4,890 research outputs found

    Lower Bounds for Function Inversion with Quantum Advice

    Get PDF
    Function inversion is the problem that given a random function f:[M]โ†’[N]f: [M] \to [N], we want to find pre-image of any image fโˆ’1(y)f^{-1}(y) in time TT. In this work, we revisit this problem under the preprocessing model where we can compute some auxiliary information or advice of size SS that only depends on ff but not on yy. It is a well-studied problem in the classical settings, however, it is not clear how quantum algorithms can solve this task any better besides invoking Grover's algorithm, which does not leverage the power of preprocessing. Nayebi et al. proved a lower bound ST2โ‰ฅฮฉ~(N)ST^2 \ge \tilde\Omega(N) for quantum algorithms inverting permutations, however, they only consider algorithms with classical advice. Hhan et al. subsequently extended this lower bound to fully quantum algorithms for inverting permutations. In this work, we give the same asymptotic lower bound to fully quantum algorithms for inverting functions for fully quantum algorithms under the regime where M=O(N)M = O(N). In order to prove these bounds, we generalize the notion of quantum random access code, originally introduced by Ambainis et al., to the setting where we are given a list of (not necessarily independent) random variables, and we wish to compress them into a variable-length encoding such that we can retrieve a random element just using the encoding with high probability. As our main technical contribution, we give a nearly tight lower bound (for a wide parameter range) for this generalized notion of quantum random access codes, which may be of independent interest.Comment: ITC full versio

    Tight Quantum Time-Space Tradeoffs for Function Inversion

    Get PDF
    In function inversion, we are given a function f:[N]โ†ฆ[N]f: [N] \mapsto [N], and want to prepare some advice of size SS, such that we can efficiently invert any image in time TT. This is a well studied problem with profound connections to cryptography, data structures, communication complexity, and circuit lower bounds. Investigation of this problem in the quantum setting was initiated by Nayebi, Aaronson, Belovs, and Trevisan (2015), who proved a lower bound of ST2=ฮฉ~(N)ST^2 = \tilde\Omega(N) for random permutations against classical advice, leaving open an intriguing possibility that Grover\u27s search can be sped up to time O~(N/S)\tilde O(\sqrt{N/S}). Recent works by Hhan, Xagawa, and Yamakawa (2019), and Chung, Liao, and Qian (2019) extended the argument for random functions and quantum advice, but the lower bound remains ST2=ฮฉ~(N)ST^2 = \tilde\Omega(N). In this work, we prove that even with quantum advice, ST+T2=ฮฉ~(N)ST + T^2 = \tilde\Omega(N) is required for an algorithm to invert random functions. This demonstrates that Grover\u27s search is optimal for S=O~(N)S = \tilde O(\sqrt{N}), ruling out any substantial speed-up for Grover\u27s search even with quantum advice. Further improvements to our bounds would imply new classical circuit lower bounds, as shown by Corrigan-Gibbs and Kogan (2019). To prove this result, we develop a general framework for establishing quantum time-space lower bounds. We further demonstrate the power of our framework by proving the following results. * Yao\u27s box problem: We prove a tight quantum time-space lower bound for classical advice. For quantum advice, we prove a first time-space lower bound using shadow tomography. These results resolve two open problems posted by Nayebi et al (2015). * Salted cryptography: We show that โ€œsalting generically provably defeats preprocessing,โ€ a result shown by Coretti, Dodis, Guo, and Steinberger (2018), also holds in the quantum setting. In particular, we prove quantum time-space lower bounds for a wide class of salted cryptographic primitives in the quantum random oracle model. This yields a first quantum time-space lower bound for salted collision-finding, which in turn implies that PWPPOโŠ†ฬธFBQPO/qpoly{PWPP}^{O} \not\subseteq {FBQP}^{O}{/qpoly} relative to a random oracle OO

