How to Construct Quantum Random Functions

Zhandry, Mark

doi:10.1109/focs.2012.37

Cited by 185 publications

(165 citation statements)

References 16 publications

Supporting

Mentioning

164

Contrasting

Order By: Relevance

“…The next definition and lemma are given by Zhandry [Zha12b] and allow for the efficient simulation of an exponentially-large list of samples, given only a polynomial number of samples: Definition 2.3 (Small-range distributions [Zha12b] A special case of this theorem is when F is a constant function and each of the distirbutions D x are the uniform distribution. In this case, Lemma 2.6 reduces to the following result of Boneh and Zhandry [BZ13]: any quantum algorithm making q queries to a random oracle H from X to Y can output q + 1 input/output pairs of H with probability at most (q + 1)/|Y|.…”

Section: Toolsmentioning

confidence: 99%

See 1 more Smart Citation

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

Boneh

Zhandry

2013

Lecture Notes in Computer Science

Self Cite

138

113

View full text Add to dashboard Cite

We initiate the study of quantum-secure digital signatures and quantum chosen ciphertext security. In the case of signatures, we enhance the standard chosen message query model by allowing the adversary to issue quantum chosen message queries: given a superposition of messages, the adversary receives a superposition of signatures on those messages. Similarly, for encryption, we allow the adversary to issue quantum chosen ciphertext queries: given a superposition of ciphertexts, the adversary receives a superposition of their decryptions. These adversaries model a natural ubiquitous quantum computing environment where end-users sign messages and decrypt ciphertexts on a personal quantum computer.We construct classical systems that remain secure when exposed to such quantum queries. For signatures, we construct two compilers that convert classically secure signatures into signatures secure in the quantum setting and apply these compilers to existing post-quantum signatures. We also show that standard constructions such as Lamport one-time signatures and Merkle signatures remain secure under quantum chosen message attacks, thus giving signatures whose quantum security is based on generic assumptions. For encryption, we define security under quantum chosen ciphertext attacks and present both public-key and symmetric-key constructions.

show abstract

Section: Toolsmentioning

confidence: 99%

“…Along these lines, Zhandry [Zha12b] showed how to construct pseudorandom functions (PRFs) that remain secure even when the adversary is allowed to issue quantum queries to the PRF. A quantum query is a superposition of inputs x ψ x |x of the attacker's choice.…”

Section: Introductionmentioning

confidence: 99%

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

Boneh

Zhandry

2013

Lecture Notes in Computer Science

Self Cite

138

113

View full text Add to dashboard Cite

show abstract

“…For completeness, we give a clean proof using a tool developed by Zhandry [32]. We describe below a simplified version of the tool, taken from [31]. …”

Section: Toolboxmentioning

confidence: 99%

Mitigating Multi-target Attacks in Hash-Based Signatures

Hülsing

Rijneveld

Song

2016

Lecture Notes in Computer Science

102

View full text Add to dashboard Cite

Abstract. This work introduces XMSS-T, a new stateful hash-based signature scheme with tight security. Previous hash-based signatures are facing a loss of security, linear in performance parameters such as the total tree height. Our new scheme can achieve the same security level but using hash functions with a smaller output length, which immediately leads to a smaller signature size. The same techniques also apply directly to the recent stateless hash-based signature scheme SPHINCS (Eurocrypt 2015), and the signature size is reduced as well. Being a little more specific and technical, the tight security stems from new multi-target notions of hash-function properties which we define and analyze. We show precise complexity for breaking these security properties under both classical and quantum generic attacks, thus establishing a reliable estimate for the quantum security of XMSS-T. In particular, we prove quantum query complexity tailored for cryptographic applications, which overcomes some limitations of standard techniques in quantum query complexity such as only considering worst-case complexity. Our proof techniques may be useful elsewhere. We also implement XMSS-T and compare its performance to that of XMSS (PQCrypto 2011), the most recent stateful hash-based signature scheme before our work.

show abstract

“…Zhandry [240] showed how to plant challenges in the QRO model at the beginning of the execution, and Unruh [222] showed how to reprogram the RO during runtime. Security definitions allowing superposition access have subsequently been studied by Boneh and Zhandry [37,240] in the context of encryption, digital signatures and the construction of pseudo-random functions. See also related work by Damgård, Funder, Nielsen and Salvail [92], who study superposition attacks on secret-sharing and multi-party protocols.…”

Section: Superposition Access To Oracles: Quantum Security Notionsmentioning

confidence: 99%

“…Related to the topic of quantum security notions (Sect. 4.4), Zhandry [240] has shown how to construct quantum-security pseudo-random functions (qPRF). Classically, it is well-known that using the PRF in a three-round Feistel network yields a pseudo-random permutation.…”

Section: Conclusion and Open Problemsmentioning

confidence: 99%

Quantum cryptography beyond quantum key distribution

Broadbent

Schaffner

2015

Des. Codes Cryptogr.

187

112

View full text Add to dashboard Cite

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two-and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries-including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.

show abstract

How to Construct Quantum Random Functions

Cited by 185 publications

References 16 publications

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

Mitigating Multi-target Attacks in Hash-Based Signatures

Quantum cryptography beyond quantum key distribution

Contact Info

Product

Resources

About