5,809 research outputs found
Universal Test for Quantum One-Way Permutations
The next bit test was introduced by Blum and Micali and proved by Yao to be a
universal test for cryptographic pseudorandom generators. On the other hand, no
universal test for the cryptographic one-wayness of functions (or permutations)
is known, though the existence of cryptographic pseudorandom generators is
equivalent to that of cryptographic one-way functions. In the quantum
computation model, Kashefi, Nishimura and Vedral gave a sufficient condition of
(cryptographic) quantum one-way permutations and conjectured that the condition
would be necessary. In this paper, we affirmatively settle their conjecture and
complete a necessary and sufficient for quantum one-way permutations. The
necessary and sufficient condition can be regarded as a universal test for
quantum one-way permutations, since the condition is described as a collection
of stepwise tests similar to the next bit test for pseudorandom generators.Comment: 12 pages, 3 figures. The previous version included some error. This
is a corrected version. Fortunately, the proof is simplified and results are
improve
Pseudorandom Strings from Pseudorandom Quantum States
A fundamental result in classical cryptography is that pseudorandom
generators are equivalent to one-way functions and in fact implied by nearly
every classical cryptographic primitive requiring computational assumptions. In
this work, we consider a variant of pseudorandom generators called quantum
pseudorandom generators (QPRGs), which are quantum algorithms that
(pseudo)deterministically map short random seeds to long pseudorandom strings.
We provide evidence that QPRGs can be as useful as PRGs by providing
cryptographic applications of QPRGs such as commitments and encryption schemes.
Our main result is showing that QPRGs can be constructed assuming the
existence of logarithmic-length quantum pseudorandom states. This raises the
possibility of basing QPRGs on assumptions weaker than one-way functions. We
also consider quantum pseudorandom functions (QPRFs) and show that QPRFs can be
based on the existence of logarithmic-length pseudorandom function-like states.
Our primary technical contribution is a method for pseudodeterministically
extracting uniformly random strings from Haar-random states.Comment: 45 pages, 1 figur
Efficiency Improvements in Constructing Pseudorandom Generators from One-way Functions
ABSTRACT We give a new construction of pseudorandom generators from any one-way function. The construction achieves better parameters and is simpler than that given in the seminal work of Håstad, Impagliazzo, Levin, and Luby [SICOMP '99]. The key to our construction is a new notion of nextblock pseudoentropy, which is inspired by the notion of "inaccessible entropy" recently introduced in [Haitner, Reingold, Vadhan, and Wee, STOC '09]. An additional advantage over previous constructions is that our pseudorandom generators are parallelizable and invoke the one-way function in a non-adaptive manner. Using [Applebaum, Ishai, and Kushilevitz, SICOMP '06], this implies the existence of pseudorandom generators in NC 0 based on the existence of one-way functions in NC 1
Commitments from Quantum One-Wayness
One-way functions are central to classical cryptography. They are both
necessary for the existence of non-trivial classical cryptosystems, and
sufficient to realize meaningful primitives including commitments, pseudorandom
generators and digital signatures. At the same time, a mounting body of
evidence suggests that assumptions even weaker than one-way functions may
suffice for many cryptographic tasks of interest in a quantum world, including
bit commitments and secure multi-party computation. This work studies one-way
state generators [Morimae-Yamakawa, CRYPTO 2022], a natural quantum relaxation
of one-way functions. Given a secret key, a one-way state generator outputs a
hard to invert quantum state. A fundamental question is whether this type of
quantum one-wayness suffices to realize quantum cryptography. We obtain an
affirmative answer to this question, by proving that one-way state generators
with pure state outputs imply quantum bit commitments and secure multiparty
computation. Along the way, we build an intermediate primitive with classical
outputs, which we call a (quantum) one-way puzzle. Our main technical
contribution is a proof that one-way puzzles imply quantum bit commitments.Comment: 68 page
Cryptography from Pseudorandom Quantum States
Pseudorandom states, introduced by Ji, Liu and Song (Crypto\u2718), are efficiently-computable quantum states that are computationally indistinguishable from Haar-random states.
One-way functions imply the existence of pseudorandom states, but Kretschmer (TQC\u2720) recently constructed an oracle relative to which there are no one-way functions but pseudorandom states still exist.
Motivated by this, we study the intriguing possibility of basing interesting cryptographic tasks on pseudorandom states.
We construct, assuming the existence of pseudorandom state generators that map a -bit seed to a -qubit state, (a) statistically binding and computationally hiding commitments and (b) pseudo one-time encryption schemes. A consequence of (a) is that pseudorandom states are sufficient to construct maliciously secure multiparty computation protocols in the dishonest majority setting.
