Quantum zero correlation linear cryptanalysis

The advent of large-scale quantum computers would greatly threaten the security of current cryptosystems. It is urgent to investigate how quantum computing will affect the security of symmetric cryptosystems. Since the security of symmetric schemes heavily depends on the development of cryptanalytic tools, studying the applications of quantum algorithms to classical cryptanalytic tools is critical. To this end, we study quantum zero correlation linear cryptanalysis and propose two quantum algorithms for finding zero correlation linear hulls of Feistel ciphers and SPN ciphers, respectively. We prove that, as long as the attacked block ciphers satisfy certain algebraic conditions, the linear approximations output by the proposed algorithms have zero correlation with a probability close to one. The proposed algorithms have polynomial-time quantum complexity and do not require any quantum or classical query to the attacked block ciphers. Compared to the classical zero correlation linear cryptanalysis, the quantum version has the advantage for extending the number of rounds of zero correlation linear approximations.