Quantum Key-length Extension

by   Joseph Jaeger, et al.

Should quantum computers become available, they will reduce the effective key length of basic secret-key primitives, such as blockciphers. To address this we will either need to use blockciphers which inherently have longer keys or use key-length extension techniques which employ a blockcipher to construct a more secure blockcipher that uses longer keys. We consider the latter approach by analyzing the security of the FX and double encryption constructions. Classically, FX is known to be secure, while double encryption is no more secure than single encryption due to a meet-in-the-middle attack. We provide positive results, with concrete and tight bounds, for both of these constructions against quantum attackers in ideal models. For FX, we consider security in the "Q1 model," a natural model in which the attacker has quantum access to the ideal primitive, but only classic access to FX. We provide two partial results in this model. The first establishes the security of FX against non-adaptive attackers. The second establishes fully adaptive security when considering a variant of FX using a random oracle in place of an ideal cipher. This result relies on the techniques of Zhandry (CRYPTO '19) for lazily sampling a quantum random oracle and are thus hard to extend to the true FX construction because it is unknown if a quantum random permutation can be lazily sampled. To the best of our knowledge, this result also is the first to introduce techniques to handle Q1 security in ideal models without analyzing the classical and quantum oracles separately, which may be of broader interest. For double encryption we apply a technique of Tessaro and Thiruvengadam (TCC '18) to establish that security reduces to the difficulty of solving the list disjointness problem, which we are able to reduce through a chain of results to the known quantum difficulty of the element distinctness problem.


page 1

page 2

page 3

page 4


On non-adaptive quantum chosen-ciphertext attacks and Learning with Errors

Large-scale quantum computing is a significant threat to classical publi...

Quantum Public-Key Encryption with Tamper-Resilient Public Keys from One-Way Functions

We construct quantum public-key encryption from one-way functions. In ou...

Understanding the Related-Key Security of Feistel Ciphers from a Provable Perspective

We initiate the provable related-key security treatment for models of pr...

Public-Key Encryption with Quantum Keys

In the framework of Impagliazzo's five worlds, a distinction is often ma...

Deniable Encryption in a Quantum World

(Sender-)Deniable encryption provides a very strong privacy guarantee: a...

Certified Everlasting Functional Encryption

Computational security in cryptography has a risk that computational ass...

Yuen's Criticisms on Security of Quantum Key Distribution and Onward

Quantum Key Distribution (QKD) has been attracting researchers that it w...

Please sign up or login with your details

Forgot password? Click here to reset