# Hidden Cosets and Applications to Unclonable Cryptography

@article{Coladangelo2021HiddenCA, title={Hidden Cosets and Applications to Unclonable Cryptography}, author={Andrea Coladangelo and Jiahui Liu and Qipeng Liu and Mark Zhandry}, journal={ArXiv}, year={2021}, volume={abs/2107.05692} }

In this work, we study a generalization of hidden subspace states to hidden coset states (first introduced by Aaronson and Christiano [STOC '12]). This notion was considered independently by Vidick and Zhang [Eurocrypt '21], in the context of proofs of quantum knowledge from quantum money schemes. We explore unclonable properties of coset states and several applications: - We show that assuming indistinguishability obfuscation (iO), hidden coset states possess a certain direct product hardness…

## 15 Citations

### A Note on Copy-Protection from Random Oracles

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2022

This work presents an impossibility result that rules out a class of copy-protection schemes in the random oracle model assuming the existence of quantum fully homomorphic encryption and quantum hardness of learning with errors.

### Public-key Quantum money with a classical bank

- Computer Science, PhysicsIACR Cryptol. ePrint Arch.
- 2021

This work constructs public-key semi-quantum money, based on quantum-secure indistinguishability obfuscation and the sub-exponential hardness of the Learning With Errors problem, with a new 3-message protocol.

### Functional Encryption with Secure Key Leasing

- Computer Science, Mathematics
- 2022

Secure software leasing is a quantum cryptographic primitive that enables us to lease software to a user by encoding it into a quantum state. Secure software leasing has a mechanism that verifies…

### On the Feasibility of Unclonable Encryption, and More

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

This work makes progress towards establishing the feasibility of unclonable encryption, where any non-local adversary cannot simultaneously recover the entire message.

### Quantum Prudent Contracts with Applications to Bitcoin

- Computer ScienceArXiv
- 2022

This work introduces quantum payment schemes, and shows how to implement prudent contracts—a non-trivial subset of the functionality that a network such as Ethereum provides, and can be used to upgrade the Bitcoin network to a quantum payment scheme.

### Uncloneable Decryptors from Quantum Copy-Protection

- Computer Science, MathematicsArXiv
- 2022

The constructions are the first to achieve CPA or CCA2 security in the symmetric setting and could be instantiated relative to either the quantum oracle used in [Aar09] or the classical oracle using in [ALL+21] to instantiate copy protection schemes.

### Constructive Post-Quantum Reductions

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2022

It is shown that any non-interactive non-adaptive reduction from assumptions with a polynomial solution space (such as decision assumptions) can be made post-quantum constructive, and that quantum auxiliary input that is useful against a problem with a super-polynomial solution space cannot be generically “restored” post-measurement.

### Quantum Proofs of Deletion for Learning with Errors

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

This work augments the proof-of-deletion paradigm with fully homomorphic encryption (FHE) and introduces an encoding based on Gaussian coset states which is highly generic and suggests that essentially any LWE-based cryptographic primitive admits a classically-verifiable quantum proof of deletion.

### Semi-Quantum Tokenized Signatures

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2022

A semi-quantum tokenized signature scheme based on quantum-secure indistinguishability obfuscation and the sub-exponential hardness of the Learning with Errors problem is constructed, which shows new properties of quantum coset states and a new hardness result on indistinguishly obfuscation of classical subspace membership circuits.

### Deniable encryption in a Quantum world

- Computer Science, MathematicsSTOC
- 2022

This work proposes a quantum analog of the classical definition of deniable encryption in a setting where the encryption procedure is a quantum algorithm, but the ciphertext is classical, and gives a fully efficient construction satisfying this definition, assuming the quantum hardness of the Learning with Errors problem.

## References

SHOWING 1-5 OF 5 REFERENCES

### Quantum Lightning Never Strikes the Same State Twice

- Physics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2017

This work investigates quantum lightning, a formalization of "collision-free quantum money" defined by Lutomirski et al, and shows that instantiating the quantum money scheme of Aaronson and Christiano with indistinguishability obfuscation that is secure against quantum computers yields a secure quantumMoney scheme.

### Conjugate coding

- PhysicsSIGA
- 1983

It is shown that in compensation for this "quantum noise", quantum mechanics allows us novel forms of coding without analogue in communication channels adequately described by classical physics.

### The Magic of ELFs

- Mathematics, Computer ScienceJournal of Cryptology
- 2018

This work develops a handful of techniques for using ELFs, and shows that such extreme lossiness is useful for instantiating random oracles in several settings, and gives a construction of ELFs relying on the exponential hardness of the decisional Diffie–Hellman problem, which is plausible in elliptic curve groups.

### On the Implausibility of Differing-Inputs Obfuscation and Extractable Witness Encryption with Auxiliary Input

- Computer Science, MathematicsAlgorithmica
- 2017

This work shows that the existence of general-purpose diO with general auxiliary input has a surprising consequence: it implies that a specific circuit cannot be obfuscated in a way that hides some specific information.

### Constrained Pseudorandom Functions and Their Applications

- Computer Science, MathematicsASIACRYPT
- 2013

It is shown that PRFs can be used to construct powerful primitives such as identity-based key exchange and a broadcast encryption system with optimal ciphertext size and several open problems relating to this new concept are put forward.