Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

The famous Fiat-Shamir transformation turns any public-coin three-round interactive proof, i.e., any so-called sigma-protocol, into a non-interactive proof in the random-oracle model. We study this transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition. Our main result is a generic reduction that transforms any quantum dishonest prover attacking the Fiat-Shamir transformation in the quantum random-oracle model into a similarly successful quantum dishonest prover attacking the underlying sigma-protocol (in the standard model). Applied to the standard soundness and proof-of-knowledge definitions, our reduction implies that both these security properties, in both the computational and the statistical variant, are preserved under the Fiat-Shamir transformation even when allowing quantum attacks. Our result improves and completes the partial results that have been known so far, but it also proves wrong certain claims made in the literature. In the context of post-quantum secure signature schemes, our results imply that for any sigma-protocol that is a proof-of-knowledge against quantum dishonest provers (and that satisfies some additional natural properties), the corresponding Fiat-Shamir signature scheme is secure in the quantum random-oracle model. For example, we can conclude that the non-optimized version of Fish, which is the bare Fiat-Shamir variant of the NIST candidate Picnic, is secure in the quantum random-oracle model.Comment: 20 page

Supersingular Isogeny Diffie-Hellman Authenticated Key Exchange

We propose two authenticated key exchange protocols from supersingular isogenies. Our protocols are the first post-quantum one-round Diffie-Hellman type authenticated key exchange ones in the following points: one is secure under the quantum random oracle model and the other resists against maximum exposure where a non-trivial combination of secret keys is revealed. The security of the former and the latter is proven under isogeny versions of the decisional and gap Diffie-Hellman assumptions, respectively. We also propose a new approach for invalidating the Galbraith-Vercauteren-type attack for the gap problem

From Driving Simulation to Virtual Reality

Driving simulation from the very beginning of the advent of VR technology uses the very same technology for visualization and similar technology for head movement tracking and high end 3D vision. They also share the same or similar difficulties in rendering movements of the observer in the virtual environments. The visual-vestibular conflict, due to the discrepancies perceived by the human visual and vestibular systems, induce the so-called simulation sickness, when driving or displacing using a control device (ex. Joystick). Another cause for simulation sickness is the transport delay, the delay between the action and the corresponding rendering cues. Another similarity between driving simulation and VR is need for correct scale 1:1 perception. Correct perception of speed and acceleration in driving simulation is crucial for automotive experiments for Advances Driver Aid System (ADAS) as vehicle behavior has to be simulated correctly and anywhere where the correct mental workload is an issue as real immersion and driver attention is depending on it. Correct perception of distances and object size is crucial using HMDs or CAVEs, especially as their use is frequently involving digital mockup validation for design, architecture or interior and exterior lighting. Today, the advents of high resolution 4K digital display technology allows near eye resolution stereoscopic 3D walls and integrate them in high performance CAVEs. High performance CAVEs now can be used for vehicle ergonomics, styling, interior lighting and perceived quality. The first CAVE in France, built in 2001 at Arts et Metiers ParisTech, is a 4 sided CAVE with a modifiable geometry with now traditional display technology. The latest one is Renault’s 70M 3D pixel 5 sides CAVE with 4K x 4K walls and floor and with a cluster of 20 PCs. Another equipment recently designed at Renault is the motion based CARDS driving simulator with CAVE like 4 sides display system providing full 3D immersion for the driver. The separation between driving simulation and digital mockup design review is now fading though different uses will require different simulation configurations. New application domains, such as automotive AR design, will bring combined features of VR and driving simulation technics, including CAVE like display system equipped driving simulators

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof techniques allow the reduction to record information about the adversary\u27s queries, a crucial feature of many classical ROM proofs, including all proofs of indifferentiability for hash function domain extension. In this work, we give a new QROM proof technique that overcomes this ``recording barrier\u27\u27. Our central observation is that when viewing the adversary\u27s query and the oracle itself in the Fourier domain, an oracle query switches from writing to the adversary\u27s space to writing to the oracle itself. This allows a reduction to simulate the oracle by simply recording information about the adversary\u27s query in the Fourier domain. We then use this new technique to show the indifferentiability of the Merkle-Damgard domain extender for hash functions. We also give a proof of security for the Fujisaki-Okamoto transformation; previous proofs required modifying the scheme to include an additional hash term. Given the threat posed by quantum computers and the push toward quantum-resistant cryptosystems, our work represents an important tool for efficient post-quantum cryptosystems

Efficient KEA-Style Lattice-Based Authenticated Key Exchange

Lattice-based cryptographic primitives are believed to have the property against attacks by quantum computers. In this work, we present a KEA-style authenticated key exchange protocol based on the ring learning with errors problem whose security is proven in the BR model with weak perfect forward secrecy. With properties of KEA such as implicit key authentication and simplicity, our protocol also enjoys many properties of lattice-based cryptography, namely asymptotic efficiency, conceptual simplicity, worst-case hardness assumption, and resistance to attacks by quantum computers. Our lattice-based authenticated key exchange protocol is more efficient than the protocol of Zhang et al. (EUROCRYPT 2015) with more concise structure, smaller key size and lower bandwidth. Also, our protocol enjoys the advantage of optimal online efficiency and we improve our protocol with pre-computation

Isogeny-Based Quantum-Resistant Undeniable Signatures

Abstract. We propose an undeniable signature scheme based on el-liptic curve isogenies, and prove its security under certain reasonable number-theoretic computational assumptions for which no efficient quan-tum algorithms are known. Our proposal represents only the second known quantum-resistant undeniable signature scheme, and the first such scheme secure under a number-theoretic complexity assumption