ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Quantum rebound attacks on reduced-round ARIA-based hash functions

  • Seungjun Baek (Department of Financial Information Security, Kookmin University) ;
  • Jongsung Kim (Department of Financial Information Security, Kookmin University)
  • Received : 2022.02.14
  • Accepted : 2022.11.14
  • Published : 2023.06.20
Download PDF
⟨ Previous Next ⟩

Abstract

ARIA is a block cipher proposed by Kwon et al. at ICISC 2003 that is widely used as the national standard block cipher in the Republic of Korea. Herein, we identify some flaws in the quantum rebound attack on seven-round ARIA-DM proposed by Dou et al. and reveal that the limit of this attack is up to five rounds. Our revised attack applies to not only ARIA-DM but also ARIA-MMO and ARIA-MP among the PGV models, and it is valid for all ARIA key lengths. Furthermore, we present dedicated quantum rebound attacks on seven-round ARIA-Hirose and ARIA-MJH for the first time. These attacks are only valid for the 256-bit key length of ARIA because they are constructed using the degrees of freedom in the key schedule. All our attacks are faster than the generic quantum attack in the cost metric of the time-space tradeoff.

Keywords

Acknowledgement

This work was supported as part of the Military Crypto Research Center (UD210027XD) funded by the Defense Acquisition Program Administration (DAPA) and the Agency for Defense Development (ADD).

