Skip to main content
SpringerLink
Log in

Quantum Rewinding for Many-Round Protocols

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13747))

Included in the following conference series:

Abstract

We investigate the security of succinct arguments against quantum adversaries. Our main result is a proof of knowledge-soundness in the post-quantum setting for a class of multi-round interactive protocols, including those based on the recursive folding technique of Bulletproofs. To prove this result, we devise a new quantum rewinding strategy, the first that allows for rewinding across many rounds. This technique applies to any protocol satisfying natural multi-round generalizations of special soundness and collapsing. For our main result, we show that recent Bulletproofs-like protocols based on lattices satisfy these properties, and are hence sound against quantum adversaries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Collapsing can be thought of as the quantum analogue of collision-resistance, and loosely speaking it requires that it is hard to determine whether a register containing valid pre-images of a given \(\textbf{y}\) was measured or not.

  2. 2.

    [16] proposes an extended computational model (in the context of zero knowledge simulation) which does permit this. However, this is not sufficient for our setting: While the model supports black-box access to unitary dilations of EQPT algorithms, here we would require a unitary dilation of an EQPT algorithm which itself calls the unitary dilation of an EQPT algorithm, etc.

  3. 3.

    Rigorously, the matrix \(\textbf{A} \) is sampled uniformly at random by a setup algorithm, and is taken as input by the prover and the verifier as a public parameter.

  4. 4.

    We focus only on the component of lattice-based Bulletproofs protocols where the witness folding technique is applied, since this is the technically challenging component in the quantum setting.

  5. 5.

    A subtractive set, also known as an exceptional sequence, is a set of ring elements such that the difference between any distinct members is invertible over the ring.

  6. 6.

    In general, \(r_j\) could be sampled from a public distribution over \(R_j\).

References

  1. Albrecht, M.R., Cini, V., Lai, R.W.F., Malavolta, G., Thyagarajan, S.A.K.: Lattice-based snarks: publicly verifiable, preprocessing, and recursively composable. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology–CRYPTO 2022. Lecture Notes in Computer Science, vol. 13508, pp. 102–132. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_4

    Chapter  Google Scholar 

  2. Albrecht, M.R., Lai, R.W.F.: Subtractive sets over cyclotomic rings. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 519–548. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_18

    Chapter  Google Scholar 

  3. Attema, T., Cramer, R.: Compressed \(\varSigma \)-protocol theory and practical application to plug & play secure algorithmics. In: Micciancio, Daniele, Ristenpart, Thomas (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 513–543. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_18

  4. Attema, T., Cramer, R., Kohl, L.: A compressed \(\varSigma \)-protocol theory for lattices. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12826, pp. 549–579. Springer, Heidelberg, Virtual Event (Aug 2021). https://doi.org/10.1007/978-3-030-84245-1_19

  5. Attema, T., Fehr, S.: Parallel repetition of \((k_1,\dots , k_{\mu })\)-special-sound multi-round interactive proofs. Cryptology ePrint Archive, Report 2021/1259 (2021). https://ia.cr/2021/1259

  6. Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 31–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_2

    Chapter  Google Scholar 

  7. Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 327–357. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_12

    Chapter  MATH  Google Scholar 

  8. Bootle, J., Chiesa, A., Sotiraki, K.: Sumcheck arguments and their applications. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 742–773. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_26

    Chapter  Google Scholar 

  9. Bootle, J., Lyubashevsky, V., Nguyen, N.K., Seiler, G.: A non-PCP approach to succinct quantum-safe zero-knowledge. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 441–469. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_16

    Chapter  Google Scholar 

  10. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE (2018). https://doi.org/10.1109/SP.2018.00020

  11. Chiesa, A., Ma, F., Spooner, N., Zhandry, M.: Post-quantum succinct arguments: Breaking the quantum rewinding barrier. In: FOCS, pp. 49–58. IEEE (2021)

    Google Scholar 

  12. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868

    Chapter  Google Scholar 

  13. Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: 24th ACM STOC, pp. 723–732. ACM Press (1992). https://doi.org/10.1145/129712.129782

  14. Lai, R.W.F., Malavolta, G., Ronge, V.: Succinct arguments for bilinear group arithmetic: practical structure-preserving cryptography. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 2057–2074. ACM Press (2019). https://doi.org/10.1145/3319535.3354262

  15. Liu, Q., Zhandry, M.: Revisiting post-quantum fiat-Shamir. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 326–355. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_12

    Chapter  Google Scholar 

  16. Lombardi, A., Ma, F., Spooner, N.: Post-quantum zero knowledge, revisited (or: How to do quantum rewinding undetectably). CoRR abs/2111.12257 (2021)

    Google Scholar 

  17. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  18. Ma, F.: Quantum-secure commitments and collapsing hash functions. https://www.cs.princeton.edu/fermim/talks/collapse-binding.pdf (2020)

  19. Marriott, C., Watrous, J.: Quantum arthur-merlin games. In: Computational Complexity Conference, pp. 275–285. IEEE (2004)

    Google Scholar 

  20. Micali, S.: CS proofs (extended abstracts). In: 35th FOCS, pp. 436–453. IEEE (1994). https://doi.org/10.1109/SFCS.1994.365746

  21. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press (2005). https://doi.org/10.1145/1060590.1060603

  22. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th FOCS, pp. 124–134. IEEE (1994). https://doi.org/10.1109/SFCS.1994.365700

  23. Stehlé, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27–47. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_4

    Chapter  Google Scholar 

  24. Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_10

    Chapter  Google Scholar 

  25. Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_18

    Chapter  Google Scholar 

  26. Winter, A.: Coding theorem and strong converse for quantum channels. IEEE Trans. Inf. Theory 45(7), 2481–2485 (1999). https://doi.org/10.1109/18.796385, https://doi.org/10.1109

  27. Zhandry, M.: Schrödinger’s pirate: how to trace a quantum decoder. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 61–91. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_3

    Chapter  Google Scholar 

Download references

Acknowledgments

The authors thank Fermi Ma for many helpful discussions throughout the development of this work.

G.M. is partially supported by the German Federal Ministry of Education and Research BMBF (grant 16K15K042, project 6GEM) and funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany\(\acute{}\)s Excellence Strategy - EXC 2092 CASA - 390781972.

Author information

Authors and Affiliations

  1. Aalto University, Espoo, Finland

    Russell W. F. Lai

  2. Max Planck Institute for Security and Privacy, Bochum, Germany

    Giulio Malavolta

  3. University of Warwick, Coventry, UK

    Nicholas Spooner

Authors
  1. Russell W. F. Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giulio Malavolta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicholas Spooner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giulio Malavolta .

Editor information

Editors and Affiliations

  1. Ruhr University Bochum, Bochum, Germany

    Eike Kiltz

  2. Massachusetts Institute of Technology, Cambridge, MA, USA

    Vinod Vaikuntanathan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lai, R.W.F., Malavolta, G., Spooner, N. (2022). Quantum Rewinding for Many-Round Protocols. In: Kiltz, E., Vaikuntanathan, V. (eds) Theory of Cryptography. TCC 2022. Lecture Notes in Computer Science, vol 13747. Springer, Cham. https://doi.org/10.1007/978-3-031-22318-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22318-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22317-4

  • Online ISBN: 978-3-031-22318-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation