Article

Related-Key Differential Cryptanalysis of GMiMC Used in Post-Quantum Signatures

Authors:

Zeyu XuAuthors Info & Claims

Information Security and Cryptology – ICISC 2022: 25th International Conference, ICISC 2022, Seoul, South Korea, November 30 – December 2, 2022, Revised Selected Papers

Pages 41 - 60

https://doi.org/10.1007/978-3-031-29371-9_3

Published: 31 March 2023 Publication History

Abstract

With the urgency of the threat imposed by quantum computers, there is a strong interest in making the signature schemes quantum resistant. As the promising candidates to ensure post-quantum security, symmetric-key primitives, in particular the recent MPC/FHE/ZK-friendly hash functions or block ciphers, are providing another choice to build efficient and secure signature schemes that do not rely on any assumed hard problems. However, considering the intended use cases, many of these novel ciphers for advanced cryptographic protocols do not claim the related-key security.

In this paper, we initiate the study of the ignored related-key security of GMiMC proposed by Albrecht et al. at ESORICS 2019, some versions of which are optimized and designed to be used in post-quantum secure signatures. By investigating the potential threats of related-key attacks for GMiMC intended to be deployed as the underlying building block in post-quantum signature schemes, we then construct two kinds of iterative related-key differentials, from which not only do we explore its security margin against related-key attacks, but also collision attacks on its key space can be performed. For example, for GMiMC instance that beats the smallest signature size obtainable using LowMC, we can find its key collision using only about

2^{10}

key pairs. It worths noting that our current key collision attack is only applicable when the adversarial power is sufficiently strong (e.g., in the so-called multi-user setting), and it does not threaten the one-wayness of GMiMC. Furthermore, from the experiments of our related-key differentials, it can be observed that the differential clustering effect of GMiMC differs in both aspects: the choice of the finite field

F

being

F_{p}

or

F_{2}^{n}

, and the size of the finite field

F

.

References

[1]

Albrecht MR et al. Sako K, Schneider S, Ryan PYA, et al. Feistel structures for MPC, and more Computer Security – ESORICS 2019 2019 Cham Springer 151-171

[2]

Albrecht, M.R., et al.: Feistel structures for MPC, and more. IACR Cryptol. ePrint Arch, p. 397 (2019). https://eprint.iacr.org/2019/397

[3]

Albrecht M, Grassi L, Rechberger C, Roy A, and Tiessen T Cheon JH and Takagi T MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity Advances in Cryptology – ASIACRYPT 2016 2016 Heidelberg Springer 191-219

[4]

Albrecht MR, Rechberger C, Schneider T, Tiessen T, and Zohner M Oswald E and Fischlin M Ciphers for MPC and FHE Advances in Cryptology – EUROCRYPT 2015 2015 Heidelberg Springer 430-454

[5]

Aly A, Ashur T, Ben-Sasson E, Dhooghe S, and Szepieniec A Design of symmetric-key primitives for advanced cryptographic protocols IACR Trans. Symmetric Cryptol. 2020 2020 3 1-45

[6]

Aumasson, J.P., et al.:

{SPHINCS}^{+}

. In: Submission to NIST Post-Quantum Cryptography project (2020). https://sphincs.org/data/sphincs+-round3-specification.pdf

[7]

Beyne T et al. Micciancio D, Ristenpart T, et al. Out of oddity – new cryptanalytic techniques against symmetric primitives optimized for integrity proof systems Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 299-328

[8]

Biham E New types of cryptanalytic attacks using related keys J. Crypt. 1994 7 4 229-246

[9]

Biham E and Shamir A Differential cryptanalysis of DES-like cryptosystems J. Crypt. 1991 4 1 3-72

[10]

Boneh D, Eskandarian S, and Fisch B Matsui M Post-quantum EPID signatures from symmetric primitives Topics in Cryptology – CT-RSA 2019 2019 Cham Springer 251-271

[11]

Chase, M., et al.: The picnic signature scheme. In: Submission to NIST Post-Quantum Cryptography Project (2020). https://github.com/microsoft/Picnic/blob/master/spec/design-v2.2.pdf

[12]

Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1825–1842 (2017).

