Avval Amil,Shashank Gupta

2023-04-06

Abstract:Cryptanalysis increases the level of confidence in cryptographic algorithms. We analyze the security of a symmetric cryptographic algorithm - quantum permutation pad (QPP) [8]. We found the instances of ciphertext the same as plaintext even after the action of QPP with the probability 1/N when the entire set of permutation matrices of dimension N is used and with the probability 1/N^m when an incomplete set of m permutation matrices of dimension N are used. We visually show such instances in a cipher image created by QPP of 256 permutation matrices of different dimensions. For any practical usage of QPP, we recommend a set of 256 permutation matrices of a dimension more or equal to 2048.

Cryptography and Security,Combinatorics

Randy Kuang,Michel Barbeau

DOI: https://doi.org/10.1007/s11128-022-03557-y

IF: 1.965

2022-06-01

Quantum Information Processing

Abstract:Classical cryptographic techniques are currently under the growing quantum computing threat. New techniques that quantum computing algorithms cannot break are urgently needed. We present such an encryption method. It builds upon quantum permutation logic gates or quantum permutation pads. It is universal in that it can be equally employed on classical computers, today’s Internet, and the upcoming quantum Internet. While the cryptographic technique is formulated in a quantum computing framework, it does not rely on physical properties uniquely present at the quantum level, such as no-cloning or entanglement of data. It achieves with today’s technology a level of security comparable to what will be possible to attain with tomorrow’s quantum technology. The mathematics behind the cryptographic technique, quantum representations of a symmetric group over a computational basis, is surprisingly simple. However, the challenge faced by an adversary wishing to break the code is intractable and uninterpretable, a property of Shannon’s perfect secrecy. We believe that the cryptographic technique presented in this article can be used in several different ways and modes. It can be integrated into numerous current Internet protocols, or the Internet of Things, making them quantum safe. In addition, it can be used to transition to the upcoming Internet quantum technology smoothly.

physics, multidisciplinary,quantum science & technology, mathematical

Shaoxuan Zhang,Chun Guo,Qingju Wang

DOI: https://doi.org/10.1049/2024/9991841

2024-09-15

IET Information Security

Abstract:We study quantum superposition attacks against permutation‐based pseudorandom cryptographic schemes. We first extend Kuwakado and Morii's attack against the Even–Mansour cipher and exhibit key recovery attacks against a large class of pseudorandom schemes based on a single call to an n‐bit permutation, with polynomial O(n) (or O(n2), if the concrete cost of Hadamard transform is also taken in) quantum steps. We then consider TPPR schemes, namely, two permutation‐based pseudorandom cryptographic schemes. Using the improved Grover‐meet‐Simon method, we show that the keys of a wide class of TPPR schemes can be recovered with O(n) superposition queries (the complexity of the original is O(n2n/2)) and O(n2n/2) quantum steps. We also exhibit subclasses of "degenerated" TPPR schemes that lack certain internal operations and exhibit more efficient key recovery attacks using either the Simon's algorithm or collision searching algorithm. Further, using the all‐subkeys‐recovery idea of Isobe and Shibutani, our results give rise to key recovery attacks against several recently proposed permutation‐based PRFs, as well as the two‐round Even–Mansour ciphers with generic key schedule functions and their tweakable variants. From a constructive perspective, our results establish new quantum Q2 security upper bounds for two permutation‐based pseudorandom schemes as well as sound design choices.

computer science, information systems, theory & methods

Randy Kuang,Dafu Lou,Alex He,Chris McKenzie,Michael Redding

DOI: https://doi.org/10.1109/QCE52317.2021.00053

2023-03-02

Abstract:Cryptographic random number generation is critical for any quantum safe encryption. Based on the natural uncertainty of some quantum processes, variety of quantum random number generators or QRNGs have been created with physical quantum processes. They generally generate random numbers with good unpredictable randomness. Of course, physical QRNGs are costic and require physical integrations with computing systems. This paper proposes a pseudo quantum random number generator with a quantum algorithm called quantum permutation pad or QPP, leveraging the high entropy of quantum permutation space its bijective transformation. Unlike the Boolean algebra where the size of information space is 2n for an n-bit system, an n-bit quantum permutation space consists of 2n! quantum permutation matrices, representing all quantum permutation gates over an n-bit computational basis. This permutation space holds an equivalent Shannon information entropy log_2(2^n!). A QPP can be used to create a pseudo QRNG or pQRNG capable integrated with any classical computing system or directly with any application for good quality deterministic random number generation. Using a QPP pad with 64 8-bit permuation matrices, pQRNG holds 107,776 bits of entropy for the pseudo random number generation, comparing with 4096 bits of entropy in Linux /dev/random. It can be used as a deterministic PRNG or entropy booster of other PRNGs. It can also be used as a whitening algorithm for any hardware random number generator including QRNG without discarding physical bias bits.

