Advertisement

Exploiting Preprocessing for Quantum Search to Break Parameters for \(\mathcal {MQ}\) Cryptosystems

  • Benjamin PringEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11321)

Abstract

In this paper we re-examine quantum search applied to the Multivariate Quadratic (\(\mathcal {MQ}\)) hardness problem over the finite field GF(2). This problem is key to the security of a number of proposed post-quantum public-key cryptosystems designed to be resistant against attacks from quantum computers and in this paper we give a warning of the dangers of extrapolating parameters based upon the efficiency of quantum search algorithms. Our methods demonstrate that by applying preprocessing to the \(\mathcal {MQ}\) problem, we can reduce the computational load on the quantum computer and, in a generalisation of multi-target search for single-targets, improve the efficiency of the basic quantum search oracle for the \(\mathcal {MQ}\) problem over GF(2). Our work builds upon the \(\mathcal {MQ}\) oracle introduced by Westerbaan and Schwabe [19] and improves it to the extent that it breaks all quantum-resistant security parameters for the Gui cryptosystem [16] proposed by the original authors [15]. Our results hold both in the logical gate model and when the algorithm is fully costed in terms of the Clifford+T universal gate set.

Keywords

Quantum search Multivariate Quadratic Cryptography 

Notes

Acknowledgements

The author kindly thanks James Davenport and Christophe Petit for their helpful discussions. Benjamin Pring is funded by an EPRSC grant.

References

  1. 1.
    Amy, M., Di Matteo, O., Gheorghiu, V., Mosca, M., Parent, A., Schanck, J.: Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 317–337. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-69453-5_18CrossRefGoogle Scholar
  2. 2.
    Amy, M., Maslov, D., Mosca, M.: Polynomial-time T-depth optimization of Clifford+ T circuits via matroid partitioning. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 33(10), 1476–1489 (2014)CrossRefGoogle Scholar
  3. 3.
    Amy, M., Maslov, D., Mosca, M., Roetteler, M.: A meet-in-the-middle algorithm for fast synthesis of depth-optimal quantum circuits. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 32(6), 818–830 (2013)CrossRefGoogle Scholar
  4. 4.
    Bard, G.: Algebraic Cryptanalysis. Springer, New York (2009).  https://doi.org/10.1007/978-0-387-88757-9CrossRefzbMATHGoogle Scholar
  5. 5.
    Bardet, M., Faugére, J.C., Salvy, B., Spaenlehauer, P.J.: On the complexity of solving quadratic boolean systems. J. Complex. 29(1), 53–75 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Barenco, A., et al.: Elementary gates for quantum computation. Phys. Rev. A 52(5), 3457 (1995)CrossRefGoogle Scholar
  7. 7.
    Bouillaguet, C., et al.: Fast exhaustive search for polynomial systems in \({\mathbb{F}_2}\). In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 203–218. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_14CrossRefGoogle Scholar
  8. 8.
    Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. arXiv quant-ph/9605034 (1996)Google Scholar
  9. 9.
    Courtois, N.T., Patarin, J.: About the XL algorithm over GF(2). In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 141–157. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36563-X_10CrossRefGoogle Scholar
  10. 10.
    Fowler, A.G., Mariantoni, M., Martinis, J.M., Cleland, A.N.: Surface codes: towards practical large-scale quantum computation. Phys. Rev. A 86(3), 032324 (2012)CrossRefGoogle Scholar
  11. 11.
    Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying grover’s algorithm to AES: quantum resource estimates. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 29–43. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29360-8_3CrossRefzbMATHGoogle Scholar
  12. 12.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the 28th Annual ACM Symposium on Theory of Computing, pp. 212–219. ACM (1996)Google Scholar
  13. 13.
    Joux, A., Vitse, V.: A crossbred algorithm for solving boolean polynomial systems. IACR Cryptology ePrint Archive 2017, 372 (2017)Google Scholar
  14. 14.
    Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2010)CrossRefGoogle Scholar
  15. 15.
    Petzoldt, A., Chen, M.-S., Ding, J., Yang, B.-Y.: HMFEv - an efficient multivariate signature scheme. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 205–223. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59879-6_12CrossRefGoogle Scholar
  16. 16.
    Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 311–334. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_14CrossRefGoogle Scholar
  17. 17.
    Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 241–270. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_9CrossRefGoogle Scholar
  18. 18.
    Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 706–723. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_40CrossRefGoogle Scholar
  19. 19.
    Schwabe, P., Westerbaan, B.: Solving binary \(\cal{MQ}\) with Grover’s algorithm. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 303–322. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-49445-6_17CrossRefGoogle Scholar
  20. 20.
    Selinger, P.: Quantum circuits of T-depth one. Phys. Rev. A 87(4), 042302 (2013)CrossRefGoogle Scholar
  21. 21.
    Thomae, E., Wolf, C.: Solving underdetermined systems of multivariate quadratic equations revisited. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 156–171. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_10CrossRefGoogle Scholar
  22. 22.
    Toffoli, T.: Reversible computing. In: de Bakker, J., van Leeuwen, J. (eds.) ICALP 1980. LNCS, vol. 85, pp. 632–644. Springer, Heidelberg (1980).  https://doi.org/10.1007/3-540-10003-2_104CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.University of BathBathUK

Personalised recommendations