Quantum no-cloning theorem gives rise to the intriguing possibility of quantum copy protection where we encode a program or functionality in a quantum state such that a user in possession of k copies cannot create k+1 copies, for any k. Introduced by Aaronson (CCC'09) over a decade ago, copy protection has proven to be notoriously hard to achieve. Previous work has been able to achieve copy-protection for various functionalities only in restricted models: (i) in the bounded collusion setting where k -> k+1 security is achieved for a-priori fixed collusion bound k (in the plain model with the same computational assumptions as ours, by Liu, Liu, Qian, Zhandry [TCC'22]), or, (ii) only k -> 2k security is achieved (relative to a structured quantum oracle, by Aaronson [CCC'09]). In this work, we give the first unbounded collusion-resistant (i.e. multiple-copy secure) copy-protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC'09). More specifically, we obtain the following results. - We construct (i) public-key encryption, (ii) public-key functional encryption, (iii) signature and (iv) pseudorandom function schemes whose keys are copy-protected against unbounded collusions in the plain model (i.e. without any idealized oracles), assuming (post-quantum) subexponentially secure iO and LWE. - We show that any unlearnable functionality can be copy-protected against unbounded collusions, relative to a classical oracle. - As a corollary of our results, we rule out the existence of hyperefficient quantum shadow tomography, * even given non-black-box access to the measurements, assuming subexponentially secure iO and LWE, or, * unconditionally relative to a quantumly accessible classical oracle, and hence answer an open question by Aaronson (STOC'18).
翻译:量子不可克隆定理催生了量子复制保护这一引人入胜的可能性,即我们可以将程序或功能编码在量子态中,使得拥有k个副本的用户无法创建k+1个副本(对任意k均成立)。由Aaronson(CCC'09)于十多年前提出的复制保护已被证明极难实现。先前的工作仅在受限模型中实现了多种功能的复制保护:(i)在有界共谋场景下,针对预先固定的共谋界k实现了k -> k+1安全性(在普通模型中,基于与我们相同的计算假设,由Liu、Liu、Qian、Zhandry [TCC'22]完成);或(ii)仅实现了k -> 2k安全性(相对于结构化量子预言机,由Aaronson [CCC'09]完成)。在本工作中,我们首次提出了抗无界共谋(即多副本安全)的复制保护方案,回应了自Aaronson(CCC'09)以来多个工作提出的长期开放性问题。具体而言,我们取得了以下成果:
- 我们在普通模型(即无需任何理想化预言机)中构建了(i)公钥加密、(ii)公钥功能加密、(iii)签名及(iv)伪随机函数方案,其密钥可抵抗无界共谋的复制攻击,假设(后量子)亚指数安全的iO与LWE成立。
- 我们证明任何不可学习的功能均可实现抗无界共谋的复制保护(相对于经典预言机)。
- 作为推论,我们排除了超高效量子影子层析存在的可能性:
* 即使给定对测量的非黑盒访问权限,假设亚指数安全的iO与LWE成立;或
* 无条件地相对于量子可访问的经典预言机成立,
从而回答了Aaronson(STOC'18)提出的开放性问题。