Abstract
Thus far, several papers reported concrete resource estimates of Shor’s quantum algorithm for solving the elliptic curve discrete logarithm problem (ECDLP). In this paper, we study quantum FLT-based inversion algorithms over binary elliptic curves. There are two major algorithms proposed by Banegas et al. and Putranto et al., where the former and latter algorithms achieve fewer numbers of qubits and smaller depths of circuits, respectively. We propose two quantum FLT-based inversion algorithms that essentially outperform previous FLT-based algorithms and compare the performance for NIST curves of the degree n. Specifically, for all n, our first algorithm achieves fewer qubits than Putranto et al.’s one without sacrificing the number of Toffoli gates and the depth of circuits, while our second algorithm achieves smaller depths of circuits without sacrificing the number of qubits and Toffoli gates. For example, when \(n = 571\), the number of qubits of our first algorithm is 74% of that of Putranto et al.’s one, while the depth of our second algorithm is 83% of that of Banegas et al.’s one. The improvements stem from the fact that FLT-based inversions can be performed with arbitrary sequences of addition chains for \(n - 1\) although both Banegas et al. and Putranto et al. follow fixed sequences that were introduced by Itoh and Tsujii’s classical FLT-based inversion. In particular, we analyze how several properties of addition chains, which do not affect the computational resources of classical FLT-based inversions, affect the computational resources of quantum FLT-based inversions and find appropriate sequences.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
FLT is the abbreviation of Fermat’s little theorem.
- 2.
A point addition for canceling is contained. See Banegas et al.’s paper [4] for detailed information.
References
Amico, M., Saleem, Z.H., Kumph, M.: Experimental study of Shor’s factoring algorithm using the IBM Q experience. Phys. Rev. A 100, 012305 (2019)
Azarderakhsh, R., Järvinen, K., Dimitrov, V.: Fast inversion in \({\text{ gf }(2^m)}\) with normal basis using hybrid-double multipliers. IEEE Trans. Comput. 63(4), 1041–1047 (2012)
Babbush, R., et al.: Encoding electronic spectra in quantum circuits with linear T complexity. Phys. Rev. X 8(4) (2018). https://doi.org/10.1103/physrevx.8.041015
Banegas, G., Bernstein, D.J., van Hoof, I., Lange, T.: Concrete quantum cryptanalysis of binary elliptic curves. IACR Trans. CHES 2021(1), 451–472 (2020)
Beauregard, S.: Circuit for Shor’s algorithm using \(2n+3\) qubits. Quantum Inf. Comput. 3, 175–185 (2003)
Bernstein, D.J., Yang, B.: Fast constant-time GCD computation and modular inversion. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(3), 340–398 (2019)
Boudot, F., Gaudry, P., Guillevic, A., Heninger, N., Thomé, E., Zimmermann, P.: Comparing the difficulty of factorization and discrete logarithm: a 240-digit experiment. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 62–91. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_3
Cameron, F., Patrick, D.: FIPS pub 186-4 Digital Signature Standard (DSS). In: NIST, pp. 92–101 (2013)
Canto, A.C., Kermani, M.M., Azarderakhsh, R.: CRC-based error detection constructions for FLT and ITA finite field inversions over \(\text{ GF }(2^m)\). IEEE Trans. VLSI Syst. 29(5), 1033–1037 (2021)
Duan, Z.C., et al.: Proof-of-principle demonstration of compiled Shor’s algorithm using a quantum dot single-photon source. Opt. Express 28, 18917–18930 (2020)
Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surface codes: towards practical large-scale quantum computation. Phys. Rev. A 86, 032324 (2012)
Gidney, C.: Windowed quantum arithmetic (2019)
Gidney, C., Ekerå, M.: How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. Quantum 5, 433 (2021)
Gouzien, E., Sangouard, N.: Factoring 2048-bit RSA integers in 177 days with 13 436 qubits and a multimode memory. Phys. Rev. Lett. 127, 140503 (2021)
Griffiths, R.B., Niu, C.S.: Semiclassical Fourier transform for quantum computation. Phys. Rev. Lett. 76(17), 3228–3231 (1996). https://doi.org/10.1103/physrevlett.76.3228
Guajardo, J., Paar, C.: Itoh-Tsujii inversion in standard basis and its application in cryptography and codes. Des. Codes Crypt. 25(2), 207–216 (2002)
Ha, J., Lee, J., Heo, J.: Resource analysis of quantum computing with noisy qubits for Shor’s factoring algorithms. Quantum Inf. Process. 21(2), 60 (2022)
