Quantum resource estimates for computing elliptic curve discrete logarithms
Martin Roetteler, Michael Naehrig, Krysta M. Svore, and Kristin Lauter

TL;DR
This paper provides detailed quantum resource estimates for implementing Shor's algorithm to compute discrete logarithms on elliptic curves, including circuit implementations and simulation results for standard curves.
Contribution
It offers the first precise resource estimates for quantum elliptic curve discrete logarithm computations, including circuit design and classical simulation of core components.
Findings
Quantum circuits for elliptic curve operations are optimized and quantified.
Classical simulation confirms the feasibility of quantum attacks on standard elliptic curves.
Elliptic curve discrete logarithm attacks require fewer qubits than RSA at similar security levels.
Abstract
We give precise quantum resource estimates for Shor's algorithm to compute discrete logarithms on elliptic curves over prime fields. The estimates are derived from a simulation of a Toffoli gate network for controlled elliptic curve point addition, implemented within the framework of the quantum computing software tool suite LIQ. We determine circuit implementations for reversible modular arithmetic, including modular addition, multiplication and inversion, as well as reversible elliptic curve point addition. We conclude that elliptic curve discrete logarithms on an elliptic curve defined over an -bit prime field can be computed on a quantum computer with at most qubits using a quantum circuit of at most Toffoli gates. We are able to classically simulate the Toffoli networks corresponding to the controlled…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
