Skip to main content
SpringerLink
Log in

Quantum Indistinguishability for Public Key Encryption

  • Conference paper
  • First Online:
Post-Quantum Cryptography (PQCrypto 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12841))

Included in the following conference series:

Abstract

In this work we study the quantum security of public key encryption schemes (PKE). Boneh and Zhandry (CRYPTO’13) initiated this research area for PKE and symmetric key encryption (SKE), albeit restricted to a classical indistinguishability phase. Gagliardoni et al. (CRYPTO’16) advanced the study of quantum security by giving, for SKE, the first definition with a quantum indistinguishability phase. For PKE, on the other hand, no notion of quantum security with a quantum indistinguishability phase exists.

Our main result is a novel quantum security notion ( for PKE with a quantum indistinguishability phase, which closes the aforementioned gap. We show a distinguishing attack against code-based schemes and against LWE-based schemes with certain parameters. We also show that the canonical hybrid PKE-SKE encryption construction is -secure, even if the underlying PKE scheme by itself is not. Finally, we classify quantum-resistant PKE schemes based on the applicability of our security notion.

Our core idea follows the approach of Gagliardoni et al. by using so-called type-2 operators for encrypting the challenge message. At first glance, type-2 operators appear unnatural for PKE, as the canonical way of building them requires both the secret and the public key. However, we identify a class of PKE schemes - which we call recoverable - and show that for this class type-2 operators require merely the public key. Moreover, recoverable schemes allow to realise type-2 operators even if they suffer from decryption failures, which in general thwarts the reversibility mandated by type-2 operators. Our work reveals that many real-world quantum-resistant PKE schemes, including most NIST PQC candidates and the canonical hybrid construction, are indeed recoverable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See [19, Appendix C] for concurrent and independent work.

  2. 2.

    This is implicitly considered in [12] and [18], but not explicitly formalised.

  3. 3.

    We denote by a Hilbert space such that is isomorphic to \(\mathfrak H _{\mathcal {C}} \). Notice that the opposite case, i.e., , cannot happen because it would lead to collisions on the ciphertexts and thus introduce decryption failures. Also notice that, as in [18], the case of adversarially-controlled ancilla qubits is left as an open problem.

  4. 4.

    Even if considering challengers that use superpositions of randomnesses, we show in the full version [19] that the difference is irrelevant, and that we can always restrict ourselves to the case of a classical randomness register.

  5. 5.

    As we will see, these cover all the interesting cases in practice, although there might be other classes of schemes which allow an efficient construction of ; we address the general case in the full version [19].

  6. 6.

    For example, one could combine a suitable separating SKE scheme with the canonical hybrid construction (cf. Sect. 4.2), so that the separation property is ‘inherited’ by the resulting PKE scheme. We are not aware of an explicit example of such SKE scheme and we leave this as an open problem. We stress that such a counterexample is not found in [13], as the authors there “excluded [...] notations that [...] combine quantum learning queries with quantum challenge queries of different query models.”.

References

  1. Aguilar Melchor, C., et al.: HQC. Technical report, National Institute of Standards and Technology (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions

  2. Aguilar Melchor, C., et al.: RQC. Technical report, National Institute of Standards and Technology (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions

  3. Alagic, G., Gagliardoni, T., Majenz, C.: Can you sign a quantum state. IACR Cryptology ePrint Archive, 2018:1164 (2018)

    Google Scholar 

  4. Alagic, G., Gagliardoni, T., Majenz, C.: Unforgeable quantum encryption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 489–519. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_16

    Chapter  Google Scholar 

  5. Alagic, G., Majenz, C., Russell, A., Song, F.: Quantum-access-secure message authentication via blind-unforgeability. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part III. LNCS, vol. 12107, pp. 788–817. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_27

    Chapter  Google Scholar 

  6. Alagic, G., Russell, A.: Quantum-secure symmetric-key cryptography based on hidden shifts. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 65–93. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_3

    Chapter  Google Scholar 

  7. Anand, M.V., Targhi, E.E., Tabia, G.N., Unruh, D.: Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 44–63. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_4

    Chapter  MATH  Google Scholar 

  8. Aragon, N., et al.: ROLLO. Technical report, National Institute of Standards and Technology (2019). https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions

  9. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25

    Chapter  Google Scholar 

  10. Bernstein, D.J., Buchmann, J., Dahmen, E.: Post-quantum cryptography (2009)

    Google Scholar 

  11. Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3

    Chapter  MATH  Google Scholar 

  12. Boneh, D., Zhandry, M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 361–379. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_21

    Chapter  MATH  Google Scholar 

  13. Carstens, T.V., Ebrahimi, E., Tabia, G., Unruh, D.: On quantum indistinguishability under chosen plaintext attack. Cryptology ePrint Archive, Report 2020/596 (2020). https://eprint.iacr.org/2020/596

