Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts

  title={Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts},
  author={Gorjan Alagic and Alexander Russell},
Recent results of Kaplan et al., building on work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by quantum chosen-plaintext attacks (qCPA). In such an attack, the quantum adversary has the ability to query the cryptographic functionality in superposition. The vulnerable cryptosystems include the Even-Mansour block cipher, the three-round Feistel network, the Encrypted-CBC-MAC, and many others. 
On Quantum Slide Attacks
The first quantum exponential acceleration of a classical symmetric cryptanalysis technique is proposed: Simon’s algorithm could be applied to accelerate the slide attack on the alternate-key cipher in the superposition query model.
QCB: Efficient Quantum-secure Authenticated Encryption
This paper proposes a new rate-one parallelizable mode named QCB inspired by TAE and OCB and proves its security against quantum superposition queries and discusses the quantum security notions for authenticated encryption modes.
Grover Meets Simon - Quantumly Attacking the FX-construction
A quantum algorithm is presented that breaks the construction with whitening keys in essentially the same time complexity as Grover’s original algorithm breaks the underlying block cipher.
Quantum Cryptanalysis: Shor, Grover, and Beyond
Although several strong candidates for postquantum cryptography remain standing, continued attention to quantum algorithms for cryptanalysis is warranted, focusing on those most likely to be of relevance to cryptanalysis.
Quantum Linearization Attacks
The quantum linearization attack is introduced, a new way of using Simon’s algorithm to target MACs in the superposition query model that breaks many parallelizable MACs such as LightMac, PMAC, and numerous variants with (classical) beyond-birthday-bound security (LightMAC+, PMAC+) or using tweakable block ciphers (ZMAC).
Post-quantum Cryptography and a (Qu)Bit More
This article provides the reader with a comprehensive overview regarding post-quantum cryptography and stresses that symmetric key cryptography should receive the same amount of attention from the scientific community.
Quantum Key-Recovery on Full AEZ
AEZ is an authenticated encryption algorithm, submitted to the CAESAR competition. It has been selected for the third round of the competition. While some classical analysis on the algorithm have
Quantum Indistinguishability for Public Key Encryption
The first quantum security notion (qINDqCPA) for public key encryption with a quantum indistinguishability phase is given, it is proved that the canonical LWE-based encryption scheme achieves the authors' security notion, and the notion is strictly stronger than existing security notions.
Hidden Structures and Quantum Cryptanalysis
This thesis proposes a new classical attack against multiple variants of the cipher MiMC, the most used symmetric cipher to date, and proposes a concrete and asymptotic quantum security analysis of some isogeny-based key exchanges.
Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions
A generic tool is developed that helps to prove indistinguishability of two quantum oracle distributions that is based on the Merkle-Damgard construction iterating a Davies-Meyer compression function, which is built from a block cipher.


Security on the quantum-type Even-Mansour cipher
  • H. Kuwakado, M. Morii
  • Computer Science, Mathematics
    2012 International Symposium on Information Theory and its Applications
  • 2012
It is shown that the quantum version of the Even-Mansour cipher is insecure, that is, a key can be found in polynomial time in the key length, an example that the Quantum version of a secure classical cipher is not always secure.
Using Simon's algorithm to attack symmetric-key cryptographic primitives
Examples where Simon's algorithm can be used to show insecurity of commonly used cryptographic symmetric-key primitives are provided and classical security proofs of cryptographic constructions need to be revisited in light of quantum attackers.
Breaking Symmetric Cryptosystems Using Quantum Period Finding
This paper considers attacks where an adversary can query an oracle implementing a cryptographic primitive in a quantum superposition of different states, and shows that the most widely used modes of operation for authentication and authenticated encryption are completely broken in this security model.
Quantum-Secure Message Authentication Codes
The first Message Authentication Codes that are existentially unforgeable against a quantum chosen message attack are constructed and it is proved that a four-wise independent family is sufficient for one-time security.
New Security Notions and Feasibility Results for Authentication of Quantum Data
We give a new class of security definitions for authentication in the quantum setting. These definitions capture and strengthen existing definitions of security against quantum adversaries for both
Secure Identity-Based Encryption in the Quantum Random Oracle Model
This work gives the first proof of security for an identity-based encryption (IBE) scheme in the quantum random oracle model and argues that the aforementioned cryptosystems are secure against quantum adversaries.
Limitations of single coset states and quantum algorithms for code equivalence
The results suggest that for many codes of interest--including generalized Reed Solomon codes, alternant codes, and Reed-Muller codes--solving these instances of Code Equivalence via Fourier sampling appears to be out of reach of current families of quantum algorithms.
Report on Post-Quantum Cryptography
The National Institute of Standards and Technology (NIST)'s current understanding about the status of quantum computing and post-quantum cryptography is shared, and NIST’s initial plan to move forward is outlined.
A construction of a cipher from a single pseudorandom permutation
A scheme for a block cipher which uses only one randomly chosen permutation, F, which removes the need to store, or generate a multitude of permutations.
Constructing elliptic curve isogenies in quantum subexponential time
This work gives a new subexponential-time quantum algorithm for constructing nonzero isogenies between two such elliptic curves, assuming the Generalized Riemann Hypothesis (but with no other assumptions).