Skip to main content
Log in

Quantum attacks on some feistel block ciphers

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript


Post-quantum cryptography has attracted much attention from worldwide cryptologists. However, most research works are related to public-key cryptosystem due to Shor’s attack on RSA and ECC ciphers. At CRYPTO 2016, Kaplan et al. showed that many secret-key (symmetric) systems could be broken using a quantum period finding algorithm, which encouraged researchers to evaluate symmetric systems against quantum attackers. In this paper, we continue to study symmetric ciphers against quantum attackers. First, we convert the classical advanced slide attacks (introduced by Biryukov and Wagner) to a quantum one, that gains an exponential speed-up in time complexity. Thus, we could break 2/4K-Feistel and 2/4K-DES in polynomial time. Second, we give a new quantum key-recovery attack on full-round GOST, which is a Russian standard, with \(2^{114.8}\) quantum queries of the encryption process, faster than a quantum brute-force search attack by a factor of \(2^{13.2}\).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Similar content being viewed by others


  1. The way to select \(\alpha \) is the same as Sect. 3.2.1.


  1. Benoist J. C.: Quantum circuit representation of Grover’s algorithm. Wikimedia, Inc. Grovers algorithm.svg. Accessed 5 Jan 2011

  2. Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991).

    Article  MathSciNet  Google Scholar 

  3. Biryukov A., Wagner D.: Slide attacks. In: Knudsen L. (ed.) Fast Software Encryption, FSE 1999, vol. 1636, pp. 245–259. Lecture Notes in Computer ScienceSpringer, Berlin, Heidelberg (1999).

    Google Scholar 

  4. Biryukov A., Wagner D.: Advanced slide attacks. In: Preneel B. (ed.) Advances in Cryptology—EUROCRYPT 2000, vol. 1807, pp. 589–606. Lecture Notes in Computer ScienceSpringer, Berlin, Heidelberg (2000).

    Chapter  Google Scholar 

  5. Boneh D., Zhandry M.: Quantum-secure message authentication codes. In: T. Johansson, P. Q. Nguyen (eds.) Advances in Cryptology—EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26–30, 2013. Proceedings, volume 7881 of Lecture Notes in Computer Science, pp. 592–608. Springer (2013)

  6. Boneh D., Zhandry M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Canetti R., Garay J.A. (eds.) Advances in Cryptology—CRYPTO 2013, vol. 8043, pp. 361–379. Lecture Notes in Computer ScienceSpringer, Berlin (2013).

    Chapter  Google Scholar 

  7. Bonnetain X., Naya-Plasencia M., Schrottenloher A.: On Quantum Slide Attacks. Cryptology ePrint Archive, Report 2018/1067. To appear at SAC (2019)

  8. Brassard G., Hoyer P., Mosca M., et al.: Quantum amplitude amplification and estimation. arXiv:quant-ph/0005055 (2000)

  9. Chailloux A., Naya-Plasencia M., Schrottenloher A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. Cryptology ePrint Archive, Report 2017/847 (2017)

  10. Damgård I., Funder J., Nielsen J.B., Salvail L.: Superposition attacks on cryptographic protocols. In: Padró C. (ed.) ICITS 2013, vol. 8317, pp. 142–161. LNCSSpringer, Heidelberg (2014).

    Google Scholar 

  11. Dinur I., Dunkelman O., Shamir A.: Improved attacks on full GOST. In: Canteaut A. (ed.) Fast Software Encryption, FSE 2012, vol. 7549, pp. 9–28. Lecture Notes in Computer ScienceSpringer, Berlin (2012).

    Google Scholar 

  12. Dong X., Dong B., Wang X.: Quantum Attacks on Some Feistel Block Ciphers. Cryptology ePrint Archive, Report 2018/504.

  13. Dong X., Wang X.: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61(10), 102501 (2018).

    Article  Google Scholar 

  14. Dong X., Li Z., Wang X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 22501 (2018).

    Article  MathSciNet  Google Scholar 

  15. Feistel H., Notz W.A., Smith J.L.: Some cryptographic techniques for machine-to-machine data communications. Proc. IEEE 63(11), 1545–1554 (1975).

    Article  Google Scholar 

  16. Grover L. K: A fast quantum mechanical algorithm for database search. In: Miller G L, eds. Proceedings of STOC 1996. ACM, pp. 212–219 (1996)

  17. Hosoyamada A., Sasaki Y.: Quantum Demiric-Selçuk Meet-in-the-Middle Attacks. Applications to 6-Round Generic Feistel Constructions. In: Catalano D, De Prisco R, (eds.), Security and Cryptography for Networks—11th International Conference, SCN 2018. Lecture Notes in Computer Science, vol. 11035. Springer, Cham, pp. 386–403 (2018)

  18. Hosoyamada A., Sasaki Y.: Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations. In: Smart N.P. (ed.) CT-RSA 2018, vol. 10808, pp. 198–218. LNCSSpringer, Cham (2018).

