Sponge-Based Authenticated Encryption: Security Against Quantum Attackers

In this work, we study the security of sponge-based authenticated encryption schemes against quantum attackers. In particular, we analyse the sponge-based authenticated encryption scheme $${ \textsc {Slae}}$$ as put forward by Degabriele et al. (ASIACRYPT’19) due to its modularity. We show that the scheme achieves security in the post-quantum (QS1) setting in the quantum random oracle model by using the one-way to hiding lemma. Furthermore, we analyse the scheme in a fully-quantum (QS2) setting. There we provide a set of attacks showing that $${ \textsc {Slae}}$$ does not achieve ciphertext indistinguishability and hence overall does not provide the desired level of security.