On the Post-quantum Security of Classical Authenticated Encryption Schemes
Pages 79 - 104
Abstract
We study the post-quantum security of authenticated encryption (AE) schemes, designed with classical security in mind. Under superposition attacks, many CBC-MAC variants have been broken, and AE modes employing those variants, such as EAX and GCM, thus fail at authenticity. As we show, the same modes are IND-qCPA insecure, i.e., they fail to provide privacy under superposition attacks. However, a constrained version of GCM is IND-qCPA secure, and a nonce-based variant of the CBC-MAC is secure under superposition queries. Further, the combination of classical authenticity and classical chosen-plaintext privacy thwarts attacks with superposition chosen-ciphertext and classical chosen-plaintext queries – a security notion that we refer to as IND-qdCCA. And nonce-based key derivation allows generically turning an IND-qdCCA secure scheme into an IND-qCCA secure scheme.
References
[1]
Alagic, G., Gagliardoni, T., Majenz, C.: Can you sign a quantum state? CoRR, abs/1811.11858 (2018)
[2]
Alagic G, Gagliardoni T, and Majenz C Nielsen JB and Rijmen V Unforgeable quantum encryption Advances in Cryptology – EUROCRYPT 2018 2018 Cham Springer 489-519
[3]
Ambainis A, Hamburg M, and Unruh D Boldyreva A and Micciancio D Quantum security proofs using semi-classical oracles Advances in Cryptology – CRYPTO 2019 2019 Cham Springer 269-295
[4]
Alagic G, Majenz C, Russell A, and Song F Canteaut A and Ishai Y Quantum-access-secure message authentication via blind-unforgeability Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 788-817
[5]
Anand MV, Targhi EE, Tabia GN, and Unruh D Takagi T Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation Post-Quantum Cryptography 2016 Cham Springer 44-63
[6]
Bhaumik R et al. Tibouchi M, Wang H, et al. QCB: efficient quantum-secure authenticated encryption Advances in Cryptology – ASIACRYPT 2021 2021 Cham Springer 668-698
[7]
Bonnetain X, Leurent G, Naya-Plasencia M, and Schrottenloher A Tibouchi M and Wang H Quantum linearization attacks Advances in Cryptology – ASIACRYPT 2021 2021 Cham Springer 422-452
[8]
Bellare M and Namprempre C Okamoto T Authenticated encryption: relations among notions and analysis of the generic composition paradigm Advances in Cryptology — ASIACRYPT 2000 2000 Heidelberg Springer 531-545
[9]
Bonnetain X, Schrottenloher A, and Sibleyras F Dunkelman O and Dziembowski S Beyond quadratic speedups in quantum attacks on symmetric schemes Advances in Cryptology 2022 Cham Springer 315-344
[10]
Boneh D and Zhandry M Johansson T and Nguyen PQ Quantum-secure message authentication codes Advances in Cryptology – EUROCRYPT 2013 2013 Heidelberg Springer 592-608
[11]
Boneh D and Zhandry M Canetti R and Garay JA Secure signatures and chosen ciphertext security in a quantum computing world Advances in Cryptology – CRYPTO 2013 2013 Heidelberg Springer 361-379
[12]
Carstens, T.V., Ebrahimi, E., Tabia, G.N., Unruh, D.: On quantum indistinguishability under chosen plaintext attack. IACR Cryptology ePrint Archive, p. 596 (2020)
[13]
Chen, L., et al.: Breaking the quadratic barrier: quantum cryptanalysis of milenage, telecommunications’ cryptographic backbone (2016)
[14]
Hosoyamada A and Iwata T Malkin T and Peikert C On tight quantum security of HMAC and NMAC in the quantum random oracle model Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 585-615
[15]
Iwata T and Minematsu K Stronger security variants of GCM-SIV IACR Trans. Symmetric Cryptol. 2016 2016 1 134-157
[16]
Jonsson J Nyberg K and Heys H On the security of CTR + CBC-MAC Selected Areas in Cryptography 2003 Heidelberg Springer 76-93
[17]
Janson, C., Struck, P.: Sponge-based authenticated encryption: Security against quantum attackers. IACR Cryptology ePrint Archive, p. 139 (2022)
[18]
Kaplan M, Leurent G, Leverrier A, and Naya-Plasencia M Robshaw M and Katz J Breaking symmetric cryptosystems using quantum period finding Advances in Cryptology – CRYPTO 2016 2016 Heidelberg Springer 207-237
[19]
Lang, N., Lucks, S.: On the post-quantum security of classical authenticated encryption schemes. Cryptology ePrint Archive, Paper 2023/218 (2023). https://eprint.iacr.org/2023/218
[20]
Maram, V., Masny, D., Patranabis, S., Raghuraman, S.: On the quantum security of OCB. IACR Cryptology ePrint Archive, p. 699 (2022)
[21]
Rogaway P and Shrimpton T Vaudenay S A provable-security treatment of the key-wrap problem Advances in Cryptology - EUROCRYPT 2006 2006 Heidelberg Springer 373-390
[22]
Rogaway, P., Wagner, D.A.: A critique of CCM. IACR Cryptology ePrint Archive, p. 70 (2003)
[23]
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE Computer Society (1994)
[24]
Simon D On the power of quantum computation SIAM J. Comput. 1997 26 5 1474-1483
[25]
Song F and Yun A Katz J and Shacham H Quantum security of NMAC and related constructions Advances in Cryptology – CRYPTO 2017 2017 Cham Springer 283-309
[26]
Unruh, D.: Revocable quantum timed-release encryption. J. ACM 62(6), 49:1–49:76 (2015)
[27]
Ulitzsch, V., Seifert, J.-P.: IARR eprint 2022/733 (2022)
[28]
Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). RFC 3610, 1–26 (2003)
[29]
Zhandry M Boldyreva A and Micciancio D How to record quantum queries, and applications to quantum indifferentiability Advances in Cryptology – CRYPTO 2019 2019 Cham Springer 239-268
Recommendations
Improved convertible authenticated encryption scheme with provable security
Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated ...
Convertible multi-authenticated encryption scheme
A convertible authenticated encryption (CAE) scheme allows the signer to generate a valid authenticated ciphertext on his chosen message such that only the designated recipient can retrieve the message. Further, the recipient has the ability to convert ...
Post-Quantum Security Models for Authenticated Encryption
PQCrypto 2016: Proceedings of the 7th International Workshop on Post-Quantum Cryptography - Volume 9606We propose a security model for evaluating the security of authenticated encryption schemes in the post-quantum setting. Our security model is based on a combination of the classical Bellare-Namprempre security model for authenticated encryption ...
Comments
Information & Contributors
Information
Published In
Jul 2023
517 pages
ISBN:978-3-031-37678-8
DOI:10.1007/978-3-031-37679-5
- Editors:
- Nadia El Mrabet,
- Luca De Feo,
- Sylvain Duquesne
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 19 July 2023
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Oct 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in