Quantum Chosen-Ciphertext Attacks against Feistel Ciphers

Seminal results by Luby and Rackoff show that the 3-round Feistel cipher is secure against chosen-plaintext attacks (CPAs), and the 4-round version is secure against chosen-ciphertext attacks (CCAs). However, the security significantly changes when we consider attacks in the quantum setting, where the adversary can make superposition queries. By using Simon’s algorithm that detects a secret cycle-period in polynomial-time, Kuwakado and Morii showed that the 3-round version is insecure against quantum CPA by presenting a polynomial-time distinguisher. Since then, Simon’s algorithm has been heavily used against various symmetric-key constructions. However, its applications are still not fully explored.

[1]  Hidenori Kuwakado,et al.  Quantum distinguisher between the 3-round Feistel cipher and the random permutation , 2010, 2010 IEEE International Symposium on Information Theory.

[2]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[3]  Jason Smith,et al.  The SIMON and SPECK lightweight block ciphers , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[5]  Xiaoyun Wang,et al.  Quantum cryptanalysis on some generalized Feistel schemes , 2019, Science China Information Sciences.

[6]  Adi Shamir,et al.  New Attacks on Feistel Structures with Improved Memory Complexities , 2015, CRYPTO.

[7]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[8]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[9]  Hidenori Kuwakado,et al.  Security on the quantum-type Even-Mansour cipher , 2012, 2012 International Symposium on Information Theory and its Applications.

[10]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[11]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[12]  Daniel R. Simon,et al.  On the power of quantum computation , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[13]  Yu Sasaki,et al.  Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions , 2018, SCN.

[14]  Alasdair McAndrew Data Encryption Standard (DES) for Sage , 2009 .

[15]  María Naya-Plasencia,et al.  On Quantum Slide Attacks , 2019, IACR Cryptol. ePrint Arch..

[16]  Kyoji Shibutani,et al.  Generic Key Recovery Attack on Feistel Scheme , 2013, IACR Cryptol. ePrint Arch..

[17]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.

[18]  Xavier Bonnetain,et al.  Quantum Key-Recovery on Full AEZ , 2017, SAC.

[19]  Christian Schaffner,et al.  Using Simon's algorithm to attack symmetric-key cryptographic primitives , 2016, Quantum Inf. Comput..

[20]  Gregor Leander,et al.  Grover Meets Simon - Quantumly Attacking the FX-construction , 2017, ASIACRYPT.

[21]  Lars R. Knudsen,et al.  The Security of Feistel Ciphers with Six Rounds or Less , 2002, Journal of Cryptology.

[22]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Generic Feistel Constructions , 2014, ASIACRYPT.

[23]  Xiaoyun Wang,et al.  Quantum attacks on some feistel block ciphers , 2020, Designs, Codes and Cryptography.

[24]  Xiaoyun Wang,et al.  Quantum key-recovery attack on Feistel structures , 2018, Science China Information Sciences.