Unforgeable Quantum Encryption

Alagic, Gorjan; Gagliardoni, Tommaso; Majenz, Christian

doi:10.1007/978-3-319-78372-7_16

Cited by 28 publications

(65 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Q q Q security models a fully quantum adversary with quantum access to all oracles in the first stage. 1 It is notation-wise convenient to define an order for the notions, with Q ≥ C and q ≥ c, consequently implying a partial order…”

Section: Ind-cca Security Against Partially or Fully Quantum Adversariesmentioning

confidence: 99%

Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange

Bindel

Brendel

Fischlin

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Concerns about the impact of quantum computers on currently deployed public key cryptography have instigated research into not only quantum-resistant cryptographic primitives but also how to transition applications from classical to quantum-resistant solutions. One approach to mitigate the risk of quantum attacks and to preserve common security guarantees are hybrid schemes, which combine classically secure and quantum-resistant schemes. Various academic and industry experiments and draft standards related to the Transport Layer Security (TLS) protocol already use some form of hybrid key exchange; however sound theoretical approaches to substantiate the design and security of such hybrid key exchange protocols are missing so far.We initiate the modeling of hybrid authenticated key exchange protocols, considering security against adversaries with varying levels of quantum power over time, such as adversaries who may become quantum in the future or are quantum in the present. We reach our goal using a three-step approach: First, we introduce security notions for key encapsulation mechanisms (KEMs) that enable a fine-grained distinction between different quantum scenarios. Second, we propose several combiners for constructing hybrid KEMs that correspond closely to recently proposed Internet-Drafts for hybrid key exchange in TLS 1.3. Finally, we present a provably sound design for hybrid key exchange using KEMs as building blocks.

show abstract

Section: Ind-cca Security Against Partially or Fully Quantum Adversariesmentioning

confidence: 99%

Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange

Bindel

Brendel

Fischlin

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…It is interesting to note that similar problems arise in encryption schemes of quantum data and a convincing solution was recently found [2,3]. However, it relies on the fact that for quantum messages, authentication implies secrecy.…”

Section: Introductionmentioning

confidence: 99%

“…Furthermore, the single query is allowed in a limited query model with an non-standard restriction. 3 Zhandry recently showed a separation between PO and GYZ by means of the powerful tool of obfuscation [31].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Quantum-Access-Secure Message Authentication via Blind-Unforgeability

Alagic

Majenz

Russell

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Formulating and designing authentication of classical messages in the presence of adversaries with quantum query access has been a longstanding challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quantum setting. A particular difficulty is how to fairly capture the notion of "predicting an unqueried value" when the adversary can query in quantum superposition. We propose a natural definition of unforgeability against quantum adversaries called blind unforgeability. This notion defines a function to be predictable if there exists an adversary who can use "partially blinded" oracle access to predict values in the blinded region. We support the proposal with a number of technical results. We begin by establishing that the notion coincides with EUF-CMA in the classical setting and go on to demonstrate that the notion is satisfied by a number of simple guiding examples, such as random functions and quantum-query-secure pseudorandom functions. We then show the suitability of blind unforgeability for supporting canonical constructions and reductions. We prove that the "hash-and-MAC" paradigm and the Lamport one-time digital signature scheme are indeed unforgeable according to the definition. To support our analysis, we additionally define and study a new variety of quantumsecure hash functions called Bernoulli-preserving. Finally, we demonstrate that blind unforgeability is strictly stronger than a previous definition of Boneh and Zhandry [EUROCRYPT '13, CRYPTO '13] and resolve an open problem concerning this previous definition by constructing an explicit function family which is forgeable yet satisfies the definition.

show abstract

“…Such function was used well in quantum money protocols. Moreover, Alagic et al proposed a problem about signing a quantum state, which reflects the demand of a one‐way function with quantum states as input. It is feasible to conceive a one‐way function of “quantum‐quantum” mode, or to say, a full quantum one‐way function, under the assumption of general quantum computers.…”

Section: Introductionmentioning

confidence: 99%

Full quantum one‐way function for quantum cryptography

Shang

Tang

Chen

et al. 2020

Quantum Engineering

View full text Add to dashboard Cite

Summary One‐way functions are fundamental tools for cryptography. Until now, quantum one‐way functions have several input‐output categories such as “classical‐to‐classical,” “classical‐to‐quantum,” and “quantum‐to‐classical,” which are used for postquantum cryptography or quantum cryptography. However, there are still no intrinsic “quantum‐to‐quantum” quantum one‐way functions. In this article, we propose the full quantum one‐way function to design full quantum cryptographic schemes. By concatenating the “quantum‐classical” one‐way function and the rotation operation of single qubit, the full quantum one‐way function has the input and output of quantum states. We prove its one‐way property from “easy computation” and “computationally difficult to invert.” Then we apply the full quantum one‐way function to quantum identity authentication. Security analysis shows that the proposed quantum identity authentication scheme based on the full quantum one‐way function is secure even under active attacks.

show abstract

Unforgeable Quantum Encryption

Cited by 28 publications

References 26 publications

Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange

Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange

Quantum-Access-Secure Message Authentication via Blind-Unforgeability

Full quantum one‐way function for quantum cryptography

Contact Info

Product

Resources

About