对1K-AES结构的量子滑动攻击  

作　　者：申洲 张凤荣 韦永壮 王保仓[3] SHEN Zhou;ZHANG FengRong;WEI YongZhuang;WANG BaoCang(School of Cyber Engineering,Xidian University,Xi’an 710071,China;School of Computer Science and Information Security,Guilin University of Electronic Technology,Guilin 541004,China;State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China)

机构地区：[1]西安电子科技大学网络与信息安全学院,西安710071 [2]桂林电子科技大学计算机与信息安全学院,桂林541004 [3]西安电子科技大学空天地一体化综合业务网全国重点实验室,西安710071

出　　处：《中国科学:物理学、力学、天文学》2025年第4期129-139,共11页Scientia Sinica Physica,Mechanica & Astronomica

基　　金：国家自然科学基金(编号:62372346);高等学校111学科创新引智计划(编号:B16037);陕西高校青年创新团队资助项目。

摘　　要：随着量子技术的不断发展,对称密码算法的量子安全性受到人们的广泛关注.聚焦1K-AES的安全性,分别利用量子滑动攻击和经典滑动攻击对1K-AES进行了安全性分析.一方面,对最后一轮包含列混淆的1K-AES,在无需量子随机存储的条件下,利用CNS算法能够在查询复杂度为O(2^(2n/5))和经典存储规模为O(2^(n/5))的条件下将成功率由63%提升到74%,其中n表示分组大小.若使用量子随机存储,利用通用量子claw查找算法能够在查询复杂度为O(2^(n/3))和量子存储规模为O(2^(n/3))的条件下将成功率提升到100%.同时,在经典选择明文攻击条件下,本文将经典滑动攻击的成功率也提升到了100%.另一方面,对最后一轮无列混淆的1K-AES,利用通用量子claw查找算法实施量子滑动攻击,其查询和存储复杂度均为O(2^(n/3)).与经典滑动攻击相比,该方法实现了亚指数加速;与Grover搜索相比,查询复杂度从O(2^(n/2))降低至O(2^(n/3)).With the continuous development of quantum technology,the quantum security of symmetric ciphers has attracted widespread attention.This study focuses on the security of 1K-AES,employing both quantum and classical slide attacks to analyze its security.On the one hand,for the 1K-AES with MixColumns in the last round,using the CNS algorithm achieves a success rate of 74%,an improvement from 63%,under a query complexity of O(2^(2n/5))and classical memory complexity of O(2^(n/5))without the need for quantum random access memory,where n denotes the block size.When using a quantum random access memory,the universal quantum claw-finding algorithm improves the success rate to 100%with a query complexity of O(2^(n/3))and quantum random memory complexity of O(2^(n/3)).Additionally,under the chosen plaintext attack,the success rate of the classical slide attack is also increased to 100%.On the other hand,for the 1K-AES with no MixColumns in the last round,the universal quantum claw-finding algorithm is used to perform a quantum slide attack,with both time and memory complexity of O(2n/3).Compared with the classical slide attack,this method achieves sub-exponential acceleration;compared with Grover’s search,the query complexity reduces from O(2^(n/2))to O(2^(n/3)).

关 键 词：1K-AES 滑动攻击 量子claw查找算法 CNS算法 

分 类 号：TP309[自动化与计算机技术—计算机系统结构] TP309.7[自动化与计算机技术—计算机科学与技术]