NTT and Inverse NTT Quantum Circuits in CRYSTALS-Kyber for Post-Quantum Security Evaluation

The emergence of quantum computers threatens current cryptographic systems, and NIST is preparing for the post-quantum era through the post-quantum cryptography (PQC) contest. CRYSTALS-Kyber is a lattice-based cipher suite that is used as a PQC standard. Lattice-based cryptography is considered quantum-safe for quantum computing because a quantum algorithm that can more efficiently solve the lattice problem of lattice-based cryptography compared to a classic algorithm has not been reported as yet. In this paper, we present quantum circuits tailored to NTT and inverse NTT, employed for optimized polynomial multiplication within CRYSTALS-Kyber. The proposed quantum circuits operate at Z3329[X]/(X256+1), which are the parameters of CRYSTALS-Kyber. We provide an in-depth description of the NTT/InvNTT quantum circuit's operation and subsequently assess and analyze the quantum resources necessary for these functions. The NTT/InvNTT quantum circuits comprise four unique sub-functions, with the InvNTT additionally incorporating Barrett reduction. To the best of our knowledge, this represents the inaugural implementation of the CRYSTALS-Kyber NTT/InvNTT quantum circuits. We anticipate that our findings will aid in analyzing the security strengths of quantum computers for lattice-based cryptography.