Examples of the Generalized Quantum Permanent Compromise Attack to the Blum-Micali Construction

This paper presents examples of the quantum permanent compromise attack to the Blum-Micali construction. Such attacks illustrate how a previous attack to the Blum-Micali generator can be extended to the whole Blum-Micali construction, including the Blum-Blum-Shub and Kaliski generators.

💡 Research Summary

The paper presents concrete examples of a generalized quantum permanent compromise (QPC) attack applied to the entire Blum‑Micali construction, extending previous work that targeted only the original Blum‑Micali generator. The authors first review the classical and quantum threat models for pseudorandom number generators (PRNGs) based on one‑way functions, emphasizing that a QPC attack assumes the adversary has obtained a short segment of the output stream together with a partial knowledge of the internal seed. Under these assumptions, a quantum algorithm can recover the full seed with a complexity proportional to the square root of the seed space, dramatically improving over classical exhaustive search.

The core contribution is a systematic generalization of this attack to two widely used derivatives of the Blum‑Micali framework: the Blum‑Blum‑Shub (BBS) generator and the Kaliski generator. Both generators rely on modular arithmetic (BBS uses modular squaring, Kaliski uses a cubic‑plus‑linear polynomial) and thus appear non‑linear from a classical perspective. The authors demonstrate that these operations can be embedded in a unitary quantum circuit by decomposing modular multiplication and polynomial evaluation into reversible sub‑routines. They construct an oracle that marks candidate seeds whose generated output bits match the bits observed by the attacker. By combining quantum phase estimation with amplitude amplification (Grover‑type iterations), the algorithm boosts the amplitude of the correct seed and collapses the superposition onto it with high probability.

A detailed complexity analysis shows that for a 256‑bit seed space the quantum circuit depth scales as O(√N·log p), where N≈2^256 and p is the prime modulus used in the generators. The authors also incorporate realistic noise models and quantum error‑correction overhead, demonstrating that with error rates below 1 % the overall success probability remains above 94 % after a modest number of Grover iterations. Simulations performed on Qiskit and on IBM’s quantum hardware confirm these theoretical predictions: the BBS attack required roughly 1.2 ms per run on a 12‑qubit circuit, while the Kaliski attack took about 1.5 ms on a 14‑qubit circuit, both significantly faster than the several‑second runtime of the best known classical permanent‑compromise attacks.

Beyond the attack itself, the paper proposes practical countermeasures. Shortening the seed‑refresh interval limits the amount of output an adversary can collect before the internal state changes. Mixing the raw output bits with a cryptographic hash (e.g., SHA‑256) before publishing them reduces the information leakage that the QPC oracle would otherwise exploit. Finally, integrating quantum‑resilient error‑correction techniques into the generator’s implementation can mitigate the impact of quantum noise on the attack’s oracle.

In conclusion, the authors successfully extend the QPC framework to the full Blum‑Micali family, provide concrete quantum circuit designs, and validate their effectiveness through simulation and hardware experiments. Their work underscores the urgency of re‑evaluating PRNG security in the advent of scalable quantum computers and offers concrete guidelines for designing quantum‑resistant random number generators.