Abstract
Since a quantum adversary is supposed to be able to perform hash computation with superposition of the quantum bits, it is natural that in random oracle model, the reduction algorithm for security proof should allow the quantum adversary to query random oracle in superposition of quantum bits. However, due to physical nature of quantum states, any observation on a superposition of quantum bits will be noticed by quantum adversaries. Hence, to simulate the true random oracle, the reduction algorithm has to answer the queries without observing their content. This makes the classical reduction algorithms fail to properly perform rewinding and random oracle programming against quantum adversaries and it has been shown recently that several signature schemes generated by Fiat-Shamir transformation might be insecure against quantum adversaries although they have been proven secure in classical setting against classical adversaries.
In this paper, we propose a method to construct reduction algorithm without rewinding of quantum adversary and such that the random oracle programming is unnoticeable by the quantum adversary except with negligible probability. We show the feasibility of our method by applying it on signature scheme generated via Fiat-Shamir transformation of an identification scheme whose security is based on the decisional problem of isomorphism of polynomials with two secrets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We will describe more detail about the quantum algorithm in the following sections.
- 2.
- 3.
When limited \(\mathbf {F}\) to a certain class called homogeneous polynomials.
- 4.
References
Abdalla, M., Fouque, P.A., Lyubashevsky, V., Tibouchi, M.: Tightly secure signatures from lossy identification schemes. J. Cryptol. 29(3), 597–631 (2016)
Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems: The hardness of quantum rewinding. In: FOCS, pp. 474–483. IEEE Computer Society (2014)
Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_3
Bouillaguet, C., Faugre, J.C., Fouque, P.A., Perret, L.: Isomorphism of polynomials: New results (2010–2012). http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.156.9570
Bouillaguet, C., Fouque, P.-A., Véber, A.: Graph-theoretic algorithms for the “Isomorphism of Polynomials” problem. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 211–227. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_13
Cayrel, P.-L., Véron, P., El Yousfi Alaoui, S.M.: A zero-knowledge identification scheme based on the q-ary syndrome decoding problem. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 171–186. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19574-7_12
Dagdelen, Ö., Fischlin, M., Gagliardoni, T.: The fiat–shamir transformation in a quantum world. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 62–81. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42045-0_4
Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005). doi:10.1007/11535218_10
Goh, E.J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the diffie-hellman problems. J. Cryptol. 20(4), 493–514 (2007)
Lyubashevsky, V.: Fiat-shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10366-7_35
Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996). doi:10.1007/3-540-68339-9_4
Patarin, J., Goubin, L., Courtois, N.: Improved algorithms for isomorphisms of polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998). doi:10.1007/BFb0054126
Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 706–723. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_40
Santoso, B.: Refining identification scheme based on isomorphism of polynomials with two secrets: A new theoretical and practical analysis. In: Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography, AsiaPKC 2016, New York, NY, USA, pp. 31–38. ACM (2016)
Wootters, W.K., Zurek, W.H.: A single quantum cannot be cloned. Nature 299, 802 (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Santoso, B., Su, C. (2017). Provable Secure Post-Quantum Signature Scheme Based on Isomorphism of Polynomials in Quantum Random Oracle Model. In: Okamoto, T., Yu, Y., Au, M., Li, Y. (eds) Provable Security. ProvSec 2017. Lecture Notes in Computer Science(), vol 10592. Springer, Cham. https://doi.org/10.1007/978-3-319-68637-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-68637-0_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68636-3
Online ISBN: 978-3-319-68637-0
eBook Packages: Computer ScienceComputer Science (R0)