Da Lin,Zejun Xiang,Runqing Xu,Shasha Zhang,Xiangyong Zeng

DOI: https://doi.org/10.1007/s11128-023-04043-9

IF: 1.965

2023-09-23

Quantum Information Processing

Abstract:This work researches the implementation of the AES family with Pauli-X gates, CNOT gates and Toffoli gates as the underlying quantum logic gate set. First, the properties of quantum circuits are investigated, as well as the influence of Pauli-X gates, CNOT gates and Toffoli gates on the performance of the circuits constructed with those gates. Based on these properties and the observations on the hardware circuits built by Boyar et al. and Zou et al., it is possible to construct quantum circuits for AES's Substitution-box (S-box) and its inverse (S-box ) by rearranging the classical implementation to three parts. Since the second part is treated as a 4-bit S-box in this paper and can be dealt with by existing tools, a heuristic is proposed to search optimized quantum circuits for the first and the third parts. In addition, considering the number of parallelly executed S-boxes, the trade-offs between the qubit consumption and values for the round function and key schedule of AES are studied. As a result, quantum circuits of AES-128, AES-192 and AES-256 can be constructed with 269, 333 and 397 qubits, respectively. If more qubits are allowed, quantum circuits that outperform state-of-the-art schemes in the metric of value for the AES family can be reported, and it needs only 474, 538 and 602 qubits for AES-128, AES-192 and AES-256, respectively.

physics, multidisciplinary,quantum science & technology, mathematical

ZeGuo Wang,Shijie Wei,Gui‐Lu Long

2021-01-01

Abstract:Advanced Encryption Standard(AES) is one of the most widely used block ciphers nowadays, and has been established as an encryption standard in 2001. Here we design AES-128 and the sample-AES(S-AES) quantum circuits for deciphering. In the quantum circuit of AES-128, we perform an affine transformation for the SubBytes part to solve the problem that the initial state of the output qubits in SubBytes is not the $\ket{0}^{\otimes 8}$ state. After that, we are able to encode the new round sub-key on the qubits encoding the previous round sub-key, and this improvement reduces the number of qubits used by 224 compared with Langenberg et al.'s implementation. For S-AES, a complete quantum circuit is presented with only 48 qubits, which is already within the reach of existing noisy intermediate-scale quantum computers.

Zhenqiang Li,Fei Gao,Sujuan Qin,Qiaoyan Wen

DOI: https://doi.org/10.3389/fphy.2023.1171753

IF: 3.718

2023-03-25

Frontiers in Physics

Abstract:Optimizing the quantum circuit for implementing Advanced Encryption Standard (AES) is crucial for estimating the necessary resources in attacking AES by the Grover algorithm. Previous studies have reduced the number of qubits required for the quantum circuits of AES-128/-192/-256 from 984/1112/1336 to 270/334/398, which is close to the optimal value of 256/320/384. It becomes a challenging task to further optimize them. AimTaking aim at this task, we find a method for how the quantum circuit of AES S-box can be designed with the help of the automation tool LIGHTER-R. Particularly, the multiplicative inversion in F28 , which is the main part of the S-box, is converted into the multiplicative inversion (and multiplication) in F24 , then the latter can be implemented by LIGHTER-R because its search space is small enough. By this method, we construct the quantum circuits of S-box for mapping | a ⟩| 0 ⟩ to | a ⟩| S ( a )⟩ and | a ⟩| b ⟩ to | a ⟩| b ⊕ S ( a )⟩ with 20 qubits instead of 22 in the previous studies. In addition, we introduce new techniques to reduce the number of qubits required by the S-box circuit for mapping | a ⟩ to | S ( a )⟩ from 22 in the previous studies to 16. Accordingly, we synthesize the quantum circuits of AES-128/-192/-256 with 264/328/392 qubits, which implies a new record.

