Paper 2020/1418

Quantum Period Finding against Symmetric Primitives in Practice

Xavier Bonnetain and Samuel Jaques

Abstract

We present the first complete implementation of the offline Simon's algorithm, and estimate its cost to attack the MAC Chaskey, the block cipher PRINCE and the NIST lightweight candidate AEAD scheme Elephant. These attacks require a reasonable amount of qubits, comparable to the number of qubits required to break RSA-2048. They are faster than other collision algorithms, and the attacks against PRINCE and Chaskey are the most efficient known to date. As Elephant has a key smaller than its state size, the algorithm is less efficient and ends up more expensive than exhaustive search. We also propose an optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis. We stress that our attacks could be applied in the future against today's communications, and recommend caution when choosing symmetric constructions for cases where long-term security is expected.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
quantum cryptanalysisSimon's algorithmPRINCEChaskeyElephant
Contact author(s)
xbonnetain @ uwaterloo ca
samuel jaques @ materials ox ac uk
History
2020-11-15: received
Short URL
https://ia.cr/2020/1418
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1418,
      author = {Xavier Bonnetain and Samuel Jaques},
      title = {Quantum Period Finding against Symmetric Primitives in Practice},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1418},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1418}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.