AN INVESTIGATION OF THE UNTAPPED POTENTIAL OF DIGITAL LENDING THROUGH THE INFLUENCE OF QUANTUM COMPUTING

Abstract

The advent of digital disruption in lending has yielded many advantages for both borrowers and lenders. Simultaneously, it has also generated apprehensions over regulation and risks. Like conventional lending, digital lending should possess qualities such as user-friendliness, distinctiveness, resistance to tampering, and being untraceable. However, it is vital for it to possess the capability to endure assaults from digital adversaries and safeguard against breaches of data. Contemporary technologies substitutes clients' sensitive information with randomised tokens and guarantees the distinctiveness of payments by employing a cryptographic function called a cryptogram. Nevertheless, attacks utilising substantial computational resources undermine the security of these functions. Quantum technology can offer safeguards against the limitless computational capabilities. This work showcases the capacity of quantum light to augment the security of common digital lending systems by generating quantum cryptograms that are virtually impervious to counterfeiting. Our technique is distinct from previous protocols in that it is not contingent upon the presence of reliable agents and authenticated channels, nor does it rely on long-term quantum storage. Given the current level of technology, this is not only possible, but it also has the ability to bring in a new era of security that is enhanced by quantum capabilities.

Specification

Description:The initial part of the process involves the provision of a one-of-a-kind identifying token, which is symbolised by the letter C. This token is then kept in a safe manner on the devices belonging to both the Client and TTP. The information that is held on the Client's device may include a virtual credit card or an electronic wallet that is kept on a smartphone, watch, or other similar devices.
In case the borrower desires to obtain a loan from a certain Lender Li, it is of the utmost importance to make certain that dishonest organisations, such as lenders who are not dependable, are unable to lend money in the name of the Client at a different location or at a different time. There is a single-use payment token, designated by the letter P, that is issued to the Client by the Lender or the Trusted Third Party (TTP). A cryptogram is the result of a function that includes the Client's secret token C, the Lender's public ID Li, and the one-time payment token P. This token is used to generate a cryptogram, which is the output of the function. The function is producing the result, which is the cryptogram that is being computed. It cannot be overstated how important it is to emphasise that the Lender identification, also known as Li, must be genuine and trustworthy in order to be regarded valid. It is highly recommended to obtain information from a trustworthy source, such as a Public Key Infrastructure or a localised maintained database that is pre-shared and inaccessible to unauthorised individuals. The message that is encrypted, which is denoted by the symbol κ (C, Li, P), is sent to the Lender. In order to authenticate the borrower, the lender then transmits the information to the Trusted Third Party (TTP). As a result of the fact that it is in possession of the pertinent information connected with all three inputs, which are C, Li, and P, the TTP is able to validate the encryption key and validate that the cryptogram is original. This can be done since the TTP is enabled to validate the encryption key.
In practical situations, the term "cryptogram" typically refers to the output of a cryptographic hashing or encrypting operation that possesses a high level of computational security. Nevertheless, this would make it possible for a malicious entity that possessed a large amount of computing power to conduct a comprehensive examination of every conceivable combination of C, P, and Li as input until they were able to effectively identify the particular combination that matches to the initial cryptogram without any problems. Under those conditions, the client's identification and the information about their borrowing are completely exposed.
Quantum advantage
Previous quantum-digital signature schemes have demonstrated the ability to provide i.t. security when considering these attacks exclusively. On the other hand, in order for QKD systems to function properly, it is typically required that QKD channels and conventional authentication be created between all three parties involved. This study presents a quantum-based technique that makes use of a single Quantum Key Distribution (QKD) for the initial phase of linking the Client and Trusted Third Party (TTP).
Step 1: Quantum lending is a variation of classical digital lending where the conventional loan token P is substituted by a sequence ∣P⟩ of quantum states. In other words, the notation κ (C, Li, P) is modified to κ (C, Li, ∣P⟩).
Step 2: The TTP is responsible for the generation of a bitstring, which is indicated as b, and a conjugate basis-string, which is designated as B, both of which are created randomly and have a length of λ. An encoded quantum state is formed in Bj, where j is a member of the set of integers ranging from 1 to λ. Each bit bj is encoded onto this quantum state. The TTP stores the classical description (b, B) of the quantum token ∣P⟩ under the Client's ID CID. This description is maintained in the TTP. For instance, if the value of λ is 4, and the basis Bj belongs to the set {+/-; 0/1}, such that the value of (b, B) is (0101, 0011), then the term "∣P⟩" would be represented as "∣+⟩∣-⟩∣0⟩∣1⟩". There are two elements that determine the duration of λ, and they are the predicted likelihood of an assault and the number of lenders that are accessible.
Step 3: After receiving ∣P⟩, the Client selects the Lender Li from a database that was securely provided in advance with the Trusted Third Party (TTP). Afterwards, they compute li = MAC(C, Li), where li represents the output tag of a Message Authentication Code (MAC) that is i.t.-secure. The secret token C and the public ID Li of the chosen Lender are the inputs that this MAC function relies on. "mi" is considered by the user to be a fundamental string, and the user privately evaluates the whole sequence ∣P⟩ in accordance with li. It is the accumulation of the outcomes of the measurements that makes up the cryptogram.
