Quantum All-Subkeys-Recovery Attacks on 6-round Feistel-2* Structure Based on Multi-Equations Quantum Claw Finding

TL;DR

This paper introduces a quantum all-subkeys-recovery attack on a 6-round Feistel-2* cipher structure, significantly reducing data, time, and memory complexities by leveraging multi-equations quantum claw-finding and Grover's algorithm.

Contribution

It presents a more realistic quantum attack model using the Q1 scenario and achieves efficient key recovery with minimal data requirements.

Findings

Reduces data complexity from O(2^n) to O(1)

Uses multi-equations quantum claw-finding algorithm

Employs Grover's algorithm for speedup

Abstract

Exploiting quantum mechanisms, quantum attacks have the potential ability to break the cipher structure. Recently, Ito et al. proposed a quantum attack on Feistel-2* structure (Ito et al.'s attack) based onthe Q2 model. However, it is not realistic since the quantum oracle needs to be accessed by the adversary, and the data complexityis high. To solve this problem, a quantum all-subkeys-recovery (ASR) attack based on multi-equations quantum claw-finding is proposed, which takes a more realistic model, the Q1 model, as the scenario, and only requires 3 plain-ciphertext pairs to quickly crack the 6-round Feistel-2* structure. First, we proposed a multi-equations quantum claw-finding algorithm to solve the claw problem of finding multiple equations. In addition, Grover's algorithm is used to speedup the rest subkeys recovery. Compared with Ito et al.'s attack, the data complexity of our attack is reduced from O(2^n) to O(1), while the time complexity and memory complexity are also significantly reduced.