Paper 2021/620

Algebraic attacks on block ciphers using quantum annealing

Elżbieta Burek, Michał Misztal, and Michał Wroński


This paper presents method for transformation of algebraic equations of symmetric cipher into the QUBO problem. After transformation of given equations $f_1, f_2, \dots, f_n$ to equations over integers $f'_1, f'_2, \dots, f'_n$, one has to linearize each, obtaining $f'_{lin_i}=lin(f'_i)$, where $lin$ denotes linearization operation. Finally, one can obtain problem in the QUBO form as $\left( f'_{lin_1} \right)^2+\dots+\left( f'_{lin_n} \right)^2+Pen$, where $Pen$ denotes penalties obtained during linearization of equations and $n$ is the number of equations. In this paper, we show examples of the transformation of some block ciphers to the QUBO problem. What is more, we present the results of the transformation of the full AES-128 cipher to the QUBO problem, where the number of variables of equivalent QUBO problem is equal to $237,915$, which means, at least theoretically, that problem may be solved using the D-Wave Advantage quantum annealing computer. Unfortunately, it is hard to estimate the time this process would require.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
CryptanalysisAESsymmetric ciphersalgebraic attacksquantum annealing
Contact author(s)
elzbieta burek @ wat edu pl
michal misztal @ wat edu pl
michal wronski @ wat edu pl
2021-05-17: received
Short URL
Creative Commons Attribution


      author = {Elżbieta Burek and Michał Misztal and Michał Wroński},
      title = {Algebraic attacks on block ciphers using quantum annealing},
      howpublished = {Cryptology ePrint Archive, Paper 2021/620},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.