Impossibility of Succinct Quantum Proofs for Collision-Freeness

We show that any quantum algorithm to decide whether a function f:\left[n\right] \rightarrow\left[ n\right] is a permutation or far from a permutation\ must make \Omega\left( n^{1/3}/w\right) queries to f, even if the algorithm is given a w-qubit quantum witness in support of f being a permutation. This implies that there exists an oracle A such that \mathsfSZKA\mathsfQMAA , answering an eight-year-old open question of the author. Indeed, we show that relative to some oracle, \mathsfSZK is not in the counting class \mathsfA\mathsf0\mathsfPP defined by Vyalyi. The proof is a fairly simple extension of the quantum lower bound for the collision problem..National Science Foundation (U.S.) (grant 0844626)United States. Defense Advanced Research Projects Agency (YFA grant

Unitary Property Testing Lower Bounds by Polynomials

We study unitary property testing, where a quantum algorithm is given query access to a black-box unitary and has to decide whether it satisfies some property. In addition to containing the standard quantum query complexity model (where the unitary encodes a binary string) as a special case, this model contains "inherently quantum" problems that have no classical analogue. Characterizing the query complexity of these problems requires new algorithmic techniques and lower bound methods. Our main contribution is a generalized polynomial method for unitary property testing problems. By leveraging connections with invariant theory, we apply this method to obtain lower bounds on problems such as determining recurrence times of unitaries, approximating the dimension of a marked subspace, and approximating the entanglement entropy of a marked state. We also present a unitary property testing-based approach towards an oracle separation between QMA and QMA(2), a long standing question in quantum complexity theory

양자 컴퓨터에 대한 암호학적 알고리즘

학위논문(박사) -- 서울대학교대학원 : 자연과학대학 수리과학부, 2022. 8. 이훈희.The advent of a quantum mechanical computer presents a clear threat to existing cryptography. On the other hand, the quantum computer also suggests the possibility of a new cryptographic protocol through the properties of quantum mechanics. These two perspectives, respectively, gave rise to a new field called post-quantum cryptography as a countermeasure against quantum attacks and quantum cryptography as a new cryptographic technology using quantum mechanics, which are the subject of this thesis. In this thesis, we reconsider the security of the current post-quantum cryptography through a new quantum attack, model, and security proof. We present the fine-grained quantum security of hash functions as cryptographic primitives against preprocessing adversaries. We also bring recent quantum information theoretic research into cryptography, creating new quantum public key encryption and quantum commitment. Along the way, we resolve various open problems such as limitations of quantum algorithms with preprocessing computation, oracle separation problems in quantum complexity theory, and public key encryption using group action.양자역학을 이용한 컴퓨터의 등장은 쇼어의 알고리즘 등을 통해 기존 암호학에 명백한 위협을 제시하며, 양자역학의 성질을 통한 새로운 암호프로토콜의 가능성 또한 제시한다. 이러한 두 가지 관점은 각각 이 학위 논문의 주제가 되는 양자공격에 대한 대응책으로써의 대양자암호와 양자역학을 이용한 암호기술인 양자암호라고 불리는 새로운 분야를 발생시켰다. 이 학위 논문에서는 현재 대양자암호의 안전성을 새로운 양자암호 공격 알고리즘과 모델, 안전성 증명을 통해 재고한다. 특히 암호학적 해쉬함수의 일방향함수, 암호학적 의사난수생성기로서의 대양자 암호 안전성의 구체적인 평가를 제시한다. 또한 최근 양자역학의 연구를 양자암호에 도입함으로써 새로운 양자 공개키암호와 양자 커밋먼트 등의 새로운 발견을 제시한다. 이 과정에서 전처리 계산을 포함한 양자알고리즘의 한계, 양자 복잡계들의 오라클분리 문제, 군의 작용을 이용한 공개키 암호 등의 여러 열린문제들의 해결을 제시한다.1 Introduction 1 1.1 Contributions 3 1.2 Related Works 11 1.3 Research Papers 13 2 Preliminaries 14 2.1 Quantum Computations 15 2.2 Quantum Algorithms 20 2.3 Cryptographic Primitives 21 I Post-Quantum Cryptography: Attacks, New Models, and Proofs 24 3 Quantum Cryptanalysis 25 3.1 Introduction 25 3.2 QROM-AI Algorithm for Function Inversion 26 3.3 Quantum Multiple Discrete Logarithm Problem 34 3.4 Discussion and Open problems 39 4 Quantum Random Oracle Model with Classical Advice 42 4.1 Quantum ROM with Auxiliary Input 44 4.2 Function Inversion 46 4.3 Pseudorandom Generators 56 4.4 Post-quantum Primitives 58 4.5 Discussion and Open Problems 59 5 Quantum Random Permutations with Quantum Advice 62 5.1 Bound for Inverting Random Permutations 64 5.2 Preparation 64 5.3 Proof of Theorem 68 5.4 Implication in Complexity Theory 74 5.5 Discussion and Open Problems 77 II Quantum Cryptography: Public-key Encryptions and Bit Commitments 79 6 Equivalence Theorem 80 6.1 Equivalence Theorem 81 6.2 Non-uniform Equivalence Theorem 83 6.3 Proof of Equivalence Theorem 86 7 Quantum Public Key Encryption 89 7.1 Swap-trapdoor Function Pairs 90 7.2 Quantum-Ciphertext Public Key Encryption 94 7.3 Group Action based Construction 99 7.4 Lattice based Construction 107 7.5 Discussion and Open Problems 113 7.6 Deferred Proof 114 8 Quantum Bit Commitment 119 8.1 Quantum Commitments 120 8.2 Efficient Conversion 123 8.3 Applications of Conversion 126 8.4 Discussion and Open Problems 137박

