random oracles in a quantum world
play

Random Oracles in a Quantum World Dan Boneh 1 ur Dagdelen 2 Marc - PowerPoint PPT Presentation

Sep 09, 2023 •104 likes •768 views

Introduction Positive Results Conclusion Random Oracles in a Quantum World Dan Boneh 1 ur Dagdelen 2 Marc Fischlin 2 Ozg Anja Lehmann 3 Christian Schaffner 4 Mark Zhandry 1 1 Stanford University, USA 2 CASED & Darmstadt University of

  1. Introduction Positive Results Conclusion Random Oracles in a Quantum World ¨ Dan Boneh 1 ur Dagdelen 2 Marc Fischlin 2 Ozg¨ Anja Lehmann 3 Christian Schaffner 4 Mark Zhandry 1 1 Stanford University, USA 2 CASED & Darmstadt University of Technology, Germany 3 IBM Research Zurich, Switzerland 4 University of Amsterdam and CWI, The Netherlands December 5, 2011 Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  2. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Classical Random Oracle Model Adversaries Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  3. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model Adversaries Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  4. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model (QROM) Why quantum queries? Random oracle models hash function, which a quantum adversary can evaluate on superposition. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  5. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model (QROM) Why quantum queries? Random oracle models hash function, which a quantum adversary can evaluate on superposition. Because quantum adversaries can query on a superposition, classical proofs of security do not carry over to the quantum setting. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  6. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Quantum Random Oracle Model (QROM) Why quantum queries? Random oracle models hash function, which a quantum adversary can evaluate on superposition. Because quantum adversaries can query on a superposition, classical proofs of security do not carry over to the quantum setting. Examples: Simulating the random oracle Determining what points the adversary is interested in Programming the random oracle Rewinding Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  7. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  8. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  9. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  10. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Some classical security proofs carry over (if quantum PRFs exist). Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  11. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Some classical security proofs carry over (if quantum PRFs exist). Example: Lattice-based signatures ([GPV08]) Example: Specific instances of Full Domain Hash Generic Full Domain Hash is still open. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  12. Introduction Quantum Random Oracle Model Positive Results Our Results Conclusion Our Results Separation result: Scheme secure in classical ROM, but insecure in QROM Identification scheme Positive result: Signature Schemes Some classical security proofs carry over (if quantum PRFs exist). Example: Lattice-based signatures ([GPV08]) Example: Specific instances of Full Domain Hash Generic Full Domain Hash is still open. Positive result: Encryption Schemes Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  13. Introduction Signatures Positive Results Encryption Schemes Conclusion Preimage Sampleable Functions A preimage sampleable trapdoor function (PSF) F is a triple of functions ( G , f , f − 1 ): G (1 n ) outputs ( sk , pk ) f pk ( x ) is efficiently computable, uniformly distributed for random x . f − 1 sk ( y ) samples uniformly from the set of x such that f pk ( x ) = y Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  14. Introduction Signatures Positive Results Encryption Schemes Conclusion Preimage Sampleable Functions A preimage sampleable trapdoor function (PSF) F is a triple of functions ( G , f , f − 1 ): G (1 n ) outputs ( sk , pk ) f pk ( x ) is efficiently computable, uniformly distributed for random x . f − 1 sk ( y ) samples uniformly from the set of x such that f pk ( x ) = y F = ( G , f , f − 1 ) is secure if it is one-way, collision-resistant, and has high preimage min-entropy. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  15. Introduction Signatures Positive Results Encryption Schemes Conclusion Preimage Sampleable Functions A preimage sampleable trapdoor function (PSF) F is a triple of functions ( G , f , f − 1 ): G (1 n ) outputs ( sk , pk ) f pk ( x ) is efficiently computable, uniformly distributed for random x . f − 1 sk ( y ) samples uniformly from the set of x such that f pk ( x ) = y F = ( G , f , f − 1 ) is secure if it is one-way, collision-resistant, and has high preimage min-entropy. Secure construction from lattices [GPV08] Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  16. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  17. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: sk ( m ) = f − 1 S O sk ( O ( m )). Remember this output for future queries of m Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  18. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: sk ( m ) = f − 1 S O sk ( O ( m )). Remember this output for future queries of m V O pk ( m , σ ) accepts if and only if f pk ( σ ) = O ( m ). Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  19. Introduction Signatures Positive Results Encryption Schemes Conclusion Example: GPV Signatures Given a PSF F = ( G , f , f − 1 ), construct a signature scheme S O = ( G , S O , V O ) as follows: sk ( m ) = f − 1 S O sk ( O ( m )). Remember this output for future queries of m V O pk ( m , σ ) accepts if and only if f pk ( σ ) = O ( m ). Theorem Suppose F is a quantum-secure PSF, and that quantum pseudorandom functions exist. Then S is quantum secure. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  20. Introduction Signatures Positive Results Encryption Schemes Conclusion Security of GPV Signatures Two parts: Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  21. Introduction Signatures Positive Results Encryption Schemes Conclusion Security of GPV Signatures Two parts: Prove that security of a certain type of classical reduction (called history free ) implies security in the quantum setting Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  22. Introduction Signatures Positive Results Encryption Schemes Conclusion Security of GPV Signatures Two parts: Prove that security of a certain type of classical reduction (called history free ) implies security in the quantum setting Show that the reduction of [GPV08] is history free Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  23. Introduction Signatures Positive Results Encryption Schemes Conclusion (Classical) History-free Reduction Classical RO Techniques: Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

