Abstract
This paper presents a quantum algorithm to decide whether a Boolean equation system \(\mathcal{F}\) has a solution and to compute one if \(\mathcal{F}\) does have solutions with any given success probability. The runtime complexity of the algorithm is polynomial in the size of \(\mathcal{F}\) and the condition number of certain Macaulay matrix associated with \(\mathcal{F}\). As a consequence, the authors give a polynomial-time quantum algorithm for solving Boolean equation systems if their condition numbers are polynomial in the size of \(\mathcal{F}\). The authors apply the proposed quantum algorithm to the cryptanalysis of several important cryptosystems: The stream cipher Trivum, the block cipher AES, the hash function SHA-3/Keccak, the multivariate public key cryptosystems, and show that they are secure under quantum algebraic attack only if the corresponding condition numbers are large. This leads to a new criterion for designing such cryptosystems which are safe against the attack of quantum computers: The corresponding condition number.
Similar content being viewed by others
References
Harrow A W, Hassidim A, and Lloyd S, Quantum algorithm for linear systems of equations, Physical Review Letters, 2009, 103(15): 150502.
Ambainis A, Variable time amplitude amplification and a faster quantum algorithm for solving systems of linear equations, Proc. STACS, 2012, 636–647.
Childs A M, Kothari R, and Somma R D, Quantum algorithm for systems of linear equations with exponentially improved dependence on precision, SIAM J. Comput., 2017, 46(6): 1920–1950.
Ding J, Gower J E, and Schmidt D S, Multivariate Public Key Cryptosystems, Springer, New York, 2006.
Murphy S and Robshaw M, Essential algebraic structure within the AES, CRYPTO’02, 2002, 1–16.
Teo S G, Wong K K H, Bartlett H, et al., Algebraic analysis of Trivium-like ciphers, Proceedings of the Twelfth Australasian Information Security Conference-Volume 149 Australian Computer Society, Inc., 2014, 77–81.
Wu C K and Feng D, Boolean Functions and Their Applications in Cryptography, Springer, New York, 2016.
Macaulay F S, Some formulas in elimination, Proc. of the London Mathematical Society, 1902, 35(1): 3–38.
Faugere J C, A new efficient algorithm for computing Gröbner bases (F4), J. Pure. Appl. Algebra, 1999, 139: 61–88.
Courtois N, Klimov A, Patarin J, et al., Efficient algorithms for solving overdefined systems of multivariate polynomial equations, Eurocrypt’00, LNCS, Springer, Berlin, 2000, 1807: 392–407.
Lazard D, Gröbner bases, Gaussian elimination and resolution of systems of algebraic equations, Proc. Eurocal 83, LNCS, Springer, Berlin, 1983, 162: 146–156.
Caminata A and Gorla E, Solving multivariate polynomial systems and an invariant from commutative algebra, 2017, arXiv: 1706.06319.
Aharonov D and Ta-Shma A, Adiabatic quantum state generation and statistical zero knowledge, Proc. STOC’03, ACM Press, New York, 2003, 20–29.
Cao Y, Daskin A, Frankel S, et al., Quantum circuit design for solving linear systems of equations, Molecular Physics, 2012, 110: 1675–1680.
Grover L K, A fast quantum mechanical algorithm for database search, Proc. STOC’96, ACM Press, 1996, 212–219.
Schwabe P and Westerbaan B, Solving binary MQ with Grover’s algorithm, SPACE’16, LNCS, 2016, 10076: 303–322.
Faugere J C, Horan K, Kahrobaei D, et al., Fast quantum algorithm for solving multivariate quadratic equations, 2017, arXiv: 1712.07211.
Grassl M, Langenberg B, Roetteler M, et al., Applying Grover’s algorithm to AES: Quantum resource estimates, International Workshop on Post-Quantum Cryptography Post-Quantum Cryptography, Springer, New York, 2016, 29–43.
Berry D W, Childs A M, and Kothari R, Hamiltonian simulation with nearly optimal dependence on all parameters, Proc. 56th FOCS, 2015, 792–809.
Berry D W, Ahokas G, Cleve R, et al., Efficient quantum algorithms for simulating sparse Hamiltonians, Communications in Mathematical Physics, 2007, 270(2): 359–371.
Cox D, Little J, and O’Shea D, Using Algebraic Geometry, Springer, New York, 1998.
Daemen J and Rijmen V, AES Proposal: Rijndael, NIST, Maryland, 1999.
Chen Y A and Gao X S, Quantum algorithms for Boolean equation solving and quantum algebraic attack on cryptosystems, 2017, arXiv: 1712.06239.
Canniére C D and Preneel B, Trivium, New Stream Cipher Designs: The eSTREAM Finalists, LNCS, Springer, 2008, 4986: 244–266.
Bertoni G, Daemen J, Peeters M, et al., Keccak sponge function family main document, Submission to NIST (Round 2), 2009, 3: 30.
Song L, Liao G, and Guo J, Non-full Sbox linearization: Applications to collision attacks on round-reduced Keccak, CRYPTO’17, Springer, 2017, 428–451.
Huang S, Wang X, Xu G, et al., Conditional cube attack on reduced-round Keccak sponge function, EUROCRYPT 2017, Springer, 2017, 259–288.
Yasuda T, Dahan X, Huang Y J, et al., MQ Challenge: Hardness evaluation of solving multivariate quadratic problems, The NIST Workshop on Cybersecurity in a Post-Quantum World, 2015, https://www.mqchallenge.org/.
Bardet M, Faugere J C, Salvy B, et al., On the complexity of solving quadratic Boolean systems, Journal of Complexity, 2013, 29(1): 53–75.
Gao X S and Huang Z, Characteristic set algorithms for equation solving in finite fields, Journal of Symbolic Computation, 2012, 47: 655–679.
Chen Y A, Gao X S, and Yuan C M, Quantum algorithms for optimization and polynomial systems Sslving over finite fields, 2018, arXiv: 1802.03856.
Chung F R and Graham F C, Spectral Graph Theory, American Mathematical Soc., Providence, 1997.
Fiedler M, Algebraic connectivity of graphs, Czechoslovak Mathematical Journal, 1973, 23(2): 298–305.
De Abreu N M M, Old and new results on algebraic connectivity of graphs, Linear Algebra and Its Applications, 2007, 423(1): 53–73.
Anderson W N and Morley T D, Eigenvalues of the Laplacian of a graph, Linear and Multilinear Algebra, 1985, 18(2): 141–145.
Author information
Authors and Affiliations
Corresponding author
Additional information
This research was supported by the National Natural Science Foundation of China under Grant No. 11688101 and NKRDP 2018YFA0704705.
This paper was recommended for publication by Editor LI Hongbo.
Rights and permissions
About this article
Cite this article
Chen, YA., Gao, XS. Quantum Algorithm for Boolean Equation Solving and Quantum Algebraic Attack on Cryptosystems. J Syst Sci Complex 35, 373–412 (2022). https://doi.org/10.1007/s11424-020-0028-6
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11424-020-0028-6