Post-quantum Insecurity from LWE

Alex Lombardi, Ethan Mook, Willy Quach, Daniel Wichs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

We show that for many fundamental cryptographic primitives, proving classical security under the learning-with-errors (LWE) assumption, does not imply post-quantum security. This is despite the fact that LWE is widely believed to be post-quantum secure, and our work does not give any evidence otherwise. Instead, it shows that post-quantum insecurity can arise inside cryptographic constructions, even if the assumptions are post-quantum secure. Concretely, our work provides (contrived) constructions of pseudorandom functions, CPA-secure symmetric-key encryption, message-authentication codes, signatures, and CCA-secure public-key encryption schemes, all of which are proven to be classically secure under LWE via black-box reductions, but demonstrably fail to be post-quantum secure. All of these cryptosystems are stateless and non-interactive, but their security is defined via an interactive game that allows the attacker to make oracle queries to the cryptosystem. The polynomial-time quantum attacker can break these schemes by only making a few classical queries to the cryptosystem, and in some cases, a single query suffices. Previously, we only had examples of post-quantum insecurity under post-quantum assumptions for stateful/interactive protocols. Moreover, there appears to be a folklore intuition that for stateless/non-interactive cryptosystems with black-box proofs of security, a quantum attack against the scheme should translate into a quantum attack on the assumption. This work shows otherwise. Our main technique is to carefully embed interactive protocols inside the interactive security games of the above primitives. As a result of independent interest, we also show a 3-round quantum disclosure of secrets (QDS) protocol between a classical sender and a receiver, where a quantum receiver learns a secret message in the third round but, assuming LWE, a classical receiver does not.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 20th International Conference, TCC 2022, Proceedings
EditorsEike Kiltz, Vinod Vaikuntanathan
PublisherSpringer Science and Business Media Deutschland GmbH
Pages3-32
Number of pages30
ISBN (Print)9783031223174
DOIs
StatePublished - 2022
Externally publishedYes
Event20th Theory of Cryptography Conference, TCC 2022 - Chicago, United States
Duration: Nov 7 2022Nov 10 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13747 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference20th Theory of Cryptography Conference, TCC 2022
Country/TerritoryUnited States
CityChicago
Period11/7/2211/10/22

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Post-quantum Insecurity from LWE'. Together they form a unique fingerprint.

Cite this