Abstract
We study quantum attacks on finding a collision in a non-uniform random function whose outputs are drawn according to a distribution of min-entropy k. This can be viewed as showing generic security of hash functions under relaxed assumptions in contrast to the standard heuristic of assuming uniformly random outputs. It is useful in analyzing quantum security of the Fujisaki-Okamoto transformation [31]. In particular, our results close a gap left open in [30].
Specifically, let D be a distribution of min-entropy k on a set Y. Let \(f:X\rightarrow Y\) be a function whose output f(x) is drawn according to D for each \(x\in X\) independently. We show that \(\varOmega (2^{k/3})\) quantum queries are necessary to find a collision in f, improving the previous bound \(\varOmega (2^{k/9})\) [30]. In fact we show a stronger lower bound \(2^{k/2}\) in some special case. For most cases, we also describe explicit quantum algorithms matching the corresponding lower bounds.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The probability \(P_\mathcal{{A}}\) reflects the randomness of oracle’s responses and of \(\mathcal {A}\).
- 2.
A redistribution function formally is also provided the query x that is associated with the sample from the first distribution, which is (in Algorithm 1) the response from an oracle whose output is distributed according to the first distribution. This is necessary in cases where the second distribution has a larger support than the first, since the image of the redistribution function cannot be larger than the domain. It can safely be ignored otherwise (as in the construction for \(r_1\)).
References
Password hashing competition (2012). https://password-hashing.net/
National Institute of Standards and Technology. SHA-3 standard: permutation-based hash and extendable-output functions (2014). http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
IBM Q quantum experience (2017). https://www.research.ibm.com/ibm-q/
National Institute of Standards and Technology. FIPS 180–1: secure hash standard, April 1995
People of ACM - John Martinis, 16 May 2017. https://www.acm.org/articles/people-of-acm/2017/john-martinis
Aaronson, S., Shi, Y.: Quantum lower bounds for the collision and the element distinctness problems. J. ACM (JACM) 51(4), 595–605 (2004)
Ambainis, A.: Polynomial degree and lower bounds in quantum complexity: collision and element distinctness with small range. Theory Comput. 1(3), 37–46 (2005). http://www.theoryofcomputing.org/articles/v001a003
Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37(1), 210–239 (2007). Preliminary version in FOCS 2004. arXiv:quant-ph/0311001
Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems (the hardness of quantum rewinding). In: FOCS 2014, pp. 474–483. IEEE, October 2014. Preprint on IACR ePrint 2014/296
Amy, M., Di Matteo, O., Gheorghiu, V., Mosca, M., Parent, A., Schanck, J.: Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3. arXiv preprint arXiv:1603.09383 (2016)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)
Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak sponge function family (2007). http://keccak.noekeon.org/
Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3
Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. arXiv preprint arXiv:quant-ph/9605034 (1996)
Brassard, G., Hoyer, P., Tapp, A.: Quantum algorithm for the collision problem. arXiv preprint arXiv:quant-ph/9705002 (1997)
Crépeau, C., Salvail, L., Simard, J.-R., Tapp, A.: Two provers in isolation. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 407–430. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_22
Czajkowski, J., Bruinderink, L.G., Hülsing, A., Schaffner, C., Unruh, D.: Post-quantum security of the sponge construction. Cryptology ePrint Archive, Report 2017/771 (2017). https://eprint.iacr.org/2017/771
Eaton, E., Song, F.: Making existential-unforgeable signatures strongly unforgeable in the quantum random-oracle model. In: 10th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC 2015. LIPIcs, vol. 44, pp. 147–162. Schloss Dagstuhl (2015)
Ebrahimi, E., Unruh, D.: Quantum collision-resistance of non-uniformly distributed functions: upper and lower bounds. Cryptology ePrint Archive, Report 2017/575 (2017)
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013). Preliminary version in CRYPTO 1999
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219. ACM (1996)
Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_23
Hülsing, A., Rijneveld, J., Song, F.: Mitigating multi-target attacks in hash-based signatures. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 387–416. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_15
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf
Rivest, R.L.: RFC 1321: the MD5 message-digest algorithm, April 1992. https://www.ietf.org/rfc/rfc1321.txt
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Song, F.: Early days following Grover’s quantum search algorithm. arXiv preprint arXiv:1709.01236 (2017)
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. Cryptology ePrint Archive, Report 2017/190 (2017). https://shattered.io/
Targhi, E.E., Tabia, G.N., Unruh, D.: Quantum collision-resistance of non-uniformly distributed functions. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 79–85. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_6
Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192–216. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_8
Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_18
Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009). Preliminary version in STOC 2006
Wiener, M.J.: Bounds on birthday attack times. Cryptology ePrint Archive, Report 2005/318 (2005). http://eprint.iacr.org/2005/318
Yuen, H.: A quantum lower bound for distinguishing random functions from random permutations. Quantum Inf. Comput. 14(13–14), 1089–1097 (2014)
Zhandry, M.: How to construct quantum random functions. In: FOCS 2012, pp. 679–687. IEEE (2012). http://eprint.iacr.org/2012/182
Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15(7 & 8), 557–567 (2015)
Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. Int. J. Quantum Inf. 13(4) (2015). Early version in Crypto 2012. http://eprint.iacr.org/2012/076
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Balogh, M., Eaton, E., Song, F. (2018). Quantum Collision-Finding in Non-uniform Random Functions. In: Lange, T., Steinwandt, R. (eds) Post-Quantum Cryptography. PQCrypto 2018. Lecture Notes in Computer Science(), vol 10786. Springer, Cham. https://doi.org/10.1007/978-3-319-79063-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-79063-3_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-79062-6
Online ISBN: 978-3-319-79063-3
eBook Packages: Computer ScienceComputer Science (R0)