random oracles in a quantum world
play

Random Oracles in a Quantum World Dan Boneh 1 ur Dagdelen 2 Marc - PowerPoint PPT Presentation

Sep 09, 2023 •104 likes •768 views

Introduction Positive Results Conclusion Random Oracles in a Quantum World Dan Boneh 1 ur Dagdelen 2 Marc Fischlin 2 Ozg Anja Lehmann 3 Christian Schaffner 4 Mark Zhandry 1 1 Stanford University, USA 2 CASED & Darmstadt University of

  1. Introduction Positive Results Conclusion Random Oracles in a Quantum World ¨ Dan Boneh 1 ur Dagdelen 2 Marc Fischlin 2 Ozg¨ Anja Lehmann 3 Christian Schaffner 4 Mark Zhandry 1 1 Stanford University, USA 2 CASED & Darmstadt University of Technology, Germany 3 IBM Research Zurich, Switzerland 4 University of Amsterdam and CWI, The Netherlands December 5, 2011 Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  2. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Classical Random Oracle Model Adversaries Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  3. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model Adversaries Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  4. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model (QROM) Why quantum queries? Random oracle models hash function, which a quantum adversary can evaluate on superposition. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  5. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model (QROM) Why quantum queries? Random oracle models hash function, which a quantum adversary can evaluate on superposition. Because quantum adversaries can query on a superposition, classical proofs of security do not carry over to the quantum setting. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  6. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model (QROM) Why quantum queries? Random oracle models hash function, which a quantum adversary can evaluate on superposition. Because quantum adversaries can query on a superposition, classical proofs of security do not carry over to the quantum setting. Examples: Simulating the random oracle Determining what points the adversary is interested in Programming the random oracle Rewinding Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  7. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  8. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  9. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  10. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Some classical security proofs carry over (if quantum PRFs exist). Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  11. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Some classical security proofs carry over (if quantum PRFs exist). Example: Lattice-based signatures ([GPV08]) Example: Specific instances of Full Domain Hash Generic Full Domain Hash is still open. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  12. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Some classical security proofs carry over (if quantum PRFs exist). Example: Lattice-based signatures ([GPV08]) Example: Specific instances of Full Domain Hash Generic Full Domain Hash is still open. Positive result: Encryption Schemes Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  13. Introduction Signatures Positive Results Encryption Schemes Conclusion Preimage Sampleable Functions A preimage sampleable trapdoor function (PSF) F is a triple of functions ( G , f , f − 1 ): G (1 n ) outputs ( sk , pk ) f pk ( x ) is efficiently computable, uniformly distributed for random x . f − 1 sk ( y ) samples uniformly from the set of x such that f pk ( x ) = y Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  14. Introduction Signatures Positive Results Encryption Schemes Conclusion Preimage Sampleable Functions A preimage sampleable trapdoor function (PSF) F is a triple of functions ( G , f , f − 1 ): G (1 n ) outputs ( sk , pk ) f pk ( x ) is efficiently computable, uniformly distributed for random x . f − 1 sk ( y ) samples uniformly from the set of x such that f pk ( x ) = y F = ( G , f , f − 1 ) is secure if it is one-way, collision-resistant, and has high preimage min-entropy. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  15. Introduction Signatures Positive Results Encryption Schemes Conclusion Preimage Sampleable Functions A preimage sampleable trapdoor function (PSF) F is a triple of functions ( G , f , f − 1 ): G (1 n ) outputs ( sk , pk ) f pk ( x ) is efficiently computable, uniformly distributed for random x . f − 1 sk ( y ) samples uniformly from the set of x such that f pk ( x ) = y F = ( G , f , f − 1 ) is secure if it is one-way, collision-resistant, and has high preimage min-entropy. Secure construction from lattices [GPV08] Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  16. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  17. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: sk ( m ) = f − 1 S O sk ( O ( m )). Remember this output for future queries of m Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  18. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: sk ( m ) = f − 1 S O sk ( O ( m )). Remember this output for future queries of m V O pk ( m , σ ) accepts if and only if f pk ( σ ) = O ( m ). Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  19. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: sk ( m ) = f − 1 S O sk ( O ( m )). Remember this output for future queries of m V O pk ( m , σ ) accepts if and only if f pk ( σ ) = O ( m ). Theorem Suppose F is a quantum-secure PSF, and that quantum pseudorandom functions exist. Then S is quantum secure. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  20. Introduction Signatures Positive Results Encryption Schemes Conclusion Security of GPV Signatures Two parts: Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  21. Introduction Signatures Positive Results Encryption Schemes Conclusion Security of GPV Signatures Two parts: Prove that security of a certain type of classical reduction (called history free ) implies security in the quantum setting Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  22. Introduction Signatures Positive Results Encryption Schemes Conclusion Security of GPV Signatures Two parts: Prove that security of a certain type of classical reduction (called history free ) implies security in the quantum setting Show that the reduction of [GPV08] is history free Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  23. Introduction Signatures Positive Results Encryption Schemes Conclusion (Classical) History-free Reduction Classical RO Techniques: Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  24. Introduction Signatures Positive Results Encryption Schemes Conclusion (Classical) History-free Reduction Classical RO Techniques: Simulating the random oracle. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

