Implementing Grover Oracles for Quantum Key Search on AES and LowMC
Samuel Jaques,Michael Naehrig,Martin Roetteler,Fernando Virdia +3 more
- pp 280-310
TLDR
Q# implementations of the full Grover oracle for AES-128, -192, -256 and for the three LowMC instantiations used in Picnic are released, including unit tests and code to reproduce the quantum resource estimates.Abstract:
Grover’s search algorithm gives a quantum attack against block ciphers by searching for a key that matches a small number of plaintext-ciphertext pairs. This attack uses \(O(\sqrt{N})\) calls to the cipher to search a key space of size N. Previous work in the specific case of AES derived the full gate cost by analyzing quantum circuits for the cipher, but focused on minimizing the number of qubits.read more
Citations
More filters
Book ChapterDOI
Quantum Circuit Implementations of AES with Fewer Qubits
TL;DR: In this article, the S-box operation was introduced in AES to reduce the number of qubits in the zig-zag method, which reduced the complexity of AES's key schedule.
Book ChapterDOI
Quantum Collision Attacks on AES-Like Hashing with Low Quantum Random Access Memories
TL;DR: This work reduces or even avoids the use of qRAMs by performing a quantum rebound attack based on differentials with non-full-active super S-boxes, and improves attacks on AES-MMO, AES-MP, and the first classical collision attacks on 4and 5-round Grøstl-512.
Journal ArticleDOI
Grover on Korean Block Ciphers
TL;DR: This paper presents optimized implementations of every Korean made lightweight block ciphers for quantum computers, which include HIGHT, CHAM, and LEA, and NSA made lightweight blocks cipher, namely SPECK, and the first implementation of ARX-based Korean lightweight blockciphers in quantum circuits.
Journal ArticleDOI
The SQALE of CSIDH: sublinear Vélu quantum-resistant isogeny action with low exponents
Jorge Chávez-Saab,Jesús-Javier Chi-Domínguez,Samuel Jaques,Francisco Rodríguez-Henríquez,Francisco Rodríguez-Henríquez +4 more
TL;DR: This paper refines the estimates of a resource-constrained quantum collimation sieve attack to give a precise quantum security to CSIDH, and provides a C-code constant-time implementation of thoseCSIDH large instantiations using the square-root-complexity Vélu’s formulas recently proposed by Bernstein, De Feo, Leroux and Smith.
Book ChapterDOI
Synthesizing Quantum Circuits of AES with Lower T-depth and Less Qubits
Zhenyu Huang,Siwei Sun +1 more
TL;DR: In this paper , the authors presented several generic synthesis and optimization techniques for circuits implementing the quantum oracles of iterative symmetric-key ciphers that are commonly employed in quantum attacks based on Grover and Simon's algorithms.
References
More filters
Journal ArticleDOI
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
TL;DR: In this paper, the authors considered factoring integers and finding discrete logarithms on a quantum computer and gave an efficient randomized algorithm for these two problems, which takes a number of steps polynomial in the input size of the integer to be factored.
Proceedings ArticleDOI
Algorithms for quantum computation: discrete logarithms and factoring
TL;DR: Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored are given.
Proceedings ArticleDOI
A fast quantum mechanical algorithm for database search
TL;DR: In this paper, it was shown that a quantum mechanical computer can solve integer factorization problem in a finite power of O(log n) time, where n is the number of elements in a given integer.
Journal ArticleDOI
Surface codes: Towards practical large-scale quantum computation
TL;DR: The concept of the stabilizer, using two qubits, is introduced, and the single-qubit Hadamard, S and T operators are described, completing the set of required gates for a universal quantum computer.
Journal ArticleDOI
Tight bounds on quantum searching
TL;DR: A lower bound on the efficiency of any possible quantum database searching algorithm is provided and it is shown that Grover''s algorithm nearly comes within a factor 2 of being optimal in terms of the number of probes required in the table.