15 research outputs found
Cryptographie à clé secrète et attaquant quantique dans le monde des télécommunications
For modern cryptography, the security of a system is defined as the sum of the resources required to break it. With the advent of efficient quantum computers and the new algorithmic possibilities that this opens, this amount of resource is destined to change.In this thesis, we take a step towards a better understanding of this quantum threat. After an introduction to quantum computation and cryptography, we show quantum attacks against the Legendre PRF in the setting without superposition queries and reduced quantum memory. Afterwards, we present a general way to transpose boomerang attacks into quantum attacks as well as some applications. We continue on a doubling method for block ciphers inspired by the Encrypt-Mix-Encrypt scheme and prove its security. We end by building a quantum version of the 3G/4G/5G UMTS-AKA authentication protocol before showing the security as well as the underlying primitives Milenage and TUAK.Pour la cryptographie moderne, la sécurité d'un système est définie comme la somme des ressources nécessaires pour le briser. Avec la venue d'ordinateurs quantiques efficaces et les nouvelles possibilités algorithmiques que cela ouvre, ce montant de ressources est voué à changer. Dans cette thèse, nous effectuons un pas en direction d'une meilleure compréhension de cette menace quantique. Après une introduction au calcul quantique et à la cryptographie, nous montrons des attaques quantiques contre la fonction pseudo-aléatoire de Legendre sans requête en superposition et en mémoire quantique réduite. Par la suite, nous exposons une manière générale de transposer les attaques boomerang en algorithmique quantique ainsi que quelques applications. Nous continuons sur une méthode de doublement de taille de blocs pour les chiffrements à blocs inspirée sur le schéma Encrypt-Mix-Encrypt et nous en montrons la sécurité. Nous finissons par la construction d'une version quantique du protocole d'authentification de la 3G/4G/5G UMTS-AKA avant d'en montrer la sécurité ainsi que celle des primitives sous-jacentes Milenage et TUAK
Secret-key cryptography and impact of a quantum attacker on the telecommunication world
Pour la cryptographie moderne, la sécurité d'un système est définie comme la somme des ressources nécessaires pour le briser. Avec la venue d'ordinateurs quantiques efficaces et les nouvelles possibilités algorithmiques que cela ouvre, ce montant de ressources est voué à changer. Dans cette thèse, nous effectuons un pas en direction d'une meilleure compréhension de cette menace quantique. Après une introduction au calcul quantique et à la cryptographie, nous montrons des attaques quantiques contre la fonction pseudo-aléatoire de Legendre sans requête en superposition et en mémoire quantique réduite. Par la suite, nous exposons une manière générale de transposer les attaques boomerang en algorithmique quantique ainsi que quelques applications. Nous continuons sur une méthode de doublement de taille de blocs pour les chiffrements à blocs inspirée sur le schéma Encrypt-Mix-Encrypt et nous en montrons la sécurité. Nous finissons par la construction d'une version quantique du protocole d'authentification de la 3G/4G/5G UMTS-AKA avant d'en montrer la sécurité ainsi que celle des primitives sous-jacentes Milenage et TUAK.For modern cryptography, the security of a system is defined as the sum of the resources required to break it. With the advent of efficient quantum computers and the new algorithmic possibilities that this opens, this amount of resource is destined to change.In this thesis, we take a step towards a better understanding of this quantum threat. After an introduction to quantum computation and cryptography, we show quantum attacks against the Legendre PRF in the setting without superposition queries and reduced quantum memory. Afterwards, we present a general way to transpose boomerang attacks into quantum attacks as well as some applications. We continue on a doubling method for block ciphers inspired by the Encrypt-Mix-Encrypt scheme and prove its security. We end by building a quantum version of the 3G/4G/5G UMTS-AKA authentication protocol before showing the security as well as the underlying primitives Milenage and TUAK
Quantum Security of the Legendre PRF
International audienceIn this paper, we study the security of the Legendre PRF against quantum attackers, given classical queries only, and without quantum random-access memories. We give two algorithms that recover the key of a shifted Legendre symbol with unknown shift, with a complexity smaller than the exhaustive search of the key. The first one is a quantum variant of the table-based collision algorithm. The second one is an offline variant of Kuperberg's abelian hidden shift algorithm. We note that the latter, although asymptotically promising, is not currently the most efficient against practical parameters
Quantum Security of the UMTS-AKA Protocol and its Primitives, Milenage and TUAK
The existence of a quantum computer is one of the most significant threats cryptography has ever faced. However, it seems that real world protocols received little attention so far with respect to their future security. Indeed merely relying upon post-quantum primitives may not suffice in order for a security protocol to be resistant in a full quantum world. In this paper, we consider the fundamental UMTS key agreement used in 3G but also in 4G (LTE), and in the (recently deployed) 5G technology. We analyze the protocol in a quantum setting, with quantum communications (allowing superposition queries by the involved parties), and where quantum computation is granted to the adversary. We prove that, assuming the underlying symmetric-key primitive is quantum-secure, the UMTS key agreement is also quantum-secure. We also give a quantum security analysis of the underlying primitives, namely Milenage and TUAK. To the best of our knowledge this paper provides the first rigorous proof of the UMTS key agreement in a strong quantum setting. Our result shows that in the quantum world to come, the UMTS technology remains a valid scheme in order to secure the communications of billions of users
