Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

  • Dan Boneh
  • Mark Zhandry
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)


We initiate the study of quantum-secure digital signatures and quantum chosen ciphertext security. In the case of signatures, we enhance the standard chosen message query model by allowing the adversary to issue quantum chosen message queries: given a superposition of messages, the adversary receives a superposition of signatures on those messages. Similarly, for encryption, we allow the adversary to issue quantum chosen ciphertext queries: given a superposition of ciphertexts, the adversary receives a superposition of their decryptions. These adversaries model a natural ubiquitous quantum computing environment where end-users sign messages and decrypt ciphertexts on a personal quantum computer.

We construct classical systems that remain secure when exposed to such quantum queries. For signatures, we construct two compilers that convert classically secure signatures into signatures secure in the quantum setting and apply these compilers to existing post-quantum signatures. We also show that standard constructions such as Lamport one-time signatures and Merkle signatures remain secure under quantum chosen message attacks, thus giving signatures whose quantum security is based on generic assumptions. For encryption, we define security under quantum chosen ciphertext attacks and present both public-key and symmetric-key constructions.


Quantum computing signatures encryption quantum security 


  1. [ABB10]
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. [BCHK04]
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BDF+11]
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random Oracles in a Quantum World. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. [BHK+11]
    Brassard, G., Høyer, P., Kalach, K., Kaplan, M., Laplante, S., Salvail, L.: Merkle Puzzles in a Quantum World. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 391–410. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. [BS08]
    Brassard, G., Salvail, L.: Quantum Merkle Puzzles. In: Second International Conference on Quantum, Nano and Micro Technologies (ICQNM 2008), pp. 76–79 (February 2008)Google Scholar
  6. [BZ13a]
    Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 592–608. Springer, Heidelberg (2013), Full version available at the Electronic Colloquium on Computational Complexity: Scholar
  7. [BZ13b]
    Boneh, D., Zhandry, M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 361–379. Springer, Heidelberg (2013), Full version available at the Cryptology ePrint Archives (2013), Scholar
  8. [Can01]
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of FOCS. IEEE (2001)Google Scholar
  9. [CHKP10]
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai Trees, or How to Delegate a Lattice Basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. [DFNS11]
    Damgård, I., Funder, J., Nielsen, J.B., Salvail, L.: Superposition attacks on cryptographic protocols. CoRR, abs/1108.6313 (2011)Google Scholar
  11. [GPV08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for Hard Lattices and New Cryptographic Constructions. In: Proceedings of the 40th Annual ACM symposium on Theory of computing (STOC), p. 197 (2008)Google Scholar
  12. [HSS11]
    Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. [IBM12]
    IBM Research. IBM research advances device performance for quantum computing (February 2012),
  14. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. In: Proc. of NDSS, pp. 1–22 (2000)Google Scholar
  15. [Lam79]
    Lamport, L.: Constructing digital signatures from a one-way function. Technical Report SRI-CSL-98 (1979)Google Scholar
  16. [Mer87]
    Merkle, R.C.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  17. [PS96]
    Pointcheval, D., Stern, J.: Provably secure blind signature schemes. In: Kim, K.-C., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 1–12. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  18. [Unr10]
    Unruh, D.: Universally Composable Quantum Multi-Party Computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. [Zha12a]
    Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Heidelberg (2012), Full version available at the Cryptology ePrint Archives: Scholar
  20. [Zha12b]
    Zhandry, M.: How to construct quantum random functions. In: Proceedings of FOCS (2012), Full version available at the Cryptology ePrint Archives:

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Dan Boneh
    • 1
  • Mark Zhandry
    • 1
  1. 1.Stanford UniversityUSA

Personalised recommendations