Quantum Key-length Extension

  title={Quantum Key-length Extension},
  author={Joseph Jaeger and Fang Song and Stefano Tessaro},
. Should quantum computers become available, they will reduce the effective key length of basic secret-key primitives, such as blockciphers. To address this we will either need to use blockciphers with inherently longer keys or develop key-length extension techniques to amplify the security of a blockcipher to use longer keys. We consider the latter approach and revisit the FX and double encryption constructions. Classically, FX was proven to be a secure key-length extension technique, while… 

Beyond quadratic speedups in quantum attacks on symmetric schemes

The first quantum key-recovery attack on a symmetric block cipher design, using classical queries only, is reported, with a more than quadratic time speedup compared to the best classical attack.

Post-Quantum Security of the (Tweakable) FX Construction, and Applications

This work proves security of a tweakable version of the FX construction in the post-quantum setting, i.e., against a quantum attacker given only classical access to the secretly keyed construction while retaining quantum access to E.

Post-Quantum Security of the Even-Mansour Cipher

This work resolves the question as to whether the Even-Mansour cipher can still be proven secure in this natural, “post-quantum” setting, showing that any attack in that setting requires qE · q P + qP · q E ≈ 2.

Adaptive versus Static Multi-oracle Algorithms, and Quantum Security of a Split-key PRF

A generic compiler is shown that the hash-based construction of Giacon et al. can be safely used in the context of quantum attacks, for instance to combine a well-established but only classically-secure KEM with a candidate KEM that is believed to be quantum-secure.



Grover Meets Simon - Quantumly Attacking the FX-construction

A quantum algorithm is presented that breaks the construction with whitening keys in essentially the same time complexity as Grover’s original algorithm breaks the underlying block cipher.

Quantum Differential and Linear Cryptanalysis

This work examines more closely the security of symmetric ciphers against quantum attacks, and investigates quantum versions of differential and linear cryptanalysis techniques, showing that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced.

Quantum attacks against iterated block ciphers

  • M. Kaplan
  • Computer Science, Mathematics
  • 2014
This work quantizes a recent technique called the dissection attack using the framework of quantum walks, which seems to indicate that composition resists better to quantum attacks than to classical ones because it prevents the quadratic speedup achieved by quantizing an exhaustive search.

On the Security Notions for Encryption in a Quantum World

The security of quantum-secure classical encryption has first been studied by Boneh and Zhandry, but they restricted the adversary to classical challenge queries, which makes the indistinguishability only hold for classical messages (IND-qCCA2).

Generic Authenticated Key Exchange in the Quantum Random Oracle Model

A generic construction of two-message authenticated key exchange from any passively secure public key encryption (PKE) in the quantum random oracle model (QROM) which allows arbitrary PKE schemes with non-perfect correctness to be constructed.

Quantum Attacks without Superposition Queries: the Offline Simon Algorithm

A new quantum algorithm which uses Simon's subroutines in a novel way to leverage the algebraic structure of cryptosystems in the context of a quantum attacker limited to classical queries and offline quantum computations is introduced.

Tighter proofs of CCA security in the quantum random oracle model

An improved reduction for the security of the Hofheinz, Hovelmanns, and Kiltz (TCC’17) transform is improved which turns OW-CPA secure deterministic PKEs into IND-CCA secure KEMs.

Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms

The scheme is a combination of an asymmetric and a symmetric encryption scheme that are secure in a weak sense that is a slight modification of the Fujisaki-Okamoto transform that is secure against classical adversaries.

Security on the quantum-type Even-Mansour cipher

  • H. KuwakadoM. Morii
  • Computer Science, Mathematics
    2012 International Symposium on Information Theory and its Applications
  • 2012
It is shown that the quantum version of the Even-Mansour cipher is insecure, that is, a key can be found in polynomial time in the key length, an example that the Quantum version of a secure classical cipher is not always secure.

How to Protect DES Against Exhaustive Key Search

This paper proves, in a formal model, that the DESX construction is sound, and shows that, when F is an idealized block cipher, FXk.k2 is substantially more resistant to key search than is F, and has an effective key length of at least ϰ+n - 1 - lg m bits.