Results 1 
7 of
7
QIP = PSPACE
, 2010
"... We prove that the complexity class QIP, which consists of all problems having quantum interactive proof systems, is contained in PSPACE. This containment is proved by applying a parallelized form of the matrix multiplicative weights update method to a class of semidefinite programs that captures the ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We prove that the complexity class QIP, which consists of all problems having quantum interactive proof systems, is contained in PSPACE. This containment is proved by applying a parallelized form of the matrix multiplicative weights update method to a class of semidefinite programs that captures the computational power of quantum interactive proofs. As the containment of PSPACE in QIP follows immediately from the wellknown equality IP = PSPACE, the equality QIP = PSPACE follows.
Equilibrium value method for the proof of QIP=PSPACE
, 2009
"... We provide an alternative proof of QIP=PSPACE to the recent breakthrough result [JJUW09]. Unlike solving some semidefinite programs that captures the computational power of quantum interactive proofs, our method starts with one QIPComplete problem which computes the diamond norm between two admissi ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
We provide an alternative proof of QIP=PSPACE to the recent breakthrough result [JJUW09]. Unlike solving some semidefinite programs that captures the computational power of quantum interactive proofs, our method starts with one QIPComplete problem which computes the diamond norm between two admissible quantum channels. The key observation is that we can convert the computation of the diamond norm into the computation of some equilibrium value. The later problem, different from semidefinite programs, is of better form, easier to solve and could be interesting for its own sake. The multiplicative weight update method is also applied to solve the equilibrium value problem, however, in a relatively simpler way than the one in the original proof [JJUW09]. Furthermore, we provide a generalized form of equilibrium value problems which can be solved in the same way as well as comparisons to semidefinite programs.
F.: Classical cryptographic protocols in a quantum world
 In: CRYPTO. LNCS
, 2011
"... Abstract. Cryptographic protocols, such as protocols for secure function evaluation (SFE), have played a crucial role in the development of modern cryptography. The extensive theory of these protocols, however, deals almost exclusively with classical attackers. If we accept that quantum information ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Cryptographic protocols, such as protocols for secure function evaluation (SFE), have played a crucial role in the development of modern cryptography. The extensive theory of these protocols, however, deals almost exclusively with classical attackers. If we accept that quantum information processing is the most realistic model of physically feasible computation, then we must ask: what classical protocols remain secure against quantum attackers? Our main contribution is showing the existence of classical twoparty protocols for the secure evaluation of any polynomialtime function under reasonable computational assumptions (for example, it suffices that the learning with errors problem be hard for quantum polynomial time). Our result shows that the basic twoparty feasibility picture from classical cryptography remains unchanged in a quantum world.
QuantumSecure CoinFlipping and Applications
, 2009
"... In this paper, we prove a wellknown classical coinflipping protocol secure in the presence of quantum adversaries. More precisely, we show that the protocol implements a natural ideal functionality for coinflipping. The proof uses a recent result of Watrous [Wat06] that allows quantum rewinding ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
In this paper, we prove a wellknown classical coinflipping protocol secure in the presence of quantum adversaries. More precisely, we show that the protocol implements a natural ideal functionality for coinflipping. The proof uses a recent result of Watrous [Wat06] that allows quantum rewinding for protocols of a certain form. We then discuss two applications. First, the combination of coinflipping with any noninteractive zeroknowledge protocol leads to an easy transformation from noninteractive zeroknowledge to interactive quantum zeroknowledge. Second, we discuss how our protocol can be applied to a recently proposed method for improving the security of quantum protocols [DFL + 09], resulting in an implementation without setup assumptions.
WitnessIndistinguishability Against Quantum Adversaries 6.845 Quantum Complexity Theory – Project Report
"... Proof systems are a central concept in complexity theory and cryptography. Zeroknowledge and witnessindistinguishability are useful security properties of proof systems. Considering the increased power of quantum computation, it comes as a natural question to understand what happens to these securi ..."
Abstract
 Add to MetaCart
Proof systems are a central concept in complexity theory and cryptography. Zeroknowledge and witnessindistinguishability are useful security properties of proof systems. Considering the increased power of quantum computation, it comes as a natural question to understand what happens to these security properties when quantum computation becomes feasible.
Generation of a Common Reference String, secure against Quantum Adversaries, and Applications
, 2009
"... In this paper, we present the generation of a common reference string “from scratch” via coinflipping in the presence of a quantum adversary. First, we present how we achieve quantumsecure coinflipping using Watrous’ quantum rewinding technique [Wat06]. Then, by combining this coinflipping with ..."
Abstract
 Add to MetaCart
In this paper, we present the generation of a common reference string “from scratch” via coinflipping in the presence of a quantum adversary. First, we present how we achieve quantumsecure coinflipping using Watrous’ quantum rewinding technique [Wat06]. Then, by combining this coinflipping with any noninteractive zeroknowledge protocol we get an easy transformation from noninteractive zeroknowledge in general to interactive quantum zeroknowledge. Finally, we sketch how we can integrate quantumsecure coinflipping into the currently proposed quantum protocols with hybrid security [DF + 09].
General Impossibility of Group Homomorphic Encryption in the Quantum World
"... Abstract. Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widelyused, more sophisticated primitives, such as CCA2secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computatio ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widelyused, more sophisticated primitives, such as CCA2secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor’s algorithm). This leads to the challenge of constructing quantumresistant group homomorphic cryptosystems. In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the INDCPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in nongroup homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.