Paper 2023/776
Quantum Attacks on Type-1 Generalized Feistel Schemes
Abstract
Generalized Feistel schemes (GFSs) are extremely important and extensively researched cryptographic schemes. In this paper, we investigate the security of Type-1 GFS in quantum circumstances. On the one hand, in the qCCA setting, we give a new quantum polynomial-time distinguisher on $(d^2-1)$-round Type-1 GFS with branches $d\geq3$, which extends the previous results by $(d-2)$ rounds. This leads to a more efficient analysis of type-1 GFS, that is, the complexity of some previous key-recovery attacks is reduced by a factor of $2^{\frac{(d-2)k}{2}}$, where $k$ is the key length of the internal round function. On the other hand, for CAST-256, which is a certain block cipher based on Type-1 GFS, we give a 17-round quantum distinguisher in the qCPA setting. Based on this, we construct an $r (r>17)$-round quantum key-recovery attack with complexity $O(2^{\frac{37(r-17)}{2}})$.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Generalized Feistel schemeCAST-256Simon algorithmQuantum cryptanalysisQuantum algorithm
- Contact author(s)
- Sunhw @ bupt edu cn
- History
- 2023-08-17: revised
- 2023-05-27: received
- See all versions
- Short URL
- https://ia.cr/2023/776
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/776,
author = {Hong-Wei Sun and Bin-Bin Cai and Su-Juan Qin and Qiao-Yan Wen and Fei Gao},
title = {Quantum Attacks on Type-1 Generalized Feistel Schemes},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/776},
year = {2023},
url = {https://eprint.iacr.org/2023/776}
}