160 research outputs found
A Black-Box Approach to Post-Quantum Zero-Knowledge in Constant Rounds
In a recent seminal work, Bitansky and Shmueli (STOC \u2720) gave the first construction of a constant round zero-knowledge argument for NP secure against quantum attacks.
However, their construction has several drawbacks compared to the classical counterparts.
Specifically, their construction only achieves computational soundness, requires strong assumptions of quantum hardness of learning with errors (QLWE assumption) and the existence of quantum fully homomorphic encryption (QFHE), and relies on non-black-box simulation.
In this paper, we resolve these issues at the cost of weakening the notion of zero-knowledge to what is called -zero-knowledge.
Concretely, we construct the following protocols:
- We construct a constant round interactive proof for NP that satisfies statistical soundness and black-box -zero-knowledge against quantum attacks assuming the existence of collapsing hash functions, which is a quantum counterpart of collision-resistant hash functions.
Interestingly, this construction is just an adapted version of the classical protocol by Goldreich and Kahan (JoC \u2796) though the proof of -zero-knowledge property against quantum adversaries requires novel ideas.
- We construct a constant round interactive argument for NP that satisfies computational soundness and black-box -zero-knowledge against quantum attacks only assuming the existence of post-quantum one-way functions.
At the heart of our results is a new quantum rewinding technique that enables a simulator to extract a committed message of a malicious verifier while simulating verifier\u27s internal state in an appropriate sense
Statistical Zero Knowledge and quantum one-way functions
One-way functions are a very important notion in the field of classical
cryptography. Most examples of such functions, including factoring, discrete
log or the RSA function, can be, however, inverted with the help of a quantum
computer. In this paper, we study one-way functions that are hard to invert
even by a quantum adversary and describe a set of problems which are good such
candidates. These problems include Graph Non-Isomorphism, approximate Closest
Lattice Vector and Group Non-Membership. More generally, we show that any hard
instance of Circuit Quantum Sampling gives rise to a quantum one-way function.
By the work of Aharonov and Ta-Shma, this implies that any language in
Statistical Zero Knowledge which is hard-on-average for quantum computers,
leads to a quantum one-way function. Moreover, extending the result of
Impagliazzo and Luby to the quantum setting, we prove that quantum
distributionally one-way functions are equivalent to quantum one-way functions.
Last, we explore the connections between quantum one-way functions and the
complexity class QMA and show that, similarly to the classical case, if any of
the above candidate problems is QMA-complete then the existence of quantum
one-way functions leads to the separation of QMA and AvgBQP.Comment: 20 pages; Computational Complexity, Cryptography and Quantum Physics;
Published version, main results unchanged, presentation improve
On the power quantum computation over real Hilbert spaces
We consider the power of various quantum complexity classes with the
restriction that states and operators are defined over a real, rather than
complex, Hilbert space. It is well know that a quantum circuit over the complex
numbers can be transformed into a quantum circuit over the real numbers with
the addition of a single qubit. This implies that BQP retains its power when
restricted to using states and operations over the reals. We show that the same
is true for QMA(k), QIP(k), QMIP, and QSZK.Comment: Significant improvements from previous version, in particular showing
both containments (eg. QMA_R is in QMA and vice versa
Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model
Strongly unforgeable signature schemes provide a more stringent security
guarantee than the standard existential unforgeability. It requires that not
only forging a signature on a new message is hard, it is infeasible as well to
produce a new signature on a message for which the adversary has seen valid
signatures before. Strongly unforgeable signatures are useful both in practice
and as a building block in many cryptographic constructions.
This work investigates a generic transformation that compiles any
existential-unforgeable scheme into a strongly unforgeable one, which was
proposed by Teranishi et al. and was proven in the classical random-oracle
model. Our main contribution is showing that the transformation also works
against quantum adversaries in the quantum random-oracle model. We develop
proof techniques such as adaptively programming a quantum random-oracle in a
new setting, which could be of independent interest. Applying the
transformation to an existential-unforgeable signature scheme due to Cash et
al., which can be shown to be quantum-secure assuming certain lattice problems
are hard for quantum computers, we get an efficient quantum-secure strongly
unforgeable signature scheme in the quantum random-oracle model.Comment: 15 pages, to appear in Proceedings TQC 201
Increasing the power of the verifier in Quantum Zero Knowledge
In quantum zero knowledge, the assumption was made that the verifier is only
using unitary operations. Under this assumption, many nice properties have been
shown about quantum zero knowledge, including the fact that Honest-Verifier
Quantum Statistical Zero Knowledge (HVQSZK) is equal to Cheating-Verifier
Quantum Statistical Zero Knowledge (QSZK) (see [Wat02,Wat06]).
In this paper, we study what happens when we allow an honest verifier to flip
some coins in addition to using unitary operations. Flipping a coin is a
non-unitary operation but doesn't seem at first to enhance the cheating
possibilities of the verifier since a classical honest verifier can flip coins.
In this setting, we show an unexpected result: any classical Interactive Proof
has an Honest-Verifier Quantum Statistical Zero Knowledge proof with coins.
Note that in the classical case, honest verifier SZK is no more powerful than
SZK and hence it is not believed to contain even NP. On the other hand, in the
case of cheating verifiers, we show that Quantum Statistical Zero Knowledge
where the verifier applies any non-unitary operation is equal to Quantum
Zero-Knowledge where the verifier uses only unitaries.
One can think of our results in two complementary ways. If we would like to
use the honest verifier model as a means to study the general model by taking
advantage of their equivalence, then it is imperative to use the unitary
definition without coins, since with the general one this equivalence is most
probably not true. On the other hand, if we would like to use quantum zero
knowledge protocols in a cryptographic scenario where the honest-but-curious
model is sufficient, then adding the unitary constraint severely decreases the
power of quantum zero knowledge protocols.Comment: 17 pages, 0 figures, to appear in FSTTCS'0
- …