# Implementing Grover Oracles for Quantum Key Search on AES and LowMC

@article{Jaques2019ImplementingGO,
title={Implementing Grover Oracles for Quantum Key Search on AES and LowMC},
author={Samuel Jaques and Michael Naehrig and Martin Roetteler and Fernando Virdia},
journal={Advances in Cryptology – EUROCRYPT 2020},
year={2019},
volume={12106},
pages={280 - 310}
}
• Published 3 October 2019
• Computer Science, Mathematics
• Advances in Cryptology – EUROCRYPT 2020
Grover’s search algorithm gives a quantum attack against block ciphers by searching for a key that matches a small number of plaintext-ciphertext pairs. This attack uses \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$O(\sqrt{N})$$\end{document}O(N) calls to the cipher to search a key space of size N. Previous work…
102 Citations
• Materials Science, Computer Science
Quantum Information Processing
• 2021
This work designed a reversible quantum circuit of ChaCha and then estimated the resources required to implement Grover and implemented a ChaChA-like toy cipher in IBMQ simulator and recovered key using Grover’s algorithm.
• Computer Science
Quantum Information Processing
• 2022
This paper presents optimized quantum circuits for Korean block ciphers based on ARX architectures and adopts the optimal quantum adder and design it in parallel way to provide performance improvements of 78%, 85%, and 70% in terms of circuit depth for LEA, HIGHT, and CHAM while keeping the number of qubits and quantum gates minimum.
• Hongwei Li
• Computer Science
Quantum Information Processing
• 2020
The quantum algorithm is generalized to apply for an n variable m output Boolean function F with query complexity O(2mlog1δϵ4) and setlength{\oddsidemargin}{-69pt} is given.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2020
A detailed study of the cost of the quantum key search attack using Grover and connects Grover with BSW sampling for stream ciphers with low sampling resistance, showing that cryptanalysis is possible with gates count less than 2 and providing a clear view of the exact status of quantum cryptanalysis against FSR based symmetric cipher.
• Computer Science, Mathematics
Quantum Inf. Process.
• 2020
Grover’s search algorithm on all the variants of S I M O N and enumerate the quantum resources to implement such attack in terms of NOT, CNOT and Toffoli gates and the number of qubits required for the attack is presented.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2020
This work presents quantum circuits for the lightweight block ciphers GIFT, SKINNY, and SATURNIN and gives overall cost in both the gate count and depth-times-width cost metrics, under NIST’s maximum depth constraints.
• Computer Science
Quantum Information Processing
• 2021
This work targets the lightweight block cipher Rectangle and the Authenticated Encryption with Associated Data (AEAD) Knot which is based on Rectangle; and implements those in the ProjectQ library (an open-source quantum compatible library designed by researchers from ETH Zurich).
• Computer Science
Scientific reports
• 2022
The improved circuit implementation of the HHL algorithm can effectively reduce quantum resources without losing the fidelity of the results and is verified by IBM's qiskit.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2020
An optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis are proposed.
• Computer Science, Mathematics
Journal of Cryptology
• 2021
The security of both the permutation and the constructions that are based on it are studied and a practical distinguisher on 23 out of the full 24 rounds of Gimli's permutation was presented at CHES 2017.

## References

SHOWING 1-10 OF 66 REFERENCES

• Itai Dinur
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2018
A block cipher family designed in 2015 by Albrecht et al. is optimized for practical instantiations of multi-party computation, fully homomorphic encryption, and zero-knowledge proofs.
Two constructions for the Toffoli gate are presented which substantially reduce resource costs in fault-tolerant quantum computing and a quantum circuit is presented which can detect a single ${\ensuremath{\sigma}}^{z}$ error occurring with probability $p$ in any one of eight $T$ gates required to produce the ToFFoli gate.
• Computer Science
PQCrypto
• 2016
It is established that for all three variants of AES key size 128, 192, and 256i¾źbit that are standardized in FIPS-PUB 197, there are precise bounds for the number of qubits and thenumber of elementary logical quantum gates that are needed to implement Grover's quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs.
• Computer Science
• 2018
A quantum algorithm for preparing any dimension-$N$ pure quantum state specified by a list of classical numbers, that realizes a trade-off between space and T-gates and is, in the best case, a quadratic improvement in T-count over prior ancillary-free approaches.
• Computer Science, Mathematics
Quantum Inf. Process.
• 2018
To maintain the key uniqueness when the quantum AES-128 is employed as a Boolean function within a Black-box in other key searching quantum algorithms, a method with a cost of 930 qubits is also proposed.
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2019
This paper analyzes for the first time the post-quantum security of AES, and proposes a new framework for structured search that encompasses both the classical and quantum attacks, and allows to efficiently compute their complexity.
I show that for any number of oracle lookups up to about {pi}/4thinsp{radical} (N) , Grover{close_quote}s quantum searching algorithm gives the maximal possible probability of finding the desired
• Computer Science, Mathematics
CCS
• 2017
We propose a new class of post-quantum digital signature schemes that: (a) derive their security entirely from the security of symmetric-key primitives, believed to be quantum-secure, and (b) have
• Computer Science
IACR Cryptol. ePrint Arch.
• 2018
A framework for estimating time–space complexity, with carefully accounting for characteristics of target cryptographic functions, is provided, applied to representative cryptosystems NIST as a guideline for security parameters, reassessing the security strengths of AES and SHA-2.
• Computer Science, Physics
IEEE Transactions on Quantum Engineering
• 2020
This article presents a quantum circuit to implement the S-box of AES and identifies new quantum circuits for all three AES key lengths that can be used to simplify a Grover-based key search for AES.