TY - GEN

T1 - Random oracles in a quantum world

AU - Boneh, Dan

AU - Dagdelen, Özgür

AU - Fischlin, Marc

AU - Lehmann, Anja

AU - Schaffner, Christian

AU - Zhandry, Mark

PY - 2011

Y1 - 2011

N2 - The interest in post-quantum cryptography - classical systems that remain secure in the presence of a quantum adversary - has generated elegant proposals for new cryptosystems. Some of these systems are set in the random oracle model and are proven secure relative to adversaries that have classical access to the random oracle. We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum state. We begin by separating the classical and quantum-accessible random oracle models by presenting a scheme that is secure when the adversary is given classical access to the random oracle, but is insecure when the adversary can make quantum oracle queries. We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model. We introduce the concept of a history-free reduction which is a category of classical random oracle reductions that basically determine oracle answers independently of the history of previous queries, and we prove that such reductions imply security in the quantum model. We then show that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure. We conclude with a rich set of open problems in this area.

AB - The interest in post-quantum cryptography - classical systems that remain secure in the presence of a quantum adversary - has generated elegant proposals for new cryptosystems. Some of these systems are set in the random oracle model and are proven secure relative to adversaries that have classical access to the random oracle. We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum state. We begin by separating the classical and quantum-accessible random oracle models by presenting a scheme that is secure when the adversary is given classical access to the random oracle, but is insecure when the adversary can make quantum oracle queries. We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model. We introduce the concept of a history-free reduction which is a category of classical random oracle reductions that basically determine oracle answers independently of the history of previous queries, and we prove that such reductions imply security in the quantum model. We then show that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure. We conclude with a rich set of open problems in this area.

KW - Encryption

KW - Quantum

KW - Random Oracle

KW - Signatures

UR - http://www.scopus.com/inward/record.url?scp=82955177070&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=82955177070&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-25385-0_3

DO - 10.1007/978-3-642-25385-0_3

M3 - Conference contribution

AN - SCOPUS:82955177070

SN - 9783642253843

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 41

EP - 69

BT - Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings

T2 - 17th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2011

Y2 - 4 December 2011 through 8 December 2011

ER -