Synthesizing quantum circuits of AES with lower \(T\)-depth and less qubits. (English) Zbl 1530.81035
Agrawal, Shweta (ed.) et al., Advances in cryptology – ASIACRYPT 2022. 28th international conference on the theory and application of cryptology and information security, Taipei, Taiwan, December 5–9, 2022. Proceedings. Part III. Cham: Springer. Lect. Notes Comput. Sci. 13793, 614-644 (2023).
Summary: The significant progress in the development of quantum computers has made the study of cryptanalysis based on quantum computing an active topic. To accurately estimate the resources required to carry out quantum attacks, the involved quantum algorithms have to be synthesized into quantum circuits with basic quantum gates. In this work, we present several generic synthesis and optimization techniques for circuits implementing the quantum oracles of iterative symmetric-key ciphers that are commonly employed in quantum attacks based on Grover and Simon’s algorithms. Firstly, a general structure for implementing the round functions of block ciphers in-place is proposed. Then, we present some novel techniques for synthesizing efficient quantum circuits of linear and non-linear cryptographic building blocks. We apply these techniques to AES and systematically investigate the strategies for depth-width trade-offs. Along the way, we derive a quantum circuit for the AES S-box with provably minimal \(T\)-depth based on some new observations on its classical circuit. As a result, the \(T\)-depth and width (number of qubits) required for implementing the quantum circuits of AES are significantly reduced. Compared with the circuit proposed in EUROCRYPT 2020, the \(T\)-depth is reduced from 60 to 40 without increasing the width or 30 with a slight increase in width. These circuits are fully implemented in Microsoft \(\mathrm{Q}\#\) and the source code is publicly available. Compared with the circuit proposed in [J. Zou et al., Lect. Notes Comput. Sci. 12492, 697–726 (2020; Zbl 1521.81059)], the width of one of our circuits is reduced from 512 to 371, and the Toffoli-depth is reduced from 2016 to 1558 at the same time. Actually, we can reduce the width to 270 at the cost of increased depth. Moreover, a full spectrum of depth-width trade-offs is provided, setting new records for the synthesis and optimization of quantum circuits of AES.
For the entire collection see [Zbl 1517.94003].
For the entire collection see [Zbl 1517.94003].
MSC:
| 81P47 | Quantum channels, fidelity |
| 68Q09 | Other nonclassical models of computation |
| 47N70 | Applications of operator theory in systems, signals, circuits, and control theory |
| 81P65 | Quantum gates |
| 47A10 | Spectrum, resolvent |
| 60G35 | Signal detection and filtering (aspects of stochastic processes) |
Citations:
Zbl 1521.81059Software:
Q#References:
| [1] | Amy, M.; Di Matteo, O.; Gheorghiu, V.; Mosca, M.; Parent, A.; Schanck, J.; Avanzi, R.; Heys, H., Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3, Selected Areas in Cryptography - SAC 2016, 317-337 (2017), Cham: Springer, Cham · Zbl 1418.94028 · doi:10.1007/978-3-319-69453-5_18 |
| [2] | Amy, M., Maslov, D., Mosca, M., Roetteler, M.: A meet-in-the-middle algorithm for fast synthesis of depth-optimal quantum circuits. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 32(6), 818-830 (2013) |
