Abstract
Recently, significant progress has been made toward quantumly secure multi-party computation (MPC) in the stand-alone setting. In sharp contrast, the picture of concurrently secure MPC (or even 2PC), for both classical and quantum functionalities, still remains unclear. Quantum information behaves in a fundamentally different way, making the job of adversaries harder and easier at the same time. Thus, it is unclear if the positive or negative results from the classical setting still apply. This work initiates a systematic study of concurrent secure computation in the quantum setting. We obtain a mix of positive and negative results.
We first show that assuming the existence of post-quantum one-way functions (PQ-OWFs), concurrently secure 2PC (and thus MPC) for quantum functionalities is impossible. Next, we focus on the bounded-concurrent setting, where we obtain simulation-sound zero-knowledge arguments for both \(\textbf{NP} \) and \(\textbf{QMA}\), assuming PQ-OWFs. This is obtained by a new design of simulation-sound gadget, relying on the recent post-quantum non-malleable commitments by Liang, Pandey, and Yamakawa [arXiv:2207.05861], and the quantum rewinding strategy recently developed by Ananth, Chung, and La Placa [CRYPTO’21] for bounded-concurrent post-quantum ZK.
Moreover, we show that our technique is general enough—It also leads to quantum-secure bounded-concurrent coin-flipping protocols, and eventually general-purpose 2PC and MPC, for both classical and quantum functionalities. All these constructions can be based on the quantum hardness of Learning with Errors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We follow the convention that the term “bounded-concurrent” actually means bounded self composition.
- 2.
- 3.
- 4.
The soundness of this protocol is less relevant to this overview.
- 5.
Assuming the \(\textsf{SBCom} \) is non-interactive, each slot consists of two messages. The total number T is then \(\ell _{\textsf{slot}} \cdot 2 \cdot Q = 240Q^8\lambda \), which implies that \(\frac{T}{L} = 10Q^2\).
- 6.
That is, both messages of this slot are contained in block \(B_j\).
- 7.
Without IDs, a man-in-the-middle attack can not be prevented. See [36] for related discussions.
- 8.
But notice that we are in the Q-Q MIM setting. Both the left and right sessions contribute messages to blocks.
- 9.
Recall that the transcript output by \(G_0\) is classical, because \(G_0\) measured it at the end of the execution.
- 10.
We refer to [26] for a formal treatment of Case (i) and how we combine Cases (i) and (ii).
- 11.
Here, we mean (invariant condition in \(G'_j\)) \(\equiv \) (invariant condition in \(G'_{j-1}\) conditioned on \(\textsf{gadget}^{(u)}_v\) matches).
- 12.
Note that neither \(\textsf{gadget}^{(u)}_v\) nor \(\mathsf {\widetilde{gadget}}^{(i)}_k\) is interleaved with Watrous rewinding in \(G_{j-1}\) (due to Type-2 schedules).
- 13.
Completeness and soundness of \(\mathrm {\varPi } _\textsc {sszk}\) follow from standard techniques. We refer to the main body for details.
- 14.
Note that the invariant condition only help us to upper bound the expected number of matching right gadgets. But using a proper concentration bound, we can also show that \(\mathcal {A} \) cannot make more than \(\textsf{Th}\) gadgets match.
- 15.
That is, the current order of hybrids is: \(G_0 \rightarrow H_0 \rightarrow G_1 \rightarrow H_1 \rightarrow G_2 \rightarrow \cdots \rightarrow G_{L-1} \rightarrow H_{L-1} \rightarrow G_L\).
- 16.
Note that the invariant condition only help us to upper bound the expected number of matching right gadgets. But using a proper concentration bound, we can also show that \(\mathcal {A} \) cannot make more than \(\textsf{Th}\) gadgets match.
- 17.
If the WI argument is not constant-round, the above proof of indistinguishability may not goes through anymore. Because it is unclear if the asymptotic bound in Lemma 2 still holds.
- 18.
In more detail, [14] constructed a constant-round \(\varepsilon \)-ZK argument for \(\textbf{QMA}\) using only PQ-OWFs. It is well-known that \(\varepsilon \)-ZK implies WI.
- 19.
W.l.o.g., we assume that exactly one party is corrupted in each session, in this Q-concurrent execution of 2PCC.
- 20.
