Abstract
In this work we analyze the impact of translating the well-known LLL algorithm for lattice reduction into the quantum setting. We present the first (to the best of our knowledge) quantum circuit representation of a lattice reduction algorithm in the form of explicit quantum circuits implementing the textbook LLL algorithm. Our analysis identifies a set of challenges arising from constructing reversible lattice reduction as well as solutions to these challenges. We give a detailed resource estimate with the Toffoli gate count and the number of logical qubits as complexity metrics.
As an application of the previous, we attack Mersenne number cryptosystems by Groverizing an attack due to Beunardeau et al. that uses LLL as a subprocedure. While Grover’s quantum algorithm promises a quadratic speedup over exhaustive search given access to a oracle that distinguishes solutions from non-solutions, we show that in our case, realizing the oracle comes at the cost of a large number of qubits. When an adversary translates the attack by Beunardeau et al. into the quantum setting, the overhead of the quantum LLL circuit may be as large as \( 2^{52} \) qubits for the text-book implementation and \( 2^{33} \) for a floating-point variant.
Part of this work was conducted at the Computer Security and Industrial Cryptography group (COSIC) at KU Leuven, Leuven, Belgium.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aggarwal, D., Joux, A., Prakash, A., Santha, M.: A new public-key cryptosystem via mersenne numbers. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 459–482. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_16
Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, U.: Strengths and weaknesses of quantum computing. SIAM J. Comput. 26(5), 1510–1523 (1997). https://doi.org/10.1137/S0097539796300933
Beunardeau, M., Connolly, A., Géraud, R., Naccache, D.: On the hardness of the Mersenne low hamming ratio assumption. IACR Cryptology ePrint Arch. 2017, 522 (2017)
de Boer, K., Ducas, L., Jeffery, S., de Wolf, R.: Attacks on the AJPS Mersenne-based cryptosystem. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 101–120. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_5
Cuccaro, S.A., Draper, T.G., Kutin, S.A., Moulton, D.P.: A new quantum ripple-carry addition circuit. arXiv. arXiv:quant-ph/0410184 (2004)
Duc Nguyen, T., Van Meter, R.: A space-efficient design for reversible floating point adder in quantum computing. ACM J. Emerg. Technol. Comput. Syst. 11, 3 (2013). https://doi.org/10.1145/2629525
Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surface codes: towards practical large-scale quantum computation. Phys. Rev. A 86, 032324 (2012). https://doi.org/10.1103/PhysRevA.86.032324
Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3
Gidney, C.: Windowed quantum arithmetic. arXiv:1905.07682 (2019)
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: ACM STOC, pp. 212–219. STOC 1996. ACM, New York (1996). https://doi.org/10.1145/237814.237866
Bennett, C.H.: Time/space trade-offs for reversible computation. SIAM J. Comput. 18, 766–776 (1989). https://doi.org/10.1137/0218053
Joux, A.: Algorithmic Cryptanalysis, 1st edn. Chapman & Hall/CRC, Boca Raton (2009)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982). https://doi.org/10.1007/BF01457454
Nachtigal, M., Thapliyal, H., Ranganathan, N.: Design of a reversible single precision floating point multiplier based on operand decomposition. In: 10th IEEE International Conference on Nanotechnology, pp. 233–237 (August 2010). https://doi.org/10.1109/NANO.2010.5697746
Nachtigal, M., Thapliyal, H., Ranganathan, N.: Design of a reversible floating-point adder architecture. In: 2011 11th IEEE International Conference on Nanotechnology, pp. 451–456 (August 2011). https://doi.org/10.1109/NANO.2011.6144358
Nguên, P.Q., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_13
Nguyen, P.Q., Stehlé, D.: LLL on the average. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 238–256. Springer, Heidelberg (2006). https://doi.org/10.1007/11792086_18
Nguyen, P.Q., Valle, B.: The LLL Algorithm: Survey and Applications, 1st edn. Springer, Berlin (2009). https://doi.org/10.1007/978-3-642-02295-1
Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information, 10th edn. Cambridge University Press, New York (2011)
Rines, R., Chuang, I.: High performance quantum modular multipliers. arXiv arXiv:1801.01081 (2018)
Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 241–270. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_9
Schnorr, C.P.: A more efficient algorithm for lattice basis reduction. J. Algorithms 9(1), 47–62 (1988). https://doi.org/10.1016/0196-6774(88)90004-1
Selinger, P.: Quantum circuits of \(t\)-depth one. Phys. Rev. A 87, 042302 (2013). https://doi.org/10.1103/PhysRevA.87.042302
Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: FOCS, pp. 124–134. SFCS 1994. IEEE Computer Society, Washington, D.C. (1994). https://doi.org/10.1109/SFCS.1994.365700
Szepieniec, A.: Ramstake. NIST Submission (2017) https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions
Wiebe, N., Kliuchnikov, V.: Floating point representations in quantum circuit synthesis. New J. Phys. 15(9), 093041 (2013). https://doi.org/10.1088/1367-2630/15/9/093041
Acknowledgements
The authors should like to thank the anonymous reviewers for their helpful feedback and suggestions. This work was supported in part by the Research Council KU Leuven: C16/15/058. In addition, this work was supported by the European Commission through the Horizon 2020 research and innovation programme under grant agreement H2020-DS-LEIT-2017-780108 FENTEC, by the Flemish Government through FWO SBO project SNIPPET S007619N and by the IF/C1 on Cryptanalysis of post-quantum cryptography. Alan Szepieniec was supported by a research grant of the Institute for the Promotion of Innovation through Science and Technology in Flanders (IWT-Vlaanderen), and is now supported by the Nervos Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Tiepelt, M., Szepieniec, A. (2019). Quantum LLL with an Application to Mersenne Number Cryptosystems. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-30530-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30529-1
Online ISBN: 978-3-030-30530-7
eBook Packages: Computer ScienceComputer Science (R0)