Results 1  10
of
20
Random Oracles in a Quantum World
"... Abstract. The interest in postquantum cryptography — classical systems that remain secure in the presence of a quantum adversary — has generated elegant proposals for new cryptosystems. Some of these systems are set in the random oracle model and are proven secure relative to adversaries that have ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
Abstract. The interest in postquantum cryptography — classical systems that remain secure in the presence of a quantum adversary — has generated elegant proposals for new cryptosystems. Some of these systems are set in the random oracle model and are proven secure relative to adversaries that have classical access to the random oracle. We argue that to prove postquantum security one needs to prove security in the quantumaccessible random oracle model where the adversary can query the random oracle with quantum state. We begin by separating the classical and quantumaccessible random oracle models by presenting a scheme that is secure when the adversary is given classical access to the random oracle, but is insecure when the adversary can make quantum oracle queries. We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantumaccessible random oracle model. We introduce the concept of a historyfree reduction which is a category of classical random oracle reductions that basically determine oracle answers independently of the history of previous queries, and we prove that such reductions imply security in the quantum model. We then show that certain postquantum proposals, including ones based on lattices, can be proven secure using historyfree reductions and are therefore postquantum secure. We conclude with a rich set of open problems in this area.
Random quantum circuits are approximate 2designs
, 2008
"... Given a universal gate set on two qubits, it is well known that applying random gates from the set to random pairs of qubits will eventually yield an approximately Haardistributed unitary. However, this requires exponential time. We show that random circuits of only polynomial length will approxima ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
(Show Context)
Given a universal gate set on two qubits, it is well known that applying random gates from the set to random pairs of qubits will eventually yield an approximately Haardistributed unitary. However, this requires exponential time. We show that random circuits of only polynomial length will approximate the first and second moments of the Haar distribution, thus forming approximate 1 and 2designs. Previous constructions required longer circuits and worked only for specific gate sets. As a corollary of our main result, we also improve previous bounds on the convergence rate of random walks on the Clifford group. 1
Quantum Money from Hidden Subspaces
"... Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank that printed it, and (2) cryptographically secure, under a “classical ” hardness assumption that has nothing to do with quantum money. Our scheme is based on hidden subspaces, encoded as the zerosets of random multivariate polynomials. A main technical advance is to show that the “blackbox ” version of our scheme, where the polynomials are replaced by classical oracles, is unconditionally secure. Previously, such a result had only been known relative to a quantum oracle (and even there, the proof was never published). Even in Wiesner’s original setting—quantum money that can only be verified by the bank— we are able to use our techniques to patch a major security hole in Wiesner’s scheme. We give the first privatekey quantum money scheme that allows unlimited verifications and that remains unconditionally secure, even if the counterfeiter can interact adaptively with the bank. Our money scheme is simpler than previous publickey quantum money schemes, including a knotbased scheme of Farhi et al. The verifier needs to perform only two tests, one in the standard basis and one in the Hadamard basis—matching the original intuition for quantum money, based on the existence of complementary observables. Our security proofs use a new variant of Ambainis’s quantum adversarymethod, and several other tools that might be of independent interest. 1
Secure identitybased encryption in the quantum random oracle model
 In Proceedings of CRYPTO
, 2012
"... We give the first proof of security for an identitybased encryption scheme in the quantum random oracle model. This is the first proof of security for any scheme in this model that requires no additional assumptions. Our techniques are quite general and we use them to obtain security proofs for two ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
We give the first proof of security for an identitybased encryption scheme in the quantum random oracle model. This is the first proof of security for any scheme in this model that requires no additional assumptions. Our techniques are quite general and we use them to obtain security proofs for two random oracle hierarchical identitybased encryption schemes and a random oracle signature scheme, all of which have previously resisted quantum security proofs, even using additional assumptions. We also explain how to remove the extra assumptions from prior quantum random oracle model proofs. We accomplish these results by developing new tools for arguing that quantum algorithms cannot distinguish between two oracle distributions. Using a particular class of oracle distributions, so called semiconstant distributions, we argue that the aforementioned cryptosystems are secure against quantum adversaries.
Optimal counterfeiting attacks and generalizations for Wiesner’s quantum money
 In Proc. 7th Conf. Theory of Quantum Computation, THEORY OF COMPUTING
, 2012
"... We present an analysis of Wiesner’s quantum money scheme, as well as some natural generalizations of it, based on semidefinite programming. For Wiesner’s original scheme, it is determined that the optimal probability for a counterfeiter to create two copies of a bank note from one, where both copies ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We present an analysis of Wiesner’s quantum money scheme, as well as some natural generalizations of it, based on semidefinite programming. For Wiesner’s original scheme, it is determined that the optimal probability for a counterfeiter to create two copies of a bank note from one, where both copies pass the bank’s test for validity, is (3/4) n for n being the number of qubits used for each note. Generalizations in which other ensembles of states are substituted for the one considered by Wiesner are also discussed, including a scheme recently proposed by Pastawski, Yao, Jiang, Lukin, and Cirac, as well as schemes based on higher dimensional quantum systems. In addition, we introduce a variant of Wiesner’s quantum money in which the verification protocol for bank notes involves only classical communication with the bank. We show that the optimal probability with which a counterfeiter can succeed in two independent verification attempts, given access to a single valid nqubit bank note, is (3/4 + √ 2/8) n. We also analyze extensions of this variant to higherdimensional schemes. 1
Quantum money from knots
 In Proc. Innovations in Theoretical Computer Science (ITCS
, 2012
"... Quantum money is a cryptographic protocol in which a mint can produce a quantum state, no one else can copy the state, and anyone (with a quantum computer) can verify that the state came from the mint. We present a concrete quantum money scheme based on superpositions of diagrams that encode orien ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Quantum money is a cryptographic protocol in which a mint can produce a quantum state, no one else can copy the state, and anyone (with a quantum computer) can verify that the state came from the mint. We present a concrete quantum money scheme based on superpositions of diagrams that encode oriented links with the same Alexander polynomial. We expect our scheme to be secure against computationally bounded adversaries. 1
Quantum coins
 In ErrorCorrecting Codes, Finite Geometries and Cryptography
, 2010
"... ar ..."
(Show Context)