Amit Kumar Chauhan,Abhishek Kumar,Somitra Kumar Sanadhya

DOI: https://doi.org/10.46586/tosc.v2021.i1.316-336

2021-03-19

IACR Transactions on Symmetric Cryptology

Abstract:Recently, Hosoyamada and Sasaki (EUROCRYPT 2020), and Xiaoyang Dong et al. (ASIACRYPT 2020) proposed quantum collision attacks against AES-like hashing modes AES-MMO and AES-MP. Their collision attacks are based on the quantum version of the rebound attack technique exploiting the differential trails whose probabilities are too low to be useful in the classical setting but large enough in the quantum setting. In this work, we present dedicated quantum free-start collision attacks on Hirose’s double block length compression function instantiated with AES-256, namely HCF-AES-256. The best publicly known classical attack against HCF-AES-256 covers up to 9 out of 14 rounds. We present a new 10-round differential trail for HCF-AES-256 with probability 2−160, and use it to find collisions with a quantum version of the rebound attack. Our attack succeeds with a time complexity of 285.11 and requires 216 qRAM in the quantum-attack setting, where an attacker can make only classical queries to the oracle and perform offline computations. We also present a quantum free-start collision attack on HCF-AES-256 with a time complexity of 286.07 which outperforms Chailloux, Naya-Plasencia, and Schrottenloher’s generic quantum collision attack (ASIACRYPT 2017) in a model when large qRAM is not available.

Farid Ablayev,Marat Ablayev

DOI: https://doi.org/10.48550/arXiv.1509.01268

2015-09-10

Abstract:In the paper we define a notion of quantum resistant ($(\epsilon,\delta)$-resistant) hash function which combine together a notion of pre-image (one-way) resistance ($\epsilon$-resistance) property we define in the paper and the notion of collision resistance ($\delta$-resistance) properties. We show that in the quantum setting a one-way resistance property and collision resistance property are correlated: the "more" a quantum function is one-way resistant the "less" it collision resistant and vice versa. We present an explicit quantum hash function which is "balanced" one-way resistant and collision resistant and demonstrate how to build a large family quantum hash functions. Balanced quantum hash functions need a high degree of entanglement between the qubits. We use a "phase constructions" technique to express quantum hashing constructions, which is good to map hash states to coherent states in a superposition of time-bin modes. The later is ready to be implemented with current optical technology.

Quantum Physics

Yassine Hamoudi,Qipeng Liu,Makrand Sinha

2024-02-28

Abstract:Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that there is no efficient way to find distinct inputs that produce the same hash value. This property underpins the security of various cryptographic applications, making it crucial to understand its complexity. The complexity of this problem is well-understood in the classical setting and $\Theta(N^{1/2})$ queries are needed to find a collision. However, the advent of quantum computing has introduced new challenges since quantum adversaries $\unicode{x2013}$ equipped with the power of quantum queries $\unicode{x2013}$ can find collisions much more efficiently. Brassard, Höyer and Tapp and Aaronson and Shi established that full-scale quantum adversaries require $\Theta(N^{1/3})$ queries to find a collision, prompting a need for longer hash outputs, which impacts efficiency in terms of the key lengths needed for security. This paper explores the implications of quantum attacks in the Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three different models for NISQ algorithms and achieve tight bounds for all of them: (1) A hybrid algorithm making adaptive quantum or classical queries but with a limited quantum query budget, or (2) A quantum algorithm with access to a noisy oracle, subject to a dephasing or depolarizing channel, or (3) A hybrid algorithm with an upper bound on its maximum quantum depth; i.e., a classical algorithm aided by low-depth quantum circuits. In fact, our results handle all regimes between NISQ and full-scale quantum computers. Previously, only results for the pre-image search problem were known for these models by Sun and Zheng, Rosmanis, Chen, Cotler, Huang and Li while nothing was known about the collision finding problem.

