Parallelism strategies for the tuneable golden-claw finding problem

In this paper we study a strategy for adapting the “Tiny Claw” Grover-based attack of Biasse and Pring (A framework for reducing the overhead of the quantum oracle for use with Grover's algorithm with applications to cryptanalysis of SIKE, J. Math. Cryptol. 15 (2019), pp. 143–156) for attacking SIKE and abstract it under a realistic model of classical memory-access costs. Our results allow us to retain the almost quadratic reduction in the overheads involved with the implementing the quantum oracle in this cost model and demonstrate how the cost of the parallel version of this attack scales in a manner superior to that of a naive use of Grover’s algorithm. In order to investigate the utility of the Tiny Claw approach, we perform a quantum resource estimation of the classical and quantum resources required to attack various SIKE instances with Tiny Claw when when we are limited to hardware, finding interesting price-points.

[1]  Samuel Jaques,et al.  Low-gate Quantum Golden Collision Finding , 2020, IACR Cryptol. ePrint Arch..

[2]  Charles H. Bennett Time/Space Trade-Offs for Reversible Computation , 1989, SIAM J. Comput..

[3]  Adi Shamir,et al.  Fast Exhaustive Search for Polynomial Systems in F2 , 2010, IACR Cryptol. ePrint Arch..

[4]  Gilles Brassard,et al.  Quantum Cryptanalysis of Hash and Claw-Free Functions , 1998, LATIN.

[5]  Craig Costello,et al.  Improved Classical Cryptanalysis of the Computational Supersingular Isogeny Problem , 2019, IACR Cryptol. ePrint Arch..

[6]  Gilles Brassard,et al.  Quantum Algorithm for the Collision Problem , 2016, Encyclopedia of Algorithms.

[7]  A. Harrow,et al.  Efficient distributed quantum computing , 2012, Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[8]  Cedric Yen-Yu Lin,et al.  Oracles with Costs , 2015, TQC.

[9]  Samuel Jaques Quantum Cost Models for Cryptanalysis of Isogenies , 2019 .

[10]  Thierry Paul,et al.  Quantum computation and quantum information , 2007, Mathematical Structures in Computer Science.

[11]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[12]  A framework for reducing the overhead of the quantum oracle for use with Grover’s algorithm with applications to cryptanalysis of SIKE , 2020, J. Math. Cryptol..

[13]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[14]  Maike Massierer,et al.  Ramanujan graphs in cryptography , 2018, IACR Cryptol. ePrint Arch..

[15]  D. Bernstein Cost analysis of hash collisions : will quantum computers make SHARCS obsolete? , 2009 .

[16]  Francisco Rodríguez-Henríquez,et al.  On the cost of computing isogenies between supersingular elliptic curves , 2018, IACR Cryptol. ePrint Arch..

[17]  Kristin E. Lauter,et al.  Cryptographic Hash Functions from Expander Graphs , 2008, Journal of Cryptology.

[18]  Jean-Charles Faugère,et al.  On the complexity of solving quadratic Boolean systems , 2011, J. Complex..

[19]  Chen-Mou Cheng,et al.  Fast Exhaustive Search for Quadratic Systems in $$\mathbb {F}_{2}$$ on FPGAs , 2013, Selected Areas in Cryptography.

[20]  María Naya-Plasencia,et al.  An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography , 2017, ASIACRYPT.

[21]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2014, J. Math. Cryptol..

[22]  Chen-Mou Cheng,et al.  Fast exhaustive search for quadratic systems in F_2 on FPGAs , 2014 .

[23]  G. Brassard,et al.  Quantum Amplitude Amplification and Estimation , 2000, quant-ph/0005055.

[24]  Martin Roetteler,et al.  Implementing Grover Oracles for Quantum Key Search on AES and LowMC , 2019, IACR Cryptol. ePrint Arch..

[25]  R. Sarpong,et al.  Bio-inspired synthesis of xishacorenes A, B, and C, and a new congener from fuscol† †Electronic supplementary information (ESI) available. See DOI: 10.1039/c9sc02572c , 2019, Chemical science.

[26]  Lov K. Grover,et al.  How significant are the known collision and element distinctness quantum algorithms? , 2004, Quantum Inf. Comput..

[27]  Geppino Pucci,et al.  Optimal many-to-one routing on the mesh with constant queues , 2001, Inf. Process. Lett..

[28]  Seiichiro Tani An Improved Claw Finding Algorithm Using Quantum Walk , 2007, MFCS.

[29]  Christof Zalka GROVER'S QUANTUM SEARCHING ALGORITHM IS OPTIMAL , 1997, quant-ph/9711070.

[30]  Reza Azarderakhsh,et al.  Efficient and Fast Hardware Architectures for SIKE Round 2 on FPGA , 2020, IACR Cryptol. ePrint Arch..

[31]  Mathias Soeken,et al.  Improved quantum circuits for elliptic curve discrete logarithms , 2020, IACR Cryptol. ePrint Arch..

[32]  Samuel Jaques,et al.  Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE , 2019, IACR Cryptol. ePrint Arch..

[33]  P. Alam,et al.  R , 1823, The Herodotus Encyclopedia.

[34]  Craig Gidney,et al.  Halving the cost of quantum addition , 2017, Quantum.