Paper 2023/1157
Quantum Cryptanalysis of OTR and OPP: Attacks on Confidentiality, and Key-Recovery
Abstract
In this paper, we analyze the security of authenticated encryption modes OTR (Minematsu, Eurocrypt 2014) and OPP (Granger, Jovanovic, Mennink, and Neves, Eurocrypt 2016) in a setting where an adversary is allowed to make encryption queries in quantum superposition. Starting with OTR -- or more technically, AES-OTR, a third-round CAESAR candidate -- we extend prior quantum attacks on the mode's unforgeability in the literature to provide the first attacks breaking confidentiality, i.e., IND-qCPA security, of AES-OTR in different settings depending on how the associated data is processed. On a technical level, one of our IND-qCPA attacks involves querying the quantum encryption oracle on a superposition of data with unequal length; to the best of our knowledge, such an attack has never been modelled before in the (post-)quantum cryptographic literature, and we hence believe our technique is of independent interest. Coming to OPP, we present the first key-recovery attack against the scheme which uses only a single quantum encryption query.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. SAC 2023
- Keywords
- AES-OTROPPAuthenticated EncryptionIND-qCPA SecurityKey-RecoverySimon's AlgorithmDeutsch's Algorithm
- Contact author(s)
-
mjauch @ student ethz ch
vmaram @ inf ethz ch - History
- 2023-07-27: approved
- 2023-07-27: received
- See all versions
- Short URL
- https://ia.cr/2023/1157
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1157,
author = {Melanie Jauch and Varun Maram},
title = {Quantum Cryptanalysis of OTR and OPP: Attacks on Confidentiality, and Key-Recovery},
howpublished = {Cryptology ePrint Archive, Paper 2023/1157},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/1157}},
url = {https://eprint.iacr.org/2023/1157}
}
