Advertisement

Solving Binary \(\mathcal {MQ}\) with Grover’s Algorithm

  • Peter Schwabe
  • Bas Westerbaan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10076)

Abstract

The problem of solving a system of quadratic equations in multiple variables—known as multivariate-quadratic or \(\mathcal {MQ}\) problem—is the underlying hard problem of various cryptosystems. For efficiency reasons, a common instantiation is to consider quadratic equations over \(\mathbb {F}_2\). The current state of the art in solving the \(\mathcal {MQ}\) problem over \(\mathbb {F}_2\) for sizes commonly used in cryptosystems is enumeration, which runs in time \(\varTheta (2^n)\) for a system of n variables. Grover’s algorithm running on a large quantum computer is expected to reduce the time to \(\varTheta (2^{n/2})\). As a building block, Grover’s algorithm requires an “oracle”, which is used to evaluate the quadratic equations at a superposition of all possible inputs. In this paper, we describe two different quantum circuits that provide this oracle functionality. As a corollary, we show that even a relatively small quantum computer with as little as 92 logical qubits is sufficient to break \(\mathcal {MQ}\) instances that have been proposed for 80-bit pre-quantum security.

Keywords

Grover’s algorithm Multivariate quadratics Quantum resource estimates 

Notes

Acknowledgments

The authors are grateful to Gauillaume Allais and Peter Selinger for their helpful suggestions. In particular, it was Peter Selinger’s suggestion to construct a counter from a primitive polynomial.

Supplementary material

References

  1. [AMG+16]
    Amy, M., Di Matteo, O., Gheorghiu, V., Mosca, M., Parent, A., Schanck, J.: Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3. Preprint 2016. https://arxiv.org/abs/1603.09383
  2. [BCC+14]
    Bouillaguet, C., Cheng, C.-M., Chou, T., Niederhagen, R., Yang, B.-Y.: Fast exhaustive search for quadratic systems in \(\mathbb{F}_{2}\) on FPGAs. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 205–222. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43414-7_11 CrossRefGoogle Scholar
  3. [BHT98]
    Brassard, G., HØyer, P., Tapp, A.: Quantum counting. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 820–831. Springer, Heidelberg (1998). doi: 10.1007/BFb0055105 CrossRefGoogle Scholar
  4. [Chu05]
    Chuang, I.: Quantum circuit viewer: qasm2circ (2005). http://www.media.mit.edu/quanta/qasm2circ/. Accessed 24 June 2016
  5. [DS05]
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). doi: 10.1007/11496137_12 CrossRefGoogle Scholar
  6. [GJ79]
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company (1979)Google Scholar
  7. [GLR+13a]
    Green, A.S., Lumsdaine, P.L.F., Ross, N.J., Selinger, P., Valiron, B.: An introduction to quantum programming in quipper. In: Dueck, G.W., Miller, D.M. (eds.) RC 2013. LNCS, vol. 7948, pp. 110–124. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38986-3_10 CrossRefGoogle Scholar
  8. [GLR+13b]
    Green, A.S., Lumsdaine, P.L., Ross, N.J., Selinger, P., Valiron, B.: Quipper: a scalable quantum programming language. 48(6), 333–342 (2013). https://arxiv.org/pdf/1304.3390
  9. [GLRS16]
    Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying grover’s algorithm to AES: quantum resource estimates. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 29–43. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-29360-8_3 CrossRefGoogle Scholar
  10. [Gro96]
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219. ACM (1996)Google Scholar
  11. [KPG99]
    Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999). doi: 10.1007/3-540-48910-X_15 Google Scholar
  12. [MD03]
    Maslov, D., Dueck, G.W.: Improved quantum cost for n-bit Toffoli gates. Electron. Lett. 39(25), 1790–1791 (2003)CrossRefGoogle Scholar
  13. [NC10]
    Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2010)CrossRefMATHGoogle Scholar
  14. [PCG01]
    Patarin, J., Courtois, N., Goubin, L.: QUARTZ, 128-bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 282–297. Springer, Heidelberg (2001). doi: 10.1007/3-540-45353-9_21 CrossRefGoogle Scholar
  15. [PCY+15]
    Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 311–334. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48797-6_14 CrossRefGoogle Scholar
  16. [Sel]
    Selinger, P.: The quipper language. http://www.mathstat.dal.ca/~selinger/quipper/. Accessed 09 Jan 2016
  17. [Sho94]
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In SFCS 1994 Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE (1994). http://www-math.mit.edu/~shor/papers/algsfqc-dlf.pdf
  18. [Sho97]
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484–1509 (1997). http://arxiv.org/abs/quant-ph/9508027
  19. [SSH11]
    Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 706–723. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_40 CrossRefGoogle Scholar
  20. [Tof80]
    Toffoli, T.: Reversible Computing. Springer, Heidelberg (1980)CrossRefMATHGoogle Scholar
  21. [Wat62]
    Watson, E.J.: Primitive polynomials (mod 2). Math. Comput. 16(79), 368–369 (1962)MathSciNetMATHGoogle Scholar
  22. [YCC04]
    Yang, B.-Y., Chen, J.-M., Courtois, N.T.: On asymptotic security estimates in XL and Gröbner bases-related algebraic cryptanalysis. In: Lopez, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30191-2_31 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Digital Security GroupRadboud UniversityNijmegenThe Netherlands

Personalised recommendations