  24. Introduction Signatures Positive Results Encryption Schemes Conclusion (Classical) History-free Reduction Classical RO Techniques: Simulating the random oracle. Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, Zhandry Random Oracles in a Quantum World

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles Junji Shikata Graduate School of Environment and Information Sciences, Yokohama National University, Japan Overview Lattice-based Cryptography

277 views • 26 slides
Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number generator with non-iid generator at 17 Gbps samples Tobias Gehring et al. Marco Avesani et al. 1 The need for random numbers Alice quantum Rx laser

346 views • 32 slides
Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren

Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren

The UKs European university Real World Crypto 2018 Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren Hurley-Smith & Julio Hernandez-Castro Index Introduction Related works Aims Experimental

563 views • 11 slides
Security Analysis of Constructions Combining FIL Random Oracles Yannick Seurin and Thomas Peyrin

Security Analysis of Constructions Combining FIL Random Oracles Yannick Seurin and Thomas Peyrin

Security Analysis of Constructions Combining FIL Random Oracles Yannick Seurin and Thomas Peyrin France Tlcom R&D and Universit de Versailles FSE 07, March 26 Intro Framework Computability Attacks Bounds Recap Applications

318 views • 19 slides
From Selective-ID to Full-ID IBS without Random Oracles Sanjit Chatterjee and Chethan Kamath

From Selective-ID to Full-ID IBS without Random Oracles Sanjit Chatterjee and Chethan Kamath

Overview Background The Transformation Conclusion and Future Work From Selective-ID to Full-ID IBS without Random Oracles Sanjit Chatterjee and Chethan Kamath Indian Institute of Science, Bangalore November 3, 2013 Overview Background The

1.34k views • 44 slides
Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael

Implementing Grover Oracles for Quantum Key Search on AES and LowMC Samuel Jaques 1 , Michael Naehrig 2 , Martin Roetteler 3 , Fernando Virdia 4 1 Department of Materials, University of Oxford, UK 2 Microsoft Research, Redmond, WA, USA 3 Microsoft

696 views • 26 slides
Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis New York University Joint work with Siyao Guo (Simons Institute, UC Berkeley) Jonathan Katz (University of Maryland) Hash Functions Are Ubiquitous

650 views • 40 slides
Combiners for Backdoored Random Oracles Balthazar Bauer, Pooya Farshim, Sogol Mazaheri ENS,

Combiners for Backdoored Random Oracles Balthazar Bauer, Pooya Farshim, Sogol Mazaheri ENS,

Combiners for Backdoored Random Oracles Balthazar Bauer, Pooya Farshim, Sogol Mazaheri ENS, Paris TU Darmstadt Backdoors 1 Backdoors It makes more sense to address any security risks by developing intercept solutions during the design

808 views • 52 slides
Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work

Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work

Correcting Subverted Random Oracles Qiang Tang New Jersey Institute of Technology Joint work with Alexander Russell (University of Connecticut), Moti Yung (Google & Columbia University) Hong Sheng Zhou (Virginia Commonwealth University)

578 views • 34 slides
Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs ,

Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs ,

Renormalization of random quantum magnets Ferenc Igl oi (Budapest) in collaboration with acs , R Istv an Kov obert Juh asz Cargese, August 25- September 6, 2014 1 Introduction Quantum phase transitions quantum spin

796 views • 28 slides
Instantiating Random Oracles via UCEs Mihir Bellare Joint work with Sriram Keelveedhi UCSD

Instantiating Random Oracles via UCEs Mihir Bellare Joint work with Sriram Keelveedhi UCSD

Instantiating Random Oracles via UCEs Mihir Bellare Joint work with Sriram Keelveedhi UCSD 1/9/13 Bellare, Stanford RWC Workshop 1 The work reported on here is very much work in progress. The UCE definition has evolved since this talk and

774 views • 44 slides
2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers World QCon London 2020 Miguel Ramalho Quantum Spectrum Software Physicists Scientists Developers Engineers Engineers Theorise Empirically

