Surajit Mandal,Ravi Anand,Mostafizar Rahman,Santanu Sarkar,Takanori Isobe

DOI: https://doi.org/10.1038/s41598-024-69188-8

IF: 4.6

2024-09-11

Scientific Reports

Abstract:Extensive research is currently underway to determine the security of existing ciphers in light of the advancements in quantum computing. Against symmetric key cryptography, Grover's search algorithm is a prominent attack, capable of reducing search costs to the square root. For using Grover's algorithm, it is imperative to embed the target cipher into a quantum circuit. Even so, this area of research is relatively new; it has garnered significant attention from the research community. In this study, we provide the first estimation of the cost of Grover's key search attack against the AES-based AEAD schemes Rocca-S , AEGIS-128 , and Tiaoxin-346 . Our analysis considers circuit depth restrictions specified in NIST's PQC standardization process. Considering NIST's maximum depth constraints, We present the overall cost of these attacks using gate count and depth-times-width metrics. We observed that for , Rocca-S , AEGIS-128 , and Tiaoxin-346 can be retrieved using Grover's search algorithm with gate count of 1.09 × 2 253 , 1.14 × 2 124 , and 1.22 × 2 124 respectively. Concerning the current updated values by NIST, these ciphers are secure in terms of the cost of implementing Grover's attack for key recovery. The quantum circuits of these ciphers are implemented using QISKIT, an open-source software development kit (SDK) designed for working with quantum computers running on the IBM Quantum Experience platform.

multidisciplinary sciences

Xi Wu,Qingyi Li,Zhiqiang Li,Donghan Yang,Hui Yang,Wenjie Pan,Marek Perkowski,Xiaoyu Song

DOI: https://doi.org/10.1007/s11128-022-03727-y

IF: 1.965

2023-01-19

Quantum Information Processing

Abstract:Grover algorithm is a quantum search algorithm that can find the target state efficiently. However, with the increase in the amount of searching data, the circuit of Grover algorithm is faced with complex gate decomposition problem. In today's NISQ era, resources are very limited, so the depth of circuit is an important metric. This paper introduces a two-stage quantum search algorithm based on divide-and-conquer, which can run quickly in parallel on a quantum computer. A circuit optimization method is proposed to reduce the number of iterations by using block-level oracle circuit. Combining this method with divide-and-conquer idea, it is defined as the 2P-Grover algorithm. The simulation experiment was carried out on the quantum computing framework Cirq and compared with Grover algorithm. The experimental results show that the 2P-Grover algorithm can reduce the depth of circuit by at least 1.2 times and maintain a high probability of search success.

physics, multidisciplinary,quantum science & technology, mathematical

Gregory V. Bard,Nicolas T. Courtois,Jorge Nakahara Jr,Pouyan Sepehrdad,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-17401-8_14

2010-01-01

Abstract:This paper presents the first results on AIDA/cube, algebraic and side-channel attacks on variable number of rounds of all members of the KATAN family of block ciphers. Our cube attacks reach 60, 40 and 30 rounds of KATAN32, KATAN48 and KATAN64, respectively. In our algebraic attacks, we use SAT solvers as a tool to solve the quadratic equations representation of all KATAN ciphers. We introduced a novel pre-processing stage on the equations system before feeding it to the SAT solver. This way, we could break 79, 64 and 60 rounds of KATAN32, KATAN48, KATAN64, respectively. We show how to perform side channel attacks on the full 254-round KATAN32 with one-bit information leakage from the internal state by cube attacks. Finally, we show how to reduce the attack complexity by combining the cube attack with the algebraic attack to recover the full 80-bit key. Further contributions include new phenomena observed in cube, algebraic and side-channel attacks on the KATAN ciphers. For the cube attacks, we observed that the same maxterms suggested more than one cube equation, thus reducing the overall data and time complexities. For the algebraic attacks, a novel pre-processing step led to a speed up of the SAT solver program. For the side-channel attacks, 29 linearly independent cube equations were recovered after 40-round KATAN32. Finally, the combined algebraic and cube attack, a leakage of key bits after 71 rounds led to a speed up of the algebraic attack.

