Quantum Meet-in-the-Middle Attack on Feistel Construction
Inspired by Hosoyamada et al.'s work [14], we propose a new quantum meet-in-the-middle (QMITM) attack on $r$-round ($r \ge 7$) Feistel construction to reduce the time complexity. Similar to Hosoyamada et al.'s work, our attack on 7-round Feistel is also based on Guo et al.'s classical...
Saved in:
| Main Authors | , |
|---|---|
| Format | Journal Article |
| Language | English |
| Published |
27.07.2021
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.48550/arxiv.2107.12724 |
Cover
| Summary: | Inspired by Hosoyamada et al.'s work [14], we propose a new quantum
meet-in-the-middle (QMITM) attack on $r$-round ($r \ge 7$) Feistel construction
to reduce the time complexity. Similar to Hosoyamada et al.'s work, our attack
on 7-round Feistel is also based on Guo et al.'s classical meet-in-the-middle
(MITM) attack [13]. The classic MITM attack consumes a lot of time mainly in
three aspects: construct the lookup table, query data and find a match.
Therefore, parallel Grover search processors are used to reduce the time of
constructing the lookup table. And we adjust the truncated differentials of the
5-round distinguisher proposed by Guo et al. to balance the complexities
between constructing the lookup table and querying data. Finally, we introduce
a quantum claw finding algorithm to find a match for reducing time. The subkeys
can be recovered by this match. Furthermore, for $r$-round ($r > 7$) Feistel
construction, we treat the above attack on the first 7 rounds as an inner loop
and use Grover's algorithm to search the last $r-7$ rounds of subkeys as an
outer loop. In summary, the total time complexity of our attack on $r$-round
($r \ge 7$) is only $O(2^{2n/3+(r-7)n/4})$ less than classical and quantum
attacks. Moreover, our attack belongs to Q1 model and is more practical than
other quantum attacks. |
|---|---|
| DOI: | 10.48550/arxiv.2107.12724 |