Which quantum algorithm can break SHA-256?

This article examines the potential of Grover's algorithm to break SHA-256 hashes using quantum computers, and limitations of current quantum technology.
On this page

Which quantum algorithm can break SHA-256?

Excerpt

This article explores the threat quantum computing poses to the widely used SHA-256 hash function. It focuses on Grover’s search algorithm and its quadratic speedup for brute forcing SHA-256 hashes.


Introduction

SHA-256 is one of the most widely used cryptographic hash functions today, providing core security for many critical systems. However, the advent of quantum computing threatens to undermine the strength of SHA-256. In this post, we will look at Grover’s algorithm, a quantum algorithm with the potential to break SHA-256 hashes.

Understanding Quantum Computers

Quantum computers utilize quantum mechanics phenomena like superposition and entanglement to achieve exponential speedups over classical computers. Instead of bits, quantum computers operate on quantum bits or qubits, which can represent a 0, 1 or a superposition of both states. This superposition enables quantum parallelism, allowing quantum algorithms to evaluate multiple solutions simultaneously.

The processing power unlocked by just a few hundred qubits could surpass today’s most powerful supercomputers. This has huge implications for breaking cryptography.

Classical vs. Quantum Algorithms

On classical computers, cryptanalysis techniques like brute force attack and birthday attack can attempt to crack SHA-256 hashes. But these are infeasible for strong hashes due to the astronomical number of computations required.

In contrast, Grover’s quantum algorithm offers a quadratic speedup for search problems like pre-image attacks on hash functions. For an N-bit hash like SHA-256 with 2^256 possible inputs, Grover’s algorithm would require only 2^128 computations. This squares the speedup over classical algorithms.

Grover’s algorithm achieves this by using quantum superposition to test multiple candidate pre-images simultaneously. The quadratic speedup gives it a distinct advantage over classical brute force attacks.

Limitations of Grover’s Algorithm

Despite the speedup, Grover’s algorithm alone cannot completely break SHA-256 yet. A quantum computer with over 6000 qubits and extremely low error rates would be needed to conduct a full pre-image attack on SHA-256 using Grover’s algorithm. This is beyond the capabilities of current quantum devices.

Additionally, Grover’s algorithm provides no help against collision attacks to find two inputs with the same SHA-256 hash. New quantum algorithms would be needed to threaten SHA-256 collision resistance.

Quantum Algorithms Beyond Grover’s Algorithm

While Grover’s algorithm focuses on speeding up pre-image attacks, other quantum algorithms may also be relevant:

  • Shor’s algorithm can factor large integers efficiently. This could help break cryptosystems like RSA relying on factorization hardness.

  • HHL algorithm solves linear systems of equations quickly, opening up attacks against lattice-based cryptography.

  • Quantum walks extend Grover’s algorithm to more complex structures like graphs.

Ongoing research is trying to adapt these algorithms to create new attack vectors against SHA-256. But a practical full break is still distant.

Current Security Measures

To counter the quantum threat, both short-term and long-term strategies are being pursued:

  • Increasing SHA-256 key sizes to slow down quantum search.

  • New hybrid schemes like XMSS provide quantum-resistant digital signatures today.

  • Migrating to encrypted communication channels safe from man-in-the-middle attacks.

  • Developing new post-quantum cryptographic standards to replace vulnerable algorithms.

Diversifying cryptographic protocols and building infrastructure for algorithm agility will be critical for managing the transition to the post-quantum era.

Conclusion

In summary, Grover’s algorithm is the most promising quantum algorithm for speeding up brute force attacks against SHA-256 hashes. But practical breaking of full SHA-256 still remains beyond reach even for quantum algorithms. Continued research and development of post-quantum cryptography is essential to ensure long-term security of sensitive systems against future quantum capabilities.