Paper 2020/1304

QCB: Efficient Quantum-secure Authenticated Encryption

Ritam Bhaumik, French Institute for Research in Computer Science and Automation
Xavier Bonnetain, University of Waterloo, University of Lorraine
André Chailloux, French Institute for Research in Computer Science and Automation
Gaëtan Leurent, French Institute for Research in Computer Science and Automation
María Naya-Plasencia, French Institute for Research in Computer Science and Automation
André Schrottenloher, Centrum Wiskunde & Informatica
Yannick Seurin, ANSSI

It was long thought that symmetric cryptography was only mildly affected by quantum attacks, and that doubling the key length was sufficient to restore security. However, recent works have shown that Simon's quantum period finding algorithm breaks a large number of MAC and authenticated encryption algorithms when the adversary can query the MAC/encryption oracle with a quantum superposition of messages. In particular, the OCB authenticated encryption mode is broken in this setting, and no quantum-secure mode is known with the same efficiency (rate-one and parallelizable). In this paper we generalize the previous attacks, show that a large class of OCB-like schemes is unsafe against superposition queries, and discuss the quantum security notions for authenticated encryption modes. We propose a new rate-one parallelizable mode named QCB inspired by TAE and OCB and prove its security against quantum superposition queries.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2021
authenticated encryptionlightweight cryptographyQCBpost-quantum cryptographyprovable securitytweakable block ciphers
Contact author(s)
ritam bhaumik @ epfl ch
xavier bonnetain @ inria fr
andre chailloux @ inria fr
gaetan leurent @ inria fr
maria naya_plasencia @ inria fr
andre schrottenloher @ inria fr
yannick seurin @ m4x org
2022-12-27: last of 2 revisions
2020-10-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ritam Bhaumik and Xavier Bonnetain and André Chailloux and Gaëtan Leurent and María Naya-Plasencia and André Schrottenloher and Yannick Seurin},
      title = {QCB: Efficient Quantum-secure Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1304},
      year = {2020},
      doi = {10.1007/978-3-030-92062-3_23},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.