Quantum differential cryptanalysis


The work is devoted to the study quantum versions of the differential cryptanalysis based on using a combination of the quantum minimum/maximum search algorithm and the quantum counting algorithm. We have estimated the complexity and the required resources for applying the quantum differential and quantum linear cryptanalysis to searching round keys of block ciphers. It is shown that the implementation of the quantum linear method requires less logical qubits than for the implementation of the quantum differential method. The acceleration of calculations due to “quantum parallelism” in the quantum differential cryptanalysis, based on a combination of Grover’s quantum algorithms and quantum counting algorithm, is apparently absent, because the using of quantum counting as “subprogram” in the Grover algorithm eliminates quantum acceleration, as far as \( O (\sqrt{K}) \cdot O (\sqrt{K}) \approx O (K) \).

  • Symmetric cryptography
  • Quantum attacks
  • Differential cryptanalysis
  • Block ciphers
  • Grover’s algorithm
  • Quantum counting