Post-Quantum Succinct Arguments: Breaking the Quantum Rewinding Barrier

  title={Post-Quantum Succinct Arguments: Breaking the Quantum Rewinding Barrier},
  author={Alessandro Chiesa and Fermi Ma and Nicholas Spooner and Mark Zhandry},
  journal={2021 IEEE 62nd Annual Symposium on Foundations of Computer Science (FOCS)},
  • A. Chiesa, Fermi Ma, Mark Zhandry
  • Published 15 March 2021
  • Computer Science, Mathematics
  • 2021 IEEE 62nd Annual Symposium on Foundations of Computer Science (FOCS)
We prove that Kilian's four-message succinct argument system is post-quantum secure in the standard model when instantiated with any probabilistically checkable proof and any collapsing hash function (which in turn exist based on the post-quantum hardness of Learning with Errors). This yields the first post-quantum succinct argument system from any falsifiable assumption. At the heart of our proof is a new quantum rewinding procedure that enables a reduction to repeatedly query a quantum… 

Figures from this paper

Post-Quantum Insecurity from LWE
This work provides (contrived) constructions of pseudorandom functions, CPA-secure symmetric-key encryption, message-authentication codes, signatures, and CCA-secure public- key encryption schemes, all of which are proven to be classically secure under LWE via black-box reductions, but demonstrably fail to be post-quantum secure.
Quantum Rewinding for Many-Round Protocols
It is shown that recent Bulletproofs-like protocols based on lattices satisfy these properties, and are hence sound against quantum adversaries, and a new quantum rewinding strategy is devised, which applies to any protocol satisfying natural multi-round generalizations of special soundness and collapsing.
Succinct Classical Verification of Quantum Computation
We construct a classically verifiable succinct interactive argument for quantum computation (BQP) with communication complexity and verifier runtime that are poly-logarithmic in the runtime of the
On the necessity of collapsing
This work gives a classical commit-and-open protocol which is post-quantum secure if and only if the commitment scheme used is collapse binding, and establishes that a variety of “weaker” post-Quantum computational binding notions are in fact equivalent to collapse binding.
Watermarking PRFs against Quantum Adversaries
A quantum extraction technique to extract information from a quantum state without destroying the state too much is developed and the notion of extraction-less watermarking PRFs is introduced as a crucial building block to achieve the results above.
VOProof: Efficient zkSNARKs from Vector Oracle Compilers
Improvements make the VOProof -based zkSNARKs more preferable in blockchain scenarios where the proof size and verification time are critical, and a Python framework for describing VO protocols and compiling them into working Rust code of zk SNARKs is implemented.
VCProof: Constructing Shorter and Faster-to-Verify zkSNARKs with Vector Oracles
A new methodology for the first step in SNARK construction is proposed, that first designs a matching Vector Oracle protocol before compiling it into a Polynomial IOP, which achieves shorter proofs and/or smaller verification costs compared to the state-of-the-art constructions targeting the same constraint systems.


+ negl( ) that E ck [ ] ≥ . By Theorem 5.1, E[ |ck] ≥ ck − · for some < 1. Hence by Markov's inequality, Pr
    Schrödinger's Pirate: How To Trace a Quantum Decoder
    This work explores the problem of traitor tracing where the pirate decoder can contain a quantum state, and shows how to trace quantum decoders in the setting of (public key) private linear broadcast encryption, capturing a common approach to traitor tracing.
    A non-PCP Approach to Succinct Quantum-Safe Zero-Knowledge
    Today’s most compact zero-knowledge arguments are based on the hardness of the discrete logarithm problem and related classical assumptions, which, by exploiting extra algebraic structure, are a few orders of magnitude more compact in practice than the generic constructions.
    Classical Proofs of Quantum Knowledge
    This work defines the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and provides two examples of protocols which can be shown to be proofs of quantum knowledge under this definition.
    One-shot signatures and applications to hybrid quantum/classical authentication
    One-shot signatures are defined, which are signatures where any secret key can be used to sign only a single message, and then self-destructs, and have numerous applications for hybrid quantum/classical cryptographic tasks, where all communication is required to be classical but local quantum operations are allowed.
    Succinct Arguments in the Quantum Random Oracle Model
    SNARGs are highly efficient certificates of membership in non-deterministic languages and are widely believed to be post-quantum secure, provided the oracle is instantiated with a suitable post- quantum hash function.
    Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments
    Two protocols based on a Boolean formula Phi containing and- , or- and not-operators which verifies an NP-witness of membership in L have the smallest known asymptotic communication complexity among general proofs or arguments for NP.
    Revisiting Post-Quantum Fiat-Shamir
    This work gives mild conditions under which Fiat- Shamir is secure in the quantum setting, and shows that existing lattice signatures based on Fiat-Shamir are secure without any modifications.
    Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model
    This work studies the famous Fiat-Shamir transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition.