流密码抗量子退火攻击的安全性——以128粒和128a粒密码为例

IF 5.4 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Michał Wroński;Elżbieta Burek;Mateusz Leśniak
{"title":"流密码抗量子退火攻击的安全性——以128粒和128a粒密码为例","authors":"Michał Wroński;Elżbieta Burek;Mateusz Leśniak","doi":"10.1109/TETC.2024.3474856","DOIUrl":null,"url":null,"abstract":"The security level of a cipher is a key parameter. While general-purpose quantum computers significantly threaten modern symmetric ciphers, other quantum approaches like quantum annealing have been less concerning. However, this paper argues that a quantum annealer specifically designed to attack Grain 128 and Grain 128a ciphers could soon be technologically feasible. Such an annealer would require 5,751 (6,761) qubits and 77,496 (94,865) couplers, with a qubit connectivity of 225 (245). This work also shows that modern stream ciphers like Grain 128 and Grain 128a may be vulnerable to quantum annealing attacks. Although the exact complexity of quantum annealing is unknown, heuristic estimates suggest that for many problems with <inline-formula><tex-math>$N$</tex-math></inline-formula> variables, a <inline-formula><tex-math>$\\sqrt{N}$</tex-math></inline-formula> exponential advantage over simulated annealing may hold. We detail how to transform algebraic attacks on Grain ciphers into the QUBO problem, making our attack potentially more efficient than classical brute-force methods. We demonstrate that applying our attack to rescaled Grain cipher versions, Grain <inline-formula><tex-math>$l$</tex-math></inline-formula> and Grain <inline-formula><tex-math>$la$</tex-math></inline-formula>, overtakes brute-force and Grover’s attacks for sufficiently large <inline-formula><tex-math>$l$</tex-math></inline-formula>, assuming quantum annealing’s exponential benefit over simulated annealing.","PeriodicalId":13156,"journal":{"name":"IEEE Transactions on Emerging Topics in Computing","volume":"13 3","pages":"614-627"},"PeriodicalIF":5.4000,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"(In)security of Stream Ciphers Against Quantum Annealing Attacks on the Example of the Grain 128 and Grain 128a Ciphers\",\"authors\":\"Michał Wroński;Elżbieta Burek;Mateusz Leśniak\",\"doi\":\"10.1109/TETC.2024.3474856\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security level of a cipher is a key parameter. While general-purpose quantum computers significantly threaten modern symmetric ciphers, other quantum approaches like quantum annealing have been less concerning. However, this paper argues that a quantum annealer specifically designed to attack Grain 128 and Grain 128a ciphers could soon be technologically feasible. Such an annealer would require 5,751 (6,761) qubits and 77,496 (94,865) couplers, with a qubit connectivity of 225 (245). This work also shows that modern stream ciphers like Grain 128 and Grain 128a may be vulnerable to quantum annealing attacks. Although the exact complexity of quantum annealing is unknown, heuristic estimates suggest that for many problems with <inline-formula><tex-math>$N$</tex-math></inline-formula> variables, a <inline-formula><tex-math>$\\\\sqrt{N}$</tex-math></inline-formula> exponential advantage over simulated annealing may hold. We detail how to transform algebraic attacks on Grain ciphers into the QUBO problem, making our attack potentially more efficient than classical brute-force methods. We demonstrate that applying our attack to rescaled Grain cipher versions, Grain <inline-formula><tex-math>$l$</tex-math></inline-formula> and Grain <inline-formula><tex-math>$la$</tex-math></inline-formula>, overtakes brute-force and Grover’s attacks for sufficiently large <inline-formula><tex-math>$l$</tex-math></inline-formula>, assuming quantum annealing’s exponential benefit over simulated annealing.\",\"PeriodicalId\":13156,\"journal\":{\"name\":\"IEEE Transactions on Emerging Topics in Computing\",\"volume\":\"13 3\",\"pages\":\"614-627\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2024-10-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Emerging Topics in Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10715491/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10715491/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

密码的安全级别是一个关键参数。虽然通用量子计算机严重威胁到现代对称密码,但量子退火等其他量子方法却不那么引人关注。然而,本文认为,专门设计用于攻击Grain 128和Grain 128a密码的量子退火器在技术上可能很快就会实现。这样的退火炉需要5751(6761)个量子比特和77496(94865)个耦合器,量子比特连接性为225(245)个。这项工作还表明,像Grain 128和Grain 128a这样的现代流密码可能容易受到量子退火攻击。虽然量子退火的确切复杂性是未知的,启发式估计表明,对于许多具有$N$变量的问题,$\sqrt{N}$指数优势可能优于模拟退火。我们详细介绍了如何将对颗粒密码的代数攻击转换为QUBO问题,使我们的攻击可能比经典的暴力破解方法更有效。我们证明,将我们的攻击应用于重新缩放的Grain密码版本,Grain $l$和Grain $la$,可以在足够大的$l$上超越蛮力和Grover的攻击,假设量子退火比模拟退火具有指数级的优势。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
(In)security of Stream Ciphers Against Quantum Annealing Attacks on the Example of the Grain 128 and Grain 128a Ciphers
The security level of a cipher is a key parameter. While general-purpose quantum computers significantly threaten modern symmetric ciphers, other quantum approaches like quantum annealing have been less concerning. However, this paper argues that a quantum annealer specifically designed to attack Grain 128 and Grain 128a ciphers could soon be technologically feasible. Such an annealer would require 5,751 (6,761) qubits and 77,496 (94,865) couplers, with a qubit connectivity of 225 (245). This work also shows that modern stream ciphers like Grain 128 and Grain 128a may be vulnerable to quantum annealing attacks. Although the exact complexity of quantum annealing is unknown, heuristic estimates suggest that for many problems with $N$ variables, a $\sqrt{N}$ exponential advantage over simulated annealing may hold. We detail how to transform algebraic attacks on Grain ciphers into the QUBO problem, making our attack potentially more efficient than classical brute-force methods. We demonstrate that applying our attack to rescaled Grain cipher versions, Grain $l$ and Grain $la$, overtakes brute-force and Grover’s attacks for sufficiently large $l$, assuming quantum annealing’s exponential benefit over simulated annealing.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IEEE Transactions on Emerging Topics in Computing
IEEE Transactions on Emerging Topics in Computing Computer Science-Computer Science (miscellaneous)
CiteScore
12.10
自引率
5.10%
发文量
113
期刊介绍: IEEE Transactions on Emerging Topics in Computing publishes papers on emerging aspects of computer science, computing technology, and computing applications not currently covered by other IEEE Computer Society Transactions. Some examples of emerging topics in computing include: IT for Green, Synthetic and organic computing structures and systems, Advanced analytics, Social/occupational computing, Location-based/client computer systems, Morphic computer design, Electronic game systems, & Health-care IT.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信