1,176 research outputs found
Asymptotically faster quantum algorithms to solve multivariate quadratic equations
This paper designs and analyzes a quantum algorithm to solve a system of quadratic equations in variables over a finite field . In the case and , under standard assumptions, the algorithm takes time on a mesh-connected computer of area , where and . The area-time product has asymptotic exponent .
For comparison, the area-time product of Grover\u27s algorithm has asymptotic exponent . Parallelizing Grover\u27s algorithm to reach asymptotic time exponent requires asymptotic area exponent , much larger than
Fast Quantum Algorithm for Solving Multivariate Quadratic Equations
In August 2015 the cryptographic world was shaken by a sudden and surprising
announcement by the US National Security Agency NSA concerning plans to
transition to post-quantum algorithms. Since this announcement post-quantum
cryptography has become a topic of primary interest for several standardization
bodies. The transition from the currently deployed public-key algorithms to
post-quantum algorithms has been found to be challenging in many aspects. In
particular the problem of evaluating the quantum-bit security of such
post-quantum cryptosystems remains vastly open. Of course this question is of
primarily concern in the process of standardizing the post-quantum
cryptosystems. In this paper we consider the quantum security of the problem of
solving a system of {\it Boolean multivariate quadratic equations in
variables} (\MQb); a central problem in post-quantum cryptography. When ,
under a natural algebraic assumption, we present a Las-Vegas quantum algorithm
solving \MQb{} that requires the evaluation of, on average,
quantum gates. To our knowledge this is the fastest algorithm for solving
\MQb{}
04401 Abstracts Collection -- Algorithms and Complexity for Continuous
From 26.09.04 to 01.10.04, the Dagstuhl Seminar ``Algorithms and Complexity for Continuous Problems\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
Another Look at the Cost of Cryptographic Attacks
This paper makes the case for considering the cost of cryptographic attacks as the main measure of their efficiency, instead of their time complexity. This allows, in our opinion, a more realistic assessment of the "risk" these attacks represent. This is half-and-half a position and a technical paper. Cryptographic attacks described in the literature are rarely implemented. Most exist only "on paper", and their main characteristic is that their estimated time complexity is small enough to break a given security property. However, when a cryptanalyst actually considers implementing an attack, she soon realizes that there is more to the story than time complexity. For instance, Wiener has shown that breaking the double-DES costs 2 6n/5 , asymptotically more than exhaustive search on n bits. We put forward the asymptotic cost of cryptographic attacks as a measure of their practicality. We discuss the shortcomings of the usual computational model and propose a simple abstract cryptographic machine on which it is easy to estimate the cost. We then study the asymptotic cost of several relevant algorithm: collision search, the three-list birthday problem (3XOR) and solving multivariate quadratic polynomial equations. We find that some smart algorithms cost much more than what their time complexity suggest, while naive and simple algorithms may cost less. Some algorithms can be tuned to reduce their cost (this increases their time complexity). Foreword A celebrated High Performance Computing paper entitled "Hitting the Memory Wall: Implications of the Obvious" [47] opens with these words: This brief note points out something obvious-something the authors "knew" without really understanding. With apologies to those who did understand, we offer it to those others who, like us, missed the point. We would like to do the same-but this note is not so short
A Hamiltonian Monte Carlo method for Bayesian Inference of Supermassive Black Hole Binaries
We investigate the use of a Hamiltonian Monte Carlo to map out the posterior
density function for supermassive black hole binaries. While previous Markov
Chain Monte Carlo (MCMC) methods, such as Metropolis-Hastings MCMC, have been
successfully employed for a number of different gravitational wave sources,
these methods are essentially random walk algorithms. The Hamiltonian Monte
Carlo treats the inverse likelihood surface as a "gravitational potential" and
by introducing canonical positions and momenta, dynamically evolves the Markov
chain by solving Hamilton's equations of motion. We present an implementation
of the Hamiltonian Markov Chain that is faster, and more efficient by a factor
of approximately the dimension of the parameter space, than the standard MCMC.Comment: 16 pages, 8 figure
Quantum attacks on Bitcoin, and how to protect against them
The key cryptographic protocols used to secure the internet and financial
transactions of today are all susceptible to attack by the development of a
sufficiently large quantum computer. One particular area at risk are
cryptocurrencies, a market currently worth over 150 billion USD. We investigate
the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum
computers. We find that the proof-of-work used by Bitcoin is relatively
resistant to substantial speedup by quantum computers in the next 10 years,
mainly because specialized ASIC miners are extremely fast compared to the
estimated clock speed of near-term quantum computers. On the other hand, the
elliptic curve signature scheme used by Bitcoin is much more at risk, and could
be completely broken by a quantum computer as early as 2027, by the most
optimistic estimates. We analyze an alternative proof-of-work called Momentum,
based on finding collisions in a hash function, that is even more resistant to
speedup by a quantum computer. We also review the available post-quantum
signature schemes to see which one would best meet the security and efficiency
requirements of blockchain applications.Comment: 21 pages, 6 figures. For a rough update on the progress of Quantum
devices and prognostications on time from now to break Digital signatures,
see https://www.quantumcryptopocalypse.com/quantum-moores-law
Coherent quantum LQG control
Based on a recently developed notion of physical realizability for quantum
linear stochastic systems, we formulate a quantum LQG optimal control problem
for quantum linear stochastic systems where the controller itself may also be a
quantum system and the plant output signal can be fully quantum. Such a control
scheme is often referred to in the quantum control literature as "coherent
feedback control.'' It distinguishes the present work from previous works on
the quantum LQG problem where measurement is performed on the plant and the
measurement signals are used as input to a fully classical controller with no
quantum degrees of freedom. The difference in our formulation is the presence
of additional non-linear and linear constraints on the coefficients of the
sought after controller, rendering the problem as a type of constrained
controller design problem. Due to the presence of these constraints our problem
is inherently computationally hard and this also distinguishes it in an
important way from the standard LQG problem. We propose a numerical procedure
for solving this problem based on an alternating projections algorithm and, as
initial demonstration of the feasibility of this approach, we provide fully
quantum controller design examples in which numerical solutions to the problem
were successfully obtained. For comparison, we also consider the case of
classical linear controllers that use direct or indirect measurements, and show
that there exists a fully quantum linear controller which offers an improvement
in performance over the classical ones.Comment: 25 pages, 1 figure, revised and corrected version (mainly to Section
8). To be published in Automatica, Journal of IFAC, 200
- …