710 views • 51 slides
Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and

Efficient Simulation of Random States and Random Unitaries Gorjan Alagic, Christian Majenz and Alexander Russell QCrypt 2020, in Cyberspace Results overview We study the simulation of random quantum objects , i.e. random quantum states

1.08k views • 72 slides
Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Cryptocurrencies & Security on the Blockchain Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM execution must be deterministic. Cannot rely on outside information But sometimes that

591 views • 17 slides
Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central

Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central

Liouville Quantum gravity and KPZ Scott Sheffield Scaling limits of random planar maps Central mathematical puzzle: Show that the scaling limit of some kind of discrete quantum gravity (perhaps decorated by random loops, random trees, etc.) is

704 views • 29 slides
Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University

Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University

Quantum Diffusion and Delocalization for Random Band Matrices Antti Knowles Harvard University Warwick 12 January 2012 Joint work with L aszl o Erd os Two standard models of quantum disorder Consider the two random Hamiltonians on

616 views • 23 slides
Stochastic optimization and sparse statistical recovery: An optimal algorithm for high dimensions

Stochastic optimization and sparse statistical recovery: An optimal algorithm for high dimensions

Stochastic optimization and sparse statistical recovery: An optimal algorithm for high dimensions Alekh Agarwal Microsoft Research Joint work with Sahand Negahban and Martin Wainwright Workshop on Optimization and Statistical Learning 2013, Les

695 views • 42 slides
Optimality and Support Projection Algorithm for Sparsity Constrained Minimization Lili Pan

Optimality and Support Projection Algorithm for Sparsity Constrained Minimization Lili Pan

Optimality and Support Projection Algorithm for Sparsity Constrained Minimization Lili Pan , Naihua Xiu , Shenglong Zhou Department of Applied Mathematics, Beijing Jiaotong University School of Science, Shandong University of

849 views • 38 slides
Optimal Approximation of Queries Using Tractable Propositional Languages Robert Fink and Dan

Optimal Approximation of Queries Using Tractable Propositional Languages Robert Fink and Dan

Optimal Approximation of Queries Using Tractable Propositional Languages Robert Fink and Dan Olteanu (ICDT 2011) Oxford University Department of Computer Science DAHU Seminar ENS Cachan February 2012 Motivation for approximation in

703 views • 45 slides
CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Greedy Huffman Coding Wheeler Ruml

CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Greedy Huffman Coding Wheeler Ruml

CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Greedy Huffman Coding Wheeler Ruml (UNH) Class 12, CS 758 1 / 22 Greedy Greedy Scheduling Rules Algorithm Proof Greedy Choice Opt. Substructure

536 views • 24 slides
Further exploitation of the RB framework Yvon Maday, Laboratoire Jacques-Louis Lions Sorbonne

Further exploitation of the RB framework Yvon Maday, Laboratoire Jacques-Louis Lions Sorbonne

Further exploitation of the RB framework Yvon Maday, Laboratoire Jacques-Louis Lions Sorbonne Universit, Paris, Roscoff, France, Institut Universitaire de France Providence February 2020 Mathematics of Reduced Order Models Reduced Basis

931 views • 76 slides
Some Approaches to Complexity Reduction: Application to Computational Chemistry Yvon Maday,

Some Approaches to Complexity Reduction: Application to Computational Chemistry Yvon Maday,

Some Approaches to Complexity Reduction: Application to Computational Chemistry Yvon Maday, Laboratoire Jacques-Louis Lions Universit Pierre et Marie Curie, Paris, Roscoff, Institut Universitaire de France and January 2020 ICODE workshop on

1.71k views • 150 slides
Sea earch of E threshold in 70 70 Ni E1 1 strenght around th Ni O.Wieland, A.Bracco, R.

Sea earch of E threshold in 70 70 Ni E1 1 strenght around th Ni O.Wieland, A.Bracco, R.

Sea earch of E threshold in 70 70 Ni E1 1 strenght around th Ni O.Wieland, A.Bracco, R. Avigo, F. Camera, H. Baba, N. Nakatsuka, Y. Togano et al. INFN sez. Milano, RIKEN-RIBF, Kyoto Uni., Tokyo IT, et al. Goal: Search and Measurement of

479 views • 15 slides
Chapter 5: Probability models 1. Random variables: a) Idea. b) Discrete and continuous

Chapter 5: Probability models 1. Random variables: a) Idea. b) Discrete and continuous

Applied Statistics Chapter 5: Probability models 1. Random variables: a) Idea. b) Discrete and continuous variables. c) The probability function (density) and the distribution function. d) Mean and variance of a random variable. 2. Probability

644 views • 25 slides

More recommend