A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf
.
Filters
Quantum Collision-Finding in Non-uniform Random Functions
[chapter]
2018
Lecture Notes in Computer Science
We give a complete characterization of quantum attacks for finding a collision in a nonuniform random function whose outputs are drawn according to a distribution of min-entropy k. ...
We show that Ω(2 k/3 ) quantum queries are necessary to find a collision in f , improving the previous bound Ω(2 k/9 ). In fact we show a stronger lower bound 2 k/2 in some special case. ...
Overall, our understanding of finding a collision in non-uniform random functions is far from satisfying as far as quantum attacks are concerned. ...
doi:10.1007/978-3-319-79063-3_22
fatcat:op6ytqa3vbavjdbz6nlmkubhby
On Quantum Query Complexities of Collision-Finding in Non-Uniform Random Functions
[article]
2021
IACR Cryptology ePrint Archive
We then present a quantum algorithm that uses O(γ 1/6 ) quantum queries to find a collision for any non-uniform random function. ...
any non-uniform random function. ...
In this work we propose a new collision parameter γ in investigating the quantum query complexity of collision-finding in non-uniform random functions. ...
dblp:journals/iacr/PengCX21
fatcat:5syvuf5h2zei7geu3v7l7z2jd4
Quantum Collision-Resistance of Non-uniformly Distributed Functions
[chapter]
2016
Lecture Notes in Computer Science
We prove that Ω(2 k/9 ) quantum queries are necessary to find a collision for function f . This is needed in some security proofs in the quantum random oracle model (e.g. Fujisaki-Okamoto transform). ...
We study the quantum query complexity of finding a collision for a function f whose outputs are chosen according to a distribution with min-entropy k. ...
"Supporting the development of R&D of info and communication technology", by the European Social Fund's Doctoral Studies and Internationalisation Programme DoRa, by the Estonian Centre of Excellence in ...
doi:10.1007/978-3-319-29360-8_6
fatcat:r4aifzzcozcljn6jqmucn4ihqe
Post-quantum Security of the Sponge Construction
[chapter]
2018
Lecture Notes in Computer Science
In particular, if the block function is a random function or a (non-invertible) random permutation, the sponge construction is collapsing. ...
A crucial property for hash functions in the post-quantum setting is the collapsing property (a strengthening of collision-resistance). ...
. • For a random block function f , we give a quantum attack for actually finding collision in the sponge construction where the number of quantum queries to f matches the above bounds (in the case that ...
doi:10.1007/978-3-319-79063-3_9
fatcat:y6ih3h3gvrd2loyyah7rohz3ku
A quantum lower bound for distinguishing random functions from random permutations
[article]
2013
arXiv
pre-print
The problem of distinguishing between a random function and a random permutation on a domain of size N is important in theoretical cryptography, where the security of many primitives depend on the problem's ...
We study the quantum query complexity of this problem, and show that any quantum algorithm that solves this problem with bounded error must make Ω(N^1/5/ N) queries to the input function. ...
We also thank the anonymous referees for their useful comments, and for noticing an error in an earlier proof of Claim 4.1. ...
arXiv:1310.2885v2
fatcat:bb3i3gkuxnbcpew23nuyemwovi
Quantum Algorithm for the Multicollision Problem
[article]
2019
arXiv
pre-print
The tight bound of quantum query complexity for finding a 2-collisions of a random function has been revealed to be Θ(N^1/3), where N is the size of the range of the function, but neither the lower nor ...
It then provides a quantum algorithm that finds an ℓ-collision for a random function with the average quantum query complexity of O(N^(2^ℓ-1-1) / (2^ℓ-1)), which matches the tight bound of Θ(N^1/3) for ...
For this, we need quantum algorithms dedicated to finding collisions of hash functions.
Collision finding problem on random functions ( -collisions in D-Rnd and H-Rnd). ...
arXiv:1911.02822v1
fatcat:jzqbbcweijgurosnammytw6nwm
Verifiable Quantum Advantage without Structure
[article]
2022
arXiv
pre-print
of interaction: for uniform adversaries, the proofs are non-interactive, whereas for non-uniform adversaries the proofs are two message public coin. - Our results do not appear to contradict the Aaronson-Ambanis ...
exist functions that are one-way, and even collision resistant, against classical adversaries but are easily inverted quantumly. ...
Note that unlike one-way functions, keyless collision resistant hash functions cannot have security against non-uniform oracle-dependent adversaries, since a non-uniform adversary can have collisions for ...
arXiv:2204.02063v2
fatcat:rwhoes6tdbfmxpmypxahbojt6i
Random Oracles in a Quantum World
[article]
2012
arXiv
pre-print
We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum states. ...
