
Quantum MeetintheMiddle Attack on 7round Feistel Construction
Quantum attacks on Feistel constructions have attracted much more attent...
read it

Quantum searchtodecision reductions and the state synthesis problem
It is a useful fact in classical computer science that many search probl...
read it

Quantum Period Finding against Symmetric Primitives in Practice
We present the first complete implementation of the offline Simon's algo...
read it

Improved Lowqubit Hidden Shift Algorithms
Hidden shift problems are relevant to assess the quantum security of var...
read it

Beyond quadratic speedups in quantum attacks on symmetric schemes
In this paper, we report the first quantum keyrecovery attack on a symm...
read it

Quantum algorithms for matrix scaling and matrix balancing
Matrix scaling and matrix balancing are two basic linearalgebraic probl...
read it

PQC: Triple Decomposition Problem Applied To GL(d, Fp)  A Secure Framework For Canonical NonCommutative Cryptography
PostQuantum Cryptography (PQC) attempts to find cryptographic protocols...
read it
Quantum Attacks without Superposition Queries: the Offline Simon's Algorithm
In symmetric cryptanalysis, the model of superposition queries has led to surprising results, with many constructions being broken in polynomial time thanks to Simon's periodfinding algorithm. But the practical implications of these attacks remain blurry. In contrast, the results obtained so far for a quantum adversary making classical queries only are less impressive. In this paper, we introduce a new quantum algorithm which uses Simon's subroutines in a novel way. We manage to leverage the algebraic structure of cryptosystems in the context of a quantum attacker limited to classical queries and offline quantum computations. We obtain improved quantumtime/classicaldata tradeoffs with respect to the current literature, while using only as much hardware requirements (quantum and classical) as a standard exhaustive search with Grover's algorithm. In particular, we are able to break the EvenMansour construction in quantum time Õ(2^n/3), with O(2^n/3) classical queries and O(n^2) qubits only. In addition, we improve some previous superposition attacks by reducing the data complexity from exponential to polynomial, with the same time complexity. Our approach can be seen in two complementary ways: reusing superposition queries during the iteration of a search using Grover's algorithm, or alternatively, removing the memory requirement in some quantum attacks based on a collision search, thanks to their algebraic structure. We provide a list of cryptographic applications, including the EvenMansour construction, the FX construction, some Sponge authenticated modes of encryption, and many more.
READ FULL TEXT
Comments
There are no comments yet.