13 research outputs found
A New Quantum Lower Bound Method, with Applications to Direct Product Theorems and Time-Space Tradeoffs
We give a new version of the adversary method for proving lower bounds on
quantum query algorithms. The new method is based on analyzing the eigenspace
structure of the problem at hand. We use it to prove a new and optimal strong
direct product theorem for 2-sided error quantum algorithms computing k
independent instances of a symmetric Boolean function: if the algorithm uses
significantly less than k times the number of queries needed for one instance
of the function, then its success probability is exponentially small in k. We
also use the polynomial method to prove a direct product theorem for 1-sided
error algorithms for k threshold functions with a stronger bound on the success
probability. Finally, we present a quantum algorithm for evaluating solutions
to systems of linear inequalities, and use our direct product theorems to show
that the time-space tradeoff of this algorithm is close to optimal.Comment: 16 pages LaTeX. Version 2: title changed, proofs significantly
cleaned up and made selfcontained. This version to appear in the proceedings
of the STOC 06 conferenc
A strong direct product theorem for quantum query complexity
We show that quantum query complexity satisfies a strong direct product
theorem. This means that computing copies of a function with less than
times the quantum queries needed to compute one copy of the function implies
that the overall success probability will be exponentially small in . For a
boolean function we also show an XOR lemma---computing the parity of
copies of with less than times the queries needed for one copy implies
that the advantage over random guessing will be exponentially small.
We do this by showing that the multiplicative adversary method, which
inherently satisfies a strong direct product theorem, is always at least as
large as the additive adversary method, which is known to characterize quantum
query complexity.Comment: V2: 19 pages (various additions and improvements, in particular:
improved parameters in the main theorems due to a finer analysis of the
output condition, and addition of an XOR lemma and a threshold direct product
theorem in the boolean case). V3: 19 pages (added grant information
Symmetry-assisted adversaries for quantum state generation
We introduce a new quantum adversary method to prove lower bounds on the
query complexity of the quantum state generation problem. This problem
encompasses both, the computation of partial or total functions and the
preparation of target quantum states. There has been hope for quite some time
that quantum state generation might be a route to tackle the {\sc Graph
Isomorphism} problem. We show that for the related problem of {\sc Index
Erasure} our method leads to a lower bound of which matches
an upper bound obtained via reduction to quantum search on elements. This
closes an open problem first raised by Shi [FOCS'02].
Our approach is based on two ideas: (i) on the one hand we generalize the
known additive and multiplicative adversary methods to the case of quantum
state generation, (ii) on the other hand we show how the symmetries of the
underlying problem can be leveraged for the design of optimal adversary
matrices and dramatically simplify the computation of adversary bounds. Taken
together, these two ideas give the new result for {\sc Index Erasure} by using
the representation theory of the symmetric group. Also, the method can lead to
lower bounds even for small success probability, contrary to the standard
adversary method. Furthermore, we answer an open question due to \v{S}palek
[CCC'08] by showing that the multiplicative version of the adversary method is
stronger than the additive one for any problem. Finally, we prove that the
multiplicative bound satisfies a strong direct product theorem, extending a
result by \v{S}palek to quantum state generation problems.Comment: 35 pages, 5 figure
Post-Quantum Blockchain Proofs of Work
A proof of work (PoW) is an important cryptographic construct enabling a
party to convince others that they invested some effort in solving a
computational task. Arguably, its main impact has been in the setting of
cryptocurrencies such as Bitcoin and its underlying blockchain protocol, which
received significant attention in recent years due to its potential for various
applications as well as for solving fundamental distributed computing questions
in novel threat models. PoWs enable the linking of blocks in the blockchain
data structure and thus the problem of interest is the feasibility of obtaining
a sequence (chain) of such proofs. In this work, we examine the hardness of
finding such chain of PoWs against quantum strategies. We prove that the chain
of PoWs problem reduces to a problem we call multi-solution Bernoulli search,
for which we establish its quantum query complexity. Effectively, this is an
extension of a threshold direct product theorem to an average-case unstructured
search problem. Our proof, adding to active recent efforts, simplifies and
generalizes the recording technique due to Zhandry (Crypto 2019). In addition,
we revisit the formal treatment of security of the core of the Bitcoin
consensus protocol, called the Bitcoin backbone (Eurocrypt 2015), against
quantum adversaries and show that its security holds under a quantum analogue
of the ``honest majority'' assumption that we formulate. Our analysis indicates
that security of the Bitcoin backbone protocol is guaranteed provided that the
number of adversarial quantum queries is bounded so that each quantum query is
worth classical ones, where is the probability of success of
a single classical query to the protocol's underlying hash function. Somewhat
surprisingly, the wait time for safe settlement in the case of quantum
adversaries matches the safe settlement time in the classical case.Comment: 30 pages. (v3) changed the title and improved readability. This work
supersedes the result of our previous work in eprint.iacr.org/2019/115
The NISQ Complexity of Collision Finding
Collision-resistant hashing, a fundamental primitive in modern cryptography,
ensures that there is no efficient way to find distinct inputs that produce the
same hash value. This property underpins the security of various cryptographic
applications, making it crucial to understand its complexity. The complexity of
this problem is well-understood in the classical setting and
queries are needed to find a collision. However, the advent of quantum
computing has introduced new challenges since quantum adversaries
\unicode{x2013} equipped with the power of quantum queries \unicode{x2013}
can find collisions much more efficiently. Brassard, H\"oyer and Tapp and
Aaronson and Shi established that full-scale quantum adversaries require
queries to find a collision, prompting a need for longer hash
outputs, which impacts efficiency in terms of the key lengths needed for
security.
