Non-interactive Non-malleability from Quantum Supremacy

We construct non-interactive non-malleable commitments without setup in the plain model, under well-studied assumptions. First, we construct non-interactive non-malleable commitments w.r.t. commitment for epsilon log log n tags for a small constant epsilon > 0, under the following assumptions: 1. Sub-exponential hardness of factoring or discrete log. 2. Quantum sub-exponential hardness of learning with errors (LWE). Second, as our key technical contribution, we introduce a new tag amplification technique. We show how to convert any non-interactive nonmalleable commitment w.r.t. commitment for epsilon log log n tags (for any constant epsilon > 0) into a non-interactive non-malleable commitment w.r.t. replacement for 2(n) tags. This part only assumes the existence of sub-exponentially secure non-interactive witness indistinguishable (NIWI) proofs, which can be based on sub-exponential security of the decisional linear assumption. Interestingly, for the tag amplification technique, we crucially rely on the leakage lemma due to Gentry and Wichs (STOC 2011). For the construction of non-malleable commitments for epsilon log log n tags, we rely on quantum supremacy. This use of quantum supremacy in classical cryptography is novel, and we believe it will have future applications. We provide one such application to two-message witness indistinguishable (WI) arguments from (quantum) polynomial hardness assumptions.