A one-query lower bound for unitary synthesis and breaking quantum cryptography

The Unitary Synthesis Problem (Aaronson-Kuperberg 2007) asks whether any $n$-qubit unitary $U$ can be implemented by an efficient quantum algorithm $A$ augmented with an oracle that computes an arbitrary Boolean function $f$. In other words, can the task of implementing any unitary be efficiently reduced to the task of implementing any Boolean function? In this work, we prove a one-query lower bound for unitary synthesis. We show that there exist unitaries $U$ such that no quantum polynomial-time oracle algorithm $A^f$ can implement $U$, even approximately, if it only makes one (quantum) query to $f$. Our approach also has implications for quantum cryptography: we prove (relative to a random oracle) the existence of quantum cryptographic primitives that remain secure against all one-query adversaries $A^{f}$. Since such one-query algorithms can decide any language, solve any classical search problem, and even prepare any quantum state, our result suggests that implementing random unitaries and breaking quantum cryptography may be harder than all of these tasks. To prove this result, we formulate unitary synthesis as an efficient challenger-adversary game, which enables proving lower bounds by analyzing the maximum success probability of an adversary $A^f$. Our main technical insight is to identify a natural spectral relaxation of the one-query optimization problem, which we bound using tools from random matrix theory. We view our framework as a potential avenue to rule out polynomial-query unitary synthesis, and we state conjectures in this direction

Post-Quantum Zero Knowledge, Revisited (or: How to do Quantum Rewinding Undetectably)

When do classical zero-knowledge protocols remain secure against quantum attacks? In this work, we develop the techniques, tools, and abstractions necessary to answer this question for foundational protocols: 1) We prove that the Goldreich-Micali-Wigderson protocol for graph non-isomorphism and the Feige-Shamir protocol for NP remain zero-knowledge against quantum adversaries. At the heart of our proof is a new quantum rewinding technique that enables extracting information from multiple invocations of a quantum adversary without disturbing its state. 2) We prove that the Goldreich-Kahan protocol for NP is post-quantum zero knowledge using a simulator that can be seen as a natural quantum extension of the classical simulator. Our results achieve negligible simulation error, appearing to contradict a recent impossibility result due to Chia-Chung-Liu-Yamakawa (FOCS 2021). This brings us to our final contribution: 3) We introduce coherent-runtime expected quantum polynomial time, a simulation notion that (1) precisely captures all of our zero-knowledge simulators, (2) cannot break any polynomial hardness assumptions, (3) implies strict polynomial-time epsilon-simulation and (4) is not subject to the CCLY impossibility. In light of our positive results and the CCLY negative results, we propose coherent-runtime simulation to be the appropriate quantum analogue of classical expected polynomial-time simulation

A one-query lower bound for unitary synthesis and breaking quantum cryptography

The Unitary Synthesis Problem (Aaronson-Kuperberg 2007) asks whether any $n$-qubit unitary $U$ can be implemented by an efficient quantum algorithm $A$ augmented with an oracle that computes an arbitrary Boolean function $f$. In other words, can the task of implementing any unitary be efficiently reduced to the task of implementing any Boolean function? In this work, we prove a one-query lower bound for unitary synthesis. We show that there exist unitaries $U$ such that no quantum polynomial-time oracle algorithm $A^f$ can implement $U$, even approximately, if it only makes one (quantum) query to $f$. Our approach also has implications for quantum cryptography: we prove (relative to a random oracle) the existence of quantum cryptographic primitives that remain secure against all one-query adversaries $A^{f}$. Since such one-query algorithms can decide any language, solve any classical search problem, and even prepare any quantum state, our result suggests that implementing random unitaries and breaking quantum cryptography may be harder than all of these tasks. To prove this result, we formulate unitary synthesis as an efficient challenger-adversary game, which enables proving lower bounds by analyzing the maximum success probability of an adversary $A^f$. Our main technical insight is to identify a natural spectral relaxation of the one-query optimization problem, which we bound using tools from random matrix theory. We view our framework as a potential avenue to rule out polynomial-query unitary synthesis, and we state conjectures in this direction

A non-linear observer for unsteady three-dimensional flows

A method is proposed to estimate the velocity field of an unsteady flow using a limited number of flow measurements. The method is based on a non-linear low-dimensional model of the flow and on expanding the velocity field in terms of empirical basis functions. The main idea is to impose that the coefficients of the modal expansion of the velocity field give the best approximation to the available measurements and that at the same time they satisfy as close as possible the non-linear low-order model. The practical use may range from feedback flow control to monitoring of the flow in non-accessible regions. The proposed technique is applied to the flow around a confined square cylinder, both in two- and three-dimensional laminar flow regimes. Comparisons are provided. with existing linear and non-linear estimation techniques

