
Cryptography
contributed
Fri, 4 Sep 2026, 10:30 - 10:30
- The Black-Box Simulation Barrier Persists in a Fully Quantum WorldNai-Hui Chia (Rice University); Kai-Min Chung (Academia Sinica); Xiao Liang (The Chinese University of Hong Kong); Jiahui Liu (Fujitsu Research of America)[abstract]Abstract: Zero-Knowledge (ZK) protocols have been a subject of intensive study due to their fundamental importance and versatility in modern cryptography. However, the inherently different nature of quantum information significantly alters the landscape, necessitating a re-examination of ZK designs. A crucial aspect of ZK protocols is their round complexity, intricately linked to *simulation*, which forms the foundation of their formal definition and security proofs. In the *post-quantum* setting, where honest parties and their communication channels are all classical but the adversaries could be quantum, Chia, Chung, Liu, and Yamakawa [FOCS'21 & QIP'22] demonstrated the non-existence of constant-round *black-box-simulatable* ZK arguments (BBZK) for NP unless NP is in BQP. However, this problem remains widely open in the full-fledged quantum future that will eventually arrive, where all parties (including the honest ones) and their communication are naturally quantum. Indeed, this problem is of interest to the broader theory of quantum computing. It has been an important theme to investigate how quantum power fundamentally alters traditional computational tasks, such as the *unconditional* security of Quantum Key Distribution and the incorporation of Oblivious Transfers in MiniQCrypt. Moreover, quantum communication has led to round compression for commitments and interactive arguments. Along this line, the above problem is of great significance in understanding whether quantum computing could also change the nature of ZK protocols in some fundamentally manner. We resolved this problem by proving that only languages in *BQP* admit constant-round *fully-quantum* BBZK. This result holds significant implications. Firstly, it illuminates the nature of quantum zero-knowledge and provides valuable insights for designing future protocols in the quantum realm. Secondly, it relates ZK round complexity with the intriguing problem of BQP vs QMA, which is out of the reach of previous analogue impossibility results in the classical or post-quantum setting. Lastly, it justifies the need for the non-black-box simulation techniques or the relaxed security notions employed in existing constant-round fully-quantum BBZK protocols.
- A Unified Approach to Quantum Key Leasing with a Classical LessorFuyuki Kitagawa (NTT Social Informatics Laboratories, NTT Research Center for Theoretical Quantum Information); Jiahui Liu (Fujitsu Research of America); Shota Yamada (AIST); Takashi Yamakawa (NTT Social Informatics Laboratories, NTT Research Center for Theoretical Quantum Information)[abstract]Abstract: Secure key leasing allows a cryptographic key to be leased as a quantum state in such a way that the key can later be revoked in a verifiable manner. In this work, we propose a modular framework for constructing secure key leasing with a classical-lessor, where the lessor is entirely classical and, in particular, the quantum secret key can be both leased and revoked using only classical communication. Based on this framework, we obtain classical-lessor secure key leasing schemes for public-key encryption (PKE), pseudorandom function (PRF), and digital signature. We adopt the strong security notion known as security against verification key revealing attacks (VRA security) proposed by Kitagawa et al. (Eurocrypt 2025) into the classical-lessor setting, and we prove that all three of our schemes satisfy this notion under the learning with errors assumption. Our PKE scheme improves upon the previous construction by Goyal et al. (Eurocrypt 2025), and our PRF and digital signature schemes are respectively the first PRF and digital signature with classical-lessor secure key leasing property. Along the way, we also construct a watermarking scheme and a dual-mode secure function evaluation scheme that satisfy certain useful properties, which may be of independent interest.
- Post-Quantum Security of Block Cipher ConstructionsGorjan Alagic (University of Maryland/NIST); Chen Bai (Virginia Tech); Christian Majenz (Technical University of Denmark); Kaiyan Shi (University of Maryland)[abstract]Abstract: Block ciphers are versatile cryptographic ingredients that are used in a wide range of applications ranging from secure Internet communications to disk encryption. While post-quantum security of public-key cryptography has received significant attention, the case of symmetric-key cryptography (and block ciphers in particular) remains a largely unexplored topic. In this work, we set the foundations for a theory of post-quantum security for block ciphers and associated constructions. Leveraging our new techniques, we provide the first post-quantum security proofs for the key-length extension scheme FX, the tweakable block ciphers LRW and XEX, and most block cipher encryption and authentication modes. Our techniques can be used for security proofs in both the plain model and the quantum ideal cipher model. Our work takes significant initial steps in establishing a rigorous understanding of the post-quantum security of practical symmetric-key cryptography.
