Quantum Rewinding for IOP-Based Succinct Arguments

Alessandro Chiesa; Marcel Dall’Agnol; Zijing Di; Ziyi Guan; Nicholas Spooner

doi:10.1007/978-3-032-12296-4_16

Quantum Rewinding for IOP-Based Succinct Arguments

Alessandro Chiesa
, Marcel Dall’Agnol
, Zijing Di
, Ziyi Guan
, Nicholas Spooner

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We analyze the post-quantum security of succinct interactive arguments constructed from interactive oracle proofs (IOPs) and vector commitment schemes. Specifically, we prove that an interactive variant of the BCS transformation is secure in the standard model against quantum adversaries when the vector commitment scheme is collapse binding. Prior work established the post-quantum security of Kilian’s succinct interactive argument, a special case of the BCS transformation for one-message IOPs (i.e., PCPs). That analysis is inherently limited to one message because the reduction, like all prior quantum rewinding reductions, aims to extract classical information (a PCP string) from the quantum argument adversary. Our reduction overcomes this limitation by instead extracting a quantum algorithm that implements an IOP adversary; representing such an adversary classically may in general require exponential complexity. Along the way we define collapse position binding, which we propose as the “correct” definition of collapse binding for vector commitment schemes, eliminating shortcomings of prior definitions. As an application of our results, we obtain post-quantum secure succinct arguments, in the standard model (no oracles), with the best asymptotic complexity known.

Original language	English (US)
Title of host publication	Theory of Cryptography - 23rd International Conference, TCC 2025, Proceedings
Editors	Benny Applebaum, Huijia (Rachel) Lin
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	460-479
Number of pages	20
ISBN (Print)	9783032122957
DOIs	https://doi.org/10.1007/978-3-032-12296-4_16
State	Published - 2026
Event	23rd Theory of Cryptography Conference, TCC 2025 - Aarhus, Denmark Duration: Dec 1 2025 → Dec 5 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	16270 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd Theory of Cryptography Conference, TCC 2025
Country/Territory	Denmark
City	Aarhus
Period	12/1/25 → 12/5/25

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Keywords

post-quantum security
quantum rewinding
succinct arguments

Access to Document

10.1007/978-3-032-12296-4_16

Cite this

Chiesa, A., Dall’Agnol, M., Di, Z., Guan, Z., & Spooner, N. (2026). Quantum Rewinding for IOP-Based Succinct Arguments. In B. Applebaum, & H. Lin (Eds.), Theory of Cryptography - 23rd International Conference, TCC 2025, Proceedings (pp. 460-479). (Lecture Notes in Computer Science; Vol. 16270 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-12296-4_16

@inproceedings{0c597716e0324158ba728297a93d1511,

title = "Quantum Rewinding for IOP-Based Succinct Arguments",

abstract = "We analyze the post-quantum security of succinct interactive arguments constructed from interactive oracle proofs (IOPs) and vector commitment schemes. Specifically, we prove that an interactive variant of the BCS transformation is secure in the standard model against quantum adversaries when the vector commitment scheme is collapse binding. Prior work established the post-quantum security of Kilian{\textquoteright}s succinct interactive argument, a special case of the BCS transformation for one-message IOPs (i.e., PCPs). That analysis is inherently limited to one message because the reduction, like all prior quantum rewinding reductions, aims to extract classical information (a PCP string) from the quantum argument adversary. Our reduction overcomes this limitation by instead extracting a quantum algorithm that implements an IOP adversary; representing such an adversary classically may in general require exponential complexity. Along the way we define collapse position binding, which we propose as the “correct” definition of collapse binding for vector commitment schemes, eliminating shortcomings of prior definitions. As an application of our results, we obtain post-quantum secure succinct arguments, in the standard model (no oracles), with the best asymptotic complexity known.",

keywords = "post-quantum security, quantum rewinding, succinct arguments",

author = "Alessandro Chiesa and Marcel Dall{\textquoteright}Agnol and Zijing Di and Ziyi Guan and Nicholas Spooner",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2026.; 23rd Theory of Cryptography Conference, TCC 2025 ; Conference date: 01-12-2025 Through 05-12-2025",

year = "2026",

doi = "10.1007/978-3-032-12296-4\_16",

language = "English (US)",

isbn = "9783032122957",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "460--479",

