Cryptology ePrint Archive: Report 2017/688

Quantum Collision-Finding in Non-Uniform Random Functions

Marko Balogh and Edward Eaton and Fang Song

Abstract: We give a complete characterization of quantum attacks for finding a collision in a non- uniform random function whose outputs are drawn according to a distribution of min-entropy k. This can be viewed as showing generic security of hash functions under relaxed assumptions in contrast to the standard heuristic of assuming uniformly random outputs. It also has ap- plications in analyzing quantum security of the Fujisaki-Okamoto transformation [TU TCC16B]. In particular, our results close a gap in the lower bound left open in [TTU PQCrypto16].

Specifically, let $D$ be a min-entropy $k$ distribution on a set $Y$ of size $N$. Let $f: X\to Y$ be a function whose output $f(x)$ is drawn according to $D$ for each $x \in X$ independently. We show that $\Omega(2^{k/3})$ quantum queries are necessary to find a collision in $f$, improving the previous bound $\Omega(2^{k/9})$. In fact we show a stronger lower bound $2^{k/2}$ in some special case. For all cases, we also describe explicit quantum algorithms that find a collision with a number of queries matching the corresponding lower bounds.

Category / Keywords: foundations / collision resistance, quantum security, hash functions

Date: received 11 Jul 2017, last revised 26 Nov 2017

Contact author: fsong at pdx edu

Available format(s): PDF | BibTeX Citation

Note: proofs largely updated for modularity; added discussion on preimage and second preimage resistance

Version: 20171126:094403 (All versions of this report)

Short URL: ia.cr/2017/688