T‐depth reduction method for efficient SHA‐256 quantum circuit construction

Abstract

To perform a quantum brute force attack on a cryptosystem based on Grover's algorithm, it is necessary to implement a quantum circuit of the cryptographic algorithm. Therefore, an efficient quantum circuit design of a given cryptographic algorithm is essential, especially in terms of quantum security analysis, and it is well known that T-depth should be reduced for time complexity efficiency. In this paper, the authors propose a novel technique to reduce T-depth (and T-count) when some quantum circuits located in between two Toffoli-gates are interchangeable with a controlled phase gate (CP gate), and the authors apply this technique to five types of quantum adders, reducing T-depth by more than 33%. The authors also present new SHA-256 quantum circuits which have a critical path with only three quantum adders while the critical paths of quantum circuits in the previous studies consist of seven or 10 quantum adders, and the authors also apply our technique to the proposed SHA-256 quantum circuits. Four versions of SHA-256 quantum circuit are presented. Among the previous results, T-depth of the circuit with the smallest Width (the number of qubits) 801 was approximately 109,104. On the other hand, T-depth of the proposed SHA-256 quantum circuit with the Width 797 is 16,055, which is remarkably reduced by about 85%. Another proposed quantum circuit only requires 768 qubits, which is the smallest Width compared to the previous results to the best of our knowledge. Furthermore, one other version is the most time-efficient circuit with an overall Toffoli-depth (and T-depth) that is less than 5000.