Skip to main content
SpringerLink
Log in

Quantum Speed-Up for Multidimensional (Zero Correlation) Linear Distinguishers

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2023 (ASIACRYPT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14440))

  • 319 Accesses

Abstract

This paper shows how to achieve a quantum speed-up for multidimensional (zero correlation) linear distinguishers. A previous work by Kaplan et al. has already shown a quantum quadratic speed-up for one-dimensional linear distinguishers. However, classical linear cryptanalysis often exploits multidimensional approximations to achieve more efficient attacks, and in fact it is highly non-trivial whether Kaplan et al.’s technique can be extended into the multidimensional case. To remedy this, we investigate a new quantum technique to speed-up multidimensional linear distinguishers. Firstly, we observe that there is a close relationship between the subroutine of Simon’s algorithm and linear correlations via Fourier transform. Specifically, a slightly modified version of Simon’s subroutine, which we call Correlation Extraction Algorithm (CEA), can be used to speed-up multidimensional linear distinguishers. CEA also leads to a speed-up for multidimensional zero correlation distinguishers, as well as some integral distinguishers through the correspondence of zero correlation and integral properties shown by Bogdanov et al. and Sun et al. Furthermore, we observe possibility of a more than quadratic speed-ups for some special types of integral distinguishers when multiple integral properties exist. Especially, we show a single-query distinguisher on a 4-bit cell SPN cipher with the same integral property as 2.5-round AES. Our attacks are the first to observe such a speed-up for classical cryptanalytic techniques without relying on hidden periods or shifts. By replacing the Hadamard transform in CEA with the general quantum Fourier transform, our technique also speeds-up generalized linear distinguishers on an arbitrary finite abelian group.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that attacks that gather encrypted data now and execute quantum algorithms later (after the realization of a large-scale quantum computer) are also in Q1.

  2. 2.

    When attack targets are primitives without secret keys, e.g. hash functions, it is reasonable to assume attackers can compute all functions in quantum superposition. Namely, attacks are always Q2, or there is no distinction between Q1 and Q2.

  3. 3.

    The reason of this is as follows: Consider attacks on a k-bit-key block cipher. Assume that, in the classical setting, we know a valid dedicated attack (i.e., an attack faster than \(2^k\)) on r rounds of the cipher, but know only an invalid attack (i.e., attack requiring time more than \(2^k\)) for \((r+1)\)-rounds. Especially, r rounds of the cipher are classically broken but \((r+1)\) rounds are not. Let \(T_c\) be the classical complexity of the invalid \((r+1)\)-round attack. Since this attack is classically invalid, \(T_c > 2^k\) holds. Suppose we achieve some quantum speed-up for the \((r+1)\)-round attack and the resulting complexity is \(T_q\). Then, since the generic complexity of key-recovery is \(\sqrt{2^k}\) in the quantum setting (by the Grover search), the attack after quantum speed-up is valid (i.e., \(T_q < \sqrt{2^k}\) and \((r+1)\) rounds are broken) only if the speed-up is more-than-quadratic and \(T_q < \sqrt{T_c}\) holds.

  4. 4.

    Bonnetain showed a single query attack on the one-time pad encryption scheme by making quantum registers for messages and ciphertexts disentangled [11], but the attack target and technique are quite different from ours.

  5. 5.

    A typical example is that \(D_1\) corresponds to the quantum encryption oracle \(U_{E_K}\) of a block cipher \(E_K\) while \(D_2\) to the oracle \(U_P\) of a random permutation P (choosing K or P randomly corresponds to sampling according to \(D_1\) or \(D_2\)).

  6. 6.

    If U is the quantum oracle \(U_f\) of a function f, then \(U^*_f = U_f\) holds. Especially, an access to \(U=U_f\) automatically means an access to \(U^*\).

  7. 7.

    In fact this is the \(\chi ^2\)-divergence between p and the uniform distribution over \({\mathbb {F}}^\ell _2\). We use the term capacity following previous works on linear cryptanalysis.

  8. 8.

    The squared correlation and capacity can significantly change depending on keys in general, but they are often estimated by their averages under the assumption that they concentrate around the mean. As the first step of achieving quantum speed-up for multidimensional linear attacks, we also assume this. An in-depth study about the key-dependence of complexity is an important future work.