Quantum Security of the UMTS-AKA Protocol and its Primitives, Milenage and TUAK
The existence of a quantum computer is one of the most significant threats cryptography has ever faced. However, it seems that real world protocols received little attention so far with respect to their future security. Indeed merely relying upon post-quantum primitives may not suffice in order for a security protocol to be resistant in a full quantum world. In this paper, we consider the fundamental UMTS key agreement used in 3G but also in 4G (LTE), and in the (recently deployed) 5G technology. We analyze the protocol in a quantum setting, with quantum communications (allowing superposition queries by the involved parties), and where quantum computation is granted to the adversary. We prove that, assuming the underlying symmetric-key primitive is quantum-secure, the UMTS key agreement is also quantum-secure. We also give a quantum security analysis of the underlying primitives, namely Milenage and TUAK. To the best of our knowledge this paper provides the first rigorous proof of the UMTS key agreement in a strong quantum setting. Our result shows that in the quantum world to come, the UMTS technology remains a valid scheme in order to secure the communications of billions of users
Quantum Security of the UMTS-AKA Protocol and its Primitives, Milenage and TUAK
The existence of a quantum computer is one of the most significant threats cryptography has ever faced. However, it seems that real world protocols received little attention so far with respect to their future security. Indeed merely relying upon post-quantum primitives may not suffice in order for a security protocol to be resistant in a full quantum world. In this paper, we consider the fundamental UMTS key agreement used in 3G but also in 4G (LTE), and in the (recently deployed) 5G technology. We analyze the protocol in a quantum setting, with quantum communications (allowing superposition queries by the involved parties), and where quantum computation is granted to the adversary. We prove that, assuming the underlying symmetric-key primitive is quantum-secure, the UMTS key agreement is also quantum-secure. We also give a quantum security analysis of the underlying primitives, namely Milenage and TUAK. To the best of our knowledge this paper provides the first rigorous proof of the UMTS key agreement in a strong quantum setting. Our result shows that in the quantum world to come, the UMTS technology remains a valid scheme in order to secure the communications of billions of users
Quantum Boomerang Attacks and Some Applications
International audienceIn this paper, we study quantum key-recovery attacks on block ciphers. While it is well known that a quantum adversary can generically speed up an exhaustive search of the key, much less is known on how to use specific vulnerabilities of the cipher to accelerate this procedure. In this context, we show how to convert classical boomerang and mixing boomerang attacks into efficient quantum key-recovery attacks. In some cases, we can even obtain a quadratic speedup, the same as simple differential attacks. We apply this technique to a 5-round attack on SAFER++
Block Cipher Doubling for a Post-Quantum World
International audienceIn order to maintain a similar security level in a post-quantum setting, many symmetric primitives should have to double their keys and increase their state sizes. So far, no generic way for doing this is known that would provide convincing quantum security guarantees. In this paper we propose a new generic construction, QuEME, that allows to double the key and the state size of a block cipher. The QuEME design is inspired by the ECB-Mix-ECB (EME) construction, but is defined for a different choice of mixing function that withstands our new quantum superposition attack that exhibits a periodic property found in collisions and that breaks EME and a large class of variants of it. We prove that QuEME achieves n-bit security in the classical setting, where n is the block size of the underlying block cipher, and at least n/6-bit security in the quantum setting. We propose a concrete instantiation of this construction, called Double-AES, that is built with variants of AES-128
Attacking trapdoors from matrix products
Recently, Geraud-Stewart and Naccache proposed two trapdoors based on matrix products. In this paper, we answer the call for cryptanalysis. We explore how using the trace and determinant of a matrix can be used to attack their constructions. We fully break their first construction in a polynomial-time attack. We show an information leak in the second construction using characteristic polynomials, and provide two attacks that decrease the bit security by about half. </p
Attacking trapdoors from matrix products
Recently, Geraud-Stewart and Naccache proposed two trapdoors based on matrix products. In this paper, we answer the call for cryptanalysis. We explore how using the trace and determinant of a matrix can be used to attack their constructions. We fully break their first construction in a polynomial-time attack. We show an information leak in the second construction using characteristic polynomials, and provide an attack using traces that decreases the bit security by about half
