Huiqin Xie,Li Yang

2024-07-21

Abstract:Facing the worldwide steady progress in building quantum computers, it is crucial for cryptographic community to design quantum-safe cryptographic primitives. To achieve this, we need to investigate the capability of cryptographic analysis tools when used by the adversaries with quantum computers. In this article, we concentrate on truncated differential and boomerang cryptanalysis. We first present a quantum algorithm which is designed for finding truncated differentials of symmetric ciphers. We prove that, with a overwhelming probability, the truncated differentials output by our algorithm must have high differential probability for the vast majority of keys in key space. Afterwards, based on this algorithm, we design a quantum algorithm which can be used to find boomerang distinguishers. The quantum circuits of both quantum algorithms contain only polynomial quantum gates. Compared to classical tools for searching truncated differentials or boomerang distinguishers, our algorithms fully utilize the strengths of quantum computing, and can maintain the polynomial complexity while fully considering the impact of S-boxes and key scheduling.

Quantum Physics

Huiqin Xie,Li Yang

DOI: https://doi.org/10.48550/arXiv.1712.06997

2018-07-23

Abstract:Traditional cryptography is suffering a huge threat from the development of quantum computing. While many currently used public-key cryptosystems would be broken by Shor's algorithm, the effect of quantum computing on symmetric ones is still unclear. The security of symmetric ciphers relies heavily on the development of cryptanalytic tools. Thus, in order to accurately evaluate the security of symmetric primitives in the post-quantum world, it is significant to improve classical cryptanalytic methods using quantum algorithms. In this paper, we focus on two variants of differential cryptanalysis: truncated differential cryptanalysis and impossible differential cryptanalysis. Based on the fact that Bernstein-Vazirani algorithm can be used to find the linear structures of Boolean functions, we propose two quantum algorithms that can be used to find high-probability truncated differentials and impossible differentials of block ciphers, respectively. We rigorously prove the validity of the algorithms and analyze their complexity. Our algorithms treat all rounds of the reduced cipher as a whole and only concerns the input and output differences at its both ends, instead of specific differential characteristics. Therefore, to a certain extent, they alleviate the weakness of conventional differential cryptanalysis, namely the difficulties in finding differential characteristics as the number of rounds increases.

Quantum Physics,Cryptography and Security

Huiqin Xie,Qiqing Xia,Ke Wang,Yanjun Li,Li Yang

DOI: https://doi.org/10.3390/math12162598

IF: 2.4

2024-08-24

Mathematics

Abstract:Due to the superiority of quantum computing, traditional cryptography is facing a severe threat. This makes the security evaluation of cryptographic systems in quantum attack models both significant and urgent. For symmetric ciphers, the security analysis heavily relies on cryptanalysis tools. Thus, exploring the use of quantum algorithms in traditional cryptanalysis tools has garnered considerable attention. In this study, we utilize quantum algorithms to improve impossible differential attacks and design two quantum automated tools to search for impossible differentials. The proposed quantum algorithms exploit the idea of miss-in-the-middle and the properties of truncated differentials. We rigorously prove their validity and calculate the quantum resources required for their implementation. Compared to the existing classical automated cryptanalysis, the proposed quantum tools have the advantage of accurately characterizing S-boxes while only requiring polynomial complexity, and can take into consideration the impact of the key schedules in a single-key model.

mathematics

Huiqin Xie,Qiqing Xia,Ke Wang,Yanjun Li,Li Yang

2024-07-14

Abstract:Due to the superiority of quantum computing, traditional cryptography is facing severe threat. This makes the security evaluation of cryptographic systems in quantum attack models significant and urgent. For symmetric ciphers, the security analysis heavily relies on cyptanalytic tools. Thus exploring the use of quantum algorithms to traditional cyptanalytic tools has drawn a lot of attention. In this study, we utilize quantum algorithms to improve impossible differential attack, and design two quantum automatic tools for searching impossible differentials. The proposed quantum algorithms exploit the idea of miss-in-the-middle and the properties of truncated differentials. We rigorously prove their validity and calculate the quantum resources required to implement them. Compared to existing classical automatic cryptanalysis, the quantum tools proposed have the advantage of accurately characterizing S-boxes while only requiring polynomial complexity, and can take into consideration the impact of the key schedules in single-key model.

