低量子比特条件下祖冲之密码的高效线路实现  

作　　者：向思明 邹剑 黄倩[1,2] 罗宜元 吴文玲[4] XIANG Si-Ming;ZOU Jian;HUANG Qian;LUO Yi-Yuan;WU Wen-Ling(College of Computer and Data Science,Fuzhou University,Fuzhou 350108,China;Fujian Provincial Key Laboratory of Network Systems and Information Security,Fuzhou University,Fuzhou 350108,China;College of Computer Science and Engineering,Huizhou University,Huizhou 516007,China;Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China)

机构地区：[1]福州大学计算机与大数据学院,福州350108 [2]福州大学网络系统信息安全福建省高校重点实验室,福州350108 [3]惠州学院计算机科学与工程学院,惠州516007 [4]中国科学院软件研究所可信计算与信息保障实验室,北京100191

出　　处：《密码学报(中英文)》2025年第1期180-199,共20页Journal of Cryptologic Research

基　　金：国家自然科学基金(61902073,62072445,62072207);福建省自然科学基金(2021J01623)。

摘　　要：祖冲之密码算法(ZUC-128)是我国发布的商用密码算法中的序列密码算法,在4G移动通信领域发挥重要作用,本文主要研究如何以较少的量子比特实现ZUC-128算法的完整量子电路.S盒是ZUC-128算法非线性组件的重要组成部分,因此本文详细研究S盒量子电路的优化实现.32比特S盒是由4个8×8 S盒组成,即S=(S_(0),S_(1),S_(2),S_(3)),其中S_(0)=S_(2),S_(1)=S_(3).首先通过穷搜剪枝的策略非就地实现了S_(0);其次重点研究通过同构映射将S_(1)的主要部分F28乘法求逆转换为F24上的乘法求逆运算,完成了只需要8个辅助量子位的S_(1)就地实现量子电路.S_(1)电路总共需要16个量子比特、96个Toffoli门、224个CNOT门、4个NOT门,Toffoli深度为78.最后探索出以较少的量子比特实现ZUC-128算法整个流程的量子电路构造,当工作步骤中轮数L=32时,该量子电路需要6244个量子比特、85843个Toffoli门、245304个CNOT门和66512个NOT门,Toffoli深度为52074.The ZUC-128 cipher algorithm is one of the commercial stream cipher algorithms published in China,which plays an important role in the field of 4G mobile communication.This work mainly studies how to realize the complete quantum circuit of ZUC-128 algorithm with less qubits.The S-box is an important part of the nonlinear component of the ZUC-128 algorithm,therefore,the optimized implementation of the S-box quantum circuit is studied in detail.The 32 bit S-box is composed of four 8×8 S-boxes,denoted as S=(S_(0),S_(1),S_(2),S_(3)),with the property that S_(0)=S_(2),S_(1)=S_(3).Firstly,we achieve S_(0) through a strategy of exhaustive search and pruning,using an out-place implementation.Secondly,we focus on the transformation of the main part of S_(1),F28 multiplication inversion,into F24 multiplication inversion through isomorphic mapping.We successfully complete the S_(1) in-place implementation quantum circuit with only 8 auxiliary qubits.The S_(1) circuit requires 16 qubits,96 Toffoli gates,224 CNOT gates,4 NOT gates,with the Toffoli-depth of 78.Finally,we propose the construction of quantum circuit to realize the whole process of ZUC-128 algorithm with less quantum bits.When the number of rounds L=32 in the working step,this quantum circuit requires 6244 qubits,85843 Toffoli gates,245304 CNOT gates,and 66512 NOT gates,with the Toffoli-depth of 52074.

关 键 词：ZUC-128 同构映射 量子电路 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]