Abstract
Post-quantum cryptography has attracted much attention from worldwide cryptologists. A growing number of symmetric cryptography algorithms have been analyzed in the quantum settings. Lai–Massey scheme was analysed by Vaudenay in Asiacrypt’99, based on the IDEA block cipher, and widely used in the design of symmetric cryptographic algorithms. In this work, we study the security on the Lai–Massey scheme in the quantum setting, and give a general technique to simulate the XOR of left and right parts of outputs of quantum oracles without destroying quantum entanglements. We show that the 3-round and 4-round Lai–Massey scheme are insecure, which can be distinguished from a random permutation in polynomial time in the quantum chosen-plaintext (qCPA) setting and quantum chosen ciphertext attack (qCCA) setting based on Simon’s algorithm, respectively. We also introduce quantum key-recovery attacks on the Lai–Massey scheme by applying the combination of Simon’s and Grover’s algorithms. For r-round Lai-Massey scheme, the key-recovery query complexity are \(O({2^{(r - 3)k/2}})\) and \(O({2^{(r - 4)k/2}})\) in the qCPA and qCCA setting respectively, where k is the bit length of a round sub-key. The query complexities are better than the quantum brute force search by factors \({2^{3k/2}}\) and \({2^{2k}}\) respectively.
Similar content being viewed by others
Data availability
All data generated or analyzed during this study are included in this published article.
References
Bhaumik R., Bonnetain X., Chailloux A., et al.: QCB: efficient quantum-secure authenticated encryption. In: Tibouchi M., Wang H. (eds.) ASIACRYPT 2021, pp. 668–698. Springer, Cham (2021).
Cid C., Hosoyamada A., Liu Y., et al.: Quantum cryptanalysis on contracting Feistel structures and observation on related-key settings. In: Cid C., Hosoyamada A., Liu Y., et al. (eds.) INDOCRYPT 2020, pp. 373–394. Bangalore, International Association for Cryptologic Research (2020).
Cui T., Wang M., Fan Y., et al.: Ballet: a software-friendly block cipher. J. Cryptol. Res. 6(6), 704–712 (2019).
Dong X., Wang X.: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61, 1–7 (2018).
Dong X., Li Z., Wang X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 180–191 (2019).
Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).
Grover L.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22–24, 1996, pp. 212-219 (1996)
Hodžić S., Ramkilde L., Kidmose A.: On quantum distinguishers for type-3 generalized Feistel network based on separability. In: Ding J., Tillich J.-P. (eds.) PQCrypto 2020, pp. 461–480. Springer, Cham (2020).
Hosoyamada A., Sasaki Y.: Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: Catalano D., De Prisco R. (eds.) SCN 2018, pp. 386–403. Springer, Cham (2018).
Ito G., Hosoyamada A., Matsumoto R., et al.: Quantum chosen ciphertext attacks against Feistel ciphers. In: Matsui M. (ed.) CT-RSA 2019, pp. 391–411. Springer, Cham (2019).
Junod P., Vaudenay S.: FOX: a new family of block ciphers. In: Selected Areas in Cryptography-SAC’2004. LNCS, vol. 3357, pp. 114–129. Springer, Berlin (2004).
Kaplan M., Leurent G., Leverrier A., et al.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw M., Katz J. (eds.) CRYPTO 2016, pp. 207–237. Springer, Heidelberg (2016).
Kilian J., Rogaway P.: How to protect DES against exhaustive key search. In: Koblitz N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996).
Kilian J., Rogaway P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17–35 (2001).
Kuwakado H., Morii M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, June 13–18, 2010, Austin, Texas, USA, Proceedings, pp. 2682–2685 (2010)
Kuwakado H., Morii M.: Security on the quantum-type Even-Mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31, 2012, pp. 312–316 (2012)
Lai X., Massey J.: Markov ciphers and differential cryptanalysis. In: Davies D.W. (ed.) Advances in Cryptology-EUROCRYPT’91 (Brighton, UK). LNCS, vol. 547, pp. 17–38. Springer, Berlin (1991).
Lai X., Massey J.: Hash functions based on block ciphers. In: Rueppel R.A. (ed.) Advances in Cryptography-Eurocrypt’92. LNCS, vol. 658, pp. 55–70. Springer, Berlin (1992).
Leander G., May A.: Grover meets Simon—quantumly attacking the FX construction. In: Takagi T., Peyrin T. (eds.) ASIACRYPT 2017, pp. 161–178. Springer, Cham (2017).
Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).
Luo Y., Lai X., Gong Z., et al.: Pseudorandomness Analysis of the Lai–Massey Scheme. https://eprint.iacr.org/2009/266.pdf (2009)
Luo Y., Yan H., Wang L., et al.: Study on block cipher structures against Simon’s quantum algorithm. J. Cryptol. Res. 6(5), 561–573 (2019).
Mediacrypt. http://www.mediacrypt.com/
Ni B., Ito G., Dong X., et al.: Quantum attacks against type-1 generalized Feistel ciphers and applications to CAST-256. In: Hao F., Ruj S., Sen Gupta S. (eds.) INDOCRYPT 2019, pp. 433–455. Springer, Cham (2019).
Simon D.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997).
Vaudenay S.: On the Lai–Massey scheme. In: Advances in Cryptology-ASIACRYPT’99. LNCS, vol. 1716, pp. 8–19. Springer, Berlin (1999).
Acknowledgements
This work was supported by the National Key Research and Development Program of China (2021YFB3100100), the National Natural Science Foundation of China (62072445), and the Key Research and Development and Promotion Special Project of Henan Province (Scientific and Technological Breakthrough) (232102211060).
Author information
Authors and Affiliations
Corresponding authors
Additional information
Communicated by T. Iwata.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Zhang, Z., Wu, W., Sui, H. et al. Post-quantum security on the Lai–Massey scheme. Des. Codes Cryptogr. 91, 2687–2704 (2023). https://doi.org/10.1007/s10623-023-01225-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-023-01225-5