751 research outputs found
Quantum lower bound for inverting a permutation with advice
Given a random permutation as a black box and ,
we want to output . Supplementary to our input, we are given
classical advice in the form of a pre-computed data structure; this advice can
depend on the permutation but \emph{not} on the input . Classically, there
is a data structure of size and an algorithm that with the help
of the data structure, given , can invert in time , for
every choice of parameters , , such that . We prove a
quantum lower bound of for quantum
algorithms that invert a random permutation on an fraction of
inputs, where is the number of queries to and is the amount of
advice. This answers an open question of De et al.
We also give a quantum lower bound for the simpler but
related Yao's box problem, which is the problem of recovering a bit ,
given the ability to query an -bit string at any index except the
-th, and also given bits of advice that depend on but not on .Comment: To appear in Quantum Information & Computation. Revised version based
on referee comment
Quantum vs Classical Proofs and Subset Verification
We study the ability of efficient quantum verifiers to decide properties of
exponentially large subsets given either a classical or quantum witness. We
develop a general framework that can be used to prove that QCMA machines, with
only classical witnesses, cannot verify certain properties of subsets given
implicitly via an oracle. We use this framework to prove an oracle separation
between QCMA and QMA using an "in-place" permutation oracle, making the first
progress on this question since Aaronson and Kuperberg in 2007. We also use the
framework to prove a particularly simple standard oracle separation between
QCMA and AM.Comment: 23 pages, presentation and notation clarified, small errors fixe
Lower Bounds for Function Inversion with Quantum Advice
Function inversion is the problem that given a random function , we want to find pre-image of any image in time . In this
work, we revisit this problem under the preprocessing model where we can
compute some auxiliary information or advice of size that only depends on
but not on . It is a well-studied problem in the classical settings,
however, it is not clear how quantum algorithms can solve this task any better
besides invoking Grover's algorithm, which does not leverage the power of
preprocessing.
Nayebi et al. proved a lower bound for quantum
algorithms inverting permutations, however, they only consider algorithms with
classical advice. Hhan et al. subsequently extended this lower bound to fully
quantum algorithms for inverting permutations. In this work, we give the same
asymptotic lower bound to fully quantum algorithms for inverting functions for
fully quantum algorithms under the regime where .
In order to prove these bounds, we generalize the notion of quantum random
access code, originally introduced by Ambainis et al., to the setting where we
are given a list of (not necessarily independent) random variables, and we wish
to compress them into a variable-length encoding such that we can retrieve a
random element just using the encoding with high probability. As our main
technical contribution, we give a nearly tight lower bound (for a wide
parameter range) for this generalized notion of quantum random access codes,
which may be of independent interest.Comment: ITC full versio
Data Structures Lower Bounds and Popular Conjectures
In this paper, we investigate the relative power of several conjectures that attracted recently lot of interest. We establish a connection between the Network Coding Conjecture (NCC) of Li and Li [Li and Li, 2004] and several data structure problems such as non-adaptive function inversion of Hellman [M. Hellman, 1980] and the well-studied problem of polynomial evaluation and interpolation. In turn these data structure problems imply super-linear circuit lower bounds for explicit functions such as integer sorting and multi-point polynomial evaluation
์์ ์ปดํจํฐ์ ๋ํ ์ํธํ์ ์๊ณ ๋ฆฌ์ฆ
ํ์๋
ผ๋ฌธ(๋ฐ์ฌ) -- ์์ธ๋ํ๊ต๋ํ์ : ์์ฐ๊ณผํ๋ํ ์๋ฆฌ๊ณผํ๋ถ, 2022. 8. ์ดํํฌ.The advent of a quantum mechanical computer presents a clear threat to existing cryptography. On the other hand, the quantum computer also suggests the possibility of a new cryptographic protocol through the properties of quantum mechanics. These two perspectives, respectively, gave rise to a new field called post-quantum cryptography as a countermeasure against quantum attacks and quantum cryptography as a new cryptographic technology using quantum mechanics, which are the subject of this thesis.
