International Workshop on Post-Quantum Cryptography

Post-Quantum Cryptography pp 29-43

Applying Grover’s Algorithm to AES: Quantum Resource Estimates

  • Markus Grassl
  • Brandon Langenberg
  • Martin Roetteler
  • Rainer Steinwandt
Conference paper

DOI: 10.1007/978-3-319-29360-8_3

Volume 9606 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Grassl M., Langenberg B., Roetteler M., Steinwandt R. (2016) Applying Grover’s Algorithm to AES: Quantum Resource Estimates. In: Takagi T. (eds) Post-Quantum Cryptography. Lecture Notes in Computer Science, vol 9606. Springer, Cham

Abstract

We present quantum circuits to implement an exhaustive key search for the Advanced Encryption Standard (AES) and analyze the quantum resources required to carry out such an attack. We consider the overall circuit size, the number of qubits, and the circuit depth as measures for the cost of the presented quantum algorithms. Throughout, we focus on Clifford\(+T\) gates as the underlying fault-tolerant logical quantum gate set. In particular, for all three variants of AES (key size 128, 192, and 256 bit) that are standardized in FIPS-PUB 197, we establish precise bounds for the number of qubits and the number of elementary logical quantum gates that are needed to implement Grover’s quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs.

Keywords

Quantum cryptanalysis Quantum circuits Grover’s algorithm Advanced Encryption Standard 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Markus Grassl
    • 1
    • 2
  • Brandon Langenberg
    • 3
  • Martin Roetteler
    • 4
  • Rainer Steinwandt
    • 3
  1. 1.Universität Erlangen-NürnbergErlangenGermany
  2. 2.Max Planck Institute for the Science of LightErlangenGermany
  3. 3.Florida Atlantic UniversityBoca RatonUSA
  4. 4.Microsoft ResearchRedmondUSA