Abstract
Attacks on cryptographic protocols are usually modeled by allowing an adversary to ask queries to an oracle. Security is then defined by requiring that as long as the queries satisfy some constraint, there is some problem the adversary cannot solve, such as compute a certain piece of information. Even if the protocol is quantum, the queries are typically classical. In this paper, we introduce a new model of quantum attacks on protocols, where the adversary is allowed quantum access to the primitive, i.e., he may ask several classical queries in quantum superposition. This is a strictly stronger attack than the standard one, and we consider the security of several primitives in this model. We show that a secret-sharing scheme that is secure with threshold \(t\) in the standard model is secure against superposition attacks if and only if the threshold is lowered to \(t/2\). This holds for all classical as well as all known quantum secret sharing schemes. We then consider zero- knowledge and first show that known protocols are not, in general, secure in our model by designing a superposition attack on the well-known zero-knowledge protocol for graph isomorphism. We then use our secret-sharing result to design zero-knowledge proofs for all of NP in the common reference string model. While our protocol is classical, it is sound against a cheating unbounded quantum prover and computational zero-knowledge even if the verifier is allowed a superposition attack. Finally, we consider multiparty computation and give a characterization of a class of protocols that can be shown secure, though not necessarily with efficient simulation. We show that this class contains non-trivial protocols that cannot be shown secure by running a classical simulator in superposition.
The first three authors acknowledge support from the Danish National Research Foundation and The National Science Foundation of China (under the grant 61061130540) for the Sino-Danish Center for the Theory of Interactive Computation, within which part of this work was performed; and also from the CFEM research center (supported by the Danish Strategic Research Council) within which part of this work was performed.
Louis Salvail is supported by Quebec’s INTRIQ, Canada’s NSERC strategic program FREQUENCY, and Canada’s NSERC discovery grant.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A preliminary announcement of some of our results was made in an invited talk by one of the authors at the ICITS 2011 conference.
- 2.
Since we use the CRS model, the reader may ask why we do not use existing protocols for non-interactive zero-knowledge (NIZK), where the prover just sends a single message to the verifier. In this way, the adversary would not get a chance to do a superposition attack. However, the most general assumption under which NIZK is known to be possible with an efficient prover is existence of one-way trapdoor permutations. They in turn are only known to be realizable under assumptions that are easily broken by a quantum adversary, such as factoring. Therefore we do not consider NIZK a satisfactory solution.
- 3.
We are grateful to Elad Verbin for pointing this reduction out to us.
- 4.
An alternative construction can be derived from the public-key encryption scheme of Regev [Reg05], which is based on a worst-case lattice assumption. However, the resulting commitment scheme in unconditional hiding mode is only statistically secure (rather than perfect). To use this scheme in our protocol we would need a version of Theorem 1 that holds for secret-sharing schemes with statistical security. We believe such a result is true, but do not have a proof at the time of writing.
- 5.
(This is in contrast to the pure secret-sharing model where only shareholders can be corrupted.)
References
Ben-Or, M., Crépeau, C., Gottesman, D., Hassidim, A., Smith, A.: Secure multiparty quantum computation with (only) a strict honest majority. In: 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 249–260 (2005)
Boneh, D., Dagdelen, O., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011)
Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. Electron. Colloquium. Comput. Complex. 19:136, 1–27 (2012)
Chefles, A., Jozsa, R., Winter, A.: On the existence of physical transformations between sets of quantum states. Int. J. Quant. Inf. 2(1), 11–21 (2004). http://arxiv.org/abs/quant-ph/0307227
Damgård, I., Funder, J., Nielsen, J. B., Salvail, L.: Superposition attacks on cryptographic protocols. Cryptology ePrint archive, report 2011/421. http://eprint.iacr.org/ (2011)
Damgård, I.B., Fehr, S., Salvail, L.: Zero-knowledge proofs and string commitments withstanding quantum attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 254–272. Springer, Heidelberg (2004)
Fehr, S., Schaffner, C.: Composing quantum protocols in a classical environment. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 350–367. Springer, Heidelberg (2009)
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39(3), 1121–1152 (2009)
Kol, G., Naor, M.: Cryptography and game theory: designing protocols for exchanging information. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 320–339. Springer, Heidelberg (2008)
Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: 37th Annual ACM Symposium on Theory of Computing (STOC), pp. 84–93 (2005)
Watrous, J.: Zero-knowledge against quantum attacks. In: 38th Annual ACM Symposium on Theory of Computing (STOC), pp. 296–305, http://www.cs.uwaterloo.ca/watrous/papers.html (2006)
Zhandry, M.: How to construct quantum random functions. In: FOCS, pp. 679–687 (2012)
Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Damgård, I., Funder, J., Nielsen, J.B., Salvail, L. (2014). Superposition Attacks on Cryptographic Protocols. In: Padró, C. (eds) Information Theoretic Security. ICITS 2013. Lecture Notes in Computer Science(), vol 8317. Springer, Cham. https://doi.org/10.1007/978-3-319-04268-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-04268-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04267-1
Online ISBN: 978-3-319-04268-8
eBook Packages: Computer ScienceComputer Science (R0)