In this thesis, we reconsider the security of the current post-quantum cryptography through a new quantum attack, model, and security proof. We present the fine-grained quantum security of hash functions as cryptographic primitives against preprocessing adversaries. We also bring recent quantum information theoretic research into cryptography, creating new quantum public key encryption and quantum commitment. Along the way, we resolve various open problems such as limitations of quantum algorithms with preprocessing computation, oracle separation problems in quantum complexity theory, and public key encryption using group action.์์์ญํ์ ์ด์ฉํ ์ปดํจํฐ์ ๋ฑ์ฅ์ ์ผ์ด์ ์๊ณ ๋ฆฌ์ฆ ๋ฑ์ ํตํด ๊ธฐ์กด ์ํธํ์ ๋ช
๋ฐฑํ ์ํ์ ์ ์ํ๋ฉฐ, ์์์ญํ์ ์ฑ์ง์ ํตํ ์๋ก์ด ์ํธํ๋กํ ์ฝ์ ๊ฐ๋ฅ์ฑ ๋ํ ์ ์ํ๋ค. ์ด๋ฌํ ๋ ๊ฐ์ง ๊ด์ ์ ๊ฐ๊ฐ ์ด ํ์ ๋
ผ๋ฌธ์ ์ฃผ์ ๊ฐ ๋๋ ์์๊ณต๊ฒฉ์ ๋ํ ๋์์ฑ
์ผ๋ก์จ์ ๋์์์ํธ์ ์์์ญํ์ ์ด์ฉํ ์ํธ๊ธฐ์ ์ธ ์์์ํธ๋ผ๊ณ ๋ถ๋ฆฌ๋ ์๋ก์ด ๋ถ์ผ๋ฅผ ๋ฐ์์์ผฐ๋ค.
์ด ํ์ ๋
ผ๋ฌธ์์๋ ํ์ฌ ๋์์์ํธ์ ์์ ์ฑ์ ์๋ก์ด ์์์ํธ ๊ณต๊ฒฉ ์๊ณ ๋ฆฌ์ฆ๊ณผ ๋ชจ๋ธ, ์์ ์ฑ ์ฆ๋ช
์ ํตํด ์ฌ๊ณ ํ๋ค. ํนํ ์ํธํ์ ํด์ฌํจ์์ ์ผ๋ฐฉํฅํจ์, ์ํธํ์ ์์ฌ๋์์์ฑ๊ธฐ๋ก์์ ๋์์ ์ํธ ์์ ์ฑ์ ๊ตฌ์ฒด์ ์ธ ํ๊ฐ๋ฅผ ์ ์ํ๋ค. ๋ํ ์ต๊ทผ ์์์ญํ์ ์ฐ๊ตฌ๋ฅผ ์์์ํธ์ ๋์
ํจ์ผ๋ก์จ ์๋ก์ด ์์ ๊ณต๊ฐํค์ํธ์ ์์ ์ปค๋ฐ๋จผํธ ๋ฑ์ ์๋ก์ด ๋ฐ๊ฒฌ์ ์ ์ํ๋ค. ์ด ๊ณผ์ ์์ ์ ์ฒ๋ฆฌ ๊ณ์ฐ์ ํฌํจํ ์์์๊ณ ๋ฆฌ์ฆ์ ํ๊ณ, ์์ ๋ณต์ก๊ณ๋ค์ ์ค๋ผํด๋ถ๋ฆฌ ๋ฌธ์ , ๊ตฐ์ ์์ฉ์ ์ด์ฉํ ๊ณต๊ฐํค ์ํธ ๋ฑ์ ์ฌ๋ฌ ์ด๋ฆฐ๋ฌธ์ ๋ค์ ํด๊ฒฐ์ ์ ์ํ๋ค.1 Introduction 1
1.1 Contributions 3
1.2 Related Works 11
1.3 Research Papers 13
2 Preliminaries 14
2.1 Quantum Computations 15
2.2 Quantum Algorithms 20
2.3 Cryptographic Primitives 21
I Post-Quantum Cryptography: Attacks, New Models, and Proofs 24
3 Quantum Cryptanalysis 25
3.1 Introduction 25
3.2 QROM-AI Algorithm for Function Inversion 26
3.3 Quantum Multiple Discrete Logarithm Problem 34
3.4 Discussion and Open problems 39
4 Quantum Random Oracle Model with Classical Advice 42
4.1 Quantum ROM with Auxiliary Input 44
4.2 Function Inversion 46
4.3 Pseudorandom Generators 56
4.4 Post-quantum Primitives 58
4.5 Discussion and Open Problems 59
5 Quantum Random Permutations with Quantum Advice 62
5.1 Bound for Inverting Random Permutations 64
5.2 Preparation 64
5.3 Proof of Theorem 68
5.4 Implication in Complexity Theory 74
5.5 Discussion and Open Problems 77
II Quantum Cryptography: Public-key Encryptions and Bit Commitments 79
6 Equivalence Theorem 80
6.1 Equivalence Theorem 81
6.2 Non-uniform Equivalence Theorem 83
6.3 Proof of Equivalence Theorem 86
7 Quantum Public Key Encryption 89
7.1 Swap-trapdoor Function Pairs 90
7.2 Quantum-Ciphertext Public Key Encryption 94
7.3 Group Action based Construction 99
7.4 Lattice based Construction 107
7.5 Discussion and Open Problems 113
7.6 Deferred Proof 114
8 Quantum Bit Commitment 119
8.1 Quantum Commitments 120
8.2 Efficient Conversion 123
8.3 Applications of Conversion 126
8.4 Discussion and Open Problems 137๋ฐ
NP-complete Problems and Physical Reality
Can NP-complete problems be solved efficiently in the physical universe? I
survey proposals including soap bubbles, protein folding, quantum computing,
quantum advice, quantum adiabatic algorithms, quantum-mechanical
nonlinearities, hidden variables, relativistic time dilation, analog computing,
Malament-Hogarth spacetimes, quantum gravity, closed timelike curves, and
"anthropic computing." The section on soap bubbles even includes some
"experimental" results. While I do not believe that any of the proposals will
let us solve NP-complete problems efficiently, I argue that by studying them,
we can learn something not only about computation but also about physics.Comment: 23 pages, minor correction
