166 research outputs found
Semantic Security and Indistinguishability in the Quantum World
At CRYPTO 2013, Boneh and Zhandry initiated the study of quantum-secure
encryption. They proposed first indistinguishability definitions for the
quantum world where the actual indistinguishability only holds for classical
messages, and they provide arguments why it might be hard to achieve a stronger
notion. In this work, we show that stronger notions are achievable, where the
indistinguishability holds for quantum superpositions of messages. We
investigate exhaustively the possibilities and subtle differences in defining
such a quantum indistinguishability notion for symmetric-key encryption
schemes. We justify our stronger definition by showing its equivalence to novel
quantum semantic-security notions that we introduce. Furthermore, we show that
our new security definitions cannot be achieved by a large class of ciphers --
those which are quasi-preserving the message length. On the other hand, we
provide a secure construction based on quantum-resistant pseudorandom
permutations; this construction can be used as a generic transformation for
turning a large class of encryption schemes into quantum indistinguishable and
hence quantum semantically secure ones. Moreover, our construction is the first
completely classical encryption scheme shown to be secure against an even
stronger notion of indistinguishability, which was previously known to be
achievable only by using quantum messages and arbitrary quantum encryption
circuits.Comment: 37 pages, 2 figure
Functional Encryption in the Bounded Storage Models
Functional encryption is a powerful paradigm for public-key encryption which
allows for controlled access to encrypted data. This primitive is generally
impossible in the standard setting so we investigate possibilities in the
bounded quantum storage model (BQSM) and the bounded classical storage model
(BCSM). In these models, ciphertexts potentially disappear which nullifies
impossibility results and allows us to obtain positive outcomes.
Firstly, in the BQSM, we construct information-theoretically secure
functional encryption with where
can be set to any value less than . Here
denotes the number of times that an adversary is restricted to
--qubits of quantum memory in the protocol and denotes
the required quantum memory to run the protocol honestly. We then show that our
scheme is optimal by proving that it is impossible to attain
information-theoretically secure functional encryption with . However, by assuming the existence of
post-quantum one-way functions, we can do far better and achieve functional
encryption with classical keys and with and .
Secondly, in the BCSM, we construct functional
encryption assuming the existence of virtual weak
grey-box obfuscation. Here, the pair indicates the
required memory to run honestly and the needed memory to break security,
respectively. This memory gap is optimal and the assumption is minimal. In
particular, we also construct virtual weak
grey-box obfuscation assuming functional
encryption.Comment: 30 page
Quantum Fully Homomorphic Encryption With Verification
Fully-homomorphic encryption (FHE) enables computation on encrypted data
while maintaining secrecy. Recent research has shown that such schemes exist
even for quantum computation. Given the numerous applications of classical FHE
(zero-knowledge proofs, secure two-party computation, obfuscation, etc.) it is
reasonable to hope that quantum FHE (or QFHE) will lead to many new results in
the quantum setting. However, a crucial ingredient in almost all applications
of FHE is circuit verification. Classically, verification is performed by
checking a transcript of the homomorphic computation. Quantumly, this strategy
is impossible due to no-cloning. This leads to an important open question: can
quantum computations be delegated and verified in a non-interactive manner? In
this work, we answer this question in the affirmative, by constructing a scheme
for QFHE with verification (vQFHE). Our scheme provides authenticated
encryption, and enables arbitrary polynomial-time quantum computations without
the need of interaction between client and server. Verification is almost
entirely classical; for computations that start and end with classical states,
it is completely classical. As a first application, we show how to construct
quantum one-time programs from classical one-time programs and vQFHE.Comment: 30 page
Quantum Indistinguishability for Public Key Encryption
In this work we study the quantum security of public key encryption schemes
(PKE). Boneh and Zhandry (CRYPTO'13) initiated this research area for PKE and
symmetric key encryption (SKE), albeit restricted to a classical
indistinguishability phase. Gagliardoni et al. (CRYPTO'16) advanced the study
of quantum security by giving, for SKE, the first definition with a quantum
indistinguishability phase. For PKE, on the other hand, no notion of quantum
security with a quantum indistinguishability phase exists. Our main result is a
novel quantum security notion (qIND-qCPA) for PKE with a quantum
indistinguishability phase, which closes the aforementioned gap. We show a
distinguishing attack against code-based schemes and against LWE-based schemes
with certain parameters. We also show that the canonical hybrid PKE-SKE
encryption construction is qIND-qCPA-secure, even if the underlying PKE scheme
by itself is not. Finally, we classify quantum-resistant PKE schemes based on
the applicability of our security notion. Our core idea follows the approach of
Gagliardoni et al. by using so-called type-2 operators for encrypting the
challenge message. At first glance, type-2 operators appear unnatural for PKE,
as the canonical way of building them requires both the secret and the public
key. However, we identify a class of PKE schemes - which we call recoverable -
and show that for this class type-2 operators require merely the public key.
Moreover, recoverable schemes allow to realise type-2 operators even if they
suffer from decryption failures, which in general thwarts the reversibility
mandated by type-2 operators. Our work reveals that many real-world
quantum-resistant PKE schemes, including most NIST PQC candidates and the
canonical hybrid construction, are indeed recoverable
Instantiability of Classical Random-Oracle-Model Encryption Transforms
Extending work leveraging program obfuscation to instantiate random-oracle-based transforms (e.g., Hohenberger et al., EUROCRYPT 2014, Kalai et al., CRYPTO 2017), we show that, using obfuscation and other assumptions, there exist standard-model hash functions that suffice to instantiate the classical RO-model encryption transforms OAEP (Bellare and Rogaway, EUROCRYPT 1994) and Fujisaki-Okamoto (CRYPTO 1999, J. Cryptology 2013) for specific public-key encryption (PKE) schemes to achieve IND-CCA security. Our result for Fujisaki-Okamoto employs a simple modification to the scheme.
Our instantiations do not require much stronger assumptions on the base schemes compared to their corresponding RO-model proofs. For example, to instantiate low-exponent RSA-OAEP, the assumption we need on RSA is sub-exponential partial one-wayness, matching the assumption (partial one-wayness) on RSA needed by Fujisaki et al. (J. Cryptology 2004) in the RO model up to sub-exponentiality. For the part of Fujisaki-Okamoto that upgrades public-key encryption satisfying indistinguishability against plaintext checking attack to IND-CCA, we again do not require much stronger assumptions up to sub-exponentiality.
We obtain our hash functions in a unified way, extending a technique of Brzuska and Mittelbach (ASIACRYPT 2014). We incorporate into their technique: (1) extremely lossy functions (ELFs), a notion by Zhandry (CRYPTO 2016), and (2) multi-bit auxiliary-input point function obfuscation (MB-AIPO). While MB-AIPO is impossible in general (Brzuska and Mittelbach, ASIACRYPT 2014), we give plausible constructions for the special cases we need, which may be of independent interest
08491 Abstracts Collection -- Theoretical Foundations of Practical Information Security
From 30.11. to 05.12.2008, the Dagstuhl Seminar 08491 ``Theoretical Foundations of Practical Information Security \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
- …