[13]

Chen L et al. Report on post-quantum cryptography 2016 National Institute of Standards and Technology US Department of Commerce

[14]

Derler D, Ramacher S, and Slamanig D Lange T and Steinwandt R Post-quantum zero-knowledge proofs for accumulators with applications to ring signatures from symmetric-key primitives Post-Quantum Cryptography 2018 Cham Springer 419-440

[15]

Eichlseder M and Kales D Clustering related-tweak characteristics: application to MANTIS-6 IACR Trans. Symmetric Cryptol. 2018 2018 2 111-132

[16]

Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Computer Aided Verification, 19th International Conference, CAV 2007, pp. 519–531 (2007).

[17]

Kaplan M, Leurent G, Leverrier A, and Naya-Plasencia M Robshaw M and Katz J Breaking symmetric cryptosystems using quantum period finding Advances in Cryptology – CRYPTO 2016 2016 Heidelberg Springer 207-237

[18]

Knudsen LR Imai H, Rivest RL, and Matsumoto T Cryptanalysis of LOKI Advances in Cryptology — ASIACRYPT ’91 1993 Heidelberg Springer 22-35

[19]

Knudsen LR and Kohno T Johansson T Analysis of RMAC Fast Software Encryption 2003 Heidelberg Springer 182-191

[20]

Kuwakado, H., Morii, M.: Security on the quantum-type even-mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, October 28–31(2012), pp. 312–316, 2012. https://ieeexplore.ieee.org/document/6400943/

[21]

Leander G and May A Takagi T and Peyrin T Grover meets Simon – quantumly attacking the FX-construction Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 161-178

[22]

Leurent G, Pernot C, and Schrottenloher A Tibouchi M and Wang H Clustering effect in Simon and Simeck Advances in Cryptology – ASIACRYPT 2021 2021 Cham Springer 272-302

[23]

Nyberg K and Knudsen LR Brickell EF Provable security against differential cryptanalysis Advances in Cryptology — CRYPTO’ 92 1993 Heidelberg Springer 566-574

[24]

Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134 (1994).

[25]

Simon, D.R.: On the power of quantum computation. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 116–123 (1994).

[26]

The Sage Developers: SageMath, the Sage mathematics software system (Version 8.8). https://www.sagemath.org

[27]

Wang M, Sun Y, Tischhauser E, and Preneel B Canteaut A A model for structure attacks, with applications to PRESENT and serpent Fast Software Encryption 2012 Heidelberg Springer 49-68

Recommendations

Practical-Time Related-Key Attack on GOST with Secret S-Boxes
Advances in Cryptology – CRYPTO 2023
Abstract
The block cipher GOST 28147-89 was the Russian Federation encryption standard for over 20 years, and is still one of its two standard block ciphers. GOST is a 32-round Feistel construction, whose security benefits from the fact that the S-boxes ...
$^{}$
$^{}$
Improved (Related-key) Differential Cryptanalysis on GIFT
Selected Areas in Cryptography
Abstract
In this paper, we reevaluate the security of GIFT against differential cryptanalysis under both single-key scenario and related-key scenario. Firstly, we apply Matsui’s algorithm to search related-key differential trails of GIFT. We add three ... $^{}$ $^{}$ $^{}$ $^{}$ $^{}$ $^{}$
Differential Cryptanalysis of Keccak Variants
IMACC 2013: Proceedings of the 14th IMA International Conference on Cryptography and Coding - Volume 8308

In October 2012, NIST has announced Keccak as the winner of the SHA-3 cryptographic hash function competition. Recently, at CT-RSA 2013, NIST brought up the idea to standardize Keccak variants with different parameters than those submitted to the SHA-3 ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Information Security and Cryptology – ICISC 2022: 25th International Conference, ICISC 2022, Seoul, South Korea, November 30 – December 2, 2022, Revised Selected Papers

Nov 2022

513 pages

ISBN:978-3-031-29370-2

DOI:10.1007/978-3-031-29371-9

Editors:
Seung-Hyun Seo
Hanyang University, Ansan, Korea (Republic of)
,
Hwajeong Seo
Hansung University, Seoul, Korea (Republic of)

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 31 March 2023

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

View Table of Contents