Skip to main content
Springer Nature Link
Log in

Reducing the Number of Qubits in Quantum Information Set Decoding

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15491))

Abstract

This paper presents an optimization of the memory cost of the quantum Information Set Decoding (ISD) algorithm proposed by Bernstein (PQCrypto 2010), obtained by combining Prange’s ISD with Grover’s quantum search.

When the code has constant rate and length n, this algorithm essentially performs a quantum search which, at each iteration, solves a linear system of dimension \(\mathcal {O}(n)\). The typical code lengths used in post-quantum public-key cryptosystems range from \(10^3\) to \(10^5\). Gaussian elimination, which was used in previous works, needs \(\mathcal {O}(n^2)\) space to represent the matrix, resulting in millions or billions of (logical) qubits for these schemes.

In this paper, we propose instead to use the algorithm for sparse matrix inversion of Wiedemann (IEEE Trans. inf. theory 1986).  The interest of Wiedemann’s method is that one relies only on the implementation of a matrix-vector product, where the matrix can be represented in an implicit way. This is the case here.

We give two main trade-offs, which we have fully implemented, tested on small instances, and benchmarked for larger instances. The first one is a quantum circuit using \(\mathcal {O}(n)\) qubits, \(\mathcal {O}(n^3)\) Toffoli gates like Gaussian elimination, and depth \(\mathcal {O}(n^2 \log n)\). The second one is a quantum circuit using \(\mathcal {O}(n \log ^2 n)\) qubits, \(\mathcal {O}(n^3)\) gates in total but only \(\mathcal {O}( n^2 \log ^2 n)\) Toffoli gates, which relies on a different representation of the search space.

As an example, for the smallest Classic McEliece parameters we estimate that the Quantum Prange’s algorithm can run with 18098 qubits, while previous works would have required at least half a million qubits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Note that we have considered here the binary case only; the case of a generic q requires more care.

References

  1. Aguilar Melchor, C., Aragon, N., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Gaborit, P., Persichetti, E., , Zémor, G., Bos, J., Dion, A., Lacan, J., Robert, J.M., Véron, P.: Hamming quasi-cyclic (HQC). Submission to the NIST PQC process, Round 4 (2022), https://pqc-hqc.org/

  2. Ajtai, M., Komlós, J., Szemerédi, E.: An O(n log n) sorting network. In: STOC. pp. 1–9. ACM (1983). https://doi.org/10.1145/800061.808726

  3. Aragon, N., Barreto, P., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Gaborit, P., Gueron, S., Güneysu, T., Aguilar Melchor, C., Misoczki, R., Persichetti, E., Sendrier, N., Tillich, J.P., Zémor, G., Vasseur, V., Ghosh, S., Richter-Brokmann, J.: BIKE: bit flipping key encapsulation. Submission to the NIST PQC process, Round 4 (2022), https://bikesuite.org/

  4. Bärtschi, A., Eidenbenz, S.J.: Short-depth circuits for Dicke state preparation. In: QCE. pp. 87–96. IEEE (2022). https://doi.org/10.1109/QCE53715.2022.00027

  5. Batcher, K.E.: Sorting networks and their applications. In: AFIPS Spring Joint Computing Conference. AFIPS Conference Proceedings, vol. 32, pp. 307–314. Thomson Book Company, Washington D.C. (1968). https://doi.org/10.1145/1468075.1468121

  6. Becker, A., Joux, A., May, A., Meurer, A.: Decoding random binary linear codes in \(2^{n/20}\): How \(1 + 1 = 0\) improves information set decoding. In: EUROCRYPT. Lecture Notes in Computer Science, vol. 7237, pp. 520–536. Springer (2012). https://doi.org/10.1007/978-3-642-29011-4_31

  7. Bennett, C.H.: Time/space trade-offs for reversible computation. SIAM J. Comput. 18(4), 766–776 (1989)

    Article  MathSciNet  Google Scholar 

  8. Berlekamp, E.R.: Algebraic coding theory. McGraw-Hill series in systems science, McGraw-Hill (1968), https://www.worldcat.org/oclc/00256659

  9. Berlekamp, E.R., McEliece, R.J., van Tilborg, H.C.A.: On the inherent intractability of certain coding problems (corresp.). IEEE Trans. Inf. Theory 24(3), 384–386 (1978). https://doi.org/10.1109/TIT.1978.1055873

  10. Bernstein, D.J.: Grover vs. mceliece. In: PQCrypto. Lecture Notes in Computer Science, vol. 6061, pp. 73–80. Springer (2010). https://doi.org/10.1007/978-3-642-12929-2_6

  11. Bernstein, D.J.: Verified fast formulas for control bits for permutation networks. IACR Cryptol. ePrint Arch. p. 1493 (2020), https://eprint.iacr.org/2020/1493

  12. Bernstein, D.J., Chou, T., Cid, C., Gilcher, J., Lange, T., Maram, V., von Maurich, I., Misoczki, R., Niederhagen, R., Persichetti, E., Peters, C., Sendrier, N., Szefer, J., Tjhai, C.J., Tomlinson, M., Wang, W.: Classic McEliece: conservative code-based cryptography. Submission to the NIST PQC process, Round 4 (2022), https://classic.mceliece.org

