Due to the powerful computing capability of quantum computers, cryptographic researchers have applied quantum algorithms to cryptanalysis and obtained many interesting results in recent years. In this paper, we study related-key attack in the quantum setting and propose a specific related-key attack, which can recover the key of block ciphers efficiently as long as the attacked block ciphers satisfy certain condition. The attack algorithm employs the Bernstein–Vazirani algorithm as a subroutine and requires the attacker to query the encryption oracle with quantum superpositions. We give a condition under which the attack will succeed and prove that any block cipher either satisfies the condition or has a distinguishing attack. As a specific example of its application, we use the attack algorithm to extract the private key of the Even–Mansour cipher. The results of this study show the power of related-key attack when combined with quantum algorithms and provide guidance for the design of quantum-secure block ciphers.

中文翻译：

---

基于Bernstein-Vazirani算法的量子相关密钥攻击

由于量子计算机的强大计算能力，近年来，密码学研究人员将量子算法应用于密码分析，并获得了许多有趣的结果。在本文中，我们研究了量子环境中的相关密钥攻击，并提出了一种特定的相关密钥攻击，只要被攻击的分组密码满足特定条件，它就可以有效地恢复分组密码的密钥。攻击算法采用Bernstein-Vazirani算法作为子例程，并要求攻击者查询具有量子叠加的加密预言。我们给出了攻击将成功的条件，并证明任何分组密码要么满足该条件，要么具有区别攻击。作为其应用的具体示例，我们使用攻击算法提取Even-Mansour密码的私钥。研究结果表明，与量子算法结合使用时，相关密钥攻击具有强大的功能，并为量子安全分组密码的设计提供了指导。