Computational Indistinguishability Between Quantum States and Its Cryptographic Application

  • Akinori Kawachi
  • Takeshi Koshiba
  • Harumichi Nishimura
  • Tomoyuki Yamakami
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)


We introduce a problem of distinguishing between two quantum states as a new underlying problem to build a computational cryptographic scheme that is ”secure” against quantum adversary. Our problem is a natural generalization of the distinguishability problem between two probability distributions, which are commonly used in computational cryptography. More precisely, our problem QSCDff is the computational distinguishability problem between two types of random coset states with a hidden permutation over the symmetric group. We show that (i) QSCDff has the trapdoor property; (ii) the average-case hardness of QSCDff coincides with its worst-case hardness; and (iii) QSCDff is at least as hard in the worst case as the graph automorphism problem. Moreover, we show that QSCDff cannot be efficiently solved by any quantum algorithm that naturally extends Shor’s factorization algorithm. These cryptographic properties of QSCDff enable us to construct a public-key cryptosystem, which is likely to withstand any attack of a polynomial-time quantum adversary.


  1. 1.
    Adcock, M., Cleve, R.: A quantum Goldreich-Levin theorem with cryptographic applications. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 323–334. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Aharonov, D., Ta-Shma, A.: Adiabatic quantum state generation and statistical zero knowledge. In: Proc. 35th ACM Symp. Theory of Computing, pp. 20–29 (2003)Google Scholar
  3. 3.
    Ajtai, M.: Generating hard instances of lattice problems. In: Proc. 28th ACM Symp. Theory of Computing, pp. 99–108 (1996)Google Scholar
  4. 4.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: Proc. 29th ACM Symp. Theory of Computing, pp. 284–293 (1997)Google Scholar
  5. 5.
    Arvind, V., Kurur, P.P.: Graph isomorphism is in SPP. In: Proc. 43rd IEEE Symp. Foundations of Computer Science, pp. 743–750 (2002)Google Scholar
  6. 6.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  7. 7.
    Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proc. IEEE International Conf. Computers, Systems, and Signal Processing, pp. 175–179 (1984)Google Scholar
  8. 8.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13(4), 850–864 (1984)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Bogdanov, A., Trevisan, L.: On worst-case to average-case reductions for NP problems. In: Proc. 44th IEEE Symp. Foundations of Computer Science, pp. 308–317 (2004)Google Scholar
  10. 10.
    Boneh, D., Lipton, R.J.: Quantum cryptanalysis of hidden linear functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 424–437. Springer, Heidelberg (1995)Google Scholar
  11. 11.
    Crâsmaru, M., Glaßer, C., Regan, K.W., Sengupta, S.: A protocol for serializing unique strategies. In: Fiala, J., Koubek, V., Kratochvíl, J. (eds.) MFCS 2004. LNCS, vol. 3153, pp. 660–672. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Crépeau, C., Dumais, P., Mayers, D., Salvail, L.: Computational collapse of quantum state with application to oblivious transfer. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 374–393. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Crépeau, C., Légaré, F., Salvail, L.: How to convert the flavor of a quantum bit commitment. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 60–77. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Damgård, I., Fehr, S., Salvail, L.: Zero-knowledge proofs and string commitments withstanding quantum attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 254–272. Springer, Heidelberg (2004)Google Scholar
  15. 15.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Information Theory 22(6), 644–654 (1976)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Dumais, P., Mayers, D., Salvail, L.: Perfectly concealing quantum bit commitment from any quantum one-way permutation. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 300–315. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Ettinger, M., Høyer, P.: On quantum algorithms for noncommutative hidden subgroups. Advances in Applied Mathematics 25, 239–251 (2000)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. System Sci. 28(2), 270–299 (1984)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof system. In: Advances in Computing Research. Randomness and Computation, vol. 5, pp. 73–90. JAI Press, Greenwich (1989)Google Scholar
