Skip to main content
SpringerLink
Log in

Post-quantum security on the Lai–Massey scheme

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Post-quantum cryptography has attracted much attention from worldwide cryptologists. A growing number of symmetric cryptography algorithms have been analyzed in the quantum settings. Lai–Massey scheme was analysed by Vaudenay in Asiacrypt’99, based on the IDEA block cipher, and widely used in the design of symmetric cryptographic algorithms. In this work, we study the security on the Lai–Massey scheme in the quantum setting, and give a general technique to simulate the XOR of left and right parts of outputs of quantum oracles without destroying quantum entanglements. We show that the 3-round and 4-round Lai–Massey scheme are insecure, which can be distinguished from a random permutation in polynomial time in the quantum chosen-plaintext (qCPA) setting and quantum chosen ciphertext attack (qCCA) setting based on Simon’s algorithm, respectively. We also introduce quantum key-recovery attacks on the Lai–Massey scheme by applying the combination of Simon’s and Grover’s algorithms. For r-round Lai-Massey scheme, the key-recovery query complexity are \(O({2^{(r - 3)k/2}})\) and \(O({2^{(r - 4)k/2}})\) in the qCPA and qCCA setting respectively, where k is the bit length of a round sub-key. The query complexities are better than the quantum brute force search by factors \({2^{3k/2}}\) and \({2^{2k}}\) respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

All data generated or analyzed during this study are included in this published article.

References

  1. Bhaumik R., Bonnetain X., Chailloux A., et al.: QCB: efficient quantum-secure authenticated encryption. In: Tibouchi M., Wang H. (eds.) ASIACRYPT 2021, pp. 668–698. Springer, Cham (2021).

    Chapter  Google Scholar 

  2. Cid C., Hosoyamada A., Liu Y., et al.: Quantum cryptanalysis on contracting Feistel structures and observation on related-key settings. In: Cid C., Hosoyamada A., Liu Y., et al. (eds.) INDOCRYPT 2020, pp. 373–394. Bangalore, International Association for Cryptologic Research (2020).

    Chapter  Google Scholar 

  3. Cui T., Wang M., Fan Y., et al.: Ballet: a software-friendly block cipher. J. Cryptol. Res. 6(6), 704–712 (2019).

    Google Scholar 

  4. Dong X., Wang X.: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61, 1–7 (2018).

    Article  Google Scholar 

  5. Dong X., Li Z., Wang X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 180–191 (2019).

    Article  MathSciNet  Google Scholar 

  6. Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).

    Article  MathSciNet  MATH  Google Scholar 

  7. Grover L.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22–24, 1996, pp. 212-219 (1996)

  8. Hodžić S., Ramkilde L., Kidmose A.: On quantum distinguishers for type-3 generalized Feistel network based on separability. In: Ding J., Tillich J.-P. (eds.) PQCrypto 2020, pp. 461–480. Springer, Cham (2020).

    Google Scholar 

  9. Hosoyamada A., Sasaki Y.: Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: Catalano D., De Prisco R. (eds.) SCN 2018, pp. 386–403. Springer, Cham (2018).

    Google Scholar 

  10. Ito G., Hosoyamada A., Matsumoto R., et al.: Quantum chosen ciphertext attacks against Feistel ciphers. In: Matsui M. (ed.) CT-RSA 2019, pp. 391–411. Springer, Cham (2019).

    Google Scholar 

  11. Junod P., Vaudenay S.: FOX: a new family of block ciphers. In: Selected Areas in Cryptography-SAC’2004. LNCS, vol. 3357, pp. 114–129. Springer, Berlin (2004).

  12. Kaplan M., Leurent G., Leverrier A., et al.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, pp. 207–237. Springer, Heidelberg (2016).

    Chapter  Google Scholar 

  13. Kilian J., Rogaway P.: How to protect DES against exhaustive key search. In: Koblitz N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996).

    Google Scholar 

  14. Kilian J., Rogaway P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17–35 (2001).

    Article  MathSciNet  MATH  Google Scholar 

  15. Kuwakado H., Morii M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, June 13–18, 2010, Austin, Texas, USA, Proceedings, pp. 2682–2685 (2010)

  16. Kuwakado H., Morii M.: Security on the quantum-type Even-Mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31, 2012, pp. 312–316 (2012)

  17. Lai X., Massey J.: Markov ciphers and differential cryptanalysis. In: Davies D.W. (ed.) Advances in Cryptology-EUROCRYPT’91 (Brighton, UK). LNCS, vol. 547, pp. 17–38. Springer, Berlin (1991).

    Google Scholar 

  18. Lai X., Massey J.: Hash functions based on block ciphers. In: Rueppel R.A. (ed.) Advances in Cryptography-Eurocrypt’92. LNCS, vol. 658, pp. 55–70. Springer, Berlin (1992).

    Google Scholar 

  19. Leander G., May A.: Grover meets Simon—quantumly attacking the FX construction. In: Takagi T., Peyrin T. (eds.) ASIACRYPT 2017, pp. 161–178. Springer, Cham (2017).

    Chapter  Google Scholar 

  20. Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).

    Article  MathSciNet  MATH  Google Scholar 

  21. Luo Y., Lai X., Gong Z., et al.: Pseudorandomness Analysis of the Lai–Massey Scheme. https://eprint.iacr.org/2009/266.pdf (2009)

  22. Luo Y., Yan H., Wang L., et al.: Study on block cipher structures against Simon’s quantum algorithm. J. Cryptol. Res. 6(5), 561–573 (2019).

    Google Scholar 

  23. Mediacrypt. http://www.mediacrypt.com/

  24. Ni B., Ito G., Dong X., et al.: Quantum attacks against type-1 generalized Feistel ciphers and applications to CAST-256. In: Hao F., Ruj S., Sen Gupta S. (eds.) INDOCRYPT 2019, pp. 433–455. Springer, Cham (2019).

    Chapter  Google Scholar 

  25. Simon D.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997).

    Article  MathSciNet  MATH  Google Scholar 

  26. Vaudenay S.: On the Lai–Massey scheme. In: Advances in Cryptology-ASIACRYPT’99. LNCS, vol. 1716, pp. 8–19. Springer, Berlin (1999).

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Key Research and Development Program of China (2021YFB3100100), the National Natural Science Foundation of China (62072445), and the Key Research and Development and Promotion Special Project of Henan Province (Scientific and Technological Breakthrough) (232102211060).

Author information

Authors and Affiliations

  1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Zhongya Zhang, Wenling Wu, Han Sui & Bolin Wang

  2. Information Engineering College, Henan University of Science and Technology, Luoyang 471023, China

    Zhongya Zhang

  3. Zhongguancun Laboratory, Beijing, China

    Wenling Wu

Authors
  1. Zhongya Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenling Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Han Sui
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bolin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Zhongya Zhang or Wenling Wu.

Additional information

Communicated by T. Iwata.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, Z., Wu, W., Sui, H. et al. Post-quantum security on the Lai–Massey scheme. Des. Codes Cryptogr. 91, 2687–2704 (2023). https://doi.org/10.1007/s10623-023-01225-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-023-01225-5

Keywords

Mathematics Subject Classification

Search

Navigation