Certified Everlasting Zero-Knowledge Proof for QMA

Hiroka, Taiga; Morimae, Tomoyuki; Nishimaki, Ryo; Yamakawa, Takashi

doi:10.1007/978-3-031-15802-5_9

Cited by 13 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They constructed a one-time SKE scheme with certified deletion without computational assumptions. After that, many works presented various quantum encryption primitives (PKE, ABE, FE and so on) with certified deletion [HMNY21,Por23,BK22,HMNY22]. The root of quantum encryption with certified deletion is revocable quantum time-released encryption by Unruh [Unr15].…”

Section: Other Related Workmentioning

confidence: 99%

Public Key Encryption with Secure Key Leasing

Agrawal¹,

Kitagawa²,

Nishimaki³

et al. 2023

Preprint

View full text Add to dashboard Cite

We introduce the notion of public key encryption with secure key leasing (PKE-SKL). Our notion supports the leasing of decryption keys so that a leased key achieves the decryption functionality but comes with the guarantee that if the quantum decryption key returned by a user passes a validity test, then the user has lost the ability to decrypt. Our notion is similar in spirit to the notion of secure software leasing (SSL) introduced by Ananth and La Placa (Eurocrypt 2021) but captures significantly more general adversarial strategies . Our results can be summarized as follows:1. Definitions: We introduce the definition of PKE with secure key leasing and formalize a security notion that we call indistinguishability against key leasing attacks (IND-KLA security). We also define a one-wayness notion for PKE-SKL that we call OW-KLA security and show that an OW-KLA secure PKE-SKL scheme can be lifted to an IND-KLA secure one by using the (quantum) Goldreich-Levin lemma. Constructing IND-KLA PKE with Secure Key Leasing:We provide a construction of OW-KLA secure PKE-SKL (which implies IND-KLA secure PKE-SKL as discussed above) by leveraging a PKE scheme that satisfies a new security notion that we call consistent or inconsistent security against key leasing attacks (CoIC-KLA security).We then construct a CoIC-KLA secure PKE scheme using 1-key Ciphertext-Policy Functional Encryption (CPFE) that in turn can be based on any IND-CPA secure PKE scheme. Identity Based Encryption, Attribute Based Encryption and Functional Encryption with Secure Key Leasing:We provide definitions of secure key leasing in the context of advanced encryption schemes such as identity based encryption (IBE), attribute-based encryption (ABE) and functional encryption (FE). Then we provide constructions by combining the above PKE-SKL with standard IBE, ABE and FE schemes. Notably, our definitions allow the adversary to request distinguishing keys in the security game, namely, keys that distinguish the challenge bit by simply decrypting the challenge ciphertext, as long as it returns them (and they pass the validity test) before it sees the challenge ciphertext. All our constructions satisfy this stronger definition, albeit with the restriction that only a bounded number of such keys is allowed to the adversary in the IBE and ABE (but not FE) security games.Prior to our work, the notion of single decryptor encryption (SDE) has been studied in the context of PKE (Georgiou and Zhandry, Eprint 2020) and FE (Kitigawa and Nishimaki, Asiacrypt 2022) but all their constructions rely on strong assumptions including indistinguishability obfuscation. In contrast, our constructions do not require any additional assumptions, showing that PKE/IBE/ABE/FE can be upgraded to support secure key leasing for free.In more detail, our adversary is not restricted to use an honest evaluation algorithm to run pirated software.

show abstract

Section: Other Related Workmentioning

confidence: 99%

Public Key Encryption with Secure Key Leasing

Agrawal¹,

Kitagawa²,

Nishimaki³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Using a hybrid encryption scheme, Hiroka, Morimae, Nishimaki and Yamakawa [HMNY21] extended the scheme in [BI20] to both public-key and attribute-based encryption with privatelyverifiable certified deletion via receiver non-committing encryption [JL00, CFGN96]. Hiroka, Morimae, Nishimaki and Yamakawa [HMNY22b] considered certified everlasting zero-knowledge proofs for QMA via the notion of everlasting security which was first formalized by M üller-Quade and Unruh [MU07]. Bartusek and Khurana [BK22] revisited the notion of certified deletion and presented a unified approach for how to generically convert any public-key, attribute-based, fullyhomomorphic, timed-release or witness encryption scheme into an equivalent quantum encryption scheme with certified deletion.…”

