Skip to main content
SpringerLink
Log in
Book cover

International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2021: Advances in Cryptology – ASIACRYPT 2021 pp 575–605Cite as

Quantum Computationally Predicate-Binding Commitments with Application in Quantum Zero-Knowledge Arguments for NP

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13090))

Abstract

A quantum bit commitment scheme is to realize bit (rather than qubit) commitment by exploiting quantum communication and quantum computation. In this work, we study the binding property of the quantum string commitment scheme obtained by composing a generic quantum perfectly(resp. statistically)-hiding computationally-binding bit commitment scheme (which can be realized based on quantum-secure one-way permutations(resp. functions)) in parallel. We show that the resulting scheme satisfies a stronger quantum computational binding property, which we will call predicate-binding, than the trivial honest-binding. Intuitively and very roughly, the predicate-binding property guarantees that given any inconsistent predicate pair over a set of strings (i.e. no strings in this set can satisfy both predicates), if a (claimed) quantum commitment can be opened so that the revealed string satisfies one predicate with certainty, then the same commitment cannot be opened so that the revealed string satisfies the other predicate (except for a negligible probability).

As an application, we plug a generic quantum perfectly(resp. statistically)-hiding computationally-binding bit commitment scheme in Blum’s zero-knowledge protocol for the NP-complete language Hamiltonian Cycle. This will give rise to the first quantum perfect(resp. statistical) zero-knowledge argument system (with soundness error 1/2) for all NP languages based solely on quantum-secure one-way permutations(resp. functions). The quantum computational soundness of this system will follow immediately from the quantum computational predicate-binding property of commitments.

The full version of this paper is referred to [35].

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Actually, it is shown in [34] a much stronger result that any quantum bit commitment schemes just secure against the purification attack can be converted into a non-interactive one of the generic form. For this reason, in this paper we can focus on this generic form without loss of generality. At a very high level, the basis idea of how such a quantum round-collapse is possible is similar to the old idea of converting any non-interactive quantum bit commitment scheme into the generic form [15, 36].

  2. 2.

    The round complexity of any cryptographic task might be one of the most important parameters.

  3. 3.

    We do not claim that this holds w.r.t. a general quantum bit commitment. But any quantum bit commitment scheme can be converted to the generic form [34], as aforementioned.

  4. 4.

    All mentioned above about the strictness of the quantum binding will become clear once one reads Definition 2, which is quite simple and intuitive.

  5. 5.

    Though we will actually focus on quantum bit commitment schemes of the generic form (Definition 2) in this paper (as will become clear later), this restriction does not lose any generality due to [34], as aforementioned.

  6. 6.

    Generally, the revealed value of a quantum string commitment could be a probability distribution over this set of strings.

  7. 7.

    We note that the parallel composition of classical bit commitments secure against classical attacks gives a string commitment that is trivially predicate-binding secure against classical attacks. This is simply because the resulting string commitment (by the parallel composition) is bound to a unique classical string.

  8. 8.

    As communicated by the authors of [12] recently [13], the definition of Q-binding in the conference version of [12] has a flaw: it misses an additional information z as another input of the predicate Q to make it efficiently computable, and the sentence “We do not require Q to be efficiently computable" there should be removed.

  9. 9.

    Namely, the third assumption in [12, section “A General Framework"].

  10. 10.

    This can be seen from the extractability of their commitments.

  11. 11.

    It appears that even the reveal stage of the commitment scheme given in [19] also needs polynomial rounds of the interaction.

  12. 12.

    For the moment, we drop the security parameter to simplify the notation.

  13. 13.

    The formal definitions of a generic quantum bit commitment scheme and its computational binding propery are referred to Definition 2. Here for simplification, we neglect the auxiliary input state that the cheating sender may receive.

  14. 14.

    For the moment, we can think of them as efficiently computable predicates in the common sense for simplicity.

  15. 15.

    The tensor product m in superscripts indicates that there are m copies of the corresponding quantum register.

  16. 16.

    The number of qubits in the state that are needed depends on the quantum circuit \(Q_0 (n)\) (or \(Q_1 (n)\)).

  17. 17.

    Informally speaking, this is a kind of security that turns out to be just slightly stronger than the semi-honest security yet much weaker than the full security.

  18. 18.

