1: \begin{abstract}

2: Recent results of Kaplan et al., building on work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by \emph{quantum chosen-plaintext attacks} (qCPA). In such an attack, the quantum adversary has the ability to query the cryptographic functionality in superposition. The vulnerable cryptosystems include the Even-Mansour block cipher, the three-round Feistel network, the Encrypted-CBC-MAC, and many others.

3: 

4: In this article, we study simple algebraic adaptations of such schemes that replace $(\Z/2)^n$ addition with operations over alternate finite groups---such as $\Z/2^n$---and provide evidence that these adaptations are qCPA-secure. These adaptations furthermore retain the classical security properties and basic structural features enjoyed by the original schemes.

5: 

6: We establish security by treating the (quantum) hardness of the

7: well-studied \emph{Hidden Shift problem} as a cryptographic

8: assumption. We observe that this problem has a number of attractive

9: features in this cryptographic context, including random

10: self-reducibility, hardness amplification, and---in many cases of

11: interest---a reduction from the ``search version'' to the ``decisional

12: version.''  We then establish, under this assumption, the qCPA-security of

13: several such Hidden Shift adaptations of symmetric-key constructions. We show that a Hidden Shift version of the Even-Mansour block cipher

14: yields a quantum-secure pseudorandom function, and that a Hidden Shift

15: version of the Encrypted CBC-MAC yields a collision-resistant hash

16: function. Finally, we observe that such adaptations frustrate the direct Simon's algorithm-based attacks in more general circumstances, e.g., Feistel networks and slide attacks.

17: \end{abstract}