Filters








15,727 Hits in 6.8 sec

Quantum Collision-Finding in Non-uniform Random Functions [chapter]

Marko Balogh, Edward Eaton, Fang Song
2018 Lecture Notes in Computer Science  
We give a complete characterization of quantum attacks for finding a collision in a nonuniform random function whose outputs are drawn according to a distribution of min-entropy k.  ...  We show that Ω(2 k/3 ) quantum queries are necessary to find a collision in f , improving the previous bound Ω(2 k/9 ). In fact we show a stronger lower bound 2 k/2 in some special case.  ...  Overall, our understanding of finding a collision in non-uniform random functions is far from satisfying as far as quantum attacks are concerned.  ... 
doi:10.1007/978-3-319-79063-3_22 fatcat:op6ytqa3vbavjdbz6nlmkubhby

On Quantum Query Complexities of Collision-Finding in Non-Uniform Random Functions [article]

Tianci Peng, Shujiao Cao, Rui Xue
2021 IACR Cryptology ePrint Archive  
We then present a quantum algorithm that uses O(γ 1/6 ) quantum queries to find a collision for any non-uniform random function.  ...  any non-uniform random function.  ...  In this work we propose a new collision parameter γ in investigating the quantum query complexity of collision-finding in non-uniform random functions.  ... 
dblp:journals/iacr/PengCX21 fatcat:5syvuf5h2zei7geu3v7l7z2jd4

Quantum Collision-Resistance of Non-uniformly Distributed Functions [chapter]

Ehsan Ebrahimi Targhi, Gelo Noel Tabia, Dominique Unruh
2016 Lecture Notes in Computer Science  
We prove that Ω(2 k/9 ) quantum queries are necessary to find a collision for function f . This is needed in some security proofs in the quantum random oracle model (e.g. Fujisaki-Okamoto transform).  ...  We study the quantum query complexity of finding a collision for a function f whose outputs are chosen according to a distribution with min-entropy k.  ...  "Supporting the development of R&D of info and communication technology", by the European Social Fund's Doctoral Studies and Internationalisation Programme DoRa, by the Estonian Centre of Excellence in  ... 
doi:10.1007/978-3-319-29360-8_6 fatcat:r4aifzzcozcljn6jqmucn4ihqe

Post-quantum Security of the Sponge Construction [chapter]

Jan Czajkowski, Leon Groot Bruinderink, Andreas Hülsing, Christian Schaffner, Dominique Unruh
2018 Lecture Notes in Computer Science  
In particular, if the block function is a random function or a (non-invertible) random permutation, the sponge construction is collapsing.  ...  A crucial property for hash functions in the post-quantum setting is the collapsing property (a strengthening of collision-resistance).  ...  . • For a random block function f , we give a quantum attack for actually finding collision in the sponge construction where the number of quantum queries to f matches the above bounds (in the case that  ... 
doi:10.1007/978-3-319-79063-3_9 fatcat:y6ih3h3gvrd2loyyah7rohz3ku

A quantum lower bound for distinguishing random functions from random permutations [article]

Henry Yuen
2013 arXiv   pre-print
The problem of distinguishing between a random function and a random permutation on a domain of size N is important in theoretical cryptography, where the security of many primitives depend on the problem's  ...  We study the quantum query complexity of this problem, and show that any quantum algorithm that solves this problem with bounded error must make Ω(N^1/5/ N) queries to the input function.  ...  We also thank the anonymous referees for their useful comments, and for noticing an error in an earlier proof of Claim 4.1.  ... 
arXiv:1310.2885v2 fatcat:bb3i3gkuxnbcpew23nuyemwovi

Quantum Algorithm for the Multicollision Problem [article]

Akinori Hosoyamada, Yu Sasaki, Seiichiro Tani, Keita Xagawa
2019 arXiv   pre-print
The tight bound of quantum query complexity for finding a 2-collisions of a random function has been revealed to be Θ(N^1/3), where N is the size of the range of the function, but neither the lower nor  ...  It then provides a quantum algorithm that finds an ℓ-collision for a random function with the average quantum query complexity of O(N^(2^ℓ-1-1) / (2^ℓ-1)), which matches the tight bound of Θ(N^1/3) for  ...  For this, we need quantum algorithms dedicated to finding collisions of hash functions. Collision finding problem on random functions ( -collisions in D-Rnd and H-Rnd).  ... 
arXiv:1911.02822v1 fatcat:jzqbbcweijgurosnammytw6nwm

Verifiable Quantum Advantage without Structure [article]

Takashi Yamakawa, Mark Zhandry
2022 arXiv   pre-print
of interaction: for uniform adversaries, the proofs are non-interactive, whereas for non-uniform adversaries the proofs are two message public coin. - Our results do not appear to contradict the Aaronson-Ambanis  ...  exist functions that are one-way, and even collision resistant, against classical adversaries but are easily inverted quantumly.  ...  Note that unlike one-way functions, keyless collision resistant hash functions cannot have security against non-uniform oracle-dependent adversaries, since a non-uniform adversary can have collisions for  ... 
arXiv:2204.02063v2 fatcat:rwhoes6tdbfmxpmypxahbojt6i

