KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of Grover Attack Cost and Post-Quantum Security Strength Evaluation for Lightweight Cipher SPARKLE SCHWAEMM

경량암호 SPARKLE SCHWAEMM에 대한 Grover 공격 비용 분석 및 양자 후 보안 강도 평가

  • 양유진 (한성대학교 IT융합공학과) ;
  • 장경배 (한성대학교 정보컴퓨터공학과) ;
  • 김현지 (한성대학교 정보컴퓨터공학과) ;
  • 송경주 (한성대학교 IT융합공학과) ;
  • 임세진 (한성대학교 IT융합공학과) ;
  • 서화정 (한성대학교 IT융합공학부)
  • Received : 2022.08.30
  • Accepted : 2022.10.11
  • Published : 2022.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

As high-performance quantum computers are expected to be developed, studies are being actively conducted to build a post-quantum security system that is safe from potential quantum computer attacks. When the Grover's algorithm, a representative quantum algorithm, is used to search for a secret key in a symmetric key cryptography, there may be a safety problem in that the security strength of the cipher is reduced to the square root. NIST presents the post-quantum security strength estimated based on the cost of the Grover's algorithm required for an attack of the cryptographic algorithm as a post-quantum security requirement for symmetric key cryptography. The estimated cost of Grover's algorithm for the attack of symmetric key cryptography is determined by the quantum circuit complexity of the corresponding encryption algorithm. In this paper, the quantum circuit of the SCHWAEMM algorithm, AEAD family of SPARKLE, which was a finalist in NIST's lightweight cryptography competition, is efficiently implemented, and the quantum cost to apply the Grover's algorithm is analyzed. At this time, the cost according to the CDKM ripple-carry adder and the unbounded Fan-Out adder is compared together. Finally, we evaluate the post-quantum security strength of the lightweight cryptography SPARKLE SCHWAEMM algorithm based on the analyzed cost and NIST's post-quantum security requirements. A quantum programming tool, ProjectQ, is used to implement the quantum circuit and analyze its cost.

고성능 양자 컴퓨터의 개발이 기대됨에 따라 잠재적인 양자 컴퓨터의 공격으로부터 안전한 양자 후 보안 시스템 구축을 위한 연구들이 활발하게 진행되고 있다. 대표적인 양자 알고리즘 중 하나인 Grover 알고리즘이 대칭키 암호의 키 검색에 사용될 경우, 암호의 보안 강도가 제곱근으로 감소되는 안전성의 문제가 발생할 수 있다. NIST는 암호 알고리즘의 공격에 필요로 하는 Grover 알고리즘의 비용을 기준으로 추정한 양자 후 보안 강도를 대칭키 암호에 대한 양자 후 보안 요구사항으로 제시하고 있다. 대칭키 암호의 공격에 대한 Grover 알고리즘의 추정 비용은 해당하는 암호화 알고리즘의 양자 회로 복잡도에 의해 결정된다. 본 논문에서는 NIST의 경량암호 공모전 최종 후보에 오른 SPARKLE의 AEAD군인 SCHWAEMM 알고리즘의 양자 회로를 효율적으로 구현하고, Grover 알고리즘을 적용하기 위한 양자 비용에 대해 분석한다. 이때, 암호화 순열 과정 중에 사용되는 덧셈기와 관련하여 CDKM ripple-carry 덧셈기와 Unbounded Fan-Out 덧셈기에 따른 비용을 같이 비교한다. 마지막으로, 분석한 비용과 NIST의 양자 후 보안 요구사항을 기반으로 경량암호 SPARKLE SCHWAEMM 알고리즘에 대한 양자 후 보안 강도를 평가한다. 양자 회로 구현 및 비용 분석에는 양자 프로그래밍 툴인 ProjectQ가 사용되었다.

Keywords

Acknowledgement

This work was supported by Institute for Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government(MSIT) (<Q|Crypton>, No.2019-0-00033, Study on Quantum Security Evaluation of Cryptography based on Computational Quantum Complexity, 100%).

References

  1. NIST, "Post-Quantum Cryptography Selected Algorithm 2022," [internet], https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022.
  2. NIST, "Post-Quantum Cryptography Round 4 Submissions," [internet], https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions.
  3. L. K. Grover, "A fast quantum mechanical algorithm for database search," Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, pp.212-219, 1996.
  4. NIST, "Submission requirements and evaluation criteria for the post-quantum cryptography standardization process," [internet], https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf.
  5. M. Grassl, B. Langenberg, M. Roetteler, and R. Steinwandt, "Applying Grover's algorithm to AES: Quantum resource estimates," Post-Quantum Crypto Graphy, PQCrypto'16, LNCS, 9606, pp.29-43, 2016.
  6. S. Jaques, M. Naehrig, M. Roetteler, and F. Virdia, "Implementing Grover oracles for quantum key search on AES and LowMC," Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp.280-310, 2020.
  7. R. Anand, A. Maitra, and S. Mukhopadhyay, "Grover on SIMON," arXiv:2004.10686, 2020.
  8. K. B. Jang, G. J. Song, H. J. Kim, H. D. Kwon, H, J. Kim, and H. J. Seo, "Efficient implementation of PRESENT and GIFT on quantum computers," Applied Sciences, Vol.11, No.11, pp.4776, 2021. https://doi.org/10.3390/app11114776
  9. K. B. Jang, G. J. Song, H. D. Kwon, S. W. Uhm, H. J. Kim, W. K. Lee, and H. J. Seo, "Grover on PIPO," Electronics, Vol.10, No.10, pp.1194, 2021. https://doi.org/10.3390/electronics10101194
  10. A. Baksi, K. B. Jang, G. J. Song, H. J. Seo, and Z. Xiang, "Quantum implementation and resource estimates for rectangle and knot," Quantum Information Processing, Vol.21, No.7, 2021.
  11. C. Beierle et al., "Schwaemm and esch: Lightweight authenticated encryption and hashing using the Sparkle permutation family," NIST round, 2, 2019.
  12. B. I. Kim, K. S. Min, and J. Heo, "Hamiltonian path problem approach using Grover search algorithm," The Journal of Communications and Networks, Vol.2020, No.8, pp.52-53, 2020.
  13. S. A. Cuccaro, T. G. Draper, S. A. Kutin, and D. P. Moulton, "A new quantum ripple-carry addition circuit," arXiv preprint quant-ph/0410184, 2004.
  14. T. G. Draper, S. A. Kutin, E. M. Rains, and K. M. Svore, "A logarithmic-depth quantum carry- lookahead adder," arXiv preprint quant-ph/0406142, 2004.
  15. H. Thapliyal, H. V. Jayashree, A. N. Nagamani, and H. R. Arabnia, "Progress in reversible processor design: A novel methodology for reversible carry look-ahead adder," In: Transactions on Computational Science XVII. Springer, Berlin, Heidelberg, pp.73-97, 2013.
  16. Y. Takahashi, S. Tani, and N. Kunihiro, "Quantum addition circuits and unbounded fan-out," arXiv preprint arXiv:0910.2530, 2009.
  17. K. B. Jang, A. Baksi, G. J. Song, H. J. Kim, H. J. Seo, and A. Chattopadhyay, "Quantum Analysis of AES," Cryptology ePrint Archive, 2022.