Quantum Physics,Computational Complexity,Cryptography and Security,Data Structures and Algorithms

Tomoya Hatanaka,Rikuto Fushio,Masataka Watanabe,William J. Munro,Tatsuhiko N. Ikeda,Sho Sugiura

2024-09-30

Abstract:We propose a quantum hash function based on Gaussian boson sampling on a photonic quantum computer, aiming to provide quantum-resistant security. Extensive simulations demonstrate that this hash function exhibits strong properties of preimage, second preimage, and collision resistance, which are essential for cryptographic applications. Notably, the estimated number of attempts required for a successful collision attack increases exponentially with the mode counts of the photonic quantum computer, suggesting robust resistance against birthday attacks. We also analyze the sampling cost for physical implementation and discuss potential applications to blockchain technologies, where the inherent quantum nature of the hash computation could provide quantum-resistant security. The high dimensionality of the quantum state space involved in the hashing process poses significant challenges for quantum attacks, indicating a path towards quantum security. Our work lays the foundation for a new paradigm of quantum-resistant hashing with applications in emerging quantum-era information systems.

Quantum Physics,Mesoscale and Nanoscale Physics,High Energy Physics - Theory,Chaotic Dynamics,Optics

Hosoyamada, Akinori,Yamakawa, Takashi

DOI: https://doi.org/10.1007/s00145-024-09517-2

2024-08-23

Journal of Cryptology

Abstract:Since the celebrated work of Impagliazzo and Rudich (STOC 1989), a number of black-box impossibility results have been established. However, these works only ruled out classical black-box reductions among cryptographic primitives. Therefore, it may be possible to overcome these impossibility results by using quantum reductions. To exclude such a possibility, we have to extend these impossibility results to the quantum setting. In this paper, we study black-box impossibility in the quantum setting. We first formalize a quantum counterpart of fully black-box reduction following the formalization by Reingold, Trevisan and Vadhan (TCC 2004). Then we prove that there is no quantum fully black-box reduction from collision-resistant hash functions to one-way permutations (or even trapdoor permutations). We take both of classical and quantum implementations of primitives into account. This is an extension to the quantum setting of the work of Simon (Eurocrypt 1998) who showed a similar result in the classical setting.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Prabhanjan Ananth,Zihan Hu,Henry Yuen

DOI: https://doi.org/10.48550/arXiv.2301.09236

2023-01-23

Abstract:Public-key quantum money is a cryptographic proposal for using highly entangled quantum states as currency that is publicly verifiable yet resistant to counterfeiting due to the laws of physics. Despite significant interest, constructing provably-secure public-key quantum money schemes based on standard cryptographic assumptions has remained an elusive goal. Even proposing plausibly-secure candidate schemes has been a challenge. These difficulties call for a deeper and systematic study of the structure of public-key quantum money schemes and the assumptions they can be based on. Motivated by this, we present the first black-box separation of quantum money and cryptographic primitives. Specifically, we show that collision-resistant hash functions cannot be used as a black-box to construct public-key quantum money schemes where the banknote verification makes classical queries to the hash function. Our result involves a novel combination of state synthesis techniques from quantum complexity theory and simulation techniques, including Zhandry's compressed oracle technique.

Quantum Physics,Computational Complexity,Cryptography and Security

Xiaoyang Dong,Shun Li,Phuong Pham,Guoyan Zhang

DOI: https://doi.org/10.1007/978-981-99-8727-6_1

2023-01-01

Abstract:At ASIACRYPT 2022, Benedikt, Fischlin, and Huppert proposed the quantum herding attacks on iterative hash functions for the first time. Their attack needs exponential quantum random access memory (qRAM), more precisely 2(0.43n) quantum accessible classical memory (QRACM). As the existence of large qRAM is questionable, Benedikt et al. leave an open question on building low-qRAM quantum herding attacks. In this paper, we answer this open question by building a quantum herding attack, where the time complexity is slightly increased from Benedikt et al.'s 2(0.43n) to ours 2(0.46n), but it does not need qRAM anymore (abbreviated as no-qRAM). Besides, we also introduce various low-qRAM or no-qRAM quantum attacks on hash concatenation combiner, hash XOR combiner, Hash-Twice, and Zipper hash functions.

