Advertisement

Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE

  • Samuel JaquesEmail author
  • John M. SchanckEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11692)

Abstract

We introduce models of computation that enable direct comparisons between classical and quantum algorithms. Incorporating previous work on quantum computation and error correction, we justify the use of the gate-count and depth-times-width cost metrics for quantum circuits. We demonstrate the relevance of these models to cryptanalysis by revisiting, and increasing, the security estimates for the Supersingular Isogeny Diffie–Hellman (SIDH) and Supersingular Isogeny Key Encapsulation (SIKE) schemes. Our models, analyses, and physical justifications have applications to a number of memory intensive quantum algorithms.

Notes

Acknowledgements

We thank Alfred Menezes for helpful comments on this paper. Samuel Jaques acknowledges the support of the Natural Sciences and Engineering Research Council of Canada (NSERC). This work was supported by Canada’s NSERC CREATE program. IQC is supported in part by the Government of Canada and the Province of Ontario.

References

  1. 1.
    Adj, G., Cervantes-Vázquez, D., Chi-Domínguez, J.-J., Menezes, A., Rodríguez-Henríquez, F.: On the cost of computing isogenies between supersingular elliptic curves. In: Cid, C., Jacobson Jr., M. (eds.) SAC 2018. LNCS, vol. 11349, pp. 322–343. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-10970-7_15CrossRefGoogle Scholar
  2. 2.
    Alicki, R., Fannes, M., Horodecki, M.: On thermalization in Kitaev’s 2D model. J. Phys. A 42, 065303 (2009)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Alicki, R., Horodecki, M., Horodecki, P., Horodecki, R.: On thermal stability of topological qubit in Kitaev’s 4d model. Open Syst. Inf. Dyn. 17, 1–20 (2010)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37, 210–239 (2007)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Beals, R., et al.: Efficient distributed quantum computing. Proc. R. Soc. Lond. A: Math. Phys. Eng. Sci. 469, 20120686 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., Biasse, J.-F., Mosca, M.: A low-resource quantum factoring algorithm. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 330–346. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_19CrossRefzbMATHGoogle Scholar
  7. 7.
    Bernstein, D.J., Jeffery, S., Lange, T., Meurer, A.: Quantum algorithms for the subset-sum problem. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 16–33. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38616-9_2CrossRefzbMATHGoogle Scholar
  8. 8.
    Biasse, J.-F., Jao, D., Sankar, A.: A quantum algorithm for computing isogenies between supersingular elliptic curves. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 428–442. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13039-2_25CrossRefGoogle Scholar
  9. 9.
    Blais, A., Huang, R.-S., Wallraff, A., Girvin, S.M., Schoelkopf, R.J.: Cavity quantum electrodynamics for superconducting electrical circuits: an architecture for quantum computation. Phys. Rev. A 69, 14 pages (2004) Google Scholar
  10. 10.
    Brassard, G., Høyer, P., Kalach, K., Kaplan, M., Laplante, S., Salvail, L.: Merkle puzzles in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 391–410. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_22CrossRefzbMATHGoogle Scholar
  11. 11.
    Bravyi, S., Terhal, B.: A no-go theorem for a two-dimensional self-correcting quantum memory based on stabilizer codes. New J. Phys.11 (2009)CrossRefGoogle Scholar
  12. 12.
    Brown, B.J., Loss, D., Pachos, J.K., Self, C.N., Wootton, J.R.: Quantum memories at finite temperature. Rev. Modern Phys. 88, 045005 (2016)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Coecke, B., Fritz, T., Spekkens, R.W.: A mathematical theory of resources. Inf. Comput. 250, 59–86 (2016)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Dennis, E., Kitaev, A., Landahl, A., Preskill, J.: Topological quantummemory. J. Math. Phys. 43, 4452–4505 (2002)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Deutsch, D.E.: Quantum computational networks. Proc. R. Soc. Lond. A 425, 73–90 (1989)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Feynman, R.P.: Quantum mechanical computers. Found. Phys. 16, 507–531 (1986)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surfacecodes: towards practical large-scale quantum computation. Phys. Rev. A 86, 032324 (2012)CrossRefGoogle Scholar
  18. 18.
