Improved Attacks on sLiSCP Permutation and Tight Bound of Limited Birthday Distinguishers

Hosoyamada, Akinori; Naya-Plasencia, Maŕıa; Sasaki, Yu

doi:10.46586/tosc.v2020.i4.147-172

Cited by 8 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The following problem is very common in symmetric cryptanalysis. It appears for example in impossible differential attacks [5], but also in rebound distinguishers [14]. In the former case we use generic algorithms to solve the problem for a black-box E, and in the latter, a valid distinguisher for E is defined as an algorithm outputting the pairs faster than the generic one.…”

Section: Solving the Limited Birthday Problemmentioning

confidence: 99%

See 1 more Smart Citation

Finding many Collisions via Reusable Quantum Walks

Bonnetain¹,

Chailloux²,

Schrottenloher³

et al. 2022

Preprint

View full text Add to dashboard Cite

Given a random function f with domain [2 n ] and codomain [2 m ], with m ≥ n, a collision of f is a pair of distinct inputs with the same image. Collision finding is an ubiquitous problem in cryptanalysis, and it has been well studied using both classical and quantum algorithms. Indeed, the quantum query complexity of the problem is well known to be Θ(2 m/3 ), and matching algorithms are known for any value of m. The situation becomes different when one is looking for multiple collision pairs. Here, for 2 k collisions, a query lower bound of Θ(2 (2k+m)/3 ) was shown by Liu and Zhandry (EUROCRYPT 2019). A matching algorithm is known, but only for relatively small values of m, when many collisions exist. In this paper, we improve the algorithms for this problem and, in particular, extend the range of admissible parameters where the lower bound is met. Our new method relies on a chained quantum walk algorithm, which might be of independent interest. It allows to extract multiple solutions of an MNRS-style quantum walk, without having to recompute it entirely: after finding and outputting a solution, the current state is reused as the initial state of another walk. As an application, we improve the quantum sieving algorithms for the shortest vector problem (SVP), with a complexity of 2 0.2563d+o(d) instead of the previous 2 0.2570d+o(d) .

show abstract

Section: Solving the Limited Birthday Problemmentioning

confidence: 99%

“…For example, the subproblem in lattice sieving of finding multiple close vectors to a target vector mentioned before can be seen as a special case. The limitedbirthday problem, which appears in symmetric cryptanalysis (e.g., impossible differential attacks [5] and rebound distinguishers [14]) is another example.…”

Section: Introductionmentioning

confidence: 99%

Finding many Collisions via Reusable Quantum Walks

Bonnetain¹,

Chailloux²,

Schrottenloher³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…SPIX and one of the SpoC variants use similar sLiSCP-light- [256] permutations. Differential characteristics [214][215][216] and distinguishers [217] on sLiSCPlight [256], summarized in Section 3.2.26, are also applicable to SPIX.…”

Section: Spixmentioning

confidence: 99%

“…A key recovery attack on full SpoC-64 was presented that does not violate the security claims due to large data requirements. Hosoyamada et al [217] described limited-birthday distinguishers over 15 steps of sLiSCP-light that can be used to mount attacks on 15-step and 16-step variants of the permutations. These attacks on the permutation do not pose an immediate threat to the SpoC submission, as they do not take the mode into account.…”

Section: Spocmentioning

confidence: 99%

Status report on the second round of the NIST lightweight cryptography standardization process

Turan¹,

McKay²,

Chang³

et al. 2021

View full text Add to dashboard Cite

The National Institute of Standards and Technology (NIST) initiated a public standardization process to select one or more Authenticated Encryption with Associated Data (AEAD) and hashing schemes suitable for constrained environments. In February 2019, 57 candidates were submitted to NIST for consideration. Among these, 56 were accepted as firstround candidates in April 2019. After four months, NIST selected 32 of the candidates for the second round. In March 2021, NIST announced 10 finalists to move forward to the final round of the selection process. The finalists are ASCON, Elephant, GIFT-COFB, Grain-128AEAD, ISAP, PHOTON-Beetle, Romulus, SPARKLE, TinyJAMBU, and Xoodyak. This report describes the evaluation criteria and selection process, which is based on public feedback and internal review of the second-round candidates.

show abstract

“…Note that both f and f ´1 are accessible, and the complexity of finding a solution will depend on the values of d in and d out . The algorithm proposed in [55] has been proven to match the lower bound complexity for the limited birthday problem in [68] for a black-box function and in [62] for a black-box permutation. We refer to [55] for an optimal algorithm and Theorem 1 for its time complexity.…”

Section: 23c Limited Birthday Distinguishermentioning

confidence: 99%

Post-quantum attacks against symmetric-key cryptography systems

Pham

View full text Add to dashboard Cite

First and foremost, I would like to express my gratitude to my supervisor, Prof. GUO Jian, for his invaluable mentorship and guidance he have provided me throughout my academic journey. I feel truly fortunate to have such a visionary and compassionate mentor, Prof. GUO Jian, who excels in both research and life. Prof. GUO Jian's kindness and willingness to patiently explain complex concepts have had a profound impact on my understanding of the project. With his unconditional support, I have chances to attend many flag-ship conferences and visiting attachments, that not only open my research's community but also broaden my horizons.I am filled with boundless gratitude towards my co-authors, Dr. Li Shun and Dr. Xiaoyang Dong, for their invaluable guidance and unwavering support throughout the research journey. I am deeply appreciative of the collaborative spirit they have shown in working with me on several papers, where their dedication to research has positively inspired my approach to conducting research.My special thanks go to all my co-authors, Prof. Zhenzhen Bao, Dr. Liu Guozhen, Guoyan Zhang, and Tianyu Zhang for working with me and teach me a lot of lession during the collaborations.Special thanks go to Dr. Patrick Derbez and my friend Nguyen Phuong Hoa for hosting me a visit in Rennes, France.I am grateful to extend my unbounded thanks to Dr. Eik List, who always willing to provide extensive assistance in revising my thesis. His support and guidance have played a crucial role in enhancing the quality and depth of my research work.I thank all my labmates and my friends in NTU, Dr.

show abstract

Improved Attacks on sLiSCP Permutation and Tight Bound of Limited Birthday Distinguishers

Cited by 8 publications

References 5 publications

Finding many Collisions via Reusable Quantum Walks

Finding many Collisions via Reusable Quantum Walks

Status report on the second round of the NIST lightweight cryptography standardization process

Post-quantum attacks against symmetric-key cryptography systems

Contact Info

Product

Resources

About