Quantum Indistinguishability for Public Key Encryption.

In this work we study the quantum security of public key encryption schemes. Boneh and Zhandry (CRYPTO'13) initiated this research area for symmetric and public key encryption, albeit restricted to a classical indistinguishability phase. Gagliardoni et al. (CRYPTO'16) advanced the study of quantum security by giving, for symmetric key encryption schemes, the first definition with a quantum indistinguishability phase. For public key encryption schemes, on the other hand, no notion of quantum security with a quantum indistinguishability phase exists. Our main result is a novel quantum security notion (qINDqCPA) for public key encryption with a quantum indistinguishability phase, which closes the aforementioned gap. Furthermore, we show that the canonical LWE-based encryption scheme achieves our quantum security notion, show that our notion is strictly stronger than existing security notions, and study the general classification of quantum-resistant public key encryption schemes. Our core idea follows the approach of Gagliardoni et al. by using so-called type-2 operators for encrypting the challenge message. At first glance, type-2 operators appear unnatural for public key encryption schemes, as the canonical way of building them requires both the secret and the public key. However, we identify a class of encryption schemes - which we call recoverable - and show that for this class of schemes, type-2 operators require merely the public key. Moreover, recoverable schemes allow to realise type-2 operators even if they suffer from decryption failures, which in general thwarts the reversibility mandated by type-2 operators. Our work reveals that many real-world quantum-resistant schemes, including most round 2 NIST PQC candidates, are indeed recoverable.

[1]  Hidenori Kuwakado,et al.  Quantum distinguisher between the 3-round Feistel cipher and the random permutation , 2010, 2010 IEEE International Symposium on Information Theory.

[2]  Kenneth G. Paterson,et al.  Tightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts , 2017, ESORICS.

[3]  Stacey Jeffery,et al.  Quantum Homomorphic Encryption for Circuits of Low T-gate Complexity , 2014, CRYPTO.

[4]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[5]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[6]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[7]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[8]  Moni Naor,et al.  Immunizing Encryption Schemes from Decryption Errors , 2004, EUROCRYPT.

[9]  Isaac L. Chuang,et al.  Quantum Computation and Quantum Information (10th Anniversary edition) , 2011 .

[10]  Martin Roetteler,et al.  A note on quantum related-key attacks , 2013, Inf. Process. Lett..

[11]  Dominique Unruh,et al.  On quantum indistinguishability under chosen plaintext attack , 2020, IACR Cryptol. ePrint Arch..

[12]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[13]  Ivan Damgård,et al.  Superposition Attacks on Cryptographic Protocols , 2011, ICITS.

[14]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[15]  Tommaso Gagliardoni,et al.  Unforgeable Quantum Encryption , 2017, IACR Cryptol. ePrint Arch..

[16]  Ehsan Ebrahimi,et al.  On the Security Notions for Encryption in a Quantum World , 2020, IACR Cryptol. ePrint Arch..

[17]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[18]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[19]  Tommaso Gagliardoni,et al.  Quantum Security of Cryptographic Primitives , 2017, ArXiv.

[20]  Rachid El Bansarkhani LARA - A Design Concept for Lattice-based Encryption , 2019, IACR Cryptol. ePrint Arch..

[21]  Tommaso Gagliardoni,et al.  Can you sign a quantum state? , 2018, IACR Cryptol. ePrint Arch..

[22]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[23]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[24]  Elham Kashefi,et al.  Comparison of quantum oracles , 2002 .

[25]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[26]  Tommaso Gagliardoni,et al.  Semantic Security and Indistinguishability in the Quantum World , 2015, IACR Cryptol. ePrint Arch..

[27]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[28]  Mark Zhandry,et al.  Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World , 2013, CRYPTO.

[29]  Yu Sasaki,et al.  Quantum Chosen-Ciphertext Attacks against Feistel Ciphers , 2019, IACR Cryptol. ePrint Arch..

[30]  Alexander Russell,et al.  Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts , 2016, EUROCRYPT.

[31]  Tommaso Gagliardoni,et al.  Computational Security of Quantum Encryption , 2016, ICITS.

[32]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[33]  Mark Zhandry,et al.  How to Record Quantum Queries, and Applications to Quantum Indifferentiability , 2019, IACR Cryptol. ePrint Arch..

[34]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[35]  Fang Song,et al.  Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model , 2015, IACR Cryptol. ePrint Arch..

[36]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[37]  John Watrous,et al.  Zero-knowledge against quantum attacks , 2005, STOC '06.

[38]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[39]  Dominique Unruh,et al.  Post-Quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation , 2016, PQCrypto.

[40]  Hidenori Kuwakado,et al.  Security on the quantum-type Even-Mansour cipher , 2012, 2012 International Symposium on Information Theory and its Applications.

[41]  Juliane Krämer,et al.  Encryption Schemes using Random Oracles: from Classical to Post-Quantum Security , 2020, IACR Cryptol. ePrint Arch..

[42]  Rüdiger Schack,et al.  Concrete Security Against Adversaries with Quantum Superposition Access to Encryption and Decryption Oracles , 2016, ArXiv.