Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fang Song IQC, University of Waterloo -- “Quantum-Friendly” Reductions.

Published byJemimah Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "Fang Song IQC, University of Waterloo -- “Quantum-Friendly” Reductions."— Presentation transcript:

1 Fang Song IQC, University of Waterloo -- “Quantum-Friendly” Reductions

2 2 How do quantum attacks change classical cryptography?  Crypto-systems based on the hardness of factoring and discrete-log are broken  Factoring and discrete-log are easy on a quantum computer [ Shor’97 ]  Relax…, there are “hard” problems for quantum computers  Lattices, code-based, multivariate equations,  Super-singular elliptic curve isogenies ……  Unfortunately, this is not the end of the story…

3  3 What do We Mean by “Secure”? ?  So far, only can do quantum rewinding in special cases [ Wat09,Unr12 ].

4  4 What do We Mean by “Secure”?

5  Main Result: Characterize “Quantum-Friendly” reductions.  Case 1: Class-Respectful Reductions  Common case: adversary has quantum inner working, classical interaction with outside world.  Formalize sufficient conditions, simple to check.  Application: (quantum-safe) one-way functions  Signatures  An efficient variant: XMSS [ BHH11 ] (Motivation of this work)  Not surprising; just making routine work rigorous and easier  Case 2: Class-Translatable Reductions  Unify a few previous works, e.g., Full-Domain Hash in QRO 5 What I Did in This Work Q: What classical security reductions can go through against quantum attacks? Side: Spell out Provable Quantum Security  Before “how”, be clear “what” to do to establish quantum security

6  6 Review: Provable Classical Security C A C B A T C A  Computational Assumption  Security Requirement  Security Reduction Usually consider poly- time adversaries Use Games to formalize the following:

7  7 Provable Quantum Security Classical Quantum Decide what is proper in your setting e.g., allow quantum superposition queries? Every component needs a “quantum” inspection   

8  8 Lifting Game-Preserving Reductions

9  9 Lifting Game-Preserving Reductions (Cont’d)

10  10 A Useful Condition for Closedness OWF One-Time Signature [Lamport] Universal One-Way Hash Functions [Rompel] (Full-fledged) Hash-Tree Signature [Merkle]

11  ? Upshot: let an interpreter take you to the game-preserving land! 11 Lifting Game-Updating Reductions  Application: unify previous results  E.g., a more modular proof for Full-Domain Hash in Quantum RO.

12   Takeaways  To establish quantum security of a classical scheme, assumptions, security definitions, reductions all need to be re-examined.  We’ve given characterizations for “quantum-friendly” reductions.  Simple cases: there is a tool to ease the routine wok.  Future Directions  Apply and extend our characterization and tools  Many straightforward applications  More interesting cases: rewinding, QRO, generic interpreter …  Reinvestigate fundamental objects  PesudoRandomFunctions  Quantum-accessible PRPermutations?  May shed light on quantum unitary designs.  Reduction has quantum access to adversary?  A different flavor of game-updating reductions.  E.g. Quantum Goldreich-Levin [ AC’STACS02 ] 12 Discussions Thank you!

Download ppt "Fang Song IQC, University of Waterloo -- “Quantum-Friendly” Reductions."

Similar presentations

Quantum Copy-Protection and Quantum Money Scott Aaronson (MIT) | | | Any humor in this talk is completely unintentional.

Quantum Copy-Protection and Quantum Money Scott Aaronson (MIT) | | | Any humor in this talk is completely unintentional.
Quantum Software Copy-Protection Scott Aaronson (MIT) |

Quantum Software Copy-Protection Scott Aaronson (MIT) |
Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.

Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.
Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.

Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.
New Developments in Quantum Money and Copy-Protected Software Scott Aaronson (MIT) Joint work with Paul Christiano A A.

New Developments in Quantum Money and Copy-Protected Software Scott Aaronson (MIT) Joint work with Paul Christiano A A.
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
1 1 0 0 1 0 0 0 1 0 1 0 0 1 1 1 0 0 1 1 1 1 1 1 1 1 0 1 0 0 1 0 0 1 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 1 1 1 1 0 1 1 1 0 1 1 1 0 1 0 0 1 1 0.

Dominique Unruh Non-interactive zero-knowledge with quantum random oracles Dominique Unruh University of Tartu With Andris Ambainis, Ansis Rosmanis Estonian.

Dominique Unruh Non-interactive zero-knowledge with quantum random oracles Dominique Unruh University of Tartu With Andris Ambainis, Ansis Rosmanis Estonian.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)

TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Lattice-Based Cryptography. Cryptographic Hardness Assumptions Factoring is hard Discrete Log Problem is hard  Diffie-Hellman problem is hard  Decisional.

Lattice-Based Cryptography. Cryptographic Hardness Assumptions Factoring is hard Discrete Log Problem is hard  Diffie-Hellman problem is hard  Decisional.
On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 456 Introduction to Cryptography

CMSC 456 Introduction to Cryptography
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.

Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Similar presentations

Ads by Google