    For example, consider a running of Blum’s zero-knowledge protocol for the language Hamiltonian Cycle in which the cheating prover responds to the challenge 1 of the verifier.

  19. 19.

    Sometimes, it will be more covenient to identify the function \(\mathsf {val}(\cdot )\) as an algorithm that decides the validity of a candidate witness.

  20. 20.

    We point out that a string in \(P_1\) may have multiple witnesses.

  21. 21.

    Here, our purpose of introducing \(\alpha _s\) and for \(s \not \in P_1\) is mainly for a cleaner way of writing the proof; it will not affect the places in the subsequent proof where the quantum computational binding property is applied.

  22. 22.

    We highlight that in the literature we cite, various quantum zero-knowledge properties are based on different hiding properties of (classical or quantum) commitments (secure against quantum attacks) than the one considered in this work. However, their proofs extend to our setting straightforwardly, especially the proof of quantum zero-knowledge in [36].

  23. 23.

    This can be done by combining the predicate-binding of quantum commitments with a different quantum rewinding lemma (say the one used in [30] to cope with \(\varSigma \)-protocol) than ours (i.e. Lemma 1).

References

  1. Adcock, M., Cleve, R.: A quantum Goldreich-Levin theorem with cryptographic applications. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 323–334. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45841-7_26

    Chapter  Google Scholar 

  2. Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems: the hardness of quantum rewinding. In: FOCS, pp. 474–483 (2014)

    Google Scholar 

  3. Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: One-way functions imply secure computation in a quantum world. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 467–496. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_17

    Chapter  Google Scholar 

  4. Bennett, C.H., Brassard, G.: Quantum cryptography: Public key distribution and coin tossing. In: Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, vol. 175 (1984)

    Google Scholar 

  5. Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of the International Congress of Mathematicians, vol. 1, p. 2 (1986)

    Google Scholar 

  6. Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3

    Chapter  MATH  Google Scholar 

  7. Brassard, G., Crépeau, C.: Quantum bit commitment and coin tossing protocols. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 49–61. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_4

    Chapter  Google Scholar 

  8. Chailloux, A., Kerenidis, I., Rosgen, B.: Quantum commitments from complexity assumptions. In: ICALP, no. 1, pp. 73–85 (2011)

    Google Scholar 

  9. Chia, N., Chung, K., Liu, Q., Yamakawa, T.: On the impossibility of post-quantum black-box zero-knowledge in constant rounds (2021). CoRR abs/2103.11244, https://arxiv.org/abs/2103.11244

  10. Crépeau, C., Dumais, P., Mayers, D., Salvail, L.: Computational collapse of quantum state with application to oblivious transfer. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 374–393. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_21

    Chapter  MATH  Google Scholar 

  11. Crépeau, C., Légaré, F., Salvail, L.: How to convert the flavor of a quantum bit commitment. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 60–77. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_5

    Chapter  Google Scholar 

  12. Damgård, I., Fehr, S., Salvail, L.: Zero-knowledge proofs and string commitments withstanding quantum attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 254–272. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_16

    Chapter  Google Scholar 

  13. Damgård, I., Fehr, S., Salvail, L.: Private communication (2021)

    Google Scholar 

  14. Dumais, P., Mayers, D., Salvail, L.: Perfectly concealing quantum bit commitment from any quantum one-way permutation. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 300–315. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_21

    Chapter  Google Scholar 

  15. Fang, J., Unruh, D., Yan, J., Zhou, D.: How to base security on the perfect/statistical binding property of quantum bit commitment? (2020). https://eprint.iacr.org/2020/621

  16. Goldreich, O.: Foundations of Cryptography, Basic Tools, vol. I. Cambridge University Press, Cambridge (2001)

    Book  Google Scholar 

  17. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38(3), 691–729 (1991)

    Article  MathSciNet  Google Scholar 

  18. van de Graaf, J.: Towards a formal definition of security for quantum protocols. PhD thesis, Université de Montréal (1997)

    Google Scholar 

  19. Grilo, A.B., Lin, H., Song, F., Vaikuntanathan, V.: Oblivious transfer is in MiniQCrypt. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 531–561. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_18

    Chapter  Google Scholar 

  20. Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols - a tight lower bound on the round complexity of statistically-hiding commitments. In: FOCS, pp. 669–679 (2007)

