Quantum Period Finding against Symmetric Primitives in Practice

We present the first complete descriptions of quantum circuits for the offline Simon’s algorithm, and estimate their cost to attack the MAC Chaskey, the block cipher PRINCE and the NIST lightweight finalist AEAD scheme Elephant. These attacks require a reasonable amount of qubits, comparable to the number of qubits required to break RSA-2048. They are faster than other collision algorithms, and the attacks against PRINCE and Chaskey are the most efficient known to date. As Elephant has a key smaller than its state size, the algorithm is less efficient and its cost ends up very close to or above the cost of exhaustive search.We also propose an optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis. We stress that our attacks could be applied in the future against today’s communications, and recommend caution when choosing symmetric constructions for cases where long-term security is expected.

Quantum attack against post-quantum electronic signature complexity and implementation probability analysis

The paper identifies and analyzes attacks aimed at Rainbow post-quantum electronic signature cryptanalysis. Today, due to advances in the quantum computers development, the need to present new standards for electronic signatures resistant to both quantum and classical cryptanalysis arisen. To solve the lack of such electronic signatures, NIST USA is running the NIST PQC competition. As part of this competition some electronic signatures designed to resist quantum cryptanalysis were presented, including Rainbow electronic signature. CZ-Rainbow and the compressed Rainbow algorithm were also presented along with the regular Rainbow algorithm. This paper analysis attacks on all three types of electronic signature. The possibility of a quantum attack against the Rainbow electronic signature, as well as the complexity of such an attack, defines the possibility of this electronic signature usage during the post-quantum period.

Generation of general system parameters for Rainbow electronic signature scheme for 384 and 512 security bits

Today, there is rapid progress in the creation of quantum computers to solve various computational problems and for different purposes. At the same time, special efforts are made to create such a quantum computer that can solve the problems of cryptanalysis of existing cryptosystems: asymmetric ciphers, key encapsulation protocols, electronic signatures, etc. Prevention of such threats can be achieved by developing cryptographic systems that will be protected against both quantum and classical attacks, and be able to interact with existing protocols and communication networks. There is also a significant need for protection against attacks by side channels. Currently, significant efforts of cryptologists are focused on the NIST PQC open competition. The main idea of the NIST PQC competition is to define mathematical methods based on which standards for asymmetric cryptotransformations, primarily electronic signatures, as well as asymmetric ciphers and key encapsulation protocols can be developed. Three electronic signature schemes – Crystals-Dilithium, Falcon and Rainbow become the finalists of the third stage of the NIST PQC competition according to the results of the second stage. The first two are based on the mathematics of algebraic lattices, and Rainbow is based on multivariate transformations. Currently, a comprehensive analysis of the finalists is an important task for the entire global crypto community. The vast majority of schemes that have become finalists or alternative algorithms are based on problems in the theory of algebraic lattices. Special attention was also paid to the Rainbow electronic signature scheme based on multivariate transformations. The purpose of this work consists in a preliminary analysis of existing attacks on promising electronic signature Rainbow, definition of requirements to the system-wide parameters to ensure cryptographic stability of at least 512 bits against classical and 256 bits against quantum cryptanalysis, as well as development and practical implementation of Rainbow algorithms for generating system-wide parameters for 512 bits against classical and 256 bits against quantum cryptanalysis.

Provably Quantum-Secure Tweakable Block Ciphers

Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

Key Exchange Protocol Defined over a Non-Commuting Group Based on an NP-Complete Decisional Problem

In this paper we present a cryptographic primitive based on non-commutative cryptography. This primitive is used for key exchange protocol (KEP) construction. We prove that the security of this primitive relies on a nondeterministic polynomial complete (NP-Complete) decisional problem. Recently there are no known quantum cryptanalysis algorithms effectively solving NP-Complete problems. So far, KEPs are widely used in secure communication channel creation, e.g., in hypertext transfer protocol secure (https://) and are based on traditional cryptographic primitives representing commutative cryptography. However, the security of these protocols does not rely on NP-Complete problems and hence, according to P. W. Shorr, they are vulnerable to quantum cryptanalysis. We use one of seven non-commuting groups of order 16 which is not isomorphic to any other group to define a platform group for a key exchange protocol based on previously considered matrix power function (MPF). By investigating basic properties on the group M16 and their implementation for our goals we fix the order of actions in MPF from left to right. Furthermore, we define a special form of the base matrix and separate templates for left and right power matrices. Using properties of the specified templates and Schaeffer criteria we prove that the security of the proposed key exchange relies on an NP-Complete decisional problem.