Ravi Anand

Bio: Ravi Anand is an academic researcher from Indian Institute of Technology Kharagpur. The author has contributed to research in topics: Cryptanalysis & Cipher. The author has an hindex of 4, co-authored 12 publications receiving 41 citations.

Evaluation of Quantum Cryptanalysis on SPECK

Abstract: In this work, all the versions of SPECK are evaluated against quantum adversary in terms of Grovers algorithm. We extensively study the resource requirements for quantum key search under the model of known plaintext attack and show that our estimation provides better result than the existing efforts. Further, for the first time, we explore differential cryptanalysis on SPECK in quantum framework that provides encouraging results. For both the cases, the quantum resources are evaluated in terms of several parameters, i.e., the T-depth of the circuits and the number of qubits required for the attacks. Experiments are performed in IBM-Q environment to support our claims.

Grover on $$\,SIMON\,$$

Abstract: For any symmetric key cryptosystem with n-bit secret key, the key can be recovered in $$O(2^{n/2})$$ exploiting Grover search algorithm, resulting in the effective key length to be half. In this direction, subsequent work has been done on AES and some other block ciphers. On the other hand, lightweight ciphers like $$\,SIMON\,$$ was left unexplored. In this backdrop, we present Grover’s search algorithm on all the variants of $$\,SIMON\,$$ and enumerate the quantum resources to implement such attack in terms of NOT, CNOT and Toffoli gates. We also provide the T-depth of the circuits and the number of qubits required for the attack. We show that the number of qubits required for implementing Grover on $$ SIMON\,2n/mn$$ is $$O(2nr+mn)$$ , where r is the number of chosen plaintext–ciphertext pairs. We run a reduced version of $$\,SIMON\,$$ in IBMQ quantum simulator and the 14-qubit processor as well. We found that where simulation supports theory, the actual implementation is far from the reality due to the infidelity of the gates and short decoherence time of the qubits. The complete codes for all version of $$\,SIMON\,$$ have also been presented.

A TMDTO Attack Against Lizard

Abstract: Lizard is a very recently proposed lightweight stream cipher that claims 60 bit security against distinguishing (related to state recovery) and 80 bit security against key recovery attack. This cipher has 121 bit state size. In this paper, we first note that using $\psi$ key stream bits one can recover $\psi$ unknown bits of the state when $\tau$ state bits are fixed to a specific pattern. This is made possible by guessing the remaining state bits. We present certain values of $\psi, \tau$ based on the state size that helps in mounting a generic conditional TMDTO attack following the BSW sampling. For Lizard, we obtain the preprocessing complexity as $2^{67}$ , and the maximum of Data, Time and Memory complexity during the online phase as $2^{54}$ . The parameters in the online phase are significantly less than $2^{60}$ .

Grover on SIMON

Abstract: For any symmetric key cryptosystem with $n$-bit secret key, the key can be recovered in $O(2^{n/2})$ exploiting Grover search algorithm, resulting in the effective key length to be half. In this direction, subsequent work has been done on AES and some other block ciphers. On the other hand, lightweight ciphers like SIMON was left unexplored. In this backdrop, we present Grover's search algorithm on all the variants of SIMON and enumerate the quantum resources to implement such attack in terms of NOT, CNOT and Toffoli gates. We also provide the T-depth of the circuits and the number of qubits required for the attack. We show that the number of qubits required for implementing Grover on SIMON $2n/mn$ is $O(2nr+mn)$, where $r$ is the number of chosen plaintext-cipher text pairs. We run a reduced version of SIMON in IBMQ quantum simulator and the 14-qubits processor as well. We found that where simulation supports theory, the actual implementation is far from the reality due to the infidelity of the gates and short decoherence time of the qubits. The complete codes for all version of SIMON have also been presented.

Resource Estimation of Grovers-kind Quantum Cryptanalysis against FSR based Symmetric Ciphers.

Abstract: In this paper, we present a detailed study of the cost of the quantum key search attack using Grover. We consider the popular Feedback Shift Register (FSR) based ciphers Grain-128-AEAD, TinyJAMBU, LIZARD, and Grain-v1 considering the NIST’s MAXDEPTH depth restriction. We design reversible quantum circuits for these ciphers and also provide the QISKIT implementations for estimating gate counts. Our results show that cryptanalysis is possible with gates count less than 2. In this direction, we also study the scenario where initial keystreams may be discarded before using it for encryption so that the Grovers attack on key search becomes costly in terms of circuit repetition. Finally, we connect Grover with BSW sampling for stream ciphers with low sampling resistance. We implement this attack on LIZARD (secret key size of 120 bits, state 121 bits, and security equivalent to 80 bits) and successfully recover the internal states with 2 queries to the cryptographic oracle and 2 amount of data. Our results provide a clear view of the exact status of quantum cryptanalysis against FSR based symmetric ciphers.

