Using Bernstein-Vazirani Algorithm to Attack Block Ciphers

In this paper, we study applications of Bernstein-Vazirani algorithm and present several new methods to attack block ciphers. Specifically, we first present a quantum algorithm for finding the linear structures of a function. Based on it, we propose new quantum distinguishers for the 3-round Feistel scheme and a new quantum algorithm to recover partial key of the Even-Mansour construction. Afterwards, by observing that the linear structures of a encryption function are actually high probability differentials of it, we apply our algorithm to differential analysis and impossible differential cryptanalysis respectively. We also propose a new kind of differential cryptanalysis, called quantum small probability differential cryptanalysis, based on the fact that the linear structures found by our algorithm are also the linear structure of each component function. To our knowledge, no similar method was proposed before. The efficiency and success probability of all attacks are analyzed rigorously. Since our algorithm treats the encryption function as a whole, it avoid the disadvantage of traditional differential cryptanalysis that it is difficult to extending the differential path.