3,129 research outputs found
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Quantum vs Classical Proofs and Subset Verification
We study the ability of efficient quantum verifiers to decide properties of
exponentially large subsets given either a classical or quantum witness. We
develop a general framework that can be used to prove that QCMA machines, with
only classical witnesses, cannot verify certain properties of subsets given
implicitly via an oracle. We use this framework to prove an oracle separation
between QCMA and QMA using an "in-place" permutation oracle, making the first
progress on this question since Aaronson and Kuperberg in 2007. We also use the
framework to prove a particularly simple standard oracle separation between
QCMA and AM.Comment: 23 pages, presentation and notation clarified, small errors fixe
Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability
Game-playing proofs constitute a powerful framework for non-quantum
cryptographic security arguments, most notably applied in the context of
indifferentiability. An essential ingredient in such proofs is lazy sampling of
random primitives. We develop a quantum game-playing proof framework by
generalizing two recently developed proof techniques. First, we describe how
Zhandry's compressed quantum oracles~(Crypto'19) can be used to do quantum lazy
sampling of a class of non-uniform function distributions. Second, we observe
how Unruh's one-way-to-hiding lemma~(Eurocrypt'14) can also be applied to
compressed oracles, providing a quantum counterpart to the fundamental lemma of
game-playing. Subsequently, we use our game-playing framework to prove quantum
indifferentiability of the sponge construction, assuming a random internal
function
Using Simon's Algorithm to Attack Symmetric-Key Cryptographic Primitives
We present new connections between quantum information and the field of
classical cryptography. In particular, we provide examples where Simon's
algorithm can be used to show insecurity of commonly used cryptographic
symmetric-key primitives. Specifically, these examples consist of a quantum
distinguisher for the 3-round Feistel network and a forgery attack on CBC-MAC
which forges a tag for a chosen-prefix message querying only other messages (of
the same length). We assume that an adversary has quantum-oracle access to the
respective classical primitives. Similar results have been achieved recently in
independent work by Kaplan et al. Our findings shed new light on the
post-quantum security of cryptographic schemes and underline that classical
security proofs of cryptographic constructions need to be revisited in light of
quantum attackers.Comment: 14 pages, 2 figures. v3: final polished version, more formal
definitions adde
The Structure of Promises in Quantum Speedups
It has long been known that in the usual black-box model, one cannot get
super-polynomial quantum speedups without some promise on the inputs. In this
paper, we examine certain types of symmetric promises, and show that they also
cannot give rise to super-polynomial quantum speedups. We conclude that
exponential quantum speedups only occur given "structured" promises on the
input.
Specifically, we show that there is a polynomial relationship of degree
between and for any function defined on permutations
(elements of in which each alphabet element occurs
exactly once). We generalize this result to all functions defined on orbits
of the symmetric group action (which acts on an element of by permuting its entries). We also show that when is constant, any
function defined on a "symmetric set" - one invariant under -
satisfies .Comment: 15 page
- …