(In)security of Stream Ciphers Against Quantum Annealing Attacks on the Example of the Grain 128 and Grain 128a Ciphers

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Emerging Topics in Computing Pub Date : 2024-10-11 DOI:10.1109/TETC.2024.3474856

Michał Wroński;Elżbieta Burek;Mateusz Leśniak

{"title":"(In)security of Stream Ciphers Against Quantum Annealing Attacks on the Example of the Grain 128 and Grain 128a Ciphers","authors":"Michał Wroński;Elżbieta Burek;Mateusz Leśniak","doi":"10.1109/TETC.2024.3474856","DOIUrl":null,"url":null,"abstract":"The security level of a cipher is a key parameter. While general-purpose quantum computers significantly threaten modern symmetric ciphers, other quantum approaches like quantum annealing have been less concerning. However, this paper argues that a quantum annealer specifically designed to attack Grain 128 and Grain 128a ciphers could soon be technologically feasible. Such an annealer would require 5,751 (6,761) qubits and 77,496 (94,865) couplers, with a qubit connectivity of 225 (245). This work also shows that modern stream ciphers like Grain 128 and Grain 128a may be vulnerable to quantum annealing attacks. Although the exact complexity of quantum annealing is unknown, heuristic estimates suggest that for many problems with <inline-formula><tex-math>$N$</tex-math></inline-formula> variables, a <inline-formula><tex-math>$\\sqrt{N}$</tex-math></inline-formula> exponential advantage over simulated annealing may hold. We detail how to transform algebraic attacks on Grain ciphers into the QUBO problem, making our attack potentially more efficient than classical brute-force methods. We demonstrate that applying our attack to rescaled Grain cipher versions, Grain <inline-formula><tex-math>$l$</tex-math></inline-formula> and Grain <inline-formula><tex-math>$la$</tex-math></inline-formula>, overtakes brute-force and Grover’s attacks for sufficiently large <inline-formula><tex-math>$l$</tex-math></inline-formula>, assuming quantum annealing’s exponential benefit over simulated annealing.","PeriodicalId":13156,"journal":{"name":"IEEE Transactions on Emerging Topics in Computing","volume":"13 3","pages":"614-627"},"PeriodicalIF":5.4000,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10715491/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The security level of a cipher is a key parameter. While general-purpose quantum computers significantly threaten modern symmetric ciphers, other quantum approaches like quantum annealing have been less concerning. However, this paper argues that a quantum annealer specifically designed to attack Grain 128 and Grain 128a ciphers could soon be technologically feasible. Such an annealer would require 5,751 (6,761) qubits and 77,496 (94,865) couplers, with a qubit connectivity of 225 (245). This work also shows that modern stream ciphers like Grain 128 and Grain 128a may be vulnerable to quantum annealing attacks. Although the exact complexity of quantum annealing is unknown, heuristic estimates suggest that for many problems with

$N$

variables, a

$\sqrt{N}$

exponential advantage over simulated annealing may hold. We detail how to transform algebraic attacks on Grain ciphers into the QUBO problem, making our attack potentially more efficient than classical brute-force methods. We demonstrate that applying our attack to rescaled Grain cipher versions, Grain

$l$

and Grain

$la$

, overtakes brute-force and Grover’s attacks for sufficiently large

$l$

, assuming quantum annealing’s exponential benefit over simulated annealing.

查看原文本刊更多论文

流密码抗量子退火攻击的安全性——以128粒和128a粒密码为例

密码的安全级别是一个关键参数。虽然通用量子计算机严重威胁到现代对称密码，但量子退火等其他量子方法却不那么引人关注。然而，本文认为，专门设计用于攻击Grain 128和Grain 128a密码的量子退火器在技术上可能很快就会实现。这样的退火炉需要5751（6761）个量子比特和77496（94865）个耦合器，量子比特连接性为225（245）个。这项工作还表明，像Grain 128和Grain 128a这样的现代流密码可能容易受到量子退火攻击。虽然量子退火的确切复杂性是未知的，启发式估计表明，对于许多具有$N$变量的问题，$\sqrt{N}$指数优势可能优于模拟退火。我们详细介绍了如何将对颗粒密码的代数攻击转换为QUBO问题，使我们的攻击可能比经典的暴力破解方法更有效。我们证明，将我们的攻击应用于重新缩放的Grain密码版本，Grain $l$和Grain $la$，可以在足够大的$l$上超越蛮力和Grover的攻击，假设量子退火比模拟退火具有指数级的优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computing Computer Science-Computer Science (miscellaneous)

CiteScore

12.10

自引率

5.10%

发文量

113

期刊介绍： IEEE Transactions on Emerging Topics in Computing publishes papers on emerging aspects of computer science, computing technology, and computing applications not currently covered by other IEEE Computer Society Transactions. Some examples of emerging topics in computing include: IT for Green, Synthetic and organic computing structures and systems, Advanced analytics, Social/occupational computing, Location-based/client computer systems, Morphic computer design, Electronic game systems, & Health-care IT.