LOL is a framework for designing stream ciphers that enables ultra fast software implementations for ubiquitous virtual networks in 5G/6G environments, while also providing high-security levels for post-quantum cryptography.However, its security in a quantum environment remains to be evaluated.Although Grover algorithm can achieve a quadratic quantum speedup,it requires a long-running serial computation, which is difficult to implement in practice. The computer development of quantum annealing algorithms is much faster than that of general-purpose quantum computers, and its future application may be greater. In this paper, we assess the security of LOL-MINI, a basic LOL single mode of the LOL stream cipher framework, using the quantum annealing attacks. We demonstrate that to retrieve the full internal state of the cryptographic algorithm, the algorithm’s time complexity is about 2 177.34 . This represents a significant improvement over the traditional algebraic attacks, which have a time complexity of 2 384 , therefore, quantum annealing attacks pose a greater threat to stream ciphers than traditional attacks. On the other hand, to effectively resist such quantum attacks,we can fully leverage the scalability of the LOL cipher.We show that the time complexity can reach for every m additional 128-bit register units LOL-MINI ciphers in finite state machine.Thus, by appropriately adding 128-bit register units to the FSM, the cipher can effectively resist this quantum attack. Therefore, the LOL cipher, with its huge internal state, provides a new design concept for the development of future quantum-resistant encryption algorithms. • We propose an optimized mapping technique that converts the linearized system of equations into a QUBO problem without introducing further additional variables. While we acknowledge that transforming the native nonlinear equations of LOL-mini into a linear system necessitates auxiliary variables (as detailed in 3.3.1), our method ensures zero variable overhead in the subsequent linear-to-QUBO conversion, requiring only n variables for the linear system itself. This efficiency preserves the problem scale established after linearization, making our attack potentially more efficient than classical brute-force methods. • We detail how to transform LOL-MINI into the QUBO problem. Firstly, the LOL-MINI cryptographic algorithm is transformed into algebraic equations represented by its various internal states. Moreover, the algebraic equations are linearized through variable substitution. Subsequently, the proposed transformation method is utilized to convert these linear equations into a QUBO problem, which is then solved using a quantum annealing computer. • We are the first to proof that for LOL-MINI cipher, the quantum annealing attack has a significant improvement over the traditional algebraic attacks. Specifically, the analysis results show that for the LOL-MINI cipher algorithm with a 256-bit initial key (the length of the internal state is 768-bit), the time complexity of recovering its internal state using this algorithm is only 2 177.34 . While the time complexity of traditional algebraic attacks to recover internal state is 2 384 . Therefore, we show that our present attacks might surpass traditional algebraic attacks for LOL ciphers. • For the first time, we demonstrate that the LOL framework can offer resistance to quantum annealing attacks comparable to that of AES ciphers, contingent upon specific parameter settings. Specifically, by utilizing the scalability of the LOL cipher, we can augment the Finite State Machine with an additional m register units. This increases the number of logical variables in the equation system derived from quantum annealing attacks to 3936 m + 16256. In contrast, the number of logical variables involved in quantum annealing attacks targeting AES-128, AES-192, and AES-256 is approximately 30,000, 45,000, and 60,000. Our analysis shows that when m > 4, the variable count for LOL exceeds 32,000, surpassing the complexity of attacking AES-128. Furthermore, increasing m allows the system to scale beyond the variable counts associated with AES-192 and AES-256. Therefore, under the precondition that m > 4, the ability of LOL ciphers to defend against such attacks can match or even exceed that of standard AES ciphers.
Dong et al. (Wed,) studied this question.