dc.description.abstract |
Post-quantum cryptography is a branch of cryptography aimed at designing secure
conventional cryptographic systems against an adversary having access to quantum
computers. Works in this area span from theoretical analysis of security definitions and
protocols to the research of classical and quantum cryptanalytic algorithms to developing
cryptographic schemes that can be deployed for real-world usage.
Symmetric cryptography studies a range of techniques in which data’s confidentiality
and/or authenticity are protected based on a shared secret or by condensing inputs to short
strings with a public hash function. The goal of cryptanalysis is to identify weaknesses in
generic and specific constructions. The introduction of quantum computers has resulted in
the need to re-evaluate the security of all the existing primitives. In this thesis, we focus
on the study of existing symmetric-key cryptosystems in the quantum paradigm.
First, we study how Grover’s search algorithm affects the cost of running key search
attacks against the ARIA block cipher. Such attacks have been suggested by the National
Institute of Standards and Technology as reference points for defining quantum security
and, therefore, their cost should be well understood. Furthermore, Grover speedups are a
component of many quantum attacks, making the study of these trade-offs of independent
interest.
Second, we implement Grover’s algorithm for lightweight block ciphers in Q#, a
quantum programming kit developed by Microsoft. Their implementation could provide a
precise estimate of quantum resources and be automated for various time-space trade-offs.
Under the NIST’s maximum circuit-depth constraint, we give the precise cost estimates of Grover-based key search attacks on lightweight block ciphers such as GIFT, SKINNY,
and SATURNIN.
Third, we study the double block-length hash functions built from block ciphers against
the quantum attacker who can only make classical queries to hash functions but performs
offline quantum calculations. We mount a 10-round free-start collision attack on Hirose’s
compression function when the underlying block cipher is instantiated with AES-256. We
provide various time-memory trade-offs for our attacks depending on quantum random
access memory availability.
Finally, we investigate the security of the FOX construction based on the Lai-Massey
scheme against the quantum attackers who can make superposition queries to the
cryptographic oracle. We show that the 3-round FOX construction is not a pseudorandom
permutation against quantum chosen-plaintext attacks. We also show that the 4-round FOX
construction is not a strong pseudorandom permutation against quantum chosen-ciphertext
attacks. In addition, we prove that the 4-round FOX construction is a secure PRP against
quantum chosen-plaintext attacks. |
en_US |