22 research outputs found
Indistinguishability Obfuscation of Null Quantum Circuits and Applications
We study the notion of indistinguishability obfuscation for null quantum circuits (quantum null-iO). We present a construction assuming:
- The quantum hardness of learning with errors (LWE).
- Post-quantum indistinguishability obfuscation for classical circuits.
- A notion of "dual-mode" classical verification of quantum computation (CVQC). We give evidence that our notion of dual-mode CVQC exists by proposing a scheme that is secure assuming LWE in the quantum random oracle model (QROM).
Then we show how quantum null-iO enables a series of new cryptographic primitives that, prior to our work, were unknown to exist even making heuristic assumptions. Among others, we obtain the first witness encryption scheme for QMA, the first publicly verifiable non-interactive zero-knowledge (NIZK) scheme for QMA, and the first attribute-based encryption (ABE) scheme for BQP
Publicly-Verifiable Deletion via Target-Collapsing Functions
We build quantum cryptosystems that support publicly-verifiable deletion from
standard cryptographic assumptions. We introduce target-collapsing as a
weakening of collapsing for hash functions, analogous to how second preimage
resistance weakens collision resistance; that is, target-collapsing requires
indistinguishability between superpositions and mixtures of preimages of an
honestly sampled image.
We show that target-collapsing hashes enable publicly-verifiable deletion
(PVD), proving conjectures from [Poremba, ITCS'23] and demonstrating that the
Dual-Regev encryption (and corresponding fully homomorphic encryption) schemes
support PVD under the LWE assumption. We further build on this framework to
obtain a variety of primitives supporting publicly-verifiable deletion from
weak cryptographic assumptions, including:
- Commitments with PVD assuming the existence of injective one-way functions,
or more generally, almost-regular one-way functions. Along the way, we
demonstrate that (variants of) target-collapsing hashes can be built from
almost-regular one-way functions.
- Public-key encryption with PVD assuming trapdoored variants of injective
(or almost-regular) one-way functions. We also demonstrate that the encryption
scheme of [Hhan, Morimae, and Yamakawa, Eurocrypt'23] based on pseudorandom
group actions has PVD.
- with PVD for attribute-based encryption, quantum
fully-homomorphic encryption, witness encryption, time-revocable
encryption, assuming and trapdoored variants of injective (or
almost-regular) one-way functions.Comment: 52 page
Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption
An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)).
In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.
As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation
Weakening Assumptions for Publicly-Verifiable Deletion
We develop a simple compiler that generically adds publicly-verifiable
deletion to a variety of cryptosystems. Our compiler only makes use of one-way
functions (or one-way state generators, if we allow the public verification key
to be quantum). Previously, similar compilers either relied on the use of
indistinguishability obfuscation (Bartusek et. al., ePrint:2023/265) or
almost-regular one-way functions (Bartusek, Khurana and Poremba,
arXiv:2303.08676).Comment: 13 pages. arXiv admin note: text overlap with arXiv:2303.0867
Publicly-Verifiable Deletion via Target-Collapsing Functions
We build quantum cryptosystems that support publicly-verifiable deletion from standard cryptographic assumptions. We introduce target-collapsing as a weakening of collapsing for hash functions, analogous to how second preimage resistance weakens collision resistance; that is, target-collapsing requires indistinguishability between superpositions and mixtures of preimages of an honestly sampled image.
We show that target-collapsing hashes enable publicly-verifiable deletion (PVD), proving conjectures from [Poremba, ITCS\u2723] and demonstrating that the Dual-Regev encryption (and corresponding fully homomorphic encryption) schemes support PVD under the LWE assumption. We further build on this framework to obtain a variety of primitives supporting publicly-verifiable deletion from weak cryptographic assumptions, including:
- Commitments with PVD assuming the existence of injective one-way functions, or more generally, almost-regular one-way functions. Along the way, we demonstrate that (variants of) target-collapsing hashes can be built from almost-regular one-way functions.
- Public-key encryption with PVD assuming trapdoored variants of injective (or almost-regular) one-way functions. We also demonstrate that the encryption scheme of [Hhan, Morimae, and Yamakawa, Eurocrypt\u2723] based on pseudorandom group actions has PVD.
