Revisiting Post-Quantum Fiat-Shamir

@inproceedings{Liu2019RevisitingPF,
  title={Revisiting Post-Quantum Fiat-Shamir},
  author={Qipeng Liu and Mark Zhandry},
  booktitle={IACR Cryptology ePrint Archive},
  year={2019}
}
The Fiat-Shamir transformation is a useful approach to building non-interactive arguments (of knowledge) in the random oracle model. Unfortunately, existing proof techniques are incapable of proving the security of Fiat-Shamir in the quantum setting. The problem stems from (1) the difficulty of quantum rewinding, and (2) the inability of current techniques to adaptively program random oracles in the quantum setting. In this work, we show how to overcome the limitations above in many settings… 

Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

This work studies the famous Fiat-Shamir transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition.

Quantum Rewinding for Many-Round Protocols

It is shown that recent Bulletproofs-like protocols based on lattices satisfy these properties, and are hence sound against quantum adversaries, and a new quantum rewinding strategy is devised, which applies to any protocol satisfying natural multi-round generalizations of special soundness and collapsing.

Quantum security of the Fiat-Shamir transform of commit and open protocols

  • A. Chailloux
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2019
This paper shows that if the authors start from a commit-and-open identification scheme, where the prover first commits to several strings and then as a second message opens a subset of them depending on the verifier's message, then the Fiat-Shamir transform is quantum secure, for a suitable choice of commitment scheme.

Post-Quantum Succinct Arguments: Breaking the Quantum Rewinding Barrier

We prove that Kilian's four-message succinct argument system is post-quantum secure in the standard model when instantiated with any probabilistically checkable proof and any collapsing hash function

Tight quantum security of the Fiat-Shamir transform for commit-and-open identification schemes with applications to post-quantum signature schemes

If the authors start from a commit-and-open identification scheme, where the prover first commits to several strings and then as a second message opens a subset of them depending on the verifier's message, then there is a tight quantum reduction for the Fiat-Shamir transform to special soundness notions.

Post-quantum Resettably-Sound Zero Knowledge

It is proved that any quantumly-resettably-sound zero-knowledge protocol for NP implies the impossibility of quantum obfuscation, giving an alternative proof to several recent results on quantum unobfuscatability.

A Note on the Post-Quantum Security of (Ring) Signatures

This work revisits the security of classical signatures and ring signatures in a quantum world and proposes a new definition of blind-unforgeability that does not suffer from the above issue.

Quantum Random Oracle Model with Auxiliary Input

The random oracle model (ROM) is an idealized model where hash functions are modeled as random functions that are only accessible as oracles and no work has dealt with the above two problems simultaneously.

Constructive Post-Quantum Reductions

It is shown that any non-interactive non-adaptive reduction from assumptions with a polynomial solution space (such as decision assumptions) can be made post-quantum constructive, and that quantum auxiliary input that is useful against a problem with a super-polynomial solution space cannot be generically “restored” post-measurement.

A New Simple Technique to Bootstrap Various Lattice Zero-Knowledge Proofs to QROM Secure NIZKs

A new simple semi-generic transform that compiles many existing lattice-based Σ-/public-coin HVZK interactive protocols into QROM secure NIZKs and builds on a new primitive called extractable linear homomorphic commitment protocol, which has several appealing features.
...

References

SHOWING 1-10 OF 28 REFERENCES

The Fiat-Shamir Transformation in a Quantum World

It has been unclear if the Fiat-Shamir technique is still secure in this quantum oracle model (QROM) and whether such adversaries should be allowed to query the random oracle in superposition.

Post-quantum Security of Fiat-Shamir

The Fiat-Shamir construction is an efficient transformation in the random oracle model for creating non-interactive proof systems and signatures from sigma-protocols, but Ambainis, Rosmanis, and Unruh ruled out non-relativizing proofs under those conditions in the quantum setting.

A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model

The goal of this current paper is to create a generic framework for constructing tight reductions in the QROM from underlying hard problems to Fiat-Shamir signatures.

Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model

This work studies the famous Fiat-Shamir transformation in the setting of a quantum adversary that in particular may query the random oracle in quantum superposition.

Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding

It is shown that classically secure proofs and proofs of knowledge are insecure in the quantum setting, and the "pick-one trick" is developed, a general technique that allows an adversary to find one value satisfying a given predicate, but not two.

Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms

The scheme is a combination of an asymmetric and a symmetric encryption scheme that are secure in a weak sense that is a slight modification of the Fujisaki-Okamoto transform that is secure against classical adversaries.

Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model

We present a construction for non-interactive zero-knowledge proofs of knowledge in the random oracle model from general sigma-protocols. Our construction is secure against quantum adversaries. Prior

Secure Identity-Based Encryption in the Quantum Random Oracle Model

This work gives the first proof of security for an identity-based encryption (IBE) scheme in the quantum random oracle model and argues that the aforementioned cryptosystems are secure against quantum adversaries.

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

  • Mark Zhandry
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2018
The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof

Random Oracles in a Quantum World

It is shown that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure.