Post-Quantum Cryptography

We present quantum circuits to implement an exhaustive key search for the Advanced Encryption Standard AES and analyze the quantum resources required to carry out such an attack. We consider the overall circuit size, the number of qubits, and the circuit depth as measures for the cost of the presented quantum algorithms. Throughout, we focus on Clifford$$+T$$ gates as the underlying fault-tolerant logical quantum gate set. In particular, for all three variants of AES key size 128, 192, and 256i¾źbit that are standardized in FIPS-PUB 197, we establish precise bounds for the number of qubits and the number of elementary logical quantum gates that are needed to implement Grover's quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs.

[1]  今井 浩 20世紀の名著名論:Peter Shor : Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 2004 .

[2]  Ed Dawson,et al.  Strict key avalanche criterion , 1992, Australas. J Comb..

[3]  Gilles Brassard,et al.  Quantum Counting , 1998, ICALP.

[4]  Rainer Steinwandt,et al.  Quantum circuits for F2n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mathbb {F}}_{2^{n}}$$\end{document}-multipli , 2015, Quantum Information Processing.

[5]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[6]  Dmitri Maslov,et al.  Polynomial-Time T-Depth Optimization of Clifford+T Circuits Via Matroid Partitioning , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[7]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[8]  Cody Jones,et al.  Low-overhead constructions for the fault-tolerant Toffoli gate , 2012, 1212.5069.

[9]  G. Brassard,et al.  Quantum Amplitude Amplification and Estimation , 2000, quant-ph/0005055.

[10]  Gilles Brassard,et al.  Tight bounds on quantum searching , 1996, quant-ph/9605034.

[11]  Joppe W. Bos,et al.  Initial recommendations of long-term secure post-quantum systems , 2015 .

[12]  Martin Rötteler,et al.  Quantum arithmetic and numerical analysis using Repeat-Until-Success circuits , 2014, Quantum Inf. Comput..

[13]  Alan G. Konheim Cryptography, a primer , 1981 .

[14]  A. Fowler,et al.  High-threshold universal quantum computation on the surface code , 2008, 0803.0272.

[15]  Markus Püschel,et al.  Solving puzzles related to permutation groups , 1998, ISSAC '98.

[16]  Thierry Paul,et al.  Quantum computation and quantum information , 2007, Mathematical Structures in Computer Science.

[17]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[18]  Dhiraj K. Pradhan,et al.  On the Design and Optimization of a Quantum Polynomial-Time Attack on Elliptic Curve Cryptography , 2007, TQC.

[19]  A. Steane Overhead and noise threshold of fault-tolerant quantum error correction , 2002, quant-ph/0207119.

[20]  M. Mariantoni,et al.  Surface codes: Towards practical large-scale quantum computation , 2012, 1208.0928.

[21]  Barenco,et al.  Elementary gates for quantum computation. , 1995, Physical review. A, Atomic, molecular, and optical physics.

[22]  Theodore J. Yoder,et al.  Fixed-point quantum search with an optimal number of queries. , 2014, Physical review letters.

[23]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[24]  Martin Roetteler,et al.  A note on quantum related-key attacks , 2013, Inf. Process. Lett..

[25]  M. Mosca,et al.  A Meet-in-the-Middle Algorithm for Fast Synthesis of Depth-Optimal Quantum Circuits , 2012, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[26]  Dmitri Maslov,et al.  Quantum Circuit Placement: Optimizing Qubit-to-qubit Interactions through Mapping Quantum Circuits into a Physical Experiment , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[27]  Dmitri Maslov,et al.  On the advantages of using relative phase Toffolis with an application to multiple control Toffoli optimization , 2015, ArXiv.

[28]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[29]  Ben Reichardt,et al.  Quantum universality by state distillation , 2006, Quantum Inf. Comput..

[30]  Martin Rötteler,et al.  Efficient quantum circuits for binary elliptic curve arithmetic: reducing T-gate complexity , 2012, Quantum Inf. Comput..