Abstract
We introduce models of computation that enable direct comparisons between classical and quantum algorithms. Incorporating previous work on quantum computation and error correction, we justify the use of the gate-count and depth-times-width cost metrics for quantum circuits. We demonstrate the relevance of these models to cryptanalysis by revisiting, and increasing, the security estimates for the Supersingular Isogeny Diffie–Hellman (SIDH) and Supersingular Isogeny Key Encapsulation (SIKE) schemes. Our models, analyses, and physical justifications have applications to a number of memory intensive quantum algorithms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Here we are taking Planck’s constant equal to \(2\pi \), i.e. \(\hbar = 1\).
- 2.
Actually, here and elsewhere, we use a gate set that includes Toffoli gates and controlled-swap gates. These can be built from O(1) Clifford+T gates.
- 3.
One can handle a range of capacities using controlled operations, but the size of the resulting circuit grows linearly with the number of capacities it must handle.
- 4.
We are being slightly imprecise, as the \(\ell \)-isogeny graph is actually directed. However, if there is an edge from u to v corresponding to an isogeny \(\phi \), then there is an edge from v to u corresponding to the dual isogeny \(\hat{\phi }\).
References
Adj, G., Cervantes-Vázquez, D., Chi-Domínguez, J.-J., Menezes, A., Rodríguez-Henríquez, F.: On the cost of computing isogenies between supersingular elliptic curves. In: Cid, C., Jacobson Jr., M. (eds.) SAC 2018. LNCS, vol. 11349, pp. 322–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-10970-7_15
Alicki, R., Fannes, M., Horodecki, M.: On thermalization in Kitaev’s 2D model. J. Phys. A 42, 065303 (2009)
Alicki, R., Horodecki, M., Horodecki, P., Horodecki, R.: On thermal stability of topological qubit in Kitaev’s 4d model. Open Syst. Inf. Dyn. 17, 1–20 (2010)
Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37, 210–239 (2007)
Beals, R., et al.: Efficient distributed quantum computing. Proc. R. Soc. Lond. A: Math. Phys. Eng. Sci. 469, 20120686 (2013)
Bernstein, D.J., Biasse, J.-F., Mosca, M.: A low-resource quantum factoring algorithm. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 330–346. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_19
Bernstein, D.J., Jeffery, S., Lange, T., Meurer, A.: Quantum algorithms for the subset-sum problem. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 16–33. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38616-9_2
Biasse, J.-F., Jao, D., Sankar, A.: A quantum algorithm for computing isogenies between supersingular elliptic curves. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 428–442. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13039-2_25
Blais, A., Huang, R.-S., Wallraff, A., Girvin, S.M., Schoelkopf, R.J.: Cavity quantum electrodynamics for superconducting electrical circuits: an architecture for quantum computation. Phys. Rev. A 69, 14 pages (2004)
Brassard, G., Høyer, P., Kalach, K., Kaplan, M., Laplante, S., Salvail, L.: Merkle puzzles in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 391–410. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_22
Bravyi, S., Terhal, B.: A no-go theorem for a two-dimensional self-correcting quantum memory based on stabilizer codes. New J. Phys.11 (2009)
Brown, B.J., Loss, D., Pachos, J.K., Self, C.N., Wootton, J.R.: Quantum memories at finite temperature. Rev. Modern Phys. 88, 045005 (2016)
Coecke, B., Fritz, T., Spekkens, R.W.: A mathematical theory of resources. Inf. Comput. 250, 59–86 (2016)
Dennis, E., Kitaev, A., Landahl, A., Preskill, J.: Topological quantummemory. J. Math. Phys. 43, 4452–4505 (2002)
Deutsch, D.E.: Quantum computational networks. Proc. R. Soc. Lond. A 425, 73–90 (1989)
Feynman, R.P.: Quantum mechanical computers. Found. Phys. 16, 507–531 (1986)
Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surfacecodes: towards practical large-scale quantum computation. Phys. Rev. A 86, 032324 (2012)
Fowler, A.G., Whiteside, A.C., Hollenberg, L.C.L.: Towards practical classical processing for the surface code. Phys. Rev. Lett. 108, 180501 (2012)
