Abstract
In 2005, Nandi presented a class of double-block-length compression functions specified as \(h^{\pi }(x):=(h(x),h(\pi (x)))\), where h is assumed to be a random oracle producing an n-bit output and \(\pi \) is a non-cryptographic permutation. He showed that the collision resistance of \(h^{\pi }\) is optimal if \(\pi \) has no fixed point. This manuscript discusses the quantum collision resistance of \(h^{\pi }(x)\). First, it shows that the quantum collision resistance of \(h^{\pi }\) is not always optimal even if \(\pi \) has no fixed point: One can find a colliding pair of inputs for \(h^{\pi }\) with only \(O(2^{n/2})\) queries to h by using the Grover search if \(\pi \) is an involution. Second, this manuscript shows that there really exist cases that the quantum collision resistance of \(h^{\pi }\) is optimal. More precisely, a sufficient condition on \(\pi \) is presented for the optimal quantum collision resistance of \(h^{\pi }\), that is, any collision attack needs \({\varOmega }(2^{2n/3})\) queries to find a colliding pair of inputs. The proof uses the recent technique of Zhandry’s compressed oracle. Finally, this manuscript makes some remarks on double-block-length compression functions using a block cipher.
This work was supported by JSPS KAKENHI Grant Number JP20K21798.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.: TEDT, a leakage-resist AEAD mode for high physical security applications. IACR Trans. Cryptographic Hardware Embedded Syst. 2020(1), 256–320 (2020). https://doi.org/10.13154/tches.v2020.i1.256-320
Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320–335. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_21
Brassard, G., Høyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. SIGACT News 28(2), 14–19 (1997). https://doi.org/10.1145/261342.261346
Chauhan, A.K., Kumar, A., Sanadhya, S.K.: Quantum free-start collision attacks on double block length hashing with round-reduced AES-256. IACR Trans. Symmetric Cryptol. 2021(1), 316–336 (2021). https://doi.org/10.46586/tosc.v2021.i1.316-336
Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_39
Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum collision attacks on AES-like hashing with low quantum random access memories. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 727–757. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_25
FIPS PUB 180–4: Secure hash standard (SHS), August 2015
Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying Grover’s algorithm to AES: quantum resource estimates. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 29–43. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_3
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp. 212–219. ACM (1996). https://doi.org/10.1145/237814.237866
Hirose, S.: Some plausible constructions of double-block-length hash functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 210–225. Springer, Heidelberg (2006). https://doi.org/10.1007/11799313_14
Hosoyamada, A., Sasaki, Y.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 249–279. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_9
ISO/IEC 10118–2: Information technology - security techniques - hash-functions - part 2: Hash-functions using an \(n\)-bit block cipher (2000)
Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: New results on Romulus. NIST Lightweight Cryptography Workshop 2020 (2020). https://csrc.nist.gov/events/2020/lightweight-cryptography-workshop-2020
Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing Grover Oracles for quantum key search on AES and LowMC. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 280–310. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_10
Jonsson, J., Robshaw, M.J.B.: Securing RSA-KEM via the AES. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 29–46. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_4
Liu, Q., Zhandry, M.: On finding quantum multi-collisions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 189–218. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_7
Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced Whirlpool and Grøstl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260–276. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03317-9_16
Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_40
Meyer, C.H., Schilling, M.: Secure program load with manipulation detection code. In: Proceedings of the 6th Worldwide Congress on Computer and Communications Security and Protection (SECURICOM 1988), pp. 111–130 (1988)
Nandi, M.: Towards optimal double-length hash functions. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 77–89. Springer, Heidelberg (2005). https://doi.org/10.1007/11596219_7
Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000)
Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15(7&8), 557–567 (2015). https://doi.org/10.26421/QIC15.7-8-2
Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 239–268. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_9
Acknowledgements
We would like to thank the reviewers for their valuable comments to improve the presentation of this manuscript. One of the reviewers pointed out our misunderstanding about Theorem 1 by Nandi [20].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Hirose, S., Kuwakado, H. (2021). A Note on Quantum Collision Resistance of Double-Block-Length Compression Functions. In: Paterson, M.B. (eds) Cryptography and Coding. IMACC 2021. Lecture Notes in Computer Science(), vol 13129. Springer, Cham. https://doi.org/10.1007/978-3-030-92641-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-92641-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92640-3
Online ISBN: 978-3-030-92641-0
eBook Packages: Computer ScienceComputer Science (R0)