IEEE Transactions on Quantum Engineering (Jan 2020)

Reducing the Cost of Implementing the Advanced Encryption Standard as a Quantum Circuit

  • Brandon Langenberg,
  • Hai Pham,
  • Rainer Steinwandt

DOI
https://doi.org/10.1109/TQE.2020.2965697
Journal volume & issue
Vol. 1
pp. 1 – 12

Abstract

Read online

To quantify security levels in a postquantum scenario, it is common to use the quantum resources needed to attack the Advanced Encryption Standard (AES) as a reference value. Specifically, in the National Institute of Standards and Technology's ongoing postquantum standardization effort, different security categories are defined that reflect the quantum resources needed to attack AES-128, AES-192, and AES-256. This article presents a quantum circuit to implement the S-box of AES. Also, leveraging an improved implementation of the key expansion, we identify new quantum circuits for all three AES key lengths. For AES-128, the number of Toffoli gates can be reduced by more than 88% compared to Almazrooie et al.'s and Grassl et al.'s estimates while simultaneously reducing the number of qubits. Our circuits can be used to simplify a Grover-based key search for AES.

Keywords