Abstract
The quantum security of lightweight block ciphers is receiving more and more attention. However, the existing quantum attacks on lightweight block ciphers only focused on the quantum exhaustive search, while the quantum attacks combined with classical cryptanalysis methods haven’t been well studied. In this paper, we study quantum key recovery attack on SIMON32/64 using Quantum Amplitude Amplification algorithm in Q1 model. At first, we reanalyze the quantum circuit complexity of quantum exhaustive search on SIMON32/64. We estimate the Clifford gates count more accurately and reduce the T gate count. Also, the T-depth and full depth is reduced due to our minor modifications. Then, using four differentials given by Biryukov in FSE 2014 as our distinguisher, we give our quantum key recovery attack on 19-round SIMON32/64. We treat the two phases of key recovery attack as two QAA instances separately, and the first QAA instance consists of four sub-QAA instances. Then, we design the quantum circuit of these two QAA instances and estimate their corresponding quantum circuit complexity. We conclude that the quantum circuit of our quantum key recovery attack is lower than quantum exhaustive search. Our work firstly studies the quantum dedicated attack on SIMON32/64. And this is the first work to study the complexity of quantum dedicated attacks from the perspective of quantum circuit complexity, which is a more fine-grained analysis of quantum dedicated attacks’ complexity.
Highlights
The devolvement of quantum computation poses a threat to classical cryptosystems
2 We present our quantum round-key recovery attack on 19-round SIMON32/64 combined with CRKR in (Biryukov et al 2014)
In “The quantum round-key key recovery attack on 19-round SIMON32/64” section, we describe the quantum round-key key recovery attack on 19-round SIMON32/64
Summary
The devolvement of quantum computation poses a threat to classical cryptosystems. Shor’s algorithm (Shor 1994) can break the security of public-key cryptosystems based on integer factorization and discrete logarithm, which gives rise to post-quantum cryptography. The quantum master-key exhaustive search attack on 19-round SIMON32/64 to put the comparison standard on the same scale, we reanalyze the quantum circuit complexity of QMKS using QAA algorithm based on the result in Anand et al (2020c) where Anand et al present Grover’s search algorithm on SIMON variants and estimate the quantum resources to implement such attack. After running the code of implementing SIMON32/64 given by Anand et al (2020c) in Anand et al (2020a), we found that the Qiskit function computes the the depth of quantum circuit without decomposing Toffoli gate which leads to the incompleteness of the circuit depth calculation. We compare the complexity of our key recovery attack and exhaustive search on 19-round SIMON32/64 in terms of encryption complexity and quantum resources separately. We describe the process of key recovery process in Biryukov et al (2014)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
