Merkle digital signature scheme is the solution for this
problem. The scheme uses a binary tree in order to replace a
large number of verification keys with one public key, that is
the root of this tree [
          <xref ref-type="bibr" rid="ref6 ref7">6,7</xref>
          ]. One-time signature scheme and a
cryptographic hash function are used in this system:
h:{0,1}*{0,1}n
The length of the tree is chosen as H&gt;=2, using one public
key 2H documents can be signed. 2H signature and
verification key pairs are generated; Xi, Yi, 0&lt;=i&lt;=2H. Xi is
the signature key, Yi is the verification key. h(Yi) are
calculated and they are used as the leaves of the tree. Each
tree node is a hash value of concatenation of its children.
a[
          <xref ref-type="bibr" rid="ref1">1,0</xref>
          ]=h(a[0,0] || a[
          <xref ref-type="bibr" rid="ref1">0,1</xref>
          ]) (21)
The root of the binary tree pub is the public key of the crypto
scheme. 2H pairs of one-time keys must be calculated in order to
generate the public key.
        </p>
      </sec>
      <sec id="sec-3-3">
        <title>B. Signature generation</title>
        <p>Message m of arbitrary size, is transformed into size n by
means of the hash function.
h (m) = hash, and is generated a one-time signature using
arbitrary one-time key Xarb, the document's signature will be the
concatenation of: one-time signature, one-time verification key
Yarb, index arb and all fraternal nodes authi in relation to Yarb.
Signature= (sig||arb|| Yarb||auth0,…,authH-1)
(22)</p>
      </sec>
      <sec id="sec-3-4">
        <title>C. Signature verification</title>
        <p>To verify the signature, the one-time signature of sig is verified
using Yarb, if it is true, all the nodes a [i, j] are calculated using
“authi”, index arb and Yarb. Finally, the root of the tree is
compared with public key, if they are equal, then the signature is
correct.</p>
      </sec>
    </sec>
    <sec id="sec-4">
      <title>III. PRNG INTEGRATION TO MERKLE</title>
      <p>2H pairs of one-time keys must be calculated in order to generate
the public key. Storing such a big number of key is problematic
in practice.</p>
      <p>
        To save the space, it was suggested to use the PRNG random
number generator in Merkle signature scheme [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. When using
PRNG, only the seed of the generator must be stored and it must
be used to generate one-time keys. In this case one-time keys
must be calculated twice. The must be calculated in key
generation stage and in the signature stage. PRNG uses as input
the seed of length n and outputs a new seed and a random number
of length n.
      </p>
      <p>PRNG : {0, 1}n: {0, 1}n x {0, 1}n</p>
      <sec id="sec-4-1">
        <title>A. Key generation using PRNG</title>
        <p>The seed seed0 of length n is chosen randomly, using seedi is
generated otsi, as following:
PRNG(seedi) = (otsi , seedi+1) 0 ≤ i &lt;2H (23)
otsi is changed each time when PRNG launches. For Xi key
calculation only seedi must be known.</p>
        <p>Signature and verification are performed in the same way as
in the standard version of Merkle crypto system.</p>
        <p>Quantum computers are able to break PRNG-s, that were
considered safe against attacks implemented on classical
computers. PRNG Blum-Micali turned out to be vulnerable
to polynomial quantum time attack. This PRNG is considered
safe from attacks implemented on standard computers. This
attack uses Grover algorithm along with the quantum discrete
logarithm, and can restore the values at the generator output
for this attack.</p>
        <p>These type of attacks represent a threat of cracking PRNGs,
that are used in many real-world crypto systems. Merkle
crypto system with built-in PRNG can be vulnerable to
attacks implemented on quantum computers. We suggest
using a true random number generator based on qubits,
TRNG.</p>
        <p>To construct this TRNG states and qubits must be considered.</p>
      </sec>
    </sec>
    <sec id="sec-5">
      <title>IV. QUANTUM TRNG</title>
      <p>
        Information in a quantum computer is encoded in quantum
bits or qubits. Like a bit, the qubit allows two eigenstates
(conditionally | 0&gt; and | 1&gt;), but unlike the bit, the qubit
admits a superposition of these states, which means that it is
more "informative" [
        <xref ref-type="bibr" rid="ref10 ref11 ref9">9-11</xref>
        ].