| [3] | Almazrooie, M.; Samsudin, A.; Abdullah, R.; Mutter, KN, Quantum reversible circuit of AES-128, Quantum Inf. Process., 17, 5, 1-30 (2018) · Zbl 1395.81098 · doi:10.1007/s11128-018-1864-3 |
| [4] | Banegas, G.; Bernstein, DJ; van Hoof, I.; Lange, T., Concrete quantum cryptanalysis of binary elliptic curves, IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021, 1, 451-472 (2021) |
| [5] | Bonnetain, X.; Hosoyamada, A.; Naya-Plasencia, M.; Sasaki, Yu; Schrottenloher, A.; Galbraith, SD; Moriai, S., Quantum attacks without superposition queries: the offline Simon’s algorithm, Advances in Cryptology - ASIACRYPT 2019, 552-583 (2019), Cham: Springer, Cham · Zbl 1456.94052 · doi:10.1007/978-3-030-34578-5_20 |
| [6] | Bonnetain, X.; Leurent, G.; Naya-Plasencia, M.; Schrottenloher, A.; Tibouchi, M.; Wang, H., Quantum linearization attacks, Advances in Cryptology - ASIACRYPT 2021, 422-452 (2021), Cham: Springer, Cham · Zbl 1522.81069 · doi:10.1007/978-3-030-92062-3_15 |
| [7] | Bonnetain, X.; Naya-Plasencia, M.; Schrottenloher, A.; Paterson, KG; Stebila, D., On quantum slide attacks, Selected Areas in Cryptography - SAC 2019, 492-519 (2020), Cham: Springer, Cham · Zbl 1453.94062 · doi:10.1007/978-3-030-38471-5_20 |
| [8] | Bonnetain, X.; Naya-Plasencia, M.; Schrottenloher, A., Quantum security analysis of AES, IACR Trans. Symmetric Cryptol., 2019, 2, 55-93 (2019) · Zbl 1453.94062 · doi:10.46586/tosc.v2019.i2.55-93 |
| [9] | Boyar, J.; Peralta, R.; Gritzalis, D.; Furnell, S.; Theoharidou, M., A Small Depth-16 Circuit for the AES S-Box, Information Security and Privacy Research, 287-298 (2012), Heidelberg: Springer, Heidelberg · doi:10.1007/978-3-642-30436-1_24 |
| [10] | Chailloux, A.; Naya-Plasencia, M.; Schrottenloher, A.; Takagi, T.; Peyrin, T., An efficient quantum collision search algorithm and implications on symmetric cryptography, Advances in Cryptology - ASIACRYPT 2017, 211-240 (2017), Cham: Springer, Cham · Zbl 1380.81085 · doi:10.1007/978-3-319-70697-9_8 |
| [11] | Fowler, A.G.: Time-optimal quantum computation. arXiv preprint arXiv:1210.4626 (2012) |
| [12] | Fuhs, C.; Schneider-Kamp, P.; Strichman, O.; Szeider, S., Synthesizing shortest linear straight-line programs over GF(2) using SAT, Theory and Applications of Satisfiability Testing - SAT 2010, 71-84 (2010), Heidelberg: Springer, Heidelberg · Zbl 1306.68156 · doi:10.1007/978-3-642-14186-7_8 |
| [13] | Grassl, M.; Langenberg, B.; Roetteler, M.; Steinwandt, R.; Takagi, T., Applying Grover’s algorithm to AES: quantum resource estimates, Post-Quantum Cryptography, 29-43 (2016), Cham: Springer, Cham · Zbl 1405.81026 · doi:10.1007/978-3-319-29360-8_3 |
| [14] | Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp. 212-219. ACM (1996) · Zbl 0922.68044 |
| [15] | Harsha, B., Blocki, J.: An economic model for quantum key-recovery attacks against ideal ciphers. In: 20th Annual Workshop on the Economics of Information Security, Brussels, 14-15 December 2020 |
| [16] | Hosoyamada, A.; Sasaki, Yu; Canteaut, A.; Ishai, Y., Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound, Advances in Cryptology - EUROCRYPT 2020, 249-279 (2020), Cham: Springer, Cham · Zbl 1492.81040 · doi:10.1007/978-3-030-45724-2_9 |
| [17] | Huang, Z., Sun, S.: Synthesizing quantum circuits of AES with lower t-depth and less qubits. https://eprint.iacr.org/2022/620 · Zbl 1530.81035 |
| [18] | Hosoyamada, A., Sasaki, Y.: Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations. In: CT-RSA 2018, Proceedings, pp. 198-218 (2018) · Zbl 1507.94040 |
