Abstract
Grover’s search algorithm allows a quantum attack against block ciphers by searching for an n-bit secret key in time \(O(2^{n/2})\). In the PQC standardization process, NIST defined the security categories by imposing the upper bound on the depth of the quantum circuit of the Grover oracle. In this work, we study quantum key search attacks on lightweight block ciphers under depth constraints. We design optimized quantum circuits for GIFT, SKINNY, and SATURNIN and enumerate the quantum resources to implement the Grover oracle in terms of the number of qubits, Clifford+T gates, and circuit depth. We also give the concrete cost of Grover oracle for these ciphers in both the gate-count and depth-times-width cost models. We then present the cost estimates of Grover-based key search attacks on these ciphers under NIST’s depth constraints. We also release Q# implementations of the full Grover oracle for all the variants of GIFT, SKINNY, and SATURNIN to automatically reproduce our quantum resource estimates.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Almazrooie, M., Samsudin, A., Abdullah, R., Mutter, K.N.: Quantum reversible circuit of AES-128. Quantum Inf. Process. 17(5), 112 (2018)
Anand, R., Maitra, A., Maitra, S., Mukherjee, C.S., Mukhopadhyay, S.: Quantum resource estimation for fsr based symmetric ciphers and related grover’s attacks. In: Adhikari, A., Küsters, R., Preneel, B. (eds.) INDOCRYPT 2021. LNCS, vol. 13143, pp. 179–198. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92518-5_9
Anand, R., Maitra, A., Mukhopadhyay, S.: Grover on SIMON. Quantum Inf. Process. 19(9), 340 (2020)
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Yu., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Boyar, J., Peralta, R.: A small depth-16 circuit for the aes s-box. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 287–298. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_24
Canteaut, A., et al.: Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. IACR Trans. Symmetric Cryptol. 2020(S1), 160–207 (2020)
Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surface codes: towards practical large-scale quantum computation. Phys. Rev. A 86, 032324 (2012)
Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying grover’s algorithm to aes: quantum resource estimates. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 29–43. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_3
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp. 212–219. ACM, Pennsylvania, USA (1996)
Grover, L.K., Rudolph, T.: How significant are the known collision and element distinctness quantum algorithms? Quantum Inf. Comput. 4(3), 201–206 (2004)
Jang, K., Choi, S., Kwon, H., Kim, H., Park, J., Seo, H.: Grover on korean block ciphers. Appl. Sci. 10, 1–25 (2020)
Jang, K., Choi, S., Kwon, H., Seo, H.: Grover on SPECK: quantum resource estimates. IACR Cryptol. ePrint Arch, p. 640 (2020)
Jang, K., Song, G., Kim, H., Kwon, H., Kim, H., Seo, H.: Efficient implementation of PRESENT and GIFT on quantum computers. Appl. Sci. 11(11), 4776 (2021)
Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing Grover oracles for quantum key search on AES and LowMC. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 280–310. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_10
Jaques, S., Schanck, J.M.: Quantum cryptanalysis in the ram model: claw-finding attacks on SIKE. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 32–61. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_2
Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15
Jones, C.: Low-overhead constructions for the fault-tolerant toffoli gate. Phys. Rev. A 87, 022328 (2013)
Kim, P., Han, D., Jeong, K.C.: Time-space complexity of quantum search algorithms in symmetric cryptanalysis: applying to AES and SHA-2. Quantum Inf. Process. 17(12), 339 (2018)
Langenberg, B., Pham, H., Steinwandt, R.: Reducing the cost of implementing the advanced encryption standard as a quantum circuit. IEEE Trans. Quantum Eng. 1, 1–12 (2020)
Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information: 10th anniversary edition. Cambridge University Press (2010)
NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf/
Schlieper, L.: In-place implementation of quantum-gimli (2020). https://arxiv.org/abs/2007.06319
Selinger, P.: Quantum circuits of \(t\)-depth one. Phys. Rev. A 87, 042302 (2013)
Shor, P.W.: Polynomial time algorithms for discrete logarithms and factoring on a quantum computer. In: Adleman, L.M., Huang, M.-D. (eds.) ANTS 1994. LNCS, vol. 877, pp. 289–289. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58691-1_68
Svore, K.M., et al.: Q#: Enabling scalable quantum computing and development with a high-level DSL. In: Proceedings of the Real World Domain Languages Workshop, pp. 7:1–7:10. ACM, Austria (2018)
William Stein et al.: Sagemath, the sage mathematics software system version 8.1 (2017). https://www.sagemath.org
Zalka, C.: Grover’s quantum searching algorithm is optimal. Phys. Rev. A 60(4), 2746–2751 (1999)
Zou, J., Wei, Z., Sun, S., Liu, X., Wu, W.: Quantum circuit implementations of AES with fewer qubits. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 697–726. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_24
Acknowledgment
We would like to thank the anonymous reviewers of ACISP 2022 for their insightful comments and suggestions, which has significantly improved the presentation and technical quality of this work. The second author would also like to thank MATRICS grant 2019/1514 by the Science and Engineering Research Board (SERB), Dept. of Science and Technology, Govt. of India for supporting the research carried out in this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bijwe, S., Chauhan, A.K., Sanadhya, S.K. (2022). Implementing Grover Oracle for Lightweight Block Ciphers Under Depth Constraints. In: Nguyen, K., Yang, G., Guo, F., Susilo, W. (eds) Information Security and Privacy. ACISP 2022. Lecture Notes in Computer Science, vol 13494. Springer, Cham. https://doi.org/10.1007/978-3-031-22301-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-22301-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22300-6
Online ISBN: 978-3-031-22301-3
eBook Packages: Computer ScienceComputer Science (R0)