Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Unclonable Cryptography with Unbounded Collusions and Impossibility of Hyperefficient Shadow Tomography

Alper Çakan, Vipul Goyal

TL;DR

This work gives the first unbounded collusion-resistant (i.e. multiple-copy secure) copy-protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC'09).

Abstract

Quantum no-cloning theorem gives rise to the intriguing possibility of quantum copy protection where we encode a program or functionality in a quantum state such that a user in possession of k copies cannot create k+1 copies, for any k. Introduced by Aaronson (CCC'09) over a decade ago, copy protection has proven to be notoriously hard to achieve. Previous work has been able to achieve copy-protection for various functionalities only in restricted models: (i) in the bounded collusion setting where k -> k+1 security is achieved for a-priori fixed collusion bound k (in the plain model with the same computational assumptions as ours, by Liu, Liu, Qian, Zhandry [TCC'22]), or, (ii) only k -> 2k security is achieved (relative to a structured quantum oracle, by Aaronson [CCC'09]). In this work, we give the first unbounded collusion-resistant (i.e. multiple-copy secure) copy-protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC'09). More specifically, we obtain the following results. - We construct (i) public-key encryption, (ii) public-key functional encryption, (iii) signature and (iv) pseudorandom function schemes whose keys are copy-protected against unbounded collusions in the plain model (i.e. without any idealized oracles), assuming (post-quantum) subexponentially secure iO and LWE. - We show that any unlearnable functionality can be copy-protected against unbounded collusions, relative to a classical oracle. - As a corollary of our results, we rule out the existence of hyperefficient quantum shadow tomography, * even given non-black-box access to the measurements, assuming subexponentially secure iO and LWE, or, * unconditionally relative to a quantumly accessible classical oracle, and hence answer an open question by Aaronson (STOC'18).

Unclonable Cryptography with Unbounded Collusions and Impossibility of Hyperefficient Shadow Tomography

TL;DR

This work gives the first unbounded collusion-resistant (i.e. multiple-copy secure) copy-protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC'09).

Abstract

Quantum no-cloning theorem gives rise to the intriguing possibility of quantum copy protection where we encode a program or functionality in a quantum state such that a user in possession of k copies cannot create k+1 copies, for any k. Introduced by Aaronson (CCC'09) over a decade ago, copy protection has proven to be notoriously hard to achieve. Previous work has been able to achieve copy-protection for various functionalities only in restricted models: (i) in the bounded collusion setting where k -> k+1 security is achieved for a-priori fixed collusion bound k (in the plain model with the same computational assumptions as ours, by Liu, Liu, Qian, Zhandry [TCC'22]), or, (ii) only k -> 2k security is achieved (relative to a structured quantum oracle, by Aaronson [CCC'09]). In this work, we give the first unbounded collusion-resistant (i.e. multiple-copy secure) copy-protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC'09). More specifically, we obtain the following results. - We construct (i) public-key encryption, (ii) public-key functional encryption, (iii) signature and (iv) pseudorandom function schemes whose keys are copy-protected against unbounded collusions in the plain model (i.e. without any idealized oracles), assuming (post-quantum) subexponentially secure iO and LWE. - We show that any unlearnable functionality can be copy-protected against unbounded collusions, relative to a classical oracle. - As a corollary of our results, we rule out the existence of hyperefficient quantum shadow tomography, * even given non-black-box access to the measurements, assuming subexponentially secure iO and LWE, or, * unconditionally relative to a quantumly accessible classical oracle, and hence answer an open question by Aaronson (STOC'18).
Paper Structure (203 sections, 75 theorems, 92 equations)

This paper contains 203 sections, 75 theorems, 92 equations.

Table of Contents

  1. Introduction
  2. Copy-Protecting Decryption Keys, PRFs and Signing Keys
  3. Collusion-Resistant Copy-Protection
  4. Computational Complexity of Shadow Tomography
  5. Our Results
  6. Copy-Protecting Decryption Keys (\ref{['sec:pke']} and \ref{['sec:mainfe']})
  7. Copy-Protecting PRF and Signature Keys (\ref{['sec:cpprf']} and \ref{['sec:unclondigsig']})
  8. Copy-Protecting All Unlearnable Functionalities
  9. Impossibility of Hyperefficient Shadow Tomography (\ref{['sec:hypertom']})
  10. Technical Contributions and Additional Results
  11. Technical Overview
  12. Public-Key Encryption with Copy-Protected Secret Keys
  13. Proving Security
  14. Public-Key Functional Encryption with Copy-Protected Functional Keys
  15. PRFs and Signature Schemes with Copy-Protected Secret Keys
  16. ...and 188 more sections

Key Result

Theorem 1

Assuming post-quantum subexponentially secure indistinguishability obfuscation and subexponentially secure LWE, there exists a public-key encryption scheme with fully collusion-resistant copy-protected secret keys.

Theorems & Definitions (230)

  • Theorem 1
  • Theorem 2
  • Theorem 3
  • Theorem 4
  • Corollary 1
  • Corollary 2
  • Theorem 5
  • Definition 1: SW14
  • Definition 2: Injective PRF SW14
  • Definition 3: Extracting PRF SW14
  • ...and 220 more