Cryptographic Simulation Techniques with Applications to Quantum Zero-Knowledge and Copy-Protection

Author(s)

La Placa Massa, Rolando L.

Advisor

Harrow, Aram W.

Abstract

Bob is stuck doing a crossword puzzle and is starting to think that the puzzle is impossible to complete. Alice assures Bob that the puzzle can be solved, but she wants to prove it without revealing a single entry of the puzzle. Their cryptographer friend, Eve, tells them that Alice can prove it by using a zero-knowledge (ZK) protocol. These protocols are a cornerstone of modern cryptography, yet most of the work has been limited to the classical setting. Since Bob has a quantum computer, Alice needs to be careful choosing the right protocol to make sure it is a quantum zero-knowledge (QZK) protocol, guaranteeing that quantum Bob cannot learn anything about the puzzle except that it has a solution. Proving the security of ZK protocols comes with additional hurdles when adversaries are quantum capable, in part because the main tool used in the classical setting, rewinding, has additional limitations in the quantum case. While one version of quantum rewinding introduced by Watrous has been successfully used to construct QZK protocols, most of the classical ZK results have been challenging to port to the quantum setting. Ideally, we want quantum secure protocols with the same desirable properties that have been achieved in the classical literature, like concurrent security or low-round complexity. In this thesis, we introduce new quantum simulation techniques and apply them to construct the following QZK protocols assuming the quantum hardness of learning with errors (QLWE). • 𝑂(1)-round black-box QZK classical argument system for NP: We use techniques developed in the context of ‘tests of quantumness’ to obtain an extraction mechanism that can be leveraged to construct a QZK simulator. • Public coin bounded concurrent black-box QZK proof system for NP and QMA: We introduce the technique of block rewinding and use it to obtain a concurrent QZK simulator. • Simulatable and extractable quantum proofs of knowledge for NP: We construct QPoK with desirable properties needed for composability. The technique combines Watrous’ rewinding with a recently studied cryptographic tool, statistical receiver-private oblivious transfer. This is the first construction of QPoK with the desired composability features. We also introduce a new non-black-box knowledge extraction technique using quantum fully homomorphic encryption (QFHE) and lockable obfuscation. One of our main results is that we can adapt this non-black-box technique to the setting of quantum copy-protection to prove that it is impossible to quantum copy-protect arbitrary unlearnable functions. This resolves a long-standing open problem in the negative, assuming QLWE and the existence of QFHE. Our impossibility result states that we can’t construct quantum copy-protection for arbitrary functions. However, we can hope to do it for restricted families of functions like point functions or compute-and-compare functionalities. While this remains an interesting and challenging open question, we show that provable secure constructions in a standard model (without oracles) are possible if we consider weaker security guarantees from those of quantum copy-protection. For this purpose, we introduce the notion of Secure Software Leasing (SSL), and construct an SSL scheme for a general class of evasive circuits.

Date issued

2021-06

URI

https://hdl.handle.net/1721.1/142696

Department

Massachusetts Institute of Technology. Department of Physics

Publisher

Massachusetts Institute of Technology