390 research outputs found
A note on the von Bertalanffy growth function concerning the allocation of surplus energy to reproduction
We propose an extended form of the von Bertalanffy growth
function (VBGF), where the allocation of surplus energy to reproduction is considered. Any function can be used in our model to describe the ratio of energy allocation for reproduction to that for somatic growth. As an example,
two models for energy allocation were derived: a step-function and a logistic function. The extended model can jointly describe growth in adult and juvenile stages. The change in growth rate between the two stages can be either gradual or steep; the latter gives a biphasic VBGF. The
results of curve fitting indicated that a consideration of reproductive energy is meaningful for model extension. By controlling parameter values, our comprehensive model gives
various growth curve shapes ranging from indeterminate to determinate growth. An increase in the number of parameters is unavoidable in practical applications of this new model. Additional information on reproduction will improve the reliability of model estimates
Proofs of Quantumness from Trapdoor Permutations
Assume that Alice can do only classical probabilistic polynomial-time computing while Bob can do quantum polynomial-time computing. Alice and Bob communicate over only classical channels, and finally Bob gets a state with some bit strings and . Is it possible that Alice can know but Bob cannot? Such a task, called {\it remote state preparations}, is indeed possible under some complexity assumptions, and is bases of many quantum cryptographic primitives such as proofs of quantumness, (classical-client) blind quantum computing, (classical) verifications of quantum computing, and quantum money. A typical technique to realize remote state preparations is to use 2-to-1 trapdoor collision resistant hash functions: Alice sends a 2-to-1 trapdoor collision resistant hash function to Bob, and Bob evaluates it coherently, i.e., Bob generates . Bob measures the second register to get the measurement result , and sends to Alice. Bob\u27s post-measurement state is , where . With the trapdoor, Alice can learn from , but due to the collision resistance, Bob cannot. This Alice\u27s advantage can be leveraged to realize the quantum cryptographic primitives listed above. It seems that the collision resistance is essential here. In this paper, surprisingly, we show that the collision resistance is not necessary for a restricted case: we show that (non-verifiable) remote state preparations of secure against {\it classical} probabilistic polynomial-time Bob can be constructed from classically-secure (full-domain) trapdoor permutations. Trapdoor permutations are not likely to imply the collision resistance, because black-box reductions from collision-resistant hash functions to trapdoor permutations are known to be impossible. As an application of our result, we construct proofs of quantumness from classically-secure (full-domain) trapdoor permutations
One-Wayness in Quantum Cryptography
The existence of one-way functions is one of the most fundamental assumptions
in classical cryptography. In the quantum world, on the other hand, there are
evidences that some cryptographic primitives can exist even if one-way
functions do not exist. We therefore have the following important open problem
in quantum cryptography: What is the most fundamental element in quantum
cryptography? In this direction, Brakerski, Canetti, and Qian recently defined
a notion called EFI pairs, which are pairs of efficiently generatable states
that are statistically distinguishable but computationally indistinguishable,
and showed its equivalence with some cryptographic primitives including
commitments, oblivious transfer, and general multi-party computations. However,
their work focuses on decision-type primitives and does not cover search-type
primitives like quantum money and digital signatures. In this paper, we study
properties of one-way state generators (OWSGs), which are a quantum analogue of
one-way functions. We first revisit the definition of OWSGs and generalize it
by allowing mixed output states. Then we show the following results. (1) We
define a weaker version of OWSGs, weak OWSGs, and show that they are equivalent
to OWSGs. (2) Quantum digital signatures are equivalent to OWSGs. (3)
Private-key quantum money schemes (with pure money states) imply OWSGs. (4)
Quantum pseudo one-time pad schemes imply both OWSGs and EFI pairs. (5) We
introduce an incomparable variant of OWSGs, which we call secretly-verifiable
and statistically-invertible OWSGs, and show that they are equivalent to EFI
pairs.Comment: 39 pages, 1 figur
Verifiable Quantum Advantage without Structure
We show the following hold, unconditionally unless otherwise stated, relative
to a random oracle with probability 1:
- There are NP search problems solvable by BQP machines but not BPP machines.
- There exist functions that are one-way, and even collision resistant,
against classical adversaries but are easily inverted quantumly. Similar
separations hold for digital signatures and CPA-secure public key encryption
(the latter requiring the assumption of a classically CPA-secure encryption
scheme). Interestingly, the separation does not necessarily extend to the case
of other cryptographic objects such as PRGs.
- There are unconditional publicly verifiable proofs of quantumness with the
minimal rounds of interaction: for uniform adversaries, the proofs are
non-interactive, whereas for non-uniform adversaries the proofs are two message
public coin.
- Our results do not appear to contradict the Aaronson-Ambanis conjecture.
Assuming this conjecture, there exist publicly verifiable certifiable
randomness, again with the minimal rounds of interaction.
By replacing the random oracle with a concrete cryptographic hash function
such as SHA2, we obtain plausible Minicrypt instantiations of the above
results. Previous analogous results all required substantial structure, either
in terms of highly structured oracles and/or algebraic assumptions in
Cryptomania and beyond.Comment: 46 page
From the Hardness of Detecting Superpositions to Cryptography: Quantum Public Key Encryption and Commitments
Recently, Aaronson et al. (arXiv:2009.07450) showed that detecting
interference between two orthogonal states is as hard as swapping these states.
