International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 30 April 2014

Andris Ambainis, Ansis Rosmanis, Dominique Unruh
ePrint Report ePrint Report
Quantum zero-knowledge proofs and quantum proofs of knowledge are

inherently difficult to analyze because their security analysis uses

rewinding. Certain cases of quantum rewinding are handled by the

results by Watrous (SIAM J Comput, 2009) and Unruh (Eurocrypt 2012),

yet in general the problem remains elusive. We show that this is not

only due to a lack of proof techniques: relative to an oracle, we show

that classically secure proofs and proofs of knowledge are insecure in

the quantum setting.

More specifically, sigma-protocols, the Fiat-Shamir construction, and

Fischlin\'s proof system are quantum insecure under assumptions that

are sufficient for classical security. Additionally, we show that for

similar reasons, computationally binding commitments provide almost no

security guarantees in a quantum setting.

To show these results, we develop the \"pick-one trick\", a general

technique that allows an adversary to find one value satisfying a

given predicate, but not two.

Expand

Additional news items may be found on the IACR news page.