Post-Quantum Security of IGE Mode Encryption in Telegram

Jeeun LEE  Sungsook KIM  Seunghyun LEE  Kwangjo KIM  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E102-A   No.1   pp.148-151
Publication Date: 2019/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E102.A.148
Type of Manuscript: Special Section LETTER (Special Section on Cryptography and Information Security)
IGE mode,  IND-qCPA,  quantum-accessible random oracle,  standard/quantum-secure pseudorandom function,  

Full Text: PDF(287.6KB)>>
Buy this Article

IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.