On the Feasibility of Unclonable Encryption, and More

Ananth, Prabhanjan; Kaleoglu, Fatih; Li, Xingjian; Liu, Qipeng; Zhandry, Mark

doi:10.1007/978-3-031-15979-4_8

Cited by 20 publications

(11 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ananth and La Placa [AL21] show that there exists a class of functions that we cannot achieve copy-protection in the plain model. Ananth and Kaleoglu [AK22] extend the impossibility result by Ananth and La Placa [AL21] and show that there exists a class of functions that we cannot achieve copy-protection in the classical-accessible random oracle model (CAROM). CAROM is a model where both constructions and adversaries can only classically access the random oracle.…”

Section: More On Related Workmentioning

confidence: 65%

One-out-of-Many Unclonable Cryptography: Definitions, Constructions, and More

Kitagawa¹,

Nishimaki²

2023

Preprint

View full text Add to dashboard Cite

The no-cloning principle of quantum mechanics enables us to achieve amazing unclonable cryptographic primitives, which is impossible in classical cryptography. However, the security definitions for unclonable cryptography are tricky. Achieving desirable security notions for unclonability is a challenging task. In particular, there is no indistinguishablesecure unclonable encryption and quantum copy-protection for single-bit output point functions in the standard model. To tackle this problem, we introduce and study relaxed but meaningful security notions for unclonable cryptography in this work. We call the new security notion one-out-of-many unclonable security.We obtain the following results.• We show that one-time strong anti-piracy secure secret key single-decryptor encryption (SDE) implies one-outof-many indistinguishable-secure unclonable encryption.• We construct a one-time strong anti-piracy secure secret key SDE scheme in the standard model from the LWE assumption.• We construct one-out-of-many copy-protection for single-bit output point functions from one-out-of-many indistinguishable-secure unclonable encryption and the LWE assumption.• We construct one-out-of-many unclonable predicate encryption (PE) from one-out-of-many indistinguishablesecure unclonable encryption and the LWE assumption.Thus, we obtain one-out-of-many indistinguishable-secure unclonable encryption, one-out-of-many copy-protection for single-bit output point functions, and one-out-of-many unclonable PE in the standard model from the LWE assumption. In addition, our one-time SDE scheme is the first SDE scheme that does not rely on any oracle heuristics and strong assumptions such as indistinguishability obfuscation and witness encryption.

show abstract

Section: More On Related Workmentioning

confidence: 65%

One-out-of-Many Unclonable Cryptography: Definitions, Constructions, and More

Kitagawa¹,

Nishimaki²

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…In the constructions of copy-protection due to Coladangelo et al [CLLZ21;CMP20], the copy-protection algorithm only makes classical queries to the cryptographic primitives in the case of [CLLZ21] and the random oracle in the case of [CMP20] whereas the evaluation algorithm in both constructions make quantum queries. Finally, in the construction of unclonable encryption in [AKL+22], all the algorithms only make classical queries to the random oracle. Given these constructions, we believe it is important to understand what is feasible or impossible for unclonable cryptosystems in the hybrid classical-quantum query model.…”

Section: Our Workmentioning

confidence: 99%

On the (Im)plausibility of Public-Key Quantum Money from Collision-Resistant Hash Functions

Ananth¹,

Hu²,

Yuen³

2023

Preprint

View full text Add to dashboard Cite

Public-key quantum money is a cryptographic proposal for using highly entangled quantum states as currency that is publicly verifiable yet resistant to counterfeiting due to the laws of physics. Despite significant interest, constructing provably-secure public-key quantum money schemes based on standard cryptographic assumptions has remained an elusive goal. Even proposing plausibly-secure candidate schemes has been a challenge.These difficulties call for a deeper and systematic study of the structure of public-key quantum money schemes and the assumptions they can be based on. Motivated by this, we present the first black-box separation of quantum money and cryptographic primitives. Specifically, we show that collision-resistant hash functions cannot be used as a black-box to construct publickey quantum money schemes where the banknote verification makes classical queries to the hash function. Our result involves a novel combination of state synthesis techniques from quantum complexity theory and simulation techniques, including Zhandry's compressed oracle technique.

