Marc Kaplan,Gaëtan Leurent,Anthony Leverrier,María Naya-Plasencia

DOI: https://doi.org/10.13154/tosc.v2016.i1.71-94

2017-03-07

Abstract:Quantum computers, that may become available one day, would impact many scientific fields, most notably cryptography since many asymmetric primitives are insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other hand, symmetric primitives seem less vulnerable against quantum computing: the main known applicable result is Grover's algorithm that gives a quadratic speed-up for exhaustive search. In this work, we examine more closely the security of symmetric ciphers against quantum attacks. Since our trust in symmetric ciphers relies mostly on their ability to resist cryptanalysis techniques, we investigate quantum cryptanalysis techniques. More specifically, we consider quantum versions of differential and linear cryptanalysis. We show that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced: we don't get a quadratic speed-up for all variants of the attacks. This allows us to demonstrate the following non-intuitive result: the best attack in the classical world does not necessarily lead to the best quantum one. We give some examples of application on ciphers LAC and KLEIN. We also discuss the important difference between an adversary that can only perform quantum computations, and an adversary that can also make quantum queries to a keyed primitive.

Quantum Physics,Cryptography and Security

Xiaoyang Dong,Bingyou Dong,Xiaoyun Wang

DOI: https://doi.org/10.1007/s10623-020-00741-y

2020-03-09

Abstract:Post-quantum cryptography has attracted much attention from worldwide cryptologists. However, most research works are related to public-key cryptosystem due to Shor's attack on RSA and ECC ciphers. At CRYPTO 2016, Kaplan et al. showed that many secret-key (symmetric) systems could be broken using a quantum period finding algorithm, which encouraged researchers to evaluate symmetric systems against quantum attackers. In this paper, we continue to study symmetric ciphers against quantum attackers. First, we convert the classical advanced slide attacks (introduced by Biryukov and Wagner) to a quantum one, that gains an exponential speed-up in time complexity. Thus, we could break 2/4K-Feistel and 2/4K-DES in polynomial time. Second, we give a new quantum key-recovery attack on full-round GOST, which is a Russian standard, with <span class="mathjax-tex">\(2^{114.8}\)</span> quantum queries of the encryption process, faster than a quantum brute-force search attack by a factor of <span class="mathjax-tex">\(2^{13.2}\)</span>.

Amir K. Khandani

2024-01-30

Abstract:This work presents some novel techniques to enhance an encryption scheme motivated by classical McEliece cryptosystem. Contributions include: (1) using masking matrices to hide sensitive data, (2) allowing both legitimate parties to incorporate randomness in the public key without sharing any additional public information, (3) using concatenation of a repetition code for error correction, permitting key recovery with a negligible decoding complexity, (4) making attacks more difficult by increasing the complexity in verifying a given key candidate has resulted in the actual key, (5) introducing memory in the error sequence such that: (i) error vector is composed of a random number of erroneous bits, (ii) errors can be all corrected when used in conjunction with concatenation of a repetition code of length 3. Proposed techniques allow generating significantly larger keys, at the same time, with a much lower complexity, as compared to known post-quantum key generation techniques relying on randomization.

Cryptography and Security,Information Theory

Xiaoyang Dong,Xiaoyun Wang

DOI: https://doi.org/10.1007/s11432-017-9468-y

2018-08-31

Science China Information Sciences

Abstract:Post-quantum cryptography has drawn considerable attention from cryptologists on a global scale. At Asiacrypt 2017, Leander and May combined Grover’s and Simon’s quantum algorithms to break the FX-based block ciphers, which were introduced by Kilian and Rogaway to strengthen DES. In this study, we investigate the Feistel constructions using Grover’s and Simon’s algorithms to generate new quantum key-recovery attacks on different rounds of Feistel constructions. Our attacks require 20.25nr−0.75n quantum queries to break an r-round Feistel construction. The time complexity of our attacks is less than that observed for quantum brute-force search by a factor of 20.75n. When compared with the best classical attacks, i.e., Dinur et al.’s attacks at CRYPTO 2015, the time complexity is reduced by a factor of 20.5n without incurring any memory cost.

computer science, information systems,engineering, electrical & electronic

Mathieu Bozzio,Claude Crépeau,Petros Wallden,Philip Walther

2024-11-14

Abstract:Due to its fundamental principles, quantum theory holds the promise to enhance the security of modern cryptography, from message encryption to anonymous communication, digital signatures, online banking, leader election, one-time passwords and delegated computation. While quantum key distribution (QKD) has already enabled secure key exchange over hundreds of kilometers, a myriad of other quantum-cryptographic primitives are being developed to secure future applications against quantum adversaries. This article surveys the theoretical and experimental developments in quantum cryptography beyond QKD over the past decades, along with advances in secure quantum computation. It provides an intuitive classification of the main quantum primitives and their security levels, summarizes their possibilities and limits, and discusses their implementation with current photonic technology.