Random Oracles in a Quantum World [article]

Dan Boneh, Özgür Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner, Mark Zhandry
2012 arXiv   pre-print
We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum states.  ...  We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model.  ...  For the proof, we show that a quantum-adversary A Q can find collisions on H in at least r/4 rounds with non-negligible probability.  ... 
arXiv:1008.0931v2 fatcat:j6dgglfxtncsxhlnmwzwnrzkoa

New Constructions of Collapsing Hashes [article]

Mark Zhandry
2022 IACR Cryptology ePrint Archive  
-Finding cycles on exponentially-large expander graphs, such as those arising from isogenies on elliptic curves. -The "optimal" hardness of finding collisions in any hash function.  ...  Collapsing is a post-quantum strengthening of collision resistance, needed to lift many classical results to the quantum setting.  ...  A collision resistant hash function H : {0, 1} m → {0, 1} n is one where n < m, thus guaranteeing that collisions exist in abundance, but where actually finding such collisions is computationally intractable  ... 
dblp:journals/iacr/Zhandry22a fatcat:p4ruefvwofcurlwl64ge36teue

Random Oracles in a Quantum World [chapter]

Dan Boneh, Özgür Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner, Mark Zhandry
2011 Lecture Notes in Computer Science  
We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum state.  ...  We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model.  ...  For the proof, we show that a quantum-adversary A Q can find collisions on H in at least r/4 rounds with non-negligible probability.  ... 
doi:10.1007/978-3-642-25385-0_3 fatcat:vxobiu6twncctoke5ya3oyhg4i

Improved Quantum Multicollision-Finding Algorithm [article]

Akinori Hosoyamada, Yu Sasaki, Seiichiro Tani, Keita Xagawa
2019 arXiv   pre-print
In cryptology, it is important to study how many queries are required to find l-collisions for random functions of which domains are larger than ranges.  ...  The previous algorithm finds an l-collision for a random function by recursively calling the algorithm for finding (l-1)-collisions, and it achieves the average quantum query complexity of O(N^(3^l-1-1  ...  It is not difficult to show that BHT works for random functions. Thus, BHT can be extended to the quantum collision-finding algorithm as mentioned in section 2.  ... 
arXiv:1811.08097v3 fatcat:ijgzhzrux5dxlnutbyoh75uifa

Finding many Collisions via Reusable Quantum Walks [article]

Xavier Bonnetain, André Chailloux, André Schrottenloher, Yixin Shen
2022 arXiv   pre-print
Collision finding is an ubiquitous problem in cryptanalysis, and it has been well studied using both classical and quantum algorithms.  ...  Given a random function f with domain [2^n] and codomain [2^m], with m ≥ n, a collision of f is a pair of distinct inputs with the same image.  ...  Collision Search In this paper, we study the problem of collision search in random functions. Problem 2. Let f : {0, 1} n → {0, 1} m (n ≤ m) be a random function.  ... 
arXiv:2205.14023v1 fatcat:iodpn6hfond2dlasakpigc2qsi

Grover vs. McEliece [chapter]

Daniel J. Bernstein
2010 Lecture Notes in Computer Science  
This paper shows that quantum information-set-decoding attacks are much faster than non-quantum information-set-decoding attacks.  ...  This structure means that G is not actually a uniform random full-rank matrix.  ...  Consider the following examples: • An often-quoted paper [8] by Brassard, Høyer, and Tapp argues that quantum computers force a 1.5× expansion in the output length of a collision-resistant hash function  ... 
doi:10.1007/978-3-642-12929-2_6 fatcat:nc5g7aex3zcwdobi7k34mzlvku

Quantum Time-Space Tradeoff for Finding Multiple Collision Pairs [article]

Yassine Hamoudi, Frédéric Magniez
2020 arXiv   pre-print
We study the problem of finding K collision pairs in a random function f : [N] → [N] by using a quantum computer.  ...  We prove that the number of queries to the function in the quantum random oracle model must increase significantly when the size of the available memory is limited.  ...  This research was supported in part by the ERA-NET Cofund in Quantum Technologies project QuantAlgo and the French ANR Blanc project RDAM.  ... 
arXiv:2002.08944v3 fatcat:lh2gngwqdrbcfgydj7nt2eb4dy

Secure bound analysis of quantum key distribution with non-uniform random seed of privacy amplification [article]

Bingze Yan and Yucheng Qiao and Qiong Li and Haokun Mao
2022 arXiv   pre-print
In this paper, we propose and prove the quantum leftover hash lemma with non-uniform random number seeds based on the min-entropy, and we give a precise QKD secure bound analysis with non-uniform random  ...  The effect of uniformity of random number seed for privacy amplification is not considered in existing secure bound analysis.  ...  Theorem 1 (Quantum Leftover Hash Lemma With Non-Uniform Random Seeds) Let F R be a universal hashing family of functions from X to S, f r is a hash function randomly selected from F R with random seeds  ... 
arXiv:2207.08345v1 fatcat:dxendihb4zdhrac46l7nagn2qa
« Previous Showing results 1 — 15 out of 15,727 results