1,543 research outputs found
How to Convert a Flavor of Quantum Bit Commitment
In this paper we show how to convert a statistically bindingbut computationally concealing quantum bit commitment scheme into a computationally binding but statistically concealing scheme. For a security parameter n, the construction of the statistically concealing scheme requires O(n^2) executions of the statistically binding scheme. As a consequence, statistically concealing but computationally binding quantum bit commitments can be based upon any family of quantum one-way functions. Such a construction is not known to exist in the classical world
From the Hardness of Detecting Superpositions to Cryptography: Quantum Public Key Encryption and Commitments
Recently, Aaronson et al. (arXiv:2009.07450) showed that detecting
interference between two orthogonal states is as hard as swapping these states.
While their original motivation was from quantum gravity, we show its
applications in quantum cryptography.
1. We construct the first public key encryption scheme from cryptographic
\emph{non-abelian} group actions. Interestingly, the ciphertexts of our scheme
are quantum even if messages are classical. This resolves an open question
posed by Ji et al. (TCC '19). We construct the scheme through a new abstraction
called swap-trapdoor function pairs, which may be of independent interest.
2. We give a simple and efficient compiler that converts the flavor of
quantum bit commitments. More precisely, for any prefix X,Y
{computationally,statistically,perfectly}, if the base scheme is X-hiding and
Y-binding, then the resulting scheme is Y-hiding and X-binding. Our compiler
calls the base scheme only once. Previously, all known compilers call the base
schemes polynomially many times (Cr\'epeau et al., Eurocrypt '01 and Yan,
Asiacrypt '22). For the security proof of the conversion, we generalize the
result of Aaronson et al. by considering quantum auxiliary inputs.Comment: 51 page
Computational Indistinguishability between Quantum States and Its Cryptographic Application
We introduce a computational problem of distinguishing between two specific
quantum states as a new cryptographic problem to design a quantum cryptographic
scheme that is "secure" against any polynomial-time quantum adversary. Our
problem, QSCDff, is to distinguish between two types of random coset states
with a hidden permutation over the symmetric group of finite degree. This
naturally generalizes the commonly-used distinction problem between two
probability distributions in computational cryptography. As our major
contribution, we show that QSCDff has three properties of cryptographic
interest: (i) QSCDff has a trapdoor; (ii) the average-case hardness of QSCDff
coincides with its worst-case hardness; and (iii) QSCDff is computationally at
least as hard as the graph automorphism problem in the worst case. These
cryptographic properties enable us to construct a quantum public-key
cryptosystem, which is likely to withstand any chosen plaintext attack of a
polynomial-time quantum adversary. We further discuss a generalization of
QSCDff, called QSCDcyc, and introduce a multi-bit encryption scheme that relies
on similar cryptographic properties of QSCDcyc.Comment: 24 pages, 2 figures. We improved presentation, and added more detail
proofs and follow-up of recent wor
How to Base Security on the Perfect/Statistical Binding Property of Quantum Bit Commitment?
The concept of quantum bit commitment was introduced in the early 1980s for the purpose of basing bit commitments solely on principles of quantum theory. Unfortunately, such unconditional quantum bit commitments still turn out to be impossible. As a compromise like in classical cryptography, Dumais et al. [Paul Dumais et al., 2000] introduce the conditional quantum bit commitments that additionally rely on complexity assumptions. However, in contrast to classical bit commitments which are widely used in classical cryptography, up until now there is relatively little work towards studying the application of quantum bit commitments in quantum cryptography. This may be partly due to the well-known weakness of the general quantum binding that comes from the possible superposition attack of the sender of quantum commitments, making it unclear whether quantum commitments could be useful in quantum cryptography.
In this work, following Yan et al. [Jun Yan et al., 2015] we continue studying using (canonical non-interactive) perfectly/statistically-binding quantum bit commitments as the drop-in replacement of classical bit commitments in some well-known constructions. Specifically, we show that the (quantum) security can still be established for zero-knowledge proof, oblivious transfer, and proof-of-knowledge. In spite of this, we stress that the corresponding security analyses are by no means trivial extensions of their classical analyses; new techniques are needed to handle possible superposition attacks by the cheating sender of quantum bit commitments.