Joshi, Mohit

DOI: https://doi.org/10.1007/s10773-024-05751-3

2024-08-24

International Journal of Theoretical Physics

Abstract:Designing efficient techniques to search over encrypted data space has always been an intriguing security challenge, although many solutions based on classical searching methods have been proposed. Grover's algorithm, a quantum counterpart of searching algorithms, has proven to provide quadratic speedup over any classical search technique on an unsorted database. However, this algorithm is unable to search over encrypted data space. This study proposed an extension of Grover's algorithm to enable search over encrypted dataspace, allowing clients with limited-capability quantum resources to delegate complex search operations to an untrusted server. The blindness of data in this protocol is achieved by encrypting qubits using Pauli's rotation gates that maximally mix the outgoing states. The empirical estimation of the overhead of the computation due to the introduction of this technique has been analyzed. This estimate has been used for comparative analysis, showing the efficiency of the proposed protocol. A practical application of the proposed searchable encryption technique has been utilized to estimate the increase in resources needed to carry out a brute-force attack on AES encryption using secure Grover's algorithm. Furthermore, an extensive experimental analysis of the effect of noise has been studied using four different noise models: amplitude damping, phase damping, depolarizing noise, and bit-flip noise. The investigation provided useful insight into the behavior of the proposed algorithm under noisy conditions and also estimated the tolerance thresholds of the proposed algorithm under different noise models.

physics, multidisciplinary

Yujin Oh,Kyungbae Jang,Anubhab Baksi,Hwajeong Seo

DOI: https://doi.org/10.3390/math12091337

IF: 2.4

2024-04-28

Mathematics

Abstract:Quantum computing advancements pose security challenges for cryptography. Specifically, Grover's search algorithm affects the reduction in the search complexity of symmetric-key encryption and hash functions. Recent efforts have been made to estimate the complexity of Grover's search and evaluate post-quantum security. In this paper, we propose a depth-optimized quantum circuit implementation for ASCON, including both symmetric-key encryption and hashing algorithms, as a part of the lightweight cryptography standardization by NIST (National Institute of Standards and Technology). As far as we know, this is the first implementation of a quantum circuit for the ASCON AEAD (Authenticated Encryption with Associated Data) scheme, which is a symmetric-key algorithm. Also, our quantum circuit implementation of the ASCON-HASH achieves a reduction of more than 88.9% in the Toffoli depth and more than 80.5% in the full depth compared to the previous work. As per our understanding, the most effective strategy against Grover's search involves minimizing the depth of the quantum circuit for the target cipher. We showcase the optimal Grover's search cost for ASCON and introduce a proposed quantum circuit optimized for depth. Furthermore, we utilize the estimated cost to evaluate post-quantum security strength of ASCON, employing the relevant evaluation criteria and the latest advancements in research.

mathematics

P. V. Pyshkin,Da-Wei Luo,J. Q. You,Lian-Ao Wu

DOI: https://doi.org/10.48550/arxiv.1704.01467

2017-01-01

Abstract:Over the last decades, there have been many proposals for quantum computation. One of the promising candidates is adiabatic quantum computation (AQC). The central idea of AQC is about finding the ground state of a system with a problem Hamiltonian via particular adiabatic passages, starting from an initialized ground state of a simple Hamiltonian. One disadvantage of AQC is the significant growth of necessary runtime, in particular when there are quantum phase transitions during the AQC passages. Here we propose a nondeterministic ground state cooling quantum computation model based on selective projection measurements on an ancilla coupled to the system with the problem Hamiltonian previously cooled by conventional techniques. We illustrate the model by Grover search problem and show that our nondeterministic model requires a constant or at most logarithmic runtime and can also get rid of possible difficulties in preparing the ground state of the simple Hamiltonian.

XiaoYu Jing,YanJu Li,GuangYue Zhao,Huiqin Xie

2023-05-02

Abstract:Due to Grover's algorithm, any exhaustive search attack of block ciphers can achieve a quadratic speed-up. To implement Grover,s exhaustive search and accurately estimate the required resources, one needs to implement the target ciphers as quantum circuits. Recently, there has been increasing interest in quantum circuits implementing lightweight ciphers. In this paper we present the quantum implementations and resource estimates of the lightweight ciphers LBlock and LiCi. We optimize the quantum circuit implementations in the number of gates, required qubits and the circuit depth, and simulate the quantum circuits on ProjectQ. Furthermore, based on the quantum implementations, we analyze the resources required for exhaustive key search attacks of LBlock and LiCi with Grover's algorithm. Finally, we compare the resources for implementing LBlock and LiCi with those of other lightweight ciphers.