Specifically, trapdoor in this setting is the witness for the following trapdoor statement: More than \(\textsf{Th}=60Q^7\lambda + Q^4\lambda \) gadgets match in the Protocol 2 instance (from the Preamble stage) where \(P_{1-b}\) acts as the sender S.
- 21.
Note that a good quantum authentication code also serves as an encryption scheme. Therefore, given this authenticated internal state to the adversary does not reveal information about the verifier’s secrets.
- 22.
Unless stated differently, throughout this paper, computational indistinguishability is always w.r.t. non-uniform QPT adversaries.
References
Agarwal, A., Bartusek, J., Goyal, V., Khurana, D., Malavolta, G.: Post-quantum multi-party computation. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 435–464. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_16
Alon, B., Chung, H., Chung, K.-M., Huang, M.-Y., Lee, Y., Shen, Y.-C.: Round efficient secure multiparty quantum computation with identifiable abort. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 436–466. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_16
Ananth, P., Chung, K.-M., Placa, R.L.L.: On the concurrent composition of quantum zero-knowledge. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 346–374. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_13
Barak, B., Prabhakaran, M., Sahai, A.: Concurrent non-malleable zero knowledge. In: 47th Annual Symposium on Foundations of Computer Science, pp. 345–354. IEEE Computer Society Press, Berkeley, CA, USA (Oct 21–24) (2006). https://doi.org/10.1109/FOCS.2006.21
Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: On the round complexity of secure quantum computation. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 406–435. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_15
Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: One-way functions imply secure computation in a quantum world. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 467–496. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_17
Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 370–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_14
Brakerski, Z., Yuen, H.: Quantum garbled circuits. In: Proceedings of the 54th Annual ACM SIGACT Symposium on Theory of Computing, pp. 804–817 (2022)
Broadbent, A., Wainewright, E.: Efficient simulation for quantum message authentication. In: Nascimento, A.C.A., Barreto, P. (eds.) ICITS 2016. LNCS, vol. 10015, pp. 72–91. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49175-2_4
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society Press, Las Vegas, NV, USA (Oct 14–17) (2001). https://doi.org/10.1109/SFCS.2001.959888
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_2
Canetti, R., Kushilevitz, E., Lindell, Y.: On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 68–86. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_5
Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th Annual ACM Symposium on Theory of Computing, pp. 494–503. ACM Press, Montréal, Québec, Canada (May 19–21) (2002). https://doi.org/10.1145/509907.509980
Chia, N.H., Chung, K.M., Liang, X., Yamakawa, T.: Post-quantum simulatable extraction with minimal assumptions: Black-box and constant-round. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology - CRYPTO 2022, Part III. Lecture Notes in Computer Science, vol. 13509, pp. 533–563. Springer, Heidelberg, Germany, Santa Barbara, CA, USA (Aug 15–18, 2022). https://doi.org/10.1007/978-3-031-15982-4_18
Damgård, I., Lunemann, C.: Quantum-secure coin-flipping and applications. In: Matsui, M. (ed.) Advances in Cryptology - ASIACRYPT 2009. Lecture Notes in Computer Science, vol. 5912, pp. 52–69. Springer, Heidelberg, Germany, Tokyo, Japan (Dec 6–10) (2009). https://doi.org/10.1007/978-3-642-10366-7_4
Dulek, Y., Grilo, A.B., Jeffery, S., Majenz, C., Schaffner, C.: Secure multi-party quantum computation with a dishonest majority. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 729–758. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_25
Dupuis, F., Nielsen, J.B., Salvail, L.: Actively secure two-party evaluation of any quantum operation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 794–811. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_46
Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: 30th Annual ACM Symposium on Theory of Computing, pp. 409–418. ACM Press, Dallas, TX, USA (May 23–26) (1998). https://doi.org/10.1145/276698.276853
Feige, U.: Alternative models for zero knowledge interactive proofs. Ph.D. thesis, Ph. D. thesis, Weizmann Institute of Science, Rehovot, Israel (1990)
Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: 22nd Annual ACM Symposium on Theory of Computing. pp. 416–426. ACM Press, Baltimore, MD, USA (May 14–16) (1990). https://doi.org/10.1145/100216.100272
