Quantum Meet-in-the-Middle Attack on 7-round Feistel Construction

Quantum attacks on Feistel constructions have attracted much attention from worldwide cryptologists. To reduce the time complexity of quantum attacks on 7-round Feistel construction, we propose a novel quantum meet-in-the-middle (QMITM) attack in Q1 model. Inspired by Hosoyamada et al.'s work [Hosoyamada2018A], we have introduced quantum computing in the offline computation of the classic meet-in-the-middle (MITM) attack [Guo2016]. In the attack, the differential characteristic of 7-round Feistel construction is given via 5-round distinguisher firstly. And then we propose a quantum claw finding algorithm based on quantum walk, which speeds up the process of finding a match in the offline computation phase. The keys in 7-round Feistel construction could be recovered by the match at last. Compared with quantum attacks in Q2 model, our attack reduces the time complexity from $O({2^{3n/4}})$ to $O({2^{2n/3}})$, and is significantly better than classic attacks. Moreover, our attack belongs to Q1 model, which is more practical than Q2 model.