Quantum Random Oracle Model with Auxiliary Input
The random oracle model (ROM) is an idealized model where hash functions are
modeled as random functions that are only accessible as oracles. Although the
ROM has been used for proving many cryptographic schemes, it has (at least)
two problems. First, the ROM does not capture quantum adversaries. Second, it
does not capture non-uniform adversaries that perform preprocessings. To deal
with these problems, Boneh et al. (Asiacrypt\u2711) proposed using the quantum
ROM (QROM) to argue post-quantum security, and Unruh (CRYPTO\u2707) proposed the
ROM with auxiliary input (ROM-AI) to argue security against preprocessing
attacks. However, to the best of our knowledge, no work has dealt with the
above two problems simultaneously.
In this paper, we consider a model that we call the QROM with (classical)
auxiliary input (QROM-AI) that deals with the above two problems
simultaneously and study security of cryptographic primitives in the model.
That is, we give security bounds for one-way functions, pseudorandom
generators, (post-quantum) pseudorandom functions, and (post-quantum) message
authentication codes in the QROM-AI.
We also study security bounds in the presence of quantum auxiliary inputs. In
other words, we show a security bound for one-wayness of random permutations
(instead of random functions) in the presence of quantum auxiliary inputs.
This resolves an open problem posed by Nayebi et al. (QIC\u2715). In a context of
complexity theory, this implies relative to a random permutation oracle, which also
answers an open problem posed by Aaronson (ToC\u2705)
IST Austria Thesis
A proof system is a protocol between a prover and a verifier over a common input in which an honest prover convinces the verifier of the validity of true statements. Motivated by the success of decentralized cryptocurrencies, exemplified by Bitcoin, the focus of this thesis will be on proof systems which found applications in some sustainable alternatives to Bitcoin, such as the Spacemint and Chia cryptocurrencies. In particular, we focus on proofs of space and proofs of sequential work.
Proofs of space (PoSpace) were suggested as more ecological, economical, and egalitarian alternative to the energy-wasteful proof-of-work mining of Bitcoin. However, the state-of-the-art constructions of PoSpace are based on sophisticated graph pebbling lower bounds, and are therefore complex. Moreover, when these PoSpace are used in cryptocurrencies like Spacemint, miners can only start mining after ensuring that a commitment to their space is already added in a special transaction to the blockchain. Proofs of sequential work (PoSW) are proof systems in which a prover, upon receiving a statement x and a time parameter T, computes a proof which convinces the verifier that T time units had passed since x was received. Whereas Spacemint assumes synchrony to retain some interesting Bitcoin dynamics, Chia requires PoSW with unique proofs, i.e., PoSW in which it is hard to come up with more than one accepting proof for any true statement. In this thesis we construct simple and practically-efficient PoSpace and PoSW. When using our PoSpace in cryptocurrencies, miners can start mining on the fly, like in Bitcoin, and unlike current constructions of PoSW, which either achieve efficient verification of sequential work, or faster-than-recomputing verification of correctness of proofs, but not both at the same time, ours achieve the best of these two worlds
- โฆ