Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions

This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selçuk (DS-MITM attacks), which is currently one of the most powerful cryptanalytic approaches in the classical setting against symmetric-key schemes. The quantum DS-MITM...

Full description

Saved in:
Bibliographic Details
Published inSecurity and Cryptography for Networks Vol. 11035; pp. 386 - 403
Main Authors Hosoyamada, Akinori, Sasaki, Yu
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 2018
Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Claw finding algorithm
Demiric-Selçuk meet-in-the-middle attack
Feistel construction
Grover’s algorithm
Post-quantum cryptography
Q1 model
Online AccessGet full text

Cover

More Information
Summary:This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selçuk (DS-MITM attacks), which is currently one of the most powerful cryptanalytic approaches in the classical setting against symmetric-key schemes. The quantum DS-MITM attacks are demonstrated against 6 rounds of the generic Feistel construction supporting an n-bit key and an n-bit block, which was attacked by Guo et al. in the classical setting with data, time, and memory complexities of O(23n/4)$$O(2^{3n/4})$$. The complexities of our quantum attacks depend on the adversary’s model. When the adversary has an access to quantum computers for offline computations but online queries are made in a classical manner, the attack complexities become O~(2n/2)$$\tilde{O}(2^{n/2})$$, which significantly improves the classical attack. The attack is then extended to the case that the adversary can make superposition queries. The attack is based on 3-round distinguishers with Simon’s algorithm and then appends 3 rounds for key recovery. This can be solved by applying the combination of Simon’s and Grover’s algorithms recently proposed by Leander and May.
Bibliography:Due to space limitations, some details and proofs are left to the full paper [HS17].
Original Abstract: This paper shows that quantum computers can significantly speed-up a type of meet-in-the-middle attacks initiated by Demiric and Selçuk (DS-MITM attacks), which is currently one of the most powerful cryptanalytic approaches in the classical setting against symmetric-key schemes. The quantum DS-MITM attacks are demonstrated against 6 rounds of the generic Feistel construction supporting an n-bit key and an n-bit block, which was attacked by Guo et al. in the classical setting with data, time, and memory complexities of O(23n/4)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$O(2^{3n/4})$$ \end{document}. The complexities of our quantum attacks depend on the adversary’s model. When the adversary has an access to quantum computers for offline computations but online queries are made in a classical manner, the attack complexities become O~(2n/2)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document} $$\tilde{O}(2^{n/2})$$ \end{document}, which significantly improves the classical attack. The attack is then extended to the case that the adversary can make superposition queries. The attack is based on 3-round distinguishers with Simon’s algorithm and then appends 3 rounds for key recovery. This can be solved by applying the combination of Simon’s and Grover’s algorithms recently proposed by Leander and May.
ISBN:9783319981123
3319981129
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-98113-0_21