Yusuke Naito

DOI: https://doi.org/10.1007/978-3-030-30530-7_4

2019-01-01

Abstract:Existing double-block-length (DBL) hash functions, in order to achieve optimal indifferentiable security (security up to O(2n)documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$O(2^n)$$end{document} query complexity), require a block cipher with ndocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$n$$end{document}-bit blocks and kdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$k$$end{document}-bit keys such that 2n≤kdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$2nle k$$end{document}, and a post-processing function with two block cipher calls. In this paper, we consider the indifferentiability of MDPHdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathsf {MDPH}$$end{document}, a combination of the MDP domain extender and Hirose’s compression function. MDPHdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathsf {MDPH}$$end{document} does not require the post-processing function (thus has better efficiency), and supports block ciphers with n<kdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$n< k$$end{document}. We show that MDPHdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$mathsf {MDPH}$$end{document} achieves (nearly) optimal indifferentiable security. To the best of our knowledge, this is the first result for DBL hashing with optimal indifferentiable security, with support for block ciphers with n<kdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$n< k$$end{document}, and without the post-processing function.

Shreya Banerjee,Harshita Meena,Somanath Tripathy,Prasanta K. Panigrahi

2024-08-07

Abstract:We introduce a novel, \textit{fully} quantum hash (FQH) function within the quantum walk on a cycle framework. We incorporate deterministic quantum computation with a single qubit to replace classical post-processing, thus increasing the inherent security. Further, our proposed hash function exhibits zero collision rate and high reliability. We further show that it provides $ > 50\%$ avalanche on average, and is highly sensitive to the initial conditions. We show comparisons of several performance metrics for the proposed FQH with different settings as well as with existing protocols to prove its efficacy. FQH requires minimal quantum resources to produce a large hash value, providing security against the birthday attack. This innovative approach thus serves as an efficient hash function and lays the foundation for potential advancements in quantum cryptography by integrating the fully quantum hash generation protocol.

Quantum Physics

Akshima,Siyao Guo,Qipeng Liu

DOI: https://doi.org/10.1007/s00145-024-09491-9

2024-02-16

Journal of Cryptology

Abstract:We revisit the problem of finding B -block-long collisions in Merkle–Damgård Hash Functions in the auxiliary-input random oracle model, in which an attacker gets a piece of S -bit advice about the random oracle and makes T oracle queries. Akshima, Cash, Drucker and Wee (CRYPTO 2020), based on the work of Coretti, Dodis, Guo and Steinberger (EUROCRYPT 2018), showed a simple attack for (with respect to a random salt). The attack achieves advantage where n is the output length of the random oracle. They conjectured that this attack is optimal. However, this so-called STB conjecture was only proved for and . Very recently, Ghoshal and Komargodski (CRYPTO 2022) confirmed the STB conjecture for all constant values of B and provided an bound for all choices of B . In this work, we prove an bound for every . Our bound confirms the STB conjecture for and is optimal up to a factor of S for (note as is always at most , otherwise finding a collision is trivial by the birthday attack). Our result subsumes all previous upper bounds for all ranges of parameters except for and . We obtain our results by adopting and refining the technique of Chung, Guo, Liu and Qian (FOCS 2020). Our approach yields more modular proofs and sheds light on how to bypass the limitations of prior techniques. Along the way, we obtain a considerably simpler and illuminating proof for , recovering the main result of Akshima, Cash, Drucker and Wee.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Shengnan Wang,Chunguang Li

DOI: https://doi.org/10.1109/tbdata.2019.2946616

2019-01-01

IEEE Transactions on Big Data

Abstract:Hashing has been widely used for nearest neighbors search over big data. Hashing encodes high dimensional data points into binary codes. Most hashing methods use the single-bit quantization (SBQ) strategy for coding the data. However, this strategy often encodes neighboring points into totally different bits. Recently, a double-bit quantization (DBQ) strategy was proposed, which can better preserve the similarity of the data. The hashing problems are generally NP-hard, due to the discrete constraints. For tractability, some relaxation methods were proposed by discarding the discrete constraints. However, such a manner makes the hash codes less effective, due to the large quantization error. To obtain high-quality hash codes, some discrete hashing methods were proposed, which directly solve the hashing problem without any relaxations. However, the existing discrete hashing methods can only deal with single-bit hashing. In this paper, we propose a discrete hashing method to solve double-bit hashing problems. To address the difficulty brought by the discrete constraints, we propose a method to transform the discrete hashing problem into an equivalent continuous optimization problem. Then, we devise algorithms based on DC (difference of convex functions) programming to solve the problem. Numerical experiments are provided to show the superiority of the proposed methods.

