Using Simon's algorithm to attack symmetric-key cryptographic primitives

We present new connections between quantum information and the field of classical cryptography. In particular, we provide examples where Simon's algorithm can be used to show insecurity of commonly used cryptographic symmetric-key primitives. Specifically, these examples consist of a quantum distinguisher for the 3-round Feistel network and a forgery attack on CBC-MAC which forges a tag for a chosen-prefix message querying only other messages (of the same length). We assume that an adversary has quantum-oracle access to the respective classical primitives. Similar results have been achieved recently in independent work by Kaplan et al. Our findings shed new light on the post-quantum security of cryptographic schemes and underline that classical security proofs of cryptographic constructions need to be revisited in light of quantum attackers.

[1]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[2]  Ivan Damgård,et al.  Superposition Attacks on Cryptographic Protocols , 2011, ICITS.

[3]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[4]  Tommaso Gagliardoni,et al.  Semantic Security and Indistinguishability in the Quantum World , 2015, IACR Cryptol. ePrint Arch..

[5]  Mark Zhandry,et al.  Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World , 2013, CRYPTO.

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[8]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[9]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10]  Ran Canetti,et al.  Advances in Cryptology – CRYPTO 2013 , 2013, Lecture Notes in Computer Science.

[11]  Mark Zhandry,et al.  Quantum-Secure Message Authentication Codes , 2013, IACR Cryptol. ePrint Arch..

[12]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[13]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[14]  Mark Zhandry,et al.  A Note on Quantum-Secure PRPs , 2016, IACR Cryptol. ePrint Arch..

[15]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[16]  William P. Wardlaw Row Rank Equals Column Rank , 2005 .

[17]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[18]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[19]  Daniel R. Simon,et al.  On the Power of Quantum Cryptography , 1994, FOCS 1994.

[20]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[21]  M. Panella Associate Editor of the Journal of Computer and System Sciences , 2014 .

[22]  Daniel Gooch,et al.  Communications of the ACM , 2011, XRDS.

[23]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[24]  Tanja Lange,et al.  Post-quantum cryptography , 2008, Nature.

[25]  Hidenori Kuwakado,et al.  Quantum distinguisher between the 3-round Feistel cipher and the random permutation , 2010, 2010 IEEE International Symposium on Information Theory.

[26]  Ronald de Wolf,et al.  A Survey of Quantum Property Testing , 2013, Theory Comput..

[27]  Hidenori Kuwakado,et al.  Security on the quantum-type Even-Mansour cipher , 2012, 2012 International Symposium on Information Theory and its Applications.