A quantum distinguisher for 7/8-round SMS4 block cipher. (English) Zbl 1509.81375
Summary: Constructions of quantum distinguishers (extended to key recovery attacks) for generalized Feistel networks have been recently proposed in several works, where the main focus has been on Type 1 and 2 schemes. In this work, we derive a quantum distinguisher for 7 and 8 rounds of the SMS4 block cipher, which belongs to the class of unbalanced (contracting) generalized Feistel schemes. In the former case, by applying Simon’s quantum algorithm we construct a quantum distinguisher that runs in (quantum) polynomial time \(\mathcal{O}(n)\) (\(n\) is the branch size), while later we need to combine Simon’s and Grover’s algorithms in context of the amplitude amplification technique. We show that for the 8-round SMS4 cipher a quantum distinguisher can be constructed in both \(\mathbf{Q1}\) and \(\mathbf{Q2}\) attack models. This is achieved by applying the method of asymmetric search of a period, introduced by X. Bonnetain and M. Naya-Plasencia [Lect. Notes Comput. Sci. 11272, 560–592 (2018; Zbl 1446.94106)], where online and offline queries to the encryption oracle are separated. In this context, we answer the open problem posed by X. Dong, Z. Li and X. Wang [“Quantum cryptanalysis on some generalized Feistel schemes”, Sci. China Inf. Sci. 62, Paper No. 22501, 12 p. (2019; doi:10.1007/s11432-017-9436-7)], which has been left open for construction of quantum distinguishers for \(\geq 7\) rounds. Moreover, we show that for the specific instance when the quantum oracle for 8 rounds of SMS4 cipher is available, one can extract the master secret key with the same complexity and number of qubits required for the 8-round distinguisher.
MSC:
| 81P94 | Quantum cryptography (quantum-theoretic aspects) |
| 94A60 | Cryptography |
| 68Q12 | Quantum algorithms and complexity in the theory of computing |
| 81P68 | Quantum computation |
Keywords:
Simon’s algorithm; Grover’s algorithm; generalized Feistel network; SMS4 block cipher; quantum cryptanalysisCitations:
Zbl 1446.94106Software:
MISTYReferences:
| [1] | Abbasi, I., Afzal, M.: A compact S-Box design for SMS4 block cipher. IT Convergence and Services. LNEE, vol. 107. Springer, Dordrecht, pp. 641-658 (2011) |
| [2] | Bernstein, E.; Vazirani, U., Quantum complexity theory, SIAM J. Comput., 26, 5, 1411-1473 (1997) · Zbl 0895.68042 · doi:10.1137/S0097539796300921 |
| [3] | Bonnetain, X.: Quantum key-recovery on full AEZ. In: 24th International Conference on Security and Cryptology, Selected Areas in Cryptography SAC 2017. Ottawa, ON, Canada, 16-18, pp. 3941-406 (2017). doi:10.1007/978-3-319-72565-9 · Zbl 1384.94037 |
| [4] | Bonnetain, X., Plasencia, M.N.: Hidden shift quantum cryptanalysis and implications. Advances in Cryptology ASIACRYPT 2018, LNCS, vol. 11272, pp. 560-592 (2018) · Zbl 1446.94106 |
| [5] | Bonnetain, X., Plasencia, M.N., Schrottenloher, A.: On quantum Slide attacks. Selected Areas in Cryptography SAC 2019, LNCS, vol. 11959, pp. 492-519 (2019) · Zbl 1453.94062 |
| [6] | Bonnetain, X., Hosoyamada, A., Plasencia, M.N., Sasaki, Y., Schrottenloher, A.: Quantum attacks without superposition queries: the offline Simon algorithm. Advances in Cryptology ASIACRYPT 2019, LNCS, vol. 11921, pp. 552-583 (2019) · Zbl 1456.94052 |
| [7] | Brassard, G., Høyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Quantum Computation and Information (Washington, DC, 2000), Contemporary Mathematics, vol. 305, pp. 53-74 (2002) · Zbl 1063.81024 |
| [8] | Diffie, W., Ledin, G.: SMS4 encryption algorithm for wireless networks. IACR Cryptology ePrint Archive (2008). https://eprint.iacr.org/2008/329.pdf |
| [9] | Dong, X., Dong, B., Wang, X.: Quantum attacks on some Feistel block ciphers. IACR Cryptology ePrint Archive (2018). https://eprint.iacr.org/2018/504.pdf · Zbl 1448.94195 |
| [10] | Dong, X.; Li, Z.; Wang, X., Quantum cryptanalysis on some generalized Feistel schemes, Sci. China Inf. Sci., 62, 22501 (2019) · doi:10.1007/s11432-017-9436-7 |
