Quantum algorithm to find invariant linear structure of MD hash functions
In this paper, we consider a special problem. “Given a function f : { 0 , 1 } n → { 0 , 1 } m . Suppose there exists a n -bit string α ∈ { 0 , 1 } n subject to f ( x ⊕ α ) = f ( x ) for ∀ x ∈ { 0 , 1 } n . We only know the Hamming weight W ( α ) = 1 , and find this α .” We present a quantum algorith...
Uloženo v:
| Vydáno v: | Quantum information processing Ročník 14; číslo 3; s. 813 - 829 |
|---|---|
| Hlavní autoři: | , , , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
Boston
Springer US
01.03.2015
|
| Témata: | |
| ISSN: | 1570-0755, 1573-1332 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Shrnutí: | In this paper, we consider a special problem. “Given a function
f
:
{
0
,
1
}
n
→
{
0
,
1
}
m
. Suppose there exists a
n
-bit string
α
∈
{
0
,
1
}
n
subject to
f
(
x
⊕
α
)
=
f
(
x
)
for
∀
x
∈
{
0
,
1
}
n
. We only know the Hamming weight
W
(
α
)
=
1
, and find this
α
.” We present a quantum algorithm with “Oracle” to solve this problem. The successful probability of the quantum algorithm is
(
2
l
-
1
2
l
)
n
-
1
, and the time complexity of the quantum algorithm is
O
(
log
(
n
-
1
)
)
for the given Hamming weight
W
(
α
)
=
1
. As an application, we present a quantum algorithm to decide whether there exists such an invariant linear structure of the
M
D
hash function family as a kind of collision. Then, we provide some consumptions of the quantum algorithms using the time–space trade-off. |
|---|---|
| ISSN: | 1570-0755 1573-1332 |
| DOI: | 10.1007/s11128-014-0909-5 |