-
Relating Quantum Tamper-Evident Encryption to Other Cryptographic Notions
Authors:
Sébastien Lord
Abstract:
A quantum tamper-evident encryption scheme is a non-interactive symmetric-key encryption scheme mapping classical messages to quantum ciphertexts such that an honest recipient of a ciphertext can detect with high probability any meaningful eavesdropping. This quantum cryptographic primitive was first introduced by Gottesman in 2003. Beyond formally defining this security notion, Gottesman's work h…
▽ More
A quantum tamper-evident encryption scheme is a non-interactive symmetric-key encryption scheme mapping classical messages to quantum ciphertexts such that an honest recipient of a ciphertext can detect with high probability any meaningful eavesdropping. This quantum cryptographic primitive was first introduced by Gottesman in 2003. Beyond formally defining this security notion, Gottesman's work had three main contributions: showing that any quantum authentication scheme is also a tamper-evident scheme, noting that a quantum key distribution scheme can be constructed from any tamper-evident scheme, and constructing a prepare-and-measure tamper-evident scheme using only Wiesner states inspired by Shor and Preskill's proof of security for the BB84 quantum key distribution scheme.
In this work, we further our understanding of tamper-evident encryption by formally relating it to other quantum cryptographic primitives in an information-theoretic setting. In particular, we show that tamper evidence implies encryption, answering a question left open by Gottesman, we show that it can be constructed from any encryption scheme with revocation and vice-versa, and we formalize an existing sketch of a construction of quantum money from any tamper-evident encryption scheme. These results also yield as a corollary that any scheme allowing the revocation of a message must be an encryption scheme. We also show separations between tamper evidence and other primitives, notably showing that tamper evidence does not imply authentication and does not imply uncloneable encryption.
△ Less
Submitted 19 May, 2025; v1 submitted 4 November, 2024;
originally announced November 2024.
-
Uncloneable Quantum Advice
Authors:
Anne Broadbent,
Martti Karvonen,
Sébastien Lord
Abstract:
The famous no-cloning principle has been shown recently to enable a number of uncloneable functionalities. Here we address for the first time unkeyed quantum uncloneablity, via the study of a complexity-theoretic tool that enables a computation, but that is natively unkeyed: quantum advice. Remarkably, this is an application of the no-cloning principle in a context where the quantum states of inte…
▽ More
The famous no-cloning principle has been shown recently to enable a number of uncloneable functionalities. Here we address for the first time unkeyed quantum uncloneablity, via the study of a complexity-theoretic tool that enables a computation, but that is natively unkeyed: quantum advice. Remarkably, this is an application of the no-cloning principle in a context where the quantum states of interest are not chosen by a random process. We show the unconditional existence of promise problems admitting uncloneable quantum advice, and the existence of languages with uncloneable advice, assuming the feasibility of quantum copy-protecting certain functions. Along the way, we note that state complexity classes, introduced by Rosenthal and Yuen (ITCS 2022) - which concern the computational difficulty of synthesizing sequences of quantum states - can be naturally generalized to obtain state cloning complexity classes. We make initial observations on these classes, notably obtaining a result analogous to the existence of undecidable problems.
Our proof technique establishes the existence of ingenerable sequences of finite bit strings - essentially meaning that they cannot be generated by any uniform circuit family. We then prove a generic result showing that the difficulty of accomplishing a computational task on uniformly random inputs implies its difficulty on any fixed, ingenerable sequence. We use this result to derandomize quantum cryptographic games that relate to cloning, and then incorporate a result of Kundu and Tan (arXiv 2022) to obtain uncloneable advice. Applying this two-step process to a monogamy-of-entanglement game yields a promise problem with uncloneable advice, and applying it to the quantum copy-protection of pseudorandom functions with super-logarithmic output lengths yields a language with uncloneable advice.
△ Less
Submitted 10 September, 2023;
originally announced September 2023.
-
Secure Software Leasing Without Assumptions
Authors:
Anne Broadbent,
Stacey Jeffery,
Sébastien Lord,
Supartha Podder,
Aarthi Sundaram
Abstract:
Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit $C$ from a circuit class, SSL produces an encoding of $C$ that enables a recipient to evaluate $C$, and also enables the originator of the software to verify that the softwar…
▽ More
Quantum cryptography is known for enabling functionalities that are unattainable using classical information alone. Recently, Secure Software Leasing (SSL) has emerged as one of these areas of interest. Given a target circuit $C$ from a circuit class, SSL produces an encoding of $C$ that enables a recipient to evaluate $C$, and also enables the originator of the software to verify that the software has been returned -- meaning that the recipient has relinquished the possibility of any further use of the software. Clearly, such a functionality is unachievable using classical information alone, since it is impossible to prevent a user from keeping a copy of the software. Recent results have shown the achievability of SSL using quantum information for a class of functions called compute-and-compare (these are a generalization of the well-known point functions). These prior works, however all make use of setup or computational assumptions. Here, we show that SSL is achievable for compute-and-compare circuits without any assumptions.
Our technique involves the study of quantum copy-protection, which is a notion related to SSL, but where the encoding procedure inherently prevents a would-be quantum software pirate from splitting a single copy of an encoding for $C$ into two parts, each of which enables a user to evaluate $C$. We show that point functions can be copy-protected without any assumptions, for a novel security definition involving one honest and one malicious evaluator; this is achieved by showing that from any quantum message authentication code, we can derive such an honest-malicious copy-protection scheme. We then show that a generic honest-malicious copy-protection scheme implies SSL; by prior work, this yields SSL for compute-and-compare functions.
△ Less
Submitted 29 January, 2021;
originally announced January 2021.
-
Uncloneable Quantum Encryption via Oracles
Authors:
Anne Broadbent,
Sébastien Lord
Abstract:
Quantum information is well-known to achieve cryptographic feats that are unattainable using classical information alone. Here, we add to this repertoire by introducing a new cryptographic functionality called uncloneable encryption. This functionality allows the encryption of a classical message such that two collaborating but isolated adversaries are prevented from simultaneously recovering the…
▽ More
Quantum information is well-known to achieve cryptographic feats that are unattainable using classical information alone. Here, we add to this repertoire by introducing a new cryptographic functionality called uncloneable encryption. This functionality allows the encryption of a classical message such that two collaborating but isolated adversaries are prevented from simultaneously recovering the message, even when the encryption key is revealed. Clearly, such functionality is unattainable using classical information alone. We formally define uncloneable encryption, and show how to achieve it using Wiesner's conjugate coding, combined with a quantum-secure pseudorandom function (qPRF). Modelling the qPRF as a quantum random oracle, we show security by adapting techniques from the quantum one-way-to-hiding lemma, as well as using bounds from quantum monogamy-of-entanglement games.
△ Less
Submitted 8 October, 2019; v1 submitted 28 February, 2019;
originally announced March 2019.