- with PVD for attribute-based encryption, quantum fully-homomorphic encryption, witness encryption, time-revocable encryption, assuming and trapdoored variants of injective (or almost-regular) one-way functions
Secure Computation with Shared EPR Pairs (Or: How to Teleport in Zero-Knowledge)
Can a sender non-interactively transmit one of two strings to a receiver without knowing which string was received? Does there exist minimally-interactive secure multiparty computation that only makes (black-box) use of symmetric-key primitives? We provide affirmative answers to these questions in a model where parties have access to shared EPR pairs, thus demonstrating the cryptographic power of this resource.
First, we construct a one-shot (i.e., single message) string oblivious transfer (OT) protocol with random receiver bit in the shared EPR pairs model, assuming the (sub-exponential) hardness of LWE. Building on this, we show that {\em secure teleportation through quantum channels} is possible. Specifically, given the description of any quantum operation , a sender with (quantum) input can send a single classical message that securely transmits to a receiver. That is, we realize an ideal quantum channel that takes input from the sender and provably delivers to the receiver without revealing any other information. This immediately gives a number of applications in the shared EPR pairs model: (1) non-interactive secure computation of unidirectional \emph{classical} randomized functionalities, (2) NIZK for QMA from standard (sub-exponential) hardness assumptions, and (3) a non-interactive \emph{zero-knowledge} state synthesis protocol.
Next, we construct a two-round (round-optimal) secure multiparty computation protocol for classical functionalities in the shared EPR pairs model that is \emph{unconditionally-secure} in the (quantum-accessible) random oracle model.
Classically, both of these results cannot be obtained without some form of correlated randomness shared between the parties, and the only known approach is to have a trusted dealer set up random (string) OT correlations. In the quantum world, we show that shared EPR pairs (which are simple and can be deterministically generated) are sufficient. At the heart of our work are novel techniques for making use of entangling operations to generate string OT correlations, and for instantiating the Fiat-Shamir transform using correlation-intractability in the quantum setting
Reusable Two-Round MPC from DDH
We present a reusable two-round multi-party computation (MPC) protocol from the Decisional Diffie
Hellman assumption (DDH). In particular, we show how to upgrade any secure two-round MPC protocol
to allow reusability of its first message across multiple computations, using Homomorphic Secret Sharing
(HSS) and pseudorandom functions in NC1— each of which can be instantiated from DDH.
In our construction, if the underlying two-round MPC protocol is secure against semi-honest adversaries (in the plain model) then so is our reusable two-round MPC protocol. Similarly, if the underlying
two-round MPC protocol is secure against malicious adversaries (in the common random/reference string
model) then so is our reusable two-round MPC protocol. Previously, such reusable two-round MPC protocols were only known under assumptions on lattices.
At a technical level, we show how to upgrade any two-round MPC protocol to a first message succinct
two-round MPC protocol, where the first message of the protocol is generated independently of the
computed circuit (though it is not reusable). This step uses homomorphic secret sharing (HSS) and low-depth pseudorandom functions. Next, we show a generic transformation that upgrades any first message
succinct two-round MPC to allow for reusability of its first message
Obfuscation of Pseudo-Deterministic Quantum Circuits
We show how to obfuscate pseudo-deterministic quantum circuits in the classical oracle model, assuming the quantum hardness of learning with errors. Given the classical description of a quantum circuit , our obfuscator outputs a quantum state that can be used to evaluate repeatedly on arbitrary inputs.
Instantiating the classical oracle using any candidate post-quantum indistinguishability obfuscator gives us the first candidate construction of indistinguishability obfuscation for all polynomial-size pseudo-deterministic quantum circuits. In particular, our scheme is the first candidate obfuscator for a class of circuits that is powerful enough to implement Shor\u27s algorithm (SICOMP 1997).
Our approach follows Bartusek and Malavolta (ITCS 2022), who obfuscate \emph{null} quantum circuits by obfuscating the verifier of an appropriate classical verification of quantum computation (CVQC) scheme. We go beyond null circuits by constructing a publicly-verifiable CVQC scheme for quantum \emph{partitioning} circuits, which can be used to verify the evaluation procedure of Mahadev\u27s quantum fully-homomorphic encryption scheme (FOCS 2018). We achieve this by upgrading the one-time secure scheme of Bartusek (TCC 2021) to a fully reusable scheme, via a publicly-decodable \emph{Pauli functional commitment}, which we formally define and construct in this work. This commitment scheme, which satisfies a notion of binding against committers that can access the receiver\u27s standard and Hadamard basis decoding functionalities, is constructed by building on techniques of Amos, Georgiou, Kiayias, and Zhandry (STOC 2020) introduced in the context of equivocal but collision-resistant hash functions