Post-quantum Security of the Sponge Construction

  • Jan Czajkowski
  • Leon Groot Bruinderink
  • Andreas Hülsing
  • Christian Schaffner
  • Dominique Unruh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10786)


We investigate the post-quantum security of hash functions based on the sponge construction. A crucial property for hash functions in the post-quantum setting is the collapsing property (a strengthening of collision-resistance). We show that the sponge construction is collapsing (and in consequence quantum collision-resistant) under suitable assumptions about the underlying block function. In particular, if the block function is a random function or a (non-invertible) random permutation, the sponge construction is collapsing. We also give a quantum algorithm for finding collisions in an arbitrary function. For the sponge construction, the algorithm complexity asymptotically matches the complexity implied by collision resistance.


Sponge construction QROM Collapsing Collision resistance Quantum algorithms 


  1. 1.
    Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37(1), 210–239 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 1–15. Springer, Heidelberg (2010). ISBN 978-3-642-15030-2CrossRefGoogle Scholar
  3. 3.
    Berger, T.P., D’Hayer, J., Marquet, K., Minier, M., Thomas, G.: The GLUON family: a lightweight hash function family based on FCSRs. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 306–323. Springer, Heidelberg (2012). ISBN 978-3-642-31410-0CrossRefGoogle Scholar
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., van Assche, G.: Sponge functions. In: Ecrypt Hash Workshop, May 2007.
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008). ISBN 978-3-540-78966-6CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: SPONGENT: the design space of lightweight cryptographic hashing. IEEE Trans. Comput. 62(10), 2041–2053 (2013). ISSN 0018-9340MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). ISBN 978-3-642-25384-3CrossRefGoogle Scholar
  8. 8.
    Brassard, G., Hoyer, P., Tapp, A.: Quantum algorithm for the collision problem. arXiv preprint quant-ph/9705002 (1997)Google Scholar
  9. 9.
    Contini, S., Lenstra, A.K., Steinfeld, R.: VSH, an efficient and provable collision-resistant hash function. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 165–182. Springer, Heidelberg (2006). ISBN 978-3-540-34547-3CrossRefGoogle Scholar
  10. 10.
    Czajkowski, J., Groot Bruinderink, L., Hülsing, A., Schaffner, C., Unruh, D.: Post-quantum security of the sponge construction. IACR ePrint 2017/711 (2017)Google Scholar
  11. 11.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011). ISBN 978-3-642-22792-9CrossRefGoogle Scholar
  12. 12.
    Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). ISBN 978-3-540-61512-5Google Scholar
  13. 13.
    Hülsing, A., Rijneveld, J., Song, F.: Mitigating multi-target attacks in hash-based signatures. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 387–416. Springer, Heidelberg (2016). ISBN 978-3-662-49384-7CrossRefGoogle Scholar
  14. 14.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC Cryptography and Network Security Series, 2nd edn. Taylor & Francis, Milton Park (2014). ISBN 9781466570269zbMATHGoogle Scholar
  15. 15.
    Knight, W., Bloom, D.M.: E2386. Am. Math. Mon. 80(10), 1141–1142 (1973). ISSN 00029890, 19300972CrossRefGoogle Scholar
  16. 16.
    National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS). FIPS PUBS 180-4. 2015.
  17. 17.
    NIST. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Draft FIPS 202 (2014).
  18. 18.
    Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). ISBN 978-3-662-49896-5CrossRefGoogle Scholar
  19. 19.
    Unruh, D.: Collapse-binding quantum commitments without random oracles. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 166–195. Springer, Heidelberg (2016). Scholar
  20. 20.
    Zhandry, M.: A note on the quantum collision and set equality problems. Quant. Inf. Comput. 15(7&8), 557–567 (2015). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.QuSoftUniversity of AmsterdamAmsterdamThe Netherlands
  2. 2.TU EindhovenEindhovenThe Netherlands
  3. 3.University of TartuTartuEstonia

Personalised recommendations