18,712 research outputs found
Quantum Collision-Finding in Non-Uniform Random Functions
We give a complete characterization of quantum attacks for finding a collision in a non- uniform random function whose outputs are drawn according to a distribution of min-entropy k. This can be viewed as showing generic security of hash functions under relaxed assumptions in contrast to the standard heuristic of assuming uniformly random outputs. It also has ap- plications in analyzing quantum security of the Fujisaki-Okamoto transformation [TU TCC16B]. In particular, our results close a gap in the lower bound left open in [TTU PQCrypto16].
Specifically, let be a min-entropy distribution on a set of size . Let be a function whose output is drawn according to for each independently. We show that quantum queries are necessary to find a collision in , improving the previous bound . In fact we show a stronger lower bound in some special case. For all cases, we also describe explicit quantum algorithms that find a collision with a number of queries matching the corresponding lower bounds
On Quantum Query Complexities of Collision-Finding in Non-Uniform Random Functions
Collision resistance and collision finding are now extensively exploited in Cryptography, especially in the case of quantum computing. For any function with uniformly distributed over , Zhandry has shown that the number of queries is both necessary and sufficient for finding a collision in with constant probability. However, there is still a gap between the upper and the lower bounds of query complexity in general non-uniform distributions.
In this paper, we investigate the quantum query complexity of collision-finding problem with respect to general non-uniform distributions. Inspired by previous work, we pose the concept of collision domain and a new parameter that heavily depends on the underlying non-uniform distribution. We then present a quantum algorithm that uses quantum queries to find a collision for any non-uniform random function. By making a transformation of a problem in non-uniform setting into a problem in uniform setting, we are also able to show that quantum queries are necessary in collision-finding in any non-uniform random function.
The upper bound and the lower bound in this work indicates that the proposed algorithm is nearly optimal with query complexity in general non-uniform case
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability
Game-playing proofs constitute a powerful framework for non-quantum
cryptographic security arguments, most notably applied in the context of
indifferentiability. An essential ingredient in such proofs is lazy sampling of
random primitives. We develop a quantum game-playing proof framework by
generalizing two recently developed proof techniques. First, we describe how
Zhandry's compressed quantum oracles~(Crypto'19) can be used to do quantum lazy
sampling of a class of non-uniform function distributions. Second, we observe
how Unruh's one-way-to-hiding lemma~(Eurocrypt'14) can also be applied to
compressed oracles, providing a quantum counterpart to the fundamental lemma of
game-playing. Subsequently, we use our game-playing framework to prove quantum
indifferentiability of the sponge construction, assuming a random internal
function
Quantum-secure message authentication via blind-unforgeability
Formulating and designing unforgeable authentication of classical messages in
the presence of quantum adversaries has been a challenge, as the familiar
classical notions of unforgeability do not directly translate into meaningful
notions in the quantum setting. A particular difficulty is how to fairly
capture the notion of "predicting an unqueried value" when the adversary can
query in quantum superposition. In this work, we uncover serious shortcomings
in existing approaches, and propose a new definition. We then support its
viability by a number of constructions and characterizations. Specifically, we
demonstrate a function which is secure according to the existing definition by
Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack,
whereby a query supported only on inputs that start with 0 divulges the value
of the function on an input that starts with 1. We then propose a new
definition, which we call "blind-unforgeability" (or BU.) This notion matches
"intuitive unpredictability" in all examples studied thus far. It defines a
function to be predictable if there exists an adversary which can use
"partially blinded" oracle access to predict values in the blinded region. Our
definition (BU) coincides with standard unpredictability (EUF-CMA) in the
classical-query setting. We show that quantum-secure pseudorandom functions are
BU-secure MACs. In addition, we show that BU satisfies a composition property
(Hash-and-MAC) using "Bernoulli-preserving" hash functions, a new notion which
may be of independent interest. Finally, we show that BU is amenable to
security reductions by giving a precise bound on the extent to which quantum
algorithms can deviate from their usual behavior due to the blinding in the BU
security experiment.Comment: 23+9 pages, v3: published version, with one theorem statement in the
summary of results correcte
Quantum Lightning Never Strikes the Same State Twice
Public key quantum money can be seen as a version of the quantum no-cloning
theorem that holds even when the quantum states can be verified by the
adversary. In this work, investigate quantum lightning, a formalization of
"collision-free quantum money" defined by Lutomirski et al. [ICS'10], where
no-cloning holds even when the adversary herself generates the quantum state to
be cloned. We then study quantum money and quantum lightning, showing the
following results:
- We demonstrate the usefulness of quantum lightning by showing several
potential applications, such as generating random strings with a proof of
entropy, to completely decentralized cryptocurrency without a block-chain,
where transactions is instant and local.
- We give win-win results for quantum money/lightning, showing that either
signatures/hash functions/commitment schemes meet very strong recently proposed
notions of security, or they yield quantum money or lightning.
- We construct quantum lightning under the assumed multi-collision resistance
of random degree-2 systems of polynomials.
- We show that instantiating the quantum money scheme of Aaronson and
Christiano [STOC'12] with indistinguishability obfuscation that is secure
against quantum computers yields a secure quantum money schem
- …