1,333 research outputs found

    LIPIcs, Volume 251, ITCS 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 251, ITCS 2023, Complete Volum

    Split-State Non-Malleable Codes and Secret Sharing Schemes for Quantum Messages

    Full text link
    Non-malleable codes are fundamental objects at the intersection of cryptography and coding theory. These codes provide security guarantees even in settings where error correction and detection are impossible, and have found applications to several other cryptographic tasks. Roughly speaking, a non-malleable code for a family of tampering functions guarantees that no adversary can tamper (using functions from this family) the encoding of a given message into the encoding of a related distinct message. Non-malleable secret sharing schemes are a strengthening of non-malleable codes which satisfy additional privacy and reconstruction properties. We first focus on the 22-split-state tampering model, one of the strongest and most well-studied adversarial tampering models. Here, a codeword is split into two parts which are stored in physically distant servers, and the adversary can then independently tamper with each part using arbitrary functions. This model can be naturally extended to the secret sharing setting with several parties by having the adversary independently tamper with each share. Previous works on non-malleable coding and secret sharing in the split-state tampering model only considered the encoding of \emph{classical} messages. Furthermore, until the recent work by Aggarwal, Boddu, and Jain (arXiv 2022), adversaries with quantum capabilities and \emph{shared entanglement} had not been considered, and it is a priori not clear whether previous schemes remain secure in this model. In this work, we introduce the notions of split-state non-malleable codes and secret sharing schemes for quantum messages secure against quantum adversaries with shared entanglement. We also present explicit constructions of such schemes that achieve low-error non-malleability

    Implementing any Linear Combination of Unitaries on Intermediate-term Quantum Computers

    Full text link
    We develop three new methods to implement any Linear Combination of Unitaries (LCU), a powerful quantum algorithmic tool with diverse applications. While the standard LCU procedure requires several ancilla qubits and sophisticated multi-qubit controlled operations, our methods consume significantly fewer quantum resources. The first method (Single-Ancilla LCU) estimates expectation values of observables with respect to any quantum state prepared by an LCU procedure while requiring only a single ancilla qubit, and quantum circuits of shorter depths. The second approach (Analog LCU) is a simple, physically motivated, continuous-time analogue of LCU, tailored to hybrid qubit-qumode systems. The third method (Ancilla-free LCU) requires no ancilla qubit at all and is useful when we are interested in the projection of a quantum state (prepared by the LCU procedure) in some subspace of interest. We apply the first two techniques to develop new quantum algorithms for a wide range of practical problems, ranging from Hamiltonian simulation, ground state preparation and property estimation, and quantum linear systems. Remarkably, despite consuming fewer quantum resources they retain a provable quantum advantage. The third technique allows us to connect discrete and continuous-time quantum walks with their classical counterparts. It also unifies the recently developed optimal quantum spatial search algorithms in both these frameworks, and leads to the development of new ones. Additionally, using this method, we establish a relationship between discrete-time and continuous-time quantum walks, making inroads into a long-standing open problem.Comment: 72+16 pages, 3 Figure

    Optimality of Glauber dynamics for general-purpose Ising model sampling and free energy approximation

    Full text link
    Recently, Eldan, Koehler, and Zeitouni (2020) showed that Glauber dynamics mixes rapidly for general Ising models so long as the difference between the largest and smallest eigenvalues of the coupling matrix is at most 1ϵ1 - \epsilon for any fixed ϵ>0\epsilon > 0. We give evidence that Glauber dynamics is in fact optimal for this "general-purpose sampling" task. Namely, we give an average-case reduction from hypothesis testing in a Wishart negatively-spiked matrix model to approximately sampling from the Gibbs measure of a general Ising model for which the difference between the largest and smallest eigenvalues of the coupling matrix is at most 1+ϵ1 + \epsilon for any fixed ϵ>0\epsilon > 0. Combined with results of Bandeira, Kunisky, and Wein (2019) that analyze low-degree polynomial algorithms to give evidence for the hardness of the former spiked matrix problem, our results in turn give evidence for the hardness of general-purpose sampling improving on Glauber dynamics. We also give a similar reduction to approximating the free energy of general Ising models, and again infer evidence that simulated annealing algorithms based on Glauber dynamics are optimal in the general-purpose setting.Comment: 19 page

