Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A compact QUBO encoding of computational logic formulae demonstrated on cryptography constructions

Gregory Morse, Tamás Kozsik, Oskar Mencer, Peter Rakyta

TL;DR

This work develops a general ILP-guided framework to construct compact QUBO encodings of Boolean formulas, focusing on reducing auxiliary variables via substitution variables and quadratic penalty functions $g(\mathbf{x},\mathbf{s})$ that preserve the original SAT semantics. It introduces parity (XOR) and range (OR) encoding patterns and extends them to CNF, DNF, and ANF forms, enabling reusable building blocks for QUBO formulations. The approach is validated on cryptographic primitives, delivering substantial reductions in QUBO size and matrix density: AES-256 achieves over an 8x reduction in variable count and whole-AES encodings reach around $3\times 10^4$ variables with sparse matrices, while MD5/SHA-1/SHA-256 encodings show orders-of-magnitude improvements over prior work. These compact encodings significantly increase the theoretical susceptibility of certain cryptographic constructions to quantum-annealing solvers, highlighting both practical potential and remaining hardware/algorithmic challenges for QUBO-based cryptanalysis.

Abstract

We aim to advance the state-of-the-art in Quadratic Unconstrained Binary Optimization formulation with a focus on cryptography algorithms. As the minimal QUBO encoding of the linear constraints of optimization problems emerges as the solution of integer linear programming (ILP) problems, by solving special boolean logic formulas (like ANF and DNF) for their integer coefficients it is straightforward to handle any normal form, or any substitution for multi-input AND, OR or XOR operations in a QUBO form. To showcase the efficiency of the proposed approach we considered the most widespread cryptography algorithms including AES-128/192/256, MD5, SHA1 and SHA256. For each of these, we achieved QUBO instances reduced by thousands of logical variables compared to previously published results, while keeping the QUBO matrix sparse and the magnitude of the coefficients low. In the particular case of AES-256 cryptography function we obtained more than 8x reduction in variable count compared to previous results. The demonstrated reduction in QUBO sizes notably increases the vulnerability of cryptography algorithms against future quantum annealers, capable of embedding around $30$ thousands of logical variables.

A compact QUBO encoding of computational logic formulae demonstrated on cryptography constructions

TL;DR

This work develops a general ILP-guided framework to construct compact QUBO encodings of Boolean formulas, focusing on reducing auxiliary variables via substitution variables and quadratic penalty functions that preserve the original SAT semantics. It introduces parity (XOR) and range (OR) encoding patterns and extends them to CNF, DNF, and ANF forms, enabling reusable building blocks for QUBO formulations. The approach is validated on cryptographic primitives, delivering substantial reductions in QUBO size and matrix density: AES-256 achieves over an 8x reduction in variable count and whole-AES encodings reach around variables with sparse matrices, while MD5/SHA-1/SHA-256 encodings show orders-of-magnitude improvements over prior work. These compact encodings significantly increase the theoretical susceptibility of certain cryptographic constructions to quantum-annealing solvers, highlighting both practical potential and remaining hardware/algorithmic challenges for QUBO-based cryptanalysis.

Abstract

We aim to advance the state-of-the-art in Quadratic Unconstrained Binary Optimization formulation with a focus on cryptography algorithms. As the minimal QUBO encoding of the linear constraints of optimization problems emerges as the solution of integer linear programming (ILP) problems, by solving special boolean logic formulas (like ANF and DNF) for their integer coefficients it is straightforward to handle any normal form, or any substitution for multi-input AND, OR or XOR operations in a QUBO form. To showcase the efficiency of the proposed approach we considered the most widespread cryptography algorithms including AES-128/192/256, MD5, SHA1 and SHA256. For each of these, we achieved QUBO instances reduced by thousands of logical variables compared to previously published results, while keeping the QUBO matrix sparse and the magnitude of the coefficients low. In the particular case of AES-256 cryptography function we obtained more than 8x reduction in variable count compared to previous results. The demonstrated reduction in QUBO sizes notably increases the vulnerability of cryptography algorithms against future quantum annealers, capable of embedding around thousands of logical variables.
Paper Structure (10 sections, 2 theorems, 48 equations, 3 tables)

This paper contains 10 sections, 2 theorems, 48 equations, 3 tables.

Table of Contents

  1. Introduction
  2. The theory of finding QUBO Encoding Patterns
  3. Obtained QUBO Patterns for Normal Forms
  4. Parity encoding: multi-input XOR clauses
  5. Range constraints: multi-input OR clauses
  6. QUBO encoding of CNF, DNF and ANF forms
  7. QUBO Encoding Techniques for Cryptography Functions
  8. Advanced Encryption Standard (AES)
  9. Encoding constructions of MD5, SHA-1 and SHA-256 hash functions
  10. Conclusions

Key Result

Theorem 1

Given two integer linear equations $g(X), h(X) \in \mathbb{Z}$ both ascending or descending when their input is increased, and whose roots can be found at $q_0, q_1 \in \mathbb{Z}$, respectively. If $|q_0-q_1|\le 1$ then $g(X)h(X)\ge 0 \;\forall X \in \{0,1\}^n$ and $g(X)h(X) = 0$ only when $X=q_1$

Theorems & Definitions (2)

  • Theorem 1: Root Squeezing Theorem
  • Theorem 2: Range Encoding Theorem