Query:
学者姓名:邹剑
Refining:
Year
Type
Indexed by
Source
Complex
Co-
Language
Clean All
Abstract :
祖冲之密码算法(ZUC-128)是我国发布的商用密码算法中的序列密码算法,在4G移动通信领域发挥重要作用,本文主要研究如何以较少的量子比特实现ZUC-128算法的完整量子电路.S盒是ZUC-128算法非线性组件的重要组成部分,因此本文详细研究S盒量子电路的优化实现.32比特S盒是由4个8 × 8 S盒组成,即S=(S0,S1,S2,S3),其中S0=S2,S1=S3.首先通过穷搜剪枝的策略非就地实现了 S0;其次重点研究通过同构映射将S1的主要部分F28乘法求逆转换为F24上的乘法求逆运算,完成了只需要8个辅助量子位的S1就地实现量子电路.S1电路总共需要16个量子比特、96个Toffoli门、224个CNOT门、4个NOT门,Toffoli深度为78.最后探索出以较少的量子比特实现ZUC-128算法整个流程的量子电路构造,当工作步骤中轮数L=32时,该量子电路需要6244个量子比特、85 843个Toffoli 门、245 304 个 CNOT 门和 66 512 个 NOT 门,Toffoli 深度为 52 074.
Keyword :
ZUC-128 ZUC-128 同构映射 同构映射 量子电路 量子电路
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | 向思明 , 邹剑 , 黄倩 et al. 低量子比特条件下祖冲之密码的高效线路实现 [J]. | 密码学报(中英文) , 2025 , 12 (1) : 180-199 . |
MLA | 向思明 et al. "低量子比特条件下祖冲之密码的高效线路实现" . | 密码学报(中英文) 12 . 1 (2025) : 180-199 . |
APA | 向思明 , 邹剑 , 黄倩 , 罗宜元 , 吴文玲 . 低量子比特条件下祖冲之密码的高效线路实现 . | 密码学报(中英文) , 2025 , 12 (1) , 180-199 . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
E2 algorithm is one of the 15 candidate algorithms in the first round of AES collection. In this paper, taking E2-128 as an example, the quantum security analysis on E2 algorithm is proposed for the first time in quantum chosen-plaintext attack setting. First, a polynomial-time distinguisher on 4-round E2-128 is constructed with 2(12.1) quantum queries by taking the properties of the internal round function into consideration. Then, by extending the distinguisher 2 rounds backward, a 6-round quantum key recovery attack is achieved with the help of Grover-meet-Simon algorithm, whose time complexities gain a factor of 2(76), where the subkey length that can be recovered is 152 bits with the occupation of 560 qubits. Furthermore, when attacking r>6 rounds, 152+(r-6)x128-bit subkey needs to be guessed in time 2(76+(r-6)x64), which is 1/2(52) of Grover's quantum brute force search. Finally, we present a quantum attack against E2-128 with 2(88.1) quantum queries by taking initial transformation and terminal transformation into consideration. The result shows that the time complexity of the quantum attack is significantly reduced, and E2 algorithm is safe enough to resist quantum attack.
