Grover Meets Simon - Quantumly Attacking the FX-construction
نویسندگان
چکیده
Using whitening keys is a well understood mean of increasing the key-length of any given cipher. Especially as it is known ever since Grover’s seminal work that the effective key-length is reduced by a factor of two when considering quantum adversaries, it seems tempting to use this simple and elegant way of extending the key-length of a given cipher to increase the resistance against quantum adversaries. However, as we show in this work, using whitening keys does not increase the security in the quantum-CPA setting significantly. For this we present a quantum algorithm that breaks the construction with whitening keys in essentially the same time complexity as Grover’s original algorithm breaks the underlying block cipher. Technically this result is based on the combination of the quantum algorithms of Grover and Simon for the first time in the cryptographic setting.
منابع مشابه
Quantum Key-recovery Attack on Feistel Structures
Post-quantum cryptography has attracted much attention from worldwide cryptologists. At Asiacrypt 2017, Leander and May combines Grover and Simon algorithms to quantumly break FX-based block ciphers. In this paper, we study the Feistel constructions with Grover and Simon algorithms and give some new quantum key-recovery attacks on different rounds of Feistel constructions. Our attacks requires ...
متن کاملGene Targeting in Hemostasis
1. Abstract 2. Introduction 3. Biochemistry 3.1. Structure of the FX Protein 3.2. Structure of the FX Gene 3.3. Activation of FX 3.4. Activities of FX 3.4.1. Hemostasis 3.4.2. Non-hemostatic Functions 4. Factor X-Deficient Mice 4.1. Construction of the FX Gene Deletion 4.2. Viability of FX-Deficient Neonates 4.3. Viability and Survival of FX-Deficient Embryos 5. Perspectives 6. Acknowledgement ...
متن کاملAdaptivity vs. Postselection, and Hardness Amplification for Polynomial Approximation
We study the following problem: with the power of postselection (classically or quantumly), what is your ability to answer adaptive queries to certain languages? More specifically, for what kind of computational classes C, we have PC belongs to PostBPP or PostBQP? While a complete answer to the above question seems impossible given the development of present computational complexity theory. We ...
متن کاملCryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions with Applications to PRINCE and PRIDE
The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n-bit core block cipher with a κ-bit key by using two additional n-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE (proposed at Asiacrypt 2012) and PRIDE (proposed at CRYPTO 2014). These...
متن کاملLecture 8 : Period Finding : Simon ’ s Problem over
Remark 1.2. Classically, we can actually solve this problem very efficiently. Note that the condition on s implies that s divides N . Assuming N = 2, then s must lie in the set {1, 2, 4, . . . , N}. So we obtain an efficient classical algorithm by simply testing if s = 1 is f ’s period, then if s = 2 is f ’s period, etc. This requires us to test n = logN values of s, so the query complexity, an...
متن کامل