Quantum Security for Post Quantum Cryptography QuantumFriendly Reductions
![A Useful Condition for Closedness OWF [Rompel] [Lamport] One-Time Signature [Merkle] (Full-fledged) Hash-Tree Signature](https://slidetodoc.com/presentation_image_h2/3ef88f55f1077c95c902bc848450eb40/image-10.jpg "A Useful Condition for Closedness OWF [Rompel] [Lamport] One-Time Signature [Merkle] (Full-fledged) Hash-Tree Signature")
- Slides: 12
Quantum Security for Post. Quantum Cryptography -- “Quantum-Friendly” Reductions Fang Song IQC, University of Waterloo
How do quantum attacks change classical cryptography? Crypto-systems based on the hardness of factoring and discrete-log are broken § Factoring and discrete-log are easy on a quantum computer [Shor’ 97] Relax…, there are “hard” problems for quantum computers § Lattices, code-based, multivariate equations, § Super-singular elliptic curve isogenies § … v Unfortunately, this is not the end of the story… 2
What do We Mean by “Secure”? ? § So far, only can do quantum rewinding in special cases [Wat 09, Unr 12]. 3
What do We Mean by “Secure”? 4
What I Did in This Work Q: What classical security reductions can go through against quantum attacks? Main Result: Characterize “Quantum-Friendly” reductions. Case 1: Class-Respectful Reductions § Common case: adversary has quantum inner working, classical interaction with outside world. § Formalize sufficient conditions, simple to check. § Application: (quantum-safe) one-way functions Signatures v An efficient variant: XMSS [BHH 11] (Motivation of this work) v Not surprising; just making routine work rigorous and easier Case 2: Class-Translatable Reductions § Unify a few previous works, e. g. , Full-Domain Hash in QRO Side: Spell out Provable Quantum Security § Before “how”, be clear “what” to do to establish quantum security 5
Review: Provable Classical Security Use Games to formalize the following: Computational Assumption Security Requirement A C Security Reduction A B C T Usually consider polytime adversaries 6
Provable Quantum Security Every component needs a “quantum” inspection Quantum Classical Decide what is proper in your setting e. g. , allow quantum superposition queries? 7
Lifting Game-Preserving Reductions 8
Lifting Game-Preserving Reductions (Cont’d) 9
A Useful Condition for Closedness OWF [Rompel] [Lamport] One-Time Signature [Merkle] (Full-fledged) Hash-Tree Signature Universal One-Way Hash Functions 10
Lifting Game-Updating Reductions Upshot: let an interpreter take you to the game-preserving land! ? Application: unify previous results § E. g. , a more modular proof for Full-Domain Hash in Quantum RO. 11
Discussions Takeaways § To establish quantum security of a classical scheme, assumptions, security definitions, reductions all need to be re-examined. § We’ve given characterizations for “quantum-friendly” reductions. v Simple cases: there is a tool to ease the routine wok. Future Directions § Apply and extend our characterization and tools v Many straightforward applications v More interesting cases: rewinding, QRO, generic interpreter … § Reinvestigate fundamental objects v Pesudo. Random. Functions Quantum-accessible PRPermutations? v May shed light on quantum unitary designs. § Reduction has quantum access to adversary? v A different flavor of game-updating reductions. v E. g. Quantum Goldreich-Levin [AC’STACS 02] Thank you! 12
Firms react to unplanned inventory reductions by
Wireless security in cryptography and network security
Provate security
Cryptography security services
Security services in cryptography
Modulo table
Introduction to cryptography and network security
Number theory in network security
Firewall in cryptography and network security
Authentication in cryptography and network security
Intruders in cryptography and network security
Cryptography security goals
Primitive root in cryptography and network security
