
Quantum Learning Algorithms and PostQuantum Cryptography
Quantum algorithms have demonstrated promising speedups over classical ...
read it

Puncturable Encryption: A Generic Construction from Delegatable Fully KeyHomomorphic Encryption
Puncturable encryption (PE), proposed by Green and Miers at IEEE S P 2...
read it

Quantum Keylength Extension
Should quantum computers become available, they will reduce the effectiv...
read it

Post Quantum Secure Command and Control of Mobile Agents : Inserting quantumresistant encryption schemes in the Secure Robot Operating System
The secure command and control (C C) of mobile agents arises in variou...
read it

Nonmalleability for quantum publickey encryption
Nonmalleability is an important security property for publickey encryp...
read it

Can you sign a quantum state?
Cryptography with quantum states exhibits a number of surprising and cou...
read it

Quantumsecure message authentication via blindunforgeability
We consider the problem of unforgeable authentication of classical messa...
read it
On nonadaptive quantum chosenciphertext attacks and Learning with Errors
Largescale quantum computing is a significant threat to classical publickey cryptography. In strong "quantum access" security models, numerous symmetrickey cryptosystems are also vulnerable. We consider classical encryption in a model which grants the adversary quantum oracle access to encryption and decryption, but where the latter is restricted to nonadaptive (i.e., prechallenge) queries only. We define this model formally using appropriate notions of ciphertext indistinguishability and semantic security (which are equivalent by standard arguments) and call it QCCA1 in analogy to the classical CCA1 security model. Using a bound on quantum randomaccess codes, we show that the standard PRF and PRPbased encryption schemes are QCCA1secure when instantiated with quantumsecure primitives. We then revisit standard INDCPAsecure Learning with Errors (LWE) encryption and show that leaking just one quantum decryption query (and no other queries or leakage of any kind) allows the adversary to recover the full secret key with constant success probability. In the classical setting, by contrast, recovering the key uses a linear number of decryption queries, and this is optimal. The algorithm at the core of our attack is a (largemodulus version of) the wellknown BernsteinVazirani algorithm. We emphasize that our results should *not* be interpreted as a weakness of these cryptosystems in their stated security setting (i.e., postquantum chosenplaintext secrecy). Rather, our results mean that, if these cryptosystems are exposed to chosenciphertext attacks (e.g., as a result of deployment in an inappropriate realworld setting) then quantum attacks are even more devastating than classical ones.
READ FULL TEXT
Comments
There are no comments yet.