Recommend

Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles Junji Shikata Graduate School of Environment and Information Sciences, Yokohama National University, Japan Overview Lattice-based Cryptography

277 views • 26 slides
Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number generator with non-iid generator at 17 Gbps samples Tobias Gehring et al. Marco Avesani et al. 1 The need for random numbers Alice quantum Rx laser

346 views • 32 slides
Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren

Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren

The UKs European university Real World Crypto 2018 Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren Hurley-Smith & Julio Hernandez-Castro Index Introduction Related works Aims Experimental

563 views • 11 slides
Security Analysis of Constructions Combining FIL Random Oracles Yannick Seurin and Thomas Peyrin

Security Analysis of Constructions Combining FIL Random Oracles Yannick Seurin and Thomas Peyrin

Security Analysis of Constructions Combining FIL Random Oracles Yannick Seurin and Thomas Peyrin France Tlcom R&D and Universit de Versailles FSE 07, March 26 Intro Framework Computability Attacks Bounds Recap Applications

318 views • 19 slides
From Selective-ID to Full-ID IBS without Random Oracles Sanjit Chatterjee and Chethan Kamath

From Selective-ID to Full-ID IBS without Random Oracles Sanjit Chatterjee and Chethan Kamath

Overview Background The Transformation Conclusion and Future Work From Selective-ID to Full-ID IBS without Random Oracles Sanjit Chatterjee and Chethan Kamath Indian Institute of Science, Bangalore November 3, 2013 Overview Background The

1.34k views • 44 slides
Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael Naehrig 2 , Martin Roetteler 3 , Fernando Virdia 4 1 Department of Materials, University of Oxford, UK 2 Microsoft Research, Redmond, WA, USA 3 Microsoft

696 views • 26 slides
Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis New York University Joint work with Siyao Guo (Simons Institute, UC Berkeley) Jonathan Katz (University of Maryland) Hash Functions Are Ubiquitous

650 views • 40 slides
Combiners for Backdoored Random Oracles Balthazar Bauer, Pooya Farshim, Sogol Mazaheri ENS,

Combiners for Backdoored Random Oracles Balthazar Bauer, Pooya Farshim, Sogol Mazaheri ENS,

Combiners for Backdoored Random Oracles Balthazar Bauer, Pooya Farshim, Sogol Mazaheri ENS, Paris TU Darmstadt Backdoors 1 Backdoors It makes more sense to address any security risks by developing intercept solutions during the design

808 views • 52 slides
Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work

Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work

Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work with Alexander Russell (University of Connecticut), Moti Yung (Google & Columbia University) Hong Sheng Zhou (Virginia Commonwealth University)

578 views • 34 slides
Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs ,

Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs ,

Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs , R Istv an Kov obert Juh asz Cargese, August 25- September 6, 2014 1 Introduction Quantum phase transitions quantum spin

796 views • 28 slides
Instantiating Random Oracles via UCEs Mihir Bellare Joint work with Sriram Keelveedhi UCSD

Instantiating Random Oracles via UCEs Mihir Bellare Joint work with Sriram Keelveedhi UCSD

