Skip to main content
SpringerLink
Log in
Book cover

International Conference on Post-Quantum Cryptography

PQCrypto 2018: Post-Quantum Cryptography pp 467–486Cite as

Quantum Collision-Finding in Non-uniform Random Functions

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10786))

Abstract

We study quantum attacks on finding a collision in a non-uniform random function whose outputs are drawn according to a distribution of min-entropy k. This can be viewed as showing generic security of hash functions under relaxed assumptions in contrast to the standard heuristic of assuming uniformly random outputs. It is useful in analyzing quantum security of the Fujisaki-Okamoto transformation [31]. In particular, our results close a gap left open in [30].

Specifically, let D be a distribution of min-entropy k on a set Y. Let \(f:X\rightarrow Y\) be a function whose output f(x) is drawn according to D for each \(x\in X\) independently. We show that \(\varOmega (2^{k/3})\) quantum queries are necessary to find a collision in f, improving the previous bound \(\varOmega (2^{k/9})\) [30]. In fact we show a stronger lower bound \(2^{k/2}\) in some special case. For most cases, we also describe explicit quantum algorithms matching the corresponding lower bounds.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The probability \(P_\mathcal{{A}}\) reflects the randomness of oracle’s responses and of \(\mathcal {A}\).

  2. 2.

    A redistribution function formally is also provided the query x that is associated with the sample from the first distribution, which is (in Algorithm 1) the response from an oracle whose output is distributed according to the first distribution. This is necessary in cases where the second distribution has a larger support than the first, since the image of the redistribution function cannot be larger than the domain. It can safely be ignored otherwise (as in the construction for \(r_1\)).

References

  1. Password hashing competition (2012). https://password-hashing.net/

  2. National Institute of Standards and Technology. SHA-3 standard: permutation-based hash and extendable-output functions (2014). http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf

  3. IBM Q quantum experience (2017). https://www.research.ibm.com/ibm-q/

  4. National Institute of Standards and Technology. FIPS 180–1: secure hash standard, April 1995

    Google Scholar 

  5. People of ACM - John Martinis, 16 May 2017. https://www.acm.org/articles/people-of-acm/2017/john-martinis

  6. Aaronson, S., Shi, Y.: Quantum lower bounds for the collision and the element distinctness problems. J. ACM (JACM) 51(4), 595–605 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  7. Ambainis, A.: Polynomial degree and lower bounds in quantum complexity: collision and element distinctness with small range. Theory Comput. 1(3), 37–46 (2005). http://www.theoryofcomputing.org/articles/v001a003

    Article  MathSciNet  MATH  Google Scholar 

  8. Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37(1), 210–239 (2007). Preliminary version in FOCS 2004. arXiv:quant-ph/0311001

    Article  MathSciNet  MATH  Google Scholar 

  9. Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems (the hardness of quantum rewinding). In: FOCS 2014, pp. 474–483. IEEE, October 2014. Preprint on IACR ePrint 2014/296

    Google Scholar 

  10. Amy, M., Di Matteo, O., Gheorghiu, V., Mosca, M., Parent, A., Schanck, J.: Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3. arXiv preprint arXiv:1603.09383 (2016)

  11. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)

    Google Scholar 

  12. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428

    Google Scholar 

  13. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak sponge function family (2007). http://keccak.noekeon.org/

  14. Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3

    Chapter  Google Scholar 

  15. Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. arXiv preprint arXiv:quant-ph/9605034 (1996)

  16. Brassard, G., Hoyer, P., Tapp, A.: Quantum algorithm for the collision problem. arXiv preprint arXiv:quant-ph/9705002 (1997)

  17. Crépeau, C., Salvail, L., Simard, J.-R., Tapp, A.: Two provers in isolation. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 407–430. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_22

    Chapter  Google Scholar 

  18. Czajkowski, J., Bruinderink, L.G., Hülsing, A., Schaffner, C., Unruh, D.: Post-quantum security of the sponge construction. Cryptology ePrint Archive, Report 2017/771 (2017). https://eprint.iacr.org/2017/771

  19. Eaton, E., Song, F.: Making existential-unforgeable signatures strongly unforgeable in the quantum random-oracle model. In: 10th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC 2015. LIPIcs, vol. 44, pp. 147–162. Schloss Dagstuhl (2015)

    Google Scholar 

  20. Ebrahimi, E., Unruh, D.: Quantum collision-resistance of non-uniformly distributed functions: upper and lower bounds. Cryptology ePrint Archive, Report 2017/575 (2017)

    Google Scholar 

  21. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013). Preliminary version in CRYPTO 1999

    Article  MathSciNet  MATH  Google Scholar 

  22. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219. ACM (1996)

    Google Scholar 

  23. Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_23

    Chapter  Google Scholar 

  24. Hülsing, A., Rijneveld, J., Song, F.: Mitigating multi-target attacks in hash-based signatures. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 387–416. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_15

    Chapter  Google Scholar 

  25. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

  26. Rivest, R.L.: RFC 1321: the MD5 message-digest algorithm, April 1992. https://www.ietf.org/rfc/rfc1321.txt

  27. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  28. Song, F.: Early days following Grover’s quantum search algorithm. arXiv preprint arXiv:1709.01236 (2017)

  29. Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. Cryptology ePrint Archive, Report 2017/190 (2017). https://shattered.io/

  30. Targhi, E.E., Tabia, G.N., Unruh, D.: Quantum collision-resistance of non-uniformly distributed functions. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 79–85. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_6

    Chapter  Google Scholar 

  31. Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192–216. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_8

    Chapter  Google Scholar 

  32. Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_18

    Chapter  Google Scholar 

  33. Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009). Preliminary version in STOC 2006

    Article  MathSciNet  MATH  Google Scholar 

  34. Wiener, M.J.: Bounds on birthday attack times. Cryptology ePrint Archive, Report 2005/318 (2005). http://eprint.iacr.org/2005/318

  35. Yuen, H.: A quantum lower bound for distinguishing random functions from random permutations. Quantum Inf. Comput. 14(13–14), 1089–1097 (2014)

    MathSciNet  Google Scholar 

  36. Zhandry, M.: How to construct quantum random functions. In: FOCS 2012, pp. 679–687. IEEE (2012). http://eprint.iacr.org/2012/182

  37. Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15(7 & 8), 557–567 (2015)

    MathSciNet  Google Scholar 

  38. Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. Int. J. Quantum Inf. 13(4) (2015). Early version in Crypto 2012. http://eprint.iacr.org/2012/076

Download references

Author information

Authors and Affiliations

  1. Department of Physics, Portland State University, Portland, USA

    Marko Balogh

  2. Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Canada

    Edward Eaton

  3. Department of Computer Science, Portland State University, Portland, USA

    Fang Song

Authors
  1. Marko Balogh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Edward Eaton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fang Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Marko Balogh , Edward Eaton or Fang Song .

Editor information

Editors and Affiliations

  1. Technische Universiteit Eindhoven, Eindhoven, The Netherlands

    Tanja Lange

  2. Florida Atlantic University, Boca Raton, Florida, USA

    Rainer Steinwandt

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Balogh, M., Eaton, E., Song, F. (2018). Quantum Collision-Finding in Non-uniform Random Functions. In: Lange, T., Steinwandt, R. (eds) Post-Quantum Cryptography. PQCrypto 2018. Lecture Notes in Computer Science(), vol 10786. Springer, Cham. https://doi.org/10.1007/978-3-319-79063-3_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-79063-3_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-79062-6

  • Online ISBN: 978-3-319-79063-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation