Zhang Ping
School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China.
Entropy (Basel). 2022 Jan 20;24(2):153. doi: 10.3390/e24020153.
Shinagawa and Iwata are considered quantum security for the sum of Even-Mansour (SoEM) construction and provided quantum key recovery attacks by Simon's algorithm and Grover's algorithm. Furthermore, quantum key recovery attacks are also presented for natural generalizations of SoEM. For some variants of SoEM, they found that their quantum attacks are not obvious and left it as an open problem to discuss the security of such constructions. This paper focuses on this open problem and presents a positive response. We provide quantum key recovery attacks against such constructions by quantum algorithms. For natural generalizations of SoEM with linear key schedules, we also present similar quantum key recovery attacks by quantum algorithms (Simon's algorithm, Grover's algorithm, and Grover-meet-Simon algorithm).
品川和岩田认为偶数 - 曼苏尔构造的总和(SoEM)具有量子安全性,并通过西蒙算法和格罗弗算法给出了量子密钥恢复攻击。此外,还针对SoEM的自然推广给出了量子密钥恢复攻击。对于SoEM的某些变体,他们发现其量子攻击并不明显,并将讨论此类构造的安全性作为一个开放问题。本文聚焦于这个开放问题并给出了肯定的回应。我们通过量子算法针对此类构造提供了量子密钥恢复攻击。对于具有线性密钥调度的SoEM的自然推广,我们也通过量子算法(西蒙算法、格罗弗算法和格罗弗 - 与 - 西蒙算法)给出了类似的量子密钥恢复攻击。