Quantum Physics,Cryptography and Security

Kyoungbae Jang,Seungju Choi,Hyeokdong Kwon,Hyunji Kim,Jaehoon Park,Hwajeong Seo

DOI: https://doi.org/10.3390/app10186407

2020-09-14

Applied Sciences

Abstract:The Grover search algorithm reduces the security level of symmetric key cryptography with n-bit security level to O(2n/2). In order to evaluate the Grover search algorithm, the target block cipher should be efficiently implemented in quantum circuits. Recently, many research works evaluated required quantum resources of AES block ciphers by optimizing the expensive substitute layer. However, few works were devoted to the lightweight block ciphers, even though it is an active research area, nowadays. In this paper, we present optimized implementations of every Korean made lightweight block ciphers for quantum computers, which include HIGHT, CHAM, and LEA, and NSA made lightweight block ciphers, namely SPECK. Primitive operations for block ciphers, including addition, rotation, and exclusive-or, are finely optimized to achieve the optimal quantum circuit, in terms of qubits, Toffoli gate, CNOT gate, and X gate. To the best of our knowledge, this is the first implementation of ARX-based Korean lightweight block ciphers in quantum circuits.

Matan Ben-Dov,Itai Arad,Emanuele G. Dalla Torre

2024-10-28

Abstract:Circuit optimization is a fundamental task for practical applications of near-term quantum computers. In this work we address this challenge through the powerful lenses of tensor network theory. Our approach involves the full characterization of the influence of individual gates on the entire circuit, a process we call quantum landscape tomography. We derive the necessary and sufficient requirements of this process and propose two implementations, respectively based on 2-unitary design and Clifford tableaux. The latter implementation strikes a convenient balance between the number of shots and the number of circuits needed for the tomography. Numerical simulations based on a realistic noise model demonstrate the advantage of our approach with respect to both gradient-free and gradient-based methods. Overall, our findings highlight the potential of quantum landscape tomography to enhance circuit optimization in near-term quantum computing applications.

Quantum Physics

Gérard Fleury,Philippe Lacomme

DOI: https://doi.org/10.48550/arXiv.2210.16809

2022-11-06

Abstract:This paper concerns the Grover algorithm that permits to make amplification of quantum states previously tagged by an Oracle. Grover's algorithm allows searches in an unstructure database of n entries finding a marked element with a quadratic speedup. The algorithm requires a predefined number of runs to succeed with probability close to <a class="link-external link-http" href="http://one.This" rel="external noopener nofollow">this http URL</a> article provides a description of the amplitude amplification quantum algorithm mechanism in a very short computational way, based on tensor products and provides a geometric presentation of the successive system states. All the basis changes are fully described to provide an alternative to the wide spread Grover description based only on matrices and complex tensor computation. Our experiments encompass numerical evaluations of circuit using the Qiskit library of IBM that meet the theoretical considerations

Quantum Physics

Chris Cade,Marten Folkertsma,Ido Niesen,Jordi Weggemans

DOI: https://doi.org/10.22331/q-2023-10-10-1133

2023-09-28

Abstract:Run-times of quantum algorithms are often studied via an asymptotic, worst-case analysis. Whilst useful, such a comparison can often fall short: it is not uncommon for algorithms with a large worst-case run-time to end up performing well on instances of practical interest. To remedy this it is necessary to resort to run-time analyses of a more empirical nature, which for sufficiently small input sizes can be performed on a quantum device or a simulation thereof. For larger input sizes, alternative approaches are required. In this paper we consider an approach that combines classical emulation with detailed complexity bounds that include all constants. We simulate quantum algorithms by running classical versions of the sub-routines, whilst simultaneously collecting information about what the run-time of the quantum routine would have been if it were run instead. To do this accurately and efficiently for very large input sizes, we describe an estimation procedure and prove that it obtains upper bounds on the true expected complexity of the quantum algorithms. We apply our method to some simple quantum speedups of classical heuristic algorithms for solving the well-studied MAX-$k$-SAT optimization problem. This requires rigorous bounds (including all constants) on the expected- and worst-case complexities of two important quantum sub-routines: Grover search with an unknown number of marked items, and quantum maximum-finding. These improve upon existing results and might be of broader interest. Amongst other results, we found that the classical heuristic algorithms we studied did not offer significant quantum speedups despite the existence of a theoretical per-step speedup. This suggests that an empirical analysis such as the one we implement in this paper already yields insights beyond those that can be seen by an asymptotic analysis alone.