Quantum Physics,Cryptography and Security

Jonathan Oppenheim,Michal Horodecki

DOI: https://doi.org/10.1103/PhysRevA.72.042309

2005-05-17

Abstract:Quantum information is a valuable resource which can be encrypted in order to protect it. We consider the size of the one-time pad that is needed to protect quantum information in a number of cases. The situation is dramatically different from the classical case: we prove that one can recycle the one-time pad without compromising security. The protocol for recycling relies on detecting whether eavesdropping has occurred, and further relies on the fact that information contained in the encrypted quantum state cannot be fully accessed. We prove the security of recycling rates when authentication of quantum states is accepted, and when it is rejected. We note that recycling schemes respect a general law of cryptography which we prove relating the size of private keys, sent qubits, and encrypted messages. We discuss applications for encryption of quantum information in light of the resources needed for teleportation. Potential uses include the protection of resources such as entanglement and the memory of quantum computers. We also introduce another application: encrypted secret sharing and find that one can even reuse the private key that is used to encrypt a classical message. In a number of cases, one finds that the amount of private key needed for authentication or protection is smaller than in the general case.

Quantum Physics,Cryptography and Security

Randy Kuang

2024-02-07

Abstract:In response to the evolving landscape of quantum computing and the escalating vulnerabilities in classical cryptographic systems, our paper introduces a unified cryptographic framework. Rooted in the innovative work of Kuang et al., we leverage two novel primitives: the Quantum Permutation Pad (QPP) for symmetric key encryption and the Homomorphic Polynomial Public Key (HPPK) for Key Encapsulation Mechanism (KEM) and Digital Signatures (DS). Our approach adeptly confronts the challenges posed by quantum advancements. Utilizing the Galois Permutation Group's matrix representations and inheriting its bijective and non-commutative properties, QPP achieves quantum-secure symmetric key encryption, seamlessly extending Shannon's perfect secrecy to both classical and quantum-native systems. Meanwhile, HPPK, free from NP-hard problems, fortifies symmetric encryption for the plain public key. It accomplishes this by concealing the mathematical structure through modular multiplications or arithmetic representations of Galois Permutation Group over hidden rings, harnessing their partial homomorphic properties. This allows for secure computation on encrypted data during secret encapsulations, bolstering the security of the plain public key. The seamless integration of KEM and DS within HPPK cryptography yields compact key, cipher, and signature sizes, demonstrating exceptional performance. This paper organically unifies QPP and HPPK under the Galois Permutation Group, marking a significant advancement in laying the groundwork for quantum-resistant cryptographic protocols. Our contribution propels the development of secure communication systems amid the era of quantum computing.

Cryptography and Security,Quantum Physics

Chuanqi Xu,Jamie Sikora,Jakub Szefer

2024-01-28

Abstract:The ability for users to access quantum computers through the cloud has increased rapidly in recent years. Despite still being Noisy Intermediate-Scale Quantum (NISQ) machines, modern quantum computers are now being actively employed for research and by numerous startups. Quantum algorithms typically produce probabilistic results, necessitating repeated execution to produce the desired outcomes. In order for the execution to begin from the specified ground state each time and for the results of the prior execution not to interfere with the results of the subsequent execution, the reset mechanism must be performed between each iteration to effectively reset the qubits. However, due to noise and errors in quantum computers and specifically these reset mechanisms, a noisy reset operation may lead to systematic errors in the overall computation, as well as potential security and privacy vulnerabilities of information leakage. To counter this issue, we thoroughly examine the state leakage problem in quantum computing, and then propose a solution by employing the classical and quantum one-time pads before the reset mechanism to prevent the state leakage, which works by randomly applying simple gates for each execution of the circuit. In addition, this work explores conditions under which the classical one-time pad, which uses fewer resources, is sufficient to protect state leakage. Finally, we study the role of various errors in state leakage, by evaluating the degrees of leakage under different error levels of gate, measurement, and sampling errors. Our findings offer new perspectives on the design of reset mechanisms and secure quantum computing systems.

