TY - JOUR AU - Hosoyamada, Akinori AU - Iwata, Tetsu PY - 2021/03/19 Y2 - 2024/03/28 TI - Provably Quantum-Secure Tweakable Block Ciphers JF - IACR Transactions on Symmetric Cryptology JA - ToSC VL - 2021 IS - 1 SE - Articles DO - 10.46586/tosc.v2021.i1.337-377 UR - https://tosc.iacr.org/index.php/ToSC/article/view/8842 SP - 337-377 AB - <p>Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the <em>first</em> design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure <em>n</em>-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to <em>O</em>(2<sup><em>n</em>/6</sup>) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.</p> ER -