Skip to main content
Springer Nature Link
Log in

Mind the Bad Norms

Revisiting Compressed Oracle-Based Quantum Indistinguishability Proofs

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15492))

Abstract

In this work, we revisit the Hosoyamada-Iwata (HI) proof for the quantum CPA security of the 4-round Luby-Rackoff construction and identify a gap that appears to undermine the security proof. We emphasize that this is not an attack, and the construction may still achieve the claimed security level. However, this gap raises concerns about the feasibility of establishing a formal security proof for the 4-round Luby-Rackoff construction. In fact, the issue persists even if the number of rounds is increased arbitrarily. On a positive note, we restore the security of the 4-round Luby-Rackoff construction in the non-adaptive setting, achieving security up to \(2^{n/6}\) superposition queries. Furthermore, we establish the quantum CPA security of the 4-round \(\textsf{MistyR} \) and 5-round \(\textsf{MistyL} \) constructions, up to \(2^{n/5}\) and \(2^{n/7}\) superposition queries, respectively, where n denotes the size of the underlying permutation.

The authors would like to thank Akinori Hosoyamada and Tetsu Iwata for their comments on a precursor note that evolved into this paper. Jordan Ethan’s research was conducted within the framework of the French-German Center for Cybersecurity, a collaboration between CISPA and LORIA. Ashwin Jha’s work was supported by the German Research Foundation (DFG) within the framework of the Excellence Strategy of the Federal Government and the States – EXC 2092 CaSa – 39078197.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    the fixed-length permutation /function is keyed, efficiently computable, and indistinguishable from a uniform random permutation/function.

  2. 2.

    Note that, in the quantum setting birthday-bound refers to the cube-root of the output size.

  3. 3.

    An oracle-algorithm with binary output.

  4. 4.

    We are obviously overcounting by considering all possible combinations of queries. In fact, most of these combinations are never queried by the adversary. However, as of now, there is no effective way to find out the query ordering from database entries.

  5. 5.

    This independence only holds corresponding to the badness condition. In a typical execution of \(\textsf{LR}_{r}\), these variables will obviously depend on \(\beta \). However, due to the badness condition and the ignorance of query ordering (see the above point), this dependence is lost.

  6. 6.

    Disjoint from the other functions due to the first bit.

References

  1. A. Ramachandra Rao, P.B.: Linear Algebra. Hindustan Book Agency (2000). https://doi.org/10.1007/978-93-86279-01-9

  2. Bellare, M., Krovetz, T., Rogaway, P.: Luby-rackoff backwards: Increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) Advances in Cryptology - EUROCRYPT ’98, Proceeding. Lecture Notes in Computer Science, vol. 1403, pp. 266–280. Springer (1998). https://doi.org/10.1007/BFB0054132

  3. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) Advances in Cryptology - EUROCRYPT 2006, Proceedings. Lecture Notes in Computer Science, vol. 4004, pp. 409–426. Springer (2006). https://doi.org/10.1007/11761679_25

  4. Bhaumik, R., Bonnetain, X., Chailloux, A., Leurent, G., Naya-Plasencia, M., Schrottenloher, A., Seurin, Y.: QCB: Efficient quantum-secure authenticated encryption. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part I. LNCS, vol. 13090, pp. 668–698. Springer, Heidelberg (Dec 2021). https://doi.org/10.1007/978-3-030-92062-3_23

  5. Bhaumik, R., Cogliati, B., Ethan, J., Jha, A.: On quantum secure compressing pseudorandom functions. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT 2023, Part III. LNCS, vol. 14440, pp. 34–66. Springer, Heidelberg (Dec 2023). https://doi.org/10.1007/978-981-99-8727-6_2

  6. Bhaumik, R., Cogliati, B., Ethan, J., Jha, A.: Mind the bad norms: Revisiting compressed oracle-based quantum indistinguishability proofs. Cryptology ePrint Archive, Report 2024/1478 (2024), https://eprint.iacr.org/2024/1478

  7. Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 592–608. Springer, Heidelberg (May 2013).https://doi.org/10.1007/978-3-642-38348-9_35

  8. Bonnetain, X., Naya-Plasencia, M.: Hidden shift quantum cryptanalysis and implications. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part I. LNCS, vol. 11272, pp. 560–592. Springer, Heidelberg (Dec 2018). https://doi.org/10.1007/978-3-030-03326-2_19

  9. Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: On quantum slide attacks. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 492–519. Springer, Heidelberg (Aug 2019). https://doi.org/10.1007/978-3-030-38471-5_20

