5,828 research outputs found
Computational Indistinguishability between Quantum States and Its Cryptographic Application
We introduce a computational problem of distinguishing between two specific
quantum states as a new cryptographic problem to design a quantum cryptographic
scheme that is "secure" against any polynomial-time quantum adversary. Our
problem, QSCDff, is to distinguish between two types of random coset states
with a hidden permutation over the symmetric group of finite degree. This
naturally generalizes the commonly-used distinction problem between two
probability distributions in computational cryptography. As our major
contribution, we show that QSCDff has three properties of cryptographic
interest: (i) QSCDff has a trapdoor; (ii) the average-case hardness of QSCDff
coincides with its worst-case hardness; and (iii) QSCDff is computationally at
least as hard as the graph automorphism problem in the worst case. These
cryptographic properties enable us to construct a quantum public-key
cryptosystem, which is likely to withstand any chosen plaintext attack of a
polynomial-time quantum adversary. We further discuss a generalization of
QSCDff, called QSCDcyc, and introduce a multi-bit encryption scheme that relies
on similar cryptographic properties of QSCDcyc.Comment: 24 pages, 2 figures. We improved presentation, and added more detail
proofs and follow-up of recent wor
Wave: A New Family of Trapdoor One-Way Preimage Sampleable Functions Based on Codes
We present here a new family of trapdoor one-way Preimage Sampleable
Functions (PSF) based on codes, the Wave-PSF family. The trapdoor function is
one-way under two computational assumptions: the hardness of generic decoding
for high weights and the indistinguishability of generalized -codes.
Our proof follows the GPV strategy [GPV08]. By including rejection sampling, we
ensure the proper distribution for the trapdoor inverse output. The domain
sampling property of our family is ensured by using and proving a variant of
the left-over hash lemma. We instantiate the new Wave-PSF family with ternary
generalized -codes to design a "hash-and-sign" signature scheme which
achieves existential unforgeability under adaptive chosen message attacks
(EUF-CMA) in the random oracle model. For 128 bits of classical security,
signature sizes are in the order of 15 thousand bits, the public key size in
the order of 4 megabytes, and the rejection rate is limited to one rejection
every 10 to 12 signatures.Comment: arXiv admin note: text overlap with arXiv:1706.0806
The problem with the SURF scheme
There is a serious problem with one of the assumptions made in the security
proof of the SURF scheme. This problem turns out to be easy in the regime of
parameters needed for the SURF scheme to work.
We give afterwards the old version of the paper for the reader's convenience.Comment: Warning : we found a serious problem in the security proof of the
SURF scheme. We explain this problem here and give the old version of the
paper afterward
Cryptography from Information Loss
© Marshall Ball, Elette Boyle, Akshay Degwekar, Apoorvaa Deshpande, Alon Rosen, Vinod. Reductions between problems, the mainstay of theoretical computer science, efficiently map an instance of one problem to an instance of another in such a way that solving the latter allows solving the former.1 The subject of this work is âlossyâ reductions, where the reduction loses some information about the input instance. We show that such reductions, when they exist, have interesting and powerful consequences for lifting hardness into âusefulâ hardness, namely cryptography. Our first, conceptual, contribution is a definition of lossy reductions in the language of mutual information. Roughly speaking, our definition says that a reduction C is t-lossy if, for any distribution X over its inputs, the mutual information I(X; C(X)) †t. Our treatment generalizes a variety of seemingly related but distinct notions such as worst-case to average-case reductions, randomized encodings (Ishai and Kushilevitz, FOCS 2000), homomorphic computations (Gentry, STOC 2009), and instance compression (Harnik and Naor, FOCS 2006). We then proceed to show several consequences of lossy reductions: 1. We say that a language L has an f-reduction to a language L0 for a Boolean function f if there is a (randomized) polynomial-time algorithm C that takes an m-tuple of strings X = (x1, . . ., xm), with each xi â {0, 1}n, and outputs a string z such that with high probability, L0(z) = f(L(x1), L(x2), . . ., L(xm)) Suppose a language L has an f-reduction C to L0 that is t-lossy. Our first result is that one-way functions exist if L is worst-case hard and one of the following conditions holds: f is the OR function, t †m/100, and L0 is the same as L f is the Majority function, and t †m/100 f is the OR function, t †O(m log n), and the reduction has no error This improves on the implications that follow from combining (Drucker, FOCS 2012) with (Ostrovsky and Wigderson, ISTCS 1993) that result in auxiliary-input one-way functions. 2. Our second result is about the stronger notion of t-compressing f-reductions â reductions that only output t bits. We show that if there is an average-case hard language L that has a t-compressing Majority reduction to some language for t = m/100, then there exist collision-resistant hash functions. This improves on the result of (Harnik and Naor, STOC 2006), whose starting point is a cryptographic primitive (namely, one-way functions) rather than average-case hardness, and whose assumption is a compressing OR-reduction of SAT (which is now known to be false unless the polynomial hierarchy collapses). Along the way, we define a non-standard one-sided notion of average-case hardness, which is the notion of hardness used in the second result above, that may be of independent interest
Quantum Proofs
Quantum information and computation provide a fascinating twist on the notion
of proofs in computational complexity theory. For instance, one may consider a
quantum computational analogue of the complexity class \class{NP}, known as
QMA, in which a quantum state plays the role of a proof (also called a
certificate or witness), and is checked by a polynomial-time quantum
computation. For some problems, the fact that a quantum proof state could be a
superposition over exponentially many classical states appears to offer
computational advantages over classical proof strings. In the interactive proof
system setting, one may consider a verifier and one or more provers that
exchange and process quantum information rather than classical information
during an interaction for a given input string, giving rise to quantum
complexity classes such as QIP, QSZK, and QMIP* that represent natural quantum
analogues of IP, SZK, and MIP. While quantum interactive proof systems inherit
some properties from their classical counterparts, they also possess distinct
and uniquely quantum features that lead to an interesting landscape of
complexity classes based on variants of this model.
In this survey we provide an overview of many of the known results concerning
quantum proofs, computational models based on this concept, and properties of
the complexity classes they define. In particular, we discuss non-interactive
proofs and the complexity class QMA, single-prover quantum interactive proof
systems and the complexity class QIP, statistical zero-knowledge quantum
interactive proof systems and the complexity class \class{QSZK}, and
multiprover interactive proof systems and the complexity classes QMIP, QMIP*,
and MIP*.Comment: Survey published by NOW publisher
Quantum interactive proofs and the complexity of separability testing
We identify a formal connection between physical problems related to the
detection of separable (unentangled) quantum states and complexity classes in
theoretical computer science. In particular, we show that to nearly every
quantum interactive proof complexity class (including BQP, QMA, QMA(2), and
QSZK), there corresponds a natural separability testing problem that is
complete for that class. Of particular interest is the fact that the problem of
determining whether an isometry can be made to produce a separable state is
either QMA-complete or QMA(2)-complete, depending upon whether the distance
between quantum states is measured by the one-way LOCC norm or the trace norm.
We obtain strong hardness results by proving that for each n-qubit maximally
entangled state there exists a fixed one-way LOCC measurement that
distinguishes it from any separable state with error probability that decays
exponentially in n.Comment: v2: 43 pages, 5 figures, completely rewritten and in Theory of
Computing (ToC) journal forma
- âŠ