Cryptography and Security,Quantum Physics

Longcheng Li,Qian Li,Xingjian Li,Qipeng Liu

2024-05-31

Abstract:The seminal work by Impagliazzo and Rudich (STOC'89) demonstrated the impossibility of constructing classical public key encryption (PKE) from one-way functions (OWF) in a black-box manner. However, the question remains: can quantum PKE (QPKE) be constructed from quantumly secure OWF? A recent line of work has shown that it is indeed possible to build QPKE from OWF, but with one caveat -- they rely on quantum public keys, which cannot be authenticated and reused. In this work, we re-examine the possibility of perfect complete QPKE in the quantum random oracle model (QROM), where OWF exists. Our first main result: QPKE with classical public keys, secret keys and ciphertext, does not exist in the QROM, if the key generation only makes classical queries. Therefore, a necessary condition for constructing such QPKE from OWF is to have the key generation classically ``un-simulatable''. Previous discussions (Austrin et al. CRYPTO'22) on the impossibility of QPKE from OWF rely on a seemingly strong conjecture. Our work makes a significant step towards a complete and unconditional quantization of Impagliazzo and Rudich's results. Our second main result extends to QPKE with quantum public keys. The second main result: QPKE with quantum public keys, classical secret keys and ciphertext, does not exist in the QROM, if the key generation only makes classical queries and the quantum public key is either pure or ``efficiently clonable''. The result is tight due to all existing QPKEs constructions. Our result further gives evidence on why existing QPKEs lose reusability. To achieve these results, we use a novel argument based on conditional mutual information and quantum Markov chain by Fawzi and Renner (Communications in Mathematical Physics). We believe the techniques used in the work will find other usefulness in separations in quantum cryptography/complexity.

Quantum Physics,Cryptography and Security

Mark Zhandry

DOI: https://doi.org/10.48550/arXiv.1611.05564

2016-11-22

Abstract:We show how to construct pseudorandom permutations (PRPs) that remain secure even if the adversary can query the permutation on a quantum superposition of inputs. Such PRPs are called \emph{quantum-secure}. Our construction combines a quantum-secure pseudorandom \emph{function} together with constructions of \emph{classical} format preserving encryption. By combining known results, we obtain the first quantum-secure PRP in this model whose security relies only on the existence of one-way functions. Previously, to the best of the author's knowledge, quantum security of PRPs had to be assumed, and there were no prior security reductions to simpler primitives, let alone one-way functions.

Cryptography and Security,Computational Complexity,Quantum Physics

Fu-Guo Deng,Gui Lu Long

DOI: https://doi.org/10.48550/arxiv.1902.04218

2019-01-01

Abstract:Classical one-time-pad key can only be used once. We show in this Letter that with quantum mechanical information media classical one-time-pad key can be repeatedly used. We propose a specific realization using single photons. The reason why quantum mechanics can make the classical one-time-pad key repeatable is that quantum states can not be cloned and eavesdropping can be detected by the legitimate users. This represents a significant difference between classical cryptography and quantum cryptography and provides a new tool in designing quantum communication protocols and flexibility in practical applications. Note added: This work was submitted to PRL as LU9745 on 29 July 2004, and the decision was returned on 11 November 2004, which advised us to resubmit to some specialized journal, probably, PRA, after revision. We publish it here in memory of Prof. Fu-Guo Deng (1975.11.12-2019.1.18), from Beijing Normal University, who died on Jan 18, 2019 after two years heroic fight with pancreatic cancer. In this work, we designed a protocol to repeatedly use a classical one-time-pad key to transmit ciphertext using single photon states. The essential idea was proposed in November 1982, by Charles H. Bennett, Gilles Brassard, Seth Breidbart, which was rejected by Fifteenth Annual ACM Symposium on Theory of Computing, and remained unpublished until 2014, when they published the article, Quantum Cryptography II: How to re-use a one-time pad safely even if P=NP, Natural Computing (2014) 13:453-458, DOI 10.1007/s11047-014-9453-6. We worked out this idea independently. This work has not been published, and was in cooperated into quant-ph 0706.3791 (Kai Wen, Fu Guo Deng, Gui Lu Long, Secure Reusable Base-String in Quantum Key Distribution), and quant-ph 0711.1632 (Kai Wen, Fu-Guo Deng, Gui Lu Long, Reusable Vernam Cipher with Quantum Media).

