Quantum cryptanalysis of hash and claw-free functions
We give a quantum algorithm that finds collisions in arbitrary r-to-one functions after only O(3√N/r) expected evaluations of the function, where N is the cardinality of the domain. Assuming the function is given by a black box, this is more efficient than the best possible classical algorithm, even allowing probabilism. We also give a similar algorithm for finding claws in pairs of functions. Further, we exhibit a space-time tradeoff for our technique. Our approach uses Grover's quantum searching algorithm in a novel way.
KeywordsExpected Number Quantum Algorithm Quantum Cryptanalysis Classical Algorithm Cryptographic Protocol
Unable to display preview. Download preview PDF.
- 1.Michel Boyer, Gilles Brassard, Peter HØyer and Alain Tapp, “Tight bounds on quantum searching”, Proceedings of Fourth Workshop on Physics and Computation — PhysComp '96, November 1996, pp. 36–43. Final version to appear in Fortschritte Der Physik.Google Scholar
- 3.Gilles Brassard and Peter HØyer, “An exact quantum polynomial-time algorithm for Simon's problem”, Proceedings of Fifth Israeli Symposium on Theory of Computing and Systems — ISTCS '97, June 1997, IEEE Computer Society Press, pp. 12–23.Google Scholar
- 6.Lov K. Grover, “A fast quantum mechanical algorithm for database search”, Proceedings of the 28th Annual ACM Symposium on Theory of Computing, 1996, pp. 212–219.Google Scholar
- 8.Eric Rains, talk given at AT&T, Murray Hill, New Jersey, 12 March 1997.Google Scholar