# Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts

@article{Alagic2017QuantumSecureSC, title={Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts}, author={Gorjan Alagic and Alexander Russell}, journal={ArXiv}, year={2017}, volume={abs/1610.01187} }

Recent results of Kaplan et al., building on work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by quantum chosen-plaintext attacks (qCPA). In such an attack, the quantum adversary has the ability to query the cryptographic functionality in superposition. The vulnerable cryptosystems include the Even-Mansour block cipher, the three-round Feistel network, the Encrypted-CBC-MAC, and many others.

## 32 Citations

On Quantum Slide Attacks

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

The first quantum exponential acceleration of a classical symmetric cryptanalysis technique is proposed: Simon’s algorithm could be applied to accelerate the slide attack on the alternate-key cipher in the superposition query model.

QCB: Efficient Quantum-secure Authenticated Encryption

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This paper proposes a new rate-one parallelizable mode named QCB inspired by TAE and OCB and proves its security against quantum superposition queries and discusses the quantum security notions for authenticated encryption modes.

Grover Meets Simon - Quantumly Attacking the FX-construction

- Computer Science, MathematicsASIACRYPT
- 2017

A quantum algorithm is presented that breaks the construction with whitening keys in essentially the same time complexity as Grover’s original algorithm breaks the underlying block cipher.

Quantum Cryptanalysis: Shor, Grover, and Beyond

- Mathematics, Computer ScienceIEEE Security & Privacy
- 2018

Although several strong candidates for postquantum cryptography remain standing, continued attention to quantum algorithms for cryptanalysis is warranted, focusing on those most likely to be of relevance to cryptanalysis.

Quantum Linearization Attacks

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

The quantum linearization attack is introduced, a new way of using Simon’s algorithm to target MACs in the superposition query model that breaks many parallelizable MACs such as LightMac, PMAC, and numerous variants with (classical) beyond-birthday-bound security (LightMAC+, PMAC+) or using tweakable block ciphers (ZMAC).

Post-quantum Cryptography and a (Qu)Bit More

- Computer Science, MathematicsSecITC
- 2018

This article provides the reader with a comprehensive overview regarding post-quantum cryptography and stresses that symmetric key cryptography should receive the same amount of attention from the scientific community.

Quantum Key-Recovery on Full AEZ

- Computer ScienceSAC
- 2017

AEZ is an authenticated encryption algorithm, submitted to the CAESAR competition. It has been selected for the third round of the competition. While some classical analysis on the algorithm have…

Quantum Indistinguishability for Public Key Encryption

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

The first quantum security notion (qINDqCPA) for public key encryption with a quantum indistinguishability phase is given, it is proved that the canonical LWE-based encryption scheme achieves the authors' security notion, and the notion is strictly stronger than existing security notions.

Hidden Structures and Quantum Cryptanalysis

- Computer Science, Mathematics
- 2019

This thesis proposes a new classical attack against multiple variants of the cipher MiMC, the most used symmetric cipher to date, and proposes a concrete and asymptotic quantum security analysis of some isogeny-based key exchanges.

Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

A generic tool is developed that helps to prove indistinguishability of two quantum oracle distributions that is based on the Merkle-Damgard construction iterating a Davies-Meyer compression function, which is built from a block cipher.

## References

SHOWING 1-10 OF 41 REFERENCES

Security on the quantum-type Even-Mansour cipher

- Computer Science, Mathematics2012 International Symposium on Information Theory and its Applications
- 2012

It is shown that the quantum version of the Even-Mansour cipher is insecure, that is, a key can be found in polynomial time in the key length, an example that the Quantum version of a secure classical cipher is not always secure.

Using Simon's algorithm to attack symmetric-key cryptographic primitives

- Computer Science, MathematicsQuantum Inf. Comput.
- 2017

Examples where Simon's algorithm can be used to show insecurity of commonly used cryptographic symmetric-key primitives are provided and classical security proofs of cryptographic constructions need to be revisited in light of quantum attackers.

Breaking Symmetric Cryptosystems Using Quantum Period Finding

- Computer Science, MathematicsCRYPTO
- 2016

This paper considers attacks where an adversary can query an oracle implementing a cryptographic primitive in a quantum superposition of different states, and shows that the most widely used modes of operation for authentication and authenticated encryption are completely broken in this security model.

Quantum-Secure Message Authentication Codes

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

The first Message Authentication Codes that are existentially unforgeable against a quantum chosen message attack are constructed and it is proved that a four-wise independent family is sufficient for one-time security.

New Security Notions and Feasibility Results for Authentication of Quantum Data

- Computer ScienceCRYPTO
- 2017

We give a new class of security definitions for authentication in the quantum setting. These definitions capture and strengthen existing definitions of security against quantum adversaries for both…

Secure Identity-Based Encryption in the Quantum Random Oracle Model

- Computer Science, MathematicsCRYPTO
- 2012

This work gives the first proof of security for an identity-based encryption (IBE) scheme in the quantum random oracle model and argues that the aforementioned cryptosystems are secure against quantum adversaries.

Limitations of single coset states and quantum algorithms for code equivalence

- Computer ScienceQuantum Inf. Comput.
- 2015

The results suggest that for many codes of interest--including generalized Reed Solomon codes, alternant codes, and Reed-Muller codes--solving these instances of Code Equivalence via Fourier sampling appears to be out of reach of current families of quantum algorithms.

Report on Post-Quantum Cryptography

- Computer Science
- 2016

The National Institute of Standards and Technology (NIST)'s current understanding about the status of quantum computing and post-quantum cryptography is shared, and NIST’s initial plan to move forward is outlined.

A construction of a cipher from a single pseudorandom permutation

- Computer Science, MathematicsJournal of Cryptology
- 2007

A scheme for a block cipher which uses only one randomly chosen permutation, F, which removes the need to store, or generate a multitude of permutations.

Constructing elliptic curve isogenies in quantum subexponential time

- Computer Science, MathematicsJ. Math. Cryptol.
- 2014

This work gives a new subexponential-time quantum algorithm for constructing nonzero isogenies between two such elliptic curves, assuming the Generalized Riemann Hypothesis (but with no other assumptions).