Abstract
Time-lock puzzles wrap a solution \(\textrm{s}\) inside a puzzle \(\textrm{P}\) in such a way that “solving” \(\textrm{P}\) to find \(\textrm{s}\) requires significantly more time than generating the pair \((\textrm{s},\textrm{P})\), even if the adversary has access to parallel computing; hence it can be thought of as sending a message \(\textrm{s}\) to the future. It is known [Mahmoody, Moran, Vadhan, Crypto’11] that when the source of hardness is only a random oracle, then any puzzle generator with n queries can be (efficiently) broken by an adversary in O(n) rounds of queries to the oracle.
In this work, we revisit time-lock puzzles in a quantum world by allowing the parties to use quantum computing and, in particular, access the random oracle in quantum superposition. An interesting setting is when the puzzle generator is efficient and classical, while the solver (who might be an entity developed in the future) is quantum-powered and is supposed to need a long sequential time to succeed. We prove that in this setting there is no construction of time-lock puzzles solely from quantum (accessible) random oracles. In particular, for any n-query classical puzzle generator, our attack only asks O(n) (also classical) queries to the random oracle, even though it does indeed run in quantum polynomial time if the honest puzzle solver needs quantum computing.
Assuming perfect completeness, we also show how to make the above attack run in exactly n rounds while asking a total of \(m\cdot n\) queries where m is the query complexity of the puzzle solver. This is indeed tight in the round complexity, as we also prove that a classical puzzle scheme of Mahmoody et al. is also secure against quantum solvers who ask \(n-1\) rounds of queries. In fact, even for the fully classical case, our attack quantitatively improves the total queries of the attack of Mahmoody et al. for the case of perfect completeness from \(O(mn \log n)\) to mn. Finally, assuming perfect completeness, we present an attack in the “dual” setting in which the puzzle generator is quantum while the solver is classical.
We then ask whether one can extend our classical-query attack to the fully quantum setting, in which both the puzzle generator and the solver could be quantum. We show a barrier for proving such results unconditionally. In particular, we show that if the folklore simulation conjecture, first formally stated by Aaronson and Ambainis [arXiv’2009] is false, then there is indeed a time-lock puzzle in the quantum random oracle model that cannot be broken by classical adversaries. This result improves the previous barrier of Austrin et. al [Crypto’22] about key agreements (that can have interactions in both directions) to time-lock puzzles (that only include unidirectional communication).
A. Afshar and M. Mahmoody were supported by NSF grants CCF-1910681 and CNS1936799. K.M. Chung was supported by NSTC QC project, under Grant no. NSTC 112-2119-M-001-006- and the Air Force Office of Scientific Research under award number FA2386-20-1-4066.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is closely related to our notion of time-lock puzzles, with the difference that the puzzle solution is given to the puzzle generator at the beginning.
- 2.
In fact, [MMV11] also showed that n-adaptivity is the best one can hope for, as there is a matching positive construction.
References
Scott Aaronson and Andris Ambainis. The need for structure in quantum speedups, 2014
Per Austrin, Hao Chung, Kai-Min Chung, Shiuan Fu, Yao-Ting Lin, and Mohammad Mahmoody. On the impossibility of key agreements from quantum random oracles. In Advances in Cryptology-CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part II, pages 165–194. Springer, 2022
Andris Ambainis, Mike Hamburg, and Dominique Unruh. Quantum security proofs using semi-classical oracles. In Advances in Cryptology-CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2019, Proceedings, Part II 39, pages 269–295. Springer, 2019
Prabhanjan Ananth, Zihan Hu, and Henry Yuen. On the (im)plausibility of public-key quantum money from collision-resistant hash functions. Cryptology ePrint Archive, Paper 2023/069, 2023. https://eprint.iacr.org/2023/069
Prabhanjan Ananth and Fatih Kaleoglu. A note on copy-protection from random oracles. arXiv preprint arXiv:2208.12884, 2022
Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. Verifiable delay functions. In Advances in Cryptology-CRYPTO 2018: 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2018, Proceedings, Part I, pages 757–788. Springer, 2018
Charles H Bennett, Ethan Bernstein, Gilles Brassard, and Umesh Vazirani. Strengths and weaknesses of quantum computing. SIAM journal on Computing, 26(5), 1510–1523, 1997
Dan Boneh, Özgür Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner, and Mark Zhandry. Random oracles in a quantum world. In Dong Hoon Lee and Xiaoyun Wang, editors, Advances in Cryptology - ASIACRYPT 2011, volume 7073 of Lecture Notes in Computer Science, pages 41–69. Springer, Heidelberg, December 2011
Manuel Blum and Russell Impagliazzo. Generic oracles and oracle classes. In 28th Annual Symposium on Foundations of Computer Science (sfcs 1987), pages 118–126. IEEE, 1987
Jeremiah Blocki, Seunghoon Lee, and Samson Zhou. On the security of proofs of sequential work in a post-quantum world. In 2nd Conference on Information-Theoretic Cryptography, page 1, 2021
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) Advances in Cryptology - CRYPTO 2000. Lecture Notes in Computer Science, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)
Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Dorothy E. Denning, Raymond Pyle, Ravi Ganesan, Ravi S. Sandhu, and Victoria Ashby, editors, ACM CCS 93: 1st Conference on Computer and Communications Security, pages 62–73. ACM Press, November 1993