This paper explores the implications of quantum attacks in the
Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three
different models for NISQ algorithms and achieve tight bounds for all of them:
(1) A hybrid algorithm making adaptive quantum or classical queries but with
a limited quantum query budget, or
(2) A quantum algorithm with access to a noisy oracle, subject to a dephasing
or depolarizing channel, or
(3) A hybrid algorithm with an upper bound on its maximum quantum depth;
i.e., a classical algorithm aided by low-depth quantum circuits.
In fact, our results handle all regimes between NISQ and full-scale quantum
computers. Previously, only results for the pre-image search problem were known
for these models by Sun and Zheng, Rosmanis, Chen, Cotler, Huang and Li while
nothing was known about the collision finding problem.Comment: 40 pages; v2: title changed, major extension to other complexity
model
The NISQ Complexity of Collision Finding
Collision-resistant hashing, a fundamental primitive in modern cryptography, ensures that there is no efficient way to find distinct inputs that produce the same hash value. This property underpins the security of various cryptographic applications, making it crucial to understand its complexity. The complexity of this problem is well-understood in the classical setting and queries are needed to find a collision. However, the advent of quantum computing has introduced new challenges since quantum adversaries - equipped with the power of quantum queries - can find collisions much more efficiently. Brassard, Höyer and Tapp and Aaronson and Shi established that full-scale quantum adversaries require queries to find a collision, prompting a need for longer hash outputs, which impacts efficiency in terms of the key lengths needed for security.
This paper explores the implications of quantum attacks in the Noisy-Intermediate Scale Quantum (NISQ) era. In this work, we investigate three different models for NISQ algorithms and achieve tight bounds for all of them:
(1) A hybrid algorithm making adaptive quantum or classical queries but with a limited quantum query budget, or
(2) A quantum algorithm with access to a noisy oracle, subject to a dephasing or depolarizing channel, or
(3) A hybrid algorithm with an upper bound on its maximum quantum depth; i.e., a classical algorithm aided by low-depth quantum circuits.
In fact, our results handle all regimes between NISQ and full-scale quantum computers. Previously, only results for the pre-image search problem were known for these models by Sun and Zheng, Rosmanis, Chen, Cotler, Huang and Li while nothing was known about the collision finding problem.
Along with our main results, we develop an information-theoretic framework for recording query transcripts of quantum-classical algorithms. The main feature of this framework is that it allows us to record queries in two incompatible bases - classical queries in the standard basis and quantum queries in the Fourier basis - consistently. We call the framework the hybrid compressed oracle as it naturally interpolates between the classical way of recording queries and the compressed oracle framework of Zhandry for recording quantum queries
Local Hamiltonians in Quantum Computation
In this thesis, I investigate aspects of local Hamiltonians in quantum
computing. First, I focus on the Adiabatic Quantum Computing model, based on
evolution with a time dependent Hamiltonian. I show that to succeed using AQC,
the Hamiltonian involved must have local structure, which leads to a result
about eigenvalue gaps from information theory. I also improve results about
simulating quantum circuits with AQC. Second, I look at classically simulating
time evolution with local Hamiltonians and finding their ground state
properties. I give a numerical method for finding the ground state of
translationally invariant Hamiltonians on an infinite tree. This method is
based on imaginary time evolution within the Matrix Product State ansatz, and
uses a new method for bringing the state back to the ansatz after each
imaginary time step. I then use it to investigate the phase transition in the
transverse field Ising model on the Bethe lattice. Third, I focus on locally
constrained quantum problems Local Hamiltonian and Quantum Satisfiability and
prove several new results about their complexity. Finally, I define a
Hamiltonian Quantum Cellular Automaton, a continuous-time model of computation
which doesn't require control during the computation process, only preparation
of product initial states. I construct two of these, showing that time
evolution with a simple, local, translationally invariant and time-independent
Hamiltonian can be used to simulate quantum circuits.Comment: Ph.D. Thesis, June 2008, MIT, 176 page
Collision Finding with Many Classical or Quantum Processors
In this thesis, we investigate the cost of finding collisions in a black-box function, a problem that is of fundamental importance in cryptanalysis. Inspired by the excellent performance of the heuristic rho method of collision finding, we define several new models of complexity that take into account the cost of moving information across a large space, and lay the groundwork for studying the performance of classical and quantum algorithms in these models