Quantum Physics

Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.1038/s41598-019-53435-4

IF: 4.6

2019-01-01

Scientific Reports

Abstract:Long-distance quantum key distribution (QKD) has long time seriously relied on trusted relay or quantum repeater, which either has security threat or is far from practical implementation. Recently, a solution called twin-field (TF) QKD and its variants have been proposed to overcome this challenge. However, most security proofs are complicated, a majority of which could only ensure security against collective attacks. Until now, the full and simple security proof can only be provided with asymptotic resource assumption. Here, we provide a composable finite-key analysis for coherent-state-based TF-QKD with rigorous security proof against general attacks. Furthermore, we develop the optimal statistical fluctuation analysis method to significantly improve secret key rate in high-loss regime. The results show that coherent-state-based TF-QKD is practical and feasible, with the potential to apply over nearly one thousand kilometers.

Paul Staat,Meik Dörpinghaus,Azadeh Sheikholeslami,Christof Paar,Gerhard Fettweis,Dennis Goeckel

2024-12-18

Abstract:Today's information society relies on cryptography to achieve security goals such as confidentiality, integrity, authentication, and non-repudiation for digital communications. Here, public-key cryptosystems play a pivotal role to share encryption keys and create digital signatures. However, quantum computers threaten the security of traditional public-key cryptosystems as they can tame computational problems underlying the schemes, i.e., discrete logarithm and integer factorization. The prospective arrival of capable-enough quantum computers already threatens today's secret communication in terms of their long-term secrecy when stored to be later decrypted. Therefore, researchers strive to develop and deploy alternative schemes. In this work, evaluate a key exchange protocol based on combining public-key schemes with physical-layer security, anticipating the prospect of quantum attacks. If powerful quantum attackers cannot immediately obtain private keys, legitimate parties have a window of short-term secrecy to perform a physical-layer jamming key exchange (JKE) to establish a long-term shared secret. Thereby, the protocol constraints the computation time available to the attacker to break the employed public-key cryptography. In this paper, we outline the protocol, discuss its security, and point out challenges to be resolved.

Cryptography and Security

Min Liang,Li Yang

DOI: https://doi.org/10.48550/arXiv.1812.06050

2018-12-15

Abstract:In modern cryptography, block encryption is a fundamental cryptographic primitive. However, it is impossible for block encryption to achieve the same security as one-time pad. Quantum mechanics has changed the modern cryptography, and lots of researches have shown that quantum cryptography can outperform the limitation of traditional cryptography. This article proposes a new constructive mode for private quantum encryption, named $\mathcal{EHE}$, which is a very simple method to construct quantum encryption from classical primitive. Based on $\mathcal{EHE}$ mode, we construct a quantum block encryption (QBE) scheme from pseudorandom functions. If the pseudorandom functions are standard secure, our scheme is indistinguishable encryption under chosen plaintext attack. If the pseudorandom functions are permutation on the key space, our scheme can achieve perfect security. In our scheme, the key can be reused and the randomness cannot, so a $2n$-bit key can be used in an exponential number of encryptions, where the randomness will be refreshed in each time of encryption. Thus $2n$-bit key can perfectly encrypt $O(n2^n)$ qubits, and the perfect secrecy would not be broken if the $2n$-bit key is reused for only exponential times. Comparing with quantum one-time pad (QOTP), our scheme can be the same secure as QOTP, and the secret key can be reused (no matter whether the eavesdropping exists or not). Thus, the limitation of perfectly secure encryption (Shannon's theory) is broken in the quantum setting. Moreover, our scheme can be viewed as a positive answer to the open problem in quantum cryptography "how to unconditionally reuse or recycle the whole key of private-key quantum encryption". In order to physically implement the QBE scheme, we only need to implement two kinds of single-qubit gates (Pauli $X$ gate and Hadamard gate), so it is within reach of current quantum technology.

