Quantum key recovery attack on SIMON32/64

The development of quantum computation is a threat to classical cryptosystems. Shor's algorithm can break the security of some public-key cryptosystems and Grover's algorithm can help gain quadratic speed-up in the cryptanalysis of block ciphers. There are two security models in quantum cryptanalysis against block ciphers, Q1 model and Q2 model. The lightweight block ciphers receive much attention in recent years. It's vital to study the quantum security of lightweight block ciphers in quantum setting to prepare for the future with large-scale quantum computers. There are some results focusing on the quantum circuit design of exhaustive search on some lightweight block ciphers. However, the quantum attacks combined with classical cryptanalysis methods on lightweight block ciphers haven't been studied further. In this paper, we focus on the quantum key recovery attack of SIMON 32/64. At first, we reestimate the quantum resources of quantum exhaustive search on SIMON 32/64. We find that the cost of multi controlled-NOT cannot be ignored. Then, using the differential trial given by Birykov in FSE 2014 as a distinguisher, we give our quantum key recovery attack of SIMON 32/64. We treat the two phrases of key recovery attack as two QAA instances separately. Then, we give quantum circuit design of these two instances and their corresponding quantum resources estimate. We conclude that our quantum key recovery attack is better than quantum exhaustive search in terms of quantum gate resources and qubit resources. Our result studies the quantum dedicated attack from the perspective of quantum resource, which gives a more fine-grained analysis.

[1]  Lov K. Grover Quantum Mechanics Helps in Searching for a Needle in a Haystack , 1997, quant-ph/9706033.

[2]  P. Alsing,et al.  Introduction to Coding Quantum Algorithms: A Tutorial Series Using Pyquil , 2019, 1903.05195.

[3]  Xiaoyun Wang,et al.  Quantum attacks on some feistel block ciphers , 2020, Designs, Codes and Cryptography.

[4]  Gregor Leander,et al.  Grover Meets Simon - Quantumly Attacking the FX-construction , 2017, ASIACRYPT.

[5]  Gautam Srivastava,et al.  Differential Cryptanalysis of Round-Reduced SPECK Suitable for Internet of Things Devices , 2019, IEEE Access.

[6]  Peter Selinger,et al.  Quantum circuits of T-depth one , 2012, ArXiv.

[7]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[8]  Jason Smith,et al.  SIMON and SPECK: Block Ciphers for the Internet of Things , 2015, IACR Cryptol. ePrint Arch..

[9]  S. Devons Rutherford: Scientist Supreme , 2001 .

[10]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[11]  Yu Sasaki,et al.  Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions , 2018, SCN.

[12]  M. Mosca,et al.  A Meet-in-the-Middle Algorithm for Fast Synthesis of Depth-Optimal Quantum Circuits , 2012, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[13]  Umesh V. Vazirani,et al.  Quantum Complexity Theory , 1997, SIAM J. Comput..

[14]  G. Brassard,et al.  Quantum Amplitude Amplification and Estimation , 2000, quant-ph/0005055.

[15]  Martin Rötteler,et al.  Quantum arithmetic and numerical analysis using Repeat-Until-Success circuits , 2014, Quantum Inf. Comput..

[16]  Hilde van der Togt,et al.  Publisher's Note , 2003, J. Netw. Comput. Appl..

[17]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[18]  Jie Sun,et al.  Quantum differential cryptanalysis , 2015, Quantum Inf. Process..

[19]  Ximeng Liu,et al.  Quantum Circuit Implementations of AES with Fewer Qubits , 2020, ASIACRYPT.

[20]  Danping Shi,et al.  Quantum Collision Attacks on AES-like Hashing with Low Quantum Random Access Memories , 2020, IACR Cryptol. ePrint Arch..

[21]  Li Yang,et al.  Quantum differential cryptanalysis to the block ciphers , 2015, ArXiv.

[22]  Yu Sasaki,et al.  Finding Hash Collisions with Quantum Computers by Using Differential Trails with Smaller Probability than Birthday Bound , 2020, IACR Cryptol. ePrint Arch..

[23]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[24]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[25]  I. Chuang,et al.  Quantum Computation and Quantum Information: Introduction to the Tenth Anniversary Edition , 2010 .

[26]  Meiqin Wang,et al.  Improved Zero-Correlation Cryptanalysis on SIMON , 2015, Inscrypt.

[27]  Vincent Rijmen,et al.  Cryptanalysis of Reduced-Round SIMON32 and SIMON48 , 2014, INDOCRYPT.

[28]  Lei Hu,et al.  Improved linear (hull) cryptanalysis of round-reduced versions of SIMON , 2015, Science China Information Sciences.

[29]  Rainer Steinwandt,et al.  Reducing the Cost of Implementing AES as a Quantum Circuit , 2020, IEEE Transactions on Quantum Engineering.

[30]  Li Yang,et al.  Using Bernstein–Vazirani algorithm to attack block ciphers , 2017, Designs, Codes and Cryptography.

[31]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[32]  Martin Roetteler,et al.  Implementing Grover Oracles for Quantum Key Search on AES and LowMC , 2019, IACR Cryptol. ePrint Arch..

[33]  Xiaoyun Wang,et al.  Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques , 2015, FSE.

[34]  Hidenori Kuwakado,et al.  Quantum distinguisher between the 3-round Feistel cipher and the random permutation , 2010, 2010 IEEE International Symposium on Information Theory.

[35]  Arpita Maitra,et al.  Grover on $$\,SIMON\,$$ S I M O N , 2020, Quantum Inf. Process..

[36]  Hidenori Kuwakado,et al.  Security on the quantum-type Even-Mansour cipher , 2012, 2012 International Symposium on Information Theory and its Applications.

[37]  Hyeokdong Kwon,et al.  Grover on Korean Block Ciphers , 2020, Applied Sciences.

[38]  Martin Rötteler,et al.  Post-Quantum Cryptography , 2015, Lecture Notes in Computer Science.

[39]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[40]  Arpita Maitra,et al.  Evaluation of Quantum Cryptanalysis on SPECK , 2020, INDOCRYPT.

[41]  Xiaoyun Wang,et al.  Improved Integral Attacks on SIMON32 and SIMON48 with Dynamic Key-Guessing Techniques , 2018, Secur. Commun. Networks.

[42]  Ning Wang,et al.  Differential attacks on reduced SIMON versions with dynamic key-guessing techniques , 2017, Science China Information Sciences.

[43]  Rosni Abdullah,et al.  Quantum reversible circuit of AES-128 , 2018, Quantum Information Processing.

[44]  Lei Hu,et al.  Differential Analysis on Simeck and SIMON with Dynamic Key-Guessing Techniques , 2016, ICISSP.

[45]  María Naya-Plasencia,et al.  Quantum Security Analysis of AES , 2019, IACR Cryptol. ePrint Arch..

[46]  R. Steinwandt,et al.  Reducing the Cost of Implementing the Advanced Encryption Standard as a Quantum Circuit , 2020, IEEE Transactions on Quantum Engineering.

[47]  Seung Joo Choi,et al.  Grover on SPECK: Quantum Resource Estimates , 2020, IACR Cryptol. ePrint Arch..

[48]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[49]  Daniel R. Simon On the Power of Quantum Computation , 1997, SIAM J. Comput..

[50]  Umesh V. Vazirani,et al.  Quantum complexity theory , 1993, STOC.

[51]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[52]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..