      </p>
      <p>In a system with one qubit, the quantum state of a qubit is
denoted by:
α|0&gt;+β |1&gt;
where α and β are complex numbers;
|α|2+ |β|2=1 (24)
|0&gt; - is the ground state of qubit
|1&gt;- is the excited state of qubit
This qubit is in the state |0&gt; with probability α2 and is in a state
|1&gt; with probability β2.</p>
      <p>When a qubit is measured, it gets into one of two states with
probability 1.</p>
      <p>
        In the system with two qubits the quantum state of two qubits
is denoted by:
α00|00&gt;+ α01 |01&gt;+ α10|10&gt;+ α11 |11&gt;
where αi are complex numbers;
∑| αi|2=1 (25)
These qubits are connected using Bell state [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ], in this case
the quantum state of these qubits is denoted by:
1/21/2|00&gt;+1/21/2|11&gt;
      </p>
    </sec>
    <sec id="sec-6">
      <title>When a given qubit is measured,</title>
      <p>it will be in a state |0&gt; with probability ½ and likewise in a
state |1&gt; also with probability ½.</p>
      <p>The second qubit is measured; it will be in the same state as
the first qubit when it was measured with probability 1.
When n qubits are measured the true number of size n is got.</p>
      <sec id="sec-6-1">
        <title>A. Key generation</title>
        <p>The tree height H&gt;=2 is chosen. 2H documents are signed
using one public key. A connection is established between
two qubits using Bell state. 2H pairs of such qubits are token
qubi and bi ; every qubi and bi consists of n qubits. 0&lt;=i&lt;=2H;
2H*n qubits qubi are measured and 2H signature keys are got
Xi and the verification keys Yi are calculated. h(Yi) are
calculated and are used as leaves of a tree.</p>
      </sec>
      <sec id="sec-6-2">
        <title>B. Signature and verification of the message</title>
        <p>Message m of arbitrary size, is transformed into size n by
means of the hash function.
h(m) = hash (26)
Arbitrary set, that contains n qubits is measured,
barb = qubarb=Xarb with probability equal to 1.</p>
        <p>One-time signature is generated using one-time signature key
Xarb, the document's signature will be the concatenation of
onetime signature, one-time verification key Yarb, index arb and all
fraternal nodes authi in relation to Yarb.</p>
        <p>Signature= (sig||arb|| Yarb||auth0,…,authH-1) (27)
Verification of the message occurs similarly to the standard
Merkle system.</p>
      </sec>
      <sec id="sec-6-3">
        <title>C. Security</title>
        <p>The principle of the crypto system is not changed, but only is
integrated TRNG, to reduce the size of the signature key.
TRNG is completely safe; it is based on the state of qubits,
which are real random numbers.</p>
        <p>So, the received scheme is absolutely secure.</p>
      </sec>
      <sec id="sec-6-4">
        <title>D. Conclusion</title>
        <p>2H pairs of one-time keys must be calculated in order to generate
the public key in Merkle crypto system. It is not efficient to store
these numbers of keys in practice. PRNG can be integrated to
Merkle in order to reduce this number. Quantum computers can
break PRNGs, that are used in many real-world crypto
systems. Merkle crypto system with built-in PRNG can be
vulnerable to attacks implemented on quantum computers.
TRNG that is offered in the paper can be integrated to Merkle.
