How to Record Quantum Queries, and Applications to Quantum Indifferentiability

Zhandry, Mark

doi:10.1007/978-3-030-26951-7_9

Cited by 146 publications

(121 citation statements)

References 24 publications

Supporting

Mentioning

120

Contrasting

Unclassified

Order By: Relevance

“…Quantum Security. In [Zha18], Zhandry proves that: if the underlying compression function cannot be distinguished from a random oracle, then the Merkle-Damgård construction, provided that it uses a prefix-free encoding (hence a good padding), cannot be distinguished from a random oracle with more than negligible advantage. The compression function we use here is: ℎ( , ) = Saturnin ( ) ⊕ .…”

Section: Saturnin-hashmentioning

confidence: 99%

Saturnin: a suite of lightweight symmetric algorithms for post-quantum security

Canteaut

Duval

Leurent

et al. 2020

ToSC

View full text Add to dashboard Cite

The cryptographic algorithms needed to ensure the security of our communications have a cost. For devices with little computing power, whose number is expected to grow significantly with the spread of the Internet of Things (IoT), this cost can be a problem. A simple answer to this problem is a compromise on the security level: through a weaker round function or a smaller number of rounds, the security level can be decreased in order to cheapen the implementation of the cipher. At the same time, quantum computers are expected to disrupt the state of the art in cryptography in the near future. For public-key cryptography, the NIST has organized a dedicated process to standardize new algorithms. The impact of quantum computing is harder to assess in the symmetric case but its study is an active research area.In this paper, we specify a new block cipher, Saturnin, and its usage in different modes to provide hashing and authenticated encryption in such a way that we can rigorously argue its security in the post-quantum setting. Its security analysis follows naturally from that of the AES, while our use of components that are easily implemented in a bitsliced fashion ensures a low cost for our primitives. Our aim is to provide a new lightweight suite of algorithms that performs well on small devices, in particular micro-controllers, while providing a high security level even in the presence of quantum computers. Saturnin is a 256-bit block cipher with a 256-bit key and an additional 9-bit parameter for domain separation. Using it, we built two authenticated ciphers and a hash function.• Saturnin-CTR-Cascade is an authenticated cipher using the counter mode and a separate MAC. It requires two passes over the data but its implementation does not require the inverse block cipher.• Saturnin-Short is an authenticated cipher intended for messages with a length strictly smaller than 128 bits which uses only one call to Saturnin to providenconfidentiality and integrity.• Saturnin-Hash is a 256-bit hash function. In this paper, we specify this suite of algorithms and argue about their security in both the classical and the post-quantum setting. https://project.inria.fr/saturnin/

show abstract

Section: Saturnin-hashmentioning

confidence: 99%

Saturnin: a suite of lightweight symmetric algorithms for post-quantum security

Canteaut

Duval

Leurent

et al. 2020

ToSC

View full text Add to dashboard Cite

show abstract

“…Toward that end, we employ a recent technique developed by Zhandry [Zha18] for analyzing quantum queries to random functions. We use this technique to show that our algorithm is tight for random functions, giving an average-case lower bound.…”

Section: The Lower Boundmentioning

confidence: 99%

“…In [Zha18], Zhandry showed a new technique for analyzing cryptosystems in the random oracle model. He also showed that his technique can be used to re-prove several known quantum query lower bounds.…”

Section: Compressed Fourier Oracles and Compressed Phase Oraclesmentioning

confidence: 99%

See 1 more Smart Citation

On Finding Quantum Multi-collisions

Liu

Zhandry

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

A k-collision for a compressing hash function H is a set of k distinct inputs that all map to the same output. In this work, we show that for any constant k, Θ N 1 2 (1− 1 2 k −1 ) quantum queries are both necessary and sufficient to achieve a k-collision with constant probability. This improves on both the best prior upper bound (Hosoyamada et al., ASIACRYPT 2017) and provides the first non-trivial lower bound, completely resolving the problem.

show abstract

“…It is not clear whether the natural translation of the classical notion of indidfferentiability to the quantum setting is achievable. Only recently, two articles [9,25] opened the discussion, but so far, the results remain inconclusive.…”

Section: Internal Permutationsmentioning

confidence: 99%

Quantum Indistinguishability of Random Sponges

Czajkowski

Hülsing

Schaffner

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the "Taverne" license above, please follow below link for the End User Agreement:

show abstract

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

Cited by 146 publications

References 24 publications

Saturnin: a suite of lightweight symmetric algorithms for post-quantum security

Saturnin: a suite of lightweight symmetric algorithms for post-quantum security

On Finding Quantum Multi-collisions

Quantum Indistinguishability of Random Sponges

Contact Info

Product

Resources

About