    Google Scholar 

  19. Hosoyamada A., Sasaki Y., Xagawa K.: Quantum multicollision-finding algorithm. IACR Cryptol. ePrint Arch. 2017, 864 (2017).

    MATH  Google Scholar 

  20. International Organization for Standardization (ISO).: International Standard-ISO/IEC 18033-3, Information technology-Security techniques-Encryption algorithms-Part 3: Block ciphers (2010)

  21. Isobe T.: A single-key attack on the full GOST block cipher. In: Joux A. (ed.) Fast Software Encryption, FSE 2011, vol. 6733, pp. 290–305. Lecture Notes in Computer ScienceSpringer-Verlag, Berlin (2011).

    Google Scholar 

  22. Ito G., Hosoyamada A., Matsumoto R., Sasaki Y., Iwata T.: Quantum chosen-ciphertext attacks against feistel ciphers. In: Matsui M (eds.) Topics in Cryptology—CT-RSA 2019—The Cryptographers’ Track at the RSA Conference 2019, San Francisco, CA, USA, March 4–8, 2019, Proceedings. Lecture Notes in Computer Science, vol. 11405. Springer, pp. 391–411 (2019)

  23. Kaplan M., Leurent G., Leverrier A., Naya-Plasencia M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw M., Katz J. (eds.) Advances in Cryptology—CRYPTO 2016, vol. 9815, pp. 207–237. Lecture Notes in Computer ScienceSpringer, Berlin (2016).

    Chapter  Google Scholar 

  24. Kaplan M., Leurent G., Leverrier A., Naya-Plasencia M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 1, 71–94 (2016).

    MATH  Google Scholar 

  25. Kara O.: Reflection cryptanalysis of some ciphers. In: Chowdhury D.R., Rijmen V., Das A. (eds.) Progress in Cryptology—INDOCRYPT 2008, vol. 5365, pp. 294–307. Lecture Notes in Computer ScienceSpringer, Berlin (2008).

    Chapter  Google Scholar 

  26. Kuwakado H., Morii M.: Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: International symposium on information theory, ISIT 2010. IEEE, pp. 2682–2685 (2010)

  27. Kuwakado H., Morii M.: Security on the quantum-type even-mansour cipher. In: International symposium on information theory and its applications, ISITA 2012. IEEE, pp. 312–316 (2012)

  28. Leander G., May A.: Grover meets simon—quantumly attacking the FX-construction. In: Takagi T., Peyrin T. (eds.) Advances in Cryptology—ASIACRYPT 2017, Part II, vol. 10625, pp. 161–178. Lecture Notes in Computer ScienceCham, Springer (2017).

    Chapter  Google Scholar 

  29. Matsui M.: Linear cryptanalysis method of DES sipher. In: Helleseth T. (ed.) EUROCRYPT 1993, vol. 765, pp. 386–397. LNCSSpringer, Heidelberg (1994).

    Google Scholar 

  30. Moody D.: The Ship Has Sailed: the NIST Post-quantum Cryptography “Competition”(Invited talk). In: Advances in Cryptology—ASIACRYPT 2017. Springer, Berlin (2017)

  31. National Soviet Bureau of Standards: Information Processing System—Cryptographic Protection—Cryptographic Algorithm GOST 28147–89 (1989)

  32. Nielsen M. A, Chuang I.: Quantum computation and quantum information. (2002)

  33. Rivest R.L., Shamir A., Adleman L.: A Method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978).

    Article  MathSciNet  Google Scholar 

  34. Santoli T., Schaffner C.: Using simon’s algorithm to attack symmetric-key cryptographic primitives. Quantum Inf. Comput. 17(1&2), 65–78 (2017).

    MathSciNet  Google Scholar 

  35. Shor P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997).

    Article  MathSciNet  Google Scholar 

  36. Simon D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997).

    Article  MathSciNet  Google Scholar 

  37. Strubell E.: An Introduction to Quantum Algorithms.

  38. Zhandry M.: How to construct quantum random functions. In: 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, NJ, USA, October 20–23, 2012, pp. 679–687. IEEE Computer Society (2012)

Download references


We would like to thank the anonymous reviewers for their important comments on this paper. This work is supported by National Key Research and Development Program of China (No. 2017YFA0303903), the National Natural Science Foundation of China (No. 61902207), the National Cryptography Development Fund (No. MMJJ20180101, MMJJ20170121).

Author information

Authors and Affiliations


Corresponding author

Correspondence to Xiaoyun Wang.

Additional information

Communicated by T. Iwata.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dong, X., Dong, B. & Wang, X. Quantum attacks on some feistel block ciphers. Des. Codes Cryptogr. 88, 1179–1203 (2020).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


Mathematics Subject Classification