Cryptography and Security

Renato Renner,Ramona Wolf

DOI: https://doi.org/10.2514/1.J062267

IF: 2.624

2023-02-02

AIAA Journal

Abstract:Ever since its inception, cryptography has been caught in a vicious circle: Cryptographers keep inventing methods to hide information, and cryptanalysts break them, prompting cryptographers to invent even more sophisticated encryption schemes, and so on. But could it be that quantum information technology breaks this circle? At first sight, it looks as if it just lifts the competition between cryptographers and cryptanalysts to the next level. Indeed, quantum computers will render most of today’s public key cryptosystems insecure. Nonetheless, there are good reasons to believe that cryptographers will ultimately prevail over cryptanalysts. Quantum cryptography allows us to build communication schemes whose secrecy relies only on the laws of physics and some minimum assumptions about the cryptographic hardware—leaving basically no room for an attack. While we are not yet there, this paper provides an overview of the principles and state-of-the-art of quantum cryptography, as well as an assessment of current challenges and prospects for overcoming them.

engineering, aerospace

Guillermo Currás-Lorenzo,Margarida Pereira,Go Kato,Marcos Curty,Kiyoshi Tamaki

2024-07-23

Abstract:Quantum key distribution (QKD) can theoretically achieve the Holy Grail of cryptography, information-theoretic security against eavesdropping. However, in practice, discrepancies between the mathematical models assumed in security proofs and the actual functioning of the devices used in implementations prevent it from reaching this goal. Device-independent QKD is currently not a satisfactory solution to this problem, as its performance is extremely poor and most of its security proofs assume that the user devices leak absolutely no information to the outside. On the other hand, measurement-device-independent (MDI) QKD can guarantee security with arbitrarily flawed receivers while achieving high performance, and the remaining challenge is ensuring its security in the presence of source imperfections. So far, all efforts in this regard have come at a price; some proofs are suitable only for particular source imperfections, while others severely compromise the system's performance, i.e., its communication speed and distance. Here, we overcome these crucial problems by presenting a security proof in the finite-key regime against coherent attacks that can incorporate general encoding imperfections and side channels while achieving much higher performances than previous approaches. Moreover, our proof requires minimal state characterization, which facilitates its application to real-life implementations.

Quantum Physics

Wenjie Liu,Mengting Wang,Zixian Li

DOI: https://doi.org/10.1007/s11128-023-03877-7

2023-09-24

Abstract:Exploiting quantum mechanisms, quantum attacks have the potential ability to break the cipher structure. Recently, Ito et al. proposed a quantum attack on Feistel-2* structure (Ito et al.'s attack) based onthe Q2 model. However, it is not realistic since the quantum oracle needs to be accessed by the adversary, and the data complexityis high. To solve this problem, a quantum all-subkeys-recovery (ASR) attack based on multi-equations quantum claw-finding is proposed, which takes a more realistic model, the Q1 model, as the scenario, and only requires 3 plain-ciphertext pairs to quickly crack the 6-round Feistel-2* structure. First, we proposed a multi-equations quantum claw-finding algorithm to solve the claw problem of finding multiple equations. In addition, Grover's algorithm is used to speedup the rest subkeys recovery. Compared with Ito et al.'s attack, the data complexity of our attack is reduced from O(2^n) to O(1), while the time complexity and memory complexity are also significantly reduced.

Quantum Physics,Cryptography and Security,Emerging Technologies

Zixuan Hu,Zhenyu Li

2024-08-26

Abstract:Shannon's perfect-secrecy theorem states that a perfect encryption system that yields zero information to the adversary must be a one-time pad (OTP) with the keys randomly generated and never reused. However, recently discovered exotic properties of quantum entanglement have motivated us to reconsider Shannon's theorem in the quantum regime. In this work we design a quantum encryption method that overcomes Shannon's theorem to achieve perfect secrecy with reusable keys. The mechanism used is fundamentally quantum, demonstrating subtle but critical differences in how information is processed in quantum versus classical systems.