show abstract

“…These latter constructions are all based on the idea of hidden coset states. In a recent work, [AKL23] gives another construction for copy-protection of single-bit point functions in the quantum random oracle model based on BB84 states. In this work, we build upon the copy-protection construction of pseudorandom functions [CLLZ21] to construct copy-protection of point functions in the plain model with negligible security.…”

Section: Related Workmentioning

confidence: 99%

“…The only known exception is the construction of copy-protection of single-bit point functions in the quantum random oracle model based on BB84 states[AKL23]. In this work, we focus only on constructions in the plain model.…”

mentioning

confidence: 99%

Semi-quantum Copy-Protection and More

Chevalier,

Hermouet,

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Properties of quantum mechanics have enabled the emergence of quantum cryptographic protocols achieving important goals which are proven to be impossible classically. Unfortunately, this usually comes at the cost of needing quantum power from every party in the protocol, while arguably a more realistic scenario would be a network of classical clients, classically interacting with a quantum server.In this paper, we focus on copy-protection, which is a quantum primitive that allows a program to be evaluated, but not copied, and has shown interest especially due to its links to other unclonable cryptographic primitives. Our main contribution is to show how to dequantize quantum copy-protection schemes constructed from hidden coset states, by giving a construction for classically-instructed remote state preparation for coset states, which preserves hardness properties of hidden coset states. We then apply this dequantizer to obtain semi-quantum cryptographic protocols for copy-protection and tokenized signatures with strong unforgeability. In the process, we present the first secure copy-protection scheme for point functions in the plain model and a new direct product hardness property of coset states which immediately implies a strongly unforgeable tokenized signature scheme.⋆ Work done while at CRED and DIENS. 1 This is called hybrid quantum cryptography in [AGKZ20]. Technical Overview Our Remote Coset State Preparation Protocol and Its Application toCopy-ProtectionIn this section, we give an overview of our remote coset state preparation protocol and its proof of soundness. To give the reader a glimpse of the functionality of our protocol and how it can be used as a generic compiler to obtain semi-quantum copy-protection, we first start by analysing security requirements for several existing quantum copy-protection schemes based on coset states.Security Requirements. For our discussion, we focus on the copy-protection of pseudorandom functions scheme in the plain model and the single-decryptor scheme in the plain model presented in [CLLZ21]. The common point is that security of these constructions all reduce to a monogamy-ofentanglement property of coset states [CLLZ21, CV22]. Informally, this property states that a triple of quantum algorithms Alice, Bob and Charlie cannot cooperatively win the following monogamy game with a challenger, except with negligible probability. The challenger first prepares a uniformly random coset state |A s,s ′ ⟩ and gives the state to Alice. Alice outputs two (possibly entangled) quantum states and sends them to Bob and Charlie respectively. No communication is allowed between Bob and Charlie. Finally, Bob and Charlie both get the description of the subspace A. The game is won if Bob outputs a vector in A + s and Charlie outputs a vector in A ⊥ + s ′ , where A ⊥ denote the dual subspace of A.If our goal is to design a semi-quantum protocol for preparing coset states such that it can be used in a plug-and-play manner for the aforementioned protocols, our protocol needs to have the fo...

show abstract

On the Feasibility of Unclonable Encryption, and More

Cited by 20 publications

References 19 publications

One-out-of-Many Unclonable Cryptography: Definitions, Constructions, and More

One-out-of-Many Unclonable Cryptography: Definitions, Constructions, and More

On the (Im)plausibility of Public-Key Quantum Money from Collision-Resistant Hash Functions

Semi-quantum Copy-Protection and More

Contact Info

Product

Resources

About