Time-lock puzzles in the random oracle model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Merkle puzzles in a quantum world
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Random oracles in a quantum world
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
Starting in 1974, Ralph Merkle proposed the first unclassified systems for secure communications over insecure channels. When legitimate communicating parties are willing to spend an amount of computational effort proportional to some parameter N, an eavesdropper cannot break into their communication without spending a time in the order of N^2, which is quadratically more than the legitimate effort. We investigate quantum analogues to this technique. First, we show that Merkle's systems are completely insecure if the legitimate parties are classical but the eavesdropper uses quantum computation. Then, we describe simple modifications on Merkle's proposals, in which the legitimate parties still use classical communication but benefit from local quantum computation to agree on a common key. We show that the optimal quantum eavesdropping strategy against our protocols requires a time in the order of N^{3/2}. We conjecture these Quantum Merkle Puzzles to be optimal in the classical communication model, in which case quantum mechanics does more harm than good for the purpose of secure communications over insecure classical channels. This is in sharp contrast with Quantum Key Distribution, which ensures unconditionally secure communications over quantum channels.