Quantum Physics

Akinori Kawachi,Christopher Portmann

DOI: https://doi.org/10.48550/arXiv.0808.2869

2008-08-21

Quantum Physics

Abstract:The standard definition of quantum state randomization, which is the quantum analog of the classical one-time pad, consists in applying some transformation to the quantum message conditioned on a classical secret key $k$. We investigate encryption schemes in which this transformation is conditioned on a quantum encryption key state $\rho_k$ instead of a classical string, and extend this symmetric-key scheme to an asymmetric-key model in which copies of the same encryption key $\rho_k$ may be held by several different people, but maintaining information-theoretical security. We find bounds on the message size and the number of copies of the encryption key which can be safely created in these two models in terms of the entropy of the decryption key, and show that the optimal bound can be asymptotically reached by a scheme using classical encryption keys. This means that the use of quantum states as encryption keys does not allow more of these to be created and shared, nor encrypt larger messages, than if these keys are purely classical.

Zhen-Qiang Yin,Hong-Wei Li,Yao,Chun-Mei Zhang,Shuang Wang,Wei Chen,Guang-Can Guo,Zheng-Fu Han

DOI: https://doi.org/10.1103/physreva.86.022313

IF: 2.971

2012-01-01

Physical Review A

Abstract:In the "counterfactual quantum cryptography" scheme [T.-G. Noh, Phys. Rev. Lett. 103, 230501 (2009)], two legitimate distant peers may share secret-key bits even when the information carriers do not travel in the quantum channel. The security of this protocol with an ideal single-photon source has been proved by Yin et al. [Z.-Q. Yin, H. W. Li, W. Chen, Z. F. Han, and G. C. Guo, Phys. Rev. A 82, 042335 (2010)]. In this paper, we prove the security of the counterfactual-quantum-cryptography scheme based on a commonly used weak-coherent-laser source by considering a general collective attack. The basic assumption of this proof is that the efficiency and dark-counting rate of a single-photon detector are consistent for any n-photon Fock states. Then through randomizing the phases of the encoding weak coherent states, Eve's ancilla will be transformed into a classical mixture. Finally, the lower bound of the secret-key-bit rate and a performance analysis for the practical implementation are both given.

Sara Ricci,Patrik Dobias,Lukas Malina,Jan Hajny,Petr Jedlicka

DOI: https://doi.org/10.1109/access.2024.3364520

IF: 3.9

2024-02-20

IEEE Access

Abstract:Currently, with the threat of quantum computer attacks, the idea of combining several same-type primitives has reemerged. This is also the case for cryptographic keys where a hybrid quantum key exchange combination allows for preserving the security guarantees of pre-quantum schemes and achieving quantum resistance of post-quantum schemes. In this article, we present a concrete 3-key combiner system implemented on a Field Programmable Gate Arrays (FPGA) platform. Our system involves a pre-quantum Key EXchange scheme (KEX), a post-quantum key encapsulation mechanism, and a Quantum Key Distribution (QKD) algorithm. The proposed 3-key combiner is proven to be secure in the quantum standard model and it is INDistinguishable under a Chosen-Ciphertext Attack (IND-CCA). Our combiner can run in small FPGA platforms due to its relatively low resources usage. In particular, the key combiner without QKD is able to output up to 1 624 keys per second and the key combiner with QKD is able to output up to 9.2 keys per second.

computer science, information systems,telecommunications,engineering, electrical & electronic

Randy Kuang,Michel Barbeau

DOI: https://doi.org/10.1007/s11128-022-03557-y

IF: 1.965

2022-06-01

Quantum Information Processing

Abstract:Classical cryptographic techniques are currently under the growing quantum computing threat. New techniques that quantum computing algorithms cannot break are urgently needed. We present such an encryption method. It builds upon quantum permutation logic gates or quantum permutation pads. It is universal in that it can be equally employed on classical computers, today’s Internet, and the upcoming quantum Internet. While the cryptographic technique is formulated in a quantum computing framework, it does not rely on physical properties uniquely present at the quantum level, such as no-cloning or entanglement of data. It achieves with today’s technology a level of security comparable to what will be possible to attain with tomorrow’s quantum technology. The mathematics behind the cryptographic technique, quantum representations of a symmetric group over a computational basis, is surprisingly simple. However, the challenge faced by an adversary wishing to break the code is intractable and uninterpretable, a property of Shannon’s perfect secrecy. We believe that the cryptographic technique presented in this article can be used in several different ways and modes. It can be integrated into numerous current Internet protocols, or the Internet of Things, making them quantum safe. In addition, it can be used to transition to the upcoming Internet quantum technology smoothly.

