Quantum collision finding for homomorphic hash functions

TL;DR

This paper demonstrates quantum algorithms capable of efficiently finding collisions in homomorphic hash functions, exposing vulnerabilities in certain cryptographic schemes against quantum adversaries.

Contribution

It introduces a quantum collision finding attack leveraging the hidden subgroup problem for additive and multiplicative homomorphic hash functions.

Findings

Quantum attack reconstructs hash kernel using a quantum oracle.

Efficient collision and preimage attacks on additive and multiplicative homomorphic hashes.

Concrete examples include attacks on $igoplus$-linear and specific multiplicative hash schemes.

Abstract

Hash functions are a basic cryptographic primitive. Certain hash functions try to prove security against collision and preimage attacks by reductions to known hard problems. These hash functions usually have some additional properties that allow for that reduction. Hash functions which are additive or multiplicative are vulnerable to a quantum attack using the hidden subgroup problem algorithm for quantum computers. Using a quantum oracle to the hash, we can reconstruct the kernel of the hash function, which is enough to find collisions and second preimages. When the hash functions are additive with respect to the group operation in an Abelian group, there is always an efficient implementation of this attack. We present concrete attack examples to provable hash functions, including a preimage attack to $\oplus$-linear hash functions and for certain multiplicative homomorphic hash schemes.