Keyword :
E2 algorithm E2 algorithm Grover-meet-Simon algorithm Grover-meet-Simon algorithm Grover's algorithm Grover's algorithm Quantum cryptanalysis Quantum cryptanalysis Simon's algorithm Simon's algorithm
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Xu, Ying , Du, Xiaoni , Jia, Meichun et al. Quantum cryptanalysis of reduced-round E2 algorithm [J]. | QUANTUM INFORMATION PROCESSING , 2025 , 24 (2) . |
MLA | Xu, Ying et al. "Quantum cryptanalysis of reduced-round E2 algorithm" . | QUANTUM INFORMATION PROCESSING 24 . 2 (2025) . |
APA | Xu, Ying , Du, Xiaoni , Jia, Meichun , Wang, Xiangyu , Zou, Jian . Quantum cryptanalysis of reduced-round E2 algorithm . | QUANTUM INFORMATION PROCESSING , 2025 , 24 (2) . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
The Zu Chongzhi cryptographic algorithm (ZUC) is a stream cipher algorithm published in China. This paper focuses on the realization of the complete quantum circuit for the ZUC-128 algorithm with low T-depth. The S-box is a crucial component of the nonlinear aspect of the ZUC-128 algorithm. Initially, we derive the classical circuit implementations of S0 and S1 using an exhaustive pruning strategy and tower domain decomposition technology. Subsequently, we develop quantum circuits for S0 and S1 in two steps: first by reducing the AND-depth of the classical circuit, and then by ensuring that the T-depth of the quantum circuit equals the AND-depth of the classical circuit. Our new S0 and S1 quantum circuits both have a T-depth of 7. We are currently researching the quantum circuit implementation of the adder and L function in order to minimize the T-depth of the entire circuit. Finally, we propose the construction of quantum circuit to realize the whole process of ZUC-128 algorithm with low T-depth. When the number of rounds L = 32 in the working step, this quantum circuit requires 46008 qubits, 682340 T gates, 2008535 CNOT gates and 42680 NOT gates, with the T-depth of 11341, and the number of qubits multiplied by T-depth is 5.22 × 108 © 2024 Chinese Academy of Sciences. All rights reserved.
Keyword :
quantum circuit quantum circuit tower domain decomposition tower domain decomposition ZUC-128 ZUC-128
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Zou, J. , Xiang, S. , Zou, C. et al. An efficient quantum circuit implementation of ZUC-128 cipher with low T-depth; [低T深度条件下ZUC-128的高效量子线路实现] [J]. | Scientia Sinica: Physica, Mechanica et Astronomica , 2024 , 54 (12) . |
MLA | Zou, J. et al. "An efficient quantum circuit implementation of ZUC-128 cipher with low T-depth; [低T深度条件下ZUC-128的高效量子线路实现]" . | Scientia Sinica: Physica, Mechanica et Astronomica 54 . 12 (2024) . |
APA | Zou, J. , Xiang, S. , Zou, C. , Wu, W. . An efficient quantum circuit implementation of ZUC-128 cipher with low T-depth; [低T深度条件下ZUC-128的高效量子线路实现] . | Scientia Sinica: Physica, Mechanica et Astronomica , 2024 , 54 (12) . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
In this paper, we present some new key-recovery attacks on Misty L-KF, Misty R-KF, and generalized Feistel schemes. Firstly, we propose a new 5-round distinguisher on Misty L-KF structure. Based on our new distinguisher attack, we propose a new6-round Demiric-Sel & ccedil;uk meet-in-the-middle attack (DS-MITM attack) against Misty L-KF structure. Secondly, we extend our classical DS-MITM attack to a new quantum DS-MITM attack on Misty L-KF structure by using the quantum claw finding algorithm. In addition, we apply the above method to attack Misty R-KF and generalized Feistel schemes. To sum up, we construct our classical key-recovery attacks on the 6-round Misty L-KF structure and Misty R-KF structure with O(2(3n/4)) time and O(2(n/2)) memory cost. By using a quantum computer, our new quantum key-recovery attacks on the 6-round Misty L-KF structures and Misty R-KF structures can be constructed with O(2n/2) time and O(2n/2) memory cost. Furthermore, we can construct our new quantum (5d-4)-round key-recovery attacks on the d-branch contracting Feistels with O(2(d-1)n/d) time and O(2(d-1)n/d) memory cost. In the end, we can construct our new quantum(4d-3)-round and (5d-4)-round key-recovery attacks on the two types of d-branch expanding Feistels with O(2(d-1)n/d) time and O(2(d-1)n/d) memory cost.