While their original motivation was from quantum gravity, we show its
applications in quantum cryptography.
1. We construct the first public key encryption scheme from cryptographic
\emph{non-abelian} group actions. Interestingly, the ciphertexts of our scheme
are quantum even if messages are classical. This resolves an open question
posed by Ji et al. (TCC '19). We construct the scheme through a new abstraction
called swap-trapdoor function pairs, which may be of independent interest.
2. We give a simple and efficient compiler that converts the flavor of
quantum bit commitments. More precisely, for any prefix X,Y
{computationally,statistically,perfectly}, if the base scheme is X-hiding and
Y-binding, then the resulting scheme is Y-hiding and X-binding. Our compiler
calls the base scheme only once. Previously, all known compilers call the base
schemes polynomially many times (Cr\'epeau et al., Eurocrypt '01 and Yan,
Asiacrypt '22). For the security proof of the conversion, we generalize the
result of Aaronson et al. by considering quantum auxiliary inputs.Comment: 51 page
Quantum Complexity for Discrete Logarithms and Related Problems
This paper studies the quantum computational complexity of the discrete
logarithm (DL) and related group-theoretic problems in the context of generic
algorithms -- that is, algorithms that do not exploit any properties of the
group encoding.
We establish a generic model of quantum computation for group-theoretic
problems, which we call the quantum generic group model. Shor's algorithm for
the DL problem and related algorithms can be described in this model. We show
the quantum complexity lower bounds and almost matching algorithms of the DL
and related problems in this model. More precisely, we prove the following
results for a cyclic group of prime order.
- Any generic quantum DL algorithm must make depth of
group operations. This shows that Shor's algorithm is asymptotically optimal
among the generic quantum algorithms, even considering parallel algorithms.
- We observe that variations of Shor's algorithm can take advantage of
classical computations to reduce the number of quantum group operations. We
introduce a model for generic hybrid quantum-classical algorithms and show that
these algorithms are almost optimal in this model. Any generic hybrid algorithm
for the DL problem with a total number of group operations must make
quantum group operations of depth .
- When the quantum memory can only store group elements and use quantum
random access memory of group elements, any generic hybrid algorithm must
make either group operations in total or quantum group operations.
As a side contribution, we show a multiple DL problem admits a better
algorithm than solving each instance one by one, refuting a strong form of the
quantum annoying property suggested in the context of password-authenticated
key exchange protocol
A New Approach to Post-Quantum Non-Malleability
We provide the first - construction of
post-quantum non-malleable commitments under the minimal assumption that
- -
exist. We achieve the standard notion of non-malleability
with respect to commitments. Prior constructions required
rounds under the same assumption.
We achieve our results through a new technique for constant-round
non-malleable commitments which is easier to use in the post-quantum setting.
The technique also yields an almost elementary proof of security for
constant-round non-malleable commitments in the classical setting, which may be
of independent interest.
When combined with existing work, our results yield the first constant-round
quantum-secure multiparty computation for both classical and quantum
functionalities ,
under the hardness of quantum fully-homomorphic
encryption and quantum learning with errors
Certified Everlasting Zero-Knowledge Proof for QMA
In known constructions of classical zero-knowledge protocols for NP, either
of zero-knowledge or soundness holds only against computationally bounded
adversaries. Indeed, achieving both statistical zero-knowledge and statistical
soundness at the same time with classical verifier is impossible for NP unless
the polynomial-time hierarchy collapses, and it is also believed to be
impossible even with a quantum verifier. In this work, we introduce a novel
compromise, which we call the certified everlasting zero-knowledge proof for
QMA. It is a computational zero-knowledge proof for QMA, but the verifier
issues a classical certificate that shows that the verifier has deleted its
quantum information. If the certificate is valid, even unbounded malicious
verifier can no longer learn anything beyond the validity of the statement. We
construct a certified everlasting zero-knowledge proof for QMA. For the
construction, we introduce a new quantum cryptographic primitive, which we call
commitment with statistical binding and certified everlasting hiding, where the
hiding property becomes statistical once the receiver has issued a valid
certificate that shows that the receiver has deleted the committed information.
We construct commitment with statistical binding and certified everlasting
hiding from quantum encryption with certified deletion by Broadbent and Islam
[TCC 2020] (in a black box way), and then combine it with the quantum
sigma-protocol for QMA by Broadbent and Grilo [FOCS 2020] to construct the
certified everlasting zero-knowledge proof for QMA. Our constructions are
secure in the quantum random oracle model. Commitment with statistical binding
and certified everlasting hiding itself is of independent interest, and there
will be many other useful applications beyond zero-knowledge.Comment: 33 page
Classical vs Quantum Advice and Proofs under Classically-Accessible Oracle
It is a long-standing open question to construct a classical oracle relative
to which BQP/qpoly BQP/poly or QMA QCMA. In this paper, we
construct classically-accessible classical oracles relative to which BQP/qpoly
BQP/poly and QMA QCMA. Here, classically-accessible classical
oracles are oracles that can be accessed only classically even for quantum
algorithms. Based on a similar technique, we also show an alternative proof for
the separation of QMA and QCMA relative to a distributional
quantumly-accessible classical oracle, which was recently shown by Natarajan
and Nirkhe.Comment: 31 pages. Added classically-accessible classical oracle separation of
QMA and QCMA and updated the abstrac
- …