Quantum Chosen-Ciphertext Attacks Against Feistel Ciphers

Ito, Gembu; Hosoyamada, Akinori; Matsumoto, Ryutaroh; Sasaki, Yu; Iwata, Tetsu

doi:10.1007/978-3-030-12612-4_20

Quantum Chosen-Ciphertext Attacks Against Feistel Ciphers

Conference paper
First Online: 03 February 2019

910 Accesses
17 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11405)

Abstract

Seminal results by Luby and Rackoff show that the 3-round Feistel cipher is secure against chosen-plaintext attacks (CPAs), and the 4-round version is secure against chosen-ciphertext attacks (CCAs). However, the security significantly changes when we consider attacks in the quantum setting, where the adversary can make superposition queries. By using Simon’s algorithm that detects a secret cycle-period in polynomial-time, Kuwakado and Morii showed that the 3-round version is insecure against quantum CPA by presenting a polynomial-time distinguisher. Since then, Simon’s algorithm has been heavily used against various symmetric-key constructions. However, its applications are still not fully explored.

In this paper, based on Simon’s algorithm, we first formalize a sufficient condition of a quantum distinguisher against block ciphers so that it works even if there are multiple collisions other than the real period. This distinguisher is similar to the one proposed by Santoli and Schaffner, and it does not recover the period. Instead, we focus on the dimension of the space obtained from Simon’s quantum circuit. This eliminates the need to evaluate the probability of collisions, which was needed in the work by Kaplan et al. at CRYPTO 2016. Based on this, we continue the investigation of the security of Feistel ciphers in the quantum setting. We show a quantum CCA distinguisher against the 4-round Feistel cipher. This extends the result of Kuwakado and Morii by one round, and follows the intuition of the result by Luby and Rackoff where the CCA setting can extend the number of rounds by one. We also consider more practical cases where the round functions are composed of a public function and XORing the subkeys. We show the results of both distinguishing and key recovery attacks against these constructions.

Keywords

Feistel cipher
Quantum chosen-ciphertext attacks
Simon’s algorithm

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 79.99; Price excludes VAT (USA)

Softcover Book: USD 99.99; Price excludes VAT (USA)

Learn about institutional subscriptions

References

Aoki, K., et al.: Camellia: a 128-bit block cipher suitable for multiple platforms—design andanalysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44983-3_4
CrossRef Google Scholar
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd Annual Design Automation Conference, pp. 175:1–175:6. ACM (2015)
Google Scholar
Bonnetain, X.: Quantum key-recovery on full AEZ. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 394–406. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_20
CrossRef Google Scholar
Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: On quantum slide attacks. IACR Cryptology ePrint Archive 2018, 1067 (2018)
Google Scholar
Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: New attacks on Feistel structures with improved memory complexities. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 433–454. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_21
CrossRef Google Scholar
Dong, X., Dong, B., Wang, X.: Quantum attacks on some Feistel block ciphers. IACR Cryptology ePrint Archive 2018, 504 (2018)
Google Scholar
Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized Feistel schemes. IACR Cryptology ePrint Archive 2017, 1249 (2017)
Google Scholar
Dong, X., Wang, X.: Quantum key-recovery attack on Feistel structures. IACR Cryptology ePrint Archive 2017, 1199 (2017)
Google Scholar
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) STOC 1996, pp. 212–219. ACM (1996)
Google Scholar
Guo, J., Jean, J., Nikolić, I., Sasaki, Y.: Meet-in-the-middle attacks on generic Feistel constructions. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 458–477. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_24
CrossRef Google Scholar
Hosoyamada, A., Sasaki, Y.: Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 386–403. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_21
CrossRef Google Scholar
Isobe, T., Shibutani, K.: Generic key recovery attack on Feistel scheme. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 464–485. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_24
CrossRef Google Scholar
Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Y., Iwata, T.: Quantum chosen-ciphertext attacks against Feistel ciphers. IACR Cryptology ePrint Archive 2018, 1193 (2018). Full version of this paper
Google Scholar
Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 207–237. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_8
CrossRef Google Scholar
Knudsen, L.R.: The security of Feistel ciphers with six rounds or less. J. Cryptol. 15(3), 207–222 (2002)
MathSciNet CrossRef Google Scholar
Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: ISIT 2010, pp. 2682–2685. IEEE (2010)
Google Scholar
Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: ISITA 2012, pp. 312–316. IEEE (2012)
Google Scholar
Leander, G., May, A.: Grover meets Simon – quantumly attacking the FX-construction. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 161–178. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_6
CrossRef Google Scholar
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)
MathSciNet CrossRef Google Scholar
National Bureau of Standards: Data encryption standard. FIPS 46, January 1977
Google Scholar
Santoli, T., Schaffner, C.: Using Simon’s algorithm to attack symmetric-key cryptographic primitives. Quantum Inf. Comput. 17(1&2), 65–78 (2017)
MathSciNet Google Scholar
Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_23
CrossRef Google Scholar
Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)
MathSciNet CrossRef Google Scholar
Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_12
CrossRef Google Scholar
Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307–329. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_16
CrossRef Google Scholar

Download references

Acknowledgments

The authors would like to thank participants of Dagstuhl seminar 18021, Symmetric Cryptography, for insightful feedback. We also would like to thank the anonymous reviewers of CT-RSA 2019 for helpful comments.

Author information

Authors and Affiliations

Nagoya University, Nagoya, Japan
Gembu Ito, Akinori Hosoyamada, Ryutaroh Matsumoto & Tetsu Iwata
NTT Secure Platform Laboratories, Tokyo, Japan
Akinori Hosoyamada & Yu Sasaki
Aalborg University, Aalborg, Denmark
Ryutaroh Matsumoto

Authors

Gembu Ito
View author publications
You can also search for this author in PubMed Google Scholar
Akinori Hosoyamada
View author publications
You can also search for this author in PubMed Google Scholar
Ryutaroh Matsumoto
View author publications
You can also search for this author in PubMed Google Scholar
Yu Sasaki
View author publications
You can also search for this author in PubMed Google Scholar
Tetsu Iwata
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tetsu Iwata .

Editor information

Editors and Affiliations

Mitsubishi Electric Corporation, Kamakura, Japan
Dr. Mitsuru Matsui

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Y., Iwata, T. (2019). Quantum Chosen-Ciphertext Attacks Against Feistel Ciphers. In: Matsui, M. (eds) Topics in Cryptology – CT-RSA 2019. CT-RSA 2019. Lecture Notes in Computer Science(), vol 11405. Springer, Cham. https://doi.org/10.1007/978-3-030-12612-4_20

Download citation

DOI: https://doi.org/10.1007/978-3-030-12612-4_20
Published: 03 February 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12611-7
Online ISBN: 978-3-030-12612-4
eBook Packages: Computer ScienceComputer Science (R0)