Merkle Puzzles in a Quantum World

  • Gilles Brassard
  • Peter Høyer
  • Kassem Kalach
  • Marc Kaplan
  • Sophie Laplante
  • Louis Salvail
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

In 1974, Ralph Merkle proposed the first unclassified scheme for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N, an eavesdropper cannot break into their communication without spending a time proportional to N2, which is quadratically more than the legitimate effort. We showed in an earlier paper that Merkle’s schemes are completely insecure against a quantum adversary, but that their security can be partially restored if the legitimate parties are also allowed to use quantum computation: the eavesdropper needed to spend a time proportional to N3/2 to break our earlier quantum scheme. Furthermore, all previous classical schemes could be broken completely by the onslaught of a quantum eavesdropper and we conjectured that this is unavoidable.

We give two novel key agreement schemes in the spirit of Merkle’s. The first one can be broken by a quantum adversary that makes an effort proportional to N5/3 to implement a quantum random walk in a Johnson graph reminiscent of Andris Ambainis’ quantum algorithm for the element distinctness problem. This attack is optimal up to logarithmic factors. Our second scheme is purely classical, yet it cannot be broken by a quantum eavesdropper who is only willing to expend effort proportional to that of the legitimate parties.

Keywords

Merkle Puzzles Public Key Distribution Quantum Cryptography 

References

  1. 1.
    Aaronson, S., Shi, Y.: Quantum lower bounds for the collision and the element distinctness problems. Journal of the ACM 51(4), 595–605 (2004)MathSciNetMATHCrossRefGoogle Scholar
  2. 2.
    Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM Journal on Computing 37, 210–239 (2007)MathSciNetMATHCrossRefGoogle Scholar
  3. 3.
    Barak, B., Mahmoody-Ghidary, M.: Merkle puzzles are optimal — An O(n 2)–query attack on any key exchange from a random oracle. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 374–390. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Beals, R., Buhrman, H., Cleve, R., Mosca, M., de Wolf, R.: Quantum lower bounds by polynomials. Journal of the ACM 48(4), 778–797 (2001)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, U.V.: Strengths and weaknesses of quantum computing. SIAM Journal on Computing 26(5), 1510–1523 (1997)MathSciNetMATHCrossRefGoogle Scholar
  6. 6.
    Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. Fortschritte Der Physik 46, 493–505 (1998)CrossRefGoogle Scholar
  7. 7.
    Brassard, G., Høyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. In: Lomonaco Jr., S.J. (ed.) Quantum Computation and Quantum Information. Contemporary Mathematics, vol. 305, pp. 53–74. AMS, Providence (2002)Google Scholar
  8. 8.
    Brassard, G., Salvail, L.: Quantum Merkle puzzles. In: Proceedings of Second International Conference on Quantum, Nano, and Micro Technologies (ICQNM 2008), Sainte Luce, Martinique, pp. 76–79 (February 2008)Google Scholar
  9. 9.
    Buhrman, H., Dürr, C., Heiligman, M., Høyer, P., Magniez, F., Sántha, M., de Wolf, R.: Quantum algorithms for element distinctness (2000), http://arxiv.org/abs/quant-ph/0007016v2
  10. 10.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetMATHCrossRefGoogle Scholar
  11. 11.
    Grover, L.K.: Quantum mechanics helps in searching for a needle in a haystack. Physical Review Letters 79(2), 325–328 (1997)CrossRefGoogle Scholar
  12. 12.
    Heiligman, M.: Finding matches between two databases on a quantum computer (2000), http://arxiv.org/abs/quant-ph/0006136v1
  13. 13.
    Høyer, P., Lee, T., Špalek, R.: Negative weights make adversaries stronger. In: Proceedings of 39th Annual Symposium on Theory of Computing (STOC), pp. 526–535 (June 2007), The complete version can be found at, http://arxiv.org/abs/quant-ph/0611054v2
  14. 14.
    Lee, T., Mittal, R., Reichardt, B.W., Špalek, R.: An adversary for algorithms (2010), http://arxiv.org/abs/1011.3020v1
  15. 15.
    Merkle, R.: C.S. 244 Project Proposal (1974), Facsimile available at http://www.merkle.com/1974
  16. 16.
    Merkle, R.: Secure communications over insecure channels. Communications of the ACM 21(4), 294–299 (1978)CrossRefGoogle Scholar
  17. 17.
    Sántha, M.: Quantum walk based search algorithms. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 31–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Gilles Brassard
    • 1
  • Peter Høyer
    • 2
  • Kassem Kalach
    • 1
  • Marc Kaplan
    • 1
  • Sophie Laplante
    • 3
  • Louis Salvail
    • 1
  1. 1.Département d’informatique et de recherche opérationnelleUniversité de MontréalMontréalCanada
  2. 2.Department of Computer ScienceUniversity of CalgaryCalgaryCanada
  3. 3.LRIUniversité Paris-SudOrsayFrance

Personalised recommendations