Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Post-quantum Security of the CBC, CFB, OFB,
CTR, and XTS Modes of Operation.
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Mayuresh Anand, Ehsan Ebrahimi Targhi, Gelo Noel Tabia,
Dominique Unruh
University of Tartu
February 4, 2016
Table of contents
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
1
Motivation
2
Results
3
Tools
4
Proof sketch: Quantum security of CBC mode using qPRF
Insecurity of CBC using standard secure PRF under
quantum attack
5
Bibliography
6
Thank You
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Motivation
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Being optimistic about the emergence of Quantum
computer we want to evaluate the security of classical
crypto-systems under attack by quantum adversaries.
Mayuresh
Anand
Motivation
We analyze the security of cipher modes of operation
CBC, CFB, OFB, CTR, and XTS.
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
These modes are chosen as per the recommendations in
2013 ENISA[2]1 report on encryption algorithms.
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
1
European Union Agency for Network and Information Security 2013.
Results
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Mode of
operation
ECB
CBC
CFB
OFB
CTR
XTS
Classical
IND-CPA?
no
yes
yes
yes
yes
unknown
Standard (quantum)
IND-CPA?
no
yes
yes
yes
yes
unknown
IND-qCPA?
(with PRF) (with qPRF)
no
no
no
yes
no
yes
yes
yes
yes
yes
“no in spirit”
unknown
Table: Summary of our results.“No in spirit” means that there is an
attack using superposition queries that does not formally violate
IND-qCPA.
Standard Security [4]2
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
2
Mark Zhandry, FOCS 2012.
Quantum Security [4]
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
3
Mark Zhandry, FOCS 2012.
3
IND-CPA Model
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
IND-qCPA Model[1]4
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
4
Dan Boneh and Mark Zhandry, CRYPTO 2013.
Quantum security of CBC mode using qPRF
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Quantum security of CBC mode using qPRF
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
We need to show that output of CBC mode using a qPRF
is indistinguishable from truly random string.
Define Enci,H
CBC (M).
Quantum security of CBC mode using qPRF
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Use O2H lemma to show that the distinguishing probability by
any quantum adversary is negligible.
One way to hiding (O2H)[3]5
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
5
Dominique Unruh, eprint 2013.
Construction of Block cipher for CBC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
BC is a standard secure PRF for any quantum adversary
given classical access to it and quantum access to H.
BC has a collision such that ∀ x ∃ x 0 : x ⊕ (kk1) = x 0 .
Proof Idea:Standard security of BC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Proof Idea:Standard security of BC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Idea: to replace E in BC by a random function.
if we replace key H(k) of E by a random key k, we can
use O2H lemma.
we define adversary AO2H and block cipher BC0k
w with E
using random key.
Proof Idea:Standard security of BC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
We have the games as in O2H lemma
Proof Idea:Standard security of BC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
Game G0 is replaced by G2.
Proof Idea:Standard security of BC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
We now replace E by a random function Ẽ
Proof Idea:Standard security of BC
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
The only difference between the two games is when same
query is queried again.
By fundamental lemma of games we get the probability to
be negligible.
Quantum attack on CBC mode using standard
secure PRF
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
BC has similar structure as function f and hence this
weakness can be exploited to get key k.
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Dan Boneh and Mark Zhandry.
Secure signatures and chosen ciphertext security in a quantum computing world.
https://eprint.iacr.org/2013/088, 2013.
The definition of IND-qCPA only appear in this eprint, not in the conference version.
(ENISA).
Motivation
Algorithms, key sizes and parameters report - 2013 recommendations.
https://www.enisa.europa.eu/activities/identity- and- trust/library/deliverables/algorithms- key- sizes- and- parameters- report,
Results
October 2013.
Tools
Dominique Unruh.
Revocable quantum timed-release encryption.
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
IACR Cryptology ePrint Archive, 2013:606, 2013.
Mark Zhandry.
How to construct quantum random functions.
In 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, NJ, USA, October 20-23, 2012, pages 679–687.
IEEE Computer Society, 2012.
Post-quantum
Security of the
CBC, CFB,
OFB, CTR,
and XTS
Modes of
Operation.
Mayuresh
Anand
Motivation
Results
Tools
Proof sketch:
Quantum
security of
CBC mode
using qPRF
Insecurity of CBC
using standard secure
PRF under quantum
attack
Bibliography
Thank You
THANK YOU!!!