Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle
Model
release_u7gcopnwhze3bmi2ffaore4aiu
by
Jelle Don, Serge Fehr, Christian Majenz, Christian Schaffner
2019
Abstract
The famous Fiat-Shamir transformation turns any public-coin three-round
interactive proof, i.e., any so-called sigma-protocol, into a non-interactive
proof in the random-oracle model. We study this transformation in the setting
of a quantum adversary that in particular may query the random oracle in
quantum superposition.
Our main result is a generic reduction that transforms any quantum dishonest
prover attacking the Fiat-Shamir transformation in the quantum random-oracle
model into a similarly successful quantum dishonest prover attacking the
underlying sigma-protocol (in the standard model). Applied to the standard
soundness and proof-of-knowledge definitions, our reduction implies that both
these security properties, in both the computational and the statistical
variant, are preserved under the Fiat-Shamir transformation even when allowing
quantum attacks. Our result improves and completes the partial results that
have been known so far, but it also proves wrong certain claims made in the
literature.
In the context of post-quantum secure signature schemes, our results imply
that for any sigma-protocol that is a proof-of-knowledge against quantum
dishonest provers (and that satisfies some additional natural properties), the
corresponding Fiat-Shamir signature scheme is secure in the quantum
random-oracle model. For example, we can conclude that the non-optimized
version of Fish, which is the bare Fiat-Shamir variant of the NIST candidate
Picnic, is secure in the quantum random-oracle model.
In text/plain
format
Archived Files and Locations
application/pdf 365.8 kB
file_wxswybwfgna3bbjwfwn7o7k5v4
|
arxiv.org (repository) web.archive.org (webarchive) |
1902.07556v1
access all versions, variants, and formats of this works (eg, pre-prints)