Quantum Algorithms for Attacking Hardness Assumptions in Classical and Post‐Quantum Cryptography

In this survey, the authors review the main quantum algorithms for solving the computational problems that serve as hardness assumptions for cryptosystem. To this end, the authors consider both the currently most widely used classically secure cryptosystems, and the most promising candidates for post-quantum secure cryptosystems. The authors provide details on the cost of the quantum algorithms presented in this survey. The authors furthermore discuss ongoing research directions that can impact quantum cryptanalysis in the future

Cryptography

The Oberwolfach workshop Cryptography brought together scientists from cryptography with mathematicians specializing in the algorithmic problems underlying cryptographic security. The goal of the workshop was to stimulate interaction and collaboration that enables a holistic approach to designing cryptography from the mathematical foundations to practical applications. The workshop covered basic computational problems such as factoring and computing discrete logarithms and short vectors. It addressed fundamental research results leading to innovative cryptography for protecting security and privacy in cloud applications. It also covered some practical applications

From Information Theory Puzzles in Deletion Channels to Deniability in Quantum Cryptography

Research questions, originally rooted in quantum key exchange (QKE), have branched off into independent lines of inquiry ranging from information theory to fundamental physics. In a similar vein, the first part of this thesis is dedicated to information theory problems in deletion channels that arose in the context of QKE. From the output produced by a memoryless deletion channel with a uniformly random input of known length n, one obtains a posterior distribution on the channel input. The difference between the Shannon entropy of this distribution and that of the uniform prior measures the amount of information about the channel input which is conveyed by the output of length m. We first conjecture on the basis of experimental data that the entropy of the posterior is minimized by the constant strings 000..., 111... and maximized by the alternating strings 0101..., 1010.... Among other things, we derive analytic expressions for minimal entropy and propose alternative approaches for tackling the entropy extremization problem. We address a series of closely related combinatorial problems involving binary (sub/super)-sequences and prove the original minimal entropy conjecture for the special cases of single and double deletions using clustering techniques and a run-length encoding of strings. The entropy analysis culminates in a fundamental characterization of the extremal entropic cases in terms of the distribution of embeddings. We confirm the minimization conjecture in the asymptotic limit using results from hidden word statistics by showing how the analytic-combinatorial methods of Flajolet, Szpankowski and Vallée, relying on generating functions, can be applied to resolve the case of fixed output length and n → ∞. In the second part, we revisit the notion of deniability in QKE, a topic that remains largely unexplored. In a work by Donald Beaver it is argued that QKE protocols are not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and discuss how it extends to other prepare-and-measure QKE schemes such as QKE obtained from uncloneable encryption. We adopt the framework for quantum authenticated key exchange developed by Mosca et al. and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. We also elaborate on the differences between our model and the standard simulation-based definition of deniable key exchange in the classical setting. We establish a connection between the concept of covert communication and deniability by applying results from a work by Arrazola and Scarani on obtaining covert quantum communication and covert QKE to propose a simple construction for coercer-deniable QKE. We prove the deniability of this scheme via a reduction to the security of covert QKE. We relate deniability to fundamental concepts in quantum information theory and suggest a generic approach based on entanglement distillation for achieving information-theoretic deniability, followed by an analysis of other closely related results such as the relation between the impossibility of unconditionally secure quantum bit commitment and deniability. Finally, we present an efficient coercion-resistant and quantum-secure voting scheme, based on fully homomorphic encryption (FHE) and recent advances in various FHE primitives such as hashing, zero-knowledge proofs of correct decryption, verifiable shuffles and threshold FHE

LIPIcs, Volume 251, ITCS 2023, Complete Volume

LIPIcs, Volume 251, ITCS 2023, Complete Volum

Programming Languages and Systems

This open access book constitutes the proceedings of the 30th European Symposium on Programming, ESOP 2021, which was held during March 27 until April 1, 2021, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg and changed to an online format due to the COVID-19 pandemic. The 24 papers included in this volume were carefully reviewed and selected from 79 submissions. They deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems

Classical and quantum sublinear algorithms

This thesis investigates the capabilities of classical and quantum sublinear algorithms through the lens of complexity theory. The formal classification of problems between “tractable” (by constructing efficient algorithms that solve them) and “intractable” (by proving no efficient algorithm can) is among the most fruitful lines of work in theoretical computer science, which includes, amongst an abundance of fundamental results and open problems, the notorious P vs. NP question. This particular incarnation of the decision-versus-verification question stems from a choice of computational model: polynomial-time Turing machines. It is far from the only model worthy of investigation, however; indeed, measuring time up to polynomial factors is often too “coarse” for practical applications. We focus on quantum computation, a more complete model of physically realisable computation where quantum mechanical phenomena (such as interference and entanglement) may be used as computational resources; and sublinear algorithms, a formalisation of ultra-fast computation where merely reading or storing the entire input is impractical, e.g., when processing massive datasets such as social networks or large databases. We begin our investigation by studying structural properties of local algorithms, a large class of sublinear algorithms that includes property testers and is characterised by the inability to even see most of the input. We prove that, in this setting, queries – the main complexity measure – can be replaced with random samples. Applying this transformation yields, among other results, the state-of-the-art query lower bound for relaxed local decoders. Focusing our attention onto property testers, we begin to chart the complexity�theoretic landscape arising from the classical vs. quantum and decision vs. verification questions in testing. We show that quantum hardware and communication with a powerful but untrusted prover are “orthogonal” resources, so that one cannot be substituted for the other. This implies all of the possible separations among the analogues of QMA, MA and BQP in the property-testing setting. We conclude with a study of zero-knowledge for (classical) streaming algorithms, which receive one-pass access to the entirety of their input but only have sublinear space. Inspired by cryptographic tools, we construct commitment protocols that are unconditionally secure in the streaming model and can be leveraged to obtain zero-knowledge streaming interactive proofs – and, in particular, show that zero-knowledge is achievable in this model