  9. 9.

    “emb” is an abbreviation of “embedding”.

  10. 10.

    The three distinguishers might be unified into a single one by restricting inputs and outputs appropriately. Still we focus on these cases because the three distinguishers are enough for the examples of interest shown later, and to avoid unnecessarily complex analysis.

  11. 11.

    Let M be an arbitrary full-rank \(n \times n\) matrix over \({\mathbb {F}}_2\) satisfying \(M^T\textbf{e}_i = \beta _i\). Then we have \( \beta _i \cdot E_K(x) = (M^T \textbf{e}_i) \cdot E_K(x) = \textbf{e}_i \cdot M(E_K(x)) \), and thus distinguishing \(E_K\) by using output mask \(\beta _i\) is equivalent to distinguishing \(M \circ E_K\) by using output mask \(\textbf{e}_i\). Since \(E_K\) can be distinguished from a random permutation P iff \(M \circ E_K\) can be distinguished, we can assume them without loss of generality.

  12. 12.

    The reasoning is almost the same as before.

  13. 13.

    See Section F of the full version [36] on how to efficiently compute F on a quantum circuit..

  14. 14.

    \(\mathcal A_1\) is also applicable here but performs worse than \(\mathcal A_2\).

  15. 15.

    See the original paper [6] on details of linear approximations. What is significant here is only the dimensions of the approximations and the sum of the squared correlations.

  16. 16.

    Bogdanov and Wang showed a similar result assuming that many statistically independent linear approximations exist [10], but the assumption often does not hold.

  17. 17.

    Recall that we use the same notations as those for \(\mathcal A_2\) and \(\mathcal A_3\). See p.16 for details.

  18. 18.

    Note that \(2^n \cdot \sum _{(\alpha ,\beta ) \in V - \{\textbf{0}\}} \textrm{Cor}(P;\alpha ,\beta )^2\) in Claim 1 is equal to \(2^n \cdot \textrm{Cap}(p^P_S)\).

  19. 19.

    k must be even for Type-II structures.

  20. 20.

    This equivalence was first shown by [8] and later refined by [56]. [56] proves the equivalence only in the special case \(\dim (V_2)=1\) but it immediately implies the equivalence for \(\dim (V_2)>1\).

References

  1. Ankele, R., Dobraunig, C., Guo, J., Lambooij, E., Leander, G., Todo, Y.: Zero-correlation attacks on tweakable block ciphers with linear tweakey expansion. IACR Trans. Symmetric Cryptol. 2019(1), 192–235 (2019)

    Article  Google Scholar 

  2. Ashur, T., Khan, M., Nyberg, K.: Structural and statistical analysis of multidimensional linear approximations of random functions and permutations. IEEE Trans. Inf. Theory 68(2), 1296–1315 (2022)

    Article  MathSciNet  Google Scholar 

  3. Baignères, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 432–450. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30539-2_31

    Chapter  Google Scholar 

  4. Baignères, T., Stern, J., Vaudenay, S.: Linear cryptanalysis of non binary ciphers. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 184–211. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_13

    Chapter  Google Scholar 

  5. Bernstein, E., Vazirani, U.V.: Quantum complexity theory. SIAM J. Comput. 26(5), 1411–1473 (1997)

    Article  MathSciNet  Google Scholar 

  6. Beyne, T.: Linear cryptanalysis of FF3-1 and FEA. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 41–69. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_3

    Chapter  Google Scholar 

  7. Biryukov, A., De Cannière, C., Quisquater, M.: On multiple linear approximations. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 1–22. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_1

    Chapter  Google Scholar 

  8. Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and multidimensional linear distinguishers with correlation zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_16

    Chapter  Google Scholar 

  9. Bogdanov, A., Rijmen, V.: Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr. 70(3), 369–383 (2014)

    Article  MathSciNet  Google Scholar 

  10. Bogdanov, A., Wang, M.: Zero correlation linear cryptanalysis with reduced data complexity. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 29–48. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34047-5_3

