Unforgeable Quantum Encryption

  • Gorjan AlagicEmail author
  • Tommaso Gagliardoni
  • Christian Majenz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10822)


We study the problem of encrypting and authenticating quantum data in the presence of adversaries making adaptive chosen plaintext and chosen ciphertext queries. Classically, security games use string copying and comparison to detect adversarial cheating in such scenarios. Quantumly, this approach would violate no-cloning. We develop new techniques to overcome this problem: we use entanglement to detect cheating, and rely on recent results for characterizing quantum encryption schemes. We give definitions for (i) ciphertext unforgeability, (ii) indistinguishability under adaptive chosen-ciphertext attack, and (iii) authenticated encryption. The restriction of each definition to the classical setting is at least as strong as the corresponding classical notion: (i) implies \(\mathsf {INT\text {-}CTXT}\), (ii) implies \(\mathsf {IND\text {-}CCA2}\), and (iii) implies \(\mathsf {AE}\). All of our new notions also imply \(\mathsf {QIND\text {-}CPA}\) privacy. Combining one-time authentication and classical pseudorandomness, we construct symmetric-key quantum encryption schemes for each of these new security notions, and provide several separation examples. Along the way, we also give a new definition of one-time quantum authentication which, unlike all previous approaches, authenticates ciphertexts rather than plaintexts.


Quantum Encryption Scheme Quantum Authentication Ciphertext Unforgeability Security Notion Quan Tum 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors would like to thank Anne Broadbent, Frédéric Dupuis, Yfke Dulek, Alex Russell, Christian Schaffner, and Fang Song for insightful discussions about the problems solved in this work. Part of this work was done while T.G. was supported by the TU Darmstadt. Part of this work was done while G.A. and C.M. were at QMATH, University of Copenhagen. Part of this work was sponsored by the COST CryptoAction IC1306. T.G. acknowledges financial support from the European Commissions PERCY grant (agreement 321310). G.A. and C.M. acknowledge financial support from the European Research Council (ERC Grant Agreement no 337603), the Danish Council for Independent Research (Sapere Aude) and VILLUM FONDEN via the QMATH Centre of Excellence (Grant No. 10059). This work is part of the research programme “Cryptography in the Quantum Age” with project number 639.022.519, which is financed by the Netherlands Organisation for Scientific Research (NWO).


