[Resource Topic] 2019/1466: A Note on the Instantiability of the Quantum Random Oracle

Welcome to the resource topic for 2019/1466

A Note on the Instantiability of the Quantum Random Oracle

Authors: Edward Eaton, Fang Song


In a highly influential paper from fifteen years ago, Canetti, Goldreich, and Halevi showed a fundamental separation between the Random Oracle Model (ROM) and the Standard Model. They constructed a signature scheme which can be shown to be secure in the ROM, but is insecure when instantiated with any hash function (and thus insecure in the standard model). In 2011, Boneh et al. defined the notion of the Quantum Random Oracle Model (QROM), where queries to the random oracle may be made in quantum superposition. Because the QROM generalizes the ROM, a proof of security in the QROM is stronger than one in the ROM. This leaves open the possibility that security in the QROM could imply security in the standard model. In this work, we show that this is not the case, and that security in the QROM cannot imply standard model security. We do this by showing that the original schemes that show a separation between the standard model and the ROM are also secure in the QROM. We consider two schemes that establish such a separation, one with length-restricted messages, and one without, and show both to be secure in the QROM. Our results give further understanding to the landscape of proofs in the ROM versus the QROM or standard model, and point towards the QROM and ROM being much closer to each other than either is to standard model security.

ePrint: https://eprint.iacr.org/2019/1466

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .