Complete analysis of Simon’s quantum algorithm with additional collisions

  • Tai-Rong ShiEmail author
  • Chen-Hui Jin
  • Bin Hu
  • Jie Guan
  • Jing-Yi Cui
  • Sen-Peng Wang


Simon’s algorithm, an exponential speedup quantum algorithm for recovering period, has been widely applied to symmetric cryptography. At Crypto 2016, Kaplan et al. showed the effect of additional collisions on the success probability of Simon’s algorithm, which led to a better analysis of previous applications. In this paper, we provide several new results of Simon’s algorithm. Firstly, we present the composing form of additional collisions and reveal the exact relationship between additional collisions and measurement outcomes for the first time. Specifically, all probabilities of observed measurements are completely depended on the number of additional collisions. Our findings shed new light on how to estimate the success probability of Simon’s algorithm with additional collisions and point out somewhere unreasonable in the work by Kaplan et al. Finally, we give the trade-off between the success probability and the number of runs of the subroutine afresh. For a random function, 4n repetitions of subroutine will ensure the success probability exponentially close to 1.


Quantum cryptography Simon’s algorithm Additional collisions Probability distribution Success probability 



This work was supported by National Natural Science Foundation of China (Grant Nos. 61572516, 61602514, 61802437 and 61802438).


  1. 1.
    Anand, M.V., Targhi, E.E., Tabia, G.N., Takagi, T.: Post-Quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation, Post-quantum Cryptography 2016, vol. 9606, p. 44. Springer, Cham (2016)CrossRefGoogle Scholar
  2. 2.
    Boneh D., Zhandry M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Advances in Cryptology—CRYPTO 2013, vol. 8043, p. 361. Springer, Berlin (2013)CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J.: Introduction to post-quantum cryptography, Post-quantum cryptography, pp. 1–14. Springer, Berlin (2009) Google Scholar
  4. 4.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484 (1997)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Takagi, T., Peyrin, T.: Advances in Cryptology—ASIACRYPT 2017. Springer, Cham (2017)CrossRefGoogle Scholar
  6. 6.
    NIST: Post-Quantum Cryptography, (2017). Accessed 08 Jan 2019
  7. 7.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, vol. 212. ACM (1996)Google Scholar
  8. 8.
    Boneh, D., Dagdelen, O., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Advances in Cryptology—ASIACRYPT 2011, vol. 41. Springer, Cham (2017)Google Scholar
  9. 9.
    Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. In: Advances in Cryptology—EUROCRYPT 2013, vol. 592. Springer, Berlin (2013)CrossRefGoogle Scholar
  10. 10.
    Damgard I., Funder J., Nielsen J. B., Salvail L.: Superposition attacks on cryptographic protocols. In: ICITS 2013, vol. 142 (2013)Google Scholar
  11. 11.
    Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. Int. Symp. Inf. Theory Appl. 41, 2682 (2010)Google Scholar
  12. 12.
    Kuwakado, H., Morii, M.: Security on the quantum-type Even–Mansour cipher. In: International Symposium Information Theory and its Applications. vol. 312 (2012)Google Scholar
  13. 13.
    Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 1474, 26 (1997)MathSciNetGoogle Scholar
  14. 14.
    Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Advances in Cryptology—CRYPTO 2016, vol. 207. Springer, Berlin (2016)CrossRefGoogle Scholar
  15. 15.
    Alagic, G., Russell, A.: Quantum-secure symmetric-key cryptography based on hidden shifts. In: Advances in Cryptology—EUROCRYPT 2017, vol. 65. Springer, Berlin (2015)Google Scholar
  16. 16.
    Leander, G., May, A.: Grover meets simon—quantumly attacking the FX-construction. In: Advances in Cryptology—ASIACRYPT 2017, vol. 161. Springer, Cham (2017)CrossRefGoogle Scholar
  17. 17.
    Santoli, T., Christian, S.: Using Simon’s algorithm to attack symmetric-key cryptographic primitives. Quantum Inf. Comput. 17, 65 (2017)MathSciNetGoogle Scholar
  18. 18.
    Dong, X., Wang, X.: Quantum key-recovery attack on Feistel structures. SCI. CHINA Inf. Sci. 61, 240 (2018)Google Scholar
  19. 19.
    Shi, T.R., Jin, C.H., Guan, J.: Collision attacks against AEZ-PRF for authenticated encryption AEZ. China Commun. 15, 46 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • Tai-Rong Shi
    • 1
    Email author
  • Chen-Hui Jin
    • 1
  • Bin Hu
    • 1
  • Jie Guan
    • 1
  • Jing-Yi Cui
    • 1
  • Sen-Peng Wang
    • 1
  1. 1.PLA SSF Information and Engineering UniversityZhengzhouPeople’s Republic of China

Personalised recommendations