Revisiting Post-Quantum Fiat-Shamir

The Fiat-Shamir transformation is a useful approach to building non-interactive arguments (of knowledge) in the random oracle model. Unfortunately, existing proof techniques are incapable of proving the security of Fiat-Shamir in the quantum setting. The problem stems from (1) the difficulty of quantum rewinding, and (2) the inability of current techniques to adaptively program random oracles in the quantum setting. In this work, we show how to overcome the limitations above in many settings. In particular, we give mild conditions under which Fiat-Shamir is secure in the quantum setting. As an application, we show that existing lattice signatures based on Fiat-Shamir are secure without any modifications.

[1]  Eike Kiltz,et al.  A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model , 2018, IACR Cryptol. ePrint Arch..

[2]  Dominique Unruh Collapse-Binding Quantum Commitments Without Random Oracles , 2016, ASIACRYPT.

[3]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[4]  Dominique Unruh,et al.  Post-quantum Security of Fiat-Shamir , 2017, ASIACRYPT.

[5]  Tommaso Gagliardoni,et al.  The Fiat-Shamir Transformation in a Quantum World , 2013, IACR Cryptol. ePrint Arch..

[6]  Stephan Krenn,et al.  Learning with Rounding, Revisited: New Reduction, Properties and Applications , 2013, IACR Cryptol. ePrint Arch..

[7]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[8]  Andris Ambainis,et al.  Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[9]  Dominique Unruh,et al.  Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model , 2015, EUROCRYPT.

[10]  Dominique Unruh,et al.  Computationally Binding Quantum Commitments , 2016, EUROCRYPT.

[11]  John Watrous Zero-Knowledge against Quantum Attacks , 2009, SIAM J. Comput..

[12]  Dominique Unruh,et al.  Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms , 2016, TCC.

[13]  Dominique Unruh,et al.  Quantum Proofs of Knowledge , 2012, IACR Cryptol. ePrint Arch..

[14]  Mark Zhandry,et al.  Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World , 2013, CRYPTO.

[15]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[16]  Serge Fehr,et al.  Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[17]  Damien Stehlé,et al.  CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[18]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[19]  Mark Zhandry,et al.  How to Record Quantum Queries, and Applications to Quantum Indifferentiability , 2019, IACR Cryptol. ePrint Arch..

[20]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[21]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[22]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[23]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..