A note on quantum related-key attacks
This is an incremental theoretical result for cryptography, highlighting new quantum threats to classical security assumptions.
The paper tackles the vulnerability of block ciphers to quantum related-key attacks, showing that if conditions like unique key determination and efficient evaluation are met, a quantum adversary can extract the secret key efficiently.
In a basic related-key attack against a block cipher, the adversary has access to encryptions under keys that differ from the target key by bit-flips. In this short note we show that for a quantum adversary such attacks are quite powerful: if the secret key is (i) uniquely determined by a small number of plaintext-ciphertext pairs, (ii) the block cipher can be evaluated efficiently, and (iii) a superposition of related keys can be queried, then the key can be extracted efficiently.