Security of the Fischlin Transform in Quantum Random Oracle Model

TL;DR

This work proves that the Fischlin transform remains straight-line extractable in the QROM, via an extractor based on the compressed oracle, establishing the post-quantum security of the Fischlin transform, providing a post-quantum straight-line extractable NIZK alternative to Pass'transform with smaller proof size.

Abstract

The Fischlin transform yields non-interactive zero-knowledge proofs with straight-line extractability in the classical random oracle model. This is done by forcing a prover to generate multiple accepting transcripts through a proof-of-work mechanism. Whether the Fischlin transform is straight-line extractable against quantum adversaries has remained open due to the difficulty of reasoning about the likelihood of query transcripts in the quantum-accessible random oracle model (QROM), even when using the compressed oracle methodology. In this work, we prove that the Fischlin transform remains straight-line extractable in the QROM, via an extractor based on the compressed oracle. This establishes the post-quantum security of the Fischlin transform, providing a post-quantum straight-line extractable NIZK alternative to Pass' transform with smaller proof size. Our techniques include tail bounds for sums of independent random variables and for martingales as well as symmetrization, query amplitude and quantum union bound arguments.

Theorems & Definitions (41)

• theorem 1: Informal version of \ref{['cor:main']}
• definition 1: $\mathsf{\Sigma}$-Protocol
• definition 2: Min-Entropy
• definition 3: Commitment Entropy
• definition 4: Unique Responses
• definition 5: Honest-Verifier Zero-Knowledge (HVZK)
• definition 6: Special Honest Verifier Zero-Knowledge
• definition 7: Non-Interactive Zero-Knowledge proof (NIZK)
• definition 8: Non-adaptive variant of Definition 3.1 in C:DFMS22
• definition 9: The Fischlin transform