Practical Zero-Knowledge Arguments from Structured Reference Strings

Zero-knowledge proofs have become an important tool for addressing privacy and scalability concerns in cryptographic protocols. For zero-knowledge proofs used in blockchain applications, it is desirable to have small proof sizes and fast verification. Yet by design, existing constructions with these properties such as zk-SNARKs also have a secret trapdoor embedded in a relation dependent structured reference string (SRS). Knowledge of this trapdoor suffices to break the security of these proofs. The SRSs required by zero-knowledge proofs are usually constructed with multiparty computation protocols, but the resulting parameters are specific to each individual circuit. In this thesis, we propose a model for constructing zero-knowledge arguments (i.e. zero-knowledge proofs with computational soundness) in which the generation of the SRS is directly considered in the security analysis. In our model the same SRS can be used across multiple applications. Further, the model is updatable i.e. users can update the universal SRS and the SRS is considered secure provided at least one of these users is honest. We propose two zero-knowledge arguments with updatable and universal SRSs, as well as a third which is neither updatable nor universal, but which through similar techniques achieves simulation extractability. The proposed arguments are practical, with proof sizes never more than a constant number of group elements. Verification for two of our constructions consist of a small number of pairing operations. For our other construction, which has the desirable property of a linear sized updatable and universal SRS, we describe efficient batching techniques so that verification is fast in the amortised setting

The NISQ Complexity of Collision Finding

Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that there is no efficient way to find distinct inputs that produce the same hash value. This property underpins the security of various cryptographic applications, making it crucial to understand its complexity. The complexity of this problem is well-understood in the classical setting and $\Theta(N^{1/2})$ queries are needed to find a collision. However, the advent of quantum computing has introduced new challenges since quantum adversaries \unicode{x2013} equipped with the power of quantum queries \unicode{x2013} can find collisions much more efficiently. Brassard, H\"oyer and Tapp and Aaronson and Shi established that full-scale quantum adversaries require $\Theta(N^{1/3})$ queries to find a collision, prompting a need for longer hash outputs, which impacts efficiency in terms of the key lengths needed for security. This paper explores the implications of quantum attacks in the Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three different models for NISQ algorithms and achieve tight bounds for all of them: (1) A hybrid algorithm making adaptive quantum or classical queries but with a limited quantum query budget, or (2) A quantum algorithm with access to a noisy oracle, subject to a dephasing or depolarizing channel, or (3) A hybrid algorithm with an upper bound on its maximum quantum depth; i.e., a classical algorithm aided by low-depth quantum circuits. In fact, our results handle all regimes between NISQ and full-scale quantum computers. Previously, only results for the pre-image search problem were known for these models by Sun and Zheng, Rosmanis, Chen, Cotler, Huang and Li while nothing was known about the collision finding problem.Comment: 40 pages; v2: title changed, major extension to other complexity model