Quantum cryptanalysis of hash and claw-free functions

Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

Download Full-text

Evaluation of Grover’s algorithm toward quantum cryptanalysis on ChaCha

Quantum Information Processing ◽

10.1007/s11128-021-03322-7 ◽

2021 ◽

Vol 20 (12) ◽

Author(s):

Bhagwan Bathe ◽

Ravi Anand ◽

Suman Dutta

Keyword(s):

Grover’S Algorithm ◽

Quantum Cryptanalysis ◽

Grover's Algorithm

Download Full-text

(Quantum) Cryptanalysis of Misty Schemes

Information Security and Cryptology – ICISC 2020 - Lecture Notes in Computer Science ◽

10.1007/978-3-030-68890-5_3 ◽

2021 ◽

pp. 43-57

Author(s):

Aline Gouget ◽

Jacques Patarin ◽

Ambre Toulemonde

Keyword(s):

Quantum Cryptanalysis

Download Full-text

A new quantum cryptanalysis method on block cipher Camellia

IET Information Security ◽

10.1049/ise2.12037 ◽

2021 ◽

Author(s):

Yanjun Li ◽

Hao Lin ◽

Meng Liang ◽

Ying Sun

Keyword(s):

Block Cipher ◽

Quantum Cryptanalysis

Download Full-text

Quantum Differential and Linear Cryptanalysis

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2016.i1.71-94 ◽

2016 ◽

pp. 71-94 ◽

Cited By ~ 7

Author(s):

Marc Kaplan ◽

Gaëtan Leurent ◽

Anthony Leverrier ◽

María Naya-Plasencia

Keyword(s):

Quantum Computing ◽

The Other ◽

Quantum Computers ◽

Linear Cryptanalysis ◽

Quantum Cryptanalysis ◽

Classical World ◽

Speed Up ◽

Symmetric Ciphers ◽

Quantum Computations ◽

Scientific Fields

Quantum computers, that may become available one day, would impact many scientific fields, most notably cryptography since many asymmetric primitives are insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other hand, symmetric primitives seem less vulnerable against quantum computing: the main known applicable result is Grover’s algorithm that gives a quadratic speed-up for exhaustive search. In this work, we examine more closely the security of symmetric ciphers against quantum attacks. Since our trust in symmetric ciphers relies mostly on their ability to resist cryptanalysis techniques, we investigate quantum cryptanalysis techniques. More specifically, we consider quantum versions of differential and linear cryptanalysis. We show that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced: we don’t get a quadratic speed-up for all variants of the attacks. This allows us to demonstrate the following non-intuitive result: the best attack in the classical world does not necessarily lead to the best quantum one. We give some examples of application on ciphers LAC and KLEIN. We also discuss the important difference between an adversary that can only perform quantum computations, and an adversary that can also make quantum queries to a keyed primitive.

Download Full-text

Quantum cryptanalysis of hash and claw-free functions

ACM SIGACT News ◽

10.1145/261342.261346 ◽

1997 ◽

Vol 28 (2) ◽

pp. 14-19 ◽

Cited By ~ 43

Author(s):

Gilles Brassard ◽

Peter Høyer ◽

Alain Tapp

Keyword(s):

Quantum Cryptanalysis

Download Full-text

Quantum cryptanalysis on some generalized Feistel schemes

Science China Information Sciences ◽

10.1007/s11432-017-9436-7 ◽

2019 ◽

Vol 62 (2) ◽

Cited By ~ 9

Author(s):

Xiaoyang Dong ◽

Zheng Li ◽

Xiaoyun Wang

Keyword(s):

Quantum Cryptanalysis

Download Full-text

Key Exchange Protocol Defined over a Non-Commuting Group Based on an NP-Complete Decisional Problem

Symmetry ◽

10.3390/sym12091389 ◽

2020 ◽

Vol 12 (9) ◽

pp. 1389

Author(s):

Aleksejus Mihalkovich ◽

Eligijus Sakalauskas ◽

Kestutis Luksys

Keyword(s):

Secure Communication ◽

Key Exchange ◽

Key Exchange Protocol ◽

Cryptographic Primitives ◽

Quantum Cryptanalysis ◽

Complete Problems ◽

Cryptographic Primitive ◽

Base Matrix ◽

Hypertext Transfer Protocol ◽

Np Complete

In this paper we present a cryptographic primitive based on non-commutative cryptography. This primitive is used for key exchange protocol (KEP) construction. We prove that the security of this primitive relies on a nondeterministic polynomial complete (NP-Complete) decisional problem. Recently there are no known quantum cryptanalysis algorithms effectively solving NP-Complete problems. So far, KEPs are widely used in secure communication channel creation, e.g., in hypertext transfer protocol secure (https://) and are based on traditional cryptographic primitives representing commutative cryptography. However, the security of these protocols does not rely on NP-Complete problems and hence, according to P. W. Shorr, they are vulnerable to quantum cryptanalysis. We use one of seven non-commuting groups of order 16 which is not isomorphic to any other group to define a platform group for a key exchange protocol based on previously considered matrix power function (MPF). By investigating basic properties on the group M16 and their implementation for our goals we fix the order of actions in MPF from left to right. Furthermore, we define a special form of the base matrix and separate templates for left and right power matrices. Using properties of the specified templates and Schaeffer criteria we prove that the security of the proposed key exchange relies on an NP-Complete decisional problem.

Download Full-text