Breaking Symmetric Cryptosystems Using Quantum Period Finding

Kaplan, Marc; Leurent, Gaëtan; Leverrier, Anthony; źNaya-Plasencia, María

doi:10.1007/978-3-662-53008-5_8

Cited by 226 publications

(216 citation statements)

References 53 publications

Supporting

Mentioning

201

Contrasting

Order By: Relevance

“…holds, where Ψ (i) = u,x (−1) u·x |u |(f i ⊕ g)(x) . Now we use the following claim as a fact, which is shown as a subordinate result in the proof of Theorem 1 in [24].…”

Section: Applymentioning

confidence: 99%

“…Quantum slide attacks are a very efficient quantum counterpart of the classical slide attacks [3]. They have been introduced in [24], with a polynomial-time attack on 1-round self-similar ciphers. In many cases, our algorithm does not improve these attacks, because they are already too efficient and do not rely on a partial exhaustive search.…”

Section: Slide Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Quantum Attacks Without Superposition Queries: The Offline Simon’s Algorithm

Bonnetain

Hosoyamada

Naya-Plasencia

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In symmetric cryptanalysis, the model of superposition queries has led to surprising results, with many constructions being broken in polynomial time thanks to Simon's period-finding algorithm. But the practical implications of these attacks remain blurry. In contrast, the results obtained so far for a quantum adversary making classical queries only are less impressive. In this paper, we introduce a new quantum algorithm which uses Simon's subroutines in a novel way. We manage to leverage the algebraic structure of cryptosystems in the context of a quantum attacker limited to classical queries and offline quantum computations. We obtain improved quantum-time/classical-data tradeoffs with respect to the current literature, while using only as much hardware requirements (quantum and classical) as a standard exhaustive search with Grover's algorithm. In particular, we are able to break the Even-Mansour construction in quantum timeÕ(2 n/3 ), with O(2 n/3 ) classical queries and O(n 2 ) qubits only. In addition, we improve some previous superposition attacks by reducing the data complexity from exponential to polynomial, with the same time complexity. Our approach can be seen in two complementary ways: reusing superposition queries during the iteration of a search using Grover's algorithm, or alternatively, removing the memory requirement in some quantum attacks based on a collision search, thanks to their algebraic structure. We provide a list of cryptographic applications, including the Even-Mansour construction, the FX construction, some Sponge authenticated modes of encryption, and many more.

show abstract

“…holds, where Ψ (i) = u,x (−1) u·x |u |(f i ⊕ g)(x) . Now we use the following claim as a fact, which is shown as a subordinate result in the proof of Theorem 1 in [24].…”

Section: Applymentioning

confidence: 99%

Section: Slide Attacksmentioning

confidence: 99%

Quantum Attacks Without Superposition Queries: The Offline Simon’s Algorithm

Bonnetain

Hosoyamada

Naya-Plasencia

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…But this recommendation may be overly conservative, as quantum computing hardware will likely be more expensive to build than classical hardware. At the same time, this recommendation does not take into account the possibility of more sophisticated quantum attacks [16,17,18]. Our understanding of quantum cryptanalysis remains rather limited, and more research in this area is urgently needed.…”

Section: The Path Forwardmentioning

confidence: 99%

Report on Post-Quantum Cryptography

Chen¹,

Jordan²,

Liu³

et al. 2016

535

249

View full text Add to dashboard Cite

All comments are subject to release under the Freedom of Information Act (FOIA).ii Reports on Computer Systems TechnologyThe Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. AbstractIn recent years, there has been a substantial amount of research on quantum computersmachines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. This Internal Report shares the National Institute of Standards and Technology (NIST)'s current understanding about the status of quantum computing and post-quantum cryptography, and outlines NIST's initial plan to move forward in this space. The report also recognizes the challenge of moving to new cryptographic infrastructures and therefore emphasizes the need for agencies to focus on crypto agility.

show abstract

“…This line of research has put forward a new tradeoff between the desired level of security and the required efficiency for practical purposes currently explored by Google's New Hope scheme in Chrome. But while cryptographers search for new computational assumptions that provide resistance to quantum attacks, crypto-analysts are busy finding new quantum trickery to break them down 3 . This in turn leads to the need for more complex protocols and hence to even more challenges for practical solutions.…”

Section: Classical Progressmentioning

confidence: 99%