2,618 research outputs found
Pseudorandom States, Non-Cloning Theorems and Quantum Money
We propose the concept of pseudorandom states and study their constructions,
properties, and applications. Under the assumption that quantum-secure one-way
functions exist, we present concrete and efficient constructions of
pseudorandom states. The non-cloning theorem plays a central role in our
study---it motivates the proper definition and characterizes one of the
important properties of pseudorandom quantum states. Namely, there is no
efficient quantum algorithm that can create more copies of the state from a
given number of pseudorandom states. As the main application, we prove that any
family of pseudorandom states naturally gives rise to a private-key quantum
money scheme.Comment: 20 page
Using Simon's Algorithm to Attack Symmetric-Key Cryptographic Primitives
We present new connections between quantum information and the field of
classical cryptography. In particular, we provide examples where Simon's
algorithm can be used to show insecurity of commonly used cryptographic
symmetric-key primitives. Specifically, these examples consist of a quantum
distinguisher for the 3-round Feistel network and a forgery attack on CBC-MAC
which forges a tag for a chosen-prefix message querying only other messages (of
the same length). We assume that an adversary has quantum-oracle access to the
respective classical primitives. Similar results have been achieved recently in
independent work by Kaplan et al. Our findings shed new light on the
post-quantum security of cryptographic schemes and underline that classical
security proofs of cryptographic constructions need to be revisited in light of
quantum attackers.Comment: 14 pages, 2 figures. v3: final polished version, more formal
definitions adde
Universal Test for Quantum One-Way Permutations
The next bit test was introduced by Blum and Micali and proved by Yao to be a
universal test for cryptographic pseudorandom generators. On the other hand, no
universal test for the cryptographic one-wayness of functions (or permutations)
is known, though the existence of cryptographic pseudorandom generators is
equivalent to that of cryptographic one-way functions. In the quantum
computation model, Kashefi, Nishimura and Vedral gave a sufficient condition of
(cryptographic) quantum one-way permutations and conjectured that the condition
would be necessary. In this paper, we affirmatively settle their conjecture and
complete a necessary and sufficient for quantum one-way permutations. The
necessary and sufficient condition can be regarded as a universal test for
quantum one-way permutations, since the condition is described as a collection
of stepwise tests similar to the next bit test for pseudorandom generators.Comment: 12 pages, 3 figures. The previous version included some error. This
is a corrected version. Fortunately, the proof is simplified and results are
improve
Bloom Filters in Adversarial Environments
Many efficient data structures use randomness, allowing them to improve upon
deterministic ones. Usually, their efficiency and correctness are analyzed
using probabilistic tools under the assumption that the inputs and queries are
independent of the internal randomness of the data structure. In this work, we
consider data structures in a more robust model, which we call the adversarial
model. Roughly speaking, this model allows an adversary to choose inputs and
queries adaptively according to previous responses. Specifically, we consider a
data structure known as "Bloom filter" and prove a tight connection between
Bloom filters in this model and cryptography.
A Bloom filter represents a set of elements approximately, by using fewer
bits than a precise representation. The price for succinctness is allowing some
errors: for any it should always answer `Yes', and for any it should answer `Yes' only with small probability.
In the adversarial model, we consider both efficient adversaries (that run in
polynomial time) and computationally unbounded adversaries that are only
bounded in the number of queries they can make. For computationally bounded
adversaries, we show that non-trivial (memory-wise) Bloom filters exist if and
only if one-way functions exist. For unbounded adversaries we show that there
exists a Bloom filter for sets of size and error , that is
secure against queries and uses only
bits of memory. In comparison, is the best
possible under a non-adaptive adversary
Guaranteeing the diversity of number generators
A major problem in using iterative number generators of the form
x_i=f(x_{i-1}) is that they can enter unexpectedly short cycles. This is hard
to analyze when the generator is designed, hard to detect in real time when the
generator is used, and can have devastating cryptanalytic implications. In this
paper we define a measure of security, called_sequence_diversity_, which
generalizes the notion of cycle-length for non-iterative generators. We then
introduce the class of counter assisted generators, and show how to turn any
iterative generator (even a bad one designed or seeded by an adversary) into a
counter assisted generator with a provably high diversity, without reducing the
quality of generators which are already cryptographically strong.Comment: Small update
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
- …