• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1149-1156
• /
• 2021

The Grover algorithm, which accelerates the brute force attack, is applicable to key recovery of symmetric key cryptography, and NIST uses the Grover attack cost for symmetric key cryptography to estimate the post-quantum security strength. In this paper, we estimate the attack cost of Grover's algorithm by implementing DES as a quantum circuit. NIST estimates the post-quantum security strength based on the attack cost of AES for symmetric key cryptography using 128, 192, and 256-bit keys. The estimated attack cost for DES can be analyzed to see how resistant DES is to attacks from quantum computers. Currently, since there is no post-quantum security index for symmetric key ciphers using 64-bit keys, the Grover attack cost for DES using 64-bit keys estimated in this paper can be used as a standard. ProjectQ, a quantum programming tool, was used to analyze the suitability and attack cost of the quantum circuit implementation of the proposed DES.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.12
• /
• pp.453-460
• /
• 2022

As high-performance quantum computers are expected to be developed, studies are being actively conducted to build a post-quantum security system that is safe from potential quantum computer attacks. When the Grover's algorithm, a representative quantum algorithm, is used to search for a secret key in a symmetric key cryptography, there may be a safety problem in that the security strength of the cipher is reduced to the square root. NIST presents the post-quantum security strength estimated based on the cost of the Grover's algorithm required for an attack of the cryptographic algorithm as a post-quantum security requirement for symmetric key cryptography. The estimated cost of Grover's algorithm for the attack of symmetric key cryptography is determined by the quantum circuit complexity of the corresponding encryption algorithm. In this paper, the quantum circuit of the SCHWAEMM algorithm, AEAD family of SPARKLE, which was a finalist in NIST's lightweight cryptography competition, is efficiently implemented, and the quantum cost to apply the Grover's algorithm is analyzed. At this time, the cost according to the CDKM ripple-carry adder and the unbounded Fan-Out adder is compared together. Finally, we evaluate the post-quantum security strength of the lightweight cryptography SPARKLE SCHWAEMM algorithm based on the analyzed cost and NIST's post-quantum security requirements. A quantum programming tool, ProjectQ, is used to implement the quantum circuit and analyze its cost.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.119-122
• /
• 2023

양자 컴퓨터가 현대 암호 시스템의 보안성을 위협하고 있음에 따라, 최근 잠재적인 양자 공격들에 대한 분석 연구들이 다수 발표되고 있다. 공개키 암호인 RSA와 ECC의 경우, Shor 알고리즘에 의해 다항시간 내에 해결됨으로써 보안성이 완전히 붕괴되는 반면, 대칭키 암호는 Grover 알고리즘에 의해 보안 강도가 제곱근으로 감소하기 때문에 키 길이를 증가시킴으로써 기존 보안성을 복구할 수 있다. 이론적으로 Grover 알고리즘은 보안성을 훼손시키지만, 현실적인 공격 난이도가 매우 높음에 따라 대상 암호에 대한 양자 회로 최적화 구현이 중요하다. 이에 본 논문에서는 블록암호 RC5를 양자 회로 상에서 최적화하고 이를 기반으로 Grover 공격 비용을 추정한다. 마지막으로, 추정한 비용을 NIST의 양자 후 보안 강도 평가와 함께 비교함으로써 RC5에 대한 양자 암호 분석을 수행한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.4
• /
• pp.101-106
• /
• 2021

Quantum algorithms and quantum computers can break the security of many of the ciphers we currently use. If Grover's algorithm is applied to a symmetric key cipher with n-bit security level, the security level can be lowered to (n/2)-bit. In order to apply Grover's algorithm, it is most important to optimize the target cipher as a quantum circuit because the symmetric key cipher must be implemented as a quantum circuit in the oracle function. Accordingly, researches on implementing AES(Advanced Encryption Standard) or lightweight block ciphers as quantum circuits have been actively conducted in recent years. In this paper, korean lightweight block cipher LEA was optimized and implemented as a quantum circuit. Compared to the previous LEA quantum circuit implementation, quantum gates were used more, but qubits were drastically reduced, and performance evaluation was performed for this tradeoff problem. Finally, we evaluated quantum resources for applying Grover's algorithm to the proposed LEA implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.323-330
• /
• 2021

Recently, the advantages of high-speed arithmetic in quantum computers have been known, and interest in quantum circuits utilizing qubits has increased. The Grover algorithm is a quantum algorithm that can reduce n-bit security level symmetric key cryptography and hash functions to n/2-bit security level. Since the Grover algorithm work on quantum computers, the symmetric cryptographic technique and hash function to be applied must be implemented in a quantum circuit. This is the motivation for these studies, and recently, research on implementing symmetric cryptographic technique and hash functions in quantum circuits has been actively conducted. However, at present, in a situation where the number of qubits is limited, we are interested in implementing with the minimum number of qubits and aim for efficient implementation. In this paper, the domestic hash function LSH is efficiently implemented using qubits recycling and pre-computation. Also, major operations such as Mix and Final were efficiently implemented as quantum circuits using ProjectQ, a quantum programming tool provided by IBM, and the quantum resources required for this were evaluated.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.6
• /
• pp.181-188
• /
• 2023

