Uncloneable Decryptors from Quantum Copy-Protection
share
Uncloneable decryptors are encryption schemes (with classical plaintexts and ciphertexts) with the added functionality of deriving uncloneable quantum states, called decryptors, which could be used to decrypt ciphers without knowledge of the secret key (Georgiou and Zhandry, IACR'20). We study uncloneable decryptors in the computational setting and provide increasingly strong security notions which extend the various indistinguishable security notions of symmetric encryption. We show that CPA secure uncloneable bit decryptors could be instantiated from a copy protection scheme (Aaronson, CCC'09) for any balanced binary function. We introduce a new notion of flip detection security for copy protection schemes inspired by the notions of left or right security for encryption schemes, and show that it could be used to instantiate CPA secure uncloneable decryptors for messages of unrestricted length. We then show how to strengthen the CPA security of uncloneable decryptors to CCA2 security using strong EUF-CMA secure digital signatures. We show that our constructions could be instantiated relative to either the quantum oracle used in [Aar09] or the classical oracle used in (Aaronson et al., CRYPTO'21) to instantiate copy protection schemes. Our constructions are the first to achieve CPA or CCA2 security in the symmetric setting.
READ FULL TEXT