In this paper, we promote Trojan message attacks against Merkle–Damgård hash functions and their concatenation combiner in quantum settings for the first time. Two main quantum scenarios are considered, involving the scenarios where a substantial amount of cheap quantum random access memory (qRAM) is available and where qRAM is limited and expensive to access. We first discuss the construction of diamond structures and analyze the corresponding time complexity in both of these quantum scenarios. Secondly, we propose quantum versions of the generic Trojan message attacks on Merkle–Damgård hash functions as well as their improved versions by combining with diamond structures and expandable messages, and then determine their cost. Finally, we propose Trojan message attack against Merkle–Damgård hash concatenation combiner in quantum setting. The results show that Trojan message attacks can be improved significantly with quantum computers under both scenarios, so the security of hash constructions in classical setting requires careful re-evaluation before being deployed to the post-quantum cryptography schemes.

在本文中，我们首次在量子设置中推广了针对 Merkle-Damgård 哈希函数及其串联组合器的木马消息攻击。考虑了两种主要的量子方案，涉及大量廉价量子随机存取存储器 （qRAM） 可用的方案，以及 qRAM 有限且访问成本高昂的方案。我们首先讨论了菱形结构的构造，并分析了这两种量子场景中相应的时间复杂度。其次，我们通过结合菱形结构和可扩展消息，提出了对 Merkle-Damgård 哈希函数的通用木马消息攻击的量子版本及其改进版本，然后确定其成本。最后，我们提出了在量子设置中针对 Merkle-Damgård 哈希连接组合器的木马消息攻击。结果表明，在这两种情况下，量子计算机都可以显著改善 Trojan 消息攻击，因此在部署到后量子密码学方案之前，需要仔细重新评估经典设置中哈希结构的安全性。