editor = "Benny Applebaum and Lin, \{Huijia (Rachel)\}",

booktitle = "Theory of Cryptography - 23rd International Conference, TCC 2025, Proceedings",

address = "Germany",

}

Chiesa, A, Dall’Agnol, M, Di, Z, Guan, Z & Spooner, N 2026, Quantum Rewinding for IOP-Based Succinct Arguments. in B Applebaum & H Lin (eds), Theory of Cryptography - 23rd International Conference, TCC 2025, Proceedings. Lecture Notes in Computer Science, vol. 16270 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 460-479, 23rd Theory of Cryptography Conference, TCC 2025, Aarhus, Denmark, 12/1/25. https://doi.org/10.1007/978-3-032-12296-4_16

Quantum Rewinding for IOP-Based Succinct Arguments. / Chiesa, Alessandro; Dall’Agnol, Marcel; Di, Zijing et al.
Theory of Cryptography - 23rd International Conference, TCC 2025, Proceedings. ed. / Benny Applebaum; Huijia (Rachel) Lin. Springer Science and Business Media Deutschland GmbH, 2026. p. 460-479 (Lecture Notes in Computer Science; Vol. 16270 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Quantum Rewinding for IOP-Based Succinct Arguments

AU - Chiesa, Alessandro

AU - Dall’Agnol, Marcel

AU - Di, Zijing

AU - Guan, Ziyi

AU - Spooner, Nicholas

N1 - Publisher Copyright: © International Association for Cryptologic Research 2026.

PY - 2026

Y1 - 2026

N2 - We analyze the post-quantum security of succinct interactive arguments constructed from interactive oracle proofs (IOPs) and vector commitment schemes. Specifically, we prove that an interactive variant of the BCS transformation is secure in the standard model against quantum adversaries when the vector commitment scheme is collapse binding. Prior work established the post-quantum security of Kilian’s succinct interactive argument, a special case of the BCS transformation for one-message IOPs (i.e., PCPs). That analysis is inherently limited to one message because the reduction, like all prior quantum rewinding reductions, aims to extract classical information (a PCP string) from the quantum argument adversary. Our reduction overcomes this limitation by instead extracting a quantum algorithm that implements an IOP adversary; representing such an adversary classically may in general require exponential complexity. Along the way we define collapse position binding, which we propose as the “correct” definition of collapse binding for vector commitment schemes, eliminating shortcomings of prior definitions. As an application of our results, we obtain post-quantum secure succinct arguments, in the standard model (no oracles), with the best asymptotic complexity known.

AB - We analyze the post-quantum security of succinct interactive arguments constructed from interactive oracle proofs (IOPs) and vector commitment schemes. Specifically, we prove that an interactive variant of the BCS transformation is secure in the standard model against quantum adversaries when the vector commitment scheme is collapse binding. Prior work established the post-quantum security of Kilian’s succinct interactive argument, a special case of the BCS transformation for one-message IOPs (i.e., PCPs). That analysis is inherently limited to one message because the reduction, like all prior quantum rewinding reductions, aims to extract classical information (a PCP string) from the quantum argument adversary. Our reduction overcomes this limitation by instead extracting a quantum algorithm that implements an IOP adversary; representing such an adversary classically may in general require exponential complexity. Along the way we define collapse position binding, which we propose as the “correct” definition of collapse binding for vector commitment schemes, eliminating shortcomings of prior definitions. As an application of our results, we obtain post-quantum secure succinct arguments, in the standard model (no oracles), with the best asymptotic complexity known.

KW - post-quantum security

KW - quantum rewinding

KW - succinct arguments

UR - https://www.scopus.com/pages/publications/105024684278

UR - https://www.scopus.com/pages/publications/105024684278#tab=citedBy

U2 - 10.1007/978-3-032-12296-4_16

DO - 10.1007/978-3-032-12296-4_16

M3 - Conference contribution

AN - SCOPUS:105024684278

SN - 9783032122957

T3 - Lecture Notes in Computer Science

SP - 460

EP - 479

BT - Theory of Cryptography - 23rd International Conference, TCC 2025, Proceedings

A2 - Applebaum, Benny

A2 - Lin, Huijia (Rachel)

PB - Springer Science and Business Media Deutschland GmbH

T2 - 23rd Theory of Cryptography Conference, TCC 2025

Y2 - 1 December 2025 through 5 December 2025

ER -