physics, multidisciplinary,quantum science & technology, mathematical

Luis Adrián Lizama-Pérez

2024-09-04

Abstract:We present a novel approach to secret key establishment that appears to be resistant to currently known quantum cryptanalytic algorithms. This quantum resistance arises because the security of our method does not rely on the difficulty of integer factorization or the discrete logarithm problem. Based on the analyses of Alice's public key, the communication exchange between Alice and Bob, and the scenario where Bob behaves as Eve, we can conclude that, even if Eve has access to a quantum computer capable of solving discrete logarithms, she is unable to determine Alice's private key. Additionally, our approach achieves Perfect Forward Secrecy (PFS), ensuring that the security of previously used keys is not compromised by any key that becomes compromised. Notably, our system offers competitive public and private key sizes compared to those currently available.

Information Theory

Taiga Hiroka,Fuyuki Kitagawa,Ryo Nishimaki,Takashi Yamakawa

2023-12-05

Abstract:A robust combiner combines many candidates for a cryptographic primitive and generates a new candidate for the same primitive. Its correctness and security hold as long as one of the original candidates satisfies correctness and security. A universal construction is a closely related notion to a robust combiner. A universal construction for a primitive is an explicit construction of the primitive that is correct and secure as long as the primitive exists. It is known that a universal construction for a primitive can be constructed from a robust combiner for the primitive in many cases. Although robust combiners and universal constructions for classical cryptography are widely studied, robust combiners and universal constructions for quantum cryptography have not been explored so far. In this work, we define robust combiners and universal constructions for several quantum cryptographic primitives including one-way state generators, public-key quantum money, quantum bit commitments, and unclonable encryption, and provide constructions of them. On a different note, it was an open problem how to expand the plaintext length of unclonable encryption. In one of our universal constructions for unclonable encryption, we can expand the plaintext length, which resolves the open problem.

Quantum Physics

Xiongfeng Ma

DOI: https://doi.org/10.48550/arxiv.0808.1385

2008-01-01

Abstract:A highly attenuated laser pulse which gives a weak coherent state is widely used in quantum key distribution (QKD) experiments. A weak coherent state has multi-photon components, which opens up a security loophole to the sophisticated eavesdropper. With a small adjustment of the hardware, we prove that the decoy state method can close this loophole and substantially improve the QKD performance. We also propose a few practical decoy state protocols, study statistical fluctuations and perform experimental demonstrations. Moreover, we apply the methods from entanglement distillation protocols based on two-way classical communication to improve the decoy state QKD performance. Furthermore, we study the decoy state methods for other single photon sources, such as triggering parametric down-conversion (PDC) source. We propose a model and post-processing scheme for the entanglement-based QKD with a PDC source. Although the model is proposed to study the entanglement-based QKD, we emphasize that our generic model may also be useful for other non-QKD experiments involving a PDC source. By simulating a real PDC experiment, we show that the entanglement-based QKD can achieve longer maximal secure distance than the single-photon-based QKD schemes. We present a time-shift attack that exploits the efficiency mismatch of two single photon detectors in a QKD system. This eavesdropping strategy can be realized by current technology. We also discuss counter measures against the attack and study the security of a QKD system with efficiency mismatch detectors.

Yin-Song Xu,Yi-Bo Luo,Zheng Yuan,Xuan Zhou,Qi-di You,Fei Gao,Xiao-Yang Dong

DOI: https://doi.org/10.1007/s10623-024-01526-3

2024-01-01

Abstract:In recent years, it has become a popular trend to propose quantum versions of classical attacks. The rectangle attack as a differential attack is widely used in symmetric cryptanalysis and applied on many block ciphers. To improve its efficiency, we propose a new quantum rectangle attack firstly. In rectangle attack, it counts the number of valid quartets for each guessed subkeys and filters out subkey candidates according to the counter. To speed up this procedure, we propose a quantum key counting algorithm based on parallel amplitude estimation algorithm and amplitude amplification algorithm. Then, we complete with the remaining key bits and search the right full key by nested Grover search. Besides, we give a strategy to find a more suitable distinguisher to make the complexity lower. Finally, to evaluate post-quantum security of the tweakable block cipher Deoxys-BC, we perform automatic search for good distinguishers of Deoxys-BC according to the strategy, and then apply our attack on 9/10-round Deoxys-BC-256 and 12/13/14-round Deoxys-BC-384. The results show that our attack has some improvements than classical attacks and Grover search.