Abstract
Thus far, several papers estimated concrete quantum resources of Shor’s algorithm for solving a binary elliptic curve discrete logarithm problem. In particular, the complexity of computing quantum inversions over a binary field \(\mathbb F_{2^n}\) is dominant when running the algorithm, where n is a degree of a binary elliptic curve. There are two major methods for quantum inversion, i.e., the quantum GCD-based inversion and the quantum FLT-based inversion. Among them, the latter method is known to require more qubits; however, the latter one is valuable since it requires much fewer Toffoli gates and less depth. When \(n=571\), Kim-Hong’s quantum GCD-based inversion algorithm (Quantum Information Processing 2023) and Taguchi-Takayasu’s quantum FLT-based inversion algorithm (CT-RSA 2023) require 3, 473 qubits and 8, 566 qubits, respectively. In contrast, for the same \(n = 571\), the latter algorithm requires only 2.3% of Toffoli gates and 84% of depth compared to the former one. In this paper, we modify Taguchi-Takayasu’s quantum FLT-based inversion algorithm to reduce the required qubits. While Taguch-Takayasu’s FLT-based inversion algorithm takes an addition chain for \(n - 1\) as input and computes a sequence whose number is the same as the length of the chain, our proposed algorithm employs an uncomputation step and stores a shorter one. As a result, our proposed algorithm requires only 3, 998 qubits for \(n=571\), which is only \(15\%\) more than Kim-Hong’s GCD-based inversion algorithm. Furthermore, our proposed algorithm preserves the advantage of FLT-based inversion since it requires only \(3.7\%\) of Toffoli gates and \(77\%\) of depth compared to Kim-Hong’s GCD-based inversion algorithm for \(n = 571\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
FLT is the abbreviation of Fermat’s little theorem.
- 2.
References
Banegas, G., Bernstein, D.J., van Hoof, I., Lange, T.: Concrete quantum cryptanalysis of binary elliptic curves. IACR Trans. CHES 2021(1), 451–472 (2020)
Cameron, F., Patrick, D.: FIPS PUB 186-4 digital signature standard (DSS). In: NIST, pp. 92–101 (2013)
Gidney, C., Ekerå, M.: How to factor 2048 bit ch1RSA integers in 8 hours using 20 million noisy qubits. Quantum 5, 433 (2021)
Griffiths, R.B., Niu, C.S.: Semiclassical Fourier transform for quantum computation. Phys. Rev. Lett. 76(17), 3228–3231 (1996). https://doi.org/10.1103/physrevlett.76.3228
van Hoof, I.: Space-efficient quantum multiplication of polynomials for binary finite fields with sub-quadratic Toffoli gate count. Cryptology ePrint Archive, Paper 2019/1170 (2019)
Kim, H., Hong, S.: New space-efficient quantum algorithm for binary elliptic curves using the optimized division algorithm. Quant. Inf. Process. 22(6), 237 (2023)
Kim, S., Kim, I., Kim, S., Hong, S.: Toffoli gate count optimized space-efficient quantum circuit for binary field multiplication. Cryptology ePrint Archive, Paper 2022/1095 (2022). https://eprint.iacr.org/2022/1095
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO ’85. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Cham (1985)
Putranto, D.S.C., Wardhani, R.W., Larasati, H.T., Kim, H.: Another concrete quantum cryptanalysis of binary elliptic curves. Cryptology ePrint Archive, Paper 2022/501 (2022). https://eprint.iacr.org/2022/501
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 241–270. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-70697-9_9
Shor, P.: Algorithms for quantum computation: discrete logarithms and factoring. In: FOCS 1994, pp. 124–134 (1994)
Taguchi, R.: Quantum resource estimate for Shor’s algorithm for solving binary ECDLP. Github (2023). https://github.com/RenTaguchi/Quantum-resource-estimate-for-Shor-s-algorithm
Taguchi, R., Takayasu, A.: Concrete quantum cryptanalysis of binary elliptic curves via addition chain. In: Rosulek, M. (ed.) CT-RSA 2023. LNCS, vol. 13871, pp. 57–83. Springer, Heidelberg (2023). https://doi.org/10.1007/978-3-031-30872-7_3
Acknowledgements
This research was in part conducted under a contract of “Research and Development for Expansion of Radio Wave Resources (JPJ000254)” the Ministry of Internal Affairs and Communications, Japan, and JSPS KAKENHI Grant Numbers JP19K20267 and JP21H03440, Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Taguchi, R., Takayasu, A. (2024). On the Untapped Potential of the Quantum FLT-Based Inversion. In: Pöpper, C., Batina, L. (eds) Applied Cryptography and Network Security. ACNS 2024. Lecture Notes in Computer Science, vol 14584. Springer, Cham. https://doi.org/10.1007/978-3-031-54773-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-54773-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54772-0
Online ISBN: 978-3-031-54773-7
eBook Packages: Computer ScienceComputer Science (R0)