Abstract
Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.
Highlights
Post-quantum security attracts significant attention in the context of public key cryptography and in the context of symmetric key cryptography, from the view point of both cryptanalysis [BN18, BNS19a, BNS19b, CNS17, GNS18, HSX17, KLLN16b, KLLN16a] and provable security for modes of operations [BZ13, CHS19, HI19, HY18, SY17, Zha19]
Recent results on symmetric key schemes show that some of the schemes that are proven to be secure in the classical setting are completely broken by adversaries with quantum computers in some specific situations [KM10, KM12, KLLN16a], which implies that simple remedies such as “doubling the length of secret keys” would not be sufficient to prepare for the threat of quantum computers, especially if it needs to be run on a quantum computer
LRWQ is the first mode of block ciphers to build a tweakable block cipher that is provably secure against quantum superposition attacks
Summary
Post-quantum security attracts significant attention in the context of public key cryptography and in the context of symmetric key cryptography, from the view point of both cryptanalysis [BN18, BNS19a, BNS19b, CNS17, GNS18, HSX17, KLLN16b, KLLN16a] and provable security for modes of operations [BZ13, CHS19, HI19, HY18, SY17, Zha19]. A symmetric scheme is said to have standard security if it is secure against adversaries with quantum computers that have access to usual classical keyed oracles. The scheme is said to have quantum security if it is secure even if adversaries with quantum computers have access to quantum keyed oracles. From the view point of long-term security for symmetric key schemes, it is important to study their quantum security given the current progress on the development of quantum computers. There has been no proposal of modes of BCs to build TBCs that are proven to be secure against quantum superposed attacks so far, and the existence of such modes remains open. We consider the following question: Does there exist a mode to build quantum-secure TBCs from quantum-secure BCs?
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
