Results 11  20
of
37
Grover vs. McEliece
"... Abstract. This paper shows that quantum informationsetdecoding attacks are much faster than nonquantum informationsetdecoding attacks. 1 ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper shows that quantum informationsetdecoding attacks are much faster than nonquantum informationsetdecoding attacks. 1
Quantum Algorithms
, 2007
"... These lecture notes are based on a book chapter written by the author for ”Lectures in Quantum Information”, edited by D. Bruss and G. Leuchs and published by Birkhäuser ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
These lecture notes are based on a book chapter written by the author for ”Lectures in Quantum Information”, edited by D. Bruss and G. Leuchs and published by Birkhäuser
Quantum algorithms for the subsetsum problem
"... Abstract. This paper introduces a subsetsum algorithm with heuristic asymptotic cost exponent below 0.25. The new algorithm combines the 2010 HowgraveGraham–Joux subsetsum algorithm with a new streamlined data structure for quantum walks on Johnson graphs. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper introduces a subsetsum algorithm with heuristic asymptotic cost exponent below 0.25. The new algorithm combines the 2010 HowgraveGraham–Joux subsetsum algorithm with a new streamlined data structure for quantum walks on Johnson graphs.
Using hashbased signatures to bootstrap quantum key distribution. arXiv 2012
"... iv ..."
(Show Context)
Efficient QuantumImmune Keyless Signatures with Identity
"... Abstract. We show how to extend hashtree based data signatures to serverassisted personal digital signature schemes. The new signature scheme does not use trapdoor functions and is based solely on cryptographic hash functions and is thereby, considering the current state of knowledge, resistant to ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We show how to extend hashtree based data signatures to serverassisted personal digital signature schemes. The new signature scheme does not use trapdoor functions and is based solely on cryptographic hash functions and is thereby, considering the current state of knowledge, resistant to quantum computational attacks. In the new scheme, we combine hashtree data signature (timestamping) solutions with hash sequence authentication mechanisms. We show how to implement such a scheme in practice. 1
PostQuantum ZeroKnowledge and Signatures from SymmetricKey Primitives *
"... Abstract We propose a new class of postquantum digital signature schemes that: (a) derive their security entirely from the security of symmetrickey primitives, believed to be quantumsecure, and (b) have extremely small keypairs, and, (c) are highly parameterizable. In our signature constructions ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract We propose a new class of postquantum digital signature schemes that: (a) derive their security entirely from the security of symmetrickey primitives, believed to be quantumsecure, and (b) have extremely small keypairs, and, (c) are highly parameterizable. In our signature constructions, the public key is an image y = f (x) of a oneway function f and secret key x. A signature is a noninteractive zeroknowledge proof of x, that incorporates a message to be signed. For this proof, we leverage recent progress of Giacomelli et al. (USENIX'16) in constructing an efficient Σprotocol for statements over general circuits. We improve this Σprotocol to reduce proof sizes by a factor of two, at no additional computational cost. While this is of independent interest as it yields more compact proofs for any circuit, it also decreases our signature sizes. We consider two possibilities for making the proof noninteractive, the FiatShamir transform, and Unruh's transform (EUROCRYPT'12, We implement and benchmark both approaches and explore the possible choice of f , taking advantage of the recent trend to strive for practical symmetric ciphers with a particularly low number of multiplications and end up using LowMC. * This paper is a merge of