  14. Chevalier, C., Ebrahimi, E., Vu, Q.-H.: On the security notions for encryption in a quantum world. IACR Cryptology ePrint Archive, 2020/237 (2020)

    Google Scholar 

  15. Couvreur, A., et al.: BIG QUAKE. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

  16. Damgård, I., Funder, J., Nielsen, J.B., Salvail, L.: Superposition attacks on cryptographic protocols. In: Padró, C. (ed.) ICITS 2013. LNCS, vol. 8317, pp. 142–161. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04268-8_9

    Chapter  Google Scholar 

  17. Gagliardoni, T.: Quantum security of cryptographic primitives. Ph.D. thesis, Darmstadt University of Technology, Germany (2017)

    Google Scholar 

  18. Gagliardoni, T., Hülsing, A., Schaffner, C.: Semantic security and indistinguishability in the quantum world. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 60–89. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_3

    Chapter  MATH  Google Scholar 

  19. Gagliardoni, T., Krämer, J., Struck, P.: Quantum indistinguishability for public key encryption. Cryptology ePrint Archive, Report 2020/266 (2020). https://eprint.iacr.org/2020/266

  20. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: 28th ACM STOC, pp. 212–219. ACM Press, May 1996

    Google Scholar 

  21. Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Yu., Iwata, T.: Quantum chosen-ciphertext attacks against feistel ciphers. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 391–411. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_20

    Chapter  Google Scholar 

  22. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 207–237. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_8

    Chapter  Google Scholar 

  23. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symm. Cryptol. 2016(1), 71–94 (2016). http://tosc.iacr.org/index.php/ToSC/article/view/536)

  24. Kashefi, E., Kent, A., Vedral, V., Banaszek, K.: Comparison of quantum oracles. Phys. Rev. A 65(5), 050304 (2002)

    Article  Google Scholar 

  25. Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: Proceedings of IEEE International Symposium on Information Theory, ISIT 2010, Austin, Texas, USA, 13–18 June 2010, pp. 2682–2685 (2010)

    Google Scholar 

  26. Kuwakado, H., Morii, M.: Security on the quantum-type even-mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, 28–31 October 2012, pp. 312–316 (2012)

    Google Scholar 

  27. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information: 10th Anniversary Edition, 10th edn. Cambridge University Press, New York (2011)

    Google Scholar 

  28. National Institute of Standards and Technology. Post-quantum cryptography standardization process (2017)

    Google Scholar 

  29. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84–93. ACM Press, May 2005

    Google Scholar 

  30. Rötteler, M., Steinwandt, R.: A note on quantum related-key attacks. Inf. Process. Lett. 115(1), 40–44 (2015)

    Article  Google Scholar 

  31. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th FOCS, pp. 124–134. IEEE Computer Society Press, November 1994

    Google Scholar 

  32. Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004). http://eprint.iacr.org/2004/332

  33. Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009)

    Article  MathSciNet  Google Scholar 

  34. Zhandry, M.: How to construct quantum random functions. In: 53rd FOCS, pp. 679–687. IEEE Computer Society Press, October 2012

    Google Scholar 

Download references

Acknowledgements

The authors are very grateful to the anonymous reviewers for spotting a flaw in a previous version of this manuscript. The authors also thank Cecilia Boschini and Marc Fischlin for helpful discussions regarding the correctness of public key encryption schemes and Andreas Hülsing for general discussions on the content of this work. TG acknowledges support by the EU H2020 Project FENTEC (Grant Agreement #780108). JK and PS acknowledge funding by the Deutsche Forschungsgemeinschaft (DFG) – SFB 1119 – 236615297.

Author information

Authors and Affiliations

  1. Kudelski Security, Cheseaux-sur-Lausanne, Switzerland

    Tommaso Gagliardoni

  2. Technische Universität Darmstadt, Darmstadt, Germany

    Juliane Krämer & Patrick Struck

Authors
  1. Tommaso Gagliardoni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juliane Krämer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patrick Struck
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patrick Struck .

Editor information

Editors and Affiliations

  1. Seoul National University, Seoul, Korea (Republic of)

    Jung Hee Cheon

  2. Inria, Paris, France

    Jean-Pierre Tillich

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gagliardoni, T., Krämer, J., Struck, P. (2021). Quantum Indistinguishability for Public Key Encryption. In: Cheon, J.H., Tillich, JP. (eds) Post-Quantum Cryptography. PQCrypto 2021. Lecture Notes in Computer Science(), vol 12841. Springer, Cham. https://doi.org/10.1007/978-3-030-81293-5_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81293-5_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81292-8

  • Online ISBN: 978-3-030-81293-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation