## Cryptology ePrint Archive: Report 2020/1321

Provably Quantum-Secure Tweakable Block Ciphers

Abstract: Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure $n$-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to $O(2^{n/6})$ quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

Category / Keywords: secret-key cryptography / Provable security, Quantum security, Tweakable block cipher, Compressed oracle technique

Date: received 21 Oct 2020, last revised 22 Oct 2020

Contact author: akinori hosoyamada bh at hco ntt co jp,hosoyamada akinori@nagoya-u jp,tetsu iwata@nagoya-u jp

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/1321

[ Cryptology ePrint archive ]