Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Designs, Codes and Cryptography
Erschienen in: Designs, Codes and Cryptography 1/2024

10.10.2023

Quantum time/memory/data tradeoff attacks

verfasst von: Orr Dunkelman, Nathan Keller, Eyal Ronen, Adi Shamir

Erschienen in: Designs, Codes and Cryptography | Ausgabe 1/2024

Einloggen, um Zugang zu erhalten

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

One of the most celebrated and useful cryptanalytic algorithms is Hellman’s time/memory tradeoff (and its Rainbow Table variant), which can be used to invert random-looking functions with domains of size N with time and space complexities satisfying \(TM^2=N^2\). In this paper we develop new upper bounds on their performance in the quantum setting. As a search problem, one can always apply to it the standard Grover’s algorithm, but this algorithm does not benefit from the possible availability of a large memory in which one can store auxiliary advice obtained during a free preprocessing stage. In fact, at FOCS’20 it was rigorously shown that for memory size bounded by \(M \le O(\sqrt{N})\), even quantum advice cannot yield an attack which is better than Grover’s algorithm.Our main result complements this lower bound by showing that in the standard Quantum Accessible Classical Memory (QACM) model of computation, we can improve Hellman’s tradeoff curve to \(T^{4/3}M^2=N^2\). When we generalize the cryptanalytic problem to a time/memory/data tradeoff attack (in which one has to invert f for at least one of D given values), we get the generalized curve \(T^{4/3}M^2D^2=N^2\). A typical point on this curve is \(D=N^{0.2}\), \(M=N^{0.6}\), and \(T=N^{0.3}\), whose time is strictly lower than both Grover’s algorithm (which requires \(T=N^{0.4}\) in this generalized search variant) and the classical Hellman algorithm (which requires \(T=N^{0.4}\) for these D and M).
Vorheriger Artikel Minimal and optimal binary codes obtained using -construction over the non-unital ring I
Nächster Artikel Towards a Gröbner-free approach to coding
Fußnoten
1
Throughout the paper we disregard logarithmic factors.
 
2
The probability of a chain of length 8t in a random function to not contain a distinguished point, when a random point is a distinguished point with probability 1/t is \((1-1/t)^{8t} \approx 1/e^8\). Obviously, picking a larger limit decreases this failure rate.
 
3
When using distinguished points, the value of \(y_i\) is the first distinguished point encountered in the iterative application of \(f(\cdot )\).
 
4
In some cases related to stream ciphers, this process is repeated only for a single \(y_i\) [15].
 
5
Reducing the size of a Hellman table below m rows, for \(m=N/t^2\) offers sub-optimal attack.
 
6
While a straightforward application of Grover’s algorithm would not succeed in collecting all k solutions in k calls to the algorithm (due to the coupon collector’s problem), one can change the search space to exclude “known” results.
 
7
We note that one could alter the function \(H(\cdot )\) so its value is 0 if the input is one of the previously identified solutions. This idea increases the complexity of the implementation of the function \(H(\cdot )\) for each new solution, and thus is less favorable the ideas mentioned above.
 
8
In practice, this is equivalent to constant time implementation of a conditional move operation. This can be implemented in a circuit using only logical gates without temporary variables.
 
9
As described in Sect. 4.2, this can be implemented in a circuit using only logical gates without a temporary variables.
 