Haener, T., Roetteler, M., Svore, K.M.: Factoring using \(2n+2\) qubits with Toffoli based modular multiplication. Quantum Inf. Comput. 18(7–8), 673–684 (2017)
Häner, T., Jaques, S., Naehrig, M., Roetteler, M., Soeken, M.: Improved quantum circuits for elliptic curve discrete logarithms. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 425–444. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_23
Hu, J., Guo, W., Wei, J., Cheung, R.C.: Fast and generic inversion architectures over \(\text{ GF }(2^m)\) using modified Itoh–Tsujii algorithms. IEEE Trans. Circuits Syst. II Express Briefs 62(4), 367–371 (2015)
Iggy, V.H.: Quantum modulo karatsuba multiplier for binary polynomials (2019). https://github.com/ikbenbeter/QMKMBP
Iggy, V.H.: Space-efficient quantum multiplication of polynomials for binary finite fields with sub-quadratic Toffoli gate count. CoRR abs/1910.02849 (2019)
Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in \(\text{ GF }(2^m)\) using normal bases. Inf. Comput. 78(3), 171–177 (1988)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Kunihiro, N.: Exact analyses of computational time for factoring in quantum computers. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 88-A(1), 105–111 (2005)
Lanyon, B.P., et al.: Experimental demonstration of a compiled version of Shor’s algorithm with quantum entanglement. Phys. Rev. Lett. 99, 250505 (2007)
Lu, C.Y., Browne, D.E., Yang, T., Pan, J.W.: Demonstration of a compiled version of Shor’s quantum factoring algorithm using photonic qubits. Phys. Rev. Lett. 99, 250504 (2007)
Lucero, E., et al.: Computing prime factors with a Josephson phase qubit quantum processor. Nat. Phys. 8, 719–723s (2012)
Martin-Lopez, E., Laing, A., Lawson, T., Alvarez, R., Zhou, X.Q., O’Brien, J.L.: Experimental realisation of Shor’s quantum factoring algorithm using qubit recycling. Nat. Photon 6, 773–776 (2012)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). https://doi.org/10.1007/3-540-39799-X_31
Monz, T., et al.: Realization of a scalable Shor algorithm. Science 351, 1068–1070 (2016)
Politi, A., Matthews, J.C.F., O’Brien, J.L.: Shor’s quantum factoring algorithm on a photonic chip. Science 325, 1221 (2009)
Proos, J., Zalka, C.: Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput. 3(4) (2003)
Putranto, D.S.C., Wardhani, R.W., Larasati, H.T., Kim, H.: Another concrete quantum cryptanalysis of binary elliptic curves. Cryptology ePrint Archive, Paper 2022/501 (2022). https://eprint.iacr.org/2022/501
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Rodriguez-Henriquez, F., Cruz-Cortes, N., Saqib, N.: A fast implementation of multiplicative inversion over \(\text{ GF }(2^m)\). In: ITCC 2005, vol. 1, pp. 574–579. IEEE (2005)
Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 241–270. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_9
Shor, P.: Algorithms for quantum computation: discrete logarithms and factoring. In: FOCS 1994, pp. 124–134 (1994)
Smolin, J.A., Smith, G., Vargo, A.: Oversimplifying quantum factoring. Nature 499, 163–165 (2013)
Takahashi, Y., Kunihiro, N.: A quantum circuit for Shor’s factoring algorithm using 2n + 2 qubits. Quantum Inf. Comput. 6(2), 184–192 (2006)
Vandersypen, L., Steffen, M., Breyta, G., Yannoni, C.S., Sherwood, M.H., Chuang, I.L.: Experimental realization of Shor’s quantum factoring algorithm using nuclear magnetic resonance. Nature 414, 883–887 (2001)
Vedral, V., Barenco, A., Ekert, A.: Quantum networks for elementary arithmetic operations. Phys. Rev. A 54, 147–153 (1996)
Zalka, C.: Fast versions of Shor’s quantum factoring algorithm (1998). https://doi.org/10.48550/ARXIV.QUANT-PH/9806084
Acknowledgements
This research was in part conducted under a contract of “Research and Development for Expansion of Radio Wave Resources (JPJ000254)” the Ministry of Internal Affairs and Communications, Japan, and JSPS KAKENHI Grant Numbers JP19K20267 and JP21H03440, Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Taguchi, R., Takayasu, A. (2023). Concrete Quantum Cryptanalysis of Binary Elliptic Curves via Addition Chain. In: Rosulek, M. (eds) Topics in Cryptology – CT-RSA 2023. CT-RSA 2023. Lecture Notes in Computer Science, vol 13871. Springer, Cham. https://doi.org/10.1007/978-3-031-30872-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-30872-7_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30871-0
Online ISBN: 978-3-031-30872-7
eBook Packages: Computer ScienceComputer Science (R0)