  20. 20.
    Grigni, M., Schulman, L.J., Vazirani, M., Vazirani, U.: Quantum mechanical algorithms for the nonabelian hidden subgroup problem. In: Proc. 33rd ACM Symp. Theory of Computing, pp. 68–74 (2001)Google Scholar
  21. 21.
    Grollmann, J., Selman, A.L.: Complexity measures for public-key cryptosystems. SIAM J. Comput. 17(2), 309–335 (1988)MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Hallgren, S.: Polynomial-time quantum algorithms for Pell’s equation and the principal ideal problem. In: Proc. 34th ACM Symp. Theory of Computing, pp. 653–658 (2002)Google Scholar
  23. 23.
    Hallgren, S., Russell, A., Ta-Shma, A.: The hidden subgroup problem and quantum computation using group representations. SIAM J. Comput. 32(4), 916–934 (2003)MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptology 9(4), 199–216 (1996)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Kempe, J., Shalev, A.: The hidden subgroup problem and permutation group theory. In: Proc. 16th ACM-SIAM Symp. Discrete Algorithms (2005)Google Scholar
  26. 26.
    Kitaev, A.: Quantum measurements and the Abelian stabilizer problem. quant-ph/9511026 (1995)Google Scholar
  27. 27.
    Kobayashi, H.: Non-interactive quantum perfect and statistical zero-knowledge. In: Ibaraki, T., Katoh, N., Ono, H. (eds.) ISAAC 2003. LNCS, vol. 2906, pp. 178–188. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Köbler, J., Schöning, U., Torán, J.: The Graph Isomorphism Problem: Its Structural Complexity. Birkhäuser Boston Inc., Basel (1993)MATHGoogle Scholar
  29. 29.
    Kuperberg, G.: A subexponential-time quantum algorithm for the dihedral hidden subgroup problem. quant-ph/0302112 (2003)Google Scholar
  30. 30.
    Lo, H.-K., Chau, H.F.: Is quantum bit commitment really possible? Physical Review Letters 78(17), 3410–3413 (1997)CrossRefGoogle Scholar
  31. 31.
    Luks, E.M.: Permutation groups and polynomial-time computation. Groups and Computation 11, 139–175 (1993)MathSciNetGoogle Scholar
  32. 32.
    Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Physical Review Letters 78(17), 3414–3417 (1997)CrossRefGoogle Scholar
  33. 33.
    Mayers, D.: Unconditional security in quantum cryptography. J. ACM 48(3), 351–406 (2001)CrossRefMathSciNetGoogle Scholar
  34. 34.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measure. In: Proc. 45th IEEE Symp. Foundations of Computer Science, pp. 372–381 (2004)Google Scholar
  35. 35.
    Moore, C., Rockmore, D., Russell, A., Schulman, L.J.: The hidden subgroup problem in affine groups: basis selection in Fourier sampling. In: Proc. 15th ACM-SIAM Symp. Discrete Algorithms, pp. 1106–1115 (2004)Google Scholar
  36. 36.
    Okamoto, T., Tanaka, K., Uchiyama, S.: Quantum public-key cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 147–165. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  37. 37.
    Regev, O.: Quantum computation and lattice problems. In: Proc. 43rd IEEE Symp. Foundations of Computer Science, pp. 520–529 (2002)Google Scholar
  38. 38.
    Regev, O.: New lattice-based cryptographic constructions. In: Proc. 35th ACM Symp. Theory of Computing, pp. 407–416 (2003)Google Scholar
  39. 39.
    Schöning, U.: Graph isomorphism is in the low hierarchy. J. Comput. System Sci. 37, 312–323 (1988)MATHCrossRefMathSciNetGoogle Scholar
  40. 40.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484–1509 (1997)MATHCrossRefMathSciNetGoogle Scholar
  41. 41.
    Tompa, M., Woll, H.: Random self-reducibility and zero knowledge interactive proofs of possession of information. In: Proc. 28th IEEE Symp. Foundations of Computer Science, pp. 472–482 (1987)Google Scholar
  42. 42.
    Watrous, J.: Limits on the power of quantum statistical zero-knowledge. In: Proc. 43rd IEEE Symp. Foundations of Computer Science, pp. 459–468 (2002)Google Scholar
  43. 43.
    Yao, A.C.-C.: Theory and applications of trapdoor functions. In: Proc. 23rd IEEE Symp. Foundations of Computer Science, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Akinori Kawachi
    • 1
  • Takeshi Koshiba
    • 2
  • Harumichi Nishimura
    • 3
  • Tomoyuki Yamakami
    • 4
  1. 1.Graduate School of Information Science and EngineeringTokyo Institute of TechnologyTokyoJapan
  2. 2.Secure Computing LaboratoryFujitsu Laboratories Ltd.KawasakiJapan
  3. 3.ERATO Quantum Computation and Information ProjectJapan Science and Technology AgencyKyotoJapan
  4. 4.Computer Science ProgramTrent UniversityPeterboroughCanada

Personalised recommendations