122 research outputs found
Grover's Quantum Search Algorithm for an Arbitrary Initial Mixed State
The Grover quantum search algorithm is generalized to deal with an arbitrary
mixed initial state. The probability to measure a marked state as a function of
time is calculated, and found to depend strongly on the specific initial state.
The form of the function, though, remains as it is in the case of initial pure
state. We study the role of the von Neumann entropy of the initial state, and
show that the entropy cannot be a measure for the usefulness of the algorithm.
We give few examples and show that for some extremely mixed initial states
carrying high entropy, the generalized Grover algorithm is considerably faster
than any classical algorithm.Comment: 4 pages. See http://www.cs.technion.ac.il/~danken/MSc-thesis.pdf for
extended discussio
07021 Abstracts Collection -- Symmetric Cryptography
From .. to .., the Dagstuhl Seminar 07021 ``Symmetric Cryptography\u27\u27 automatically
was held in the International Conference and Research Center (IBFI),
Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
A Framework for Iterative Hash Functions - HAIFA
Since the seminal works of Merkle and Damgard on the iteration of compression functions, hash functions were built from compression functions using the Merkle-Damgard construction. Recently, several flaws in this construction were identified, allowing for pre-image attacks and second pre-image attacks on such hash functions even when the underlying compression functions are secure.
In this paper we propose the HAsh Iterative FrAmework (HAIFA). Our framework can fix many of the flaws while supporting several additional properties such as defining families of hash functions and supporting variable hash size. HAIFA allows for an online computation of the hash function in one pass with a fixed amount of memory independently of the size of the message.
Besides our proposal, the recent attacks initiated research on the way compression functions are to be iterated. We show that most recent proposals such as randomized hashing, the enveloped Merkle-Damgard, and the RMC and ROX modes can be all be instantiated as part of the HAsh Iterative FrAmework (HAIFA)
Conditional Linear Cryptanalysis – Cryptanalysis of DES with Less Than 242 Complexity
In this paper we introduce a new extension of linear cryptanalysis that may reduce the complexity of attacks by conditioning linear approximations on other linear approximations. We show that the bias of some linear approximations may increase under such conditions, so that after discarding the known plaintexts that do not satisfy the conditions, the bias of the remaining known plaintexts increases. We show that this extension can lead to improvements of attacks, which may require fewer known plaintexts and time of analysis. We present several types of such conditions, including one that is especially useful for the analysis of Feistel ciphers. We exemplify the usage of such conditions for attacks by a careful application of our extension to Matsui’s attack on the full 16-round DES, which succeeds to reduce the complexity of the best attack on DES to less than 242. We programmed a test implementation of our attack and verified our claimed results with a large number of runs. We also introduce a new type of approximations, to which we call scattered approximations, and discuss its applications
ABC - A New Framework for Block Ciphers
We suggest a new framework for block ciphers named Advanced Block Cipher, or shortly ABC. ABC has additional non-secret parameters that ensure that each call to the underlying block cipher uses a different pseudo-random permutation. It therefore ensures that attacks that require more than one block encrypted under the same secret permutation cannot apply. In particular, this framework protects against dictionary attacks, and differential and linear attacks, and eliminates weaknesses of ECB and CBC modes. This new framework shares a common structure with HAIFA, and can share the same logic with HAIFA compression functions. We analyze the security of several modes of operation for ABCs block ciphers, and suggest a few instances of ABCs
Analysis of Generalized Grover's Quantum Search Algorithms Using Recursion Equations
The recursion equation analysis of Grover's quantum search algorithm
presented by Biham et al. [PRA 60, 2742 (1999)] is generalized. It is applied
to the large class of Grover's type algorithms in which the Hadamard transform
is replaced by any other unitary transformation and the phase inversion is
replaced by a rotation by an arbitrary angle. The time evolution of the
amplitudes of the marked and unmarked states, for any initial complex amplitude
distribution is expressed using first order linear difference equations. These
equations are solved exactly. The solution provides the number of iterations T
after which the probability of finding a marked state upon measurement is the
highest, as well as the value of this probability, P_max. Both T and P_max are
found to depend on the averages and variances of the initial amplitude
distributions of the marked and unmarked states, but not on higher moments.Comment: 8 pages, no figures. To appear in Phys. Rev.
- …