2,178 research outputs found
Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search
By applying Grover's quantum search algorithm to the lattice algorithms of
Micciancio and Voulgaris, Nguyen and Vidick, Wang et al., and Pujol and
Stehl\'{e}, we obtain improved asymptotic quantum results for solving the
shortest vector problem. With quantum computers we can provably find a shortest
vector in time , improving upon the classical time
complexity of of Pujol and Stehl\'{e} and the of Micciancio and Voulgaris, while heuristically we expect to find a
shortest vector in time , improving upon the classical time
complexity of of Wang et al. These quantum complexities
will be an important guide for the selection of parameters for post-quantum
cryptosystems based on the hardness of the shortest vector problem.Comment: 19 page
Ring Learning With Errors: A crossroads between postquantum cryptography, machine learning and number theory
The present survey reports on the state of the art of the different
cryptographic functionalities built upon the ring learning with errors problem
and its interplay with several classical problems in algebraic number theory.
The survey is based to a certain extent on an invited course given by the
author at the Basque Center for Applied Mathematics in September 2018.Comment: arXiv admin note: text overlap with arXiv:1508.01375 by other
authors/ comment of the author: quotation has been added to Theorem 5.
Not-so-adiabatic quantum computation for the shortest vector problem
Since quantum computers are known to break the vast majority of
currently-used cryptographic protocols, a variety of new protocols are being
developed that are conjectured, but not proven to be safe against quantum
attacks. Among the most promising is lattice-based cryptography, where security
relies upon problems like the shortest vector problem. We analyse the potential
of adiabatic quantum computation for attacks on lattice-based cryptography, and
give numerical evidence that even outside the adiabatic regime such methods can
facilitate the solution of the shortest vector and similar problems.Comment: 15 pages total, 9 figures, journal submission to Phys Rev Research
v2, corrected two typos (save --> safe, relies --> relies on
Improved Classical and Quantum Algorithms for the Shortest Vector Problem via Bounded Distance Decoding
The most important computational problem on lattices is the Shortest Vector
Problem (SVP). In this paper, we present new algorithms that improve the
state-of-the-art for provable classical/quantum algorithms for SVP. We present
the following results. A new algorithm for SVP that provides a smooth
tradeoff between time complexity and memory requirement. For any positive
integer , our algorithm takes time and
requires memory. This tradeoff which ranges from
enumeration () to sieving ( constant), is a consequence of a new
time-memory tradeoff for Discrete Gaussian sampling above the smoothing
parameter.
A quantum algorithm for SVP that runs in time and
requires classical memory and poly(n) qubits. In Quantum Random
Access Memory (QRAM) model this algorithm takes only time and
requires a QRAM of size , poly(n) qubits and
classical space. This improves over the previously fastest classical (which is
also the fastest quantum) algorithm due to [ADRS15] that has a time and space
complexity .
A classical algorithm for SVP that runs in time
time and space. This improves over an algorithm of [CCL18] that
has the same space complexity.
The time complexity of our classical and quantum algorithms are obtained
using a known upper bound on a quantity related to the lattice kissing number
which is . We conjecture that for most lattices this quantity is a
. Assuming that this is the case, our classical algorithm runs in
time , our quantum algorithm runs in time
and our quantum algorithm in QRAM model runs in time .Comment: Faster Quantum Algorithm for SVP in QRAM, 43 pages, 4 figure
A suite of quantum algorithms for the shortestvector problem
Crytography has come to be an essential part of the cybersecurity infrastructure that provides a safe environment for communications in an increasingly connected world. The advent of quantum computing poses a threat to the foundations of the current widely-used cryptographic model, due to the breaking of most of the cryptographic algorithms used to provide confidentiality, authenticity, and more. Consequently a new set of cryptographic protocols have been designed to be secure against quantum computers, and are collectively known as post-quantum cryptography (PQC). A forerunner among PQC is lattice-based cryptography, whose security relies upon the hardness of a number of closely related mathematical problems, one of which is known as the shortest vector problem (SVP).
In this thesis I describe a suite of quantum algorithms that utilize the energy minimization principle to attack the shortest vector problem. The algorithms outlined span the gate-model and continuous time quantum computing, and explore methods of parameter optimization via variational methods, which are thought to be effective on near-term quantum computers. The performance of the algorithms are analyzed numerically, analytically, and on quantum hardware where possible. I explain how the results obtained in the pursuit of solving SVP apply more broadly to quantum algorithms seeking to solve general real-world problems; minimize the effect of noise on imperfect hardware; and improve efficiency of parameter optimization.Open Acces
An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices
In this paper, we study the Learning With Errors problem and its binary
variant, where secrets and errors are binary or taken in a small interval. We
introduce a new variant of the Blum, Kalai and Wasserman algorithm, relying on
a quantization step that generalizes and fine-tunes modulus switching. In
general this new technique yields a significant gain in the constant in front
of the exponent in the overall complexity. We illustrate this by solving p
within half a day a LWE instance with dimension n = 128, modulus ,
Gaussian noise and binary secret, using
samples, while the previous best result based on BKW claims a time
complexity of with samples for the same parameters. We then
introduce variants of BDD, GapSVP and UniqueSVP, where the target point is
required to lie in the fundamental parallelepiped, and show how the previous
algorithm is able to solve these variants in subexponential time. Moreover, we
also show how the previous algorithm can be used to solve the BinaryLWE problem
with n samples in subexponential time . This
analysis does not require any heuristic assumption, contrary to other algebraic
approaches; instead, it uses a variant of an idea by Lyubashevsky to generate
many samples from a small number of samples. This makes it possible to
asymptotically and heuristically break the NTRU cryptosystem in subexponential
time (without contradicting its security assumption). We are also able to solve
subset sum problems in subexponential time for density , which is of
independent interest: for such density, the previous best algorithm requires
exponential time. As a direct application, we can solve in subexponential time
the parameters of a cryptosystem based on this problem proposed at TCC 2010.Comment: CRYPTO 201
- …