80 research outputs found
Knapsack Public-Key Cryptosystem Using Chinese Remainder Theorem
The realization of the quantum computer will enable to break
public-key cryptosystems based on factoring problem
and discrete logarithm problem.
It is considered that even the quantum computer can not solve NP-hard problem
in a polynomial time.
The subset sum problem is known to be NP-hard.
Merkle and Hellman proposed a knapsack cryptosystem using the subset sum problem.
However, it was broken by Shamir or Adleman
because there exist the linearity of the modular transformation
and the specialty in the secret keys.
It is also broken with the low-density attack because the density is not sufficiently high.
In this paper, we propose a new class of knapsack scheme without modular transformation.
The specialty and the linearity can be avoidable by using
the Chinese remainder theorem as the trapdoor.
The proposed scheme has a high density and a large dimension
to be sufficiently secure against a practical low-density attack
Efficient Algorithms for Certifying Lower Bounds on the Discrepancy of Random Matrices
We initiate the study of the algorithmic problem of certifying lower bounds
on the discrepancy of random matrices: given an input matrix , output a value that is a lower bound on
for every , but
is close to the typical value of with high probability over
the choice of a random . This problem is important because of its
connections to conjecturally-hard average-case problems such as
negatively-spiked PCA, the number-balancing problem and refuting random
constraint satisfaction problems. We give the first polynomial-time algorithms
with non-trivial guarantees for two main settings. First, when the entries of
are i.i.d. standard Gaussians, it is known that with high probability. Our algorithm certifies that
with high probability. As an
application, this formally refutes a conjecture of Bandeira, Kunisky, and Wein
on the computational hardness of the detection problem in the negatively-spiked
Wishart model. Second, we consider the integer partitioning problem: given
uniformly random -bit integers , certify the non-existence
of a perfect partition, i.e. certify that for . Under the scaling , it is known that the
probability of the existence of a perfect partition undergoes a phase
transition from 1 to 0 at ; our algorithm certifies the
non-existence of perfect partitions for some . We also give
efficient non-deterministic algorithms with significantly improved guarantees.
Our algorithms involve a reduction to the Shortest Vector Problem.Comment: ITCS 202
Quantum NV Sieve on Grover for Solving Shortest Vector Problem
Quantum computers can efficiently model and solve several challenging problems for classical computers, raising concerns about potential security reductions in cryptography. NIST is already considering potential quantum attacks in the development of post-quantum cryptography by estimating the quantum resources required for such quantum attacks. In this paper, we present quantum circuits for the NV sieve algorithm to solve the Shortest Vector Problem (SVP), which serves as the security foundation for lattice-based cryptography, achieving a quantum speedup of the square root. Although there has been extensive research on the application of quantum algorithms for lattice-based problems at the theoretical level, specific quantum circuit implementations for them have not been presented yet.
Notably, this work demonstrates that the required quantum complexity for the SVP in the lattice of rank 70 and dimension 70 is (a product of the total gate count and the total depth) with our optimized quantum implementation of the NV sieve algorithm.
This complexity is significantly lower than the NIST post-quantum security standard, where level 1 is , corresponding to the complexity of Grover\u27s key search for AES-128
The Mersenne Low Hamming Combination Search Problem can be reduced to an ILP Problem
In 2017, Aggarwal, Joux, Prakash, and Santha proposed an innovative NTRU-like public-key cryptosystem that was believed to be quantum resistant, based on Mersenne prime numbers q = 2^N-1. After a successful attack designed by Beunardeau, Connolly, Geraud, and Naccache, the authors revised the protocol which was accepted for Round 1 of the Post-Quantum Cryptography Standardization Process organized by NIST. The security of this protocol is based on the assumption that a so-called Mersenne Low Hamming Combination Search Problem (MLHCombSP) is hard to solve. In this work, we present a reduction of MLHCombSP to Integer Linear Programming (ILP). This opens new research directions for assessing the concrete robustness of such cryptosystem. In particular, we uncover a new family of weak keys, for whose our attack runs in polynomial time
Optimizing the positioning of medical facilities using linear programming techniques
The Plant Location Problem is one of the most important branch of operations research concerned with the optimal placement of plants to minimize transportation costs. We had to deal with a real problem related to the positioning of medical facilities on the territory of Emilia-Romagna. We started from the SPLP to create a mathematical model for this problem, but we needed to add some more constraints. The described algorithm was designed to give to the user a rapid feedback from the syste
Computational complexity of the landscape I
We study the computational complexity of the physical problem of finding
vacua of string theory which agree with data, such as the cosmological
constant, and show that such problems are typically NP hard. In particular, we
prove that in the Bousso-Polchinski model, the problem is NP complete. We
discuss the issues this raises and the possibility that, even if we were to
find compelling evidence that some vacuum of string theory describes our
universe, we might never be able to find that vacuum explicitly.
In a companion paper, we apply this point of view to the question of how
early cosmology might select a vacuum.Comment: JHEP3 Latex, 53 pp, 2 .eps figure
Improved Quantum Hypercone Locality Sensitive Filtering in Lattice Sieving
The asymptotically fastest known method for solving SVP is via lattice sieving, an algorithm whose computational bottleneck is solving the Nearest Neighbor Search problem. The best known algorithm for solving this problem is Hypercone Locality Sensitive Filtering (LSF). The classical time complexity of a sieve using Hypercone LSF is . The quantum time complexity is , which is acquired by using Grover\u27s algorithm to speed up part of the enumeration.
We present an improvement to the quantum algorithm, which improves the time complexity to . Essentially, we provide a way to use Grover\u27s algorithm to speed up another part of the process, providing a better tradeoff. This improvement affects the security of lattice-based encryption schemes, including NIST PQC Round 3 finalists
Computational Indistinguishability between Quantum States and Its Cryptographic Application
We introduce a computational problem of distinguishing between two specific
quantum states as a new cryptographic problem to design a quantum cryptographic
scheme that is "secure" against any polynomial-time quantum adversary. Our
problem, QSCDff, is to distinguish between two types of random coset states
with a hidden permutation over the symmetric group of finite degree. This
naturally generalizes the commonly-used distinction problem between two
probability distributions in computational cryptography. As our major
contribution, we show that QSCDff has three properties of cryptographic
interest: (i) QSCDff has a trapdoor; (ii) the average-case hardness of QSCDff
coincides with its worst-case hardness; and (iii) QSCDff is computationally at
least as hard as the graph automorphism problem in the worst case. These
cryptographic properties enable us to construct a quantum public-key
cryptosystem, which is likely to withstand any chosen plaintext attack of a
polynomial-time quantum adversary. We further discuss a generalization of
QSCDff, called QSCDcyc, and introduce a multi-bit encryption scheme that relies
on similar cryptographic properties of QSCDcyc.Comment: 24 pages, 2 figures. We improved presentation, and added more detail
proofs and follow-up of recent wor
- …