References

  1. K. I. S. Agency, ARIA block cipher. https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do (2022/7/10).
  2. D. Kwon, J. Kim, S. Park, S. H. Sung, Y. Sohn, J. H. Song, Y. Yeom, E.-J. Yoon, S. Lee, and J. Lee, New block cipher: ARIA, (Int. Conf. Information Security and Cryptology, Seoul, Rep. of Korea), 2003, pp. 432-445.
  3. J. Daemen and V. Rijmen, The design of Rijndael: AES-The advanced encryption standard, Information Security and Cryptography, Springer, 2002.
  4. J. Kim, J. Lee, C. Kim, J. Lee, and D. Kwon, A description of the ARIA encryption algorithm, Request for Comments, RFC Editor, 2010.
  5. J.-H. Park, W.-H. Kim, J. Lee, and D. Kwon, Addition of the ARIA cipher suites to transport layer security (TLS), Request for Comments, RFC Editor, 2011.
  6. P. W. Shor, Algorithms for quantum computation: discrete logarithms and factoring, (Proceedings 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA), 1994, pp. 124-134.
  7. NIST, Post-quantum cryptography standardization, Sept. 2019. https://csrc.nist.gov/Projects/post-quantum-cryptography/Post-Quantum-Cryptography-Standardization
  8. L. K. Grover, A fast quantum mechanical algorithm for database search, (Proceedings of the Twenty-eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA), May 1996, pp. 212-219.
  9. D. R. Simon, On the power of quantum computation, SIAM J. Comput. 26 (1997), no. 5, 1474-1483. https://doi.org/10.1137/S0097539796298637
  10. X. Bonnetain, M. Naya-Plasencia, and A. Schrottenloher, Quantum security analysis of AES, IACR Trans. Symmetric Cryptol. 2019 (2019), no. 2, 55-93.
  11. X. Dong, Z. Li, and X. Wang, Quantum cryptanalysis on some generalized Feistel schemes, Sci. China Inf. Sci. 62 (2019), no. 2, 22501:1-22501:12. https://doi.org/10.1007/s11432-017-9436-7
  12. A. Hosoyamada and K. Aoki, On quantum related-key attacks on iterated Even-Mansour ciphers, IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 102-A (2019), no. 1, 27-34. https://doi.org/10.1587/transfun.E102.A.27
  13. M. Kaplan, G. Leurent, A. Leverrier, and M. Naya-Plasencia, Quantum differential and linear cryptanalysis, IACR Trans. Symmetric Cryptol. 2016 (2016), no. 1, 71-94.
  14. A. K. Chauhan, A. Kumar, and S. K. Sanadhya, Quantum free-start collision attacks on double block length hashing with round-reduced AES-256, IACR Trans. Symmetric Cryptol. 2021 (2021), no. 1, 316-336. https://doi.org/10.46586/tosc.v2021.i1.316-336
  15. X. Dong, S. Sun, D. Shi, F. Gao, X. Wang, and L. Hu, Quantum collision attacks on AES-like hashing with low quantum random access memories, Asiacrypt 2020, S. Moriai and H. Wang, (eds.), LNCS, Vol. 12492, Springer, 2020, pp. 727-757.
  16. A. Hosoyamada and Y. Sasaki, Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound, Eurocrypt 2020, A. Canteaut and Y. Ishai, (eds.), LNCS, Vol. 12106, Springer, 2020, pp. 249-279.
  17. A. Hosoyamada and Y. Sasaki, Quantum collision attacks on reduced SHA-256 and SHA-512, Crypto 2021, LNCS, Vol. 12825, Springer, 2021, pp. 616-646.
  18. A. F. Gutierrez, G. Leurent, M. Naya-Plasencia, L. Perrin, A. Schrottenloher, and F. Sibleyras, New results on Gimli: Full-permutation distinguishers and improved collisions, Asiacrypt 2020, Springer, 2020, pp. 33-63.
  19. B. Ni, X. Dong, K. Jia, and Q. You, (Quantum) collision attacks on reduced simpira v2, IACR Trans. Symmetric Cryptol. 2021 (2021), 222-248.
  20. G. Brassard, P. Hoyer, and A. Tapp, Quantum cryptanalysis of hash and claw-free functions, Latin 1998, C. L. Lucchesi and A. V. Moura, (eds.), LNCS, Vol. 1380, Springer, 1998, pp. 163-169.
  21. A. Chailloux, M. Naya-Plasencia, and A. Schrottenloher, An efficient quantum collision search algorithm and implications on symmetric cryptography, Asiacrypt 2017, T. Takagi and T. Peyrin, (eds.), LNCS, Vol. 10625, Springer, 2017, pp. 211-240.
  22. P. C. van Oorschot and M. J. Wiener, Parallel collision search with application to hash functions and discrete logarithms, (CCS '94, Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, USA), Nov. 1994, pp. 210-218.
  23. S. Dou, M. Mao, Y. Li, and D. Qiu, Quantum rebound attack to DM structure based on ARIA algorithm, J. phys. Conf. ser. 2078 (2021), 012003.
  24. B. Preneel, R. Govaerts, and J. Vandewalle, Hash functions based on block ciphers: A synthetic approach, Crypto 1993, D. R. Stinson, (ed.), LNCS, Vol. 773, Springer, 1993, pp. 368-378.
  25. S. Hirose, Some plausible constructions of double-block-length hash functions, Fse 2006, M. J. B. Robshaw, (ed.), LNCS, Vol. 4047, Springer, 2006, pp. 210-225.
  26. J. Lee and M. Stam, MJH: A faster alternative to MDC-2, Des. Codes Cryptogr. 76 (2015), no. 2, 179-205. https://doi.org/10.1007/s10623-014-9936-6
  27. J. Black, P. Rogaway, and T. Shrimpton, Black-box analysis of the block-cipher-based hash-function constructions from PGV, Crypto 2002, M. Yung, (ed.), LNCS, Vol. 2442, Springer, 2002, pp. 320-335.
  28. M. A. Nielsen and I. L. Chuang, Quantum computation and quantum information (10th anniversary edition), Cambridge University Press, 2016.
  29. M. Boyer, G. Brassard, P. Hoyer, and A. Tapp, Tight bounds on quantum searching, Fortschritte der Physik: Progr. Phys. 46 (1998), no. 4-5, 493-505. https://doi.org/10.1002/(SICI)1521-3978(199806)46:4/5<493::AID-PROP493>3.0.CO;2-P
  30. F. Mendel, C. Rechberger, M. Schlaffer, and S. S. Thomsen, The rebound attack: Cryptanalysis of reduced whirlpool and grostl, (Int. Workshop on Fast Software Encryption, Leuven, Belguim), 2009, pp. 260-276.
  31. J. Jean, TikZ for cryptographers, 2016. https://www.iacr.org/authors/tikz/
  32. S. Jaques, M. Naehrig, M. Roetteler, and F. Virdia, Implementing grover oracles for quantum key search on AES and lowMC, Eurocrypt 2020, LNCS, Vol. 12106, Springer, 2020, pp. 280-310.
  33. M. Lamberger, F. Mendel, C. Rechberger, V. Rijmen, and M. Schlaffer, Rebound distinguishers: Results on the full whirlpool compression function, Asiacrypt 2009, LNCS, Vol. 5912, Springer, 2009, pp. 126-143.