Negative weights make adversaries stronger

The quantum adversary method is one of the most successful techniques for proving lower bounds on quantum query complexity. It gives optimal lower bounds for many problems, has application to classical complexity in formula size lower bounds, and is versatile with equivalent formulations in terms of weight schemes, eigenvalues, and Kolmogorov complexity. All these formulations rely on the principle that if an algorithm successfully computes a function then, in particular, it is able to distinguish between inputs which map to different values. We present a stronger version of the adversary method which goes beyond this principle to make explicit use of the stronger condition that the algorithm actually computes the function. This new method, which we call ADV+-, has all the advantages of the old: it is a lower bound on bounded-error quantum query complexity, its square is a lower bound on formula size, and it behaves well with respect to function composition. Moreover ADV+- is always at least as large as the adversary method ADV, and we show an example of a monotone function for which ADV+-(f)=Omega(ADV(f)^1.098). We also give examples showing that ADV+- does not face limitations of ADV like the certificate complexity barrier and the property testing barrier.Comment: 29 pages, v2: added automorphism principle, extended to non-boolean functions, simplified examples, added matching upper bound for AD

Where Quantum Complexity Helps Classical Complexity

Scientists have demonstrated that quantum computing has presented novel approaches to address computational challenges, each varying in complexity. Adapting problem-solving strategies is crucial to harness the full potential of quantum computing. Nonetheless, there are defined boundaries to the capabilities of quantum computing. This paper concentrates on aggregating prior research efforts dedicated to solving intricate classical computational problems through quantum computing. The objective is to systematically compile an exhaustive inventory of these solutions and categorize a collection of demanding problems that await further exploration

Kvantu vaicājošie algoritmi

Kvantu skaitļošana ir datorzinātnes apakšnozare, kas balstās uz kvantu mehānikas likumiem. Kvantu vaicājošais algoritms ir galvenais pētāmais objekts. Galvenais darba mērķis ir padarīt kvantu algoritma konstruēšanu pēc iespējas vienkāršāku. Pētījumā ir aprakstīti kvantu vaicājošie algoritmi, kas rēķina Būla funkcijas uzdodot nelielu skaitu vaicājumu, un tiek piedāvāti kvantu vaicājošie algoritmi daudzvērtīgu funkciju aprēķināšanai. Darbā ir aprakstīti vairāki efektīvi kvantu algoritmi konkrētu uzdevumu veikšanai. Paši nozīmīgākie ir kvantu vaicājošie algoritmi ar ierobežotu kļūdu, piemēram, piedāvāts algoritms divu bitu AND Būla funkcijai, kas izmanto vienu vienīgu vaicājumu un izsniedz pareizu atbildi ar varbūtību 9/10. Katrai aprakstītajai funkciju kopai ir veikta pamatīga kvantu un klasiskās sarežģītības analīze. Pēdējā pētījuma daļa ir veltīta Būla funkcijām ar zemas pakāpes polinomiem, kuri reprezentē dotās funkcijas. Darbā piedāvātie paņēmieni ļauj uzkonstruēt Būla funkcijas ar pietiekami lielu intervālu starp funkcijas determinēto sarežģītību un reprezentējošā polinoma pakāpi. Atslēgas vārdi: kvantu skaitļošana, vaicājošais modelis, vaicājošais algoritms, daudzvērtīga funkcija, zemas pakāpes Būla funkcijaQuantum computing is a way of computation based on the laws of quantum mechanics. The main subject of this research is a quantum query algorithm, where we pursued a major aim to make quantum algorithm design as straightforward as possible. This survey presents quantum query algorithms computing Boolean functions with a small number of queries and algorithms computing multivalued functions. Numerous quantum algorithms efficient for certain problems are described in the thesis. Bounded-error quantum algorithms are the most impressive, for example, a single-query algorithm for conjunction of two bits with the correct answer probability 9/10. Quantum versus classical algorithm complexity gap is discussed thorougly for each scope of functions. The last part of the thesis is devoted to Boolean functions with low-degree representing polynomials. Approaches presented in this work allow to design a Boolean function with a large gap between the deterministic complexity and the degree of a representing polynomial. Key words: quantum computing, query model, query algorithm, multivalued function, low-degree Boolean functio

Dagstuhl News January - December 2002

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic

Tweaking the Asymmetry of Asymmetric-Key Cryptography on Lattices: KEMs and Signatures of Smaller Sizes

