Table of Contents
Fetching ...

Deniable Encryption in a Quantum World

Andrea Coladangelo, Shafi Goldwasser, Umesh Vazirani

TL;DR

The paper advances deniability for cryptography into the quantum realm by introducing unexplainable encryption, which reframes proof of encryption as an issue of non-provable correctness rather than randomness alone. It shows that a quantum CPA-secure scheme with classical ciphertext can achieve perfect unexplainability in the quantum random oracle model under quantum LWE hardness, via a construction based on 2-to-1 trapdoor claw-free functions and range superposition. The security relies on Zhandry’s compressed oracle technique and online claw extraction to rule out any efficient strategy that produces both a valid ciphertext and a convincing proof, thereby enabling protection against coercion before-the-fact in a way unattainable classically. The work also discusses stronger notions using quantum ciphertexts and outlines how these ideas could impact coercion-resistance in settings like electronic elections, with potential broader implications for quantum-proof cryptographic notions of proof and transcripts.

Abstract

(Sender-)Deniable encryption provides a very strong privacy guarantee: a sender who is coerced by an attacker into "opening" their ciphertext after-the-fact is able to generate "fake" local random choices that are consistent with any plaintext of their choice. In this work, we study (sender-)deniable encryption in a setting where the encryption procedure is a quantum algorithm, but the ciphertext is classical. We show that quantum computation unlocks a fundamentally stronger form of deniable encryption, which we call perfect unexplainability. The primitive at the heart of unexplainability is a quantum computation for which there is provably no efficient way, such as exhibiting the "history of the computation", to establish that the output was indeed the result of the computation. We give a construction that is secure in the random oracle model, assuming the quantum hardness of LWE. Crucially, this notion implies a form of protection against coercion "before-the-fact", a property that is impossible to achieve classically.

Deniable Encryption in a Quantum World

TL;DR

The paper advances deniability for cryptography into the quantum realm by introducing unexplainable encryption, which reframes proof of encryption as an issue of non-provable correctness rather than randomness alone. It shows that a quantum CPA-secure scheme with classical ciphertext can achieve perfect unexplainability in the quantum random oracle model under quantum LWE hardness, via a construction based on 2-to-1 trapdoor claw-free functions and range superposition. The security relies on Zhandry’s compressed oracle technique and online claw extraction to rule out any efficient strategy that produces both a valid ciphertext and a convincing proof, thereby enabling protection against coercion before-the-fact in a way unattainable classically. The work also discusses stronger notions using quantum ciphertexts and outlines how these ideas could impact coercion-resistance in settings like electronic elections, with potential broader implications for quantum-proof cryptographic notions of proof and transcripts.

Abstract

(Sender-)Deniable encryption provides a very strong privacy guarantee: a sender who is coerced by an attacker into "opening" their ciphertext after-the-fact is able to generate "fake" local random choices that are consistent with any plaintext of their choice. In this work, we study (sender-)deniable encryption in a setting where the encryption procedure is a quantum algorithm, but the ciphertext is classical. We show that quantum computation unlocks a fundamentally stronger form of deniable encryption, which we call perfect unexplainability. The primitive at the heart of unexplainability is a quantum computation for which there is provably no efficient way, such as exhibiting the "history of the computation", to establish that the output was indeed the result of the computation. We give a construction that is secure in the random oracle model, assuming the quantum hardness of LWE. Crucially, this notion implies a form of protection against coercion "before-the-fact", a property that is impossible to achieve classically.
Paper Structure (34 sections, 14 theorems, 126 equations)

This paper contains 34 sections, 14 theorems, 126 equations.

Key Result

Theorem 1

There exists an unexplainable public-key encryption scheme with perfect decryption, with security in the quantum random oracle model (QROM), assuming the quantum hardness of LWE.

Theorems & Definitions (36)

  • Definition 1: Explainability (informal)
  • Theorem 1: Informal
  • Remark 1
  • Definition 2
  • Definition 3: NTCF family
  • Definition 4: Trapdoor Injective Function Family
  • Definition 5: Injective Invariance
  • Lemma 1: brakerski2018cryptographic, mahadev2018classical
  • Definition 6: Unexplainable Encryption
  • Definition 7: Perfectly Unexplainable Encryption
  • ...and 26 more