7,110 research outputs found
Quantum Algorithm for Computing the Period Lattice of an Infrastructure
We present a quantum algorithm for computing the period lattice of
infrastructures of fixed dimension. The algorithm applies to infrastructures
that satisfy certain conditions. The latter are always fulfilled for
infrastructures obtained from global fields, i.e., algebraic number fields and
function fields with finite constant fields.
The first of our main contributions is an exponentially better method for
sampling approximations of vectors of the dual lattice of the period lattice
than the methods outlined in the works of Hallgren and Schmidt and Vollmer.
This new method improves the success probability by a factor of at least
2^{n^2-1} where n is the dimension. The second main contribution is a rigorous
and complete proof that the running time of the algorithm is polynomial in the
logarithm of the determinant of the period lattice and exponential in n. The
third contribution is the determination of an explicit lower bound on the
success probability of our algorithm which greatly improves on the bounds given
in the above works.
The exponential scaling seems inevitable because the best currently known
methods for carrying out fundamental arithmetic operations in infrastructures
obtained from algebraic number fields take exponential time. In contrast, the
problem of computing the period lattice of infrastructures arising from
function fields can be solved without the exponential dependence on the
dimension n since this problem reduces efficiently to the abelian hidden
subgroup problem. This is also true for other important computational problems
in algebraic geometry. The running time of the best classical algorithms for
infrastructures arising from global fields increases subexponentially with the
determinant of the period lattice.Comment: 52 pages, 4 figure
Efficient computations in central simple algebras using Amitsur cohomology
We present an efficient computational representation of central simple
algebras using Brauer factor sets. Using this representation and polynomial
quantum algorithms for number theoretical tasks such as factoring and -unit
group computation, we give a polynomial quantum algorithm for the explicit
isomorphism problem over number field, which relies on a heuristic concerning
the irreducibility of the characteristic polynomial of a random matrix with
algebraic integer coefficients. We present another version of the algorithm
which does not need any heuristic but which is only polynomial if the degree of
the input algebra is bounded.Comment: 24 pages. Comments welcome
A quantum algorithm for computing the unit group of an arbitrary degree number field
Computing the group of units in a field of algebraic numbers
is one of the central tasks of computational algebraic number theory. It is believed to be hard classically, which is of interest for cryptography. In the quantum setting, efficient algorithms were previously known for fields of constant degree. We give a quantum algorithm that is polynomial in the degree of the field and the logarithm of its discriminant. This is achieved by combining three new results. The first is a classical algorithm for computing a basis for certain ideal lattices with doubly exponentially large generators. The second shows that a Gaussian-weighted superposition of lattice points, with an appropriate encoding, can be used to provide a unique representation of a real-valued lattice. The third is an extension of the hidden subgroup problem to continuous groups and a quantum algorithm for solving the HSP over the group â„ť^n
Hard isogeny problems over RSA moduli and groups with infeasible inversion
We initiate the study of computational problems on elliptic curve isogeny
graphs defined over RSA moduli. We conjecture that several variants of the
neighbor-search problem over these graphs are hard, and provide a comprehensive
list of cryptanalytic attempts on these problems. Moreover, based on the
hardness of these problems, we provide a construction of groups with infeasible
inversion, where the underlying groups are the ideal class groups of imaginary
quadratic orders.
Recall that in a group with infeasible inversion, computing the inverse of a
group element is required to be hard, while performing the group operation is
easy. Motivated by the potential cryptographic application of building a
directed transitive signature scheme, the search for a group with infeasible
inversion was initiated in the theses of Hohenberger and Molnar (2003). Later
it was also shown to provide a broadcast encryption scheme by Irrer et al.
(2004). However, to date the only case of a group with infeasible inversion is
implied by the much stronger primitive of self-bilinear map constructed by
Yamakawa et al. (2014) based on the hardness of factoring and
indistinguishability obfuscation (iO). Our construction gives a candidate
without using iO.Comment: Significant revision of the article previously titled "A Candidate
Group with Infeasible Inversion" (arXiv:1810.00022v1). Cleared up the
constructions by giving toy examples, added "The Parallelogram Attack" (Sec
5.3.2). 54 pages, 8 figure
On the Probability of Generating a Lattice
We study the problem of determining the probability that m vectors selected
uniformly at random from the intersection of the full-rank lattice L in R^n and
the window [0,B)^n generate when B is chosen to be appropriately
large. This problem plays an important role in the analysis of the success
probability of quantum algorithms for solving the Discrete Logarithm Problem in
infrastructures obtained from number fields and also for computing fundamental
units of number fields.
We provide the first complete and rigorous proof that 2n+1 vectors suffice to
generate L with constant probability (provided that B is chosen to be
sufficiently large in terms of n and the covering radius of L and the last n+1
vectors are sampled from a slightly larger window). Based on extensive computer
simulations, we conjecture that only n+1 vectors sampled from one window
suffice to generate L with constant success probability. If this conjecture is
true, then a significantly better success probability of the above quantum
algorithms can be guaranteed.Comment: 18 page
- …