Sponge hashing is a novel class of cryptographic hash algorithms which underlies the current international hash function standard SHA-3. In a nutshell, a sponge function takes as input a bit-stream of any length and processes it via a simple iterative procedure: it repeatedly feeds each block of the input into a so-called block function, and then produces a short digest which consists of a subset of the final output bits. While much is known about the post-quantum security of the sponge construction in the case when the block function is modeled as a random function or permutation, the case of invertible permutations, which more accurately models the construction underlying SHA-3, has so far remained a fundamental open problem. In this work, we make new progress towards overcoming this barrier and show several results. First, we prove the "double-sided zero-search" conjecture proposed by Unruh (eprint' 2021) and show that finding zero-pairs in a random $2n$-bit permutation requires at least $\Omega(2^{n/2})$ many queries -- and this is tight due to Grover's algorithm. At the core of our proof lies a novel "symmetrization argument" which uses insights from the theory of Young subgroups. Second, we consider more general variants of the double-sided search problem and show similar query lower bounds for them. As an application, we prove the quantum one-wayness of the single-round sponge with invertible permutations in the quantum random oracle model.

翻译：海绵哈希是一类新型密码哈希算法，也是当前国际哈希函数标准SHA-3的基础。简而言之，海绵函数将任意长度的比特流作为输入，通过简单迭代过程处理：它将输入每个分块反复馈送至所谓块函数，然后生成由最终输出比特子集构成的短摘要。当块函数被建模为随机函数或排列时，人们对海绵结构的后量子安全性已有充分认识，但可逆排列情形（更准确反映SHA-3底层构造）至今仍是基本开放问题。本研究在突破此障碍方面取得新进展，并展示多项成果。首先，我们证明了Unruh（eprint'2021）提出的“双面零搜索”猜想，表明在随机$2n$比特排列中寻找零对至少需要$\Omega(2^{n/2})$次查询——由于Grover算法，该下界是紧的。证明核心是新颖的“对称化论证”，利用了杨氏子群理论的思想。其次，我们考虑双面搜索问题的更一般变体，并证明其类似查询下界。作为应用，我们在量子随机预言机模型中证明了单轮可逆排列海绵结构的量子单向性。