Abstract
The recent developments in the creation of large-scale, commercially feasible quantum computers puts both symmetric and asymmetric encryption at risk. As they assess the security of 5G and beyond, the telecommunication standards groups are now inviting recommendations that take the threat posed by quantum adversaries into account. Rocca is the first cipher designed that complies with 6G specifications. In this paper we analyze the security of Rocca against quantum adversaries. We first construct the quantum circuit of Rocca and estimate the cost of implementing Grover’s algorithm for key recovery. We also compute the cost under the NISTs MAXDEPTH restriction. We then find a differential distinguisher for 5 and 6 rounds in secret key settings and related key settings respectively. In the nonce-respecting settings, we discover that Rocca is susceptible to a quantum forging attack with a complexity of \({\mathcal {O}}(2^{75})\) in the Q2 settings, i.e., if the adversary is given access to quantum superposition queries to the cryptographic oracle. This complexity is considerably less than the complexity of \({\mathcal {O}}(2^{128})\) claimed by the authors. Thus we propose that the number of initialization rounds in Rocca can be reduced without compromising its security and the tag length should be increased to 256-bits.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Data availibility
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
Notes
As described in Remark 2, it is enough to obtain two 256 bit plaintext-ciphertext pairs to obtain the unique key using Grover’s search algorithm. Thus in the estimation of Grover’s search algorithm for the secret key we fix \( |m| =1\).
In differential cryptanalysis, the attacker first chooses a pair of an input difference and an output difference that will be propagated with a high probability. Th propagation of the difference in the attack between the chosen differences is called differential cryptanalysis.
A byte with non-zero difference through the AES SubBytes operation is called an active byte with respect to the difference, or simply an active byte.
The differences in the input values to the cipher E.
The differences in the output values from the cipher E.
References
Almazrooie, M., Samsudin, A., Abdullah, R., Mutter, K.N.: Quantum reversible circuit of AES-128. Quantum Inf. Process. 17(5), 1–30 (2018)
Amy, M., Maslov, D., Mosca, M., Roetteler, M.: A meet-in-the-middle algorithm for fast synthesis of depth-optimal quantum circuits. IEEE Trans. CAD Integr. Circuits Syst. 32(6), 818–830 (2013)
Anand, R., Maitra, A., Mukhopadhyay, S.: Grover on SIMON. Quantum Inf. Process. 19(9), 1–17 (2020)
Anand, R., Maitra, A., Mukhopadhyay, S.: Evaluation of quantum cryptanalysis on speck. In: International Conference on Cryptology in India, pp. 395–413. Springer, Cham (2020)
Anand, R., Maitra, A., Maitra, S., Mukherjee, C.S., Mukhopadhyay, S.: Quantum resource estimation for FSR based symmetric ciphers and related Grover’s attacks. In: International Conference on Cryptology in India, pp. 179–198. Springer, Cham (2021)
Baksi, A., Jang, K., Song, G., Seo, H., Xiang, Z.: Quantum implementation and resource estimates for rectangle and knot. Quantum Inf. Process. 20(12), 1–24 (2021)
Bathe, B., Anand, R., Dutta, S.: Evaluation of Grover’s algorithm toward quantum cryptanalysis on ChaCha. Quantum Inf. Process. 20(12), 1–19 (2021)
Bonnetain, X., Hosoyamada, A., Naya-Plasencia, M., Sasaki, Y., Schrottenloher, A.: Quantum attacks without superposition queries: the offline Simon’s algorithm. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 552–583. Springer, Cham (2019)
Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: Quantum security analysis of AES. IACR Trans. Symmetric Cryptol. 2019(2), 55–93 (2019)
Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. Fortschr. Phys. Progress Phys. 46(4–5), 493–505 (1998)
Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. In: NIST SP 800-38D (2007). https://doi.org/10.6028/NIST.SP.800-38D, https://csrc.nist.gov/publications/detail/sp/800-38d/final
Ekdahl, P., Johansson, T., Maximov, A., Yang, J.: A new SNOW stream cipher called SNOW-V. Cryptology ePrint Archive (2018)
Fettweis, G.P., Boche, H.: On 6G and trustworthiness. Commun. ACM 65(4), 48–49 (2022)
Fowler, A.G.: Time-optimal quantum computation (2012). arXiv preprint arXiv:1210.4626
Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying Grover’s algorithm to AES: quantum resource estimates. In: Post-quantum Cryptography, pp. 29–43. Springer, Cham (2016)
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219 (1996)
Hosoyamada, A., Sasaki, Y.: Quantum Demiric–Selcuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: International Conference on Security and Cryptography for Networks, pp. 386–403. Springer, Cham (2018)
Hosoyamada, A., Sasaki, Y.: Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations. In: Cryptographer’s Track at the RSA Conference, pp. 198–218. Springer, Cham (2018)