Alex He,Dafu Lou,Eric She,Shangjie Guo,Hareesh Watson,Sibyl Weng,Maria Perepechaenko,Rand Kuang

2023-12-28

Abstract:Quantum computing has entered fast development track since Shor's algorithm was proposed in 1994. Multi-cloud services of quantum computing farms are currently available. One of which, IBM quantum computing, presented a road map showing their Kookaburra system with over 4158 qubits will be available in 2025. For the standardization of Post-Quantum Cryptography or PQC, the National Institute of Standards and Technology or NIST recently announced the first candidates for standardization with one algorithm for key encapsulation mechanism (KEM), Kyber, and three algorithms for digital signatures. NIST has also issued a new call for quantum-safe digital signature algorithms due June 1, 2023. This timeline shows that FIPS-certified quantum-safe TLS protocol would take a predictably long time. However, "steal now, crack later" tactic requires protecting data against future quantum threat actors today. NIST recommended the use of a hybrid mode of TLS 1.3 with its extensions to support PQC. The hybrid mode works for certain cases but FIPS certification for the hybridized cryptomodule might still be required. This paper proposes to take a nested mode to enable TLS 1.3 protocol with quantum-safe data, which can be made available today and is FIPS compliant. We discussed the performance impacts of the handshaking phase of the nested TLS 1.3 with PQC and the symmetric encryption phase. The major impact on performance using the nested mode is in the data symmetric encryption with AES. To overcome this performance reduction, we suggest using quantum encryption with a quantum permutation pad for the data encryption with a minor performance reduction of less than 10 percent.

Quantum Physics,Cryptography and Security

Min Liang,Li Yang

DOI: https://doi.org/10.48550/arXiv.1812.06050

2018-12-15

Abstract:In modern cryptography, block encryption is a fundamental cryptographic primitive. However, it is impossible for block encryption to achieve the same security as one-time pad. Quantum mechanics has changed the modern cryptography, and lots of researches have shown that quantum cryptography can outperform the limitation of traditional cryptography. This article proposes a new constructive mode for private quantum encryption, named $\mathcal{EHE}$, which is a very simple method to construct quantum encryption from classical primitive. Based on $\mathcal{EHE}$ mode, we construct a quantum block encryption (QBE) scheme from pseudorandom functions. If the pseudorandom functions are standard secure, our scheme is indistinguishable encryption under chosen plaintext attack. If the pseudorandom functions are permutation on the key space, our scheme can achieve perfect security. In our scheme, the key can be reused and the randomness cannot, so a $2n$-bit key can be used in an exponential number of encryptions, where the randomness will be refreshed in each time of encryption. Thus $2n$-bit key can perfectly encrypt $O(n2^n)$ qubits, and the perfect secrecy would not be broken if the $2n$-bit key is reused for only exponential times. Comparing with quantum one-time pad (QOTP), our scheme can be the same secure as QOTP, and the secret key can be reused (no matter whether the eavesdropping exists or not). Thus, the limitation of perfectly secure encryption (Shannon's theory) is broken in the quantum setting. Moreover, our scheme can be viewed as a positive answer to the open problem in quantum cryptography "how to unconditionally reuse or recycle the whole key of private-key quantum encryption". In order to physically implement the QBE scheme, we only need to implement two kinds of single-qubit gates (Pauli $X$ gate and Hadamard gate), so it is within reach of current quantum technology.

Cryptography and Security

Bing Qi,Chi-Hang Fred Fung,Hoi-Kwong Lo,Xiongfeng Ma

DOI: https://doi.org/10.26421/qic7.1-2-3

2007-01-01

Abstract:Recently, a new type of attack, which exploits the efficiency mismatch of two single photon detectors (SPD) in a quantum key distribution (QKD) system, has been proposed. In this paper, we propose another "time-shift" attack that exploits the same imperfection. In our attack, Eve shifts the arrival time of either the signal pulse or the synchronization pulse or both between Alice and Bob. In particular, in a QKD system where Bob employs time-multiplexing technique to detect both bit "0" and bit "1" with the same SPD, Eve, in some circumstances, could acquire full information on the final key without introducing any error. In addition, we prove that if Alice and Bob are unaware of our attack, the final key they share is insecure. We emphasize that our attack is simple and feasible with current technology. Finally, we discuss some counter measures against our and earlier attacks.