| [11] | Dong, X.; Wang, X., Quantum key-recovery attack on Feistel structures, Sci. China Inf. Sci., 61, 102501 (2019) · doi:10.1007/s11432-017-9468-y |
| [12] | Feistel, H.; Notz, WA; Smith, JL, Some cryptographic techniques for machine-to-machine data communications, Proc. IEEE, 63, 11, 1545-1554 (1975) · doi:10.1109/PROC.1975.10005 |
| [13] | Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, Philadelphia, Pennsylvania, USA, May 22-24, pp. 212-219 (1996) · Zbl 0922.68044 |
| [14] | Hao, X.; Zhang, F.; Wei, Y.; Zhou, Y., Quantum period finding based on the Bernstein-Vazirani algorithm, Quantum Inf. Comput., 20, 1-2, 65-84 (2020) |
| [15] | Hosoyamada, A., Aoki, K.: On quantum related-key attacks on iterated Even-Mansour ciphers. Advances in Information and Computer Security, International Workshop on Security IWSEC 2017, LNCS, vol. 10418, pp. 3-18 (2017) · Zbl 1398.94123 |
| [16] | Hosoyamada, A., Sasaki, Y.: Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: International Conference on Security and Cryptography for Networks, Security and Cryptography for Networks, LNCS, vol. 11035, pp. 386-403 (2018) · Zbl 1514.81107 |
| [17] | Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Y., Iwata, T.: Quantum chosen-ciphertext attacks against Feistel ciphers. Cryptographers Track at the RSA Conference, CT-RSA 2019: Topics in Cryptology CT-RSA 2019, LNCS, vol. 11405, pp. 391-411 (2019) · Zbl 1453.94091 |
| [18] | Ito, G., Iwata, T.: Quantum distinguishing attacks against type-1 generalized Feistel ciphers. IACR Cryptology ePrint Archive (2019). https://eprint.iacr.org/2019/327.pdf · Zbl 1456.94101 |
| [19] | Kaplan, M., Leurent, G., Leverrier, A., Plasencia, M.N.: Breaking symmetric cryptosystems using quantum period finding. CRYPTO 2016: Advances in Cryptology CRYPTO 2016, LNCS, vol. 9815. Springer, Berlin, Heidelberg, pp. 207-237 (2016) · Zbl 1391.94766 |
| [20] | Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory (2010). doi:10.1109/ISIT.2010.5513654 |
| [21] | Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: International Symposium on Information Theory and its Applications, October 28-31, Honolulu, HI, USA (2012) |
| [22] | Leander, G., May, A.: Grover meets Simon quantumly attacking the FX-construction. In: Advances in Cryptology ASIACRYPT 2017, International Conference on the Theory and Application of Cryptology and Information Security, LNCS, vol. 10625, pp. 161-178 (2017) · Zbl 1380.94109 |
| [23] | Liu, F., Ji, W., Hu, L., Ding, J., Lv, S., Pyshkin, A., Weinmann, R.-P.: Analysis of the SMS4 block cipher. In: Australasian Conference on Information Security and Privacy, Information Security and Privacy, LNCS, vol. 4586. Springer, Berlin, Heidelberg, pp. 158-170 (2007) · Zbl 1213.94121 |
| [24] | Matsui, M.: New block encryption algorithm MISTY. In: International Workshop on Fast Software Encryption, LNCS, vol. 1267. Springer, Berlin, Heidelberg, pp. 54-68 (2006) · Zbl 1385.94061 |
| [25] | Ni, B., Dong, X.: Improved quantum attack on type-1 generalized Feistel schemes and its application to CAST-256. IACR Cryptology ePrint Archive (2019). https://eprint.iacr.org/2019/318.pdf |
| [26] | Röetteler, M.; Steinwandt, R., A note on quantum related-key attacks, Inf. Process. Lett., 115, 1, 40-44 (2015) · Zbl 1358.94076 · doi:10.1016/j.ipl.2014.08.009 |
| [27] | Santoli, T.; Schaffner, C., Using Simon’s algorithm to attack symmetric-key cryptographic primitives, Quantum Inf. Comput., 17, 1-2, 65-78 (2017) |
| [28] | Simon, DR, On the power of quantum computation, SIAM J. Comput., 26, 5, 1474-1483 (1997) · Zbl 0883.03024 · doi:10.1137/S0097539796298637 |
| [29] | Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Washington, DC, USA, pp. 124-134 (1994) |
| [30] | Xu, L.; Guo, J.; Cui, J.; Li, M., Key-recovery attacks on LED-like block ciphers, Tsinghua Sci. Technol., 24, 5, 585-595 (2019) · doi:10.26599/TST.2018.9010130 |
| [31] | Zhang, LT; Wu, WL, Pseudorandomness and super pseudorandomness on the unbalanced Feistel networks with contracting functions, China J. Comput., 32, 1320-1330 (2009) · doi:10.3724/SP.J.1016.2009.01320 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
