An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography

The cryptographic community has widely acknowledged that the emergence of large quantum computers will pose a threat to most current public-key cryptography. Primitives that rely on order-finding problems, such as factoring and computing Discrete Logarithms, can be broken by Shor’s algorithm ([49]).

[1]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[2]  Gilles Brassard,et al.  Quantum cryptanalysis of hash and claw-free functions , 1997, SIGA.

[3]  Andris Ambainis,et al.  Polynomial Degree and Lower Bounds in Quantum Complexity: Collision and Element Distinctness with Small Range , 2003, Theory Comput..

[4]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[5]  Karthikeyan Bhargavan,et al.  On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN , 2016, CCS.

[6]  Samuel Kutin,et al.  Quantum Lower Bound for the Collision Problem with Small Range , 2005, Theory Comput..

[7]  Sanjit Chatterjee,et al.  Another Look at Tightness , 2011, IACR Cryptol. ePrint Arch..

[8]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[9]  Gideon Yuval,et al.  How to Swindle Rabin , 1979, Cryptologia.

[10]  Scott Aaronson,et al.  Quantum lower bounds for the collision and the element distinctness problems , 2004, JACM.

[11]  Alex Biryukov,et al.  Improved Time-Memory Trade-Offs with Multiple Data , 2005, Selected Areas in Cryptography.

[12]  David A. McGrew,et al.  Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes , 2012, IACR Cryptol. ePrint Arch..

[13]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[14]  Antoine Joux,et al.  Multi-user Collisions: Applications to Discrete Logarithm, Even-Mansour and PRINCE , 2014, ASIACRYPT.

[15]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[16]  Dominique Unruh,et al.  Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model , 2015, EUROCRYPT.

[17]  Tommaso Gagliardoni,et al.  Semantic Security and Indistinguishability in the Quantum World , 2015, IACR Cryptol. ePrint Arch..

[18]  Daniel R. Simon,et al.  On the power of quantum computation , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[19]  Mark Zhandry,et al.  Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World , 2013, CRYPTO.

[20]  D. Bernstein Cost analysis of hash collisions : will quantum computers make SHARCS obsolete? , 2009 .

[21]  M.E. Hellman,et al.  Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[22]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[23]  Thierry Paul,et al.  Quantum computation and quantum information , 2007, Mathematical Structures in Computer Science.

[24]  Dominique Unruh,et al.  Post-Quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation , 2016, PQCrypto.

[25]  Hidenori Kuwakado,et al.  Security on the quantum-type Even-Mansour cipher , 2012, 2012 International Symposium on Information Theory and its Applications.

[26]  Mark Zhandry,et al.  A note on the quantum collision and set equality problems , 2013, Quantum Inf. Comput..

[27]  Daniel R. Simon,et al.  On the Power of Quantum Cryptography , 1994, FOCS 1994.

[28]  Lov K. Grover,et al.  How significant are the known collision and element distinctness quantum algorithms? , 2004, Quantum Inf. Comput..

[29]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[30]  John Kelsey,et al.  Second Preimage Attacks on Dithered Hash Functions , 2008, EUROCRYPT.

[31]  Lov K. Grover Trade-offs in the quantum search algorithm , 2002 .

[32]  Helger Lipmaa,et al.  Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption , 2000 .

[33]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[34]  J. Pollard A monte carlo method for factorization , 1975 .

[35]  Martin Rötteler,et al.  Post-Quantum Cryptography , 2015, Lecture Notes in Computer Science.

[36]  Gilles Brassard,et al.  Merkle Puzzles in a Quantum World , 2011, CRYPTO.

[37]  Michele Mosca,et al.  Estimating the Cost of Generic Quantum Pre-image Attacks on SHA-2 and SHA-3 , 2016, SAC.

[38]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[39]  Hidenori Kuwakado,et al.  Quantum distinguisher between the 3-round Feistel cipher and the random permutation , 2010, 2010 IEEE International Symposium on Information Theory.

[40]  Marc Kaplan,et al.  Quantum attacks against iterated block ciphers , 2014, ArXiv.

[41]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[42]  Ivan Damgård,et al.  Superposition Attacks on Cryptographic Protocols , 2011, ICITS.

[43]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[44]  Daniel J. Bernstein,et al.  Low-Communication Parallel Quantum Multi-Target Preimage Search , 2017, SAC.

[45]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[46]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[47]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[48]  G. Brassard,et al.  Quantum Amplitude Amplification and Estimation , 2000, quant-ph/0005055.

[49]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[50]  Andris Ambainis,et al.  Quantum walk algorithm for element distinctness , 2003, 45th Annual IEEE Symposium on Foundations of Computer Science.

[51]  Eli Biham,et al.  How to decrypt or even substitute DES-encrypted messages in 228 steps , 2002, Inf. Process. Lett..

[52]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[53]  Alfred Menezes,et al.  Another Look at "Provable Security" , 2005, Journal of Cryptology.