Zixuan Hu,Sabre Kais

DOI: https://doi.org/10.1038/s41598-021-03241-8

IF: 4.6

2021-12-01

Scientific Reports

Abstract:Abstract Quantum cryptography—the application of quantum information processing and quantum computing techniques to cryptography has been extensively investigated. Two major directions of quantum cryptography are quantum key distribution (QKD) and quantum encryption, with the former focusing on secure key distribution and the latter focusing on encryption using quantum algorithms. In contrast to the success of the QKD, the development of quantum encryption algorithms is limited to designs of mostly one-time pads (OTP) that are unsuitable for most communication needs. In this work we propose a non-OTP quantum encryption design utilizing a quantum state creation process to encrypt messages. As essentially a non-OTP quantum block cipher the method stands out against existing methods with the following features: 1. complex key-ciphertext relation (i.e. confusion) and complex plaintext-ciphertext relation (i.e. diffusion); 2. mode of operation design for practical encryption on multiple blocks. These features provide key reusability and protection against eavesdropping and standard cryptanalytic attacks.

multidisciplinary sciences

Bing Qi,Chi-Hang Fred Fung,Yi Zhao,Xiongfeng Ma,Kiyoshi Tamaki,Christine Chen,Hol-Kwong Lo

DOI: https://doi.org/10.1103/physreva.75.032314

2007-01-01

Abstract:Quantum key distribution (QKD) can, in principle, provide unconditional security based on the fundamental laws of physics. Unfortunately, a practical QKD system may contain overlooked imperfections and violate some of the assumptions in a security proof. Here, we report two types of eavesdropping attacks against a practical QKD system. The first one is "time-shift" attack, which is applicable to QKD systems with gated single photon detectors (SPDs). In this attack, the eavesdropper, Eve, exploits the time mismatch between the open windows of the two SPDs. She can acquire a significant amount of information on the final key by simply shifting the quantum signals forwards or backwards in time domain. Our experimental results in [9] with a commercial QKD system demonstrate that, under this attack, the original QKD system is breakable. This is the first experimental demonstration of a feasible attack against a commercial QKD system. This is a surprising result. The second one is "phase-remapping" attack [10]. Here, Eve exploits the fact that a practical phase modulator has a finite response time. In principle, Eve could change the encoded phase value by time-shifting the signal pulse relative to the reference pulse.

Samuel Pagliarini,Aikata Aikata,Malik Imran,Sujoy Sinha Roy

2024-03-14

Abstract:Significant research efforts have been dedicated to designing cryptographic algorithms that are quantum-resistant. The motivation is clear: robust quantum computers, once available, will render current cryptographic standards vulnerable. Thus, we need new Post-Quantum Cryptography (PQC) algorithms, and, due to the inherent complexity of such algorithms, there is also a demand to accelerate them in hardware. In this paper, we show that PQC hardware accelerators can be backdoored by two different adversaries located in the chip supply chain. We propose REPQC, a sophisticated reverse engineering algorithm that can be employed to confidently identify hashing operations (i.e., Keccak) within the PQC accelerator - the location of which serves as an anchor for finding secret information to be leaked. Armed with REPQC, an adversary proceeds to insert malicious logic in the form of a stealthy Hardware Trojan Horse (HTH). Using Dilithium as a study case, our results demonstrate that HTHs that increase the accelerator's layout density by as little as 0.1\% can be inserted without any impact on the performance of the circuit and with a marginal increase in power consumption. An essential aspect is that the entire reverse engineering in REPQC is automated, and so is the HTH insertion that follows it, empowering adversaries to explore multiple HTH designs and identify the most suitable one.

Cryptography and Security

Liucai Wang,Guoliang Shentu,Jian Wang,J. Pelc,Cheng-Zhi Peng,Qiang Zhang

2013-01-01

Abstract:Quantum cryptography holds promise for communication schemes that are, in theory, perfectly secure. But in the last few years, hackers have exploited security loopholes to crack some of the most sophisticated quantum encryption systems. Fortunately, two new papers in Physical Review Letters, one by Allison Rubenok, at the Institute for Quantum Science & Technology in Calgary, Canada, and colleagues [1] and the other by Yang Liu, at the Hefei National Laboratory for Physical Sciences and the University of Science and Technology of China, and colleagues [2] now report a new quantum encryption method that can remove the weakest link of quantum encryption schemes: loopholes associated with defects of the photodetectors used at the receiver end. Code makers have now regained the upper hand against code breakers.

