12,077 research outputs found
Minimum Circuit Size, Graph Isomorphism, and Related Problems
We study the computational power of deciding whether a given truth-table can be described by a circuit of a given size (the Minimum Circuit Size Problem, or MCSP for short), and of the variant denoted MKTP where circuit size is replaced by a polynomially-related Kolmogorov measure. All prior reductions from supposedly-intractable problems to MCSP / MKTP hinged on the power of MCSP / MKTP to distinguish random distributions from distributions produced by hardness-based pseudorandom generator constructions. We develop a fundamentally different approach inspired by the well-known interactive proof system for the complement of Graph Isomorphism (GI). It yields a randomized reduction with zero-sided error from GI to MKTP. We generalize the result and show that GI can be replaced by any isomorphism problem for which the underlying group satisfies some elementary properties. Instantiations include Linear Code Equivalence, Permutation Group Conjugacy, and Matrix Subspace Conjugacy. Along the way we develop encodings of isomorphism classes that are efficiently decodable and achieve compression that is at or near the information-theoretic optimum; those encodings may be of independent interest
Quantum Fourier sampling, Code Equivalence, and the quantum security of the McEliece and Sidelnikov cryptosystems
The Code Equivalence problem is that of determining whether two given linear
codes are equivalent to each other up to a permutation of the coordinates. This
problem has a direct reduction to a nonabelian hidden subgroup problem (HSP),
suggesting a possible quantum algorithm analogous to Shor's algorithms for
factoring or discrete log. However, we recently showed that in many cases of
interest---including Goppa codes---solving this case of the HSP requires rich,
entangled measurements. Thus, solving these cases of Code Equivalence via
Fourier sampling appears to be out of reach of current families of quantum
algorithms.
Code equivalence is directly related to the security of McEliece-type
cryptosystems in the case where the private code is known to the adversary.
However, for many codes the support splitting algorithm of Sendrier provides a
classical attack in this case. We revisit the claims of our previous article in
the light of these classical attacks, and discuss the particular case of the
Sidelnikov cryptosystem, which is based on Reed-Muller codes
- …