Improved Quantum Linear Attacks and Application to CAST

Kaveh Bashiri; Xavier Bonnetain; Akinori Hosoyamada; Nathalie Lang; André Schrottenloher

Paper 2024/1992

Improved Quantum Linear Attacks and Application to CAST

Kaveh Bashiri, Bundesamt für Sicherheit in der Informationstechnik (BSI)

Xavier Bonnetain, Université de Lorraine, CNRS, Inria, LORIA

Akinori Hosoyamada, NTT Social Informatics Laboratories, NTT Research Center for Theoretical Quantum Information

Nathalie Lang, Bauhaus-Universität Weimar

André Schrottenloher, Univ Rennes, Inria, CNRS, IRISA

Abstract

This paper studies quantum linear key-recovery attacks on block ciphers. The first such attacks were last-rounds attacks proposed by Kaplan et al. (ToSC 2016), which combine a linear distinguisher with a guess of a partial key. However, the most efficient classical attacks use the framework proposed by Collard et al. (ICISC 2007), which computes experimental correlations using the Fast Walsh-Hadamard Transform. Recently, Schrottenloher (CRYPTO 2023) proposed a quantum version of this technique, in which one uses the available data to create a quantum \emph{correlation state}, which is a superposition of subkey candidates where the amplitudes are the corresponding correlations. A limitation is that the good subkey is not marked in this state, and cannot be found easily. In this paper, we combine the correlation state with another distinguisher. From here, we can use Amplitude Amplification to recover the right key. We apply this idea to Feistel ciphers and exemplify different attack strategies on LOKI91 before applying our idea on the CAST-128 and CAST-256 ciphers. We demonstrate the approach with two kinds of distinguishers, quantum distinguishers based on Simon's algorithm and linear distinguishers. The resulting attacks outperform the previous Grover-meet-Simon attacks.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Quantum cryptanalysis Linear cryptanalysis Fast Fourier Transform CAST
Contact author(s): kaveh bashiri @ bsi bund de
xavier bonnetain @ inria fr
akinori hosoyamada @ ntt com
nathalie lang @ uni-weimar de
andre schrottenloher @ inria fr
History: 2024-12-12: approved; 2024-12-09: received; See all versions
Short URL: https://ia.cr/2024/1992
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1992,
      author = {Kaveh Bashiri and Xavier Bonnetain and Akinori Hosoyamada and Nathalie Lang and André Schrottenloher},
      title = {Improved Quantum Linear Attacks and Application to {CAST}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1992},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1992}
}