Quantum Encryption with Certified Deletion, Revisited: Public Key, Attribute-Based, and Classical Communication

Hiroka, Taiga; Morimae, Tomoyuki; Nishimaki, Ryo; Yamakawa, Takashi

doi:10.1007/978-3-030-92062-3_21

Cited by 27 publications

(15 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One reason why the applications are limited is that in cryptography it is not natural to consider the case when the receiver receives the private key later. Hiroka et al [HMNY21] recently extended the symmetric-key scheme by Broadbent and Islam [BI20] to a public-key encryption scheme, an attribute-based encryption scheme, and a publicly verifiable scheme, which have opened many applications. However, one disadvantage is that their security is the computational one unlike the symmetric-key scheme [BI20].…”

Section: Our Resultsmentioning

confidence: 99%

“…Therefore, we have to somehow delete the information of sk from the commitment in some hybrid game in a security proof. A similar issue was dealt with by Hiroka et al [HMNY21] by using receiver non-committing encryption in the context of public key encryption with certified deletion. However, their technique inherently relies on the assumption that an adversary runs in polynomial-time even after the deletion.…”

Section: Technical Overviewmentioning

confidence: 85%

“…Proof. The proof is similar to [HMNY21, Propositoin 5.8], but note that this time we have to consider an unbounded adversary after the certificate is issued unlike the case of [HMNY21]. We assume that Pr Exp ever-hide…”

Section: What We Have To Prove Is Thatmentioning

confidence: 99%

See 2 more Smart Citations

Certified Everlasting Zero-Knowledge Proof for QMA

Hiroka¹,

Morimae²,

Nishimaki³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

In known constructions of classical zero-knowledge protocols for NP, either of zero-knowledge or soundness holds only against computationally bounded adversaries. Indeed, achieving both statistical zero-knowledge and statistical soundness at the same time with classical verifier is impossible for NP unless the polynomial-time hierarchy collapses, and it is also believed to be impossible even with a quantum verifier. In this work, we introduce a novel compromise, which we call the certified everlasting zero-knowledge proof for QMA. It is a computational zero-knowledge proof for QMA, but the verifier issues a classical certificate that shows that the verifier has deleted its quantum information. If the certificate is valid, even unbounded malicious verifier can no longer learn anything beyond the validity of the statement.We construct a certified everlasting zero-knowledge proof for QMA. For the construction, we introduce a new quantum cryptographic primitive, which we call commitment with statistical binding and certified everlasting hiding, where the hiding property becomes statistical once the receiver has issued a valid certificate that shows that the receiver has deleted the committed information. We construct commitment with statistical binding and certified everlasting hiding from quantum encryption with certified deletion by Broadbent and Islam [TCC 2020] (in a black box way), and then combine it with the quantum sigma-protocol for QMA by Broadbent and Grilo [FOCS 2020] to construct the certified everlasting zero-knowledge proof for QMA. Our constructions are secure in the quantum random oracle model. Commitment with statistical binding and certified everlasting hiding itself is of independent interest, and there will be many other useful applications beyond zero-knowledge.

show abstract

Section: Our Resultsmentioning

confidence: 99%

Section: Technical Overviewmentioning

confidence: 85%

See 1 more Smart Citation

Certified Everlasting Zero-Knowledge Proof for QMA

Hiroka¹,

Morimae²,

Nishimaki³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…The notion of certified deletion proposed by Broadbent and Islam is information-theoretic and does not take computational assumptions into account. Subsequently, Hiroka, Morimae, Nishimaki and Yamakawa [HMNY21b] were able to extend the scheme in [BI20] to publickey and attribute-based encryption by using a hybrid encryption scheme in combination with receiver noncommitting (RNC) encryption [JL00,CFGN96] and noisy trapdoor claw-free (NTCF) functions, which were first introduced in [BCM + 21] in the context of certifiable randomness. The encryption schemes proposed by Hiroka, Morimae, Nishimaki and Yamakawa [HMNY21b] enjoy very strong security guarantees at the expense of functionality; in particular, none of the constructions are known to support computations on encrypted data.…”

