Paper 2025/017

New Quantum Cryptanalysis of Binary Elliptic Curves (Extended Version)

Kyungbae Jang, Hansung University
Vikas Srivastava, Indian Institute of Technology Madras
Anubhab Baksi, Nanyang Technological University
Santanu Sarkar, Indian Institute of Technology Madras
Hwajeong Seo, Hansung University
Abstract

This paper improves upon the quantum circuits required for the Shor's attack on binary elliptic curves. We present two types of quantum point addition, taking both qubit count and circuit depth into consideration. In summary, we propose an in-place point addition that improves upon the work of Banegas et al. from CHES'21, reducing the qubit count – depth product by more than $73\%$ – $81\%$ depending on the variant. Furthermore, we develop an out-of-place point addition by using additional qubits. This method achieves the lowest circuit depth and offers an improvement of over $92\%$ in the qubit count – quantum depth product (for a single step). To the best of our knowledge, our work improves from all previous works (including the CHES'21 paper by Banegas et al., the IEEE Access'22 paper by Putranto et al., and the CT-RSA'23 paper by Taguchi and Takayasu) in terms of circuit depth and qubit count – depth product. Equipped with the implementations, we discuss the post-quantum security of the binary elliptic curve cryptography. Under the MAXDEPTH metric (proposed by the US government's NIST), the quantum circuit with the highest depth in our work is $2^{24}$, which is significantly lower than the MAXDEPTH limit of $2^{40}$. For the gate count – full depth product, a metric for estimating quantum attack cost (proposed by NIST), the highest complexity in our work is $2^{60}$ for the curve having degree 571 (which is comparable to AES-256 in terms of classical security), considerably below the post-quantum security level 1 threshold (of the order of $2^{156}$).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in TCHES 2025
Keywords
Binary Elliptic CurvesShor's AlgorithmQuantum Cryptanalysis
Contact author(s)
starj1023 @ gmail com
vikas math123 @ gmail com
anubhab baksi @ ntu edu sg
santanu @ iitm ac in
hwajeong84 @ gmail com
History
2025-01-17: last of 14 revisions
2025-01-05: received
See all versions
Short URL
https://ia.cr/2025/017
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX

@misc{cryptoeprint:2025/017,
      author = {Kyungbae Jang and Vikas Srivastava and Anubhab Baksi and Santanu Sarkar and Hwajeong Seo},
      title = {New Quantum Cryptanalysis of Binary Elliptic Curves (Extended Version)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/017},
      year = {2025},
      url = {https://eprint.iacr.org/2025/017}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.