Garg, S., Liang, X., Pandey, O., Visconti, I.: Black-box constructions of bounded-concurrent secure computation. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 87–107. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_5
Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_16
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or A completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM Press, New York City, NY, USA (May 25–27) (1987). https://doi.org/10.1145/28395.28420
Goyal, V., Jain, A.: On concurrently secure computation in the multiple ideal query model. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 684–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_40
Goyal, V., Jain, A., Ostrovsky, R.: Password-authenticated session-key generation on the internet in the plain model. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 277–294. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_15
Goyal, V., Liang, X., Malavolta, G.: On concurrent multi-party quantum computation (2023). https://eprint.iacr.org/2023/827
Grilo, A.B., Lin, H., Song, F., Vaikuntanathan, V.: Oblivious transfer is in MiniQCrypt. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 531–561. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_18
Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_23
Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_7
Liang, X., Pandey, O., Yamakawa, T.: A new approach to post-quantum non-malleability. Cryptology ePrint Archive, Report 2022/907 (2022). https://eprint.iacr.org/2022/907
Lindell, Y.: Bounded-concurrent secure two-party computation without setup assumptions. In: 35th Annual ACM Symposium on Theory of Computing, pp. 683–692. ACM Press, San Diego, CA, USA (Jun 9–11) (2003). https://doi.org/10.1145/780542.780641
Lindell, Y.: Lower bounds for concurrent self composition. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 203–222. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_12
Lunemann, C., Nielsen, J.B.: Fully simulatable quantum-secure coin-flipping and applications. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 21–40. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21969-6_2
Micali, S., Pass, R., Rosen, A.: Input-indistinguishable computation. In: 47th Annual Symposium on Foundations of Computer Science, pp. 367–378. IEEE Computer Society Press, Berkeley, CA, USA (Oct 21–24) (2006). https://doi.org/10.1109/FOCS.2006.43
Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_10
Pass, R.: Bounded-concurrent secure multi-party computation with a dishonest majority. In: Babai, L. (ed.) 36th Annual ACM Symposium on Theory of Computing, pp. 232–241. ACM Press, Chicago, IL, USA (Jun 13–16) (2004). https://doi.org/10.1145/1007352.1007393
Pass, R., Rosen, A.: Bounded-concurrent secure two-party computation in a constant number of rounds. In: 44th Annual Symposium on Foundations of Computer Science, pp. 404–415. IEEE Computer Society Press, Cambridge, MA, USA (Oct 11–14) (2003). https://doi.org/10.1109/SFCS.2003.1238214
Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31
Prabhakaran, M., Sahai, A.: New notions of security: Achieving universal composability without trusted setup. In: Babai, L. (ed.) 36th Annual ACM Symposium on Theory of Computing, pp. 242–251. ACM Press, Chicago, IL, USA (Jun 13–16) (2004). https://doi.org/10.1145/1007352.1007394
Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th Annual Symposium on Foundations of Computer Science, pp. 543–553. IEEE Computer Society Press, New York, NY, USA (Oct 17–19) (1999). https://doi.org/10.1109/SFFCS.1999.814628
Watrous, J.: Zero-knowledge against quantum attacks. In: Kleinberg, J.M. (ed.) 38th Annual ACM Symposium on Theory of Computing, pp. 296–305. ACM Press, Seattle, WA, USA (May 21–23) (2006).https://doi.org/10.1145/1132516.1132560
Wootters, W.K., Zurek, W.H.: A single quantum cannot be cloned. Nature 299(5886), 802–803 (1982)
Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society Press, Toronto, Ontario, Canada (Oct 27–29) (1986). https://doi.org/10.1109/SFCS.1986.25
Acknowledgment
We thank Kai-Min Chung for helpful discussions regarding [3]. We also thank the CRYPTO’23 reviewers for their constructive feedback.
G.M. is partially funded by the German Federal Ministry of Education and Research (BMBF) in the course of the 6GEM research hub under grant number 16KISK038, and by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972.
Work partially done when X.L. was at Rice University, supported by Nai-Hui Chia’s NSF award FET-2243659.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Goyal, V., Liang, X., Malavolta, G. (2023). On Concurrent Multi-party Quantum Computation. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14085. Springer, Cham. https://doi.org/10.1007/978-3-031-38554-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-38554-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38553-7
Online ISBN: 978-3-031-38554-4
eBook Packages: Computer ScienceComputer Science (R0)