Quantum Physics,Data Structures and Algorithms

Wei Jie Ng,Chik How Tan

DOI: https://doi.org/10.1007/s11128-024-04359-0

IF: 1.965

2024-04-18

Quantum Information Processing

Abstract:Grover's algorithm has been widely used for quantum key search to attack block ciphers with a quadratic speedup as compared to classical brute-force attacks and also used for evaluating the post-quantum security of block ciphers against quantum computer attack. But, this quantum key search on block ciphers has a high quantum circuit depth and AES-128 is still secure against such attack. In this paper, we introduce a method called the depth–measurement trade-off method that reduces the overall quantum circuit depth of quantum key search to attack block ciphers by increasing the number of measurements of the circuit. This method is to introduce dummy keys in the quantum circuit as part of the correct key. This will reduce both quantum circuit resource and quantum circuit depth. Based on this technique, the quantum circuit depth of AES-128 is less than , while NIST suggested circuit depth should be greater than MAXDEPTH, which is , and in order to resist the respective attacks. In addition, we also simulated the depth–measurement trade-off method on the reduced SIMON block cipher algorithm as a proof of concept. Furthermore, we also apply the depth–measurement technique on various block ciphers, for example AES, PRESENT, SIMON, GIFT, SPECK, RECTANGLE, LowMC, KNOT, PIPO, etc.

physics, multidisciplinary,quantum science & technology, mathematical

Milos Prokop,Petros Wallden,David Joseph

2024-02-22

Abstract:Finding the shortest vector in a lattice is a problem that is believed to be hard both for classical and quantum computers. Many major post-quantum secure cryptosystems base their security on the hardness of the Shortest Vector Problem (SVP). Finding the best classical, quantum or hybrid classical-quantum algorithms for SVP is necessary to select cryptosystem parameters that offer sufficient level of security. Grover's search quantum algorithm provides a generic quadratic speed-up, given access to an oracle implementing some function which describes when a solution is found. In this paper we provide concrete implementation of such an oracle for the SVP. We define the circuit, and evaluate costs in terms of number of qubits, number of gates, depth and T-quantum cost. We then analyze how to combine Grover's quantum search for small SVP instances with state-of-the-art classical solvers that use well known algorithms, such as the BKZ, where the former is used as a subroutine. This could enable solving larger instances of SVP with higher probability than classical state-of-the-art records, but still very far from posing any threat to cryptosystems being considered for standardization. Depending on the technology available, there is a spectrum of trade-offs in creating this combination.

Quantum Physics,Cryptography and Security

Kun Zhang,Vladimir E. Korepin,Kun Zhang and Vladimir E. Korepin

DOI: https://doi.org/10.1103/PhysRevA.101.032346

2020-03-27

Abstract:Grover's quantum search algorithm provides a quadratic speedup over the classical one. The computational complexity is based on the number of queries to the oracle. However, depth is a more modern metric for noisy intermediate-scale quantum computers. We propose a depth optimization method for the q... [Phys. Rev. A 101, 032346] Published Thu Mar 26, 2020

Afrin Sultana,Edgard Muñoz-Coreas

2024-06-04

Abstract:Quantum squaring operation is a useful building block in implementing quantum algorithms such as linear regression, regularized least squares algorithm, order-finding algorithm, quantum search algorithm, Newton Raphson division, Euclidean distance calculation, cryptography, and in finding roots and reciprocals. Quantum circuits could be made fault-tolerant by using error correcting codes and fault-tolerant quantum gates (such as the Clifford + T-gates). However, the T-gate is very costly to implement. Two qubit gates (such as the CNOT-gate) are more prone to noise errors than single qubit gates. Consequently, in order to realize reliable quantum algorithms, the quantum circuits should have a low T-count and CNOT-count. In this paper, we present a novel quantum integer squaring architecture optimized for T-count, CNOT-count, T-depth, CNOT-depth, and $KQ_T$ that produces no garbage outputs. To reduce costs, we use a novel approach for arranging the generated partial products that allows us to reduce the number of adders by 50%. We also use the resource efficient logical-AND gate and uncomputation gate shown in [1] to further save resources. The proposed quantum squaring circuit sees an asymptotic reduction of 66.67% in T-count, 50% in T-depth, 29.41% in CNOT-count, 42.86% in CNOT-depth, and 25% in KQ T with respect to Thapliyal et al. [2]. With respect to Nagamani et al. [3] the design sees an asymptotic reduction of 77.27% in T-count, 68.75% in T-depth, 50% in CNOT-count, 61.90% in CNOT-depth, and 6.25% in the $KQ_T$.

