Digital signatures are widely used in electronic communications to secure
important tasks such as financial transactions, software updates, and legal
contracts. The signature schemes that are in use today are based on public-key
cryptography and derive their security from computational assumptions. However,
it is possible to construct unconditionally secure signature protocols. In
particular, using quantum communication, it is possible to construct signature
schemes with security based on fundamental principles of quantum mechanics.
Several quantum signature protocols have been proposed, but none of them has
been explicitly generalized to more than three participants, and their security
goals have not been formally defined. Here, we first extend the security
definitions of Swanson and Stinson (2011) so that they can apply also to the
quantum case, and introduce a formal definition of transferability based on
different verification levels. We then prove several properties that multiparty
signature protocols with information-theoretic security -- quantum or classical
-- must satisfy in order to achieve their security goals. We also express two
existing quantum signature protocols with three parties in the security
framework we have introduced. Finally, we generalize a quantum signature
protocol given in Wallden-Dunjko-Kent-Andersson (2015) to the multiparty case,
proving its security against forging, repudiation and non-transferability.
Notably, this protocol can be implemented using any point-to-point quantum key
distribution network and therefore is ready to be experimentally demonstrated.Comment: 22 pages, 4 figure