Online-Extractability in the Quantum Random-Oracle Model

Jelle Don; Serge Fehr; Christian Majenz; Christian Schaffner

doi:10.1007/978-3-031-07082-2_24

Online-Extractability in the Quantum Random-Oracle Model

Jelle Don^*, Serge Fehr, Christian Majenz, Christian Schaffner

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

71 Downloads (Orbit)

Abstract

We show the following generic result: When a quantum query algorithm in the quantum random-oracle model outputs a classical value t that is promised to be in some tight relation with H(x) for some x, then x can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and (almost) without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts x. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open Σ -protocols in the quantum setting, and we offer the first complete post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e., without adjustments to facilitate the proof, including concrete security bounds.

Original language	English
Title of host publication	Proceedings of 41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques
Editors	Orr Dunkelman, Stefan Dziembowski
Publisher	Springer
Publication date	2022
Pages	677-706
ISBN (Print)	9783031070815
DOIs	https://doi.org/10.1007/978-3-031-07082-2_24
Publication status	Published - 2022
Event	41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques - Trondheim, Norway Duration: 30 May 2022 → 3 Jun 2022

Conference

Conference	41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques
Country/Territory	Norway
City	Trondheim
Period	30/05/2022 → 03/06/2022

Series	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13277 LNCS
ISSN	0302-9743

Access to Document

10.1007/978-3-031-07082-2_24

FulltextFinal published version, 854 KB

OpenUrl availability

Full text

Cite this

Don, Jelle ; Fehr, Serge ; Majenz, Christian et al. / Online-Extractability in the Quantum Random-Oracle Model. Proceedings of 41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques. editor / Orr Dunkelman ; Stefan Dziembowski. Springer, 2022. pp. 677-706 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13277 LNCS).

@inproceedings{4e4b4ba533f84111a92aa360ad100864,

title = "Online-Extractability in the Quantum Random-Oracle Model",

abstract = "We show the following generic result: When a quantum query algorithm in the quantum random-oracle model outputs a classical value t that is promised to be in some tight relation with H(x) for some x, then x can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and (almost) without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts x. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open Σ -protocols in the quantum setting, and we offer the first complete post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e., without adjustments to facilitate the proof, including concrete security bounds.",

author = "Jelle Don and Serge Fehr and Christian Majenz and Christian Schaffner",

note = "Publisher Copyright: {\textcopyright} 2022, International Association for Cryptologic Research.; 41<sup>st</sup> Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2022 ; Conference date: 30-05-2022 Through 03-06-2022",

year = "2022",

doi = "10.1007/978-3-031-07082-2_24",

language = "English",

isbn = "9783031070815",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "677--706",

editor = "Orr Dunkelman and Stefan Dziembowski",

booktitle = "Proceedings of 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques",

}

Don, J, Fehr, S, Majenz, C & Schaffner, C 2022, Online-Extractability in the Quantum Random-Oracle Model. in O Dunkelman & S Dziembowski (eds), Proceedings of 41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13277 LNCS, pp. 677-706, 41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, 30/05/2022. https://doi.org/10.1007/978-3-031-07082-2_24

Online-Extractability in the Quantum Random-Oracle Model. / Don, Jelle; Fehr, Serge; Majenz, Christian et al.
Proceedings of 41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques. ed. / Orr Dunkelman; Stefan Dziembowski. Springer, 2022. p. 677-706 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13277 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Online-Extractability in the Quantum Random-Oracle Model

AU - Don, Jelle

AU - Fehr, Serge

AU - Majenz, Christian

AU - Schaffner, Christian

PY - 2022

Y1 - 2022

N2 - We show the following generic result: When a quantum query algorithm in the quantum random-oracle model outputs a classical value t that is promised to be in some tight relation with H(x) for some x, then x can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and (almost) without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts x. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open Σ -protocols in the quantum setting, and we offer the first complete post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e., without adjustments to facilitate the proof, including concrete security bounds.

AB - We show the following generic result: When a quantum query algorithm in the quantum random-oracle model outputs a classical value t that is promised to be in some tight relation with H(x) for some x, then x can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and (almost) without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts x. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open Σ -protocols in the quantum setting, and we offer the first complete post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e., without adjustments to facilitate the proof, including concrete security bounds.

U2 - 10.1007/978-3-031-07082-2_24

DO - 10.1007/978-3-031-07082-2_24

M3 - Article in proceedings

AN - SCOPUS:85132108721

SN - 9783031070815

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 677

EP - 706

BT - Proceedings of 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques

A2 - Dunkelman, Orr

A2 - Dziembowski, Stefan

PB - Springer

T2 - 41<sup>st</sup> Annual International Conference on the Theory and Applications of Cryptographic Techniques

Y2 - 30 May 2022 through 3 June 2022

ER -

Don J, Fehr S, Majenz C, Schaffner C. Online-Extractability in the Quantum Random-Oracle Model. In Dunkelman O, Dziembowski S, editors, Proceedings of 41^st Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer. 2022. p. 677-706. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13277 LNCS). doi: 10.1007/978-3-031-07082-2_24