Quantum forgery attacks on COPA,AES-COPA and marble authenticated encryption algorithms
Yinsong Xu, Wenjie Liu, Wenbin Yu
TL;DR
The paper addresses the vulnerability of COPA, AES-COPA, and Marble to forgery under quantum attacks by leveraging Simon's algorithm to find the hidden period in the tag-generation process. It develops explicit quantum forgery constructions for COPA (with and without associated data), AES-COPA (v.1 and v.2), and Marble, reducing the required quantum queries from $O(2^{n/2})$ to $O(n)$ while achieving success probabilities near 1. The contributions include concrete period-finding attacks that yield valid forgeries across multiple input configurations and a thorough efficiency comparison against classical approaches. The work highlights a significant quantum threat to CAESAR-submission family authenticated encryption, underscoring the need for quantum-resistant designs and signaling avenues for future research including offline Grover-based enhancements.
Abstract
The classic forgery attacks on COPA, AES-COPA and Marble authenticated encryption algorithms need to query about 2^(n/2) times, and their success probability is not high. To solve this problem, the corresponding quantum forgery attacks on COPA, AES-COPA and Marble authenticated encryption algorithms are presented. In the quantum forgery attacks on COPA and AES-COPA, we use Simon's algorithm to find the period of the tag generation function in COPA and AES-COPA by querying in superposition, and then generate a forged tag for a new message. In the quantum forgery attack on Marble, Simon's algorithm is used to recover the secret parameter L, and the forged tag can be computed with L. Compared with classic forgery attacks on COPA, AES-COPA and Marble, our attack can reduce the number of queries from O(2^(n/2)) to O(n) and improve success probability close to 100%.