physics, multidisciplinary

Mishal Almazrooie,Azman Samsudin,Rosni Abdullah,Kussay N. Mutter

DOI: https://doi.org/10.1007/s11128-018-1864-3

IF: 1.965

2018-03-28

Quantum Information Processing

Abstract:An explicit quantum design of AES-128 is presented in this paper. The design is structured to utilize the lowest number of qubits. First, the main components of AES-128 are designed as quantum circuits and then combined to construct the quantum version of AES-128. Some of the most efficient approaches in classical hardware implementations are adopted to construct the circuits of the multiplier and multiplicative inverse in F2[x]/(x8+x4+x3+x+1)$${\mathbb {F}}_{2}[x]/(x^8+x^4+x^3+x+1)$$. The results show that 928 qubits are sufficient to implement AES-128 as a quantum circuit. Moreover, to maintain the key uniqueness when the quantum AES-128 is employed as a Boolean function within a Black-box in other key searching quantum algorithms, a method with a cost of 930 qubits is also proposed.

physics, multidisciplinary,quantum science & technology, mathematical

Wei Jie Ng,Chik How Tan

DOI: https://doi.org/10.1007/s11128-024-04359-0

IF: 1.965

2024-04-18

Quantum Information Processing

Abstract:Grover's algorithm has been widely used for quantum key search to attack block ciphers with a quadratic speedup as compared to classical brute-force attacks and also used for evaluating the post-quantum security of block ciphers against quantum computer attack. But, this quantum key search on block ciphers has a high quantum circuit depth and AES-128 is still secure against such attack. In this paper, we introduce a method called the depth–measurement trade-off method that reduces the overall quantum circuit depth of quantum key search to attack block ciphers by increasing the number of measurements of the circuit. This method is to introduce dummy keys in the quantum circuit as part of the correct key. This will reduce both quantum circuit resource and quantum circuit depth. Based on this technique, the quantum circuit depth of AES-128 is less than , while NIST suggested circuit depth should be greater than MAXDEPTH, which is , and in order to resist the respective attacks. In addition, we also simulated the depth–measurement trade-off method on the reduced SIMON block cipher algorithm as a proof of concept. Furthermore, we also apply the depth–measurement technique on various block ciphers, for example AES, PRESENT, SIMON, GIFT, SPECK, RECTANGLE, LowMC, KNOT, PIPO, etc.

physics, multidisciplinary,quantum science & technology, mathematical

Yujin Oh,Kyungbae Jang,Anubhab Baksi,Hwajeong Seo

DOI: https://doi.org/10.3390/math12091337

IF: 2.4

2024-04-28

Mathematics

Abstract:Quantum computing advancements pose security challenges for cryptography. Specifically, Grover's search algorithm affects the reduction in the search complexity of symmetric-key encryption and hash functions. Recent efforts have been made to estimate the complexity of Grover's search and evaluate post-quantum security. In this paper, we propose a depth-optimized quantum circuit implementation for ASCON, including both symmetric-key encryption and hashing algorithms, as a part of the lightweight cryptography standardization by NIST (National Institute of Standards and Technology). As far as we know, this is the first implementation of a quantum circuit for the ASCON AEAD (Authenticated Encryption with Associated Data) scheme, which is a symmetric-key algorithm. Also, our quantum circuit implementation of the ASCON-HASH achieves a reduction of more than 88.9% in the Toffoli depth and more than 80.5% in the full depth compared to the previous work. As per our understanding, the most effective strategy against Grover's search involves minimizing the depth of the quantum circuit for the target cipher. We showcase the optimal Grover's search cost for ASCON and introduce a proposed quantum circuit optimized for depth. Furthermore, we utilize the estimated cost to evaluate post-quantum security strength of ASCON, employing the relevant evaluation criteria and the latest advancements in research.

mathematics

Alexey Moiseevskiy

2023-04-12

Abstract:Advanced Encryption Standard is one of the most widely used and important symmetric ciphers for today. It well known, that it can be subjected to the quantum Grover's attack that twice reduces its key strength. But full AES attack requires hundreds of qubits and circuit depth of thousands, that makes impossible not only experimental research but also numerical simulations of this algorithm. Here we present an algorithm for optimized Grover's attack on downscaled Simplifed-AES cipher. Besides full attack we present several approaches that allows to reduce number of required qubits if some nibbles of the key are known as a result of side-channel attack. For 16-bit S-AES the proposed attack requires 23 qubits in general case and 19, 15 or 11 if 4, 8 or 12 bits were leaked in specifc confguration. Comparing to previously known 32-qubits algorithm this approach potentially allows to run the attack on today's NISQ-devices and perform numerical simulations with GPU, that may be useful for further research of problem-specifc error mitigation and error correction techniques.