Literatur
1.
2.
Banegas G., Bernstein D.J.: Low-communication parallel quantum multi-target preimage search. In: Adams C., Camenisch J. (eds.) Selected Areas in Cryptography—SAC 2017—24th International Conference, Ottawa, ON, Canada, August 16–18, 2017, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10719, pp. 325–335. Springer, New York (2017).
3.
Barkan E.: Cryptanalysis of ciphers and protocols. PhD thesis, Technion, Israel (2006).
4.
Barkan E., Biham E., Shamir A.: Rigorous bounds on cryptanalytic time/memory tradeoffs. In: Dwork C. (ed.) Advances in Cryptology—CRYPTO 2006, 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20–24, 2006, Proceedings. Lecture Notes in Computer Science, vol. 4117, pp. 1–21. Springer, New York (2006).
5.
6.
Bernstein D.J., Jeffery S., Lange T., Meurer A.: Quantum algorithms for the subset-sum problem. In: Gaborit P. (ed.) Post-Quantum Cryptography—5th International Workshop, PQCrypto 2013, Limoges, France, June 4–7, 2013. Proceedings. Lecture Notes in Computer Science, vol. 7932, pp. 16–33. Springer, New York (2013).
7.
Biryukov A., Shamir A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto T. (ed.) Advances in Cryptology—ASIACRYPT 2000, 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, December 3–7, 2000, Proceedings. Lecture Notes in Computer Science, vol. 1976, pp. 1–13. Springer, New York (2000).
8.
Biryukov A., Mukhopadhyay S., Sarkar P.: Improved time-memory trade-offs with multiple data. In: Preneel B., Tavares S.E. (eds.) Selected Areas in Cryptography, 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11–12, 2005, Revised Selected Papers. Lecture Notes in Computer Science, vol. 3897, pp. 110–127. Springer, New York (2005).
9.
Bonnetain X., Chailloux A., Schrottenloher A., Shen Y.: Finding many collisions via reusable quantum walks—application to lattice sieving. In: Hazay C., Stam M. (eds.) Advances in Cryptology—EUROCRYPT 2023—42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23–27, 2023, Proceedings, Part V. Lecture Notes in Computer Science, vol. 14008, pp. 221–251. Springer, New York (2023).
10.
Boyer M., Brassard G., Høyer P., Tapp A.: Tight bounds on quantum searching. Fortschr. Phys. 46(4–5), 493–505 (1998).CrossRef
11.
Brassard G., Høyer P., Tapp A.: Quantum cryptanalysis of hash and claw-free functions. In: LATIN. Lecture Notes in Computer Science, vol. 1380, pp. 163–169. Springer, New York (1998).
12.
Chailloux A., Naya-Plasencia M., Schrottenloher A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi T., Peyrin T. (eds.) Advances in Cryptology—ASIACRYPT 2017—23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3–7, 2017, Proceedings, Part II. Lecture Notes in Computer Science, vol. 10625, pp. 211–240. Springer, New York (2017).
13.
Chung K., Liao T., Qian L.: Lower bounds for function inversion with quantum advice. In: Kalai Y.T., Smith A.D., Wichs, D. (eds.) 1st Conference on Information-Theoretic Cryptography, ITC 2020, June 17–19, 2020, Boston, MA, USA. LIPIcs, vol. 163, pp. 8–1815. Schloss Dagstuhl—Leibniz-Zentrum für Informatik (2020a).
14.
Chung K., Guo S., Liu Q., Qian L.: Tight quantum time-space tradeoffs for function inversion. In: 61st IEEE Annual Symposium on Foundations of Computer Science, FOCS 2020, Durham, NC, USA, November 16–19, 2020, pp. 673–684 (2020b).
15.
Dunkelman O., Keller N.: Treatment of the initial value in time-memory-data tradeoff attacks on stream ciphers. Inf. Process. Lett. 107(5), 133–137 (2008).MathSciNetCrossRef
16.
Grassi L., Naya-Plasencia M., Schrottenloher A.: Quantum algorithms for the \(k\)-xor problem. In: Peyrin T., Galbraith S.D. (eds.) Advances in Cryptology—ASIACRYPT 2018—24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2–6, 2018, Proceedings, Part I. Lecture Notes in Computer Science, vol. 11272, pp. 527–559. Springer, New York (2018).
17.
Grover L.K.: A fast quantum mechanical algorithm for database search. In: STOC, pp. 212–219. ACM (1996).
18.
19.
Hhan M., Xagawa K., Yamakawa T.: Quantum random oracle model with auxiliary input. In: ASIACRYPT (1). Lecture Notes in Computer Science, vol. 11921, pp. 584–614. Springer, New York (2019).
20.
Kaluderovic N., Kleinjung T., Kostic D.: Improved key recovery on the Legendre PRF. IACR Cryptol. ePrint Arch., 98 (2020).
21.
Kuperberg G.: Another Subexponential-time Quantum Algorithm for the Dihedral Hidden Subgroup Problem. In: Severini S., Brandão F.G.S.L. (eds.) 8th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC 2013, May 21–23, 2013, Guelph, Canada. LIPIcs, vol. 22, pp. 20–34. Schloss Dagstuhl—Leibniz-Zentrum für Informatik (2013).
22.
Naya-Plasencia M., Schrottenloher A.: Optimal Merging in Quantum k-xor and k-xor-sum Algorithms. In: Canteaut A., Ishai Y. (eds.) Advances in Cryptology—EUROCRYPT 2020—39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part II. Lecture Notes in Computer Science, vol. 12106, pp. 311–340. Springer, New York (2020).
23.
Nayebi A., Aaronson S., Belovs A., Trevisan L.: Quantum lower bound for inverting a permutation with advice. Quantum Inf. Comput. 15(11 &12), 901–913 (2015).MathSciNet
24.
Oechslin P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh D. (ed.) Advances in Cryptology—CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 2003, Proceedings. Lecture Notes in Computer Science, vol. 2729, pp. 617–630. Springer, New York (2003).
25.
Yao A.C.: Coherent functions and program checkers (extended abstract). In: Ortiz H. (ed.) Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, May 13–17, 1990, Baltimore, Maryland, USA, pp. 84–94. ACM (1990).
Metadaten
Titel
Quantum time/memory/data tradeoff attacks
verfasst von
Orr Dunkelman
Nathan Keller
Eyal Ronen
Adi Shamir
Publikationsdatum
10.10.2023
Verlag
Springer US
Erschienen in
Designs, Codes and Cryptography / Ausgabe 1/2024
Print ISSN: 0925-1022
Elektronische ISSN: 1573-7586
DOI
https://doi.org/10.1007/s10623-023-01300-x

Weitere Artikel der Ausgabe 1/2024

Designs, Codes and Cryptography 1/2024 Zur Ausgabe

OriginalPaper

Parameters of several families of binary duadic codes and their related codes

OriginalPaper

Uniqueness of an association scheme related to the Witt design on 11 points

OriginalPaper

Minimal and optimal binary codes obtained using -construction over the non-unital ring I

OriginalPaper

The properties and the error-correcting pair for lengthened GRS codes

OriginalPaper

Nonsingular hypercubes and nonintersecting hyperboloids

OriginalPaper

Generic constructions of master-key KDM secure attribute-based encryption

Premium Partner

    Bildnachweise