Huang, Z., Sun, S.: Synthesizing quantum circuits of AES with lower T-depth and less qubits. Cryptology ePrint Archive (2022)
Ishizu, K.: Beyond 5G/6G architecture and key technologies to realize future life in 2035—overview of NICT beyond 5G/6G white paper and its background. In: IEICE Technical Report; IEICE Tech. Rep
Jang, K., Baksi, A., Song, G., Kim, H., Seo, H., Chattopadhyay, A.: Quantum analysis of AES. Cryptology ePrint Archive (2022)
Jang, K., Choi, S., Kwon, H., Seo, H.: Grover on SPECK: quantum resource estimates. Cryptology ePrint Archive (2020)
Jang, K., Kim, H., Eum, S., Seo, H.: Grover on GIFT. Cryptology ePrint Archive (2020)
Jang, K., Baksi, A., Breier, J., Seo, H., Chattopadhyay, A.: Quantum implementation and analysis of DEFAULT. Cryptology ePrint Archive (2022)
Jang, K., Song, G., Kim, H., Kwon, H., Kim, H., Seo, H.: Efficient implementation of present and gift on quantum computers. Appl. Sci. 11(11), 4776 (2021)
Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing Grover oracles for quantum key search on AES and LowMC. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 280–310. Springer, Cham (2020)
Jean, J., Nikolić, I.: Efficient design strategies based on the AES round function. In: International Conference on Fast Software Encryption, pp. 334–353. Springer, Berlin, Heidelberg (2016)
Kaplan, M.: Quantum attacks against iterated block ciphers. arXiv preprint arXiv:1410.1434 (2014)
Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Annual International Cryptology Conference, pp. 207–237. Springer, Berlin, Heidelberg (2016)
Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2016, 71–94 (2015)
Kuwakado, H., Morii, M.: Security on the quantum-type Even–Mansour cipher. In 2012 International Symposium on Information Theory and its Applications, pp. 312–316. IEEE (2012)
Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: 2010 IEEE International Symposium on Information Theory, pp. 2682–2685. IEEE (2010)
Langenberg, B., Pham, H., Steinwandt, R.: Reducing the cost of implementing the advanced encryption standard as a quantum circuit. IEEE Trans. Quantum Eng. 1, 1–12 (2020)
Latva-aho, M., Leppänen, K., Clazzer, F., Munari, A.: Key drivers and research challenges for 6G ubiquitous wireless intelligence (2020)
Leander, G., May, A.: Grover meets Simon-quantumly attacking the FX-construction. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 161–178. Springer, Cham (2017)
Mitchell, C.J.: The impact of quantum computing on real-world security: a 5G case study. Comput. Secur. 93, 101825 (2020)
Nathan, W., Roetteler, M.: Quantum arithmetic and numerical analysis using repeat-until-success circuits. Quantum Inf. Comput. 16(1 &2), 134–178 (2016)
Nikolic, I.: Tiaoxin-346 (version 2.1). CAESAR competition. https://competitions.cr.yp.to/round3/tiaoxinv21.pdf
Sakamoto, K., Liu, F., Nakano, Y., Kiyomoto, S., Isobe, T.: Rocca: an efficient AES-based encryption scheme for beyond 5G. IACR Trans. Symmetric Cryptol. 2021, 1–30 (2021)
Sakamoto, K., Liu, F., Nakano, Y., Kiyomoto, S., Isobe, T.: Rocca: an efficient AES-based encryption scheme for beyond 5G (Full version). Cryptology ePrint Archive (2022)
Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)
Ulitzsch, V., Seifert, J.P.: Breaking the quadratic barrier: quantum cryptanalysis of Milenage, telecommunications’ cryptographic backbone. Cryptology ePrint Archive (2022)
Wu, H., Preneel, B.: AEGIS: a fast authenticated encryption algorithm (v1.1) CAESAR competition. https://competitions.cr.yp.to/round3/aegisv11.pdf
Xiang, Z., Zeng, X., Lin, D., Bao, Z., Zhang, S.: Optimizing implementations of linear layers. IACR Trans. Symmetric Cryptol. 2020, 120–145 (2020)
Xu, Y., Liu, W., Yu, W.: Quantum forgery attacks on COPA, AES-COPA and marble authenticated encryption algorithms. Quantum Inf. Process. 20(4), 1–21 (2021)
Yang, J., Johansson, T.: An overview of cryptographic primitives for possible use in 5G and beyond. Sci. China Inf. Sci. 63(12), 1–22 (2020)
Zou, J., Wei, Z., Sun, S., Liu, X., Wu, W.: Quantum circuit implementations of AES with fewer qubits. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 697–726. Springer, Cham (2020)
The ZUC-256 Stream Cipher. http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
Funding
This research was conducted under a contract of “Research and development on new generation cryptography for secure wireless communication services” among “Research and Development for Expansion of Radio Wave Resources (JPJ000254)”, which was supported by the Ministry of Internal Affairs and Communications, Japan.
Author information
Authors and Affiliations
Contributions
All authors contributed equally.
Corresponding authors
Ethics declarations
Conflict of interest
Not applicable.
Ethics approval
Not applicable.
Consent to participate
Not applicable.
Consent for publication
Not applicable.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Anand, R., Isobe, T. Quantum security analysis of Rocca. Quantum Inf Process 22, 164 (2023). https://doi.org/10.1007/s11128-023-03908-3
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-023-03908-3