Quantum search for scaled hash function preimages

We present the implementation of Grover's algorithm in a quantum simulator to perform a quantum search for preimages of two scaled hash functions, whose design only uses modular addition, word rotation, and bitwise exclusive or. Our implementation provides the means to assess with precision the scaling of the number of gates and depth of a full-fledged quantum circuit designed to find the preimages of a given hash digest. The detailed construction of the quantum oracle shows that the presence of AND gates, OR gates, shifts of bits and the reuse of the initial state along the computation, require extra quantum resources as compared with other hash functions based on modular additions, XOR gates and rotations. We also track the entanglement entropy present in the quantum register at every step along the computation, showing that it becomes maximal at the inner core of the first action of the quantum oracle, which implies that no classical simulation based on Tensor Networks would be of relevance. Finally, we show that strategies that suggest a shortcut based on sampling the quantum register after a few steps of Grover's algorithm can only provide some marginal practical advantage in terms of error mitigation.

[1]  Thomas G. Draper,et al.  A logarithmic-depth quantum carry-lookahead adder , 2006, Quantum Inf. Comput..

[2]  María Naya-Plasencia,et al.  Quantum Differential and Linear Cryptanalysis , 2015, IACR Trans. Symmetric Cryptol..

[3]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[4]  Edward F. Schaefer,et al.  A SIMPLIFIED AES ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES , 2003, Cryptologia.

[5]  Martin Rötteler,et al.  Post-Quantum Cryptography , 2015, Lecture Notes in Computer Science.

[6]  Travis S. Humble,et al.  Quantum supremacy using a programmable superconducting processor , 2019, Nature.

[7]  Barenco,et al.  Elementary gates for quantum computation. , 1995, Physical review. A, Atomic, molecular, and optical physics.

[8]  J. Latorre,et al.  Universality of entanglement and quantum-computation complexity , 2003, quant-ph/0311017.

[9]  Marc Kaplan,et al.  Quantum attacks against iterated block ciphers , 2014, ArXiv.

[10]  G. Vidal Efficient classical simulation of slightly entangled quantum computations. , 2003, Physical review letters.

[11]  Lars Schlieper In-place implementation of Quantum-Gimli , 2020, ArXiv.

[12]  Daewan Han,et al.  Time–space complexity of quantum search algorithms in symmetric cryptanalysis: applying to AES and SHA-2 , 2018, Quantum Information Processing.

[13]  Arpita Maitra,et al.  Grover on $$\,SIMON\,$$ S I M O N , 2020, Quantum Inf. Process..

[14]  Jean-Philippe Aumasson,et al.  The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC) , 2015, RFC.

[15]  Martin Roetteler,et al.  Implementing Grover Oracles for Quantum Key Search on AES and LowMC , 2019, IACR Cryptol. ePrint Arch..

[16]  Seung Joo Choi,et al.  Grover on SPECK: Quantum Resource Estimates , 2020, IACR Cryptol. ePrint Arch..

[17]  Daniel J. Bernstein,et al.  Low-Communication Parallel Quantum Multi-Target Preimage Search , 2017, SAC.

[18]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[19]  Rosni Abdullah,et al.  Quantum reversible circuit of AES-128 , 2018, Quantum Information Processing.

[20]  Barenco,et al.  Quantum networks for elementary arithmetic operations. , 1995, Physical review. A, Atomic, molecular, and optical physics.

[21]  Gilles Brassard,et al.  Quantum Algorithm for the Collision Problem , 2016, Encyclopedia of Algorithms.

[22]  Thomas G. Draper,et al.  A new quantum ripple-carry addition circuit , 2004, quant-ph/0410184.

[23]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[24]  María Naya-Plasencia,et al.  Quantum Security Analysis of AES , 2019, IACR Cryptol. ePrint Arch..

[25]  Gilles Brassard,et al.  Tight bounds on quantum searching , 1996, quant-ph/9605034.

[26]  Rainer Steinwandt,et al.  Reducing the Cost of Implementing AES as a Quantum Circuit , 2020, IEEE Transactions on Quantum Engineering.

[27]  John Preskill,et al.  Quantum Computing in the NISQ era and beyond , 2018, Quantum.

[28]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[29]  María Naya-Plasencia,et al.  An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography , 2017, ASIACRYPT.

[30]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.