Quantum Physics

Ruo-Ting Yang,Xin-Yi Xue,Shu-Cheng Yang,Xiao-Ping Gao,Jie Ren,Wei Yan,Zhen Wang

DOI: https://doi.org/10.1088/1674-1056/ac70b9

2022-08-01

Chinese Physics B

Abstract:Rapid single flux quantum (RSFQ) circuits are a kind of superconducting digital circuits, having properties of a natural gate-level pipelining synchronous sequential circuit, which demonstrates high energy efficiency and high throughput advantage. We find that the high-throughput and high-speed performance of RSFQ circuits can take the advantage of a hardware implementation of the encryption algorithm, whereas these are rarely applied to this field. Among the available encryption algorithms, the advanced encryption standard (AES) algorithm is an advanced encryption standard algorithm. It is currently the most widely used symmetric cryptography algorithm. In this work, we aim to demonstrate the SubByte operation of an AES-128 algorithm using RSFQ circuits based on the SIMIT Nb03 process. We design an AES S -box circuit in the RSFQ logic, and compare its operational frequency, power dissipation, and throughput with those of the CMOS-based circuit post-simulated in the same structure. The complete RSFQ S -box circuit costs a total of 42237 Josephson junctions with nearly 130 Gbps throughput under the maximum simulated frequency of 16.28 GHz. Our analysis shows that the frequency and throughput of the RSFQ-based S -box are about four times higher than those of the CMOS-based S -box. Further, we design and fabricate a few typical modules of the S -box. Subsequent measurements demonstrate the correct functioning of the modules in both low and high frequencies up to 28.8 GHz.

physics, multidisciplinary

Wei ZHANG,Junxiong GAO,Yunbo WANG,Wenbin WU

DOI: https://doi.org/10.3969/j.issn.1672-9722.2017.03.020

2017-01-01

Abstract:For the encryption and decryption structure of AES is not consistent,an optimized AES algorithm with a unified encryption and decryption process is proposed in this paper.Using the fully pipelined architecture, the proposed circuit achieves an effective tradeoff between speed and resources, among which the S-box and inverse S-box are implemented applying the finite field algorithm based on regular basis.With the analysis of the path delay of each module, the AES round transformation is divided into 6 stages.Results implemented in the Xilinx`s XC7VX485T FPGA show that the hardware resource consumption is 19006LUTs,the maximum frequency is 724.323MHz and the throughput can get to 92.713Gbps, thus obtaining a very good acceleration effect.

Qing-bin Luo,Qiang Li,Xiao-yu Li,Guo-wu Yang,Jinan Shen,Minghui Zheng

DOI: https://doi.org/10.1007/s11128-024-04394-x

IF: 1.965

2024-01-01

Quantum Information Processing

Abstract:SM4 cryptographic algorithm is a block cipher algorithm issued by China’s state cryptographic administration and has become an international standard. We implement the quantum circuits of SM4 block cipher by optimizing the number of qubits and the value of depth-times-width. The quantum circuits of the S-box are first studied. According to the algebraic structure of the S-box, four kinds of improved quantum circuits of S-box are presented for different phases in SM4 based on composite field arithmetic. In order to optimize the number of qubits, we implement the quantum circuit of SM4 by connecting the quantum subcircuits in series. The implemented quantum circuit of SM4 only uses 260 qubits, which is the least number of qubits used not only in implementing the SM4 quantum circuit, but also in implementing the block cipher algorithms with 8-bit S-box, 128-bit plaintext and 128-bit secret key. When optimizing the value of depth-times-width, we achieve it through parallel implementation. The trade-off quantum circuit uses a total of 288 quantum bits, and the Toffoli depth is 1716. The depth-times-width is 49,4208, which is less than the existing best value 82,5792.

Qingfu Cao,Shuguo Li

DOI: https://doi.org/10.1109/ASICON.2009.5351572

2009-01-01

Abstract:This paper proposes a high-throughput cost-effective implementation of AES supporting encryption and decryption with 128-, 192-, and 256-bit cipher key. Optimum irreducible polynomial coefficients are selected to construct the composite field GF(((2(2))(2))(2)) on standard and normal base in order to minimize the gate count in SubBytes/InvSubBytes transformation. In addition, MixCoulmn/InvMixColumn transformations are optimized and the gate count is the least as we know. And then, a novel on-the-fly key expansion structure is applied to improve the throughput. The performance is evaluated on SMIC 0.18 mu m CMOS technology and the design has been verified on FPGA. The throughput can achieve at 1.16Gbps with the cost of only 19476 equivalent NAND2 gates, which outperforms prior works with respect to the parameter throughput per kilo gates with the same process(1).

