On Quantum Related-Key Attacks on Iterated Even-Mansour Ciphers

  • Akinori HosoyamadaEmail author
  • Kazumaro Aoki
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10418)


The impacts that quantum computers will have on cryptography have become more and more important to study for not only public key cryptography but also symmetric key cryptography. For example, at ISITA 2012, Kuwakado and Morii showed that an adversary with a quantum computer can recover keys of the Even-Mansour construction in polynomial time by applying Simon’s algorithm. In addition, at CRYPTO 2016, Kaplan et al. showed that Simon’s algorithm can also be used to perform forgery attacks against MACs and exponentially speed-up a slide attack. This paper introduces a tool for finding the period of a function that is periodic up to constant addition and shows that a quantum adversary can use the tool to perform a related-key attack in polynomial time. Our quantum related-key attack is an extension of the quantum slide attack by Kaplan et al. against iterated Even-Mansour ciphers that are implemented on quantum circuits. Although the relationships among keys are strong, our algorithm can recover all the keys of a two-round iterated Even-Mansour cipher in polynomial time.


  1. 1.
    Chen, S., Steinberger, J.P.: Tight security bounds for key-alternating ciphers. IACR Cryptology ePrint Archive 2013, 222 (2013).
  2. 2.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151–162 (1997). MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing. STOC 1996, NY, USA, pp. 212–219 (1996).
  4. 4.
    Kaplan, M.: Quantum attacks against iterated block ciphers. CoRR abs/1410.1434 (2014).
  5. 5.
    Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Proceedings of the Advances in Cryptology - CRYPTO 2016–36th Annual International Cryptology Conference, Part II, Santa Barbara, CA, USA, August 14–18, 2016, pp. 207–237 (2016).
  6. 6.
    Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2016(1), 71–94 (2016).
  7. 7.
    Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: Proceedings of the IEEE International Symposium on Information Theory, ISIT 13–18, 2010, Austin, Texas, USA, pp. 2682–2685 (2010).
  8. 8.
    Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31, 2012. pp. 312–316 (2012).
  9. 9.
    Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions (abstract). In: Proceedings of the Advances in Cryptology - CRYPTO 1985, Santa Barbara, California, USA, August 18–22, 1985, p. 447 (1985).
  10. 10.
    NIST: Advanced encryption standard (AES) FIPS 197 (2001)Google Scholar
  11. 11.
    NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016)Google Scholar
  12. 12.
    Rötteler, M., Steinwandt, R.: A note on quantum related-key attacks. Inf. Process. Lett. 115(1), 40–44 (2015). CrossRefzbMATHGoogle Scholar
  13. 13.
    Santoli, T., Schaffner, C.: Using Simon’s algorithm to attack symmetric-key cryptographic primitives. Quantum Inf. Comput. 17(1&2), 65–78 (2017). Google Scholar
  14. 14.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997). MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Treger, J., Patarin, J.: Generic attacks on Feistel networks with internal permutations. In: Proceedings of the Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21–25, 2009, pp. 41–59 (2009).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.NTT Secure Platform LaboratoriesTokyoJapan

Personalised recommendations