Instantiating Random Oracles via UCEs Mihir Bellare Joint work with Sriram Keelveedhi UCSD 1/9/13 Bellare, Stanford RWC Workshop 1 The work reported on here is very much work in progress. The UCE definition has evolved since this talk and

774 views • 44 slides
2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers World QCon London 2020 Miguel Ramalho Quantum Spectrum Software Physicists Scientists Developers Engineers Engineers Theorise Empirically

710 views • 51 slides
Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and Alexander Russell QCrypt 2020, in Cyberspace Results overview We study the simulation of random quantum objects , i.e. random quantum states

1.08k views • 72 slides
Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Cryptocurrencies & Security on the Blockchain Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM execution must be deterministic. Cannot rely on outside information But sometimes that

591 views • 17 slides
Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central

Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central

Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central mathematical puzzle: Show that the scaling limit of some kind of discrete quantum gravity (perhaps decorated by random loops, random trees, etc.) is

704 views • 29 slides
Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University

Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University

Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University Warwick 12 January 2012 Joint work with L aszl o Erd os Two standard models of quantum disorder Consider the two random Hamiltonians on

616 views • 23 slides
Chaitins halting probability and the compression of strings using oracles George Barmpalias

Chaitins halting probability and the compression of strings using oracles George Barmpalias

Chaitins halting probability and the compression of strings using oracles George Barmpalias Joint work with Andrew Lewis Institute of Software Chinese Academy of Sciences Barcelona, July 2011 Question Random data lack internal structure

191 views • 18 slides
Unitary designs from statistical mechanics in random quantum circuits Nick Hunter-Jones

Unitary designs from statistical mechanics in random quantum circuits Nick Hunter-Jones

Unitary designs from statistical mechanics in random quantum circuits Nick Hunter-Jones Perimeter Institute June 10, 2019 Yukawa Institute for Theoretical Physics Based on: NHJ, 1905.12053 Random quantum circuits are efficient implementations

708 views • 40 slides
Phylogenetics as quantum computation from quantum random walks to maximum likelihood Peter

Phylogenetics as quantum computation from quantum random walks to maximum likelihood Peter

Phylogenetics as quantum computation from quantum random walks to maximum likelihood Peter Jarvis School of Physical Sciences University of Tasmania peter.jarvis@utas.edu.au Joint work with Demosthenes Ellinas, Technical University Crete,

666 views • 34 slides
Spectral Properties of the Quantum Random Energy Model Simone Warzel Zentrum Mathematik, TUM

Spectral Properties of the Quantum Random Energy Model Simone Warzel Zentrum Mathematik, TUM

Spectral Properties of the Quantum Random Energy Model Simone Warzel Zentrum Mathematik, TUM Cargese September 4, 2014 1. The Quantum Random Energy Model Q N := { 1 , 1 } N Hamming cube: configuration space of N spins ( )( )

451 views • 15 slides
Valence Bonds in Random Quantum Magnets theory and application to YbMgGaO 4 Yukawa Institute,

Valence Bonds in Random Quantum Magnets theory and application to YbMgGaO 4 Yukawa Institute,

Valence Bonds in Random Quantum Magnets theory and application to YbMgGaO 4 Yukawa Institute, Kyoto, November 2017 Itamar Kimchi I.K., Adam Nahum, T. Senthil, arXiv:1710.06860 Valence Bonds in Random Quantum Magnets theory and application to

568 views • 34 slides
The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel Merk University of Maastricht, Sept 16 Oct 14, 2020 The Relativistic Quantum World 1 Lecture 1: The Principle of Relativity and the Speed of

613 views • 25 slides
The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel Merk University of Maastricht, Sept 16 Oct 14, 2020 The Relativistic Quantum World 1 Lecture 1: The Principle of Relativity and the Speed of

720 views • 33 slides
The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel

The Relativistic Quantum World A lecture series on Relativity Theory and Quantum Mechanics Marcel Merk University of Maastricht, Sept 16 Oct 14, 2020 The Relativistic Quantum World 1 Lecture 1: The Principle of Relativity and the Speed of

786 views • 42 slides

More recommend