Improved Quantum Multicollision-Finding Algorithm

  • Akinori HosoyamadaEmail author
  • Yu Sasaki
  • Seiichiro Tani
  • Keita Xagawa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11505)


The current paper improves the number of queries of the previous quantum multi-collision finding algorithms presented by Hosoyamada et al. at Asiacrypt 2017. Let an l-collision be a tuple of l distinct inputs that result in the same output of a target function. In cryptology, it is important to study how many queries are required to find l-collisions for random functions of which domains are larger than ranges. The previous algorithm finds an l-collision for a random function by recursively calling the algorithm for finding \((l-1)\)-collisions, and it achieves the average quantum query complexity of \(O(N^{(3^{l-1}-1) / (2 \cdot 3^{l-1})})\), where N is the range size of target functions. The new algorithm removes the redundancy of the previous recursive algorithm so that different recursive calls can share a part of computations. The new algorithm finds an l-collision for random functions with the average quantum query complexity of \(O(N^{(2^{l-1}-1) / (2^{l}-1)})\), which improves the previous bound for all \(l\ge 3\) (the new and previous algorithms achieve the optimal bound for \(l=2\)). More generally, the new algorithm achieves the average quantum query complexity of \(O\left( c^{3/2}_N N^{\frac{2^{l-1}-1}{ 2^{l}-1}}\right) \) for a random function \(f:X\rightarrow Y\) such that \(|X| \ge l \cdot |Y| / c_N\) for any \(1\le c_N \in o(N^{\frac{1}{2^l - 1}})\). With the same query complexity, it also finds a multiclaw for random functions, which is harder to find than a multicollision.


Post-quantum cryptography Quantum algorithm Multiclaw Multicollision 


  1. [Amb04]
    Ambainis, A.: Quantum walk algorithm for element distinctness. In: Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2004, Rome, Italy, 17–19 October 2004, pp. 22–31 (2004)Google Scholar
  2. [BBHT98]
    Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. Fortschr. Physik Prog. Phys. 46(4–5), 493–505 (1998)CrossRefGoogle Scholar
  3. [BDH+01]
    Buhrman, H., et al.: Quantum algorithms for element distinctness. In: Proceedings of the 16th Annual IEEE Conference on Computational Complexity, Chicago, Illinois, USA, 18–21 June 2001, pp. 131–137 (2001)Google Scholar
  4. [BDRV18]
    Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 133–161. Springer, Cham (2018). Scholar
  5. [Bel12]
    Belovs, A.: Learning-graph-based quantum algorithm for \(k\)-distinctness. In: 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, NJ, USA, 20–23 October 2012, pp. 207–216 (2012)Google Scholar
  6. [BHT98]
    Brassard, G., Høyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol. 1380, pp. 163–169. Springer, Heidelberg (1998). Scholar
  7. [BKP18]
    Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Proceedings of the 50th Annual ACM Symposium on Theory of Computing, STOC 2018, Los Angeles, CA, USA, 25–29 June 2018, pp. 671–684 (2018)Google Scholar
  8. [CNS17]
    Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 211–240. Springer, Cham (2017). Scholar
  9. [Gro96]
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22–24 May 1996, pp. 212–219 (1996)Google Scholar
  10. [HS05]
    Hush, D., Scovel, C.: Concentration of the hypergeometric distribution. Stat. Prob. Lett. 75(2), 127–132 (2005)MathSciNetCrossRefGoogle Scholar
  11. [HSX17]
    Hosoyamada, A., Sasaki, Y., Xagawa, K.: Quantum multicollision-finding algorithm. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 179–210. Springer, Cham (2017). Scholar
  12. [JLM14]
    Jovanovic, P., Luykx, A., Mennink, B.: Beyond 2c/2 security in sponge-based authenticated encryption modes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 85–104. Springer, Heidelberg (2014). Scholar
  13. [KNY18]
    Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 162–194. Springer, Cham (2018). Scholar
  14. [LZ18]
    Liu, Q., Zhandry, M.: On finding quantum multi-collisions. In: Proceedings of EUROCRYPT 2019 (2018)Google Scholar
  15. [MU17]
    Mitzenmacher, M., Upfal, E.: Probability and Computing: Randomization and Probabilistic Techniques in Algorithms and Data Analysis. Cambridge University Press, Cambridge (2017)zbMATHGoogle Scholar
  16. [RS96]
    Rivest, R.L., Shamir, A.: PayWord and MicroMint: two simple micropayment schemes. In: Proceedings of the International Workshop on Security Protocols, Cambridge, United Kingdom, 10–12 April 1996, pp. 69–87 (1996)CrossRefGoogle Scholar
  17. [Tan09]
    Tani, S.: Claw finding algorithms using quantum walk. Theor. Comput. Sci. 410(50), 5285–5297 (2009)MathSciNetCrossRefGoogle Scholar
  18. [Zha15]
    Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15(7&8), 557–567 (2015)MathSciNetGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Akinori Hosoyamada
    • 1
    • 2
    Email author
  • Yu Sasaki
    • 1
  • Seiichiro Tani
    • 3
  • Keita Xagawa
    • 1
  1. 1.NTT Secure Platform LaboratoriesNTT CorporationMusashino-shiJapan
  2. 2.Department of Information and Communication EngineeringNagoya UniversityNagoyaJapan
  3. 3.NTT Communication Science LaboratoriesNTT CorporationAtsugi-shiJapan

Personalised recommendations