Top

Designs, Codes and Cryptography

Published in:

29-04-2023

Post-quantum security on the Lai–Massey scheme

Authors: Zhongya Zhang, Wenling Wu, Han Sui, Bolin Wang

Published in: Designs, Codes and Cryptography | Issue 8/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Post-quantum cryptography has attracted much attention from worldwide cryptologists. A growing number of symmetric cryptography algorithms have been analyzed in the quantum settings. Lai–Massey scheme was analysed by Vaudenay in Asiacrypt’99, based on the IDEA block cipher, and widely used in the design of symmetric cryptographic algorithms. In this work, we study the security on the Lai–Massey scheme in the quantum setting, and give a general technique to simulate the XOR of left and right parts of outputs of quantum oracles without destroying quantum entanglements. We show that the 3-round and 4-round Lai–Massey scheme are insecure, which can be distinguished from a random permutation in polynomial time in the quantum chosen-plaintext (qCPA) setting and quantum chosen ciphertext attack (qCCA) setting based on Simon’s algorithm, respectively. We also introduce quantum key-recovery attacks on the Lai–Massey scheme by applying the combination of Simon’s and Grover’s algorithms. For r-round Lai-Massey scheme, the key-recovery query complexity are \(O({2^{(r - 3)k/2}})\) and \(O({2^{(r - 4)k/2}})\) in the qCPA and qCCA setting respectively, where k is the bit length of a round sub-key. The query complexities are better than the quantum brute force search by factors \({2^{3k/2}}\) and \({2^{2k}}\) respectively.

previous article More results on large sets of Kirkman triple systems

next article Two faces of blindness

Bhaumik R., Bonnetain X., Chailloux A., et al.: QCB: efficient quantum-secure authenticated encryption. In: Tibouchi M., Wang H. (eds.) ASIACRYPT 2021, pp. 668–698. Springer, Cham (2021).CrossRef

Cid C., Hosoyamada A., Liu Y., et al.: Quantum cryptanalysis on contracting Feistel structures and observation on related-key settings. In: Cid C., Hosoyamada A., Liu Y., et al. (eds.) INDOCRYPT 2020, pp. 373–394. Bangalore, International Association for Cryptologic Research (2020).CrossRef

Cui T., Wang M., Fan Y., et al.: Ballet: a software-friendly block cipher. J. Cryptol. Res. 6(6), 704–712 (2019).

Dong X., Wang X.: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61, 1–7 (2018).CrossRef

Dong X., Li Z., Wang X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 180–191 (2019).MathSciNetCrossRef

Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).MathSciNetCrossRefMATH

Grover L.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22–24, 1996, pp. 212-219 (1996)

Hodžić S., Ramkilde L., Kidmose A.: On quantum distinguishers for type-3 generalized Feistel network based on separability. In: Ding J., Tillich J.-P. (eds.) PQCrypto 2020, pp. 461–480. Springer, Cham (2020).

Hosoyamada A., Sasaki Y.: Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: Catalano D., De Prisco R. (eds.) SCN 2018, pp. 386–403. Springer, Cham (2018).

10.

Ito G., Hosoyamada A., Matsumoto R., et al.: Quantum chosen ciphertext attacks against Feistel ciphers. In: Matsui M. (ed.) CT-RSA 2019, pp. 391–411. Springer, Cham (2019).

11.

Junod P., Vaudenay S.: FOX: a new family of block ciphers. In: Selected Areas in Cryptography-SAC’2004. LNCS, vol. 3357, pp. 114–129. Springer, Berlin (2004).

12.

Kaplan M., Leurent G., Leverrier A., et al.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, pp. 207–237. Springer, Heidelberg (2016).CrossRef

13.

Kilian J., Rogaway P.: How to protect DES against exhaustive key search. In: Koblitz N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996).

14.

Kilian J., Rogaway P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17–35 (2001).MathSciNetCrossRefMATH

15.

Kuwakado H., Morii M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, June 13–18, 2010, Austin, Texas, USA, Proceedings, pp. 2682–2685 (2010)

16.

Kuwakado H., Morii M.: Security on the quantum-type Even-Mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31, 2012, pp. 312–316 (2012)

17.

Lai X., Massey J.: Markov ciphers and differential cryptanalysis. In: Davies D.W. (ed.) Advances in Cryptology-EUROCRYPT’91 (Brighton, UK). LNCS, vol. 547, pp. 17–38. Springer, Berlin (1991).

18.

Lai X., Massey J.: Hash functions based on block ciphers. In: Rueppel R.A. (ed.) Advances in Cryptography-Eurocrypt’92. LNCS, vol. 658, pp. 55–70. Springer, Berlin (1992).

19.

Leander G., May A.: Grover meets Simon—quantumly attacking the FX construction. In: Takagi T., Peyrin T. (eds.) ASIACRYPT 2017, pp. 161–178. Springer, Cham (2017).CrossRef

20.

Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).MathSciNetCrossRefMATH

21.

Luo Y., Lai X., Gong Z., et al.: Pseudorandomness Analysis of the Lai–Massey Scheme. https://eprint.iacr.org/2009/266.pdf (2009)

22.

Luo Y., Yan H., Wang L., et al.: Study on block cipher structures against Simon’s quantum algorithm. J. Cryptol. Res. 6(5), 561–573 (2019).

23.

Mediacrypt. http://www.mediacrypt.com/

24.

Ni B., Ito G., Dong X., et al.: Quantum attacks against type-1 generalized Feistel ciphers and applications to CAST-256. In: Hao F., Ruj S., Sen Gupta S. (eds.) INDOCRYPT 2019, pp. 433–455. Springer, Cham (2019).CrossRef

25.

Simon D.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997).MathSciNetCrossRefMATH

26.

Vaudenay S.: On the Lai–Massey scheme. In: Advances in Cryptology-ASIACRYPT’99. LNCS, vol. 1716, pp. 8–19. Springer, Berlin (1999).CrossRef

Title: Post-quantum security on the Lai–Massey scheme
Authors: Zhongya Zhang
Wenling Wu
Han Sui
Bolin Wang
Publication date: 29-04-2023
Publisher: Springer US
Published in: Designs, Codes and Cryptography / Issue 8/2023
Print ISSN: 0925-1022
Electronic ISSN: 1573-7586
DOI: https://doi.org/10.1007/s10623-023-01225-5

Springer Professional

Post-quantum security on the Lai–Massey scheme

Abstract

Premium Partner

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 8/2023

Two faces of blindness

Differential spectrum of a class of APN power functions

More results on large sets of Kirkman triple systems

Block-transitive 3-(v, k, 1) designs associated with alternating groups

Optimal and extremal graphical designs on regular graphs associated with classical parameters

Improving the minimum distance bound of Trace Goppa codes

Premium Partner