2,751 research outputs found
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Quantum Lazy Sampling and Game-Playing Proofs for Quantum Indifferentiability
Game-playing proofs constitute a powerful framework for non-quantum
cryptographic security arguments, most notably applied in the context of
indifferentiability. An essential ingredient in such proofs is lazy sampling of
random primitives. We develop a quantum game-playing proof framework by
generalizing two recently developed proof techniques. First, we describe how
Zhandry's compressed quantum oracles~(Crypto'19) can be used to do quantum lazy
sampling of a class of non-uniform function distributions. Second, we observe
how Unruh's one-way-to-hiding lemma~(Eurocrypt'14) can also be applied to
compressed oracles, providing a quantum counterpart to the fundamental lemma of
game-playing. Subsequently, we use our game-playing framework to prove quantum
indifferentiability of the sponge construction, assuming a random internal
function
Physical aspects of oracles for randomness, and Hadamard's conjecture
We analyze the physical aspects and origins of currently proposed oracles for
(absolute) randomness.Comment: 10 pages, 3 figures. arXiv admin note: substantial text overlap with
arXiv:1405.140
Unforgeable Quantum Encryption
We study the problem of encrypting and authenticating quantum data in the
presence of adversaries making adaptive chosen plaintext and chosen ciphertext
queries. Classically, security games use string copying and comparison to
detect adversarial cheating in such scenarios. Quantumly, this approach would
violate no-cloning. We develop new techniques to overcome this problem: we use
entanglement to detect cheating, and rely on recent results for characterizing
quantum encryption schemes. We give definitions for (i.) ciphertext
unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext
attack, and (iii.) authenticated encryption. The restriction of each definition
to the classical setting is at least as strong as the corresponding classical
notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All
of our new notions also imply QIND-CPA privacy. Combining one-time
authentication and classical pseudorandomness, we construct schemes for each of
these new quantum security notions, and provide several separation examples.
Along the way, we also give a new definition of one-time quantum authentication
which, unlike all previous approaches, authenticates ciphertexts rather than
plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed,
some proofs related to QIND-CCA2 clarifie
Quantum Algorithms for Classical Probability Distributions
We study quantum algorithms working on classical probability distributions. We formulate four different models for accessing a classical probability distribution on a quantum computer, which are derived from previous work on the topic, and study their mutual relationships.
Additionally, we prove that quantum query complexity of distinguishing two probability distributions is given by their inverse Hellinger distance, which gives a quadratic improvement over classical query complexity for any pair of distributions.
The results are obtained by using the adversary method for state-generating input oracles and for distinguishing probability distributions on input strings
Oracles Are Subtle But Not Malicious
Theoretical computer scientists have been debating the role of oracles since
the 1970's. This paper illustrates both that oracles can give us nontrivial
insights about the barrier problems in circuit complexity, and that they need
not prevent us from trying to solve those problems.
First, we give an oracle relative to which PP has linear-sized circuits, by
proving a new lower bound for perceptrons and low- degree threshold
polynomials. This oracle settles a longstanding open question, and generalizes
earlier results due to Beigel and to Buhrman, Fortnow, and Thierauf. More
importantly, it implies the first nonrelativizing separation of "traditional"
complexity classes, as opposed to interactive proof classes such as MIP and
MA-EXP. For Vinodchandran showed, by a nonrelativizing argument, that PP does
not have circuits of size n^k for any fixed k. We present an alternative proof
of this fact, which shows that PP does not even have quantum circuits of size
n^k with quantum advice. To our knowledge, this is the first nontrivial lower
bound on quantum circuit size.
Second, we study a beautiful algorithm of Bshouty et al. for learning Boolean
circuits in ZPP^NP. We show that the NP queries in this algorithm cannot be
parallelized by any relativizing technique, by giving an oracle relative to
which ZPP^||NP and even BPP^||NP have linear-size circuits. On the other hand,
we also show that the NP queries could be parallelized if P=NP. Thus, classes
such as ZPP^||NP inhabit a "twilight zone," where we need to distinguish
between relativizing and black-box techniques. Our results on this subject have
implications for computational learning theory as well as for the circuit
minimization problem.Comment: 20 pages, 1 figur
- …