We show the following generic result. Whenever a quantum query algorithm in the quantum random-oracle model outputs a classical value $t$ that is promised to be in some tight relation with $H(x)$ for some $x$, then $x$ can be efficiently extracted with almost certainty. The extraction is by means of a suitable simulation of the random oracle and works online, meaning that it is straightline, i.e., without rewinding, and on-the-fly, i.e., during the protocol execution and without disturbing it. The technical core of our result is a new commutator bound that bounds the operator norm of the commutator of the unitary operator that describes the evolution of the compressed oracle (which is used to simulate the random oracle above) and of the measurement that extracts $x$. We show two applications of our generic online extractability result. We show tight online extractability of commit-and-open $\Sigma$-protocols in the quantum setting, and we offer the first non-asymptotic post-quantum security proof of the textbook Fujisaki-Okamoto transformation, i.e, without adjustments to facilitate the proof.

中文翻译：

---

量子随机-Oracle模型中的在线可扩展性

我们显示以下一般结果。每当量子随机预言模型中的量子查询算法输出经典值$ t $并被承诺与$ H（x）$的关系紧密时，对于$ x $，则可以有效地提取$ x $。几乎可以肯定。提取是通过对随机预言机进行适当的仿真并在线进行的，这意味着提取是直线的，即不倒带，并且是即时的，即在协议执行过程中并且不干扰它。我们的结果的技术核心是一个新的换向器界限，它界定了operator运算符的换向器的运算符范数，该运算符范数描述了压缩预言机（用于模拟上面的随机预言机）和提取$ x的度量的演化。 $。我们展示了通用在线可提取性结果的两种应用。