Open AccessA new quantum cryptanalysis method on block cipher Camellia
Author(s) -
Li Yanjun,
Lin Hao,
Liang Meng,
Sun Ying
Publication year - 2021
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/ise2.12037
Subject(s) - block cipher , boomerang attack , computer science , camellia , cryptanalysis , linear cryptanalysis , mathematics , algorithm , theoretical computer science , cryptography , discrete mathematics , arithmetic , computer security
Symmetric cryptography is expected to be quantum safe when long‐term security is needed. Kuwakado and Morii gave a 3‐round quantum distinguisher of the Feistel cipher based on Simon's algorithm. However, the quantum distinguisher without considering the specific structure of the round function is not accurate enough. A new quantum cryptanalysis method for Feistel structure is studied here. It can make full use of the specific structure of the round function. The properties of Camellia round function and its linear transformation P are taken into account, and a 5‐round quantum distinguisher is proposed. Then, the authors follow a key‐recovery attack framework by Leander and May, that is, Grover‐meet‐Simon algorithm, and give a quantum key‐recovery attack on 7‐round Camellia in Q2 model with the time complexity of 2 24 . It is the very first time that the specific structure of the round function is used to improve quantum attack on Camellia.