Gorjan Alagic,Stacey Jeffery,Maris Ozols,Alexander Poremba

DOI: https://doi.org/10.3390/cryptography4010010

2019-06-24

Abstract:Large-scale quantum computing is a significant threat to classical public-key cryptography. In strong "quantum access" security models, numerous symmetric-key cryptosystems are also vulnerable. We consider classical encryption in a model which grants the adversary quantum oracle access to encryption and decryption, but where the latter is restricted to non-adaptive (i.e., pre-challenge) queries only. We define this model formally using appropriate notions of ciphertext indistinguishability and semantic security (which are equivalent by standard arguments) and call it QCCA1 in analogy to the classical CCA1 security model. Using a bound on quantum random-access codes, we show that the standard PRF- and PRP-based encryption schemes are QCCA1-secure when instantiated with quantum-secure primitives. We then revisit standard IND-CPA-secure Learning with Errors (LWE) encryption and show that leaking just one quantum decryption query (and no other queries or leakage of any kind) allows the adversary to recover the full secret key with constant success probability. In the classical setting, by contrast, recovering the key uses a linear number of decryption queries, and this is optimal. The algorithm at the core of our attack is a (large-modulus version of) the well-known Bernstein-Vazirani algorithm. We emphasize that our results should *not* be interpreted as a weakness of these cryptosystems in their stated security setting (i.e., post-quantum chosen-plaintext secrecy). Rather, our results mean that, if these cryptosystems are exposed to chosen-ciphertext attacks (e.g., as a result of deployment in an inappropriate real-world setting) then quantum attacks are even more devastating than classical ones.

Quantum Physics,Cryptography and Security

Xiaoyang Dong,Bingyou Dong,Xiaoyun Wang

DOI: https://doi.org/10.1007/s10623-020-00741-y

2020-03-09

Abstract:Post-quantum cryptography has attracted much attention from worldwide cryptologists. However, most research works are related to public-key cryptosystem due to Shor's attack on RSA and ECC ciphers. At CRYPTO 2016, Kaplan et al. showed that many secret-key (symmetric) systems could be broken using a quantum period finding algorithm, which encouraged researchers to evaluate symmetric systems against quantum attackers. In this paper, we continue to study symmetric ciphers against quantum attackers. First, we convert the classical advanced slide attacks (introduced by Biryukov and Wagner) to a quantum one, that gains an exponential speed-up in time complexity. Thus, we could break 2/4K-Feistel and 2/4K-DES in polynomial time. Second, we give a new quantum key-recovery attack on full-round GOST, which is a Russian standard, with <span class="mathjax-tex">\(2^{114.8}\)</span> quantum queries of the encryption process, faster than a quantum brute-force search attack by a factor of <span class="mathjax-tex">\(2^{13.2}\)</span>.

Gregory D. Kahanamoku-Meyer

DOI: https://doi.org/10.22331/q-2023-09-11-1107

2023-09-06

Abstract:Recently, quantum computing experiments have for the first time exceeded the capability of classical computers to perform certain computations -- a milestone termed "quantum computational advantage." However, verifying the output of the quantum device in these experiments required extremely large classical computations. An exciting next step for demonstrating quantum capability would be to implement tests of quantum computational advantage with efficient classical verification, such that larger system sizes can be tested and verified. One of the first proposals for an efficiently-verifiable test of quantumness consists of hiding a secret classical bitstring inside a circuit of the class IQP, in such a way that samples from the circuit's output distribution are correlated with the secret (<a class="link-https" data-arxiv-id="0809.0847" href="https://arxiv.org/abs/0809.0847">arXiv:0809.0847</a>). The classical hardness of this protocol has been supported by evidence that directly simulating IQP circuits is hard, but the security of the protocol against other (non-simulating) classical attacks has remained an open question. In this work we demonstrate that the protocol is not secure against classical forgery. We describe a classical algorithm that can not only convince the verifier that the (classical) prover is quantum, but can in fact can extract the secret key underlying a given protocol instance. Furthermore, we show that the key extraction algorithm is efficient in practice for problem sizes of hundreds of qubits. Finally, we provide an implementation of the algorithm, and give the secret vector underlying the "$25 challenge" posted online by the authors of the original paper.

Quantum Physics,Cryptography and Security