Quantum Linearization Attacks

Bonnetain, Xavier; Leurent, Gaëtan; Naya-Plasencia, Maŕıa; Schrottenloher, André

doi:10.1007/978-3-030-92062-3_15

Cited by 31 publications

(14 citation statements)

References 56 publications

(94 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…1 , x 22 2 , x, 𝛼 b ) (See Figure 5). For the 17-round CAST-256, we have 39 1 (𝛼 0 ) ⊕ x 39 1 (𝛼 1 ) ⊕ 𝛼 0 ⊕ 𝛼 1 = x 36 2 (𝛼 0 ) ⊕ x 36 2 (𝛼 1 ) ⊕ 𝛼 0 ⊕ 𝛼 1 (28) where x 39 1 = x 38 4 = x 37 3 = x 36 2 (See Figure 5).…”

Section: Quantum Attack On Round-reduced Cast-256 Block Cipher In Qcp...mentioning

confidence: 99%

Quantum Attacks on Type‐1 Generalized Feistel Schemes

et al. 2023

View full text Add to dashboard Cite

Generalized Feistel schemes (GFSs) are extremely important and extensively researched cryptographic schemes. In this paper, the security of Type‐1 GFS in quantum circumstances is investigated. On the one hand, in the qCCA setting, a new quantum polynomial‐time distinguisher on ‐round Type‐1 GFS with branches is given, which extends the previous results by rounds. This leads to a more efficient analysis of type‐1 GFS, that is, the complexity of some previous key‐recovery attacks is reduced by a factor of , where k is the key length of the internal round function. On the other hand, for CAST‐256, which is a certain block cipher based on Type‐1 GFS, a 17‐round quantum distinguisher in the qCPA setting is given. Based on this, an ‐round quantum key‐recovery attack with complexity is constructed.

show abstract

Section: Quantum Attack On Round-reduced Cast-256 Block Cipher In Qcp...mentioning

confidence: 99%

Quantum Attacks on Type‐1 Generalized Feistel Schemes

et al. 2023

View full text Add to dashboard Cite

show abstract

“…We believe that it is of theoretical and practical interest to study in more generality, which classes of f admit a memory-efficient computation of their hashed versions. Recently, a first explicit application of our hashed Shor algorithm was given by Bonnetain, Leurent, Naya-Plasencia and Schrottenloher [BLNS21] for the MAC Poly1305.…”

Section: Simon's Algorithmmentioning

confidence: 99%

Quantum Period Finding is Compression Robust

May

Schlieper

2022

ToSC

View full text Add to dashboard Cite

We study quantum period finding algorithms such as Simon and Shor (and its variant Ekerå-Håstad). For a periodic function f these algorithms produce – via some quantum embedding of f – a quantum superposition ∑x |x〉 |f(x)〉, which requires a certain amount of output qubits that represent |f(x)〉. We show that one can lower this amount to a single output qubit by hashing f down to a single bit in an oracle setting.Namely, we replace the embedding of f in quantum period finding circuits by oracle access to several embeddings of hashed versions of f. We show that on expectation this modification only doubles the required amount of quantum measurements, while significantly reducing the total number of qubits. For example, for Simon’s algorithm that finds periods in f : Fn2 → Fn2 our hashing technique reduces the required output qubits from n down to 1, and therefore the total amount of qubits from 2n to n + 1. We also show that Simon’s algorithm admits real world applications with only n + 1 qubits by giving a concrete realization of a hashed version of the cryptographic Even-Mansour construction. Moreover, for a variant of Simon’s algorithm on Even-Mansour that requires only classical queries to Even-Mansour we save a factor of (roughly) 4 in the qubits.Our oracle-based hashed version of the Ekerå-Håstad algorithm for factoring n-bit RSA reduces the required qubits from (3/2 + o(1))n down to (1/2+ o(1))n.

show abstract

“…Later on, it was shown that such superposition attacks can target many constructions that are known to be classically secure [67], using Simon's algorithm, but also Kuperberg's algorithm [78] and even Shor's algorithm itself [79]. The practical implications of these attacks remain debated, since without superposition queries, they are inapplicable.…”

Section: Symmetric Cryptographymentioning

confidence: 99%

Quantum algorithms for attacking hardness assumptions in classical and post‐quantum cryptography

Biasse

Bonnetain

Kirshanova

et al. 2022

IET Information Security

View full text Add to dashboard Cite

In this survey, the authors review the main quantum algorithms for solving the computational problems that serve as hardness assumptions for cryptosystem. To this end, the authors consider both the currently most widely used classically secure cryptosystems, and the most promising candidates for post‐quantum secure cryptosystems. The authors provide details on the cost of the quantum algorithms presented in this survey. The authors furthermore discuss ongoing research directions that can impact quantum cryptanalysis in the future.

show abstract

Quantum Linearization Attacks

Cited by 31 publications

References 56 publications

Quantum Attacks on Type‐1 Generalized Feistel Schemes

Quantum Attacks on Type‐1 Generalized Feistel Schemes

Quantum Period Finding is Compression Robust

Quantum algorithms for attacking hardness assumptions in classical and post‐quantum cryptography

Contact Info

Product

Resources

About