Our constructions are derived via a new notion called {\em pseudorandom function-like states} (PRFS), a generalization of pseudorandom states that parallels the classical notion of pseudorandom functions. Beyond the above two applications, we believe our notion can effectively replace pseudorandom functions in many other cryptographic applications
Unifying computational entropies via Kullback-Leibler divergence
We introduce hardness in relative entropy, a new notion of hardness for
search problems which on the one hand is satisfied by all one-way functions and
on the other hand implies both next-block pseudoentropy and inaccessible
entropy, two forms of computational entropy used in recent constructions of
pseudorandom generators and statistically hiding commitment schemes,
respectively. Thus, hardness in relative entropy unifies the latter two notions
of computational entropy and sheds light on the apparent "duality" between
them. Additionally, it yields a more modular and illuminating proof that
one-way functions imply next-block inaccessible entropy, similar in structure
to the proof that one-way functions imply next-block pseudoentropy (Vadhan and
Zheng, STOC '12)
Pseudorandom (Function-Like) Quantum State Generators: New Definitions and Applications
Pseudorandom quantum states (PRS) are efficiently constructible states that
are computationally indistinguishable from being Haar-random, and have recently
found cryptographic applications. We explore new definitions, new properties
and applications of pseudorandom states, and present the following
contributions:
1. New Definitions: We study variants of pseudorandom function-like state
(PRFS) generators, introduced by Ananth, Qian, and Yuen (CRYPTO'22), where the
pseudorandomness property holds even when the generator can be queried
adaptively or in superposition. We show feasibility of these variants assuming
the existence of post-quantum one-way functions.
2. Classical Communication: We show that PRS generators with logarithmic
output length imply commitment and encryption schemes with classical
communication. Previous constructions of such schemes from PRS generators
required quantum communication.
3. Simplified Proof: We give a simpler proof of the Brakerski--Shmueli
(TCC'19) result that polynomially-many copies of uniform superposition states
with random binary phases are indistinguishable from Haar-random states.
4. Necessity of Computational Assumptions: We also show that a secure PRS
with output length logarithmic, or larger, in the key length necessarily
requires computational assumptions
The power of negations in cryptography
The study of monotonicity and negation complexity for Bool-ean functions has been prevalent in complexity theory as well as in computational learning theory, but little attention has been given to it in the cryptographic context. Recently, Goldreich and Izsak (2012) have initiated a study of whether cryptographic primitives can be monotone, and showed that one-way functions can be monotone (assuming they exist), but a pseudorandom generator cannot.
In this paper, we start by filling in the picture and proving that many other basic cryptographic primitives cannot be monotone. We then initiate a quantitative study of the power of negations, asking how many negations are required. We provide several lower bounds, some of them tight, for various cryptographic primitives and building blocks including one-way permutations, pseudorandom functions, small-bias generators, hard-core predicates, error-correcting codes, and randomness extractors. Among our results, we highlight the following.
Unlike one-way functions, one-way permutations cannot be monotone.
We prove that pseudorandom functions require logn − O(1) negations (which is optimal up to the additive term).
We prove that error-correcting codes with optimal distance parameters require logn − O(1) negations (again, optimal up to the additive term).
We prove a general result for monotone functions, showing a lower bound on the depth of any circuit with t negations on the bottom that computes a monotone function f in terms of the monotone circuit depth of f. This result addresses a question posed by Koroth and Sarma (2014) in the context of the circuit complexity of the Clique problem
Space Pseudorandom Generators by Communication Complexity Lower Bounds
In 1989, Babai, Nisan and Szegedy gave a construction of a pseudorandom generator for logspace, based on lower bounds for multiparty communication complexity. The seed length of their pseudorandom generator was relatively large, because the best lower bounds for multiparty communication complexity are relatively weak. Subsequently, pseudorandom generators for logspace with seed length O(log^2 n) were given by Nisan, and Impagliazzo, Nisan and Wigderson.
In this paper, we show how to use the pseudorandom generator construction of Babai, Nisan and Szegedy to obtain a third construction of a pseudorandom generator with seed length O(log^2 n), achieving the same parameters as Nisan, and Impagliazzo, Nisan and Wigderson. We achieve this by concentrating on protocols in a restricted model of multiparty communication complexity that we call the conservative one-way unicast model and is based on the conservative one-way model of Damm, Jukna and Sgall. We observe that bounds in the conservative one-way unicast model (rather than the standard Number On the Forehead model) are sufficient for the pseudorandom generator construction of Babai, Nisan and Szegedy to work.
Roughly speaking, in a conservative one-way unicast communication protocol, the players speak in turns, one after the other in a fixed order, and every message is visible only to the next player. Moreover, before the beginning of the protocol, each player only knows the inputs of the players that speak after she does and a certain function of the inputs of the players that speak before she does. We prove a lower bound for the communication complexity of conservative one-way unicast communication protocols that compute a family of functions obtained by compositions of strong extractors. Our final pseudorandom generator construction is related to, but different from the constructions of Nisan, and Impagliazzo, Nisan and Wigderson
On One-way Functions and Kolmogorov Complexity
We prove that the equivalence of two fundamental problems in the theory of
computing. For every polynomial , the
following are equivalent:
- One-way functions exists (which in turn is equivalent to the existence of
secure private-key encryption schemes, digital signatures, pseudorandom
generators, pseudorandom functions, commitment schemes, and more);
- -time bounded Kolmogorov Complexity, , is mildly hard-on-average
(i.e., there exists a polynomial such that no PPT algorithm can
compute , for more than a fraction of -bit strings).
In doing so, we present the first natural, and well-studied, computational
problem characterizing the feasibility of the central private-key primitives
and protocols in Cryptography
- …