79 research outputs found
How to Record Quantum Queries, and Applications to Quantum Indifferentiability
The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof techniques allow the reduction to record information about the adversary\u27s queries, a crucial feature of many classical ROM proofs, including all proofs of indifferentiability for hash function domain extension.
In this work, we give a new QROM proof technique that overcomes this ``recording barrier\u27\u27. Our central observation is that when viewing the adversary\u27s query and the oracle itself in the Fourier domain, an oracle query switches from writing to the adversary\u27s space to writing to the oracle itself. This allows a reduction to simulate the oracle by simply recording information about the adversary\u27s query in the Fourier domain.
We then use this new technique to show the indifferentiability of the Merkle-Damgard domain extender for hash functions. We also give a proof of security for the Fujisaki-Okamoto transformation; previous proofs required modifying the scheme to include an additional hash term. Given the threat posed by quantum computers and the push toward quantum-resistant cryptosystems, our work represents an important tool for efficient post-quantum cryptosystems
Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability
Game-playing proofs constitute a powerful framework for non-quantum
cryptographic security arguments, most notably applied in the context of
indifferentiability. An essential ingredient in such proofs is lazy sampling of
random primitives. We develop a quantum game-playing proof framework by
generalizing two recently developed proof techniques. First, we describe how
Zhandry's compressed quantum oracles~(Crypto'19) can be used to do quantum lazy
sampling of a class of non-uniform function distributions. Second, we observe
how Unruh's one-way-to-hiding lemma~(Eurocrypt'14) can also be applied to
compressed oracles, providing a quantum counterpart to the fundamental lemma of
game-playing. Subsequently, we use our game-playing framework to prove quantum
indifferentiability of the sponge construction, assuming a random internal
function
Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability
Game-playing proofs constitute a powerful framework for classical cryptographic security arguments, most notably applied in the context of indifferentiability. An essential ingredient in such proofs is lazy sampling of random primitives. We develop a quantum game-playing proof framework by generalizing two recently developed proof techniques. First, we describe how Zhandry's compressed quantum oracles [Zha18] can be used to do quantum lazy sampling from non-uniform function distributions. Second, we observe how Unruh's one-way-to-hiding lemma [Unr14] can also be applied to compressed oracles, providing a quantum counterpart to the fundamental lemma of game-playing.
Subsequently, we use our game-playing framework to prove quantum indifferentiability of the sponge construction, assuming a random internal function or a random permutation. Our results upgrade post-quantum security of SHA-3 to the same level that is proven against classical adversaries
Post-quantum security of hash functions
The research covered in this thesis is dedicated to provable post-quantum security of hash functions. Post-quantum security provides security guarantees against quantum attackers. We focus on analyzing the sponge construction, a cryptographic construction used in the standardized hash function SHA3. Our main results are proving a number of quantum security statements. These include standard-model security: collision-resistance and collapsingness, and more idealized notions such as indistinguishability and indifferentiability from a random oracle. All these results concern quantum security of the classical cryptosystems. From a more high-level perspective we find new applications and generalize several important proof techniques in post-quantum cryptography. We use the polynomial method to prove quantum indistinguishability of the sponge construction. We also develop a framework for quantum game-playing proofs, using the recently introduced techniques of compressed random oracles and the One-way-To-Hiding lemma. To establish the usefulness of the new framework we also prove a number of quantum indifferentiability results for other cryptographic constructions. On the way to these results, though, we address an open problem concerning quantum indifferentiability. Namely, we disprove a conjecture that forms the basis of a no-go theorem for a version of quantum indifferentiability
Classical and Quantum Security of Elliptic Curve VRF, via Relative Indifferentiability
Verifiable random functions (VRFs) are essentially pseudorandom
functions for which selected outputs can be proved correct and unique,
without compromising the security of other outputs. VRFs have numerous
applications across cryptography, and in particular they have recently
been used to implement committee selection in the Algorand protocol.
Elliptic Curve VRF (ECVRF) is an elegant construction,
originally due to Papadopoulos et al., that is now under consideration
by the Internet Research Task Force. Prior work proved that ECVRF
possesses the main desired security properties of a VRF, under
suitable assumptions. However, several recent versions of ECVRF
include changes that make some of these proofs inapplicable. Moreover,
the prior analysis holds only for *classical* attackers, in the
random-oracle model (ROM); it says nothing about whether any of the
desired properties hold against *quantum* attacks, in the
quantumly accessible ROM. We note that certain important properties
of ECVRF, like uniqueness, do *not* rely on assumptions that are
known to be broken by quantum computers, so it is plausible that these
properties could hold even in the quantum setting.
This work provides a multi-faceted security analysis of recent
versions of ECVRF, in both the classical and quantum settings. First,
we motivate and formally define new security properties for VRFs, like
non-malleability and binding, and prove that recent versions of ECVRF
satisfy them (under standard assumptions). Second, we identify a
subtle obstruction in proving that recent versions of ECVRF have
*uniqueness* via prior indifferentiability definitions and
theorems, even in the classical setting. Third, we fill this gap by
defining a stronger notion called *relative indifferentiability*,
and extend prior work to show that a standard domain extender used in
ECVRF satisfies this notion, in both the classical and quantum
settings. This final contribution is of independent interest and we
believe it should be applicable elsewhere
Quantum Indifferentiability of SHA-3
In this paper we prove quantum indifferentiability of the sponge construction instantiated with random (invertible) permutations. With this result we bring the post-quantum security of the standardized SHA-3 hash function to the level matching its security against classical adversaries. To achieve our result, we generalize the compressed-oracle technique of Zhandry (Crypto\u2719) by defining and proving correctness of a compressed permutation oracle. We believe our technique will find applications in many more cryptographic constructions
Tight Quantum Indifferentiability of a Rate-1/3 Compression Function
We prove classical and quantum indifferentiability of a rate-1/3 compression function introduced by Shrimpton and Stam (ICALP \u2708). This construction was one of the first constructions based on three random functions that achieved optimal collision-resistance. We also prove that our result is tight, we define a classical and a quantum attackers that match the indifferentiability security level. Our tight indifferentiability results provide a negative result on the optimality of security of the construction by Shrimpton and Stam, security level of the strong indifferentiability notion is below that of collision-resistance.
To arrive at these results, we generalize the results of Czajkowski, Majenz, Schaffner, and Zur (arXiv \u2719). Our generalization allows to analyze quantum security of constructions based on multiple independent random functions, something not possible before
On Finding Quantum Multi-collisions
A -collision for a compressing hash function is a set of distinct
inputs that all map to the same output. In this work, we show that for any
constant , quantum
queries are both necessary and sufficient to achieve a -collision with
constant probability. This improves on both the best prior upper bound
(Hosoyamada et al., ASIACRYPT 2017) and provides the first non-trivial lower
bound, completely resolving the problem
From Indifferentiability to Constructive Cryptography (and Back)
The concept of indifferentiability of systems, a generalized form of
indistinguishability, was proposed in 2004 to provide a simplified
and generalized explanation of impossibility results like the
non-instantiability of random oracles by hash functions due to
Canetti, Goldreich, and Halevi (STOC 1998). But indifferentiability
is actually a constructive notion, leading to possibility
results. For example, Coron {\em et al.} (Crypto 2005) argued that the
soundness of the construction of a hash function from a
compression function can be demonstrated by proving that
is indifferentiable from a random oracle if is an ideal random
compression function.
The purpose of this short paper is to describe how the
indifferentiability notion was a precursor to the theory of
constructive cryptography and thereby to provide a simplified and
generalized treatment of indifferentiability as a special type of
constructive statement
- …