We show the following generic result. Whenever a quantum query algorithm in the quantum random-oracle model outputs a classical value $t$ that is promised to be in some tight relation with $H(x)$ for some $x$, then $x$ can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts $x$. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open $\Sigma$-protocols in the quantum setting, and we offer the first non-asymptotic post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e, without adjustments to facilitate the proof.
翻译:当量子随机操作模型的量子查询算法产生一个古典价值$t,承诺与美元(xx)保持某种紧密关系时,可以几乎肯定地有效地提取美元。抽取方法是对随机神器进行适当的模拟,并在线工作,这意味着它是直线,即不倒带,在交易过程中和在交易上,即在执行协议期间和不干扰协议。我们结果的技术核心是一个新的通货器,将单一操作器的通货员的操作规范捆绑在一起,该通关将描述压缩神器(用来模拟上面的随机或触角)的进化和提取美元(xx美元)的测量过程。我们展示了我们通用在线提取结果的两个应用。我们在量子设置中显示了承诺和开放美元(Sigma$-protocol)在网上的严格可提取性。我们提供了第一个非抽取后Quzaki-Okamoto教科书安全性证明。