Unclonability and quantum cryptanalysis: from foundations to applications

The impossibility of creating perfect identical copies of unknown quantum systems is a fundamental concept in quantum theory and one of the main non-classical properties of quantum information. This limitation imposed by quantum mechanics, famously known as the no-cloning theorem, has played a central role in quantum cryptography as a key component in the security of quantum protocols. In this thesis, we look at \emph{Unclonability} in a broader context in physics and computer science and more specifically through the lens of cryptography, learnability and hardware assumptions. We introduce new notions of unclonability in the quantum world, namely \emph{quantum physical unclonability}, and study the relationship with cryptographic properties and assumptions such as unforgeability, randomness and pseudorandomness. The purpose of this study is to bring new insights into the field of quantum cryptanalysis and into the notion of unclonability itself. We also discuss applications of this new type of unclonability as a cryptographic resource for designing provably secure quantum protocols. First, we study the unclonability of quantum processes and unitaries in relation to their learnability and unpredictability. The instinctive idea of unpredictability from a cryptographic perspective is formally captured by the notion of \emph{unforgeability}. Intuitively, unforgeability means that an adversary should not be able to produce the output of an \emp{unknown} function or process from a limited number of input-output samples of it. Even though this notion is almost easily formalized in classical cryptography, translating it to the quantum world against a quantum adversary has been proven challenging. One of our contributions is to define a new unified framework to analyse the unforgeability property for both classical and quantum schemes in the quantum setting. This new framework is designed in such a way that can be readily related to the novel notions of unclonability that we will define in the following chapters. Another question that we try to address here is "What is the fundamental property that leads to unclonability?" In attempting to answer this question, we dig into the relationship between unforgeability and learnability, which motivates us to repurpose some learning tools as a new cryptanalysis toolkit. We introduce a new class of quantum attacks based on the concept of `emulation' and learning algorithms, breaking new ground for more sophisticated and complicated algorithms for quantum cryptanalysis. Second, we formally represent, for the first time, the notion of physical unclonability in the quantum world by introducing \emph{Quantum Physical Unclonable Functions (qPUF)} as the quantum analogue of Physical Unclonable Functions (PUF). PUF is a hardware assumption introduced previously in the literature of hardware security, as physical devices with unique behaviour, due to manufacturing imperfections and natural uncontrollable disturbances that make them essentially hard to reproduce. We deliver the mathematical model for qPUFs, and we formally study their main desired cryptographic property, namely unforgeability, using our previously defined unforgeability framework. In light of these new techniques, we show several possibility and impossibility results regarding the unforgeability of qPUFs. We will also discuss how the quantum version of physical unclonability relates to randomness and unknownness in the quantum world, exploring further the extended notion of unclonability. Third, we dive deeper into the connection between physical unclonability and related hardware assumptions with quantum pseudorandomness. Like unclonability in quantum information, pseudorandomness is also a fundamental concept in cryptography and complexity. We uncover a deep connection between Pseudorandom Unitaries (PRU) and quantum physical unclonable functions by proving that both qPUFs and the PRU can be constructed from each other. We also provide a novel route towards realising quantum pseudorandomness, distinct from computational assumptions. Next, we propose new applications of unclonability in quantum communication, using the notion of physical unclonability as a new resource to achieve provably secure quantum protocols against quantum adversaries. We propose several protocols for mutual entity identification in a client-server or quantum network setting. Authentication and identification are building-block tasks for quantum networks, and our protocols can provide new resource-efficient applications for quantum communications. The proposed protocols use different quantum and hybrid (quantum-classical) PUF constructions and quantum resources, which we compare and attempt in reducing, as much as possible throughout the various works we present. Specifically, our hybrid construction can provide quantum security using limited quantum communication resources that cause our protocols to be implementable and practical in the near term. Finally, we present a new practical cryptanalysis technique concerning the problem of approximate cloning of quantum states. We propose variational quantum cloning (\VQC), a quantum machine learning-based cryptanalysis algorithm which allows an adversary to obtain optimal (approximate) cloning strategies with short depth quantum circuits, trained using the hybrid classical-quantum technique. This approach enables the end-to-end discovery of hardware efficient quantum circuits to clone specific families of quantum states, which has applications in the foundations and cryptography. In particular, we use a cloning-based attack on two quantum coin-flipping protocols and show that our algorithm can improve near term attacks on these protocols, using approximate quantum cloning as a resource. Throughout this work, we demonstrate how the power of quantum learning tools as attacks on one hand, and the power of quantum unclonability as a security resource, on the other hand, fight against each other to break and ensure security in the near term quantum era

Computer science: the hardware software and heart of IT

1st edition, 201