Abstract
In this paper, we propose a quantum version of the differential cryptanalysis which offers a quadratic speedup over the existing classical one and show the quantum circuit implementing it. The quantum differential cryptanalysis is based on the quantum minimum/maximum-finding algorithm, where the values to be compared and filtered are obtained by calling the quantum counting algorithm. Any cipher which is vulnerable to the classical differential cryptanalysis based on counting procedures can be cracked more quickly under this quantum differential attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
A characteristic is a structure built for the cipher to be attacked, which is constructed by cryptanalysts at their leisure time. An n-round characteristic associated with a pair of encryptions consists of the plaintext difference and the ciphertext difference of the pair, along with the input and output differences of each round. A characteristic has a probability, which is the chance that a random pair with the chosen plaintext difference has the round and ciphertext difference values specified by the characteristic when random independent keys are used.
A subkey in the differential cryptanalysis refers to a part of the complete key, and it is a subset of the binary key string. For the 16-round characteristic introduced in [12], \(E\) is \(H'=T'_L\oplus 19\,60\,00\,00_x\), where \(H'\) is the output XOR of the 16th round of DES and \(T'_L\) is the left half of the ciphertexts difference. On the one hand, we can compute \(H'\) according to \(E\) with the given pair alone; on the other hand, we can also calculate \(H'\) with the help of the candidate subkey of the last round by a trial encryption. If these two results coincide perfectly, then the given pair is the right pair of the candidate subkey.
When the difference operation is XOR, the plaintext pairs can be set to \(\left( P_i,P_i\oplus P'\right) \) as default, where \(P_i=i, i=1,2,\ldots ,N\), and thus, we can just send \(P'\) as the request parameter to the cryptosystem and the cryptosystem could set up the plaintexts pairs by itself and then encrypt them, pack the result and respond.
The counting method in differential cryptanalysis is presented by Biham and Shamir [7], and it needs huge numbers of counters (\(K\) counters are necessary) and many precomputed differential tables.
References
Shor, P.W.: Algorithms for quantum computation: discrete logarithm and factoring. In: 35th Annual Symposium on IEEE Foundations of Computer Science, 1994 Proceedings, pp. 124–134 (1994)
Boneh, D., Lipton, R.J.: Quantum cryptanalysis of hidden linear functions. In: Advances in CryptologyłCRYPTO95, pp. 424–437. Springer, Berlin (1995)
Grover, L.K.: Quantum mechanics helps in searching for a needle in a haystack. Phys. Rev. Lett. 79(2), 325–328 (1997)
Ludwig, C.: A Faster Lattice Reduction Method Using Quantum Search. Springer, Berlin (2003)
Phaneendra, H.D., Vidya, R.C., Shivakumar, M.S.: Applying quantum search to a known-plaintext attack on two-key triple encryption. Int. Fed. Inf. Process. 228, 171–178 (2006)
Zhong, P.C., Bao, W.S.: Quantum mechanical meet-in-the-middle search algorithm for Triple-DES. Chin. Sci. Bull. 55(3), 321–325 (2010)
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encrypt Standard. Springer, New York (1993)
Boyer, M., Brassard, G., Høyer, P., et al.: Tight bounds on quantum searching (1996). arXiv preprint: arXiv.quant-ph/9605034
Durr, C., Høyer, P.: A quantum algorithm for finding the minimum (1996). arXiv preprint: arXiv.quant-ph/9607014
Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information, 261–263. Cambridge University Press, New York (2010)
Matsui, M.: Linear cryptanalysis method for DES Cipher. In: Advances in Cryptology-EUROCRYPT’93, pp. 386–397. Springer, Berlin (1994)
Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Advances in Cryptology-CRYPTO’92, pp. 487–496. Springer, Berlin (1992)
Acknowledgments
We gratefully acknowledge the support of the National Natural Science Foundation of China under Grant Nos. 61173050 and 61402188. The fourth author also gratefully acknowledges the support from the China Postdoctoral Science Foundation under Grant No. 2014M552041.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhou, Q., Lu, S., Zhang, Z. et al. Quantum differential cryptanalysis. Quantum Inf Process 14, 2101–2109 (2015). https://doi.org/10.1007/s11128-015-0983-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11128-015-0983-3