Block Cipher Doubling for a Post-Quantum World

Ritam Bhaumik; André Chailloux; Paul Frixons; Bart Mennink; María Naya-Plasencia

Paper 2022/1342

Block Cipher Doubling for a Post-Quantum World

Ritam Bhaumik

, French Institute for Research in Computer Science and Automation, École Polytechnique Fédérale de Lausanne

André Chailloux, French Institute for Research in Computer Science and Automation

Paul Frixons

, French Institute for Research in Computer Science and Automation, Orange (France), Inria Nancy - Grand-Est research centre

Bart Mennink

, Radboud University Nijmegen

María Naya-Plasencia

, French Institute for Research in Computer Science and Automation

Abstract

In order to maintain a similar security level in a post-quantum setting, many symmetric primitives should have to double their keys and increase their state sizes. So far, no generic way for doing this is known that would provide convincing quantum security guarantees. In this paper we propose a new generic construction, QuEME, that allows to double the key and the state size of a block cipher. The QuEME design is inspired by the ECB-Mix-ECB (EME) construction, but is defined for a different choice of mixing function that withstands our new quantum superposition attack that exhibits a periodic property found in collisions and that breaks EME and a large class of variants of it. We prove that QuEME achieves $n$-bit security in the classical setting, where $n$ is the block size of the underlying block cipher, and at least $n/6$-bit security in the quantum setting. We propose a concrete instantiation of this construction, called Double-AES, that is built with variants of AES-128.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Preprint.
Keywords: block cipher length doubler post-quantum security superposition attacks security proofs AES-128 cryptanalysis
Contact author(s): ritam bhaumik @ epfl ch
andre chailloux @ inria fr
paul frixons @ inria fr
b mennink @ cs ru nl
maria naya_plasencia @ inria fr
History: 2023-06-24: last of 3 revisions; 2022-10-07: received; See all versions
Short URL: https://ia.cr/2022/1342
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1342,
      author = {Ritam Bhaumik and André Chailloux and Paul Frixons and Bart Mennink and María Naya-Plasencia},
      title = {Block Cipher Doubling for a Post-Quantum World},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1342},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1342}},
      url = {https://eprint.iacr.org/2022/1342}
}