Skip to main content
SpringerLink
Log in

On Concurrent Multi-party Quantum Computation

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14085))

Included in the following conference series:

Abstract

Recently, significant progress has been made toward quantumly secure multi-party computation (MPC) in the stand-alone setting. In sharp contrast, the picture of concurrently secure MPC (or even 2PC), for both classical and quantum functionalities, still remains unclear. Quantum information behaves in a fundamentally different way, making the job of adversaries harder and easier at the same time. Thus, it is unclear if the positive or negative results from the classical setting still apply. This work initiates a systematic study of concurrent secure computation in the quantum setting. We obtain a mix of positive and negative results.

We first show that assuming the existence of post-quantum one-way functions (PQ-OWFs), concurrently secure 2PC (and thus MPC) for quantum functionalities is impossible. Next, we focus on the bounded-concurrent setting, where we obtain simulation-sound zero-knowledge arguments for both \(\textbf{NP} \) and \(\textbf{QMA}\), assuming PQ-OWFs. This is obtained by a new design of simulation-sound gadget, relying on the recent post-quantum non-malleable commitments by Liang, Pandey, and Yamakawa [arXiv:2207.05861], and the quantum rewinding strategy recently developed by Ananth, Chung, and La Placa [CRYPTO’21] for bounded-concurrent post-quantum ZK.

Moreover, we show that our technique is general enough—It also leads to quantum-secure bounded-concurrent coin-flipping protocols, and eventually general-purpose 2PC and MPC, for both classical and quantum functionalities. All these constructions can be based on the quantum hardness of Learning with Errors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We follow the convention that the term “bounded-concurrent” actually means bounded self composition.

  2. 2.

    [21] obtained the same results as [36] while making only block-box use of the underlying primitives.

  3. 3.

    [3] also obtained a zero-knowledge proof of knowledge protocol. This protocol is bounded-concurrent ZK, but [3] only established its proof of knowledge property in the stand-alone setting.

  4. 4.

    The soundness of this protocol is less relevant to this overview.

  5. 5.

    Assuming the \(\textsf{SBCom} \) is non-interactive, each slot consists of two messages. The total number T is then \(\ell _{\textsf{slot}} \cdot 2 \cdot Q = 240Q^8\lambda \), which implies that \(\frac{T}{L} = 10Q^2\).

  6. 6.

    That is, both messages of this slot are contained in block \(B_j\).

  7. 7.

    Without IDs, a man-in-the-middle attack can not be prevented. See [36] for related discussions.

  8. 8.

    But notice that we are in the Q-Q MIM setting. Both the left and right sessions contribute messages to blocks.

  9. 9.

    Recall that the transcript output by \(G_0\) is classical, because \(G_0\) measured it at the end of the execution.

  10. 10.

    We refer to [26] for a formal treatment of Case (i) and how we combine Cases (i) and (ii).

  11. 11.

    Here, we mean (invariant condition in \(G'_j\)) \(\equiv \) (invariant condition in \(G'_{j-1}\) conditioned on \(\textsf{gadget}^{(u)}_v\) matches).

  12. 12.

    Note that neither \(\textsf{gadget}^{(u)}_v\) nor \(\mathsf {\widetilde{gadget}}^{(i)}_k\) is interleaved with Watrous rewinding in \(G_{j-1}\) (due to Type-2 schedules).

  13. 13.

    Completeness and soundness of \(\mathrm {\varPi } _\textsc {sszk}\) follow from standard techniques. We refer to the main body for details.

  14. 14.

    Note that the invariant condition only help us to upper bound the expected number of matching right gadgets. But using a proper concentration bound, we can also show that \(\mathcal {A} \) cannot make more than \(\textsf{Th}\) gadgets match.

  15. 15.

    That is, the current order of hybrids is: \(G_0 \rightarrow H_0 \rightarrow G_1 \rightarrow H_1 \rightarrow G_2 \rightarrow \cdots \rightarrow G_{L-1} \rightarrow H_{L-1} \rightarrow G_L\).

  16. 16.

    Note that the invariant condition only help us to upper bound the expected number of matching right gadgets. But using a proper concentration bound, we can also show that \(\mathcal {A} \) cannot make more than \(\textsf{Th}\) gadgets match.

  17. 17.

    If the WI argument is not constant-round, the above proof of indistinguishability may not goes through anymore. Because it is unclear if the asymptotic bound in Lemma 2 still holds.

  18. 18.

    In more detail, [14] constructed a constant-round \(\varepsilon \)-ZK argument for \(\textbf{QMA}\) using only PQ-OWFs. It is well-known that \(\varepsilon \)-ZK implies WI.

  19. 19.

    W.l.o.g., we assume that exactly one party is corrupted in each session, in this Q-concurrent execution of 2PCC.

  20. 20.

