Grover's algorithm (Lov Grover, 1996) is a quantum search algorithm that finds a marked item in an unstructured search space of N items using O(√N) queries — a quadratic speedup over classical brute force. This demo classically simulates the complete amplitude amplification process with exact mathematical formulas: oracle phase kickback, inversion-about-mean diffusion, and probability oscillation including overshoot past optimal iterations. The security model is symmetric cryptography — Grover is the quantum threat to AES, SHA, and HMAC that Shor's algorithm does not touch. Grover's speedup is provably optimal (BBBV lower bound); no quantum algorithm can search faster than O(√N).
- Understanding why AES-256 retains strong post-quantum security margins while AES-128 is weakened — Under idealized Grover assumptions, effective key length is halved: AES-128 drops to ~2^64 effective operations (potentially feasible), while AES-256 drops to ~2^128 (still strong). In practice, circuit depth makes the real cost far higher than these headline figures.
- Visualizing the oracle-and-diffusion loop — The amplitude bar chart shows probability concentrating on the target state in real time, making the quadratic speedup intuitive.
- Teaching the overshoot phenomenon — The probability curve shows why running more Grover iterations past k* = π/4·√N actually decreases success probability.
- Comparing Grover and Shor as complementary quantum threats — The side-by-side comparison table clarifies which algorithms each one breaks and what the mitigation is.
- Do not use this for public-key cryptography threats — Grover does not affect RSA, ECC, or Diffie-Hellman; that is Shor's domain.
https://systemslibrarian.github.io/crypto-lab-grover/
Adjust the qubit count (n = 2–20) to resize the search space, step through Grover iterations one at a time or auto-run, and watch amplitude concentrate on the target state. The demo also shows AES-128/192/256 quantum impact analysis with an interactive key-size selector, a hash function security table (MD5 through SHA3-512), and a classical-vs-quantum search race animation.
git clone https://github.com/systemslibrarian/crypto-lab-grover
cd crypto-lab-grover
npm install
npm run devOne of 60+ live browser demos at systemslibrarian.github.io/crypto-lab — spanning Atbash (600 BCE) through NIST FIPS 203/204/205 (2024).
- Grover, L. K. (1996). "A fast quantum mechanical algorithm for database search." Proceedings of the 28th Annual ACM Symposium on Theory of Computing, pp. 212–219.
- Bennett, C. H., Bernstein, E., Brassard, G., & Vazirani, U. (1997). "Strengths and weaknesses of quantum computing." SIAM Journal on Computing, 26(5), pp. 1510–1523. (BBBV lower bound — proves Grover's O(√N) is optimal.)
- Grassl, M., Langenberg, B., Roetteler, M., & Steinwandt, R. (2016). "Applying Grover's algorithm to AES: Quantum resource estimates." Post-Quantum Cryptography (PQCrypto 2016), LNCS 9606, pp. 29–43. (Source for AES circuit depth and qubit cost estimates.)
- NIST (2024). CNSA 2.0 and post-quantum cryptography transition guidance. Recommends AES-256 for post-quantum symmetric security.
- Nielsen, M. A. & Chuang, I. L. (2010). Quantum Computation and Quantum Information. Cambridge University Press. (Standard reference for amplitude amplification.)
"Whether you eat or drink, or whatever you do, do all to the glory of God." — 1 Corinthians 10:31