602 research outputs found
Quantum Distinguishing Complexity, Zero-Error Algorithms, and Statistical Zero Knowledge
We define a new query measure we call quantum distinguishing complexity, denoted QD(f) for a Boolean function f. Unlike a quantum query algorithm, which must output a state close to |0> on a 0-input and a state close to |1> on a 1-input, a "quantum distinguishing algorithm" can output any state, as long as the output states for any 0-input and 1-input are distinguishable.
Using this measure, we establish a new relationship in query complexity: For all total functions f, Q_0(f)=O~(Q(f)^5), where Q_0(f) and Q(f) denote the zero-error and bounded-error quantum query complexity of f respectively, improving on the previously known sixth power relationship.
We also define a query measure based on quantum statistical zero-knowledge proofs, QSZK(f), which is at most Q(f). We show that QD(f) in fact lower bounds QSZK(f) and not just Q(f). QD(f) also upper bounds the (positive-weights) adversary bound, which yields the following relationships for all f: Q(f) >= QSZK(f) >= QD(f) = Omega(Adv(f)). This sheds some light on why the adversary bound proves suboptimal bounds for problems like Collision and Set Equality, which have low QSZK complexity.
Lastly, we show implications for lifting theorems in communication complexity. We show that a general lifting theorem for either zero-error quantum query complexity or for QSZK would imply a general lifting theorem for bounded-error quantum query complexity
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
Learning with Errors is easy with quantum samples
Learning with Errors is one of the fundamental problems in computational
learning theory and has in the last years become the cornerstone of
post-quantum cryptography. In this work, we study the quantum sample complexity
of Learning with Errors and show that there exists an efficient quantum
learning algorithm (with polynomial sample and time complexity) for the
Learning with Errors problem where the error distribution is the one used in
cryptography. While our quantum learning algorithm does not break the LWE-based
encryption schemes proposed in the cryptography literature, it does have some
interesting implications for cryptography: first, when building an LWE-based
scheme, one needs to be careful about the access to the public-key generation
algorithm that is given to the adversary; second, our algorithm shows a
possible way for attacking LWE-based encryption by using classical samples to
approximate the quantum sample state, since then using our quantum learning
algorithm would solve LWE
Quantum Simulation Logic, Oracles, and the Quantum Advantage
Query complexity is a common tool for comparing quantum and classical
computation, and it has produced many examples of how quantum algorithms differ
from classical ones. Here we investigate in detail the role that oracles play
for the advantage of quantum algorithms. We do so by using a simulation
framework, Quantum Simulation Logic (QSL), to construct oracles and algorithms
that solve some problems with the same success probability and number of
queries as the quantum algorithms. The framework can be simulated using only
classical resources at a constant overhead as compared to the quantum resources
used in quantum computation. Our results clarify the assumptions made and the
conditions needed when using quantum oracles. Using the same assumptions on
oracles within the simulation framework we show that for some specific
algorithms, like the Deutsch-Jozsa and Simon's algorithms, there simply is no
advantage in terms of query complexity. This does not detract from the fact
that quantum query complexity provides examples of how a quantum computer can
be expected to behave, which in turn has proved useful for finding new quantum
algorithms outside of the oracle paradigm, where the most prominent example is
Shor's algorithm for integer factorization.Comment: 48 pages, 46 figure
Impossibility of Succinct Quantum Proofs for Collision-Freeness
We show that any quantum algorithm to decide whether a function f:\left[n\right] \rightarrow\left[ n\right] is a permutation or far from a permutation\ must make \Omega\left( n^{1/3}/w\right) queries to f, even if the algorithm is given a w-qubit quantum witness in support of f being a permutation. This implies that there exists an oracle A such that \mathsfSZKA\mathsfQMAA , answering an eight-year-old open question of the author. Indeed, we show that relative to some oracle, \mathsfSZK is not in the counting class \mathsfA\mathsf0\mathsfPP defined by Vyalyi. The proof is a fairly simple extension of the quantum lower bound for the collision problem..National Science Foundation (U.S.) (grant 0844626)United States. Defense Advanced Research Projects Agency (YFA grant
- …