    Specifically, trapdoor in this setting is the witness for the following trapdoor statement: More than \(\textsf{Th}=60Q^7\lambda + Q^4\lambda \) gadgets match in the Protocol 2 instance (from the Preamble stage) where \(P_{1-b}\) acts as the sender S.

  21. 21.

    Note that a good quantum authentication code also serves as an encryption scheme. Therefore, given this authenticated internal state to the adversary does not reveal information about the verifier’s secrets.

  22. 22.

    Unless stated differently, throughout this paper, computational indistinguishability is always w.r.t. non-uniform QPT adversaries.

References

  1. Agarwal, A., Bartusek, J., Goyal, V., Khurana, D., Malavolta, G.: Post-quantum multi-party computation. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 435–464. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_16

    Chapter  Google Scholar 

  2. Alon, B., Chung, H., Chung, K.-M., Huang, M.-Y., Lee, Y., Shen, Y.-C.: Round efficient secure multiparty quantum computation with identifiable abort. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 436–466. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_16

    Chapter  Google Scholar 

  3. Ananth, P., Chung, K.-M., Placa, R.L.L.: On the concurrent composition of quantum zero-knowledge. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 346–374. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_13

    Chapter  Google Scholar 

  4. Barak, B., Prabhakaran, M., Sahai, A.: Concurrent non-malleable zero knowledge. In: 47th Annual Symposium on Foundations of Computer Science, pp. 345–354. IEEE Computer Society Press, Berkeley, CA, USA (Oct 21–24) (2006). https://doi.org/10.1109/FOCS.2006.21

  5. Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: On the round complexity of secure quantum computation. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 406–435. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_15

    Chapter  Google Scholar 

  6. Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: One-way functions imply secure computation in a quantum world. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 467–496. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_17

    Chapter  MATH  Google Scholar 

  7. Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 370–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_14

    Chapter  Google Scholar 

  8. Brakerski, Z., Yuen, H.: Quantum garbled circuits. In: Proceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing, pp. 804–817 (2022)

    Google Scholar 

  9. Broadbent, A., Wainewright, E.: Efficient simulation for quantum message authentication. In: Nascimento, A.C.A., Barreto, P. (eds.) ICITS 2016. LNCS, vol. 10015, pp. 72–91. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49175-2_4

    Chapter  Google Scholar 

  10. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society Press, Las Vegas, NV, USA (Oct 14–17) (2001). https://doi.org/10.1109/SFCS.2001.959888

  11. Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_2

    Chapter  Google Scholar 

  12. Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_5

    Chapter  Google Scholar 

  13. Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th Annual ACM Symposium on Theory of Computing, pp. 494–503. ACM Press, Montréal, Québec, Canada (May 19–21) (2002). https://doi.org/10.1145/509907.509980

  14. Chia, N.H., Chung, K.M., Liang, X., Yamakawa, T.: Post-quantum simulatable extraction with minimal assumptions: Black-box and constant-round. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology - CRYPTO 2022, Part III. Lecture Notes in Computer Science, vol. 13509, pp. 533–563. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 15–18, 2022). https://doi.org/10.1007/978-3-031-15982-4_18

  15. Damgård, I., Lunemann, C.: Quantum-secure coin-flipping and applications. In: Matsui, M. (ed.) Advances in Cryptology - ASIACRYPT 2009. Lecture Notes in Computer Science, vol. 5912, pp. 52–69. Springer, Heidelberg, Germany, Tokyo, Japan (Dec 6–10) (2009). https://doi.org/10.1007/978-3-642-10366-7_4

  16. Dulek, Y., Grilo, A.B., Jeffery, S., Majenz, C., Schaffner, C.: Secure multi-party quantum computation with a dishonest majority. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 729–758. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_25

    Chapter  Google Scholar 

  17. Dupuis, F., Nielsen, J.B., Salvail, L.: Actively secure two-party evaluation of any quantum operation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 794–811. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_46

    Chapter  Google Scholar 

  18. Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: 30th Annual ACM Symposium on Theory of Computing, pp. 409–418. ACM Press, Dallas, TX, USA (May 23–26) (1998). https://doi.org/10.1145/276698.276853

  19. Feige, U.: Alternative models for zero knowledge interactive proofs. Ph.D. thesis, Ph. D. thesis, Weizmann Institute of Science, Rehovot, Israel (1990)

    Google Scholar 

  20. Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: 22nd Annual ACM Symposium on Theory of Computing. pp. 416–426. ACM Press, Baltimore, MD, USA (May 14–16) (1990). https://doi.org/10.1145/100216.100272

  21. Garg, S., Liang, X., Pandey, O., Visconti, I.: Black-box constructions of bounded-concurrent secure computation. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 87–107. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_5

    Chapter  Google Scholar 

  22. Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_16

    Chapter  Google Scholar 

  23. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press, New York City, NY, USA (May 25–27) (1987). https://doi.org/10.1145/28395.28420

  24. Goyal, V., Jain, A.: On concurrently secure computation in the multiple ideal query model. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 684–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_40