Section: Prior Workmentioning

confidence: 99%

“…This is also the definition we consider in this work. In the same spirit, Hiroka, Morimae, Nishimaki and Yamakawa [HMNY22a] gave a certified everlasting functional encryption scheme which allows the receiver of the ciphertext to obtain the outcome specific function applied the plaintext, but nothing else. In other very recent work, Ananth, Poremba and Vaikuntanathan [APV23] used Gaussian superpositions to construct (key)-revocable cryptosystems, such as public-key encryption, fully homomorphic encryption and pseudorandom functions assuming the hardness of LWE, and Agarwal et al [AKN + 23] introduced a generic compiler for adding key-revocability to a variety of cryptosystems.…”

Section: Prior Workmentioning

confidence: 99%

Publicly-Verifiable Deletion via Target-Collapsing Functions

Bartusek¹,

Khurana²,

Poremba³

2023

Preprint

View full text Add to dashboard Cite

We build quantum cryptosystems that support publicly-verifiable deletion from standard cryptographic assumptions. We introduce target-collapsing as a weakening of collapsing for hash functions, analogous to how second preimage resistance weakens collision resistance; that is, target-collapsing requires indistinguishability between superpositions and mixtures of preimages of an honestly sampled image.We show that target-collapsing hashes enable publicly-verifiable deletion (PVD), proving conjectures from [Poremba, ITCS'23] and demonstrating that the Dual-Regev encryption (and corresponding fully homomorphic encryption) schemes support PVD under the LWE assumption. We further build on this framework to obtain a variety of primitives supporting publiclyverifiable deletion from weak cryptographic assumptions, including:• Commitments with PVD assuming the existence of injective one-way functions, or more generally, almost-regular one-way functions. Along the way, we demonstrate that (variants of) target-collapsing hashes can be built from almost-regular one-way functions.• Public-key encryption with PVD assuming trapdoored variants of injective (or almostregular) one-way functions. We also demonstrate that the encryption scheme of [Hhan, Morimae, and Yamakawa, Eurocrypt'23] based on pseudorandom group actions has PVD.• X with PVD for X ∈ {attribute-based encryption, quantum fully-homomorphic encryption, witness encryption, time-revocable encryption}, assuming X and trapdoored variants of injective (or almost-regular) one-way functions.

show abstract

“…Since Wiesner put forward quantum money in 1983 [Wie83], a novel unclonable primitive that protects digital money against counterfeiting attacks, there have been a myriad of interesting unclonable primitives proposed over the years. They include variants of quantum money [AC12,Zha17,Shm22], quantum one-time programs [BGS13], copy-protection [Aar09, AL20, ALL + 20, CLLZ21], tokenized signatures [BS16, CLLZ21,Shm22], unclonable encryption [Got02,BL20], secure software leasing [AL20, KNY21, BJL + 21], encryption with certified deletion [BI20] and certified zero-knowledge [HMNY22].…”

Section: Introductionmentioning

confidence: 99%

Cloning Games: A General Framework for Unclonable Primitives

Ananth¹,

Kaleoglu²,

Liu³

2023

Preprint

View full text Add to dashboard Cite

The powerful no-cloning principle of quantum mechanics can be leveraged to achieve interesting primitives, referred to as unclonable primitives, that are impossible to achieve classically. In the past few years, we have witnessed a surge of new unclonable primitives. While prior works have mainly focused on establishing feasibility results, another equally important direction, that of understanding the relationship between different unclonable primitives is still in its nascent stages. Moving forward, we need a more systematic study of unclonable primitives.To this end, we introduce a new framework called cloning games. This framework captures many fundamental unclonable primitives such as quantum money, copy-protection, unclonable encryption, single-decryptor encryption, and many more. By reasoning about different types of cloning games, we obtain many interesting implications to unclonable cryptography, including the following:1. We obtain the first construction of information-theoretically secure single-decryptor encryption in the one-time setting.2. We construct unclonable encryption in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states. Our work also provides a simpler security proof for the previous work.3. We construct copy-protection for single-bit point functions in the quantum random oracle model based on BB84 states, improving upon the previous work, which used coset states, and additionally, providing a simpler proof.4. We establish a relationship between different challenge distributions of copy-protection schemes and single-decryptor encryption schemes.5. Finally, we present a new construction of one-time encryption with certified deletion.

show abstract

Certified Everlasting Zero-Knowledge Proof for QMA

Cited by 13 publications

References 29 publications

Public Key Encryption with Secure Key Leasing

Public Key Encryption with Secure Key Leasing

Publicly-Verifiable Deletion via Target-Collapsing Functions

Cloning Games: A General Framework for Unclonable Primitives

Contact Info

Product

Resources

About