The Fischlin transform yields non-interactive zero-knowledge proofs with straight-line extractability in the classical random oracle model. This is done by forcing a prover to generate multiple accepting transcripts through a proof-of-work mechanism. Whether the Fischlin transform is straight-line extractable against quantum adversaries has remained open due to the difficulty of reasoning about the likelihood of query transcripts in the quantum-accessible random oracle model (QROM), even when using the compressed oracle methodology. In this work, we prove that the Fischlin transform remains straight-line extractable in the QROM, via an extractor based on the compressed oracle. This establishes the post-quantum security of the Fischlin transform, providing a post-quantum straight-line extractable NIZK alternative to Pass' transform with smaller proof size. Our techniques include tail bounds for sums of independent random variables and for martingales as well as symmetrization, query amplitude and quantum union bound arguments.

翻译：Fischlin变换可在经典随机预言机模型中生成具有直线可提取性的非交互式零知识证明。该变换通过工作量证明机制强制证明者生成多个可接受转录本。由于在量子可访问随机预言机模型（QROM）中，即使采用压缩预言机方法，仍难以推理查询转录本的概率，Fischlin变换是否对量子敌手保持直线可提取性始终是未解难题。本文通过基于压缩预言机的提取器，证明了Fischlin变换在QROM中仍保持直线可提取性。这确立了Fischlin变换的后量子安全性，为Pass变换提供了一种具有更小证明尺寸的后量子直线可提取NIZK替代方案。我们的技术包括独立随机变量和与鞅的尾界估计，以及对称化、查询振幅和量子并集界论证方法。