- The paper demonstrates a hybrid quantum-classical methodology by integrating Grover search within CDCL solvers to enhance cryptanalytic SAT on AES power side-channel instances.
- It employs localized conflict-core extraction using BFS and simplified subformula construction, enabling tractable Grover search under NISQ constraints.
- Experiments on AES CNFs reveal up to an 86% reduction in conflicts and improved search metrics, highlighting the framework's efficiency and noise resilience.
Quantum-Guided Clause Learning: A Hybrid Approach for Cryptanalytic SAT
Problem Context and Motivation
Power side-channel attacks exploit physical leakages during AES encryption to recover secret keys. In practical cryptanalytic workflows, converting noisy leakage traces into verified keys necessitates encoding AES semantics, key schedule, plaintext/ciphertext relations, and leakage models as large CNF SAT instances—posing a search problem with scale and structure far beyond brute-force or naive quantum approaches. A full Grover search over the entire key space or CNF is impractical due to circuit resource constraints and scaling issues. The central bottleneck is not merely the exponential search space, but also the repeated projection and verification of partial/noisy leakage against complex, highly structured AES/SCA constraints.
Hybrid quantum-classical models offer selective quantum acceleration without sacrificing classical scalability or logical guarantees. QGCL addresses this by leveraging Grover search locally on conflict-driven CNF subformulas inside CDCL solvers, targeting the hardest conflict cores dynamically and restricting quantum resource usage to manageable subproblems.
Figure 1: Asymptotic scaling illustrates the crossover where Grover search outperforms classical exhaustive search for extracted CNF subformulas, motivating localized quantum acceleration.
QGCL Framework
QGCL integrates Grover search as a callable heuristic within classical CDCL solvers. The solver workflow is as follows:
- After predefined conflict intervals, a local conflict core is detected via conflict analysis.
- Subformula extraction uses BFS-based clause expansion from high-activity seed clauses, simplified under the trail, yielding bounded CNFs for quantum processing.
- Grover search (BBHT-style schedule) is invoked on the extracted subformula, amplifying satisfying assignments and returning candidate bitstrings with violation scores.
- These results update VSIDS activities and polarity preferences in the CDCL heuristic state, guiding future branching decisions.
- All SAT/UNSAT decisions and key verification remain strictly classical.
Figure 2: SAT-assisted AES-128 power side-channel key-recovery workflow with power traces translated into hard leakage predicates and weighted hints, encoded as CNF for exact SAT solving.
Figure 3: High-level control of QGCL showing integration of Grover subsolver within the CDCL loop, with quantum calls affecting heuristic updates only.
Quantum Circuit Construction for CNF SAT
The Grover oracle is engineered for CNF SAT subformulas:
- Registers: Variable bits, clause ancillas (indicate clause violation), single formula flag.
- For each clause, ancilla circuits fire when the clause is violated.
- Clause ancillas are ANDed to flag satisfying assignments; a controlled-phase flip applies Grover amplification.
- All ancillas are uncomputed post-phase application.
This design enables compact, efficient quantum evaluation of conflict-local CNFs. Oracle width is budgeted by variable and clause count in the extracted subformula, ensuring compatibility with NISQ limitations.
Figure 4: SAT-oracle circuit blocks encode clause violation and aggregate via Toffoli/controlled-Z for Grover's phase; ancillas are cleaned after each Grover iteration.
QGCL’s clause extraction selectively targets regions of the formula with dense conflict activity, facilitating efficient quantum evaluation and maximizing the guidance potential.
Heuristic Feedback Loop and Robustness
Grover outputs are utilized as soft guidance:
- The best candidate assignment and its violation score inform updates to the polarity and activity vectors for the next branching phase.
- QGCL increases variable activity for conflict-rich regions, applies polarity bias for low-violation candidates, and adapts feedback robustness to quantum noise and uncertainty.
The quantum layer never modifies the clause database or logical semantics; it enhances search efficiency while preserving certification integrity.
Figure 6: Grover-subsolver output distributions for small CNF formulas (ideal and noisy), demonstrating amplification of satisfying assignments and robustness to quantum noise.
Experimental Results and Quantitative Impact
The framework was evaluated on AES-oriented power SCA CNFs, ranging up to $39,389$ variables and $137,712$ clauses:
- QGCL consistently reduced conflicts (up to 86%), restarts, decisions, and propagations versus baseline CDCL on hard instances, especially as structural complexity increased.
- Parameter sweeps identified favorable regimes: moderate budgets and sufficient quantum calls optimize guidance without unnecessary quantum simulation overhead.
- Simulated wall times were lower for QGCL than CDCL in ideal environments, demonstrating overhead compensation by conflict reduction.
- Noisy backend experiments preserved reductions in search statistics but increased wall time due to quantum noise and simulation cost.
Figure 7: CDCL baseline (blue) vs QGCL hybrid solver (orange) across benchmark family; QGCL achieves substantial reductions in decisions, propagations, conflicts, and restarts.
Figure 8: QGCL performance as a function of maximum allowed Grover calls, showing monotonic conflict reduction with increased quantum guidance.
Practical and Theoretical Implications
QGCL exemplifies a NISQ-compatible cryptanalytic SAT solver:
- Restricts quantum workloads to subformula-localized, resource-manageable circuits.
- Maintains strict classical verification and logical soundness.
- Demonstrates that targeted quantum guidance can efficiently steer classical solvers toward productive conflict cores, with practical reductions in runtime and search effort in simulator settings.
The approach bridges the gap between global quantum SAT paradigms (Grover/QAOA/annealing) and solver-level hybrid methods (e.g., HyQSAT), providing a model for practical quantum acceleration without full quantum replacement or deep circuit embedding.
Figure 5: Extraction of conflict-local subformulas with BFS yields more focused, informative quantum subproblems—with measured improvements in search metrics.
Future Directions
Extending QGCL will require:
Conclusion
QGCL demonstrates that judicious quantum guidance applied to localized, conflict-rich subformulas within classical CDCL solvers can significantly reduce search effort in cryptanalytic SAT on structured AES power-SCA instances. Moderate quantum budgets and targeted Grover calls are most effective, with ideal-simulator wall times favoring hybrid approaches. Although wall-time performance on noisy hardware remains limited, robustness to quantum noise is achievable via conservative feedback mechanisms. The research provides a concrete pathway for quantum resources to enhance classical cryptanalysis, focusing on steering solvers toward productive regions of the search space rather than wholesale quantum replacement.