当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Dedicated Quantum Attacks on XOR-Type Function With Applications to Beyond-Birthday- Bound MACs
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-05-20 , DOI: 10.1109/tifs.2024.3402970 Tairong Shi 1 , Wenling Wu 1 , Bin Hu 2 , Jie Guan 2 , Han Sui 1 , Sengpeng Wang 2 , Mengyuan Zhang 1
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-05-20 , DOI: 10.1109/tifs.2024.3402970 Tairong Shi 1 , Wenling Wu 1 , Bin Hu 2 , Jie Guan 2 , Han Sui 1 , Sengpeng Wang 2 , Mengyuan Zhang 1
Affiliation
A lot of work in the field of quantum cryptanalysis is currently devoted to finding applications of Grover-meets-Simon algorithm and its complexity is given in the form of $\mathcal {O}$
, but research on how to implement the attack efficiently is still insufficient. After all, it is crucial to study quantum attacks in resource-limited situations, according to NIST’s guidance on circuit depth. This work first evaluates the parallelization of Grover-meets-Simon by drawing on the Grover’s parallel approach and shows that as the width increases by $2^{t}(t\gt 0)$
, the depth decreases by a factor of $\sqrt {2^{t}}$
. Further, the first dedicated quantum attack on a class of functions that appear in cryptographic scheme applications (so-called XOR-type function) is proposed. The depth, width, and the number of gates required for the attack are greatly reduced compared to the general parallelization. Then we apply the attack to various Beyond-Birthday-Bound (BBB) MACs, where the XOR function can be constructed, including SUM-ECBC and its variants (
2K-SUM-ECBC
, 2K-ECBC_Plus
), and GCM-SIV2
. In the typical case where SUM-ECBC is based on AES-128, our attack saves at least 62.3% in depth, 19.5% in width and 22.2% in gate count simultaneously. The impact on some lightweight ciphers is further explored, and it is interesting to note that the lighter the quantum circuit implementation of the cipher is, the greater the possible impact of an attack will be. This observation may provide new insights into quantum cryptanalysis.
中文翻译:
针对 XOR 型函数的专用量子攻击及其应用于超越生日限制的 MAC
目前量子密码分析领域的大量工作致力于寻找 Grover-meets-Simon 算法的应用,其复杂度以 $\mathcal {O}$ 的形式给出,但如何有效地实现攻击的研究还很有限。还是不够。毕竟,根据 NIST 关于电路深度的指导,在资源有限的情况下研究量子攻击至关重要。这项工作首先通过借鉴 Grover 的并行方法来评估 Grover-meets-Simon 的并行性,并表明随着宽度增加 $2^{t}(t\gt 0)$ ,深度会减少 $\sqrt 倍{2^{t}}$ 。此外,提出了针对密码方案应用中出现的一类函数(所谓的 XOR 型函数)的第一个专用量子攻击。攻击所需的深度、宽度以及门的数量相比一般的并行化都大大减少。然后我们将攻击应用于各种超越生日限制(BBB)MAC,其中可以构造XOR函数,包括SUM-ECBC及其变体(2K-SUM-ECBC、2K-ECBC_Plus)和GCM-SIV2。在 SUM-ECBC 基于 AES-128 的典型情况下,我们的攻击同时节省了至少 62.3% 的深度、19.5% 的宽度和 22.2% 的门数。进一步探讨了对一些轻量级密码的影响,有趣的是,密码的量子电路实现越轻,攻击可能产生的影响就越大。这一观察可能为量子密码分析提供新的见解。
更新日期:2024-05-20
中文翻译:
针对 XOR 型函数的专用量子攻击及其应用于超越生日限制的 MAC
目前量子密码分析领域的大量工作致力于寻找 Grover-meets-Simon 算法的应用,其复杂度以 $\mathcal {O}$ 的形式给出,但如何有效地实现攻击的研究还很有限。还是不够。毕竟,根据 NIST 关于电路深度的指导,在资源有限的情况下研究量子攻击至关重要。这项工作首先通过借鉴 Grover 的并行方法来评估 Grover-meets-Simon 的并行性,并表明随着宽度增加 $2^{t}(t\gt 0)$ ,深度会减少 $\sqrt 倍{2^{t}}$ 。此外,提出了针对密码方案应用中出现的一类函数(所谓的 XOR 型函数)的第一个专用量子攻击。攻击所需的深度、宽度以及门的数量相比一般的并行化都大大减少。然后我们将攻击应用于各种超越生日限制(BBB)MAC,其中可以构造XOR函数,包括SUM-ECBC及其变体(2K-SUM-ECBC、2K-ECBC_Plus)和GCM-SIV2。在 SUM-ECBC 基于 AES-128 的典型情况下,我们的攻击同时节省了至少 62.3% 的深度、19.5% 的宽度和 22.2% 的门数。进一步探讨了对一些轻量级密码的影响,有趣的是,密码的量子电路实现越轻,攻击可能产生的影响就越大。这一观察可能为量子密码分析提供新的见解。
京公网安备 11010802027423号