Step 4: The Client transmits κi and their ID CID to the lender, who then sends this information, together with its Li, as {κi, Li, CID}, to the TTP for authentication.
Step 5: In order to provide permission for borrowing, the Trusted Third Party (TTP) retrieves information about C and (b,B), and computes li by applying the Message Authentication Code (MAC) function to C and Li, which represents the Client's ID. The TTP approves the transaction only if (κi)j is equal to bj when (li)j is equal to Bj. The TTP refuses any other options.
The protocol's security depends on the highest likelihood of successfully producing two distinct and valid cryptograms κi and κj for two different Lenders Li and Lj. This is referred to as pd in the subsequent two sections. Another potential method of attack involves the creation of a counterfeit output tag, resulting in the equation MAC(C, Li) = MAC(C, Lj) ⇔ li = lj ⇔ κi = κj. This probability is referred to as pt.
It is true that the equation pt = 1/∣l∣ = ∣L∣/∣C∣ = 1/ √∣C∣ holds true in an information technology (IT) environment that is secure. In this context, the symbols ∣l∣, ∣L∣, and ∣C∣ are used to denote the cardinality of the MAC, the Lender ID, and the secret token of the Client, respectively. In this case, we are going to make the assumption that the absolute value of l is equivalent to the absolute value of L, which is equivalent to the square root of the absolute value of C.
For the sake of consistency, we select pd and pt to have about the same magnitude, specifically pd ≈ pt = 1= √∣C∣. As a consequence of this, the number N of quantum states that are necessary to validate a single bit of the cryptogram will be determined. According to the logarithm of the size of the message, which is indicated as log2(∣m∣), the bit length of every MAC is defined by the logarithm of base 2. The entire length of the quantum token may be determined by analysing the equation λ = N.log2(∣l∣) = N log2(√∣C∣). It is possible to integrate as an input to the MAC function any supplemental parameter that is required to be included in the transaction. For example, the payment amount is one example of such a parameter.
Similar to how Quantum Key Distribution (QKD) ensures information security for key exchanges like (Diffie & Hellman, 1976), Our technique ensures the confidentiality of information by utilising cryptograms that can only be used a single time. The irreversible nature of quantum measurements ensures that the commitment to Mi is never broken, while the i.t. secure Messages Authentication Code (MAC) ensures that the concealment of C is protected. It is essential to note that the quantum bit commitment's impossibility theory does not limit our quantum commitment, this allows for the possibility that one of both parties may purposefully delay their quantum measurements. This is due to the fact that our protocol is based on the presumption that one of the parties involved, who is referred to as the Trusted Third Party (TTP), is trustworthy and behaves in an honest manner.
In two distinct ways, our technique is distinct from the QKD approaches that are commonly used. To begin, the selection of the measurement foundation utilises determinism rather than randomness as the underlying principle. An effective association between the purchase and a particular Client token and Lender is established during this phase. As an additional benefit, the measurement bases are always concealed, which offers the intriguing advantage of concealing the name of the Lender that the Client has selected until verification is necessary.
Loss-contingent security
While the theoretical rules of quantum physics provide the security of commitment, actual settings need careful consideration of specific factors.
Certain quantum states will deviate from their ideal classical descriptions on account of the inherent defects of actual devices, such as faulty state preparation, noisy quantum channels, and non-unit detecting efficacy. Additionally, certain quantum states will be lost along the process. It is possible that specific components in step 5 will be different, despite the fact that they will be evaluated using the same criteria. (i.e., (κi)j ≠ bj when (li)j = Bj). Consequently, the protocol would terminate prematurely, even if it was executed faithfully. It is necessary to account for mistakes and losses throughout the verification stage. Consequently, a malevolent entity can take use of this newly granted permission to bypass the obligation or duplicate the cryptogram's spending.
Consider, for example, the possibility that the TTP is able to sustain a loss of up to fifty percent. To generate two tokens that have been successfully committed, a malicious client may thereafter measure fifty percent of the quantum token ∣P⟩ in the M0 basis and the remaining fifty percent in the M1 basis. This results in the generation of two tokens. Despite the fact that double-spending is conceivable with a loss rate of fifty percent that is authorised, we used semidefinite programming to determine the exact mistake and loss rate combinations that may still be recognised in an attack. This was done in spite of the fact that the loss rate was permitted. When seen from a more intuitive perspective, the process of derivation involves searching for the cheating strategy that minimises the amount of new errors and losses that are introduced into the protocol by the malevolent party. It should be brought to your attention that, to the best of our knowledge, past implementations of quantum tokens did not take into consideration attacks of such a high intensity that are dependent on loss.
, Claims:We claim the concept of a hybrid model for a comprehensive digital lending platform that incorporates Quantum computing which aims to enable lenders and financial institutions to automate processes, lower expenses, enhance customer experience, implement efficient risk management, and provide personalised products and services based on customer preferences, behaviour, and creditworthiness.

Documents