We revisit the problem of finding B-block-long collisions in Merkle–Damgård Hash Functions
in the auxiliary-input random oracle model, in which an attacker gets a piece of S-bit advice …

QROM (quantum random oracle model), introduced by Boneh et al.(Asiacrypt 2011),
captures all generic algorithms. However, it fails to describe non-uniform quantum …

Cryptography often considers the strongest yet plausible attacks in the real world.
Preprocessing (aka non-uniform attack) plays an important role in both theory and practice …

Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that
there is no efficient way to find distinct inputs that produce the same hash value. This …

We study tradeoffs between quantum and classical queries for hybrid algorithms that have
black-box access to a random oracle. Although there are several established techniques for …

We construct a quantum oracle relative to which BQP= QCMA but quantum-computation-
classical-communication (QCCC) key exchange, QCCC commitments, and two-round …

The random oracle model (ROM) allows us to opti-mistically reason about security
properties of cryptographic hash functions, and has been hugely influential in designing …

It is a long-standing open question to construct a classical oracle relative to which
BQP/qpoly $\neq $ BQP/poly or QMA $\neq $ QCMA. In this paper, we construct classically …

Abstract In the (preprocessing) Decisional Diffie-Hellman (DDH) problem, we are given a
cyclic group $ G $ with a generator $ g $ and a prime order $ N $, and we want to prepare …

The indifferentiability framework has become a standard methodology that enables us to
study the security of cryptographic constructions in idealized models of computation …