We propose a new, unifying framework that yields an array of cryptographic primitives with {\em certified deletion}. These primitives enable a party in possession of a quantum ciphertext to generate a classical certificate that the encrypted plaintext has been information-theoretically deleted, and cannot be recovered even given unbounded computational resources. For $X \in \{\mathsf{public}\text{-}\mathsf{key},\mathsf{attribute\text{-}based},\mathsf{fully\text{-}homomorphic},\mathsf{witness},\mathsf{timed}\text{-}\mathsf{release}\}$, our compiler yields post-quantum $X$ encryption with certified deletion, assuming post-quantum $X$ encryption. Assuming the existence of statistically-binding commitments, our compiler yields statistically-binding commitments with certified everlasting hiding as well as statistically-sound zero-knowledge proofs for QMA with certified everlasting zero-knowledge. We also introduce and construct information-theoretic secret sharing with certified deletion. Next, we take the notion of certified deletion a step further, and explore its implications in the context of mistrustful two-(and multi-)party cryptography. Here, there is a strong impossibility result by Unruh (Crypto 2013) building on Lo, Chau, and Mayers (Physical Review Letters) showing that everlasting security against \emph{every} party is impossible to achieve, even with quantum communication, and even if parties are computationally bounded during the protocol. Nevertheless, we introduce the notion of \emph{Everlasting Security Transfer}, enabling participants to dynamically request that \emph{any} party (or parties) information-theoretically delete their data, even \emph{after} the protocol execution completes. We show how to construct secure two-party and multi-party computation satisfying this notion of security, assuming only statistically-binding commitments.
翻译:我们提出一个新的统一框架, 产生一系列加密原始数据 { { { { { { communitive} 并认证删除} 。 这些原始文件使拥有量子密码的一方能够生成一个古典证书, 加密的纯文本已被删除, 甚至无法被恢复, 即使是在未覆盖的计算资源中。 对于 $X\ in { { mathsf{ public}{ { public} { { mathfsfredition\ text{ { { 以 { { { { 校验删除},\ mathsf} 允许拥有量子密码的一方生成量子加密原始原始的原始原始原始原始原始数据 。 假设存在具有统计约束力的承诺, 我们的汇编者通过 持续保存数据, 并持续保存数据 QMA 坚固的原始数据 。