Skip to main content
Springer Nature Link
Log in

On Forging SPHINCS\(^{+}\)-Haraka Signatures on a Fault-Tolerant Quantum Computer

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2021 (LATINCRYPT 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12912))

Abstract

SPHINCS\(^{+}\) is a state-of-the-art hash based signature scheme, the security of which is either based on SHA-256, SHAKE-256 or on the Haraka hash function. In this work, we perform an in-depth analysis of how the hash functions are embedded into SPHINCS\(^{+}\) and how the quantum pre-image resistance impacts the security of the signature scheme. Subsequently, we evaluate the cost of implementing Grover’s quantum search algorithm to find a pre-image that admits a universal forgery.

In particular, we provide quantum implementations of the Haraka and SHAKE-256 hash functions in Q# and consider the efficiency of attacks in the context of fault-tolerant quantum computers. We restrict our findings to SPHINCS\(^{+}\)-128 due to the limited security margin of Haraka. Nevertheless, we present an attack that performs better, to the best of our knowledge, than previously published attacks.

We can forge a SPHINCS\(^{+}\)-128-Haraka signature in about \(1.5 \cdot 2^{90}{}\) surface code cycles and \(2.03 \cdot 10^6{}\) physical qubits, translating to about \(1.55 \cdot 2^{101}{}\) logical-qubit-cycles. For SHAKE-256, the same attack requires \(8.65 \cdot 10^6{}\) qubits and \(1.6 \cdot 2^{84}{}\) cycles resulting in about \(2.65 \cdot 2^{99}{}\) logical-qubit-cycles.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/RobinBerger/Grover-Sphincs.

  2. 2.

    https://github.com/RobinBerger/Grover-Sphincs.

References

  1. Amy, M., Di Matteo, O., Gheorghiu, V., Mosca, M., Parent, A., Schanck, J.: Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 317–337. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_18

    Chapter  Google Scholar 

  2. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccaktools. https://github.com/KeccakTeam/KeccakTools

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011). https://keccak.team/sponge_duplex.html

  4. Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344–371. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_19

    Chapter  Google Scholar 

  5. Boyar, J., Peralta, R.: A small depth-16 circuit for the AES S-Box. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 287–298. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_24

    Chapter  Google Scholar 

  6. Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. Fortschr. Phys. 46(4–5), 493–505 (1998). https://doi.org/10.1002/(SICI)1521-3978(199806)46:4/5h493::AID-PROP493i3.0.CO;2-P

    Article  Google Scholar 

  7. Brassard, G., HØyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol. 1380, pp. 163–169. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054319

    Chapter  Google Scholar 

  8. Bravyi, S., Kitaev, A.: Universal quantum computation with ideal Clifford gates and noisy ancillas. Phys. Rev. A 71, 022316 (2005). https://doi.org/10.1103/PhysRevA.71.022316

    Article  MathSciNet  MATH  Google Scholar 

  9. Castelnovi, L., Martinelli, A., Prest, T.: Grafting trees: a fault attack against the SPHINCS framework. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 165–184. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_8

    Chapter  Google Scholar 

  10. Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 211–240. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_8

    Chapter  Google Scholar 

  11. Dang, Q.H.: Secure hash standard (SHS). National Institute for Standards and Technology (2008). https://doi.org/10.6028/NIST.FIPS.180-4

  12. Fowler, A.G., Devitt, S.J., Jones, C.: Surface code implementation of block code state distillation. Sci. Rep. 3(1) (2013). Article number: 1939. https://doi.org/10.1038/srep01939

  13. Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surface codes: towards practical large-scale quantum computation. Phys. Rev. A 86, 032324 (2012). https://doi.org/10.1103/PhysRevA.86.032324

    Article  Google Scholar 

  14. Gidney, C., Ekerå, M.: How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. Quantum 5, 433 (2021). https://doi.org/10.22331/q-2021-04-15-433

    Article  Google Scholar 

  15. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 212–219. Association for Computing Machinery, New York (1996). https://doi.org/10.1145/237814.237866

  16. Hulsing, A., et al.: SPHINCS+-Submission to the 3rd round of the NIST post-quantum project (2020)

    Google Scholar 

  17. Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing Grover oracles for quantum key search on AES and LowMC. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 280–310. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_10

    Chapter  Google Scholar 

  18. Jaques, S.: Quantum cost models for cryptanalysis of isogenies. Master’s thesis, University of Waterloo (2019). http://hdl.handle.net/10012/14612

  19. Jones, N.C., et al.: Layered architecture for quantum computing. Phys. Rev. X 2, 031007 (2012). https://doi.org/10.1103/PhysRevX.2.031007

    Article  Google Scholar 

  20. Külbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol. 2016(2), 1–29 (2017). https://doi.org/10.13154/tosc.v2016.i2.1-29

    Article  Google Scholar 

  21. National Institute for Standards and Technology: Advanced Encryption Standard (AES) (2001). https://doi.org/10.6028/NIST.FIPS.197

  22. National Institute for Standards and Technology: SHA-3 standard: permutation-based hash and extendable-output functions (2015). https://doi.org/10.6028/NIST.FIPS.202

  23. National Institute for Standards and Technology: Post-quantum cryptography call for proposals (2017). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf

  24. National Institute for Standards and Technology: Post-quantum cryptography round 3 (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  25. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2010)

    Google Scholar 

  26. Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 241–270. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_9

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported by funding of the Helmholtz Association (HGF) through the Competence Center for Applied Security Technology (KASTEL) under project number 46.23.01 and 46.23.02. We thank the reviewers for the useful comments and remarks.

Author information

Authors and Affiliations

  1. KASTEL, Karlsruhe Institute of Technology, Karlsruhe, Germany

    Robin M. Berger & Marcel Tiepelt

Authors
  1. Robin M. Berger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marcel Tiepelt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marcel Tiepelt .

Editor information

Editors and Affiliations

  1. Microsoft Research, Redmond, WA, USA

    Patrick Longa

  2. Universitat Pompeu Fabra, Barcelona, Spain

    Carla Ràfols

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Berger, R.M., Tiepelt, M. (2021). On Forging SPHINCS\(^{+}\)-Haraka Signatures on a Fault-Tolerant Quantum Computer. In: Longa, P., Ràfols, C. (eds) Progress in Cryptology – LATINCRYPT 2021. LATINCRYPT 2021. Lecture Notes in Computer Science(), vol 12912. Springer, Cham. https://doi.org/10.1007/978-3-030-88238-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88238-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88237-2

  • Online ISBN: 978-3-030-88238-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics