Paper 2022/435

Fiat-Shamir for Proofs Lacks a Proof Even in the Presence of Shared Entanglement

Frédéric Dupuis, Université de Montréal
Philippe Lamontagne, National Research Council Canada, Université de Montréal
Louis Salvail, Université de Montréal
Abstract

We explore the cryptographic power of arbitrary shared physical resources. The most general such resource is access to a fresh entangled quantum state at the outset of each protocol execution. We call this the Common Reference Quantum State (CRQS) model, in analogy to the well-known Common Reference String (CRS). The CRQS model is a natural generalization of the CRS model but appears to be more powerful: in the two-party setting, a CRQS can sometimes exhibit properties associated with a Random Oracle queried once by measuring a maximally entangled state in one of many mutually unbiased bases. We formalize this notion as a Weak One-Time Random Oracle (WOTRO), where we only ask of the $m$-bit output to have some randomness when conditioned on the $n$-bit input. We show that when $n-m\in\omega(\lg n)$, any protocol for WOTRO in the CRQS model can be attacked by an (inefficient) adversary. Moreover, our adversary is efficiently simulatable, which rules out the possibility of proving the computational security of a scheme by a fully-black-box reduction to a cryptographic game assumption. On the other hand, we introduce a non-game quantum assumption for hash functions that implies WOTRO in the CRQ\$ model (where the CRQS consists only of EPR pairs). We first build a statistically secure WOTRO protocol where $m=n$, then hash the output. The impossibility of WOTRO has the following consequences. First, we show the fully-black-box impossibility of a quantum Fiat-Shamir transform, extending the impossibility result of Bitansky et al. (TCC '13) to the CRQS model. Second, we show a black-box impossibility result for a strenghtened version of quantum lightning (Zhandry, Eurocrypt '19) where quantum bolts have an additional parameter that cannot be changed without generating new bolts. Our results also apply to $2$-message protocols in the plain model.

Note: Minor revision.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
hash functionsquantum cryptographyproof systems
Contact author(s)
dupuisf @ iro umontreal ca
Philippe Lamontagne2 @ cnrc-nrc gc ca
salvail @ iro umontreal ca
History
2024-02-21: last of 3 revisions
2022-04-06: received
See all versions
Short URL
https://ia.cr/2022/435
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/435,
      author = {Frédéric Dupuis and Philippe Lamontagne and Louis Salvail},
      title = {Fiat-Shamir for Proofs Lacks a Proof Even in the Presence of Shared Entanglement},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/435},
      year = {2022},
      url = {https://eprint.iacr.org/2022/435}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.