Nadia Nedjah,Luiza de Macedo Mourelle,Chao Wang

DOI: https://doi.org/10.1007/s10766-016-0408-7

2016-01-01

International Journal of Parallel Programming

Abstract:The Advanced Encryption System (AES) is used in almost all network-based applications to ensure security. The core computation of AES, which is performed on data blocks of 128 bits, is iterated for several rounds, depending on the key size. The strength of AES is proportional to the number of rounds applied. So far, the number of rounds is fixed to 10, 12 and 14 for a key size of 128, 192 and 256 bits respectively. Most cryptographers feel that the margin between the number of rounds specified in the cipher and the best known attacks is too small. On the other hand, it is clear that the overall efficiency of a given AES implementation is inversely proportional to the number of rounds imposed. In this paper, we propose a very efficient pipelined hardware implementation of AES-128. Besides, we show that if the required number of rounds must increase to defeat attackers, the proposed implementation stays efficient.

Chen Yicheng,Zou Xuecheng,Liu Zhenglin,Han Yu,Zheng Zhaoxia

DOI: https://doi.org/10.1016/s1004-4132(08)60134-6

2008-01-01

Abstract:Ubiquitous computing must incorporate a certain level of security. For the severely resource con-strained applications, the energy-efficient and small size cryptography algorithm implementation is a critical prob-lem. Hardware implementations of the advanced encryption standard (AES) for authentication and encryption arepresented. An energy consumption variable is derived to evaluate low-power design strategies for battery-powered devices. It proves that compact AES architectures fail to optimize the AES hardware energy, whereas reducinginvalid switching activities and implementing power-optimized sub-modules are the reasonable methods. Implemen-tations of different substitution box (S-Boxes) structures are presented with 0.25 μm 1.8 V CMOS (complementarymetal oxide semiconductor) standard cell library. The comparisons and trade-offs among area, security, and powerare explored. The experimental results show that Galois field composite S-Boxes have smaller size and highestsecurity but consume considerably more power, whereas decoder-switch-encoder S-Boxes have the best power char-acteristics with disadvantages in terms of size and security. The combination of these two type S-Boxes instead ofhomogeneous S-Boxes in AES circuit will lead to optimal schemes. The technique of latch-dividing data path isanalyzed, and the quantitative simulation results demonstrate that this approach diminishes the glitches effectivelyat a very low hardware cost.

Qing-bin Luo,Guo-wu Yang,Xiao-yu Li,Qiang Li

DOI: https://doi.org/10.1140/epjqt/s40507-022-00144-z

IF: 6.9997

2022-10-09

EPJ Quantum Technology

Abstract:The synthesis of quantum circuits for multiplicative inverse over are discussed in this paper. We first convert the multiplicative inverse operation in to arithmetic operations in the composite field , and then discuss the expressions of the square calculation, the inversion calculation and the multiplication calculation separately in the finite field , where the expressions of multiplication calculation in are given directly in and given through being transformed into the composite field . Then the quantum circuits of these calculations are realized one by one. Finally, two quantum circuits for multiplicative inverse over are synthesized. They both use 21 qubits, the first quantum circuit uses 55 Toffoli gates and 107 CNOT gates and the second one uses 37 Toffoli gates and 209 CNOT gates. As an example of the application of multiplication inverse, we apply these quantum circuits to the implementations of the S-box quantum circuit of the AES cryptographic algorithm. Two quantum circuits for implementing the S-box of the AES cryptographic algorithm are presented. The first quantum circuit uses 21 qubits, 55 Toffoli gates, 131 CNOT gates and 4 NOT gates and the second one uses 21 qubits, 37 Toffoli gates, 233 CNOT gates and 4 NOT gates. Through the evaluation of quantum cost, the two quantum circuits of the S-box of AES cryptographic algorithm use less quantum resources than the existing schemes.

