Secure Identity-Based Encryption in the Quantum Random Oracle Model

Zhandry, Mark

doi:10.1007/978-3-642-32009-5_44

Cited by 131 publications

(68 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If q = 0, then this theorem is trivial, since the c classical outputs A sees are distributed randomly. If c = 0, then the theorem reduces to that of Zhandry [Zha12a]. By adapting the proof of the c = 0 case to the general case, we get the lemma.…”

Section: Sufficient Conditions For a One-time Macmentioning

confidence: 88%

See 1 more Smart Citation

Quantum-Secure Message Authentication Codes

Boneh

Zhandry

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We construct the first Message Authentication Codes (MACs) that are existentially unforgeable against a quantum chosen message attack. These chosen message attacks model a quantum adversary's ability to obtain the MAC on a superposition of messages of its choice. We begin by showing that a quantum secure PRF is sufficient for constructing a quantum secure MAC, a fact that is considerably harder to prove than its classical analogue. Next, we show that a variant of Carter-Wegman MACs can be proven to be quantum secure. Unlike the classical settings, we present an attack showing that a pair-wise independent hash family is insufficient to construct a quantum secure one-time MAC, but we prove that a four-wise independent family is sufficient for one-time security.

show abstract

Section: Sufficient Conditions For a One-time Macmentioning

confidence: 88%

“…We first generalize a theorem of Zhandry [Zha12a] Proof. The complete proof is given in the full version [BZ13].…”

Section: Sufficient Conditions For a One-time Macmentioning

confidence: 99%

Quantum-Secure Message Authentication Codes

Boneh

Zhandry

2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Even more, the techniques involved are often closely related to proof techniques in post-quantum cryptography. For example, bounds for the quantum query complexity of finding collisions in random functions [Zha15a], as well as more general functions [EU17, BES17], were developed from techniques for proving security in the quantum random oracle model [BDF + 11, Zha12,TU16]. Similarly, the lower bounds in this work build on techniques for proving quantum indifferentiability [Zha18].…”

Section: Motivationmentioning

confidence: 99%

On Finding Quantum Multi-collisions

Liu

Zhandry

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

A k-collision for a compressing hash function H is a set of k distinct inputs that all map to the same output. In this work, we show that for any constant k, Θ N 1 2 (1− 1 2 k −1 ) quantum queries are both necessary and sufficient to achieve a k-collision with constant probability. This improves on both the best prior upper bound (Hosoyamada et al., ASIACRYPT 2017) and provides the first non-trivial lower bound, completely resolving the problem.

show abstract

“…The main idea of the proof is that, since the random oracle G has the same domain and range, it is indistinguishable from a random permutation [38], thus it can be replaced by an efficiently invertible function which is indistinguishable from a random oracle (for example, a random polynomial of high enough degree [37]). This allows the hashes in the proof to be inverted Algorithm 1 Prover: P OE on input (x, w) // Create t · c proofs and hash each response for i = 1 to t do…”

Section: Unruh's Constructionmentioning

confidence: 99%