Quantum Security of the Legendre PRF

International audienceIn this paper, we study the security of the Legendre PRF against quantum attackers, given classical queries only, and without quantum random-access memories. We give two algorithms that recover the key of a shifted Legendre symbol with unknown shift, with a complexity smaller than the exhaustive search of the key. The first one is a quantum variant of the table-based collision algorithm. The second one is an offline variant of Kuperberg's abelian hidden shift algorithm. We note that the latter, although asymptotically promising, is not currently the most efficient against practical parameters

Quantum Boomerang Attacks and Some Applications

International audienceIn this paper, we study quantum key-recovery attacks on block ciphers. While it is well known that a quantum adversary can generically speed up an exhaustive search of the key, much less is known on how to use specific vulnerabilities of the cipher to accelerate this procedure. In this context, we show how to convert classical boomerang and mixing boomerang attacks into efficient quantum key-recovery attacks. In some cases, we can even obtain a quadratic speedup, the same as simple differential attacks. We apply this technique to a 5-round attack on SAFER++

Block Cipher Doubling for a Post-Quantum World

In order to maintain a similar security level in a post-quantum setting, many symmetric primitives should have to double their keys and increase their state sizes. So far, no generic way for doing this is known that would provide convincing quantum security guarantees. In this paper we propose a new generic construction, QuEME, that allows to double the key and the state size of a block cipher. The QuEME design is inspired by the ECB-Mix-ECB (EME) construction, but is defined for a different choice of mixing function that withstands our new quantum superposition attack that exhibits a periodic property found in collisions and that breaks EME and a large class of variants of it. We prove that QuEME achieves $n$-bit security in the classical setting, where $n$ is the block size of the underlying block cipher, and at least $n/6$-bit security in the quantum setting. We propose a concrete instantiation of this construction, called Double-AES, that is built with variants of AES-128

Quantum boomerang attacks and some applications

In this paper, we study quantum key-recovery attacks on block ciphers. While it is well known that a quantum adversary can generically speed up an exhaustive search of the key, much less is known on how to use specific vulnerabilities of the cipher to accelerate this procedure. In this context, we show how to convert classical boomerang and mixing boomerang attacks into efficient quantum key-recovery attacks. In some cases, we can even obtain a quadratic speedup, the same as simple differential attacks. We apply this technique to a 5-round attack on SAFER++

Cryptographie à clé secrète et attaquant quantique dans le monde des télécommunications

For modern cryptography, the security of a system is defined as the sum of the resources required to break it. With the advent of efficient quantum computers and the new algorithmic possibilities that this opens, this amount of resource is destined to change.In this thesis, we take a step towards a better understanding of this quantum threat. After an introduction to quantum computation and cryptography, we show quantum attacks against the Legendre PRF in the setting without superposition queries and reduced quantum memory. Afterwards, we present a general way to transpose boomerang attacks into quantum attacks as well as some applications. We continue on a doubling method for block ciphers inspired by the Encrypt-Mix-Encrypt scheme and prove its security. We end by building a quantum version of the 3G/4G/5G UMTS-AKA authentication protocol before showing the security as well as the underlying primitives Milenage and TUAK.Pour la cryptographie moderne, la sécurité d'un système est définie comme la somme des ressources nécessaires pour le briser. Avec la venue d'ordinateurs quantiques efficaces et les nouvelles possibilités algorithmiques que cela ouvre, ce montant de ressources est voué à changer.Dans cette thèse, nous effectuons un pas en direction d'une meilleure compréhension de cette menace quantique. Après une introduction au calcul quantique et à la cryptographie, nous montrons des attaques quantiques contre la fonction pseudo-aléatoire de Legendre sans requête en superposition et en mémoire quantique réduite. Par la suite, nous exposons une manière générale de transposer les attaques boomerang en algorithmique quantique ainsi que quelques applications. Nous continuons sur une méthode de doublement de taille de blocs pour les chiffrements à blocs inspirée sur le schéma Encrypt-Mix-Encrypt et nous en montrons la sécurité. Nous finissons par la construction d'une version quantique du protocole d'authentification de la 3G/4G/5G UMTS-AKA avant d'en montrer la sécurité ainsi que celle des primitives sous-jacentes Milenage et TUAK

Secret-key cryptography and impact of a quantum attacker on the telecommunication world

Pour la cryptographie moderne, la sécurité d'un système est définie comme la somme des ressources nécessaires pour le briser. Avec la venue d'ordinateurs quantiques efficaces et les nouvelles possibilités algorithmiques que cela ouvre, ce montant de ressources est voué à changer. Dans cette thèse, nous effectuons un pas en direction d'une meilleure compréhension de cette menace quantique. Après une introduction au calcul quantique et à la cryptographie, nous montrons des attaques quantiques contre la fonction pseudo-aléatoire de Legendre sans requête en superposition et en mémoire quantique réduite. Par la suite, nous exposons une manière générale de transposer les attaques boomerang en algorithmique quantique ainsi que quelques applications. Nous continuons sur une méthode de doublement de taille de blocs pour les chiffrements à blocs inspirée sur le schéma Encrypt-Mix-Encrypt et nous en montrons la sécurité. Nous finissons par la construction d'une version quantique du protocole d'authentification de la 3G/4G/5G UMTS-AKA avant d'en montrer la sécurité ainsi que celle des primitives sous-jacentes Milenage et TUAK.For modern cryptography, the security of a system is defined as the sum of the resources required to break it. With the advent of efficient quantum computers and the new algorithmic possibilities that this opens, this amount of resource is destined to change.In this thesis, we take a step towards a better understanding of this quantum threat. After an introduction to quantum computation and cryptography, we show quantum attacks against the Legendre PRF in the setting without superposition queries and reduced quantum memory. Afterwards, we present a general way to transpose boomerang attacks into quantum attacks as well as some applications. We continue on a doubling method for block ciphers inspired by the Encrypt-Mix-Encrypt scheme and prove its security. We end by building a quantum version of the 3G/4G/5G UMTS-AKA authentication protocol before showing the security as well as the underlying primitives Milenage and TUAK