随机预言
明文
计算机科学
加密
量子
甲骨文公司
离散数学
钥匙(锁)
功能(生物学)
算法
组合数学
理论计算机科学
公钥密码术
算术
数学
计算机安全
物理
量子力学
软件工程
进化生物学
生物
作者
Takanori Daiza,Kazuki Yoneyama
标识
DOI:10.1007/978-3-031-15255-9_7
摘要
The Feistel-2 (a.k.a, Feistel-KF) structure is a variant of the Feistel structure such that the i-th round function is given by $$\mathsf {F}_i(k_i \oplus x)$$ , where $$\mathsf {F}_i$$ is a public random function and its input/output length is n/2 bits. Isobe and Shibutani showed a meet-in-the-middle attack in the classical setting with $$(D,T)=(O(1),O(2^{n/2}))$$ on the 3-round Feistel-2 structure where D and T are the numbers of online/offline queries, respectively. In their attack, since two round keys are recovered simultaneously, a naive application of Grover’s algorithm for two keys needs $$T = O(2^{n/2})$$ in the quantum setting. In this paper, we introduce a new known plaintext attack and chosen plaintext attack on the 3-round Feistel-2 structure in the quantum setting using Grover’s algorithm by recovering the round key one by one in $$(D,T)=(O(1),O(2^{n/4}))$$ . Our attack does not need any quantum query to the encryption oracle (i.e., working in the Q1 model).
科研通智能强力驱动
Strongly Powered by AbleSci AI