Quantum commitments and signatures without one-way functions

All known constructions of classical or quantum commitments require at least one-way functions. Are one-way functions really necessary for commitments? In this paper, we show that non-interactive quantum commitments (for classical messages) with computational hiding and statistical binding exist if pseudorandom quantum states exist. Pseudorandom quantum states are sets of quantum states that are efficiently generated but computationally indistinguishable from Haar random states [Z. Ji, Y.-K. Liu, and F. Song, CRYPTO 2018]. It is known that pseudorandom quantum states exist even if BQP = QMA (relative to a quantum oracle) [W. Kretschmer, TQC 2021], which means that pseudorandom quantum states can exist even if no quantum-secure classical cryptographic primitive exists. Our result therefore shows that quantum commitments can exist even if no quantum-secure classical cryptographic primitive exists. In particular, quantum commitments can exist even if no quantum-secure one-way function exists. We also show that one-time secure signatures with quantum public keys exist if pseudorandom quantum states exist. In the classical setting, the existence of signatures is equivalent to the existence of one-way functions. Our result, on the other hand, suggests that quantum signatures can exist even if no quantum-secure classical cryptographic primitive (including quantum-secure one-way functions) exists.

[1]  Ashwin Nayak,et al.  Bit-commitment-based quantum coin flipping , 2002, quant-ph/0206123.

[2]  Jun Yan General Properties of Quantum Bit Commitment , 2020, IACR Cryptol. ePrint Arch..

[3]  Dominique Unruh Collapse-Binding Quantum Commitments Without Random Oracles , 2016, ASIACRYPT.

[4]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[5]  L. Salvail,et al.  Quantum oblivious transfer is secure against all individual measurements , 1994, Proceedings Workshop on Physics and Computation. PhysComp '94.

[6]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[7]  Rafael Pass,et al.  The Curious Case of Non-Interactive Commitments - On the Power of Black-Box vs. Non-Black-Box Use of Primitives , 2012, CRYPTO.

[8]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[9]  Louis Salvail,et al.  How to Convert the Flavor of a Quantum Bit Commitment , 2001, EUROCRYPT.

[10]  Justin M. Reyneri,et al.  Coin flipping by telephone , 1984, IEEE Trans. Inf. Theory.

[11]  Gilles Brassard,et al.  Quantum cryptography: Public key distribution and coin tossing , 2014, Theor. Comput. Sci..

[12]  Takeshi Koshiba,et al.  Statistically-Hiding Quantum Bit Commitment from Approximable-Preimage-Size Quantum One-Way Function , 2009, TCQ.

[13]  Hoi-Kwong Lo,et al.  Is Quantum Bit Commitment Really Possible? , 1996, ArXiv.

[14]  Michael Luby,et al.  Pseudo-random permutation generators and cryptographic composition , 1986, STOC '86.

[15]  Joe Kilian,et al.  Achieving Oblivious Transfer Using Weakened Security Assumptions (Extended Abstract) , 1988, FOCS 1988.

[16]  Vinod Vaikuntanathan,et al.  Oblivious Transfer is in MiniQCrypt , 2020, IACR Cryptol. ePrint Arch..

[17]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[18]  Louis Salvail,et al.  Perfectly Concealing Quantum Bit Commitment from any Quantum One-Way Permutation , 2000, EUROCRYPT.

[19]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[20]  S. Rajsbaum Foundations of Cryptography , 2014 .

[21]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[22]  William Kretschmer Quantum Pseudorandomness and Classical Complexity , 2021, TQC.

[23]  Dongdai Lin,et al.  Quantum Bit Commitment with Application in Quantum Zero-Knowledge Proof (Extended Abstract) , 2015, ISAAC.

[24]  Ivan Damgård,et al.  Improving the Security of Quantum Protocols via Commit-and-Open , 2009, CRYPTO.

[25]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[26]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[27]  A. Coladangelo,et al.  One-Way Functions Imply Secure Computation in a Quantum World , 2020, IACR Cryptol. ePrint Arch..

[28]  Andrew Chi-Chih Yao,et al.  Security of quantum protocols against coherent measurements , 1995, STOC '95.

[29]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[30]  Zvika Brakerski,et al.  (Pseudo) Random Quantum States with Binary Phase , 2019, TCC.

[31]  Takeshi Koshiba,et al.  Computational Indistinguishability Between Quantum States and Its Cryptographic Application , 2004, Journal of Cryptology.

[32]  Dehua Zhou,et al.  How to Base Security on the Perfect/Statistical Binding Property of Quantum Bit Commitment? , 2020, IACR Cryptol. ePrint Arch..