Quantum collision finding for homomorphic hash functions
This work addresses a security problem for cryptographic systems relying on homomorphic hash functions, revealing a significant vulnerability that could impact their practical use, though it is incremental as it builds on known quantum attack methods.
The paper tackles the vulnerability of homomorphic hash functions to quantum attacks by exploiting their additive or multiplicative properties, resulting in efficient collision and preimage attacks using quantum algorithms, with concrete examples provided for specific hash schemes.
Hash functions are a basic cryptographic primitive. Certain hash functions try to prove security against collision and preimage attacks by reductions to known hard problems. These hash functions usually have some additional properties that allow for that reduction. Hash functions which are additive or multiplicative are vulnerable to a quantum attack using the hidden subgroup problem algorithm for quantum computers. Using a quantum oracle to the hash, we can reconstruct the kernel of the hash function, which is enough to find collisions and second preimages. When the hash functions are additive with respect to the group operation in an Abelian group, there is always an efficient implementation of this attack. We present concrete attack examples to provable hash functions, including a preimage attack to $\oplus$-linear hash functions and for certain multiplicative homomorphic hash schemes.