    Quantum lower bound for inverting a permutation with advice

    Get PDF
    Given a random permutation f:[N]โ†’[N]f: [N] \to [N] as a black box and yโˆˆ[N]y \in [N], we want to output x=fโˆ’1(y)x = f^{-1}(y). Supplementary to our input, we are given classical advice in the form of a pre-computed data structure; this advice can depend on the permutation but \emph{not} on the input yy. Classically, there is a data structure of size O~(S)\tilde{O}(S) and an algorithm that with the help of the data structure, given f(x)f(x), can invert ff in time O~(T)\tilde{O}(T), for every choice of parameters SS, TT, such that Sโ‹…Tโ‰ฅNS\cdot T \ge N. We prove a quantum lower bound of T2โ‹…Sโ‰ฅฮฉ~(ฯตN)T^2\cdot S \ge \tilde{\Omega}(\epsilon N) for quantum algorithms that invert a random permutation ff on an ฯต\epsilon fraction of inputs, where TT is the number of queries to ff and SS is the amount of advice. This answers an open question of De et al. We also give a ฮฉ(N/m)\Omega(\sqrt{N/m}) quantum lower bound for the simpler but related Yao's box problem, which is the problem of recovering a bit xjx_j, given the ability to query an NN-bit string xx at any index except the jj-th, and also given mm bits of advice that depend on xx but not on jj.Comment: To appear in Quantum Information & Computation. Revised version based on referee comment

