Post-Quantum Simulatable Extraction with Minimal Assumptions: Black-Box and Constant-Round (original) (raw)

View PDF

Abstract:From the minimal assumption of post-quantum semi-honest oblivious transfers, we build the first epsilon\epsilonepsilon-simulatable two-party computation (2PC) against quantum polynomial-time (QPT) adversaries that is both constant-round and black-box (for both the construction and security reduction). A recent work by Chia, Chung, Liu, and Yamakawa (FOCS'21) shows that post-quantum 2PC with standard simulation-based security is impossible in constant rounds, unless either mathbfNPsubseteqmathbfBQP\mathbf{NP} \subseteq \mathbf{BQP}mathbfNPsubseteqmathbfBQP or relying on non-black-box simulation. The epsilon\epsilonepsilon-simulatability we target is a relaxation of the standard simulation-based security that allows for an arbitrarily small noticeable simulation error epsilon\epsilonepsilon. Moreover, when quantum communication is allowed, we can further weaken the assumption to post-quantum secure one-way functions (PQ-OWFs), while maintaining the constant-round and black-box property.
Our techniques also yield the following set of constant-round and black-box two-party protocols secure against QPT adversaries, only assuming black-box access to PQ-OWFs:
- extractable commitments for which the extractor is also an epsilon\epsilonepsilon-simulator;
- epsilon\epsilonepsilon-zero-knowledge commit-and-prove whose commit stage is extractable with epsilon\epsilonepsilon-simulation;
- epsilon\epsilonepsilon-simulatable coin-flipping;
- epsilon\epsilonepsilon-zero-knowledge arguments of knowledge for mathbfNP\mathbf{NP}mathbfNP for which the knowledge extractor is also an epsilon\epsilonepsilon-simulator;
- epsilon\epsilonepsilon-zero-knowledge arguments for mathbfQMA\mathbf{QMA}mathbfQMA.
At the heart of the above results is a black-box extraction lemma showing how to efficiently extract secrets from QPT adversaries while disturbing their quantum state in a controllable manner, i.e., achieving epsilon\epsilonepsilon-simulatability of the post-extraction state of the adversary.

Submission history

From: Xiao Liang [view email]
[v1] Tue, 16 Nov 2021 17:59:34 UTC (140 KB)
[v2] Tue, 22 Feb 2022 13:54:31 UTC (132 KB)
[v3] Sat, 4 Nov 2023 05:59:41 UTC (1,018 KB)