Seungjun Baek,Sehee Cho,Jongsung Kim

DOI: https://doi.org/10.1007/s11128-022-03499-5

IF: 1.965

2022-04-27

Quantum Information Processing

Abstract:Recently, Hosoyamada and Sasaki (Eurocrypt'20) proposed dedicated quantum collision attacks on AES-MMO and AES-MP and revealed that a differential trail that is not available in the classical setting due to a low probability can be utilized in the quantum settings. Their works encouraged cryptographers to actively perform security analysis of concrete hash functions in the quantum settings, which had not received much attention before. Xiaoyang Dong et al. (Asiacrypt'20) proposed improved dedicated quantum collision attacks on AES-MMO and AES-MP, and Chauhan et al. (ToSC'21) proposed quantum rebound attacks on the double-block-length hash function Hirose instantiated with 10-round reduced AES-256. In this paper, we propose a quantum collision attack on the Davies–Meyer (DM) hash function instantiated with full-round AES-256. We construct a new chosen-key differential trail for AES-256 based on the trail of Biryukov et al. proposed in 2009 and use it to find collisions of the full AES-256-based DM in a quantum setting. We also present quantum free-start collision attacks on the Hirose and MJH hash functions instantiated with full-round AES-256. These attacks are significant in that they are the first algorithms to find full-round (free-start) collisions. In particular, in the case of Hirose-AES-256, our attacks can cover a larger number of constant c than previously proposed attacks and also cover more rounds.

physics, multidisciplinary,quantum science & technology, mathematical

Hongbo Yu,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-540-76788-6_17

2007-01-01

Abstract:In this paper, we present a new type of multi-collision attack on the compression functions of both MD4 and 3-Pass HAVAL. Different from Joux's multi-collision attack, our method focuses on the multi-collision of the compression function. For MD4, we utilize two different feasible collision differential paths to find a 4-collision with about 2 21 MD4 computations. For 3-Pass HAVAL, we can find a 4-collision with complexity about 2(30) and a 8-near-collision with complexity 2(9).

Michele Burrello,Haitan Xu,Giuseppe Mussardo,Xin Wan

DOI: https://doi.org/10.1103/physrevlett.104.160502

IF: 8.6

2010-01-01

Physical Review Letters

Abstract:We study an efficient algorithm to hash any single-qubit gate into a braid of Fibonacci anyons represented by a product of icosahedral group elements. By representing the group elements by braid segments of different lengths, we introduce a series of pseudogroups. Joining these braid segments in a renormalization group fashion, we obtain a Gaussian unitary ensemble of random-matrix representations of braids. With braids of length O(log2(1/epsilon)), we can approximate all SU(2) matrices to an average error epsilon with a cost of O(log(1/epsilon)) in time. The algorithm is applicable to generic quantum compiling.

Qing Zhou,Xueming Tang,Songfeng Lu,Hao Yang

2023-08-10

Abstract:In this paper, we develop a generic controlled alternate quantum walk model (called CQWM-P) by combining parity-dependent quantum walks with distinct arbitrary memory lengths and then construct a quantum-inspired hash function (called QHFM-P) based on this model. Numerical simulation shows that QHFM-P has near-ideal statistical performance and is on a par with the state-of-the-art hash functions based on discrete quantum walks in terms of sensitivity of hash value to message, diffusion and confusion properties, uniform distribution property, and collision resistance property. Stability test illustrates that the statistical properties of the proposed hash function are robust with respect to the coin parameters, and theoretical analysis indicates that QHFM-P has the same computational complexity as that of its peers.