In this case the system will be safe and the numbers of
onetime key will be reduced.</p>
      </sec>
    </sec>
    <sec id="sec-7">
      <title>ACKNOWLEDGEMENTS</title>
      <p>The Work Was Conducted as a Part of Research Grant of
Joint Project of Shota Rustaveli National Science Foundation
and Science &amp; Technology Center in Ukraine [№
STCU</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          [1]
          <string-name>
            <surname>Bernstein</surname>
            <given-names>D.J.</given-names>
          </string-name>
          (
          <year>2009</year>
          )
          <article-title>Introduction to post-quantum cryptography</article-title>
          . In: Bernstein D.J.,
          <string-name>
            <surname>Buchmann</surname>
            <given-names>J.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Dahmen</surname>
            <given-names>E</given-names>
          </string-name>
          . (eds) Post-Quantum Cryptography. Springer, Berlin, Heidelberg
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          [2]
          <string-name>
            <given-names>Avtandil</given-names>
            <surname>Gagnidze</surname>
          </string-name>
          , Maksim Iavich, Giorgi Iashvili,
          <string-name>
            <surname>SOME ASPECTS OF POST-QUANTUM</surname>
            <given-names>CRYPTOSYSTEMS</given-names>
          </string-name>
          ,
          <source>Eurasian Journal of Business and Management</source>
          ,
          <volume>5</volume>
          (
          <issue>1</issue>
          ),
          <year>2017</year>
          ,
          <fpage>16</fpage>
          -
          <lpage>20</lpage>
          DOI: 10.15604/ejbm.
          <year>2017</year>
          .
          <volume>05</volume>
          .01.002
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          [3]
          <string-name>
            <surname>Dods</surname>
            <given-names>C.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Smart</surname>
            <given-names>N.P.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Stam</surname>
            <given-names>M.</given-names>
          </string-name>
          (
          <year>2005</year>
          )
          <article-title>Hash Based Digital Signature Schemes</article-title>
          . In: Smart N.P. (eds) Cryptography and Coding.
          <source>Cryptography and Coding 2005. Lecture Notes in Computer Science</source>
          , vol
          <volume>3796</volume>
          . Springer, Berlin, Heidelberg
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          [4]
          <string-name>
            <surname>Dahmen</surname>
            <given-names>E.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Krauß</surname>
            <given-names>C.</given-names>
          </string-name>
          (
          <year>2009</year>
          )
          <article-title>Short Hash-Based Signatures for Wireless Sensor Networks</article-title>
          . In:
          <string-name>
            <surname>Garay</surname>
            <given-names>J.A.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Miyaji</surname>
            <given-names>A.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Otsuka</surname>
            <given-names>A</given-names>
          </string-name>
          . (
          <article-title>eds) Cryptology and Network Security</article-title>
          .
          <source>CANS 2009. Lecture Notes in Computer Science</source>
          , vol
          <volume>5888</volume>
          . Springer, Berlin, Heidelberg
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          [5]
          <string-name>
            <given-names>A.</given-names>
            <surname>Gagnidze</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Iavich</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N.</given-names>
            <surname>Inasaridze</surname>
          </string-name>
          ,
          <string-name>
            <surname>G.</surname>
          </string-name>
          <article-title>Iashvili Analysis of onetime signature schemes // Scientific &amp; practical cyber security journal (SPCSJ) № 1.[Electronic journal]</article-title>
          . URL: http://journal.scsa.ge/issues/2017/09/455
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          [6]
          <string-name>
            <surname>Szydlo</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          :
          <article-title>Merkle tree traversal in log space and time</article-title>
          . In: Cachin,
          <string-name>
            <given-names>C.</given-names>
            ,
            <surname>Camenisch</surname>
          </string-name>
          ,
          <string-name>
            <surname>J.L. (eds.) EUROCRYPT</surname>
          </string-name>
          <year>2004</year>
          .
          <article-title>LNCS</article-title>
          , vol.
          <volume>3027</volume>
          , pp.
          <fpage>541</fpage>
          -
          <lpage>554</lpage>
          . Springer, Heidelberg (
          <year>2004</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          [7]
          <string-name>
            <surname>Dods</surname>
            ,
            <given-names>C.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Smart</surname>
            ,
            <given-names>N.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Stam</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          :
          <article-title>Hash based digital signature schemes</article-title>
          . In: Smart,
          <string-name>
            <surname>N.P.</surname>
          </string-name>
          (ed.)
