Quantum Meet-in-the-Middle Attack on Feistel Constructions

Quantum attacks on Feistel constructions have attracted much attention from worldwide crytologists. To reduce the time complexity of quantum attacks on $r$-round ($r \ge 7$) Feistel construction, we propose a novel quantum meet-in-the-middle (QMITM) attack. For 7-round Feistel construction, we introduce quantum computing in the offline computation of the classic meet-in-the-middle (MITM) attack [Guo2016], i.e., propose a quantum claw finding algorithm based on quantum walk, which speeds up the process of finding a match in the offline computation phase. The keys in 7-round Feistel construction could be recovered by the match at last. Furthermore, to attack $r$-round ($r > 7$), we use amplitude amplification algorithm to search the last $r-7$ rounds of keys. Compared with other quantum attacks in Q2 model, our attack reduces the time complexity from $O({2^{0.25nr - n}})$ to $O({2^{2n/3 + (r - 7)n/4}})$, and is significantly better than classic attacks. Moreover, our attack only needs to make classical online queries, without quantum superposition queries in other quantum attacks, which is more practical.