4,891 research outputs found
Lower Bounds for Function Inversion with Quantum Advice
Function inversion is the problem that given a random function , we want to find pre-image of any image in time . In this
work, we revisit this problem under the preprocessing model where we can
compute some auxiliary information or advice of size that only depends on
but not on . It is a well-studied problem in the classical settings,
however, it is not clear how quantum algorithms can solve this task any better
besides invoking Grover's algorithm, which does not leverage the power of
preprocessing.
Nayebi et al. proved a lower bound for quantum
algorithms inverting permutations, however, they only consider algorithms with
classical advice. Hhan et al. subsequently extended this lower bound to fully
quantum algorithms for inverting permutations. In this work, we give the same
asymptotic lower bound to fully quantum algorithms for inverting functions for
fully quantum algorithms under the regime where .
In order to prove these bounds, we generalize the notion of quantum random
access code, originally introduced by Ambainis et al., to the setting where we
are given a list of (not necessarily independent) random variables, and we wish
to compress them into a variable-length encoding such that we can retrieve a
random element just using the encoding with high probability. As our main
technical contribution, we give a nearly tight lower bound (for a wide
parameter range) for this generalized notion of quantum random access codes,
which may be of independent interest.Comment: ITC full versio
Tight Quantum Time-Space Tradeoffs for Function Inversion
In function inversion, we are given a function , and want to prepare some advice of size , such that we can efficiently invert any image in time . This is a well studied problem with profound connections to cryptography, data structures, communication complexity, and circuit lower bounds. Investigation of this problem in the quantum setting was initiated by Nayebi, Aaronson, Belovs, and Trevisan (2015), who proved a lower bound of for random permutations against classical advice, leaving open an intriguing possibility that Grover\u27s search can be sped up to time . Recent works by Hhan, Xagawa, and Yamakawa (2019), and Chung, Liao, and Qian (2019) extended the argument for random functions and quantum advice, but the lower bound remains .
In this work, we prove that even with quantum advice, is required for an algorithm to invert random functions. This demonstrates that Grover\u27s search is optimal for , ruling out any substantial speed-up for Grover\u27s search even with quantum advice. Further improvements to our bounds would imply new classical circuit lower bounds, as shown by Corrigan-Gibbs and Kogan (2019).
To prove this result, we develop a general framework for establishing quantum time-space lower bounds. We further demonstrate the power of our framework by proving the following results.
* Yao\u27s box problem: We prove a tight quantum time-space lower bound for classical advice. For quantum advice, we prove a first time-space lower bound using shadow tomography. These results resolve two open problems posted by Nayebi et al (2015).
* Salted cryptography: We show that โsalting generically provably defeats preprocessing,โ a result shown by Coretti, Dodis, Guo, and Steinberger (2018), also holds in the quantum setting. In particular, we prove quantum time-space lower bounds for a wide class of salted cryptographic primitives in the quantum random oracle model. This yields a first quantum time-space lower bound for salted collision-finding, which in turn implies that relative to a random oracle
Quantum lower bound for inverting a permutation with advice
Given a random permutation as a black box and ,
we want to output . Supplementary to our input, we are given
classical advice in the form of a pre-computed data structure; this advice can
depend on the permutation but \emph{not} on the input . Classically, there
is a data structure of size and an algorithm that with the help
of the data structure, given , can invert in time , for
every choice of parameters , , such that . We prove a
quantum lower bound of for quantum
algorithms that invert a random permutation on an fraction of
inputs, where is the number of queries to and is the amount of
advice. This answers an open question of De et al.
We also give a quantum lower bound for the simpler but
related Yao's box problem, which is the problem of recovering a bit ,
given the ability to query an -bit string at any index except the
-th, and also given bits of advice that depend on but not on .Comment: To appear in Quantum Information & Computation. Revised version based
on referee comment
์์ ์ปดํจํฐ์ ๋ํ ์ํธํ์ ์๊ณ ๋ฆฌ์ฆ
ํ์๋
ผ๋ฌธ(๋ฐ์ฌ) -- ์์ธ๋ํ๊ต๋ํ์ : ์์ฐ๊ณผํ๋ํ ์๋ฆฌ๊ณผํ๋ถ, 2022. 8. ์ดํํฌ.The advent of a quantum mechanical computer presents a clear threat to existing cryptography. On the other hand, the quantum computer also suggests the possibility of a new cryptographic protocol through the properties of quantum mechanics. These two perspectives, respectively, gave rise to a new field called post-quantum cryptography as a countermeasure against quantum attacks and quantum cryptography as a new cryptographic technology using quantum mechanics, which are the subject of this thesis.
