| 摘要: |
| 随着量子计算机和量子计算技术的迅速发展,量子算法对密码系统安全性的威胁迫在眉睫。之前的研究表明,许多经典安全的对称密码结构或方案在基于Simon算法的量子攻击下不安全,例如3轮Feistel结构、Even-Mansour结构、CBC-MAC、GCM和OCB等方案。可调加密方案通常设计为分组密码工作模式,用于磁盘扇区加密,其结构可以分为Encrypt-MaskEncrypt (CMC、EME、EME*等)、Hash-CTR-Hash (XCB、HCTR、HCH等)和Hash-ECB-Hash (PEP、TET、HEH等)三种类型。本文利用Simon算法,对HCTR、HCH、PEP和HEH四种可调加密方案进行了分析,研究结果表明这四种可调加密方案在选择明文量子攻击下是不安全的,使用多项式次的量子问询即可得到与方案秘密值有关的周期函数的周期,进而将其和可调随机置换区分开来。对于利用Simon算法对可调加密方案的攻击,构造周期函数是关键。一般基于两种特殊形式的可调加密方案构造周期函数:一种是固定调柄,一种是变化调柄。本文用变化调柄的方法给出了对CMC和TET两种可调加密方案更简洁的量子攻击方法。通过对比分析,固定调柄和变化调柄两种不同的Simon量子攻击方式得到的周期不同,可结合得到进一步的结果。最后本文从固定调柄和变化调柄的角度对可调加密方案的一般量子攻击方法进行了总结,并给出了对基于泛哈希函数可调加密方案(Hash-CTR-Hash和Hash-ECB-Hash)的通用攻击。 |
| 关键词: 可调加密方案 HCTR HCH PEP HEH Simon 量子算法 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.03.08 |
| Received:May 30, 2020Revised:September 08, 2020 |
| 基金项目:本课题得到国家自然科学基金(No.61732021)和国家重点研发计划(No.2018YFB0803800,No.2018YFA0704704)资助。 |
|
| Study on Tweakable Enciphering Schemes Against Simon’s Quantum Algorithm |
| MAO Shuping,WANG Peng,HU Lei |
| State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
| Abstract: |
| With the rapid development of quantum computers and quantum computing technology, the threat of quantum attack algorithms to the security of cryptosystems is imminent. Previous studies have shown that many classically secure symmetric cryptographic structures or schemes are not secure under quantum attacks based on Simon's algorithm, for example, 3 rounds Feistel structure, Even-Mansour structure, and schemes including CBC-MAC, GCM, OCB, etc. Usually designed as block cipher modes of operation, tweakable enciphering schemes can be used as disk sector encryption algorithm and its structures can be divided into three types: Encrypt-Mask-Encrypt (CMC, EME, EME*, etc.), Hash-CTR-Hash (XCB, HCTR, HCH, etc.) and Hash-ECB-Hash (PEP, TET, HEH, etc.). This paper uses Simon’s algorithm to analyze four tweakable enciphering schemes including HCTR, HCH, PEP and HEH, showing that these four tweakable enciphering schemes are insecure under the quantum chosen-plaintext attacks. The period of the periodic function related to the secret value of the scheme can be obtained by using Simon’s algorithm with polynomial quantum queries, and then can be used to distinguish the scheme from a tweakable random permutation. For attacks on tweakable enciphering schemes using Simon’s algorithm, the construction of periodic functions is the key point. Generally, periodic functions are constructed based on two special forms of tweakable enciphering schemes: one is fixed tweaks, and the other is variable tweaks. More concise quantum attacks against two tweakable enciphering schemes CMC and TET are given by using the method of variable tweaks. It is shown that the two different quantum attacks with fixed tweaks and variable tweaks have different periods, which can be combined to obtain further results. Finally, we summarize general quantum attacking methods against tweakable enciphering schemes from the perspective of fixed tweaks and variable tweaks, and gives a general attack on tweakable enciphering schemes based on universal hash functions (Hash-CTR-Hash and Hash-ECB-Hash). |
| Key words: tweakable enciphering scheme HCTR HCH PEP HEH Simon’s Algorithm |
