Quantum algorithm to find invariant linear structure of MD hash functions
In this paper, we consider a special problem. “Given a function f : { 0 , 1 } n → { 0 , 1 } m . Suppose there exists a n -bit string α ∈ { 0 , 1 } n subject to f ( x ⊕ α ) = f ( x ) for ∀ x ∈ { 0 , 1 } n . We only know the Hamming weight W ( α ) = 1 , and find this α .” We present a quantum algorith...
Saved in:
| Published in: | Quantum information processing Vol. 14; no. 3; pp. 813 - 829 |
|---|---|
| Main Authors: | , , , |
| Format: | Journal Article |
| Language: | English |
| Published: |
Boston
Springer US
01.03.2015
|
| Subjects: | |
| ISSN: | 1570-0755, 1573-1332 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In this paper, we consider a special problem. “Given a function
f
:
{
0
,
1
}
n
→
{
0
,
1
}
m
. Suppose there exists a
n
-bit string
α
∈
{
0
,
1
}
n
subject to
f
(
x
⊕
α
)
=
f
(
x
)
for
∀
x
∈
{
0
,
1
}
n
. We only know the Hamming weight
W
(
α
)
=
1
, and find this
α
.” We present a quantum algorithm with “Oracle” to solve this problem. The successful probability of the quantum algorithm is
(
2
l
-
1
2
l
)
n
-
1
, and the time complexity of the quantum algorithm is
O
(
log
(
n
-
1
)
)
for the given Hamming weight
W
(
α
)
=
1
. As an application, we present a quantum algorithm to decide whether there exists such an invariant linear structure of the
M
D
hash function family as a kind of collision. Then, we provide some consumptions of the quantum algorithms using the time–space trade-off. |
|---|---|
| ISSN: | 1570-0755 1573-1332 |
| DOI: | 10.1007/s11128-014-0909-5 |