In this thesis, we reconsider the security of the current post-quantum cryptography through a new quantum attack, model, and security proof. We present the fine-grained quantum security of hash functions as cryptographic primitives against preprocessing adversaries. We also bring recent quantum information theoretic research into cryptography, creating new quantum public key encryption and quantum commitment. Along the way, we resolve various open problems such as limitations of quantum algorithms with preprocessing computation, oracle separation problems in quantum complexity theory, and public key encryption using group action.์์์ญํ์ ์ด์ฉํ ์ปดํจํฐ์ ๋ฑ์ฅ์ ์ผ์ด์ ์๊ณ ๋ฆฌ์ฆ ๋ฑ์ ํตํด ๊ธฐ์กด ์ํธํ์ ๋ช
๋ฐฑํ ์ํ์ ์ ์ํ๋ฉฐ, ์์์ญํ์ ์ฑ์ง์ ํตํ ์๋ก์ด ์ํธํ๋กํ ์ฝ์ ๊ฐ๋ฅ์ฑ ๋ํ ์ ์ํ๋ค. ์ด๋ฌํ ๋ ๊ฐ์ง ๊ด์ ์ ๊ฐ๊ฐ ์ด ํ์ ๋
ผ๋ฌธ์ ์ฃผ์ ๊ฐ ๋๋ ์์๊ณต๊ฒฉ์ ๋ํ ๋์์ฑ
์ผ๋ก์จ์ ๋์์์ํธ์ ์์์ญํ์ ์ด์ฉํ ์ํธ๊ธฐ์ ์ธ ์์์ํธ๋ผ๊ณ ๋ถ๋ฆฌ๋ ์๋ก์ด ๋ถ์ผ๋ฅผ ๋ฐ์์์ผฐ๋ค.
์ด ํ์ ๋
ผ๋ฌธ์์๋ ํ์ฌ ๋์์์ํธ์ ์์ ์ฑ์ ์๋ก์ด ์์์ํธ ๊ณต๊ฒฉ ์๊ณ ๋ฆฌ์ฆ๊ณผ ๋ชจ๋ธ, ์์ ์ฑ ์ฆ๋ช
์ ํตํด ์ฌ๊ณ ํ๋ค. ํนํ ์ํธํ์ ํด์ฌํจ์์ ์ผ๋ฐฉํฅํจ์, ์ํธํ์ ์์ฌ๋์์์ฑ๊ธฐ๋ก์์ ๋์์ ์ํธ ์์ ์ฑ์ ๊ตฌ์ฒด์ ์ธ ํ๊ฐ๋ฅผ ์ ์ํ๋ค. ๋ํ ์ต๊ทผ ์์์ญํ์ ์ฐ๊ตฌ๋ฅผ ์์์ํธ์ ๋์
ํจ์ผ๋ก์จ ์๋ก์ด ์์ ๊ณต๊ฐํค์ํธ์ ์์ ์ปค๋ฐ๋จผํธ ๋ฑ์ ์๋ก์ด ๋ฐ๊ฒฌ์ ์ ์ํ๋ค. ์ด ๊ณผ์ ์์ ์ ์ฒ๋ฆฌ ๊ณ์ฐ์ ํฌํจํ ์์์๊ณ ๋ฆฌ์ฆ์ ํ๊ณ, ์์ ๋ณต์ก๊ณ๋ค์ ์ค๋ผํด๋ถ๋ฆฌ ๋ฌธ์ , ๊ตฐ์ ์์ฉ์ ์ด์ฉํ ๊ณต๊ฐํค ์ํธ ๋ฑ์ ์ฌ๋ฌ ์ด๋ฆฐ๋ฌธ์ ๋ค์ ํด๊ฒฐ์ ์ ์ํ๋ค.1 Introduction 1
1.1 Contributions 3
1.2 Related Works 11
1.3 Research Papers 13
2 Preliminaries 14
2.1 Quantum Computations 15
2.2 Quantum Algorithms 20
2.3 Cryptographic Primitives 21
I Post-Quantum Cryptography: Attacks, New Models, and Proofs 24
3 Quantum Cryptanalysis 25
3.1 Introduction 25
3.2 QROM-AI Algorithm for Function Inversion 26
3.3 Quantum Multiple Discrete Logarithm Problem 34
3.4 Discussion and Open problems 39
4 Quantum Random Oracle Model with Classical Advice 42
4.1 Quantum ROM with Auxiliary Input 44
4.2 Function Inversion 46
4.3 Pseudorandom Generators 56
4.4 Post-quantum Primitives 58
4.5 Discussion and Open Problems 59
5 Quantum Random Permutations with Quantum Advice 62
5.1 Bound for Inverting Random Permutations 64
5.2 Preparation 64
5.3 Proof of Theorem 68
5.4 Implication in Complexity Theory 74
5.5 Discussion and Open Problems 77
II Quantum Cryptography: Public-key Encryptions and Bit Commitments 79
6 Equivalence Theorem 80
6.1 Equivalence Theorem 81
6.2 Non-uniform Equivalence Theorem 83
6.3 Proof of Equivalence Theorem 86
7 Quantum Public Key Encryption 89
7.1 Swap-trapdoor Function Pairs 90
7.2 Quantum-Ciphertext Public Key Encryption 94
7.3 Group Action based Construction 99
7.4 Lattice based Construction 107
7.5 Discussion and Open Problems 113
7.6 Deferred Proof 114
8 Quantum Bit Commitment 119
8.1 Quantum Commitments 120
8.2 Efficient Conversion 123
8.3 Applications of Conversion 126
8.4 Discussion and Open Problems 137๋ฐ
Quantum Algorithm for Dynamic Programming Approach for DAGs. Applications for Zhegalkin Polynomial Evaluation and Some Problems on DAGs
In this paper, we present a quantum algorithm for dynamic programming
approach for problems on directed acyclic graphs (DAGs). The running time of
the algorithm is , and the running time of the
best known deterministic algorithm is , where is the number of
vertices, is the number of vertices with at least one outgoing edge;
is the number of edges. We show that we can solve problems that use OR,
AND, NAND, MAX and MIN functions as the main transition steps. The approach is
useful for a couple of problems. One of them is computing a Boolean formula
