Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Quantum All-Subkeys-Recovery Attacks on 6-round Feistel-2* Structure Based on Multi-Equations Quantum Claw Finding

Wenjie Liu, Mengting Wang, Zixian Li

TL;DR

The paper addresses the vulnerability of Feistel-2* structures to quantum cryptanalysis under a realistic Q1 model, where the adversary cannot access a quantum oracle and data must be gleaned from a few plaintext–ciphertext pairs. It introduces a quantum ASR attack based on multi-equations quantum claw finding to recover all subkeys of a 6-round Feistel-2*, achieving data complexity $O(1)$ and time complexity $O(2^{n/3})$, with qubit overhead $O(n2^{n/3})$. The core innovation is extending single-claw quantum claw finding to a multi-equation setting and integrating Grover/amplitude amplification for remaining keys, yielding a practical quantum attack surpassing prior Q2-model results in data efficiency. The results have implications for the security of Feistel-based ciphers (e.g., Simeck) in future quantum environments and motivate extending the approach to broader $r$-round constructions and other cipher families.

Abstract

Exploiting quantum mechanisms, quantum attacks have the potential ability to break the cipher structure. Recently, Ito et al. proposed a quantum attack on Feistel-2* structure (Ito et al.'s attack) based onthe Q2 model. However, it is not realistic since the quantum oracle needs to be accessed by the adversary, and the data complexityis high. To solve this problem, a quantum all-subkeys-recovery (ASR) attack based on multi-equations quantum claw-finding is proposed, which takes a more realistic model, the Q1 model, as the scenario, and only requires 3 plain-ciphertext pairs to quickly crack the 6-round Feistel-2* structure. First, we proposed a multi-equations quantum claw-finding algorithm to solve the claw problem of finding multiple equations. In addition, Grover's algorithm is used to speedup the rest subkeys recovery. Compared with Ito et al.'s attack, the data complexity of our attack is reduced from O(2^n) to O(1), while the time complexity and memory complexity are also significantly reduced.

Quantum All-Subkeys-Recovery Attacks on 6-round Feistel-2* Structure Based on Multi-Equations Quantum Claw Finding

TL;DR

The paper addresses the vulnerability of Feistel-2* structures to quantum cryptanalysis under a realistic Q1 model, where the adversary cannot access a quantum oracle and data must be gleaned from a few plaintext–ciphertext pairs. It introduces a quantum ASR attack based on multi-equations quantum claw finding to recover all subkeys of a 6-round Feistel-2*, achieving data complexity and time complexity , with qubit overhead . The core innovation is extending single-claw quantum claw finding to a multi-equation setting and integrating Grover/amplitude amplification for remaining keys, yielding a practical quantum attack surpassing prior Q2-model results in data efficiency. The results have implications for the security of Feistel-based ciphers (e.g., Simeck) in future quantum environments and motivate extending the approach to broader -round constructions and other cipher families.

Abstract

Exploiting quantum mechanisms, quantum attacks have the potential ability to break the cipher structure. Recently, Ito et al. proposed a quantum attack on Feistel-2* structure (Ito et al.'s attack) based onthe Q2 model. However, it is not realistic since the quantum oracle needs to be accessed by the adversary, and the data complexityis high. To solve this problem, a quantum all-subkeys-recovery (ASR) attack based on multi-equations quantum claw-finding is proposed, which takes a more realistic model, the Q1 model, as the scenario, and only requires 3 plain-ciphertext pairs to quickly crack the 6-round Feistel-2* structure. First, we proposed a multi-equations quantum claw-finding algorithm to solve the claw problem of finding multiple equations. In addition, Grover's algorithm is used to speedup the rest subkeys recovery. Compared with Ito et al.'s attack, the data complexity of our attack is reduced from O(2^n) to O(1), while the time complexity and memory complexity are also significantly reduced.
Paper Structure (13 sections, 1 theorem, 26 equations, 4 figures, 6 tables, 3 algorithms)

This paper contains 13 sections, 1 theorem, 26 equations, 4 figures, 6 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Notations
  4. Feistel-2* structure
  5. Quantum claw finding algorithm
  6. Grover's algorithm
  7. Multi-equations quantum claw finding algorithm
  8. Quantum All-Subkeys-Recovery Attacks on Feistel-2* Structure
  9. Review of quantum chosen-plaintext attacks against Feistel-2*
  10. Quantum all-subkeys-recovery attacks on 6-round Feistel-2* structure based on multi-equitions quantum claw finding
  11. Application: Attack on 6-round Simeck32/64
  12. Complexity analysis
  13. Conclusion

Key Result

Theorem 1

Algorithm algo2 outputs desired results correctly in the function evaluation, and we can pick $r_1$ and $r_2$ to make number of queries be:

Figures (4)

  • Figure 1: Three Feistel constructions
  • Figure 2: Feistel-2* construction
  • Figure 3: 6-round Feistel-2* structure
  • Figure 4: The round function of Simeck

Theorems & Definitions (1)

  • Theorem 1