          <source>Cryptography and Coding</source>
          <year>2005</year>
          . LNCS, vol.
          <volume>3796</volume>
          , pp.
          <fpage>96</fpage>
          -
          <lpage>115</lpage>
          . Springer, Heidelberg (
          <year>2005</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          [8]
          <string-name>
            <surname>Buchmann</surname>
            <given-names>J.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>García</surname>
            <given-names>L.C.C.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Dahmen</surname>
            <given-names>E.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Döring</surname>
            <given-names>M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Klintsevich</surname>
            <given-names>E.</given-names>
          </string-name>
          (
          <year>2006</year>
          )
          <article-title>CMSS - An Improved Merkle Signature Scheme</article-title>
          . In: Barua R.,
          <string-name>
            <surname>Lange</surname>
            <given-names>T</given-names>
          </string-name>
          . (eds) Progress in Cryptology - INDOCRYPT
          <year>2006</year>
          .
          <source>INDOCRYPT 2006. Lecture Notes in Computer Science</source>
          , vol
          <volume>4329</volume>
          . Springer, Berlin, Heidelberg
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          [9]
          <string-name>
            <surname>Daniel</surname>
            <given-names>F. V.</given-names>
          </string-name>
          <string-name>
            <surname>James</surname>
            , Paul G. Kwiat,
            <given-names>William J</given-names>
          </string-name>
          .
          <string-name>
            <surname>Munro</surname>
            , and
            <given-names>Andrew G.</given-names>
          </string-name>
          <article-title>White Asymptotic Theory of Quantum Statistical Inference</article-title>
          .
          <source>February</source>
          <year>2005</year>
          ,
          <fpage>509</fpage>
          -
          <lpage>538</lpage>
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          [10]
          <string-name>
            <given-names>U.</given-names>
            <surname>Leonhardt</surname>
          </string-name>
          ,
          <article-title>Measuring the quantum state of light</article-title>
          (Cambridge University Press,
          <year>1997</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          [11]
          <string-name>
            <given-names>A. G.</given-names>
            <surname>White</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D. F. V.</given-names>
            <surname>James</surname>
          </string-name>
          ,
          <string-name>
            <given-names>W. J.</given-names>
            <surname>Munro</surname>
          </string-name>
          and
          <string-name>
            <given-names>P. G.</given-names>
            <surname>Kwiat</surname>
          </string-name>
          , “
          <article-title>Exploring Hilbert Space: accurate characterization of quantum information</article-title>
          ,” submitted to Science (
          <year>2001</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          [12]
          <string-name>
            <surname>Deng</surname>
            ,
            <given-names>FG.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Li</surname>
            ,
            <given-names>XH.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Li</surname>
            ,
            <given-names>CY.</given-names>
          </string-name>
          et al.,
          <article-title>Quantum state sharing of an arbitrary two-qubit state with two-photon entanglements and Bell-state measurements</article-title>
          ,
          <source>PHYSICAL JOURNAL D,</source>
          (
          <year>2006</year>
          )
          <volume>39</volume>
          :
          <fpage>459</fpage>
          . https://doi.org/10.1140/epjd/e2006-00124-1
        </mixed-citation>
      </ref>
      <ref id="ref13">
        <mixed-citation>
          [13]
          <string-name>
            <surname>Wozniak</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Polap</surname>
            ,
            <given-names>D.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Borowik</surname>
            ,
            <given-names>G.</given-names>
          </string-name>
          and
          <string-name>
            <surname>Napoli</surname>
            ,
            <given-names>C.</given-names>
          </string-name>
          , “
          <article-title>A first attempt to cloud-based user verification in distributed system</article-title>
          .
          <source>” in Asia-Pacific Conference on Computer Aided System Engineering (APCASE)</source>
          ,
          <year>2015</year>
          , pp.
          <fpage>226</fpage>
          -
          <lpage>231</lpage>
          .
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>