that is represented by Zhegalkin polynomial, a Boolean circuit with shared
input and non-constant depth evaluating. Another two are the single source
longest paths search for weighted DAGs and the diameter search problem for
unweighted DAGs.Comment: UCNC2019 Conference pape
Optimal experiment design revisited: fair, precise and minimal tomography
Given an experimental set-up and a fixed number of measurements, how should
one take data in order to optimally reconstruct the state of a quantum system?
The problem of optimal experiment design (OED) for quantum state tomography was
first broached by Kosut et al. [arXiv:quant-ph/0411093v1]. Here we provide
efficient numerical algorithms for finding the optimal design, and analytic
results for the case of 'minimal tomography'. We also introduce the average
OED, which is independent of the state to be reconstructed, and the optimal
design for tomography (ODT), which minimizes tomographic bias. We find that
these two designs are generally similar. Monte-Carlo simulations confirm the
utility of our results for qubits. Finally, we adapt our approach to deal with
constrained techniques such as maximum likelihood estimation. We find that
these are less amenable to optimization than cruder reconstruction methods,
such as linear inversion.Comment: 16 pages, 7 figure
Symmetric Informationally Complete Quantum Measurements
We consider the existence in arbitrary finite dimensions d of a POVM
comprised of d^2 rank-one operators all of whose operator inner products are
equal. Such a set is called a ``symmetric, informationally complete'' POVM
(SIC-POVM) and is equivalent to a set of d^2 equiangular lines in C^d.
SIC-POVMs are relevant for quantum state tomography, quantum cryptography, and
foundational issues in quantum mechanics. We construct SIC-POVMs in dimensions
two, three, and four. We further conjecture that a particular kind of
group-covariant SIC-POVM exists in arbitrary dimensions, providing numerical
results up to dimension 45 to bolster this claim.Comment: 8 page
Strong experimental guarantees in ultrafast quantum random number generation
We describe a methodology and standard of proof for experimental claims of
quantum random number generation (QRNG), analogous to well-established methods
from precision measurement. For appropriately constructed physical
implementations, lower bounds on the quantum contribution to the average
min-entropy can be derived from measurements on the QRNG output. Given these
bounds, randomness extractors allow generation of nearly perfect
"{\epsilon}-random" bit streams. An analysis of experimental uncertainties then
gives experimentally derived confidence levels on the {\epsilon} randomness of
these sequences. We demonstrate the methodology by application to
phase-diffusion QRNG, driven by spontaneous emission as a trusted randomness
source. All other factors, including classical phase noise, amplitude
fluctuations, digitization errors and correlations due to finite detection
bandwidth, are treated with paranoid caution, i.e., assuming the worst possible
behaviors consistent with observations. A data-constrained numerical
optimization of the distribution of untrusted parameters is used to lower bound
the average min-entropy. Under this paranoid analysis, the QRNG remains
efficient, generating at least 2.3 quantum random bits per symbol with 8-bit
digitization and at least 0.83 quantum random bits per symbol with binary
digitization, at a confidence level of 0.99993. The result demonstrates
ultrafast QRNG with strong experimental guarantees.Comment: 11 pages, 9 figure
- โฆ