Abstract
Post-quantum cryptography has attracted much attention from worldwide cryptologists. In ISIT 2010, Kuwakado and Morii gave a quantum distinguisher with polynomial time against 3-round Feistel networks. However, generalized Feistel schemes (GFS) have not been systematically investigated against quantum attacks. In this paper, we study the quantum distinguishers about some generalized Feistel schemes. For d-branch Type-1 GFS (CAST256-like Feistel structure), we introduce (2d - 1)-round quantum distinguishers with polynomial time. For 2d-branch Type-2 GFS (RC6/CLEFIA-like Feistel structure), we give (2d + 1)-round quantum distinguishers with polynomial time. Classically, Moriai and Vaudenay proved that a 7-round 4-branch Type-1 GFS and 5-round 4-branch Type-2 GFS are secure pseudo-random permutations. Obviously, they are no longer secure in quantum setting. Using the above quantum distinguishers, we introduce generic quantum key-recovery attacks by applying the combination of Simon’s and Grover’s algorithms recently proposed by Leander and May. We denote n as the bit length of a branch. For (d2-d+2)-round Type-1 GFS with d branches, the time complexity is \({2^{\left( {\frac{1}{2}{d^2} - \frac{3}{2}d + 2} \right) \cdot \frac{n}{2}}}\), which is better than the quantum brute force search (Grover search) by a factor \({2^{\left( {\frac{1}{4}{d^2} + \frac{1}{4}d} \right)n}}\). For 4d-round Type-2 GFS with 2d branches, the time complexity is \({2^{\frac{{{d^2}n}}{2}}}\), which is better than the quantum brute force search by a factor \({2^{\frac{{3{d^2}n}}{2}}}\).
Similar content being viewed by others
References
Shor P W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J Comput, 1997, 26: 1484–1509
Kuwakado H, Morii M. Security on the quantum-type even-mansour cipher. In: Proceedings of International Symposium on Information Theory and Its Applications, 2012. 312–316
Kuwakado H, Morii M. Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: Proceedings of International Symposium on Information Theory, 2010. 2682–2685
Kaplan M, Leurent G, Leverrier A, et al. Breaking symmetric cryptosystems using quantum period finding. In: Advances in Cryptology - CRYPTO 2016. Berlin: Springer-Verlag, 2016. 207–237
Leander G, May A. Grover meets simon - quantumly attacking the FX-construction. In: Advances in Cryptology - ASIACRYPT 2017, Part II. Berlin: Springer, 2017. 10625: 161–178
Moody D. The ship has sailed: the NIST post-quantum cryptography “competition” (invited talk). In: Advances in Cryptology - ASIACRYPT 2017. Berlin: Springer, 2017
Boneh D, Zhandry M. Secure signatures and chosen ciphertext security in a quantum computing world. In: Advances in Cryptology - CRYPTO 2013. Berlin: Springer, 2013. 8043: 361–379
Grover L K. A fast quantum mechanical algorithm for database search. In: Proceedings of STOC 1996, 1996. 212–219
Simon D R. On the power of quantum computation. SIAM J Comput, 1997, 26: 1474–1483
Feistel H, Notz W A, Smith J L. Some cryptographic techniques for machine-to-machine data communications. Proc IEEE, 1975, 63: 1545–1554
International Organization for Standardization (ISO). Information Technology - Security Techniques - Encryption Algorithms-Part 3: Block Ciphers. International Standard - ISO/IEC 18033-3. 2010. https://www.iso.org/standard/54531.html
Zheng Y L, Matsumoto T, Imai H. On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Advances in Cryptology - CRYPTO 1989. New York: Springer, 1989. 435: 461–480
Moriai S, Vaudenay S. On the pseudorandomness of top-level schemes of block ciphers. In: Advances in Cryptology - ASIACRYPT 2000. Berlin: Springer, 2000. 1976: 289–302
Luby M, Rackoff C. How to construct pseudorandom permutations from pseudorandom functions. SIAM J Comput, 1988, 17: 373–386
Brassard G, Hoyer P, Mosca M, et al. Quantum amplitude amplification and estimation. 2000. ArXiv: quant-ph/0005055
Borghoff J, Canteaut A, Güneysu T, et al. PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In: Advances in Cryptology - ASIACRYPT 2012. Berlin: Springer-Verlag, 2009. 7658: 208–225
Albrecht M R, Driessen B, Kavun E B, et al. Block ciphers - focus on the linear layer (feat. PRIDE). In: Advances in Cryptology - CRYPTO 2014. Berlin: Springer, 2014. 8616: 57–76
Kilian J, Rogaway P. How to protect DES against exhaustive key search. In: Advances in Cryptology - CRYPTO 1996. Berlin: Springer, 1996. 1109: 252–267
Dong X Y, Wang X Y. Quantum key-recovery attack on Feistel structures. Sci China Inf Sci, 2018, 61: 102501
Hosoyamada A, Sasaki Y. Quantum meet-in-the-middle attacks: applications to generic feistel constructions. In: Proceedings of International Conference on Security and Cryptography for Networks, 2018. 386–403
Zhang L T, Wu W L. Pseudorandomness and super pseudorandomness on the unbalanced feistel networks with contracting functions. Chin J Comput, 2009, 32: 1320–1330
Acknowledgements
This work was supported by National Key Research and Development Program of China (Grant No. 2017YFA0303903), Project Funded by China Postdoctoral Science Foundation (Grant No. 2017M620807), National Cryptography Development Fund (Grant No. MMJJ20170121), Zhejiang Province Key R&D Project (Grant No. 2017C01062), National Natural Science Foundation of China (Grant No. 61672019), and Fundamental Research Funds of Shandong University (Grant No. 2016JC029).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dong, X., Li, Z. & Wang, X. Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62, 22501 (2019). https://doi.org/10.1007/s11432-017-9436-7
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-017-9436-7