Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Paper 2024/228

On the Untapped Potential of the Quantum FLT-based Inversion

Ren Taguchi, The University of Tokyo
Atsushi Takayasu, The University of Tokyo, National Institute of Advanced Industrial Science and Technology
Abstract

Thus far, several papers estimated concrete quantum resources of Shor’s algorithm for solving a binary elliptic curve discrete logarithm problem. In particular, the complexity of computing quantum inversions over a binary field F2n is dominant when running the algorithm, where n is a degree of a binary elliptic curve. There are two major methods for quantum inversion, i.e., the quantum GCD-based inversion and the quantum FLT-based inversion. Among them, the latter method is known to require more qubits; however, the latter one is valuable since it requires much fewer Toffoli gates and less depth. When n = 571, Kim-Hong’s quantum GCD-based inversion algorithm (Quantum Information Processing 2023) and Taguchi-Takayasu’s quantum FLT-based inversion algorithm (CT-RSA 2023) require 3, 473 qubits and 8, 566 qubits, respectively. In contrast, for the same n = 571, the latter algorithm requires only 2.3% of Toffoli gates and 84% of depth compared to the former one. In this paper, we modify Taguchi-Takayasu’s quantum FLT-based inversion algorithm to reduce the required qubits. While Taguchi-Takayasu’s FLT-based inversion algorithm takes an addition chain for n−1 as input and computes a sequence whose number is the same as the length of the chain, our proposed algorithm employs an uncomputation step and stores a shorter one. As a result, our proposed algorithm requires only 3, 998 qubits for n = 571, which is only 15% more than Kim-Hong’s GCD-based inversion algorithm. Furthermore, our proposed algorithm preserves the advantage of FLT-based inversion since it requires only 3.7% of Toffoli gates and 77% of depth compared to Kim-Hong’s GCD-based inversion algorithm for n = 571.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. ACNS2024
DOI
10.1007/978-3-031-54773-7_4
Keywords
ECDLPquantum cryptanalysisFLT-based inversionquantum resource estimateaddition chain
Contact author(s)
rtaguchi-495 @ g ecc u-tokyo ac jp
takayasu-a @ g ecc u-tokyo ac jp
History
2024-02-19: revised
2024-02-14: received
See all versions
Short URL
https://ia.cr/2024/228
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2024/228,
      author = {Ren Taguchi and Atsushi Takayasu},
      title = {On the Untapped Potential of the Quantum {FLT}-based Inversion},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/228},
      year = {2024},
      doi = {10.1007/978-3-031-54773-7_4},
      url = {https://eprint.iacr.org/2024/228}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.