Quantum Physics

Qing Zhou,Songfeng Lu,Zhigang Zhang,Jie Sun

DOI: https://doi.org/10.1007/s11128-015-0983-3

IF: 1.965

2015-01-01

Quantum Information Processing

Abstract:In this paper, we propose a quantum version of the differential cryptanalysis which offers a quadratic speedup over the existing classical one and show the quantum circuit implementing it. The quantum differential cryptanalysis is based on the quantum minimum/maximum-finding algorithm, where the values to be compared and filtered are obtained by calling the quantum counting algorithm. Any cipher which is vulnerable to the classical differential cryptanalysis based on counting procedures can be cracked more quickly under this quantum differential attack.

Hongkai Zou,Jian Zou,Yiyuan Luo

DOI: https://doi.org/10.1007/s11128-023-03921-6

IF: 1.965

2023-04-11

Quantum Information Processing

Abstract:At SAC 2021, Frixons et al. proposed quantum boomerang attacks that can effectively recover the keys of block ciphers in the quantum setting. Based on their work, we further consider how to quantize the generic boomerang attacks proposed by Biham et al. at FSE 2002, so as to obtain more generic quantum boomerang attacks. Similar to Frixons et al.'s work, we only consider quantum key recovery attacks in the single-key setting. With the help of some famous quantum algorithms, this paper presents two methods to convert the attacks of Biham et al. into some new quantum key recovery attacks. In order to proof our methods, we apply our new ideas to attack Serpent-256 and ARIA-196. To sum up, for Serpent-256, we give valid 9-round and 10-round quantum key recovery attacks respectively. The quantum time complexity of 9-round and 10-round of Serpent-256 is and respectively. Furthermore, we show a valid quantum key attack on 6-round ARIA-196 which has a time complexity of with negligible memory. The time complexity of the above quantum attacks are better than the corresponding classical attacks and quantum generic key recovery attack via Grover's algorithm.

physics, multidisciplinary,quantum science & technology, mathematical

Marc Kaplan,Gaëtan Leurent,Anthony Leverrier,María Naya-Plasencia

DOI: https://doi.org/10.13154/tosc.v2016.i1.71-94

2017-03-07

Abstract:Quantum computers, that may become available one day, would impact many scientific fields, most notably cryptography since many asymmetric primitives are insecure against an adversary with quantum capabilities. Cryptographers are already anticipating this threat by proposing and studying a number of potentially quantum-safe alternatives for those primitives. On the other hand, symmetric primitives seem less vulnerable against quantum computing: the main known applicable result is Grover's algorithm that gives a quadratic speed-up for exhaustive search. In this work, we examine more closely the security of symmetric ciphers against quantum attacks. Since our trust in symmetric ciphers relies mostly on their ability to resist cryptanalysis techniques, we investigate quantum cryptanalysis techniques. More specifically, we consider quantum versions of differential and linear cryptanalysis. We show that it is usually possible to use quantum computations to obtain a quadratic speed-up for these attack techniques, but the situation must be nuanced: we don't get a quadratic speed-up for all variants of the attacks. This allows us to demonstrate the following non-intuitive result: the best attack in the classical world does not necessarily lead to the best quantum one. We give some examples of application on ciphers LAC and KLEIN. We also discuss the important difference between an adversary that can only perform quantum computations, and an adversary that can also make quantum queries to a keyed primitive.

Quantum Physics,Cryptography and Security

Yin-Song Xu,Yi-Bo Luo,Zheng Yuan,Xuan Zhou,Qi-di You,Fei Gao,Xiao-Yang Dong

DOI: https://doi.org/10.1007/s10623-024-01526-3

2024-01-01

Abstract:In recent years, it has become a popular trend to propose quantum versions of classical attacks. The rectangle attack as a differential attack is widely used in symmetric cryptanalysis and applied on many block ciphers. To improve its efficiency, we propose a new quantum rectangle attack firstly. In rectangle attack, it counts the number of valid quartets for each guessed subkeys and filters out subkey candidates according to the counter. To speed up this procedure, we propose a quantum key counting algorithm based on parallel amplitude estimation algorithm and amplitude amplification algorithm. Then, we complete with the remaining key bits and search the right full key by nested Grover search. Besides, we give a strategy to find a more suitable distinguisher to make the complexity lower. Finally, to evaluate post-quantum security of the tweakable block cipher Deoxys-BC, we perform automatic search for good distinguishers of Deoxys-BC according to the strategy, and then apply our attack on 9/10-round Deoxys-BC-256 and 12/13/14-round Deoxys-BC-384. The results show that our attack has some improvements than classical attacks and Grover search.