Cosmological Constraints from High-Redshift Damped Lyman-Alpha Systems

Any viable cosmological model must produce enough structure at early epochs to explain the amount of gas associated with high-redshift damped Ly$\alpha$ systems. We study the evolution of damped Ly$\alpha$ systems at redshifts $z\ge 2$ in cold dark matter (CDM) and cold+hot dark matter (CDM+HDM) models using both N-body and hydrodynamic simulations. Our approach incorporates the effects of gas dynamics, and we find that all earlier estimates which assumed that all the baryons in dark matter halos would contribute to damped Ly$\alpha$ absorption have overestimated the column density distribution $f(N)$ and the fraction of neutral dense gas $\Omega_g$ in damped Ly$\alpha$ systems. The differences are driven by ionization of hydrogen in the outskirts of galactic halos and by gaseous dissipation near the halo centers, and they tend to exacerbate the problem of late galaxy formation in CDM+HDM models. We only include systems up to the highest observed column density $N\sim 10^{21.8}$ cm$^{-2}$ in the estimation of $\Omega_g$ for a fair comparison with data. If the observed $f(N)$ and $\Omega_g$ inferred from a small number of confirmed and candidate absorbers are robust, the amount of gas in damped Ly$\alpha$ systems at high redshifts in the $\Omega_\nu=0.2$ CDM+HDM model falls well below the observations.Comment: 11 pages including 2 figures. AAS LaTeX v4.0. Astrophysical Journal Letters, in pres

Mixed Models with n>1 and Large Scale Structure constraints

Recent data on CBR anisotropies show a Doppler peak higher than expected in CDM cosmological models, if the spectral index $n=1$. However, CDM and LCDM models with n>1 can hardly be consistent with LSS data. Mixed models, instead, whose transfer function is naturally steeper because of free--streaming in the hot component, may become consistent with data if n>1, when Omega_h is large. This is confirmed by our detailed analysis, extended both to models with a hot component whose momentum space distribution had a thermal origin (like massive neutrinos), and to models with a non--cold component arising from heavier particle decay. In this work we systematically search models which fulfill all constraints which can be implemented at the linear level. We find that a stringent linear constraint arises from fitting the extra-power parameter Gamma. Other significant constraints arise comparing the expected abundances of galaxy clusters and high-z systems with observational data. Keeping to models with Gamma \geq 0.13, a suitable part of the space parameter still allows up to \sim 30% of hot component (it is worth outlining that our stringent criteria allow only models with 0.10 \mincir Omega_h \mincir 0.16, if n \leq 1). We also outline that models with such large non--cold component would ease the solution of the so--called baryon catastrophe in galaxy clusters.Comment: 28 pages + 9 figures, uses elsart.sty, to be published in New Astronom

Fibrolipoma of the lip treated by diode laser surgery: A case report

<p>Abstract</p> <p>Introduction</p> <p>Several neoplasms of the adipose tissue can involve the soft tissues of the head and neck region. These neoplasms are mainly treated surgically and an accurate histological examination is mandatory for a precise diagnosis.</p> <p>Case presentation</p> <p>We report a case of fibrolipoma involving the lower lip of a 43-year-old man, which was successfully treated by diode laser surgery. This approach allowed adequate resection of the neoplasm with minimal damage to the adjacent tissues, thus reducing post-surgical scarring.</p> <p>Conclusion</p> <p>Diode laser surgery for the treatment of benign lesions of the oral mucosa appears to be a convenient alternative to conventional blade surgery and has proved to be effective for the excision of fibrolipoma of the lip. The possibility of avoiding direct suture after excision is surely helpful when aesthetic areas, such as the lip, are surgically treated. For these reasons, and also considering the lower histological alteration of the specimen obtained with diode laser surgery if adequately used, the diode laser is undoubtedly a good alternative to conventional surgery.</p

Does Fiat-Shamir Require a Cryptographic Hash Function?

The Fiat-Shamir transform is a general method for reducing interaction in public-coin protocols by replacing the random verifier messages with deterministic hashes of the protocol transcript. The soundness of this transformation is usually heuristic and lacks a formal security proof. Instead, to argue security, one can rely on the random oracle methodology, which informally states that whenever a random oracle soundly instantiates Fiat-Shamir, a hash function that is ``sufficiently unstructured\u27\u27 (such as fixed-length SHA-2) should suffice. Finally, for some special interactive protocols, it is known how to (1) isolate a concrete security property of a hash function that suffices to instantiate Fiat-Shamir and (2) build a hash function satisfying this property under a cryptographic assumption such as Learning with Errors. In this work, we abandon this methodology and ask whether Fiat-Shamir truly requires a cryptographic hash function. Perhaps surprisingly, we show that in two of its most common applications --- building signature schemes as well as (general-purpose) non-interactive zero-knowledge arguments --- there are sound Fiat-Shamir instantiations using extremely simple and non-cryptographic hash functions such as sum-mod-p or bit decomposition. In some cases, we make idealized assumptions about the interactive protocol (i.e., we invoke the generic group model), while in others, we argue soundness in the plain model. At a high level, the security of each resulting non-interactive protocol derives from hard problems already implicit in the original interactive protocol. On the other hand, we also identify important cases in which a cryptographic hash function is provably necessary to instantiate Fiat-Shamir. We hope that this work leads to an improved understanding of the precise role of the hash function in the Fiat-Shamir transformation