ResearchTrend.AI
  • Papers
  • Communities
  • Events
  • Blog
  • Pricing
Papers
Communities
Social Events
Terms and Conditions
Pricing
Parameter LabParameter LabTwitterGitHubLinkedInBlueskyYoutube

© 2025 ResearchTrend.AI, All rights reserved.

  1. Home
  2. Papers
  3. 2204.02265
78
6
v1v2v3v4 (latest)

Fiat-Shamir for Proofs Lacks a Proof Even in the Presence of Shared Entanglement

5 April 2022
F. Dupuis
Philippe Lamontagne
L. Salvail
ArXiv (abs)PDFHTML
Abstract

We explore the cryptographic power of arbitrary shared physical resources. The most general such resource is access to a fresh entangled quantum state at the outset of each protocol execution. We call this the Common Reference Quantum State (CRQS) model, in analogy to the well-known Common Reference String (CRS). The CRQS model is a natural generalization of the CRS model but appears to be more powerful: in the two-party setting, a CRQS can sometimes exhibit properties associated with a Random Oracle queried once by measuring a maximally entangled state in one of many mutually unbiased bases. We formalize this notion as a Weak One-Time Random Oracle (WOTRO), where we only ask of the mmm--bit output to have some randomness when conditioned on the nnn--bit input. We show that when n−m∈ω(lg⁡n)n-m\in\omega(\lg n)n−m∈ω(lgn), any protocol for WOTRO in the CRQS model can be attacked by an (inefficient) adversary. Moreover, our adversary is efficiently simulatable, which rules out the possibility of proving the computational security of a scheme by a black-box reduction to a cryptographic game assumption. On the other hand, we introduce a non-game quantum assumption for hash functions that implies WOTRO in the CRQ\model(wheretheCRQSconsistsonlyofEPRpairs).WefirstbuildastatisticallysecureWOTROprotocolwhere model (where the CRQS consists only of EPR pairs). We first build a statistically secure WOTRO protocol where model(wheretheCRQSconsistsonlyofEPRpairs).WefirstbuildastatisticallysecureWOTROprotocolwherem=n,thenhashtheoutput.TheimpossibilityofWOTROhasthefollowingconsequences.First,weshowtheblack−boximpossibilityofaquantumFiat−Shamirtransform,extendingtheimpossibilityresultofBitanskyetal.(TCC′13)totheCRQSmodel.Second,weshowablack−boximpossibilityresultforastrenghtenedversionofquantumlightning(Zhandry,Eurocrypt′19)wherequantumboltshaveanadditionalparameterthatcannotbechangedwithoutgeneratingnewbolts., then hash the output. The impossibility of WOTRO has the following consequences. First, we show the black-box impossibility of a quantum Fiat-Shamir transform, extending the impossibility result of Bitansky et al. (TCC '13) to the CRQS model. Second, we show a black-box impossibility result for a strenghtened version of quantum lightning (Zhandry, Eurocrypt '19) where quantum bolts have an additional parameter that cannot be changed without generating new bolts. ,thenhashtheoutput.TheimpossibilityofWOTROhasthefollowingconsequences.First,weshowtheblack−boximpossibilityofaquantumFiat−Shamirtransform,extendingtheimpossibilityresultofBitanskyetal.(TCC′13)totheCRQSmodel.Second,weshowablack−boximpossibilityresultforastrenghtenedversionofquantumlightning(Zhandry,Eurocrypt′19)wherequantumboltshaveanadditionalparameterthatcannotbechangedwithoutgeneratingnewbolts.

View on arXiv
Comments on this paper