Quantum Information Processing

, Volume 14, Issue 7, pp 2373–2386 | Cite as

Quantum circuits for \({\mathbb {F}}_{2^{n}}\)-multiplication with subquadratic gate count



One of the most cost-critical operations when applying Shor’s algorithm to binary elliptic curves is the underlying field arithmetic. Here, we consider binary fields \({\mathbb {F}}_{2^n}\) in polynomial basis representation, targeting especially field sizes as used in elliptic curve cryptography. Building on Karatsuba’s algorithm, our software implementation automatically synthesizes a multiplication circuit with the number of \(T\)-gates being bounded by \(7\cdot n^{\log _2(3)}\) for any given reduction polynomial of degree \(n=2^N\). If an irreducible trinomial of degree \(n\) exists, then a multiplication circuit with a total gate count of \({\mathcal {O}}(n^{\log _2(3)})\) is available.


Quantum circuits Finite field arithmetic Cryptography Circuit synthesis 



The authors thank Richard Cleve, Stephen Locke, and Dmitri Maslov for helpful discussions, and an anonymous referee for making us aware of [19]. RS is supported by NATO’s Public Diplomacy Division in the framework of “Science for Peace,” Project MD.SFPP 984520.


  1. 1.
    Amento, B., Rötteler, M., Steinwandt, R.: Efficient quantum circuits for binary elliptic curve arithmetic: reducing \(T\)-gate complexity. Quantum. Inf. Comput. 13, 631–644 (2013)MathSciNetGoogle Scholar
  2. 2.
    Amento, B., Rötteler, M., Steinwandt, R.: Quantum binary field inversion: improved circuit depth via choice of basis representation. Quantum. Inf. Comput. 13, 116–134 (2013)MathSciNetGoogle Scholar
  3. 3.
    Amy, M., Maslov, D., Mosca, M., Roetteler, M.: A Meet-in-the-Middle Algorithm for Fast Synthesis of Depth-Optimal Quantum Circuits. Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on 32(6), 818–830 (2013). For a preprint version see [4]CrossRefGoogle Scholar
  4. 4.
    Amy, M., Maslov, D., Mosca, M., Roetteler, M.: A meet-in-the-middle algorithm for fast synthesis of depth-optimal quantum circuits arXiv:quant-ph/1206.0758v3, (January 2013). Available at http://arxiv.org/abs/1206.0758v3
  5. 5.
    Budhathoki, P., Steinwandt, R.: Automatic synthesis of quantum circuits for point addition on ordinary binary elliptic curves. Quantum Information Processing, (accepted, to appear). Preprint http://lanl.arxiv.org/abs/1401.2437v1
  6. 6.
    Burns, M.: QCViewer. GitHub repository, June 2013. Available at https://github.com/aparent/QCViewer
  7. 7.
    Childs, A.M., van Dam, W.: Quantum algorithms for algebraic problems. Rev. Mod. Phys. 82(1), 1–52 (2010)MATHADSCrossRefGoogle Scholar
  8. 8.
    Fan, H., Hasan, A.: Alternative to the Karatsuba algorithm for software implementations of \(GF(2^n)\) multiplications. IET Inf. Secur. 3(2), 60–65 (2009)CrossRefGoogle Scholar
  9. 9.
    von zur Gathen, J., Gerhard, J.: Polynomial factorization over \({\mathbb{F}}_{2}\). Math. Comput. 71(240), 1677–1698 (2002)MATHADSCrossRefGoogle Scholar
  10. 10.
    Karatsuba, A.A.: The complexity of computations. In: Proceedings of the Steklov Institute of Mathematics, 211:169–183, 1995. Available at http://www.ccas.ru/personal/karatsuba/divcen.pdf. Translated from Trudy Matematicheskogo Instituta imeni V.A. Steklova, Vol. 211, (1995) pp. 186–202
  11. 11.
    Kowada, L.A.B., Portugal, R., de Figueiredo, C.H.M.: Reversible Karatsuba’s algorithm. J. Univ. Comput. Sci. 12(5), 499–511 (2006)MathSciNetGoogle Scholar
  12. 12.
    Maslov, D.: Reversible Logic Synthesis Benchmarks Page. http://webhome.cs.uvic.ca/~dmaslov/, (2011)
  13. 13.
    Maslov, D., Falconer, S.M., Mosca, M.: Quantum circuit placement: optimizing qubit-to-qubit interactions through mapping quantum circuits into a physical experiment. In: Proceedings of the 44th Design Automation Conference—DAC 2007, pp. 962–965. ACM, (2007)Google Scholar
  14. 14.
    Maslov, D., Mathew, J., Cheung, D., Pradhan, D.K.: An \(O(m^2)\)-depth quantum algorithm for the elliptic curve discrete logarithm problem over GF\((2^m)\). Quantum Inf. Comput. 9(7), 610–621 (2009). For a preprint version see [15]MATHMathSciNetGoogle Scholar
  15. 15.
    Maslov, D., Mathew, J., Cheung, D., Pradhan, D.K.: On the Design and Optimization of a Quantum Polynomial-Time Attack on Elliptic Curve Cryptography. arXiv:0710.1093v2, (2009). Available at http://arxiv.org/abs/0710.1093v2
  16. 16.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, (2001). Sample chapters http://cacr.uwaterloo.ca/hac/
  17. 17.
    National Institute of Standards and Technology, Gaithersburg, MD 20899–8900. FIPS PUB 186–4. Federal Information Processing Standard Publication. Digital Signature Standard (DSS), (July 2013). Available at http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
  18. 18.
    Offermann, S., Wille, R., Dueck, G.W., Drechsler, R.: Synthesizing multiplier in reversible logic. In: 13th IEEE Symposium on Design and Diagnostics of Electronic Circuits and Systems—DDECS 2010, pp. 335–340. IEEE Computer Society, (2010)Google Scholar
  19. 19.
    Parent, A.: Quantum Arithmetic Circuit Generator. GitHub Repository, (2012). Avalable at https://github.com/aparent/qacg
  20. 20.
    Rötteler, M., Steinwandt, R.: A quantum circuit to find discrete logarithms on ordinary binary elliptic curves in depth O\((\log ^2 n)\). Quantum Inf. Comput. 14(9–10), 888–900 (2014). http://dl.acm.org/citation.cfm?id=2638681
  21. 21.
    Shor, Peter W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MATHMathSciNetCrossRefGoogle Scholar
  22. 22.
    Stein, W.A. et al.: Sage Mathematics Software (Version 5.4). The Sage Development Team, (2012). http://www.sagemath.org

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Florida Atlantic UniversityBoca RatonUSA

Personalised recommendations