Quantum Physics,Cryptography and Security

Alexandru Cojocaru,Juan Garay,Fang Song

2023-11-07

Abstract:In this work we first examine the hardness of solving various search problems by hybrid quantum-classical strategies, namely, by algorithms that have both quantum and classical capabilities. We then construct a hybrid quantum-classical search algorithm and analyze its success probability. Regarding the former, for search problems that are allowed to have multiple solutions and in which the input is sampled according to arbitrary distributions we establish their hybrid quantum-classical query complexities -- i.e., given a fixed number of classical and quantum queries, determine what is the probability of solving the search task. At a technical level, our results generalize the framework for hybrid quantum-classical search algorithms proposed by Rosmanis. Namely, for an arbitrary distribution $D$ on Boolean functions, the probability an algorithm equipped with $\tau_c$ classical and $\tau_q$ quantum queries succeeds in finding a preimage of $1$ for a function sampled from $D$ is at most $\nu_D \cdot(2\sqrt{\tau_c} + 2\tau_q + 1)^2$, where $\nu_D$ captures the average (over $D$) fraction of preimages of $1$. As applications of our hardness results, we first revisit and generalize the security of the Bitcoin protocol called the Bitcoin backbone, to a setting where the adversary has both quantum and classical capabilities, presenting a new hybrid honest majority condition necessary for the protocol to properly operate. Secondly, we examine the generic security of hash functions against hybrid adversaries. Regarding our second contribution, we design a hybrid algorithm which first spends all of its classical queries and in the second stage runs a ``modified Grover'' where the initial state depends on the distribution $D$. We show how to analyze its success probability for arbitrary target distributions and, importantly, its optimality for the uniform and the Bernoulli distribution cases.

Quantum Physics,Cryptography and Security

Ron D. Rothblum,Prashant Nalini Vasudevan

DOI: https://doi.org/10.1007/s00145-024-09495-5

2024-03-08

Journal of Cryptology

Abstract:Collision-resistant hash functions ( ) are a fundamental and ubiquitous cryptographic primitive. Several recent works have studied a relaxation of called t -way multi-collision-resistant hash functions ( ). These are families of functions for which it is computationally hard to find a t -way collision, even though such collisions are abundant (and even -way collisions may be easy to find). The case of corresponds to standard , but it is natural to study t - for larger values of t . Multi-collision resistance seems to be a qualitatively weaker property than standard collision resistance. Nevertheless, in this work we show a non-blackbox transformation of any moderately shrinking t - , for , into an (infinitely often secure) . This transformation is non-constructive—we can prove the existence of a but cannot explicitly point out a construction. Our result partially extends to larger values of t . In particular, we show that for suitable values of , we can transform a t - into a - , at the cost of reducing the shrinkage of the resulting hash function family and settling for infinitely often security. This result utilizes the list-decodability properties of Reed–Solomon codes.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Yu-Guang Yang,Jing-Lin Bi,Dan Li,Yi-Hua Zhou,Wei-Min Shi

DOI: https://doi.org/10.1007/s10773-019-04081-z

2019-03-13

International Journal of Theoretical Physics

Abstract:Higher security and lower collision rate have always been people's pursuits in the construction of hash functions. We consider a quantum walk where a walker is driven by two coins alternately. At each step, a message bit decides whether to swap two coins. In this way, a keyed hash function is constructed. Theoretically infinite possibilities of the initial parameters as the key ensure the security of the proposed hash function against the unforgery and collision resistance. Finally, we establish a generic quantum walk-based hash function model and give a guide in constructing hash functions in quantum walk architecture. It also provides a clue for the construction of other quantum walk-based cryptography protocols.

physics, multidisciplinary

Haiyan Yu,Xiaoyun Wang

2007-01-01

Abstract:In this paper, we present a new type of MultiCollision attack on the compression functions both of MD4 and 3-Pass HAVAL. For MD4, we utilize two feasible different collision differential paths to find a 4collision with 2 MD4 computations. For 3-Pass HAVAL, we present three near-collision differential paths to find a 8-NearCollision with 2 HAVAL computations.

Elena R. Henderson,Jessie M. Henderson,William V. Oxford,Mitchell A. Thornton

2024-04-26

Abstract:Several cryptographic systems depend upon the computational difficulty of reversing cryptographic hash functions. Robust hash functions transform inputs to outputs in such a way that the inputs cannot be later retrieved in a reasonable amount of time even if the outputs and the function that created them are known. Consequently, hash functions can be cryptographically secure, and they are employed in encryption, authentication, and other security methods. It has been suggested that such cryptographically-secure hash functions will play a critical role in the era of post-quantum cryptography (PQC), as they do in conventional systems. In this work, we introduce a procedure that leverages the principle of reversibility to generate circuits that invert hash functions. We provide a proof-of-concept implementation and describe methods that allow for scaling the hash function inversion approach. Specifically, we implement one manifestation of the algorithm as part of a more general automated quantum circuit synthesis, compilation, and optimization toolkit. We illustrate production of reversible circuits for crypto-hash functions that inherently provide the inverse of the function, and we describe data structures that increase the scalability of the hash function inversion approach.

Quantum Physics,Cryptography and Security