Since (canonical non-interactive) statistically-binding quantum bit commitments can be constructed from quantum-secure one-way functions, we hope using them (as opposed to classical commitments) in cryptographic constructions can reduce the round complexity and weaken the complexity assumption simultaneously
Computational Collapse of Quantum State with Application to Oblivious Transfer
Quantum 2-party cryptography differs from its classical counterpart in at least one important way: Given black-box access to a perfect commitment scheme there exists a secure 1-2 quantum oblivious transfer. This reduction proposed by Crépeau and Kilian was proved secure against any receiver by Yao, in the case where perfect commitments are used. However, quantum commitments would normally be based on computational assumptions. A natural question therefore arises: What happens to the security of the above reduction when computationally secure commitments are used instead of perfect ones? In this paper, we address the security of 1-2 QOT when computationally binding string commitments are available. In particular, we analyse the security of a primitive called Quantum Measurement Commitment when it is constructed from unconditionally concealing but computationally binding commitments. As measuring a quantum state induces an irreversible collapse, we describe a QMC as an instance of ``computational collapse of a quantum state''. In a QMC a state appears to be collapsed to a polynomial time observer who cannot extract full information about the state without breaking a computational assumption. We reduce the security of QMC to a weak binding criteria for the string commitment. We also show that secure QMCs implies QOT using a straightforward variant of the reduction above
Statistical Zero Knowledge and quantum one-way functions
One-way functions are a very important notion in the field of classical
cryptography. Most examples of such functions, including factoring, discrete
log or the RSA function, can be, however, inverted with the help of a quantum
computer. In this paper, we study one-way functions that are hard to invert
even by a quantum adversary and describe a set of problems which are good such
candidates. These problems include Graph Non-Isomorphism, approximate Closest
Lattice Vector and Group Non-Membership. More generally, we show that any hard
instance of Circuit Quantum Sampling gives rise to a quantum one-way function.
By the work of Aharonov and Ta-Shma, this implies that any language in
Statistical Zero Knowledge which is hard-on-average for quantum computers,
leads to a quantum one-way function. Moreover, extending the result of
Impagliazzo and Luby to the quantum setting, we prove that quantum
distributionally one-way functions are equivalent to quantum one-way functions.
Last, we explore the connections between quantum one-way functions and the
complexity class QMA and show that, similarly to the classical case, if any of
the above candidate problems is QMA-complete then the existence of quantum
one-way functions leads to the separation of QMA and AvgBQP.Comment: 20 pages; Computational Complexity, Cryptography and Quantum Physics;
Published version, main results unchanged, presentation improve
On the Computational Hardness Needed for Quantum Cryptography
In the classical model of computation, it is well established that one-way functions (OWF) are minimal for computational cryptography: They are essential for almost any cryptographic application that cannot be realized with respect to computationally unbounded adversaries. In the quantum setting, however, OWFs appear not to be essential (Kretschmer 2021; Ananth et al., Morimae and Yamakawa 2022), and the question of whether such a minimal primitive exists remains open.
We consider EFI pairs - efficiently samplable, statistically far but computationally indistinguishable pairs of (mixed) quantum states. Building on the work of Yan (2022), which shows equivalence between EFI pairs and statistical commitment schemes, we show that EFI pairs are necessary for a large class of quantum-cryptographic applications. Specifically, we construct EFI pairs from minimalistic versions of commitments schemes, oblivious transfer, and general secure multiparty computation, as well as from QCZK proofs from essentially any non-trivial language. We also construct quantum computational zero knowledge (QCZK) proofs for all of QIP from any EFI pair.
This suggests that, for much of quantum cryptography, EFI pairs play a similar role to that played by OWFs in the classical setting: they are simple to describe, essential, and also serve as a linchpin for demonstrating equivalence between primitives
Multi-party Quantum Computation
We investigate definitions of and protocols for multi-party quantum computing
in the scenario where the secret data are quantum systems. We work in the
quantum information-theoretic model, where no assumptions are made on the
computational power of the adversary. For the slightly weaker task of
verifiable quantum secret sharing, we give a protocol which tolerates any t <
n/4 cheating parties (out of n). This is shown to be optimal. We use this new
tool to establish that any multi-party quantum computation can be securely
performed as long as the number of dishonest players is less than n/6.Comment: Masters Thesis. Based on Joint work with Claude Crepeau and Daniel
Gottesman. Full version is in preparatio
- âŠ