Block cipher is not expected to be safe for quantum computer, as Grover's algorithm reduces the security strength by accelerating brute-force attacks on symmetric key ciphers. So it is necessary to check the post-quantum security strength by implementing quantum circuit for the target cipher. In this paper, we propose the optimal quantum circuit implementation result designed as a technique to minimize the use of quantum resources (qubits, quantum gates) for SIMECK lightweight cryptography, and explain the operation of each quantum circuit. The implemented SIMECK quantum circuit is used to check the estimation result of quantum resources and calculate the Grover attack cost. Finally, the post-quantum strength of SIMECK lightweight cryptography is evaluated. As a result of post-quantum security strength evaluation, all SIMECK family cipher failed to reach NIST security strength. Therefore, it is expected that the safety of SIMECK cipher is unclear when large-scale quantum computers appear. About this, it is judged that it would be appropriate to increase the block size, the number of rounds, and the key length to increase the security strength.

• ETRI Journal
• /
• v.43 no.3
• /
• pp.483-510
• /
• 2021

In computational biology, desired patterns are searched in large text databases, and an exact match is preferable. Classical benchmark algorithms obtain competent solutions for pattern matching in O (N) time, whereas quantum algorithm design is based on Grover's method, which completes the search in $O(\sqrt{N})$ time. This paper briefly explains existing quantum algorithms and defines their processing limitations. Our initial work overcomes existing algorithmic constraints by proposing the quantum-based combined exact (QBCE) algorithm for the pattern-matching problem to process exact patterns. Next, quantum random access memory (QRAM) processing is discussed, and based on it, we propose the QRAM processing-based exact (QPBE) pattern-matching algorithm. We show that to find all t occurrences of a pattern, the best case time complexities of the QBCE and QPBE algorithms are $O(\sqrt{t})$ and $O(\sqrt{N})$, and the exceptional worst case is bounded by O (t) and O (N). Thus, the proposed quantum algorithms achieve computational speedup. Our work is proved mathematically and validated with simulation, and complexity analysis demonstrates that our quantum algorithms are better than existing pattern-matching methods.

• ETRI Journal
• /
• v.45 no.2
• /
• pp.304-317
• /
• 2023

With the rapid evolution of quantum computing, digital quantum simulations are essential for quantum algorithm verification, quantum error analysis, and new quantum applications. However, the exponential increase in memory overhead and operation time is challenging issues that have not been solved for years. We propose a novel approach that provides more qubits and faster quantum operations with smaller memory than before. Our method selectively tracks realized quantum states using a reduced quantum state representation scheme instead of loading the entire quantum states into memory. This method dramatically reduces memory space ensuring fast quantum computations without compromising the global quantum states. Furthermore, our empirical evaluation reveals that our proposed idea outperforms traditional methods for various algorithms. We verified that the Grover algorithm supports up to 55 qubits and the surface code algorithm supports up to 85 qubits in 512 GB memory on a single computational node, which is against the previous studies that support only between 35 qubits and 49 qubits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1413-1419
• /
• 2016

In these days, there are a lot of research results on the Post-Quantum Cryptography according to developing of quantum computing technologies and the announcement of the NIST's Post-Quantum Cryptography standard project. The key size of the existing symmetric key block ciphers are needed to increase and the security of discrete logarithm based public key cryptography can be broken by Grover's algorithm and Shor's algorithm. By this reason, a lot of cryptologist and mathematician research on safe cryptography against the quantum computer which is called as the Post-Quantum Cryptography. In this paper, we survey on recent technical trend on the Hash-Based Signature Scheme which is one of the Post-Quantum Cryptography and suggest the prospect of the Hash-Based Signature Scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.383-389
• /
• 2023

The development of quantum computers and the emergence of quantum algorithms such as Shor's algorithm and Grover's algorithm pose a significant threat to the security of existing cipher systems. Quantum algorithms can efficiently perform mathematical operations that take a long time on traditional computers. This characteristic can significantly reduce the time it takes to break modern cipher systems that rely on mathematical problems. To prepare for quantum attacks based on these algorithms, existing ciphers must be implemented as quantum circuits. Many ciphers have already been implemented as quantum circuits, analyzing quantum resources required for attacks and verifying the quantum strength of the cipher. In this paper, we present quantum circuits for LED lightweight block ciphers and explain each function of quantum circuits. Thereafter, the resources for the LED quantum circuit are estimated and evaluated by comparing them with other lightweight block ciphers.