Acknowledgement
This work was supported as part of the Military Crypto Research Center (UD210027XD) funded by the Defense Acquisition Program Administration (DAPA) and the Agency for Defense Development (ADD).
References
- K. I. S. Agency, ARIA block cipher. https://seed.kisa.or.kr/kisa/algorithm/EgovAriaInfo.do (2022/7/10).
- D. Kwon, J. Kim, S. Park, S. H. Sung, Y. Sohn, J. H. Song, Y. Yeom, E.-J. Yoon, S. Lee, and J. Lee, New block cipher: ARIA, (Int. Conf. Information Security and Cryptology, Seoul, Rep. of Korea), 2003, pp. 432-445.
- J. Daemen and V. Rijmen, The design of Rijndael: AES-The advanced encryption standard, Information Security and Cryptography, Springer, 2002.
- J. Kim, J. Lee, C. Kim, J. Lee, and D. Kwon, A description of the ARIA encryption algorithm, Request for Comments, RFC Editor, 2010.
- J.-H. Park, W.-H. Kim, J. Lee, and D. Kwon, Addition of the ARIA cipher suites to transport layer security (TLS), Request for Comments, RFC Editor, 2011.
- P. W. Shor, Algorithms for quantum computation: discrete logarithms and factoring, (Proceedings 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA), 1994, pp. 124-134.
- NIST, Post-quantum cryptography standardization, Sept. 2019. https://csrc.nist.gov/Projects/post-quantum-cryptography/Post-Quantum-Cryptography-Standardization
- L. K. Grover, A fast quantum mechanical algorithm for database search, (Proceedings of the Twenty-eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA), May 1996, pp. 212-219.
- D. R. Simon, On the power of quantum computation, SIAM J. Comput. 26 (1997), no. 5, 1474-1483. https://doi.org/10.1137/S0097539796298637
- X. Bonnetain, M. Naya-Plasencia, and A. Schrottenloher, Quantum security analysis of AES, IACR Trans. Symmetric Cryptol. 2019 (2019), no. 2, 55-93.
- X. Dong, Z. Li, and X. Wang, Quantum cryptanalysis on some generalized Feistel schemes, Sci. China Inf. Sci. 62 (2019), no. 2, 22501:1-22501:12. https://doi.org/10.1007/s11432-017-9436-7
- A. Hosoyamada and K. Aoki, On quantum related-key attacks on iterated Even-Mansour ciphers, IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 102-A (2019), no. 1, 27-34. https://doi.org/10.1587/transfun.E102.A.27
- M. Kaplan, G. Leurent, A. Leverrier, and M. Naya-Plasencia, Quantum differential and linear cryptanalysis, IACR Trans. Symmetric Cryptol. 2016 (2016), no. 1, 71-94.
- A. K. Chauhan, A. Kumar, and S. K. Sanadhya, Quantum free-start collision attacks on double block length hashing with round-reduced AES-256, IACR Trans. Symmetric Cryptol. 2021 (2021), no. 1, 316-336. https://doi.org/10.46586/tosc.v2021.i1.316-336
- X. Dong, S. Sun, D. Shi, F. Gao, X. Wang, and L. Hu, Quantum collision attacks on AES-like hashing with low quantum random access memories, Asiacrypt 2020, S. Moriai and H. Wang, (eds.), LNCS, Vol. 12492, Springer, 2020, pp. 727-757.
- A. Hosoyamada and Y. Sasaki, Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound, Eurocrypt 2020, A. Canteaut and Y. Ishai, (eds.), LNCS, Vol. 12106, Springer, 2020, pp. 249-279.
- A. Hosoyamada and Y. Sasaki, Quantum collision attacks on reduced SHA-256 and SHA-512, Crypto 2021, LNCS, Vol. 12825, Springer, 2021, pp. 616-646.
- A. F. Gutierrez, G. Leurent, M. Naya-Plasencia, L. Perrin, A. Schrottenloher, and F. Sibleyras, New results on Gimli: Full-permutation distinguishers and improved collisions, Asiacrypt 2020, Springer, 2020, pp. 33-63.
- B. Ni, X. Dong, K. Jia, and Q. You, (Quantum) collision attacks on reduced simpira v2, IACR Trans. Symmetric Cryptol. 2021 (2021), 222-248.
- G. Brassard, P. Hoyer, and A. Tapp, Quantum cryptanalysis of hash and claw-free functions, Latin 1998, C. L. Lucchesi and A. V. Moura, (eds.), LNCS, Vol. 1380, Springer, 1998, pp. 163-169.
- A. Chailloux, M. Naya-Plasencia, and A. Schrottenloher, An efficient quantum collision search algorithm and implications on symmetric cryptography, Asiacrypt 2017, T. Takagi and T. Peyrin, (eds.), LNCS, Vol. 10625, Springer, 2017, pp. 211-240.
- P. C. van Oorschot and M. J. Wiener, Parallel collision search with application to hash functions and discrete logarithms, (CCS '94, Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, USA), Nov. 1994, pp. 210-218.
- S. Dou, M. Mao, Y. Li, and D. Qiu, Quantum rebound attack to DM structure based on ARIA algorithm, J. phys. Conf. ser. 2078 (2021), 012003.
- B. Preneel, R. Govaerts, and J. Vandewalle, Hash functions based on block ciphers: A synthetic approach, Crypto 1993, D. R. Stinson, (ed.), LNCS, Vol. 773, Springer, 1993, pp. 368-378.
- S. Hirose, Some plausible constructions of double-block-length hash functions, Fse 2006, M. J. B. Robshaw, (ed.), LNCS, Vol. 4047, Springer, 2006, pp. 210-225.
- J. Lee and M. Stam, MJH: A faster alternative to MDC-2, Des. Codes Cryptogr. 76 (2015), no. 2, 179-205. https://doi.org/10.1007/s10623-014-9936-6
- J. Black, P. Rogaway, and T. Shrimpton, Black-box analysis of the block-cipher-based hash-function constructions from PGV, Crypto 2002, M. Yung, (ed.), LNCS, Vol. 2442, Springer, 2002, pp. 320-335.
- M. A. Nielsen and I. L. Chuang, Quantum computation and quantum information (10th anniversary edition), Cambridge University Press, 2016.
- M. Boyer, G. Brassard, P. Hoyer, and A. Tapp, Tight bounds on quantum searching, Fortschritte der Physik: Progr. Phys. 46 (1998), no. 4-5, 493-505. https://doi.org/10.1002/(SICI)1521-3978(199806)46:4/5<493::AID-PROP493>3.0.CO;2-P
- F. Mendel, C. Rechberger, M. Schlaffer, and S. S. Thomsen, The rebound attack: Cryptanalysis of reduced whirlpool and grostl, (Int. Workshop on Fast Software Encryption, Leuven, Belguim), 2009, pp. 260-276.
- J. Jean, TikZ for cryptographers, 2016. https://www.iacr.org/authors/tikz/
- S. Jaques, M. Naehrig, M. Roetteler, and F. Virdia, Implementing grover oracles for quantum key search on AES and lowMC, Eurocrypt 2020, LNCS, Vol. 12106, Springer, 2020, pp. 280-310.
- M. Lamberger, F. Mendel, C. Rechberger, V. Rijmen, and M. Schlaffer, Rebound distinguishers: Results on the full whirlpool compression function, Asiacrypt 2009, LNCS, Vol. 5912, Springer, 2009, pp. 126-143.