optics,physics, atomic, molecular & chemical,quantum science & technology

Lijuan Li,Shuguo Li

DOI: https://doi.org/10.23919/FPL.2017.8056803

2017-01-01

Abstract:This paper proposes a high throughput architecture for AES encryption/decryption targeting on the recent FPGAs with 6-input LUTs. Unlike previous works which share multiplicative inverse logics to realize SubBytes and InvSubBytes, the proposed architecture directly employs the look-up-table based Sbox for both SubBytes and InvSubBytes. Efficient reordering and merging techniques are applied to achieve a highly integrated encryption/decryption datapath with reduced area and delay. By sharing Sbox instead of inversion, the encryption datapath remains simple with unchanged MixColumns. For decryption, the linear operations including two inverse Affine functions and InvMixColumns between SubBytes are merged into a new InvMixColumns (NIMC-I) transformation. The NIMC-I is further optimized to reduce resources and share logics with MixColumns. Through loop-unrolling and fair pipelining, the proposed 3-stage subpipelined design achieves 68.82 Gbps on XC7VX330T using 3930 slices and the 5-stage deep-pipelined one achieves 76.19 Gbps on XC6VLX240T using 4426 slices, which outperform previous equivalent designs in terms of throughput per area.

Jongheon Lee,Yousung Kang,You-Seok Lee,Boheung Chung,Dooho Choi

DOI: https://doi.org/10.1007/s11128-024-04365-2

IF: 1.965

2024-04-19

Quantum Information Processing

Abstract:When implementing a quantum circuit for a desired reversible function, an attempt is made to design an accurate quantum circuit. Then, the quantum circuit is optimized based on a specific cost function, such as design cost, width (the number of qubits), depth, etc. In particular, if an in-place subcircuit itself can be optimized while maintaining its in-place property, it will be a very useful way to increase efficiency without changing the initial architecture of the entire quantum circuit. Furthermore, since its (clean) work qubits can easily be utilized in subsequent subroutines of the quantum circuit, it has an additional important advantage in terms of width. In this paper, for the first time to the best of our knowledge, we present a global Toffoli-depth reduction methodology for an in-place version reversible circuit in the case that the given input circuit is optimized with Toffoli-count. We mainly introduce a process to optimize the internal function block in SHA3-256 to explain our Toffoli-depth reduction approach preserving the in-place property, and hence, well-balanced five quantum circuits are induced in terms of its width and T-depth. And then, we apply these five circuits to design the entire SHA3-256 cryptosystem. One of the proposed SHA3-256 quantum circuits has a width of 1600 and a T-depth of 264, and this shows a result of 50% and 38.9% reduction compared to the previous circuit in terms of width and T-depth, respectively. Other versions of our SHA3-256 circuits just required 10–33 qubits per one T-depth compared to the previous results which require over 1800 qubits per T-depth, and so this means that our SHA3-256 circuits are well-balanced. Finally, we constructed Grover's algorithm circuit using each version that realized SHA3-256. When output circuits for the presented method were used, quantum volume values of Grover's algorithm circuits became 33 and 50 of the value when the input circuit was used.

physics, multidisciplinary,quantum science & technology, mathematical

Qing-bin Luo,Qiang Li,Xiaoyü Li,Guowu Yang,Jinan Shen,Minghui Zheng

DOI: https://doi.org/10.21203/rs.3.rs-3105531/v1

2023-01-01

Abstract:Abstract SM4 cryptographic algorithm is a block cipher algorithm issued by China's state cryptographic administration and has become an international standard. we implement the quantum circuits of SM4 Block cipher by optimizing the number of qubits and the value of depth-times-width. When the S-box is implemented, four kind of improved quantum circuits of S-box are presented for different phases in SM4 based on composite field arithmetic. When optimizing the number of qubits, we implement the quantum circuit of SM4 by connecting the quantum subcircuits in series. The implemented quantum circuit of SM4 only uses 260 qubits, which is the least number of qubits used not only in implementing the SM4 quantum circuit, but also in implementing the block cipher algorithms with 8-bit S-box, 128-bit plaintext and 128-bit secret key. When optimizing the value of depth-times-width, we achieve it through parallel implementation. The trade-off quantum circuit uses a total of 288 quantum bits and the Toffoli depth is 1716. The depth-times-width is 494208, which is less than the existing best value 825792.

