CR04 report – Breaking Symmetric Cryptosystems using Quantum Period Finding

Quantum computers are a severe threat to our modern cryptography, as with Shor’s algorithm [14], assymetric cryptography may not be secure anymore. However, the problem has been less studied for symmetric cryptography in the past. Using Grover’s algorithm [5], one can find the private key of an encryption scheme using O( √ n) operations instead of an optimal O(n) in the classical setting (where n is the number of possible keys). This means that in the general case, doubling the key size could be enough to restore the same level of security as before. But is this result still optimal for schemes of symmetric cryptography? The paper [6] proves that it is not the case: using Simon’s algorithm [15] and some properties of its behavior in the non-ideal case that we are going to detail next, the authors manage to break the security of some symmetric cryptographic constructions, followed by many widely used message authentication and authenticated encryption modes (ie, algorithms used to forge authentication codes supposedly unforgeable by an unauthenticated user). The complexity of the attack goes from an exponential one in the classical setting to a linear one. It ends by detailing how to speed-up a known attack strategy in the quantum setting: slide attacks.