    On the Inherent Anonymity of Gossiping

    Full text link
    Detecting the source of a gossip is a critical issue, related to identifying patient zero in an epidemic, or the origin of a rumor in a social network. Although it is widely acknowledged that random and local gossip communications make source identification difficult, there exists no general quantification of the level of anonymity provided to the source. This paper presents a principled method based on ε\varepsilon-differential privacy to analyze the inherent source anonymity of gossiping for a large class of graphs. First, we quantify the fundamental limit of source anonymity any gossip protocol can guarantee in an arbitrary communication graph. In particular, our result indicates that when the graph has poor connectivity, no gossip protocol can guarantee any meaningful level of differential privacy. This prompted us to further analyze graphs with controlled connectivity. We prove on these graphs that a large class of gossip protocols, namely cobra walks, offers tangible differential privacy guarantees to the source. In doing so, we introduce an original proof technique based on the reduction of a gossip protocol to what we call a random walk with probabilistic die out. This proof technique is of independent interest to the gossip community and readily extends to other protocols inherited from the security community, such as the Dandelion protocol. Interestingly, our tight analysis precisely captures the trade-off between dissemination time of a gossip protocol and its source anonymity.Comment: Full version of DISC2023 pape

    Nonlocal games and their device-independent quantum applications

    Get PDF
    Device-independence is a property of certain protocols that allows one to ensure their proper execution given only classical interaction with devices and assuming the correctness of the laws of physics. This scenario describes the most general form of cryptographic security, in which no trust is placed in the hardware involved; indeed, one may even take it to have been prepared by an adversary. Many quantum tasks have been shown to admit device-independent protocols by augmentation with "nonlocal games". These are games in which noncommunicating parties jointly attempt to fulfil some conditions imposed by a referee. We introduce examples of such games and examine the optimal strategies of players who are allowed access to different possible shared resources, such as entangled quantum states. We then study their role in self-testing, private random number generation, and secure delegated quantum computation. Hardware imperfections are naturally incorporated in the device-independent scenario as adversarial, and we thus also perform noise robustness analysis where feasible. We first study a generalization of the Mermin–Peres magic square game to arbitrary rectangular dimensions. After exhibiting some general properties, these "magic rectangle" games are fully characterized in terms of their optimal win probabilities for quantum strategies. We find that for m×n magic rectangle games with dimensions m,n≥3, there are quantum strategies that win with certainty, while for dimensions 1×n quantum strategies do not outperform classical strategies. The final case of dimensions 2×n is richer, and we give upper and lower bounds that both outperform the classical strategies. As an initial usage scenario, we apply our findings to quantum certified randomness expansion to find noise tolerances and rates for all magic rectangle games. To do this, we use our previous results to obtain the winning probabilities of games with a distinguished input for which the devices give a deterministic outcome and follow the analysis of C. A. Miller and Y. Shi [SIAM J. Comput. 46, 1304 (2017)]. Self-testing is a method to verify that one has a particular quantum state from purely classical statistics. For practical applications, such as device-independent delegated verifiable quantum computation, it is crucial that one self-tests multiple Bell states in parallel while keeping the quantum capabilities required of one side to a minimum. We use our 3×n magic rectangle games to obtain a self-test for n Bell states where one side needs only to measure single-qubit Pauli observables. The protocol requires small input sizes [constant for Alice and O(log n) bits for Bob] and is robust with robustness O(n⁵/²√ε), where ε is the closeness of the ideal (perfect) correlations to those observed. To achieve the desired self-test, we introduce a one-side-local quantum strategy for the magic square game that wins with certainty, we generalize this strategy to the family of 3×n magic rectangle games, and we supplement these nonlocal games with extra check rounds (of single and pairs of observables). Finally, we introduce a device-independent two-prover scheme in which a classical verifier can use a simple untrusted quantum measurement device (the client device) to securely delegate a quantum computation to an untrusted quantum server. To do this, we construct a parallel self-testing protocol to perform device-independent remote state preparation of n qubits and compose this with the unconditionally secure universal verifiable blind quantum computation (VBQC) scheme of J. F. Fitzsimons and E. Kashefi [Phys. Rev. A 96, 012303 (2017)]. Our self-test achieves a multitude of desirable properties for the application we consider, giving rise to practical and fully device-independent VBQC. It certifies parallel measurements of all cardinal and intercardinal directions in the XY-plane as well as the computational basis, uses few input questions (of size logarithmic in n for the client and a constant number communicated to the server), and requires only single-qubit measurements to be performed by the client device