  13. Bernstein, D.J., Yang, B.: Asymptotically faster quantum algorithms to solve multivariate quadratic equations. In: PQCrypto. Lecture Notes in Computer Science, vol. 10786, pp. 487–506. Springer (2018). https://doi.org/10.1007/978-3-319-79063-3_23

  14. Bonnetain, X., Jaques, S.: Quantum period finding against symmetric primitives in practice. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 1–27 (2022). https://doi.org/10.46586/TCHES.V2022.I1.1-27

  15. Both, L., May, A.: Decoding linear codes with high error rate and its impact for LPN security. In: PQCrypto. Lecture Notes in Computer Science, vol. 10786, pp. 25–46. Springer (2018). https://doi.org/10.1007/978-3-319-79063-3_2

  16. Brassard, G., Høyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Contemporary Mathematics 305, 53–74 (2002). https://doi.org/10.1090/conm/305/05215

    Article  MathSciNet  Google Scholar 

  17. Brent, R.P., Gaudry, P., Thomé, E., Zimmermann, P.: Faster multiplication in gf(2)[x]. In: ANTS. Lecture Notes in Computer Science, vol. 5011, pp. 153–166. Springer (2008). https://doi.org/10.1007/978-3-540-79456-1_10

  18. Cantor, D.G.: On arithmetical algorithms over finite fields. J. Comb. Theory, Ser. A 50(2), 285–300 (1989). https://doi.org/10.1016/0097-3165(89)90020-4

  19. Chailloux, A., Debris-Alazard, T., Etinski, S.: Classical and quantum algorithms for generic syndrome decoding problems and applications to the lee metric. In: PQCrypto. Lecture Notes in Computer Science, vol. 12841, pp. 44–62. Springer (2021). https://doi.org/10.1007/978-3-030-81293-5_3

  20. Chevignard, C., Fouque, P., Schrottenloher, A.: Reducing the number of qubits in quantum information set decoding. IACR Cryptol. ePrint Arch. p. 907 (2024), https://eprint.iacr.org/2024/907

  21. Cooper, C.: On the distribution of rank of a random matrix over a finite field. Random Struct. Algorithms 17(3-4), 197–212 (2000)

    Article  MathSciNet  Google Scholar 

  22. Cuccaro, S.A., Draper, T.G., Kutin, S.A., Moulton, D.P.: A new quantum ripple-carry addition circuit (2004)

    Google Scholar 

  23. Czumaj, A.: Random permutations using switching networks. In: STOC. pp. 703–712. ACM (2015). https://doi.org/10.1145/2746539.2746629

  24. Dornstetter, J.: On the equivalence between Berlekamp’s and Euclid’s algorithms (corresp.). IEEE transactions on information theory 33(3), 428–431 (1987)

    Google Scholar 

  25. Ducas, L., Esser, A., Etinski, S., Kirshanova, E.: Asymptotics and improvements of sieving for codes. In: EUROCRYPT (6). Lecture Notes in Computer Science, vol. 14656, pp. 151–180. Springer (2024). https://doi.org/10.1007/978-3-031-58754-2_6

  26. Esser, A., Ramos-Calderer, S., Bellini, E., Latorre, J.I., Manzano, M.: An optimized quantum implementation of ISD on scalable quantum resources. IACR Cryptol. ePrint Arch. p. 1608 (2021), https://eprint.iacr.org/2021/1608

  27. Esser, A., Ramos-Calderer, S., Bellini, E., Latorre, J.I., Manzano, M.: Hybrid decoding - classical-quantum trade-offs for information set decoding. In: PQCrypto. Lecture Notes in Computer Science, vol. 13512, pp. 3–23. Springer (2022). https://doi.org/10.1007/978-3-031-17234-2_1

  28. Faugère, J., Horan, K., Kahrobaei, D., Kaplan, M., Kashefi, E., Perret, L.: Fast quantum algorithm for solving multivariate quadratic equations. CoRR abs/1712.07211 (2017), http://arxiv.org/abs/1712.07211

  29. Gidney, C.: Asymptotically efficient quantum karatsuba multiplication. arXiv preprint arXiv:1904.07356 (2019)

  30. Gidney, C., Ekerå, M.: How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits. Quantum 5,  433 (2021). https://doi.org/10.22331/Q-2021-04-15-433, https://doi.org/10.22331/q-2021-04-15-433

  31. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: STOC. pp. 212–219. ACM (1996). https://doi.org/10.1145/237814.237866

  32. Guo, Q., Johansson, T., Nguyen, V.: A new sieving-style information-set decoding algorithm. IACR Cryptol. ePrint Arch. p. 247 (2023), https://eprint.iacr.org/2023/247

  33. Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing grover oracles for quantum key search on AES and LowMC. In: EUROCRYPT (2). Lecture Notes in Computer Science, vol. 12106, pp. 280–310. Springer (2020). https://doi.org/10.1007/978-3-030-45724-2_10

