1,189 research outputs found
A tight security reduction in the quantum random oracle model for code-based signature schemes
Quantum secure signature schemes have a lot of attention recently, in
particular because of the NIST call to standardize quantum safe cryptography.
However, only few signature schemes can have concrete quantum security because
of technical difficulties associated with the Quantum Random Oracle Model
(QROM). In this paper, we show that code-based signature schemes based on the
full domain hash paradigm can behave very well in the QROM i.e. that we can
have tight security reductions. We also study quantum algorithms related to the
underlying code-based assumption. Finally, we apply our reduction to a concrete
example: the SURF signature scheme. We provide parameters for 128 bits of
quantum security in the QROM and show that the obtained parameters are
competitive compared to other similar quantum secure signature schemes
Ramanujan graphs in cryptography
In this paper we study the security of a proposal for Post-Quantum
Cryptography from both a number theoretic and cryptographic perspective.
Charles-Goren-Lauter in 2006 [CGL06] proposed two hash functions based on the
hardness of finding paths in Ramanujan graphs. One is based on
Lubotzky-Phillips-Sarnak (LPS) graphs and the other one is based on
Supersingular Isogeny Graphs. A 2008 paper by Petit-Lauter-Quisquater breaks
the hash function based on LPS graphs. On the Supersingular Isogeny Graphs
proposal, recent work has continued to build cryptographic applications on the
hardness of finding isogenies between supersingular elliptic curves. A 2011
paper by De Feo-Jao-Pl\^{u}t proposed a cryptographic system based on
Supersingular Isogeny Diffie-Hellman as well as a set of five hard problems. In
this paper we show that the security of the SIDH proposal relies on the
hardness of the SIG path-finding problem introduced in [CGL06]. In addition,
similarities between the number theoretic ingredients in the LPS and Pizer
constructions suggest that the hardness of the path-finding problem in the two
graphs may be linked. By viewing both graphs from a number theoretic
perspective, we identify the similarities and differences between the Pizer and
LPS graphs.Comment: 33 page
Quantum walks on general graphs
Quantum walks, both discrete (coined) and continuous time, on a general graph
of N vertices with undirected edges are reviewed in some detail. The resource
requirements for implementing a quantum walk as a program on a quantum computer
are compared and found to be very similar for both discrete and continuous time
walks. The role of the oracle, and how it changes if more prior information
about the graph is available, is also discussed.Comment: 8 pages, v2: substantial rewrite improves clarity, corrects errors
and omissions; v3: removes major error in final section and integrates
remainder into other sections, figures remove
Group theory in cryptography
This paper is a guide for the pure mathematician who would like to know more
about cryptography based on group theory. The paper gives a brief overview of
the subject, and provides pointers to good textbooks, key research papers and
recent survey papers in the area.Comment: 25 pages References updated, and a few extra references added. Minor
typographical changes. To appear in Proceedings of Groups St Andrews 2009 in
Bath, U
New Developments in Quantum Algorithms
In this survey, we describe two recent developments in quantum algorithms.
The first new development is a quantum algorithm for evaluating a Boolean
formula consisting of AND and OR gates of size N in time O(\sqrt{N}). This
provides quantum speedups for any problem that can be expressed via Boolean
formulas. This result can be also extended to span problems, a generalization
of Boolean formulas. This provides an optimal quantum algorithm for any Boolean
function in the black-box query model.
The second new development is a quantum algorithm for solving systems of
linear equations. In contrast with traditional algorithms that run in time
O(N^{2.37...}) where N is the size of the system, the quantum algorithm runs in
time O(\log^c N). It outputs a quantum state describing the solution of the
system.Comment: 11 pages, 1 figure, to appear as an invited survey talk at MFCS'201
Locality-Preserving Hashing for Shifts with Connections to Cryptography
Can we sense our location in an unfamiliar environment by taking a
sublinear-size sample of our surroundings? Can we efficiently encrypt a message
that only someone physically close to us can decrypt? To solve this kind of
problems, we introduce and study a new type of hash functions for finding
shifts in sublinear time. A function is a
{\em locality-preserving hash function for shifts} (LPHS) if: (1)
can be computed by (adaptively) querying bits of its input, and (2)
, where is random and
denotes a cyclic shift by one bit to the left. We make the following
contributions.
* Near-optimal LPHS via Distributed Discrete Log: We establish a general
two-way connection between LPHS and algorithms for distributed discrete
logarithm in the generic group model. Using such an algorithm of Dinur et al.
(Crypto 2018), we get LPHS with near-optimal error of .
This gives an unusual example for the usefulness of group-based cryptography in
a post-quantum world. We extend the positive result to non-cyclic and
worst-case variants of LPHS.
* Multidimensional LPHS: We obtain positive and negative results for a
multidimensional extension of LPHS, making progress towards an optimal
2-dimensional LPHS.
* Applications: We demonstrate the usefulness of LPHS by presenting
cryptographic and algorithmic applications. In particular, we apply
multidimensional LPHS to obtain an efficient "packed" implementation of
homomorphic secret sharing and a sublinear-time implementation of
location-sensitive encryption whose decryption requires a significantly
overlapping view
Quantum algorithms for subset finding
Recently, Ambainis gave an O(N^(2/3))-query quantum walk algorithm for
element distinctness, and more generally, an O(N^(L/(L+1)))-query algorithm for
finding L equal numbers. We point out that this algorithm actually solves a
much more general problem, the problem of finding a subset of size L that
satisfies any given property. We review the algorithm and give a considerably
simplified analysis of its query complexity. We present several applications,
including two algorithms for the problem of finding an L-clique in an N-vertex
graph. One of these algorithms uses O(N^(2L/(L+1))) edge queries, and the other
uses \tilde{O}(N^((5L-2)/(2L+4))), which is an improvement for L <= 5. The
latter algorithm generalizes a recent result of Magniez, Santha, and Szegedy,
who considered the case L=3 (finding a triangle). We also pose two open
problems regarding continuous time quantum walk and lower bounds.Comment: 7 pages; note added on related results in quant-ph/031013
- …