Xia Liu,Huan Yang,Li Yang

DOI: https://doi.org/10.1186/s42400-023-00181-w

2023-01-01

Abstract:The elliptic curve discrete logarithm problem (ECDLP) is a popular choice for cryptosystems due to its high level of security. However, with the advent of the extended Shor's algorithm, there is concern that ECDLP may soon be vulnerable. While the algorithm does offer hope in solving ECDLP, it is still uncertain whether it can pose a real threat in practice. From the perspective of the quantum circuits of the algorithm, this paper analyzes the feasibility of cracking ECDLP using an ion trap quantum computer with improved quantum circuits for the extended Shor's algorithm. We give precise quantum circuits for extended Shor's algorithm to calculate discrete logarithms on elliptic curves over prime fields, including modular subtraction, three different modular multiplication, and modular inverse. Additionally, we incorporate and improve upon windowed arithmetic in the circuits to reduce the CNOT-counts. Whereas previous studies mostly focused on minimizing the number of qubits or the depth of the circuit, we focus on minimizing the number of CNOT gates in the circuit, which greatly affects the running time of the algorithm on an ion trap quantum computer. Specifically, we begin by presenting implementations of basic arithmetic operations with the lowest known CNOT-counts, along with improved constructions for modular inverse, point addition, and windowed arithmetic. Next, we precisely estimate that, to execute the extended Shor's algorithm with the improved circuits to factor an n-bit integer, the CNOT-count required is 1237n(3)/ log n + 2n(2) + n. Finally, we analyze the running time and feasibility of the extended Shor's algorithm on an ion trap quantum computer.

Xiaoyang Dong,Bingyou Dong,Xiaoyun Wang

DOI: https://doi.org/10.1007/s10623-020-00741-y

2020-03-09

Abstract:Post-quantum cryptography has attracted much attention from worldwide cryptologists. However, most research works are related to public-key cryptosystem due to Shor's attack on RSA and ECC ciphers. At CRYPTO 2016, Kaplan et al. showed that many secret-key (symmetric) systems could be broken using a quantum period finding algorithm, which encouraged researchers to evaluate symmetric systems against quantum attackers. In this paper, we continue to study symmetric ciphers against quantum attackers. First, we convert the classical advanced slide attacks (introduced by Biryukov and Wagner) to a quantum one, that gains an exponential speed-up in time complexity. Thus, we could break 2/4K-Feistel and 2/4K-DES in polynomial time. Second, we give a new quantum key-recovery attack on full-round GOST, which is a Russian standard, with <span class="mathjax-tex">\(2^{114.8}\)</span> quantum queries of the encryption process, faster than a quantum brute-force search attack by a factor of <span class="mathjax-tex">\(2^{13.2}\)</span>.

Ji Guan,Wang Fang,Mingyu Huang,Mingsheng Ying

DOI: https://doi.org/10.1145/3576915.3623108

2023-09-09

Abstract:Quantum algorithms for solving a wide range of practical problems have been proposed in the last ten years, such as data search and analysis, product recommendation, and credit scoring. The concern about privacy and other ethical issues in quantum computing naturally rises up. In this paper, we define a formal framework for detecting violations of differential privacy for quantum algorithms. A detection algorithm is developed to verify whether a (noisy) quantum algorithm is differentially private and automatically generate bugging information when the violation of differential privacy is reported. The information consists of a pair of quantum states that violate the privacy, to illustrate the cause of the violation. Our algorithm is equipped with Tensor Networks, a highly efficient data structure, and executed both on TensorFlow Quantum and TorchQuantum which are the quantum extensions of famous machine learning platforms -- TensorFlow and PyTorch, respectively. The effectiveness and efficiency of our algorithm are confirmed by the experimental results of almost all types of quantum algorithms already implemented on realistic quantum computers, including quantum supremacy algorithms (beyond the capability of classical algorithms), quantum machine learning models, quantum approximate optimization algorithms, and variational quantum eigensolvers with up to 21 quantum bits.

Quantum Physics,Cryptography and Security,Machine Learning

Haitan Xu,Xin Wan

DOI: https://doi.org/10.1103/physreva.80.012306

2009-01-01

Abstract:In a topological quantum computer, braids of non-Abelian anyons in a (2+1)-dimensional space time form quantum gates, whose fault tolerance relies on the topological, rather than geometric, properties of the braids. Here we propose to create and exploit redundant geometric degrees of freedom to improve the theoretical accuracy of topological single-and two-qubit quantum gates. We demonstrate the power of the idea using explicit constructions in the Fibonacci model. We compare its efficiency with that of the Solovay-Kitaev algorithm and explain its connection to the leakage errors reduction in an earlier construction [H. Xu and X. Wan, Phys. Rev. A 78, 042325 (2008)].

Xuexuan Hao,Fengrong Zhang,Yongzhuang Wei,Yong Zhou

DOI: https://doi.org/10.26421/qic20.1-2-4

2020-01-01

Quantum Information and Computation

Abstract:Quantum period finding algorithms have been used to analyze symmetric cryptography. For instance, the 3-round Feistel construction and the Even-Mansour construction could be broken in polynomial time by using quantum period finding algorithms. In this paper, we firstly provide a new algorithm for finding the nonzero period of a vectorial function with O(n) quantum queries, which uses the Bernstein-Vazirani algorithm as one step of the subroutine. Afterwards, we compare our algorithm with Simon's algorithm. In some scenarios, such as the Even-Mansour construction and the function satisfying Simon's promise, etc, our algorithm is more efficient than Simon's algorithm with respect to the tradeoff between quantum memory and time. On the other hand, we combine our algorithm with Grover's algorithm for the key-recovery attack on the FX construction. Compared with the Grover-Meets-Simon algorithm proposed by Leander and May at Asiacrypt 2017, the new algorithm could save the quantum memory.

Wei Jie Ng,Chik How Tan

DOI: https://doi.org/10.1007/s11128-024-04359-0

IF: 1.965

2024-04-18

Quantum Information Processing

Abstract:Grover's algorithm has been widely used for quantum key search to attack block ciphers with a quadratic speedup as compared to classical brute-force attacks and also used for evaluating the post-quantum security of block ciphers against quantum computer attack. But, this quantum key search on block ciphers has a high quantum circuit depth and AES-128 is still secure against such attack. In this paper, we introduce a method called the depth–measurement trade-off method that reduces the overall quantum circuit depth of quantum key search to attack block ciphers by increasing the number of measurements of the circuit. This method is to introduce dummy keys in the quantum circuit as part of the correct key. This will reduce both quantum circuit resource and quantum circuit depth. Based on this technique, the quantum circuit depth of AES-128 is less than , while NIST suggested circuit depth should be greater than MAXDEPTH, which is , and in order to resist the respective attacks. In addition, we also simulated the depth–measurement trade-off method on the reduced SIMON block cipher algorithm as a proof of concept. Furthermore, we also apply the depth–measurement technique on various block ciphers, for example AES, PRESENT, SIMON, GIFT, SPECK, RECTANGLE, LowMC, KNOT, PIPO, etc.

physics, multidisciplinary,quantum science & technology, mathematical

Carlos Cid,Tao Huang,Thomas Peyrin,Yu Sasaki,Ling Song

DOI: https://doi.org/10.1007/978-3-319-78375-8_22

2018-01-01

Abstract:A boomerang attack is a cryptanalysis framework that regards a block cipher E as the composition of two sub-ciphers E1∘E0$$E_1\circ E_0$$ and builds a particular characteristic for E with probability p2q2$$p^2q^2$$ by combining differential characteristics for E0$$E_0$$ and E1$$E_1$$ with probability p and q, respectively. Crucially the validity of this figure is under the assumption that the characteristics for E0$$E_0$$ and E1$$E_1$$ can be chosen independently. Indeed, Murphy has shown that independently chosen characteristics may turn out to be incompatible. On the other hand, several researchers observed that the probability can be improved to p or q around the boundary between E0$$E_0$$ and E1$$E_1$$ by considering a positive dependency of the two characteristics, e.g. the ladder switch and S-box switch by Biryukov and Khovratovich. This phenomenon was later formalised by Dunkelman et al. as a sandwich attack that regards E as E1∘Em∘E0$$E_1\circ E_m \circ E_0$$, where Em$$E_m$$ satisfies some differential propagation among four texts with probability r, and the entire probability is p2q2r$$p^2q^2r$$. In this paper, we revisit the issue of dependency of two characteristics in Em$$E_m$$, and propose a new tool called Boomerang Connectivity Table (BCT), which evaluates r in a systematic and easy-to-understand way when Em$$E_m$$ is composed of a single S-box layer. With the BCT, previous observations on the S-box including the incompatibility, the ladder switch and the S-box switch are represented in a unified manner. Moreover, the BCT can detect a new switching effect, which shows that the probability around the boundary may be even higher than p or q. To illustrate the power of the BCT-based analysis, we improve boomerang attacks against Deoxys-BC, and disclose the mechanism behind an unsolved probability amplification for generating a quartet in SKINNY. Lastly, we discuss the issue of searching for S-boxes having good BCT and extending the analysis to modular addition.

Yu-Ao Chen,Xiao-Shan Gao,Chun-Ming Yuan

DOI: https://doi.org/10.48550/arXiv.1802.03856

2018-10-07

Abstract:In this paper, we give quantum algorithms for two fundamental computation problems: solving polynomial systems over finite fields and optimization where the arguments of the objective function and constraints take values from a finite field or a bounded interval of integers. The quantum algorithms can solve these problems with any given success probability and have polynomial runtime complexities in the size of the input, the degree of the inequality constraints, and the condition number of certain matrices derived from the problem. So, we achieved exponential speedup for these problems when their condition numbers are small. As applications, quantum algorithms are given to three basic computational problems in cryptography: the polynomial system with noise problem, the short integer solution problem, the shortest vector problem, as well as the cryptanalysis for the lattice based NTRU cryptosystem. It is shown that these problems and NTRU can against quantum computer attacks only if their condition numbers are large, so the condition number could be used as a new criterion for the lattice based post-quantum cryptosystems.

Symbolic Computation,Computational Complexity,Cryptography and Security,Quantum Physics

Bo Zhu,Kefei Chen,Xuejia Lai

DOI: https://doi.org/10.1007/978-3-642-14597-1_16

2010-01-01

Abstract:This paper attempts to utilize the ideas of higher order differential cryptanalysis to investigate Boolean algebra based block ciphers. The theoretical foundation is built for later research, and two kinds of distinguishing attacks are proposed. The prerequisites of the attacks are also presented and proved, and an efficient algorithm is introduced to search these prerequisites. Furthermore, our analysis result shows that 5 rounds of the block cipher PRESENT can be distinguished by using only 512 chosen plaintexts.

Zitai Xu,Yizhi Huang,Xiongfeng Ma

2024-11-01

Abstract:Quantum key distribution is a cornerstone of quantum cryptography, enabling secure communication through the principles of quantum mechanics. In reality, most practical implementations rely on the decoy-state method to ensure security against photon-number-splitting attacks. A significant challenge in realistic quantum cryptosystems arises from statistical fluctuations with finite data sizes, which complicate the key-rate estimation due to the nonlinear dependence on the phase error rate. In this study, we first revisit and improve the key rate bound for the decoy-state method. We then propose an enhanced framework for statistical fluctuation analysis. By employing our fluctuation analysis on the improved bound, we demonstrate enhancement in key generation rates through numerical simulations with typical experimental parameters. Furthermore, our approach to fluctuation analysis is not only applicable in quantum cryptography but can also be adapted to other quantum information processing tasks, particularly when the objective and experimental variables exhibit a linear relationship.

Quantum Physics

Li Zhou,Mingsheng Ying

DOI: https://doi.org/10.1109/CSF.2017.23

2017-01-01

Abstract:More and more quantum algorithms have been designed for solving problems in machine learning, database search and data analytics. An important problem then arises: how privacy can be protected when these algorithms are used on private data? For classical computing, the notion of differential privacy provides a very useful conceptual framework in which a great number of mechanisms that protect privacy by introducing certain noises into algorithms have been successfully developed. This paper defines a notion of differential privacy for quantum information processing. We carefully examine how the mechanisms using three important types of quantum noise, the amplitude/phase damping and depolarizing, can protect differential privacy. A composition theorem is proved that enables us to combine multiple privacy-preserving operations in quantum information processing.

Lu Xiaojuan,Li Bohan,Liu Meicheng,Lin Dongdai

DOI: https://doi.org/10.1186/s42400-021-00108-3

2022-01-01

Abstract:Nonlinear feedback shift register (NFSR) is one of the most important cryptographic primitives in lightweight cryptography. At ASIACRYPT 2010, Knellwolf et al. proposed conditional differential attack to perform a cryptanalysis on NFSR-based cryptosystems. The main idea of conditional differential attack is to restrain the propagation of the difference and obtain a detectable bias of the difference of the output bit. QUARK is a lightweight hash function family which is designed by Aumasson et al. at CHES 2010. Then the extended version of QUARK was published in Journal of Cryptology 2013. In this paper, we propose an improved conditional differential attack on QUARK. One improvement is that we propose a method to select the input difference. We could obtain a set of good input differences by this method. Another improvement is that we propose an automatic condition imposing algorithm to deal with the complicated conditions efficiently and easily. It is shown that with the improved conditional differential attack on QUARK, we can detect the bias of output difference at a higher round of QUARK. Compared to the current literature, we find a distinguisher of U-QUARK/D-QUARK/S-QUARK/C-QUARK up to 157/171/292/460 rounds with increasing 2/5/33/8 rounds respectively. We have performed the attacks on each instance of QUARK on a 3.30 GHz Intel Core i5 CPU, and all these attacks take practical complexities which have been fully verified by our experiments. As far as we know, all of these results have been the best thus far.