Paper 2021/1561

Quantum Time/Memory/Data Tradeoff Attacks

Orr Dunkelman
Nathan Keller
Eyal Ronen, Tel Aviv University
Adi Shamir

One of the most celebrated and useful cryptanalytic algorithms is Hellman's time/memory tradeoff (and its Rainbow Table variant), which can be used to invert random-looking functions on $N$ possible values with time and space complexities satisfying $TM^2=N^2$. As a search problem, one can always transform it into the quantum setting by using Grover's algorithm, but this algorithm does not benefit from the possible availability of auxiliary advice obtained during a free preprocessing stage. However, at FOCS'20 it was rigorously shown that a small amount of quantum auxiliary advice (which can be stored in a quantum memory of size $M \leq O(\sqrt{N})$) cannot possibly yield an attack which is better than Grover's algorithm. In this paper we develop new quantum versions of Hellman's cryptanalytic attack which use large memories in the standard QACM (Quantum Accessible Classical Memory) model of computation. In particular, we improve Hellman's tradeoff curve to $T^{4/3}M^2=N^2$. When we generalize the cryptanalytic problem to a time/memory/data tradeoff attack (in which one has to invert $f$ for at least one of $D$ given values), we get the generalized curve $T^{4/3}M^2D^2=N^2$. A typical point on this curve is $D=N^{0.2}$, $M=N^{0.6}$, and $T=N^{0.3}$, whose time is strictly lower than both Grover's algorithm and the classical Hellman algorithm (both of which require $T=N^{0.4}$ for these $D$ and $M$ parameters).

Available format(s)
Secret-key cryptography
Publication info
Quantum Cryptanalysis TMD Attacks Hellman Tables Rainbow Tables
Contact author(s)
eyal ronen @ cs tau ac il
2022-06-09: revised
2021-11-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Orr Dunkelman and Nathan Keller and Eyal Ronen and Adi Shamir},
      title = {Quantum Time/Memory/Data Tradeoff Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1561},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.