    Chapter  Google Scholar 

  25. Goyal, V., Jain, A., Ostrovsky, R.: Password-authenticated session-key generation on the internet in the plain model. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 277–294. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_15

    Chapter  Google Scholar 

  26. Goyal, V., Liang, X., Malavolta, G.: On concurrent multi-party quantum computation (2023). https://eprint.iacr.org/2023/827

  27. Grilo, A.B., Lin, H., Song, F., Vaikuntanathan, V.: Oblivious transfer is in MiniQCrypt. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 531–561. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_18

    Chapter  MATH  Google Scholar 

  28. Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_23

    Chapter  Google Scholar 

  29. Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_7

    Chapter  Google Scholar 

  30. Liang, X., Pandey, O., Yamakawa, T.: A new approach to post-quantum non-malleability. Cryptology ePrint Archive, Report 2022/907 (2022). https://eprint.iacr.org/2022/907

  31. Lindell, Y.: Bounded-concurrent secure two-party computation without setup assumptions. In: 35th Annual ACM Symposium on Theory of Computing, pp. 683–692. ACM Press, San Diego, CA, USA (Jun 9–11) (2003). https://doi.org/10.1145/780542.780641

  32. Lindell, Y.: Lower bounds for concurrent self composition. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 203–222. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_12

    Chapter  Google Scholar 

  33. Lunemann, C., Nielsen, J.B.: Fully simulatable quantum-secure coin-flipping and applications. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 21–40. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21969-6_2

    Chapter  Google Scholar 

  34. Micali, S., Pass, R., Rosen, A.: Input-indistinguishable computation. In: 47th Annual Symposium on Foundations of Computer Science, pp. 367–378. IEEE Computer Society Press, Berkeley, CA, USA (Oct 21–24) (2006). https://doi.org/10.1109/FOCS.2006.43

  35. Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_10

    Chapter  Google Scholar 

  36. Pass, R.: Bounded-concurrent secure multi-party computation with a dishonest majority. In: Babai, L. (ed.) 36th Annual ACM Symposium on Theory of Computing, pp. 232–241. ACM Press, Chicago, IL, USA (Jun 13–16) (2004). https://doi.org/10.1145/1007352.1007393

  37. Pass, R., Rosen, A.: Bounded-concurrent secure two-party computation in a constant number of rounds. In: 44th Annual Symposium on Foundations of Computer Science, pp. 404–415. IEEE Computer Society Press, Cambridge, MA, USA (Oct 11–14) (2003). https://doi.org/10.1109/SFCS.2003.1238214

  38. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31

    Chapter  Google Scholar 

  39. Prabhakaran, M., Sahai, A.: New notions of security: Achieving universal composability without trusted setup. In: Babai, L. (ed.) 36th Annual ACM Symposium on Theory of Computing, pp. 242–251. ACM Press, Chicago, IL, USA (Jun 13–16) (2004). https://doi.org/10.1145/1007352.1007394

  40. Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th Annual Symposium on Foundations of Computer Science, pp. 543–553. IEEE Computer Society Press, New York, NY, USA (Oct 17–19) (1999). https://doi.org/10.1109/SFFCS.1999.814628

  41. Watrous, J.: Zero-knowledge against quantum attacks. In: Kleinberg, J.M. (ed.) 38th Annual ACM Symposium on Theory of Computing, pp. 296–305. ACM Press, Seattle, WA, USA (May 21–23) (2006).https://doi.org/10.1145/1132516.1132560

  42. Wootters, W.K., Zurek, W.H.: A single quantum cannot be cloned. Nature 299(5886), 802–803 (1982)

    Article  MATH  Google Scholar 

  43. Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society Press, Toronto, Ontario, Canada (Oct 27–29) (1986). https://doi.org/10.1109/SFCS.1986.25

Download references

Acknowledgment

We thank Kai-Min Chung for helpful discussions regarding [3]. We also thank the CRYPTO’23 reviewers for their constructive feedback.

G.M. is partially funded by the German Federal Ministry of Education and Research (BMBF) in the course of the 6GEM research hub under grant number 16KISK038, and by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972.

Work partially done when X.L. was at Rice University, supported by Nai-Hui Chia’s NSF award FET-2243659.

Author information

Authors and Affiliations

  1. NTT Research, Sunnyvale, USA

    Vipul Goyal & Xiao Liang

  2. CMU, Pittsburgh, USA

    Vipul Goyal

  3. Max Planck Institute for Security and Privacy, Bochum, Germany

    Giulio Malavolta

Authors
  1. Vipul Goyal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giulio Malavolta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vipul Goyal .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Goyal, V., Liang, X., Malavolta, G. (2023). On Concurrent Multi-party Quantum Computation. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14085. Springer, Cham. https://doi.org/10.1007/978-3-031-38554-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38554-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38553-7

  • Online ISBN: 978-3-031-38554-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation