Paper 2021/1211
Grover on SPEEDY
Gyeongju Song, Kyungbae Jang, Hyunjun Kim, Siwoo Eum, Minjoo Sim, Hyunji Kim, Wai-Kong Lee, and Hwajeong Seo
Abstract
With the advent of quantum computers, revisiting the security of cryptography has been an active research area in recent years. In this paper, we estimate the cost of applying Grover's algorithm to SPEEDY block cipher. SPEEDY is a family of ultra-low-latency block ciphers presented in CHES'21. It is ensured that the key search equipped with Grover's algorithm reduces the $n$-bit security of the block cipher to $\frac{n}{2}$-bit. The issue is how many quantum resources are required for Grover's algorithm to work. NIST estimates the post-quantum security strength for symmetric key cryptography as the cost of Grover key search algorithm. SPEEDY provides 128-bit security or 192-bit security depending on the number of rounds. Based on our estimated cost, we present that increasing the number of rounds is insufficient to satisfy the security against attacks on quantum computers. To the best of our knowledge, this is the first implementation of SPEEDY as a quantum circuit.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Grover's Search AlgorithmQuantum ComputingSPEEDY
- Contact author(s)
-
thdrudwn98 @ gmail com
starj1023 @ gmail com
khj930704 @ gmail com
shuraatum @ gmail com
minjoos9797 @ gmail com
khj1594012 @ gmail com
hwajeong84 @ gmail com
waikonglee @ gachon ac kr - History
- 2021-09-17: received
- Short URL
- https://ia.cr/2021/1211
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1211, author = {Gyeongju Song and Kyungbae Jang and Hyunjun Kim and Siwoo Eum and Minjoo Sim and Hyunji Kim and Wai-Kong Lee and Hwajeong Seo}, title = {Grover on {SPEEDY}}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1211}, year = {2021}, url = {https://eprint.iacr.org/2021/1211} }