Hash functions are a basic cryptographic primitive. Certain hash functions try to prove security against collision and preimage attacks by reductions to known hard problems. These hash functions usually have some additional properties that allow for that reduction. Hash functions which are additive or multiplicative are vulnerable to a quantum attack using the hidden subgroup problem algorithm for quantum computers. Using a quantum oracle to the hash, we can reconstruct the kernel of the hash function, which is enough to find collisions and second preimages. When the hash functions are additive with respect to the group operation in an Abelian group, there is always an efficient implementation of this attack. We present concrete attack examples to provable hash functions, including a preimage attack to $\oplus$-linear hash functions and for certain multiplicative homomorphic hash schemes.
翻译:散列函数是一种基本的加密原始功能。 某些散列函数试图通过减少已知的硬性问题来证明碰撞和预示攻击的安全性。 这些散列函数通常有一些额外的特性可以减少这种危险。 散列函数是添加或倍增的, 使用量子计算机的隐藏子组问题算法很容易受到量子攻击。 使用散列的量子晶体, 我们可以重建散列函数的内核, 这足以找到碰撞和第二次预想。 当散列函数对于Abelian集团的集团操作是累加的时, 总是能够有效地实施这种攻击。 我们为可变散列函数提供了具体的攻击例子, 包括以 $\ o+$ 线性散列散列函数和某些多倍的同质散变办法。