On Blockchain and IoT Integration Platforms: Current Implementation Challenges and Future Perspectives

Abstract: Digitization and automation have engulfed every scope and sphere of life. Internet of Things (IoT) has been the main enabler of the revolution. There still exist challenges in IoT that need to be addressed such as the limited address space for the increasing number of devices when using IPv4 and IPv6 as well as key security issues such as vulnerable access control mechanisms. Blockchain is a distributed ledger technology that has immense benefits such as enhanced security and traceability. Thus, blockchain can serve as a good foundation for applications based on transaction and interactions. IoT implementations and applications are by definition distributed. This means blockchain can help to solve most of the security vulnerabilities and traceability concerns of IoTs by using blockchain as a ledger that can keep track of how devices interact, in which state they are and how they transact with other IoT devices. IoT applications have been mainly implemented with technologies such as cloud and fog computing, and AI to help address some of its key challenges. The key implementation challenges and technical choices to consider in making a successful blockchain IoT (BIoT) project are clearly outlined in this paper. The security and privacy aspect of BIoT applications are also analyzed, and several relevant solutions to improve the scalability and throughput of such applications are proposed. The paper also reviews integration schemes and monitoring frameworks for BIoT applications. A hybrid blockchain IoT integration architecture that makes use of containerization is proposed.

Efficient Implementation of PRESENT and GIFT on Quantum Computers

Abstract: Grover search algorithm is the most representative quantum attack method that threatens the security of symmetric key cryptography. If the Grover search algorithm is applied to symmetric key cryptography, the security level of target symmetric key cryptography can be lowered from n-bit to n2-bit. When applying Grover’s search algorithm to the block cipher that is the target of potential quantum attacks, the target block cipher must be implemented as quantum circuits. Starting with the AES block cipher, a number of works have been conducted to optimize and implement target block ciphers into quantum circuits. Recently, many studies have been published to implement lightweight block ciphers as quantum circuits. In this paper, we present optimal quantum circuit designs of symmetric key cryptography, including PRESENT and GIFT block ciphers. The proposed method optimized PRESENT and GIFT block ciphers by minimizing qubits, quantum gates, and circuit depth. We compare proposed PRESENT and GIFT quantum circuits with other results of lightweight block cipher implementations in quantum circuits. Finally, quantum resources of PRESENT and GIFT block ciphers required for the oracle of the Grover search algorithm were estimated.

Cryptanalysis against Symmetric-Key Schemes with Online Classical Queries and Offline Quantum Computations.

Abstract: In this paper, quantum attacks against symmetric-key schemes are presented in which adversaries only make classical queries but use quantum computers for offline computations. Our attacks are not as efficient as polynomial-time attacks making quantum superposition queries, while our attacks use the realistic model and overwhelmingly improve the classical attacks. Our attacks convert a type of classical meet-in-the-middle attacks into quantum ones. The attack cost depends on the number of available qubits and the way to realize the quantum hardware. The tradeoffs between data complexity D and time complexity T against the problem of cardinality N are \(D^2 \cdot T^2 =N\) and \(D \cdot T^6 = N^3\) in the best and worst case scenarios to the adversary respectively, while the classic attack requires \(D\cdot T = N\). This improvement is meaningful from an engineering aspect because several existing schemes claim beyond-birthday-bound security for T by limiting the maximum D to be below \(2^{n/2}\) according to the classical tradeoff \(D\cdot T = N\). Those schemes are broken when quantum computations are available to the adversaries. The attack can be applied to many schemes such as a tweakable block-cipher construction TDR, a dedicated MAC scheme Chaskey, an on-line authenticated encryption scheme McOE-X, a hash function based MAC H \(^2\)-MAC and a permutation based MAC keyed-sponge. The idea is then applied to the FX-construction to discover new tradeoffs in the classical query model.

Grover on Korean Block Ciphers

Abstract: The Grover search algorithm reduces the security level of symmetric key cryptography with n-bit security level to O(2n/2). In order to evaluate the Grover search algorithm, the target block cipher should be efficiently implemented in quantum circuits. Recently, many research works evaluated required quantum resources of AES block ciphers by optimizing the expensive substitute layer. However, few works were devoted to the lightweight block ciphers, even though it is an active research area, nowadays. In this paper, we present optimized implementations of every Korean made lightweight block ciphers for quantum computers, which include HIGHT, CHAM, and LEA, and NSA made lightweight block ciphers, namely SPECK. Primitive operations for block ciphers, including addition, rotation, and exclusive-or, are finely optimized to achieve the optimal quantum circuit, in terms of qubits, Toffoli gate, CNOT gate, and X gate. To the best of our knowledge, this is the first implementation of ARX-based Korean lightweight block ciphers in quantum circuits.

Quantum Analysis of AES

Abstract: . Quantum computing is considered among the next big leaps in the computer science. While a fully functional quantum computer is still in the future, there is an ever-growing need to evaluate the security of the secret-key ciphers against a potent quantum adversary. Keeping this in mind, our work explores the key recovery attack using the Grover’s search on the three variants of AES (-128, -192, -256) with respect to the quantum implementation and the quantum key search using the Grover’s algorithm. We develop a pool of implementations, by mostly reducing the circuit depth metrics. We consider various strategies for optimization, as well as make use of the state-of-the-art advancements in the relevant fields. In a nutshell, we present the least Toffoli depth and full depth implementations of AES, thereby improving from Zou et al.’s Asiacrypt’20 paper by more than 98 percent for all variants of AES. Our qubit count - Toffoli depth product is improved from theirs by more than 75 percent. Furthermore, we analyze the Jaques et al.’s Eurocrypt’20 implementations in details, fix its bugs and report corrected benchmarks. To the best of our finding, our work improves from all the previous works (including the recent Eprint’22 paper by Huang and Sun) in terms of Toffoli/full depth and Toffoli depth - qubit count product.