Quantum Security of NMAC and Related Constructions

Song, Fang; Yun, Aaram

doi:10.1007/978-3-319-63715-0_10

Cited by 30 publications

(15 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proof. The proof is essentially identical to that of Zhandry [Zha12] or Song and Yun [SY17]; since f is secure as a PRF, it is also oracle-secure. This allows the same hybrid argument in the security proof for GGM in [Zha12], or the security proof for the cascade construction in [SY17].…”

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 87%

“…Then, the security of f is in fact equivalent to indistinguishability of D 0 and D 1 relative to the simple oracle H. Again according to [SY17], when two function distributions are indistinguishable relative to H, then they are oracle-indistinguishable relative to H. We can also observe that this is equivalent to the oracle security of f defined as above.…”

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 93%

“…Let f : P × K × X → Y be a PRF. We say that f is oracle-secure with respect to an index set I, if for any quantum polynomial-time adversary A which can make quantum superposition queries to its oracle, we have the following: And, as in [SY17], we show that if a PRF with a public key is secure, then it is also oracle-secure.…”

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 98%

“…In fact, the above is the same as the cascade construction for the one-bit PRF f . When we instantiate the GGM construction using an ordinary PRG, or when we instantiate the cascade construction using an ordinary PRF (without the public-key part), the quantum security is already established [Zha12,SY17]. The only difference is that here we instantiate the construction using a keyed PRG, or, equivalently, a one-bit PRF with a public key.…”

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 99%

“…Following [Zha12] or [SY17], we can define a version of oracle security for such a PRF with a public key.…”

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 99%

See 4 more Smart Citations

General Linear Group Action on Tensors: A Candidate for Post-quantum Cryptography

Qiao

Song

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Starting from the one-way group action framework of Brassard and Yung (Crypto '90), we revisit building cryptography based on group actions. Several previous candidates for oneway group actions no longer stand, due to progress both on classical algorithms (e.g., graph isomorphism) and quantum algorithms (e.g., discrete logarithm).We propose the general linear group action on tensors as a new candidate to build cryptography based on group actions. Recent works (Futorny-Grochow-Sergeichuk Lin. Alg. Appl., 2019) suggest that the underlying algorithmic problem, the tensor isomorphism problem, is the hardest one among several isomorphism testing problems arising from areas including coding theory, computational group theory, and multivariate cryptography. We present evidence to justify the viability of this proposal from comprehensive study of the state-of-art heuristic algorithms, theoretical algorithms and hardness results, as well as quantum algorithms.We then introduce a new notion called pseudorandom group actions to further develop groupaction based cryptography. Briefly speaking, given a group G acting on a set S, we assume that it is hard to distinguish two distributions of (s, t) either uniformly chosen from S × S, or where s is randomly chosen from S and t is the result of applying a random group action of g ∈ G on s. This subsumes the classical decisional Diffie-Hellman assumption when specialized to a particular group action. We carefully analyze various attack strategies that support the general linear group action on tensors as a candidate for this assumption.Finally, we establish the quantum security of several cryptographic primitives based on the one-way group action assumption and the pseudorandom group action assumption.

show abstract

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 87%

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 93%

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 98%

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 99%

“…Following [Zha12] or [SY17], we can define a version of oracle security for such a PRF with a public key.…”

Section: Quantum-secure Pseudorandom Functions Based On Pramentioning

confidence: 99%

See 3 more Smart Citations

General Linear Group Action on Tensors: A Candidate for Post-quantum Cryptography

Qiao

Song

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions

Hosoyamada

Yasuda

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Hidden Shift Quantum Cryptanalysis and Implications

Bonnetain

Naya-Plasencia

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

At Eurocrypt 2017 a tweak to counter Simon's quantum attack was proposed: replace the common bitwise addition, with other operations, as a modular addition. The starting point of our paper is a follow up of these previous results: First, we have developed new algorithms that improve and generalize Kuperberg's algorithm for the hidden shift problem, which is the algorithm that applies instead of Simon when considering modular additions. Thanks to our improved algorithm, we have been able to build a quantum attack in the superposition model on Poly1305, proposed at FSE 2005, largely used and claimed to be quantumly secure. We also answer an open problem by analyzing the effect of the tweak to the FX construction. We have also generalized the algorithm. We propose for the first time a quantum algorithm for solving the problem with parallel modular additions, with a complexity that matches both Simon and Kuperberg in its extremes. We also propose a generic algorithm to solve the hidden shift problem in non-abelian groups. In order to verify the theoretical analysis we performed, and to get concrete estimates of the cost of the algorithms, we have simulated them, and were able to validate our estimated complexities. Finally, we analyze the security of some classical symmetric constructions with concrete parameters, to evaluate the impact and practicality of the proposed tweak, concluding that it does not seem to be efficient.

show abstract

Quantum Security of NMAC and Related Constructions

Cited by 30 publications

References 20 publications

General Linear Group Action on Tensors: A Candidate for Post-quantum Cryptography

General Linear Group Action on Tensors: A Candidate for Post-quantum Cryptography

Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions

Hidden Shift Quantum Cryptanalysis and Implications

Contact Info

Product

Resources

About