Skip to main content

Symmetric Cryptography in the Post-Quantum World

Periodic Reporting for period 3 - QUASYModo (Symmetric Cryptography in the Post-Quantum World)

Reporting period: 2020-09-01 to 2022-02-28

QUASYModo's aim is to prepare symmetric cryptography for the arrival of adversaries having access to Quantum computers.
This is an emerging topic, that was not studied in detail before and has gained now a lot of attention from the community.
We are working on understanding and identifying the tools that these adversaries could use, evaluating the security of existing primitives and proposing
new ones when needed.
During these first two and a half years, we have been able to achieve several interesting results.

Continuing with the tendency of the first 18 months, some of our results have been unexpected and
surprising, and they have been very encouraging for continuing our work and finding new interesting problems.

Several cryptographic groups have started to work on the subject motivated by our
results, which has been extremely encouraging.

In the first 18 months:
We proposed new, efficient quantum algorithms for solving some generic problems that
are recurrent in cryptanalysis, as collision or K-xor solving algorithms (published at Asiacrypt
17 and 18); we have evaluated and improved Kuperberg’s (Asiacrypt 18), building efficient
related attacks and detailed new application on some existing constructions, as Poly-1305 or
some isogeny-based primitives, showing the close link between symmetric and asymmetric
cryptanalysis. We have also generalized, developed and proposed new quantum slide attacks,
as well as performed an extensive analysis of the quantum security of AES, the block cipher
standard. In addition, we have designed a family of primitives, Saturnin, including a block
cipher, AE primitives and a hash function, that proposes post-quantum security in the
superposition model. We have submitted this family to the NIST lightweight competition.

Since February 2019:
We have finished and published the quantum security analysis on AES at the journal ToSC,
and the quantum slide attacks results at SAC 19.

At Asiacrypt 2019 we published a nice an surprising results ( that was later accepted for a plenary presentation at QIP 2020), in a collaboration
resulting from Akinori Hosoyamada's visit, where we showed how to use Simon's algorithm in symmetric cryptanalysis without needing to perform
superposition queries. This had been an open problem for a while and a results that interested parts of both the cryptographic and the quantum
theory communities. Also at Asiacrypt 19 a result on better understanding s-boxes and avoiding constructions that might have backdoors was proposed.

Finally, we had three accepted papers at Eurocrypt 2020: one on a quantum cryptanalysis on an isogenie-based construction, CSIDH, using
kuperberg's algorithms, and showed the close link between symmetric and asymmetric cryptanalysis, and how some tools can be used in both scenarios.
A second one on optimal merging quantum algorithms for the k-xor problems, were we analyzed more scenarios and improved our previous ones, and finally a third
improving the key-recovory part of liner attacks, one of the two most important families of cryptanalysis.

A list of results and (invited) presentations can be found on the web of the project.
We have considerately progress regarding tasks 1,2,3 and 5. Task 4 has also been partially studied;
we have improved the knowledge of the best generic attacks both classical and quantum. We have used
this knowledge for evaluating the (quantum) security of the most important related primitives, and have proposed a new
design for covering the identified gap.

We believe we have motivated the community to work in this field.