Giovannetti, V., Lloyd, S., Maccone, L.: Architectures for a quantum random access memory. Phys. Rev. A 78, 052310 (2008)
Jao, D., et al.: Supersingular isogeny key encapsulation. Submission to NIST post-quantum project (2017). https://sike.org/#nist-submission
Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2
Jeffery, S.: Frameworks for quantum algorithms. Ph.D. thesis, University of Waterloo (2014)
Jeffery, S., Magniez, F., De Wolf, R.: Optimal parallel quantum query algorithms. Algorithmica 79, 509–529 (2017)
Jordan, S.P.: Fast quantum computation at arbitrarily low energy. Phys. Rev. A 95, 032305 (2017)
Kachigar, G., Tillich, J.-P.: Quantum information set decoding algorithms. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 69–89. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_5
Karp, R.M., Ramachandran, V.: A survey of parallel algorithms for shared-memory machines, Technical report UCB/CSD-88-408, EECS Department, University of California, Berkeley, March 1988
Kitaev, A.: Fault-tolerant quantum computation by anyons. Ann. Phys. 303, 2–30 (2003)
Kitaev, A., Shen, A., Vyalyi, M.N.: Classical and Quantum Computation, no. 47. American Mathematical Society, Providence (2002)
Laarhoven, T., Mosca, M., van de Pol, J.: Finding shortest lattice vectors faster using quantum search. Des. Codes Crypt. 77, 375–400 (2015)
Le Gall, F., Nakajima, S.: Quantum algorithm for triangle finding in sparse graphs. Algorithmica 79, 941–959 (2017)
Magniez, F., Nayak, A., Roland, J., Santha, M.: Search via quantum walk. SIAM J. Comput. 40, 142–164 (2011)
McDermott, R., et al.: Quantum-classical interface based onsingle flux quantum digital logic. Quantum Sci. Technol. 3, 024004 (2018)
Moore, C.: Quantum circuits: Fanout, parity, and counting, arXiv preprint (1999). https://arxiv.org/abs/quant-ph/9903046
National Institute of Standards and Technology, Submission requirements and evaluation criteria or the post-quantum cryptography standardization process (2017). https://csrc.nist.gov/csrc/media/projects/post-quantum-cryptography/documents/call-for-proposals-final-dec-2016.pdf
Peierls, R.: On Ising’s model of ferromagnetism. In: Mathematical Proceedings Cambridge Philosophical Society, vol. 32, pp. 477–481. Cambridge University Press, Cambridge (1936)
Szegedy, M.: Quantum speed-up of Markov chain based algorithms. In: 2004 IEEE Symposium on Foundations of Computer Science, pp. 32–41, October 2004
Takahashi, Y., Tani, S., Kunihiro, N.: Quantum addition circuits and unbounded fan-out. Quantum Inf. Comput. 10, 872–890 (2010)
Tani, S.: An improved claw finding algorithm using quantum walk. In: Kučera, L., Kučera, A. (eds.) MFCS 2007. LNCS, vol. 4708, pp. 536–547. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74456-6_48
Terhal, B.M.: Quantum error correction for quantum memories. Rev. Modern Phys. 87, 307 (2015)
Thapliyal, H., Ranganathan, N., Ferreira, R.: Design of a comparator tree based on reversible logic. In: 2010 IEEE International Conference on Nanotechnology, pp. 1113–1116 (2010)
Wang, A., Woo, W.D.: Static magnetic storage and delay line. J. Appl. Phys. 21, 49–54 (1950)
Wendin, G.: Quantum information processing with superconducting circuits: a review. Rep. Prog. Phys. 80, 106001 (2017)
Zalka, C.: Grover’s quantum searching algorithm is optimal. Phys. Rev. A 60, 2746 (1999)
Acknowledgements
We thank Alfred Menezes for helpful comments on this paper. Samuel Jaques acknowledges the support of the Natural Sciences and Engineering Research Council of Canada (NSERC). This work was supported by Canada’s NSERC CREATE program. IQC is supported in part by the Government of Canada and the Province of Ontario.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Association for Cryptologic Research
About this paper
Cite this paper
Jaques, S., Schanck, J.M. (2019). Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE. In: Boldyreva, A., Micciancio, D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019. Lecture Notes in Computer Science(), vol 11692. Springer, Cham. https://doi.org/10.1007/978-3-030-26948-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-26948-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26947-0
Online ISBN: 978-3-030-26948-7
eBook Packages: Computer ScienceComputer Science (R0)