2020
DOI: 10.1007/978-3-030-44223-1_23
|View full text |Cite
|
Sign up to set email alerts
|

Improved Quantum Circuits for Elliptic Curve Discrete Logarithms

Abstract: We present improved quantum circuits for elliptic curve scalar multiplication, the most costly component in Shor's algorithm to compute discrete logarithms in elliptic curve groups. We optimize low-level components such as reversible integer and modular arithmetic through windowing techniques and more adaptive placement of uncomputing steps, and improve over previous quantum circuits for modular inversion by reformulating the binary Euclidean algorithm. Overall, we obtain an affine Weierstrass point addition c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
60
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
5
4

Relationship

3
6

Authors

Journals

citations
Cited by 60 publications
(60 citation statements)
references
References 26 publications
0
60
0
Order By: Relevance
“…Later, the design is explicitly constructed by Roetteler et al [27], who also proposed their own multiplication method based on Montgomery multiplication. In [28], Haner et al improved the work of [27] to use a windowing approach and adaptive uncomputation placement to lower the overall depth of the elliptic curve scalar multiplication circuit. However, note that the multiplications for Shor's algorithm employ a modular arithmetic approach, which has slightly different characteristics compared to the nonmodular one.…”
Section: Related Work 21 Multiplication Methods In Quantum Computationmentioning
confidence: 99%
“…Later, the design is explicitly constructed by Roetteler et al [27], who also proposed their own multiplication method based on Montgomery multiplication. In [28], Haner et al improved the work of [27] to use a windowing approach and adaptive uncomputation placement to lower the overall depth of the elliptic curve scalar multiplication circuit. However, note that the multiplications for Shor's algorithm employ a modular arithmetic approach, which has slightly different characteristics compared to the nonmodular one.…”
Section: Related Work 21 Multiplication Methods In Quantum Computationmentioning
confidence: 99%
“…Approximate arithmetic adds k qubits and fails with probability Ω(2 −k ), requiring many qubits to simulate modestly accurate results. The lowest number of qubits for computing elliptic curve discrete logarithms [21] is estimated at 8n + O (lg n). We ind the smallest possible n = 3 uses 40 qubits.…”
Section: Classical Simulationmentioning
confidence: 99%
“…Setup. We used a mix of łlow-widthž and łlow-Tž elliptic curve operations from the Q# implementation by Häner et al [21], with a set of prime-order curves deined over primes of 5 to 10 bits. We also used the signed windowed quantum Fourier transform, with a window size equal to ⌊lg n⌋ for n-bit primes.…”
Section: Elliptic Curve Discrete Logarithmmentioning
confidence: 99%
“…We propose that the cost of the oracle is the most likely factor for future algorithmic improvements to reduce CSIDH quantum security. Any improvement in basic quantum arithmetic will apply to computing the CSIDH group action in superposition; thus, using estimates from current quantum arithmetic techniques like [12], will almost certainly overestimate costs (indeed, the costs they reference have since been reduced [24]). The alternative approach of [7] was to produce a classical constant-time implementation to give a lower bound on cost, since latency, reversibility, and fault tolerance will add significant overheads.…”
Section: Oracle Costsmentioning
confidence: 99%