Applying Grover's algorithm to AES: quantum resource estimates
From MaRDI portal
Publication:2802601
DOI10.1007/978-3-319-29360-8_3zbMATH Open1405.81026arXiv1512.04965OpenAlexW2212436842MaRDI QIDQ2802601FDOQ2802601
Authors: M. Grassl, Brandon Langenberg, Martin Roetteler, Rainer Steinwandt 
Publication date: 26 April 2016
Published in: Post-Quantum Cryptography (Search for Journal in Brave)
Abstract: We present quantum circuits to implement an exhaustive key search for the Advanced Encryption Standard (AES) and analyze the quantum resources required to carry out such an attack. We consider the overall circuit size, the number of qubits, and the circuit depth as measures for the cost of the presented quantum algorithms. Throughout, we focus on Clifford gates as the underlying fault-tolerant logical quantum gate set. In particular, for all three variants of AES (key size 128, 192, and 256 bit) that are standardized in FIPS-PUB 197, we establish precise bounds for the number of qubits and the number of elementary logical quantum gates that are needed to implement Grover's quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs.
Full work available at URL: https://arxiv.org/abs/1512.04965
Recommendations
- Implementing Grover oracles for quantum key search on AES and LowMC
- Quantum resource estimates of Grover's key search on ARIA
- Improvements to quantum search techniques for block-ciphers, with applications to AES
- Quantum resource estimation for FSR based symmetric ciphers and related Grover's attacks
- Quantum circuit implementations of AES with fewer qubits
Cited In (49)
- Leveraging Grover's algorithm for quantum searchable encryption in cloud infrastructure and its application in AES resource estimation
- Grover on chosen IV related key attack against GRAIN-128a
- Estimates of implementation complexity for quantum cryptanalysis of post-quantum lattice-based cryptosystems
- Quantum implementation and resource estimates for rectangle and knot
- Evaluation of quantum cryptanalysis on SPECK
- Parallel quantum addition for Korean block ciphers
- Grover on SM3
- Some efficient quantum circuit implementations of Camellia
- Efficient quantum algorithms related to autocorrelation spectrum
- Improvements to quantum search techniques for block-ciphers, with applications to AES
- Low-gate quantum golden collision finding
- Optimized quantum implementation of AES
- Quantum algorithm design: techniques and applications
- New quantum circuit implementations of SM4 and SM3
- Implementation of efficient quantum search algorithms on NISQ computers
- Implementing Grover oracle for lightweight block ciphers under depth constraints
- Grover on \(SIMON\)
- Quantum resource estimation for FSR based symmetric ciphers and related Grover's attacks
- Quantum search for scaled hash function preimages
- Quantum algorithm for Boolean equation solving and quantum algebraic attack on cryptosystems
- Quantum reversible circuit of AES-128
- Improved quantum analysis of SPECK and LowMC
- Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3
- Quantum key search with side channel advice
- Low-communication parallel quantum multi-target preimage search
- Quantum security analysis of Rocca
- Implementing Grover oracles for quantum key search on AES and LowMC
- Quantum security analysis of CSIDH
- Concrete analysis of quantum lattice enumeration
- Improved quantum circuits for AES: reducing the depth and the number of qubits
- Time-space complexity of quantum search algorithms in symmetric cryptanalysis: applying to AES and SHA-2
- A framework for reducing the overhead of the quantum oracle for use with Grover's algorithm with applications to cryptanalysis of SIKE
- Synthesizing quantum circuits of AES with lower \(T\)-depth and less qubits
- Quantum circuit implementations of SM4 block cipher based on different gate sets
- Optimized reversible quantum circuits for \(\mathbb{F}_{2^8}\) multiplication
- A trade-off between classical and quantum circuit size for an attack against CSIDH
- Evaluation of Grover's algorithm toward quantum cryptanalysis on ChaCha
- A note on quantum collision resistance of double-block-length compression functions
- Further insights on constructing quantum circuits for Camellia block cipher
- Breaking LWC candidates: sESTATE and Elephant in quantum setting
- Optimizing the depth of quantum implementations of linear layers
- Quantum circuit implementations of AES with fewer qubits
- Quantum circuit implementation and resource analysis of LBlock and LiCi
- Title not available (Why is that?)
- Optimization of $S$-boxes GOST R 34.12-2015 «Magma» quantum circuits without ancilla qubits
- Characterizing the qIND-qCPA (In)security of the CBC, CFB, OFB and CTR Modes of Operation
- Quantum reversible circuits for \(\mathrm{GF}(2^8)\) multiplication based on composite field arithmetic operations
- Estimating quantum speedups for lattice sieves
- Depth-measurement trade-off for quantum search on block ciphers
This page was built for publication: Applying Grover's algorithm to AES: quantum resource estimates
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q2802601)