    ์–‘์ž ์ปดํ“จํ„ฐ์— ๋Œ€ํ•œ ์•”ํ˜ธํ•™์  ์•Œ๊ณ ๋ฆฌ์ฆ˜

    Get PDF
    ํ•™์œ„๋…ผ๋ฌธ(๋ฐ•์‚ฌ) -- ์„œ์šธ๋Œ€ํ•™๊ต๋Œ€ํ•™์› : ์ž์—ฐ๊ณผํ•™๋Œ€ํ•™ ์ˆ˜๋ฆฌ๊ณผํ•™๋ถ€, 2022. 8. ์ดํ›ˆํฌ.The advent of a quantum mechanical computer presents a clear threat to existing cryptography. On the other hand, the quantum computer also suggests the possibility of a new cryptographic protocol through the properties of quantum mechanics. These two perspectives, respectively, gave rise to a new field called post-quantum cryptography as a countermeasure against quantum attacks and quantum cryptography as a new cryptographic technology using quantum mechanics, which are the subject of this thesis. In this thesis, we reconsider the security of the current post-quantum cryptography through a new quantum attack, model, and security proof. We present the fine-grained quantum security of hash functions as cryptographic primitives against preprocessing adversaries. We also bring recent quantum information theoretic research into cryptography, creating new quantum public key encryption and quantum commitment. Along the way, we resolve various open problems such as limitations of quantum algorithms with preprocessing computation, oracle separation problems in quantum complexity theory, and public key encryption using group action.์–‘์ž์—ญํ•™์„ ์ด์šฉํ•œ ์ปดํ“จํ„ฐ์˜ ๋“ฑ์žฅ์€ ์‡ผ์–ด์˜ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ๋“ฑ์„ ํ†ตํ•ด ๊ธฐ์กด ์•”ํ˜ธํ•™์— ๋ช…๋ฐฑํ•œ ์œ„ํ˜‘์„ ์ œ์‹œํ•˜๋ฉฐ, ์–‘์ž์—ญํ•™์˜ ์„ฑ์งˆ์„ ํ†ตํ•œ ์ƒˆ๋กœ์šด ์•”ํ˜ธํ”„๋กœํ† ์ฝœ์˜ ๊ฐ€๋Šฅ์„ฑ ๋˜ํ•œ ์ œ์‹œํ•œ๋‹ค. ์ด๋Ÿฌํ•œ ๋‘ ๊ฐ€์ง€ ๊ด€์ ์€ ๊ฐ๊ฐ ์ด ํ•™์œ„ ๋…ผ๋ฌธ์˜ ์ฃผ์ œ๊ฐ€ ๋˜๋Š” ์–‘์ž๊ณต๊ฒฉ์— ๋Œ€ํ•œ ๋Œ€์‘์ฑ…์œผ๋กœ์จ์˜ ๋Œ€์–‘์ž์•”ํ˜ธ์™€ ์–‘์ž์—ญํ•™์„ ์ด์šฉํ•œ ์•”ํ˜ธ๊ธฐ์ˆ ์ธ ์–‘์ž์•”ํ˜ธ๋ผ๊ณ  ๋ถˆ๋ฆฌ๋Š” ์ƒˆ๋กœ์šด ๋ถ„์•ผ๋ฅผ ๋ฐœ์ƒ์‹œ์ผฐ๋‹ค. ์ด ํ•™์œ„ ๋…ผ๋ฌธ์—์„œ๋Š” ํ˜„์žฌ ๋Œ€์–‘์ž์•”ํ˜ธ์˜ ์•ˆ์ „์„ฑ์„ ์ƒˆ๋กœ์šด ์–‘์ž์•”ํ˜ธ ๊ณต๊ฒฉ ์•Œ๊ณ ๋ฆฌ์ฆ˜๊ณผ ๋ชจ๋ธ, ์•ˆ์ „์„ฑ ์ฆ๋ช…์„ ํ†ตํ•ด ์žฌ๊ณ ํ•œ๋‹ค. ํŠนํžˆ ์•”ํ˜ธํ•™์  ํ•ด์‰ฌํ•จ์ˆ˜์˜ ์ผ๋ฐฉํ–ฅํ•จ์ˆ˜, ์•”ํ˜ธํ•™์  ์˜์‚ฌ๋‚œ์ˆ˜์ƒ์„ฑ๊ธฐ๋กœ์„œ์˜ ๋Œ€์–‘์ž ์•”ํ˜ธ ์•ˆ์ „์„ฑ์˜ ๊ตฌ์ฒด์ ์ธ ํ‰๊ฐ€๋ฅผ ์ œ์‹œํ•œ๋‹ค. ๋˜ํ•œ ์ตœ๊ทผ ์–‘์ž์—ญํ•™์˜ ์—ฐ๊ตฌ๋ฅผ ์–‘์ž์•”ํ˜ธ์— ๋„์ž…ํ•จ์œผ๋กœ์จ ์ƒˆ๋กœ์šด ์–‘์ž ๊ณต๊ฐœํ‚ค์•”ํ˜ธ์™€ ์–‘์ž ์ปค๋ฐ‹๋จผํŠธ ๋“ฑ์˜ ์ƒˆ๋กœ์šด ๋ฐœ๊ฒฌ์„ ์ œ์‹œํ•œ๋‹ค. ์ด ๊ณผ์ •์—์„œ ์ „์ฒ˜๋ฆฌ ๊ณ„์‚ฐ์„ ํฌํ•จํ•œ ์–‘์ž์•Œ๊ณ ๋ฆฌ์ฆ˜์˜ ํ•œ๊ณ„, ์–‘์ž ๋ณต์žก๊ณ„๋“ค์˜ ์˜ค๋ผํด๋ถ„๋ฆฌ ๋ฌธ์ œ, ๊ตฐ์˜ ์ž‘์šฉ์„ ์ด์šฉํ•œ ๊ณต๊ฐœํ‚ค ์•”ํ˜ธ ๋“ฑ์˜ ์—ฌ๋Ÿฌ ์—ด๋ฆฐ๋ฌธ์ œ๋“ค์˜ ํ•ด๊ฒฐ์„ ์ œ์‹œํ•œ๋‹ค.1 Introduction 1 1.1 Contributions 3 1.2 Related Works 11 1.3 Research Papers 13 2 Preliminaries 14 2.1 Quantum Computations 15 2.2 Quantum Algorithms 20 2.3 Cryptographic Primitives 21 I Post-Quantum Cryptography: Attacks, New Models, and Proofs 24 3 Quantum Cryptanalysis 25 3.1 Introduction 25 3.2 QROM-AI Algorithm for Function Inversion 26 3.3 Quantum Multiple Discrete Logarithm Problem 34 3.4 Discussion and Open problems 39 4 Quantum Random Oracle Model with Classical Advice 42 4.1 Quantum ROM with Auxiliary Input 44 4.2 Function Inversion 46 4.3 Pseudorandom Generators 56 4.4 Post-quantum Primitives 58 4.5 Discussion and Open Problems 59 5 Quantum Random Permutations with Quantum Advice 62 5.1 Bound for Inverting Random Permutations 64 5.2 Preparation 64 5.3 Proof of Theorem 68 5.4 Implication in Complexity Theory 74 5.5 Discussion and Open Problems 77 II Quantum Cryptography: Public-key Encryptions and Bit Commitments 79 6 Equivalence Theorem 80 6.1 Equivalence Theorem 81 6.2 Non-uniform Equivalence Theorem 83 6.3 Proof of Equivalence Theorem 86 7 Quantum Public Key Encryption 89 7.1 Swap-trapdoor Function Pairs 90 7.2 Quantum-Ciphertext Public Key Encryption 94 7.3 Group Action based Construction 99 7.4 Lattice based Construction 107 7.5 Discussion and Open Problems 113 7.6 Deferred Proof 114 8 Quantum Bit Commitment 119 8.1 Quantum Commitments 120 8.2 Efficient Conversion 123 8.3 Applications of Conversion 126 8.4 Discussion and Open Problems 137๋ฐ•

