In this paper, we report the first quantum key-recovery attack on a symmetric
block cipher design, using classical queries only, with a more than quadratic
time speedup compared to the best classical attack.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

We study the 2XOR-Cascade construction of Gav{z}i and Tessaro
(EUROCRYPT~2012). It is a key length extension technique which provides an
n-bit block cipher with 5n/2 bits of security out of an n-bit block cipher with
2n bits of key, with a security proof in the ideal model. We show that the
offline-Simon algorithm of Bonnetain et al. (ASIACRYPT~2019) can be extended
to, in particular, attack this construction in quantum time ~O($2^n$),
providing a 2.5 quantum speedup over the best classical attack.

Regarding post-quantum security of symmetric ciphers, it is commonly assumed
that doubling the key sizes is a sufficient precaution. This is because
Grover’s quantum search algorithm, and its derivatives, can only reach a
quadratic speedup at most. Our attack shows that the structure of some
symmetric constructions can be exploited to overcome this limit. In particular,
the 2XOR-Cascade cannot be used to generically strengthen block ciphers against
quantum adversaries, as it would offer only the same security as the block
cipher itself.

By admin