Abstract
Key-alternating Feistel (KAF) cipher, refer to Feistel scheme with round functions of the form F(x\( \oplus \)k), where \(\textit{k}\) is the round-key and \(\textit{F}\) is a public random function. This model roughly captures the structures of many famous Feistel ciphers, and the most prominent instance is DES. In order to analyze how KAF cipher can achieve security under simpler and more realistic assumptions from the view of provable security, a kind of KAF cipher is widely studied, which is called KAF cipher for shorter keys. Existing KAF ciphers for shorter keys (SCIS 2021, ASIACRYPT 2018 and ACNS 2020) have been proved to be super pseudorandom permutations (SPRPs) and can achieve birthday bound security. In this paper, we focus on the quantum security of the KAF ciphers for shorter keys. We show that the KAF ciphers for shorter keys are insecure against quantum chosen-plaintext attacks (qCPA). According to our study, the KAF ciphers for shorter keys can be distinguished from random permutation based on Simon’s algorithm in polynomial time. We also show that the KAF ciphers for shorter keys with arbitrary rounds are insecure in the qCPA setting. In addition, we propose quantum multi-user distinguishing attacks on the KAF ciphers for shorter keys. The results show that the KAF ciphers for shorter keys can be distinguished from random permutation in polynomial time in the qCPA setting even if either the round function or the number of rounds is unknown.
Similar content being viewed by others
Data availability
All data generated or analyzed during this study are included in this published article.
References
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)
Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997)
Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, June 13–18, 2010, Austin, TX, USA, Proceedings, pp. 2682–2685 (2010)
Kuwakado, H., Morii, M.: Security on the quantum-type Even-Mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31, 2012, pp. 312–316 (2012)
Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, pp. 207–237. Springer, Heidelberg (2016)
Leander, G., May, A.: Grover meets Simon - quantumly attacking the FX construction. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, pp. 161–178. Springer, Cham (2017)
Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 180–191 (2019)
Dong, X., Wang, X.: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61, 1–7 (2018)
Hodžić, S., Ramkilde, L., Kidmose, A.: On Quantum Distinguishers for Type-3 Generalized Feistel Network Based on Separability. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020, pp. 461–480. Springer, Cham (2020)
Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Y., Iwata, T.: Quantum chosen ciphertext attacks against Feistel ciphers. In: Matsui, M. (ed.) CT-RSA 2019, pp. 391–411. Springer, Cham (2019)
Ni, B., Ito, G., Dong, X., Iwata, T.: Quantum attacks against type-1 generalized Feistel ciphers and applications to CAST-256. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019, pp. 433–455. Springer, Cham (2019)
Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: On Quantum Slide Attacks. In: Selected Areas in Cryptography. SAC 2019, pp. 492–519. Springer, Cham (2019)
Dong, X., Dong, B., Wang, X.: Quantum attacks on some Feistel block ciphers. Des. Codes Cryptogr. 88(6), 1179–1203 (2020)
Hosoyamada, A., Sasaki, Y.: Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic Feistel constructions. In: Catalano, D., De Prisco, R. (eds.) SCN 2018, pp. 386–403. Springer, Cham (2018)
Lampe, R., Seurin, Y.: Security analysis of key-alternating feistel ciphers. In: Cid, C., Rechberger, C. (eds.) FSE 2014, pp. 243–264. Springer, Heidelberg (2015)
NIST: Data Ecryption Standard (DES). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
National Soviet Bureau of Standards: Information Processing System—Cryptographic Protection—Cryptographic Algorithm GOST 28147–89 (1989)
Aoki,K., Ichikawa,T., Kanda, M.,et al.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: D.R. Stinson, S. Tavares (ed.) SAC 2000, pp. 39–56. Springer (2001)
Wu, W., Zhang, L.: LBlock: A lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 11: 9th International Conference on Applied Cryptography and Network Security, pp. 327–344. Springer, Heidelberg (2011)
Suzaki, T., Minematsu, K., Morioka, S., et al.: TWINE : A lightweight block cipher for multiple platforms. In: Knudsen, L., Wu, H. (eds.) SAC 2012: 19th Annual International Workshop on Selected Areas in Cryptography, pp. 339–354. Springer, Heidelberg (2013)
Hong, D., Sung, J., Hong, S., et al.: HIGHT: A new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, pp. 46–59. Springer, Heidelberg (2006)
Needham, R., Wheeler, D.: Tea extensions. Report (Cambridge University, Cambridge, UK, 1997) Google Scholar (1997)
Guo, J., Peyrin, T., Poschmann, A., et al.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2011, pp. 326–341. Springer, Heidelberg (2011)
Knudsen, L., Leander, G., Poschmann, A., et al.: PRINTcipher: A block cipher for IC printing. In: Mangard, S., Standaert, F. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2010, pp. 16–32. Springer, Heidelberg (2010)
Shen, Y., Yan, H., Wang, L., et al.: Secure key-alternating Feistel ciphers without key schedule. Sci. China. Inf. Sci. 64(1), 119103 (2021)
Guo, C., Wang, L.: Revisiting key-alternating feistel ciphers for shorter keys and multi-user security. In: Peyrin, T., Galbraith, S. (eds.) Advances in Cryptology - ASIACRYPT 2018, Part I, pp. 213–243. Springer, Heidelberg (2018)
Yan, H., Wang, L., Shen, Y., et al.: Tweaking Key-Alternating Feistel Block Ciphers. In: Conti, M., Zhou, J. (eds.) International Conference on Applied Cryptography and Network Security, pp. 69–88. Springer, Cham (2020)
Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)
Biham, E.: How to decrypt or even substitute DES-encrypted messages in 228 steps. Inf. Process. Lett. 84(3), 117–124 (2002)
Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, part I, pp. 247–276. Springer, Heidelberg (2016)
Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000, pp. 259–274. Springer, Heidelberg (2000)
Mouha, N., Luykx, A.: Multi-key security: the even-mansour construction revisited. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, part I, pp. 209–223. Springer, Heidelberg (2015)
Acknowledgements
This work is supported by the National Natural Science Foundation of China (No. 62072445).
Author information
Authors and Affiliations
Corresponding authors
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhang, Z., Wu, W., Sui, H. et al. Quantum generic attacks on key-alternating Feistel ciphers for shorter keys. Quantum Inf Process 21, 219 (2022). https://doi.org/10.1007/s11128-022-03505-w
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-022-03505-w