Hostname: page-component-848d4c4894-nr4z6 Total loading time: 0 Render date: 2024-05-01T12:01:43.152Z Has data issue: false hasContentIssue false
  • English
  • Français

Quantum attacks on pseudorandom generators

Published online by Cambridge University Press:  20 December 2012

ELLOÁ B. GUEDES ,
F. M. DE ASSIS  and
BERNARDO LULA JR.
ELLOÁ B. GUEDES
Affiliation:
IQuanta–Institute for Studies in Quantum Computation and Information, Federal University of Campina Grande, Av. Aprígio Veloso, 882–CZ.A, 58429-140, Campina Grande–PB, Brazil Email: elloaguedes@gmail.com; fmarcos@dee.ufcg.edu.br; lula@dsc.ufcg.edu.br
F. M. DE ASSIS
Affiliation:
IQuanta–Institute for Studies in Quantum Computation and Information, Federal University of Campina Grande, Av. Aprígio Veloso, 882–CZ.A, 58429-140, Campina Grande–PB, Brazil Email: elloaguedes@gmail.com; fmarcos@dee.ufcg.edu.br; lula@dsc.ufcg.edu.br
BERNARDO LULA JR.
Affiliation:
IQuanta–Institute for Studies in Quantum Computation and Information, Federal University of Campina Grande, Av. Aprígio Veloso, 882–CZ.A, 58429-140, Campina Grande–PB, Brazil Email: elloaguedes@gmail.com; fmarcos@dee.ufcg.edu.br; lula@dsc.ufcg.edu.br
Get access Rights & Permissions [Opens in a new window]

Abstract

There are advantages in the use of quantum computing in the elaboration of attacks on certain pseudorandom generators when compared with analogous attacks using classical computing. This paper presents a polynomial time quantum attack on the Blum–Micali generator, which is considered secure against threats from classical computers. The proposed attack uses a Grover inspired procedure together with the quantum discrete logarithm, and is able to recover previous and future outputs of the generator under attack, thereby completely compromising its unpredictability. The attack can also be adapted to other generators, such as Blum–Micali generators with multiple hard-core predicates and generators from the Blum–Micali construction, and also to scenarios where the requirements on the bits are relaxed. Such attacks represent a threat to the security of the pseudorandom generators adopted in many real-world cryptosystems.

Type
Paper
Information
Mathematical Structures in Computer Science , Volume 23 , Issue 3 , June 2013 , pp. 608 - 634
Copyright
Copyright © Cambridge University Press 2012

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

The authors gratefully acknowledge the financial support given by the Brazilian Funding Agencies CAPES and CNPq.

