### Quantum Analysis of AES

##### Abstract

Quantum computing is considered among the next big leaps in the computer science. While a fully functional quantum computer is still in the future, there is an ever-growing need to evaluate the security of the secret-key ciphers against a potent quantum adversary. Keeping this in mind, our work explores the key recovery attack using the Grover's search on the three variants of AES (-128, -192, -256) with respect to the quantum implementation and the quantum key search using the Grover's algorithm. We develop a pool of implementations, by mostly reducing the circuit depth metrics. We consider various strategies for optimization, as well as make use of the state-of-the-art advancements in the relevant fields. In a nutshell, we present the least Toffoli depth and full depth implementations of AES, thereby improving from Zou et al.'s Asiacrypt'20 paper by more than 98 percent for all variants of AES. Our qubit count - Toffoli depth product is improved from theirs by more than 75 percent. Furthermore, we analyze the Jaques et al.'s Eurocrypt'20 implementations in details, fix its bugs and report corrected benchmarks. To the best of our finding, our work improves from all the previous works (including the recent Eprint'22 paper by Huang and Sun).

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Quantum ImplementationGrover's SearchAES
Contact author(s)
starj1023 @ gmail com
anubhab001 @ e ntu edu sg
thdrudwn98 @ gmail com
khj1594012 @ gmail com
hwajeong84 @ gmail com
anupam @ ntu edu sg
History
2022-09-19: last of 6 revisions
See all versions
Short URL
https://ia.cr/2022/683

CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2022/683,
author = {Kyungbae Jang and Anubhab Baksi and Gyeongju Song and Hyunji Kim and Hwajeong Seo and Anupam Chattopadhyay},
title = {Quantum Analysis of AES},
howpublished = {Cryptology ePrint Archive, Paper 2022/683},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/683}},
url = {https://eprint.iacr.org/2022/683}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.