Chung, K.-M., Fehr, S., Huang, Y.-H., Liao, T.-N.: On the compressed-oracle technique, and post-quantum security of proofs of sequential work. In: Canteaut, A., Standaert, F.-X. (eds.) Advances in Cryptology - EUROCRYPT 2021. Part II, volume 12697 of Lecture Notes in Computer Science, pp. 598–629. Springer, Heidelberg (2021)
Bram Cohen and Krzysztof Pietrzak. Simple proofs of sequential work. In Jesper Buus Nielsen and Vincent Rijmen, editors, Advances in Cryptology - EUROCRYPT 2018, Part II, volume 10821 of Lecture Notes in Computer Science, pages 451–467. Springer, Heidelberg, April / May 2018
O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, STOC ’89, page 25–32, New York, NY, USA, 1989. Association for Computing Machinery
Juris Hartmanis and Lane A. Hemaspaandra. One-way functions, robustness, and the non-isomorphism of np-complete sets. In Symposium on Computation Theory, 1987
Iftach Haitner, Noam Mazor, Jad Silbak, and Eliad Tsfadia. On the complexity of two-party differential privacy. In Proceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing, pages 1392–1405, 2022
Akinori Hosoyamada and Takashi Yamakawa. Finding collisions in a quantum world: quantum black-box separation of collision-resistance and one-wayness. In Advances in Cryptology-ASIACRYPT 2020: 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7–11, 2020, Proceedings, Part I 26, pages 3–32. Springer, 2020
Samuel Jaques, Hart Montgomery, Razvan Rosie, and Arnab Roy. Time-release cryptography from minimal circuit assumptions. In Progress in Cryptology-INDOCRYPT 2021: 22nd International Conference on Cryptology in India, Jaipur, India, December 12–15, 2021, Proceedings 22, pages 584–606. Springer, 2021
Huijia Lin, Rafael Pass, and Pratik Soni. Two-round and non-interactive concurrent non-malleable commitments from time-lock puzzles. In Chris Umans, editor, 58th Annual Symposium on Foundations of Computer Science, pages 576–587. IEEE Computer Society Press, October 2017
Arjen K Lenstra and Benjamin Wesolowski. Trustworthy public randomness with sloth, unicorn, and trx. International Journal of Applied Cryptography, 3(4), 330–343, 2017
Mahmoody, M., Moran, T., Vadhan, S.P.: Time-lock puzzles in the random oracle model. In: Rogaway, P. (ed.) Advances in Cryptology - CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 39–50. Springer, Heidelberg (2011)
Mohammad Mahmoody, Tal Moran, and Salil P. Vadhan. Publicly verifiable proofs of sequential work. In Robert D. Kleinberg, editor, ITCS 2013: 4th Innovations in Theoretical Computer Science, pages 373–388. Association for Computing Machinery, January 2013
Mohammad Mahmoody, Caleb Smith, and David J. Wu. Can verifiable delay functions be based on random oracles? In Artur Czumaj, Anuj Dawar, and Emanuela Merelli, editors, ICALP 2020: 47th International Colloquium on Automata, Languages and Programming, volume 168 of LIPIcs, pages 83:1–83:17. Schloss Dagstuhl, July 2020
Michael A Nielsen and Isaac L Chuang. Quantum computation and quantum information. Cambridge University Press, 2010
Noam Nisan. Crew prams and decision trees. In Proceedings of the twenty-first annual ACM symposium on Theory of computing, pages 327–335, 1989
Ryan O’Donnell, Michael Saks, Oded Schramm, and Rocco A Servedio. Every decision tree has an influential variable. In 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS’05), pages 31–39. IEEE, 2005
Krzysztof Pietrzak. Simple verifiable delay functions. In Avrim Blum, editor, ITCS 2019: 10th Innovations in Theoretical Computer Science Conference, volume 124, pages 60:1–60:15. LIPIcs, January 2019
Ronald L Rivest, Adi Shamir, and David A Wagner. Time-lock puzzles and timed-release crypto. Massachusetts Institute of Technology. Laboratory for Computer Science, 1996
Gábor Tardos. Query complexity, or why is it difficult to separate \({\sf NP}^{A}\cap {\sf coNP}^{A}\) from \({\sf P}^{A}\) by random oracles \({A}\)? Combinatorica, 9:385–392, 1989
Unruh, D.: Revocable quantum timed-release encryption. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptology - EUROCRYPT 2014. Lecture Notes in Computer Science, vol. 8441, pp. 129–146. Springer, Heidelberg (2014)
Wesolowski, B.: Efficient verifiable delay functions. In: Ishai, Y., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2019. Part III, volume 11478 of Lecture Notes in Computer Science, pp. 379–407. Springer, Heidelberg (2019)
Mark Zhandry. Secure identity-based encryption in the quantum random oracle model. In 32nd Annual International Cryptology Conference, CRYPTO 2012, pages 758–775, 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A The Description of the Extractor in Lemma 1
A The Description of the Extractor in Lemma 1
We give a proof and the description of \(\textsf{Ext}\) for completeness.
Proof
of Lemma 1.
Define the algorithm \(\textsf{Ext}({\mathcal A}^H(z))\) as follows:
-
Pick \(i\xleftarrow {\$}[q]\).
-
Run \({\mathcal A}^H(z)\) until (right before) the \(i{}^\textrm{th}\) query.
-
Measure the query register of \({\mathcal A}^H(z)\) in the computational basis to obtain the outcome \(x\in {\mathcal X}\).
-
Output x.
The probability that \(\textsf{Ext}({\mathcal A}^H(z))\) successfully outputs \(x\in {\mathcal S}\) is given by
\(\square \)
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Afshar, A., Chung, KM., Hsieh, YC., Lin, YT., Mahmoody, M. (2023). On the (Im)possibility of Time-Lock Puzzles in the Quantum Random Oracle Model. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14441. Springer, Singapore. https://doi.org/10.1007/978-981-99-8730-6_11
Download citation
DOI: https://doi.org/10.1007/978-981-99-8730-6_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8729-0
Online ISBN: 978-981-99-8730-6
eBook Packages: Computer ScienceComputer Science (R0)