Quantum Search for Scaled Hash Function Preimages
This work addresses the challenge of quantum preimage attacks on hash functions for cryptography, but it is incremental as it focuses on simulation and resource analysis rather than practical breakthroughs.
The authors implemented Grover's algorithm in a quantum simulator to search for preimages of scaled hash functions, finding that the circuit requires extra quantum resources due to specific gate types and that entanglement entropy becomes maximal, limiting classical simulation relevance.
We present the implementation of Grover's algorithm in a quantum simulator to perform a quantum search for preimages of two scaled hash functions, whose design only uses modular addition, word rotation, and bitwise exclusive or. Our implementation provides the means to assess with precision the scaling of the number of gates and depth of a full-fledged quantum circuit designed to find the preimages of a given hash digest. The detailed construction of the quantum oracle shows that the presence of AND gates, OR gates, shifts of bits and the reuse of the initial state along the computation, require extra quantum resources as compared with other hash functions based on modular additions, XOR gates and rotations. We also track the entanglement entropy present in the quantum register at every step along the computation, showing that it becomes maximal at the inner core of the first action of the quantum oracle, which implies that no classical simulation based on Tensor Networks would be of relevance. Finally, we show that strategies that suggest a shortcut based on sampling the quantum register after a few steps of Grover's algorithm can only provide some marginal practical advantage in terms of error mitigation.