Signature Schemes in the Quantum Random-Oracle Model

Abstract

A signature scheme is a fundamental component in modern digital communication. It allows for authenticated messages, without which it would be nearly impossible to ensure security when using most modern technologies. However, there is a growing threat to this fundamental piece of electronic infrastructure. Universal quantum computers, which were originally envisioned by Richard Feynman, have moved from being a theoretical future technology into one that could realistically be available in a matter of decades. In 1994, Peter Shor devised an algorithm that would run on a quantum computer that could be used to solve mathematical problems that formed the foundation of public-key cryptography.

While Shor's algorithm clearly establishes that new mathematical problems must be found and studied that can admit efficient cryptographic protocols, it is equally important that the models in which we consider security are also updated to consider the possibility of a malicious adversary having a quantum computer.

In the random-oracle model, a hash function is replaced by a truly random function that any relevant party is able to query. This model can enable security reductions where otherwise none are known. However, it has been noted that this model does not properly consider the possibility of a quantum computer. For this, we must instead consider the quantum random-oracle model.

In this thesis, we explain the basics of quantum physics and quantum computation in order to give a complete motivation for the quantum random-oracle model. We explain many of the difficulties that may be encountered in the quantum random-oracle model, and how some of these problems may be solved. We then show prove three signature schemes secure in the quantum random-oracle model: the LMS hash-based scheme, TESLA, a lattice-based scheme, and the TOO transformation using chameleon hashes. The first two schemes are strong candidates for post-quantum standardization.