On the impossibility of a quantum sieve algorithm for graph isomorphism: unconditional results

It is known that any quantum algorithm for Graph Isomorphism that works within the framework of the hidden subgroup problem (HSP) must perform highly entangled measurements across \Omega(n \log n) coset states. One of the only known models for how such a measurement could be carried out efficiently is Kuperberg's algorithm for the HSP in the dihedral group, in which quantum states are adaptively combined and measured according to the decomposition of tensor products into irreducible representations. This ``quantum sieve'' starts with coset states, and works its way down towards representations whose probabilities differ depending on, for example, whether the hidden subgroup is trivial or nontrivial. In this paper we show that no such approach can produce a polynomial-time quantum algorithm for Graph Isomorphism. Specifically, we consider the natural reduction of Graph Isomorphism to the HSP over the the wreath product S_n\wr Z_2. Using a recently proved bound on the irreducible characters of S_n, we show that no algorithm in this family can solve Graph Isomorphism in less than e^{\Omega(\sqrt{n})} time, no matter what adaptive rule it uses to select and combine quantum states. In particular, algorithms of this type can offer essentially no improvement over the best known classical algorithms, which run in time e^{O(\sqrt{n \log n})}.Comment: An earlier preprint, quant-ph/0609138, gave versions of these results which were conditional on a group-theoretic conjecture. This version provides unconditional result

Upper bound on the characters of the symmetric groups for balanced Young diagrams and a generalized Frobenius formula

We study asymptotics of an irreducible representation of the symmetric group Sn corresponding to a balanced Young diagram λ (a Young diagram with at most View the MathML source rows and columns for some fixed constant C) in the limit as n tends to infinity

Quantum Fourier sampling, Code Equivalence, and the quantum security of the McEliece and Sidelnikov cryptosystems

The Code Equivalence problem is that of determining whether two given linear codes are equivalent to each other up to a permutation of the coordinates. This problem has a direct reduction to a nonabelian hidden subgroup problem (HSP), suggesting a possible quantum algorithm analogous to Shor's algorithms for factoring or discrete log. However, we recently showed that in many cases of interest---including Goppa codes---solving this case of the HSP requires rich, entangled measurements. Thus, solving these cases of Code Equivalence via Fourier sampling appears to be out of reach of current families of quantum algorithms. Code equivalence is directly related to the security of McEliece-type cryptosystems in the case where the private code is known to the adversary. However, for many codes the support splitting algorithm of Sendrier provides a classical attack in this case. We revisit the claims of our previous article in the light of these classical attacks, and discuss the particular case of the Sidelnikov cryptosystem, which is based on Reed-Muller codes

Separation cutoffs for random walk on irreducible representations

Random walk on the irreducible representations of the symmetric and general linear groups is studied. A separation distance cutoff is proved and the exact separation distance asymptotics are determined. A key tool is a method for writing the multiplicities in the Kronecker tensor powers of a fixed representation as a sum of non-negative terms. Connections are made with the Lagrange-Sylvester interpolation approach to Markov chains.Comment: 20 page

Asymptotics of characters of symmetric groups related to Stanley character formula

We prove an upper bound for characters of the symmetric groups. Namely, we show that there exists a constant a>0 with a property that for every Young diagram \lambda with n boxes, r(\lambda) rows and c(\lambda) columns |Tr \rho^\lambda(\pi) / Tr \rho^\lambda(e)| < [a max(r(\lambda)/n, c(\lambda)/n,|\pi|/n) ]^{|\pi|}, where |\pi| is the minimal number of factors needed to write \pi\in S_n as a product of transpositions. We also give uniform estimates for the error term in the Vershik-Kerov's and Biane's character formulas and give a new formula for free cumulants of the transition measure.Comment: Version 4: Change of title, shortened to 20 pages. Version 3: 24 pages, the title and the list of authors were changed. Version 2: 14 pages, the title, abstract and the main result were changed. Version 1: 10 pages (mistake in Lemma 7- which is false

Cryptography from tensor problems

We describe a new proposal for a trap-door one-way function. The new proposal belongs to the "multivariate quadratic" family but the trap-door is different from existing methods, and is simpler