Lattice-based cryptosystems are less efficient than their number-theoretic counterparts (based on RSA, discrete logarithm, etc.) in terms of key and ciphertext (signature) sizes. For adequate security the former typically needs thousands of bytes while in contrast the latter only requires at most hundreds of bytes. This significant difference has become one of the main concerns in replacing currently deployed public-key cryptosystems with lattice-based ones. Observing the inherent asymmetries in existing lattice-based cryptosystems, we propose asymmetric variants of the (module-)LWE and (module-)SIS assumptions, which yield further size-optimized KEM and signature schemes than those from standard counterparts. Following the framework of Lindner and Peikert (CT-RSA 2011) and the Crystals-Kyber proposal (EuroS&P 2018), we propose an IND-CCA secure KEM scheme from the hardness of the asymmetric module-LWE (AMLWE), whose asymmetry is fully exploited to obtain shorter public keys and ciphertexts. To target at a 128-bit security, the public key (resp., ciphertext) of our KEM only has 896 bytes (resp., 992 bytes), which gives an improvement of 192 bytes (resp.,160 bytes) over Kyber. Our signature scheme bears most resemblance to and improves upon the Crystals-Dilithium scheme (ToCHES 2018). By making full use of the underlying asymmetric module-LWE and module-SIS assumptions and carefully selecting the parameters, we obtain better compromise between computational costs, storage overheads and security and therefore construct an SUF-CMA secure signature scheme with shorter public keys and signatures. For a 128-bit security, the public key (resp., signature) of our signature scheme only has 1312 bytes (resp., 2445 bytes), which gives an improvement of 160 bytes (resp, 256 bytes) over Dilithium. We adapt the best known attacks and their variants to our AMLWE and AMSIS problems and conduct a comprehensive and thorough analysis of several parameter choices (aiming at different security strengths) and their impacts on the sizes, security and error probability of lattice-based cryptosystems. Our analysis demonstrates that AMLWE and AMSIS problems admit more flexible and size-efficient choices of parameters than the respective standard versions. Furthermore, implementations of our proposed schemes appear to be (slightly) more computationally efficient than their counterparts

Quantum Query Algorithms

Elektroniskā versija nesatur pielikumusLELDE LĀCE KVANTU VAICĀJOŠIE ALGORITMI ANOTĀCIJA Kvantu skaitļošana ir datorzinātņu apakšnozare, kurā tiek izmantotas kvantu mehānikas īpatnības, lai efektīvāk risinātu skaitļošanas uzdevumus. Šajā darbā tiek aplūkoti kvantu vaicājošie algoritmi Bula funkciju rēķināšanai. Darba sākumā tiek pierādīti kvantu algoritmu apakšējie novērtējumi dažādām funkcijām, kas apraksta grafu problēmas. Promocijas darba galvenais uzdevums ir izveidot efektīvus kvantu vaicājošos algoritmus. Ir nodefinēts kā veidot precīzus kvantu vaicājošos algoritmus ar sarežģītību n-1, 2n/3 un n/2. Darba turpinājumā tiek analizēti nedeterminētie kvantu algoritmi ar vienu jautājumu, to veidošanas iespējas un īpašības. Promocijas darbā tiek definēts jauns kvantu vaicājošo algoritmu veids - kvantu vaicājošie algoritmi ar pēcatlasi un tiek pierādīta šo algoritmu saistība ar nedeterminētajiem kvantu vaicājošajiem algoritmiem.LELDE LĀCE QUANTUM QUERY ALGORITHMS ANNOTATION Quantum computing is the subfield of computer science that aims to employ effects of quantum mechanics to efficiently perform computational tasks. The main research object of this work is quantum query model to compute Boolean functions. At first we prove higher lower bounds of quantum query algorithms for some of graph problems. Main purpose of the research is to find quantum query algorithms with complexity lower than deterministic one. The work presents a set of new exact quantum algorithms with quantum query complexity n-1, 2n/3 and n/2. We construct some nondeterministic quantum query algorithms with complexity 1 for Boolean functions with 2, 4 and 2n variables and study some properties of these functions. We propose definition of postselection quantum query algorithm and we propose one method how to make postselection quantum query algorithms

Second Preimage Attacks on Dithered Hash Functions

The goal of this paper is to analyze the security of dithered variants of the Merkle-Damgard mode of operation that use a third input to indicate the position of a block in the message to be hashed. These modes of operation for hash functions have been proposed to avoid some structural weaknesses of the Merkle-Damgard paradigm, e.g. that second preimages can be constructed in much less than $2^n$ work, as pointed out by Kelsey and Schneier. Among the modes of operation that use such a third input are Rivest\u27s dithered hashing and Biham and Dunkelman\u27s HAIFA proposal. We propose several new second preimage attacks on the Merkle-Damgard mode of operation, which can also attack Rivest\u27s dithered hash with almost the same complexity. When applied to Shoup\u27s UOWHF, these attacks can be shown to be optimal since their complexity matches Shoup\u27s security bound