2019
DOI: 10.1007/978-3-030-26948-7_2
|View full text |Cite
|
Sign up to set email alerts
|

Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
85
0

Year Published

2019
2019
2020
2020

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 69 publications
(85 citation statements)
references
References 36 publications
0
85
0
Order By: Relevance
“…The algorithm of [30] would yield an attack with time complexity the third root of the size of the graph we work over; this would imply a solution to Problem 1 or Problem 2 in timeÕ(p). However, Jaques and Schanck have shown that the data structures required by this algorithm adds significantly to its complexity, to the point where it does not in fact beat square-root algorithms (which have much lower quantum memory requirements) [31]; this suggests thatÕ(p 3/2 ) is (currently) the correct complexity estimate for our problems.…”
Section: Securitymentioning
confidence: 90%
“…The algorithm of [30] would yield an attack with time complexity the third root of the size of the graph we work over; this would imply a solution to Problem 1 or Problem 2 in timeÕ(p). However, Jaques and Schanck have shown that the data structures required by this algorithm adds significantly to its complexity, to the point where it does not in fact beat square-root algorithms (which have much lower quantum memory requirements) [31]; this suggests thatÕ(p 3/2 ) is (currently) the correct complexity estimate for our problems.…”
Section: Securitymentioning
confidence: 90%
“…The status report on the first round [9] noted that the basic security problem upon which SIKE is based is an area where further study would be useful. Towards the end of the first round, a series of papers [32,33] examined the relevant classical and black-box quantum attacks, resulting in confidence that existing parameter sets were providing more security than previously claimed. As a result, the SIKE team was able to lower the parameter sizes used in their second-round specification.…”
Section: Sikementioning
confidence: 99%
“…In the quantum paradigm, Tani's algorithm [37] would succeed in O(p g(g+1)/12 ), meaning we get the same asymptotic complexities for dimensions 2 and 3, and an asymptotic improvement for all g > 3. Moreover, Jaques and Schanck [28] suggest a significant gap between the asymptotic runtime of Tani's algorithm and its actual efficacy in any meaningful model of quantum computation. On the other hand, the bottleneck of the quantum attack forecasted above is a relatively straightforward invocation of Grover search, and the gap between its asymptotic and concrete complexities is likely to be much closer.…”
Section: Cryptographic Implicationsmentioning
confidence: 99%