Abstract
Owing to smaller key size, hyperelliptic curve cryptosystem (HCC) has attracted much attention in modern cryptography, which is generally based on the discrete logarithm problem on the hyperelliptic curves of genus 2 (HCDLP). Unfortunately, quantum computation may threaten this widely applied cryptosystem, yet the exact quantum cost of HCDLP is still unexploited because of complicated divisor addition formulae. In this work, we present the concrete quantum resource estimate for Shor’s algorithm to compute HCDLP over the Mersenne prime fields. For this aim, we first modify basic modular operations for quantum computation. Then, we realize the quantum circuit from the reversible transforms of divisor additions. As the core of our work, the transforms have been decomposed into the straight-line program of basic modular operations with minimal auxiliary registers. Finally, we expound that the HCDLP over an n-bit Mersenne prime field can be computed on a quantum computer with \(3344n^{3}-72n^{2}-1360n\) Toffoli gates using \(20n+2\lceil \log n\rceil +10\) qubits. In particular, under the 128-bit security level, the quantum circuit for HCDLP over the Mersenne prime field \(\mathbb {F}_{2^{127}-1}\) requires more quantum resources than that of ECDLP over the generic prime fields.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.
References
Adleman, L.M., DeMarrais, J., Huang, M.A.: A subexponential algorithm for discrete logarithms over the rational subgroup of the Jacobians of large genus hyperelliptic curves over finite fields. In: Adleman, L.M., Huang, M.A. (eds.) ANTS 1994, LNCS, vol. 877, pp. 28–40. Springer, Berlin, Heidelberg (1994)
Banegas, G., Bernstein, D.J., van Hoof, I., Lange, T.: Concrete quantum cryptanalysis of binary elliptic curves. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 451–472 (2021)
Bernstein, D.J., Chuengsatiansup, C., Lange, T., Schwabe, P.: Kummer strikes back: new DH speed records. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, LNCS, vol. 8873, pp. 317–337. Springer, Berlin, Heidelberg (2014)
Bos, J.W., Costello, C., Miele, A.: Elliptic and hyperelliptic curves: a practical security analysis. In: Krawczyk, H. (ed.) PKC 2014, LNCS, vol. 8383, pp. 203–220. Springer, Berlin, Heidelberg (2014)
Childs, A.M., van Dam, W.: Quantum algorithms for algebraic problems. Rev. Modern Phys. 82(1), 1–52 (2010)
Chudnovsky, D.V., Chudnovsky, G.V.: Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Adv. Appl. Math. 7(4), 385–434 (1986)
Cohen, H., Frey, G., Avanzi, R., Doche, C., Lange, T., Nguyen, K., Vercauteren, F. (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography. Chapman and Hall/CRC, New York (2005)
Cosset, R.: Factorization with genus 2 curves. Math. Comput. 79(270), 1191–1208 (2010)
Cuccaro, S.A., Draper, T.G., Kutina, S.A., Moulton, D.P.: A new quantum ripple-carry addition circuit. arXiv (2004). arXiv:quant-ph/0410184
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Gaudry, P.: Fast genus 2 arithmetic based on Theta functions. J. Math. Cryptol. 1(3), 243–265 (2007)
Häner, T., Jaques, S., Naehrig, M., Roetteler, M., Soeken, M.: Improved quantum circuits for elliptic curve discrete logarithms. In: Ding, J., Tillich, J. (eds.) PQCrypto 2020, LNCS, vol. 12100, pp. 425–444. Springer, Cham (2020)
Häner, T., Roetteler, M., Svore, K.M.: Factoring using \(2n+2\) qubits with Toffoli based modular multiplication. Quantum Inf. Comput. 17(7 &8), 673–684 (2017)
Hisil, H., Costello, C.: Jacobian coordinates on genus 2 curves. J. Cryptol. 30(2), 572–600 (2017)
Hu, Z., Lin, D., Zhao, C.: Fast scalar multiplication of degenerate divisors for hyperelliptic curve cryptosystems. Appl. Math. Comput. 404, 126–239 (2021)
Huang, Y., Su, Z., Zhang, F., Ding, Y., Cheng, R.: Quantum algorithm for solving hyperelliptic curve discrete logarithm problem. Quantum Inf. Process. 19(2), 62 (2020)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 48(177), 203–209 (1987)
Koblitz, N.: Hyperelliptic cryptosystems. J. Cryptol. 1(3), 139–150 (1989)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 85, LNCS, vol. 218, pp. 417–426. Springer, Berlin, Heidelberg (1985)
Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput. 3(4), 317–344 (2003)
Renes, J., Smith, B.: qDSA: small and secure digital signatures with curve-based Diffie-Hellman key pairs. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, LNCS, vol. 10625, pp. 273–302. Springer, Cham (2017)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.E.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, LNCS, vol. 10625, pp. 241–270. Springer, Cham (2017)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual symposium on foundations of computer science, pp. 124–134. IEEE Computer Society, Santa Fe (1994)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Svore, K.M., Geller, A., Troyer, M., Azariah, J., Granade, C.E., Heim, B., Kliuchnikov, V., Mykhailova, M., Paz, A., Roetteler, M.: Q#: Enabling scalable quantum computing and development with a high-level DSL. In: RWDSL@CGO 2018, pp. 7:1 –7:10. ACM, New York (2018)
Wecker, D., Svore, K.M.: LIQU\(i|{}\rangle \) : A software design architecture and domain-specific language for quantum computing. CoRR abs/1402.4467 (2014)
Acknowledgements
This work is supported by the National Natural Science Foundation of China (Nos. 61972429 and 62272491) and the Guangdong Major Project of Basic and Applied Basic Research (2019B030302008) and the National R &D Key Program of China under Grant (2022YFB2701500) and General Project of Hunan Provincial Department of Education (No. 21C0326) and Hunan Provincial Natural Science Foundation of China (No. 2022JJ40154).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that there is no conflict of interest regarding the publication of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Chen, C., Guan, P., Huang, Y. et al. Quantum circuits for hyperelliptic curve discrete logarithms over the Mersenne prime fields. Quantum Inf Process 22, 274 (2023). https://doi.org/10.1007/s11128-023-04017-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11128-023-04017-x