Skip to main content

On Quantum Related-Key Attacks on Iterated Even-Mansour Ciphers

Part of the Lecture Notes in Computer Science book series (LNSC,volume 10418)


The impacts that quantum computers will have on cryptography have become more and more important to study for not only public key cryptography but also symmetric key cryptography. For example, at ISITA 2012, Kuwakado and Morii showed that an adversary with a quantum computer can recover keys of the Even-Mansour construction in polynomial time by applying Simon’s algorithm. In addition, at CRYPTO 2016, Kaplan et al. showed that Simon’s algorithm can also be used to perform forgery attacks against MACs and exponentially speed-up a slide attack. This paper introduces a tool for finding the period of a function that is periodic up to constant addition and shows that a quantum adversary can use the tool to perform a related-key attack in polynomial time. Our quantum related-key attack is an extension of the quantum slide attack by Kaplan et al. against iterated Even-Mansour ciphers that are implemented on quantum circuits. Although the relationships among keys are strong, our algorithm can recover all the keys of a two-round iterated Even-Mansour cipher in polynomial time.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-64200-0_1
  • Chapter length: 16 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-64200-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.
Fig. 9.
Fig. 10.
Fig. 11.
Fig. 12.


  1. Chen, S., Steinberger, J.P.: Tight security bounds for key-alternating ciphers. IACR Cryptology ePrint Archive 2013, 222 (2013).

  2. Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151–162 (1997).

    MathSciNet  CrossRef  MATH  Google Scholar 

  3. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing. STOC 1996, NY, USA, pp. 212–219 (1996).

  4. Kaplan, M.: Quantum attacks against iterated block ciphers. CoRR abs/1410.1434 (2014).

  5. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Proceedings of the Advances in Cryptology - CRYPTO 2016–36th Annual International Cryptology Conference, Part II, Santa Barbara, CA, USA, August 14–18, 2016, pp. 207–237 (2016).

  6. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2016(1), 71–94 (2016).

  7. Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: Proceedings of the IEEE International Symposium on Information Theory, ISIT 13–18, 2010, Austin, Texas, USA, pp. 2682–2685 (2010).

  8. Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31, 2012. pp. 312–316 (2012).

  9. Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions (abstract). In: Proceedings of the Advances in Cryptology - CRYPTO 1985, Santa Barbara, California, USA, August 18–22, 1985, p. 447 (1985).

  10. NIST: Advanced encryption standard (AES) FIPS 197 (2001)

    Google Scholar 

  11. NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016)

    Google Scholar 

  12. Rötteler, M., Steinwandt, R.: A note on quantum related-key attacks. Inf. Process. Lett. 115(1), 40–44 (2015).

    CrossRef  MATH  Google Scholar 

  13. Santoli, T., Schaffner, C.: Using Simon’s algorithm to attack symmetric-key cryptographic primitives. Quantum Inf. Comput. 17(1&2), 65–78 (2017).

    Google Scholar 

  14. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997).

    MathSciNet  CrossRef  MATH  Google Scholar 

  15. Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997).

    MathSciNet  CrossRef  MATH  Google Scholar 

  16. Treger, J., Patarin, J.: Generic attacks on Feistel networks with internal permutations. In: Proceedings of the Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21–25, 2009, pp. 41–59 (2009).

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Akinori Hosoyamada .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hosoyamada, A., Aoki, K. (2017). On Quantum Related-Key Attacks on Iterated Even-Mansour Ciphers. In: Obana, S., Chida, K. (eds) Advances in Information and Computer Security. IWSEC 2017. Lecture Notes in Computer Science(), vol 10418. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64199-7

  • Online ISBN: 978-3-319-64200-0

  • eBook Packages: Computer ScienceComputer Science (R0)