    Structured Semidefinite Programming for Recovering Structured Preconditioners

    Full text link
    We develop a general framework for finding approximately-optimal preconditioners for solving linear systems. Leveraging this framework we obtain improved runtimes for fundamental preconditioning and linear system solving problems including the following. We give an algorithm which, given positive definite KRd×d\mathbf{K} \in \mathbb{R}^{d \times d} with nnz(K)\mathrm{nnz}(\mathbf{K}) nonzero entries, computes an ϵ\epsilon-optimal diagonal preconditioner in time O~(nnz(K)poly(κ,ϵ1))\widetilde{O}(\mathrm{nnz}(\mathbf{K}) \cdot \mathrm{poly}(\kappa^\star,\epsilon^{-1})), where κ\kappa^\star is the optimal condition number of the rescaled matrix. We give an algorithm which, given MRd×d\mathbf{M} \in \mathbb{R}^{d \times d} that is either the pseudoinverse of a graph Laplacian matrix or a constant spectral approximation of one, solves linear systems in M\mathbf{M} in O~(d2)\widetilde{O}(d^2) time. Our diagonal preconditioning results improve state-of-the-art runtimes of Ω(d3.5)\Omega(d^{3.5}) attained by general-purpose semidefinite programming, and our solvers improve state-of-the-art runtimes of Ω(dω)\Omega(d^{\omega}) where ω>2.3\omega > 2.3 is the current matrix multiplication constant. We attain our results via new algorithms for a class of semidefinite programs (SDPs) we call matrix-dictionary approximation SDPs, which we leverage to solve an associated problem we call matrix-dictionary recovery.Comment: Merge of arXiv:1812.06295 and arXiv:2008.0172

    A Local-to-Global Theorem for Congested Shortest Paths

    Full text link
    Amiri and Wargalla (2020) proved the following local-to-global theorem in directed acyclic graphs (DAGs): if GG is a weighted DAG such that for each subset SS of 3 nodes there is a shortest path containing every node in SS, then there exists a pair (s,t)(s,t) of nodes such that there is a shortest stst-path containing every node in GG. We extend this theorem to general graphs. For undirected graphs, we prove that the same theorem holds (up to a difference in the constant 3). For directed graphs, we provide a counterexample to the theorem (for any constant), and prove a roundtrip analogue of the theorem which shows there exists a pair (s,t)(s,t) of nodes such that every node in GG is contained in the union of a shortest stst-path and a shortest tsts-path. The original theorem for DAGs has an application to the kk-Shortest Paths with Congestion cc ((k,ck,c)-SPC) problem. In this problem, we are given a weighted graph GG, together with kk node pairs (s1,t1),,(sk,tk)(s_1,t_1),\dots,(s_k,t_k), and a positive integer ckc\leq k. We are tasked with finding paths P1,,PkP_1,\dots, P_k such that each PiP_i is a shortest path from sis_i to tit_i, and every node in the graph is on at most cc paths PiP_i, or reporting that no such collection of paths exists. When c=kc=k the problem is easily solved by finding shortest paths for each pair (si,ti)(s_i,t_i) independently. When c=1c=1, the (k,c)(k,c)-SPC problem recovers the kk-Disjoint Shortest Paths (kk-DSP) problem, where the collection of shortest paths must be node-disjoint. For fixed kk, kk-DSP can be solved in polynomial time on DAGs and undirected graphs. Previous work shows that the local-to-global theorem for DAGs implies that (k,c)(k,c)-SPC on DAGs whenever kck-c is constant. In the same way, our work implies that (k,c)(k,c)-SPC can be solved in polynomial time on undirected graphs whenever kck-c is constant.Comment: Updated to reflect reviewer comment