Luo Qing-bin,Yang Guo-wu,Li Xiao-yu,Li Qiang

DOI: https://doi.org/10.1140/epjqt/s40507-022-00144-z

IF: 6.9997

2022-01-01

EPJ Quantum Technology

Abstract:The synthesis of quantum circuits for multiplicative inverse over $\operatorname{GF}(2^{8})$ are discussed in this paper. We first convert the multiplicative inverse operation in $\operatorname{GF}(2^{8})$ to arithmetic operations in the composite field $\operatorname{GF}((2^{4})^{2})$ , and then discuss the expressions of the square calculation, the inversion calculation and the multiplication calculation separately in the finite field $\operatorname{GF}(2^{4})$ , where the expressions of multiplication calculation in $\operatorname{GF}(2^{4})$ are given directly in $\operatorname{GF}(2^{4})$ and given through being transformed into the composite field $\operatorname{GF}((2^{2})^{2})$ . Then the quantum circuits of these calculations are realized one by one. Finally, two quantum circuits for multiplicative inverse over $\operatorname{GF}(2^{8})$ are synthesized. They both use 21 qubits, the first quantum circuit uses 55 Toffoli gates and 107 CNOT gates and the second one uses 37 Toffoli gates and 209 CNOT gates. As an example of the application of multiplication inverse, we apply these quantum circuits to the implementations of the S-box quantum circuit of the AES cryptographic algorithm. Two quantum circuits for implementing the S-box of the AES cryptographic algorithm are presented. The first quantum circuit uses 21 qubits, 55 Toffoli gates, 131 CNOT gates and 4 NOT gates and the second one uses 21 qubits, 37 Toffoli gates, 233 CNOT gates and 4 NOT gates. Through the evaluation of quantum cost, the two quantum circuits of the S-box of AES cryptographic algorithm use less quantum resources than the existing schemes.

Parfait Atchade-Adelomou,Saul Gonzalez

2023-11-15

Abstract:As we venture into the Intermediate-Scale Quantum (ISQ) era, the proficiency of modular arithmetic operations becomes pivotal for advancing quantum cryptographic algorithms. This study presents an array of quantum circuits, each precision-engineered for modular arithmetic functions critical to cryptographic applications. Central to our exposition are quantum modular adders, multipliers, and exponential operators, whose designs are rigorously optimized for ISQ devices. We provide a theoretical framework and practical implementations in the PennyLane quantum software, bridging the gap between conceptual and applied quantum computing. Our simulations validate the efficacy of these methodologies, offering a strategic compass for developing quantum algorithms that align with the rapid progression of quantum technology.

Quantum Physics

Tairong Shi,Wenling Wu,Bin Hu,Jie Guan,Han Sui,Senpeng Wang,Mengyuan Zhang

DOI: https://doi.org/10.1109/tifs.2024.3402970

IF: 7.231

2024-06-07

IEEE Transactions on Information Forensics and Security

Abstract:A lot of work in the field of quantum cryptanalysis is currently devoted to finding applications of Grover-meets-Simon algorithm and its complexity is given in the form of , but research on how to implement the attack efficiently is still insufficient. After all, it is crucial to study quantum attacks in resource-limited situations, according to NIST's guidance on circuit depth. This work first evaluates the parallelization of Grover-meets-Simon by drawing on the Grover's parallel approach and shows that as the width increases by , the depth decreases by a factor of . Further, the first dedicated quantum attack on a class of functions that appear in cryptographic scheme applications (so-called XOR-type function) is proposed. The depth, width, and the number of gates required for the attack are greatly reduced compared to the general parallelization. Then we apply the attack to various Beyond-Birthday-Bound (BBB) MACs, where the XOR function can be constructed, including SUM-ECBC and its variants (2K-SUM-ECBC, 2K-ECBC_Plus), and GCM-SIV2. In the typical case where SUM-ECBC is based on AES-128, our attack saves at least 62.3% in depth, 19.5% in width and 22.2% in gate count simultaneously. The impact on some lightweight ciphers is further explored, and it is interesting to note that the lighter the quantum circuit implementation of the cipher is, the greater the possible impact of an attack will be. This observation may provide new insights into quantum cryptanalysis.

computer science, theory & methods,engineering, electrical & electronic