| [19] | Hosoyamada, A.; Sasaki, Yu; Catalano, D.; De Prisco, R., Quantum Demiric-Selçuk meet-in-the-middle attacks: applications to 6-round generic feistel constructions, Security and Cryptography for Networks, 386-403 (2018), Cham: Springer, Cham · Zbl 1514.81107 · doi:10.1007/978-3-319-98113-0_21 |
| [20] | IBM QiskitL Open-source quantum development. https://qiskit.org/ |
| [21] | Jaques, S.; Naehrig, M.; Roetteler, M.; Virdia, F.; Canteaut, A.; Ishai, Y., Implementing Grover oracles for quantum key search on AES and LowMC, Advances in Cryptology - EUROCRYPT 2020, 280-310 (2020), Cham: Springer, Cham · Zbl 1492.81042 · doi:10.1007/978-3-030-45724-2_10 |
| [22] | Kaplan, M.; Leurent, G.; Leverrier, A.; Naya-Plasencia, M.; Robshaw, M.; Katz, J., Breaking symmetric cryptosystems using quantum period finding, Advances in Cryptology - CRYPTO 2016, 207-237 (2016), Heidelberg: Springer, Heidelberg · Zbl 1391.94766 · doi:10.1007/978-3-662-53008-5_8 |
| [23] | Kaplan, M.; Leurent, G.; Leverrier, A.; Naya-Plasencia, M., Quantum differential and linear cryptanalysis, IACR Trans. Symmetric Cryptol., 2016, 1, 71-94 (2016) · Zbl 1391.94766 · doi:10.46586/tosc.v2016.i1.71-94 |
| [24] | Langenberg, B., Pham, H., Steinwandt, R.: Reducing the cost of implementing AES as a quantum circuit. IACR Cryptology ePrint Archive, p. 854 (2019) |
| [25] | Microsoftt Q#. Quantum development. https://devblogs.microsoft.com/qsharp/ |
| [26] | Meuli, G., Soeken, M., De Micheli, G.: Sat-based CNOT, T quantum circuit synthesis. In: Reversible Computation, RC 2018, Leicester, UK, pp. 175-188 (2018) · Zbl 1515.81075 |
| [27] | Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2016) · Zbl 1049.81015 |
| [28] | NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). https://csrc.nist.gov/projects/post-quantum-cryptography |
| [29] | Naya-Plasencia, M.; Schrottenloher, A.; Canteaut, A.; Ishai, Y., Optimal merging in quantum \(k\)-xor and k-sum algorithms, Advances in Cryptology - EUROCRYPT 2020, 311-340 (2020), Cham: Springer, Cham · Zbl 1489.81021 · doi:10.1007/978-3-030-45724-2_11 |
| [30] | Patel, KN; Markov, IL; Hayes, JP, Optimal synthesis of linear reversible circuits, Quantum Inf. Comput., 8, 3, 282-294 (2008) · Zbl 1152.81794 |
| [31] | Selinger, P.: Quantum circuits of \(t\)-depth one. CoRR, abs/1210.0974 (2012) |
| [32] | Shor, PW, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Rev., 41, 2, 303-332 (1999) · Zbl 1005.11507 · doi:10.1137/S0036144598347011 |
| [33] | Shende, V.V., Prasad, A.K., Markov, I.L., Hayes, J.P.: Synthesis of reversible logic circuits. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 22(6), 710-722 (2003) |
| [34] | Stoffelen, K.; Peyrin, T., Optimizing S-box implementations for several criteria using SAT solvers, Fast Software Encryption, 140-160 (2016), Heidelberg: Springer, Heidelberg · Zbl 1387.94100 · doi:10.1007/978-3-662-52993-5_8 |
| [35] | Xiang, Z.; Zeng, X.; Lin, D.; Bao, Z.; Zhang, S., Optimizing implementations of linear layers, IACR Trans. Symmetric Cryptol., 2020, 2, 120-145 (2020) · doi:10.46586/tosc.v2020.i2.120-145 |
| [36] | Zou, J.; Wei, Z.; Sun, S.; Liu, X.; Wu, W.; Moriai, S.; Wang, H., Quantum circuit implementations of AES with fewer qubits, Advances in Cryptology - ASIACRYPT 2020, 697-726 (2020), Cham: Springer, Cham · Zbl 1521.81059 · doi:10.1007/978-3-030-64834-3_24 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
