Taiga Hiroka scite author profile

In known constructions of classical zero-knowledge protocols for NP, either of zero-knowledge or soundness holds only against computationally bounded adversaries. Indeed, achieving both statistical zero-knowledge and statistical soundness at the same time with classical verifier is impossible for NP unless the polynomial-time hierarchy collapses, and it is also believed to be impossible even with a quantum verifier. In this work, we introduce a novel compromise, which we call the certified everlasting zero-knowledge proof for QMA. It is a computational zero-knowledge proof for QMA, but the verifier issues a classical certificate that shows that the verifier has deleted its quantum information. If the certificate is valid, even unbounded malicious verifier can no longer learn anything beyond the validity of the statement.We construct a certified everlasting zero-knowledge proof for QMA. For the construction, we introduce a new quantum cryptographic primitive, which we call commitment with statistical binding and certified everlasting hiding, where the hiding property becomes statistical once the receiver has issued a valid certificate that shows that the receiver has deleted the committed information. We construct commitment with statistical binding and certified everlasting hiding from quantum encryption with certified deletion by Broadbent and Islam [TCC 2020] (in a black box way), and then combine it with the quantum sigma-protocol for QMA by Broadbent and Grilo [FOCS 2020] to construct the certified everlasting zero-knowledge proof for QMA. Our constructions are secure in the quantum random oracle model. Commitment with statistical binding and certified everlasting hiding itself is of independent interest, and there will be many other useful applications beyond zero-knowledge.

show abstract

Certified Everlasting Functional Encryption

Hiroka¹,

Morimae²,

Nishimaki³

et al. 2022

Preprint

View full text Add to dashboard Cite

Computational security in cryptography has a risk that computational assumptions underlying the security are broken in the future. One solution is to construct information-theoretically-secure protocols, but many cryptographic primitives are known to be impossible (or unlikely) to have information-theoretical security even in the quantum world. A nice compromise (intrinsic to quantum) is certified everlasting security, which roughly means the following. A receiver with possession of quantum encrypted data can issue a certificate that shows that the receiver has deleted the encrypted data. If the certificate is valid, the security is guaranteed even if the receiver becomes computationally unbounded. Although several cryptographic primitives, such as commitments and zero-knowledge, have been made certified everlasting secure, there are many other important primitives that are not known to be certified everlasting secure.In this paper, we introduce certified everlasting FE. In this primitive, the receiver with the ciphertext of a message m and the functional decryption key of a function f can obtain f (m) and nothing else. The security holds even if the adversary becomes computationally unbounded after issuing a valid certificate. We, first, construct certified everlasting FE for P/poly circuits where only a single key query is allowed for the adversary. We, then, extend it to q-bounded one for NC 1 circuits where q-bounded means that q key queries are allowed for the adversary with an a priori bounded polynomial q. For the construction of certified everlasting FE, we introduce and construct certified everlasting versions of secret-key encryption, public-key encryption, receiver non-committing encryption, and a garbling scheme, which are of independent interest. A Proof ofTheorem 5.6 B Proof of Theorem 6.7 C Proof of Theorem 7.10 D Proof of Theorem 7.12 E Proof of Theorem 7.14 model (QROM) [BDF + 11]. On the other hand, in the second construction, the security holds without relying on the QROM, but the certificate is quantum.3. We construct certified everlasting RNCE from certified everlasting PKE in a black-box way (Section 5.2).4. We construct a certified everlasting garbling scheme for all P/poly circuits from certified everlasting SKE in a black-box way (Section 6.2).5. We construct 1-bounded certified everlasting FE with adaptive security for all P/poly circuits. The adaptive security means that the adversary can call key queries before and after seeing the challenge ciphertext. The 1-bounded means that only a single key query is allowed for the adversary. The construction is done in the following two steps. First, we construct 1-bounded certified everlasting FE with non-adaptive security for all P/poly circuits from a certified everlasting garbling scheme and certified everlasting PKE in a black-box way (Section 7.2). Second, we change it to the adaptively-secure one by using certified everlasting RNCE in a black-box way (Section 7.3).6. We construct q-bounded certified everlasting FE with adaptive security fo...

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Taiga Hiroka

Quantum Encryption with Certified Deletion, Revisited: Public Key, Attribute-Based, and Classical Communication

Certified Everlasting Zero-Knowledge Proof for QMA

Certified Everlasting Zero-Knowledge Proof for QMA

Certified Everlasting Functional Encryption

Contact Info

Product

Resources

About