  10. Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: Quantum security analysis of AES. IACR Trans. Symm. Cryptol. 2019(2), 55–93 (2019).https://doi.org/10.13154/tosc.v2019.i2.55-93

  11. Bonnetain, X., Schrottenloher, A., Sibleyras, F.: Beyond quadratic speedups in quantum attacks on symmetric schemes. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part III. LNCS, vol. 13277, pp. 315–344. Springer, Heidelberg (May / Jun 2022). https://doi.org/10.1007/978-3-031-07082-2_12

  12. Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 211–240. Springer, Heidelberg (Dec 2017). https://doi.org/10.1007/978-3-319-70697-9_8

  13. Chung, K.M., Fehr, S., Huang, Y.H., Liao, T.N.: On the compressed-oracle technique, and post-quantum security of proofs of sequential work. In: Canteaut, A., Standaert, F.X. (eds.) EUROCRYPT 2021, Part II. LNCS, vol. 12697, pp. 598–629. Springer, Heidelberg (Oct 2021). https://doi.org/10.1007/978-3-030-77886-6_21

  14. Cogliati, B., Dutta, A., Nandi, M., Patarin, J., Saha, A.: Proof of mirror theory for a wide range of \(\xi _{\max }\). In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023, Proceedings, Part IV. Lecture Notes in Computer Science, vol. 14007, pp. 470–501. Springer (2023). https://doi.org/10.1007/978-3-031-30634-1_16

  15. Cogliati, B., Seurin, Y.: EWCDM: An efficient, beyond-birthday secure, nonce-misuse resistant MAC. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 121–149. Springer, Heidelberg (Aug 2016). https://doi.org/10.1007/978-3-662-53018-4_5

  16. Czajkowski, J., Hülsing, A., Schaffner, C.: Quantum indistinguishability of random sponges. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 296–325. Springer, Heidelberg (Aug 2019). https://doi.org/10.1007/978-3-030-26951-7_11

  17. Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the chi-squared method. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 497–523. Springer, Heidelberg (Aug 2017). https://doi.org/10.1007/978-3-319-63697-9_17

  18. Dinur, I.: Tight indistinguishability bounds for the XOR of independent random permutations by fourier analysis. In: Joye, M., Leander, G. (eds.) Advances in Cryptology - EUROCRYPT 2024, Proceedings, Part I. Lecture Notes in Computer Science, vol. 14651, pp. 33–62. Springer (2024). https://doi.org/10.1007/978-3-031-58716-0_2

  19. Gouget, A., Patarin, J., Toulemonde, A.: (Quantum) cryptanalysis of misty schemes. In: Hong, D. (ed.) ICISC 20. LNCS, vol. 12593, pp. 43–57. Springer, Heidelberg (Dec 2020). https://doi.org/10.1007/978-3-030-68890-5_3

  20. Grassi, L., Naya-Plasencia, M., Schrottenloher, A.: Quantum algorithms for the \(k\)-xor problem. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part I. LNCS, vol. 11272, pp. 527–559. Springer, Heidelberg (Dec 2018). https://doi.org/10.1007/978-3-030-03326-2_18

  21. Hall, C., Wagner, D.A., Kelsey, J., Schneier, B.: Building prfs from prps. In: Krawczyk, H. (ed.) Advances in Cryptology - CRYPTO ’98, Proceedings. Lecture Notes in Computer Science, vol. 1462, pp. 370–389. Springer (1998). https://doi.org/10.1007/BFB0055742

  22. Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: Exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (Aug 2016). https://doi.org/10.1007/978-3-662-53018-4_1

  23. Hosoyamada, A., Iwata, T.: 4-round Luby-Rackoff construction is a qPRP. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 145–174. Springer, Heidelberg (Dec 2019). https://doi.org/10.1007/978-3-030-34578-5_6

  24. Hosoyamada, A., Iwata, T.: On tight quantum security of HMAC and NMAC in the quantum random oracle model. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 585–615. Springer, Heidelberg, Virtual Event (Aug 2021).https://doi.org/10.1007/978-3-030-84242-0_21

  25. Hosoyamada, A., Iwata, T.: Provably quantum-secure tweakable block ciphers. IACR Trans. Symm. Cryptol. 2021(1), 337–377 (2021). https://doi.org/10.46586/tosc.v2021.i1.337-377

  26. Hosoyamada, A., Sasaki, Y., Xagawa, K.: Quantum multicollision-finding algorithm. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 179–210. Springer, Heidelberg (Dec 2017). https://doi.org/10.1007/978-3-319-70697-9_7

