Concrete quantum cryptanalysis of binary elliptic curves

Concrete quantum cryptanalysis of binary elliptic curves

Show other versions (1)

This paper analyzes and optimizes quantum circuits for computing discrete logarithms on binary elliptic curves, including reversible circuits for fixed-base-point scalar multiplication and the full stack of relevant subroutines. The main optimization target is the size of the quantum computer, i.e....

Full description

Bibliographic Details
Main Authors: Gustavo Banegas, Daniel J. Bernstein, Iggy van Hoof, Tanja Lange
Format: Article
Language:English
Published: Ruhr-Universität Bochum 2020-12-01
Series:Transactions on Cryptographic Hardware and Embedded Systems
Subjects:
Quantum cryptanalysis
elliptic curves
quantum resource estimation
quantum gates
Shor’s algorithm
Online Access:https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/8741
id doaj-79191575cd204a8eb5a7a1fbde0c70d2
record_format Article
spelling doaj-79191575cd204a8eb5a7a1fbde0c70d22021-02-03T15:50:00ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252020-12-0120211Concrete quantum cryptanalysis of binary elliptic curvesGustavo Banegas0Daniel J. Bernstein1Iggy van Hoof2Tanja Lange3Chalmers University of Technology, Gothenburg, SwedenUniversity of Illinois at Chicago, Chicago, USA; Ruhr University Bochum, Bochum, GermanyEindhoven University of Technology, Eindhoven, The NetherlandsEindhoven University of Technology, Eindhoven, The Netherlands This paper analyzes and optimizes quantum circuits for computing discrete logarithms on binary elliptic curves, including reversible circuits for fixed-base-point scalar multiplication and the full stack of relevant subroutines. The main optimization target is the size of the quantum computer, i.e., the number of logical qubits required, as this appears to be the main obstacle to implementing Shor’s polynomial-time discrete-logarithm algorithm. The secondary optimization target is the number of logical Toffoli gates. For an elliptic curve over a field of 2n elements, this paper reduces the number of qubits to 7n + ⌊log2(n)⌋ + 9. At the same time this paper reduces the number of Toffoli gates to 48n3 + 8nlog2(3)+1 + 352n2 log2(n) + 512n2 + O(nlog2(3)) with double-and-add scalar multiplication, and a logarithmic factor smaller with fixed-window scalar multiplication. The number of CNOT gates is also O(n3). Exact gate counts are given for various sizes of elliptic curves currently used for cryptography. https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/8741Quantum cryptanalysiselliptic curvesquantum resource estimationquantum gatesShor’s algorithm
collection DOAJ
language English
format Article
sources DOAJ
author Gustavo Banegas
Daniel J. Bernstein
Iggy van Hoof
Tanja Lange
spellingShingle Gustavo Banegas
Daniel J. Bernstein
Iggy van Hoof
Tanja Lange
Concrete quantum cryptanalysis of binary elliptic curves
Transactions on Cryptographic Hardware and Embedded Systems
Quantum cryptanalysis
elliptic curves
quantum resource estimation
quantum gates
Shor’s algorithm
author_facet Gustavo Banegas
Daniel J. Bernstein
Iggy van Hoof
Tanja Lange
author_sort Gustavo Banegas
title Concrete quantum cryptanalysis of binary elliptic curves
title_short Concrete quantum cryptanalysis of binary elliptic curves
title_full Concrete quantum cryptanalysis of binary elliptic curves
title_fullStr Concrete quantum cryptanalysis of binary elliptic curves
title_full_unstemmed Concrete quantum cryptanalysis of binary elliptic curves
title_sort concrete quantum cryptanalysis of binary elliptic curves
publisher Ruhr-Universität Bochum
series Transactions on Cryptographic Hardware and Embedded Systems
issn 2569-2925
publishDate 2020-12-01
description This paper analyzes and optimizes quantum circuits for computing discrete logarithms on binary elliptic curves, including reversible circuits for fixed-base-point scalar multiplication and the full stack of relevant subroutines. The main optimization target is the size of the quantum computer, i.e., the number of logical qubits required, as this appears to be the main obstacle to implementing Shor’s polynomial-time discrete-logarithm algorithm. The secondary optimization target is the number of logical Toffoli gates. For an elliptic curve over a field of 2n elements, this paper reduces the number of qubits to 7n + ⌊log2(n)⌋ + 9. At the same time this paper reduces the number of Toffoli gates to 48n3 + 8nlog2(3)+1 + 352n2 log2(n) + 512n2 + O(nlog2(3)) with double-and-add scalar multiplication, and a logarithmic factor smaller with fixed-window scalar multiplication. The number of CNOT gates is also O(n3). Exact gate counts are given for various sizes of elliptic curves currently used for cryptography.
topic Quantum cryptanalysis
elliptic curves
quantum resource estimation
quantum gates
Shor’s algorithm
url https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/8741
work_keys_str_mv AT gustavobanegas concretequantumcryptanalysisofbinaryellipticcurves
AT danieljbernstein concretequantumcryptanalysisofbinaryellipticcurves
AT iggyvanhoof concretequantumcryptanalysisofbinaryellipticcurves
AT tanjalange concretequantumcryptanalysisofbinaryellipticcurves
_version_ 1724286523219640320

Similar Items