# Revisiting Post-Quantum Fiat-Shamir

@inproceedings{Liu2019RevisitingPF, title={Revisiting Post-Quantum Fiat-Shamir}, author={Qipeng Liu and Mark Zhandry}, booktitle={IACR Cryptology ePrint Archive}, year={2019} }

The Fiat-Shamir transformation is a useful approach to building non-interactive arguments (of knowledge) in the random oracle model. Unfortunately, existing proof techniques are incapable of proving the security of Fiat-Shamir in the quantum setting. The problem stems from (1) the difficulty of quantum rewinding, and (2) the inability of current techniques to adaptively program random oracles in the quantum setting. In this work, we show how to overcome the limitations above in many settings…

## 86 Citations

### Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work studies the famous Fiat-Shamir transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition.

### Quantum Rewinding for Many-Round Protocols

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

It is shown that recent Bulletproofs-like protocols based on lattices satisfy these properties, and are hence sound against quantum adversaries, and a new quantum rewinding strategy is devised, which applies to any protocol satisfying natural multi-round generalizations of special soundness and collapsing.

### Quantum security of the Fiat-Shamir transform of commit and open protocols

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This paper shows that if the authors start from a commit-and-open identification scheme, where the prover first commits to several strings and then as a second message opens a subset of them depending on the verifier's message, then the Fiat-Shamir transform is quantum secure, for a suitable choice of commitment scheme.

### Post-Quantum Succinct Arguments: Breaking the Quantum Rewinding Barrier

- Computer Science, Mathematics2021 IEEE 62nd Annual Symposium on Foundations of Computer Science (FOCS)
- 2022

We prove that Kilian's four-message succinct argument system is post-quantum secure in the standard model when instantiated with any probabilistically checkable proof and any collapsing hash function…

### Tight quantum security of the Fiat-Shamir transform for commit-and-open identification schemes with applications to post-quantum signature schemes

- Computer Science, Mathematics
- 2019

If the authors start from a commit-and-open identification scheme, where the prover first commits to several strings and then as a second message opens a subset of them depending on the verifier's message, then there is a tight quantum reduction for the Fiat-Shamir transform to special soundness notions.

### Post-quantum Resettably-Sound Zero Knowledge

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

It is proved that any quantumly-resettably-sound zero-knowledge protocol for NP implies the impossibility of quantum obfuscation, giving an alternative proof to several recent results on quantum unobfuscatability.

### A Note on the Post-Quantum Security of (Ring) Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work revisits the security of classical signatures and ring signatures in a quantum world and proposes a new definition of blind-unforgeability that does not suffer from the above issue.

### Quantum Random Oracle Model with Auxiliary Input

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

The random oracle model (ROM) is an idealized model where hash functions are modeled as random functions that are only accessible as oracles and no work has dealt with the above two problems simultaneously.

### Constructive Post-Quantum Reductions

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2022

It is shown that any non-interactive non-adaptive reduction from assumptions with a polynomial solution space (such as decision assumptions) can be made post-quantum constructive, and that quantum auxiliary input that is useful against a problem with a super-polynomial solution space cannot be generically “restored” post-measurement.

### A New Simple Technique to Bootstrap Various Lattice Zero-Knowledge Proofs to QROM Secure NIZKs

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

A new simple semi-generic transform that compiles many existing lattice-based Σ-/public-coin HVZK interactive protocols into QROM secure NIZKs and builds on a new primitive called extractable linear homomorphic commitment protocol, which has several appealing features.

## References

SHOWING 1-10 OF 28 REFERENCES

### The Fiat-Shamir Transformation in a Quantum World

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2013

It has been unclear if the Fiat-Shamir technique is still secure in this quantum oracle model (QROM) and whether such adversaries should be allowed to query the random oracle in superposition.

### Post-quantum Security of Fiat-Shamir

- Computer Science, MathematicsASIACRYPT
- 2017

The Fiat-Shamir construction is an efficient transformation in the random oracle model for creating non-interactive proof systems and signatures from sigma-protocols, but Ambainis, Rosmanis, and Unruh ruled out non-relativizing proofs under those conditions in the quantum setting.

### A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

The goal of this current paper is to create a generic framework for constructing tight reductions in the QROM from underlying hard problems to Fiat-Shamir signatures.

### Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work studies the famous Fiat-Shamir transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition.

### Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding

- Computer Science, Mathematics2014 IEEE 55th Annual Symposium on Foundations of Computer Science
- 2014

It is shown that classically secure proofs and proofs of knowledge are insecure in the quantum setting, and the "pick-one trick" is developed, a general technique that allows an adversary to find one value satisfying a given predicate, but not two.

### Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms

- Computer Science, MathematicsTCC
- 2016

The scheme is a combination of an asymmetric and a symmetric encryption scheme that are secure in a weak sense that is a slight modification of the Fujisaki-Okamoto transform that is secure against classical adversaries.

### Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model

- Computer Science, MathematicsEUROCRYPT
- 2014

We present a construction for non-interactive zero-knowledge proofs of knowledge in the random oracle model from general sigma-protocols. Our construction is secure against quantum adversaries. Prior…

### Secure Identity-Based Encryption in the Quantum Random Oracle Model

- Computer Science, MathematicsCRYPTO
- 2012

This work gives the first proof of security for an identity-based encryption (IBE) scheme in the quantum random oracle model and argues that the aforementioned cryptosystems are secure against quantum adversaries.

### How to Record Quantum Queries, and Applications to Quantum Indifferentiability

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof…

### Random Oracles in a Quantum World

- Computer Science, MathematicsASIACRYPT
- 2011

It is shown that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure.