Abstract
Generalized Feistel networks are important components of symmetric ciphers, and detailed security evaluations in the quantum setting remain to be explored. In this paper, based on the strong–weak separability of certain branch output function, we present polynomial-time quantum distinguishers for 4F-function and 2F-function structures in quantum chosen-plaintext attack setting for the first time, and then quantum key-recovery attacks are achieved through Grover-meet-Simon algorithm, respectively. Under the condition of the semi-strong separability, firstly, we give a quantum distinguisher on 8-round 4F-function structure, from which we carry out a 12-round quantum key-recovery attack to guess 10n-bit subkey, whose time complexities gain a factor of \(2^{5n}\). When attacking \(r>12\) rounds, we can recover \(4(r - 12)n + 10n\)-bit subkey in time \({2^{\frac{{4(r - 12)n + 10n}}{2}}}\). Secondly, we show a quantum distinguisher on 5-round 2F-function structure, and a 7-round quantum key-recovery attack is performed on it, which can recover 3n-bit subkey in time \({2^{1.5n}}\). When \(r>7\), \(2(r - 7)n + 3n\)-bit subkey can be recovered with time complexities by a factor of \({2^{\frac{{2(r - 7)n + 3n}}{2}}}\). Furthermore, based on the weak separability, a 6-round quantum distinguisher for 2F-function structure is constructed, and an 8-round quantum key-recovery attack is achieved, and the time complexity is \({2^{\frac{{2(r - 8)n + 3n}}{2}}}\) when \(r>8\). The results show that the time complexity of each attack scheme we proposed is much better than that of Grover’s brute force search.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Data availability
No new data were generated or analyzed in support of this research.
References
Feistel, H.: Cryptography and computer privacy. Sci. Am. 228(5), 15–23 (1973). Preprint at http://www.jstor.org/stable/24923044
Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-bit block cipher suitable for multiple platforms—design andanalysis. In: Selected Areas in Cryptography, pp. 39–56. Springer, Berlin (2001). https://doi.org/10.1007/3-540-44983-3_4
Izadi, M., Sadeghiyan, B., Sadeghian, S.S., Khanooki, H.A.: MIBS: a new lightweight block cipher. In: Cryptology and Network Security, pp. 334–348. Springer, Berlin (2009). https://doi.org/10.1007/978-3-642-10433-6_22
Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Advances in Cryptology CRYPTO’ 89 Proceedings, pp. 461–480. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_42
Lucks, S.: Faster Luby-Rackoff ciphers. In: Fast Software Encryption, pp. 189–203. Springer, Berlin (1996). https://doi.org/10.1007/3-540-60865-6_53
Schneier, B., Kelsey, J.: Unbalanced feistel networks and block cipher design. In: Fast Software Encryption, pp. 121–144. Springer, Berlin (1996). https://doi.org/10.1007/3-540-60865-6_49
Adams, D.C., Gilchrist, J.: The CAST-256 Encryption Algorithm. Preprint at https://doi.org/10.17487/RFC2612 (1999)
Yeoh, W.-Z., Teh, J.S., Sazali, M.I.S.B.M.: \(\mu \)2 : A lightweight block cipher. In: Computational Science and Technology, pp. 281–290. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-0058-9_27
Moriai, S., Vaudenay, S.: On the pseudorandomness of top-level schemes of block ciphers. In: Advances in Cryptology ASIACRYPT 2000, pp. 289–302. Springer, Berlin (2000). https://doi.org/10.1007/3-540-44448-3_22
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219. Association for Computing Machinery, New York (1996). https://doi.org/10.1145/237814.237866
Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997). https://doi.org/10.1137/S0097539796298637
Kaplan, M., Leurent, G., Leverrier, A., Mara, N.-P.: Quantum differential and linear cryptanalysis. IACR Transactions on Symmetric Cryptology, Volume 2016, pp. 71–94 (2016) https://doi.org/10.13154/tosc.v2016.i1.71-94
Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round Feistel cipher and the random permutation. In: 2010 IEEE International Symposium on Information Theory (2010). https://doi.org/10.1109/ISIT.2010.5513654
Leander, G., May, A.: Grover meets Simon—quantumly attacking the FX-construction. In: Advances in Cryptology ASIACRYPT 2017, pp. 161–178. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_6
Dong, X., Wang, X.: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61(10), 102501 (2018). https://doi.org/10.1007/s11432-017-9468-y
Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2), 22501 (2019). https://doi.org/10.1007/s11432-017-9436-7
Dong, X., Dong, B., Wang, X.: Quantum attacks on some Feistel block ciphers. Des. Codes Cryptography 88(6), 1179–1203 (2020). https://doi.org/10.1007/s10623-020-00741-y
Ni, B., Ito, G., Dong, X., Iwata, T.: Quantum attacks against type-1 generalized Feistel ciphers and applications to cast-256. In: Progress in Cryptology—INDOCRYPT 2019, pp. 433–455. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35423-7_22
Brasen Kidmose, A., Knudsen Ramkilde, L., Hodžić, S.: On quantum distinguishers for type-3 generalized feistel network based on separability. In: Post-Quantum Cryptography, pp. 461–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_25
Zhang, Z., Wu, W., Han, S., Wang, B.: Quantum attacks on type-3 generalized Feistel scheme and unbalanced Feistel scheme with expanding functions. Chin. J. Electron. 32(2), 209–216 (2023). https://doi.org/10.23919/cje.2021.00.294
You, Q.D., Qian, X., Zhou, X., Zhang, Y., Zhao, X.J.: Research on quantum cryptanalysis on sms4-like structure and NBC algorithm. J. Cryptologic Res. 7(6), 864–874 (2020). https://doi.org/10.13868/j.cnki.jcr.000412
Cid, C., Hosoyamada, A., Liu, Y., Sim, S.M.: Quantum cryptanalysis on contracting Feistel structures and observation on related-key settings. In: Progress in Cryptology—INDOCRYPT 2020, pp. 373–394. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_17
Hodžić, S., Knudsen, L.R.: A quantum distinguisher for 7/8-round sms4 block cipher. Quantum Inf. Process. 19(11), 411 (2020). https://doi.org/10.1007/s11128-020-02929-6
Qian, X., You, Q.D., Zhou, X., Zhang, Y., Zhao, X.J.: Quantum attack on mars-like Feistel schemes. J. Cryptologic Res. 8(3), 417–431 (2021). https://doi.org/10.13868/j.cnki.jcr.000448
Cui, J., Guo, J., Ding, S.: Applications of Simon’s algorithm in quantum attacks on Feistel variants. Quantum Inf. Process. 20(3), 1–50 (2021). https://doi.org/10.1007/s11128-021-03027-x
Nyberg, K.: Generalized Feistel networks. In: Advances in Cryptology ASIACRYPT ’96, pp. 91–104. Springer, Berlin (1996). https://doi.org/10.1007/BFb0034838
Wu, S., Wang, M.: Security Evaluation against Differential Cryptanalysis for Block Cipher Structures. Preprint at https://eprint.iacr.org/2011/551 (2011)
Cui, T., Fu, L.S., Jin, C.H.: Zero correlation linear approximations and impossible differentials of new-structure series with SP networks. ACTA Electonica Sinica 45(6), 1367–1374 (2017). https://doi.org/10.3969/j.issn.0372-2112.2017.06.013
YU, B., Sun, B., Liu, G.Q., Zhang, Z.Y.: Quantum cryptanalysis on some generalized unbalanced Feistel networks. J. Cryptologic Res. 8(6), 960–973 (2021). https://doi.org/10.13868/j.cnki.jcr.000490
Zou, K., Dong, X., Zhang, F.: Improved quantum attack on several generalized unbalanced Feistel structures. In: 2022 International Conference on Networks, Communications and Information Technology (CNCIT) (2022). https://doi.org/10.1109/CNCIT56797.2022.00026
Brassard, G., Hoyer, P., Mosca, M., Tapp, A.: Quantum Amplitude Amplification and Estimation. Preprint at https://doi.org/10.48550/arXiv.quant-ph/0005055 (2000)
Acknowledgements
This work was partially supported by the National Natural Science Foundation of China (Grant Nos. 62172337 and 61902073) and Key Project of Gansu Natural Science Foundation under Grant Number 23JRRA685.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors disclosed no relevant relationships.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Xu, Y., Du, X., Jia, M. et al. Quantum attacks on generalized Feistel networks based on the strong–weak separability. Quantum Inf Process 22, 375 (2023). https://doi.org/10.1007/s11128-023-04135-6
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-023-04135-6