Section: Related Workmentioning

confidence: 99%

“…This cryptographic notion can be seen as an extension of fully homomorphic encryption schemes [RAD78,Gen09,BV11] which allow for arbitrary computations over encrypted data. Prior work on certified deletion makes use of very specific encryption schemes that seem incompatible with such a functionality; for example, the private-key encryption scheme of Broadbent and Islam [BI20] requires a classical one-time pad, whereas the authors in [HMNY21b] use a particular hybrid encryption scheme in the context of public-key cryptography. While homomorphic encryption enables a wide range of applications including private queries to a search engine and private machine learning on encrypted data [BPTG14], a fundamental limitation remains: once the protocol is complete, the cloud server is still in possession of the client's encrypted data.…”

Section: Introductionmentioning

confidence: 99%

Quantum Proofs of Deletion for Learning with Errors

Poremba¹

2022

Preprint

View full text Add to dashboard Cite

Quantum information has the property that measurement is an inherently destructive process. This feature is most apparent in the principle of complementarity, which states that mutually incompatible observables cannot be measured at the same time. Recent work by Broadbent and Islam (TCC 2020) builds on this aspect of quantum mechanics to realize a cryptographic notion called certified deletion. While this remarkable notion enables a classical verifier to be convinced that a (private-key) quantum ciphertext has been deleted by an untrusted party, it offers no additional layer of functionality.In this work, we augment the proof-of-deletion paradigm with fully homomorphic encryption (FHE). This results in a new and powerful cryptographic notion called fully homomorphic encryption with certified deletion -an interactive protocol which enables an untrusted quantum server to compute on encrypted data and, if requested, to simultaneously prove data deletion to a client. Our main technical ingredient is an interactive protocol by which a quantum prover can convince a classical verifier that a sample from the Learning with Errors (LWE) distribution in the form of a quantum state was deleted. We introduce an encoding based on Gaussian coset states which is highly generic and suggests that essentially any LWE-based cryptographic primitive admits a classically-verifiable quantum proof of deletion.As an application of our protocol, we construct a Dual-Regev public-key encryption scheme with certified deletion, which we then extend towards a (leveled) FHE scheme of the same type. In terms of security, we distinguish between two types of attack scenarios: a semi-honest adversary that follows the protocol exactly, and a fully malicious adversary that is allowed to deviate arbitrarily from the protocol. In the former case, we achieve indistinguishable ciphertexts, even if the secret key is later revealed after deletion has taken place. In the latter case, we provide entropic uncertainty relations for Gaussian cosets which limit the adversary's ability to guess the delegated ciphertext once deletion has taken place. Our results enable a form of everlasting cryptography and give rise to new privacy-preserving quantum cloud applications, such as private machine learning on encrypted data with certified data deletion.

show abstract

Computationally Secure Semi‐Quantum All‐Or‐Nothing Oblivious Transfer from Dihedral Coset States

Yan,

Wang,

2024

Adv Quantum Tech

View full text Add to dashboard Cite

The quest for perfect quantum oblivious transfer (QOT) with information‐theoretic security remains a challenge, necessitating the exploration of computationally secure QOT as a viable alternative. Unlike the unconditionally secure quantum key distribution (QKD), the computationally secure QOT relies on specific quantum‐safe computational hardness assumptions, such as the post‐quantum hardness of learning with errors (LWE) problem and quantum‐hard one‐way functions. This raises an intriguing question: Are there additional efficient quantum hardness assumptions that are suitable for QOT? In this work, leveraging the dihedral coset state derived from the dihedral coset problem (DCP), a basic variant of OT, known as the all‐or‐nothing OT, is studied in the semi‐quantum setting. Specifically, the DCP originates from the dihedral hidden subgroup problem (DHSP), conjectured to be challenging for any quantum polynomial‐time algorithms. First, a computationally secure quantum protocol is presented for all‐or‐nothing OT, which is then simplified into a semi‐quantum OT protocol with minimal quantumness, where the interaction needs merely classical communication. To efficiently instantiate the dihedral coset state, a powerful cryptographic tool called the LWE‐based noisy trapdoor claw‐free functions (NTCFs) is used. The construction requires only a three‐message interaction and ensures perfect statistical privacy for the receiver and computational privacy for the sender.

show abstract

Quantum Encryption with Certified Deletion, Revisited: Public Key, Attribute-Based, and Classical Communication

Cited by 27 publications

References 26 publications

Certified Everlasting Zero-Knowledge Proof for QMA

Certified Everlasting Zero-Knowledge Proof for QMA

Quantum Proofs of Deletion for Learning with Errors

Computationally Secure Semi‐Quantum All‐Or‐Nothing Oblivious Transfer from Dihedral Coset States

Contact Info

Product

Resources

About