References

Ambainis, A. (2004) Quantum search algorithms. SIGACT News 35 2235.CrossRefGoogle Scholar
Bennett, C. (1973) Logical Reversibility of Computation. IBM Journal of Research and Development 17 525532.CrossRefGoogle Scholar
Blum, L., Blum, M. and Shub, M. (1986) A Simple Unpredictable Pseudo-Random Number Generator. SIAM Journal on Computing 15 364383.CrossRefGoogle Scholar
Blum, M. and Micali, S. (1984) How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal on Computing 13 850864.CrossRefGoogle Scholar
Boyar, J. (1989) Inferring Sequences Produced by Pseudo-Random Number Generators. Journal of the Association for Computing Machinery 36 139141.CrossRefGoogle Scholar
Cloutier, D. R. and Holden, J. (2010) Mapping the discrete logarithm. Involve 3 197213.CrossRefGoogle Scholar
Eastlake, D., Schiller, J. and Crocker, S. (2005) Randomness Requirements for Security. Technical report, Network Working Group–Request for Comments 4086.CrossRefGoogle Scholar
Gennaro, R. (2005) An improved pseudo-random generator based on the discrete logarithm problem. Journal of Cryptology 18 (2)91110.CrossRefGoogle Scholar
Gentle, J. E. (2003) Random Number Generation and Monte Carlo Methods, Springer-Verlag.Google Scholar
Goldreich, O. (2005) Foundations of Cryptography–A Primer, now Publishers Inc.CrossRefGoogle Scholar
Gregg, J. A. (2003) On factoring integers and evaluating discrete logarithms, Master's thesis, Harvard College.Google Scholar
Grover, L. K. (1997) Quantum mechanics helps in searching for a needle in a haystack. Physical Review Letters 79 325328.CrossRefGoogle Scholar
Guedes, E. B., de Assis, F. M. and Lula, B. Jr. (2010a) Examples of the Generalized Quantum Permanent Compromise Attack on the Blum–Micali Construction. (Available at http://arxiv.org/abs/1012.1776)CrossRefGoogle Scholar
Guedes, E. B., de Assis, F. M. and Lula, B. Jr. (2010b) A Generalized Quantum Permanent Compromise Attack on the Blum–Micali Construction. In: III Workshop-School of Quantum Computation and Information (WECIQ).CrossRefGoogle Scholar
Hirvensalo, M. (2001) Quantum Computing, Springer-Verlag.CrossRefGoogle Scholar
Håstad, J., Impagliazzoy, R., Levinz, L. A. and Luby, M. (1999) A pseudorandom generator from any one-way function. SIAM Journal on Computing 28 (4)13641396.CrossRefGoogle Scholar
Håstad, J., Schrift, A. and Shamir, A. (1993) The discrete logarithm modulo a composite hides o(n) bits. Journal of Computer and System Sciences 47 376404.CrossRefGoogle Scholar
Jozsa, R. (2001) Quantum factoring, discrete logarithms, and the hidden subgroup problem. Computing in Science and Engineering 3 (2)3443.CrossRefGoogle Scholar
Kaliski, B. S. (1988) Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools, Ph.D. thesis, MIT.Google Scholar
Kelsey, J., Schneider, B., Wagner, D. and Hall, C. (1998) Cryptanalytic attacks on pseudorandom number generators. Springer-Verlag Lecture Notes in Computer Science 1372 168188.CrossRefGoogle Scholar
Krawczyk, H. (1992) How to Predict Congruential Generators. Journal of Algorithms 13 527545.CrossRefGoogle Scholar
Long, D. and Wigderson, A. (1988) The discrete log hides o(log n) bits. SIAM Journal on Computing 17 363372.CrossRefGoogle Scholar
Meter, R. V. and Itoh, K. M. (2005) Fast Quantum Modular Exponentiation. Physical Review A 71 (5)052320.CrossRefGoogle Scholar
Nielsen, M. A. and Chuang, I. L. (2005) Quantum Computation and Information, Bookman.Google Scholar
Paar, C. and Pelzl, J. (2010) Understanding Cryptography, Springer-Verlag.CrossRefGoogle Scholar
Patel, S. and Sundaram, G. (1998) An efficient discrete log pseudo random generator. In: Krawczyk, H. (ed.) Advances in Cryptology– CRYPTO'98. Proceedings 18th Annual International Cryptology Conference. Springer-Verlag Lecture Notes in Computer Science 1462 304317.CrossRefGoogle Scholar
Peralta, R. (1986) Simultaneous security of bits in the discrete log. In: Pichler, F. (ed.) Advances in Cryptology–EUROCRYPT'85. Springer-Verlag Lecture Notes in Computer Science 219 6272.CrossRefGoogle Scholar
Proos, J. and Zalka, C. (2004) Shor's discrete logarithm quantum algorithm for elliptic curves. Quantum Information and Computation 3 (4)317344.CrossRefGoogle Scholar
Shor, P. (1997) Polynomial-time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal on Computing 26 14841509.CrossRefGoogle Scholar
Sidorenko, A. and Schoenmakers, B. (2005a) Concrete security of the Blum–Blum–Shub pseudorandom generator. In: Smart, N. P. (ed.) Proceedings Cryptography and Coding: 10th IMA International Conference. Springer-Verlag Lecture Notes in Computer Science 3796 355375.CrossRefGoogle Scholar
Sidorenko, A. and Schoenmakers, B. (2005b) State recovery attacks on pseudorandom generators. In: Wolf, C., Lucks, S. and Yau, P.-W. (eds.) Proceedings Western European Workshop on Research in Cryptology. GI Lecture Notes in Informatics 74 5363.Google Scholar
van Tilborg, H. C. (2005) Encyclopedia of Cryptography and Security, Springer-Verlag.CrossRefGoogle Scholar
Williams, C. P. (2011) Explorations in Quantum Computing, second edition, Springer-Verlag.CrossRefGoogle Scholar