Advertisement

Quantum cryptanalysis on some generalized Feistel schemes

  • Xiaoyang Dong
  • Zheng Li
  • Xiaoyun WangEmail author
Research Paper
  • 6 Downloads

Abstract

Post-quantum cryptography has attracted much attention from worldwide cryptologists. In ISIT 2010, Kuwakado and Morii gave a quantum distinguisher with polynomial time against 3-round Feistel networks. However, generalized Feistel schemes (GFS) have not been systematically investigated against quantum attacks. In this paper, we study the quantum distinguishers about some generalized Feistel schemes. For d-branch Type-1 GFS (CAST256-like Feistel structure), we introduce (2d - 1)-round quantum distinguishers with polynomial time. For 2d-branch Type-2 GFS (RC6/CLEFIA-like Feistel structure), we give (2d + 1)-round quantum distinguishers with polynomial time. Classically, Moriai and Vaudenay proved that a 7-round 4-branch Type-1 GFS and 5-round 4-branch Type-2 GFS are secure pseudo-random permutations. Obviously, they are no longer secure in quantum setting. Using the above quantum distinguishers, we introduce generic quantum key-recovery attacks by applying the combination of Simon’s and Grover’s algorithms recently proposed by Leander and May. We denote n as the bit length of a branch. For (d2-d+2)-round Type-1 GFS with d branches, the time complexity is \({2^{\left( {\frac{1}{2}{d^2} - \frac{3}{2}d + 2} \right) \cdot \frac{n}{2}}}\), which is better than the quantum brute force search (Grover search) by a factor \({2^{\left( {\frac{1}{4}{d^2} + \frac{1}{4}d} \right)n}}\). For 4d-round Type-2 GFS with 2d branches, the time complexity is \({2^{\frac{{{d^2}n}}{2}}}\), which is better than the quantum brute force search by a factor \({2^{\frac{{3{d^2}n}}{2}}}\).

Keywords

generalized Feistel schemes Simon Grover quantum key-recovery quantum cryptanalysis 

Notes

Acknowledgements

This work was supported by National Key Research and Development Program of China (Grant No. 2017YFA0303903), Project Funded by China Postdoctoral Science Foundation (Grant No. 2017M620807), National Cryptography Development Fund (Grant No. MMJJ20170121), Zhejiang Province Key R&D Project (Grant No. 2017C01062), National Natural Science Foundation of China (Grant No. 61672019), and Fundamental Research Funds of Shandong University (Grant No. 2016JC029).

References

  1. 1.
    Shor P W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J Comput, 1997, 26: 1484–1509MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Kuwakado H, Morii M. Security on the quantum-type even-mansour cipher. In: Proceedings of International Symposium on Information Theory and Its Applications, 2012. 312–316Google Scholar
  3. 3.
    Kuwakado H, Morii M. Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: Proceedings of International Symposium on Information Theory, 2010. 2682–2685Google Scholar
  4. 4.
    Kaplan M, Leurent G, Leverrier A, et al. Breaking symmetric cryptosystems using quantum period finding. In: Advances in Cryptology - CRYPTO 2016. Berlin: Springer-Verlag, 2016. 207–237CrossRefGoogle Scholar
  5. 5.
    Leander G, May A. Grover meets simon - quantumly attacking the FX-construction. In: Advances in Cryptology - ASIACRYPT 2017, Part II. Berlin: Springer, 2017. 10625: 161–178MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Moody D. The ship has sailed: the NIST post-quantum cryptography “competition” (invited talk). In: Advances in Cryptology - ASIACRYPT 2017. Berlin: Springer, 2017Google Scholar
  7. 7.
    Boneh D, Zhandry M. Secure signatures and chosen ciphertext security in a quantum computing world. In: Advances in Cryptology - CRYPTO 2013. Berlin: Springer, 2013. 8043: 361–379MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Grover L K. A fast quantum mechanical algorithm for database search. In: Proceedings of STOC 1996, 1996. 212–219Google Scholar
  9. 9.
    Simon D R. On the power of quantum computation. SIAM J Comput, 1997, 26: 1474–1483MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Feistel H, Notz W A, Smith J L. Some cryptographic techniques for machine-to-machine data communications. Proc IEEE, 1975, 63: 1545–1554CrossRefGoogle Scholar
  11. 11.
    International Organization for Standardization (ISO). Information Technology - Security Techniques - Encryption Algorithms-Part 3: Block Ciphers. International Standard - ISO/IEC 18033-3. 2010. https://www.iso.org/standard/54531.htmlGoogle Scholar
  12. 12.
    Zheng Y L, Matsumoto T, Imai H. On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Advances in Cryptology - CRYPTO 1989. New York: Springer, 1989. 435: 461–480MathSciNetzbMATHGoogle Scholar
  13. 13.
    Moriai S, Vaudenay S. On the pseudorandomness of top-level schemes of block ciphers. In: Advances in Cryptology - ASIACRYPT 2000. Berlin: Springer, 2000. 1976: 289–302MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Luby M, Rackoff C. How to construct pseudorandom permutations from pseudorandom functions. SIAM J Comput, 1988, 17: 373–386MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Brassard G, Hoyer P, Mosca M, et al. Quantum amplitude amplification and estimation. 2000. ArXiv: quant-ph/0005055zbMATHGoogle Scholar
  16. 16.
    Borghoff J, Canteaut A, Güneysu T, et al. PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In: Advances in Cryptology - ASIACRYPT 2012. Berlin: Springer-Verlag, 2009. 7658: 208–225CrossRefzbMATHGoogle Scholar
  17. 17.
    Albrecht M R, Driessen B, Kavun E B, et al. Block ciphers - focus on the linear layer (feat. PRIDE). In: Advances in Cryptology - CRYPTO 2014. Berlin: Springer, 2014. 8616: 57–76CrossRefzbMATHGoogle Scholar
  18. 18.
    Kilian J, Rogaway P. How to protect DES against exhaustive key search. In: Advances in Cryptology - CRYPTO 1996. Berlin: Springer, 1996. 1109: 252–267MathSciNetzbMATHGoogle Scholar
  19. 19.
    Dong X Y, Wang X Y. Quantum key-recovery attack on Feistel structures. Sci China Inf Sci, 2018, 61: 102501CrossRefGoogle Scholar
  20. 20.
    Hosoyamada A, Sasaki Y. Quantum meet-in-the-middle attacks: applications to generic feistel constructions. In: Proceedings of International Conference on Security and Cryptography for Networks, 2018. 386–403CrossRefGoogle Scholar
  21. 21.
    Zhang L T, Wu W L. Pseudorandomness and super pseudorandomness on the unbalanced feistel networks with contracting functions. Chin J Comput, 2009, 32: 1320–1330MathSciNetCrossRefGoogle Scholar

Copyright information

© Science China Press and Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Institute for Advanced StudyTsinghua UniversityBeijingChina
  2. 2.Key Laboratory of Cryptologic Technology and Information SecurityMinistry of Education, Shandong UniversityJinanChina

Personalised recommendations