Keyword :
Cryptanalysis Cryptanalysis Generalized Feistel scheme Generalized Feistel scheme Misty structure Misty structure Quantum DS-MITM attack Quantum DS-MITM attack
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Zou, Jian , Huang, Kairong , Zhu, Min et al. New Demiric-Selcuk meet-in-the-middle attacks on Misty and Feistel schemes [J]. | QUANTUM INFORMATION PROCESSING , 2024 , 23 (4) . |
MLA | Zou, Jian et al. "New Demiric-Selcuk meet-in-the-middle attacks on Misty and Feistel schemes" . | QUANTUM INFORMATION PROCESSING 23 . 4 (2024) . |
APA | Zou, Jian , Huang, Kairong , Zhu, Min , Zou, Hongkai , Luo, Yiyuan , Liu, Qian . New Demiric-Selcuk meet-in-the-middle attacks on Misty and Feistel schemes . | QUANTUM INFORMATION PROCESSING , 2024 , 23 (4) . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
当前还未发现ZUC算法S盒的高效线路实现方案,一般以查找表的方式进行实现.该操作将消耗大量的硬件资源,非常不适用于在受限环境下使用ZUC算法.针对上述不足,本文首次给出ZUC算法S盒的完整线路实现以及线性变换的in-place实现,可以有效地降低ZUC算法线路实现的资源开销.ZUC算法中的S盒由4个大小为8×8的S盒组合而成,即S=(S0,S1,S2,S3),其中S0=S2,S1=S3.首先,使用穷举剪枝的搜索策略以及基于SAT的S盒优化技术给出S0中3个P变换的高效线路实现,进而首次得到S0的紧凑线路实现.其次,根据S1的代数表达式,通过应用几种最先进的组合逻辑最小化技术,对正规基下F28域上求逆运算的720种塔域表示进行全面的研究,得到S1的紧凑线路实现.相较于以往基于复合域的实现方法,节省了25.48%的硬件开销.最后,将ZUC算法中的线性变换转换成矩阵形式,并使用优化线性矩阵的启发式算法得到其in-place实现,减少了34.77%的XOR门数,且不需要使用额外的辅助比特.本文研究将会对传统环境下以及量子环境下ZUC算法的线路实现产生积极的影响.
Keyword :
S盒 S盒 ZUC ZUC 线性变换 线性变换 线路实现 线路实现
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | 邹剑 , 黄倩 , 魏子豪 et al. ZUC算法的线路优化实现 [J]. | 密码学报(中英文) , 2024 , 11 (5) : 1108-1125 . |
MLA | 邹剑 et al. "ZUC算法的线路优化实现" . | 密码学报(中英文) 11 . 5 (2024) : 1108-1125 . |
APA | 邹剑 , 黄倩 , 魏子豪 , 李立基 , 吴文玲 . ZUC算法的线路优化实现 . | 密码学报(中英文) , 2024 , 11 (5) , 1108-1125 . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
In this paper, we promote Trojan message attacks against Merkle-Damg & aring;rd hash functions and their concatenation combiner in quantum settings for the first time. Two main quantum scenarios are considered, involving the scenarios where a substantial amount of cheap quantum random access memory (qRAM) is available and where qRAM is limited and expensive to access. We first discuss the construction of diamond structures and analyze the corresponding time complexity in both of these quantum scenarios. Secondly, we propose quantum versions of the generic Trojan message attacks on Merkle-Damg & aring;rd hash functions as well as their improved versions by combining with diamond structures and expandable messages, and then determine their cost. Finally, we propose Trojan message attack against Merkle-Damg & aring;rd hash concatenation combiner in quantum setting. The results show that Trojan message attacks can be improved significantly with quantum computers under both scenarios, so the security of hash constructions in classical setting requires careful re-evaluation before being deployed to the post-quantum cryptography schemes.
