Abstract:
We study quantum versions of differential and linear cryptanalysis based on a combination of the quantum minimum/maximum search algorithm and the quantum counting algorithm. We obtain estimates of the complexity and the required resources for the quantum differential and quantum linear cryptanalysis of block ciphers. It is shown that the implementation of the quantum linear method requires smaller logical qubits than the implementation of the quantum differential method. It is noted that the acceleration of calculations due to “quantum parallelism” in the quantum differential and linear cryptanalysis based on a combination of Grover’s quantum algorithms and quantum counting algorithm is apparently absent.
Key words:symmetric cryptography, differential and linear cryptanalysis, block ciphers, Grover's algorithm, quantum counting.
Fulltext:
PDF file (748 kB)