Abstract
We examine the IND-qCPA security of the wide-spread block cipher modes of operation CBC, CFB, OFB, CTR, and XTS (i.e., security against quantum adversaries doing queries in superposition). We show that OFB and CTR are secure assuming that the underlying block cipher is a standard secure PRF (a pseudorandom function secure under classical queries). We give counterexamples that show that CBC, CFB, and XTS are not secure under the same assumption. And we give proofs that CBC and CFB mode are secure if we assume a quantum secure PRF (secure under queries in superposition).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
There seem to be no clear predictions as to when quantum computers will be available and strong enough to attack cryptography. But it seems daring to simply assume that they will not be available in the mid-term future, just because we do not have clear predictions.
- 2.
European Union Agency for Network and Information Security. We chose this list as a basis in order to investigate a practically relevant and industrially deployed set of modes of operations.
- 3.
If we want to be able to decrypt, then the block cipher should, of course, be a pseudo-random permutation. But for mere security, PRF is sufficient.
- 4.
Except that the set of adversaries we consider is, of course, that of quantum polynomial-time adversaries, instead of classical polynomial-time adversaries. Note that it is not always the case that a classical security proof goes through unchanged in the quantum case. (A typical example are zero-knowledge proof systems where rewinding is used in the classical proof. Rewinding-based proofs cannot be directly translated to the quantum setting [1, 12, 15]).
- 5.
A similar idea was already used in [17] to show that there is a standard secure PRF that is not quantum secure. However, their construction had a period with respect to \(+\), not to \(\oplus \), which makes it unsuitable for showing the insecurity of CBC mode.
- 6.
Here, k is the key for the block cipher \(\mathsf {BC}\).
- 7.
We can assume without loss of generality that \(\mathcal {A}_{O2H}\) performs exactly \(q_1\), \(q_2\), \(q_3\) queries respectively. If it performs less, we simply add dummy queries.
- 8.
Note that in Fig. 3 we measure all registers, not only the query register. This does not change \(P_{B}^j\) since the additional measurements are performed on registers that are not used further.
References
Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems (the hardness of quantum rewinding). In: FOCS 2014, pp. 474–483. IEEE, October 2014. Preprint on IACR ePrint 2014/296
Anand, M.V., Targhi, E.E., Tabia, G.N., Unruh, D.: Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation. IACR ePrint (2015). Full version of this paper
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, Fairfax, Virginia, USA, 3–5 November, pp. 62–73. ACM (1993)
Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011)
Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 592–608. Springer, Heidelberg (2013)
Boneh, D., Zhandry, M.: Secure signatures and chosen ciphertext security in a quantum computing world (2013). https://eprint.iacr.org/2013/088, The definition of IND-qCPA only appear in this eprint, not in the conference version
Damgård, I., Funder, J., Nielsen, J.B., Salvail, L.: Superposition attacks on cryptographic protocols. In: Padró, C. (ed.) ICITS 2013. LNCS, vol. 8317, pp. 146–165. Springer, Heidelberg (2014)
Targhi, E.E., Unruh, D.: Quantum security of the fujisaki-okamoto transform. Technical report, Institute of Computer Science, University of Tartu (2015)
European Union Agency for Network and Information Security (ENISA). Algorithms, key sizes and parameters report - 2013 recommendations, October 2013. https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
Rogaway, P.: Evaluation of some blockcipher modes of operation. Evaluation carried out for the Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan (2011)
Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)
Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012)
Unruh, D.: Everlasting multi-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 380–397. Springer, Heidelberg (2013)
Unruh, D.: Revocable quantum timed-release encryption. IACR Cryptology ePrint Archive, 2013:606 (2013)
Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009)
Wooding, M.: New proofs for old modes. IACR Cryptology ePrint Archive, 2008:121 (2008)
Zhandry, M.: How to construct quantum random functions. In: 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, NJ, USA, 20–23 October 2012, pp. 679–687. IEEE Computer Society (2012)
Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15(7&8), 557–567 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Anand, M.V., Targhi, E.E., Tabia, G.N., Unruh, D. (2016). Post-Quantum Security of the CBC, CFB, OFB, CTR, and XTS Modes of Operation. In: Takagi, T. (eds) Post-Quantum Cryptography. PQCrypto 2016. Lecture Notes in Computer Science(), vol 9606. Springer, Cham. https://doi.org/10.1007/978-3-319-29360-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-29360-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29359-2
Online ISBN: 978-3-319-29360-8
eBook Packages: Computer ScienceComputer Science (R0)