Abstract
In this paper, we study applications of Bernstein–Vazirani algorithm and present several new methods to attack block ciphers. Specifically, we first present a quantum algorithm for finding the linear structures of a function. Based on it, we propose new quantum distinguishers for the 3-round Feistel scheme and a new quantum algorithm to recover partial key of the Even–Mansour construction. Afterwards, by observing that the linear structures of a encryption function are actually high probability differentials of it, we apply our algorithm to differential analysis and impossible differential cryptanalysis respectively. We also propose a new kind of differential cryptanalysis, called quantum small probability differential cryptanalysis, based on the fact that the linear structures found by our algorithm are also the linear structure of each component function. To our knowledge, no similar method was proposed before. The efficiency and success probability of all attacks are analyzed rigorously. Since our algorithm treats the encryption function as a whole, it avoid the disadvantage of traditional differential cryptanalysis that it is difficult to extending the differential path.
Highlights
Over the last few years, there has been an increasing interest in quantum cryptography
Observing that linear structures of a encryption function are high probability differentials of it, we propose three ways to execute differential cryptanalysis, which we call quantum differential analysis, quantum small probability differential cryptanalysis and quantum impossible differential cryptanalysis respectively
The quantum algorithms used for these three kinds of differential cryptanalysis all have polynomial running time
Summary
Over the last few years, there has been an increasing interest in quantum cryptography. In [12], Kaplan et al use Simon’s algorithm to attack various symmetric cryptosystems, such as CBC-MAC, PMAC, CLOC and so on They study how differential and linear cryptanalysis behave in the post-quantum world [11]. We first propose a quantum algorithm for finding the linear structures of a vector function, which takes BV algorithm as a subroutine and is developed from the algorithm in [17] We modify this original algorithm to get different versions and apply them in different attack strategies. One of the main shortcomings of traditional differential cryptanalysis is the difficulties in extending the differential paths, which limits the number of rounds that can be attacked Our approach avoids this problem since it treats the encryption function as a whole
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
