NIST公司
计算机科学
量子计算机
McEliece密码系统
密码系统
密码学
理论计算机科学
标准化
计算机工程
量子算法
密码分析
密码
量子电路
量子纠错
算法
量子
计算机安全
加密
量子力学
物理
操作系统
自然语言处理
作者
Simone Perriello,Alessandro Barenghi,Gerardo Pelosi
标识
DOI:10.1109/qce52317.2021.00056
摘要
Providing strong security margins against cryptanalytic attackers equipped with quantum computers is a major research direction fostered by the US National Institute of Standards and Technology (NIST) Post-quantum Cryptography Standardization process. Among the viable candidates, code-based asymmetric cryptosystems are one of the prominent approaches. In this work, we propose the first fully detailed quantum circuit to compute the solution to the Information Set Decoding problem, the main cryptanalytic tool against such cryptosystems. We evaluate the cryptanalytic effort with our circuit design on actual parameters from cryptosystems admitted to the final stage of the NIST standardization process and compare it with the previous conservative asymptotic estimates. We show that the actual computational effort of our solution is smaller than the one estimated via asymptotics by a factor of 2 4 . We also perform a comparison of our results with the quantum-computational effort of breaking the AES cipher, following the guidelines of the US NIST in evaluating the security of the ciphers. To do this, we translate our design on gates of the Clifford+T gate set only, one of the most promising candidate for fault-tolerant quantum computation, and report that the parameter choices for Classic McEliece and BIKE, two candidates admitted to the final round of the NIST standardization process provide an adequate security margin with respect to our ISD solution technique.
科研通智能强力驱动
Strongly Powered by AbleSci AI