Classical Cryptographic Protocols in a Quantum World

Cryptographic protocols, such as protocols for secure function evaluation (SFE), have played a crucial role in the development of modern cryptography. The extensive theory of these protocols, however, deals almost exclusively with classical attackers. If we accept that quantum information processing is the most realistic model of physically feasible computation, then we must ask: what classical protocols remain secure against quantum attackers? Our main contribution is showing the existence of classical two-party protocols for the secure evaluation of any polynomial-time function under reasonable computational assumptions (for example, it suffices that the learning with errors problem be hard for quantum polynomial time). Our result shows that the basic two-party feasibility picture from classical cryptography remains unchanged in a quantum world. ∗A preliminary version of this work appeared in Advances in Cryptology CRYPTO 2011. †Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, U.S.A. ‡Partially supported by National Science Foundation award CCF-0747274 and by the National Security Agency (NSA) under Army Research Office (ARO) contract number W911NF-08-1-0298. §Partially supported by National Science Foundation award CCF-0747294. ¶Department of Combinatorics & Optimization and Institute for Quantum Computing, University of Waterloo, Canada. Partially supported by Cryptoworks21, NSERC, ORF and US ARO. Most work was conducted while at the Pennsylvania State University. 1 ar X iv :1 50 7. 01 62 5v 1 [ qu an tph ] 6 J ul 2 01 5