    Chapter  Google Scholar 

  11. Bonnetain, X.: Hidden structures and quantum cryptanalysis. Ph.D. thesis (2019)

    Google Scholar 

  12. Bonnetain, X., Hosoyamada, A., Naya-Plasencia, M., Sasaki, Yu., Schrottenloher, A.: Quantum attacks without superposition queries: the offline Simon’s algorithm. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 552–583. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_20

    Chapter  Google Scholar 

  13. Bonnetain, X., Leurent, G., Naya-Plasencia, M., Schrottenloher, A.: Quantum linearization attacks. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part I. LNCS, vol. 13090, pp. 422–452. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92062-3_15

    Chapter  Google Scholar 

  14. Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: On quantum slide attacks. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 492–519. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38471-5_20

    Chapter  Google Scholar 

  15. Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: Quantum security analysis of AES. IACR Trans. Symmetric Cryptol. 2019(2), 55–93 (2019)

    Article  Google Scholar 

  16. Bonnetain, X., Schrottenloher, A., Sibleyras, F.: Beyond quadratic speedups in quantum attacks on symmetric schemes. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part III. LNCS, vol. 13277, pp. 315–344. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_12

    Chapter  Google Scholar 

  17. Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. Fortschritte der Physik: Progress Phys. 46(4–5), 493–505 (1998)

    Article  Google Scholar 

  18. Brassard, G., Hoyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Contemp. Math. 305, 53–74 (2002)

    Article  MathSciNet  Google Scholar 

  19. Brassard, G., HØyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol. 1380, pp. 163–169. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054319

    Chapter  Google Scholar 

  20. Canale, F., Leander, G., Stennes, L.: Simon’s algorithm and symmetric crypto: generalizations and automatized applications (2022)

    Google Scholar 

  21. Cho, J.Y.: Linear cryptanalysis of reduced-round PRESENT. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 302–317. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_21

    Chapter  Google Scholar 

  22. Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the time complexity of Matsui’s linear cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76788-6_7

    Chapter  Google Scholar 

  23. Daemen, J., Govaerts, R., Vandewalle, J.: Correlation matrices. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 275–285. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_21

    Chapter  Google Scholar 

  24. Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052343

    Chapter  Google Scholar 

  25. Daemen, J., Rijmen, V.: AES proposal: Rijndael (1999)

    Google Scholar 

  26. Daemen, J., Rijmen, V.: Probability distributions of correlation and differentials in block ciphers. J. Math. Cryptol. 1(3), 221–242 (2007)

    Article  MathSciNet  Google Scholar 

  27. Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 22501:1–22501:12 (2019)

    Google Scholar 

  28. Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum collision attacks on AES-like hashing with low quantum random access memories. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part II. LNCS, vol. 12492, pp. 727–757. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_25

    Chapter  Google Scholar 

  29. Flórez-Gutiérrez, A., Naya-Plasencia, M.: Improving key-recovery in linear attacks: application to 28-round PRESENT. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 221–249. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_9

    Chapter  Google Scholar 

  30. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: ACM STOC 1996, pp. 212–219. ACM (1996)

    Google Scholar 

  31. Guo, J., Liu, G., Song, L., Tu, Y.: Exploring SAT for cryptanalysis: (quantum) collision attacks against 6-round SHA-3. To appear at ASIACRYPT 2022

    Google Scholar 

  32. Hermelin, M., Cho, J.Y., Nyberg, K.: Multidimensional linear cryptanalysis of reduced round Serpent. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 203–215. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70500-0_15

    Chapter  Google Scholar 

  33. Hermelin, M., Cho, J.Y., Nyberg, K.: Multidimensional extension of matsui’s algorithm 2. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 209–227. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03317-9_13

    Chapter  Google Scholar 

  34. Hermelin, M., Cho, J.Y., Nyberg, K.: Multidimensional linear cryptanalysis. J. Cryptol. 32(1), 1–34 (2019)

    Article  MathSciNet  Google Scholar 

  35. Hermelin, M., Nyberg, K.: Multidimensional linear distinguishing attacks and boolean functions. In: Fourth International Workshop on Boolean Functions: Cryptography and Applications (2008)

    Google Scholar 

  36. Hosoyamada, A.: Quantum speed-up for multidimensional (zero correlation) linear and integral distinguishers. IACR Cryptology ePrint Archive 2022/1558 (2022)

