Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations

@inproceedings{Hosoyamada2017CryptanalysisAS,
  title={Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations},
  author={Akinori Hosoyamada and Yu Sasaki},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2017}
}
In this paper, quantum attacks against symmetric-key schemes are presented in which adversaries only make classical queries but use quantum computers for offline computations. Our attacks are not as efficient as polynomial-time attacks making quantum superposition queries, while our attacks use the realistic model and overwhelmingly improve the classical attacks. Our attacks convert a type of classical meet-in-the-middle attacks into quantum ones. The attack cost depends on the number of… 
Quantum Attacks without Superposition Queries: the Offline Simon Algorithm
TLDR
A new quantum algorithm which uses Simon's subroutines in a novel way to leverage the algebraic structure of cryptosystems in the context of a quantum attacker limited to classical queries and offline quantum computations is introduced.
Quantum Meet-in-the-Middle Attacks: Applications to Generic Feistel Constructions
This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selçuk (DS-MITM attacks), which is currently one of the most powerful
Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions
This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selcuk (DS-MITM attacks), which is currently one of the most powerful
Beyond quadratic speedups in quantum attacks on symmetric schemes
. In this paper, we report the first quantum key-recovery attack on a symmetric block cipher design, using classical queries only, with a more than quadratic time speedup compared to the best
Post-Quantum Security of the Even-Mansour Cipher
TLDR
This work resolves the question as to whether the Even-Mansour cipher can still be proven secure in this natural, “post-quantum” setting, showing that any attack in that setting requires qE · q P + qP · q E ≈ 2.
Quantum Period Finding against Symmetric Primitives in Practice
TLDR
An optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis are proposed.
Quantum attacks on some feistel block ciphers
TLDR
This paper converts the classical advanced slide attacks to a quantum one, that gains an exponential speed-up in time complexity, and gives a new quantum key-recovery attack on full-round GOST, which is a Russian standard.
Quantum Collision Attacks on AES-like Hashing with Low Quantum Random Access Memories
TLDR
This work reduces or even avoids the use of qRAMs by performing a quantum rebound attack based on differentials with non-full-active super S-boxes, and improves attacks on AES-MMO, AES-MP, and the first classical collision attacks on 4and 5-round Grøstl-512.
Automatic Classical and Quantum Rebound Attacks on AES-like Hashing by Exploiting Related-key Differentials
TLDR
This work automates the process of searching for the configurations of rebound attacks by taking related-key differentials of the underlying block cipher into account with the MILPbased approach and guides the search towards characteristics that minimize the resources and complexities of the resulting rebound attacks.
Quantum Key-length Extension
TLDR
Positive results are provided, with concrete and tight bounds, for the security of FX and double encryption against quantum attackers in ideal models and techniques for partially-quantum proofs without relying on analyzing the classical and quantum oracles separately are introduced.
...
1
2
3
...

References

SHOWING 1-10 OF 45 REFERENCES
Breaking Symmetric Cryptosystems Using Quantum Period Finding
TLDR
This paper considers attacks where an adversary can query an oracle implementing a cryptographic primitive in a quantum superposition of different states, and shows that the most widely used modes of operation for authentication and authenticated encryption are completely broken in this security model.
Quantum Differential and Linear Cryptanalysis
TLDR
This work examines more closely the security of symmetric ciphers against quantum attacks, and investigates quantum versions of differential and linear cryptanalysis techniques, showing that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced.
Quantum attacks against iterated block ciphers
  • M. Kaplan
  • Computer Science, Mathematics
    ArXiv
  • 2014
TLDR
This work quantizes a recent technique called the dissection attack using the framework of quantum walks, which seems to indicate that composition resists better to quantum attacks than to classical ones because it prevents the quadratic speedup achieved by quantizing an exhaustive search.
On Quantum Related-Key Attacks on Iterated Even-Mansour Ciphers
XOR of PRPs in a Quantum World
TLDR
This work presents a key recovery attack in \(|K|^{r/(r+1)}\) complexity, performs a quantum security analysis of the construction, and proves that it achieves security up to \(\min \{|K |^{1/2}/r,|X|\}\) queries.
Grover Meets Simon - Quantumly Attacking the FX-construction
TLDR
A quantum algorithm is presented that breaks the construction with whitening keys in essentially the same time complexity as Grover’s original algorithm breaks the underlying block cipher.
Cryptanalyses on a Merkle-Damgård Based MAC - Almost Universal Forgery and Distinguishing-H Attacks
  • Yu Sasaki
  • Computer Science, Mathematics
    EUROCRYPT
  • 2012
TLDR
Two types of cryptanalysis are presented on a Merkle-Damgard hash based MAC, which computes a MAC value of a message M by Hash(K||l||M) with a shared key K and the message length l, and it is shown that the length prepending scheme is not enough to achieve a secure MAC.
Universal Forgery with Birthday Paradox: Application to Blockcipher-based Message Authentication Codes and Authenticated Encryptions
TLDR
This paper launches a general universal forgery attack to some blockcipher-based MACs and authenticated encryptions (AEs) using birthday attack, whose complexity is about O(2) queries in the classic setting, and shows that suchMACs and AEs are totally insecure.
Security on the quantum-type Even-Mansour cipher
  • H. Kuwakado, M. Morii
  • Computer Science, Mathematics
    2012 International Symposium on Information Theory and its Applications
  • 2012
TLDR
It is shown that the quantum version of the Even-Mansour cipher is insecure, that is, a key can be found in polynomial time in the key length, an example that the Quantum version of a secure classical cipher is not always secure.
Quantum distinguisher between the 3-round Feistel cipher and the random permutation
  • H. Kuwakado, M. Morii
  • Computer Science, Mathematics
    2010 IEEE International Symposium on Information Theory
  • 2010
TLDR
The 3-round Feistel cipher with internal permutations may be insecure against a chosen plaintext attack on a quantum computer because there exists a polynomial quantum algorithm for distinguishing them.
...
1
2
3
4
5
...