    Google Scholar 

  21. Haitner, I., Nguyen, M.H., Ong, S.J., Reingold, O., Vadhan, S.P.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009)

    Article  MathSciNet  Google Scholar 

  22. Jain, R., Kolla, A., Midrijanis, G., Reichardt, B.W.: On parallel composition of zero-knowledge proofs with black-box quantum simulators. Quant. Inf. Comput. 9(5), 513–532 (2009)

    MathSciNet  MATH  Google Scholar 

  23. Koshiba, T., Odaira, T.: Statistically-hiding quantum bit commitment from approximable-preimage-size quantum one-way function. In: Childs, A., Mosca, M. (eds.) TQC 2009. LNCS, vol. 5906, pp. 33–46. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10698-9_4

    Chapter  MATH  Google Scholar 

  24. Koshiba, T., Odaira, T.: Non-interactive statistically-hiding quantum bit commitment from any quantum one-way function (2011). arXiv:1102.3441

  25. Lo, H.K., Chau, H.F.: Why quantum bit commitment and ideal quantum coin tossing are impossible. Physica D Nonlinear Phenom. 120(1), 177–187 (1998)

    Article  MathSciNet  Google Scholar 

  26. Mahmoody, M., Pass, R.: The curious case of non-interactive commitments – on the power of black-box vs. non-black-box use of primitives. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 701–718. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_41

    Chapter  Google Scholar 

  27. Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett. 78(17), 3414–3417 (1997)

    Article  Google Scholar 

  28. Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. J. Cryptol. 11(2), 87–108 (1998)

    Article  MathSciNet  Google Scholar 

  29. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Informatioin. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  30. Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_10

    Chapter  Google Scholar 

  31. Unruh, D.: Collapse-binding quantum commitments without random oracles. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 166–195. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_6

    Chapter  Google Scholar 

  32. Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_18

    Chapter  Google Scholar 

  33. Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009)

    Article  MathSciNet  Google Scholar 

  34. Yan, J.: General properties of quantum bit commitments (2020). https://eprint.iacr.org/2020/1488

  35. Yan, J.: Quantum computationally predicate-binding commitment with application in quantum zero-knowledge argument for np. Cryptology ePrint Archive, Report 2020/1510 (2020). https://eprint.iacr.org/2020/1510

  36. Yan, J., Weng, J., Lin, D., Quan, Y.: Quantum bit commitment with application in quantum zero-knowledge proof (extended abstract). In: Elbassioni, K., Makino, K. (eds.) ISAAC 2015. LNCS, vol. 9472, pp. 555–565. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48971-0_47

    Chapter  Google Scholar 

  37. Yao, A.C.C.: Quantum circuit complexity. In: FOCS, pp. 352–361 (1993)

    Google Scholar 

Download references

Acknowledgements

We thank Dominique Unruh for helpful and inspiring discussions on the strictness of the quantum binding property and the possibility of basing quantum zero-knowledge argument for NP on computationally-binding quantum bit commitments at an early stage of this work. We are also grateful to the anonymous referees of Crypto 2021, QCrypt 2021, and Asiacrypt 2021 for their corrections and useful suggestions for the presentation of this paper.

This work was supported by the National Natural Science Foundation of China (Grant No. 61602208, No. 61932019, No. 61772521, No. 62171202, No. 61771222, and No. 61772522), by the PhD Start-up Fund of Natural Science Foundation of Guangdong Province, China (Grant No. 2014A030310333), by the Key Research Program of Frontier Sciences, CAS (Grant No. QYZDB-SSW-SYS035), and by the Open Project Program of the State Key Laboratory of Information Security, IIE, CAS (Grant No. 2015-MS-08).

Author information

Authors and Affiliations

  1. Jinan University, Guangzhou, China

    Jun Yan

Authors
  1. Jun Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jun Yan .

Editor information

Editors and Affiliations

  1. NTT Corporation, Tokyo, Japan

    Mehdi Tibouchi

  2. Nanyang Technological University, Singapore, Singapore

    Huaxiong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yan, J. (2021). Quantum Computationally Predicate-Binding Commitments with Application in Quantum Zero-Knowledge Arguments for NP. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13090. Springer, Cham. https://doi.org/10.1007/978-3-030-92062-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92062-3_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92061-6

  • Online ISBN: 978-3-030-92062-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation