Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Quantum Resource Analysis of Low-Round Keccak/SHA-3 Preimage Attack: From Classical 2^57.8 to Quantum 2^28.9 using Qiskit Modeling

Ramin Rezvani Gilkolae

TL;DR

This work provides a hardware-aware quantum cryptanalysis of a 3-round Keccak-256 preimage attack, transforming the Keccak round function into a reversible quantum circuit and estimating resources with Qiskit. Despite the theoretical Grover speedup from $T_{cl} \approx 2^{57.8}$ to $T_{qu} \approx 2^{28.9}$, the implementational overhead—9,600 Toffoli gates per 3-round oracle, 3.2k logical qubits (3.2M physical with QEC), and ~7.47×10^{13} two-qubit gates—renders the attack infeasible in both current and near-future regimes. The analysis shows optimistic runtimes of ~43 days and conservative runtimes of ~2367 years, underpinned by prohibitive qubit counts and inevitable error accumulation, thereby preserving SHA-3 security against quantum preimage attacks for the foreseeable future. Overall, the study demonstrates that Grover-based quantum advantages can be nullified by hardware and error-correction realities, highlighting the necessity of hardware-aware assessments in quantum cryptanalysis.

Abstract

This paper presents a hardware-conscious analysis of the quantum acceleration of the classical 3-round Keccak-256 preimage attack using Grover's Algorithm. While the theoretical quantum speed-up from T_cl=2^{57.8} (classical) to T_qu = 2^{28.9} (quantum) is mathematically sound, the practical implementation overhead is so extreme that attacks remain wholly infeasible in both resource and runtime dimensions. Using Qiskit-based circuit synthesis, we derive that a 3-round Keccak quantum oracle requires: 9,600 Toffoli gates (with uncomputation for reversibility); 3,200 logical qubits (1,600 state + 1,600 auxiliary); 7.47 * 10^{13} total 2-qubit gates (full Grover search); 3.2 million physical qubits (with quantum error correction)PROHIBITIVE; 0.12 years (43 days) to 2,365+ years execution time, depending on machine assumptions. These barriers -- particularly the physical qubit requirements, circuit depth, and error accumulation -- render the quantum attack infeasible for any foreseeable quantum computer. Consequently, SHA-3 security is not threatened by quantum computers for preimage attacks. We emphasize the critical importance of hardware-aware complexity analysis in quantum cryptanalysis: the elegant asymptotic theory of Grover's Algorithm hides an engineering overhead so prohibitive that the quantum approach becomes infeasible from both resource and implementation perspectives.

Quantum Resource Analysis of Low-Round Keccak/SHA-3 Preimage Attack: From Classical 2^57.8 to Quantum 2^28.9 using Qiskit Modeling

TL;DR

This work provides a hardware-aware quantum cryptanalysis of a 3-round Keccak-256 preimage attack, transforming the Keccak round function into a reversible quantum circuit and estimating resources with Qiskit. Despite the theoretical Grover speedup from to , the implementational overhead—9,600 Toffoli gates per 3-round oracle, 3.2k logical qubits (3.2M physical with QEC), and ~7.47×10^{13} two-qubit gates—renders the attack infeasible in both current and near-future regimes. The analysis shows optimistic runtimes of ~43 days and conservative runtimes of ~2367 years, underpinned by prohibitive qubit counts and inevitable error accumulation, thereby preserving SHA-3 security against quantum preimage attacks for the foreseeable future. Overall, the study demonstrates that Grover-based quantum advantages can be nullified by hardware and error-correction realities, highlighting the necessity of hardware-aware assessments in quantum cryptanalysis.

Abstract

This paper presents a hardware-conscious analysis of the quantum acceleration of the classical 3-round Keccak-256 preimage attack using Grover's Algorithm. While the theoretical quantum speed-up from T_cl=2^{57.8} (classical) to T_qu = 2^{28.9} (quantum) is mathematically sound, the practical implementation overhead is so extreme that attacks remain wholly infeasible in both resource and runtime dimensions. Using Qiskit-based circuit synthesis, we derive that a 3-round Keccak quantum oracle requires: 9,600 Toffoli gates (with uncomputation for reversibility); 3,200 logical qubits (1,600 state + 1,600 auxiliary); 7.47 * 10^{13} total 2-qubit gates (full Grover search); 3.2 million physical qubits (with quantum error correction)PROHIBITIVE; 0.12 years (43 days) to 2,365+ years execution time, depending on machine assumptions. These barriers -- particularly the physical qubit requirements, circuit depth, and error accumulation -- render the quantum attack infeasible for any foreseeable quantum computer. Consequently, SHA-3 security is not threatened by quantum computers for preimage attacks. We emphasize the critical importance of hardware-aware complexity analysis in quantum cryptanalysis: the elegant asymptotic theory of Grover's Algorithm hides an engineering overhead so prohibitive that the quantum approach becomes infeasible from both resource and implementation perspectives.

Paper Structure

This paper contains 42 sections, 24 equations, 1 figure, 2 tables.

Table of Contents

  1. Introduction
  2. Motivation and Security Context
  3. Contribution and Paper Scope
  4. Related Work
  5. Quantum Implementation of the Keccak Round Function
  6. Overview of the Keccak Round Structure and Modeling Approach
  7. The Non-Linear χ Function and its Quantum Implementation
  8. Classical Definition and Reversibility
  9. Toffoli-Based Reversible Circuit for χ
  10. Qubit Overhead Analysis
  11. Gate Complexity and Circuit Depth
  12. Toffoli Gate Count per Round (Verified via Qiskit Synthesis)
  13. Three-Round Oracle Toffoli Count (Verified)
  14. Circuit Depth Implications
  15. Quantum Oracles for Grover's Algorithm
  16. ...and 27 more sections

Figures (1)

  • Figure 1: Reversible quantum circuit for computing the non-linear $\chi$ step of Keccak. The forward Toffoli (T) implements the AND operation, storing the result in an auxiliary qubit initialized to $|0\rangle$. The CNOT then performs XOR with the target state qubit. The inverse Toffoli ($T^\dagger$) uncomputes the auxiliary qubit, restoring it to $|0\rangle$ for safe reuse in subsequent rounds. This reversible decomposition is essential for maintaining quantum state coherence and avoiding phase kickback errors during Grover iterations. The two Toffoli gates per bit (forward + inverse) account for the critical factor of 2 in the total gate count (9,600 Toffoli gates per 3-round oracle).