Quantum exploration algorithms for multi-armed bandits

Identifying the best arm of a multi-armed bandit is a central problem in bandit optimization. We study a quantum computational version of this problem with coherent oracle access to states encoding the reward probabilities of each arm as quantum amplitudes. Specifically, we show that we can find the best arm with fixed confidence using $\tilde{O}\bigl(\sqrt{\sum_{i=2}^n\Delta^{\smash{-2}}_i}\bigr)$ quantum queries, where $\Delta_{i}$ represents the difference between the mean reward of the best arm and the $i^\text{th}$-best arm. This algorithm, based on variable-time amplitude amplification and estimation, gives a quadratic speedup compared to the best possible classical result. We also prove a matching quantum lower bound (up to poly-logarithmic factors).Comment: 18 pages, 1 figure. To appear in the Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI 2021

Post-Quantum Blockchain Proofs of Work

A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. Arguably, its main impact has been in the setting of cryptocurrencies such as Bitcoin and its underlying blockchain protocol, which received significant attention in recent years due to its potential for various applications as well as for solving fundamental distributed computing questions in novel threat models. PoWs enable the linking of blocks in the blockchain data structure and thus the problem of interest is the feasibility of obtaining a sequence (chain) of such proofs. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity. Effectively, this is an extension of a threshold direct product theorem to an average-case unstructured search problem. Our proof, adding to active recent efforts, simplifies and generalizes the recording technique due to Zhandry (Crypto 2019). In addition, we revisit the formal treatment of security of the core of the Bitcoin consensus protocol, called the Bitcoin backbone (Eurocrypt 2015), against quantum adversaries and show that its security holds under a quantum analogue of the ``honest majority'' assumption that we formulate. Our analysis indicates that security of the Bitcoin backbone protocol is guaranteed provided that the number of adversarial quantum queries is bounded so that each quantum query is worth $O(p^{-1/2})$ classical ones, where $p$ is the probability of success of a single classical query to the protocol's underlying hash function. Somewhat surprisingly, the wait time for safe settlement in the case of quantum adversaries matches the safe settlement time in the classical case.Comment: 30 pages. (v3) changed the title and improved readability. This work supersedes the result of our previous work in eprint.iacr.org/2019/115

Lower Bounds on Quantum Query and Learning Graph Complexities

In this thesis we study the power of quantum query algorithms and learning graphs; the latter essentially being very specialized quantum query algorithms themselves. We almost exclusively focus on proving lower bounds for these computational models. First, we study lower bounds on learning graph complexity. We consider two types of learning graphs: adaptive and, more restricted, non-adaptive learning graphs. We express both adaptive and non-adaptive learning graph complexities of Boolean-valued functions (i.e., decision problems) as semidefinite minimization problems, and derive their dual problems. For various functions, we construct feasible solutions to these dual problems, thereby obtaining lower bounds on the learning graph complexity of the functions. Most notably, we prove an almost optimal Omega(n^(9/7)/sqrt(log n)) lower bound on the non-adaptive learning graph complexity of the Triangle problem. We also prove an Omega(n^(1-2^(k-2)/(2^k-1))) lower bound on the adaptive learning graph complexity of the k-Distinctness problem, which matches the complexity of the best known quantum query algorithm for this problem. Second, we construct optimal adversary lower bounds for various decision problems. Our main procedure for constructing them is to embed the adversary matrix into a larger matrix whose properties are easier to analyze. This embedding procedure imposes certain requirements on the size of the input alphabet. We prove optimal Omega(n^(1/3)) adversary lower bounds for the Collision and Set Equality problems, provided that the alphabet size is at least Omega(n^2). An optimal lower bound for Collision was previously proven using the polynomial method, while our lower bound for Set Equality is new. (An optimal lower bound for Set Equality was also independently and at about the same time proven by Zhandry using the polynomial method [arXiv, 2013].) We compare the power of non-adaptive learning graphs and quantum query algorithms that only utilize the knowledge on the possible positions of certificates in the input string. To do that, we introduce a notion of a certificate structure of a decision problem. Using the adversary method and the dual formulation of the learning graph complexity, we show that, for every certificate structure, there exists a decision problem possessing this certificate structure such that its non-adaptive learning graph and quantum query complexities differ by at most a constant multiplicative factor. For a special case of certificate structures, we construct a relatively general class of problems having this property. This construction generalizes the adversary lower bound for the k-Sum problem derived recently by Belovs and Spalek [ACM ITCS, 2013]. We also construct an optimal Omega(n^(2/3)) adversary lower bound for the Element Distinctness problem with minimal non-trivial alphabet size, which equals the length of the input. Due to the strict requirement on the alphabet size, here we cannot use the embedding procedure, and the construction of the adversary matrix heavily relies on the representation theory of the symmetric group. While an optimal lower bound for Element Distinctness using the polynomial method had been proven for any input alphabet, an optimal adversary construction was previously only known for alphabets of size at least Omega(n^2). Finally, we introduce the Enhanced Find-Two problem and we study its query complexity. The Enhanced Find-Two problem is, given n elements such that exactly k of them are marked, find two distinct marked elements using the following resources: (1) one initial copy of the uniform superposition over all marked elements, (2) an oracle that reflects across this superposition, and (3) an oracle that tests if an element is marked. This relational problem arises in the study of quantum proofs of knowledge. We prove that its query complexity is Theta(min{sqrt(n/k),sqrt(k)})