Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions

This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selcuk (DS-MITM attacks), which is currently one of the most powerful cryptanalytic approaches in the classical setting against symmetric-key schemes. The quantum DS-MITM attacks are demonstrated against 6 rounds of the generic Feistel construction supporting an n-bit key and an n-bit block, which was attacked by Guo et al. in the classical setting with data, time, and memory complexities of \(O(2^{3n/4})\). The complexities of our quantum attacks depend on the adversary’s model. When the adversary has an access to quantum computers for offline computations but online queries are made in a classical manner, the attack complexities become \(\tilde{O}(2^{n/2})\), which significantly improves the classical attack. The attack is then extended to the case that the adversary can make superposition queries. The attack is based on 3-round distinguishers with Simon’s algorithm and then appends 3 rounds for key recovery. This can be solved by applying the combination of Simon’s and Grover’s algorithms recently proposed by Leander and May.

[1]  Gregor Leander,et al.  Grover Meets Simon - Quantumly Attacking the FX-construction , 2017, ASIACRYPT.

[2]  Kyoji Shibutani,et al.  All Subkeys Recovery Attack on Block Ciphers: Extending Meet-in-the-Middle Approach , 2012, Selected Areas in Cryptography.

[3]  Bart Mennink,et al.  XOR of PRPs in a Quantum World , 2017, PQCrypto.

[4]  Jan Camenisch,et al.  Selected Areas in Cryptography – SAC 2017 , 2017, Lecture Notes in Computer Science.

[5]  Lars R. Knudsen,et al.  The Security of Feistel Ciphers with Six Rounds or Less , 2002, Journal of Cryptology.

[6]  Yu Sasaki,et al.  Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations , 2018, IACR Cryptol. ePrint Arch..

[7]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[8]  Kyoji Shibutani,et al.  Generic Key Recovery Attack on Feistel Scheme , 2013, IACR Cryptol. ePrint Arch..

[9]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[10]  Harald Niederreiter,et al.  Probability and computing: randomized algorithms and probabilistic analysis , 2006, Math. Comput..

[11]  Hidenori Kuwakado,et al.  Security on the quantum-type Even-Mansour cipher , 2012, 2012 International Symposium on Information Theory and its Applications.

[12]  Adi Shamir,et al.  New Attacks on Feistel Structures with Improved Memory Complexities , 2015, CRYPTO.

[13]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[14]  Daniel J. Bernstein,et al.  Low-Communication Parallel Quantum Multi-Target Preimage Search , 2017, SAC.

[15]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[16]  Shengyu Zhang Promised and Distributed Quantum Search , 2005, COCOON.

[17]  Nicky Mouha,et al.  Report on Lightweight Cryptography , 2017 .

[18]  Seiichiro Tani,et al.  Claw finding algorithms using quantum walk , 2007, Theor. Comput. Sci..

[19]  Lov K. Grover,et al.  How significant are the known collision and element distinctness quantum algorithms? , 2004, Quantum Inf. Comput..

[20]  Hidenori Kuwakado,et al.  Quantum distinguisher between the 3-round Feistel cipher and the random permutation , 2010, 2010 IEEE International Symposium on Information Theory.

[21]  Xiaoyun Wang,et al.  Quantum key-recovery attack on Feistel structures , 2018, Science China Information Sciences.

[22]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[23]  Gilles Brassard,et al.  Quantum Cryptanalysis of Hash and Claw-Free Functions , 1998, LATIN.

[24]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Classes of Contracting and Expanding Feistel Constructions , 2017, IACR Trans. Symmetric Cryptol..

[25]  Marc Kaplan,et al.  Quantum attacks against iterated block ciphers , 2014, ArXiv.

[26]  Andris Ambainis,et al.  Quantum walk algorithm for element distinctness , 2003, 45th Annual IEEE Symposium on Foundations of Computer Science.

[27]  Gilles Brassard,et al.  Tight bounds on quantum searching , 1996, quant-ph/9605034.

[28]  Xavier Bonnetain,et al.  Quantum Key-Recovery on Full AEZ , 2017, SAC.

[29]  A. Harrow,et al.  Efficient distributed quantum computing , 2012, Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[30]  G. Brassard,et al.  Quantum Amplitude Amplification and Estimation , 2000, quant-ph/0005055.

[31]  Daniel R. Simon,et al.  On the power of quantum computation , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[32]  D. Bernstein Cost analysis of hash collisions : will quantum computers make SHARCS obsolete? , 2009 .

[33]  Yu Sasaki,et al.  Meet-in-the-Middle Attacks on Generic Feistel Constructions , 2014, ASIACRYPT.

[34]  Léo Perrin,et al.  Meet-in-the-Middle Attacks and Structural Analysis of Round-Reduced PRINCE , 2015, Journal of Cryptology.