Hash functions are a basic cryptographic primitive. Certain hash functions try to prove security against collision and preimage attacks by reductions to known hard problems. These hash functions usually have some additional properties that allow for that reduction. Hash functions which are additive or multiplicative are vulnerable to a quantum attack using the hidden subgroup problem algorithm for quantum computers. Using a quantum oracle to the hash, we can reconstruct the kernel of the hash function, which is enough to find collisions and second preimages. When the hash functions are additive with respect to the group operation in an Abelian group, there is always an efficient implementation of this attack. We present concrete attack examples to provable hash functions, including a preimage attack to SWIFFT and collision finding for certain multiplicative homomorphic hash schemes.

翻译：散列函数是一种基本的加密原始功能。 某些散列函数试图通过减少已知的硬性问题来证明碰撞和预示攻击的安全性。 这些散列函数通常有一些额外的特性可以减少这种危险。 添加或倍增的散列函数很容易使用量子计算机的隐藏分组问题算法受到量子攻击。 使用散列的量子魔咒, 我们可以重建散列函数的内核, 这足以找到碰撞和第二次预设。 当散列函数对Abelian集团的集团作业是累加时, 总是能够有效地实施这种攻击。 我们为可移动的散列函数提供了具体的攻击例子, 包括预先攻击SWIFFT, 以及发现某些多倍的同质散列计划碰撞。