Offline Dedicated Quantum Attacks on Block Ciphers Constructions Based on Two Parallel Permutation-Based Pseudorandom Functions

Abstract

Quantum cryptanalysis is essential for evaluating the security of cryptographic systems against the threat of quantum computing. Recently, Shi {\it et al.} introduced a dedicated quantum attack on block cipher constructions based on XOR-type functions, which greatly reduces the required resources (including circuit depth, width, and the number of gates) compared to the parallel Grover-meets-Simon algorithm. Here, our contribution is in two aspects. On the one hand, we discover new cryptographic structures amenable to this attack: PolyMAC and constructions based on two parallel permutation-based pseudorandom functions (TPP-PRFs), including XopEM, SoEM22, SUMPIP, and DS-SoEM, thereby answering Shi {\it et al.}'s open question. On the other hand, for constructions based on TPP-PRFs, we break the obstacle that this attack relies on online query by constructing decoupled XOR-type functions, then propose an offline quantum attack on them. Compared to previous results, our offline attack exhibits significantly reduced query complexity. Specifically, the number of queries to the encryption oracle is reduced from $O(2^{(n+t)/2}\cdot (n-t))$ to $O(2^{t}\cdot (n-t))$ in the quantum query model, where $0<t<n$, $t$ is a truncation parameter, and $n$ is the input length of constructions. Further, we enable its implementation in the classical query model, optimizing both the classical query complexity and time complexity from $\tilde O(2^{2n/3})$ to $\tilde O(2^{(2n-t)/3})$.