You are looking at a specific version 20210917:092436 of this paper. See the latest version.

Paper 2021/1211

Grover on SPEEDY

Gyeongju Song and Kyungbae Jang and Hyunjun Kim and Siwoo Eum and Minjoo Sim and Hyunji Kim and Wai-Kong Lee and Hwajeong Seo

Abstract

With the advent of quantum computers, revisiting the security of cryptography has been an active research area in recent years. In this paper, we estimate the cost of applying Grover's algorithm to SPEEDY block cipher. SPEEDY is a family of ultra-low-latency block ciphers presented in CHES'21. It is ensured that the key search equipped with Grover's algorithm reduces the $n$-bit security of the block cipher to $\frac{n}{2}$-bit. The issue is how many quantum resources are required for Grover's algorithm to work. NIST estimates the post-quantum security strength for symmetric key cryptography as the cost of Grover key search algorithm. SPEEDY provides 128-bit security or 192-bit security depending on the number of rounds. Based on our estimated cost, we present that increasing the number of rounds is insufficient to satisfy the security against attacks on quantum computers. To the best of our knowledge, this is the first implementation of SPEEDY as a quantum circuit.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Grover's Search AlgorithmQuantum ComputingSPEEDY
Contact author(s)
thdrudwn98 @ gmail com,starj1023 @ gmail com,khj930704 @ gmail com,shuraatum @ gmail com,minjoos9797 @ gmail com,khj1594012 @ gmail com,hwajeong84 @ gmail com,waikonglee @ gachon ac kr
History
2021-09-17: received
Short URL
https://ia.cr/2021/1211
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.