Superposition Attacks on Cryptographic Protocols

Attacks on cryptographic protocols are usually modeled by allowing an adversary to ask queries to an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece of information. Even if the protocol is quantum, the queries are typically classical. In this paper, we introduce a new model of quantum attacks on protocols, where the adversary is allowed quantum access to the primitive, i.e., he may ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold \(t\) in the standard model is secure against superposition attacks if and only if the threshold is lowered to \(t/2\). This holds for all classical as well as all known quantum secret sharing schemes. We then consider zero- knowledge and first show that known protocols are not, in general, secure in our model by designing a superposition attack on the well-known zero-knowledge protocol for graph isomorphism. We then use our secret-sharing result to design zero-knowledge proofs for all of NP in the common reference string model. While our protocol is classical, it is sound against a cheating unbounded quantum prover and computational zero-knowledge even if the verifier is allowed a superposition attack. Finally, we consider multiparty computation and give a characterization of a class of protocols that can be shown secure, though not necessarily with efficient simulation. We show that this class contains non-trivial protocols that cannot be shown secure by running a classical simulator in superposition.

[1]  Serge Fehr,et al.  Composing Quantum Protocols in a Classical Environment , 2009, TCC.

[2]  Ivan Damgård,et al.  Zero-Knowledge Proofs and String Commitments Withstanding Quantum Attacks , 2004, CRYPTO.

[3]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[4]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[5]  John Watrous,et al.  Zero-knowledge against quantum attacks , 2005, STOC '06.

[6]  Moni Naor,et al.  Cryptography and Game Theory: Designing Protocols for Exchanging Information , 2008, TCC.

[7]  A. Winter,et al.  ON THE EXISTENCE OF PHYSICAL TRANSFORMATIONS BETWEEN SETS OF QUANTUM STATES , 2003, quant-ph/0307227.

[8]  Avinatan Hassidim,et al.  Secure Multiparty Quantum Computation with (Only) a Strict Honest Majority , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[9]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[10]  Moni Naor,et al.  Games for exchanging information , 2008, STOC.

[11]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[12]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[13]  Rafail Ostrovsky,et al.  Zero-Knowledge Proofs from Secure Multiparty Computation , 2009, SIAM J. Comput..

[14]  Mark Zhandry,et al.  Quantum-Secure Message Authentication Codes , 2013, IACR Cryptol. ePrint Arch..