Quantum cryptanalysis of hash and claw-free functions

Quantum Cryptanalysis of Hidden Linear Functions

Advances in Cryptology — CRYPT0’ 95 - Lecture Notes in Computer Science ◽

10.1007/3-540-44750-4_34 ◽

1995 ◽

pp. 424-437 ◽

Cited By ~ 33

Author(s):

Dan Boneh ◽

Richard J. Lipton

Keyword(s):

Linear Functions ◽

Quantum Cryptanalysis

Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE

Advances in Cryptology – CRYPTO 2019 - Lecture Notes in Computer Science ◽

10.1007/978-3-030-26948-7_2 ◽

2019 ◽

pp. 32-61 ◽

Cited By ~ 12

Author(s):

Samuel Jaques ◽

John M. Schanck

Keyword(s):

Quantum Cryptanalysis

Provably Quantum-Secure Tweakable Block Ciphers

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2021.i1.337-377 ◽

2021 ◽

pp. 337-377

Author(s):

Akinori Hosoyamada ◽

Tetsu Iwata

Keyword(s):

Polynomial Time ◽

Provable Security ◽

Block Cipher ◽

Block Ciphers ◽

Quantum Superposition ◽

Quantum Cryptanalysis ◽

Classical Setting ◽

Time Quantum ◽

Symmetric Key ◽

Arbitrary Quantum

Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

Evaluation of Grover’s algorithm toward quantum cryptanalysis on ChaCha

Quantum Information Processing ◽

10.1007/s11128-021-03322-7 ◽

2021 ◽

Vol 20 (12) ◽

Author(s):

Bhagwan Bathe ◽

Ravi Anand ◽

Suman Dutta

Keyword(s):

Grover’S Algorithm ◽

Quantum Cryptanalysis ◽

Grover's Algorithm

(Quantum) Cryptanalysis of Misty Schemes

Information Security and Cryptology – ICISC 2020 - Lecture Notes in Computer Science ◽

10.1007/978-3-030-68890-5_3 ◽

2021 ◽

pp. 43-57

Author(s):

Aline Gouget ◽

Jacques Patarin ◽

Ambre Toulemonde

Keyword(s):

Quantum Cryptanalysis

A new quantum cryptanalysis method on block cipher Camellia

IET Information Security ◽

10.1049/ise2.12037 ◽

2021 ◽

Author(s):

Yanjun Li ◽

Hao Lin ◽

Meng Liang ◽

Ying Sun

Keyword(s):

Block Cipher ◽

Quantum Cryptanalysis

Quantum Differential and Linear Cryptanalysis

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2016.i1.71-94 ◽

2016 ◽

pp. 71-94 ◽

Cited By ~ 7

Author(s):

Marc Kaplan ◽

Gaëtan Leurent ◽

Anthony Leverrier ◽

María Naya-Plasencia

Keyword(s):

Quantum Computing ◽

The Other ◽

Quantum Computers ◽

Linear Cryptanalysis ◽

Quantum Cryptanalysis ◽

Classical World ◽

Speed Up ◽

Symmetric Ciphers ◽

Quantum Computations ◽

Scientific Fields

Quantum computers, that may become available one day, would impact many scientific fields, most notably cryptography since many asymmetric primitives are insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other hand, symmetric primitives seem less vulnerable against quantum computing: the main known applicable result is Grover’s algorithm that gives a quadratic speed-up for exhaustive search. In this work, we examine more closely the security of symmetric ciphers against quantum attacks. Since our trust in symmetric ciphers relies mostly on their ability to resist cryptanalysis techniques, we investigate quantum cryptanalysis techniques. More specifically, we consider quantum versions of differential and linear cryptanalysis. We show that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced: we don’t get a quadratic speed-up for all variants of the attacks. This allows us to demonstrate the following non-intuitive result: the best attack in the classical world does not necessarily lead to the best quantum one. We give some examples of application on ciphers LAC and KLEIN. We also discuss the important difference between an adversary that can only perform quantum computations, and an adversary that can also make quantum queries to a keyed primitive.

Quantum cryptanalysis of hash and claw-free functions

ACM SIGACT News ◽

10.1145/261342.261346 ◽

1997 ◽

Vol 28 (2) ◽

pp. 14-19 ◽

Cited By ~ 43

Author(s):

Gilles Brassard ◽

Peter Høyer ◽

Alain Tapp

Keyword(s):

Quantum Cryptanalysis

Quantum Period Finding against Symmetric Primitives in Practice

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2022.i1.1-27 ◽

2021 ◽

pp. 1-27

Author(s):

Xavier Bonnetain ◽

Samuel Jaques

Keyword(s):

Linear Algebra ◽

Block Cipher ◽

Quantum Circuit ◽

Quantum Circuits ◽

Independent Interest ◽

Quantum Cryptanalysis ◽

Reasonable Amount ◽

The Cost ◽

State Size

We present the first complete descriptions of quantum circuits for the offline Simon’s algorithm, and estimate their cost to attack the MAC Chaskey, the block cipher PRINCE and the NIST lightweight finalist AEAD scheme Elephant. These attacks require a reasonable amount of qubits, comparable to the number of qubits required to break RSA-2048. They are faster than other collision algorithms, and the attacks against PRINCE and Chaskey are the most efficient known to date. As Elephant has a key smaller than its state size, the algorithm is less efficient and its cost ends up very close to or above the cost of exhaustive search.We also propose an optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis. We stress that our attacks could be applied in the future against today’s communications, and recommend caution when choosing symmetric constructions for cases where long-term security is expected.

Quantum cryptanalysis on some generalized Feistel schemes

Science China Information Sciences ◽

10.1007/s11432-017-9436-7 ◽

2019 ◽

Vol 62 (2) ◽

Cited By ~ 9

Author(s):

Xiaoyang Dong ◽

Zheng Li ◽

Xiaoyun Wang

Keyword(s):

Quantum Cryptanalysis