A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit <a rel="external noopener" href="https://arxiv.org/pdf/2111.08665v2.pdf">the original URL</a>. The file type is <code>application/pdf</code>.
<span class="release-stage" >pre-print</span>
From the minimal assumption of post-quantum semi-honest oblivious transfers, we build the first ϵ-simulatable two-party computation (2PC) against quantum polynomial-time (QPT) adversaries that is both constant-round and black-box (for both the construction and security reduction). A recent work by Chia, Chung, Liu, and Yamakawa (FOCS'21) shows that post-quantum 2PC with standard simulation-based security is impossible in constant rounds, unless either 𝐍𝐏⊆𝐁𝐐𝐏 or relying on non-black-box<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2111.08665v2">arXiv:2111.08665v2</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/vwuubopj3rh65n2k3d3oqpar5i">fatcat:vwuubopj3rh65n2k3d3oqpar5i</a> </span>
more »... n. The ϵ-simulatability we target is a relaxation of the standard simulation-based security that allows for an arbitrarily small noticeable simulation error ϵ. Moreover, when quantum communication is allowed, we can further weaken the assumption to post-quantum secure one-way functions (PQ-OWFs), while maintaining the constant-round and black-box property. Our techniques also yield the following set of constant-round and black-box two-party protocols secure against QPT adversaries, only assuming black-box access to PQ-OWFs: - extractable commitments for which the extractor is also an ϵ-simulator; - ϵ-zero-knowledge commit-and-prove whose commit stage is extractable with ϵ-simulation; - ϵ-simulatable coin-flipping; - ϵ-zero-knowledge arguments of knowledge for 𝐍𝐏 for which the knowledge extractor is also an ϵ-simulator; - ϵ-zero-knowledge arguments for 𝐐𝐌𝐀. At the heart of the above results is a black-box extraction lemma showing how to efficiently extract secrets from QPT adversaries while disturbing their quantum state in a controllable manner, i.e., achieving ϵ-simulatability of the post-extraction state of the adversary.
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20220515123014/https://arxiv.org/pdf/2111.08665v2.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/b0/d2/b0d24d07cb1198226c998b48932a60caad46b6d5.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2111.08665v2" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>