International Association for Cryptologic Research

International Association
for Cryptologic Research


QCB: Efficient Quantum-secure Authenticated Encryption

Ritam Bhaumik , Inria
Xavier Bonnetain , University of Waterloo
André Chailloux , Inria
Gaëtan Leurent , Inria
María Naya-Plasencia , Inria
André Schrottenloher , Cryptology Group, CWI
Yannick Seurin , ANSSI
DOI: 10.1007/978-3-030-92062-3_23
Search ePrint
Search Google
Presentation: Slides
Conference: ASIACRYPT 2021
Abstract: It was long thought that symmetric cryptography was only mildly affected by quantum attacks, and that doubling the key length was sufficient to restore security. However, recent works have shown that Simon's quantum period finding algorithm breaks a large number of MAC and authenticated encryption algorithms when the adversary can query the MAC/encryption oracle with a quantum superposition of messages. In particular, the OCB authenticated encryption mode is broken in this setting, and no quantum-secure mode is known with the same efficiency (rate-one and parallelizable). In this paper we generalize the previous attacks, show that a large class of OCB-like schemes is unsafe against superposition queries, and discuss the quantum security notions for authenticated encryption modes. We propose a new rate-one parallelizable mode named QCB inspired by TAE and OCB and prove its security against quantum superposition queries.
Video from ASIACRYPT 2021
  title={QCB: Efficient Quantum-secure Authenticated Encryption},
  author={Ritam Bhaumik and Xavier Bonnetain and André Chailloux and Gaëtan Leurent and María Naya-Plasencia and André Schrottenloher and Yannick Seurin},