Quantum-enhanced symmetric cryptanalysis for S-AES

TL;DR

This paper develops an optimized quantum Grover's attack on simplified AES, reducing qubit requirements and enabling practical simulations on current quantum devices, especially when some key information is leaked.

Contribution

It introduces a resource-efficient quantum attack algorithm on simplified AES, adaptable to partial key leakage, suitable for current NISQ hardware and simulations.

Findings

Requires 23 qubits for full attack on 16-bit S-AES

Reduces qubits to 11 with 12 bits of key leakage

Enables practical quantum attack simulations on existing hardware

Abstract

Advanced Encryption Standard is one of the most widely used and important symmetric ciphers for today. It well known, that it can be subjected to the quantum Grover's attack that twice reduces its key strength. But full AES attack requires hundreds of qubits and circuit depth of thousands, that makes impossible not only experimental research but also numerical simulations of this algorithm. Here we present an algorithm for optimized Grover's attack on downscaled Simplifed-AES cipher. Besides full attack we present several approaches that allows to reduce number of required qubits if some nibbles of the key are known as a result of side-channel attack. For 16-bit S-AES the proposed attack requires 23 qubits in general case and 19, 15 or 11 if 4, 8 or 12 bits were leaked in specifc confguration. Comparing to previously known 32-qubits algorithm this approach potentially allows to run the attack on today's NISQ-devices and perform numerical simulations with GPU, that may be useful for further research of problem-specifc error mitigation and error correction techniques.