Keyword :
Collision attack Collision attack Herding attack Herding attack qRAM qRAM Quantum computation Quantum computation Quantum cryptography Quantum cryptography Trojan message Trojan message
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Xu, Ying , Du, Xiaoni , Zou, Jian . Quantum security of Trojan message attacks on Merkle-Damgård hash construction [J]. | DESIGNS CODES AND CRYPTOGRAPHY , 2024 , 93 (3) : 737-768 . |
MLA | Xu, Ying et al. "Quantum security of Trojan message attacks on Merkle-Damgård hash construction" . | DESIGNS CODES AND CRYPTOGRAPHY 93 . 3 (2024) : 737-768 . |
APA | Xu, Ying , Du, Xiaoni , Zou, Jian . Quantum security of Trojan message attacks on Merkle-Damgård hash construction . | DESIGNS CODES AND CRYPTOGRAPHY , 2024 , 93 (3) , 737-768 . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
Generalized Feistel networks are important components of symmetric ciphers, and detailed security evaluations in the quantum setting remain to be explored. In this paper, based on the strong-weak separability of certain branch output function, we present polynomial-time quantum distinguishers for 4F-function and 2F-function structures in quantum chosen-plaintext attack setting for the first time, and then quantum key-recovery attacks are achieved through Grover-meet-Simon algorithm, respectively. Under the condition of the semi-strong separability, firstly, we give a quantum distinguisher on 8-round 4F-function structure, from which we carry out a 12-round quantum key-recovery attack to guess 10n-bit subkey, whose time complexities gain a factor of 2(5n). When attacking r >12 rounds, we can recover 4(r-12)n+10n-bit subkey in time 24(r-12)n+10m/2. Secondly, we show a quantum distinguisher on 5-round 2F-function structure, and a 7-round quantum key-recovery attack is performed on it, which can recover 3n-bit subkey in time 2(1.5n). When r>7, 2(r-7)n+3n-bit subkey can be recovered with time complexities by a factor of 22(r-7)n+3n/2. Furthermore, based on the weak separability, a 6-round quantum distinguisher for 2F-function structure is constructed, and an 8-round quantum key-recovery attack is achieved, and the time complexity is 22(r-8)n+3n/2 when r>8. The results show that the time complexity of each attack scheme we proposed is much better than that of Grover's brute force search.
Keyword :
2F-function structure 2F-function structure 4F-function structure 4F-function structure Grover's algorithm Grover's algorithm Quantum cryptanalysis Quantum cryptanalysis Simon's algorithm Simon's algorithm Strong-weak separability Strong-weak separability
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Xu, Ying , Du, Xiaoni , Jia, Meichun et al. Quantum attacks on generalized Feistel networks based on the strong-weak separability [J]. | QUANTUM INFORMATION PROCESSING , 2023 , 22 (10) . |
MLA | Xu, Ying et al. "Quantum attacks on generalized Feistel networks based on the strong-weak separability" . | QUANTUM INFORMATION PROCESSING 22 . 10 (2023) . |
APA | Xu, Ying , Du, Xiaoni , Jia, Meichun , Wang, Xiangyu , Zou, Jian . Quantum attacks on generalized Feistel networks based on the strong-weak separability . | QUANTUM INFORMATION PROCESSING , 2023 , 22 (10) . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
The differential meet-in-the-middle (MITM) attack is a new cryptanalysis technique proposed at Crypto 2023. It has achieved good results in attacking some symmetric encryption algorithms. In this paper, we enhance the differential-meet-in-the-middle attack by utilizing MILP to construct the best differential trail for a distinguisher in the offline phase and optimizing the attack process during the online phase. This optimization leads to a reduction in the time complexity of the attack. We apply the differential meet-inthe- middle attack to 8-round FUTURE with 264data, 248 memory, 2124time complexity. Besides, our attack to the on 14-round CRAFT with 264 data, 274 memory, 2104 time complexity. As far as we know, it is the first key recovery attack to FUTURE. © 2023 ACM.
Keyword :
Cryptography Cryptography Integer programming Integer programming
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Lin, Han , Zou, Jian , Li, Jiayin . The differential meet-in-the-middle attack on FUTURE and CRAFT [C] . 2023 : 151-158 . |
MLA | Lin, Han et al. "The differential meet-in-the-middle attack on FUTURE and CRAFT" . (2023) : 151-158 . |
APA | Lin, Han , Zou, Jian , Li, Jiayin . The differential meet-in-the-middle attack on FUTURE and CRAFT . (2023) : 151-158 . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
Kupyna is an AES-like hash function that has been confirmed as the Ukrainian hash standard DSTU 7564:2014 in 2015. In this paper, we present some preimage attacks and collision attacks on Kupyna. We combine guess-and-determine and MITM methods, using a MILP-based MITM attack tool, to apply them to the Kupyna hash cryptographic algorithm. We improve the preimage attack on 6-round Kupyna-256 (OT), increasing the complexity from the previous best attack complexity of 2240 to 2224. Additionally, we also propose, for the first time, collision attacks on 6-round Kupyna-256 (OT) and 8-round Kupyna-512 (OT), with complexities of 2116 and 2444 respectively. © 2023 ACM.
Keyword :
Hash functions Hash functions Integer programming Integer programming
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Xu, Jinxing , Zou, Jian , Lan, Qiufu et al. Improved Meet-in-the-Middle Cryptanalysis on Kupyna [C] . 2023 : 136-143 . |
MLA | Xu, Jinxing et al. "Improved Meet-in-the-Middle Cryptanalysis on Kupyna" . (2023) : 136-143 . |
APA | Xu, Jinxing , Zou, Jian , Lan, Qiufu , Li, Jiayin . Improved Meet-in-the-Middle Cryptanalysis on Kupyna . (2023) : 136-143 . |
Export to | NoteExpress RIS BibTex |
Version :
Abstract :
Permutation polynomials with low c-differential uniformity and boomerang uniformity have wide applications in cryptography. In this paper, by utilizing the Weil sums technique and solving some certain equations over F-2n, we determine the c-differential uniformity and boomerang uniformity of these permutation polynomials: (1) f1(x) = x + Tr-1(n)( x(2k+1)+1+ x(3)+ x + ux), where n = 2k+ 1, u is an element of F-2n with Tr-1(n)(u) = 1; (2) f(2)(x) = x + Tr-1(n)( x(2k+3)+( x + 1)(2k)+3), where n = 2k+ 1; (3) f(3)(x) = x(-1)+ Tr-1(n)(( x(-1)+ 1)(d)+ x(-d)), where nis even and dis a positive integer. The results show that the involutions f(1)(x) and f(2)(x) are APcN functions for c is an element of F(2)n\{0, 1}. Moreover, the boomerang uniformity of f(1)(x) and f(2)(x) can attain 2(n). Furthermore, we generalize some previous works and derive the upper bounds on the c-differential uniformity and boomerang uniformity of f(3)(x). (c) 2023 Elsevier Inc. All rights reserved.
Keyword :
Boomerang uniformity Boomerang uniformity C-differential uniformity C-differential uniformity Permutation polynomial Permutation polynomial
Cite:
Copy from the list or Export to your reference management。
GB/T 7714 | Liu, Qian , Huang, Zhiwei , Xie, Jianrui et al. The c-differential uniformity and boomerang uniformity of three classes of permutation polynomials over F-2(n) [J]. | FINITE FIELDS AND THEIR APPLICATIONS , 2023 , 89 . |
MLA | Liu, Qian et al. "The c-differential uniformity and boomerang uniformity of three classes of permutation polynomials over F-2(n)" . | FINITE FIELDS AND THEIR APPLICATIONS 89 (2023) . |
APA | Liu, Qian , Huang, Zhiwei , Xie, Jianrui , Liu, Ximeng , Zou, Jian . The c-differential uniformity and boomerang uniformity of three classes of permutation polynomials over F-2(n) . | FINITE FIELDS AND THEIR APPLICATIONS , 2023 , 89 . |
Export to | NoteExpress RIS BibTex |
Version :
Export
Results: |
Selected to |
Format: |