Security of the Fischlin Transform in Quantum Random Oracle Model

TL;DR

This paper proves that the Fischlin transform remains secure and straight-line extractable in the quantum random oracle model, establishing its post-quantum security for non-interactive zero-knowledge proofs.

Contribution

It demonstrates the post-quantum security of the Fischlin transform in the QROM using a novel extractor based on the compressed oracle methodology.

Findings

Fischlin transform is secure against quantum adversaries.

Provides a post-quantum straight-line extractable NIZK alternative.

Introduces new techniques for analyzing quantum query transcripts.

Abstract

The Fischlin transform yields non-interactive zero-knowledge proofs with straight-line extractability in the classical random oracle model. This is done by forcing a prover to generate multiple accepting transcripts through a proof-of-work mechanism. Whether the Fischlin transform is straight-line extractable against quantum adversaries has remained open due to the difficulty of reasoning about the likelihood of query transcripts in the quantum-accessible random oracle model (QROM), even when using the compressed oracle methodology. In this work, we prove that the Fischlin transform remains straight-line extractable in the QROM, via an extractor based on the compressed oracle. This establishes the post-quantum security of the Fischlin transform, providing a post-quantum straight-line extractable NIZK alternative to Pass' transform with smaller proof size. Our techniques include tail bounds for sums of independent random variables and for martingales as well as symmetrization, query amplitude and quantum union bound arguments.