We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model. ...
For the proof, we show that a quantum-adversary A Q can find collisions on H in at least r/4 rounds with non-negligible probability. ...
arXiv:1008.0931v2
fatcat:j6dgglfxtncsxhlnmwzwnrzkoa
New Constructions of Collapsing Hashes
[article]
2022
IACR Cryptology ePrint Archive
-Finding cycles on exponentially-large expander graphs, such as those arising from isogenies on elliptic curves. -The "optimal" hardness of finding collisions in any hash function. ...
Collapsing is a post-quantum strengthening of collision resistance, needed to lift many classical results to the quantum setting. ...
A collision resistant hash function H : {0, 1} m → {0, 1} n is one where n < m, thus guaranteeing that collisions exist in abundance, but where actually finding such collisions is computationally intractable ...
dblp:journals/iacr/Zhandry22a
fatcat:p4ruefvwofcurlwl64ge36teue
Random Oracles in a Quantum World
[chapter]
2011
Lecture Notes in Computer Science
We argue that to prove post-quantum security one needs to prove security in the quantum-accessible random oracle model where the adversary can query the random oracle with quantum state. ...
We then set out to develop generic conditions under which a classical random oracle proof implies security in the quantum-accessible random oracle model. ...
For the proof, we show that a quantum-adversary A Q can find collisions on H in at least r/4 rounds with non-negligible probability. ...
doi:10.1007/978-3-642-25385-0_3
fatcat:vxobiu6twncctoke5ya3oyhg4i
Improved Quantum Multicollision-Finding Algorithm
[article]
2019
arXiv
pre-print
In cryptology, it is important to study how many queries are required to find l-collisions for random functions of which domains are larger than ranges. ...
The previous algorithm finds an l-collision for a random function by recursively calling the algorithm for finding (l-1)-collisions, and it achieves the average quantum query complexity of O(N^(3^l-1-1 ...
It is not difficult to show that BHT works for random functions. Thus, BHT can be extended to the quantum collision-finding algorithm as mentioned in section 2. ...
arXiv:1811.08097v3
fatcat:ijgzhzrux5dxlnutbyoh75uifa
Finding many Collisions via Reusable Quantum Walks
[article]
2022
arXiv
pre-print
Collision finding is an ubiquitous problem in cryptanalysis, and it has been well studied using both classical and quantum algorithms. ...
Given a random function f with domain [2^n] and codomain [2^m], with m ≥ n, a collision of f is a pair of distinct inputs with the same image. ...
Collision Search In this paper, we study the problem of collision search in random functions. Problem 2. Let f : {0, 1} n → {0, 1} m (n ≤ m) be a random function. ...
arXiv:2205.14023v1
fatcat:iodpn6hfond2dlasakpigc2qsi
Grover vs. McEliece
[chapter]
2010
Lecture Notes in Computer Science
This paper shows that quantum information-set-decoding attacks are much faster than non-quantum information-set-decoding attacks. ...
This structure means that G is not actually a uniform random full-rank matrix. ...
Consider the following examples: • An often-quoted paper [8] by Brassard, Høyer, and Tapp argues that quantum computers force a 1.5× expansion in the output length of a collision-resistant hash function ...
doi:10.1007/978-3-642-12929-2_6
fatcat:nc5g7aex3zcwdobi7k34mzlvku
Quantum Time-Space Tradeoff for Finding Multiple Collision Pairs
[article]
2020
arXiv
pre-print
We study the problem of finding K collision pairs in a random function f : [N] → [N] by using a quantum computer. ...
We prove that the number of queries to the function in the quantum random oracle model must increase significantly when the size of the available memory is limited. ...
This research was supported in part by the ERA-NET Cofund in Quantum Technologies project QuantAlgo and the French ANR Blanc project RDAM. ...
arXiv:2002.08944v3
fatcat:lh2gngwqdrbcfgydj7nt2eb4dy
Secure bound analysis of quantum key distribution with non-uniform random seed of privacy amplification
[article]
2022
arXiv
pre-print
In this paper, we propose and prove the quantum leftover hash lemma with non-uniform random number seeds based on the min-entropy, and we give a precise QKD secure bound analysis with non-uniform random ...
The effect of uniformity of random number seed for privacy amplification is not considered in existing secure bound analysis. ...
Theorem 1 (Quantum Leftover Hash Lemma With Non-Uniform Random Seeds) Let F R be a universal hashing family of functions from X to S, f r is a hash function randomly selected from F R with random seeds ...
arXiv:2207.08345v1
fatcat:dxendihb4zdhrac46l7nagn2qa
« Previous
Showing results 1 — 15 out of 15,727 results