Abstract:
We study the amplification of security against quantum attacks provided by iteration of block ciphers. We prove that (in contrast to the classical Meet-in-the-middle attack) for quantum adversaries two iterated ideal block ciphers are more much difficult to attack than a single one. The optimality of the quantized Meet-in-the-middle attack is proved. It is shown that contrary to the classical case, the quantum dissection attack against 4-encryption has a better time complexity than a quantum Meet-in-the-middle attack.