    Google Scholar 

  37. Hosoyamada, A., Sasaki, Yu.: Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 198–218. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76953-0_11

    Chapter  Google Scholar 

  38. Hosoyamada, A., Sasaki, Yu.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 249–279. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_9

    Chapter  Google Scholar 

  39. Hosoyamada, A., Sasaki, Yu.: Quantum collision attacks on reduced SHA-256 and SHA-512. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 616–646. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_22

    Chapter  Google Scholar 

  40. Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Yu., Iwata, T.: Quantum chosen-ciphertext attacks against Feistel ciphers. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 391–411. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_20

    Chapter  Google Scholar 

  41. Kaliski, B.S., Robshaw, M.J.B.: Linear cryptanalysis using multiple approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_4

    Chapter  Google Scholar 

  42. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 207–237. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_8

    Chapter  Google Scholar 

  43. Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2016(1), 71–94 (2016)

    Article  Google Scholar 

  44. Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_9

    Chapter  Google Scholar 

  45. Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: ISIT 2010, pp. 2682–2685. IEEE (2010)

    Google Scholar 

  46. Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: ISITA 2012, pp. 312–316. IEEE (2012)

    Google Scholar 

  47. Leander, G., May, A.: Grover meets Simon – quantumly attacking the FX-construction. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 161–178. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_6

    Chapter  Google Scholar 

  48. Lee, J.-K., Koo, B., Roh, D., Kim, W.-H., Kwon, D.: Format-preserving encryption algorithms using families of tweakable blockciphers. In: Lee, J., Kim, J. (eds.) ICISC 2014. LNCS, vol. 8949, pp. 132–159. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15943-0_9

    Chapter  Google Scholar 

  49. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_33

    Chapter  Google Scholar 

  50. Murphy, S.: The independence of linear approximations in symmetric cryptanalysis. IEEE Trans. Inf. Theory 52(12), 5510–5518 (2006)

    Article  MathSciNet  Google Scholar 

  51. Ni, B., Ito, G., Dong, X., Iwata, T.: Quantum attacks against type-1 generalized Feistel ciphers and applications to CAST-256. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 433–455. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35423-7_22

    Chapter  Google Scholar 

  52. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information: 10th Anniversary Edition. Cambridge University Press, Cambridge (2010)

    Google Scholar 

  53. Schrottenloher, A.: Quantum linear key-recovery attacks using the QFT. IACR Cryptology ePrint Archive 2023/184 (2023)

    Google Scholar 

  54. Shi, R., Xie, H., Feng, H., Yuan, F., Liu, B.: Quantum zero correlation linear cryptanalysis. Quantum Inf. Process. 21(8), 293 (2022)

    Article  MathSciNet  Google Scholar 

  55. Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)

    Article  MathSciNet  Google Scholar 

  56. Sun, B., Liu, Z., Rijmen, V., Li, R., Cheng, L., Wang, Q., Alkhzaimi, H., Li, C.: Links among impossible differential, integral and zero correlation linear cryptanalysis. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 95–115. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_5

    Chapter  Google Scholar 

  57. Todo, Y., Aoki, K.: Fast Fourier transform key recovery for integral attacks. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 98-A(9), 1944–1952 (2015)

    Google Scholar 

  58. Xiao, G., Massey, J.L.: A spectral characterization of correlation-immune combining functions. IEEE Trans. Inf. Theory 34(3), 569–571 (1988)

    Article  MathSciNet  Google Scholar 

  59. Xie, H., Yang, L.: Using Bernstein-Vazirani algorithm to attack block ciphers. Des. Codes Cryptogr. 87(5), 1161–1182 (2019)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Social Informatics Laboratories, Tokyo, Japan

    Akinori Hosoyamada

Authors
  1. Akinori Hosoyamada
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Akinori Hosoyamada .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Jian Guo

  2. Monash University, Melbourne, VIC, Australia

    Ron Steinfeld

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hosoyamada, A. (2023). Quantum Speed-Up for Multidimensional (Zero Correlation) Linear Distinguishers. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14440. Springer, Singapore. https://doi.org/10.1007/978-981-99-8727-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-8727-6_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-8726-9

  • Online ISBN: 978-981-99-8727-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation