Quantum Attacks without Superposition Queries: the Offline Simon Algorithm

@inproceedings{Bonnetain2019QuantumAW,
  title={Quantum Attacks without Superposition Queries: the Offline Simon Algorithm},
  author={Xavier Bonnetain and Akinori Hosoyamada and M. Naya-Plasencia and Yu Sasaki and Andr{\'e} Schrottenloher},
  booktitle={IACR Cryptol. ePrint Arch.},
  year={2019}
}
In symmetric cryptanalysis, the model of superposition queries has led to surprising results, with many constructions being broken in polynomial time thanks to Simon’s period-finding algorithm. [...] Key Method In particular, we are able to break the Even-Mansour construction in quantum time Õ(2), with O(2) classical queries and O(n) qubits only. In addition, we improve some previous superposition attacks by reducing the data complexity from exponential to polynomial, with the same time complexity. Our approach…Expand
Hidden Structures and Quantum Cryptanalysis
TLDR
This thesis proposes a new classical attack against multiple variants of the cipher MiMC, the most used symmetric cipher to date, and proposes a concrete and asymptotic quantum security analysis of some isogeny-based key exchanges. Expand
Quantum Period Finding against Symmetric Primitives in Practice
TLDR
The first complete implementation of the offline Simon's algorithm is presented, and its cost to attack the MAC Chaskey, the block cipher PRINCE and the NIST lightweight candidate AEAD scheme Elephant is estimated. Expand
Quantum Collision Attacks on AES-like Hashing with Low Quantum Random Access Memories
TLDR
This work reduces or even avoids the use of qRAMs by performing a quantum rebound attack based on differentials with non-full-active super S-boxes, and improves attacks on AES-MMO, AES-MP, and the first classical collision attacks on 4and 5-round Grøstl-512. Expand
Tight Bounds for Simon's Algorithm
TLDR
It is found that for parameter sizes of cryptographic relevance, it is possible to truncate the output of the periodic function to a dozen of bits without any impact on the number of queries, which saves qubits in reversible implementations of Simon’s algorithm. Expand
Unforgeability in the quantum world
TLDR
This paper develops a general and parameterized quantum game-based security framework for both classical and quantum primitives modelled by unitary transformations and shows that no unitary primitive can provide existential unforgeability against quantum adversaries. Expand
A quantum distinguisher for 7/8-round SMS4 block cipher
TLDR
This work derives a quantum distinguisher for 7 and 8 rounds of the SMS4 block cipher, which belongs to the class of unbalanced (contracting) generalized Feistel schemes, and shows that for the 8-round SMS4 cipher a quantum separator can be constructed in both Q1 and Q2 attack models. Expand
QCB: Efficient Quantum-secure Authenticated Encryption
TLDR
This paper proposes a new rate-one parallelizable mode named QCB inspired by TAE and OCB and proves its security against quantum superposition queries and discusses the quantum security notions for authenticated encryption modes. Expand
Quantum Cryptanalysis on Contracting Feistel Structures and Observation on Related-key settings
TLDR
In this paper, several quantum chosen-plaintext attacks (qCPAs) on contracting Feistel structures are shown and a polynomial-time qCPA distinguisher is proposed on the d-branch \((2d-1)\)-round contractingFeistel structure, which solves an open problem by Dong et al. Expand
Automatic Classical and Quantum Rebound Attacks on AES-like Hashing by Exploiting Related-key Differentials
  • Xiaoyang Dong, Zhiyu Zhang, Siwei Sun, Congming Wei, Xiaoyun Wang, Lei Hu
  • Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2021
Collision attacks on AES-like hashing (hash functions constructed by plugging AES-like ciphers or permutations into the famous PGV modes or their variants) can be reduced to the problem of finding aExpand
Quantum Security of the Legendre PRF
TLDR
This paper gives two algorithms that recover the key of a shifted Legendre symbol with unknown shift, with a complexity smaller than exhaustive search of the key, a quantum variant of the table-based collision algorithm and Kuperberg’s abelian hidden shift algorithm in an offline manner. Expand
...
1
2
3
4
...

References

SHOWING 1-10 OF 39 REFERENCES
Breaking Symmetric Cryptosystems Using Quantum Period Finding
TLDR
This paper considers attacks where an adversary can query an oracle implementing a cryptographic primitive in a quantum superposition of different states, and shows that the most widely used modes of operation for authentication and authenticated encryption are completely broken in this security model. Expand
Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations
In this paper, quantum attacks against symmetric-key schemes are presented in which adversaries only make classical queries but use quantum computers for offline computations. Our attacks are not asExpand
Quantum Differential and Linear Cryptanalysis
TLDR
This work examines more closely the security of symmetric ciphers against quantum attacks, and investigates quantum versions of differential and linear cryptanalysis techniques, showing that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced. Expand
Grover Meets Simon - Quantumly Attacking the FX-construction
TLDR
A quantum algorithm is presented that breaks the construction with whitening keys in essentially the same time complexity as Grover’s original algorithm breaks the underlying block cipher. Expand
Quantum Security of Cryptographic Primitives
TLDR
This work proposes the first systematic classification of quantum security scenarios, and provides a novel framework for the quantum security (both in terms of indistinguishability and semantic security) of secret-key encryption schemes, and gives explicit secure constructions, as well as impossibility results. Expand
Quantum cryptanalysis of hash and claw-free functions
TLDR
A quantum algorithm that finds collisions in arbitrary functions after only O(3√N/τ) expected evaluations of the function, more efficient than the best possible classical algorithm, even allowing probabilism. Expand
Saturnin: a suite of lightweight symmetric algorithms for post-quantum security
TLDR
The aim is to provide a new lightweight suite of algorithms that performs well on small devices, in particular micro-controllers, while providing a high security level even in the presence of quantum computers. Expand
On Quantum Slide Attacks
TLDR
The first quantum exponential acceleration of a classical symmetric cryptanalysis technique is proposed: Simon’s algorithm could be applied to accelerate the slide attack on the alternate-key cipher in the superposition query model. Expand
Applying Grover's Algorithm to AES: Quantum Resource Estimates
TLDR
It is established that for all three variants of AES key size 128, 192, and 256i¾źbit that are standardized in FIPS-PUB 197, there are precise bounds for the number of qubits and thenumber of elementary logical quantum gates that are needed to implement Grover's quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs. Expand
A note on quantum related-key attacks
TLDR
A quantum version of the Winternitz-Hellman related-key attack model, where if the secret key is uniquely determined by a small number of plaintext-ciphertext pairs, the block cipher can be evaluated efficiently, and a superposition of related keys can be queried, then the key can be extracted efficiently. Expand
...
1
2
3
4
...