  27. Hosoyamada, A., Yasuda, K.: Building quantum-one-way functions from block ciphers: Davies-Meyer and Merkle-Damgård constructions. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part I. LNCS, vol. 11272, pp. 275–304. Springer, Heidelberg (Dec 2018). https://doi.org/10.1007/978-3-030-03326-2_10

  28. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 207–237. Springer, Heidelberg (Aug 2016).https://doi.org/10.1007/978-3-662-53008-5_8

  29. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symm. Cryptol. 2016(1), 71–94 (2016).https://doi.org/10.13154/tosc.v2016.i1.71-94, https://tosc.iacr.org/index.php/ToSC/article/view/536

  30. Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, Proceedings. pp. 2682–2685. IEEE (2010). https://doi.org/10.1109/ISIT.2010.5513654

  31. Kuwakado, H., Morii, M.: Security on the quantum-type even-mansour cipher. In: International Symposium on Information Theory and its Applications, ISITA 2012, Proceedings. pp. 312–316. IEEE (2012), https://ieeexplore.ieee.org/document/6400943/

  32. Lai, X.: On the Design and Security of Block Ciphers. Ph.D. thesis, ETH Zürich (1992)

    Google Scholar 

  33. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988). https://doi.org/10.1137/0217022

  34. Mao, S., Zhang, Z., Hu, L., Li, L., Wang, P.: Quantum security of tnt. Cryptology ePrint Archive, Paper 2023/1280 (2023), https://eprint.iacr.org/2023/1280, https://eprint.iacr.org/2023/1280

  35. Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y. (ed.) CRYPTO’94. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (Aug 1994). https://doi.org/10.1007/3-540-48658-5_1

  36. Mennink, B., Neves, S.: Encrypted Davies-Meyer and its dual: Towards optimal security using mirror theory. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 556–583. Springer, Heidelberg (Aug 2017).https://doi.org/10.1007/978-3-319-63697-9_19

  37. Nachef, V., Patarin, J., Treger, J.: Generic attacks on misty schemes. In: Abdalla, M., Barreto, P.S.L.M. (eds.) Progress in Cryptology - LATINCRYPT 2010, Proceedings. Lecture Notes in Computer Science, vol. 6212, pp. 222–240. Springer (2010).https://doi.org/10.1007/978-3-642-14712-8_14

  38. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information (10th Anniversary edition). Cambridge University Press (2010)

    Google Scholar 

  39. Patarin, J.: Security of random feistel schemes with 5 or more rounds. In: Franklin, M.K. (ed.) Advances in Cryptology - CRYPTO 2004, Proceedings. Lecture Notes in Computer Science, vol. 3152, pp. 106–122. Springer (2004). https://doi.org/10.1007/978-3-540-28628-8_7

  40. Patarin, J.: The "coefficients h" technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) Selected Areas in Cryptography - SAC 2008, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5381, pp. 328–345. Springer (2008). https://doi.org/10.1007/978-3-642-04159-4_21

  41. Patarin, J.: A proof of security in o(2n) for the xor of two random permutations. In: Safavi-Naini, R. (ed.) Information Theoretic Security - ICITS 2008, Proceedings. Lecture Notes in Computer Science, vol. 5155, pp. 232–248. Springer (2008). https://doi.org/10.1007/978-3-540-85093-9_22

  42. Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (Aug 2001). https://doi.org/10.1007/3-540-44647-8_15

  43. Song, F., Yun, A.: Quantum security of NMAC and related constructions - PRF domain extension against quantum attacks. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 283–309. Springer, Heidelberg (Aug 2017).https://doi.org/10.1007/978-3-319-63715-0_10

  44. Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 239–268. Springer, Heidelberg (Aug 2019). https://doi.org/10.1007/978-3-030-26951-7_9

Download references

Author information

Authors and Affiliations

  1. TII, Abu Dhabi, UAE

    Ritam Bhaumik

  2. Thales DIS France SAS, Meudon, France

    Benoît Cogliati

  3. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Jordan Ethan

  4. Ruhr-Universität Bochum, Bochum, Germany

    Ashwin Jha

Authors
  1. Ritam Bhaumik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benoît Cogliati
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jordan Ethan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ashwin Jha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ritam Bhaumik .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bhaumik, R., Cogliati, B., Ethan, J., Jha, A. (2025). Mind the Bad Norms. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15492. Springer, Singapore. https://doi.org/10.1007/978-981-96-0947-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0947-5_8

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0946-8

  • Online ISBN: 978-981-96-0947-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics