International Workshop on Post-Quantum Cryptography

Post-Quantum Cryptography pp 29-43

Applying Grover’s Algorithm to AES: Quantum Resource Estimates

  • Markus Grassl
  • Brandon Langenberg
  • Martin Roetteler
  • Rainer Steinwandt
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9606)

Abstract

We present quantum circuits to implement an exhaustive key search for the Advanced Encryption Standard (AES) and analyze the quantum resources required to carry out such an attack. We consider the overall circuit size, the number of qubits, and the circuit depth as measures for the cost of the presented quantum algorithms. Throughout, we focus on Clifford\(+T\) gates as the underlying fault-tolerant logical quantum gate set. In particular, for all three variants of AES (key size 128, 192, and 256 bit) that are standardized in FIPS-PUB 197, we establish precise bounds for the number of qubits and the number of elementary logical quantum gates that are needed to implement Grover’s quantum algorithm to extract the key from a small number of AES plaintext-ciphertext pairs.

Keywords

Quantum cryptanalysis Quantum circuits Grover’s algorithm Advanced Encryption Standard 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Markus Grassl
    • 1
    • 2
  • Brandon Langenberg
    • 3
  • Martin Roetteler
    • 4
  • Rainer Steinwandt
    • 3
  1. 1.Universität Erlangen-NürnbergErlangenGermany
  2. 2.Max Planck Institute for the Science of LightErlangenGermany
  3. 3.Florida Atlantic UniversityBoca RatonUSA
  4. 4.Microsoft ResearchRedmondUSA

Personalised recommendations