Skip to main content
SpringerLink
Log in
Book cover

Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2021: Advances in Cryptology – EUROCRYPT 2021 pp 568–597Cite as

Classical vs Quantum Random Oracles

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12697))

Abstract

In this paper, we study relationship between security of cryptographic schemes in the random oracle model (ROM) and quantum random oracle model (QROM). First, we introduce a notion of a proof of quantum access to a random oracle (PoQRO), which is a protocol to prove the capability to quantumly access a random oracle to a classical verifier. We observe that a proof of quantumness recently proposed by Brakerski et al. (TQC ’20) can be seen as a PoQRO. We also give a construction of a publicly verifiable PoQRO relative to a classical oracle. Based on them, we construct digital signature and public key encryption schemes that are secure in the ROM but insecure in the QROM. In particular, we obtain the first examples of natural cryptographic schemes that separate the ROM and QROM under a standard cryptographic assumption.

On the other hand, we give lifting theorems from security in the ROM to that in the QROM for certain types of cryptographic schemes and security notions. For example, our lifting theorems are applicable to Fiat-Shamir non-interactive arguments, Fiat-Shamir signatures, and Full-Domain-Hash signatures etc. We also discuss applications of our lifting theorems to quantum query complexity.

Takashi Yamakawa—This work was done while the author was visiting Princeton University.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Subsequent to the posting of the initial version of this work online, Zhang et al. [ZYF+19] updated their paper to add a construction of a cryptographic scheme that separates the ROM and the QROM. See Sect. 1.3 for details.

  2. 2.

    The EUF-NMA security is an unforgeability against adversaries that do not make any signing query.

  3. 3.

    More precisely, it simulates a fresh random oracle \(H'\) on the fly so that this can be done efficiently. Alternatively, it can choose \(H'\) from a family of q-wise independent functions.

  4. 4.

    Since we consider the post-quantum setting where honest algorithms are classical, the only party who may quantumly access H is the adversary.

  5. 5.

    Though Zhandry [Zha19] gives another method to simulate a quantum random oracle without upper bounding the number of queries, we use a simulation by 2q-wise independent hash functions for simplicity.

  6. 6.

    Two (quantum) random oracles can be implemented by a single (quantum) random oracle by considering the first bit of the input as an index that specifies which random oracle to access.

  7. 7.

    Actually, since we only consider quantum adversaries that are only given classical access to the random oracle, there is a simpler analysis than those in [LZ19, DFMS19, DFM20] as shown in the full version.

  8. 8.

    We do not need any computational assumption in this corollary since we can construct a EUF-CMA secure digital signature scheme relative to a classical oracle in a straightforward manner.

  9. 9.

    We do not need any computational assumption in this corollary since we can construct an IND-CCA secure PKE scheme relative to a classical oracle in a straightforward manner.

  10. 10.

    Note that we consider quantum adversaries even in the classical ROM.

  11. 11.

    We only write H in the subscript of the probability since all the other randomness are always in the probability space whenever we write a probability throughout this section.

  12. 12.

    Here, it is important that \(\mathcal {B}\) does not depend on \(\mathcal {C}\) due to the switching of the order of quantifiers.

  13. 13.

    Strictly speaking, there is another difference that we consider \(\tilde{\mathcal {S}}_{H}{[}H',H(\mathbf {x}^*){]}(1^\lambda )\) for a uniformly chosen \(H'\) whereas \(\mathcal {B}\) chooses \(H'\) from a family of 2q-wise independent hash functions. However, by Lemma 2, this does not cause any difference.

  14. 14.

    Note that the theorem is applicable even though the soundness game for non-interactive arguments is not falsifiable since the challenger in our definition of classically verifiable games is not computationally bounded.

References

  1. Aaronson, S., Ambainis, A.: The need for structure in quantum speedups. Theor. Comput. 10, 133–166 (2014)

    Article  MathSciNet  Google Scholar 

  2. Aaronson, S.: BQP and the polynomial hierarchy. In: Schulman, L.J. (ed.) 42nd ACM STOC, pp. 141–150. ACM Press (Jun 2010)

    Google Scholar 

  3. Amos, R., Georgiou, M., Kiayias, A., Zhandry, M.: One-shot signatures and applications to hybrid quantum/classical authentication. In: Makarychev, K., Makarychev, Y., Tulsiani, M., Kamath, G., Chuzhoy, J. (eds.) 52nd ACM STOC, pp. 255–268. ACM Press (Jun 2020)

    Google Scholar 

  4. Agrawal, S.: Indistinguishability obfuscation without multilinear maps: new methods for bootstrapping and instantiation. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 191–225. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_7

    Chapter  Google Scholar 

  5. Agrawal, S., Pellet-Mary, A.: Indistinguishability obfuscation without maps: attacks and fixes for noisy linear FE. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 110–140. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_5

    Chapter  Google Scholar 

  6. Beals, R., Buhrman, H., Cleve, R., Mosca, M., de Wolf, R.: Quantum lower bounds by polynomials. J. ACM 48(4), 778–797 (2001)

    Article  MathSciNet  Google Scholar 

  7. Brakerski, Z., Christiano, P., Mahadev, U., Vazirani, U.V., Vidick, T.: A cryptographic test of quantumness and certifiable randomness from a single quantum device. In: Thorup, M. (ed.) 59th FOCS, pp. 320–331. IEEE Computer Society Press (Oct 2018)

    Google Scholar 

  8. Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3

    Chapter  MATH  Google Scholar 

  9. Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Factoring and pairings are not necessary for iO: circular-secure LWE suffices. IACR Cryptol. ePrint Arch. 2020, 1024 (2020)

    Google Scholar 

  10. Brakerski, Z., Koppula, V., Vazirani, U.V., Vidick, T.: Simpler proofs of quantumness. In: TQC 2020, volume 158 of LIPIcs, pp. 8:1–8:14 (2020)

    Google Scholar 

  11. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 93, pp. 62–73. ACM Press (Nov 1993)

    Google Scholar 

  12. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De. Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428

    Chapter  Google Scholar 

  13. Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34

    Chapter  Google Scholar 

  14. Don, J., Fehr, S., Majenz, C.: The measure-and-reprogram technique 2.0: multi-round fiat-shamir and more. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 602–631. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_21

    Chapter  Google Scholar 

  15. Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the fiat-shamir transformation in the quantum random-oracle model. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 356–383. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_13

    Chapter  MATH  Google Scholar 

  16. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013)

    Article  MathSciNet  Google Scholar 

  17. Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 260–274. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_16

    Chapter  Google Scholar 

  18. Fortnow, L., Rogers, J.D.: Complexity limitations on quantum computation. J. Comput. Syst. Sci. 59(2), 240–252 (1999)

    Article  MathSciNet  Google Scholar 

  19. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  20. Gay, R., Pass, R.: Indistinguishability obfuscation from circular security. Cryptology ePrint Archive, Report 2020/1010 (2020). https://eprint.iacr.org/2020/1010

  21. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 197–206. ACM Press (May 2008)

    Google Scholar 

  22. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 99–108. ACM Press (Jun 2011)

    Google Scholar 

  23. Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: IND-CCA-secure key encapsulation mechanism in the quantum random oracle model, revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 96–125. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_4

    Chapter  Google Scholar 

  24. Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of fiat-shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 552–586. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_18

    Chapter  MATH  Google Scholar 

  25. Krämer, J., Struck, P.: Encryption schemes using random oracles: from classical to post-quantum security. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 539–558. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_29

    Chapter  Google Scholar 

  26. Katsumata, S., Yamada, S., Yamakawa, T.: Tighter security proofs for GPV-IBE in the quantum random oracle model. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 253–282. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_9

    Chapter  MATH  Google Scholar 

  27. Liu, Q., Zhandry, M.: Revisiting post-quantum fiat-shamir. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 326–355. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_12

    Chapter  Google Scholar 

  28. Mahadev, U.: Classical homomorphic encryption for quantum circuits. In: Thorup, M. (ed.) 59th FOCS, pp. 332–338. IEEE Computer Society Press (Oct 2018)

    Google Scholar 

  29. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33

    Chapter  Google Scholar 

  30. Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 187–196. ACM Press (May 2008)

    Google Scholar 

  31. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1-34:40 (2009)

    Article  MathSciNet  Google Scholar 

  32. Song, F.: A note on quantum security for post-quantum cryptography. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 246–265. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_15

    Chapter  MATH  Google Scholar 

  33. Targhi, E.E., Unruh, D.: Post-quantum security of the fujisaki-okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 192–216. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_8

    Chapter  MATH  Google Scholar 

  34. Wee, H., Wichs, D.: Candidate obfuscation via oblivious LWE sampling. IACR Cryptol. ePrint Arch. 2020, 1042 (2020)

    Google Scholar 

  35. Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_44

    Chapter  MATH  Google Scholar 

  36. Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 239–268. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_9

    Chapter  Google Scholar 

  37. Zhang, J., Yu, Y., Feng, D., Fan, S., Zhang, Z.: On the (quantum) random oracle methodology: new separations and more. Cryptology ePrint Archive, Report 2019/1101 (2019). https://eprint.iacr.org/2019/1101

Download references

Author information

Authors and Affiliations

  1. NTT Secure Platform Laboratories, Tokyo, Japan

    Takashi Yamakawa

  2. Princeton University, Princeton, USA

    Mark Zhandry

  3. NTT Research, Palo Alto, USA

    Mark Zhandry

Authors
  1. Takashi Yamakawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mark Zhandry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takashi Yamakawa .

Editor information

Editors and Affiliations

  1. Inria, Paris, France

    Anne Canteaut

  2. UCLouvain, Louvain-la-Neuve, Belgium

    François-Xavier Standaert

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yamakawa, T., Zhandry, M. (2021). Classical vs Quantum Random Oracles. In: Canteaut, A., Standaert, FX. (eds) Advances in Cryptology – EUROCRYPT 2021. EUROCRYPT 2021. Lecture Notes in Computer Science(), vol 12697. Springer, Cham. https://doi.org/10.1007/978-3-030-77886-6_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-77886-6_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-77885-9

  • Online ISBN: 978-3-030-77886-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation