3 research outputs found
Quantum attacks against iterated block ciphers
We study the amplification of security against quantum attacks provided by
iteration of block ciphers. In the classical case, the Meet-in-the-middle
attack is a generic attack against those constructions. This attack reduces the
time required to break double iterations to only twice the time it takes to
attack a single block cipher, given that the attacker has access to a large
amount of memory. More abstractly, it shows that security by composition does
not achieve exact multiplicative amplification. We present a quantized version
of this attack based on an optimal quantum algorithm for the Element
Distinctness problem. We then use the generalized adversary method to prove the
optimality of the attack. An interesting corollary is that the time-space
tradeoff for quantum attacks is very different from what classical attacks
allow. This first result seems to indicate that composition resists better to
quantum attacks than to classical ones because it prevents the quadratic
speedup achieved by quantizing an exhaustive search.
We investigate security amplification by composition further by examining the
case of four iterations. We quantize a recent technique called the dissection
attack using the framework of quantum walks. Surprisingly, this leads to better
gains over classical attacks than for double iterations, which seems to
indicate that when the number of iterations grows, the resistance against
quantum attacks decreases.Comment: 14 page