    Fowler, A.G., Whiteside, A.C., Hollenberg, L.C.L.: Towards practical classical processing for the surface code. Phys. Rev. Lett. 108, 180501 (2012)CrossRefGoogle Scholar
  19. 19.
    Giovannetti, V., Lloyd, S., Maccone, L.: Architectures for a quantum random access memory. Phys. Rev. A 78, 052310 (2008)CrossRefGoogle Scholar
  20. 20.
    Jao, D., et al.: Supersingular isogeny key encapsulation. Submission to NIST post-quantum project (2017). https://sike.org/#nist-submission
  21. 21.
    Jao, D., De Feo, L.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25405-5_2CrossRefzbMATHGoogle Scholar
  22. 22.
    Jeffery, S.: Frameworks for quantum algorithms. Ph.D. thesis, University of Waterloo (2014)Google Scholar
  23. 23.
    Jeffery, S., Magniez, F., De Wolf, R.: Optimal parallel quantum query algorithms. Algorithmica 79, 509–529 (2017)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Jordan, S.P.: Fast quantum computation at arbitrarily low energy. Phys. Rev. A 95, 032305 (2017)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Kachigar, G., Tillich, J.-P.: Quantum information set decoding algorithms. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 69–89. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_5CrossRefzbMATHGoogle Scholar
  26. 26.
    Karp, R.M., Ramachandran, V.: A survey of parallel algorithms for shared-memory machines, Technical report UCB/CSD-88-408, EECS Department, University of California, Berkeley, March 1988Google Scholar
  27. 27.
    Kitaev, A.: Fault-tolerant quantum computation by anyons. Ann. Phys. 303, 2–30 (2003)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Kitaev, A., Shen, A., Vyalyi, M.N.: Classical and Quantum Computation, no. 47. American Mathematical Society, Providence (2002)Google Scholar
  29. 29.
    Laarhoven, T., Mosca, M., van de Pol, J.: Finding shortest lattice vectors faster using quantum search. Des. Codes Crypt. 77, 375–400 (2015)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Le Gall, F., Nakajima, S.: Quantum algorithm for triangle finding in sparse graphs. Algorithmica 79, 941–959 (2017)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Magniez, F., Nayak, A., Roland, J., Santha, M.: Search via quantum walk. SIAM J. Comput. 40, 142–164 (2011)MathSciNetCrossRefGoogle Scholar
  32. 32.
    McDermott, R., et al.: Quantum-classical interface based onsingle flux quantum digital logic. Quantum Sci. Technol. 3, 024004 (2018)CrossRefGoogle Scholar
  33. 33.
    Moore, C.: Quantum circuits: Fanout, parity, and counting, arXiv preprint (1999). https://arxiv.org/abs/quant-ph/9903046
  34. 34.
    National Institute of Standards and Technology, Submission requirements and evaluation criteria or the post-quantum cryptography standardization process (2017). https://csrc.nist.gov/csrc/media/projects/post-quantum-cryptography/documents/call-for-proposals-final-dec-2016.pdf
  35. 35.
    Peierls, R.: On Ising’s model of ferromagnetism. In: Mathematical Proceedings Cambridge Philosophical Society, vol. 32, pp. 477–481. Cambridge University Press, Cambridge (1936)CrossRefGoogle Scholar
  36. 36.
    Szegedy, M.: Quantum speed-up of Markov chain based algorithms. In: 2004 IEEE Symposium on Foundations of Computer Science, pp. 32–41, October 2004Google Scholar
  37. 37.
    Takahashi, Y., Tani, S., Kunihiro, N.: Quantum addition circuits and unbounded fan-out. Quantum Inf. Comput. 10, 872–890 (2010)MathSciNetzbMATHGoogle Scholar
  38. 38.
    Tani, S.: An improved claw finding algorithm using quantum walk. In: Kučera, L., Kučera, A. (eds.) MFCS 2007. LNCS, vol. 4708, pp. 536–547. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74456-6_48CrossRefGoogle Scholar
  39. 39.
    Terhal, B.M.: Quantum error correction for quantum memories. Rev. Modern Phys. 87, 307 (2015)MathSciNetCrossRefGoogle Scholar
  40. 40.
    Thapliyal, H., Ranganathan, N., Ferreira, R.: Design of a comparator tree based on reversible logic. In: 2010 IEEE International Conference on Nanotechnology, pp. 1113–1116 (2010)Google Scholar
  41. 41.
    Wang, A., Woo, W.D.: Static magnetic storage and delay line. J. Appl. Phys. 21, 49–54 (1950)CrossRefGoogle Scholar
  42. 42.
    Wendin, G.: Quantum information processing with superconducting circuits: a review. Rep. Prog. Phys. 80, 106001 (2017)MathSciNetCrossRefGoogle Scholar
  43. 43.
    Zalka, C.: Grover’s quantum searching algorithm is optimal. Phys. Rev. A 60, 2746 (1999)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Institute for Quantum Computing, Department of Combinatorics and OptimizationUniversity of WaterlooWaterlooCanada

Personalised recommendations