  1. 1.
    Aaronson, S., Gottesman, D.: Improved simulation of stabilizer circuits. CoRR, quant-ph/0406196 (2004)Google Scholar
  2. 2.
    Aharonov, D., Ben-Or, M., Eban, E.: Interactive proofs for quantum computations. In: Proceedings of the Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, 5–7 January 2010, pp. 453–469 (2010)Google Scholar
  3. 3.
    Alagic, G., Broadbent, A., Fefferman, B., Gagliardoni, T., Schaffner, C., St. Jules, M.: Computational security of quantum encryption. In: Nascimento, A.C.A., Barreto, P. (eds.) ICITS 2016. LNCS, vol. 10015, pp. 47–71. Springer, Cham (2016). Scholar
  4. 4.
    Alagic, G., Gagliardoni, T., Majenz, C.: Unforgeable quantum encryption. Cryptology ePrint Archive, Report 2017/960 (2017).
  5. 5.
    Alagic, G., Majenz, C.: Quantum non-malleability and authentication. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 310–341. Springer, Cham (2017). Scholar
  6. 6.
    Ambainis, A., Bouda, J., Winter, A.: Non-malleable encryption of quantum information. J. Math. Phys. 50(4), 042106 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Ambainis, A., Mosca, M., Tapp, A., de Wolf, R.: Private quantum channels. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, Redondo Beach, California, USA, 12–14 November 2000, pp. 547–553 (2000)Google Scholar
  8. 8.
    Barak, B.: Cs127 course notes, Chap. 6. Accessed 7 Sept 2017
  9. 9.
    Barnum, H., Crépeau, C., Gottesman, D., Smith, A.D., Tapp, A.: Authentication of quantum messages. In: Proceedings of the 43rd Symposium on Foundations of Computer Science (FOCS 2002), Vancouver, BC, Canada, 16–19 November 2002, pp. 449–458 (2002)Google Scholar
  10. 10.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). Scholar
  11. 11.
    Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 592–608. Springer, Heidelberg (2013). Scholar
  12. 12.
    Boneh, D., Zhandry, M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 361–379. Springer, Heidelberg (2013). Scholar
  13. 13.
    Brandão, F.G.S.L., Harrow, A.W., Horodecki, M.: Local random quantum circuits are approximate polynomial-designs. Commun. Math. Phys. 346(2), 397–434 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Broadbent, A., Jeffery, S.: Quantum homomorphic encryption for circuits of low T-gate complexity. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 609–629. Springer, Heidelberg (2015). Scholar
  15. 15.
    Broadbent, A., Wainewright, E.: Efficient simulation for quantum message authentication. In: Nascimento, A.C.A., Barreto, P. (eds.) ICITS 2016. LNCS, vol. 10015, pp. 72–91. Springer, Cham (2016). Scholar
  16. 16.
    DiVincenzo, D.P., Leung, D.W., Terhal, B.M.: Quantum data hiding. IEEE Trans. Inf. Theory 48(3), 580–598 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Dulek, Y., Schaffner, C., Speelman, F.: Quantum homomorphic encryption for polynomial-sized circuits. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 3–32. Springer, Heidelberg (2016). Scholar
  18. 18.
    Dupuis, F., Nielsen, J.B., Salvail, L.: Secure two-party quantum evaluation of unitaries against specious adversaries. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 685–706. Springer, Heidelberg (2010). Scholar
  19. 19.
    Dupuis, F., Nielsen, J.B., Salvail, L.: Actively secure two-party evaluation of any quantum operation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 794–811. Springer, Heidelberg (2012). Scholar
  20. 20.
    Gagliardoni, T., Hülsing, A., Schaffner, C.: Semantic security and indistinguishability in the quantum world. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 60–89. Springer, Heidelberg (2016). Scholar
  21. 21.
    Garg, S., Yuen, H., Zhandry, M.: New security notions and feasibility results for authentication of quantum data. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 342–371. Springer, Cham (2017). Scholar
  22. 22.
    Gottesman, D.: The Heisenberg representation of quantum computers. arXiv quant-ph/9807006 (1998)Google Scholar
  23. 23.
    Gottesman, D.: Uncloneable encryption. Quantum Inf. Comput. 3(6), 581–602 (2003)MathSciNetzbMATHGoogle Scholar
  24. 24.
    Hayden, P., Leung, D.W., Mayers, D.W.: The universal composable security of quantum message authentication with key recyling. arXiv quant-ph/1610.09434 (2016)Google Scholar
  25. 25.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. CRC Press, Boca Raton (2014)zbMATHGoogle Scholar
  26. 26.
    Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information: 10th Anniversary Edition, 10th edn. Cambridge University Press, New York (2011)zbMATHGoogle Scholar
  27. 27.
    Portmann, C.: Quantum authentication with key recycling. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 339–368. Springer, Cham (2017). Scholar
  28. 28.
    Shrimpton, T.: A characterization of authenticated-encryption as a form of chosen-ciphertext security. IACR Cryptology ePrint Archive 2004:272 (2004)Google Scholar
  29. 29.
    Winter, A.J.: Coding theorem and strong converse for quantum channels. IEEE Trans. Inf. Theory 45(7), 2481–2485 (1999)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Gorjan Alagic
    • 1
    • 2
    Email author
  • Tommaso Gagliardoni
    • 3
  • Christian Majenz
    • 4
    • 5
  1. 1.Joint Center for Quantum Information and Computer ScienceUniversity of MarylandCollege ParkUSA
  2. 2.National Institute of Standards and TechnologyGaithersburgUSA
  3. 3.IBM ResearchZurichSwitzerland
  4. 4.Institute for Logic, Language and ComputationUniversity of AmsterdamAmsterdamNetherlands
  5. 5.Centrum for Wiskunde en InformaticaAmsterdamNetherlands

Personalised recommendations