ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development

Previous Articles     Next Articles

Quantum Differential Collision Key Recovery Attack of Multi-Round EM Structure

Zhang Zhongya1,2,3, Wu Wenling1,2, Zou Jian4   

  1. 1Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190)

    2University of Chinese Academy of Sciences, Beijing 100190)

    3Luoyang Normal University, Luoyang, Henan 471934)

    4College of Mathematics and Computer Science, Fuzhou University, Fuzhou 350108)

  • Supported by: 
    This work was supported by the National Natural Science Foundation of China(61672509, 62072445, 61902073).

Abstract: The development and application of quantum algorithms have exerted a profound influence on the design and analysis of cryptographic algorithms. Currently, the Grover search algorithm and Simon quantum period finding algorithm are the most widely used algorithms in the quantization of cryptographic analysis. However, as the quantization of birthday collision attack, BHT (Brassard, Høyer, Tapp) quantum collision search algorithm has not been applied in cryptanalysis. It is of great significance to study the BHT algorithm for the analysis and application of cryptographic algorithms. By analyzing the multi-round EM (Even, Mansour) structure, the combination of collision search algorithm and differential key recovery attack is studied under classical and quantum conditions, what is more the multi-round EM structure is attacked with differential collision key recovery, and the attack is quantified from the perspective of BHT algorithm. The results demonstrate that the time complexity of the differential key recovery attack on r-round EM structure decreases from  to  and the speed is  times faster when the differential probability is  as under classical conditions. In the quantum conditions, when the differential probability is, the time complexity of differential collision key recovery attack based on BHT collision search is better than that based on Grover search, which shows the effectiveness of BHT algorithm on specific cryptanalysis.

Key words:

"> quantum computing, Grover quantum algorithm, BHT quantum algorithm, differential analysis, EM structure