Quantum copy-protection (Aaronson, CCC’09) is the problem of encoding a functionality/key into a quantum state to achieve an anti-piracy security notion that guarantees that the key cannot be split into two keys that both still work. There have been a great amount of works dealing with this question in the recent years, however, almost all works so far have focused on constructing copy-protection for specific functionalities. The only exceptions are the works of Aaronson, Liu, Liu, Zhandry, Zhang (CRYPTO’21) and Ananth and Behera (CRYPTO’24). The former constructs copy-protection for all functionalities in the classical ideal oracle model and the latter constructs copy-protection for circuits that can be punctured at a uniformly random challenge with negligible security, assuming a new ad-hoc unproven quantum conjecture about simultaneous extraction from entangled quantum adversaries, on top of assuming subexponentially-secure indistinguishability obfuscation (iO) and Learning with Errors (LWE). In this work, we show that the construction of Aaronson et al. (CRYPTO’21), when the oracles are instantiated with iO, satisfies copy-protection security in the plain model for all malleable-puncturable (a significant generalization of puncturing) cryptographic schemes (instead of only puncturable circuits) with arbitrary security threshold (e.g. we get \(1/2+\textsf{negl}(\lambda )\) security rather than unpredictability for encryption schemes) and arbitrary challenge distributions (instead of only uniform), without any unproven conjectures, assuming only subexponentially secure iO and one-way functions (we do not assume LWE). Thus, our work resolves the five-year-old open question of Aaronson et al., and further, our work encompasses/supersedes and significantly improves upon all existing plain-model copy-protection results. Since puncturability has a long history of being studied in cryptography, our result immediately allows us to obtain copy-protection schemes for a large set of advanced functionalities for which no previous copy-protection scheme existed. Further, even for any functionality \(\textsf{F}\) that has not already been considered, through our result, constructing copy-protection for \(\textsf{F}\) essentially becomes a classical cryptographer’s problem. Going further, we show that our scheme also satisfies secure leasing (Ananth and La Placa, EUROCRYPT’21), unbounded/LOCC leakage-resilience and intrusion-detection security (Çakan, Goyal, Liu-Zhang, Ribeiro, TCC’24), giving a unified solution to the problem of quantum protection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities Under Arbitrary Challenge Distributions: A Unified Solution to Quantum Protection

  • Alper Çakan,
  • Vipul Goyal

摘要

Quantum copy-protection (Aaronson, CCC’09) is the problem of encoding a functionality/key into a quantum state to achieve an anti-piracy security notion that guarantees that the key cannot be split into two keys that both still work. There have been a great amount of works dealing with this question in the recent years, however, almost all works so far have focused on constructing copy-protection for specific functionalities. The only exceptions are the works of Aaronson, Liu, Liu, Zhandry, Zhang (CRYPTO’21) and Ananth and Behera (CRYPTO’24). The former constructs copy-protection for all functionalities in the classical ideal oracle model and the latter constructs copy-protection for circuits that can be punctured at a uniformly random challenge with negligible security, assuming a new ad-hoc unproven quantum conjecture about simultaneous extraction from entangled quantum adversaries, on top of assuming subexponentially-secure indistinguishability obfuscation (iO) and Learning with Errors (LWE). In this work, we show that the construction of Aaronson et al. (CRYPTO’21), when the oracles are instantiated with iO, satisfies copy-protection security in the plain model for all malleable-puncturable (a significant generalization of puncturing) cryptographic schemes (instead of only puncturable circuits) with arbitrary security threshold (e.g. we get \(1/2+\textsf{negl}(\lambda )\) security rather than unpredictability for encryption schemes) and arbitrary challenge distributions (instead of only uniform), without any unproven conjectures, assuming only subexponentially secure iO and one-way functions (we do not assume LWE). Thus, our work resolves the five-year-old open question of Aaronson et al., and further, our work encompasses/supersedes and significantly improves upon all existing plain-model copy-protection results. Since puncturability has a long history of being studied in cryptography, our result immediately allows us to obtain copy-protection schemes for a large set of advanced functionalities for which no previous copy-protection scheme existed. Further, even for any functionality \(\textsf{F}\) that has not already been considered, through our result, constructing copy-protection for \(\textsf{F}\) essentially becomes a classical cryptographer’s problem. Going further, we show that our scheme also satisfies secure leasing (Ananth and La Placa, EUROCRYPT’21), unbounded/LOCC leakage-resilience and intrusion-detection security (Çakan, Goyal, Liu-Zhang, Ribeiro, TCC’24), giving a unified solution to the problem of quantum protection.