Quantum Physics,Hardware Architecture,Emerging Technologies

Ernesto Campos,Daniil Rabinovich,Alexey Uvarov

DOI: https://doi.org/10.1103/PhysRevA.110.012428

2024-07-15

Abstract:Variational quantum algorithms have become the de facto model for current quantum computations. A prominent example of such algorithms -- the quantum approximate optimization algorithm (QAOA) -- was originally designed for combinatorial optimization tasks, but has been shown to be successful for a variety of other problems. However, for most of these problems the optimal circuit depth remains unknown. One such problem is unstructured search which consists on finding a particular bit string, or equivalently, preparing a state of high overlap with a target state. To bound the optimal QAOA depth for such problem we build on its known solution in a continuous time quantum walk (CTQW). We trotterize a CTQW to recover a QAOA sequence, and employ recent advances on the theory of Trotter formulas to bound the query complexity (circuit depth) needed to prepare a state of almost perfect overlap with the target state. The obtained complexity exceeds the Grover's algorithm complexity $O\left(N^\frac{1}{2}\right)$, but remains smaller than $O \left(N^{\frac{1}{2}+c}\right)$ for any $c>0$, which shows quantum advantage of QAOA over classical solutions. We verify our analytical predictions by numerical simulations of up to 68 qubits, which demonstrate that our result overestimates the number of QAOA layers resulting from a trotterized CTQW by at most a polynomial factor.

Quantum Physics

Kenneth M. Rudinger,Corey I. Ostrove,Stefan K. Seritan,Matthew D. Grace,Erik Nielsen,Robin J. Blume-Kohout,Kevin C. Young

2023-09-22

Abstract:Gate set tomography (GST) is a self-consistent and highly accurate method for the tomographic reconstruction of a quantum information processor's quantum logic operations, including gates, state preparations, and measurements. However, GST's experimental cost grows exponentially with qubit number. For characterizing even just two qubits, a standard GST experiment may have tens of thousands of circuits, making it prohibitively expensive for platforms. We show that, because GST experiments are massively overcomplete, many circuits can be discarded. This dramatically reduces GST's experimental cost while still maintaining GST's Heisenberg-like scaling in accuracy. We show how to exploit the structure of GST circuits to determine which ones are superfluous. We confirm the efficacy of the resulting experiment designs both through numerical simulations and via the Fisher information for said designs. We also explore the impact of these techniques on the prospects of three-qubit GST.

Quantum Physics

Pablo Fernández,Miguel A. Martin-Delgado

2024-03-08

Abstract:We apply quantum homomorphic encryption (QHE) schemes suitable for circuits with a polynomial number of $T/T^{\dagger}$-gates to Grover's algorithm, performing a simulation in Qiskit of a Grover circuit that contains 3 qubits. The $T/T^{\dagger}$ gate complexity of Grover's algorithm is also analysed in order to show that any Grover circuit can be evaluated homomorphically in an efficient manner. We discuss how to apply these QHE schemes to allow for the efficient homomorphic evaluation of any Grover circuit composed of $n$ qubits using $n-2$ extra ancilla qubits. We also show how the homomorphic evaluation of the special case where there is only one marked item can be implemented using an algorithm that makes the decryption process more efficient compared to the standard Grover algorithm.

Quantum Physics

Gregory Rosenthal

2023-07-10

Abstract:We prove that any $n$-qubit unitary transformation can be implemented (i) approximately in time $\tilde O\big(2^{n/2}\big)$ with query access to an appropriate classical oracle, and also (ii) exactly by a circuit of depth $\tilde O\big(2^{n/2}\big)$ with one- and two-qubit gates and $2^{O(n)}$ ancillae. The proofs involve similar reductions to Grover search. The proof of (ii) also involves a linear-depth construction of arbitrary quantum states using one- and two-qubit gates (in fact, this can be improved to constant depth with the addition of fanout and generalized Toffoli gates) which may be of independent interest. We also prove a matching $\Omega\big(2^{n/2}\big)$ lower bound for (i) and (ii) for a certain class of implementations.

Quantum Physics,Computational Complexity