    Quantum Algorithm for Dynamic Programming Approach for DAGs. Applications for Zhegalkin Polynomial Evaluation and Some Problems on DAGs

    Full text link
    In this paper, we present a quantum algorithm for dynamic programming approach for problems on directed acyclic graphs (DAGs). The running time of the algorithm is O(n^mlogโกn^)O(\sqrt{\hat{n}m}\log \hat{n}), and the running time of the best known deterministic algorithm is O(n+m)O(n+m), where nn is the number of vertices, n^\hat{n} is the number of vertices with at least one outgoing edge; mm is the number of edges. We show that we can solve problems that use OR, AND, NAND, MAX and MIN functions as the main transition steps. The approach is useful for a couple of problems. One of them is computing a Boolean formula that is represented by Zhegalkin polynomial, a Boolean circuit with shared input and non-constant depth evaluating. Another two are the single source longest paths search for weighted DAGs and the diameter search problem for unweighted DAGs.Comment: UCNC2019 Conference pape

    Optimal experiment design revisited: fair, precise and minimal tomography

    Full text link
    Given an experimental set-up and a fixed number of measurements, how should one take data in order to optimally reconstruct the state of a quantum system? The problem of optimal experiment design (OED) for quantum state tomography was first broached by Kosut et al. [arXiv:quant-ph/0411093v1]. Here we provide efficient numerical algorithms for finding the optimal design, and analytic results for the case of 'minimal tomography'. We also introduce the average OED, which is independent of the state to be reconstructed, and the optimal design for tomography (ODT), which minimizes tomographic bias. We find that these two designs are generally similar. Monte-Carlo simulations confirm the utility of our results for qubits. Finally, we adapt our approach to deal with constrained techniques such as maximum likelihood estimation. We find that these are less amenable to optimization than cruder reconstruction methods, such as linear inversion.Comment: 16 pages, 7 figure

    Symmetric Informationally Complete Quantum Measurements

    Get PDF
    We consider the existence in arbitrary finite dimensions d of a POVM comprised of d^2 rank-one operators all of whose operator inner products are equal. Such a set is called a ``symmetric, informationally complete'' POVM (SIC-POVM) and is equivalent to a set of d^2 equiangular lines in C^d. SIC-POVMs are relevant for quantum state tomography, quantum cryptography, and foundational issues in quantum mechanics. We construct SIC-POVMs in dimensions two, three, and four. We further conjecture that a particular kind of group-covariant SIC-POVM exists in arbitrary dimensions, providing numerical results up to dimension 45 to bolster this claim.Comment: 8 page

    Strong experimental guarantees in ultrafast quantum random number generation

    Get PDF
    We describe a methodology and standard of proof for experimental claims of quantum random number generation (QRNG), analogous to well-established methods from precision measurement. For appropriately constructed physical implementations, lower bounds on the quantum contribution to the average min-entropy can be derived from measurements on the QRNG output. Given these bounds, randomness extractors allow generation of nearly perfect "{\epsilon}-random" bit streams. An analysis of experimental uncertainties then gives experimentally derived confidence levels on the {\epsilon} randomness of these sequences. We demonstrate the methodology by application to phase-diffusion QRNG, driven by spontaneous emission as a trusted randomness source. All other factors, including classical phase noise, amplitude fluctuations, digitization errors and correlations due to finite detection bandwidth, are treated with paranoid caution, i.e., assuming the worst possible behaviors consistent with observations. A data-constrained numerical optimization of the distribution of untrusted parameters is used to lower bound the average min-entropy. Under this paranoid analysis, the QRNG remains efficient, generating at least 2.3 quantum random bits per symbol with 8-bit digitization and at least 0.83 quantum random bits per symbol with binary digitization, at a confidence level of 0.99993. The result demonstrates ultrafast QRNG with strong experimental guarantees.Comment: 11 pages, 9 figure
    • โ€ฆ
    corecore