  34. Kachigar, G., Tillich, J.: Quantum information set decoding algorithms. In: PQCrypto. Lecture Notes in Computer Science, vol. 10346, pp. 69–89. Springer (2017). https://doi.org/10.1007/978-3-319-59879-6_5

  35. Kimura, N., Takayasu, A., Takagi, T.: Memory-efficient quantum information set decoding algorithm. In: ACISP. Lecture Notes in Computer Science, vol. 13915, pp. 452–468. Springer (2023). https://doi.org/10.1007/978-3-031-35486-1_20

  36. Kirshanova, E.: Improved quantum information set decoding. In: PQCrypto. Lecture Notes in Computer Science, vol. 10786, pp. 507–527. Springer (2018). https://doi.org/10.1007/978-3-319-79063-3_24

  37. Lee, P.J., Brickell, E.F.: An observation on the security of McEliece’s public-key cryptosystem. In: EUROCRYPT. Lecture Notes in Computer Science, vol. 330, pp. 275–280. Springer (1988). https://doi.org/10.1007/3-540-45961-8_25

  38. Massey, J.L.: Shift-register synthesis and BCH decoding. IEEE Trans. Inf. Theory 15(1), 122–127 (1969). https://doi.org/10.1109/TIT.1969.1054260

    Article  MathSciNet  Google Scholar 

  39. May, A., Meurer, A., Thomae, E.: Decoding random linear codes in \(\cal O\it (2^{0.054n})\). In: ASIACRYPT. Lecture Notes in Computer Science, vol. 7073, pp. 107–124. Springer (2011). https://doi.org/10.1007/978-3-642-25385-0_6

  40. May, A., Ozerov, I.: On computing nearest neighbors with applications to decoding of binary linear codes. In: EUROCRYPT (1). Lecture Notes in Computer Science, vol. 9056, pp. 203–228. Springer (2015). https://doi.org/10.1007/978-3-662-46800-5_9

  41. Nielsen, M.A., Chuang, I.: Quantum computation and quantum information (2002)

    Google Scholar 

  42. NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016), https://csrc.nist.gov/CSRC/media/ Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf

  43. NIST: Post-quantum cryptography: Digital signature schemes - round 1 additional signatures (2023), https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures

  44. NIST: Round 4 standardisation results for the post-quantum cryptography standardization process (2024), https://csrc.nist.gov/projects/post-quantum-cryptography/round-4-submissions

  45. Perriello, S.: Design and development of a quantum circuit to solve the information set decoding problem (2017)

    Google Scholar 

  46. Perriello, S., Barenghi, A., Pelosi, G.: Improving the efficiency of quantum circuits for information set decoding. ACM Transactions on Quantum Computing 4(4), 1–40 (2023)

    Article  MathSciNet  Google Scholar 

  47. Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5),  5–9 (1962). https://doi.org/10.1109/TIT.1962.1057777

    Article  MathSciNet  Google Scholar 

  48. Qiskit contributors: Qiskit: An open-source framework for quantum computing (2023). https://doi.org/10.5281/zenodo.2573505

  49. Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.E.: Quantum resource estimates for computing elliptic curve discrete logarithms. In: ASIACRYPT (2). Lecture Notes in Computer Science, vol. 10625, pp. 241–270. Springer (2017). https://doi.org/10.1007/978-3-319-70697-9_9

  50. Sendrier, N.: Decoding one out of many. In: PQCrypto. Lecture Notes in Computer Science, vol. 7071, pp. 51–67. Springer (2011). https://doi.org/10.1007/978-3-642-25405-5_4

  51. Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: FOCS. pp. 124–134. IEEE Computer Society (1994). https://doi.org/10.1109/SFCS.1994.365700

  52. Stern, J.: A method for finding codewords of small weight. In: Coding Theory and Applications. Lecture Notes in Computer Science, vol. 388, pp. 106–113. Springer (1988). https://doi.org/10.1007/BFB0019850

  53. Wiedemann, D.H.: Solving sparse linear equations over finite fields. IEEE Trans. Inf. Theory 32(1), 54–62 (1986). https://doi.org/10.1109/TIT.1986.1057137

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments.

We would like to thank the anonymous reviewers of ASIACRYPT 2024 for helpful remarks. This work has been supported by the French Agence Nationale de la Recherche through the CROWD project under Contract ANR-CE 48 2022, and through the France 2030 program under grant agreement No. ANR-22-PETQ-0008 PQ-TLS.

Author information

Authors and Affiliations

  1. Univ Rennes, Inria, CNRS, IRISA, Rennes, France

    Clémence Chevignard, Pierre-Alain Fouque & André Schrottenloher

Authors
  1. Clémence Chevignard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre-Alain Fouque
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. André Schrottenloher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Clémence Chevignard .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chevignard, C., Fouque, PA., Schrottenloher, A. (2025). Reducing the Number of Qubits in Quantum Information Set Decoding. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15491. Springer, Singapore. https://doi.org/10.1007/978-981-96-0944-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0944-4_10

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0943-7

  • Online ISBN: 978-981-96-0944-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy