密码学报(中英文)2025,Vol.12Issue(6):1247-1264,18.DOI:10.13868/j.cnki.jcr.000822
Sibleyras之可调FX构造的量子Q1安全性
Quantum Q1 Security of Sibleyras's Tweakable FX Construction
摘要
Abstract
The FX construction FXk,k'[E](x)=Ek(x⊕k')⊕ k'transforms a block cipher E:{0,1}κ×{0,1}n → {0,1}n with κ-bit keys into a block cipher with(κ+n)-bit keys.It ensures κ+n/2 bits security in the classical setting and κ+n/3 bits security in the quantum Q1 setting.Alagic et al.proposed a so-called tweakable FX construction,which is defined as TFXf1,f2k,k'[E]=Ek(x ⊕ f1(k',t))⊕ f2(k',t).It constructs a tweakable block cipher from a(classical)block cipher and two auxiliary functions f1 and f2.Alagic proved min{n/2,(κ+n)/3} bits quantum Q1 security for this construction.Interestingly,Sibleyras proposed another model of tweakable FX construction,which is defined as TFXf,gkf,kg[E]=Eg(kg,t)(x⊕f(kf,t))⊕f(kf,t).In Sibleyras's construction,the block cipher E is invoked with a tweak-dependent key g(kg,t).In the classical setting,Sibleyras's construction was proved to ensure(κ+n)/2 bits security,and a natural question is whether it enjoys(κ+n)/3 bits quantum Q1 security.This study answers this question positively.By adapting a number of distributions in the proofs of Alagic et al.and Guo et al.,it is proved that Sibleyras's tweakable FX construction yields a tweakable block cipher with(κ+n)/3 bits quantum Q1 security.The gap between security bounds of Sibleyras's and Alagic's constructions indicates that minor modifications to cryptographic constructions may incur significant influences.关键词
后量子安全性/可证明安全/可调分组密码/FX构造Key words
post-quantum security/provable security/tweakable block cipher/FX construction分类
信息技术与安全科学引用本文复制引用
郭淳,郭晓宁,黄安静,郁昱..Sibleyras之可调FX构造的量子Q1安全性[J].密码学报(中英文),2025,12(6):1247-1264,18.基金项目
国家重点研发计划(2023YFA1011200) (2023YFA1011200)
国家自然科学基金(62372274)National Key Research and Development Program of China(2023YFA1011200) (62372274)
National Natural Science Foundation of China(62372274) (62372274)
