Paper 2019/1323

Secure Quantum Extraction Protocols

Prabhanjan Ananth and Rolando L. La Placa

Abstract

Knowledge extraction, typically studied in the classical setting, is at the heart of several cryptographic protocols. The prospect of quantum computers forces us to revisit the concept of knowledge extraction in the presence of quantum adversaries. We introduce the notion of secure quantum extraction protocols. A secure quantum extraction protocol for an NP relation R is a classical interactive protocol between a sender and a receiver, where the sender gets as input the instance z and witness w while the receiver only gets the instance z as input. There are two properties associated with a secure quantum extraction protocol: (a) Extractability: for any efficient quantum polynomial-time (QPT) adversarial sender, there exists a QPT extractor that can extract a witness w' such that (z,w') \in R and, (b) Zero-Knowledge: a malicious receiver, interacting with the sender, should not be able to learn any information about w. We study and construct two flavors of secure quantum extraction protocols. - Security against QPT malicious receivers: First we consider the setting when the malicious receiver is a QPT adversary. In this setting, we construct a secure quantum extraction protocol for NP assuming the existence of quantum fully homomorphic encryption satisfying some mild properties (already satisfied by existing constructions [Mahadev, FOCS'18, Brakerski CRYPTO'18]) and quantum hardness of learning with errors. The novelty of our construction is a new non black box technique in the quantum setting. All previous extraction techniques in the quantum setting were solely based on quantum rewinding. - Security against classical PPT malicious receivers: We also consider the setting when the malicious receiver is a classical probabilistic polynomial time (PPT) adversary. In this setting, we construct a secure quantum extraction protocol for NP solely based on the quantum hardness of learning with errors. Furthermore, our construction satisfies quantum-lasting security: a malicious receiver cannot later, long after the protocol has been executed, use a quantum computer to extract a valid witness from the transcript of the protocol. Both the above extraction protocols are constant round protocols. We present an application of secure quantum extraction protocols to zero-knowledge (ZK). Assuming quantum hardness of learning with errors, we present the first construction of ZK argument systems for NP in constant rounds based on the quantum hardness of learning with errors with: (a) zero-knowledge against QPT malicious verifiers and, (b) soundness against classical PPT adversaries. Moreover, our construction satisfies the stronger (quantum) auxiliary-input zero knowledge property and thus can be composed with other protocols secure against quantum adversaries.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MINOR revision.
Contact author(s)
prabhanjan @ cs ucsb edu
rlaplaca @ mit edu
History
2020-05-27: last of 2 revisions
2019-11-17: received
See all versions
Short URL
https://ia.cr/2019/1323
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1323,
      author = {Prabhanjan Ananth and Rolando L.  La Placa},
      title = {Secure Quantum Extraction Protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1323},
      year = {2019},
      url = {https://eprint.iacr.org/2019/1323}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.