    A New Deterministic Algorithm for Fully Dynamic All-Pairs Shortest Paths

    Full text link
    We study the fully dynamic All-Pairs Shortest Paths (APSP) problem in undirected edge-weighted graphs. Given an nn-vertex graph GG with non-negative edge lengths, that undergoes an online sequence of edge insertions and deletions, the goal is to support approximate distance queries and shortest-path queries. We provide a deterministic algorithm for this problem, that, for a given precision parameter ϵ\epsilon, achieves approximation factor (loglogn)2O(1/ϵ3)(\log\log n)^{2^{O(1/\epsilon^3)}}, and has amortized update time O(nϵlogL)O(n^{\epsilon}\log L) per operation, where LL is the ratio of longest to shortest edge length. Query time for distance-query is O(2O(1/ϵ)lognloglogL)O(2^{O(1/\epsilon)}\cdot \log n\cdot \log\log L), and query time for shortest-path query is O(E(P)+2O(1/ϵ)lognloglogL)O(|E(P)|+2^{O(1/\epsilon)}\cdot \log n\cdot \log\log L), where PP is the path that the algorithm returns. To the best of our knowledge, even allowing any o(n)o(n)-approximation factor, no adaptive-update algorithms with better than Θ(m)\Theta(m) amortized update time and better than Θ(n)\Theta(n) query time were known prior to this work. We also note that our guarantees are stronger than the best current guarantees for APSP in decremental graphs in the adaptive-adversary setting.Comment: arXiv admin note: text overlap with arXiv:2109.0562

    Fast Algorithms for Separable Linear Programs

    Full text link
    In numerical linear algebra, considerable effort has been devoted to obtaining faster algorithms for linear systems whose underlying matrices exhibit structural properties. A prominent success story is the method of generalized nested dissection~[Lipton-Rose-Tarjan'79] for separable matrices. On the other hand, the majority of recent developments in the design of efficient linear program (LP) solves do not leverage the ideas underlying these faster linear system solvers nor consider the separable structure of the constraint matrix. We give a faster algorithm for separable linear programs. Specifically, we consider LPs of the form minAx=b,lxucx\min_{\mathbf{A}\mathbf{x}=\mathbf{b}, \mathbf{l}\leq\mathbf{x}\leq\mathbf{u}} \mathbf{c}^\top\mathbf{x}, where the graphical support of the constraint matrix ARn×m\mathbf{A} \in \mathbb{R}^{n\times m} is O(nα)O(n^\alpha)-separable. These include flow problems on planar graphs and low treewidth matrices among others. We present an O~((m+m1/2+2α)log(1/ϵ))\tilde{O}((m+m^{1/2 + 2\alpha}) \log(1/\epsilon)) time algorithm for these LPs, where ϵ\epsilon is the relative accuracy of the solution. Our new solver has two important implications: for the kk-multicommodity flow problem on planar graphs, we obtain an algorithm running in O~(k5/2m3/2)\tilde{O}(k^{5/2} m^{3/2}) time in the high accuracy regime; and when the support of A\mathbf{A} is O(nα)O(n^\alpha)-separable with α1/4\alpha \leq 1/4, our algorithm runs in O~(m)\tilde{O}(m) time, which is nearly optimal. The latter significantly improves upon the natural approach of combining interior point methods and nested dissection, whose time complexity is lower bounded by Ω(m(m+mαω))=Ω(m3/2)\Omega(\sqrt{m}(m+m^{\alpha\omega}))=\Omega(m^{3/2}), where ω\omega is the matrix multiplication constant. Lastly, in the setting of low-treewidth LPs, we recover the results of [DLY,STOC21] and [GS,22] with significantly simpler data structure machinery.Comment: 55 pages. To appear at SODA 202
    corecore